ai-sprint-kit 1.1.1 → 1.1.7

package/LICENSE

@@ -0,0 +1,135 @@
+# PolyForm Noncommercial License 1.0.0
+
+<https://polyformproject.org/licenses/noncommercial/1.0.0>
+
+## Acceptance
+
+In order to get any license under these terms, you must agree
+to them as both strict obligations and conditions to all
+your licenses.
+
+## Copyright License
+
+The licensor grants you a copyright license for the
+software to do everything you might do with the software
+that would otherwise infringe the licensor's copyright
+in it for any permitted purpose.  However, you may
+only distribute the software according to [Distribution
+License](#distribution-license) and make changes or new works
+based on the software according to [Changes and New Works
+License](#changes-and-new-works-license).
+
+## Distribution License
+
+The licensor grants you an additional copyright license
+to distribute copies of the software.  Your license
+to distribute covers distributing the software with
+changes and new works permitted by [Changes and New Works
+License](#changes-and-new-works-license).
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of
+the software from you also gets a copy of these terms or the
+URL for them above, as well as copies of any plain-text lines
+beginning with `Required Notice:` that the licensor provided
+with the software.  For example:
+
+> Required Notice: Copyright Apiasak Pungpapong (https://github.com/apiasak)
+
+## Changes and New Works License
+
+The licensor grants you an additional copyright license to
+make changes and new works based on the software for any
+permitted purpose.
+
+## Patent License
+
+The licensor grants you a patent license for the software that
+covers patent claims the licensor can license, or becomes able
+to license, that you would infringe by using the software.
+
+## Noncommercial Purposes
+
+Any noncommercial purpose is a permitted purpose.
+
+## Personal Uses
+
+Personal use for research, experiment, and testing for
+the benefit of public knowledge, personal study, private
+entertainment, hobby projects, amateur pursuits, or religious
+observance, without any anticipated commercial application,
+is use for a permitted purpose.
+
+## Noncommercial Organizations
+
+Use by any charitable organization, educational institution,
+public research organization, public safety or health
+organization, environmental protection organization,
+or government institution is use for a permitted purpose
+regardless of the source of funding or obligations resulting
+from the funding.
+
+## Fair Use
+
+You may have "fair use" rights for the software under the
+law. These terms do not limit them.
+
+## No Other Rights
+
+These terms do not allow you to sublicense or transfer any of
+your licenses to anyone else, or prevent the licensor from
+granting licenses to anyone else.  These terms do not imply
+any other licenses.
+
+## Patent Defense
+
+If you make any written claim that the software infringes or
+contributes to infringement of any patent, your patent license
+for the software granted under these terms ends immediately. If
+your company makes such a claim, your patent license ends
+immediately for work on behalf of your company.
+
+## Violations
+
+The first time you are notified in writing that you have
+violated any of these terms, or done anything with the software
+not covered by your licenses, your licenses can nonetheless
+continue if you come into full compliance with these terms,
+and take practical steps to correct past violations, within
+32 days of receiving notice.  Otherwise, all your licenses
+end immediately.
+
+## No Liability
+
+***As far as the law allows, the software comes as is, without
+any warranty or condition, and the licensor will not be liable
+to you for any damages arising out of these terms or the use
+or nature of the software, under any kind of legal claim.***
+
+## Definitions
+
+The **licensor** is the individual or entity offering these
+terms, and the **software** is the software the licensor makes
+available under these terms.
+
+**You** refers to the individual or entity agreeing to these
+terms.
+
+**Your company** is any legal entity, sole proprietorship,
+or other kind of organization that you work for, plus all
+organizations that have control over, are under the control of,
+or are under common control with that organization.  **Control**
+means ownership of substantially all the assets of an entity,
+or the power to direct its management and policies by vote,
+contract, or otherwise.  Control can be direct or indirect.
+
+**Your licenses** are all the licenses granted to you for the
+software under these terms.
+
+**Use** means anything you do with the software requiring one
+of your licenses.
+
+---
+
+Required Notice: Copyright 2025 Apiasak Pungpapong (https://github.com/apiasak)

package/README.md

@@ -1,301 +1,239 @@
 # AI Sprint Kit
 
-**One-command installer for Claude Code autonomous development framework**
+[English](./README.md) | [ภาษาไทย](./README-th.md)
 
-> **Package name:** `ai-sprint-kit` | **CLI command:** `ai-sprint`
+[![npm version](https://img.shields.io/npm/v/ai-sprint-kit.svg)](https://www.npmjs.com/package/ai-sprint-kit)
+[![License: PolyForm Noncommercial](https://img.shields.io/badge/License-PolyForm%20Noncommercial-blue.svg)](https://polyformproject.org/licenses/noncommercial/1.0.0/)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen.svg)](https://nodejs.org/)
 
-## Features
-
-- 🤖 **9 Specialized Agents** - Planner, Implementer, Tester, Reviewer, Security, DevOps, Docs, Debugger, Researcher
-- ⚡ **11 Essential Commands** - `/plan`, `/code`, `/test`, `/review`, `/secure`, `/deploy`, `/docs`, `/debug`, `/scan`, `/validate`, `/auto`
-- 🔒 **Security-First** - Built-in SAST, secret detection, dependency scanning
-- 🚀 **Production-Ready** - OWASP Top 10 compliance, security best practices
-- 🎯 **Autonomous** - Full development cycle with human-in-the-loop gates
-- 🧠 **Context Engineering** - Memory system for learning across sessions
-- 📁 **Codebase Scanning** - Auto-scan existing code with 70% token compression
-- 📊 **Custom Statusline** - Real-time context, cost, and session tracking
-
-## Installation
-
-### Quick Start (Recommended)
+> **Transform Claude Code into an autonomous development powerhouse with one command.**
 
 ```bash
 npx ai-sprint-kit init
 ```
 
-### Global Installation
+---
 
-```bash
-npm install -g ai-sprint-kit
-ai-sprint init
-```
+## Why AI Sprint Kit?
 
-### Options
+Most developers use Claude Code for simple Q&A. **AI Sprint Kit** unlocks its full potential:
 
-```bash
-# Install in specific directory
-npx ai-sprint-kit init --dir /path/to/project
+| Without AI Sprint | With AI Sprint Kit |
+|-------------------|-------------------|
+| Manual prompting | Autonomous workflows |
+| No memory between sessions | Persistent learning & decisions |
+| Generic responses | Security-first, production-ready code |
+| Single-task focus | Full development cycle automation |
 
-# Force overwrite existing .claude/
-npx ai-sprint-kit init --force
+---
 
-# Skip Python dependencies
-npx ai-sprint-kit init --skip-install
+## Quick Start
 
-# Scan existing codebase (auto-detected if source exists)
-npx ai-sprint-kit init --scan
+```bash
+# Install in any project
+npx ai-sprint-kit init
 
-# Skip codebase scanning
-npx ai-sprint-kit init --no-scan
+# Start Claude Code
+claude
+
+# Run your first autonomous cycle
+/auto "build a REST API for user management"
 ```
 
-## What Gets Installed
+**That's it.** The framework handles planning, coding, testing, security scanning, and documentation.
 
-```
-your-project/
-├── .claude/
-│   ├── agents/          # 9 specialized agents
-│   ├── commands/        # 11 slash commands
-│   ├── skills/          # Security scanning scripts
-│   ├── workflows/       # Development rules
-│   ├── settings.json    # Configuration
-│   ├── statusline.sh    # Terminal statusline script
-│   └── .env.example     # Environment template
-├── ai_context/          # AI context & artifacts
-│   ├── plans/           # Implementation plans
-│   ├── docs/            # AI-generated docs
-│   ├── reports/         # Agent outputs
-│   ├── codebase/        # Scanned codebase context (if --scan)
-│   └── memory/          # Learning & decisions
-├── CLAUDE.md            # Framework instructions
-└── README.md            # User guide
-```
+---
 
-## Usage After Installation
+## What You Get
 
-```bash
-# Start Claude Code
-claude
+### 9 Specialized Agents
 
-# Use commands
-/plan "implement user authentication"
-/code "build the authentication system"
-/test "generate and run tests"
-/secure "run security scans"
-/auto "full autonomous cycle"
-```
+| Agent | Superpower |
+|-------|------------|
+| **Planner** | Researches & architects solutions before coding |
+| **Implementer** | Generates production-grade, secure code |
+| **Tester** | Creates comprehensive test suites with 80%+ coverage |
+| **Reviewer** | Enforces code quality & best practices |
+| **Security** | SAST, secret detection, OWASP Top 10 compliance |
+| **DevOps** | Sets up CI/CD pipelines & deployments |
+| **Docs** | Generates & maintains documentation |
+| **Debugger** | Root cause analysis with fix recommendations |
+| **Researcher** | Web search for latest libraries & best practices |
 
-## Agents
-
-| Agent | Purpose |
-|-------|---------|
-| **planner** | Research & create implementation plans |
-| **implementer** | Generate production-grade code |
-| **tester** | Create and run automated tests |
-| **reviewer** | Code quality and best practices review |
-| **security** | SAST, secret detection, dependency scanning |
-| **devops** | CI/CD setup and deployment |
-| **docs** | Generate documentation |
-| **debugger** | Root cause analysis and fixes |
-| **researcher** | Technology research with web search |
-
-## Commands
-
-| Command | Description | Example |
-|---------|-------------|---------|
-| `/plan` | Create implementation plan | `/plan "add payment processing"` |
-| `/code` | Generate/refactor code | `/code "implement OAuth2 login"` |
-| `/test` | Generate and run tests | `/test` |
-| `/review` | Code quality review | `/review src/` |
-| `/secure` | Security scan | `/secure` |
-| `/deploy` | CI/CD setup | `/deploy --platform github` |
-| `/docs` | Generate documentation | `/docs` |
-| `/debug` | Investigate issues | `/debug "500 error on login"` |
-| `/scan` | Scan codebase for AI context | `/scan` |
-| `/validate` | Pre-commit validation | `/validate` |
-| `/auto` | Automatic full cycle | `/auto "build user dashboard"` |
-
-## Security Features
-
-### Built-in Scans
-- ✅ **SAST** - Static application security testing
-- ✅ **Secret Detection** - Find hardcoded credentials
-- ✅ **Dependency Check** - Vulnerable packages
-- ✅ **OWASP Top 10** - Compliance validation
-
-### Security Tools (Optional)
-```bash
-# Install security scanning tools
-pip install snyk semgrep detect-secrets safety
-```
+### 11 Slash Commands
 
-### Configuration
-Set API tokens in `.env`:
 ```bash
-SNYK_TOKEN=your_token
-SEMGREP_APP_TOKEN=your_token
+/plan     # Create implementation plans
+/code     # Generate or refactor code
+/test     # Generate and run tests
+/review   # Code quality review
+/secure   # Security scanning
+/deploy   # CI/CD setup
+/docs     # Generate documentation
+/debug    # Investigate issues
+/scan     # Index codebase for AI context
+/validate # Pre-commit checks
+/auto     # Full autonomous cycle
 ```
 
-## CLI Commands
+### Built-in Security
 
-### `ai-sprint init`
-Install framework in current or specified directory
+- **SAST** - Static application security testing
+- **Secret Detection** - Find hardcoded credentials
+- **Dependency Scanning** - Vulnerable packages
+- **OWASP Top 10** - Compliance validation
 
-```bash
-# Current directory
-ai-sprint init
+### Context Engineering
 
-# Specific directory
-ai-sprint init --dir /path/to/project
+- **Memory System** - Learns from past sessions
+- **Decision Tracking** - Records architectural choices
+- **Codebase Indexing** - 70% token compression with Repomix
 
-# Force overwrite
-ai-sprint init --force
+### Real-time Statusline
 
-# Skip Python dependencies
-ai-sprint init --skip-install
-```
+Track context usage, costs, and session progress directly in your terminal.
 
-### `ai-sprint scan`
-Scan codebase and generate AI context documents
+---
 
-```bash
-# Current directory
-ai-sprint scan
+## Installation
 
-# Specific directory
-ai-sprint scan --dir /path/to/project
-```
+### Option 1: npx (Recommended)
 
-**Output:** `ai_context/codebase/` with overview.md, structure.md, repomix-output.xml
+```bash
+npx ai-sprint-kit init
+```
 
-### `ai-sprint list`
-Show available agents and commands
+### Option 2: Global Install
 
 ```bash
-ai-sprint list
+npm install -g ai-sprint-kit
+ai-sprint init
 ```
 
-## Development
-
-### Local Testing
+### Options
 
 ```bash
-# Clone repository
-git clone https://github.com/yourusername/ai-sprint-kit
-cd ai-sprint-kit
+--dir <path>     # Install in specific directory
+--force          # Overwrite existing installation
+--skip-install   # Skip Python dependencies
+--scan           # Force codebase scanning
+--no-scan        # Skip codebase scanning
+```
 
-# Install dependencies
-npm install
+### Updating
 
-# Link locally
-npm link
+To update to the latest version:
 
-# Test installation
-mkdir test-project
-cd test-project
-ai-sprint init
+```bash
+# Re-run init to update templates
+npx ai-sprint-kit@latest init --force
 
-# Test with Claude Code
-claude
-/plan "test feature"
+# Or update globally installed version
+npm update -g ai-sprint-kit
 ```
 
-### Package Structure
+---
+
+## Project Structure After Installation
 
 ```
-ai-sprint-kit/
-├── bin/
-│   └── cli.js           # CLI entry point
-├── lib/
-│   ├── installer.js     # Installation logic
-│   └── scanner.js       # Codebase scanning logic
-├── templates/
-│   ├── .claude/         # Framework templates
-│   ├── CLAUDE.md       # Instructions
-│   └── README.md       # User guide
-├── package.json
-└── README.md           # This file
+your-project/
+├── .claude/
+│   ├── agents/          # 9 specialized agents
+│   ├── commands/        # 11 slash commands
+│   ├── skills/          # Modular capabilities
+│   ├── workflows/       # Development rules
+│   ├── settings.json    # Configuration
+│   └── statusline.sh    # Terminal statusline
+├── ai_context/
+│   ├── plans/           # Implementation plans
+│   ├── reports/         # Agent outputs
+│   ├── codebase/        # Indexed source code
+│   └── memory/          # Learning & decisions
+├── CLAUDE.md            # Framework instructions
+└── README.md            # User guide
 ```
 
-## Requirements
-
-- Node.js >= 18.0.0
-- Claude Code CLI
-- Python 3.8+ (optional, for security skills)
+---
 
 ## Examples
 
-### Example 1: New Project Setup
+### New Project
+
 ```bash
-mkdir my-project
-cd my-project
+mkdir my-app && cd my-app
 npx ai-sprint-kit init
 claude
-/auto "build REST API for todo app"
+/auto "build e-commerce API with Stripe integration"
 ```
 
-### Example 2: Add to Existing Project
+### Existing Project
+
 ```bash
-cd existing-project
-npx ai-sprint-kit init
+cd my-existing-project
+npx ai-sprint-kit init --scan
 claude
-/secure  # Scan existing code
-/review  # Review code quality
+/review   # Analyze code quality
+/secure   # Find vulnerabilities
 ```
 
-### Example 3: Security-Focused Development
+### Security-First Development
+
 ```bash
-npx ai-sprint-kit init
-claude
 /plan "implement payment processing"
-/code "implement with PCI DSS compliance"
-/secure  # Comprehensive security scan
-/review  # Security-focused review
+/code "build with PCI DSS compliance"
+/secure   # Comprehensive scan
+/validate # Pre-commit checks
 ```
 
-## Troubleshooting
+---
 
-### "Command not found: ai-sprint"
-```bash
-# Use npx instead
-npx ai-sprint-kit init
+## Requirements
 
-# Or install globally
-npm install -g ai-sprint-kit
-```
+- **Node.js** >= 18.0.0
+- **Claude Code** CLI installed
+- **Python 3.8+** (optional, for advanced security skills)
 
-### ".claude/ already exists"
-```bash
-# Use --force to overwrite
-npx ai-sprint-kit init --force
-```
+---
 
-### "Python dependencies failed"
-```bash
-# Install manually
-cd .claude/skills
-python3 -m venv .venv
-source .venv/bin/activate  # or .venv\Scripts\activate on Windows
-pip install -r requirements.txt
-```
+## CLI Reference
+
+| Command | Description |
+|---------|-------------|
+| `ai-sprint init` | Install framework |
+| `ai-sprint scan` | Index codebase |
+| `ai-sprint list` | Show agents & commands |
+
+---
 
 ## Contributing
 
-Contributions welcome! Please:
+Contributions welcome!
+
 1. Fork the repository
 2. Create a feature branch
 3. Make your changes
 4. Submit a pull request
 
-## License
+---
+
+## Links
+
+- [npm Package](https://www.npmjs.com/package/ai-sprint-kit)
+- [GitHub Repository](https://github.com/apiasak/ai-sprint-kit)
+- [Issues](https://github.com/apiasak/ai-sprint-kit/issues)
+- [Framework Documentation](./templates/README.md)
 
-MIT License - see LICENSE file
+---
+
+## License
 
-## Support
+**PolyForm Noncommercial 1.0.0** - Free for personal and non-commercial use. See [LICENSE](./LICENSE) file.
 
-- Issues: [GitHub Issues](https://github.com/yourusername/ai-sprint-kit/issues)
-- Documentation: [Framework README](./templates/README.md)
+**Not permitted:** Commercial use, resale, or incorporation into commercial products.
 
 ---
 
-**Made with ❤️ for autonomous developers**
+<p align="center">
+  <strong>Built for developers who want to ship faster, safer, and smarter.</strong>
+</p>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-sprint-kit",
-  "version": "1.1.1",
+  "version": "1.1.7",
   "description": "CLI installer for autonomous coding agent framework - security-first, production-grade Claude Code setup",
   "main": "lib/installer.js",
   "bin": {
@@ -21,8 +21,8 @@
     "code-generation",
     "ai-sprint"
   ],
-  "author": "Your Name",
-  "license": "MIT",
+  "author": "Apipoj Piasak <https://data-espresso.com>",
+  "license": "PolyForm-Noncommercial-1.0.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/apiasak/ai-sprint-kit.git"

package/templates/.claude/commands/auto.md

@@ -3,83 +3,148 @@ description: Automatic full development cycle (plan → code → test → review
 argument-hint: [feature description]
 ---
 
-## Command: /auto
+**ULTRATHINK** - Execute complete autonomous development workflow.
 
-Execute complete autonomous development workflow from planning to deployment-ready code.
+**Objective:** $ARGUMENTS
 
-## Usage
+## MANDATORY Workflow Execution
+
+**CRITICAL:** You MUST execute each phase in order. Do NOT skip to coding.
+
+---
+
+### Phase 1: Planning (MANDATORY - Execute First)
+
+**⚠️ STOP! Before ANY code, execute `/plan` command:**
 
 ```
-/auto "implement user authentication"
-/auto "add payment processing with Stripe"
-/auto "create REST API for products"
+/plan "$ARGUMENTS"
 ```
 
-## Workflow
+The `/plan` command will:
+1. Research best practices and approaches
+2. Ask clarifying questions if needed
+3. Create implementation plan with architecture
+4. Save plan to `ai_context/plans/`
 
-### 1. Plan
-- Research approaches
-- Create implementation plan
-- Define architecture
+**Validation Gate:** Plan MUST exist before proceeding.
+- Check: `ai_context/plans/` has new plan directory
+- If NO plan exists → STOP and run `/plan` first
 
-### 2. Implement
-- Generate production code
-- Follow security best practices
-- Handle errors properly
+---
 
-### 3. Test
-- Generate unit tests
-- Generate integration tests
-- Ensure >80% coverage
+### Phase 2: Implementation
 
-### 4. Review
-- Code quality analysis
-- Best practices check
-- Refactoring suggestions
+Only after plan exists, execute:
+```
+/code "implement the plan at ai_context/plans/{plan-path}"
+```
 
-### 5. Security Scan
-- SAST scanning
-- Secret detection
-- Dependency check
+**Requirements:**
+- Follow the plan phases step by step
+- Generate production-quality code
+- Follow security best practices (OWASP Top 10)
+- Handle errors properly (no silent failures)
 
-### 6. Documentation
-- Update README
-- Generate API docs
-- Add code comments
+---
 
-## Human-in-the-Loop Gates
+### Phase 3: Testing
 
-You will be asked to approve:
-- Deployment actions
-- Infrastructure changes
-- Security vulnerability fixes
+After implementation, execute:
+```
+/test
+```
 
-## Output
+**Requirements:**
+- Generate unit tests for business logic
+- Generate integration tests for APIs
+- Ensure >80% code coverage
+- All tests must pass
 
-Complete, deployment-ready feature:
-- ✅ Implemented code
-- ✅ Passing tests (>80% coverage)
-- ✅ Security validated
-- ✅ Code reviewed
-- ✅ Documented
+**Validation Gate:** Tests must pass before proceeding.
+- If tests fail → Fix issues → Rerun `/test`
+- Do NOT proceed with failing tests
 
-## Success Criteria
+---
+
+### Phase 4: Code Review
+
+After tests pass, execute:
+```
+/review
+```
+
+**Requirements:**
+- Code quality analysis (YAGNI, KISS, DRY)
+- Best practices verification
+- No critical issues allowed
 
-- All tests pass
-- No critical security issues
-- Code review approved
-- Documentation updated
+**Validation Gate:** Review must pass.
+- If critical issues → Fix → Rerun `/review`
 
-## Estimated Time
+---
+
+### Phase 5: Security Scan
+
+After review passes, execute:
+```
+/secure
+```
+
+**Requirements:**
+- SAST scanning for vulnerabilities
+- Secret detection (no hardcoded credentials)
+- Dependency vulnerability check
 
-- Simple features: 5-15 minutes
-- Medium features: 15-45 minutes
-- Complex features: 45+ minutes
+**Validation Gate:** No high/critical security issues.
+- If issues found → Fix → Rerun `/secure`
 
-## Next Steps
+---
+
+### Phase 6: Documentation
+
+After security passes, execute:
+```
+/docs
+```
+
+**Requirements:**
+- Update relevant documentation
+- Add code comments where needed
+- Generate API docs if applicable
+
+---
+
+## Human-in-the-Loop Gates
+
+Pause and ask for approval before:
+- Deployment actions
+- Infrastructure changes
+- Critical security vulnerability fixes
+- Database schema migrations
+
+## Success Criteria
 
-After /auto completion:
-1. Review generated code
-2. Test manually if needed
-3. Commit and push
-4. Deploy (with /deploy if needed)
+All gates must pass:
+- ✅ Plan created and approved
+- ✅ Code implemented per plan
+- ✅ Tests passing (>80% coverage)
+- ✅ Code review approved
+- ✅ Security scan clean
+- ✅ Documentation updated
+
+## Final Report
+
+After all phases complete, provide summary:
+1. What was implemented
+2. Test coverage achieved
+3. Security scan results
+4. Files created/modified
+5. Next steps (commit, deploy)
+
+## REMEMBER
+
+- **Phase 1 is MANDATORY** - Always run `/plan` first
+- **No skipping** - Execute each phase in order
+- **Validation gates** - Do not proceed if a gate fails
+- **Fix and retry** - If any phase fails, fix issues and rerun

package/templates/.claude/commands/code.md

@@ -1,32 +1,47 @@
 ---
 description: Generate or refactor code with best practices and security
-argument-hint: [what to build or refactor]
+argument-hint: [plan-path or task description]
 ---
 
-## Command: /code
+**THINK HARDER** - Follow plan or implement with security-first approach.
 
-Generate production-grade code or refactor existing code following best practices, security guidelines, and design patterns.
+**Objective:** $ARGUMENTS
 
-## Usage
+## Workflow
 
-```
-/code "implement user authentication with JWT"
-/code "refactor the payment service to use async/await"
-/code "add input validation to all API endpoints"
-/code "optimize database queries in user service"
-```
+### Step 0: Check for Plan (IMPORTANT)
 
-## Workflow
+**If argument contains a plan path (e.g., `ai_context/plans/...`):**
+1. Read the plan: `plan.md` and `phase-*.md` files
+2. Follow implementation phases in order
+3. Mark phases complete as you progress
+
+**If no plan exists:**
+- Ask: "No plan found. Run `/plan` first or proceed with direct implementation?"
+- If direct implementation requested, continue to Step 1
+
+---
+
+### Step 1: Understand Requirements
 
-### 1. Understand Requirements
+- Read plan phases if available
 - Clarify what needs to be built or refactored
 - Ask questions if requirements unclear
 - Identify affected files and components
 
-### 2. Delegate to Implementer Agent
-- Spawn implementer agent with detailed instructions
-- Agent follows security-first principles
-- Implements with proper error handling
+---
+
+### Step 2: Delegate to Implementer Agent
+
+```
+Task(subagent_type="implementer", prompt="Implement: $ARGUMENTS. Follow security-first principles, YAGNI/KISS/DRY. Handle errors properly.", description="Implement code")
+```
+
+Agent responsibilities:
+- Follow plan phases if provided
+- Security-first implementation
+- Proper error handling
+- Type safety
 
 ### 3. Code Generation
 - Generate clean, maintainable code

package/templates/.claude/commands/debug.md

@@ -3,6 +3,10 @@ description: Investigate and fix bugs with root cause analysis
 argument-hint: [bug description or error message]
 ---
 
+**THINK HARDER** - Systematic root cause analysis requires careful investigation.
+
+**Objective:** $ARGUMENTS
+
 ## Command: /debug
 
 Systematically investigate bugs, perform root cause analysis, and provide fixes with regression tests.

package/templates/.claude/commands/plan.md

@@ -3,55 +3,134 @@ description: Create comprehensive implementation plan with research and architec
 argument-hint: [feature or task description]
 ---
 
-## Command: /plan
+**ULTRATHINK** - Deep thinking mode for comprehensive planning.
 
-Create a detailed implementation plan for the given feature or task.
+**Objective:** $ARGUMENTS
 
-## Usage
+## MANDATORY Workflow
+
+**CRITICAL:** Follow these steps in order. Do NOT skip research.
+
+---
+
+### Step 1: Context & Memory
+
+```bash
+# Get current timestamp (DO NOT guess dates)
+date "+%y%m%d-%H%M"
+```
+
+Check memory for past lessons:
+- Read `ai_context/memory/learning.md` for mistakes to avoid
+- Read `ai_context/memory/decisions.md` for past architectural decisions
+
+---
+
+### Step 2: Clarification
+
+Use `AskUserQuestion` tool if requirements are unclear:
+- Technical constraints?
+- Performance requirements?
+- Security considerations?
+- Integration points?
+
+---
+
+### Step 3: Research (MANDATORY)
+
+**⚠️ Do NOT skip research. Use researcher agent:**
 
 ```
-/plan "implement user authentication with OAuth2"
-/plan "add real-time notifications"
-/plan "refactor database layer for PostgreSQL"
+Task(subagent_type="researcher", prompt="Research best practices and approaches for: $ARGUMENTS. Find: 1) Common patterns 2) Security considerations 3) Potential pitfalls 4) Recommended libraries/tools. Limit to 5 sources.", description="Research task requirements")
 ```
 
-## Workflow
+Research must cover:
+- Industry best practices
+- Security considerations (OWASP if applicable)
+- Common implementation patterns
+- Potential risks and mitigation
 
-1. **Get timestamp** - `date "+%y%m%d-%H%M"` (DO NOT guess dates)
-2. **Check memory** - Read `ai_context/memory/learning.md` for past lessons
-3. **Understand** the requirement
-4. **Ask** clarifying questions if needed
-5. **Delegate** to planner agent
-6. **Research** best practices and approaches
-7. **Create** comprehensive plan in `ai_context/plans/` directory
-8. **Update memory** - Record decisions in `ai_context/memory/decisions.md`
+---
 
-## Plan Contents
+### Step 4: Architecture Planning
 
-- **Overview** - Summary with phases
-- **Architecture** - Technical decisions
-- **Phases** - Step-by-step implementation
-- **Risks** - Potential issues and mitigation
-- **Security** - Security considerations
-- **Success Criteria** - Definition of done
+Use planner agent with research results:
 
-## Output
+```
+Task(subagent_type="planner", prompt="Create implementation plan for: $ARGUMENTS. Use research findings. Include: architecture, phases, risks, security, success criteria.", description="Create implementation plan")
+```
 
-Plan created at: `ai_context/plans/YYMMDD-HHMM-feature-name/`
-- `plan.md` - Main overview
-- `phase-*.md` - Detailed phases
+---
 
-## Memory Integration
+### Step 5: Create Plan Files
 
-Before planning:
-- Check `ai_context/memory/learning.md` for past mistakes to avoid
+Create plan directory: `ai_context/plans/YYMMDD-HHMM-feature-name/`
 
-After planning:
-- Update `ai_context/memory/decisions.md` with key decisions
+**Required files:**
+
+1. **plan.md** - Overview (keep under 80 lines)
+   ```yaml
+   ---
+   title: "Feature name"
+   status: pending
+   created: YYYY-MM-DD
+   ---
+   ```
+   - Summary
+   - Phase list with links
+   - Success criteria
+
+2. **phase-XX-name.md** - Detailed phases
+   - Requirements
+   - Architecture decisions
+   - Implementation steps
+   - Security considerations
+   - Success criteria
+
+3. **research/researcher-report.md** - Research findings
+
+---
+
+### Step 6: Update Memory
+
+After plan creation:
+- Add key decisions to `ai_context/memory/decisions.md`
+- Note any lessons learned
+
+---
+
+## Plan Contents
+
+Every plan must include:
+- **Overview** - What we're building and why
+- **Architecture** - Technical decisions with rationale
+- **Phases** - Step-by-step implementation (ordered)
+- **Risks** - Potential issues and mitigation strategies
+- **Security** - Security considerations and requirements
+- **Success Criteria** - Definition of done
+
+## Output
+
+Plan directory structure:
+```
+ai_context/plans/YYMMDD-HHMM-feature-name/
+├── plan.md           # Overview
+├── phase-01-*.md     # Phase details
+├── phase-02-*.md
+└── research/
+    └── researcher-report.md
+```
 
 ## Next Steps
 
 After plan creation:
-1. Review plan
-2. Approve or request changes
-3. Execute with `/code` or `/auto`
+1. Review plan with user
+2. Get approval or make adjustments
+3. Execute with `/code {plan-path}` or continue `/auto`
+
+## REMEMBER
+
+- **ULTRATHINK** - Take time to think deeply about architecture
+- **Research FIRST** - Always research before planning
+- **No shortcuts** - Complete all steps in order
+- **Memory matters** - Check past lessons, record new decisions

package/templates/.claude/commands/review.md

@@ -3,6 +3,10 @@ description: Comprehensive code quality review and best practices analysis
 argument-hint: [optional: specific file or directory to review]
 ---
 
+**THINK HARDER** - Thorough code review requires careful security and quality analysis.
+
+**Objective:** $ARGUMENTS
+
 ## Command: /review
 
 Perform comprehensive code quality review focusing on security, maintainability, performance, and best practices.