all-for-claudecode 2.5.0 → 2.6.0

package/.claude-plugin/marketplace.json

@@ -6,14 +6,14 @@
   },
   "metadata": {
     "description": "Automated pipeline for Claude Code — spec → plan → implement → review → clean",
-    "version": "2.5.0"
+    "version": "2.6.0"
   },
   "plugins": [
     {
       "name": "afc",
       "source": "./",
       "description": "Automated pipeline for Claude Code. Automates the full development cycle: spec → plan → implement → review → clean.",
-      "version": "2.5.0",
+      "version": "2.6.0",
       "category": "automation",
       "tags": ["pipeline", "automation", "spec", "plan", "implement", "review", "critic-loop"]
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "afc",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "Automated pipeline for Claude Code. Automates the full development cycle: spec → plan → implement → review → clean.",
   "author": { "name": "jhlee0409", "email": "relee6203@gmail.com" },
   "homepage": "https://github.com/jhlee0409/all-for-claudecode",

package/README.md

@@ -122,7 +122,11 @@ Performance: ✓ no N+1 queries
 | `/afc:launch` | Generate release artifacts (changelog, tag, publish) |
 | `/afc:validate` | Verify artifact consistency |
 | `/afc:analyze` | General-purpose code and component analysis |
+| `/afc:qa` | Project quality audit — test confidence, error resilience, code health |
 | `/afc:consult` | Expert consultation (backend, infra, PM, design, marketing) |
+| `/afc:triage` | Analyze open PRs and issues in parallel |
+| `/afc:pr-comment` | Generate structured PR review comments |
+| `/afc:release-notes` | Generate release notes from git history |
 | `/afc:clarify` | Resolve spec ambiguities |
 
 ### Individual Command Examples
@@ -142,6 +146,12 @@ Performance: ✓ no N+1 queries
 
 # Explore and structure a product idea
 /afc:ideate "real-time collaboration feature"
+
+# Triage open PRs and issues
+/afc:triage              # all open PRs + issues
+/afc:triage --pr         # PRs only
+/afc:triage --deep       # deep analysis with diff review
+/afc:triage 42 99        # specific items by number
 ```
 
 ## Hook Events
@@ -161,7 +171,7 @@ Every hook fires automatically — no configuration needed after install.
 | `Notification` | Desktop alerts (macOS/Linux) |
 | `TaskCompleted` | CI gate (shell) + acceptance criteria verification (LLM) |
 | `SubagentStop` | Tracks subagent completion in pipeline log |
-| `UserPromptSubmit` | Injects Phase/Feature context per prompt |
+| `UserPromptSubmit` | Injects Phase/Feature context + drift checkpoint during active pipeline |
 | `PermissionRequest` | Auto-allows CI commands during implement/review |
 | `ConfigChange` | Audits/blocks settings changes during active pipeline |
 | `TeammateIdle` | Prevents Agent Teams idle during implement/review |
@@ -176,7 +186,8 @@ Handler types: `command` (shell scripts, all events), `prompt` (LLM single-turn,
 |---|---|
 | `afc-architect` | Remembers ADR decisions and architecture patterns across sessions. Auto-invoked during Plan (ADR recording) and Review (architecture compliance). |
 | `afc-security` | Remembers vulnerability patterns and false positives across sessions. Auto-invoked during Review (security scanning). Runs in isolated worktree. |
-| `afc-impl-worker` | Parallel implementation worker. Receives pre-assigned tasks from orchestrator. Ephemeral (no memory). |
+| `afc-impl-worker` | Parallel implementation worker. Receives pre-assigned tasks from orchestrator. Ephemeral (no memory). Max 50 turns, auto-approve edits. |
+| `afc-pr-analyst` | PR deep analysis worker for triage. Runs in isolated worktree with diff access. Max 15 turns. |
 
 ## Expert Consultation
 

package/commands/auto.md

@@ -499,7 +499,7 @@ Artifact cleanup and codebase hygiene check after implementation and review:
      ```
    - Create `.claude/afc/memory/quality-history/` directory if it does not exist
 6. **Checkpoint reset**:
-   - Clear `.claude/afc/memory/checkpoint.md` **and** `~/.claude/projects/{ENCODED_PATH}/auto-memory/checkpoint.md` (pipeline complete = session goal achieved, dual-delete prevents stale checkpoint in either location; `ENCODED_PATH` = project path with `/` replaced by `-`)
+   - Clear `.claude/afc/memory/checkpoint.md` **and** `~/.claude/projects/{ENCODED_PATH}/memory/checkpoint.md` (pipeline complete = session goal achieved, dual-delete prevents stale checkpoint in either location; `ENCODED_PATH` = project path with `/` replaced by `-`)
 7. **Timeline finalize**:
    ```bash
    "${CLAUDE_PLUGIN_ROOT}/scripts/afc-pipeline-manage.sh" log pipeline-end "Pipeline complete: {feature}"

package/commands/doctor.md

@@ -59,7 +59,7 @@ Run ALL checks regardless of earlier failures. Do not short-circuit.
 |-------|-----|------|------|
 | Global CLAUDE.md exists | Read `~/.claude/CLAUDE.md` | File exists | ⚠ Warning: no global CLAUDE.md. all-for-claudecode skills won't auto-trigger from intent. Fix: run `/afc:init` |
 | all-for-claudecode block present | Grep for `<!-- AFC:START -->` and `<!-- AFC:END -->` in `~/.claude/CLAUDE.md` | Both markers found | Fix: run `/afc:init` to inject all-for-claudecode block |
-| all-for-claudecode block version | Extract version from `<!-- AFC:VERSION:X.Y.Z -->` in CLAUDE.md. Then read `${CLAUDE_PLUGIN_ROOT}/package.json` to get the actual plugin version. Compare the two. | Block version ≥ plugin version | ⚠ Warning: all-for-claudecode block is outdated (found {block_version}, current {plugin_version}). Fix: run `/afc:init` to update |
+| all-for-claudecode block version | Extract version from `<!-- AFC:VERSION:X.Y.Z -->` in CLAUDE.md. Read `${CLAUDE_PLUGIN_ROOT}/package.json` (`.version`) to get the actual plugin version. Compare the two. | Block version = plugin version | ⚠ Warning: all-for-claudecode block is outdated (found {block_version}, current {plugin_version}). Fix: run `/afc:init` to update |
 | No conflicting routing | Grep for conflicting agent patterns (`executor`, `deep-executor`, `debugger`, `code-reviewer`) outside all-for-claudecode block that could intercept afc intents | No conflicts or conflicts are inside other tool blocks | ⚠ Warning: found agent routing that may conflict with afc skills. Review `~/.claude/CLAUDE.md` |
 
 ### Category 4: Legacy Migration (v1.x → v2.0)
@@ -112,36 +112,56 @@ Run ALL checks regardless of earlier failures. Do not short-circuit.
 
 | Check | How | Pass | Fail |
 |-------|-----|------|------|
-| Version triple match | Compare versions in `package.json`, `.claude-plugin/plugin.json`, `.claude-plugin/marketplace.json` (both `metadata.version` and `plugins[0].version`) | All identical | ✗ Fix: update mismatched files to the same version |
+| Version triple match | Compare versions in `package.json` (`.version`), `.claude-plugin/plugin.json` (`.version`), `.claude-plugin/marketplace.json` (`.metadata.version` and `.plugins[0].version`) | All identical | ✗ Fix: update mismatched files to the same version |
 | Cache in sync | Compare `commands/auto.md` content between source and `~/.claude/plugins/cache/all-for-claudecode/afc/{version}/commands/auto.md` | Content matches | ⚠ Warning: plugin cache is stale. Fix: copy source files to cache directory |
 
+### Category 9: Command Definitions (development only)
+
+> Only run if current directory is the all-for-claudecode source repo (same condition as Category 8).
+
+| Check | How | Pass | Fail |
+|-------|-----|------|------|
+| Frontmatter exists | Each `commands/*.md` file has opening and closing `---` block | All files have frontmatter | ✗ Fix: add YAML frontmatter block to `commands/{file}.md` |
+| Required fields | Each command frontmatter contains `name:` and `description:` | All files have both fields | ✗ Fix: add missing `name:` or `description:` to `commands/{file}.md` |
+| Name-filename match | `name:` value follows `afc:{filename}` pattern (e.g. `auto.md` → `name: afc:auto`) | All names match filenames | ✗ Fix: rename `name:` field in `commands/{file}.md` to `afc:{filename}` |
+| Fork-agent reference | Commands with `context: fork` and `agent:` field reference a file that exists in `agents/` (e.g. `agent: afc-architect` → `agents/afc-architect.md` exists) | All agent references resolve | ✗ Fix: create missing agent file `agents/{name}.md` or fix `agent:` field in `commands/{file}.md` |
+
+### Category 10: Agent Definitions (development only)
+
+> Only run if current directory is the all-for-claudecode source repo (same condition as Category 8).
+
+| Check | How | Pass | Fail |
+|-------|-----|------|------|
+| Frontmatter exists | Each `agents/*.md` file has opening and closing `---` block | All files have frontmatter | ✗ Fix: add YAML frontmatter block to `agents/{file}.md` |
+| Required fields | Each agent frontmatter contains `name:`, `description:`, and `model:` | All files have all 3 fields | ✗ Fix: add missing field to `agents/{file}.md` |
+| Name-filename match | `name:` value equals the filename without extension (e.g. `afc-architect.md` → `name: afc-architect`) | All names match filenames | ✗ Fix: rename `name:` field in `agents/{file}.md` to match filename |
+| Expert memory | All 8 expert consultation agents (`afc-backend-expert`, `afc-infra-expert`, `afc-pm-expert`, `afc-design-expert`, `afc-marketing-expert`, `afc-legal-expert`, `afc-appsec-expert`, `afc-tech-advisor`) have `memory: project` | All experts have memory field | ✗ Fix: add `memory: project` to `agents/{name}.md` frontmatter |
+| Worker maxTurns | `afc-impl-worker` and `afc-pr-analyst` have `maxTurns:` field | Both workers have maxTurns | ✗ Fix: add `maxTurns:` to `agents/{name}.md` frontmatter |
+
+### Category 11: Doc References (development only)
+
+> Only run if current directory is the all-for-claudecode source repo (same condition as Category 8).
+
+| Check | How | Pass | Fail |
+|-------|-----|------|------|
+| Referenced docs exist | Scan commands and agents for file references to `docs/` (e.g. `docs/critic-loop-rules.md`, `docs/phase-gate-protocol.md`). Each referenced file must exist. | All referenced docs found | ✗ Fix: create missing `docs/{file}.md` or fix the reference |
+| Domain adapters exist | `docs/domain-adapters/` directory contains at least one `.md` file | ≥ 1 adapter file found | ✗ Fix: add domain adapter files to `docs/domain-adapters/` |
+
 ---
 
 ## Execution
 
-1. Print header:
+1. Run the automated health check script:
    ```
-   all-for-claudecode Doctor
-   =======================
+   "${CLAUDE_PLUGIN_ROOT}/scripts/afc-doctor.sh" $ARGUMENTS
    ```
+   This covers Categories 1-8 automatically.
 
-2. Run each category in order. For each check:
-   - Print `  ✓ {check name}` on pass
-   - Print `  ⚠ {check name}: {brief reason}` on warning
-   - Print `  ✗ {check name}: {brief reason}` on fail
-   - On fail/warning, print `    Fix: {command}` indented below
+2. Print the script's stdout output as-is (already formatted with pass/warn/fail markers).
 
-3. If `--verbose` is in `$ARGUMENTS`:
-   - Print additional details for each check (command output, file paths, versions found)
+3. If in the source repo (package.json `name` = `"all-for-claudecode"`), continue with Categories 9-11 manually using the check tables above.
 
-4. Print summary:
-   ```
-   ─────────────────────────
-   Results: {pass} passed, {warn} warnings, {fail} failures
-   ```
-   - If all pass: `No issues found!`
-   - If warnings only: `{N} warnings found. Non-blocking but review recommended.`
-   - If any failures: `{N} issues need attention. Run the Fix commands above.`
+4. Print combined summary (script summary + any additional findings from Categories 9-11).
 
 ## Example Output
 
@@ -178,8 +198,29 @@ Hook Health
   ✓ All scripts exist
   ✓ All scripts executable
 
+Version Sync (dev)
+  ✓ Version triple match
+  ✓ Cache in sync
+
+Command Definitions (dev)
+  ✓ Frontmatter exists (25 files)
+  ✓ Required fields present
+  ✓ Name-filename match
+  ✓ Fork-agent references valid
+
+Agent Definitions (dev)
+  ✓ Frontmatter exists (12 files)
+  ✓ Required fields present
+  ✓ Name-filename match
+  ✓ Expert memory configured (8/8)
+  ✓ Worker maxTurns configured (2/2)
+
+Doc References (dev)
+  ✓ Referenced docs exist
+  ✓ Domain adapters exist (3 files)
+
 ─────────────────────────
-Results: 14 passed, 2 warnings, 0 failures
+Results: 28 passed, 2 warnings, 0 failures
 2 warnings found. Non-blocking but review recommended.
 ```
 
@@ -189,4 +230,4 @@ Results: 14 passed, 2 warnings, 0 failures
 - **Always run all checks**: do not stop on first failure. The full picture is the value.
 - **Actionable fixes**: every non-pass result must include a Fix line. Never report a problem without a solution.
 - **Fast execution**: skip CI/gate command checks if `--fast` is in arguments (these are the slowest checks).
-- **Development checks**: Category 7 (Version Sync) only runs when inside the all-for-claudecode source repo.
+- **Development checks**: Categories 8–11 (Version Sync, Command Definitions, Agent Definitions, Doc References) only run when inside the all-for-claudecode source repo.

package/commands/init.md

@@ -41,10 +41,12 @@ Before anything else, detect and migrate v1.x (selfish-pipeline) artifacts:
   - Rename: `mv .claude/selfish .claude/afc`
   - Print: `Migrated: .claude/selfish/ → .claude/afc/`
 
-**D. Git tag migration**
-- Check `git tag -l 'selfish/pre-*' 'selfish/phase-*'`
-- If any found: rename each tag (`git tag afc/... selfish/... && git tag -d selfish/...`)
-- Print: `Migrated: {count} git tags (selfish/* → afc/*)`
+**D. Git tag cleanup**
+- Check `git tag -l 'selfish/*'`
+- If any found:
+  - Known patterns (`selfish/pre-*`, `selfish/phase-*`): rename to `afc/` equivalent (`git tag afc/... selfish/... && git tag -d selfish/...`)
+  - All remaining `selfish/*`: delete (`git tag -d`)
+- Print: `Migrated: {renamed} renamed, {deleted} deleted`
 
 ### 2. Check for Existing Config
 
@@ -237,9 +239,11 @@ Classify the user's intent and route to the matching skill. Use semantic underst
 | Test | `afc:test` | User wants to write tests, improve coverage, or verify behavior |
 | Validate | `afc:validate` | User wants to check consistency or validate existing pipeline artifacts |
 | Analyze | `afc:analyze` | User wants to understand, explore, or audit existing code without modifying it |
+| QA Audit | `afc:qa` | User wants project quality audit, test confidence check, or runtime quality gaps |
 | Research | `afc:research` | User wants deep investigation of external tools, libraries, APIs, or technical concepts |
 | Ideate | `afc:ideate` | User wants to brainstorm ideas, explore possibilities, or draft a product brief |
 | Consult | `afc:consult` | User wants expert advice on a decision: library choice, architecture direction, legal/security/infra guidance |
+| Launch | `afc:launch` | User wants to prepare a release — generate changelog, release notes, version bump, or tag |
 | Tasks | `afc:tasks` | User explicitly wants to decompose work into a task breakdown |
 | Ambiguous | `afc:clarify` | User's request is too vague or underspecified to route confidently |
 
@@ -250,7 +254,6 @@ Classify the user's intent and route to the matching skill. Use semantic underst
 3. **Design-first**: When scope is non-trivial (multiple files, architectural decisions needed), prefer `afc:auto` or `afc:plan` over direct `afc:implement`.
 
 User-only (not auto-triggered — inform user on request):
-- `afc:launch` — inform user when release artifact generation is requested
 - `afc:doctor` — inform user when health check is requested
 - `afc:architect` — inform user when architecture review is requested
 - `afc:security` — inform user when security scan is requested

package/commands/qa.md

@@ -0,0 +1,191 @@
+---
+name: afc:qa
+description: "Project quality audit — detect gaps between structure and runtime behavior"
+argument-hint: "[scope: all, tests, errors, coverage, or specific concern]"
+user-invocable: true
+context: fork
+allowed-tools:
+  - Read
+  - Grep
+  - Glob
+  - Bash
+model: sonnet
+---
+
+# /afc:qa — Project Quality Audit
+
+> Detects quality gaps between structural correctness and actual runtime behavior.
+> **Read-only** — does not modify any files. Reports findings to console only.
+
+## Arguments
+
+- `$ARGUMENTS` — (optional) scope of audit. Defaults to `all`.
+  - `all` — run all 5 categories
+  - `tests` — category A only (Test Confidence)
+  - `errors` — category B only (Error Resilience)
+  - `coverage` — categories A + D (Test Confidence + API & Contract Safety)
+  - Or a free-form concern (e.g., "are error messages user-friendly", "check for dead exports")
+
+## Config Load
+
+**Always** read `.claude/afc.config.md` first. This file contains free-form markdown sections:
+- `## Architecture` — architecture pattern, layers, import rules
+- `## Code Style` — language, naming conventions, lint rules
+- `## CI Commands` — test, lint, gate commands (YAML)
+- `## Project Context` — framework, state management, testing strategy
+
+If config file is missing: read `CLAUDE.md` for project info. Proceed without config if neither exists.
+
+## Audit Categories
+
+### A. Test Confidence
+
+Evaluate whether the test suite actually catches regressions.
+
+Checks:
+- **Assertion density**: ratio of assertions to test functions (low ratio = weak tests)
+- **Test-to-code ratio**: test LOC vs source LOC per layer (guided by `{config.architecture}`)
+- **Mock overuse**: tests that mock so much they only test the mock setup
+- **Runtime verification**: execute `{config.test}` and analyze output (pass/fail counts, skipped tests, timing)
+- **Missing coverage**: source files/modules with zero test coverage
+
+### B. Error Resilience
+
+Evaluate whether errors are handled consistently and helpfully.
+
+Checks:
+- **Catch consistency**: unhandled promise rejections, empty catch blocks, swallowed errors
+- **Error propagation**: errors that lose context through the call chain
+- **User-facing messages**: cryptic error strings, raw stack traces exposed to users
+- **Boundary validation**: missing input validation at API/CLI/form boundaries
+- Apply `{config.code_style}` error handling rules if available
+
+### C. Build & CI Integrity
+
+Evaluate whether CI pipeline is healthy and reproducible.
+
+Checks:
+- **CI execution**: run `{config.ci}` and `{config.gate}` commands, verify they pass
+- **Lock file integrity**: lock file present, consistent with manifest (package.json vs lock, etc.)
+- **Unused dependencies**: declared but never imported packages
+- **Build reproducibility**: environment-dependent paths, hardcoded secrets, missing env vars
+
+### D. API & Contract Safety
+
+Evaluate whether interfaces between modules are sound.
+
+Checks:
+- **Type mismatches**: function signatures vs actual usage at call sites
+- **Dead exports**: exported symbols never imported elsewhere
+- **Deprecated usage**: calls to deprecated APIs (internal or external)
+- **Layer boundary violations**: imports that cross architecture boundaries (guided by `{config.architecture}`)
+
+### E. Code Health Signals
+
+Evaluate general code quality indicators.
+
+Checks:
+- **Complexity hotspots**: deeply nested logic, functions exceeding ~50 LOC
+- **Duplication**: near-identical code blocks across files
+- **Magic numbers/strings**: unexplained literals in logic
+- **TODO/FIXME accumulation**: stale markers (count, age if git history available)
+- Compare against `{config.code_style}` rules if available
+
+## Execution Steps
+
+### 1. Load Config
+
+Read `.claude/afc.config.md` (or fallback to `CLAUDE.md`). Extract:
+- Test command (`{config.test}`)
+- CI/gate commands (`{config.ci}`, `{config.gate}`)
+- Architecture layers (`{config.architecture}`)
+- Code style rules (`{config.code_style}`)
+
+### 2. Parse Scope
+
+Interpret `$ARGUMENTS` to determine which categories to run:
+
+| Argument | Categories |
+|----------|-----------|
+| `all` or empty | A, B, C, D, E |
+| `tests` | A |
+| `errors` | B |
+| `coverage` | A, D |
+| free-form text | best-matching subset |
+
+### 3. Lightweight Runtime
+
+Run commands that produce real output:
+- `{config.test}` — capture pass/fail/skip counts and timing
+- `{config.gate}` or `{config.ci}` — capture exit code and output
+
+Only run commands that exist in config. Skip gracefully if not configured.
+
+### 4. Codebase Scan
+
+For each active category:
+1. Use Glob to discover relevant files
+2. Use Grep for pattern-based detection (empty catches, TODO markers, etc.)
+3. Use Read for targeted inspection of flagged files
+4. Cross-reference findings against `{config.architecture}` layer structure
+
+### 5. Critic Loop
+
+Apply `docs/critic-loop-rules.md` with **safety cap: 3 rounds**.
+
+Focus the critic on:
+- Are the findings actionable or just noise?
+- Did I miss obvious quality gaps?
+- Are severity ratings justified by evidence?
+
+### 6. Console Report
+
+Output the final report in this format:
+
+```markdown
+## QA Audit: {project name or directory}
+
+### Category A: Test Confidence
+{findings with file:line references}
+Verdict: PASS | WARN | FAIL
+
+### Category B: Error Resilience
+{findings with file:line references}
+Verdict: PASS | WARN | FAIL
+
+### Category C: Build & CI Integrity
+{findings with file:line references}
+Verdict: PASS | WARN | FAIL
+
+### Category D: API & Contract Safety
+{findings with file:line references}
+Verdict: PASS | WARN | FAIL
+
+### Category E: Code Health Signals
+{findings with file:line references}
+Verdict: PASS | WARN | FAIL
+
+### Summary
+├─ A: Test Confidence    — {PASS|WARN|FAIL} {(N issues) if any}
+├─ B: Error Resilience   — {PASS|WARN|FAIL} {(N issues) if any}
+├─ C: Build & CI         — {PASS|WARN|FAIL} {(N issues) if any}
+├─ D: API & Contract     — {PASS|WARN|FAIL} {(N issues) if any}
+└─ E: Code Health        — {PASS|WARN|FAIL} {(N issues) if any}
+
+Total: {N} PASS, {N} WARN, {N} FAIL
+Priority fixes: {top 3 most impactful issues}
+```
+
+## Verdict Criteria
+
+- **PASS** — no issues found, or only cosmetic observations
+- **WARN** — issues found but not blocking; quality could degrade over time
+- **FAIL** — critical gaps that likely cause bugs, outages, or security issues
+
+## Notes
+
+- **Read-only**: Do not modify any files. Report only.
+- **Evidence-based**: Every finding must include a `file:line` reference or command output.
+- **Config-aware**: Adapt checks to the project's declared architecture and conventions.
+- **Scope discipline**: Only run categories matching the requested scope.
+- **Not a linter**: Focus on semantic quality gaps that automated tools miss.

package/commands/resume.md

@@ -22,7 +22,7 @@ allowed-tools:
 ### 1. Load Checkpoint
 
 Read `.claude/afc/memory/checkpoint.md`:
-- If not found: check **auto-memory fallback** — read `~/.claude/projects/{ENCODED_PATH}/auto-memory/checkpoint.md` (where `ENCODED_PATH` = project path with `/` replaced by `-`):
+- If not found: check **auto-memory fallback** — read `~/.claude/projects/{ENCODED_PATH}/memory/checkpoint.md` (where `ENCODED_PATH` = project path with `/` replaced by `-`):
   - If fallback found: use it as the checkpoint source (auto-memory is written by `pre-compact-checkpoint.sh` during context compaction)
   - If fallback also not found: output "No saved checkpoint found. Use `/afc:checkpoint` to create one, or checkpoints are created automatically on context compaction." then **stop**
 - If found: parse the full contents (extract branch, commit hash, pipeline feature, task progress, modified files)

package/docs/phase-gate-protocol.md

@@ -34,7 +34,7 @@ Quantitatively inspect changed files within the Phase against `{config.code_styl
 After passing the Phase gate, automatically save session state:
 
 1. Create `.claude/afc/memory/` directory if it does not exist
-2. Write/update `.claude/afc/memory/checkpoint.md` **and** `~/.claude/projects/{ENCODED_PATH}/auto-memory/checkpoint.md` (dual-write for compaction resilience — `ENCODED_PATH` = project path with `/` replaced by `-`):
+2. Write/update `.claude/afc/memory/checkpoint.md` **and** `~/.claude/projects/{ENCODED_PATH}/memory/checkpoint.md` (dual-write for compaction resilience — `ENCODED_PATH` = project path with `/` replaced by `-`):
 
 ```markdown
 # Phase Gate Checkpoint

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "all-for-claudecode",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "Claude Code plugin that automates the full dev cycle — spec, plan, implement, review, clean.",
   "bin": {
     "all-for-claudecode": "bin/cli.mjs"
@@ -35,9 +35,11 @@
   },
   "scripts": {
     "lint": "shellcheck -x --source-path=scripts --severity=warning scripts/*.sh && bash scripts/afc-schema-validate.sh --all && bash scripts/afc-consistency-check.sh",
+    "qa": "bash scripts/afc-qa-audit.sh",
     "test": "vendor/shellspec/shellspec",
-    "test:all": "npm run lint && npm run test",
-    "setup:test": "bash scripts/install-shellspec.sh"
+    "test:all": "npm run lint && npm run qa && npm run test",
+    "setup:test": "bash scripts/install-shellspec.sh",
+    "sync:cache": "bash scripts/afc-sync-cache.sh"
   },
   "engines": {
     "node": ">=18"

package/scripts/afc-bash-guard.sh

@@ -14,15 +14,15 @@ cleanup() {
 }
 trap cleanup EXIT
 
+# Consume stdin immediately (prevents SIGPIPE if exiting early)
+INPUT=$(cat)
+
 # If pipeline is inactive -> allow
 if ! afc_state_is_active; then
   printf '{"hookSpecificOutput":{"permissionDecision":"allow"}}\n'
   exit 0
 fi
 
-# Parse tool input from stdin
-INPUT=$(cat)
-
 # If stdin is empty -> allow
 if [ -z "$INPUT" ]; then
   printf '{"hookSpecificOutput":{"permissionDecision":"allow"}}\n'

package/scripts/afc-config-change.sh

@@ -48,6 +48,14 @@ FILE_PATH=$(printf '%s' "$FILE_PATH" | head -1 | tr -d '\n\r' | cut -c1-500)
 
 TIMESTAMP="$(date '+%Y-%m-%d %H:%M:%S')"
 
+# Auto-rotate if audit log exceeds 1 MB
+if [ -f "$AUDIT_LOG" ]; then
+  LOG_SIZE=$(wc -c < "$AUDIT_LOG" | tr -d ' ')
+  if [ "$LOG_SIZE" -ge 1048576 ]; then
+    mv "$AUDIT_LOG" "${AUDIT_LOG}.1"
+  fi
+fi
+
 # policy_settings changes are logged only (not blocked)
 if [ "$SOURCE" = "policy_settings" ]; then
   printf '[%s] source=%s path=%s\n' "$TIMESTAMP" "$SOURCE" "$FILE_PATH" >> "$AUDIT_LOG"

package/scripts/afc-consistency-check.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 
 # afc-consistency-check.sh — Cross-reference validation for project consistency
-# Checks: config placeholders, agent names, hook scripts, test coverage
+# Checks: config placeholders, agent names, hook scripts, test coverage, command docs
 # Run as part of: npm run lint
 
 # shellcheck disable=SC2329
@@ -32,6 +32,15 @@ ok() {
   printf "[afc:consistency] ✓ %s\n" "$1"
 }
 
+# Extract a field value from command file YAML frontmatter
+get_cmd_field() {
+  local file="$1" field="$2"
+  awk '/^---$/{n++; next} n==1{print} n>=2{exit}' "$file" \
+    | grep "^${field}:" \
+    | sed "s/^${field}:[[:space:]]*//" \
+    | tr -d '"' | head -1 || true
+}
+
 # --- Check 1: Config Placeholder Validation ---
 # Verify all {config.*} references in commands/ and docs/ map to known config keys
 
@@ -240,30 +249,59 @@ check_phase_ssot() {
     fi
   done
 
-  # Sub-check B: Every command name should map to a valid phase or be a known non-phase command
-  # Non-phase commands that are not pipeline phases
-  # NOTE: Update this list when adding non-phase commands to commands/
-  local non_phase_cmds="auto|init|doctor|principles|checkpoint|resume|launch|ideate|research|architect|security|debug|analyze|validate|test|consult|triage|pr-comment|release-notes"
+  if [ "$issues" -eq 0 ]; then
+    ok "Phase SSOT: no hardcoded phase lists in scripts"
+  fi
+}
+
+# --- Check 7: Command Documentation Cross-Reference ---
+# Verify commands are documented in README.md, init.md, and CLAUDE.md
+
+check_command_docs() {
   local commands_dir="$PROJECT_DIR/commands"
-  if [ -d "$commands_dir" ]; then
-    for cmd_file in "$commands_dir"/*.md; do
-      [ -f "$cmd_file" ] || continue
-      local cmd_name
-      cmd_name=$(basename "$cmd_file" .md)
-      # Skip known non-phase commands
-      if printf '%s\n' "$non_phase_cmds" | tr '|' '\n' | grep -qxF "$cmd_name"; then
-        continue
+  [ -d "$commands_dir" ] || return
+
+  local readme="$PROJECT_DIR/README.md"
+  local init_cmd="$commands_dir/init.md"
+  local claude_md="$PROJECT_DIR/CLAUDE.md"
+  local issues=0
+
+  for cmd_file in "$commands_dir"/*.md; do
+    [ -f "$cmd_file" ] || continue
+    local cmd_name
+    cmd_name=$(basename "$cmd_file" .md)
+
+    # Sub-check A: README.md should mention /afc:{name}
+    if [ -f "$readme" ]; then
+      if ! grep -qE "/afc:${cmd_name}([^a-z0-9-]|$)" "$readme" 2>/dev/null; then
+        warn "Command '$cmd_name' missing from README.md command table"
+        issues=$((issues + 1))
       fi
-      # Remaining commands should correspond to a valid phase
-      if ! afc_is_valid_phase "$cmd_name"; then
-        warn "Command '$cmd_name' is not a recognized phase in AFC_VALID_PHASES and not in non-phase list"
+    fi
+
+    # Sub-check B: init.md should mention afc:{name} for user-invocable commands
+    local invocable
+    invocable=$(get_cmd_field "$cmd_file" "user-invocable")
+    if [ "$invocable" != "false" ] && [ -f "$init_cmd" ]; then
+      if ! grep -qE "afc:${cmd_name}([^a-z0-9-]|$)" "$init_cmd" 2>/dev/null; then
+        warn "Command '$cmd_name' missing from init.md skill routing"
         issues=$((issues + 1))
       fi
-    done
-  fi
+    fi
+
+    # Sub-check C: CLAUDE.md fork list for context:fork commands
+    local ctx
+    ctx=$(get_cmd_field "$cmd_file" "context")
+    if [ "$ctx" = "fork" ] && [ -f "$claude_md" ]; then
+      if ! grep "context: fork" "$claude_md" 2>/dev/null | grep -qE "([(, ])${cmd_name}([,) ]|$)"; then
+        warn "Command '$cmd_name' (context:fork) missing from CLAUDE.md fork list"
+        issues=$((issues + 1))
+      fi
+    fi
+  done
 
   if [ "$issues" -eq 0 ]; then
-    ok "Phase SSOT: no hardcoded lists, all commands map to valid phases"
+    ok "Command docs: all commands referenced in README.md, init.md, CLAUDE.md"
   fi
 }
 
@@ -277,6 +315,7 @@ check_hook_scripts
 check_test_coverage
 check_version_sync
 check_phase_ssot
+check_command_docs
 
 printf "\n[afc:consistency] Done: %d errors, %d warnings\n" "$ERRORS" "$WARNINGS"
 

package/scripts/afc-dag-validate.sh

@@ -100,7 +100,7 @@ dfs_check() {
     if [ "$color" = "0" ]; then
       printf '1' > "$color_file"
 
-      neighbors="$(grep -E "^${current}\t" "$EDGES_FILE" | cut -f2 || true)"
+      neighbors="$(grep -E "^${current}	" "$EDGES_FILE" | cut -f2 || true)"
       if [ -n "$neighbors" ]; then
         while IFS= read -r neighbor; do
           [ -z "$neighbor" ] && continue