bigpowers 2.39.0 → 2.40.0

package/.pi/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bigpowers",
-  "version": "2.39.0",
+  "version": "2.40.0",
   "description": "71 skills — 70 agent skills for spec-driven, test-first software development by solo developers",
   "keywords": [
     "pi-package"

package/.pi/prompts/release-branch.md

@@ -44,6 +44,13 @@ git log main...HEAD --oneline | grep -vE "^[a-f0-9]+ (feat|fix|docs|style|refact
 
 - [ ] Overall coverage ≥ 80%; business logic coverage ≥ 95%
 
+### 2a. Security gate
+
+- [ ] `specs/security/REVIEW.md` exists and is fresh (matches current branch diff)
+- [ ] No unresolved HIGH findings with confidence ≥ 8 (or all documented in `specs/security/EXCEPTIONS.md` with sign-off rationale)
+
+If REVIEW.md is missing or stale → run `security-review` inline. Findings block the merge unless documented in EXCEPTIONS.md.
+
 ### 3. Diff review
 
 - [ ] All commits intentional, no secrets, CONVENTIONS.md compliance

package/.pi/skills/release-branch/SKILL.md

@@ -46,6 +46,13 @@ git log main...HEAD --oneline | grep -vE "^[a-f0-9]+ (feat|fix|docs|style|refact
 
 - [ ] Overall coverage ≥ 80%; business logic coverage ≥ 95%
 
+### 2a. Security gate
+
+- [ ] `specs/security/REVIEW.md` exists and is fresh (matches current branch diff)
+- [ ] No unresolved HIGH findings with confidence ≥ 8 (or all documented in `specs/security/EXCEPTIONS.md` with sign-off rationale)
+
+If REVIEW.md is missing or stale → run `security-review` inline. Findings block the merge unless documented in EXCEPTIONS.md.
+
 ### 3. Diff review
 
 - [ ] All commits intentional, no secrets, CONVENTIONS.md compliance

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [2.40.0](https://github.com/danielvm-git/bigpowers/compare/v2.39.0...v2.40.0) (2026-06-27)
+
+
+### Features
+
+* **release-branch:** add security gate before diff review ([c861f40](https://github.com/danielvm-git/bigpowers/commit/c861f404b417d68fbc500df7b98e532c0a6d3d81))
+
 # [2.39.0](https://github.com/danielvm-git/bigpowers/compare/v2.38.0...v2.39.0) (2026-06-27)
 
 

package/SKILL-INDEX.md

@@ -3,7 +3,7 @@
 > **DO NOT EDIT** — This file is auto-generated by `scripts/generate-skill-index.sh`.
 > Edit `SKILL.md` source files or `skills-lock.json` instead. Run `bash scripts/sync-skills.sh` to regenerate.
 
-**Generated:** 2026-06-27T16:40:22Z
+**Generated:** 2026-06-27T16:41:01Z
 **Skills:** 71
 
 ---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bigpowers",
-  "version": "2.39.0",
+  "version": "2.40.0",
   "description": "70 agent skills for spec-driven, test-first software development by solo developers",
   "main": "index.js",
   "scripts": {

package/release-branch/SKILL.md

@@ -45,6 +45,13 @@ git log main...HEAD --oneline | grep -vE "^[a-f0-9]+ (feat|fix|docs|style|refact
 
 - [ ] Overall coverage ≥ 80%; business logic coverage ≥ 95%
 
+### 2a. Security gate
+
+- [ ] `specs/security/REVIEW.md` exists and is fresh (matches current branch diff)
+- [ ] No unresolved HIGH findings with confidence ≥ 8 (or all documented in `specs/security/EXCEPTIONS.md` with sign-off rationale)
+
+If REVIEW.md is missing or stale → run `security-review` inline. Findings block the merge unless documented in EXCEPTIONS.md.
+
 ### 3. Diff review
 
 - [ ] All commits intentional, no secrets, CONVENTIONS.md compliance

package/skills-lock.json

@@ -208,7 +208,7 @@
     },
     "release-branch": {
       "description": "Make the merge/PR/keep/discard decision for a feature branch, verify coverage gates, create the PR with gh, and clean up the worktree. Use when a feature is done and ready to ship, or when user says \"release\", \"merge\", or \"open a PR\".",
-      "sha256": "fd5e968246ce07bd",
+      "sha256": "0514cbd9163e4e87",
       "path": "release-branch/SKILL.md"
     },
     "request-review": {