catalyst-os 0.1.0

package/.claude/skills/catalysts/validation-orchestration/SKILL.md

@@ -0,0 +1,50 @@
+---
+name: validation-orchestration
+description: >
+  Orchestrate the validation workflow for completed implementations. TRIGGERS:
+  /validate-spec command, implementation complete, quality verification needed.
+---
+
+# Validation Orchestration
+
+Coordinate the validation workflow to ensure implementation quality.
+
+## Process
+
+1. **Verify prerequisites**
+   - All tasks marked complete
+   - Unit tests passing
+   - No blocking issues
+
+2. **Run E2E tests** (use `e2e-test-execution`)
+   - Execute full test suite
+   - Capture failures
+
+3. **Check code quality** (use `lint-checking`, `code-review`)
+   - Run linters
+   - Review patterns
+
+4. **Security scan** (use `dependency-audit`, `secret-scanning`)
+   - Audit dependencies
+   - Scan for secrets
+
+5. **Produce validation report**
+   - Compile results
+   - Create validation/sign-off.md
+
+## Failure Handling
+
+```
+If any check fails:
+1. Document in validation/
+2. Route back to build phase
+3. Re-run after fixes
+```
+
+## Output
+
+`validation/sign-off.md` with:
+- All check results
+- Overall status
+- Recommendations
+- Next steps

package/.claude/skills/guardians/browser-automation/SKILL.md

@@ -0,0 +1,58 @@
+---
+name: browser-automation
+description: >
+  Automate browser interactions for testing and validation. TRIGGERS: manual
+  testing validation, capturing screenshots, visual verification of UI.
+---
+
+# Browser Automation
+
+Automate browser interactions.
+
+## When to Use
+
+- Manual testing validation
+- Screenshot capture
+- Visual verification
+
+## Browser Tools
+
+```
+browser_navigate → Navigate to URL
+browser_snapshot → Get page structure
+browser_click → Click elements
+browser_type → Type text
+browser_take_screenshot → Capture page
+```
+
+## Testing Flow
+
+1. Navigate to page
+2. Snapshot for elements
+3. Interact (click, type)
+4. Verify state
+5. Screenshot if needed
+
+## Common Patterns
+
+### Form Fill
+```
+1. snapshot - Get form refs
+2. type - Fill fields
+3. click - Submit
+4. snapshot - Verify success
+```
+
+### Navigation Test
+```
+1. navigate - Go to page
+2. click - Click link
+3. snapshot - Verify new page
+```
+
+## Checklist
+
+- [ ] Navigation works
+- [ ] Elements interactable
+- [ ] Screenshots captured
+- [ ] Responsive tested

package/.claude/skills/guardians/code-review/SKILL.md

@@ -0,0 +1,60 @@
+---
+name: code-review
+description: >
+  Review code for quality, patterns, and best practices. TRIGGERS: after
+  implementation, before merge/commit, /validate-spec command, quality gate check.
+---
+
+# Code Review
+
+Review code for quality and patterns.
+
+## When to Use
+
+- After implementation
+- Before merge/commit
+- Quality gate check
+
+## Review Checklist
+
+### Code Quality
+- [ ] Clear naming
+- [ ] DRY compliance
+- [ ] Error handling
+- [ ] Type safety
+
+### Patterns
+- [ ] Project conventions
+- [ ] Proper abstraction
+- [ ] No circular deps
+
+### Security
+- [ ] Input validation
+- [ ] No hardcoded secrets
+
+## Feedback Format
+
+### 🔴 Critical (Must Fix)
+```markdown
+**File**: src/api/users.ts:45
+**Issue**: SQL injection vulnerability
+**Fix**: Use parameterized query
+```
+
+### 🟡 Important (Should Fix)
+```markdown
+**File**: src/services/stripe.ts:23
+**Issue**: Missing error handling
+```
+
+### 🟢 Suggestion
+```markdown
+**File**: src/utils/pricing.ts:12
+**Suggestion**: Extract constant
+```
+
+## Checklist
+
+- [ ] Critical issues found
+- [ ] Actionable feedback
+- [ ] No bikeshedding

package/.claude/skills/guardians/dependency-audit/SKILL.md

@@ -0,0 +1,63 @@
+---
+name: dependency-audit
+description: >
+  Audit dependencies for security vulnerabilities and license compliance.
+  TRIGGERS: security checks, before deployment, /validate-spec command, regular maintenance.
+---
+
+# Dependency Audit
+
+Audit dependencies for security.
+
+## When to Use
+
+- Security checks
+- Before deployment
+- Regular maintenance
+
+## Audit Commands
+
+```bash
+# npm
+npm audit
+npm audit fix
+
+# pip
+pip-audit
+safety check
+
+# snyk
+snyk test
+```
+
+## Severity Response
+
+| Level | Action |
+|-------|--------|
+| Critical | Fix immediately |
+| High | Fix within 24h |
+| Medium | Fix within week |
+| Low | Fix when convenient |
+
+## Output Format
+
+```markdown
+## Dependency Audit Report
+
+### Vulnerabilities Found
+
+#### 🔴 Critical (1)
+**Package**: lodash@4.17.20
+**Issue**: Prototype pollution
+**Fix**: `npm update lodash`
+
+### License Summary
+- MIT: 180 packages
+- Apache-2.0: 42 packages
+```
+
+## Checklist
+
+- [ ] No critical vulnerabilities
+- [ ] No high vulnerabilities
+- [ ] Licenses compatible

package/.claude/skills/guardians/e2e-test-execution/SKILL.md

@@ -0,0 +1,52 @@
+---
+name: e2e-test-execution
+description: >
+  Execute end-to-end tests using browser automation. TRIGGERS: validating
+  complete user flows, running Playwright/Cypress tests, /validate-spec command.
+---
+
+# E2E Test Execution
+
+Run end-to-end browser tests.
+
+## When to Use
+
+- Validating user flows
+- Testing integrations
+- Pre-deployment checks
+
+## Playwright Example
+
+```typescript
+test('user can subscribe', async ({ page }) => {
+  await page.goto('/pricing')
+  await page.click('[data-testid="plan-pro"]')
+  await page.fill('[data-testid="card-number"]', '4242...')
+  await page.click('[data-testid="submit"]')
+  
+  await expect(page.locator('[data-testid="success"]'))
+    .toBeVisible()
+})
+```
+
+## Running Tests
+
+```bash
+npx playwright test
+npx playwright test --headed
+npx playwright test subscription.spec.ts
+```
+
+## Best Practices
+
+- Use data-testid for selectors
+- Wait properly (no arbitrary sleeps)
+- Screenshot on failure
+- Clean state between tests
+
+## Checklist
+
+- [ ] Happy paths tested
+- [ ] Error scenarios covered
+- [ ] Screenshots on failure
+- [ ] Reasonable timeouts

package/.claude/skills/guardians/lint-checking/SKILL.md

@@ -0,0 +1,46 @@
+---
+name: lint-checking
+description: >
+  Run linters and formatters to ensure code quality. TRIGGERS: pre-commit
+  checks, code style validation, /validate-spec command, quality gates.
+---
+
+# Lint Checking
+
+Run linters and formatters.
+
+## When to Use
+
+- Pre-commit checks
+- Code style validation
+- Quality gates
+
+## Common Commands
+
+```bash
+# JavaScript/TypeScript
+npx eslint . --ext .js,.jsx,.ts,.tsx
+npx eslint . --fix
+npx prettier --check .
+npx prettier --write .
+
+# Python
+ruff check .
+ruff check . --fix
+black --check .
+```
+
+## Fix Process
+
+1. Run linter
+2. Review errors
+3. Auto-fix where possible
+4. Manual fix remaining
+5. Verify clean
+
+## Checklist
+
+- [ ] Linter passes
+- [ ] Formatter passes
+- [ ] No warnings
+- [ ] Pre-commit works

package/.claude/skills/guardians/secret-scanning/SKILL.md

@@ -0,0 +1,69 @@
+---
+name: secret-scanning
+description: >
+  Scan code for exposed secrets and credentials. TRIGGERS: pre-commit checks,
+  PR reviews, /validate-spec command, security audits.
+---
+
+# Secret Scanning
+
+Scan for exposed secrets.
+
+## When to Use
+
+- Pre-commit checks
+- PR reviews
+- Security audits
+
+## Scanning Tools
+
+```bash
+# gitleaks
+gitleaks detect
+
+# truffleHog
+trufflehog git file://.
+
+# detect-secrets
+detect-secrets scan
+```
+
+## Common Patterns
+
+```regex
+# AWS Access Key
+AKIA[0-9A-Z]{16}
+
+# GitHub Token
+ghp_[A-Za-z0-9]{36}
+
+# Generic API Key
+[Aa]pi[_-]?[Kk]ey.*['"][A-Za-z0-9]{20,}['"]
+```
+
+## Response Process
+
+If secret found:
+1. Revoke immediately
+2. Remove from code
+3. Use environment variables
+4. Audit access
+
+## Output Format
+
+```markdown
+## Secret Scan Report
+
+### Findings
+
+#### 🔴 Critical
+**File**: src/config/stripe.ts:15
+**Type**: Stripe API Key
+**Action**: Revoke and rotate
+```
+
+## Checklist
+
+- [ ] No secrets in code
+- [ ] .gitignore updated
+- [ ] Pre-commit hook active

package/.claude/skills/guardians/test-fixture-creation/SKILL.md

@@ -0,0 +1,54 @@
+---
+name: test-fixture-creation
+description: >
+  Create test fixtures, mocks, and test data. TRIGGERS: setting up test
+  environments, creating reusable test data, building mock services.
+---
+
+# Test Fixture Creation
+
+Create test fixtures and mock data.
+
+## When to Use
+
+- Setting up test environments
+- Creating reusable test data
+- Building mock services
+
+## Factory Pattern
+
+```typescript
+export function createUser(overrides: Partial<User> = {}): User {
+  return {
+    id: faker.string.uuid(),
+    email: faker.internet.email(),
+    name: faker.person.fullName(),
+    ...overrides,
+  }
+}
+
+// Usage
+const user = createUser({ email: 'test@example.com' })
+```
+
+## Mock Services
+
+```typescript
+export const mockStripeService = {
+  createSubscription: vi.fn().mockResolvedValue({
+    id: 'sub_123',
+    status: 'active',
+  }),
+  
+  reset() {
+    this.createSubscription.mockClear()
+  },
+}
+```
+
+## Checklist
+
+- [ ] Factories for entities
+- [ ] Realistic fake data
+- [ ] Service mocks
+- [ ] Proper cleanup

package/.claude/skills/guardians/unit-test-writing/SKILL.md

@@ -0,0 +1,57 @@
+---
+name: unit-test-writing
+description: >
+  Write unit tests following TDD principles. TRIGGERS: before any implementation,
+  TDD red phase, adding test coverage. Tests MUST be written BEFORE code.
+---
+
+# Unit Test Writing
+
+Write unit tests following TDD.
+
+## When to Use
+
+- Before implementing features (TDD)
+- Adding coverage to existing code
+
+## TDD Process
+
+```
+1. Write test → ❌ FAIL (Red)
+2. Write minimal code → ✅ PASS (Green)
+3. Refactor → ✅ PASS
+```
+
+## Test Pattern
+
+```typescript
+describe('createSubscription', () => {
+  it('should create with valid plan', async () => {
+    const result = await createSubscription({
+      userId: 'user-1',
+      planId: 'plan-pro',
+    })
+    expect(result.status).toBe('active')
+  })
+  
+  it('should throw on invalid plan', async () => {
+    await expect(
+      createSubscription({ userId: 'user-1', planId: 'invalid' })
+    ).rejects.toThrow('Invalid plan')
+  })
+})
+```
+
+## What to Test
+
+- Happy path
+- Error cases
+- Edge cases
+- Boundary values
+
+## Checklist
+
+- [ ] Tests written BEFORE code
+- [ ] Descriptive test names
+- [ ] One assertion per test
+- [ ] Edge cases covered

package/.claude/skills/seekers/codebase-analysis/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: codebase-analysis
+description: >
+  Analyze existing codebase for patterns, conventions, and integration points.
+  TRIGGERS: new feature implementation, understanding existing code, finding patterns,
+  identifying where new code should connect.
+---
+
+# Codebase Analysis
+
+Analyze existing code to inform new development.
+
+## When to Use
+
+- Before implementing new features
+- Finding existing patterns
+- Identifying integration points
+
+## Process
+
+1. **Scan project structure**
+   - Directory organization
+   - File naming conventions
+   - Module boundaries
+
+2. **Identify patterns**
+   - Component patterns
+   - API patterns
+   - Data patterns
+   - Testing patterns
+
+3. **Find integration points**
+   - Related features
+   - Shared utilities
+   - Database connections
+
+4. **Check for conflicts**
+   - Naming collisions
+   - Route conflicts
+
+## Analysis Checklist
+
+- [ ] Framework and version
+- [ ] State management
+- [ ] Routing strategy
+- [ ] API patterns
+- [ ] Naming conventions
+- [ ] Test structure
+
+## Output Format
+
+```markdown
+## Codebase Analysis: {Feature}
+
+### Project Structure
+- Framework: [e.g., Next.js 14]
+
+### Relevant Patterns
+- Components: [pattern]
+- API: [pattern]
+
+### Integration Points
+- [Where this connects]
+
+### Recommendations
+- Follow existing pattern for [X]
+```

package/.claude/skills/seekers/context7-lookup/SKILL.md

@@ -0,0 +1,59 @@
+---
+name: context7-lookup
+description: >
+  Query Context7 for up-to-date library documentation and API references.
+  TRIGGERS: implementing features with external libraries, looking up API docs,
+  finding usage examples for packages.
+---
+
+# Context7 Lookup
+
+Query library documentation through Context7 MCP.
+
+## When to Use
+
+- Looking up API documentation
+- Finding usage examples
+- Checking function signatures
+
+## Process
+
+1. **Resolve library ID**
+   ```
+   Use mcp_context7_resolve-library-id
+   - Input: library name
+   - Output: Context7-compatible ID
+   ```
+
+2. **Fetch documentation**
+   ```
+   Use mcp_context7_get-library-docs
+   - context7CompatibleLibraryID: from step 1
+   - topic: specific topic
+   - mode: "code" or "info"
+   ```
+
+3. **Extract relevant info**
+   - API signatures
+   - Code examples
+   - Best practices
+
+## Modes
+
+- `code` - API references, code examples
+- `info` - Conceptual guides, architecture
+
+## Output Format
+
+```markdown
+## Library: {package}
+
+### API Reference
+- `function(params)` - Description
+
+### Code Examples
+[snippets]
+
+### Best Practices
+- [practice]
+```