cc-workspace 4.7.1 → 5.2.2

package/global-skills/hooks/test_hooks.sh

@@ -0,0 +1,242 @@
+#!/usr/bin/env bash
+# test_hooks.sh — Unit tests for cc-workspace hooks
+# Run from the hooks directory: cd global-skills/hooks && bash test_hooks.sh
+# Requirements: jq, bash 4+
+set -euo pipefail
+
+HOOKS_DIR="$(cd "$(dirname "$0")" && pwd)"
+PASS=0
+FAIL=0
+TOTAL=0
+
+# ─── Helpers ────────────────────────────────────────────────
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+DIM='\033[2m'
+RESET='\033[0m'
+
+assert_contains() {
+    local label="$1" output="$2" expected="$3"
+    TOTAL=$((TOTAL + 1))
+    if echo "$output" | grep -qF "$expected"; then
+        PASS=$((PASS + 1))
+        printf "  ${GREEN}✓${RESET} %s\n" "$label"
+    else
+        FAIL=$((FAIL + 1))
+        printf "  ${RED}✗${RESET} %s\n" "$label"
+        printf "    ${DIM}expected to contain: %s${RESET}\n" "$expected"
+        printf "    ${DIM}got: %s${RESET}\n" "$output"
+    fi
+}
+
+assert_empty() {
+    local label="$1" output="$2"
+    TOTAL=$((TOTAL + 1))
+    if [ -z "$output" ]; then
+        PASS=$((PASS + 1))
+        printf "  ${GREEN}✓${RESET} %s\n" "$label"
+    else
+        FAIL=$((FAIL + 1))
+        printf "  ${RED}✗${RESET} %s\n" "$label"
+        printf "    ${DIM}expected empty, got: %s${RESET}\n" "$output"
+    fi
+}
+
+assert_exit_code() {
+    local label="$1" actual="$2" expected="$3"
+    TOTAL=$((TOTAL + 1))
+    if [ "$actual" -eq "$expected" ]; then
+        PASS=$((PASS + 1))
+        printf "  ${GREEN}✓${RESET} %s\n" "$label"
+    else
+        FAIL=$((FAIL + 1))
+        printf "  ${RED}✗${RESET} %s\n" "$label"
+        printf "    ${DIM}expected exit %s, got %s${RESET}\n" "$expected" "$actual"
+    fi
+}
+
+run_hook() {
+    local hook="$1" input="$2"
+    echo "$input" | bash "$HOOKS_DIR/$hook" 2>/dev/null || true
+}
+
+run_hook_exit() {
+    local hook="$1" input="$2"
+    echo "$input" | bash "$HOOKS_DIR/$hook" 2>/dev/null
+    echo $?
+}
+
+# ─── permission-auto-approve.sh ─────────────────────────────
+echo ""
+echo "▸ permission-auto-approve.sh"
+
+# Should auto-approve Read tool
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Read"}')
+assert_contains "approves Read tool" "$OUT" '"behavior":"allow"'
+
+# Should auto-approve Glob tool
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Glob"}')
+assert_contains "approves Glob tool" "$OUT" '"behavior":"allow"'
+
+# Should auto-approve Grep tool
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Grep"}')
+assert_contains "approves Grep tool" "$OUT" '"behavior":"allow"'
+
+# Should NOT auto-approve Write tool
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Write"}')
+assert_empty "does not approve Write tool" "$OUT"
+
+# Should approve simple git log
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git log --oneline -5"}}')
+assert_contains "approves git log" "$OUT" '"behavior":"allow"'
+
+# Should approve git --no-pager log (hardened regex)
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git --no-pager log --oneline -5"}}')
+assert_contains "approves git --no-pager log" "$OUT" '"behavior":"allow"'
+
+# Should approve git -C path status
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git -C ../api status --short"}}')
+assert_contains "approves git -C status" "$OUT" '"behavior":"allow"'
+
+# Should approve git branch session/xxx
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git branch session/feature-auth preprod"}}')
+assert_contains "approves git branch session/" "$OUT" '"behavior":"allow"'
+
+# Should approve git -C ../repo branch session/xxx
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git -C ../api branch session/feature-auth preprod"}}')
+assert_contains "approves git -C branch session/" "$OUT" '"behavior":"allow"'
+
+# Should approve git worktree add in /tmp/
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git worktree add /tmp/api-feature-auth session/feature-auth"}}')
+assert_contains "approves git worktree add /tmp/" "$OUT" '"behavior":"allow"'
+
+# Should approve test commands in /tmp/ worktrees
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"cd /tmp/api-feature-auth && npm run typecheck"}}')
+assert_contains "approves npm typecheck in /tmp/" "$OUT" '"behavior":"allow"'
+
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"cd /tmp/api-feature-auth && php artisan test --filter=UserTest"}}')
+assert_contains "approves php artisan test in /tmp/" "$OUT" '"behavior":"allow"'
+
+# Should NOT approve rm -rf
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"rm -rf /"}}')
+assert_empty "does not approve rm -rf" "$OUT"
+
+# Should NOT approve git checkout (not a safe read op)
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git checkout main"}}')
+assert_empty "does not approve git checkout" "$OUT"
+
+# Should approve git diff in /tmp/ worktrees
+OUT=$(run_hook "permission-auto-approve.sh" '{"tool_name":"Bash","tool_input":{"command":"git -C /tmp/api-feature-auth diff HEAD~1 HEAD"}}')
+assert_contains "approves git diff in /tmp/" "$OUT" '"behavior":"allow"'
+
+
+# ─── validate-spawn-prompt.sh ────────────────────────────────
+echo ""
+echo "▸ validate-spawn-prompt.sh"
+
+# Complete prompt should have no warnings
+GOOD_PROMPT='{"tool_input":{"prompt":"## Constitution\n1. **Multi-tenancy** is sacred.\n2. **No hardcoded secrets.**\n\n## Your complete plan — all 3 commit units\n### Commit 1: Data layer\nCreate models\n\n## Your workspace\n- Worktree (ready, go directly here): /tmp/svc-feature-auth\n- Session branch: session/feature-auth\n\n## Signal protocol (MANDATORY)\nAfter EACH commit: SendMessage commit N done. Then WAIT for my green light.\n\nRead the repo CLAUDE.md first.\nIf you hit an architectural decision not in the plan: SendMessage immediately and wait."}}'
+OUT=$(run_hook "validate-spawn-prompt.sh" "$GOOD_PROMPT")
+assert_empty "complete prompt (non-API/non-frontend) — no warnings" "$OUT"
+
+# Missing constitution should warn
+NO_CONST='{"tool_input":{"prompt":"## Your plan\n### Commit 1: stuff\nworktree_path: /tmp/api-x\nSendMessage after each commit and wait for green light."}}'
+OUT=$(run_hook "validate-spawn-prompt.sh" "$NO_CONST")
+assert_contains "warns on missing constitution" "$OUT" "project-specific rules"
+
+# Missing plan should warn
+NO_PLAN='{"tool_input":{"prompt":"## Constitution\n1. **Rule one.**\nworktree_path: /tmp/api-x\nSendMessage after each commit."}}'
+OUT=$(run_hook "validate-spawn-prompt.sh" "$NO_PLAN")
+assert_contains "warns on missing plan/tasks" "$OUT" "plan/tasks"
+
+# Missing worktree path should warn
+NO_WT='{"tool_input":{"prompt":"## Constitution\n1. **Rule one.**\n## Your plan\n### Commit 1: stuff\nSendMessage after each commit."}}'
+OUT=$(run_hook "validate-spawn-prompt.sh" "$NO_WT")
+assert_contains "warns on missing worktree_path" "$OUT" "worktree_path"
+
+# Missing signal protocol should warn
+NO_SIGNAL='{"tool_input":{"prompt":"## Constitution\n1. **Rule one.**\n## Your plan\n### Commit 1: stuff\nWorktree ready: /tmp/api-x"}}'
+OUT=$(run_hook "validate-spawn-prompt.sh" "$NO_SIGNAL")
+assert_contains "warns on missing signal protocol" "$OUT" "signal protocol"
+
+# Frontend without UX standards should warn
+FRONT_NO_UX='{"tool_input":{"prompt":"## Constitution\n1. **Rule one.**\nfrontend Vue component\n## Your plan\n### Commit 1: UI\n/tmp/front-x\nSendMessage commit N done. WAIT for green light."}}'
+OUT=$(run_hook "validate-spawn-prompt.sh" "$FRONT_NO_UX")
+assert_contains "warns frontend without UX standards" "$OUT" "UX standards"
+
+# Empty prompt should produce no output (no crash)
+OUT=$(run_hook "validate-spawn-prompt.sh" '{"tool_input":{"prompt":""}}')
+assert_empty "empty prompt — no crash, no output" "$OUT"
+
+# No prompt field should produce no output
+OUT=$(run_hook "validate-spawn-prompt.sh" '{"tool_input":{}}')
+assert_empty "missing prompt field — no crash" "$OUT"
+
+
+# ─── session-start-context.sh ────────────────────────────────
+echo ""
+echo "▸ session-start-context.sh"
+
+# Note: session-start-context.sh has a glob pattern (for wt in /tmp/*-session-*)
+# that can fail on systems with no matching files unless nullglob is set.
+# We test the parts we can control without needing the orphan cleanup loop.
+
+# Setup temp workspace for session-start-context tests
+TEMP_WS=$(mktemp -d)
+mkdir -p "$TEMP_WS/.sessions" "$TEMP_WS/plans"
+
+# Create a dummy /tmp/*-session-* dir to prevent glob failure
+DUMMY_WT=$(mktemp -d /tmp/test-session-XXXXXX)
+
+# With no workspace.md, should warn
+OUT=$(CLAUDE_PROJECT_DIR="$TEMP_WS" run_hook "session-start-context.sh" '{}')
+assert_contains "warns on missing workspace.md" "$OUT" "No workspace.md"
+
+# Create a configured workspace.md
+echo "# Workspace: Test" > "$TEMP_WS/workspace.md"
+OUT=$(CLAUDE_PROJECT_DIR="$TEMP_WS" run_hook "session-start-context.sh" '{}')
+# Should be empty or just orphan cleanup (our dummy dir)
+TOTAL=$((TOTAL + 1))
+if echo "$OUT" | grep -qE "(WARNING|FIRST SESSION|Active plans)"; then
+    FAIL=$((FAIL + 1))
+    printf "  ${RED}✗${RESET} configured workspace — unexpected warnings\n"
+    printf "    ${DIM}got: %s${RESET}\n" "$OUT"
+else
+    PASS=$((PASS + 1))
+    printf "  ${GREEN}✓${RESET} configured workspace — no unexpected warnings\n"
+fi
+
+# Create an unconfigured workspace.md
+echo "[UNCONFIGURED]" > "$TEMP_WS/workspace.md"
+OUT=$(CLAUDE_PROJECT_DIR="$TEMP_WS" run_hook "session-start-context.sh" '{}')
+assert_contains "detects UNCONFIGURED workspace" "$OUT" "FIRST SESSION"
+
+# Create an active session and restore configured workspace
+echo "# Workspace: Test" > "$TEMP_WS/workspace.md"
+cat > "$TEMP_WS/.sessions/test.json" << 'SESS'
+{
+  "name": "test-session",
+  "status": "active",
+  "repos": {
+    "api": { "worktree_path": "/tmp/nonexistent-test-wt-12345" }
+  }
+}
+SESS
+OUT=$(CLAUDE_PROJECT_DIR="$TEMP_WS" run_hook "session-start-context.sh" '{}')
+assert_contains "shows active sessions" "$OUT" "test-session"
+
+# Cleanup
+rm -rf "$TEMP_WS" "$DUMMY_WT"
+
+
+# ─── Summary ────────────────────────────────────────────────
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+if [ "$FAIL" -eq 0 ]; then
+    printf "${GREEN}All %d tests passed ✓${RESET}\n" "$TOTAL"
+else
+    printf "${RED}%d/%d tests failed${RESET}\n" "$FAIL" "$TOTAL"
+fi
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+exit "$FAIL"

package/global-skills/hooks/user-prompt-guard.sh

@@ -1,19 +1,19 @@
 #!/usr/bin/env bash
 # user-prompt-guard.sh
 # UserPromptSubmit hook: conditionally reminds the orchestrator of its role.
-# Only injects the reminder when the user prompt contains patterns suggesting
-# a direct code request. This saves tokens on routine messages.
+# v5.0: Updated to reflect that Opus can run git/bash on repos for orchestration
+#       purposes (branch creation, worktree management, micro-QA), but not code changes.
 # Non-blocking (exit 0 + stdout = context injection).
 set -euo pipefail
 
 INPUT=$(cat)
 
-# Extract the user prompt text from stdin JSON
+# Extract the user prompt text
 PROMPT=$(echo "$INPUT" | jq -r '.prompt // empty' 2>/dev/null) || true
 
-# Only inject reminder if user prompt matches code-request patterns
-if echo "$PROMPT" | grep -qiE '(dans le repo|dans [a-z-]+/|modifie.*repo|édite.*(api|front|light|spring|scraper|krakend|dashboard)|patch.*service)' 2>/dev/null; then
-    echo "Role reminder: Writing in sibling repos is for teammates. You can write in orchestrator/ (plans, workspace.md, constitution.md). For repo changes, spawn a teammate."
+# Only inject reminder if user prompt matches direct code-writing patterns
+if echo "$PROMPT" | grep -qiE '(modifie.*fichier|édite.*(api|front|light|spring|scraper|krakend|dashboard)|patch.*service|écris.*dans.*repo|write.*in.*repo|code.*dans.*repo)' 2>/dev/null; then
+    echo "Role reminder: Writing application code in sibling repos is for teammates. You can write in orchestrator/ (plans, workspace.md, constitution.md) and run git commands (branch, worktree, log) and test commands in /tmp/ worktrees for micro-QA. For repo application code changes: spawn a teammate."
 fi
 
 exit 0

package/global-skills/hooks/validate-spawn-prompt.sh

@@ -2,7 +2,8 @@
 # validate-spawn-prompt.sh
 # PreToolUse hook (matcher: Teammate): validates that teammate spawn prompts
 # contain the required context before allowing the spawn.
-# v4.0: ALL checks are non-blocking warnings (exit 0 + stdout).
+# v5.0: Updated for one-teammate-per-repo model with worktree_path and signal protocol.
+# ALL checks are non-blocking warnings (exit 0 + stdout).
 set -euo pipefail
 
 INPUT=$(cat)
@@ -17,65 +18,74 @@ fi
 WARNINGS=""
 BLOCKERS=""
 
-# Check 1: Project-specific rules — require numbered rules (13., 14., etc.)
-# or explicit section header, not just mention of the word "rules"
+# Check 1: Project-specific rules / constitution
+# Uses multiple heuristics: section headers, numbered rules (3+), keyword density
 RULES_FOUND=0
-if echo "$PROMPT" | grep -qiE '(## project rules|## non-negotiable|project-specific rules|rules spécifiques)' 2>/dev/null; then
+# Heuristic A: explicit section headers
+if echo "$PROMPT" | grep -qiE '(## (project )?rules|## non-negotiable|## constitution|project-specific rules|rules spécifiques|## engineering principles)' 2>/dev/null; then
     RULES_FOUND=1
 fi
-if echo "$PROMPT" | grep -qE '(1[3-9]\.|[2-9][0-9]\.).*\*\*' 2>/dev/null; then
+# Heuristic B: numbered bold rules (at least 3 = likely a constitution)
+NUMBERED_RULES=$(echo "$PROMPT" | grep -cE '^[0-9]+\.\s+\*\*' 2>/dev/null || echo "0")
+if [ "$NUMBERED_RULES" -ge 3 ]; then
     RULES_FOUND=1
 fi
-if echo "$PROMPT" | grep -qiE '(constitution|project rules)' 2>/dev/null && echo "$PROMPT" | grep -cqiE '(tenant|scoping|precision|rollback|feature flag)' 2>/dev/null; then
-    RULES_FOUND=1
+# Heuristic C: constitution keyword + domain-specific terms (2+ matches)
+if echo "$PROMPT" | grep -qiE '(constitution|project rules|non-negotiable)' 2>/dev/null; then
+    DOMAIN_HITS=$(echo "$PROMPT" | grep -ciE '(tenant|scoping|precision|rollback|feature flag|naming convention|error handling|code review|test coverage|migration|security|auth|validation)' 2>/dev/null || echo "0")
+    if [ "$DOMAIN_HITS" -ge 2 ]; then
+        RULES_FOUND=1
+    fi
 fi
 if [ "$RULES_FOUND" -eq 0 ]; then
-    BLOCKERS+="- Missing project-specific rules in spawn prompt. Include the project constitution rules (numbered rules from workspace constitution.md, translated to English).\n"
+    BLOCKERS+="- Missing project-specific rules in spawn prompt. Include ALL rules from constitution.md (numbered, in English).\n"
 fi
 
-# Check 2: Tasks section must be present with actual task content
-if ! echo "$PROMPT" | grep -qiE '(your tasks|## tasks|assigned tasks|tâches|### tasks)' 2>/dev/null; then
-    BLOCKERS+="- Missing tasks section in spawn prompt. Include the specific tasks from the plan.\n"
+# Check 2: Tasks / plan section must be present
+if ! echo "$PROMPT" | grep -qiE '(your (complete )?plan|## (commit|tasks|plan)|commit [0-9]+:|all [0-9]+ commit)' 2>/dev/null; then
+    BLOCKERS+="- Missing plan/tasks section in spawn prompt. Include the complete repo plan with all commit units.\n"
 fi
 
-# Check 3: CLAUDE.md instruction
+# Check 3: Worktree path (v5 — teammates receive a ready worktree)
+if ! echo "$PROMPT" | grep -qiE '(worktree.path|worktree.ready|go directly|/tmp/[a-z])' 2>/dev/null; then
+    BLOCKERS+="- Missing worktree_path in spawn prompt. Teammate needs the /tmp/ path prepared by Opus.\n"
+fi
+
+# Check 4: Signal protocol instruction
+if ! echo "$PROMPT" | grep -qiE '(SendMessage|signal protocol|commit N done|green light|wait for)' 2>/dev/null; then
+    BLOCKERS+="- Missing signal protocol instruction. Teammate must know to SendMessage after each commit and wait for green light.\n"
+fi
+
+# Check 5: CLAUDE.md instruction
 if ! echo "$PROMPT" | grep -qiE '(CLAUDE\.md|read the repo|repo conventions|read.*conventions)' 2>/dev/null; then
     WARNINGS+="- Missing instruction to read repo CLAUDE.md.\n"
 fi
 
-# Check 4: Frontend teammates need UX standards — check for actual UX content
-if echo "$PROMPT" | grep -qiE '(front|frontend|vue|quasar|nuxt|react|ui|ux)' 2>/dev/null; then
+# Check 6: Frontend teammates need UX standards
+if echo "$PROMPT" | grep -qiE '(front|frontend|vue|quasar|nuxt|react|ui component)' 2>/dev/null; then
     UX_SIGNALS=0
     echo "$PROMPT" | grep -qiE '(4 (mandatory )?states|skeleton|empty state)' 2>/dev/null && UX_SIGNALS=$((UX_SIGNALS + 1))
     echo "$PROMPT" | grep -qiE '(responsive|mobile.first)' 2>/dev/null && UX_SIGNALS=$((UX_SIGNALS + 1))
     echo "$PROMPT" | grep -qiE '(accessib|aria.label|wcag)' 2>/dev/null && UX_SIGNALS=$((UX_SIGNALS + 1))
     echo "$PROMPT" | grep -qiE '(ux standard|error.state|loading.state)' 2>/dev/null && UX_SIGNALS=$((UX_SIGNALS + 1))
     if [ "$UX_SIGNALS" -lt 2 ]; then
-        BLOCKERS+="- Frontend teammate detected but UX standards not sufficiently included (found $UX_SIGNALS/4 UX signals). Inject frontend-ux-standards content.\n"
+        BLOCKERS+="- Frontend teammate detected but UX standards not included (found $UX_SIGNALS/4 signals). Inject frontend-ux-standards.md content.\n"
     fi
 fi
 
-# Check 5: API teammates need contract shapes
-if echo "$PROMPT" | grep -qiE '(api|backend|endpoint|rest|graphql)' 2>/dev/null; then
-    if ! echo "$PROMPT" | grep -qiE '(contract|response shape|request shape|interface|payload|schema|GET /|POST /|PUT /|DELETE /)' 2>/dev/null; then
+# Check 7: API teammates need contract shapes
+if echo "$PROMPT" | grep -qiE '(api|backend|endpoint|rest)' 2>/dev/null; then
+    if ! echo "$PROMPT" | grep -qiE '(contract|response shape|request shape|interface|payload|GET /|POST /|PUT /|DELETE /)' 2>/dev/null; then
         WARNINGS+="- API teammate detected but no contract/shapes found in prompt. Consider including the API contract.\n"
     fi
 fi
 
-# Check 6: Escalation instruction
-if ! echo "$PROMPT" | grep -qiE '(escalat|STOP and report|STOP and escalate|report.*dilemma|architectural decision)' 2>/dev/null; then
-    WARNINGS+="- Missing escalation instruction. Include: 'If you hit an architectural decision NOT covered by the plan: STOP and escalate.'\n"
-fi
-
-# Check 7: Session branch instruction (if sessions exist)
-SESSIONS_DIR="${CLAUDE_PROJECT_DIR:-.}/.sessions"
-if [ -d "$SESSIONS_DIR" ] && ls "$SESSIONS_DIR"/*.json >/dev/null 2>&1; then
-    if ! echo "$PROMPT" | grep -qiE '(session/|session branch|ALREADY EXISTS.*branch)' 2>/dev/null; then
-        WARNINGS+="- Active sessions exist but no session branch found in spawn prompt. Include the session branch instruction.\n"
-    fi
+# Check 8: Escalation instruction
+if ! echo "$PROMPT" | grep -qiE '(escalat|STOP|SendMessage.*blocker|architectural decision)' 2>/dev/null; then
+    WARNINGS+="- Missing escalation instruction. Include: 'If you hit an architectural decision not in the plan: SendMessage immediately and wait.'\n"
 fi
 
-# Report — ALL checks are warnings only (v4.0)
+# Report — ALL checks are warnings only (v5.0)
 ISSUES=""
 [ -n "$BLOCKERS" ] && ISSUES+="$BLOCKERS"
 [ -n "$WARNINGS" ] && ISSUES+="$WARNINGS"

package/global-skills/incident-debug/SKILL.md

@@ -1,5 +1,6 @@
 ---
 name: incident-debug
+prompt_version: 5.2.1
 description: >
   Debug incidents across a multi-service stack. Spawns parallel
   investigators per layer. Use when user reports a bug, says "erreur",

package/global-skills/merge-prep/SKILL.md

@@ -1,5 +1,6 @@
 ---
 name: merge-prep
+prompt_version: 5.2.1
 description: >
   Prepare branches for merge after QA passes. Checks for conflicts between
   teammate branches, generates PR summaries, lists review points.

package/global-skills/metrics/SKILL.md

@@ -0,0 +1,139 @@
+---
+name: metrics
+prompt_version: 5.2.1
+description: >
+  Quantitative analysis of orchestrator performance. Parses session logs,
+  completed plans, and QA reports to produce KPIs: re-dispatch rate,
+  micro-QA first-pass rate, commits per session, QA findings distribution,
+  escalation rate, and phase timing estimates.
+  Use: /metrics, /metrics last-5, /metrics session-name.
+  Helps justify model routing decisions and prompt improvements.
+argument-hint: "[all | last-N | session-name]"
+context: fork
+allowed-tools: Bash, Read, Glob, Grep
+---
+
+# Metrics — Orchestrator Performance Dashboard
+
+You analyze completed sessions and plans to produce quantitative KPIs.
+You do NOT modify any files — read-only analysis.
+
+## Data sources
+
+1. `./plans/*.md` — completed plans with progress trackers, QA reports, session logs
+2. `./.sessions/*.json` — session metadata with commit tracking
+3. `./plans/retro-*.md` — retrospectives with finding summaries
+
+## Scope detection
+
+| Argument | Behavior |
+|----------|----------|
+| `all` or no argument | Analyze all completed plans |
+| `last-N` (e.g., last-5) | Analyze the N most recent completed plans |
+| `{session-name}` | Analyze one specific session/plan |
+
+## Metrics to extract
+
+### Per-session metrics
+
+For each completed plan, extract:
+
+```bash
+PLAN="./plans/{name}.md"
+
+# 1. Commit metrics
+TOTAL_COMMITS=$(grep -c '✅\|❌' "$PLAN" 2>/dev/null || echo 0)
+SUCCESSFUL_COMMITS=$(grep -c '✅' "$PLAN" 2>/dev/null || echo 0)
+FAILED_COMMITS=$(grep -c '❌' "$PLAN" 2>/dev/null || echo 0)
+ESCALATED=$(grep -c 'ESCALATED' "$PLAN" 2>/dev/null || echo 0)
+
+# 2. Re-dispatch metrics (from session log entries)
+REDISPATCHES=$(grep -c 're-dispatch\|retry\|fix instruction' "$PLAN" 2>/dev/null || echo 0)
+
+# 3. QA findings (from QA Report section)
+BUGS=$(grep -c '🔴' "$PLAN" 2>/dev/null || echo 0)
+SMELLS=$(grep -c '🟡' "$PLAN" 2>/dev/null || echo 0)
+DEAD_CODE=$(grep -c '🟠' "$PLAN" 2>/dev/null || echo 0)
+MISSING_TESTS=$(grep -c '🔵' "$PLAN" 2>/dev/null || echo 0)
+UX_VIOLATIONS=$(grep -c '🟣' "$PLAN" 2>/dev/null || echo 0)
+NITPICKS=$(grep -c '⚪' "$PLAN" 2>/dev/null || echo 0)
+
+# 4. Cross-service check results
+CROSS_PASS=$(grep -c '✅' "$PLAN" 2>/dev/null || echo 0)  # within cross-service section
+CROSS_FAIL=$(grep -c '❌' "$PLAN" 2>/dev/null || echo 0)  # within cross-service section
+
+# 5. Services impacted
+REPOS_COUNT=$(jq '.repos | length' "./.sessions/{name}.json" 2>/dev/null || echo "?")
+
+# 6. Waves used
+WAVES=$(grep -c 'Wave [0-9]' "$PLAN" 2>/dev/null || echo 1)
+```
+
+### Aggregate KPIs (across all analyzed sessions)
+
+Calculate and present:
+
+| KPI | Formula | Target |
+|-----|---------|--------|
+| **Micro-QA first-pass rate** | successful_commits / total_commits × 100 | > 80% |
+| **Re-dispatch rate** | re-dispatches / total_commits × 100 | < 15% |
+| **Escalation rate** | escalations / total_commits × 100 | < 5% |
+| **QA bug density** | 🔴 findings / total_commits | < 0.3 |
+| **UX violation rate** | 🟣 findings / frontend_commits × 100 | < 10% |
+| **Dead code per session** | avg 🟠 findings per session | trending ↓ |
+| **Cross-service consistency** | cross_pass / (cross_pass + cross_fail) × 100 | > 90% |
+
+### Trend analysis (if multiple sessions)
+
+If analyzing 3+ sessions, show trends:
+- Are QA findings decreasing over time? (retrospective loop working?)
+- Are re-dispatches decreasing? (plan quality improving?)
+- Are UX violations decreasing? (UX standards being learned?)
+
+## Output format
+
+```markdown
+## Metrics Report — [DATE]
+
+### Scope: [all / last-N / session-name]
+Sessions analyzed: N | Plans: N | Total commits: N
+
+### KPI Dashboard
+
+| KPI | Value | Target | Status |
+|-----|-------|--------|--------|
+| Micro-QA first-pass | 85% | >80% | ✅ |
+| Re-dispatch rate | 12% | <15% | ✅ |
+| Escalation rate | 3% | <5% | ✅ |
+| QA bug density | 0.4 | <0.3 | ⚠️ |
+| UX violation rate | 8% | <10% | ✅ |
+| Cross-service consistency | 95% | >90% | ✅ |
+
+### QA Findings Distribution
+
+| Category | Count | % | Trend |
+|----------|-------|---|-------|
+| 🔴 Bugs | N | N% | ↑↓→ |
+| 🟡 Smells | N | N% | ↑↓→ |
+| 🟠 Dead code | N | N% | ↑↓→ |
+| 🔵 Missing tests | N | N% | ↑↓→ |
+| 🟣 UX violations | N | N% | ↑↓→ |
+| ⚪ Nitpicks | N | N% | ↑↓→ |
+
+### Per-Session Breakdown
+
+| Session | Repos | Commits | Pass | Fail | Re-dispatch | QA 🔴 | QA 🟣 |
+|---------|-------|---------|------|------|-------------|--------|--------|
+| {name} | N | N | N | N | N | N | N |
+
+### Insights
+- [Actionable observation based on data]
+- [Suggestion for prompt/process improvement backed by numbers]
+```
+
+Present the report to the user. Do NOT write it to a file unless asked.
+
+## Anti-patterns
+- NEVER fabricate metrics — only report what's extractable from actual files
+- NEVER compare to other teams/projects — only compare to own history
+- If data is insufficient (< 3 sessions), say so instead of producing meaningless trends

package/global-skills/plan-review/SKILL.md

@@ -1,5 +1,6 @@
 ---
 name: plan-review
+prompt_version: 5.2.1
 description: >
   Quick sanity check on a plan before the user validates it. Verifies
   structural completeness: all tasks have a service, waves respect
@@ -9,7 +10,7 @@ argument-hint: "[plan-name.md]"
 context: fork
 agent: Explore
 disable-model-invocation: true
-model: haiku
+model: sonnet
 allowed-tools: Read, Glob, Grep
 ---
 

package/global-skills/qa-ruthless/SKILL.md

@@ -1,5 +1,6 @@
 ---
 name: qa-ruthless
+prompt_version: 5.2.1
 description: >
   Adversarial QA review after feature implementation. MUST find problems —
   a clean report is a failed review. Executes tests, hunts dead code,
@@ -8,6 +9,7 @@ description: >
   "test", "quality", "qa ruthless", "find bugs".
 argument-hint: "[plan-name or 'all']"
 context: fork
+model: opus
 allowed-tools: Read, Write, Glob, Grep, Task, Teammate, SendMessage
 ---
 

package/global-skills/refresh-profiles/SKILL.md

@@ -1,5 +1,6 @@
 ---
 name: refresh-profiles
+prompt_version: 5.2.1
 description: >
   Regenerate service-profiles.md by reading CLAUDE.md from all repos
   listed in workspace.md. Use when conventions changed, or user says

package/global-skills/rules/context-hygiene.md

@@ -16,28 +16,13 @@ globs: ["workspace.md", "plans/**", "constitution.md", "templates/**"]
 ## Response limits
 - No code in repos — delegate repo code to teammates
 - Writing in orchestrator/ (plans, workspace.md, constitution.md) is allowed and expected
-- Teammate results: summarize to status + files + problems, then compact
+- Teammate results: summarize to status + files + problems
 
-## Compaction
-- Context compaction triggers automatically (Opus 4.6 adaptive)
-- Additionally, compact manually after each full cycle
-  (plan → teammates → collect → QA)
-- Also compact when responses visibly slow down
+## Context compaction
+- Claude Code handles compaction automatically — no manual `/compact` needed
+- The SessionStart hook re-injects active plan context after any `/clear`
 
 ## Triggers for /clear
 - Switching to a completely different feature/epic
 - After merging a completed feature
 - Start of day / new work session
-
-## Monitoring
-- The `SessionStart` hook automatically injects active plan context
-  at startup or after a `/clear`
-- If a config issue is suspected, use `/hooks` to inspect
-
-## Context compaction (Opus 4.6)
-- Opus 4.6 supports native context compaction — the model can summarize
-  its own context to continue longer-running tasks without hitting limits
-- The 1M context window (beta) is available but token-intensive.
-  Disable with `CLAUDE_CODE_DISABLE_1M_CONTEXT=1` if cost is a concern
-- For orchestration sessions, prefer compact-after-cycle over 1M context:
-  smaller context = faster responses = cheaper