claude-code-pilot 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (124) hide show
  1. package/README.md +76 -97
  2. package/bin/install.js +13 -13
  3. package/manifest.json +1 -1
  4. package/package.json +1 -1
  5. package/src/agents/doc-updater.md +1 -1
  6. package/src/agents/gan-evaluator.md +209 -0
  7. package/src/agents/gan-generator.md +131 -0
  8. package/src/agents/gan-planner.md +99 -0
  9. package/src/agents/harness-optimizer.md +35 -0
  10. package/src/agents/loop-operator.md +36 -0
  11. package/src/agents/opensource-forker.md +198 -0
  12. package/src/agents/opensource-packager.md +249 -0
  13. package/src/agents/opensource-sanitizer.md +188 -0
  14. package/src/agents/performance-optimizer.md +446 -0
  15. package/src/available-rules/README.md +1 -1
  16. package/src/commands/{aside.md → ccp/aside.md} +14 -13
  17. package/src/commands/{build-fix.md → ccp/build-fix.md} +5 -0
  18. package/src/commands/{checkpoint.md → ccp/checkpoint.md} +12 -7
  19. package/src/commands/{code-review.md → ccp/code-review.md} +5 -0
  20. package/src/commands/{context-budget.md → ccp/context-budget.md} +2 -1
  21. package/src/commands/{cpp-build.md → ccp/cpp-build.md} +6 -5
  22. package/src/commands/{cpp-review.md → ccp/cpp-review.md} +7 -6
  23. package/src/commands/{cpp-test.md → ccp/cpp-test.md} +6 -5
  24. package/src/commands/ccp/docs-update.md +48 -0
  25. package/src/commands/{docs.md → ccp/docs.md} +4 -3
  26. package/src/commands/{e2e.md → ccp/e2e.md} +7 -6
  27. package/src/commands/{eval.md → ccp/eval.md} +10 -5
  28. package/src/commands/{evolve.md → ccp/evolve.md} +3 -3
  29. package/src/commands/{go-build.md → ccp/go-build.md} +6 -5
  30. package/src/commands/{go-review.md → ccp/go-review.md} +7 -6
  31. package/src/commands/{go-test.md → ccp/go-test.md} +6 -5
  32. package/src/commands/{gradle-build.md → ccp/gradle-build.md} +1 -0
  33. package/src/commands/{harness-audit.md → ccp/harness-audit.md} +6 -1
  34. package/src/commands/{kotlin-build.md → ccp/kotlin-build.md} +6 -5
  35. package/src/commands/{kotlin-review.md → ccp/kotlin-review.md} +7 -6
  36. package/src/commands/{kotlin-test.md → ccp/kotlin-test.md} +6 -5
  37. package/src/commands/{learn.md → ccp/learn.md} +7 -2
  38. package/src/commands/{model-route.md → ccp/model-route.md} +6 -1
  39. package/src/commands/{orchestrate.md → ccp/orchestrate.md} +4 -3
  40. package/src/commands/{plan.md → ccp/plan.md} +6 -5
  41. package/src/commands/ccp/profile-user.md +46 -0
  42. package/src/commands/{prompt-optimize.md → ccp/prompt-optimize.md} +3 -2
  43. package/src/commands/{prune.md → ccp/prune.md} +4 -4
  44. package/src/commands/{python-review.md → ccp/python-review.md} +7 -6
  45. package/src/commands/{quality-gate.md → ccp/quality-gate.md} +6 -1
  46. package/src/commands/{refactor-clean.md → ccp/refactor-clean.md} +5 -0
  47. package/src/commands/{resume-session.md → ccp/resume-session.md} +9 -8
  48. package/src/commands/ccp/review.md +37 -0
  49. package/src/commands/{rules-distill.md → ccp/rules-distill.md} +2 -1
  50. package/src/commands/{rust-build.md → ccp/rust-build.md} +6 -5
  51. package/src/commands/{rust-review.md → ccp/rust-review.md} +7 -6
  52. package/src/commands/{rust-test.md → ccp/rust-test.md} +6 -5
  53. package/src/commands/{save-session.md → ccp/save-session.md} +2 -1
  54. package/src/commands/ccp/secure-phase.md +35 -0
  55. package/src/commands/{sessions.md → ccp/sessions.md} +29 -24
  56. package/src/commands/{setup-pm.md → ccp/setup-pm.md} +1 -0
  57. package/src/commands/{setup-refresh.md → ccp/setup-refresh.md} +4 -3
  58. package/src/commands/{setup.md → ccp/setup.md} +24 -23
  59. package/src/commands/{skill-create.md → ccp/skill-create.md} +8 -8
  60. package/src/commands/{skill-health.md → ccp/skill-health.md} +5 -5
  61. package/src/commands/{tdd.md → ccp/tdd.md} +9 -8
  62. package/src/commands/{test-coverage.md → ccp/test-coverage.md} +5 -0
  63. package/src/commands/{tool-guide.md → ccp/tool-guide.md} +2 -1
  64. package/src/commands/{update-codemaps.md → ccp/update-codemaps.md} +5 -0
  65. package/src/commands/{update-docs.md → ccp/update-docs.md} +5 -0
  66. package/src/commands/{verify.md → ccp/verify.md} +5 -0
  67. package/src/commands/ccp/workstreams.md +68 -0
  68. package/src/examples/CLAUDE.md +4 -4
  69. package/src/examples/django-api-CLAUDE.md +5 -5
  70. package/src/examples/go-microservice-CLAUDE.md +6 -6
  71. package/src/examples/rust-api-CLAUDE.md +4 -4
  72. package/src/examples/saas-nextjs-CLAUDE.md +8 -8
  73. package/src/hooks/session-start.js +1 -1
  74. package/src/pilot/references/mcp-servers.json +1 -1
  75. package/src/pilot/workflows/docs-update.md +1165 -0
  76. package/src/pilot/workflows/help.md +48 -56
  77. package/src/pilot/workflows/profile-user.md +452 -0
  78. package/src/pilot/workflows/review.md +244 -0
  79. package/src/pilot/workflows/secure-phase.md +164 -0
  80. package/src/rules/common/code-review.md +124 -0
  81. package/src/rules/zh/README.md +108 -0
  82. package/src/rules/zh/agents.md +50 -0
  83. package/src/rules/zh/code-review.md +124 -0
  84. package/src/rules/zh/coding-style.md +48 -0
  85. package/src/rules/zh/development-workflow.md +44 -0
  86. package/src/rules/zh/git-workflow.md +24 -0
  87. package/src/rules/zh/hooks.md +30 -0
  88. package/src/rules/zh/patterns.md +31 -0
  89. package/src/rules/zh/performance.md +55 -0
  90. package/src/rules/zh/security.md +29 -0
  91. package/src/rules/zh/testing.md +29 -0
  92. package/src/skills/autonomous-agent-harness/SKILL.md +267 -0
  93. package/src/skills/autonomous-loops/SKILL.md +610 -0
  94. package/src/skills/bun-runtime/SKILL.md +84 -0
  95. package/src/skills/content-hash-cache-pattern/SKILL.md +161 -0
  96. package/src/skills/context-budget/SKILL.md +3 -3
  97. package/src/skills/continuous-learning-v2/SKILL.md +4 -4
  98. package/src/skills/continuous-learning-v2/agents/observer.md +1 -1
  99. package/src/skills/cost-aware-llm-pipeline/SKILL.md +183 -0
  100. package/src/skills/design-system/SKILL.md +82 -0
  101. package/src/skills/eval-harness/SKILL.md +270 -0
  102. package/src/skills/flutter-dart-code-review/SKILL.md +435 -0
  103. package/src/skills/gan-style-harness/SKILL.md +278 -0
  104. package/src/skills/git-workflow/SKILL.md +715 -0
  105. package/src/skills/hexagonal-architecture/SKILL.md +276 -0
  106. package/src/skills/iterative-retrieval/SKILL.md +211 -0
  107. package/src/skills/laravel-plugin-discovery/SKILL.md +229 -0
  108. package/src/skills/nextjs-turbopack/SKILL.md +44 -0
  109. package/src/skills/nuxt4-patterns/SKILL.md +100 -0
  110. package/src/skills/opensource-pipeline/SKILL.md +255 -0
  111. package/src/skills/perl-security/SKILL.md +503 -0
  112. package/src/skills/project-flow-ops/SKILL.md +111 -0
  113. package/src/skills/project-guidelines-example/SKILL.md +349 -0
  114. package/src/skills/prompt-optimizer/SKILL.md +38 -38
  115. package/src/skills/pytorch-patterns/SKILL.md +396 -0
  116. package/src/skills/regex-vs-llm-structured-text/SKILL.md +220 -0
  117. package/src/skills/repo-scan/SKILL.md +78 -0
  118. package/src/skills/rules-distill/SKILL.md +264 -0
  119. package/src/skills/rules-distill/scripts/scan-rules.sh +58 -0
  120. package/src/skills/rules-distill/scripts/scan-skills.sh +129 -0
  121. package/src/skills/swift-concurrency-6-2/SKILL.md +216 -0
  122. package/src/skills/token-budget-advisor/SKILL.md +133 -0
  123. package/src/skills/verification-loop/SKILL.md +1 -1
  124. package/src/skills/workspace-surface-audit/SKILL.md +125 -0
@@ -0,0 +1,229 @@
1
+ ---
2
+ name: laravel-plugin-discovery
3
+ description: Discover and evaluate Laravel packages via LaraPlugins.io MCP. Use when the user wants to find plugins, check package health, or assess Laravel/PHP compatibility.
4
+ origin: ECC
5
+ ---
6
+
7
+ # Laravel Plugin Discovery
8
+
9
+ Find, evaluate, and choose healthy Laravel packages using the LaraPlugins.io MCP server.
10
+
11
+ ## When to Use
12
+
13
+ - User wants to find Laravel packages for a specific feature (e.g. "auth", "permissions", "admin panel")
14
+ - User asks "what package should I use for..." or "is there a Laravel package for..."
15
+ - User wants to check if a package is actively maintained
16
+ - User needs to verify Laravel version compatibility
17
+ - User wants to assess package health before adding to a project
18
+
19
+ ## MCP Requirement
20
+
21
+ LaraPlugins MCP server must be configured. Add to your `~/.claude.json` mcpServers:
22
+
23
+ ```json
24
+ "laraplugins": {
25
+ "type": "http",
26
+ "url": "https://laraplugins.io/mcp/plugins"
27
+ }
28
+ ```
29
+
30
+ No API key required — the server is free for the Laravel community.
31
+
32
+ ## MCP Tools
33
+
34
+ The LaraPlugins MCP provides two primary tools:
35
+
36
+ ### SearchPluginTool
37
+
38
+ Search packages by keyword, health score, vendor, and version compatibility.
39
+
40
+ **Parameters:**
41
+ - `text_search` (string, optional): Keyword to search (e.g. "permission", "admin", "api")
42
+ - `health_score` (string, optional): Filter by health band — `Healthy`, `Medium`, `Unhealthy`, or `Unrated`
43
+ - `laravel_compatibility` (string, optional): Filter by Laravel version — `"5"`, `"6"`, `"7"`, `"8"`, `"9"`, `"10"`, `"11"`, `"12"`, `"13"`
44
+ - `php_compatibility` (string, optional): Filter by PHP version — `"7.4"`, `"8.0"`, `"8.1"`, `"8.2"`, `"8.3"`, `"8.4"`, `"8.5"`
45
+ - `vendor_filter` (string, optional): Filter by vendor name (e.g. "spatie", "laravel")
46
+ - `page` (number, optional): Page number for pagination
47
+
48
+ ### GetPluginDetailsTool
49
+
50
+ Fetch detailed metrics, readme content, and version history for a specific package.
51
+
52
+ **Parameters:**
53
+ - `package` (string, required): Full Composer package name (e.g. "spatie/laravel-permission")
54
+ - `include_versions` (boolean, optional): Include version history in response
55
+
56
+ ---
57
+
58
+ ## How It Works
59
+
60
+ ### Finding Packages
61
+
62
+ When the user wants to discover packages for a feature:
63
+
64
+ 1. Use `SearchPluginTool` with relevant keywords
65
+ 2. Apply filters for health score, Laravel version, or PHP version
66
+ 3. Review the results with package names, descriptions, and health indicators
67
+
68
+ ### Evaluating Packages
69
+
70
+ When the user wants to assess a specific package:
71
+
72
+ 1. Use `GetPluginDetailsTool` with the package name
73
+ 2. Review health score, last updated date, Laravel version support
74
+ 3. Check vendor reputation and risk indicators
75
+
76
+ ### Checking Compatibility
77
+
78
+ When the user needs Laravel or PHP version compatibility:
79
+
80
+ 1. Search with `laravel_compatibility` filter set to their version
81
+ 2. Or get details on a specific package to see its supported versions
82
+
83
+ ---
84
+
85
+ ## Examples
86
+
87
+ ### Example: Find Authentication Packages
88
+
89
+ ```
90
+ SearchPluginTool({
91
+ text_search: "authentication",
92
+ health_score: "Healthy"
93
+ })
94
+ ```
95
+
96
+ Returns packages matching "authentication" with healthy status:
97
+ - spatie/laravel-permission
98
+ - laravel/breeze
99
+ - laravel/passport
100
+ - etc.
101
+
102
+ ### Example: Find Laravel 12 Compatible Packages
103
+
104
+ ```
105
+ SearchPluginTool({
106
+ text_search: "admin panel",
107
+ laravel_compatibility: "12"
108
+ })
109
+ ```
110
+
111
+ Returns packages compatible with Laravel 12.
112
+
113
+ ### Example: Get Package Details
114
+
115
+ ```
116
+ GetPluginDetailsTool({
117
+ package: "spatie/laravel-permission",
118
+ include_versions: true
119
+ })
120
+ ```
121
+
122
+ Returns:
123
+ - Health score and last activity
124
+ - Laravel/PHP version support
125
+ - Vendor reputation (risk score)
126
+ - Version history
127
+ - Brief description
128
+
129
+ ### Example: Find Packages by Vendor
130
+
131
+ ```
132
+ SearchPluginTool({
133
+ vendor_filter: "spatie",
134
+ health_score: "Healthy"
135
+ })
136
+ ```
137
+
138
+ Returns all healthy packages from vendor "spatie".
139
+
140
+ ---
141
+
142
+ ## Filtering Best Practices
143
+
144
+ ### By Health Score
145
+
146
+ | Health Band | Meaning |
147
+ |-------------|---------|
148
+ | `Healthy` | Active maintenance, recent updates |
149
+ | `Medium` | Occasional updates, may need attention |
150
+ | `Unhealthy` | Abandoned or infrequently maintained |
151
+ | `Unrated` | Not yet assessed |
152
+
153
+ **Recommendation**: Prefer `Healthy` packages for production applications.
154
+
155
+ ### By Laravel Version
156
+
157
+ | Version | Notes |
158
+ |---------|-------|
159
+ | `13` | Latest Laravel |
160
+ | `12` | Current stable |
161
+ | `11` | Still widely used |
162
+ | `10` | Legacy but common |
163
+ | `5`-`9` | Deprecated |
164
+
165
+ **Recommendation**: Match the target project's Laravel version.
166
+
167
+ ### Combining Filters
168
+
169
+ ```typescript
170
+ // Find healthy, Laravel 12 compatible packages for permissions
171
+ SearchPluginTool({
172
+ text_search: "permission",
173
+ health_score: "Healthy",
174
+ laravel_compatibility: "12"
175
+ })
176
+ ```
177
+
178
+ ---
179
+
180
+ ## Response Interpretation
181
+
182
+ ### Search Results
183
+
184
+ Each result includes:
185
+ - Package name (e.g. `spatie/laravel-permission`)
186
+ - Brief description
187
+ - Health status indicator
188
+ - Laravel version support badges
189
+
190
+ ### Package Details
191
+
192
+ The detailed response includes:
193
+ - **Health Score**: Numeric or band indicator
194
+ - **Last Activity**: When the package was last updated
195
+ - **Laravel Support**: Version compatibility matrix
196
+ - **PHP Support**: PHP version compatibility
197
+ - **Risk Score**: Vendor trust indicators
198
+ - **Version History**: Recent release timeline
199
+
200
+ ---
201
+
202
+ ## Common Use Cases
203
+
204
+ | Scenario | Recommended Approach |
205
+ |----------|---------------------|
206
+ | "What package for auth?" | Search "auth" with healthy filter |
207
+ | "Is spatie/package still maintained?" | Get details, check health score |
208
+ | "Need Laravel 12 packages" | Search with laravel_compatibility: "12" |
209
+ | "Find admin panel packages" | Search "admin panel", review results |
210
+ | "Check vendor reputation" | Search by vendor, check details |
211
+
212
+ ---
213
+
214
+ ## Best Practices
215
+
216
+ 1. **Always filter by health** — Use `health_score: "Healthy"` for production projects
217
+ 2. **Match Laravel version** — Always check `laravel_compatibility` matches the target project
218
+ 3. **Check vendor reputation** — Prefer packages from known vendors (spatie, laravel, etc.)
219
+ 4. **Review before recommending** — Use GetPluginDetailsTool for a comprehensive assessment
220
+ 5. **No API key needed** — The MCP is free, no authentication required
221
+
222
+ ---
223
+
224
+ ## Related Skills
225
+
226
+ - `laravel-patterns` — Laravel architecture and patterns
227
+ - `laravel-tdd` — Test-driven development for Laravel
228
+ - `laravel-security` — Laravel security best practices
229
+ - `documentation-lookup` — General library documentation lookup (Context7)
@@ -0,0 +1,44 @@
1
+ ---
2
+ name: nextjs-turbopack
3
+ description: Next.js 16+ and Turbopack — incremental bundling, FS caching, dev speed, and when to use Turbopack vs webpack.
4
+ origin: ECC
5
+ ---
6
+
7
+ # Next.js and Turbopack
8
+
9
+ Next.js 16+ uses Turbopack by default for local development: an incremental bundler written in Rust that significantly speeds up dev startup and hot updates.
10
+
11
+ ## When to Use
12
+
13
+ - **Turbopack (default dev)**: Use for day-to-day development. Faster cold start and HMR, especially in large apps.
14
+ - **Webpack (legacy dev)**: Use only if you hit a Turbopack bug or rely on a webpack-only plugin in dev. Disable with `--webpack` (or `--no-turbopack` depending on your Next.js version; check the docs for your release).
15
+ - **Production**: Production build behavior (`next build`) may use Turbopack or webpack depending on Next.js version; check the official Next.js docs for your version.
16
+
17
+ Use when: developing or debugging Next.js 16+ apps, diagnosing slow dev startup or HMR, or optimizing production bundles.
18
+
19
+ ## How It Works
20
+
21
+ - **Turbopack**: Incremental bundler for Next.js dev. Uses file-system caching so restarts are much faster (e.g. 5–14x on large projects).
22
+ - **Default in dev**: From Next.js 16, `next dev` runs with Turbopack unless disabled.
23
+ - **File-system caching**: Restarts reuse previous work; cache is typically under `.next`; no extra config needed for basic use.
24
+ - **Bundle Analyzer (Next.js 16.1+)**: Experimental Bundle Analyzer to inspect output and find heavy dependencies; enable via config or experimental flag (see Next.js docs for your version).
25
+
26
+ ## Examples
27
+
28
+ ### Commands
29
+
30
+ ```bash
31
+ next dev
32
+ next build
33
+ next start
34
+ ```
35
+
36
+ ### Usage
37
+
38
+ Run `next dev` for local development with Turbopack. Use the Bundle Analyzer (see Next.js docs) to optimize code-splitting and trim large dependencies. Prefer App Router and server components where possible.
39
+
40
+ ## Best Practices
41
+
42
+ - Stay on a recent Next.js 16.x for stable Turbopack and caching behavior.
43
+ - If dev is slow, ensure you're on Turbopack (default) and that the cache isn't being cleared unnecessarily.
44
+ - For production bundle size issues, use the official Next.js bundle analysis tooling for your version.
@@ -0,0 +1,100 @@
1
+ ---
2
+ name: nuxt4-patterns
3
+ description: Nuxt 4 app patterns for hydration safety, performance, route rules, lazy loading, and SSR-safe data fetching with useFetch and useAsyncData.
4
+ origin: ECC
5
+ ---
6
+
7
+ # Nuxt 4 Patterns
8
+
9
+ Use when building or debugging Nuxt 4 apps with SSR, hybrid rendering, route rules, or page-level data fetching.
10
+
11
+ ## When to Activate
12
+
13
+ - Hydration mismatches between server HTML and client state
14
+ - Route-level rendering decisions such as prerender, SWR, ISR, or client-only sections
15
+ - Performance work around lazy loading, lazy hydration, or payload size
16
+ - Page or component data fetching with `useFetch`, `useAsyncData`, or `$fetch`
17
+ - Nuxt routing issues tied to route params, middleware, or SSR/client differences
18
+
19
+ ## Hydration Safety
20
+
21
+ - Keep the first render deterministic. Do not put `Date.now()`, `Math.random()`, browser-only APIs, or storage reads directly into SSR-rendered template state.
22
+ - Move browser-only logic behind `onMounted()`, `import.meta.client`, `ClientOnly`, or a `.client.vue` component when the server cannot produce the same markup.
23
+ - Use Nuxt's `useRoute()` composable, not the one from `vue-router`.
24
+ - Do not use `route.fullPath` to drive SSR-rendered markup. URL fragments are client-only, which can create hydration mismatches.
25
+ - Treat `ssr: false` as an escape hatch for truly browser-only areas, not a default fix for mismatches.
26
+
27
+ ## Data Fetching
28
+
29
+ - Prefer `await useFetch()` for SSR-safe API reads in pages and components. It forwards server-fetched data into the Nuxt payload and avoids a second fetch on hydration.
30
+ - Use `useAsyncData()` when the fetcher is not a simple `$fetch()` call, when you need a custom key, or when you are composing multiple async sources.
31
+ - Give `useAsyncData()` a stable key for cache reuse and predictable refresh behavior.
32
+ - Keep `useAsyncData()` handlers side-effect free. They can run during SSR and hydration.
33
+ - Use `$fetch()` for user-triggered writes or client-only actions, not top-level page data that should be hydrated from SSR.
34
+ - Use `lazy: true`, `useLazyFetch()`, or `useLazyAsyncData()` for non-critical data that should not block navigation. Handle `status === 'pending'` in the UI.
35
+ - Use `server: false` only for data that is not needed for SEO or the first paint.
36
+ - Trim payload size with `pick` and prefer shallower payloads when deep reactivity is unnecessary.
37
+
38
+ ```ts
39
+ const route = useRoute()
40
+
41
+ const { data: article, status, error, refresh } = await useAsyncData(
42
+ () => `article:${route.params.slug}`,
43
+ () => $fetch(`/api/articles/${route.params.slug}`),
44
+ )
45
+
46
+ const { data: comments } = await useFetch(`/api/articles/${route.params.slug}/comments`, {
47
+ lazy: true,
48
+ server: false,
49
+ })
50
+ ```
51
+
52
+ ## Route Rules
53
+
54
+ Prefer `routeRules` in `nuxt.config.ts` for rendering and caching strategy:
55
+
56
+ ```ts
57
+ export default defineNuxtConfig({
58
+ routeRules: {
59
+ '/': { prerender: true },
60
+ '/products/**': { swr: 3600 },
61
+ '/blog/**': { isr: true },
62
+ '/admin/**': { ssr: false },
63
+ '/api/**': { cache: { maxAge: 60 * 60 } },
64
+ },
65
+ })
66
+ ```
67
+
68
+ - `prerender`: static HTML at build time
69
+ - `swr`: serve cached content and revalidate in the background
70
+ - `isr`: incremental static regeneration on supported platforms
71
+ - `ssr: false`: client-rendered route
72
+ - `cache` or `redirect`: Nitro-level response behavior
73
+
74
+ Pick route rules per route group, not globally. Marketing pages, catalogs, dashboards, and APIs usually need different strategies.
75
+
76
+ ## Lazy Loading and Performance
77
+
78
+ - Nuxt already code-splits pages by route. Keep route boundaries meaningful before micro-optimizing component splits.
79
+ - Use the `Lazy` prefix to dynamically import non-critical components.
80
+ - Conditionally render lazy components with `v-if` so the chunk is not loaded until the UI actually needs it.
81
+ - Use lazy hydration for below-the-fold or non-critical interactive UI.
82
+
83
+ ```vue
84
+ <template>
85
+ <LazyRecommendations v-if="showRecommendations" />
86
+ <LazyProductGallery hydrate-on-visible />
87
+ </template>
88
+ ```
89
+
90
+ - For custom strategies, use `defineLazyHydrationComponent()` with a visibility or idle strategy.
91
+ - Nuxt lazy hydration works on single-file components. Passing new props to a lazily hydrated component will trigger hydration immediately.
92
+ - Use `NuxtLink` for internal navigation so Nuxt can prefetch route components and generated payloads.
93
+
94
+ ## Review Checklist
95
+
96
+ - First SSR render and hydrated client render produce the same markup
97
+ - Page data uses `useFetch` or `useAsyncData`, not top-level `$fetch`
98
+ - Non-critical data is lazy and has explicit loading UI
99
+ - Route rules match the page's SEO and freshness requirements
100
+ - Heavy interactive islands are lazy-loaded or lazily hydrated
@@ -0,0 +1,255 @@
1
+ ---
2
+ name: opensource-pipeline
3
+ description: "Open-source pipeline: fork, sanitize, and package private projects for safe public release. Chains 3 agents (forker, sanitizer, packager). Triggers: '/opensource', 'open source this', 'make this public', 'prepare for open source'."
4
+ origin: ECC
5
+ ---
6
+
7
+ # Open-Source Pipeline Skill
8
+
9
+ Safely open-source any project through a 3-stage pipeline: **Fork** (strip secrets) → **Sanitize** (verify clean) → **Package** (CLAUDE.md + setup.sh + README).
10
+
11
+ ## When to Activate
12
+
13
+ - User says "open source this project" or "make this public"
14
+ - User wants to prepare a private repo for public release
15
+ - User needs to strip secrets before pushing to GitHub
16
+ - User invokes `/opensource fork`, `/opensource verify`, or `/opensource package`
17
+
18
+ ## Commands
19
+
20
+ | Command | Action |
21
+ |---------|--------|
22
+ | `/opensource fork PROJECT` | Full pipeline: fork + sanitize + package |
23
+ | `/opensource verify PROJECT` | Run sanitizer on existing repo |
24
+ | `/opensource package PROJECT` | Generate CLAUDE.md + setup.sh + README |
25
+ | `/opensource list` | Show all staged projects |
26
+ | `/opensource status PROJECT` | Show reports for a staged project |
27
+
28
+ ## Protocol
29
+
30
+ ### /opensource fork PROJECT
31
+
32
+ **Full pipeline — the main workflow.**
33
+
34
+ #### Step 1: Gather Parameters
35
+
36
+ Resolve the project path. If PROJECT contains `/`, treat as a path (absolute or relative). Otherwise check: current working directory, `$HOME/PROJECT`, then ask the user.
37
+
38
+ ```
39
+ SOURCE_PATH="<resolved absolute path>"
40
+ STAGING_PATH="$HOME/opensource-staging/${PROJECT_NAME}"
41
+ ```
42
+
43
+ Ask the user:
44
+ 1. "Which project?" (if not found)
45
+ 2. "License? (MIT / Apache-2.0 / GPL-3.0 / BSD-3-Clause)"
46
+ 3. "GitHub org or username?" (default: detect via `gh api user -q .login`)
47
+ 4. "GitHub repo name?" (default: project name)
48
+ 5. "Description for README?" (analyze project for suggestion)
49
+
50
+ #### Step 2: Create Staging Directory
51
+
52
+ ```bash
53
+ mkdir -p $HOME/opensource-staging/
54
+ ```
55
+
56
+ #### Step 3: Run Forker Agent
57
+
58
+ Spawn the `opensource-forker` agent:
59
+
60
+ ```
61
+ Agent(
62
+ description="Fork {PROJECT} for open-source",
63
+ subagent_type="opensource-forker",
64
+ prompt="""
65
+ Fork project for open-source release.
66
+
67
+ Source: {SOURCE_PATH}
68
+ Target: {STAGING_PATH}
69
+ License: {chosen_license}
70
+
71
+ Follow the full forking protocol:
72
+ 1. Copy files (exclude .git, node_modules, __pycache__, .venv)
73
+ 2. Strip all secrets and credentials
74
+ 3. Replace internal references with placeholders
75
+ 4. Generate .env.example
76
+ 5. Clean git history
77
+ 6. Generate FORK_REPORT.md in {STAGING_PATH}/FORK_REPORT.md
78
+ """
79
+ )
80
+ ```
81
+
82
+ Wait for completion. Read `{STAGING_PATH}/FORK_REPORT.md`.
83
+
84
+ #### Step 4: Run Sanitizer Agent
85
+
86
+ Spawn the `opensource-sanitizer` agent:
87
+
88
+ ```
89
+ Agent(
90
+ description="Verify {PROJECT} sanitization",
91
+ subagent_type="opensource-sanitizer",
92
+ prompt="""
93
+ Verify sanitization of open-source fork.
94
+
95
+ Project: {STAGING_PATH}
96
+ Source (for reference): {SOURCE_PATH}
97
+
98
+ Run ALL scan categories:
99
+ 1. Secrets scan (CRITICAL)
100
+ 2. PII scan (CRITICAL)
101
+ 3. Internal references scan (CRITICAL)
102
+ 4. Dangerous files check (CRITICAL)
103
+ 5. Configuration completeness (WARNING)
104
+ 6. Git history audit
105
+
106
+ Generate SANITIZATION_REPORT.md inside {STAGING_PATH}/ with PASS/FAIL verdict.
107
+ """
108
+ )
109
+ ```
110
+
111
+ Wait for completion. Read `{STAGING_PATH}/SANITIZATION_REPORT.md`.
112
+
113
+ **If FAIL:** Show findings to user. Ask: "Fix these and re-scan, or abort?"
114
+ - If fix: Apply fixes, re-run sanitizer (maximum 3 retry attempts — after 3 FAILs, present all findings and ask user to fix manually)
115
+ - If abort: Clean up staging directory
116
+
117
+ **If PASS or PASS WITH WARNINGS:** Continue to Step 5.
118
+
119
+ #### Step 5: Run Packager Agent
120
+
121
+ Spawn the `opensource-packager` agent:
122
+
123
+ ```
124
+ Agent(
125
+ description="Package {PROJECT} for open-source",
126
+ subagent_type="opensource-packager",
127
+ prompt="""
128
+ Generate open-source packaging for project.
129
+
130
+ Project: {STAGING_PATH}
131
+ License: {chosen_license}
132
+ Project name: {PROJECT_NAME}
133
+ Description: {description}
134
+ GitHub repo: {github_repo}
135
+
136
+ Generate:
137
+ 1. CLAUDE.md (commands, architecture, key files)
138
+ 2. setup.sh (one-command bootstrap, make executable)
139
+ 3. README.md (or enhance existing)
140
+ 4. LICENSE
141
+ 5. CONTRIBUTING.md
142
+ 6. .github/ISSUE_TEMPLATE/ (bug_report.md, feature_request.md)
143
+ """
144
+ )
145
+ ```
146
+
147
+ #### Step 6: Final Review
148
+
149
+ Present to user:
150
+ ```
151
+ Open-Source Fork Ready: {PROJECT_NAME}
152
+
153
+ Location: {STAGING_PATH}
154
+ License: {license}
155
+ Files generated:
156
+ - CLAUDE.md
157
+ - setup.sh (executable)
158
+ - README.md
159
+ - LICENSE
160
+ - CONTRIBUTING.md
161
+ - .env.example ({N} variables)
162
+
163
+ Sanitization: {sanitization_verdict}
164
+
165
+ Next steps:
166
+ 1. Review: cd {STAGING_PATH}
167
+ 2. Create repo: gh repo create {github_org}/{github_repo} --public
168
+ 3. Push: git remote add origin ... && git push -u origin main
169
+
170
+ Proceed with GitHub creation? (yes/no/review first)
171
+ ```
172
+
173
+ #### Step 7: GitHub Publish (on user approval)
174
+
175
+ ```bash
176
+ cd "{STAGING_PATH}"
177
+ gh repo create "{github_org}/{github_repo}" --public --source=. --push --description "{description}"
178
+ ```
179
+
180
+ ---
181
+
182
+ ### /opensource verify PROJECT
183
+
184
+ Run sanitizer independently. Resolve path: if PROJECT contains `/`, treat as a path. Otherwise check `$HOME/opensource-staging/PROJECT`, then `$HOME/PROJECT`, then current directory.
185
+
186
+ ```
187
+ Agent(
188
+ subagent_type="opensource-sanitizer",
189
+ prompt="Verify sanitization of: {resolved_path}. Run all 6 scan categories and generate SANITIZATION_REPORT.md."
190
+ )
191
+ ```
192
+
193
+ ---
194
+
195
+ ### /opensource package PROJECT
196
+
197
+ Run packager independently. Ask for "License?" and "Description?", then:
198
+
199
+ ```
200
+ Agent(
201
+ subagent_type="opensource-packager",
202
+ prompt="Package: {resolved_path} ..."
203
+ )
204
+ ```
205
+
206
+ ---
207
+
208
+ ### /opensource list
209
+
210
+ ```bash
211
+ ls -d $HOME/opensource-staging/*/
212
+ ```
213
+
214
+ Show each project with pipeline progress (FORK_REPORT.md, SANITIZATION_REPORT.md, CLAUDE.md presence).
215
+
216
+ ---
217
+
218
+ ### /opensource status PROJECT
219
+
220
+ ```bash
221
+ cat $HOME/opensource-staging/${PROJECT}/SANITIZATION_REPORT.md
222
+ cat $HOME/opensource-staging/${PROJECT}/FORK_REPORT.md
223
+ ```
224
+
225
+ ## Staging Layout
226
+
227
+ ```
228
+ $HOME/opensource-staging/
229
+ my-project/
230
+ FORK_REPORT.md # From forker agent
231
+ SANITIZATION_REPORT.md # From sanitizer agent
232
+ CLAUDE.md # From packager agent
233
+ setup.sh # From packager agent
234
+ README.md # From packager agent
235
+ .env.example # From forker agent
236
+ ... # Sanitized project files
237
+ ```
238
+
239
+ ## Anti-Patterns
240
+
241
+ - **Never** push to GitHub without user approval
242
+ - **Never** skip the sanitizer — it is the safety gate
243
+ - **Never** proceed after a sanitizer FAIL without fixing all critical findings
244
+ - **Never** leave `.env`, `*.pem`, or `credentials.json` in the staging directory
245
+
246
+ ## Best Practices
247
+
248
+ - Always run the full pipeline (fork → sanitize → package) for new releases
249
+ - The staging directory persists until explicitly cleaned up — use it for review
250
+ - Re-run the sanitizer after any manual fixes before publishing
251
+ - Parameterize secrets rather than deleting them — preserve project functionality
252
+
253
+ ## Related Skills
254
+
255
+ See `security-review` for secret detection patterns used by the sanitizer.