claude-code-scanner 1.0.0

package/template/.claude/docs/execution-metrics-protocol.md

@@ -0,0 +1,105 @@
+# Execution Metrics Protocol
+
+Every agent MUST include execution metrics in their HANDOFF block when completing work. This data feeds into the `/execution-report` skill for post-completion analytics.
+
+## Extended HANDOFF Block Format
+
+```
+HANDOFF:
+  from: @agent-name
+  to: @next-agent-or-team-lead
+  reason: why this handoff is happening
+  artifacts:
+    - list of files/docs produced
+  context: |
+    Summary of what was done and key decisions
+  iteration: N/max (if in a loop)
+  execution_metrics:
+    turns_used: N
+    files_read: N
+    files_modified: N
+    files_created: N
+    tests_run: N (pass/fail/skip)
+    coverage_delta: "+N%" or "-N%" or "N/A"
+    hallucination_flags:
+      - "referenced non-existent file X" (if any)
+      - "CLEAN" (if none)
+    regression_flags:
+      - "test X changed from PASS to FAIL" (if any)
+      - "CLEAN" (if none)
+    confidence: HIGH/MEDIUM/LOW
+    notes: |
+      Any concerns, assumptions made, or uncertainty
+```
+
+## What Each Metric Means
+
+### turns_used
+How many agentic turns the agent consumed. Compare against `maxTurns` to assess efficiency.
+- Under 50% of maxTurns = efficient
+- 50-80% = normal
+- Over 80% = approaching limit, may indicate complexity or inefficiency
+
+### files_read / files_modified / files_created
+Raw count of file operations. Used to calculate:
+- Context consumption estimate (~500 tokens per file read)
+- Blast radius (files modified)
+- Code generation volume (files created)
+
+### tests_run
+Test suite results after this agent's work. Format: `N (pass/fail/skip)`.
+- All pass = quality score contribution
+- New failures = regression flag
+
+### coverage_delta
+Change in test coverage after this agent's work.
+- Positive or zero = quality maintained
+- Negative = quality decreased (flag for review)
+
+### hallucination_flags
+Self-check by the agent for potential hallucinations:
+- Referenced a file that doesn't exist
+- Called a function that doesn't exist in the codebase
+- Used an API pattern that doesn't match the project
+- Generated import paths that don't resolve
+- **CLEAN** if all references verified
+
+### regression_flags
+Self-check by the agent for regressions introduced:
+- Tests that passed before but fail after changes
+- Lint errors introduced
+- Type errors introduced
+- Build failures introduced
+- **CLEAN** if no regressions
+
+### confidence
+Agent's self-assessment of output quality:
+- **HIGH**: All references verified, tests pass, patterns match
+- **MEDIUM**: Most references verified, minor uncertainty about edge cases
+- **LOW**: Significant assumptions made, references not fully verifiable, needs human review
+
+## @team-lead Responsibilities
+The @team-lead agent is responsible for:
+1. Collecting execution_metrics from every agent handoff
+2. Aggregating metrics into the task record's Execution Report section
+3. Triggering `/execution-report` after each phase completion
+4. Flagging any agent with hallucination_flags != CLEAN or confidence = LOW
+5. Blocking phase advancement if regression_flags != CLEAN
+
+## Automatic Collection
+The `execution-report.js` Stop hook automatically captures:
+- Active task status and metadata
+- Agent mention counts from handoff log
+- Loop iteration counts from task record
+- File change counts from changes log
+- Snapshots saved to `.claude/reports/executions/`
+
+## Report Aggregation
+The `/execution-report` skill combines:
+- Hook-collected snapshots (automatic)
+- Agent-reported execution_metrics (from HANDOFF blocks)
+- Test suite results (run on demand)
+- Coverage reports (run on demand)
+- File reference verification (scan on demand)
+
+Into a single scored report with success, hallucination, and regression assessments.

package/template/.claude/docs/flow-engine.md

@@ -0,0 +1,475 @@
+# Real-World Flow Engine
+
+## Orchestration Model
+**Subagents cannot spawn other subagents** in Claude Code. All agent-to-agent coordination is orchestrated from the `/workflow` skill running in the main conversation context (with `context: fork`). When a phase requires multiple agents, invoke them sequentially or in parallel from the workflow — never expect one agent to call another directly.
+
+**ALL handoffs route through the orchestrator** (workflow skill or @team-lead). Even when the flow-engine describes "@debugger fixes, handoff to @tester", the actual flow is: @debugger -> HANDOFF to orchestrator -> orchestrator invokes @tester.
+
+## Handoff Protocol
+Every agent/human transition MUST include a structured handoff block:
+
+```
+HANDOFF:
+  from: @agent-name
+  to: @next-agent-or-user
+  reason: why this handoff is happening
+  artifacts:
+    - path/to/file-produced.md
+    - path/to/test-results.json
+  context: |
+    Summary of what was done, key decisions made,
+    and anything the next agent needs to know
+  iteration: N/max (if in a loop)
+  status: complete | blocked | escalating
+```
+
+### Handoff Rules
+1. Every agent output MUST end with a HANDOFF block
+2. The receiving agent MUST read all listed artifacts before starting
+3. If `status: blocked`, route to @team-lead for resolution
+4. If `status: escalating`, route to user with options
+5. ALL routing goes through the orchestrator — agents NEVER invoke each other directly
+
+---
+
+## Loop 1: Dev-Test Loop (Phase 6, max 5 iterations)
+
+### Entry Condition
+Phase 5 dev agent completes -> HANDOFF to orchestrator -> orchestrator invokes @tester FIRST (not parallel with @debugger).
+
+### Flow
+```
+ENTRY: orchestrator invokes @tester with Phase 5 artifacts
+  |
+  v
+@tester runs full test suite
+  |
+  +-> ALL PASS + coverage maintained -> EXIT: advance to Phase 7
+  |
+  +-> FAILURES -> @tester reports failing tests in HANDOFF
+       |
+       v
+     orchestrator routes to fix agent:
+       - test logic bug -> @debugger (minimal fix)
+       - backend code issue -> @api-builder (if needs domain knowledge)
+       - frontend code issue -> @frontend (if needs UI knowledge)
+       - infra/config issue -> @infra
+       |
+       v
+     fix agent applies fix -> runs tests locally -> HANDOFF back
+       |
+       v
+     orchestrator invokes @tester again (increment iteration)
+       |
+       +-> ALL PASS -> EXIT: advance to Phase 7
+       +-> STILL FAILING -> repeat loop
+       +-> iteration 5 -> CIRCUIT BREAKER: escalate to user
+```
+
+### Loop State Tracking
+```markdown
+## Loop State
+- dev-test-loop: iteration N/5
+- last-failure: [test name] — [error summary] at [ISO timestamp]
+- fix-agent: @debugger|@api-builder|@frontend|@infra
+- coverage-baseline: N% (measured at Phase 5 end, before Phase 6 starts)
+- coverage-current: N%
+```
+
+### Coverage Rule
+- **Baseline**: measured at end of Phase 5 (before any Phase 6 iteration)
+- **Maintained**: coverage-current >= coverage-baseline
+- If coverage drops: @tester must add missing tests before advancing
+
+### Exit Criteria
+- ALL tests pass (zero failures)
+- Coverage >= baseline
+- @tester confirms in HANDOFF: `reason: testing complete — all pass`
+
+---
+
+## Loop 2: Review-Rework Loop (Phase 7, max 3 iterations)
+
+### Entry Condition
+Phase 6 passes -> orchestrator invokes @reviewer + @security in PARALLEL.
+
+### Flow
+```
+ENTRY: orchestrator invokes @reviewer + @security in parallel
+  |
+  v
+@reviewer produces: APPROVE or REQUEST_CHANGES (with comments)
+@security produces: APPROVE or REQUEST_CHANGES (with findings)
+  |
+  +-> BOTH APPROVE -> EXIT: advance to Phase 8
+  |
+  +-> SPLIT DECISION (one approves, one requests changes):
+  |     -> treat as REQUEST_CHANGES (stricter wins)
+  |     -> only re-review with the agent that requested changes
+  |
+  +-> BOTH REQUEST_CHANGES -> combine all comments
+       |
+       v
+     orchestrator routes fix by comment category:
+       - code quality / conventions -> original dev agent (@api-builder / @frontend)
+       - security finding -> @debugger (security fix) or original dev agent
+       - performance issue -> original dev agent
+       - test gap -> @tester (add tests, not a review-loop iteration)
+       |
+       v
+     fix agent addresses ALL comments -> HANDOFF with list of addressed items
+       |
+       v
+     orchestrator invokes ONLY the agent(s) that requested changes (not both)
+       - @reviewer if they had comments
+       - @security if they had findings
+       - both only if both originally requested changes
+       |
+       v
+     re-review focuses on: previously flagged items + any new code from fix
+       |
+       +-> APPROVE -> EXIT (check if other reviewer still needs to re-review)
+       +-> REQUEST_CHANGES again -> repeat (increment iteration)
+       +-> iteration 3 -> CIRCUIT BREAKER: escalate to user
+```
+
+### Loop State Tracking
+```markdown
+## Loop State
+- review-loop: iteration N/3
+- reviewer-status: APPROVE | REQUEST_CHANGES (N critical, M suggestions)
+- security-status: APPROVE | REQUEST_CHANGES (N findings)
+- open-comments: [count] critical, [count] suggestions
+- addressed-comments: [count] fixed, [count] won't-fix (with justification)
+```
+
+### Partial Re-Review Rule
+- If 8/10 comments addressed and 2 marked "won't fix" with justification:
+  - Reviewer evaluates the justifications
+  - If justifications are valid -> APPROVE with noted exceptions
+  - If justifications are weak -> REQUEST_CHANGES on those 2 only
+
+### Exit Criteria
+- @reviewer: APPROVE (zero critical issues)
+- @security: APPROVE (zero HIGH/CRITICAL findings)
+- Both confirmed in HANDOFF blocks
+
+---
+
+## Loop 3: QA-Bug Loop (Phase 9, max 3 iterations PER BUG)
+
+### Entry Condition
+Phase 8 PR+CI pass -> orchestrator invokes @qa-lead to create test plan, then @tester to execute.
+
+### Flow
+```
+ENTRY: orchestrator invokes @qa-lead (creates QA test plan)
+  |
+  v
+orchestrator invokes @tester (executes test plan scenarios)
+  |
+  v
+@qa-lead reviews results, files bug reports for failures
+  |
+  +-> ZERO BUGS -> EXIT: advance to Phase 10 (QA sign-off)
+  |
+  +-> BUGS FOUND -> orchestrator triages by severity:
+       |
+       v
+     Phase 9a: Fix P0 bugs first (block everything)
+     Phase 9b: Fix P1 bugs (block sign-off)
+     Phase 9c: Fix P2 bugs (QA decides)
+     Phase 9d: Log P3/P4 as known issues (don't block)
+       |
+       v
+     For each bug (priority order):
+       orchestrator invokes @debugger with bug report
+         |
+         v
+       @debugger fixes -> runs targeted test -> HANDOFF
+         |
+         v
+       orchestrator invokes @tester: run regression suite
+       (to catch: fix for BUG-1 broke BUG-2's previous fix)
+         |
+         v
+       orchestrator invokes @qa-lead: re-verify THIS bug
+         |
+         +-> VERIFIED: close bug, move to next
+         +-> REOPENED: back to @debugger (increment per-bug counter)
+         +-> per-bug iteration 3 -> escalate to @team-lead
+```
+
+### Loop State Tracking
+```markdown
+## Loop State
+- qa-bug-loop:
+  - BUG-{id}-1 (P1): iteration N/3 — [OPEN|FIXED|VERIFIED|REOPENED]
+  - BUG-{id}-2 (P3): iteration 0/3 — [OPEN] (known issue, won't block)
+  - BUG-{id}-3 (P0): iteration N/3 — [VERIFIED]
+- total-bugs: N found, M fixed, K verified, J known-issues
+- regression-check-after-each-fix: true
+```
+
+### Per-Bug vs Global Iteration
+- **3 iterations PER BUG** — each bug gets up to 3 fix attempts
+- If a single bug exceeds 3 iterations: escalate THAT bug to @team-lead
+- Other bugs continue being fixed normally
+- **Global circuit breaker**: if total fix attempts across ALL bugs exceeds 15, escalate entire Phase 9
+
+### P2 Bug Handling
+P2 bugs get explicit treatment:
+1. @qa-lead evaluates: is the workaround acceptable for release?
+2. If YES -> mark as known issue with workaround documentation, CONDITIONAL
+3. If NO -> treat as P1 (blocks sign-off, must fix)
+4. Decision logged in task record Decision Log
+
+### Regression Between Bug Fixes
+After EVERY bug fix, @tester runs the full regression suite BEFORE @qa-lead verifies. This catches:
+- Fix for BUG-1 that breaks BUG-2's previous fix
+- Fix that introduces new failures unrelated to the reported bug
+
+### Exit Criteria
+- All P0/P1 bugs: VERIFIED and CLOSED
+- P2 bugs: VERIFIED or CONDITIONAL (with documented workaround)
+- P3/P4 bugs: logged as known issues
+- @qa-lead confirms readiness for sign-off
+
+---
+
+## Loop 4: CI Fix Loop (Phase 8, max 3 iterations)
+
+### Flow
+```
+ENTRY: orchestrator creates PR via gh cli
+  |
+  v
+CI runs (GitHub Actions / GitLab CI / etc.)
+  |
+  +-> ALL CHECKS PASS -> EXIT: advance to Phase 9
+  |
+  +-> CI FAILURE -> orchestrator reads CI logs
+       |
+       v
+     classify failure:
+       - test failure -> @debugger (fix code, NOT test expectations)
+       - lint failure -> original dev agent (fix style)
+       - type error -> original dev agent (fix types)
+       - build failure -> @debugger or @infra (depends on error)
+       - flaky test -> @tester (stabilize test)
+       |
+       v
+     fix agent applies fix -> pushes to PR branch
+       |
+       v
+     CI re-runs (increment iteration)
+       |
+       +-> PASS -> EXIT
+       +-> FAIL -> repeat
+       +-> iteration 3 -> CIRCUIT BREAKER
+```
+
+### Loop State Tracking
+```markdown
+## Loop State
+- ci-fix-loop: iteration N/3
+- last-ci-failure: [check name] — [error summary] at [ISO timestamp]
+- fix-agent: @debugger|@api-builder|@frontend|@infra|@tester
+```
+
+### CI Fix Review Rule
+If @debugger changes code to fix CI:
+- If change is trivial (typo, import, config): push directly, no re-review needed
+- If change is substantive (logic change, new code): flag in HANDOFF, orchestrator decides whether to loop back to Phase 7 for re-review before re-running CI
+
+---
+
+## Loop 5: Sign-off Rejection Loop (Phase 10, max 2 full rejection cycles)
+
+### Flow
+```
+ENTRY: orchestrator invokes sign-off gates sequentially
+  |
+  v
+Gate 1: @qa-lead (QA sign-off)
+  +-> APPROVED or CONDITIONAL -> proceed to Gate 2
+  +-> REJECTED (P0/P1 bugs) -> route back to Phase 5
+  |     (QA approval is INVALIDATED, must re-sign after fix)
+  |
+Gate 2: @product-owner (Business sign-off)
+  +-> APPROVED -> proceed to Gate 3
+  +-> REJECTED:
+  |     wrong requirements -> Phase 4 (revise criteria)
+  |     UI not right -> Phase 5c (frontend fix)
+  |     missing edge case -> Phase 5 (add case)
+  |     defer -> ON_HOLD (exit workflow)
+  |     (QA approval PRESERVED — business issue, not quality)
+  |
+Gate 3: @team-lead (Tech sign-off)
+  +-> APPROVED -> EXIT: advance to Phase 11
+  +-> REJECTED:
+        architecture issue -> Phase 3 (redesign -> full re-flow)
+        performance issue -> Phase 5 (optimize) -> Phase 6
+        needs more tests -> Phase 5d (add tests) -> Phase 6
+        (QA + Business approvals INVALIDATED for architecture rejection)
+        (QA + Business approvals PRESERVED for test/performance rejection)
+```
+
+### Sign-off State Preservation Rules
+| Rejection Source | QA Approval | Business Approval | Reason |
+|-----------------|-------------|-------------------|--------|
+| @qa-lead (bugs) | INVALIDATED | INVALIDATED | Code changed, needs full re-verify |
+| @product-owner (requirements) | PRESERVED | INVALIDATED | Code didn't change quality |
+| @product-owner (UI) | PRESERVED | INVALIDATED | Only frontend changed |
+| @team-lead (architecture) | INVALIDATED | INVALIDATED | Major structural change |
+| @team-lead (performance) | PRESERVED | PRESERVED | Optimization, not logic change |
+| @team-lead (tests) | PRESERVED | PRESERVED | Adding tests, not changing behavior |
+
+### Outer Rejection Circuit Breaker
+**Max 2 full rejection cycles** (Phase 10 -> rework -> return to Phase 10):
+- After 2 full rejection cycles at Phase 10, STOP and escalate to user
+- Options: continue, re-scope task, split into smaller tasks, cancel
+- This prevents infinite ping-pong between phases
+
+### Tracking
+```markdown
+## Loop State
+- signoff-rejection-cycle: N/2
+- qa-signoff: APPROVED|CONDITIONAL|REJECTED|PENDING
+- biz-signoff: APPROVED|REJECTED|PENDING
+- tech-signoff: APPROVED|REJECTED|PENDING
+- last-rejection: [who] — [reason] at [ISO timestamp]
+```
+
+---
+
+## Loop 6: Deploy-Failure Loop (Phase 11, max 2 attempts)
+
+### Flow
+```
+ENTRY: orchestrator invokes @infra for deployment
+  |
+  v
+@infra runs: pre-checks -> merge PR -> deploy -> health check -> smoke test
+  |
+  +-> ALL PASS -> EXIT: advance to Phase 12
+  |
+  +-> FAILURE -> @infra triages:
+       |
+       +-> config/env issue -> @infra fixes config -> retry deploy (no Phase 5)
+       +-> code bug revealed in prod -> @debugger hotfix -> Phase 6->7->8 fast-track
+       +-> infra issue (capacity, networking) -> @infra resolves -> retry deploy
+       +-> unknown -> rollback via /rollback, escalate to user
+       |
+       v
+     retry deploy (increment iteration)
+       +-> PASS -> EXIT
+       +-> FAIL -> iteration 2 -> STOP, rollback, escalate
+```
+
+### Loop State Tracking
+```markdown
+## Loop State
+- deploy-loop: iteration N/2
+- last-deploy-failure: [error type] — [summary] at [ISO timestamp]
+- rollback-executed: true|false
+```
+
+### Deploy Triage (NOT blind Phase 5 re-route)
+Deploy failures are triaged BEFORE routing:
+1. **Config issue**: @infra fixes config, retry deploy directly (no code change)
+2. **Code bug**: follows hotfix fast-track (Phase 5->6->7->8->11)
+3. **Infra issue**: @infra resolves, retry deploy directly
+4. **Unknown**: rollback + escalate to user
+
+---
+
+## Bug Severity Quick Reference
+- **P0**: System down, data loss, security breach — blocks everything, immediate fix
+- **P1**: Core feature broken, no workaround — blocks QA sign-off, must fix
+- **P2**: Feature broken with workaround — QA decides: treat as P1 or CONDITIONAL with documented workaround
+- **P3**: Minor issue, cosmetic — conditional approve
+- **P4**: Enhancement, nice-to-have — approve with known issues list
+
+## Hotfix Fast-Track
+Production P0/P1 -> skip Phase 3+4:
+```
+Phase 1 (type=hotfix) -> Phase 2 (abbreviated impact)
+  -> Phase 5 (@debugger as primary dev, not @api-builder)
+  -> Phase 6 (dev-test: max 3 iterations)
+  -> Phase 7 (review: max 2 iterations)
+  -> Phase 8 (CI: max 2 attempts)
+  -> Phase 9 (verify-only: @qa-lead confirms fix, no full test plan)
+  -> Phase 10 (tech sign-off ONLY, skip QA formal + business)
+  -> Phase 11 (deploy: max 1 attempt, immediate rollback on failure)
+  -> Phase 12 (monitor 15min, not 30)
+```
+
+**Hotfix failure at any phase:** rollback + escalate immediately (no re-routing through earlier phases).
+
+## Spike Flow (Research Only)
+```
+Phase 1 (type=spike, NO branch) -> Phase 2 (@explorer only)
+  -> Phase 3 (@architect + @explorer investigate)
+  -> SKIP Phases 4-12
+  -> Output: Research Report (findings, recommendation, complexity estimate)
+  -> Status: CLOSED
+  -> If "proceed as feature": user runs /workflow new "..."
+```
+No loops, no circuit breakers, no sign-offs.
+
+## Concurrency Rule
+**ONE active workflow at a time.** Before `/workflow new`:
+1. Scan `.claude/tasks/` for active tasks
+2. If found: prompt user to ON_HOLD or cancel the active task
+3. NEVER run parallel workflows (context/file conflicts)
+
+## ON_HOLD Management
+- Enter: product-owner defers, or user explicitly pauses
+- State preserved: current phase + all loop counters
+- Resume: `/workflow resume TASK-id` -> re-enter at saved phase
+- 7+ days: session-start hook warns user
+- 30+ days: session-start hook suggests cancel
+- NO auto-cancel (user must decide)
+
+## CANCELLED Cleanup
+When `/workflow cancel TASK-id`:
+1. Status -> CANCELLED
+2. Close open PR (`gh pr close`)
+3. Delete local feature branch
+4. Clean up worktrees if any
+5. Task record preserved for history
+
+## Circuit Breaker Summary
+| Loop | Normal Max | Hotfix Max | Scope | Escalation |
+|------|-----------|------------|-------|------------|
+| Dev-Test (P6) | 5 | 3 | Global | User options |
+| Review (P7) | 3 | 2 | Global | User options |
+| CI Fix (P8) | 3 | 2 | Global | User options |
+| QA Bug (P9) | 3/bug, 15 total | 2/bug, 6 total | Per-bug | @team-lead per bug |
+| Sign-off (P10) | 2 cycles | 1 cycle | Global | User options |
+| Deploy (P11) | 2 | 1 | Global | Rollback + escalate |
+
+## Loop Counter Reset Rules
+| Event | Which Counters Reset |
+|-------|---------------------|
+| Phase 10 rejects -> Phase 5 | dev-test, review, ci-fix reset to 0 |
+| Phase 10 rejects -> Phase 4 or 3 | ALL loop counters reset to 0 |
+| Deploy fails -> Phase 5 | dev-test, review, ci-fix reset to 0 |
+| Normal phase advance | Counters preserved for reporting |
+| Agent timeout in loop | Counts as +1 iteration (no reset) |
+| ON_HOLD -> resume | ALL counters preserved (no reset) |
+| CANCELLED | All counters frozen (historical) |
+
+## Task State Machine
+```
+BACKLOG -> INTAKE -> ANALYZING -> DESIGNING -> APPROVED -> DEVELOPING
+  -> DEV_TESTING -> REVIEWING -> CI_PENDING -> QA_TESTING
+  -> QA_SIGNOFF -> BIZ_SIGNOFF -> TECH_SIGNOFF
+  -> DEPLOYING -> MONITORING -> CLOSED
+
+Special: BLOCKED, ON_HOLD, CANCELLED (from any active state)
+
+Reverse: QA_SIGNOFF->DEVELOPING, BIZ_SIGNOFF->APPROVED|DEVELOPING,
+         TECH_SIGNOFF->DESIGNING|DEVELOPING, DEPLOYING->DEVELOPING
+```

package/template/.claude/docs/smithery-setup.md

@@ -0,0 +1,51 @@
+# Smithery Ecosystem Setup Reference
+
+## Conditional Skill Installation
+
+### Frontend
+- React/Vue/Angular/Svelte → `smithery skill add anthropics/frontend-design`
+- shadcn/ui → shadcn skill
+- Expo/React Native → Expo skills
+
+### Testing
+- Playwright → `smithery skill add anthropics/webapp-testing`
+- Cypress → `smithery skill search "cypress testing"`
+
+### Security
+- Auth/security code → Trail of Bits security skills
+
+### DevOps
+- Docker → `smithery skill search "docker devops"`
+- Kubernetes → `smithery skill search "kubernetes yaml helm"`
+- GitHub Actions → `smithery skill search "github actions"`
+
+### Documents (always)
+- anthropics/pdf, anthropics/docx, anthropics/pptx, anthropics/xlsx
+
+### Meta
+- anthropics/skill-creator, anthropics/mcp-builder
+
+## MCP Server Connections (scope to agents, max 5)
+| Service | Server | Scope To |
+|---------|--------|----------|
+| GitHub | github | @api-builder, @infra |
+| PostgreSQL | postgres | @api-builder |
+| MongoDB | mongodb | @api-builder |
+| Redis | redis | @api-builder |
+| Playwright | playwright | @frontend |
+| AWS | aws | @infra |
+| GCP | gcp | @infra |
+| Slack | slack | global |
+| Sentry | sentry | global |
+
+## Context Budget After Smithery
+Each skill: ~100 tokens metadata (startup) + ~5k active
+Each MCP: ~200-2k tokens ALWAYS loaded
+
+Run `/context-check` after setup. If startup > 20%, remove lowest-priority items.
+Prefer skills over MCP when both can solve the problem.
+
+## Community Libraries
+- obra/superpowers — 20+ battle-tested skills (TDD, debugging, collaboration)
+- Trail of Bits — Security skills (CodeQL, Semgrep)
+- Expo — Mobile development skills