code-ai-installer 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (212) hide show
  1. package/.agents/skills/dependency-supply-chain-review/SKILL.md +181 -4
  2. package/.agents/skills/dependency-supply-chain-review/agents/claude.json +2 -2
  3. package/.agents/skills/dependency-supply-chain-review/agents/copilot.json +2 -2
  4. package/.agents/skills/dependency-supply-chain-review/agents/gemini.json +2 -2
  5. package/.agents/skills/dependency-supply-chain-review/agents/openai.yaml +1 -1
  6. package/.agents/skills/dependency-supply-chain-review/agents/qwen.json +2 -2
  7. package/.agents/skills/dependency-supply-chain-review/agents/skill.yaml +2 -2
  8. package/CONTEXT.md +4 -2
  9. package/agents/reviewer.md +4 -1
  10. package/agents/senior_full_stack.md +10 -1
  11. package/domains/content/.agents/skills/audience-analysis/agents/claude.json +2 -2
  12. package/domains/content/.agents/skills/audience-analysis/agents/copilot.json +2 -2
  13. package/domains/content/.agents/skills/audience-analysis/agents/gemini.json +2 -2
  14. package/domains/content/.agents/skills/audience-analysis/agents/qwen.json +2 -2
  15. package/domains/content/.agents/skills/audience-analysis/agents/skill.yaml +2 -2
  16. package/domains/content/.agents/skills/board/agents/claude.json +2 -2
  17. package/domains/content/.agents/skills/board/agents/copilot.json +2 -2
  18. package/domains/content/.agents/skills/board/agents/gemini.json +2 -2
  19. package/domains/content/.agents/skills/board/agents/qwen.json +2 -2
  20. package/domains/content/.agents/skills/board/agents/skill.yaml +2 -2
  21. package/domains/content/.agents/skills/brand-compliance/agents/claude.json +2 -2
  22. package/domains/content/.agents/skills/brand-compliance/agents/copilot.json +2 -2
  23. package/domains/content/.agents/skills/brand-compliance/agents/gemini.json +2 -2
  24. package/domains/content/.agents/skills/brand-compliance/agents/qwen.json +2 -2
  25. package/domains/content/.agents/skills/brand-compliance/agents/skill.yaml +2 -2
  26. package/domains/content/.agents/skills/brand-guidelines/agents/claude.json +2 -2
  27. package/domains/content/.agents/skills/brand-guidelines/agents/copilot.json +2 -2
  28. package/domains/content/.agents/skills/brand-guidelines/agents/gemini.json +2 -2
  29. package/domains/content/.agents/skills/brand-guidelines/agents/qwen.json +2 -2
  30. package/domains/content/.agents/skills/brand-guidelines/agents/skill.yaml +2 -2
  31. package/domains/content/.agents/skills/competitor-content-analysis/agents/claude.json +2 -2
  32. package/domains/content/.agents/skills/competitor-content-analysis/agents/copilot.json +2 -2
  33. package/domains/content/.agents/skills/competitor-content-analysis/agents/gemini.json +2 -2
  34. package/domains/content/.agents/skills/competitor-content-analysis/agents/qwen.json +2 -2
  35. package/domains/content/.agents/skills/competitor-content-analysis/agents/skill.yaml +2 -2
  36. package/domains/content/.agents/skills/content-brief/agents/claude.json +2 -2
  37. package/domains/content/.agents/skills/content-brief/agents/copilot.json +2 -2
  38. package/domains/content/.agents/skills/content-brief/agents/gemini.json +2 -2
  39. package/domains/content/.agents/skills/content-brief/agents/qwen.json +2 -2
  40. package/domains/content/.agents/skills/content-brief/agents/skill.yaml +2 -2
  41. package/domains/content/.agents/skills/content-calendar/agents/claude.json +2 -2
  42. package/domains/content/.agents/skills/content-calendar/agents/copilot.json +2 -2
  43. package/domains/content/.agents/skills/content-calendar/agents/gemini.json +2 -2
  44. package/domains/content/.agents/skills/content-calendar/agents/qwen.json +2 -2
  45. package/domains/content/.agents/skills/content-calendar/agents/skill.yaml +2 -2
  46. package/domains/content/.agents/skills/content-release-gate/agents/claude.json +2 -2
  47. package/domains/content/.agents/skills/content-release-gate/agents/copilot.json +2 -2
  48. package/domains/content/.agents/skills/content-release-gate/agents/gemini.json +2 -2
  49. package/domains/content/.agents/skills/content-release-gate/agents/qwen.json +2 -2
  50. package/domains/content/.agents/skills/content-release-gate/agents/skill.yaml +2 -2
  51. package/domains/content/.agents/skills/content-review-checklist/agents/claude.json +2 -2
  52. package/domains/content/.agents/skills/content-review-checklist/agents/copilot.json +2 -2
  53. package/domains/content/.agents/skills/content-review-checklist/agents/gemini.json +2 -2
  54. package/domains/content/.agents/skills/content-review-checklist/agents/qwen.json +2 -2
  55. package/domains/content/.agents/skills/content-review-checklist/agents/skill.yaml +2 -2
  56. package/domains/content/.agents/skills/cta-optimization/agents/claude.json +2 -2
  57. package/domains/content/.agents/skills/cta-optimization/agents/copilot.json +2 -2
  58. package/domains/content/.agents/skills/cta-optimization/agents/gemini.json +2 -2
  59. package/domains/content/.agents/skills/cta-optimization/agents/qwen.json +2 -2
  60. package/domains/content/.agents/skills/cta-optimization/agents/skill.yaml +2 -2
  61. package/domains/content/.agents/skills/data-storytelling/agents/claude.json +2 -2
  62. package/domains/content/.agents/skills/data-storytelling/agents/copilot.json +2 -2
  63. package/domains/content/.agents/skills/data-storytelling/agents/gemini.json +2 -2
  64. package/domains/content/.agents/skills/data-storytelling/agents/qwen.json +2 -2
  65. package/domains/content/.agents/skills/data-storytelling/agents/skill.yaml +2 -2
  66. package/domains/content/.agents/skills/email-copywriting/agents/claude.json +2 -2
  67. package/domains/content/.agents/skills/email-copywriting/agents/copilot.json +2 -2
  68. package/domains/content/.agents/skills/email-copywriting/agents/gemini.json +2 -2
  69. package/domains/content/.agents/skills/email-copywriting/agents/qwen.json +2 -2
  70. package/domains/content/.agents/skills/email-copywriting/agents/skill.yaml +2 -2
  71. package/domains/content/.agents/skills/email-engagement-tiers/agents/claude.json +16 -0
  72. package/domains/content/.agents/skills/email-engagement-tiers/agents/copilot.json +16 -0
  73. package/domains/content/.agents/skills/email-engagement-tiers/agents/gemini.json +16 -0
  74. package/domains/content/.agents/skills/email-engagement-tiers/agents/openai.yaml +8 -0
  75. package/domains/content/.agents/skills/email-engagement-tiers/agents/qwen.json +16 -0
  76. package/domains/content/.agents/skills/email-engagement-tiers/agents/skill.yaml +20 -0
  77. package/domains/content/.agents/skills/fact-checking/agents/claude.json +2 -2
  78. package/domains/content/.agents/skills/fact-checking/agents/copilot.json +2 -2
  79. package/domains/content/.agents/skills/fact-checking/agents/gemini.json +2 -2
  80. package/domains/content/.agents/skills/fact-checking/agents/qwen.json +2 -2
  81. package/domains/content/.agents/skills/fact-checking/agents/skill.yaml +2 -2
  82. package/domains/content/.agents/skills/gates/agents/claude.json +2 -2
  83. package/domains/content/.agents/skills/gates/agents/copilot.json +2 -2
  84. package/domains/content/.agents/skills/gates/agents/gemini.json +2 -2
  85. package/domains/content/.agents/skills/gates/agents/qwen.json +2 -2
  86. package/domains/content/.agents/skills/gates/agents/skill.yaml +2 -2
  87. package/domains/content/.agents/skills/google-stitch-content/agents/claude.json +16 -0
  88. package/domains/content/.agents/skills/google-stitch-content/agents/copilot.json +16 -0
  89. package/domains/content/.agents/skills/google-stitch-content/agents/gemini.json +16 -0
  90. package/domains/content/.agents/skills/google-stitch-content/agents/openai.yaml +8 -0
  91. package/domains/content/.agents/skills/google-stitch-content/agents/qwen.json +16 -0
  92. package/domains/content/.agents/skills/google-stitch-content/agents/skill.yaml +20 -0
  93. package/domains/content/.agents/skills/handoff/agents/claude.json +2 -2
  94. package/domains/content/.agents/skills/handoff/agents/copilot.json +2 -2
  95. package/domains/content/.agents/skills/handoff/agents/gemini.json +2 -2
  96. package/domains/content/.agents/skills/handoff/agents/qwen.json +2 -2
  97. package/domains/content/.agents/skills/handoff/agents/skill.yaml +2 -2
  98. package/domains/content/.agents/skills/headline-formulas/agents/claude.json +2 -2
  99. package/domains/content/.agents/skills/headline-formulas/agents/copilot.json +2 -2
  100. package/domains/content/.agents/skills/headline-formulas/agents/gemini.json +2 -2
  101. package/domains/content/.agents/skills/headline-formulas/agents/qwen.json +2 -2
  102. package/domains/content/.agents/skills/headline-formulas/agents/skill.yaml +2 -2
  103. package/domains/content/.agents/skills/image-prompt-engineering/agents/claude.json +2 -2
  104. package/domains/content/.agents/skills/image-prompt-engineering/agents/copilot.json +2 -2
  105. package/domains/content/.agents/skills/image-prompt-engineering/agents/gemini.json +2 -2
  106. package/domains/content/.agents/skills/image-prompt-engineering/agents/qwen.json +2 -2
  107. package/domains/content/.agents/skills/image-prompt-engineering/agents/skill.yaml +2 -2
  108. package/domains/content/.agents/skills/mailerlite-email-ops/agents/claude.json +16 -0
  109. package/domains/content/.agents/skills/mailerlite-email-ops/agents/copilot.json +16 -0
  110. package/domains/content/.agents/skills/mailerlite-email-ops/agents/gemini.json +16 -0
  111. package/domains/content/.agents/skills/mailerlite-email-ops/agents/openai.yaml +8 -0
  112. package/domains/content/.agents/skills/mailerlite-email-ops/agents/qwen.json +16 -0
  113. package/domains/content/.agents/skills/mailerlite-email-ops/agents/skill.yaml +20 -0
  114. package/domains/content/.agents/skills/marketing-psychology/agents/claude.json +16 -0
  115. package/domains/content/.agents/skills/marketing-psychology/agents/copilot.json +16 -0
  116. package/domains/content/.agents/skills/marketing-psychology/agents/gemini.json +16 -0
  117. package/domains/content/.agents/skills/marketing-psychology/agents/openai.yaml +8 -0
  118. package/domains/content/.agents/skills/marketing-psychology/agents/qwen.json +16 -0
  119. package/domains/content/.agents/skills/marketing-psychology/agents/skill.yaml +20 -0
  120. package/domains/content/.agents/skills/moodboard/agents/claude.json +2 -2
  121. package/domains/content/.agents/skills/moodboard/agents/copilot.json +2 -2
  122. package/domains/content/.agents/skills/moodboard/agents/gemini.json +2 -2
  123. package/domains/content/.agents/skills/moodboard/agents/qwen.json +2 -2
  124. package/domains/content/.agents/skills/moodboard/agents/skill.yaml +2 -2
  125. package/domains/content/.agents/skills/platform-compliance/agents/claude.json +2 -2
  126. package/domains/content/.agents/skills/platform-compliance/agents/copilot.json +2 -2
  127. package/domains/content/.agents/skills/platform-compliance/agents/gemini.json +2 -2
  128. package/domains/content/.agents/skills/platform-compliance/agents/qwen.json +2 -2
  129. package/domains/content/.agents/skills/platform-compliance/agents/skill.yaml +2 -2
  130. package/domains/content/.agents/skills/platform-strategy/agents/claude.json +2 -2
  131. package/domains/content/.agents/skills/platform-strategy/agents/copilot.json +2 -2
  132. package/domains/content/.agents/skills/platform-strategy/agents/gemini.json +2 -2
  133. package/domains/content/.agents/skills/platform-strategy/agents/qwen.json +2 -2
  134. package/domains/content/.agents/skills/platform-strategy/agents/skill.yaml +2 -2
  135. package/domains/content/.agents/skills/platform-visual-specs/agents/claude.json +2 -2
  136. package/domains/content/.agents/skills/platform-visual-specs/agents/copilot.json +2 -2
  137. package/domains/content/.agents/skills/platform-visual-specs/agents/gemini.json +2 -2
  138. package/domains/content/.agents/skills/platform-visual-specs/agents/qwen.json +2 -2
  139. package/domains/content/.agents/skills/platform-visual-specs/agents/skill.yaml +2 -2
  140. package/domains/content/.agents/skills/readability-scoring/agents/claude.json +2 -2
  141. package/domains/content/.agents/skills/readability-scoring/agents/copilot.json +2 -2
  142. package/domains/content/.agents/skills/readability-scoring/agents/gemini.json +2 -2
  143. package/domains/content/.agents/skills/readability-scoring/agents/qwen.json +2 -2
  144. package/domains/content/.agents/skills/readability-scoring/agents/skill.yaml +2 -2
  145. package/domains/content/.agents/skills/seo-copywriting/agents/claude.json +2 -2
  146. package/domains/content/.agents/skills/seo-copywriting/agents/copilot.json +2 -2
  147. package/domains/content/.agents/skills/seo-copywriting/agents/gemini.json +2 -2
  148. package/domains/content/.agents/skills/seo-copywriting/agents/qwen.json +2 -2
  149. package/domains/content/.agents/skills/seo-copywriting/agents/skill.yaml +2 -2
  150. package/domains/content/.agents/skills/social-media-formats/agents/claude.json +2 -2
  151. package/domains/content/.agents/skills/social-media-formats/agents/copilot.json +2 -2
  152. package/domains/content/.agents/skills/social-media-formats/agents/gemini.json +2 -2
  153. package/domains/content/.agents/skills/social-media-formats/agents/qwen.json +2 -2
  154. package/domains/content/.agents/skills/social-media-formats/agents/skill.yaml +2 -2
  155. package/domains/content/.agents/skills/source-verification/agents/claude.json +2 -2
  156. package/domains/content/.agents/skills/source-verification/agents/copilot.json +2 -2
  157. package/domains/content/.agents/skills/source-verification/agents/gemini.json +2 -2
  158. package/domains/content/.agents/skills/source-verification/agents/qwen.json +2 -2
  159. package/domains/content/.agents/skills/source-verification/agents/skill.yaml +2 -2
  160. package/domains/content/.agents/skills/storytelling-framework/agents/claude.json +2 -2
  161. package/domains/content/.agents/skills/storytelling-framework/agents/copilot.json +2 -2
  162. package/domains/content/.agents/skills/storytelling-framework/agents/gemini.json +2 -2
  163. package/domains/content/.agents/skills/storytelling-framework/agents/qwen.json +2 -2
  164. package/domains/content/.agents/skills/storytelling-framework/agents/skill.yaml +2 -2
  165. package/domains/content/.agents/skills/tone-of-voice/agents/claude.json +2 -2
  166. package/domains/content/.agents/skills/tone-of-voice/agents/copilot.json +2 -2
  167. package/domains/content/.agents/skills/tone-of-voice/agents/gemini.json +2 -2
  168. package/domains/content/.agents/skills/tone-of-voice/agents/qwen.json +2 -2
  169. package/domains/content/.agents/skills/tone-of-voice/agents/skill.yaml +2 -2
  170. package/domains/content/.agents/skills/topic-research/agents/claude.json +2 -2
  171. package/domains/content/.agents/skills/topic-research/agents/copilot.json +2 -2
  172. package/domains/content/.agents/skills/topic-research/agents/gemini.json +2 -2
  173. package/domains/content/.agents/skills/topic-research/agents/qwen.json +2 -2
  174. package/domains/content/.agents/skills/topic-research/agents/skill.yaml +2 -2
  175. package/domains/content/.agents/skills/trend-research/agents/claude.json +2 -2
  176. package/domains/content/.agents/skills/trend-research/agents/copilot.json +2 -2
  177. package/domains/content/.agents/skills/trend-research/agents/gemini.json +2 -2
  178. package/domains/content/.agents/skills/trend-research/agents/qwen.json +2 -2
  179. package/domains/content/.agents/skills/trend-research/agents/skill.yaml +2 -2
  180. package/domains/content/.agents/skills/visual-brief/agents/claude.json +2 -2
  181. package/domains/content/.agents/skills/visual-brief/agents/copilot.json +2 -2
  182. package/domains/content/.agents/skills/visual-brief/agents/gemini.json +2 -2
  183. package/domains/content/.agents/skills/visual-brief/agents/qwen.json +2 -2
  184. package/domains/content/.agents/skills/visual-brief/agents/skill.yaml +2 -2
  185. package/domains/development/.agents/skills/dependency-supply-chain-review/SKILL.md +181 -4
  186. package/domains/development/.agents/skills/dependency-supply-chain-review/agents/claude.json +2 -2
  187. package/domains/development/.agents/skills/dependency-supply-chain-review/agents/copilot.json +2 -2
  188. package/domains/development/.agents/skills/dependency-supply-chain-review/agents/gemini.json +2 -2
  189. package/domains/development/.agents/skills/dependency-supply-chain-review/agents/openai.yaml +1 -1
  190. package/domains/development/.agents/skills/dependency-supply-chain-review/agents/qwen.json +2 -2
  191. package/domains/development/.agents/skills/dependency-supply-chain-review/agents/skill.yaml +2 -2
  192. package/domains/development/agents/reviewer.md +4 -1
  193. package/domains/development/agents/senior_full_stack.md +10 -1
  194. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/SKILL.md +181 -4
  195. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/agents/claude.json +2 -2
  196. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/agents/copilot.json +2 -2
  197. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/agents/gemini.json +2 -2
  198. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/agents/openai.yaml +1 -1
  199. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/agents/qwen.json +2 -2
  200. package/domains/development/locales/en/.agents/skills/dependency-supply-chain-review/agents/skill.yaml +2 -2
  201. package/domains/development/locales/en/agents/reviewer.md +4 -1
  202. package/domains/development/locales/en/agents/senior_full_stack.md +10 -1
  203. package/locales/en/.agents/skills/dependency-supply-chain-review/SKILL.md +181 -4
  204. package/locales/en/.agents/skills/dependency-supply-chain-review/agents/claude.json +2 -2
  205. package/locales/en/.agents/skills/dependency-supply-chain-review/agents/copilot.json +2 -2
  206. package/locales/en/.agents/skills/dependency-supply-chain-review/agents/gemini.json +2 -2
  207. package/locales/en/.agents/skills/dependency-supply-chain-review/agents/openai.yaml +1 -1
  208. package/locales/en/.agents/skills/dependency-supply-chain-review/agents/qwen.json +2 -2
  209. package/locales/en/.agents/skills/dependency-supply-chain-review/agents/skill.yaml +2 -2
  210. package/locales/en/agents/reviewer.md +4 -1
  211. package/locales/en/agents/senior_full_stack.md +10 -1
  212. package/package.json +3 -2
package/locales/en/.agents/skills/dependency-supply-chain-review/agents/copilot.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "dependency-supply-chain-review",
3
3
  "display_name": "Dependency & Supply Chain Review",
4
- "description": "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages.",
4
+ "description": "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation.",
5
5
  "default_prompt": "Use $dependency-supply-chain-review when the task matches the \"Dependency & Supply Chain Review\" skill.",
6
6
  "triggers": [
7
7
  "dependency-supply-chain-review",
8
8
  "dependency supply chain review",
9
9
  "Dependency & Supply Chain Review",
10
- "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages"
10
+ "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation"
11
11
  ],
12
12
  "capabilities": [
13
13
  "dependency",
package/locales/en/.agents/skills/dependency-supply-chain-review/agents/gemini.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "dependency-supply-chain-review",
3
3
  "display_name": "Dependency & Supply Chain Review",
4
- "description": "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages.",
4
+ "description": "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation.",
5
5
  "default_prompt": "Use $dependency-supply-chain-review when the task matches the \"Dependency & Supply Chain Review\" skill.",
6
6
  "triggers": [
7
7
  "dependency-supply-chain-review",
8
8
  "dependency supply chain review",
9
9
  "Dependency & Supply Chain Review",
10
- "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages"
10
+ "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation"
11
11
  ],
12
12
  "capabilities": [
13
13
  "dependency",
package/locales/en/.agents/skills/dependency-supply-chain-review/agents/openai.yaml CHANGED
@@ -1,6 +1,6 @@
1
1
  interface:
2
2
  display_name: "Dependency & Supply Chain Review"
3
- short_description: "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe…"
3
+ short_description: "Dependency review with socket.dev MCP (depscore) supply chain, vuln, licenses. P0 blocks."
4
4
  default_prompt: "Use $dependency-supply-chain-review when the task matches the \"Dependency & Supply Chain Review\" skill."
5
5
  dependencies:
6
6
  tools: []
package/locales/en/.agents/skills/dependency-supply-chain-review/agents/qwen.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "dependency-supply-chain-review",
3
3
  "display_name": "Dependency & Supply Chain Review",
4
- "description": "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages.",
4
+ "description": "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation.",
5
5
  "default_prompt": "Use $dependency-supply-chain-review when the task matches the \"Dependency & Supply Chain Review\" skill.",
6
6
  "triggers": [
7
7
  "dependency-supply-chain-review",
8
8
  "dependency supply chain review",
9
9
  "Dependency & Supply Chain Review",
10
- "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages"
10
+ "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation"
11
11
  ],
12
12
  "capabilities": [
13
13
  "dependency",
package/locales/en/.agents/skills/dependency-supply-chain-review/agents/skill.yaml CHANGED
@@ -1,13 +1,13 @@
1
1
  version: 1
2
2
  name: "dependency-supply-chain-review"
3
3
  display_name: "Dependency & Supply Chain Review"
4
- description: "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages."
4
+ description: "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation."
5
5
  default_prompt: "Use $dependency-supply-chain-review when the task matches the \"Dependency & Supply Chain Review\" skill."
6
6
  triggers:
7
7
  - "dependency-supply-chain-review"
8
8
  - "dependency supply chain review"
9
9
  - "Dependency & Supply Chain Review"
10
- - "Dependency review — minimization, updates, vulnerability audit, licenses, prohibition of unsafe packages"
10
+ - "Dependency review with mandatory socket.dev MCP check (depscore) supply chain, vulnerability, licenses. P0 alerts block installation"
11
11
  capabilities:
12
12
  - "dependency"
13
13
  - "supply"
package/locales/en/agents/reviewer.md CHANGED
@@ -21,6 +21,7 @@ Reviewer is the “quality gate” before Tester and Release Gate.
21
21
  - API Contracts + Data Model + Threat Model baseline (if available)
22
22
  - Deployment/CI Plan + Observability Plan (if relevant)
23
23
  - PR diff / file list / branch link / CI results
24
+ - **socket-mcp tool availability** — mandatory check before reviewing `package.json` / `package-lock.json` changes. If unavailable → degraded mode (see [`$dependency-supply-chain-review`](.agents/skills/dependency-supply-chain-review/) → section 0 Prerequisites).
24
25
 
25
26
  ---
26
27
 
@@ -30,6 +31,7 @@ Reviewer is the “quality gate” before Tester and Release Gate.
30
31
  - Before starting a review, it is **required** to read the “Important vs Not Important” section of the Architecture Doc - do not block what the architect deliberately put out of scope.
31
32
  - Git hygiene checks (commit structure, branch/commit naming, diff cosmetics) are classified as 🟡 P2 if there is no direct impact on security/data/architecture.
32
33
  - Classify git hygiene checks (commit structure, branch/commit naming, cosmetic diff issues) as ?? P2 if they do not directly affect security, data, or architecture.
34
+ - **Supply chain via socket.dev is mandatory** for any change to `package.json` / `package-lock.json`. Run `$dependency-supply-chain-review` → `depscore` for all new/updated packages. P0 alerts (`supply_chain<0.5` / `vulnerability<0.5` / `license<0.5`) = 🔴 NO-GO until explicit user confirmation or package removal. In **degraded mode** (socket-mcp unavailable) — review is allowed, but the `Degraded` status must be recorded in the Handoff Envelope.
33
35
 
34
36
  ---
35
37
 
@@ -244,10 +246,11 @@ OPEN ITEMS: [list P1/P2 for tracking]
244
246
  ## HANDOFF (Mandatory)
245
247
  MERGE STATUS: GO ✅ / NO-GO ❌
246
248
  CONTAINER RELOAD VERIFIED: ✅ / ❌
249
+ SOCKET.DEV MODE: Active ✅ / Degraded ⚠️ / N/A (no package.json changes)
247
250
  ```
248
251
 
249
252
  ## HANDOFF (Mandatory)
250
253
  - Every REV output must end with a completed `Handoff Envelope`.
251
- - Required fields: `HANDOFF TO`, `ARTIFACTS PRODUCED`, `REQUIRED INPUTS FULFILLED`, `OPEN ITEMS`, `BLOCKERS FOR NEXT PHASE`, `MERGE STATUS`, `CONTAINER RELOAD VERIFIED`.
254
+ - Required fields: `HANDOFF TO`, `ARTIFACTS PRODUCED`, `REQUIRED INPUTS FULFILLED`, `OPEN ITEMS`, `BLOCKERS FOR NEXT PHASE`, `MERGE STATUS`, `CONTAINER RELOAD VERIFIED`, `SOCKET.DEV MODE`.
252
255
  - If `OPEN ITEMS` is not empty, include owner and due date per item.
253
256
  - Missing HANDOFF block means REV phase is `BLOCKED` and cannot move to QA/RG.
package/locales/en/agents/senior_full_stack.md CHANGED
@@ -49,6 +49,7 @@ If it is explicitly stated that the project is a Wix iFrame app:
49
49
  7. **JSDoc is required** on all public functions/methods
50
50
  8. **Feedback loop** - after each slice a DEMO instruction is required
51
51
  9. **Batch tasks** - tasks are performed in batches (10–15), forming a tested vertical slice
52
+ 10. **Socket.dev pre-install gate** — before every `npm install <pkg>` / `npm update` / major version bump, mandatory call to `depscore` via socket-mcp. P0 alerts (`supply_chain<0.5` / `vulnerability<0.5` / `license<0.5`) → **hard block**: stop, escalate to user, wait for explicit confirmation. In **degraded mode** (socket-mcp unavailable) — follow the degraded protocol from [`$dependency-supply-chain-review`](.agents/skills/dependency-supply-chain-review/) → section 0.
52
53
 
53
54
  ---
54
55
 
@@ -129,6 +130,12 @@ According to Threat Model from the architect:
129
130
  - Uniform safe error format (no stack trace)
130
131
  - No secrets/PII in code and logs
131
132
  - Dependency hygiene
133
+ - **Socket.dev pre-install check** — before every `npm install <pkg>`:
134
+ 1. Call `depscore({ packages: [{ ecosystem: "npm", depname, version }] })` via socket-mcp
135
+ 2. If `supply_chain < 0.5` OR `vulnerability < 0.5` OR `license < 0.5` → **STOP**, escalate to user with metrics, wait for explicit confirmation
136
+ 3. If all metrics are OK → proceed with installation
137
+ 4. If socket-mcp is unavailable → degraded protocol (see `$dependency-supply-chain-review` section 0)
138
+ 5. Record metrics in DEV report for the next gate
132
139
 
133
140
  ### 6) Demo Gate
134
141
  After each `DEV-xx` provide `DEMO-xx`:
@@ -154,6 +161,7 @@ The report for the conductor contains:
154
161
  - Secrets are not in the code/logs
155
162
  - There is a DEMO instruction
156
163
  - Basic security: login validation, authorization, dependency hygiene
164
+ - **Socket.dev depscore performed for all new/updated deps; no P0 alerts (or explicit user confirmation recorded)**
157
165
  - Production-ready: no mock functions in production scripts
158
166
  - Anti-pattern self-check: PASS
159
167
 
@@ -275,6 +283,7 @@ BLOCKERS FOR REVIEW: no / [list if available]
275
283
  ANTI-PATTERN CHECK: PASS ✅ / FAIL ❌
276
284
  JSDOC COVERAGE: X/Y
277
285
  CI STATUS: GREEN ✅ / RED ❌
286
+ SOCKET.DEV PRE-INSTALL: Active ✅ (N packages scanned, 0 P0) / Degraded ⚠️ / N/A (no new deps)
278
287
  ```
279
288
 
280
289
 
@@ -284,5 +293,5 @@ CI STATUS: GREEN ✅ / RED ❌
284
293
 
285
294
  ## HANDOFF (Mandatory)
286
295
  - Every DEV output must end with a completed `Handoff Envelope`.
287
- - Required fields: `HANDOFF TO`, `ARTIFACTS PRODUCED`, `REQUIRED INPUTS FULFILLED`, `OPEN ITEMS`, `BLOCKERS FOR REVIEW`, `ANTI-PATTERN CHECK`, `JSDOC COVERAGE`, `CI STATUS`.
296
+ - Required fields: `HANDOFF TO`, `ARTIFACTS PRODUCED`, `REQUIRED INPUTS FULFILLED`, `OPEN ITEMS`, `BLOCKERS FOR REVIEW`, `ANTI-PATTERN CHECK`, `JSDOC COVERAGE`, `CI STATUS`, `SOCKET.DEV PRE-INSTALL`.
288
297
  - If `OPEN ITEMS` is not empty, include owner and due date per item.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "code-ai-installer",
3
- "version": "2.0.1",
3
+ "version": "2.1.0",
4
4
  "description": "Production-ready CLI to install code-ai agents and skills for multiple AI coding assistants.",
5
5
  "license": "MIT",
6
6
  "author": "Denis Harchenko",
@@ -35,7 +35,8 @@
35
35
  "dev": "tsx src/index.ts",
36
36
  "lint": "tsc --noEmit -p tsconfig.json",
37
37
  "test": "vitest run",
38
- "prepack": "npm run clean && npm run build"
38
+ "doctor:all": "node dist/index.js doctor --target claude --domain development && node dist/index.js doctor --target claude --domain content",
39
+ "prepack": "npm run clean && npm run build && npm run doctor:all"
39
40
  },
40
41
  "engines": {
41
42
  "node": ">=20"