cortexhawk 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (136) hide show
  1. package/.cortexhawk-team.yml +65 -0
  2. package/CHANGELOG.md +268 -0
  3. package/CLAUDE.md +96 -0
  4. package/LICENSE +21 -0
  5. package/PACKS.md +14 -0
  6. package/README.md +418 -0
  7. package/REGISTRY.md +23 -0
  8. package/agents/architect.md +46 -0
  9. package/agents/brainstormer.md +57 -0
  10. package/agents/code-simplifier.md +56 -0
  11. package/agents/codebase-mapper.md +63 -0
  12. package/agents/copywriter.md +48 -0
  13. package/agents/debugger.md +44 -0
  14. package/agents/designer.md +53 -0
  15. package/agents/devops.md +49 -0
  16. package/agents/docs-manager.md +50 -0
  17. package/agents/fullstack-developer.md +55 -0
  18. package/agents/git-manager.md +63 -0
  19. package/agents/implementer.md +30 -0
  20. package/agents/journal-writer.md +53 -0
  21. package/agents/planner.md +52 -0
  22. package/agents/project-manager.md +50 -0
  23. package/agents/researcher.md +46 -0
  24. package/agents/reviewer.md +63 -0
  25. package/agents/security-auditor.md +92 -0
  26. package/agents/teacher.md +71 -0
  27. package/agents/tester.md +41 -0
  28. package/commands/api-gen.md +17 -0
  29. package/commands/backlog.md +26 -0
  30. package/commands/bootstrap.md +32 -0
  31. package/commands/brainstorm.md +18 -0
  32. package/commands/build.md +16 -0
  33. package/commands/chain.md +46 -0
  34. package/commands/changelog.md +16 -0
  35. package/commands/check.md +40 -0
  36. package/commands/ci.md +32 -0
  37. package/commands/context.md +35 -0
  38. package/commands/debug.md +16 -0
  39. package/commands/deploy.md +16 -0
  40. package/commands/doc.md +15 -0
  41. package/commands/export.md +17 -0
  42. package/commands/journal.md +18 -0
  43. package/commands/learn.md +16 -0
  44. package/commands/map.md +16 -0
  45. package/commands/migrate.md +17 -0
  46. package/commands/monitor.md +16 -0
  47. package/commands/optimize.md +17 -0
  48. package/commands/plan.md +17 -0
  49. package/commands/pulse.md +46 -0
  50. package/commands/refactor.md +16 -0
  51. package/commands/research.md +18 -0
  52. package/commands/review.md +16 -0
  53. package/commands/scan.md +19 -0
  54. package/commands/ship.md +17 -0
  55. package/commands/simplify.md +16 -0
  56. package/commands/task.md +32 -0
  57. package/commands/tdd.md +17 -0
  58. package/commands/test.md +16 -0
  59. package/commands/upgrade.md +27 -0
  60. package/cortexhawk +450 -0
  61. package/hooks/agent-analytics.sh +67 -0
  62. package/hooks/branch-guard.sh +56 -0
  63. package/hooks/codex-dispatcher.sh +84 -0
  64. package/hooks/commit-guard.sh +71 -0
  65. package/hooks/compose.yml +47 -0
  66. package/hooks/dependency-check.sh +56 -0
  67. package/hooks/file-guard.sh +69 -0
  68. package/hooks/hooks.json +46 -0
  69. package/hooks/self-review.sh +71 -0
  70. package/hooks/session-start.sh +132 -0
  71. package/hooks/session-telemetry.sh +60 -0
  72. package/hooks/test-reminder.sh +75 -0
  73. package/install.sh +3805 -0
  74. package/mcp/README.md +37 -0
  75. package/mcp/context7.json +8 -0
  76. package/mcp/puppeteer.json +8 -0
  77. package/mcp/sequential-thinking.json +8 -0
  78. package/modes/default.md +5 -0
  79. package/modes/fast.md +5 -0
  80. package/modes/learn.md +9 -0
  81. package/modes/orchestration.md +5 -0
  82. package/modes/pair.md +10 -0
  83. package/modes/research.md +5 -0
  84. package/modes/review.md +5 -0
  85. package/package.json +32 -0
  86. package/profiles/api.json +27 -0
  87. package/profiles/data.json +23 -0
  88. package/profiles/fullstack.json +27 -0
  89. package/scripts/autodetect-profile.sh +68 -0
  90. package/scripts/benchmark.sh +106 -0
  91. package/scripts/chain-post-save.sh +23 -0
  92. package/scripts/generate-plans-index.sh +50 -0
  93. package/scripts/git-workflow-init.sh +115 -0
  94. package/scripts/install-codex.sh +128 -0
  95. package/scripts/interactive-init.sh +264 -0
  96. package/scripts/post-install-audit.sh +130 -0
  97. package/scripts/validate.sh +214 -0
  98. package/settings.json +90 -0
  99. package/setup.sh +67 -0
  100. package/skills/databases/schema-designer/SKILL.md +54 -0
  101. package/skills/databases/sql-optimizer/SKILL.md +37 -0
  102. package/skills/devops/ci-cd/SKILL.md +59 -0
  103. package/skills/devops/deployment/SKILL.md +49 -0
  104. package/skills/devops/docker/SKILL.md +57 -0
  105. package/skills/frameworks/api-design/SKILL.md +103 -0
  106. package/skills/frameworks/fastapi/SKILL.md +68 -0
  107. package/skills/frameworks/nextjs/SKILL.md +74 -0
  108. package/skills/frameworks/python/SKILL.md +89 -0
  109. package/skills/frameworks/react/SKILL.md +83 -0
  110. package/skills/frameworks/sveltekit/SKILL.md +69 -0
  111. package/skills/frameworks/tailwindcss/SKILL.md +75 -0
  112. package/skills/frameworks/typescript/SKILL.md +94 -0
  113. package/skills/meta/mcp-builder/SKILL.md +54 -0
  114. package/skills/meta/skill-creator/SKILL.md +43 -0
  115. package/skills/optimization/performance/SKILL.md +70 -0
  116. package/skills/quality/complexity-analyzer/SKILL.md +52 -0
  117. package/skills/quality/error-handling/SKILL.md +123 -0
  118. package/skills/quality/log-analyzer/SKILL.md +31 -0
  119. package/skills/quality/pattern-detector/SKILL.md +50 -0
  120. package/skills/security/auth-analyzer/SKILL.md +96 -0
  121. package/skills/security/compliance-checker/SKILL.md +92 -0
  122. package/skills/security/container-security/SKILL.md +128 -0
  123. package/skills/security/dependency-auditor/SKILL.md +100 -0
  124. package/skills/security/encryption/SKILL.md +94 -0
  125. package/skills/security/incident-response/SKILL.md +127 -0
  126. package/skills/security/secrets/SKILL.md +93 -0
  127. package/skills/security/security-headers/SKILL.md +83 -0
  128. package/skills/security/security-logging/SKILL.md +107 -0
  129. package/skills/security/vulnerability-scanner/SKILL.md +114 -0
  130. package/skills/testing/e2e-testing/SKILL.md +119 -0
  131. package/skills/testing/tdd/SKILL.md +40 -0
  132. package/skills/testing/test-generator/SKILL.md +39 -0
  133. package/skills/workflow/commit/SKILL.md +61 -0
  134. package/skills/workflow/confidence-check/SKILL.md +90 -0
  135. package/skills/workflow/pr-review-comments/SKILL.md +81 -0
  136. package/skills/workflow/pr-review-comments/scripts/fetch_comments.py +237 -0
@@ -0,0 +1,65 @@
1
+ # .cortexhawk-team.yml
2
+ # Generated from .cortexhawk-manifest by CortexHawk
3
+ version: "1"
4
+ profile: all
5
+ skills:
6
+ - databases/schema-designer
7
+ - databases/sql-optimizer
8
+ - devops/ci-cd
9
+ - devops/deployment
10
+ - devops/docker
11
+ - frameworks/api-design
12
+ - frameworks/fastapi
13
+ - frameworks/nextjs
14
+ - frameworks/python
15
+ - frameworks/react
16
+ - frameworks/sveltekit
17
+ - frameworks/tailwindcss
18
+ - frameworks/typescript
19
+ - meta/mcp-builder
20
+ - meta/skill-creator
21
+ - optimization/performance
22
+ - quality/complexity-analyzer
23
+ - quality/error-handling
24
+ - quality/log-analyzer
25
+ - quality/pattern-detector
26
+ - security/auth-analyzer
27
+ - security/compliance-checker
28
+ - security/container-security
29
+ - security/dependency-auditor
30
+ - security/encryption
31
+ - security/incident-response
32
+ - security/secrets
33
+ - security/security-headers
34
+ - security/security-logging
35
+ - security/vulnerability-scanner
36
+ - testing/e2e-testing
37
+ - testing/tdd
38
+ - testing/test-generator
39
+ - workflow/commit
40
+ - workflow/confidence-check
41
+ - workflow/pr-review-comments
42
+ hooks:
43
+ - agent-analytics
44
+ - branch-guard
45
+ - codex-dispatcher
46
+ - commit-guard
47
+ - dependency-check
48
+ - file-guard
49
+ - self-review
50
+ - session-start
51
+ - session-telemetry
52
+ - test-reminder
53
+ modes:
54
+ - default
55
+ - fast
56
+ - learn
57
+ - orchestration
58
+ - pair
59
+ - research
60
+ - review
61
+ git_workflow:
62
+ branching: direct-main
63
+ commit_convention: conventional
64
+ pr_preference: never
65
+ auto_push: after-commit
package/CHANGELOG.md ADDED
@@ -0,0 +1,268 @@
1
+ # Changelog
2
+
3
+ All notable changes to CortexHawk are documented here.
4
+ Format: [Keep a Changelog](https://keepachangelog.com/)
5
+
6
+ ## [3.1.0] - 2026-02-14
7
+
8
+ ### Added
9
+ - `cortexhawk` CLI wrapper: clean subcommands (init, install, update, doctor, search, snapshot, etc.) instead of `bash install.sh --flags`. Install via `./setup.sh`
10
+ - `cortexhawk self-update`: git pull CortexHawk source and show version diff
11
+ - `--target auto`: auto-detects installed CLIs (claude, kimi, codex) and installs for all found — no need to specify which CLIs are available
12
+ - `cortexhawk validate [path]`: post-install diagnostic that verifies skills/agents/commands/hooks discovery per target — checks manifest, file counts, settings.json validity, .gitignore coverage
13
+ - npm distribution: `npm install -g cortexhawk` installs the CLI globally — auto-resolves `CORTEXHAWK_HOME` from symlinked binary, `self-update` detects npm install and suggests `npm update -g`
14
+
15
+ ## [3.0.0] - 2026-02-14
16
+
17
+ ### Added
18
+ - `--demo` flag: creates a sandbox project in `/tmp/` with Express.js app (intentional bugs + security vulns), CortexHawk pre-installed, and guided instructions to try `/scan`, `/debug`, `/check`, `/test`
19
+ - `/upgrade` command + `--check-update` flag: detects installed version vs latest, shows changelog delta between versions, proposes `--update` if outdated
20
+ - `--publish-skill <path>` flag: publish a local skill to GitHub — validates SKILL.md, creates repo via `gh` CLI, pushes content, auto-generates README, optionally notifies SkillsMP for indexation
21
+ - README badges: GitHub stars, license, version, skill count (36 + 87k+ SkillsMP), component summary
22
+ - `docs/TROUBLESHOOTING.md`: 10 common issues with solutions — hooks not triggering, SkillsMP setup, branch-guard, personas, snapshot restore, .env format
23
+ - `--stats` flag: displays installation overview — version, target, profile, component counts (skills, hooks, agents, commands, modes, packs), SkillsMP status, snapshots
24
+ - `--quickstart` flag: displays getting-started guide with 5 things to try after install (/check, /chain, /pulse, /context, --search)
25
+ - `/bootstrap --smart` flag: scans project context files (roadmap, PRD), researches and compares tech stacks via researcher agent, recommends optimal stack, then scaffolds with user confirmation
26
+
27
+ ### Changed
28
+ - README v3 sync: comprehensive update with all v2.1.0+ features — SkillsMP (87k+ skills), skill packs, hook catalog, agent personas, `/check`, `/context`, chain replay, agent delegation, `.env` support, config aliases
29
+ - `--init` wizard UX refonte: reordered flow (git workflow before summary), descriptions on all options, "dev branch" branching strategy (fixed working branch with PR to main), complete summary showing all choices including git workflow
30
+ - `--init` auto git setup: detects missing `.git/` and `.gitignore`, offers `git init` and creates a base `.gitignore` before installing
31
+ - Post-install gitignore: auto-adds target directory (`.claude/`, `.kimi/`, `.codex/`, `.agents/`) to `.gitignore`, asks whether to track `docs/` in git
32
+ - Default git workflow: installs without `--init` now write `git-workflow.conf` with sensible defaults (direct-main, conventional, on-demand, after-commit) instead of skipping git config entirely
33
+ - `--update` now applies install improvements: gitignore (target dir + docs/ prompt), git-workflow.conf defaults — not just component sync
34
+ - `--update` checksum-based detection: compares installed file checksums vs source files instead of just version number — detects changed files even when version is identical
35
+
36
+ - Experimental CLI warning: Kimi and Codex targets marked as "experimental" in README, wizard, and print_usage — only Claude Code is fully supported
37
+ - Post-install restart instructions: clear "exit (ctrl+c) and relaunch" message per target instead of vague "Restart X to activate"
38
+ - Kimi CLI support overhaul: commands converted to skills (/skill:cmd-name), hooks converted to prompt-based skills (/skill:hook-name), agents converted to skills (/skill:agent-name), AGENTS.md generated in project root (auto-injected by Kimi as KIMI_AGENTS_MD), MCP made optional with reference doc instead of crashing, removed unused YAML agent wrappers
39
+ - Kimi local install DX: auto-creates `.envrc` with `KIMI_SHARE_DIR`, auto-runs `direnv allow` if direnv is installed, adds `.envrc` to `.gitignore`
40
+
41
+ ### Removed
42
+ - `--target cursor` support: Cursor CLI too unstable for maintained support — removed installer, wizard option, and all references
43
+
44
+ ## [2.1.0] - 2026-02-11
45
+
46
+ ### Changed
47
+ - Shared conversion functions: extracted 5 reusable functions (`create_docs_workspace`, `generate_agents_md`, `convert_modes_to_skills`, `merge_mcp_json`, `merge_mcp_toml`) from duplicated inline code across Claude/Kimi/Codex installers
48
+ - Snapshot rotation: `do_snapshot()` now keeps only the 10 most recent snapshots, automatically removing older ones to prevent accumulation
49
+ - SkillsMP DX: install.sh auto-loads `.env` at startup, `.env.example` in repo, `--init` wizard prompts for optional SkillsMP API key and saves to `.env`
50
+ - `--search` now queries SkillsMP API (87k+ skills) when `SKILLSMP_API_KEY` env var is set — shows name, author, stars, description; falls back to local REGISTRY.md without key
51
+ - `--list-hooks`, `--enable-hook`, `--disable-hook` flags: hook catalog with toggle — lists all 9 hooks with event/status, disables via compose.yml comment, auto-regenerates settings.json
52
+ - `/context` command: manage persistent project context (`set key=value`, `list`, `clear`) in `docs/.context/_user.md` — auto-merged into `_shared.md` at session start, readable by all 20 agents
53
+ - `/chain --replay <slug>` flag: re-execute a previous chain from `docs/chains/` with fresh context — reads SUMMARY.md to extract the original agent sequence
54
+ - `--pack <name>` flag: install skill pack bundles from `PACKS.md` (react-app, python-api, svelte-app, devops-full, security-suite, testing-full) — generates temporary profile, complementary to `--profile`
55
+ - `/check` command: pre-commit quality gate running lint, tests, security scan, and code review in quick mode — outputs GO/NO-GO verdict table
56
+ - `--export-config`/`--import-config` flags: aliases for `--export-team`/`--team` — portable config export/import with the same YAML format, simplified from deferred #32
57
+ - Agent personas: custom agents in `.cortexhawk-agents/` at project root with `extends:` frontmatter — inherit from base agents with rule/style overrides, auto-copied to `.claude/agents/` on install/update
58
+ - `--search <keyword>` flag: search community skill registry (REGISTRY.md) for matching skills — shows name, category, description, and install command; uses local file or fetches from GitHub
59
+ - Agent delegation lite: `@delegate(agent, context, return)` convention in agent outputs — `/chain` detects and invokes sub-agents dynamically, saved as sub-steps (supersedes deferred #18)
60
+ - Skill dependency graph: `requires:` frontmatter in SKILL.md declares dependencies between skills — validated by `validate.sh` and `--add-skill`, reported in `/pulse`
61
+ - `/pulse --history Nd` flag: metrics trends over N days — reads `docs/.metrics/*.jsonl`, shows daily invocations/tokens/sessions table, top agents, and averages
62
+ - Custom chain presets: `.cortexhawk-chains.yml` at project root defines reusable chain sequences (e.g., `qa: scan,test,review`) — custom presets override built-in, with optional `gate` and `description` fields; template in `templates/`
63
+ - `--test-hooks` flag: dry-runs all installed hooks with synthetic inputs, reports OK/FAIL per hook with 10s timeout; exit 1 if any hook fails
64
+ - `--dry-run` flag: simulates install/update without writing files — shows delta (added, updated, unchanged, skipped, conflicts) with per-file detail for changes
65
+ - `--uninstall [--force]` flag: clean removal of CortexHawk installation with inventory, pre-uninstall snapshot, interactive confirmation; preserves snapshots and docs/
66
+ - `--doctor` flag: diagnoses installation health — checks manifest, JSON validity, component counts, hook permissions, broken symlinks, version match; exit code 1 on errors
67
+ - `--add-skill <url>` flag: install community skills from GitHub (`user/repo` or full URL) — validates SKILL.md, warns on scripts
68
+ - Hook composer: `hooks/compose.yml` defines hook pipelines per event — edit YAML instead of JSON to add/remove hooks
69
+ - `--snapshot --portable` flag: creates a self-contained `.tar.gz` archive with snapshot + all files — transferable between machines without CortexHawk source
70
+ - Snapshot v2 with file contents: snapshots now store base64-encoded `git-workflow.conf` and `CLAUDE.md` in `"file_contents"` section — enables full restore without version coupling
71
+ - `/chain --copy` flag: physical copy to `docs/plans/` with provenance header instead of symlink — useful for Windows native or network filesystems
72
+ - `--target cursor` flag: installs CortexHawk for Cursor CLI (`.cursor/rules/*.mdc` + `AGENTS.md` + `.agents/skills/` + `.cursor/mcp.json`), agents and modes as .mdc rules with YAML frontmatter
73
+ - `--diff <a> <b>` flag: semantic diff between two snapshots — compares metadata, git workflow, skills (+/-), and files (+/-/~)
74
+ - `--target all` flag: installs CortexHawk for all supported CLIs simultaneously (claude + kimi + codex + cursor) in a single command
75
+ - `--target codex` flag: installs CortexHawk for OpenAI Codex CLI (`.codex/config.toml` + `.agents/skills/` + `AGENTS.md`), with commands-as-skills (`$cmd-name`), modes-as-skills, and JSON→TOML MCP conversion
76
+ - Codex hooks dispatcher: `codex-dispatcher.sh` bridges Codex `after_tool_use` events to 4 CortexHawk PostToolUse hooks (self-review, dependency-check, test-reminder, agent-analytics) with dual extraction strategy
77
+
78
+ ### Fixed
79
+ - **Hooks exit code protocol**: blocking hooks (file-guard, branch-guard, commit-guard) now use exit 2 + stderr instead of exit 1 + stdout — fixes "hook error" displayed by Claude Code which expects exit 2 for blocking
80
+ - **Hooks zero-dependency parsing**: replaced `python3` JSON parsing with pure `grep`/`sed` in all 8 hooks — eliminates external dependency that caused "hook error" in Claude Code's execution environment
81
+ - **Hooks stdin protocol**: all 9 hooks now read `tool_input.file_path` / `tool_input.command` / `session_id` from stdin JSON instead of non-existent `$FILE_PATH`/`$COMMAND`/`$SESSION_ID` shell variables — fixes "PostToolUse hook error" on all installations
82
+ - Hook paths in `settings.json`: corrected `hooks/` to `.claude/hooks/` — hooks were not triggering because paths didn't match install location
83
+ - Benchmark Phase 2: expectations for all 20 agents (15 new), benchmark.sh validates 89/89 checks
84
+ - `--export-team [file]` flag: converts a snapshot or manifest into a `.cortexhawk-team.yml` file for team sharing
85
+ - Chain symlinks: `chain-post-save.sh` creates `docs/plans/{slug}-plan.md` symlink to chain planner output, regenerates INDEX.md
86
+ - `/ci` command: generates CI/CD pipeline (GitHub Actions/GitLab CI) tailored to project stack and CortexHawk profile
87
+ - `--diff [file]` flag: compares current installation against snapshot or manifest, reports MODIFIED/MISSING/NEW files with checksums
88
+ - `generate-plans-index.sh` script: auto-generates `docs/plans/INDEX.md` listing all plans from standalone and chain sources
89
+ - `--restore --latest` shortcut: restores from the most recent snapshot without specifying the file path
90
+ - `--team` flag: installs from `.cortexhawk-team.yml` team config with minimal YAML parser, selective hooks/modes/skills, and `.cortexhawk-local.yml` override support
91
+ - `--snapshot` flag: saves complete installation state (manifest, settings, git workflow, checksums) to `.cortexhawk-snapshots/`
92
+ - `--restore <file>` flag: restores installation from a snapshot file with checksum verification
93
+ - Automatic pre-update snapshot: `--update` now creates a snapshot before modifying files, with rollback command in summary
94
+ - `/task` command: execute a backlog item end-to-end — reads `docs/backlog.md`, chains plan→build→test→review, then ships
95
+ - `--snapshots` flag: lists all saved snapshots with date, version, and profile
96
+ - Smart chain save: `/task` skips `docs/chains/` output for effort L items, saves for M/H, `--save` flag forces save
97
+ - `pair` mode: 7th behavioral preset alternating implementer and reviewer on each change (max 2 review cycles)
98
+ - `/chain` command: sequential agent execution with context passing via `docs/chains/`
99
+ - 3 chain presets: `default` (plan→build→test→review), `security` (scan→review), `ship` (test→review→ship)
100
+ - `--gate` flag for step-by-step confirmation between agents
101
+ - `docs/chains/` output directory for chain run artifacts
102
+ - `agent-analytics` hook: tracks agent invocations with estimated tokens and timestamps to `docs/.metrics/`
103
+ - `docs/.metrics/` directory for daily JSONL analytics files
104
+ - Session-start displays daily agent invocation count
105
+ - `session-telemetry` hook: generates session summary (agents invoked, tokens, duration, files modified) on exit
106
+ - `/pulse` now displays agent analytics section (invocations, tokens, session duration)
107
+
108
+ ## [2.0.0] - 2026-02-10
109
+
110
+ ### Added
111
+ - `learn` mode: 6th behavioral preset with 3 teaching levels (guided, mentor, professor)
112
+ - `/learn` command: activates learn mode with level and topic
113
+ - `/export` command: saves current session as structured markdown to `docs/conversations/`
114
+ - `codebase-mapper` agent: 19th agent that analyzes and maps codebase architecture, dependencies, entry points, and patterns
115
+ - `/map` command: generates `CODEBASE.md` architectural map of the project
116
+ - `/pulse` command: project health dashboard showing git health, code quality markers, dependency audit, backlog summary, and test status at a glance
117
+ - Skill auto-detect: `--profile autodetect` scans project stack and installs relevant skills
118
+ - `teacher` agent: 20th agent backing `/learn` with 3 teaching levels (guided, mentor, professor)
119
+ - Skill auto-detect Phase 2: metadata-driven detection via `detect:` frontmatter in SKILL.md
120
+ - Git workflow wizard: `install.sh --init` step 5 configures branching, commit convention, PR preference, and auto-push
121
+ - Self-update: `install.sh --update` pulls latest version, detects user-modified files, interactive conflict resolution (overwrite/skip/diff), manifest-based checksum tracking
122
+
123
+ ## [1.9.0] - 2026-02-09
124
+
125
+ ### Added
126
+ - Smart context loader: `session-start.sh` auto-generates `docs/.context/_shared.md` with backlog summary, last 5 commits, and active warnings
127
+ - All 18 agents now read `_shared.md` in step 0 for project-wide awareness
128
+
129
+ ### Changed
130
+ - 13 agents step 0: `_shared.md` + agent-specific context
131
+ - 5 agents step 0: `_shared.md` + agent-specific context + last 3 docs/ files
132
+
133
+ ## [1.8.0] - 2026-02-09
134
+
135
+ ### Added
136
+ - Prompt benchmarking framework (Phase 1): `scripts/benchmark.sh`
137
+ - 3 synthetic repos in `tests/fixtures/` (Node/Express, Python/FastAPI, React/Next.js) with intentional bugs and security flaws
138
+ - 5 agent expectation files in `tests/expectations/` (planner, implementer, reviewer, debugger, security-auditor)
139
+ - Each fixture contains tagged `BUG:` and `VULN:` markers for validation
140
+ - Benchmark validator checks fixture integrity and expectation JSON schema
141
+
142
+ ## [1.7.0] - 2026-02-09
143
+
144
+ ### Added
145
+ - Agent memory: each agent reads/writes `docs/.context/{agent-name}.md` to persist patterns, decisions, and key files across sessions
146
+ - `docs/.context/` directory created by `install.sh` alongside other docs subdirectories
147
+ - `session-start` hook displays agent memory status (context file count)
148
+
149
+ ### Changed
150
+ - 5 agents with existing context step now also read their `.context.md` file (planner, brainstormer, researcher, security-auditor, journal-writer)
151
+ - 13 agents now have a context step (step 0) reading their `.context.md` file
152
+
153
+ ## [1.6.0] - 2026-02-09
154
+
155
+ ### Added
156
+ - Interactive onboarding wizard: `install.sh --init`
157
+ - 4-step setup: target CLI, scope, skill selection, confirmation
158
+ - Custom skill category selection (pick from 9 categories)
159
+ - `scripts/interactive-init.sh`: wizard logic sourced by install.sh
160
+ - `PROFILE_FILE` support for custom/generated profiles
161
+
162
+ ### Changed
163
+ - `copy_skills()` uses global `PROFILE_FILE` instead of reconstructing path
164
+ - Profile validation supports both named profiles and custom file paths
165
+
166
+ ## [1.5.1] - 2026-02-09
167
+
168
+ ### Added
169
+ - Post-install security audit: 5 checks run automatically after `install.sh`
170
+ - `scripts/post-install-audit.sh`: .gitignore, committed .env, hardcoded secrets, dependency vulns, sensitive files
171
+ - `--no-scan` flag to skip post-install audit
172
+
173
+ ## [1.5.0] - 2026-02-09
174
+
175
+ ### Added
176
+ - `--profile` flag for install.sh: `fullstack`, `api`, `data`
177
+ - `profiles/` directory with 3 JSON profile definitions
178
+ - Profiles filter which skills are installed — agents remain universal
179
+ - Without `--profile`, all skills are installed (unchanged behavior)
180
+
181
+ ## [1.4.1] - 2026-02-09
182
+
183
+ ### Added
184
+ - `docs/` workspace created by install.sh (brainstorms, plans, decisions, research, audits)
185
+ - Kimi CLI local install: direnv / KIMI_SHARE_DIR instructions
186
+ - 5 agents now persist outputs to `docs/`: brainstormer, planner, journal-writer, researcher, security-auditor
187
+ - 5 commands updated to reference `docs/` save paths
188
+
189
+ ### Changed
190
+ - CLAUDE.md and README.md updated to document `docs/` workspace
191
+
192
+ ## [1.4.0] - 2026-02-08
193
+
194
+ ### Added
195
+ - Multi-CLI install system: `install.sh --target kimi` for Kimi CLI support
196
+ - Kimi agent wrappers: auto-generated `agent.yaml` + `system.md` per agent
197
+ - Kimi AGENTS.md: auto-generated from CLAUDE.md (agents, skills, modes sections)
198
+ - Kimi MCP: merged `mcp.json` with all 3 server configs
199
+ - Kimi modes: converted to skills at `skills/modes/<name>/SKILL.md`
200
+ - CLI argument parsing: `--target`, `--global`, `--help`
201
+
202
+ ### Changed
203
+ - install.sh refactored into `install_claude()` and `install_kimi()` functions
204
+ - Default behavior (no flags) remains identical to previous version
205
+
206
+ ## [1.3.0] - 2026-02-08
207
+
208
+ ### Added
209
+ - Security skills: secrets, encryption, container-security, security-logging, incident-response (10 total security skills)
210
+ - Full security coverage: auth, headers, vulns, deps, compliance, secrets, crypto, containers, logging, IR
211
+
212
+ ### Changed
213
+ - Enriched existing security skills with content from security suite:
214
+ - auth-analyzer: added OAuth2 flows, PKCE pattern, key rotation
215
+ - security-headers: added CSRF protection strategies, COOP/CORP headers
216
+ - dependency-auditor: added CI/CD pipeline, supply chain threats, automated updates
217
+ - vulnerability-scanner: added SAST/DAST tool matrices, security test cases
218
+ - compliance-checker: added data classification tiers, PCI DSS section
219
+ - security-auditor agent: now references all 10 security skills
220
+ - Updated component counts (31→36 skills)
221
+
222
+ ## [1.2.0] - 2026-02-08
223
+
224
+ ### Added
225
+ - Hooks: branch-guard, dependency-check, commit-guard, test-reminder (7 total)
226
+ - branch-guard: prevents push to main/master/production/release + blocks force push
227
+ - commit-guard: validates conventional commit format, scans staged files for secrets
228
+ - dependency-check: alerts on package.json/requirements.txt/Cargo.toml/go.mod/Gemfile changes
229
+ - test-reminder: checks for corresponding test files when source code is modified
230
+
231
+ ### Changed
232
+ - settings.json: new PreToolUse (Bash) and PostToolUse (Write|Edit) hook registrations
233
+ - Updated component counts across all docs and plugin metadata
234
+
235
+ ## [1.1.0] - 2026-02-08
236
+
237
+ ### Added
238
+ - Skills: api-design, error-handling, e2e-testing (31 total)
239
+ - Skills: confidence-check, pr-review-comments (workflow category)
240
+ - MCP configs: context7, sequential-thinking, puppeteer
241
+ - CONTRIBUTING.md, CHANGELOG.md
242
+ - GitHub templates: bug report, feature request, PR template
243
+ - Validation script: `scripts/validate.sh`
244
+
245
+ ### Changed
246
+ - install.sh: now copies MCP configs, settings.json, and CLAUDE.md
247
+ - All agents harmonized: consistent Process, Output Format, Rules sections
248
+ - All commands: YAML frontmatter added
249
+ - All skills: code examples added where missing
250
+ - Hooks: file-guard (path normalization), self-review (actual checks), session-start (UUOC fix)
251
+ - plugin.json: updated component counts
252
+ - README.md: reflects all components
253
+
254
+ ### Removed
255
+ - docs/principles.md (merged into CONTRIBUTING.md)
256
+
257
+ ## [1.0.0] - 2026-02-08
258
+
259
+ ### Added
260
+ - 18 specialized agents
261
+ - 21 slash commands
262
+ - 26 skills across 8 categories
263
+ - 3 lifecycle hooks: file-guard, self-review, session-start
264
+ - 5 behavioral modes: default, fast, research, review, orchestration
265
+ - Contribution templates
266
+ - Plugin marketplace support (.claude-plugin)
267
+ - Global and local install script
268
+ - settings.json with permissions and hook configuration
package/CLAUDE.md ADDED
@@ -0,0 +1,96 @@
1
+ # CortexHawk
2
+
3
+ Open-source development toolkit for Claude Code — optimized agents, skills, commands, hooks, and modes.
4
+
5
+ ## Structure
6
+
7
+ ```
8
+ agents/ — 20 specialized AI agents
9
+ commands/ — 32 slash commands
10
+ scripts/ — Validation and post-install audit scripts
11
+ skills/ — 36 domain-specific knowledge modules
12
+ hooks/ — 9 lifecycle hooks
13
+ modes/ — 7 behavioral presets
14
+ profiles/ — 3 install profiles (fullstack, api, data)
15
+ mcp/ — Pre-configured MCP server configs
16
+ docs/ — Agent outputs (brainstorms, plans, decisions, research, audits, conversations, chains)
17
+ templates/ — Templates for contributing new components (agents, commands, skills, chain presets, personas)
18
+ CONTRIBUTING.md — Contribution guidelines
19
+ ```
20
+
21
+ ## Agent Personas
22
+
23
+ Custom agents in `.cortexhawk-agents/` at project root. Each `.md` file uses `extends:` frontmatter to inherit from a base agent and override rules/style. Copied to `.claude/agents/` on install/update.
24
+
25
+ ## Agents
26
+
27
+ | Agent | Role |
28
+ |---|---|
29
+ | planner | Breaks features into executable tasks |
30
+ | implementer | Writes production code from plans |
31
+ | tester | Generates tests and validates coverage |
32
+ | reviewer | Multi-pass code review |
33
+ | debugger | Root cause analysis and fix |
34
+ | security-auditor | OWASP Top 10, CVE scanning |
35
+ | architect | System design and API decisions |
36
+ | devops | CI/CD, Docker, deployment |
37
+ | researcher | Tech research and comparison |
38
+ | designer | UI/UX patterns, accessibility |
39
+ | git-manager | Branching, commits, PR management |
40
+ | docs-manager | Documentation generation |
41
+ | project-manager | Progress tracking, roadmaps |
42
+ | copywriter | Release notes, changelogs, comms |
43
+ | journal-writer | Dev journals, decision logs |
44
+ | brainstormer | Ideation, mind mapping, exploration |
45
+ | code-simplifier | Complexity reduction, clarification |
46
+ | codebase-mapper | Generates architectural map of the codebase |
47
+ | fullstack-developer | Full-stack orchestration front+back |
48
+ | teacher | Teaches concepts with 3 pedagogical levels (guided, mentor, professor) |
49
+
50
+ ## Commands
51
+
52
+ `/plan` `/build` `/test` `/review` `/ship` `/debug` `/scan` `/check` `/refactor` `/research` `/doc` `/bootstrap` `/tdd` `/optimize` `/migrate` `/monitor` `/api-gen` `/changelog` `/journal` `/brainstorm` `/simplify` `/deploy` `/export` `/backlog` `/pulse` `/map` `/learn` `/chain` `/task` `/ci` `/context` `/upgrade`
53
+
54
+ ## Skills
55
+
56
+ - **Security**: auth-analyzer, compliance-checker, container-security, dependency-auditor, encryption, incident-response, secrets, security-headers, security-logging, vulnerability-scanner
57
+ - **DevOps**: ci-cd, deployment, docker
58
+ - **Databases**: schema-designer, sql-optimizer
59
+ - **Testing**: e2e-testing, tdd, test-generator
60
+ - **Quality**: complexity-analyzer, error-handling, log-analyzer, pattern-detector
61
+ - **Meta**: mcp-builder, skill-creator
62
+ - **Frameworks**: api-design, fastapi, nextjs, react, sveltekit, tailwindcss, typescript, python
63
+ - **Optimization**: performance
64
+ - **Workflow**: commit, confidence-check, pr-review-comments
65
+
66
+ ## Modes
67
+
68
+ | Mode | Behavior |
69
+ |---|---|
70
+ | default | Balanced, clear, actionable |
71
+ | fast | Minimal tokens, direct answers |
72
+ | research | Deep analysis, brainstorming |
73
+ | review | Critical, thorough examination |
74
+ | orchestration | Multi-agent coordination |
75
+ | learn | Teaching mode with 3 levels (guided, mentor, professor) |
76
+ | pair | Alternate implementer/reviewer on each change, max 2 cycles |
77
+
78
+ ## Hooks
79
+
80
+ - `file-guard` (PreToolUse) — Blocks access to .env, secrets, keys
81
+ - `branch-guard` (PreToolUse) — Prevents direct push to protected branches
82
+ - `commit-guard` (PreToolUse) — Validates conventional commits, checks staged secrets
83
+ - `self-review` (PostToolUse) — Checks for TODO/FIXME, secrets, debug artifacts
84
+ - `dependency-check` (PostToolUse) — Alerts when dependency files are modified
85
+ - `test-reminder` (PostToolUse) — Reminds to update tests for modified source files
86
+ - `agent-analytics` (PostToolUse) — Tracks agent invocations, estimated tokens, and timestamps
87
+ - `session-telemetry` (SessionEnd) — Generates session summary with agents, tokens, duration, and files modified
88
+ - `session-start` (SessionStart) — Project context injection
89
+
90
+ ## Conventions
91
+
92
+ - Max 100 lines per agent, 50 per command, 150 per skill
93
+ - Every token must add value — no verbosity
94
+ - Checklists > paragraphs, code examples > prose
95
+ - One responsibility per component
96
+ - All agents follow: frontmatter → description → Process → Output Format → Rules
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 CortexHawk Contributors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/PACKS.md ADDED
@@ -0,0 +1,14 @@
1
+ # Skill Packs
2
+
3
+ Pre-assembled skill bundles for common stacks. Install with `install.sh --pack <name>`.
4
+
5
+ Packs are complementary to profiles (`--profile`): profiles are broad (fullstack, api, data), packs are stack-specific.
6
+
7
+ | Pack | Skills | Description |
8
+ |---|---|---|
9
+ | react-app | frameworks/react, frameworks/nextjs, frameworks/tailwindcss, frameworks/typescript, testing/tdd, testing/e2e-testing | Modern React/Next.js app |
10
+ | python-api | frameworks/python, frameworks/fastapi, frameworks/api-design, databases/schema-designer, databases/sql-optimizer, testing/tdd | Python API backend |
11
+ | svelte-app | frameworks/sveltekit, frameworks/tailwindcss, frameworks/typescript, testing/tdd, testing/e2e-testing | SvelteKit app |
12
+ | devops-full | devops/ci-cd, devops/deployment, devops/docker, security/container-security, quality/log-analyzer | Full DevOps pipeline |
13
+ | security-suite | security/auth-analyzer, security/vulnerability-scanner, security/dependency-auditor, security/compliance-checker, security/secrets, security/encryption, security/container-security, security/security-headers, security/security-logging, security/incident-response | All 10 security skills |
14
+ | testing-full | testing/tdd, testing/test-generator, testing/e2e-testing, quality/complexity-analyzer | Complete testing toolkit |