devrites 1.19.0

package/scripts/scan-supply-chain-iocs.py

@@ -0,0 +1,127 @@
+#!/usr/bin/env python3
+"""Scan an npm lockfile against known supply-chain indicators of compromise.
+
+Dependabot manages version *updates*; this gate catches a *known-malicious* installed
+version (a compromised release that slipped in). It checks every name@version in the
+lockfile against the bundled IOC dataset (scripts/supply-chain-iocs.json) — an offline,
+always-available advisory source, so CI is deterministic and needs no network.
+
+`--online` additionally queries the OSV API per package and is best-effort: if the
+advisory source is unreachable it prints a notice and falls back to the bundled dataset
+(it never fails the build on a network error — only on a real IOC match).
+
+Usage: scan-supply-chain-iocs.py [LOCKFILE] [--iocs FILE] [--online]
+  LOCKFILE defaults to package-lock.json.
+Exit: 0 clean; 1 on an IOC match; 2 on a usage/parse error.
+"""
+import json
+import os
+import sys
+
+HERE = os.path.dirname(os.path.abspath(__file__))
+DEFAULT_IOCS = os.path.join(HERE, "supply-chain-iocs.json")
+
+
+def load_iocs(path):
+    with open(path, "r", encoding="utf-8") as fh:
+        data = json.load(fh)
+    index = {}
+    for e in data.get("iocs", []):
+        index[e["name"]] = e
+    return index
+
+
+def installed_packages(lockfile):
+    """Yield (name, version) for every package in an npm lockfile (v2/v3 or v1)."""
+    with open(lockfile, "r", encoding="utf-8") as fh:
+        data = json.load(fh)
+    pkgs = data.get("packages")
+    if isinstance(pkgs, dict):  # lockfile v2/v3
+        for key, meta in pkgs.items():
+            if not key or "node_modules/" not in key:
+                continue
+            name = key.split("node_modules/")[-1]
+            ver = (meta or {}).get("version")
+            if name and ver:
+                yield name, ver
+    deps = data.get("dependencies")
+    if isinstance(deps, dict):  # lockfile v1 (recursive)
+        stack = list(deps.items())
+        while stack:
+            name, meta = stack.pop()
+            meta = meta or {}
+            ver = meta.get("version")
+            if name and ver:
+                yield name, ver
+            nested = meta.get("dependencies")
+            if isinstance(nested, dict):
+                stack.extend(nested.items())
+
+
+def query_osv(name, version):
+    """Best-effort OSV lookup. Returns a finding note or None; never raises."""
+    try:
+        import json as _json
+        import urllib.request
+        body = _json.dumps({"package": {"name": name, "ecosystem": "npm"},
+                            "version": version}).encode()
+        req = urllib.request.Request("https://api.osv.dev/v1/query", data=body,
+                                     headers={"Content-Type": "application/json"})
+        with urllib.request.urlopen(req, timeout=8) as r:
+            vulns = _json.loads(r.read()).get("vulns", [])
+        ids = [v.get("id") for v in vulns if v.get("id")]
+        return ("OSV: " + ", ".join(ids)) if ids else None
+    except Exception:
+        return "__unreachable__"
+
+
+def main(argv):
+    args = [a for a in argv[1:]]
+    online = "--online" in args
+    args = [a for a in args if a != "--online"]
+    iocs_path = DEFAULT_IOCS
+    if "--iocs" in args:
+        i = args.index("--iocs")
+        iocs_path = args[i + 1]
+        del args[i:i + 2]
+    lockfile = args[0] if args else "package-lock.json"
+
+    if not os.path.isfile(lockfile):
+        print("OK    no lockfile at %s — nothing to scan" % lockfile)
+        return 0
+    try:
+        index = load_iocs(iocs_path)
+        pkgs = list(installed_packages(lockfile))
+    except (OSError, ValueError, KeyError) as e:
+        print("ERROR cannot scan (%s)" % e, file=sys.stderr)
+        return 2
+
+    findings = []
+    for name, ver in pkgs:
+        e = index.get(name)
+        if e and ver in e.get("versions", []):
+            findings.append("FINDING %s@%s — %s (%s)" % (name, ver, e["note"], e["source"]))
+
+    if online:
+        offline_notice = False
+        for name, ver in pkgs:
+            res = query_osv(name, ver)
+            if res == "__unreachable__":
+                offline_notice = True
+                break
+            if res:
+                findings.append("FINDING %s@%s — %s" % (name, ver, res))
+        if offline_notice:
+            print("note: OSV unreachable — fell back to the bundled IOC dataset only")
+
+    if findings:
+        for f in sorted(set(findings)):
+            print(f)
+        print("\n%d supply-chain finding(s) across %d packages." % (len(set(findings)), len(pkgs)))
+        return 1
+    print("OK    supply-chain scan clean (%d packages, %d IOCs)" % (len(pkgs), len(index)))
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv))

package/scripts/supply-chain-iocs.json

@@ -0,0 +1,11 @@
+{
+  "_comment": "Bundled supply-chain indicators-of-compromise: documented malicious npm releases. This offline dataset is the always-available advisory source the scanner checks against, so CI is deterministic and needs no network. Extend it as new incidents are confirmed; keep each entry sourced.",
+  "iocs": [
+    {"name": "event-stream", "versions": ["3.3.6"], "note": "pulled in malicious flatmap-stream (bitcoin-wallet stealer)", "source": "GHSA-mh6f-8j2x-4483 (2018)"},
+    {"name": "flatmap-stream", "versions": ["0.1.1"], "note": "malicious payload targeting Copay bitcoin wallets", "source": "npm advisory (2018)"},
+    {"name": "ua-parser-js", "versions": ["0.7.29", "0.8.0", "1.0.0"], "note": "account takeover shipped a crypto-miner + password stealer", "source": "CVE-2021-41265 / GHSA-pjwm-rvh2-c87w (Oct 2021)"},
+    {"name": "coa", "versions": ["2.0.3", "2.0.4", "2.1.1", "2.1.3", "3.0.1", "3.1.3"], "note": "maintainer-account compromise shipped malware", "source": "GHSA-73qr-pfmq-6rp8 (Nov 2021)"},
+    {"name": "rc", "versions": ["1.2.9", "1.3.9", "2.3.9"], "note": "maintainer-account compromise shipped malware", "source": "GHSA-g2q5-5433-rhrf (Nov 2021)"},
+    {"name": "node-ipc", "versions": ["10.1.1", "10.1.2", "11.0.0"], "note": "protestware that wiped files based on geolocation", "source": "CVE-2022-23812 (Mar 2022)"}
+  ]
+}

package/scripts/sync-version.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+# Sync the semantic-release-determined version across every DevRites manifest
+# so plugin.json, marketplace.json and package.json stay in lockstep.
+#
+# Usage: sync-version.sh <version>
+set -euo pipefail
+
+VERSION="${1:-}"
+if [[ -z "$VERSION" ]]; then
+  echo "usage: sync-version.sh <version>" >&2
+  exit 1
+fi
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+
+echo "Syncing version ${VERSION} across DevRites manifests"
+
+node - "$VERSION" <<'NODE'
+const fs = require('fs');
+const path = require('path');
+const version = process.argv[2];
+
+const updates = [
+  { file: 'package.json',                       set: (j) => { j.version = version; } },
+  { file: '.claude-plugin/plugin.json',         set: (j) => { j.version = version; } },
+  { file: '.claude-plugin/marketplace.json',    set: (j) => { j.plugins.forEach(p => { if (p.name === 'devrites') p.version = version; }); } },
+];
+
+for (const u of updates) {
+  const p = path.resolve(u.file);
+  const data = JSON.parse(fs.readFileSync(p, 'utf8'));
+  u.set(data);
+  fs.writeFileSync(p, JSON.stringify(data, null, 2) + '\n');
+  console.log(`  → ${u.file}`);
+}
+
+// Update README status line so the published version shows on the repo
+// landing page. Matches the previous status block (single- or two-line form)
+// and rewrites it to a one-liner pointing at the new tag.
+const readmePath = path.resolve('README.md');
+const readme = fs.readFileSync(readmePath, 'utf8');
+const statusLine =
+  `**Status:** [\`v${version}\`](https://github.com/ViktorsBaikers/DevRites/releases/tag/v${version}) — ` +
+  "see [`CHANGELOG.md`](CHANGELOG.md) for release notes.";
+const re = /\*\*Status:\*\*[^\n]*(?:\n(?!\n)[^\n]*)*/;
+if (re.test(readme)) {
+  const updated = readme.replace(re, statusLine);
+  if (updated !== readme) {
+    fs.writeFileSync(readmePath, updated);
+    console.log('  → README.md');
+  }
+} else {
+  console.warn('  ! README.md status line not found — skipping');
+}
+NODE

package/scripts/validate-frontmatter.py

@@ -0,0 +1,149 @@
+#!/usr/bin/env python3
+"""Validate YAML frontmatter of DevRites SKILL.md and agent files.
+
+Usage: validate-frontmatter.py FILE [FILE ...]
+Exits non-zero if any file fails. Uses PyYAML if present, else a minimal parser
+(frontmatter here is simple key: value, no nested structures needed).
+"""
+import sys
+
+KNOWN_SKILL_FIELDS = {
+    "name", "description", "argument-hint", "user-invocable",
+    "disable-model-invocation",
+}
+KNOWN_AGENT_FIELDS = {
+    "name", "description", "tools", "disallowedTools", "model", "permissionMode",
+    "mcpServers", "hooks", "maxTurns", "skills", "initialPrompt", "memory",
+    "effort", "background", "isolation", "color",
+}
+
+
+def extract_frontmatter(text):
+    lines = text.splitlines()
+    if not lines or lines[0].strip() != "---":
+        return None, "missing opening '---' frontmatter fence"
+    body = []
+    for i in range(1, len(lines)):
+        if lines[i].strip() == "---":
+            return "\n".join(body), None
+        body.append(lines[i])
+    return None, "missing closing '---' frontmatter fence"
+
+
+def parse_simple(fm):
+    """Minimal top-level 'key: value' parser. Good enough for these files.
+
+    Handles YAML block scalars ('|', '>') by collecting indented continuation
+    lines so multi-line values are preserved (and can be detected/rejected).
+    """
+    data = {}
+    lines = fm.splitlines()
+    i = 0
+    while i < len(lines):
+        raw = lines[i]
+        if not raw.strip() or raw.lstrip().startswith("#"):
+            i += 1
+            continue
+        if raw[0] in (" ", "\t"):
+            i += 1
+            continue
+        if ":" not in raw:
+            i += 1
+            continue
+        key, val = raw.split(":", 1)
+        v = val.strip()
+        # Block scalar indicators: gather indented following lines.
+        if v and v[0] in ("|", ">"):
+            collected = []
+            j = i + 1
+            while j < len(lines) and (lines[j] == "" or lines[j].startswith((" ", "\t"))):
+                collected.append(lines[j].lstrip())
+                j += 1
+            data[key.strip()] = "\n".join(collected).rstrip()
+            i = j
+            continue
+        data[key.strip()] = v.strip('"').strip("'")
+        i += 1
+    return data
+
+
+def load_fm(fm):
+    try:
+        import yaml  # type: ignore
+        d = yaml.safe_load(fm)
+        if isinstance(d, dict):
+            return {str(k): d[k] for k in d}
+    except Exception:
+        pass
+    return parse_simple(fm)
+
+
+def is_agent(path):
+    return "/agents/" in path.replace("\\", "/")
+
+
+def main(argv):
+    files = argv[1:]
+    if not files:
+        print("usage: validate-frontmatter.py FILE [FILE ...]", file=sys.stderr)
+        return 2
+    errors = 0
+    for path in files:
+        try:
+            with open(path, "r", encoding="utf-8") as fh:
+                text = fh.read()
+        except OSError as e:
+            print("ERROR %s: cannot read (%s)" % (path, e))
+            errors += 1
+            continue
+        fm, err = extract_frontmatter(text)
+        if err:
+            print("ERROR %s: %s" % (path, err))
+            errors += 1
+            continue
+        data = load_fm(fm)
+        if not isinstance(data, dict) or not data:
+            print("ERROR %s: frontmatter did not parse to key/value fields" % path)
+            errors += 1
+            continue
+        if "description" not in data or not str(data.get("description", "")).strip():
+            print("ERROR %s: missing/empty 'description'" % path)
+            errors += 1
+            continue
+        known = KNOWN_AGENT_FIELDS if is_agent(path) else KNOWN_SKILL_FIELDS
+        unknown = [k for k in data if k not in known]
+        if unknown:
+            print("ERROR %s: unknown field(s) not in canonical SKILL.md spec: %s"
+                  % (path, ", ".join(unknown)))
+            errors += 1
+            continue
+        # description length cap is 1024 chars per Anthropic SKILL.md spec
+        warn = ""
+        desc = str(data.get("description", ""))
+        dlen = len(desc)
+        if dlen > 1024:
+            print("ERROR %s: description %d chars > 1024 cap (Anthropic SKILL.md spec)"
+                  % (path, dlen))
+            errors += 1
+            continue
+        if "\n" in desc:
+            print("ERROR %s: description must be a single line (no newlines)" % path)
+            errors += 1
+            continue
+        if "when_to_use" in data:
+            dlen += len(str(data.get("when_to_use", "")))
+            if dlen > 1536:
+                warn += " [warn: description+when_to_use %d>1536 chars]" % dlen
+        ui = data.get("user-invocable", "(default)")
+        ctx = data.get("context", "")
+        flag = (" context=%s" % ctx) if ctx else ""
+        print("OK    %s  (user-invocable=%s%s)%s" % (path, ui, flag, warn))
+    if errors:
+        print("\n%d file(s) failed frontmatter validation." % errors)
+        return 1
+    print("\nAll %d file(s) passed frontmatter validation." % len(files))
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv))

package/scripts/validate-workflow-security.py

@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+"""Scan GitHub Actions workflows for supply-chain + permission risks.
+
+DevRites' publish (release.yml) and auto-merge paths are high-value targets, so this
+gate fails CI when a workflow:
+
+  - uses a THIRD-PARTY action not pinned to a full 40-char commit SHA — a moving tag
+    like `@v2` lets a compromised upstream inject code into the pipeline (GitHub-owned
+    `actions/*` and `github/*` tags are tolerated);
+  - declares no `permissions:` scope anywhere — the default token is broad;
+  - uses `permissions: write-all` (over-broad);
+  - uses `pull_request_target` (runs with secrets on untrusted PR code — review required).
+
+Usage: validate-workflow-security.py [DIR]   (default: .github/workflows)
+Exit: 0 clean; 1 on any finding.
+"""
+import os
+import re
+import sys
+
+FIRST_PARTY = {"actions", "github"}   # GitHub-owned; major-tag refs tolerated
+SHA_RE = re.compile(r"^[0-9a-f]{40}$")
+USES_RE = re.compile(r"^\s*-?\s*uses:\s*([^\s#]+)")
+
+
+def scan_text(path, text):
+    findings = []
+    lines = text.splitlines()
+    if not re.search(r"^\s*permissions:", text, re.MULTILINE):
+        findings.append("%s: no permissions: scope — the default GITHUB_TOKEN is broad; "
+                        "add an explicit least-privilege permissions block" % path)
+    for i, line in enumerate(lines, 1):
+        if "write-all" in line:
+            findings.append("%s:%d: permissions: write-all is over-broad — scope to the "
+                            "minimum needed" % (path, i))
+        if "pull_request_target" in line:
+            findings.append("%s:%d: pull_request_target runs with secrets on untrusted PR "
+                            "code — review carefully or use pull_request" % (path, i))
+        m = USES_RE.match(line)
+        if not m:
+            continue
+        ref = m.group(1)
+        if ref.startswith("./") or ref.startswith("."):
+            continue  # local action
+        owner = ref.split("/", 1)[0]
+        if owner in FIRST_PARTY:
+            continue
+        at = ref.rsplit("@", 1)
+        pin = at[1] if len(at) == 2 else ""
+        if not SHA_RE.match(pin):
+            findings.append("%s:%d: third-party action '%s' not pinned to a full commit "
+                            "SHA — pin it (a moving tag is a supply-chain risk)"
+                            % (path, i, ref))
+    return findings
+
+
+def iter_workflows(d):
+    if os.path.isfile(d):
+        yield d
+        return
+    for root, _dirs, names in os.walk(d):
+        for n in sorted(names):
+            if n.endswith((".yml", ".yaml")):
+                yield os.path.join(root, n)
+
+
+def main(argv):
+    target = argv[1] if len(argv) > 1 else ".github/workflows"
+    if not os.path.exists(target):
+        print("OK    no workflows at %s" % target)
+        return 0
+    findings = []
+    for path in iter_workflows(target):
+        with open(path, "r", encoding="utf-8") as fh:
+            findings.extend(scan_text(path, fh.read()))
+    if findings:
+        for f in findings:
+            print("FINDING " + f)
+        print("\n%d workflow-security finding(s)." % len(findings))
+        return 1
+    print("OK    workflow security clean (%s)" % target)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv))

package/scripts/validate.sh

@@ -0,0 +1,234 @@
+#!/usr/bin/env bash
+# validate.sh — static validation of the DevRites pack (no install required).
+# Run from anywhere. Exits non-zero if any hard check fails.
+
+set -u
+ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
+PACK="$ROOT/pack/.claude"
+SKILLS="$PACK/skills"
+AGENTS="$PACK/agents"
+fail=0
+section() { printf '\n=== %s ===\n' "$1"; }
+bad() { printf 'FAIL: %s\n' "$*"; fail=1; }
+good() { printf 'ok: %s\n' "$*"; }
+
+PUBLIC="rite rite-spec rite-adopt rite-temper rite-define rite-vet rite-plan rite-build rite-prove rite-polish rite-review rite-seal rite-ship rite-status rite-doctor rite-resolve rite-pressure-test rite-zoom-out rite-prototype rite-handoff rite-autocomplete"
+INTERNAL="devrites-interview devrites-source-driven devrites-doubt devrites-ux-shape devrites-frontend-craft devrites-browser-proof devrites-debug-recovery devrites-api-interface devrites-audit"
+AGENT_FILES="devrites-spec-reviewer devrites-code-reviewer devrites-test-analyst devrites-frontend-reviewer devrites-security-auditor devrites-performance-reviewer devrites-doubt-reviewer devrites-simplifier-reviewer devrites-strategy-reviewer devrites-plan-reviewer devrites-slice-wright"
+
+# ---- 1. bash -n on every shell script ------------------------------------
+section "bash syntax (bash -n)"
+SH_LIST="$ROOT/install.sh $ROOT/uninstall.sh"
+for f in "$ROOT"/scripts/*.sh "$ROOT"/tests/*.sh "$ROOT"/pack/.claude/skills/*/scripts/*.sh; do [ -f "$f" ] && SH_LIST="$SH_LIST $f"; done
+for f in $SH_LIST; do
+  if bash -n "$f" 2>/tmp/dr_synerr; then good "syntax ${f#$ROOT/}"; else bad "syntax ${f#$ROOT/}: $(cat /tmp/dr_synerr)"; fi
+done
+
+# ---- 2. python syntax ----------------------------------------------------
+section "python syntax"
+if command -v python3 >/dev/null 2>&1; then
+  for f in "$ROOT"/scripts/*.py; do
+    [ -f "$f" ] || continue
+    if python3 -c "import py_compile,sys; py_compile.compile('$f', doraise=True)" 2>/tmp/dr_pyerr; then
+      good "compiles ${f#$ROOT/}"; else bad "py ${f#$ROOT/}: $(cat /tmp/dr_pyerr)"; fi
+  done
+else
+  echo "skip: python3 not found"
+fi
+
+# ---- 2b. MCP server syntax (node --check) --------------------------------
+section "mcp server syntax (node --check)"
+if command -v node >/dev/null 2>&1; then
+  found=0
+  for f in "$ROOT"/mcp/*.mjs; do
+    [ -f "$f" ] || continue; found=1
+    if node --check "$f" 2>/tmp/dr_mjs; then good "node --check ${f#$ROOT/}"; else bad "node --check ${f#$ROOT/}: $(cat /tmp/dr_mjs)"; fi
+  done
+  [ "$found" -eq 0 ] && echo "skip: no mcp/*.mjs"
+else
+  echo "skip: node not found"
+fi
+
+# ---- 3. required skills exist, each with SKILL.md ------------------------
+section "skills present + SKILL.md"
+for s in $PUBLIC $INTERNAL; do
+  if [ -f "$SKILLS/$s/SKILL.md" ]; then good "$s"; else bad "missing skill or SKILL.md: $s"; fi
+done
+# any stray skill dir without SKILL.md?
+for d in "$SKILLS"/*/; do
+  [ -f "${d}SKILL.md" ] || bad "skill dir without SKILL.md: ${d#$PACK/}"
+done
+
+# ---- 4. agents present ---------------------------------------------------
+section "agents present"
+for a in $AGENT_FILES; do
+  if [ -f "$AGENTS/$a.md" ]; then good "$a"; else bad "missing agent: $a"; fi
+done
+
+section "plugin manifest agents list matches pack/.claude/agents"
+PLUGIN_JSON="$ROOT/.claude-plugin/plugin.json"
+if [ -r "$PLUGIN_JSON" ] && command -v python3 >/dev/null 2>&1; then
+  manifest_list="$(python3 -c '
+import json, sys
+m = json.load(open(sys.argv[1]))
+a = m.get("agents", [])
+if isinstance(a, str):
+    a = [a]
+for p in a:
+    print(p.lstrip("./"))
+' "$PLUGIN_JSON" | sort -u)"
+  disk_list="$(cd "$ROOT" && ls pack/.claude/agents/*.md 2>/dev/null | sort -u)"
+  if [ "$manifest_list" = "$disk_list" ]; then
+    good "plugin.json agents array matches pack/.claude/agents/*.md"
+  else
+    bad "plugin.json agents array out of sync with pack/.claude/agents/*.md"
+    diff <(printf '%s\n' "$manifest_list") <(printf '%s\n' "$disk_list") || true
+  fi
+else
+  echo "skip: cannot validate manifest sync (missing python3 or plugin.json)"
+fi
+
+# ---- 5. frontmatter validation ------------------------------------------
+section "frontmatter"
+if command -v python3 >/dev/null 2>&1; then
+  FM_FILES=""
+  for d in "$SKILLS"/*/; do FM_FILES="$FM_FILES ${d}SKILL.md"; done
+  for a in "$AGENTS"/*.md; do FM_FILES="$FM_FILES $a"; done
+  if python3 "$ROOT/scripts/validate-frontmatter.py" $FM_FILES; then good "frontmatter parses"; else bad "frontmatter validation failed"; fi
+else
+  echo "skip: python3 not found"
+fi
+
+# ---- 6. /rite-polish orchestrator references its phase reference files ---
+section "rite-polish orchestrator → reference files"
+for s in reference/code.md reference/ui.md; do
+  if grep -q "$s" "$SKILLS/rite-polish/SKILL.md" 2>/dev/null; then good "rite-polish references $s"; else bad "rite-polish does not reference $s"; fi
+  if [ -f "$SKILLS/rite-polish/$s" ]; then good "$s present"; else bad "$s missing"; fi
+done
+
+# ---- 7. broken reference links -------------------------------------------
+section "reference links resolve"
+if command -v python3 >/dev/null 2>&1; then
+  python3 - "$SKILLS" <<'PY' || fail=1
+import os, re, sys
+skills = sys.argv[1]
+link = re.compile(r"\]\(([^)]+?\.md)\)")
+broken = 0; checked = 0
+for name in os.listdir(skills):
+    sd = os.path.join(skills, name)
+    sm = os.path.join(sd, "SKILL.md")
+    if not os.path.isfile(sm):
+        continue
+    text = open(sm, encoding="utf-8").read()
+    for m in link.finditer(text):
+        tgt = m.group(1)
+        if tgt.startswith("http"):
+            continue
+        checked += 1
+        cands = [
+            os.path.normpath(os.path.join(sd, tgt)),      # skill-dir relative
+            os.path.normpath(os.path.join(skills, tgt)),  # skills-root relative
+        ]
+        if not any(os.path.isfile(c) for c in cands):
+            print("FAIL: broken link in %s/SKILL.md -> %s" % (name, tgt)); broken += 1
+print("checked %d links, %d broken" % (checked, broken))
+sys.exit(1 if broken else 0)
+PY
+  [ "$fail" -eq 0 ] && good "all reference links resolve" || true
+else
+  echo "skip: python3 not found"
+fi
+
+# ---- 8. size advisory (not a hard failure) -------------------------------
+section "SKILL.md size advisory"
+for d in "$SKILLS"/*/; do
+  n=$(wc -l < "${d}SKILL.md" | tr -d ' ')
+  [ "$n" -gt 200 ] && printf 'warn: %s is %s lines (recommended <=180 public / <=160 internal)\n' "$(basename "$d")" "$n"
+done
+echo "ok: size advisory complete"
+
+# ---- 9. DevRites engineering rules present -------------------------------
+section "DevRites rules present"
+if [ -f "$ROOT/pack/.claude/rules/README.md" ] && [ -f "$ROOT/pack/.claude/rules/security.md" ]; then
+  good "pack/.claude/rules present ($(find "$ROOT/pack/.claude/rules" -name '*.md' | wc -l | tr -d ' ') rule files)"
+else
+  bad "DevRites rules missing (need pack/.claude/rules/*.md)"
+fi
+
+# ---- 10. no global writes ------------------------------------------------
+section "no global ~/.claude writes"
+if bash "$ROOT/scripts/check-no-global-writes.sh" >/tmp/dr_glob 2>&1; then good "no-global-writes check passed"; else bad "no-global-writes check failed"; cat /tmp/dr_glob; fi
+
+# ---- 11. principle uniqueness — each canonical heading appears exactly once
+section "principle uniqueness"
+if bash "$ROOT/scripts/check-rule-uniqueness.sh" >/tmp/dr_uniq 2>&1; then
+  cat /tmp/dr_uniq
+  good "rule-uniqueness check passed"
+else
+  cat /tmp/dr_uniq
+  bad "rule-uniqueness check failed (see scripts/check-rule-uniqueness.sh)"
+fi
+
+# ---- 12. version lockstep across manifests -------------------------------
+section "version lockstep (package.json == plugin.json == marketplace.json)"
+if command -v python3 >/dev/null 2>&1; then
+  if python3 - "$ROOT" <<'PY'
+import json, sys, os
+root = sys.argv[1]
+pkg  = json.load(open(os.path.join(root, "package.json")))["version"]
+plug = json.load(open(os.path.join(root, ".claude-plugin/plugin.json")))["version"]
+mkt  = json.load(open(os.path.join(root, ".claude-plugin/marketplace.json")))
+mver = next((p.get("version") for p in mkt.get("plugins", []) if p.get("name") == "devrites"), None)
+print("  package.json     %s" % pkg)
+print("  plugin.json      %s" % plug)
+print("  marketplace.json %s" % mver)
+if pkg == plug == mver and mver is not None:
+    sys.exit(0)
+print("FAIL: version mismatch across manifests")
+sys.exit(1)
+PY
+  then good "versions match across package.json / plugin.json / marketplace.json"; else bad "version mismatch across manifests (run scripts/sync-version.sh)"; fi
+else
+  echo "skip: python3 not found"
+fi
+
+# ---- 13. no runtime-broken pack/.claude/ path in installed prose ---------
+# After install the leading pack/ is stripped, so any literal pack/.claude/rules/
+# or pack/.claude/skills/ in shipped SKILL.md / reference prose is a dead path
+# at runtime. (Repo README/docs links are out of scope — they're GitHub links.)
+section "no literal pack/.claude/ paths in shipped skill prose"
+# Exclude the intentional resolution-snippet fallback (`... || P=pack/.claude/...`): the
+# preamble snippet tries the installed `.claude/` path first, then `${CLAUDE_SKILL_DIR}`
+# (plugin, best-effort), then the repo `pack/.claude/...` for DevRites self-development.
+PACKPATH_HITS="$(grep -rnI -e 'pack/\.claude/rules/' -e 'pack/\.claude/skills/' "$SKILLS" 2>/dev/null | grep -vE '\|\| [A-Z]+=pack/\.claude/skills/' || true)"
+if [ -n "$PACKPATH_HITS" ]; then
+  bad "literal pack/.claude/ path in shipped skill prose (strips to .claude/ on install):"
+  printf '%s\n' "$PACKPATH_HITS" | sed "s|$ROOT/||"
+else
+  good "no literal pack/.claude/rules/ or pack/.claude/skills/ in shipped skill prose"
+fi
+
+# ---- 14. no false session-start autoload claim ---------------------------
+# DevRites ships no autoload wiring; skills Read .claude/rules/core.md at step 0.
+# Fail if any shipped skill or doc asserts native/session-start autoload.
+section "no false session-start autoload claim"
+AUTOLOAD_HITS="$(grep -rl 'autoloaded by Claude Code' "$ROOT/pack" "$ROOT/docs" "$ROOT/README.md" 2>/dev/null || true)"
+if [ -n "$AUTOLOAD_HITS" ]; then
+  bad "false 'autoloaded by Claude Code' claim — the pack ships no autoload wiring:"
+  printf '%s\n' "$AUTOLOAD_HITS" | sed "s|$ROOT/||"
+else
+  good "no false session-start autoload claim in pack/ docs/ README.md"
+fi
+
+# ---- 15. shellcheck (advisory) -------------------------------------------
+section "shellcheck (advisory)"
+if command -v shellcheck >/dev/null 2>&1; then
+  for f in $SH_LIST; do shellcheck -S warning "$f" || echo "  (shellcheck advisory only — not failing the build)"; done
+else
+  echo "skip: shellcheck not installed (optional)"
+fi
+
+# ---- summary -------------------------------------------------------------
+printf '\n========================================\n'
+if [ "$fail" -eq 0 ]; then printf 'VALIDATION PASSED\n'; else printf 'VALIDATION FAILED\n'; fi
+exit "$fail"