memory-journal-mcp 7.1.0 → 7.3.0

package/dist/cli.js

@@ -1,7 +1,7 @@
-import { VERSION, createServer } from './chunk-GW5DYUQJ.js';
-import { DEFAULT_AUDIT_LOG_MAX_SIZE_BYTES } from './chunk-JEGRDY6W.js';
+import { VERSION, createServer } from './chunk-CHWIPVQN.js';
+import { DEFAULT_AUDIT_LOG_MAX_SIZE_BYTES } from './chunk-ZJJD2F5T.js';
 import './chunk-OKOVZ5QE.js';
-import { logger } from './chunk-37BQOJDZ.js';
+import { logger } from './chunk-WXDEVIFL.js';
 import { Command } from 'commander';
 import * as fs from 'fs';
 
@@ -39,6 +39,9 @@ program.name("memory-journal-mcp").description("Project context management for A
   "--sandbox-mode <mode>",
   'Code Mode sandbox: "worker" (production, default) or "vm" (lightweight)',
   "worker"
+).option(
+  "--codemode-max-result-size <bytes>",
+  "Maximum Code Mode result size in bytes (default: 102400 / 100KB, env: CODE_MODE_MAX_RESULT_SIZE)"
 ).option("--oauth-enabled", "Enable OAuth 2.1 authentication (env: OAUTH_ENABLED)").option("--oauth-issuer <url>", "OAuth issuer URL (env: OAUTH_ISSUER)").option("--oauth-audience <audience>", "OAuth audience (env: OAUTH_AUDIENCE)").option("--oauth-jwks-uri <uri>", "OAuth JWKS URI (env: OAUTH_JWKS_URI)").option(
   "--oauth-clock-tolerance <seconds>",
   "OAuth clock tolerance in seconds (default: 60)",
@@ -61,6 +64,10 @@ program.name("memory-journal-mcp").description("Project context management for A
   "--briefing-entries <count>",
   "Number of journal entries in briefing (env: BRIEFING_ENTRY_COUNT)",
   "3"
+).option(
+  "--briefing-summaries <count>",
+  "Number of session summaries to show in briefing (env: BRIEFING_SUMMARY_COUNT)",
+  "1"
 ).option(
   "--briefing-include-team",
   "Include team DB entries in briefing (env: BRIEFING_INCLUDE_TEAM)"
@@ -75,6 +82,10 @@ program.name("memory-journal-mcp").description("Project context management for A
 ).option(
   "--briefing-pr-status",
   "Show PR status breakdown in briefing (env: BRIEFING_PR_STATUS)"
+).option(
+  "--briefing-milestones <count>",
+  "Number of milestones to list in briefing; 0 = hide (env: BRIEFING_MILESTONE_COUNT)",
+  "3"
 ).option(
   "--rules-file <path>",
   "Path to user rules file for awareness in briefing (env: RULES_FILE_PATH)"
@@ -106,6 +117,10 @@ program.name("memory-journal-mcp").description("Project context management for A
       ...options.teamDb ? { teamDb: options.teamDb } : {},
       ...host ? { host } : {}
     });
+    const codemodeMaxResultSize = options.codemodeMaxResultSize ?? process.env["CODE_MODE_MAX_RESULT_SIZE"];
+    if (codemodeMaxResultSize) {
+      process.env["CODE_MODE_MAX_RESULT_SIZE"] = codemodeMaxResultSize;
+    }
     try {
       const auditLogPath = options.auditLog ?? process.env["AUDIT_LOG_PATH"];
       const auditConfig = auditLogPath ? {
@@ -143,7 +158,10 @@ program.name("memory-journal-mcp").description("Project context management for A
         oauthIssuer: options.oauthIssuer ?? process.env["OAUTH_ISSUER"],
         oauthAudience: options.oauthAudience ?? process.env["OAUTH_AUDIENCE"],
         oauthJwksUri: options.oauthJwksUri ?? process.env["OAUTH_JWKS_URI"],
-        oauthClockTolerance: parseInt(options.oauthClockTolerance, 10),
+        oauthClockTolerance: parseInt(
+          process.env["OAUTH_CLOCK_TOLERANCE"] ?? options.oauthClockTolerance,
+          10
+        ),
         // Project Registry
         projectRegistry: (() => {
           const raw = process.env["PROJECT_REGISTRY"];
@@ -164,6 +182,10 @@ program.name("memory-journal-mcp").description("Project context management for A
             process.env["BRIEFING_ENTRY_COUNT"] ?? options.briefingEntries,
             10
           ),
+          summaryCount: parseInt(
+            process.env["BRIEFING_SUMMARY_COUNT"] ?? options.briefingSummaries,
+            10
+          ),
           includeTeam: options.briefingIncludeTeam ?? process.env["BRIEFING_INCLUDE_TEAM"] === "true",
           issueCount: parseInt(
             process.env["BRIEFING_ISSUE_COUNT"] ?? options.briefingIssues,
@@ -174,6 +196,10 @@ program.name("memory-journal-mcp").description("Project context management for A
             10
           ),
           prStatusBreakdown: options.briefingPrStatus ?? process.env["BRIEFING_PR_STATUS"] === "true",
+          milestoneCount: parseInt(
+            process.env["BRIEFING_MILESTONE_COUNT"] ?? options.briefingMilestones,
+            10
+          ),
           rulesFilePath: options.rulesFile ?? process.env["RULES_FILE_PATH"] ?? void 0,
           skillsDirPath: options.skillsDir ?? process.env["SKILLS_DIR_PATH"] ?? void 0,
           workflowCount: parseInt(

package/dist/github-integration-YODGZH3K.js

@@ -0,0 +1 @@
+export { GitHubIntegration } from './chunk-WXDEVIFL.js';

package/dist/index.d.ts

@@ -510,7 +510,7 @@ type SandboxMode = 'vm' | 'worker';
 /**
  * Tool group definitions mapping group names to tool names
  *
- * All 65 tools are categorized here for filtering support.
+ * All 67 tools are categorized here for filtering support.
  */
 declare const TOOL_GROUPS: Record<ToolGroup, string[]>;
 /**
@@ -575,6 +575,8 @@ declare function getFilterSummary(filterConfig: ToolFilterConfig): string;
 interface BriefingConfig {
     /** Number of recent journal entries to include (default: 3) */
     entryCount: number;
+    /** Number of recent session summaries to display (default: 1) */
+    summaryCount?: number;
     /** Include team DB entries in briefing preview (default: false) */
     includeTeam: boolean;
     /** Number of open issues to list with titles; 0 = count only (default: 0) */
@@ -583,6 +585,8 @@ interface BriefingConfig {
     prCount: number;
     /** Show PR status breakdown (open/merged/closed) instead of simple count (default: false) */
     prStatusBreakdown: boolean;
+    /** Number of milestones to list in briefing; 0 = hide (default: 3) */
+    milestoneCount?: number;
     /** Path to the user's rules file (e.g., .gemini/GEMINI.md) for awareness in briefing */
     rulesFilePath?: string;
     /** Path to the user's skills directory for awareness in briefing */

package/dist/index.js

@@ -1,7 +1,7 @@
-export { VERSION, createServer } from './chunk-GW5DYUQJ.js';
-export { META_GROUPS, TOOL_GROUPS, calculateTokenSavings, filterTools, getAllToolNames, getFilterSummary, getToolFilterFromEnv, getToolGroup, isToolEnabled, parseToolFilter } from './chunk-JEGRDY6W.js';
+export { VERSION, createServer } from './chunk-CHWIPVQN.js';
+export { META_GROUPS, TOOL_GROUPS, calculateTokenSavings, filterTools, getAllToolNames, getFilterSummary, getToolFilterFromEnv, getToolGroup, isToolEnabled, parseToolFilter } from './chunk-ZJJD2F5T.js';
 import './chunk-OKOVZ5QE.js';
-export { logger } from './chunk-37BQOJDZ.js';
+export { logger } from './chunk-WXDEVIFL.js';
 
 // src/types/index.ts
 var DEFAULT_CONFIG = {

package/dist/{tools-O44Q52RD.js → tools-MNMGDTQI.js}

@@ -1,3 +1,3 @@
-export { callTool, getGlobalAuditLogger, getTools, initializeAuditLogger } from './chunk-JEGRDY6W.js';
+export { callTool, getGlobalAuditLogger, getTools, initializeAuditLogger } from './chunk-ZJJD2F5T.js';
 import './chunk-OKOVZ5QE.js';
-import './chunk-37BQOJDZ.js';
+import './chunk-WXDEVIFL.js';

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "memory-journal-mcp",
-    "version": "7.1.0",
+    "version": "7.3.0",
     "description": "Project context management for AI-assisted development - Persistent knowledge graphs and intelligent context recall across fragmented AI threads",
     "type": "module",
     "main": "dist/index.js",
@@ -17,8 +17,8 @@
     "scripts": {
         "build": "tsup",
         "dev": "tsc --watch",
-        "lint": "eslint src/",
-        "lint:fix": "eslint src/ --fix",
+        "lint": "eslint src/ tests/",
+        "lint:fix": "eslint src/ tests/ --fix",
         "typecheck": "tsc --noEmit",
         "check": "npm run lint && npm run typecheck",
         "test": "vitest run",
@@ -76,7 +76,7 @@
         "@playwright/test": "^1.59.1",
         "@types/better-sqlite3": "^7.6.13",
         "@types/express": "^5.0.6",
-        "@types/node": "^25.5.2",
+        "@types/node": "^25.6.0",
         "@vitest/coverage-v8": "^4.1.3",
         "eslint": "^10.2.0",
         "globals": "^17.4.0",

package/skills/README.md

@@ -0,0 +1,77 @@
+# neverinfamous-agent-skills
+
+Reusable instruction sets that establish permanent AI behavior paradigms and extend agent capabilities for specialized tasks.
+
+## Installation & Distribution
+
+This directory is published as a standalone internal NPM package. Developers can pull the latest skills into their local workspaces by running:
+
+```bash
+npx neverinfamous-agent-skills@latest
+```
+
+This command will automatically download and synchronize the latest `SKILL.md` files into `./.agents/skills/`.
+
+## Structure
+
+```
+skills/
+└── <skill-name>/
+    ├── SKILL.md          # Main instruction file (required)
+    ├── scripts/          # Helper scripts and utilities
+    ├── examples/         # Reference implementations
+    └── resources/        # Templates, assets, reference docs
+```
+
+### SKILL.md Format
+
+Every skill must have a `SKILL.md` with YAML frontmatter:
+
+```yaml
+---
+name: skill-name
+description: When and why to load this skill.
+---
+```
+
+The markdown body contains the full instructions the agent follows once the skill is activated.
+
+## Inventory
+
+| Skill                  | Description                                                                                                           |
+| ---------------------- | --------------------------------------------------------------------------------------------------------------------- |
+| `autonomous-dev`       | Harness for autonomous software development — alignment gates, adversarial agents, Git workflows, and CI/CD pipelines |
+| `bun`                  | Master the Bun all-in-one toolkit — runtime, package manager, test runner, and bundler                                |
+| `github-commander`     | GitHub pipeline workflows for orchestrating issues, regressions, and deployments                                      |
+| `gitlab`               | Specialized assistant skill for managing repositories, code search, and CI/CD in GitLab                               |
+| `golang`               | Master Go development with production-grade best practices from Google and Uber style guides                          |
+| `typescript`           | Enterprise-grade TypeScript development with type-safe patterns, Zod validation, and modern tooling                   |
+| `mysql`                | Enterprise MySQL production rules — query safety, connection pooling, strict schema configurations                    |
+| `playwright-standard`  | Opinionated guidance for Playwright E2E/API tests, Page Object Models, and CI/CD resilience                           |
+| `postgres`             | Advanced PostgreSQL patterns — indexing layouts, JSONB querying, transactional guardrails, and RLS                    |
+| `react-best-practices` | Vercel engineering guidelines for React/Next.js performance, hooks, and bundle optimization                           |
+| `rust`                 | Master Rust development using a layer-based "meta-cognition" framework for borrowing, lifetimes, and architecture     |
+| `shadcn-ui`            | Deep knowledge of shadcn/ui components, patterns, forms, and best practices                                           |
+| `skill-builder`        | Guide for creating, evaluating, and refining agent skills — progressive disclosure, triggers, and testing             |
+| `sqlite`               | Production configurations for concurrency (WAL), typing (STRICT), and data integrity                                  |
+| `vitest-standard`      | Comprehensive unit testing expertise covering Vitest, TDD, mocking strategies, and test architecture                  |
+
+## GitHub Commander Workflows
+
+This package natively bundles the `github-commander` skill, which equips your AI agent with 8 autonomous DevOps workflows for repository stewardship:
+
+- **`issue-triage`**: End-to-end bug replication, PR submission, and Kanban lifecycle linking.
+- **`milestone-sprint`**: Sequential traversal of all open issues mapped to a specific release target.
+- **`pr-review`**: Exhaustive local execution, typechecking, and heuristic code reviews against base branches.
+- **`security-audit`**: Deep Trivy/CodeQL supply chain matrix evaluation.
+- **`code-quality-audit`**: Enforcement of project guidelines, strict-typing boundaries, and import normalization.
+- **`perf-audit`**: Bundle-size constraints, runtime hot-path execution, and CI/CD cache-hit evaluations.
+- **`roadmap-kickoff`**: Parses implementation specifications to sequentially scaffold Epic hierarchies across issues and milestones.
+- **`update-deps`**: Dependency constraint tracking, security patching, and major bump safety tests.
+
+## Adding a Skill
+
+1. Create a new directory: `skills/<skill-name>/`
+2. Add `SKILL.md` with the frontmatter and instructions
+3. Optionally add `scripts/`, `examples/`, or `resources/` sub-directories
+4. The skill auto-registers — agents discover it via the directory listing

package/skills/autonomous-dev/SKILL.md

@@ -0,0 +1,56 @@
+---
+name: autonomous-dev
+description: Harness for autonomous software development. Enforces lifecycle through alignment gates (PROJECT.md), adversarial generator/evaluator agents, CI/CD pipeline automation, and strict Git workflows (Conventional Commits, Branching).
+---
+
+# Autonomous Development Workflow
+
+This skill provides a deterministic software engineering harness, designed to wrap AI code generation with strict alignment gates, adversarial evaluations, CI/CD pipeline principles, and collaborative Git practices. Load this skill when designing or orchestrating multi-step architectural features, automating deployment workflows, or writing code inside a structured environment.
+
+## 1. Project Alignment Gate (PROJECT.md)
+
+Before beginning implementation, you MUST cross-reference the proposed feature against `PROJECT.md` at the repository root.
+
+- **In-Scope**: Proceed with confidence.
+- **Out-of-Scope**: Hard block. Halt work immediately and inform the user.
+- **Constraints**: Abide strictly by the constraints (language, architecture, dependencies) defined in the project file.
+
+## 2. Generator / Evaluator Pipeline
+
+Features cannot simply be written and committed. They must navigate a rigid pipeline based on the adversarial evaluation pattern:
+
+1. **Research**: Analyze local scope and external dependencies via parallel search strategies.
+2. **Planning**: Formulate architecture and acceptance criteria (generator).
+3. **Acceptance Tests FIRST**: Tests must be written before main implementation (TDD).
+4. **Implementation**: Produce code.
+   - _HARD GATE_: 0 test failures. You cannot proceed if tests fail. No stubs/placeholders allowed.
+5. **Adversarial Review**: Self-evaluate the code as a skeptical reviewer (evaluator). Actively search for edge cases, security vulnerabilities, efficiency loss, and anti-patterns.
+6. **Documentation**: Ensure docs stay tightly in sync with the codebase after the feature clears CI.
+
+## 3. Git Workflow & Versioning
+
+Enforce strict version control standards on all changes:
+
+- **Branching**: Use feature branches (`feature/my-feature`), bugfix branches (`fix/bug-name`), or standard trunk-based branching flows depending on the repository context.
+- **Atomic Commits**: Group distinct changes into smaller, logical, single-purpose commits. Do not lump refactoring with new logic.
+- **Conventional Commits**: You MUST format all commits according to the Conventional Commits specification:
+  - `feat: <description>` for new features (MINOR bump)
+  - `fix: <description>` for bug fixes (PATCH bump)
+  - `docs:`, `style:`, `refactor:`, `perf:`, `test:`, `build:`, `ci:`, `chore:` for specific maintenance scopes.
+  - Suffix `!` for breaking changes (e.g., `feat!: remove API v1`) (MAJOR bump).
+
+## 4. Continuous Integration/Deployment (CI/CD)
+
+When designing automation and pipelines:
+
+- **GitHub Actions First**: Prioritize GitHub Actions for CI/CD pipeline orchestration, favoring Reusable Workflows and matrix builds.
+- **Validation Blocks**: Every PR or merge MUST require passing lint, test, and type-check gates.
+- **Automation Constraints**: Automate Semantic Versioning (using conventional commits) to power automated release notes and changelog generation.
+- **Security Scans**: Mandate security scanning (e.g. CodeQL, Trivy) on standard PR flows.
+
+## 5. Context Management & Drift Prevention
+
+As the context window fills up, context anxiety can degrade performance.
+
+- Recognize when the session has spanned too many features or files (e.g., beyond 4-5 features).
+- Use session summaries or persistent memories to bookmark state, clear the context, and resume with a fresh perspective.

package/skills/bin/sync.js

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+
+import fs from 'node:fs'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
+// The source skills directory is the parent of 'bin'
+const sourceDir = path.resolve(__dirname, '..')
+
+// Destination logic: allow argument override, default to %CWD%/.agents/skills
+const destArg = process.argv[2]
+const targetDir = destArg
+    ? path.resolve(process.cwd(), destArg)
+    : path.resolve(process.cwd(), '.agents/skills')
+
+if (!fs.existsSync(targetDir)) {
+    fs.mkdirSync(targetDir, { recursive: true })
+}
+
+console.log(`\x1b[36mSynchronizing neverinfamous-agent-skills to -> ${targetDir}\x1b[0m`)
+
+const items = fs.readdirSync(sourceDir)
+let count = 0
+
+for (const item of items) {
+    // Ignore hidden files and meta-package files
+    if (
+        item.startsWith('.') ||
+        ['bin', 'node_modules', 'package.json', 'package-lock.json', 'README.md'].includes(item)
+    ) {
+        continue
+    }
+
+    const sourcePath = path.join(sourceDir, item)
+    const targetPath = path.join(targetDir, item)
+
+    if (fs.statSync(sourcePath).isDirectory()) {
+        fs.cpSync(sourcePath, targetPath, { recursive: true })
+        console.log(`  \x1b[32m\u2714\x1b[0m ${item}`)
+        count++
+    }
+}
+
+console.log(`\n\x1b[32mSuccessfully synchronized ${count} agent skill modules.\x1b[0m`)
+console.log(`\nNext Steps:`)
+console.log(`  1. Set your SKILLS_DIR_PATH environment variable to: ${targetDir}`)
+console.log(`  2. Restart your MCP server to index the new skills.`)

package/skills/bun/SKILL.md

@@ -0,0 +1,156 @@
+---
+title: Bun Development
+description: Master the Bun all-in-one toolkit — runtime, package manager, test runner, and bundler.
+---
+
+Bun is a fast, all-in-one JavaScript runtime, bundler, test runner, and package manager designed as a drop-in replacement for Node.js. When working on projects that use Bun, AI agents should leverage its integrated tooling and native APIs to maximize performance and simplify development.
+
+This skill synthesizes the best practices for Bun development, giving you the context needed to effectively write, test, and build applications.
+
+---
+
+## 🚀 1. Package Management (`bun install`)
+
+Bun features a deeply optimized package manager. Always use `bun` commands instead of `npm`, `yarn`, or `pnpm` if a project has `bun.lockb` or `bun.lock`.
+
+- **Install all dependencies:** `bun install`
+- **Add a package:** `bun add <package>` (Use `-d` or `--dev` for devDependencies)
+- **Remove a package:** `bun remove <package>`
+- **Run binaries:** `bunx <command>` (The blazing fast equivalent of `npx`)
+
+**Agent Directive:** Never run `npm install` gracefully if `bun.lockb` is present. Always opt for `bun add`.
+
+---
+
+## ⚡ 2. Script Execution (`bun run`)
+
+Run scripts from `package.json` lightning fast:
+
+```bash
+bun run dev
+bun run build
+```
+
+Run TypeScript and JavaScript files natively—no `ts-node`, `tsc`, or build step required:
+
+```bash
+bun run scripts/setup.ts
+bun index.tsx
+```
+
+---
+
+## 🌐 3. Core Runtime APIs
+
+Bun provides deeply optimized, native APIs under the `Bun` global and `bun:*` modules.
+
+### HTTP Server (`Bun.serve`)
+
+Use `Bun.serve()` as the default over Node's `http` or `express` for simple tasks.
+
+```typescript
+const server = Bun.serve({
+  port: 3000,
+  fetch(req) {
+    const url = new URL(req.url)
+    if (url.pathname === '/') return new Response('Hello World!')
+    if (url.pathname === '/json') return Response.json({ success: true })
+    return new Response('Not Found', { status: 404 })
+  },
+})
+console.log(`Listening on localhost:${server.port}`)
+```
+
+### File I/O (`Bun.file()`, `Bun.write()`)
+
+Skip `fs` module when possible. Use Bun's native lazy-loaded File I/O.
+
+```typescript
+const file = Bun.file('package.json')
+const text = await file.text()
+const json = await file.json()
+
+// Writing
+await Bun.write('output.txt', 'Hello world!')
+await Bun.write('data.json', JSON.stringify({ a: 1 }))
+```
+
+### Shell Scripts (`bun:`)
+
+Replace `child_process` and `zx` with the native Bun shell (`$`).
+
+```typescript
+import { $ } from 'bun'
+
+const response = await $`ls -la`.text()
+await $`echo "Built successfully" > status.txt`
+```
+
+### Password Hashing (`Bun.password`)
+
+```typescript
+const hash = await Bun.password.hash('mypassword') // bcrypt by default
+const isMatch = await Bun.password.verify('mypassword', hash)
+```
+
+---
+
+## 🗄️ 4. Native SQLite (`bun:sqlite`)
+
+Bun has a built-in, hyper-optimized SQLite driver. Use it instead of `better-sqlite3` or `sqlite3`.
+
+```typescript
+import { Database } from 'bun:sqlite'
+
+const db = new Database('mydb.sqlite')
+db.run('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT)')
+
+const insert = db.prepare('INSERT INTO users (name) VALUES ($name)')
+insert.run({ $name: 'Alice' })
+
+const query = db.query('SELECT * FROM users;')
+console.log(query.all())
+```
+
+---
+
+## 🧪 5. Testing (`bun test`)
+
+Bun features a native, Jest-compatible test runner. Run tests with `bun test`.
+
+```typescript
+import { describe, it, expect, mock, spyOn } from 'bun:test'
+
+describe('Math API', () => {
+  it('adds numbers correctly', () => {
+    expect(1 + 1).toBe(2)
+  })
+})
+```
+
+- **Coverage:** `bun test --coverage`
+- **Watch mode:** `bun test --watch`
+
+**Agent Directive:** If instructed to add unit tests to a Bun project, use `bun:test` imports and `bun test` instead of installing Jest or Vitest unless explicitly dictated by the user.
+
+---
+
+## 📦 6. Bundling & Executables
+
+Bun can bundle files for browser or Node, and even compile scripts into standalone binaries!
+
+**Bundling:**
+
+```typescript
+await Bun.build({
+  entrypoints: ['./index.ts'],
+  outdir: './dist',
+  minify: true,
+})
+```
+
+**Executables:** Provide instructions to compile binaries using:
+
+```bash
+bun build ./cli.ts --compile --outfile mycli
+```

package/skills/github-commander/SKILL.md

@@ -40,11 +40,11 @@ Load this skill when any of these apply:
 | **Issue Triage**        | `workflows/issue-triage.md`       | Fix a single GitHub issue end-to-end        |
 | **PR Review**           | `workflows/pr-review.md`          | Review a PR with validation pipeline        |
 | **Milestone Sprint**    | `workflows/milestone-sprint.md`   | Work through milestone issues sequentially  |
+| **Roadmap Kickoff**     | `workflows/roadmap-kickoff.md`    | Translate planning epics into Kanban issues |
 | **Update Dependencies** | `workflows/update-deps.md`        | Dependency update with audit trail          |
 | **Security Audit**      | `workflows/security-audit.md`     | Auto-detected security scanning             |
 | **Code Quality Audit**  | `workflows/code-quality-audit.md` | Static code quality analysis                |
 | **Performance Audit**   | `workflows/perf-audit.md`         | Build, bundle, runtime, test speed analysis |
-| **Full Audit**          | `workflows/full-audit.md`         | Unified quality + perf + security audit     |
 
 ## Prerequisites
 

package/skills/github-commander/workflows/code-quality-audit.md

@@ -13,8 +13,9 @@ and a concrete fix suggestion. Group findings by category:
    feature flags
 2. **Duplication** — repeated logic that should be extracted into shared helpers
 3. **Import hygiene** — unused imports, missing imports, circular dependencies
-4. **Type safety** — `any` usage, loose type assertions (`as`), missing return
-   types on exported functions
+4. **Type safety** — `any` usage (use `unknown` instead), loose type assertions
+   (`as` — prefer `satisfies`), missing return types on exported functions,
+   and use of `enum`s (prefer literal union types)
 5. **Error handling** — typed error classes with descriptive messages including
    context. Propagate with stack traces; never silently swallow exceptions
 6. **Logging** — centralized logger with structured payloads. Module-prefixed
@@ -28,8 +29,9 @@ and a concrete fix suggestion. Group findings by category:
    named constants
 10. **Stale markers** — TODO, FIXME, HACK, XXX comments; outdated JSDoc;
     comments that contradict the code
-11. **Security** — unsanitized input, missing validation, overly permissive
-    schemas
+11. **Boundary Validation & Security** — ALWAYS use Zod (or equivalent) to
+    validate external boundaries. Flag blind-casting of payloads. Flag
+    unsanitized SQL interpolation, missing validation, overly permissive schemas
 12. **Performance** — unnecessary allocations in hot paths, missing early
     returns, redundant queries
 13. **Dependency hygiene** — unused dependencies, unlisted peer dependencies
@@ -70,7 +72,7 @@ After human approval:
 2. Run validation gates after all fixes:
    - Gate 1: Lint + Typecheck
    - Gate 2: Build
-   - Gate 3: Tests
+   - Gate 3: Tests _(Agent Note: Ensure OutputCharacterCount >= 10000 on test command execution to fully capture the summary line.)_
 3. Update changelog with audit fixes
 4. Commit with descriptive message:
    ```bash

package/skills/github-commander/workflows/issue-triage.md

@@ -1,3 +1,7 @@
+---
+description: Fix a single assigned GitHub issue end-to-end — from context gathering through validated PR submission
+---
+
 # Issue Triage
 
 Fix a single assigned GitHub issue end-to-end — from context gathering through
@@ -79,7 +83,7 @@ On failure → attempt fix → **HITL checkpoint** after 2 attempts.
 
 ### Gate 3: Unit/Integration Tests
 
-Run `PROJECT_TEST_CMD` (default: `npm run test`).
+Run `PROJECT_TEST_CMD` (default: `npm run test`). _(Agent Note: Ensure OutputCharacterCount >= 10000 on test execution)_
 
 On failure:
 
@@ -90,7 +94,7 @@ On failure:
 
 ### Gate 4: E2E Tests
 
-Run `PROJECT_E2E_CMD` (default: empty = skip).
+Run `PROJECT_E2E_CMD` (default: empty = skip). _(Agent Note: Ensure OutputCharacterCount >= 10000)_
 Skip if not configured. Same failure handling as Gate 3.
 
 ### Gate 5: Security Scans
@@ -217,16 +221,21 @@ Wait for human approval before proceeding to Phase 5.
    gh pr create --base main --title "fix: <description>" --body "Closes #<N>\n\n<summary of changes>"
    ```
 
-6. Journal the PR:
+6. Journal the PR and update the Kanban Board:
    ```
    create_entry({
      content: "Submitted PR #<pr_number> for issue #<N>: <description>. Gates: all passed.",
      entry_type: "pr_submitted",
-     tags: ["commander", "pr"],
+     tags: ["commander", "pr", "kanban_sync"],
      issue_number: <N>,
      pr_number: <pr_number>
    })
    ```
+   _Kanban Sync:_ Using the Project Node IDs anchored in the memory journal during the roadmap kickoff, transition the issue card from "In Progress" to "In Review":
+   ```bash
+   // turbo
+   gh project item-edit --id {ITEM_NODE_ID} --project-id {PROJECT_NODE_ID} --field-id {STATUS_FIELD_ID} --single-select-option-id {IN_REVIEW_OPTION_ID}
+   ```
 
 ## Phase 6 — Session Summary
 

package/skills/github-commander/workflows/milestone-sprint.md

@@ -1,3 +1,7 @@
+---
+description: Work through open issues in a GitHub milestone sequentially, applying the issue-triage workflow to each
+---
+
 # Milestone Sprint
 
 Work through open issues in a GitHub milestone sequentially, applying the
@@ -10,7 +14,11 @@ issue-triage workflow to each.
    ```
    get_github_milestone({ milestone_number: <N> })
    ```
-3. List open issues in the milestone, sorted by priority labels:
+3. Read priority ordering directly from the centralized Project Control Board:
+   ```
+   read_resource("memory://kanban/{project_number}")
+   ```
+   Cross-reference this prioritized sequence with the open milestone issues:
    ```
    get_github_issues({ milestone: <N>, state: "open" })
    ```

package/skills/github-commander/workflows/perf-audit.md

@@ -83,6 +83,8 @@ Run tests with verbose output:
 <PROJECT_TEST_CMD> -- --reporter=verbose
 ```
 
+_(Agent Note: Ensure OutputCharacterCount >= 10000 on test command execution to fully capture the summary line.)_
+
 Report:
 
 - Total suite duration