oh-my-customcode 0.101.0 → 0.103.0

package/templates/.claude/skills/{java21-best-practices → java-best-practices}/SKILL.md

@@ -1,13 +1,13 @@
 ---
-name: java21-best-practices
-description: Modern Java 21 patterns from Virtual Threads, Pattern Matching, Records, and Sealed Classes
+name: java-best-practices
+description: Modern Java 25 LTS patterns from Virtual Threads, Pattern Matching, Records, and Sealed Classes
 scope: core
 user-invocable: false
 ---
 
 ## Purpose
 
-Apply modern Java 21 patterns and best practices leveraging the latest language features for clean, performant, and maintainable Java code.
+Apply modern Java 25 LTS patterns and best practices leveraging the latest language features for clean, performant, and maintainable Java code.
 
 ## Core Principles
 
@@ -44,7 +44,7 @@ records:
   example: record Point(int x, int y) {}
 ```
 
-Reference: guides/java21/java-style-guide.md
+Reference: guides/java/java-style-guide.md
 
 ### 2. Virtual Threads (JEP 444)
 
@@ -65,7 +65,7 @@ antipatterns:
   - "synchronized blocks in Virtual Thread code — use ReentrantLock instead"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 3. Pattern Matching
 
@@ -80,7 +80,7 @@ switch_patterns:
   null_handling: "case null supported in switch"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 4. Records (JEP 395)
 
@@ -100,7 +100,7 @@ antipatterns:
   - "Using records for entities with behavior — prefer classes"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 5. Record Patterns (JEP 440)
 
@@ -111,7 +111,7 @@ patterns:
   nested: "Nested record patterns for deep destructuring"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 6. Sealed Classes (JEP 409)
 
@@ -124,7 +124,7 @@ principles:
 pattern: "sealed interface with record implementations, exhaustive switch (no default needed)"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 7. Sequenced Collections (JEP 431)
 
@@ -136,7 +136,7 @@ principles:
 methods: "getFirst(), getLast(), addFirst(), addLast(), reversed(), firstEntry()"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 8. Text Blocks and String Features
 
@@ -146,7 +146,7 @@ patterns:
   formatted: "String.formatted() for template substitution (since Java 15)"
 ```
 
-Reference: guides/java21/modern-java21.md
+Reference: guides/java/modern-java.md
 
 ### 9. Error Handling
 
@@ -162,7 +162,7 @@ patterns:
   multi_catch: "catch (IOException | SQLException e) for related exceptions"
 ```
 
-Reference: guides/java21/java-style-guide.md
+Reference: guides/java/java-style-guide.md
 
 ### 10. Documentation
 
@@ -174,11 +174,11 @@ best_practices:
   - Keep Javadoc focused on "what", not "how"
 ```
 
-Reference: guides/java21/java-style-guide.md
+Reference: guides/java/java-style-guide.md
 
 ## Application
 
-When writing or reviewing Java 21 code:
+When writing or reviewing Java 25 LTS code:
 
 1. **Use** Records for pure data classes over verbose POJOs
 2. **Use** Sealed Classes + Pattern Matching for type hierarchies

package/templates/.claude/skills/kafka-best-practices/SKILL.md

@@ -1,12 +1,14 @@
 ---
 name: kafka-best-practices
-description: Apache Kafka best practices for event streaming, topic design, and producer-consumer patterns
+description: Apache Kafka 4.2 best practices for event streaming, topic design, and producer-consumer patterns
 scope: core
 user-invocable: false
 ---
 
 # Apache Kafka Best Practices
 
+> **Version**: Kafka 4.2.0. ZooKeeper is fully removed in Kafka 4.x — use KRaft mode for all cluster deployments.
+
 ## Producer Patterns
 
 ### Idempotent Producer (CRITICAL)

package/templates/.claude/skills/multi-model-verification/SKILL.md

@@ -128,3 +128,5 @@ Multi-model verification uses 3x the tokens of a single review. Reserve for:
 - Security-sensitive modifications
 - Architecture decisions
 - Pre-release verification
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/playwright-compress/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: playwright-compress
+description: PostToolUse hook that compresses Playwright MCP tool output using Haiku summarization — Layer 4 of the token defense stack
+scope: core
+version: 1.0.0
+user-invocable: false
+disable-model-invocation: true
+---
+
+# Playwright MCP Output Compression (Layer 4)
+
+## Purpose
+
+Reduces Playwright MCP tool output tokens by 94-96% using intelligent Haiku summarization while preserving `ref=` values for interactive flow continuity.
+
+## Architecture
+
+```
+MCP tool response (37K+ chars)
+  ↓ PostToolUse hook
+  ↓ playwright-compress.sh
+  ↓ claude -p --model haiku (summarize)
+  ↓ updatedMCPToolOutput (1.4K-1.9K chars)
+```
+
+## Token Defense Stack Position
+
+| Layer | Component | Mechanism | Scope |
+|-------|-----------|-----------|-------|
+| 1 | cc-token-saver | Time-based budget alerts | Session |
+| 2 | R013 Ecomode | Context-aware output compression | Agent |
+| 3 | MAX_MCP_OUTPUT_TOKENS | Hard truncation (lossy) | Setting |
+| **4** | **playwright-compress** | **Intelligent summarization (lossless ref=)** | **Hook** |
+
+## Behavior
+
+- **Trigger**: PostToolUse on `mcp__playwright__.*` tools
+- **Skip condition**: Output < 3000 characters (not worth compressing)
+- **ref= preservation**: All `ref=` attribute values are extracted and preserved in the summary
+- **Fallback**: If Haiku summarization fails, original output is returned unchanged
+- **Auth**: Uses Claude subscription auth (`claude -p`), no API key needed
+
+## Integration
+
+| Rule | Interaction |
+|------|-------------|
+| R001 | No external data transmission — uses local `claude -p` |
+| R013 | Complements Ecomode (Layer 2) with MCP-specific compression |
+| R021 | Advisory PostToolUse hook — never blocks |
+
+## Hook Configuration
+
+Configured in `.claude/hooks/hooks.json` PostToolUse section:
+
+```json
+{
+  "matcher": "mcp_tool_name matches \"mcp__playwright__.*\" || mcp_tool_name matches \"mcp__claude-in-chrome__.*\"",
+  "hooks": [{
+    "type": "command",
+    "command": "bash .claude/hooks/scripts/playwright-compress.sh"
+  }],
+  "description": "Layer 4: Compress Playwright/Chrome MCP output via Haiku summarization"
+}
+```
+
+## Source
+
+Adapted from [treesoop/claude-native-plugin](https://github.com/treesoop/claude-native-plugin) playwright-optimizer (MIT).

package/templates/.claude/skills/pr-auto-improve/SKILL.md

@@ -96,7 +96,7 @@ User: "improve PR #215"
 | *.py | lang-python-expert |
 | *.go | lang-golang-expert |
 | *.kt | lang-kotlin-expert |
-| *.java | lang-java21-expert |
+| *.java | lang-java-expert |
 | *.rs | lang-rust-expert |
 | Test files | qa-engineer |
 | Docs, README | arch-documenter |

package/templates/.claude/skills/product-strategy/SKILL.md

@@ -0,0 +1,82 @@
+---
+name: product-strategy
+description: YC-style product strategy assessment with forced questions and CEO scope modes — adapted from gstack /office-hours pattern
+scope: core
+version: 1.0.0
+user-invocable: true
+argument-hint: "[product/feature name]"
+effort: high
+---
+
+# Product Strategy Assessment
+
+## Purpose
+
+Forces rigorous product thinking by applying YC's 6 mandatory questions before any major feature decision. Prevents "build first, think later" anti-pattern.
+
+## Usage
+
+```
+/product-strategy "new authentication system"
+/product-strategy "API rate limiting redesign"
+```
+
+## Workflow
+
+### Phase 1: YC Forced Questions
+
+Before any implementation planning, answer ALL 6 questions. Incomplete answers block Phase 2.
+
+| # | Question | Must Answer |
+|---|----------|-------------|
+| 1 | **Who is the user?** | Specific persona, not "everyone" |
+| 2 | **What problem does this solve?** | Observable behavior, not assumed need |
+| 3 | **How do they solve it today?** | Current workaround — if none exists, question the need |
+| 4 | **Why is this solution better?** | Measurable improvement, not "it's newer" |
+| 5 | **What's the smallest version that validates the hypothesis?** | MVP scope — ruthlessly cut |
+| 6 | **How will you know it worked?** | Success metric, measurable within 2 weeks |
+
+### Phase 2: CEO Scope Mode Assessment
+
+Categorize the feature into one of 4 modes:
+
+| Mode | Signal | Action |
+|------|--------|--------|
+| **Expansion** | Strong user signal + clear gap | Full implementation, invest aggressively |
+| **Selective** | Mixed signals, some demand | Targeted implementation, measure before expanding |
+| **Hold** | Low signal, maintenance only | Keep working, no new investment |
+| **Reduction** | Negative signal, cost > value | Phase out, redirect resources |
+
+### Phase 3: Output
+
+Generate structured assessment:
+
+```markdown
+## Product Strategy: {feature}
+
+### YC Assessment
+1. User: {answer}
+2. Problem: {answer}
+3. Current solution: {answer}
+4. Why better: {answer}
+5. MVP: {answer}
+6. Success metric: {answer}
+
+### Scope Mode: {Expansion|Selective|Hold|Reduction}
+Rationale: {why this mode}
+
+### Recommendation
+{Go / No-Go / Needs more data}
+Next step: {specific action}
+```
+
+## Integration
+
+| Rule | Interaction |
+|------|-------------|
+| R010 | Orchestrator invokes skill; no file writes |
+| R015 | Transparent assessment — user sees all reasoning |
+
+## Source
+
+Adapted from [garrytan/gstack](https://github.com/garrytan/gstack) /office-hours + /plan-ceo-review patterns.

package/templates/.claude/skills/research/SKILL.md

@@ -491,3 +491,5 @@ Agent(
 | dag-orchestration | Phase sequencing follows DAG pattern |
 | result-aggregation | Team results formatted per aggregation skill |
 | multi-model-verification | Phase 2 uses multi-model verification pattern |
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/spark-best-practices/SKILL.md

@@ -1,12 +1,14 @@
 ---
 name: spark-best-practices
-description: Apache Spark best practices for PySpark and Scala distributed data processing
+description: Apache Spark 4.0.2 best practices for PySpark and Scala distributed data processing
 scope: core
 user-invocable: false
 ---
 
 # Apache Spark Best Practices
 
+> **Version**: Spark 4.0.2. Key changes from Spark 3.x: ANSI mode is now **default** (stricter SQL type coercion and overflow checks), and Spark Connect provides a decoupled client-server protocol for remote Spark access.
+
 ## Performance Optimization
 
 ### Broadcast Joins (CRITICAL)

package/templates/.claude/skills/springboot-best-practices/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: springboot-best-practices
-description: Spring Boot patterns for enterprise Java applications
+description: Spring Boot 4.0 patterns for enterprise Java 25 applications
 scope: core
 user-invocable: false
 ---

package/templates/.claude/skills/task-decomposition/SKILL.md

@@ -48,6 +48,12 @@ Before decomposing, select the appropriate workflow pattern:
    ├── Map subtasks to agents (use routing skills)
    └── Generate DAG workflow spec
 
+2.5. Validate granularity against pipeline-guards limits:
+     ├── For each subtask, estimate file count
+     ├── If files > 10 → emit advisory: [Guard] ⚠ Subtask "{id}" assigned {n} files (> 10) — splitting by layer
+     ├── If files > 15 → emit hard warning: [Guard] 🛑 Subtask "{id}" assigned {n} files (> 15) — must split
+     └── Auto-split oversized subtasks by layer/domain until all ≤ 10
+
 3. Present plan to user (R015 transparency)
    ├── Show decomposed subtasks with agents
    ├── Show dependency graph
@@ -172,10 +178,43 @@ A subtask is **atomic** when it meets ALL of:
 - Single concern (one logical change)
 - Independently testable outcome
 - < 15 minutes estimated duration
-- < 3 files affected
+- < 3 files affected (ideal atomic size)
+- MUST NOT exceed 10 files (pipeline-guards advisory threshold)
+- If > 10 files unavoidable → emit [Guard] warning and split by layer/domain
+- > 15 files is a hard violation — always split further (pipeline-guards hard cap)
 
 If a subtask is not atomic → decompose further (max 2 levels deep).
 
+## Granularity Validation
+
+After decomposition, validate each subtask against pipeline-guards file limits:
+
+| Subtask Files | Action |
+|---------------|--------|
+| ≤ 3 | Ideal atomic size — no action |
+| 4-10 | Acceptable — proceed without warning |
+| 11-15 | Advisory warning, attempt further split |
+| > 15 | Hard warning, MUST split before execution |
+
+### Validation Process
+
+For each decomposed subtask:
+1. Count estimated files
+2. If > 10:
+   a. Emit: `[Guard] ⚠ Subtask "{id}" assigned {n} files (> 10) — splitting by layer`
+   b. Attempt split by: layer (domain → adapter → handler) or domain separation
+   c. Re-validate split results
+3. If > 15 after split attempt:
+   a. Emit: `[Guard] 🛑 Subtask "{id}" still has {n} files (> 15) — requires user override`
+   b. Pause for user confirmation before proceeding
+
+### Generated DAG Adjustment
+
+When granularity validation triggers a split, update the DAG spec:
+- Original node is replaced by 2+ child nodes
+- Dependencies are preserved (children inherit parent's deps)
+- `max_parallel` in config respects R009 limits (soft: 4, hard: 5)
+
 ## Skip Decomposition When
 
 | Condition | Reason |
@@ -185,6 +224,10 @@ If a subtask is not atomic → decompose further (max 2 levels deep).
 | User explicitly requests "just do it" | User override |
 | Single domain, single agent | No parallelization benefit |
 
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.
+
 ## Integration
 
 | Component | Integration |
@@ -195,3 +238,4 @@ If a subtask is not atomic → decompose further (max 2 levels deep).
 | R010 | Decomposition happens in orchestrator only |
 | R015 | Plan displayed before execution for user approval |
 | R018 | 3+ agents in plan → check Agent Teams eligibility |
+| pipeline-guards | Validates subtask file count against 10/15 granularity limits |

package/templates/.claude/skills/update-docs/SKILL.md

@@ -99,7 +99,7 @@ Scanning project structure...
 
 Agents:
   ✓ 15 agents found in .claude/agents/
-  ✗ Missing: lang-java21-expert.md (referenced but not found)
+  ✗ Missing: lang-java-expert.md (referenced but not found)
 
 Skills:
   ✓ 13 skills found in .claude/skills/
@@ -123,7 +123,7 @@ Run "/update-docs" to fix.
 Syncing documentation with project structure...
 
 [1/3] Verifying agents
-  - Removed reference: lang-java21-expert (not found)
+  - Removed reference: lang-java-expert (not found)
   ✓ 15 → 14 agents
 
 [2/3] Verifying skills

package/templates/.claude/skills/worker-reviewer-pipeline/SKILL.md

@@ -163,3 +163,5 @@ config: {max_iterations: 1, quality_gate: majority_pass}
 - Worker and Reviewer must be different agent instances (same type allowed)
 - Nested pipelines not supported (use dag-orchestration for complex flows)
 - Pipeline does not auto-commit; orchestrator decides post-pipeline actions
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/CLAUDE.md

@@ -103,6 +103,7 @@ oh-my-customcode로 구동됩니다.
 | 릴리즈 | `/pipeline auto-dev`, `/omcustom-release-notes`, `/release-plan` | 자동 개발, 릴리즈 노트 |
 | 리서치 | `/research`, `/scout`, `/deep-plan`, `/omcustom:agora` | 병렬 분석, URL 평가, 연구 계획 |
 | 메모리 | `/memory-save`, `/memory-recall` | 세션 메모리 관리 |
+| 최적화 | `/token-efficiency-audit` | 토큰 효율 감사 (3계층 방어 스택) |
 | 시스템 | `/omcustom:lists`, `/omcustom:status`, `/omcustom:help` | 전체 목록, 상태, 도움말 |
 
 > 전체 커맨드 목록 (60+ 커맨드): `/omcustom:lists` 실행
@@ -114,11 +115,11 @@ project/
 +-- CLAUDE.md                    # 진입점
 +-- .claude/
 |   +-- agents/                  # 서브에이전트 정의 (48 파일)
-|   +-- skills/                  # 스킬 (109 디렉토리)
+|   +-- skills/                  # 스킬 (112 디렉토리)
 |   +-- rules/                   # 전역 규칙 (R000-R022)
 |   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
 |   +-- contexts/                # 컨텍스트 파일 (ecomode)
-+-- guides/                      # 레퍼런스 문서 (39 토픽)
++-- guides/                      # 레퍼런스 문서 (40 토픽)
 ```
 
 ## 오케스트레이션
@@ -161,7 +162,7 @@ oh-my-customcode는 소프트웨어 컴파일과 동일한 구조를 따릅니
 
 | 타입 | 수량 | 에이전트 |
 |------|------|----------|
-| SW Engineer/Language | 6 | lang-golang-expert, lang-python-expert, lang-rust-expert, lang-kotlin-expert, lang-typescript-expert, lang-java21-expert |
+| SW Engineer/Language | 6 | lang-golang-expert, lang-python-expert, lang-rust-expert, lang-kotlin-expert, lang-typescript-expert, lang-java-expert |
 | SW Engineer/Backend | 6 | be-fastapi-expert, be-springboot-expert, be-go-backend-expert, be-express-expert, be-nestjs-expert, be-django-expert |
 | SW Engineer/Frontend | 5 | fe-vercel-agent, fe-vuejs-agent, fe-svelte-agent, fe-flutter-agent, fe-design-expert |
 | SW Engineer/Tooling | 4 | tool-npm-expert, tool-optimizer, tool-bun-expert, slack-cli-expert |

package/templates/guides/airflow/README.md

@@ -1,10 +1,10 @@
-# Apache Airflow Guide (3.1.8)
+# Apache Airflow Guide (3.2.0)
 
-Reference documentation for Apache Airflow 3.1.8 DAG development best practices.
+Reference documentation for Apache Airflow 3.2.0 DAG development best practices.
 
 ## Source
 
-Based on [Apache Airflow 3.1.8 official documentation](https://airflow.apache.org/docs/apache-airflow/3.1.8/) and [Astronomer best practices](https://docs.astronomer.io/).
+Based on [Apache Airflow 3.2.0 official documentation](https://airflow.apache.org/docs/apache-airflow/3.2.0/) and [Astronomer best practices](https://docs.astronomer.io/).
 
 ## Airflow 3.x Key Changes
 
@@ -39,9 +39,9 @@ This guide is referenced by:
 
 ## External Resources
 
-- [Airflow 3.1.8 Official Docs](https://airflow.apache.org/docs/apache-airflow/3.1.8/)
-- [Airflow 3.1.8 Best Practices](https://airflow.apache.org/docs/apache-airflow/3.1.8/best-practices.html)
-- [Airflow Task SDK](https://airflow.apache.org/docs/apache-airflow/3.1.8/authoring-and-scheduling/index.html)
-- [Airflow TaskFlow API](https://airflow.apache.org/docs/apache-airflow/3.1.8/core-concepts/taskflow.html)
-- [Migration Guide 2.x → 3.x](https://airflow.apache.org/docs/apache-airflow/3.1.8/migration-guide.html)
+- [Airflow 3.2.0 Official Docs](https://airflow.apache.org/docs/apache-airflow/3.2.0/)
+- [Airflow 3.2.0 Best Practices](https://airflow.apache.org/docs/apache-airflow/3.2.0/best-practices.html)
+- [Airflow Task SDK](https://airflow.apache.org/docs/apache-airflow/3.2.0/authoring-and-scheduling/index.html)
+- [Airflow TaskFlow API](https://airflow.apache.org/docs/apache-airflow/3.2.0/core-concepts/taskflow.html)
+- [Migration Guide 2.x → 3.x](https://airflow.apache.org/docs/apache-airflow/3.2.0/migration-guide.html)
 - [Astronomer Docs](https://docs.astronomer.io/)

package/templates/guides/browser-automation/01-browser-automation-patterns.md

@@ -0,0 +1,68 @@
+# Browser Automation Patterns for AI Agents
+
+## Overview
+
+Reference guide for AI-controlled browser automation patterns, focusing on integration with Claude Code and MCP-based browser tools.
+
+## Patterns
+
+### 1. MCP-based Browser Control (Recommended)
+
+Use MCP tools (`mcp__claude-in-chrome__*` or `mcp__playwright__*`) for browser interaction:
+
+```
+Agent → MCP tool call → Browser extension/Playwright → Page interaction
+```
+
+**Advantages**: Native integration, no external dependencies, permission-controlled.
+
+### 2. Cookie-Based Authentication
+
+For testing authenticated flows, import cookies from a real browser session:
+
+```bash
+# Export cookies from browser (DevTools → Application → Cookies)
+# Import into Playwright context for authenticated testing
+```
+
+**Use case**: QA testing of authenticated pages without re-implementing login flows.
+
+### 3. Anti-Bot Stealth Patterns
+
+When automating against sites with bot detection:
+- Use realistic viewport sizes and user agents
+- Add human-like delays between actions
+- Randomize mouse movement patterns
+- Respect robots.txt and rate limits
+
+**Caution**: Only use for authorized testing on your own applications.
+
+### 4. Cross-AI Vendor Orchestration
+
+Multiple AI agents can share browser sessions via:
+- Shared MCP server connection
+- ngrok tunnels for remote access (scoped tokens for security)
+- Agent Teams (R018) for coordination
+
+## Tools Available in oh-my-customcode
+
+| Tool | Scope | Configuration |
+|------|-------|---------------|
+| `mcp__claude-in-chrome__*` | Chrome DevTools Protocol | MCP server in settings |
+| `mcp__playwright__*` | Playwright automation | MCP server in settings |
+| `playwright-compress` | Output compression (Layer 4) | PostToolUse hook |
+
+## Security Considerations
+
+| Concern | Mitigation |
+|---------|-----------|
+| Credential exposure | Never hardcode credentials; use env vars or cookie import |
+| External data transmission | R001 compliance — no PII to external services |
+| Rate limiting | Respect target site limits; implement backoff |
+| Scope creep | Only automate your own applications or authorized targets |
+
+## References
+
+- [garrytan/gstack](https://github.com/garrytan/gstack) — /browse, /pair-agent patterns
+- [playwright.dev](https://playwright.dev) — Official Playwright documentation
+- [Chrome DevTools Protocol](https://chromedevtools.github.io/devtools-protocol/) — CDP reference