oh-my-customcode 0.99.3 → 0.100.1

package/README.md

@@ -13,7 +13,7 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-48 agents. 107 skills. 22 rules. One command.
+48 agents. 109 skills. 22 rules. One command.
 
 ```bash
 npm install -g oh-my-customcode && cd your-project && omcustom init
@@ -132,7 +132,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 
 ---
 
-### Skills (107)
+### Skills (109)
 
 | Category | Count | Includes |
 |----------|-------|----------|
@@ -272,7 +272,7 @@ your-project/
 ├── CLAUDE.md                   # Entry point
 ├── .claude/
 │   ├── agents/                 # 48 agent definitions
-│   ├── skills/                 # 107 skill modules
+│   ├── skills/                 # 109 skill modules
 │   ├── rules/                  # 22 governance rules (R000-R021)
 │   ├── hooks/                  # 15 lifecycle hook scripts
 │   ├── schemas/                # Tool input validation schemas

package/dist/cli/index.js

@@ -2334,7 +2334,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.99.3",
+    version: "0.100.1",
     description: "Batteries-included agent harness for Claude Code",
     type: "module",
     bin: {

package/dist/index.js

@@ -2014,7 +2014,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.99.3",
+  version: "0.100.1",
   description: "Batteries-included agent harness for Claude Code",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.99.3",
+  "version": "0.100.1",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/agents/mgr-supplier.md

@@ -16,7 +16,7 @@ tools:
   - Read
   - Grep
   - Glob
-permissionMode: default
+permissionMode: bypassPermissions
 ---
 
 You are a dependency validation specialist ensuring agents have all required skills and guides properly linked.

package/templates/.claude/rules/MUST-permissions.md

@@ -30,3 +30,15 @@ Approve?
 ```
 
 On insufficient permission: do not attempt, notify user, suggest alternative.
+
+## Agent Tool Permission Mode
+
+When spawning subagents via the Agent tool, always pass `mode: "bypassPermissions"` explicitly. The Agent tool's default mode is `acceptEdits`, which **overrides** the agent frontmatter `permissionMode` field.
+
+| Setting | Effect |
+|---------|--------|
+| Agent frontmatter `permissionMode: bypassPermissions` | Ignored if Agent tool `mode` not set |
+| Agent tool `mode: "bypassPermissions"` | **Required** — actually controls subagent permissions |
+| Agent tool `mode` omitted | Defaults to `acceptEdits` → prompts for Bash, WebFetch |
+
+Skills that spawn agents MUST include `mode: "bypassPermissions"` in their Agent tool call instructions. This applies to all routing skills, pipeline skills, and any skill that delegates work to subagents.

package/templates/.claude/skills/adversarial-review/SKILL.md

@@ -78,3 +78,7 @@ Fix: Recommended remediation
 - [ ] Do file operations stay within R002-declared access scope?
 - [ ] Are domain boundaries respected (backend agent not editing frontend files)?
 - [ ] Could an agent's task contract be tightened without losing functionality?
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/deep-plan/SKILL.md

@@ -82,22 +82,39 @@ Phase 2: Reality-Check Planning
    - Each ADOPT item: Does it already exist? Partially implemented?
    - Each ADAPT item: What is the current state to adapt from?
    - Each AVOID item: Are the alternatives already available?
-3. **Gap Analysis**: Build a reconciliation table:
+3. **Deliverable Dependency Verification**: After exploration, verify inter-deliverable dependencies:
+   - For each deliverable pair, check: do they share files, functions, or modules?
+   - Classify each pair: `independent` (parallel-safe), `sequential` (order required), `shared-state` (synchronization needed)
+   - **Default bias**: Assume `independent` unless exploration finds concrete shared state
+   - Build dependency matrix:
 
    ```
-   | Research Finding | Actual Code State | Gap Type | Action |
-   |-----------------|-------------------|----------|--------|
-   | "No caching"    | Redis client exists | Overestimate | Remove from plan |
-   | "Need auth middleware" | No auth layer | Real gap | Keep in plan |
-   | "Migrate to v3" | Already on v3.1 | Overestimate | Remove from plan |
-   | "Add rate limiting" | Basic limiter exists | Partial gap | Adapt existing |
+   | Deliverable A | Deliverable B | Classification | Evidence |
+   |---------------|---------------|----------------|----------|
+   | D1: Auth      | D2: API       | independent    | No shared files |
+   | D1: Auth      | D3: Tests     | sequential     | D3 tests D1 output |
    ```
 
-4. **Refined Plan**: Write implementation plan containing ONLY real gaps:
+   - **Orchestrator override**: The dependency classification is advisory. The orchestrator or user can reclassify pairs when the automated analysis is overly conservative.
+
+4. **Gap Analysis**: Build a reconciliation table:
+
+   ```
+   | Research Finding | Actual Code State | Gap Type | Action | Dependencies |
+   |-----------------|-------------------|----------|--------|-------------|
+   | "No caching"    | Redis client exists | Overestimate | Remove from plan | — |
+   | "Need auth middleware" | No auth layer | Real gap | Keep in plan | D3 (sequential) |
+   | "Migrate to v3" | Already on v3.1 | Overestimate | Remove from plan | — |
+   | "Add rate limiting" | Basic limiter exists | Partial gap | Adapt existing | independent |
+   ```
+
+5. **Refined Plan**: Write implementation plan containing ONLY real gaps:
    - Remove overestimates (already implemented)
    - Adjust partial gaps (adapt, don't rebuild)
    - Prioritize real gaps by impact
-5. **User Approval**: `ExitPlanMode` presents the refined plan for user review
+6. **User Approval**: `ExitPlanMode` presents the refined plan for user review
+   - Include dependency matrix in plan output
+   - Display override option: "Dependency classifications are advisory. Reply with reclassifications if needed."
 
 ### Phase 3: Plan Verification Research
 
@@ -342,3 +359,7 @@ phases_completed: 3
 verdict: PASS|REVISE
 ---
 ```
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/deep-verify/SKILL.md

@@ -109,3 +109,7 @@ Each agent receives the full diff and returns findings as structured JSON:
 - This skill replaces ad-hoc cross-verification with a repeatable process
 - Round 7 philosophy check references CLAUDE.md architecture section and R006/R010/R021 rules
 - Regression check compares function signatures, export lists, and test counts against develop baseline
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/omcustom-release-notes/SKILL.md

@@ -115,3 +115,7 @@ mgr-gitnerd: gh release create           ->  create release with notes
 - Uses git history and gh CLI for data gathering
 - Claude Code analyzes and generates notes in-context
 - Resource count changes auto-detected from CLAUDE.md history
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/pipeline/workflows/auto-dev.yaml

@@ -0,0 +1,166 @@
+name: auto-dev
+description: "Automated development pipeline — from issue triage to release"
+version: "2.0.0"
+
+# Design rule: each pipeline run produces ONE bounded release unit (3-7 issues), not all open issues.
+# This pipeline is a project-agnostic template. Project-specific overrides belong in
+# the project's own workflows/auto-dev.yaml (e.g., AgentNav, second-brain).
+
+steps:
+  - name: pre-triage
+    prompt: |
+      Phase 1 — Ensure required labels exist, then scan issues.
+
+      1. Create labels if missing (idempotent):
+         gh label create in-progress --color "FBCA04" --description "Work in progress" --force 2>/dev/null
+         gh label create verify-ready --color "0E8A16" --description "Ready for verification" --force 2>/dev/null
+         gh label create needs-review --color "D93F0B" --description "Needs manual review" --force 2>/dev/null
+
+      2. Scan open GitHub issues:
+         gh issue list --state open --limit 100 --json number,title,labels,body,milestone
+
+      3. Group by label and compute for each issue:
+         - dependencies: parse "see #N", "depends on #N", "#N 참조" from body
+         - blocked_by_decision: true if body references any decision-needed issue
+         - effort: XS/S/M/L from scope
+         - order: topological sort over dependencies
+
+      4. Output: dependency-sorted issue table with blocked_by_decision flag.
+    description: "Ensure labels exist, scan issues, dependency-analyze"
+
+  - name: scope-selection
+    prompt: |
+      Select a single bounded release scope (3-7 issues) for THIS pipeline run.
+
+      Selection rules:
+      1. Determine release tier:
+         - No tags yet → v0.1.0
+         - Otherwise: highest-priority open tier (bug → chore → feature)
+      2. Exclude:
+         - blocked_by_decision == true
+         - Issues requiring manual/human action
+      3. Sort by dependency: prerequisites before dependents
+      4. Cap at 7 issues; if priority issues < 7, stop at that priority (don't mix tiers)
+      5. Minimum 1 issue; if 0 eligible, halt with "no eligible issues for auto-dev run"
+
+      Create release milestone and assign scoped issues.
+      Output markdown release manifest:
+        | order | # | title | prerequisite | effort |
+
+      Persist manifest as pipeline state for subsequent steps.
+    description: "Pick 3-7 issues as v{X.Y.Z} scope, create milestone"
+    depends_on: pre-triage
+
+  - name: triage
+    skill: professor-triage
+    description: "Cross-analysis triage with priority assessment (scoped to release manifest)"
+    depends_on: scope-selection
+
+  - name: plan
+    skill: release-plan
+    description: "Release unit plan from triaged issues"
+    depends_on: triage
+
+  - name: deep-plan
+    skill: deep-plan
+    description: "Research-validated implementation plan (research → plan → verify)"
+    depends_on: plan
+
+  - name: implement
+    prompt: |
+      Execute the deep-plan output for the scoped release manifest.
+
+      Per-issue lifecycle:
+      1. Start: gh issue edit <N> --add-label in-progress --assignee @me
+      2. Comment: gh issue comment <N> --body "Implementation started via auto-dev pipeline"
+      3. Dispatch specialist agents per file domain:
+         - Detect file types in scope and route to matching agent
+         - Use specialized agents (lang-*, be-*, fe-*, infra-*) over general-purpose
+      4. TDD via superpowers:test-driven-development when tests apply
+      5. Commit via mgr-gitnerd with `Fixes #<N>` trailer in body
+      6. On success: remove in-progress, add verify-ready
+      7. On failure: remove in-progress, add needs-review, comment error summary
+
+      Rules:
+      - Parallel execution per R009 (max 4 concurrent, respect dependencies)
+      - Issues whose prerequisites failed in-run MUST be skipped (log reason)
+      - No direct orchestrator writes (R010)
+      - All Agent tool calls MUST pass mode: "bypassPermissions" to prevent permission prompts during unattended execution
+
+      ## Local CI-mimic verification (MUST run before marking implement done)
+
+      After all implementation tasks complete, run these scripts in sequence and halt on failure:
+
+      1. bash .github/scripts/verify-template-sync.sh
+      2. bash .github/scripts/verify-wiki-sync.sh
+
+      If either fails:
+      - For wiki-sync failures: delegate to wiki-curator to generate missing pages (`/omcustom:wiki ingest <path>`)
+      - For template-sync failures: delegate to mgr-updater to sync `.claude/` -> `templates/.claude/`
+      - After fixes, re-run the scripts until both pass
+
+      This mirrors CI and prevents the known 1-2 wasted push cycles per release (ref: issue #927, v0.98.0 PR #925).
+    description: "Per-issue implementation with lifecycle, specialist routing, and CI-mimic verification"
+    depends_on: deep-plan
+
+  - name: verify-build
+    prompt: |
+      Project-specific build and test verification.
+
+      Auto-detect project type and run appropriate checks:
+      - Node/Bun: package.json → install + lint + type-check + test
+      - Python: py_compile + pytest
+      - Go: go build + go vet + go test
+      - Docker: docker build (if Dockerfile exists)
+      - Static site: file existence + format validation
+
+      Halt on first failure. Report exact command + stderr.
+      Do NOT proceed to release if any check fails.
+    description: "Auto-detected build + test verification"
+    depends_on: implement
+
+  - name: deep-verify
+    skill: deep-verify
+    description: "Multi-angle release quality verification"
+    depends_on: verify-build
+
+  - name: release
+    prompt: |
+      Create a GitHub Release.
+
+      1. Version:
+         - No existing tags → v0.1.0
+         - Otherwise: semver bump (patch for bugfix, minor for features)
+      2. Release notes via omcustom-release-notes skill
+      3. Delegate to mgr-gitnerd:
+         - git tag + push
+         - gh release create
+      4. Close milestone
+      5. Close verify-ready issues with "Fixed in v{version}"
+         Label needs-review issues as "Deferred from v{version}"
+
+      Adapt release mechanism to project:
+      - npm project: PR + merge + npm publish verification
+      - Non-npm: direct tag on main (trunk-based)
+    description: "Git tag + GitHub Release + close milestone/issues"
+    depends_on: deep-verify
+
+  - name: ci-check
+    prompt: |
+      Post-release CI verification.
+
+      1. Check if .github/workflows/ has CI workflows
+         If NOT: skip with "No CI configured. Skipping." and continue.
+      2. If CI exists:
+         - gh run list --limit 5
+         - Wait for runs triggered by the new tag/push
+         - If failures: diagnose, fix, re-verify
+      3. For npm projects: verify npm publish succeeded (npm view <pkg> version)
+      4. Report final CI status.
+    description: "Post-release CI verification and fix loop"
+    depends_on: release
+
+  - name: post-release-followup
+    skill: post-release-followup
+    description: "Register follow-ups from this release as new issues"
+    depends_on: ci-check

package/templates/.claude/skills/post-release-followup/SKILL.md

@@ -46,9 +46,9 @@ Remove duplicates (same issue referenced from multiple sources). Categorize:
 
 | Category | Criteria | Default Action |
 |----------|----------|----------------|
-| **Immediate** | P1/P2 remaining issues, MEDIUM+ verify findings, Critical/High PR review findings | Execute now |
-| **Trackable** | P3 issues, LOW verify findings, new TODOs, Medium PR review findings | Register as issue |
-| **Informational** | Already-tracked issues, cosmetic notes | Skip |
+| **즉시 실행** | P1/P2 잔여 이슈, MEDIUM+ 검증 발견사항, Critical/High PR 리뷰 발견사항 | 즉시 실행 |
+| **이슈 등록** | P3 이슈, LOW 검증 발견사항, 새 TODO, Medium PR 리뷰 발견사항 | 이슈로 등록 |
+| **참고** | 이미 추적 중인 이슈, 외관 관련 메모 | 건너뛰기 |
 
 ### 3. Present to User
 
@@ -117,8 +117,8 @@ When creating follow-up issues:
 
 ```bash
 gh issue create \
-  --title "{concise description}" \
-  --body "## Source\n\nDiscovered during v{version} release workflow.\n\n## Context\n\n{detailed context from triage/verify}\n\n## Suggested Action\n\n{recommendation}" \
+  --title "{간결한 설명}" \
+  --body "## 출처\n\nv{version} 릴리즈 워크플로우에서 발견.\n\n## 컨텍스트\n\n{triage/verify에서의 상세 컨텍스트}\n\n## 권장 조치\n\n{권장 사항}" \
   --label "professor"
 ```
 
@@ -132,3 +132,7 @@ Add priority label (`P1`, `P2`, `P3`) based on categorization.
 - Issue creation uses `gh` CLI directly (read-only operation pattern)
 - If no follow-up candidates found, report "No follow-up actions needed" and complete
 - PR review feedback is available shortly after PR creation — the omc_pr_analyzer bot comments automatically
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/pre-generation-arch-check/SKILL.md

@@ -0,0 +1,115 @@
+---
+name: pre-generation-arch-check
+description: Pre-generation architecture check — detect R006 separation-of-concerns and compilation metaphor violations before code generation begins
+scope: core
+user-invocable: false
+version: 1.0.0
+---
+
+# Pre-Generation Architecture Check
+
+AASM-inspired pre-generation architecture guard. Detects design violations before code generation (the "pre-compile lint" phase), complementing adversarial-review and deep-verify which operate post-generation.
+
+## Overview
+
+This skill fills the PRE-generation gap in the verification pipeline:
+
+| Phase | Skill | When |
+|-------|-------|------|
+| Pre-generation | **pre-generation-arch-check** | Before code is written |
+| Post-generation | adversarial-review | After code is written |
+| Post-generation | deep-verify | After changes are committed |
+
+Inspired by Contexty's AASM (AI Anti-pattern Severity Matrix) mechanism. Detects when a requested change might violate:
+- R006 separation of concerns (agents vs skills vs guides)
+- Compilation metaphor boundaries (source/build/spec/linker/stdlib)
+- R010 orchestrator delegation rules
+- Protected path rules (.claude/agents/, .claude/skills/, guides/)
+
+## Input
+
+- **Request summary**: What the user or pipeline is asking to generate
+- **Target files/paths**: Where changes will be made
+
+## Processing — Anti-Pattern Detection
+
+Check for each of the following anti-patterns against the request summary and target paths:
+
+### 1. Skill-in-Agent (WARN)
+An agent file (`.claude/agents/*.md`) body contains detailed step-by-step instructions, scripts, or workflow logic that belongs in a skill file.
+- **Signal**: Agent body exceeds ~50 lines OR contains code blocks / numbered step sequences
+- **Suggestion**: Extract instructions into `.claude/skills/{name}/SKILL.md`, reference from agent `skills:` frontmatter
+
+### 2. Agent-in-Skill (WARN)
+A skill file contains agent configuration fields (`model:`, `tools:`, `memory:`, `permissionMode:`).
+- **Signal**: Proposed skill SKILL.md frontmatter contains agent-only fields
+- **Suggestion**: Move agent configuration to `.claude/agents/{name}.md`; keep skill focused on instructions
+
+### 3. Guide-in-Skill (WARN)
+A skill file contains reference documentation, best-practices tutorials, or conceptual explanations that belong in `guides/`.
+- **Signal**: Proposed SKILL.md body contains "## Background", "## Concepts", or sections > 100 lines of prose
+- **Suggestion**: Move reference content to `guides/{topic}/`, link from skill
+
+### 4. Cross-Concern Write Without mgr-creator (BLOCK)
+A single atomic change spans two or more of: `.claude/agents/`, `.claude/skills/`, `guides/` — without routing through mgr-creator.
+- **Signal**: Target paths include files in 2+ protected directories in the same request
+- **Suggestion**: Route the request through mgr-creator (R010 protected path rule)
+
+### 5. Direct Orchestrator Write (BLOCK)
+An implementation step would have the orchestrator (main conversation) directly write or edit files, bypassing subagent delegation.
+- **Signal**: Request implies "I will write X" from orchestrator context rather than "delegate to specialist"
+- **Suggestion**: Delegate file writes to appropriate specialist agent per R010 delegation table
+
+### 6. Spec-Build Confusion (WARN)
+Rules (`.claude/rules/`) are being modified in the same atomic change as source code or agent/skill files.
+- **Signal**: Target paths include both `.claude/rules/*.md` and any code or `.claude/agents/` or `.claude/skills/` files
+- **Suggestion**: Separate rule updates (spec changes) from agent/skill/code changes (build changes) into distinct commits
+
+## Output Format
+
+When no violations are detected:
+
+```
+[ARCH-CHECK] No violations detected — proceed with generation
+```
+
+When violations are detected:
+
+```
+[ARCH-WARNING] {count} potential violation(s) detected:
+├── {pattern-name} ({severity}): {description}
+│   └── Suggestion: {fix}
+├── {pattern-name} ({severity}): {description}
+│   └── Suggestion: {fix}
+```
+
+## Severity Levels
+
+| Severity | Action |
+|----------|--------|
+| WARN | Advisory — proceed with caution, note in generation plan |
+| BLOCK | Halt — requires architectural redesign before proceeding |
+
+BLOCK violations must be resolved before generation continues. WARN violations are logged and surfaced to the user but do not halt execution (consistent with R021 advisory-first enforcement model).
+
+## Integration
+
+Auto-invoked at structured-dev-cycle Phase 1 (planning phase) before any file generation begins.
+
+This skill is advisory only — it does NOT hard-block execution. This is consistent with R021's advisory-first enforcement model. Future promotion to a PreToolUse hook is possible if violation rates warrant escalation.
+
+Invocation pattern:
+```
+[structured-dev-cycle Phase 1]
+  → pre-generation-arch-check
+    → returns [ARCH-CHECK] or [ARCH-WARNING]
+  → continue to Phase 2 (generation) with findings surfaced
+```
+
+## Cross-References
+
+- `.claude/rules/MUST-agent-design.md` (R006) — separation of concerns
+- `.claude/rules/MUST-orchestrator-coordination.md` (R010) — protected paths and delegation
+- `.claude/skills/adversarial-review/` — post-generation security counterpart
+- `.claude/skills/deep-verify/` — post-generation quality counterpart
+- Source concept: Contexty AASM (https://github.com/ttalkkak-lab/opencode-contexty)

package/templates/.claude/skills/professor-triage/SKILL.md

@@ -2,7 +2,7 @@
 name: professor-triage
 description: Analyze GitHub issues against current codebase and perform automated triage with priority assessment
 scope: harness
-version: 2.1.0
+version: 2.2.0
 user-invocable: true
 effort: high
 context: fork
@@ -126,27 +126,27 @@ For each analyzed issue, generate multi-perspective analysis comments and artifa
 ```
 ## 🏛️ Senior Architect Analysis
 
-### Architecture Impact
-| Component | Impact | Risk |
-|-----------|--------|------|
-| {component} | {description} | {High/Medium/Low} |
+### 아키텍처 영향
+| 컴포넌트 | 영향 | 위험도 |
+|----------|------|--------|
+| {컴포넌트} | {설명} | {High/Medium/Low} |
 
-### Code-Level Analysis
-{Specific file:line references from Phase 2 codebase analysis}
+### 코드 수준 분석
+{Phase 2 코드베이스 분석의 구체적 file:line 참조}
 
-### Strategic Assessment
-- **Feasibility**: {assessment with evidence}
-- **Priority recommendation**: {P1/P2/P3 with rationale}
+### 전략적 평가
+- **실현 가능성**: {근거가 포함된 평가}
+- **우선순위 권장**: {P1/P2/P3 및 근거}
 
-### Risk & Considerations
-| Risk | Likelihood | Mitigation |
-|------|-----------|------------|
-| {risk} | {High/Medium/Low} | {mitigation} |
+### 리스크 및 고려사항
+| 리스크 | 가능성 | 완화 방안 |
+|--------|--------|----------|
+| {리스크} | {High/Medium/Low} | {완화 방안} |
 
-**Estimated effort**: {XS/S/M/L/XL}
+**예상 작업량**: {XS/S/M/L/XL}
 
 ---
-_🏛️ Senior Architect perspective — `/professor-triage` v2.1.0_
+_🏛️ Senior Architect perspective — `/professor-triage` v2.2.0_
 ```
 
 **4B: 🤝 Project Colleague Review** — Delegate to arch-documenter (model: sonnet) to post GitHub comment:
@@ -154,19 +154,19 @@ _🏛️ Senior Architect perspective — `/professor-triage` v2.1.0_
 ```
 ## 🤝 Project Colleague Review
 
-### Implementation Ideas
-{Concrete code locations and change suggestions with file:line references}
+### 구현 아이디어
+{구체적 코드 위치 및 file:line 참조가 포함된 변경 제안}
 
-### Easy-to-Miss Details
-- {Name collisions, validation bypasses, race conditions, edge cases}
+### 놓치기 쉬운 세부사항
+- {이름 충돌, 유효성 검사 우회, 경쟁 조건, 엣지 케이스}
 
-### Suggested Next Steps
-1. {Actionable step with specific file/function reference}
-2. {Actionable step}
-3. {Actionable step}
+### 권장 다음 단계
+1. {구체적 file/function 참조가 포함된 실행 가능한 단계}
+2. {실행 가능한 단계}
+3. {실행 가능한 단계}
 
 ---
-_🤝 Project Colleague perspective — `/professor-triage` v2.1.0_
+_🤝 Project Colleague perspective — `/professor-triage` v2.2.0_
 ```
 
 Note: Do NOT include a "First Impressions" (첫인상) section in the Colleague Review — this was explicitly excluded per user feedback.
@@ -176,38 +176,38 @@ Note: Do NOT include a "First Impressions" (첫인상) section in the Colleague
 ```
 ## 🎓 Professor Synthesis
 
-### Codebase Verification
-| Claim (from Architect/Colleague) | Verified | Evidence |
-|----------------------------------|----------|----------|
-| {claim} | ✅/⚠️/❌ | {file:line or git evidence} |
+### 코드베이스 검증
+| 주장 (Architect/Colleague) | 검증 | 근거 |
+|---------------------------|------|------|
+| {주장} | ✅/⚠️/❌ | {file:line 또는 git 근거} |
 
-### Consensus & Divergence
-| Topic | Architect | Colleague | Verdict |
-|-------|-----------|-----------|---------|
-| {topic} | {position} | {position} | {synthesized judgment} |
+### 합의 및 이견
+| 주제 | Architect | Colleague | 판정 |
+|------|-----------|-----------|------|
+| {주제} | {입장} | {입장} | {종합 판단} |
 
-### Priority Matrix
-| Dimension | Assessment |
-|-----------|-----------|
-| Urgency | {High/Medium/Low} |
-| Importance | {High/Medium/Low} |
-| Size | {XS/S/M/L/XL} |
-| Recommended order | {N of M in batch} |
+### 우선순위 매트릭스
+| 차원 | 평가 |
+|------|------|
+| 긴급성 | {High/Medium/Low} |
+| 중요성 | {High/Medium/Low} |
+| 규모 | {XS/S/M/L/XL} |
+| 권장 순서 | {배치 내 N/M} |
 
-### Missed Perspectives
-{Considerations neither Architect nor Colleague raised}
+### 누락된 관점
+{Architect나 Colleague 모두 제기하지 않은 고려사항}
 
-### Execution Roadmap
-| Phase | Task | Files | Depends on |
-|-------|------|-------|-----------|
-| 1 | {task} | {files} | — |
-| 2 | {task} | {files} | Phase 1 |
+### 실행 로드맵
+| 단계 | 작업 | 파일 | 의존성 |
+|------|------|------|--------|
+| 1 | {작업} | {파일} | — |
+| 2 | {작업} | {파일} | 단계 1 |
 
-### Final Conclusion
-{2-3 sentence synthesis with definitive recommendation}
+### 최종 결론
+{확정적 권장 사항이 포함된 2-3문장 종합}
 
 ---
-_🎓 Professor Synthesis — `/professor-triage` v2.1.0_
+_🎓 Professor Synthesis — `/professor-triage` v2.2.0_
 ```
 
 **4D: Issue Triage Comment (MANDATORY)** — Every analyzed issue MUST receive a triage comment. This is not optional — even for issues created in the same session or with existing analysis. Skipping comments breaks the triage audit trail. Delegate to mgr-gitnerd to post on each analyzed issue:
@@ -215,14 +215,14 @@ _🎓 Professor Synthesis — `/professor-triage` v2.1.0_
 ```
 ## 🔬 Professor Triage — Codebase Analysis Result
 
-**Decision**: {Close (Already Resolved) | Close (Not Applicable) | Close (Duplicate of #NNN) | Open — action required | Open — monitoring}
-**Rationale**: {1-2 line summary based on codebase findings}
-**Affected files**: {N} analyzed — {N}✅ {N}⚠️ {N}❌
-**Risk**: {P1/P2/P3} | **Size**: {XS/S/M/L/XL}
-**Full report**: {artifact path}
+**결정**: {Close (Already Resolved) | Close (Not Applicable) | Close (Duplicate of #NNN) | Open — action required | Open — monitoring}
+**근거**: {코드베이스 분석 기반 1-2줄 요약}
+**영향 파일**: {N}개 분석 — {N}✅ {N}⚠️ {N}❌
+**리스크**: {P1/P2/P3} | **규모**: {XS/S/M/L/XL}
+**전체 리포트**: {artifact path}
 
 ---
-_Analyzed by `/professor-triage` v2.1.0 against current codebase with {N} related issues_
+_`/professor-triage` v2.2.0에 의해 현재 코드베이스 대비 분석됨 — 관련 이슈 {N}개_
 ```
 
 **4E: Artifact Report** — Delegate to arch-documenter to write:
@@ -233,37 +233,37 @@ Timestamps use local machine time (consistent with other artifact skills).
 
 Template:
 ```
-# Professor Triage Report — YYYY-MM-DD
+# Professor Triage 리포트 — YYYY-MM-DD
 
-## Analysis Target
-| # | Title | Labels | Created |
-|---|-------|--------|---------|
+## 분석 대상
+| # | 제목 | 라벨 | 생성일 |
+|---|------|------|--------|
 
-## Per-Issue Analysis
+## 이슈별 분석
 ### #NNN — title
-- **Affected files**: N analyzed — N✅ N⚠️ N❌
-- **Architecture impact**: ...
-- **Implementation path**: ...
-- **Risk/Priority**: P1/P2/P3
-- **Size**: XS/S/M/L/XL
-- **Already resolved?**: Yes/No/Partial — evidence
-- **Recommended action**: ...
-
-## Cross-Analysis
-### Common Patterns
-### Duplicate/Merge Candidates
-### Conflicting Findings Resolution
-### Priority Matrix
-
-## Multi-Perspective Summary
-### Architect Highlights
-### Colleague Highlights
-### Professor Synthesis Key Points
-
-## Executed Actions
-| Issue | Action | Status |
-
-## Pending Actions (Confirmation Required)
+- **영향 파일**: N개 분석 — N✅ N⚠️ N❌
+- **아키텍처 영향**: ...
+- **구현 경로**: ...
+- **리스크/우선순위**: P1/P2/P3
+- **규모**: XS/S/M/L/XL
+- **이미 해결됨?**: Yes/No/Partial — 근거
+- **권장 조치**: ...
+
+## 교차 분석
+### 공통 패턴
+### 중복/병합 후보
+### 상충 발견사항 해결
+### 우선순위 매트릭스
+
+## 다관점 요약
+### Architect 주요 사항
+### Colleague 주요 사항
+### Professor Synthesis 핵심 포인트
+
+## 실행된 조치
+| 이슈 | 조치 | 상태 |
+
+## 보류 중인 조치 (확인 필요)
 ```
 
 ### Phase 4F: Comment Verification Gate
@@ -319,3 +319,7 @@ Present to user and wait for approval before executing:
 - Phase 4F: Verification gate for all 4 comment types
 - Phase 5: `mgr-gitnerd` for all GitHub operations
 - No external dependencies (omc_issue_analyzer removed in v2.0.0, multi-perspective analysis restored in v2.1.0)
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/release-plan/SKILL.md

@@ -131,21 +131,21 @@ Apply semantic versioning to each release group in sequence:
 For each release group, produce:
 
 ```markdown
-## vX.Y.Z Release Plan
+## vX.Y.Z 릴리즈 계획
 
-**Estimated scope**: {XS|S|M|L total} | **Issues**: N | **Parallelizable**: N
+**예상 범위**: {XS|S|M|L 합계} | **이슈**: N | **병렬 가능**: N
 
-| # | Priority | Size | Title | Dependencies |
-|---|----------|------|-------|-------------|
-| #NNN | P2 | S | issue title | none |
-| #NNN | P1 | XS | issue title | none |
+| # | 우선순위 | 규모 | 제목 | 의존성 |
+|---|----------|------|------|--------|
+| #NNN | P2 | S | 이슈 제목 | 없음 |
+| #NNN | P1 | XS | 이슈 제목 | 없음 |
 
-### Implementation Order
-1. #NNN — {one-line description} (suggested agent: {agent-type})
-2. #NNN — {one-line description} (suggested agent: {agent-type})
+### 구현 순서
+1. #NNN — {한줄 설명} (권장 에이전트: {agent-type})
+2. #NNN — {한줄 설명} (권장 에이전트: {agent-type})
 
-### Notes
-- {any dependency constraints, breaking changes, or risks}
+### 참고 사항
+- {의존성 제약, 호환성 이슈, 리스크 등}
 ```
 
 ### Completeness Check
@@ -159,18 +159,18 @@ Before generating the plan document, verify:
 If any issue is missing from release bins, halt and report the discrepancy.
 
 **Agent suggestion heuristic**:
-| Issue domain | Suggested agent |
-|--------------|----------------|
-| Docs, CLAUDE.md, README | arch-documenter |
-| Rules (R00x) | mgr-claude-code-bible |
-| Agents (.claude/agents/) | mgr-creator / mgr-updater |
-| Skills (.claude/skills/) | mgr-creator / mgr-updater |
+| 이슈 도메인 | 권장 에이전트 |
+|-------------|--------------|
+| 문서, CLAUDE.md, README | arch-documenter |
+| 규칙 (R00x) | mgr-claude-code-bible |
+| 에이전트 (.claude/agents/) | mgr-creator / mgr-updater |
+| 스킬 (.claude/skills/) | mgr-creator / mgr-updater |
 | CI, GitHub Actions | mgr-gitnerd |
 | TypeScript/Node | lang-typescript-expert |
 | Python | lang-python-expert |
 | Go | lang-golang-expert |
-| Testing | qa-engineer |
-| General fix | general-purpose |
+| 테스트 | qa-engineer |
+| 일반 수정 | general-purpose |
 
 ### Phase 7: Output
 
@@ -184,16 +184,16 @@ Use today's date and the first planned release version in the filename.
 
 File header format:
 ```markdown
-# Release Plan — Generated YYYY-MM-DD
+# 릴리즈 계획 — YYYY-MM-DD 생성
 
-> Source: open issues labeled `verify-done` as of YYYY-MM-DD
-> Issues excluded (already in open PRs): #NNN, #NNN
+> 출처: YYYY-MM-DD 기준 `verify-done` 라벨 오픈 이슈
+> 제외된 이슈 (이미 오픈 PR에 포함): #NNN, #NNN
 
-{release groups follow}
+{릴리즈 그룹}
 
-## Summary
-| Release | Issues | Size | P1 | P2 | P3 |
-|---------|--------|------|----|----|-----|
+## 요약
+| 릴리즈 | 이슈 수 | 규모 | P1 | P2 | P3 |
+|--------|---------|------|----|----|-----|
 | vX.Y.Z | N | S | 0 | 3 | 1 |
 ```
 
@@ -205,3 +205,7 @@ File header format:
 - User confirms before any downstream action (implementation, commits)
 - Zero network calls except `gh` CLI (local API)
 - If no eligible issues found, report and stop — do not generate empty plan
+
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.

package/templates/.claude/skills/structured-dev-cycle/SKILL.md

@@ -190,6 +190,10 @@ rm -f /tmp/.claude-dev-stage                    # Clear (disable blocking)
 - **Single session**: The fixed path `/tmp/.claude-dev-stage` does not support concurrent Claude Code sessions. Running multiple sessions simultaneously may cause stage state conflicts.
 - **World-writable path**: The `/tmp/` directory is accessible to all users. For multi-user environments, consider using a user-scoped path like `/tmp/.claude-dev-stage-$(id -u)`.
 
+## Permission Mode
+
+When spawning agents via the Agent tool during this skill's execution, always pass `mode: "bypassPermissions"`. The Agent tool default (`acceptEdits`) overrides agent frontmatter `permissionMode`, causing permission prompts during unattended execution.
+
 ## Display Format
 
 ```

package/templates/.claude/skills/token-efficiency-audit/SKILL.md

@@ -0,0 +1,242 @@
+---
+name: token-efficiency-audit
+description: Three-layer token defense stack — audit current settings, apply safe/CI levers, and monitor status
+scope: package
+user-invocable: true
+argument-hint: "[audit|apply-interactive|apply-ci|status]"
+version: 1.0.0
+---
+
+# Token Efficiency Audit Skill
+
+Layer 3 of the three-layer token defense stack. Audits current Claude Code settings against the token efficiency lever reference table, applies safe interactive levers, and reports combined layer status.
+
+Reference guide: `guides/claude-code/14-token-efficiency.md`
+
+## Three-Layer Stack
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│  Layer 1: cc-token-saver (CACHE DEFENSE)                        │
+│  Before session — protect prompt cache TTL from idle expiry     │
+├─────────────────────────────────────────────────────────────────┤
+│  Layer 2: R013 Ecomode (RUNTIME COMPRESSION)                    │
+│  During session — compact output, aggregate results, prune input│
+├─────────────────────────────────────────────────────────────────┤
+│  Layer 3: token-efficiency-audit (PRE-SESSION PREVENTION)       │
+│  Config time — disable injections before they happen            │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+Each layer is independently deployable and non-overlapping. Layer 3 (this skill) operates at config time — it prevents overhead from ever entering the context window.
+
+## Modes
+
+### audit (default)
+
+1. Read `.claude/settings.json` (project-level, git-tracked)
+2. Read `.claude/settings.local.json` (local, not git-tracked)
+3. Check each lever from the Interactive Session Levers table in the guide:
+   - `includeGitInstructions`
+   - `autoConnectIde`
+   - `attribution.commit`
+   - `attribution.pr`
+   - `env.BASH_MAX_OUTPUT_LENGTH`
+   - `env.CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS`
+   - `env.MAX_MCP_OUTPUT_TOKENS`
+4. Output a table:
+
+```
+[Token Efficiency Audit]
+Reference: guides/claude-code/14-token-efficiency.md (CC v2.1.114+)
+
+| Lever                               | Current     | Recommended | Gap    | Location              |
+|-------------------------------------|-------------|-------------|--------|-----------------------|
+| includeGitInstructions              | true        | false       | ⚠ SET  | settings.json         |
+| autoConnectIde                      | true        | false       | ⚠ SET  | settings.json         |
+| attribution.commit                  | auto text   | ""          | ⚠ SET  | settings.json         |
+| attribution.pr                      | auto text   | ""          | ⚠ SET  | settings.json         |
+| BASH_MAX_OUTPUT_LENGTH              | unlimited   | 15000       | ⚠ SET  | settings.local.json   |
+| CLAUDE_CODE_FILE_READ_MAX_OUTPUT... | unlimited   | 8000        | ⚠ SET  | settings.local.json   |
+| MAX_MCP_OUTPUT_TOKENS               | unlimited   | 8000        | ⚠ SET  | settings.local.json   |
+
+Run /token-efficiency-audit apply-interactive to apply all safe levers.
+```
+
+Gap column values:
+- `OK` — already at recommended value
+- `⚠ SET` — currently at default, recommended change available
+- `CUSTOM` — non-default value that differs from recommendation (display actual value)
+
+### apply-interactive
+
+Applies Interactive Session Levers only (safe for development use).
+
+1. Read `.claude/settings.json` and `.claude/settings.local.json` (create if not exists)
+2. Apply to `settings.json`:
+   ```json
+   {
+     "includeGitInstructions": false,
+     "autoConnectIde": false,
+     "attribution": {
+       "commit": "",
+       "pr": ""
+     }
+   }
+   ```
+3. Apply to `settings.local.json` (env block):
+   ```json
+   {
+     "env": {
+       "BASH_MAX_OUTPUT_LENGTH": "15000",
+       "CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS": "8000",
+       "MAX_MCP_OUTPUT_TOKENS": "8000"
+     }
+   }
+   ```
+4. Preserve all existing settings (merge, do not overwrite unrelated keys)
+5. Report applied changes:
+   ```
+   [Done] Interactive levers applied
+
+   settings.json:
+     includeGitInstructions: true → false
+     autoConnectIde: true → false
+     attribution.commit: (auto) → ""
+     attribution.pr: (auto) → ""
+
+   settings.local.json:
+     BASH_MAX_OUTPUT_LENGTH: (none) → 15000
+     CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS: (none) → 8000
+     MAX_MCP_OUTPUT_TOKENS: (none) → 8000
+
+   Note: settings.json is git-tracked. Commit if appropriate.
+   Takes effect on next claude session restart.
+   ```
+
+### apply-ci
+
+Applies CI/Worker-Only Levers. These disable core oh-my-customcode functionality.
+
+**R001 Risk: HIGH** — Display this warning prominently BEFORE applying:
+
+```
+⚠ WARNING — CI/WORKER LEVERS
+
+These settings disable core oh-my-customcode functionality:
+  • CLAUDE_CODE_DISABLE_CLAUDE_MDS=1  → ALL rules and routing offline (R010 disabled)
+  • CLAUDE_AGENT_SDK_DISABLE_BUILTIN_AGENTS=1 → All 48 agents unavailable
+  • ENABLE_CLAUDEAI_MCP_SERVERS=false → MCP-dependent skills unavailable
+  • CLAUDE_CODE_DISABLE_AUTO_MEMORY=1 → No persistent memory across sessions
+
+Only use for CI/worker pipelines. Never apply to interactive development sessions.
+
+Type "yes" to confirm, or anything else to cancel:
+```
+
+1. Require explicit user confirmation ("yes") before proceeding
+2. On confirmation, apply to `settings.local.json`:
+   ```json
+   {
+     "env": {
+       "CLAUDE_CODE_DISABLE_CLAUDE_MDS": "1",
+       "CLAUDE_AGENT_SDK_DISABLE_BUILTIN_AGENTS": "1",
+       "ENABLE_CLAUDEAI_MCP_SERVERS": "false",
+       "CLAUDE_CODE_DISABLE_AUTO_MEMORY": "1"
+     }
+   }
+   ```
+3. Report:
+   ```
+   [Done] CI/Worker levers applied to settings.local.json
+
+   This file is NOT git-tracked.
+   To undo: remove the four env keys or run /token-efficiency-audit status
+   ```
+4. On cancellation: `[Cancelled] No changes made.`
+
+### status
+
+Reports current state of all three layers.
+
+1. Check Layer 1 — cc-token-saver:
+   - Check if plugin is present (look for cc-token-saver in `.claude/` plugin config or known plugin markers)
+   - Report: Installed / Not installed
+2. Check Layer 2 — R013 Ecomode:
+   - Read `.claude/settings.json` for ecomode config
+   - Report: threshold, result_format, max_result_length if set; otherwise "auto-threshold (4 tasks)"
+3. Check Layer 3 — Settings levers:
+   - Run the same lever checks as `audit` mode
+   - Summarize: N/7 levers at recommended values
+4. Check OTel availability:
+   - Look for `CLAUDE_CODE_ENABLE_TELEMETRY` in settings
+   - If present: report "OTel enabled — use /monitoring-setup status for metrics"
+5. Output:
+
+```
+[Token Efficiency Status]
+
+Layer 1: cc-token-saver    ✓ Installed / ✗ Not installed
+Layer 2: R013 Ecomode      ✓ Active (threshold: 4) / ✗ Not configured
+Layer 3: Settings levers   4/7 at recommended
+
+Layer 3 details:
+  includeGitInstructions: false ✓
+  autoConnectIde: true ⚠
+  attribution.commit: "" ✓
+  attribution.pr: "" ✓
+  BASH_MAX_OUTPUT_LENGTH: 15000 ✓
+  CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS: unlimited ⚠
+  MAX_MCP_OUTPUT_TOKENS: unlimited ⚠
+
+Run /token-efficiency-audit apply-interactive to fix ⚠ levers.
+OTel: not enabled — run /monitoring-setup enable to measure effectiveness.
+```
+
+## Codex Levers
+
+When Codex CLI is in use (detected by presence of `~/.codex/config.toml`):
+
+Recommended settings in `config.toml`:
+```toml
+[features]
+apps = false
+
+[apps._default]
+enabled = false
+
+web_search = "disabled"
+
+tool_output_token_limit = 10000
+```
+
+Non-interactive Codex CLI flag reference: `guides/claude-code/13-cli-flags.md`
+
+## Guardrails
+
+### The Re-Call Trap
+
+Setting output limits too low forces repeated re-call loops — the model issues `tail -n 50 output.txt` or re-reads files in chunks, costing more tokens than the original uncapped output.
+
+**Enforce these minimum floors (never go below):**
+
+| Variable | Safe minimum | Recommended |
+|----------|-------------|-------------|
+| `BASH_MAX_OUTPUT_LENGTH` | 10000 | 15000 |
+| `CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS` | 4000 | 8000 |
+| `MAX_MCP_OUTPUT_TOKENS` | 4000 | 8000 |
+| Codex `tool_output_token_limit` | 5000 | 10000 |
+
+If a user requests values below these floors, warn them of the re-call trap risk before applying.
+
+### Version Drift
+
+Settings defaults change with minor CC version releases. After each upgrade, re-run `/token-efficiency-audit audit` to verify active defaults. Reference baseline: CC v2.1.114+ / Codex v0.121.0+.
+
+## Cross-References
+
+- `guides/claude-code/14-token-efficiency.md` — Full three-layer stack guide and lever table
+- `.claude/rules/SHOULD-ecomode.md` (R013) — Layer 2 specification
+- `.claude/skills/monitoring-setup/SKILL.md` — Measure effectiveness via OTel metrics
+- `guides/cc-token-saver/README.md` — Layer 1 detailed guide
+- `guides/claude-code/13-cli-flags.md` — Non-interactive/CI CLI flags

package/templates/CLAUDE.md

@@ -114,7 +114,7 @@ project/
 +-- CLAUDE.md                    # 진입점
 +-- .claude/
 |   +-- agents/                  # 서브에이전트 정의 (48 파일)
-|   +-- skills/                  # 스킬 (107 디렉토리)
+|   +-- skills/                  # 스킬 (109 디렉토리)
 |   +-- rules/                   # 전역 규칙 (R000-R022)
 |   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
 |   +-- contexts/                # 컨텍스트 파일 (ecomode)

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.99.3",
+  "version": "0.100.1",
   "lastUpdated": "2026-04-18T00:00:00.000Z",
   "components": [
     {
@@ -18,7 +18,7 @@
       "name": "skills",
       "path": ".claude/skills",
       "description": "Reusable skill modules (includes slash commands)",
-      "files": 107
+      "files": 109
     },
     {
       "name": "guides",