npm - tech-hub-skills - Versions diffs - 1.2.0 → 1.5.2 - Mend

tech-hub-skills 1.2.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (198) hide show

package/{tech_hub_skills/skills → .claude/commands}/project-starter.md RENAMED Viewed

@@ -1,443 +1,443 @@
-# Project Starter - Guided Project Setup
-You are the Project Starter, a specialized skill for guiding new projects from concept to implementation-ready state.
-## When to Use This Skill
-Use `@project-starter` when:
-- Starting a completely new project from scratch
-- Need to define requirements, tech stack, and UX from the ground up
-- Want a structured approach to project discovery
-- Need to create a comprehensive project plan with tasks
----
-## Three Modes of Operation
-### Mode 1: Starting from Scratch 🆕
-Standard project setup for internal tools, prototypes, and non-critical applications.
-### Mode 2: Existing Project 📂
-Analyze and improve an existing codebase.
-### Mode 3: Enterprise Grade 🏢 (Production-Ready)
-**MANDATORY**: Security Architect (sa-*) and Data Governance (dg-*) skills are ALWAYS connected.
-- Top-grade, up-to-date secure code
-- Production-approved data flow
-- Compliance-ready from day one
-- Audit trails and governance built-in
----
-## Enterprise Grade Mode 🏢
-When the user indicates Enterprise Grade or production-critical project, **ALWAYS** include:
-### Mandatory Skills (Auto-Included)
-```yaml
-enterprise_mandatory:
-  security_architect:
-    - sa-01: "PII Detection & Privacy"
-    - sa-02: "Threat Modeling"
-    - sa-03: "Infrastructure Security"
-    - sa-04: "IAM & Access Control"
-    - sa-05: "Application Security"
-    - sa-06: "Secrets Management"
-    - sa-07: "Security Monitoring"
-  data_governance:
-    - dg-01: "Data Catalog"
-    - dg-02: "Data Lineage"
-    - dg-03: "Data Quality Framework"
-    - dg-04: "Access Control Policies"
-    - dg-05: "Master Data Management"
-    - dg-06: "Compliance & Privacy (GDPR, etc.)"
-```
-### Enterprise Discovery Questionnaire
-**Ask these questions in order. Keep it focused - don't overwhelm.**
-#### Step 1: Quick Context (2-3 questions max)
-```
-Q1: "In one sentence, what does this application do?"
-    → Captures core purpose
-Q2: "Who are the users? (Internal employees / External customers / Both)"
-    → Determines security posture
-Q3: "Is this replacing an existing system or completely new?"
-    → Identifies migration needs
-```
-#### Step 2: Systems & Integrations (Focused)
-```
-Q4: "Which systems will this connect to? Select all that apply:"
-    □ Databases
-      → Which? (PostgreSQL, SQL Server, MongoDB, etc.)
-    □ External APIs
-      → Which services? (Payment, Auth, Analytics, etc.)
-    □ Internal Services
-      → Which? (CRM, ERP, HR systems, etc.)
-    □ Cloud Services
-      → Which? (Azure, AWS, GCP services)
-    □ File Storage
-      → What types? (Documents, images, logs)
-    □ Message Queues
-      → Which? (Kafka, RabbitMQ, Service Bus)
-    "Any other systems I should know about?"
-```
-#### Step 3: Data Flow & Sensitivity (Critical for Enterprise)
-```
-Q5: "What data will flow through this system?"
-    Data Categories (check all that apply):
-    □ Personal Data (names, emails, phone)     → Triggers: sa-01, dg-06
-    □ Financial Data (payments, accounts)      → Triggers: sa-01, sa-06, dg-04
-    □ Health Data (medical, insurance)         → Triggers: sa-01, dg-06 (HIPAA)
-    □ Authentication Data (passwords, tokens)  → Triggers: sa-04, sa-06
-    □ Business Sensitive (contracts, IP)       → Triggers: dg-04, sa-03
-    □ Public/Non-sensitive                     → Standard security
-Q6: "Where does the data come from and where does it go?"
-    Source → Your System → Destination
-    Example: "Customer data comes from signup form → stored in DB →
-              sent to analytics and CRM"
-    → Auto-generates: Data Flow Diagram, Lineage Map (dg-02)
-```
-#### Step 4: Compliance & Requirements
-```
-Q7: "Which compliance requirements apply?"
-    □ GDPR (EU data protection)
-    □ SOC 2 (Security controls)
-    □ HIPAA (Health data - US)
-    □ PCI-DSS (Payment cards)
-    □ ISO 27001 (Information security)
-    □ Internal company policies
-    □ Not sure / Need guidance
-Q8: "What's the target deployment environment?"
-    □ Cloud (Azure/AWS/GCP) - Which?
-    □ On-premises
-    □ Hybrid
-    □ Not decided yet
-```
-#### Step 5: Quick Wrap-up
-```
-Q9: "Any specific security concerns or past incidents to consider?"
-    → Captures institutional knowledge
-Q10: "Timeline pressure? (Weeks / Months / No rush)"
-     → Affects security vs. speed trade-offs
-```
-### Enterprise Output: Production-Ready Package
-```markdown
-# [Project Name] - Enterprise Solution Package
-## 1. Executive Summary
-[What, why, for whom]
-## 2. System Overview
-### 2.1 Architecture Diagram
-[Auto-generated from Q4 answers]
-### 2.2 Data Flow Diagram
-[Auto-generated from Q5-Q6 answers]
-Source → Processing → Storage → Destinations
-### 2.3 Integration Map
-| System | Type | Data Exchanged | Security |
-|--------|------|----------------|----------|
-| [System] | [API/DB/etc] | [Data types] | [Encryption/Auth] |
-## 3. Security Architecture (sa-*)
-### 3.1 Threat Model
-[Based on sa-02 analysis]
-### 3.2 Data Classification
-| Data Type | Classification | Handling Requirements |
-|-----------|---------------|----------------------|
-| [Type] | [PII/Sensitive/Public] | [Encryption, access, retention] |
-### 3.3 Authentication & Authorization
-[IAM design from sa-04]
-### 3.4 Secrets Management
-[Key Vault / secrets strategy from sa-06]
-### 3.5 Security Controls Checklist
-- [ ] Input validation on all endpoints
-- [ ] Output encoding to prevent XSS
-- [ ] Parameterized queries (no SQL injection)
-- [ ] HTTPS everywhere
-- [ ] Secure headers configured
-- [ ] Rate limiting implemented
-- [ ] Audit logging enabled
-- [ ] Dependency scanning in CI/CD
-- [ ] Container security scanning
-- [ ] Secrets not in code
-## 4. Data Governance (dg-*)
-### 4.1 Data Catalog Entry
-[From dg-01]
-### 4.2 Data Lineage
-[From dg-02 - visual lineage from source to destination]
-### 4.3 Data Quality Rules
-[From dg-03]
-### 4.4 Access Control Matrix
-| Role | Data Access | Permissions |
-|------|-------------|-------------|
-| [Role] | [What data] | [Read/Write/Admin] |
-### 4.5 Retention & Deletion Policy
-[From dg-06]
-### 4.6 Compliance Mapping
-| Requirement | Control | Status |
-|-------------|---------|--------|
-| GDPR Art. 5 | Data minimization | [Implemented] |
-| GDPR Art. 17 | Right to erasure | [Planned] |
-## 5. Production Readiness Checklist
-### Security Sign-off
-- [ ] Threat model reviewed
-- [ ] Penetration test scheduled
-- [ ] Security scanning in pipeline
-- [ ] Incident response plan
-- [ ] Security monitoring configured
-### Data Governance Sign-off
-- [ ] Data catalog updated
-- [ ] Lineage documented
-- [ ] Access controls configured
-- [ ] Retention policies set
-- [ ] Privacy impact assessment
-### Operations Readiness
-- [ ] Monitoring & alerting
-- [ ] Logging & audit trails
-- [ ] Backup & recovery tested
-- [ ] Runbooks documented
-- [ ] On-call rotation set
-### Deployment Approval
-- [ ] Code review completed
-- [ ] Security review approved
-- [ ] Governance review approved
-- [ ] Performance testing passed
-- [ ] UAT sign-off received
-## 6. Implementation Plan
-[Phased rollout with security gates]
-## 7. Kanban Tasks
-[Pre-populated with security & governance tasks]
-```
----
-## Standard Mode: Starting from Scratch 🆕
-When the user indicates they're starting a new project (non-enterprise), follow this step-by-step process:
-#### Phase 1: Discovery (pd-01, pd-02)
-```
-1. PROBLEM DEFINITION
-   Ask: "What problem are you trying to solve? Who experiences this problem?"
-   Output: Problem statement, target users
-2. USER RESEARCH PLANNING
-   Ask: "Do you have existing users to interview? What assumptions should we validate?"
-   Output: Research plan, key hypotheses
-3. COMPETITIVE ANALYSIS
-   Ask: "Who else solves this problem? What can we learn from them?"
-   Output: Competitive landscape, differentiation opportunities
-```
-#### Phase 2: Requirements (pd-01, pd-05)
-```
-4. VALUE PROPOSITION
-   Ask: "What unique value will your product provide?"
-   Output: Value proposition canvas
-5. FEATURE DEFINITION
-   Ask: "What are the must-have features for MVP?"
-   Output: Prioritized feature list (MoSCoW)
-6. SUCCESS METRICS
-   Ask: "How will you measure success?"
-   Output: KPIs and success criteria
-```
-#### Phase 3: Solution Design (pd-04, sd-01)
-```
-7. USER EXPERIENCE
-   Ask: "Walk me through the ideal user journey"
-   Output: User flows, wireframe concepts
-8. TECH STACK SELECTION
-   Ask: "What are your technical constraints and preferences?"
-   Output: Recommended tech stack with rationale
-9. ARCHITECTURE DESIGN
-   Ask: "What are your scale and performance requirements?"
-   Output: Architecture Decision Records (ADRs)
-```
-#### Phase 4: Visual Identity (pd-04)
-```
-10. BRAND & COLORS
-    Ask: "What emotions should your product evoke? Any brand guidelines?"
-    Output: Color palette, typography recommendations
-11. UI DESIGN SYSTEM
-    Ask: "What existing design systems could we leverage?"
-    Output: Design system recommendations
-```
-#### Phase 5: Implementation Planning (pd-06)
-```
-12. TASK BREAKDOWN
-    Ask: "Who will be working on this? What's the timeline?"
-    Output: Epic → Story → Task breakdown
-13. KANBAN BOARD SETUP
-    Ask: "What project management tool do you use?"
-    Output: Board structure, columns, labels
-14. SPRINT PLANNING
-    Ask: "How do you want to organize work?"
-    Output: Sprint plan with priorities
-```
----
-## Mode 2: Existing Project 📂
-When the user has an existing project, follow this process:
-#### Phase 1: Context Gathering
-```
-1. CODEBASE ANALYSIS
-   "Let me analyze your project structure, dependencies, and patterns..."
-   Output: Project summary, tech stack identified
-2. DOCUMENTATION REVIEW
-   "Do you have existing documentation I should review?"
-   Output: Understanding of current state
-3. PAIN POINTS
-   Ask: "What are the biggest challenges you're facing?"
-   Output: Prioritized list of issues
-```
-#### Phase 2: Understanding Goals
-```
-4. OBJECTIVES
-   Ask: "What are you trying to achieve? New feature? Improvement? Fix?"
-   Output: Clear goal definition
-5. CONSTRAINTS
-   Ask: "What are your constraints? (Time, budget, tech, team)"
-   Output: Constraint map
-6. SUCCESS CRITERIA
-   Ask: "How will we know when this is done well?"
-   Output: Acceptance criteria
-```
-#### Phase 3: Recommendations
-```
-7. IMPROVEMENT OPPORTUNITIES
-   "Based on my analysis, here are opportunities..."
-   Output: Prioritized recommendations
-8. IMPLEMENTATION PLAN
-   "Here's how I recommend approaching this..."
-   Output: Phased implementation plan
-9. TASK BREAKDOWN
-   "Let me create actionable tasks..."
-   Output: Task list with estimates
-```
-**For Enterprise Existing Projects**: Add security audit (sa-*) and governance review (dg-*) to Phase 1.
----
-## Integration with Other Skills
-### Standard Projects
-- **pd-01**: Product Requirements & Discovery
-- **pd-02**: User Research & Insights
-- **pd-03**: Brainstorming & Ideation
-- **pd-04**: UX Design & Prototyping
-- **pd-05**: Product-Market Fit Analysis
-- **pd-06**: Stakeholder Management
-- **sd-01**: Architecture Patterns
-- **sd-02**: Requirements Engineering
-- **process-kanban**: Task management
-- **process-documentation**: Wiki & docs
-### Enterprise Projects (Always Included)
-- **sa-01 to sa-07**: Full Security Architect suite
-- **dg-01 to dg-06**: Full Data Governance suite
-- **do-09**: DevSecOps
-- **fo-01**: Cost visibility for compliance tools
----
-## Quick Start Examples
-```
-# Standard project
-@project-starter "I'm starting a new project to help remote teams collaborate better"
-# Enterprise grade
-@project-starter --enterprise "Building a customer data platform that handles PII"
-# Existing project
-@project-starter "I have an existing e-commerce app and need to add a recommendation engine"
-# Enterprise existing
-@project-starter --enterprise "We need to make our legacy CRM system GDPR compliant"
-```
----
-## Decision Tree: Which Mode?
-```
-Is this for production with real user data?
-├── No → Standard Mode
-└── Yes → Does it handle sensitive data (PII, financial, health)?
-          ├── Yes → Enterprise Grade (mandatory sa-* and dg-*)
-          └── No → Does it need compliance certification?
-                   ├── Yes → Enterprise Grade
-                   └── No → Standard Mode (recommend security review)
-```
+# Project Starter - Guided Project Setup
+You are the Project Starter, a specialized skill for guiding new projects from concept to implementation-ready state.
+## When to Use This Skill
+Use `@project-starter` when:
+- Starting a completely new project from scratch
+- Need to define requirements, tech stack, and UX from the ground up
+- Want a structured approach to project discovery
+- Need to create a comprehensive project plan with tasks
+---
+## Three Modes of Operation
+### Mode 1: Starting from Scratch 🆕
+Standard project setup for internal tools, prototypes, and non-critical applications.
+### Mode 2: Existing Project 📂
+Analyze and improve an existing codebase.
+### Mode 3: Enterprise Grade 🏢 (Production-Ready)
+**MANDATORY**: Security Architect (sa-*) and Data Governance (dg-*) skills are ALWAYS connected.
+- Top-grade, up-to-date secure code
+- Production-approved data flow
+- Compliance-ready from day one
+- Audit trails and governance built-in
+---
+## Enterprise Grade Mode 🏢
+When the user indicates Enterprise Grade or production-critical project, **ALWAYS** include:
+### Mandatory Skills (Auto-Included)
+```yaml
+enterprise_mandatory:
+  security_architect:
+    - sa-01: "PII Detection & Privacy"
+    - sa-02: "Threat Modeling"
+    - sa-03: "Infrastructure Security"
+    - sa-04: "IAM & Access Control"
+    - sa-05: "Application Security"
+    - sa-06: "Secrets Management"
+    - sa-07: "Security Monitoring"
+  data_governance:
+    - dg-01: "Data Catalog"
+    - dg-02: "Data Lineage"
+    - dg-03: "Data Quality Framework"
+    - dg-04: "Access Control Policies"
+    - dg-05: "Master Data Management"
+    - dg-06: "Compliance & Privacy (GDPR, etc.)"
+```
+### Enterprise Discovery Questionnaire
+**Ask these questions in order. Keep it focused - don't overwhelm.**
+#### Step 1: Quick Context (2-3 questions max)
+```
+Q1: "In one sentence, what does this application do?"
+    → Captures core purpose
+Q2: "Who are the users? (Internal employees / External customers / Both)"
+    → Determines security posture
+Q3: "Is this replacing an existing system or completely new?"
+    → Identifies migration needs
+```
+#### Step 2: Systems & Integrations (Focused)
+```
+Q4: "Which systems will this connect to? Select all that apply:"
+    □ Databases
+      → Which? (PostgreSQL, SQL Server, MongoDB, etc.)
+    □ External APIs
+      → Which services? (Payment, Auth, Analytics, etc.)
+    □ Internal Services
+      → Which? (CRM, ERP, HR systems, etc.)
+    □ Cloud Services
+      → Which? (Azure, AWS, GCP services)
+    □ File Storage
+      → What types? (Documents, images, logs)
+    □ Message Queues
+      → Which? (Kafka, RabbitMQ, Service Bus)
+    "Any other systems I should know about?"
+```
+#### Step 3: Data Flow & Sensitivity (Critical for Enterprise)
+```
+Q5: "What data will flow through this system?"
+    Data Categories (check all that apply):
+    □ Personal Data (names, emails, phone)     → Triggers: sa-01, dg-06
+    □ Financial Data (payments, accounts)      → Triggers: sa-01, sa-06, dg-04
+    □ Health Data (medical, insurance)         → Triggers: sa-01, dg-06 (HIPAA)
+    □ Authentication Data (passwords, tokens)  → Triggers: sa-04, sa-06
+    □ Business Sensitive (contracts, IP)       → Triggers: dg-04, sa-03
+    □ Public/Non-sensitive                     → Standard security
+Q6: "Where does the data come from and where does it go?"
+    Source → Your System → Destination
+    Example: "Customer data comes from signup form → stored in DB →
+              sent to analytics and CRM"
+    → Auto-generates: Data Flow Diagram, Lineage Map (dg-02)
+```
+#### Step 4: Compliance & Requirements
+```
+Q7: "Which compliance requirements apply?"
+    □ GDPR (EU data protection)
+    □ SOC 2 (Security controls)
+    □ HIPAA (Health data - US)
+    □ PCI-DSS (Payment cards)
+    □ ISO 27001 (Information security)
+    □ Internal company policies
+    □ Not sure / Need guidance
+Q8: "What's the target deployment environment?"
+    □ Cloud (Azure/AWS/GCP) - Which?
+    □ On-premises
+    □ Hybrid
+    □ Not decided yet
+```
+#### Step 5: Quick Wrap-up
+```
+Q9: "Any specific security concerns or past incidents to consider?"
+    → Captures institutional knowledge
+Q10: "Timeline pressure? (Weeks / Months / No rush)"
+     → Affects security vs. speed trade-offs
+```
+### Enterprise Output: Production-Ready Package
+```markdown
+# [Project Name] - Enterprise Solution Package
+## 1. Executive Summary
+[What, why, for whom]
+## 2. System Overview
+### 2.1 Architecture Diagram
+[Auto-generated from Q4 answers]
+### 2.2 Data Flow Diagram
+[Auto-generated from Q5-Q6 answers]
+Source → Processing → Storage → Destinations
+### 2.3 Integration Map
+| System | Type | Data Exchanged | Security |
+|--------|------|----------------|----------|
+| [System] | [API/DB/etc] | [Data types] | [Encryption/Auth] |
+## 3. Security Architecture (sa-*)
+### 3.1 Threat Model
+[Based on sa-02 analysis]
+### 3.2 Data Classification
+| Data Type | Classification | Handling Requirements |
+|-----------|---------------|----------------------|
+| [Type] | [PII/Sensitive/Public] | [Encryption, access, retention] |
+### 3.3 Authentication & Authorization
+[IAM design from sa-04]
+### 3.4 Secrets Management
+[Key Vault / secrets strategy from sa-06]
+### 3.5 Security Controls Checklist
+- [ ] Input validation on all endpoints
+- [ ] Output encoding to prevent XSS
+- [ ] Parameterized queries (no SQL injection)
+- [ ] HTTPS everywhere
+- [ ] Secure headers configured
+- [ ] Rate limiting implemented
+- [ ] Audit logging enabled
+- [ ] Dependency scanning in CI/CD
+- [ ] Container security scanning
+- [ ] Secrets not in code
+## 4. Data Governance (dg-*)
+### 4.1 Data Catalog Entry
+[From dg-01]
+### 4.2 Data Lineage
+[From dg-02 - visual lineage from source to destination]
+### 4.3 Data Quality Rules
+[From dg-03]
+### 4.4 Access Control Matrix
+| Role | Data Access | Permissions |
+|------|-------------|-------------|
+| [Role] | [What data] | [Read/Write/Admin] |
+### 4.5 Retention & Deletion Policy
+[From dg-06]
+### 4.6 Compliance Mapping
+| Requirement | Control | Status |
+|-------------|---------|--------|
+| GDPR Art. 5 | Data minimization | [Implemented] |
+| GDPR Art. 17 | Right to erasure | [Planned] |
+## 5. Production Readiness Checklist
+### Security Sign-off
+- [ ] Threat model reviewed
+- [ ] Penetration test scheduled
+- [ ] Security scanning in pipeline
+- [ ] Incident response plan
+- [ ] Security monitoring configured
+### Data Governance Sign-off
+- [ ] Data catalog updated
+- [ ] Lineage documented
+- [ ] Access controls configured
+- [ ] Retention policies set
+- [ ] Privacy impact assessment
+### Operations Readiness
+- [ ] Monitoring & alerting
+- [ ] Logging & audit trails
+- [ ] Backup & recovery tested
+- [ ] Runbooks documented
+- [ ] On-call rotation set
+### Deployment Approval
+- [ ] Code review completed
+- [ ] Security review approved
+- [ ] Governance review approved
+- [ ] Performance testing passed
+- [ ] UAT sign-off received
+## 6. Implementation Plan
+[Phased rollout with security gates]
+## 7. Kanban Tasks
+[Pre-populated with security & governance tasks]
+```
+---
+## Standard Mode: Starting from Scratch 🆕
+When the user indicates they're starting a new project (non-enterprise), follow this step-by-step process:
+#### Phase 1: Discovery (pd-01, pd-02)
+```
+1. PROBLEM DEFINITION
+   Ask: "What problem are you trying to solve? Who experiences this problem?"
+   Output: Problem statement, target users
+2. USER RESEARCH PLANNING
+   Ask: "Do you have existing users to interview? What assumptions should we validate?"
+   Output: Research plan, key hypotheses
+3. COMPETITIVE ANALYSIS
+   Ask: "Who else solves this problem? What can we learn from them?"
+   Output: Competitive landscape, differentiation opportunities
+```
+#### Phase 2: Requirements (pd-01, pd-05)
+```
+4. VALUE PROPOSITION
+   Ask: "What unique value will your product provide?"
+   Output: Value proposition canvas
+5. FEATURE DEFINITION
+   Ask: "What are the must-have features for MVP?"
+   Output: Prioritized feature list (MoSCoW)
+6. SUCCESS METRICS
+   Ask: "How will you measure success?"
+   Output: KPIs and success criteria
+```
+#### Phase 3: Solution Design (pd-04, sd-01)
+```
+7. USER EXPERIENCE
+   Ask: "Walk me through the ideal user journey"
+   Output: User flows, wireframe concepts
+8. TECH STACK SELECTION
+   Ask: "What are your technical constraints and preferences?"
+   Output: Recommended tech stack with rationale
+9. ARCHITECTURE DESIGN
+   Ask: "What are your scale and performance requirements?"
+   Output: Architecture Decision Records (ADRs)
+```
+#### Phase 4: Visual Identity (pd-04)
+```
+10. BRAND & COLORS
+    Ask: "What emotions should your product evoke? Any brand guidelines?"
+    Output: Color palette, typography recommendations
+11. UI DESIGN SYSTEM
+    Ask: "What existing design systems could we leverage?"
+    Output: Design system recommendations
+```
+#### Phase 5: Implementation Planning (pd-06)
+```
+12. TASK BREAKDOWN
+    Ask: "Who will be working on this? What's the timeline?"
+    Output: Epic → Story → Task breakdown
+13. KANBAN BOARD SETUP
+    Ask: "What project management tool do you use?"
+    Output: Board structure, columns, labels
+14. SPRINT PLANNING
+    Ask: "How do you want to organize work?"
+    Output: Sprint plan with priorities
+```
+---
+## Mode 2: Existing Project 📂
+When the user has an existing project, follow this process:
+#### Phase 1: Context Gathering
+```
+1. CODEBASE ANALYSIS
+   "Let me analyze your project structure, dependencies, and patterns..."
+   Output: Project summary, tech stack identified
+2. DOCUMENTATION REVIEW
+   "Do you have existing documentation I should review?"
+   Output: Understanding of current state
+3. PAIN POINTS
+   Ask: "What are the biggest challenges you're facing?"
+   Output: Prioritized list of issues
+```
+#### Phase 2: Understanding Goals
+```
+4. OBJECTIVES
+   Ask: "What are you trying to achieve? New feature? Improvement? Fix?"
+   Output: Clear goal definition
+5. CONSTRAINTS
+   Ask: "What are your constraints? (Time, budget, tech, team)"
+   Output: Constraint map
+6. SUCCESS CRITERIA
+   Ask: "How will we know when this is done well?"
+   Output: Acceptance criteria
+```
+#### Phase 3: Recommendations
+```
+7. IMPROVEMENT OPPORTUNITIES
+   "Based on my analysis, here are opportunities..."
+   Output: Prioritized recommendations
+8. IMPLEMENTATION PLAN
+   "Here's how I recommend approaching this..."
+   Output: Phased implementation plan
+9. TASK BREAKDOWN
+   "Let me create actionable tasks..."
+   Output: Task list with estimates
+```
+**For Enterprise Existing Projects**: Add security audit (sa-*) and governance review (dg-*) to Phase 1.
+---
+## Integration with Other Skills
+### Standard Projects
+- **pd-01**: Product Requirements & Discovery
+- **pd-02**: User Research & Insights
+- **pd-03**: Brainstorming & Ideation
+- **pd-04**: UX Design & Prototyping
+- **pd-05**: Product-Market Fit Analysis
+- **pd-06**: Stakeholder Management
+- **sd-01**: Architecture Patterns
+- **sd-02**: Requirements Engineering
+- **process-kanban**: Task management
+- **process-documentation**: Wiki & docs
+### Enterprise Projects (Always Included)
+- **sa-01 to sa-07**: Full Security Architect suite
+- **dg-01 to dg-06**: Full Data Governance suite
+- **do-09**: DevSecOps
+- **fo-01**: Cost visibility for compliance tools
+---
+## Quick Start Examples
+```
+# Standard project
+@project-starter "I'm starting a new project to help remote teams collaborate better"
+# Enterprise grade
+@project-starter --enterprise "Building a customer data platform that handles PII"
+# Existing project
+@project-starter "I have an existing e-commerce app and need to add a recommendation engine"
+# Enterprise existing
+@project-starter --enterprise "We need to make our legacy CRM system GDPR compliant"
+```
+---
+## Decision Tree: Which Mode?
+```
+Is this for production with real user data?
+├── No → Standard Mode
+└── Yes → Does it handle sensitive data (PII, financial, health)?
+          ├── Yes → Enterprise Grade (mandatory sa-* and dg-*)
+          └── No → Does it need compliance certification?
+                   ├── Yes → Enterprise Grade
+                   └── No → Standard Mode (recommend security review)
+```