the-frame-ai 0.13.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/README.md +167 -150
  2. package/package.json +4 -2
  3. package/src/cli.js +12 -16
  4. package/src/doctor.js +3 -2
  5. package/src/init.js +46 -39
  6. package/src/languages.js +1 -25
  7. package/src/update.js +120 -45
  8. package/src/utils.js +97 -22
  9. package/templates/agents/auditor.md +116 -0
  10. package/templates/agents/builder.md +30 -47
  11. package/templates/agents/conventions-reviewer.md +1 -1
  12. package/templates/agents/devils-advocate.md +71 -23
  13. package/templates/agents/performance-auditor.md +26 -27
  14. package/templates/agents/planner.md +70 -51
  15. package/templates/agents/researcher.md +30 -81
  16. package/templates/agents/reviewer.md +43 -53
  17. package/templates/agents/security.md +75 -93
  18. package/templates/agents/tests-reviewer.md +1 -1
  19. package/templates/commands/frame:add-task.md +5 -0
  20. package/templates/commands/frame:arch.md +9 -2
  21. package/templates/commands/frame:audit.md +383 -0
  22. package/templates/commands/frame:build.md +109 -59
  23. package/templates/commands/frame:checkpoint.md +129 -4
  24. package/templates/commands/frame:cleanup-memory.md +20 -21
  25. package/templates/commands/frame:daily.md +88 -4
  26. package/templates/commands/frame:debug.md +177 -31
  27. package/templates/commands/frame:doctor.md +26 -19
  28. package/templates/commands/frame:fast.md +22 -17
  29. package/templates/commands/frame:health.md +100 -1
  30. package/templates/commands/frame:init.md +4 -0
  31. package/templates/commands/frame:migrate.md +7 -2
  32. package/templates/commands/frame:note.md +8 -3
  33. package/templates/commands/frame:pause.md +6 -2
  34. package/templates/commands/frame:plan.md +190 -82
  35. package/templates/commands/frame:refactor.md +10 -5
  36. package/templates/commands/frame:research.md +106 -50
  37. package/templates/commands/frame:resume.md +5 -1
  38. package/templates/commands/frame:retrospective.md +41 -48
  39. package/templates/commands/frame:review.md +169 -105
  40. package/templates/commands/frame:ship.md +33 -16
  41. package/templates/commands/frame:test-plan.md +5 -0
  42. package/templates/commands/frame:unstuck.md +7 -5
  43. package/templates/commands/frame:upgrade.md +92 -0
  44. package/templates/commands/frame:verify-ui.md +10 -5
  45. package/templates/commands/frame:why.md +102 -14
  46. package/templates/commands/frame:worktree.md +23 -0
  47. package/templates/hooks/git-safety.sh +12 -6
  48. package/templates/hooks/pre-compact.sh +22 -0
  49. package/templates/hooks/quality-gate.sh +26 -13
  50. package/templates/hooks/safety-net.sh +32 -2
  51. package/templates/hooks/session-init.sh +10 -0
  52. package/templates/project/CLAUDE.md +6 -8
  53. package/templates/project/config.json +4 -0
  54. package/templates/project/memory/context.md +6 -5
  55. package/templates/project/memory/conventions.md +6 -1
  56. package/templates/project/memory/dependencies.md +4 -4
  57. package/templates/project/memory/learnings.md +72 -0
  58. package/templates/project/settings.local.json +9 -8
  59. package/templates/project/specs/_template/subagent-prompt.md +1 -1
  60. package/README.de.md +0 -426
  61. package/README.es.md +0 -426
  62. package/README.hi.md +0 -426
  63. package/README.ja.md +0 -426
  64. package/README.ru.md +0 -427
  65. package/README.zh.md +0 -426
  66. package/bin/the-frame +0 -5
  67. package/templates/commands/frame:check-deps.md +0 -118
  68. package/templates/commands/frame:context.md +0 -64
  69. package/templates/commands/frame:estimate.md +0 -105
  70. package/templates/commands/frame:explain.md +0 -84
  71. package/templates/commands/frame:forensics.md +0 -139
  72. package/templates/commands/frame:headless.md +0 -118
  73. package/templates/commands/frame:perf-audit.md +0 -291
  74. package/templates/commands/frame:perf-fix.md +0 -112
  75. package/templates/commands/frame:performance.md +0 -228
  76. package/templates/commands/frame:rollback.md +0 -207
  77. package/templates/commands/frame:security-fix.md +0 -260
  78. package/templates/commands/frame:security.md +0 -420
  79. package/templates/commands/frame:sprint-check.md +0 -111
  80. package/templates/commands/frame:status.md +0 -103
  81. package/templates/commands/frame:wave-team.md +0 -182
  82. package/templates/commands/frame:wave.md +0 -319
  83. package/templates/commands/frame:where.md +0 -5
  84. package/templates/project/memory/anti-patterns.md +0 -14
  85. package/templates/project/memory/decisions.md +0 -20
  86. package/templates/project/memory/metrics.md +0 -22
  87. package/templates/project/memory/patterns.md +0 -30
  88. package/templates/project/memory/wins.md +0 -11
package/README.md CHANGED
@@ -2,8 +2,6 @@
2
2
 
3
3
  FRAME — Framework for AI-Assisted Solo Development
4
4
 
5
- [🇺🇸 English](README.md) | [🇨🇳 中文](README.zh.md) | [🇮🇳 हिंदी](README.hi.md) | [🇯🇵 日本語](README.ja.md) | [🇩🇪 Deutsch](README.de.md) | [🇪🇸 Español](README.es.md) | [🇷🇺 Русский](README.ru.md)
6
-
7
5
  ## What is FRAME?
8
6
 
9
7
  **FRAME (Framework for AI-Assisted Solo Development)** is a framework for solo developers building products with Claude Code. It turns chaotic AI-assisted development into a predictable process — from idea to deploy — with memory, structure, and protection against mistakes.
@@ -17,10 +15,10 @@ If you're building a product alone with Claude Code and want to work like a team
17
15
  | Losing context between sessions | Project memory and automatic state dump on session start |
18
16
  | Chaos in tasks and priorities | 6-phase workflow: Research → Plan → Build → Review → Ship → Reflect |
19
17
  | Fear of breaking something important | Safety hooks block destructive commands before they run |
20
- | Repetitive routine tasks | 35 ready-made commands for the full development cycle |
21
- | Complex features with dependencies | Parallel subagents for independent tasks |
18
+ | Repetitive routine tasks | 28 ready-made commands for the full development cycle |
19
+ | Complex features with dependencies | Parallel subagents for independent tasks (wave-based planning) |
22
20
  | No structure for solo work | Roadmap, STATE.md, MAP.md — always know where you are and what's next |
23
- | Shipping code with security holes | Security agent audits OWASP Top 10, secrets, infra, AI risks before deploy |
21
+ | Shipping code with security holes | `/frame:audit` unified security, performance, and dependency audit before deploy |
24
22
 
25
23
  ## How to work with FRAME
26
24
 
@@ -31,16 +29,17 @@ Research → Plan → Build → Review → Ship → Reflect
31
29
  Each session is one cycle. Start with `/frame:daily`, end with `/frame:ship`.
32
30
 
33
31
  **Research** — understand before you build
34
- Run `/frame:research <topic>` — Claude explores the codebase, external sources, and builds context for the next step.
32
+ Run `/frame:research <topic>` — Claude explores the codebase and external sources, asks clarifying questions, builds context, and stays available for a chat-driven decision log.
35
33
 
36
34
  **Plan** — break it into tasks
37
- `/frame:plan <feature>` turns research into a concrete task list with estimates.
35
+ `/frame:plan <feature>` turns research into a concrete task list with wave grouping and `Parallel: yes/no` labels.
36
+ `/frame:plan audit` creates a fix plan from the latest audit report.
38
37
 
39
38
  **Build** — implement
40
- `/frame:build` executes tasks sequentially (1–3 at a time) with TDD. For many independent tasks `/frame:wave` runs them in parallel batches. When quality matters more than speed — `/frame:wave-team` adds a review team (Security, Performance, Tests, Conventions) after each task. Stuck — `/frame:unstuck`. Found a bug — `/frame:debug`.
39
+ `/frame:build` reads the `Parallel:` labels from plan.md and automatically decides whether to run tasks sequentially or in parallel worktrees. No flags needed. Stuck — `/frame:unstuck`. Found a bug — `/frame:debug`.
41
40
 
42
41
  **Review** — check before deploying
43
- `/frame:review` runs automated checks and gives a checklist: tests, types, security, performance.
42
+ `/frame:review` runs automated checks and a 6-panel review (spec compliance, security, performance, business logic, tests, conventions) on the diff.
44
43
 
45
44
  **Ship** — deploy and record
46
45
  `/frame:ship` commits, optional push/PR, and updates project memory.
@@ -57,24 +56,27 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
57
56
  # → see current project status and what's planned
58
57
 
59
58
  /frame:research "Google OAuth"
60
- # → Claude studies the codebase: how current auth works,
61
- # what patterns are already used, what needs to be added
59
+ # → Claude asks 2-3 clarifying questions, then studies the codebase:
60
+ # how current auth works, what patterns are already used, what needs to be added
61
+ # → research.md with Requirements (R1, R2...) and Acceptance Criteria (AC1, AC2...)
62
62
 
63
63
  /frame:plan "Google OAuth"
64
- # → get a concrete task list:
65
- # 1. configure Google OAuth credentials
66
- # 2. add callback route
67
- # 3. connect to sessions
68
- # 4. add button to UI
64
+ # → get a concrete task list with wave grouping:
65
+ # Wave 1 (Parallel: yes): configure credentials, add callback route
66
+ # Wave 2 (Parallel: no): connect to sessions (depends on Wave 1)
67
+ # Wave 3 (Parallel: yes): add UI button, write integration tests
69
68
 
70
69
  /frame:checkpoint
71
- # → save a restore point — if something goes wrong, you can roll back
70
+ # → save a restore point — if something goes wrong, use /frame:checkpoint rollback
72
71
 
73
- /frame:wave
74
- # → tasks 1–4 are independent, Claude runs them in parallel
72
+ /frame:build
73
+ # → reads Parallel: labels from plan.md
74
+ # Wave 1: runs tasks in parallel worktrees (automatically)
75
+ # Wave 2: runs sequentially (depends on Wave 1 output)
75
76
 
76
77
  /frame:review
77
- # → automated checks: tests, types, security
78
+ # → automated checks + 6-panel review on the diff (spec compliance, security, performance, tests, conventions, business logic)
79
+ # → every requirement and AC traced to implementation
78
80
 
79
81
  /frame:ship
80
82
  # → commit, optional push/PR, project memory updated
@@ -87,18 +89,19 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
87
89
  # → restore context, see the bug is already in the plan or add it
88
90
 
89
91
  /frame:debug "login after reset"
90
- # → Claude systematically checks: logs, reset flow, sessions, tokens
91
- # → you get a hypothesis with a specific location in the code
92
+ # → git archaeology first (git log -15 -- relevant files)
93
+ # → max 3 ranked hypotheses, checks cheapest first
94
+ # → you get a confirmed root cause with specific location in code
92
95
 
93
96
  # If the cause is found immediately:
94
97
  /frame:checkpoint # restore point before the fix
95
98
  /frame:fast "fix: invalidate old session after password reset"
96
- # → Claude makes a targeted fix, writes a regression test
99
+ # → Claude makes a targeted fix, writes a regression test, prints one-line summary
97
100
 
98
101
  # If the cause is unclear — go deeper:
99
- /frame:forensics
100
- # → analyzes git history of changes in this area,
101
- # finds the commit that broke the behavior
102
+ /frame:debug --deep
103
+ # → 3 parallel investigators: git-history, code, config
104
+ # analyzes git history, finds the commit that broke the behavior (5-why analysis)
102
105
 
103
106
  /frame:checkpoint
104
107
  /frame:fast "fix: ..." # fix the found cause
@@ -109,41 +112,37 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
109
112
  /frame:ship
110
113
  ```
111
114
 
112
- ### Performance: find and fix bottlenecks
115
+ ### Audit: find issues before launch
113
116
 
114
117
  ```
115
118
  /frame:daily
119
+ # → briefing shows: "Audit: ⚠️ never run" — time to fix that
120
+
121
+ /frame:audit
122
+ # → detects project size (S/M/L), launches category agents in parallel:
123
+ # SEC: OWASP Top 10, secrets, auth, CORS
124
+ # PERF: N+1 queries, memory leaks, cache, bundle
125
+ # DEPS: vulnerabilities, outdated packages
126
+ # LOGIC, DATA, OBS, TEST, INFRA, MAINT, A11Y, PRIV
127
+ # → verification pass: devils-advocate tries to REFUTE CRITICAL/HIGH findings
128
+ # → AUDIT.md saved to .planning/reports/audit/{date}/AUDIT.md
129
+
130
+ # Targeted scans:
131
+ /frame:audit security # security only
132
+ /frame:audit performance # performance only
133
+ /frame:audit deps # dependencies only
134
+ /frame:audit quick # top 4 categories (SEC, PERF, DEPS, LOGIC)
135
+
136
+ # After audit, create a fix plan:
137
+ /frame:plan audit
138
+ # → reads AUDIT.md, groups findings into tasks by file/module
139
+ # → Wave 1: CRITICAL findings, Wave 2: HIGH findings
140
+
141
+ /frame:build
142
+ # → implements fix tasks
116
143
 
117
- /frame:perf-audit
118
- # → detects stack (Next.js + PostgreSQL + Redis, etc.)
119
- # → searches for current known issues for that exact stack
120
- # → deep scan: N+1 queries, memory leaks, blocking ops,
121
- # missing cache headers, re-render causes, bundle size
122
- # → report saved to .planning/reports/performance/PERF_REPORT.md
123
- # with Critical/High/Medium/Low priorities and effort estimates
124
-
125
- # Example report output:
126
- # Critical: 2 | High: 4 | Medium: 3 | Low: 1
127
- # [PERF-1] N+1 query in /api/users — 47 extra DB queries per request (S)
128
- # [PERF-2] setInterval without cleanup in Dashboard — memory leak (XS)
129
-
130
- /frame:perf-fix
131
- # → reads PERF_REPORT.md, starts with Critical issues
132
- # → for each issue shows:
133
- # --- BEFORE ---
134
- # const users = await db.findMany()
135
- # --- AFTER ---
136
- # const users = await db.findMany({ select: { id, name, email } })
137
- # → asks: Apply this fix? [y/n/skip]
138
- # → applies, runs typecheck + tests, reverts if broken
139
-
140
- # Fix specific issue or priority:
141
- /frame:perf-fix PERF-1 # fix one issue
142
- /frame:perf-fix high # fix all High priority
143
- /frame:perf-fix all # fix Critical + High
144
-
145
- /frame:perf-audit
146
- # → re-run to confirm improvements
144
+ /frame:ship
145
+ # → security check passes, commit and push
147
146
  ```
148
147
 
149
148
  ### UI verification: confirm the interface works
@@ -166,59 +165,20 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
166
165
 
167
166
  The command only **verifies** — it doesn't auto-fix. If it finds a problem, it describes it precisely: which element, what behavior, what was expected.
168
167
 
169
- **Automatic check**: in `/frame:build`, `/frame:fast`, `/frame:wave`, and `/frame:debug` — if the task touches UI files (`.tsx`, `.vue`, `.css`, `component`, `page`) — browser check runs automatically after quality gates.
168
+ **Automatic check**: in `/frame:build`, `/frame:fast`, and `/frame:debug` — if the task touches UI files (`.tsx`, `.vue`, `.css`, `component`, `page`) — browser check runs automatically after quality gates.
170
169
 
171
- **Requires Playwright MCP** — added automatically on `npx the-frame init` or `npx the-frame update` if you answer "y" to the frontend project question.
170
+ **Requires Playwright MCP** — added automatically on `npx the-frame-ai init` or `npx the-frame-ai update` if you answer "y" to the frontend project question.
172
171
 
173
- ### Security: audit before launch
172
+ ### CI / Autonomous mode
174
173
 
175
- ```
176
- /frame:daily
177
- # → briefing shows: "Security: ⚠️ never run" — time to fix that
178
-
179
- /frame:security
180
- # → full project scan across all categories:
181
- # - secrets: AWS keys, GitHub tokens, Stripe keys, private keys, .env in git
182
- # - OWASP Top 10: SQL injection, XSS, CSRF, path traversal, SSRF, command injection
183
- # - infrastructure: Dockerfile (root user, :latest), debug endpoints, missing .dockerignore
184
- # - AI/LLM: prompt injection, insecure output handling, system prompt leakage
185
- # - dependencies: known CVEs via npm audit
186
-
187
- # → report saved to .planning/reports/security/security-{date}.md
188
- # → STATE.md updated with Security Status
189
-
190
- # If CRITICAL or HIGH findings:
191
- # ⛔ Ship BLOCKED. Run /frame:security-fix to fix critical findings.
192
-
193
- /frame:security-fix
194
- # → reads the latest report and fixes findings by priority:
195
- # CRITICAL first, then HIGH
196
- # - removes .env files from git tracking (git rm --cached)
197
- # - adds missing security headers to next.config.js / Express
198
- # - adds CSRF protection to Route Handlers
199
- # - runs npm audit fix for vulnerable dependencies
200
- # - fixes Dockerfile: adds USER directive, pins :latest tags
201
- # - for secrets already in history: tells you exactly how to rotate + rewrite history
202
- # → verifies each fix after applying
203
- # → updates STATE.md: unblocks ship if all CRITICAL resolved
204
-
205
- # Targeted fixes:
206
- /frame:security-fix critical # fix only CRITICAL findings
207
- /frame:security-fix high # fix only HIGH findings
208
- /frame:security-fix SEC-1 # fix a specific finding by ID
209
-
210
- /frame:security
211
- # → re-run audit to confirm everything is clean
212
-
213
- # If clean:
214
- # ✓ No critical issues. Safe to proceed with /frame:ship.
174
+ FRAME doesn't have a dedicated headless command. For CI or non-interactive runs, invoke commands directly via `claude -p`:
215
175
 
216
- /frame:ship
217
- # security check passes, commit and push
176
+ ```bash
177
+ # Run full cycle autonomously
178
+ claude -p "/frame:build" --allowedTools "Bash,Read,Write,Edit"
218
179
 
219
- # Targeted scans when you know what to look for:
220
- /frame:security secrets # secrets-only scan (~30 seconds)
221
- /frame:security src/api/ # scan specific directory
180
+ # Audit in CI
181
+ claude -p "/frame:audit quick" --allowedTools "Bash,Read,Write,Grep"
222
182
  ```
223
183
 
224
184
  ## What's inside
@@ -226,11 +186,11 @@ The command only **verifies** — it doesn't auto-fix. If it finds a problem, it
226
186
  FRAME provides:
227
187
 
228
188
  - **6-phase workflow**: Research → Plan → Build → Review → Ship → Reflect
229
- - **37 commands**: from quick tasks to full feature development cycle
230
- - **7 AI agents**: Researcher, Planner, Builder, Reviewer, Devil's Advocate, Security, Performance Auditor
189
+ - **28 commands**: from quick tasks to full feature development cycle
190
+ - **10 AI agents**: Researcher, Planner, Builder, Reviewer, Auditor, Devil's Advocate, Security, Performance Auditor, Tests Reviewer, Conventions Reviewer
231
191
  - **Safety Hooks**: block destructive operations, enforce quality gates
232
192
  - **Git Safety**: checkpoints, rollback, worktrees, pause/resume
233
- - **Security Auditing**: OWASP Top 10, secret detection, infrastructure checks, AI/LLM risks
193
+ - **Unified Audit**: 12 categories (SEC, PERF, LOGIC, API, DATA, OBS, DEPS, TEST, INFRA, MAINT, A11Y, PRIV) with adversarial verification
234
194
 
235
195
  ## Prerequisites
236
196
 
@@ -255,17 +215,16 @@ npx the-frame-ai init
255
215
 
256
216
  ### Core — start here
257
217
 
258
- These 7 commands cover 90% of solo dev work:
218
+ These commands cover 90% of solo dev work:
259
219
 
260
220
  | Command | When to use |
261
221
  |---------|-------------|
262
222
  | `/frame:daily` | **Start here** after any break — what was done, what's next |
263
223
  | `/frame:research <topic>` | Before planning a new feature |
264
- | `/frame:plan <feature>` | Turn research into an actionable task list |
265
- | `/frame:build` | Implement 1–3 tasks with TDD (sequential) |
266
- | `/frame:wave` | Implement 4+ independent tasks (parallel subagents) |
267
- | `/frame:wave-team` | Like wave, but with a review team after each task |
268
- | `/frame:review` | Before deploying — automated checks + checklist |
224
+ | `/frame:plan <feature>` | Turn research into an actionable task list with waves |
225
+ | `/frame:plan audit` | Create fix tasks from the latest audit report |
226
+ | `/frame:build` | Implement tasks reads Parallel: labels, runs sequentially or in parallel automatically |
227
+ | `/frame:review` | Before deploying 6-panel review + automated checks |
269
228
  | `/frame:ship` | Commit, optional push/PR, update memory |
270
229
 
271
230
  ### All Commands by Phase
@@ -276,8 +235,7 @@ These 7 commands cover 90% of solo dev work:
276
235
  | Command | When to use |
277
236
  |---------|-------------|
278
237
  | `/frame:research <topic>` | Before planning a new feature |
279
- | `/frame:explain <file>` | Why does this code look like this? |
280
- | `/frame:why <topic>` | Search decision history |
238
+ | `/frame:why <topic or path>` | Search decision history or explain why code looks the way it does |
281
239
  | `/frame:arch <module>` | Document a module's architecture to `docs/arch/{module}.md` |
282
240
  </details>
283
241
 
@@ -286,7 +244,8 @@ These 7 commands cover 90% of solo dev work:
286
244
 
287
245
  | Command | When to use |
288
246
  |---------|-------------|
289
- | `/frame:plan <feature>` | Turn research into an actionable task list |
247
+ | `/frame:plan <feature>` | Turn research into an actionable task list with wave grouping |
248
+ | `/frame:plan audit [all]` | Turn audit findings into a fix plan (Critical+High, or all) |
290
249
  | `/frame:add-task` | Add a task to the plan without interrupting work |
291
250
  </details>
292
251
 
@@ -295,29 +254,28 @@ These 7 commands cover 90% of solo dev work:
295
254
 
296
255
  | Command | When to use |
297
256
  |---------|-------------|
298
- | `/frame:build` | Implement plan with TDD (1–3 tasks, sequential) |
299
- | `/frame:wave` | Implement 4+ independent tasks in parallel batches |
300
- | `/frame:wave-team` | Like wave, but with a review team (Security, Perf, Tests, Conventions) after each task |
257
+ | `/frame:build` | Implement plan with TDD auto-detects sequential vs parallel from plan |
301
258
  | `/frame:fast <task>` | Quick task under 30 minutes |
302
- | `/frame:debug <issue>` | Systematic bug investigation |
303
- | `/frame:forensics` | Deep dive into why something broke |
259
+ | `/frame:debug <issue>` | Systematic bug investigation with git archaeology |
260
+ | `/frame:debug --deep` | Deep forensic investigation (parallel investigators, 5-why, timeline) |
261
+ | `/frame:debug <SEC-N>` | Debug a specific finding from the last audit/review by ID |
304
262
  | `/frame:refactor` | Refactor with TDD safety net |
305
263
  | `/frame:migrate` | DB/API/deps migration with rollback plan |
306
264
  </details>
307
265
 
308
266
  <details>
309
- <summary>Review</summary>
267
+ <summary>Review & Audit</summary>
310
268
 
311
269
  | Command | When to use |
312
270
  |---------|-------------|
313
- | `/frame:review` | Before deploying — automated checks + checklist |
314
- | `/frame:security` | Deep security audit: secrets, OWASP, infra, AI/LLM risks |
315
- | `/frame:security-fix` | Fix findings from the latest security report (CRITICAL first, then HIGH) |
316
- | `/frame:perf-audit` | Deep performance audit: detects stack, researches current issues, writes PERF_REPORT.md |
317
- | `/frame:perf-fix` | Fix issues from PERF_REPORT.md — shows before/after, asks confirmation per fix |
271
+ | `/frame:review` | Before deploying — automated checks + 6-panel review |
272
+ | `/frame:audit` | Full project audit: 12 categories, adversarial verification |
273
+ | `/frame:audit security` | Security-only audit: secrets, OWASP, auth, CORS |
274
+ | `/frame:audit performance` | Performance-only audit: N+1, cache, memory leaks, bundle |
275
+ | `/frame:audit deps` | Dependency audit: vulnerabilities, outdated packages |
276
+ | `/frame:audit quick` | Top 4 categories (SEC, PERF, DEPS, LOGIC) — fast overview |
318
277
  | `/frame:health` | Full project health check |
319
- | `/frame:check-deps` | Dependency vulnerabilities + outdated packages |
320
- | `/frame:performance` | Bundle size and Lighthouse audit |
278
+ | `/frame:health sprint` | Weekly progress vs roadmap |
321
279
  </details>
322
280
 
323
281
  <details>
@@ -325,10 +283,9 @@ These 7 commands cover 90% of solo dev work:
325
283
 
326
284
  | Command | When to use |
327
285
  |---------|-------------|
328
- | `/frame:test-plan` | After review, before ship — generates a manual "go check this as a user" checklist of what changed |
286
+ | `/frame:test-plan` | After review, before ship — generates a manual "go check this as a user" checklist |
329
287
  | `/frame:ship` | Commit, optional push/PR, update memory |
330
- | `/frame:checkpoint` | Save a git tag before a risky change |
331
- | `/frame:rollback` | Roll back to a checkpoint |
288
+ | `/frame:checkpoint` | Save/list/rollback git checkpoints |
332
289
  </details>
333
290
 
334
291
  <details>
@@ -336,8 +293,7 @@ These 7 commands cover 90% of solo dev work:
336
293
 
337
294
  | Command | When to use |
338
295
  |---------|-------------|
339
- | `/frame:retrospective` | After deploy — update memory and metrics |
340
- | `/frame:sprint-check` | Weekly progress vs roadmap |
296
+ | `/frame:retrospective` | After deploy — update memory and record learnings |
341
297
  | `/frame:cleanup-memory` | Trim and archive stale memory |
342
298
  </details>
343
299
 
@@ -347,10 +303,9 @@ These 7 commands cover 90% of solo dev work:
347
303
  | Command | When to use |
348
304
  |---------|-------------|
349
305
  | `/frame:daily` | Start of day — what was done, what's next |
350
- | `/frame:status` | Full state dump (git, memory, blockers) |
306
+ | `/frame:daily full` | Full technical context dump (STATE.md + memory + git diff) |
351
307
  | `/frame:note` | Capture a pattern, decision, or anti-pattern |
352
308
  | `/frame:unstuck` | Stuck? Get 3 concrete options to unblock |
353
- | `/frame:context` | Show current working context |
354
309
  | `/frame:init` | First run — scan codebase, fill MAP.md |
355
310
  | `/frame:doctor` | Verify FRAME installation |
356
311
  | `/frame:pause` / `/frame:resume` | Save and restore mid-task state |
@@ -362,20 +317,71 @@ These 7 commands cover 90% of solo dev work:
362
317
  | Command | When to use |
363
318
  |---------|-------------|
364
319
  | `/frame:worktree` | Isolated git worktree for parallel experiments |
365
- | `/frame:headless` | Autonomous CI mode (no interaction) |
366
- | `/frame:estimate <task>` | Scope and time estimate before starting |
367
320
  </details>
368
321
 
322
+ ## Full Command Reference
323
+
324
+ <!-- COMMANDS:START -->
325
+ | Command | Description | Arguments |
326
+ |---------|-------------|-----------|
327
+ | `/frame:add-task` | Add a task to the current plan.md without interrupting work | `<task description>` |
328
+ | `/frame:arch` | Document module architecture and design decisions for a file or module | `<file or module path>` |
329
+ | `/frame:audit` | Comprehensive project audit across 12 categories — security, performance, business logic, API, data, observability, deps, tests, infra, maintainability, a11y, privacy | `[category | quick] [scope-path] [--priv]` |
330
+ | `/frame:build` | Implement planned tasks using TDD — auto-detects sequential or parallel execution from plan.md | `[feature]` |
331
+ | `/frame:checkpoint` | Manage git checkpoints: list, create, rollback, or clean up frame/checkpoint/* tags | `[list | create | cleanup | rollback [<tag> | --soft]]` |
332
+ | `/frame:cleanup-memory` | Trim and archive memory files, removing stale and low-confidence entries | — |
333
+ | `/frame:daily` | Morning briefing — project status, today's priorities, and blockers | `[full]` |
334
+ | `/frame:debug` | Systematically debug an issue — or run deep forensic investigation with 5-why analysis | `[--deep] <SEC-N|issue description>` |
335
+ | `/frame:doctor` | Check FRAME installation health — verify paths, config, and hook registration | — |
336
+ | `/frame:fast` | Execute a quick task end-to-end without full research/plan cycle | `<task description>` |
337
+ | `/frame:health` | Daily health check: tests, lint, types, security scan freshness — or sprint velocity check | `[sprint]` |
338
+ | `/frame:init` | Initialize project: scan codebase, fill MAP.md, STATE.md, and memory files | — |
339
+ | `/frame:migrate` | Plan and execute a database or schema migration with rollback safety | `<migration description>` |
340
+ | `/frame:note` | Save a quick memory note (pattern, decision, or anti-pattern) to memory files | `<note text>` |
341
+ | `/frame:pause` | Save session state to pause-state.json and create a checkpoint | — |
342
+ | `/frame:plan` | Decompose a feature into atomic tasks with wave grouping, traceability, and Parallel labels; or create a plan from audit findings | `<feature description> | audit [all]` |
343
+ | `/frame:refactor` | Refactor code with test coverage verification and checkpoint safety | `<refactor scope>` |
344
+ | `/frame:research` | Domain research: clarification gate, parallel codebase + web scouting, new research.md with Decision Log cycle | `<topic or question>` |
345
+ | `/frame:resume` | Resume work from pause-state.json — restore context and continue | — |
346
+ | `/frame:retrospective` | Write retrospective, update memory files with learnings and patterns | — |
347
+ | `/frame:review` | Code review: completion check, automated gates, parallel reviewer panel with verification pass | `[audit]` |
348
+ | `/frame:ship` | Prepare and create a git commit and pull request after review passes | — |
349
+ | `/frame:test-plan` | Generate a manual user acceptance checklist for the current feature | `<feature or scope>` |
350
+ | `/frame:unstuck` | Get unblocked: diagnose blockers, suggest next actions, reset mental model | — |
351
+ | `/frame:upgrade` | Upgrade FRAME framework files to the latest version with diff preview and changelog | — |
352
+ | `/frame:verify-ui` | Browser UI verification using Playwright MCP: screenshot and assert UI state | `[<url or component>]` |
353
+ | `/frame:why` | Explain why code looks the way it does — or search decision history by keyword | `<keyword | file path | function name>` |
354
+ | `/frame:worktree` | Manage git worktrees for parallel task execution without context switching | `[create | list | cleanup | <task-name>]` |
355
+ <!-- COMMANDS:END -->
356
+
357
+ ## Agents
358
+
359
+ <!-- AGENTS:START -->
360
+ | Agent | Description |
361
+ |-------|-------------|
362
+ | `auditor` | Universal category auditor. Receives a category brief from the orchestrating command, audits the codebase for that category, writes findings to its category file. Use when: /frame:audit spawns category-specific subagents. |
363
+ | `builder` | Implementation agent. Writes code using TDD, runs quality gates, creates git commits. Use when: implementing a planned task from plan.md. |
364
+ | `conventions-reviewer` | Review agent for wave-team. Checks code conventions and style in a single task's git diff. Returns PASS/WARN/FAIL verdict. |
365
+ | `devils-advocate` | Find problems in code — code review, plan critique, or finding verification. Never writes application code. Use when: reviewing implementation, challenging a plan, or verifying audit/review findings. |
366
+ | `performance-auditor` | Performance auditor agent. Detects stack, researches current perf issues, runs deep audit, writes PERF_REPORT.md. Never edits application code. Use when: auditing perf before ship or on demand. |
367
+ | `planner` | Planning agent. Decomposes research into atomic tasks with wave grouping. Use when: research.md is complete and needs to be broken into a plan. |
368
+ | `researcher` | Research agent. Analyzes codebase or web for alternatives and context before planning. In /frame:research acts as codebase-scout or web-scout subagent. Use when: exploring options or gathering context. |
369
+ | `reviewer` | Review agent. Checks code against spec, runs quality gates, security analysis. In /frame:review panel acts as the Spec Compliance reviewer. Use when: implementation is complete and needs review before ship. |
370
+ | `security` | Security auditor agent. Scans code for vulnerabilities, secrets, OWASP violations. When used in /frame:audit produces security-category report; when used in /frame:review panel produces diff-scoped findings. Never edits application code. |
371
+ | `tests-reviewer` | Review agent for wave-team. Checks test coverage and quality of a single task's git diff. Returns PASS/WARN/FAIL verdict. |
372
+ <!-- AGENTS:END -->
373
+
369
374
  ## Hooks
370
375
 
371
- FRAME installs 4 hooks into `.claude/hooks/`. They run automatically.
376
+ FRAME installs 5 hooks into `.claude/hooks/`. They run automatically.
372
377
 
373
378
  | Hook | Trigger | What it does | To disable |
374
379
  |------|---------|--------------|------------|
375
- | `safety-net.sh` | Before Bash | Blocks `rm -rf` and `DROP TABLE/DATABASE` | Remove from `.claude/settings.local.json` |
376
- | `git-safety.sh` | Before Bash | Blocks force push, `reset --hard`, warns on `git add -A` | Remove from `.claude/settings.local.json` |
377
- | `quality-gate.sh` | After file write | Runs typecheck + lint on changed file | Remove from `.claude/settings.local.json` |
378
- | `session-init.sh` | Session start | Shows current phase/task; full context dump if away > 24h | Remove from `.claude/settings.local.json` |
380
+ | `safety-net.sh` | Before Bash | Blocks `rm -rf` and `DROP TABLE/DATABASE` | Remove from `.claude/settings.json` |
381
+ | `git-safety.sh` | Before Bash | Blocks force push, `reset --hard`, warns on `git add -A` | Remove from `.claude/settings.json` |
382
+ | `quality-gate.sh` | After file write | Runs typecheck + lint on changed file | Remove from `.claude/settings.json` |
383
+ | `session-init.sh` | Session start | Shows current phase/task; full context dump if away > 24h | Remove from `.claude/settings.json` |
384
+ | `pre-compact.sh` | Before context compaction | Saves timestamp to STATE.md before context is compressed | Remove from `.claude/settings.json` |
379
385
 
380
386
  ## Configuration
381
387
 
@@ -409,21 +415,32 @@ npx the-frame-ai version # Show CLI version
409
415
 
410
416
  ```
411
417
  .claude/
412
- commands/ # 35 FRAME commands
413
- agents/ # 6 AI agents
414
- hooks/ # 4 safety hooks
418
+ commands/ # 28 FRAME commands
419
+ agents/ # 10 AI agents
420
+ hooks/ # 5 safety hooks
415
421
  .frame/
416
422
  config.json # FRAME configuration
417
423
  .planning/
418
424
  STATE.md # Current position
419
425
  MAP.md # Project map
420
426
  ROADMAP.md # Roadmap
421
- memory/ # Project memory
427
+ memory/ # Project memory (context, conventions, dependencies, learnings)
422
428
  specs/ # Feature specs
423
- reviews/ # Review results
424
- reports/ # Reports (daily, deps, quality, sprint, security)
429
+ reports/
430
+ audit/ # Audit reports (security, performance, deps, etc.)
425
431
  ```
426
432
 
433
+ ## Breaking Changes in v0.14.0
434
+
435
+ - **`/frame:security`** removed → use `/frame:audit security` or `/frame:audit`
436
+ - **`/frame:performance`** removed → use `/frame:audit performance` or `/frame:audit`
437
+ - **`/frame:check-deps`** removed → use `/frame:audit deps`
438
+ - **`/frame:estimate`** removed → estimates are now per-task fields in plan.md
439
+ - **`/frame:headless`** removed → use `claude -p "/frame:build {feature}"` directly
440
+ - **`/frame:build --parallel`** removed → build reads `Parallel:` labels from plan.md automatically
441
+ - **`/frame:build --review-team`** removed → inline review team replaced by `/frame:review` panel
442
+ - Reports moved: `.planning/reports/security/` and `.planning/reports/performance/` → `.planning/reports/audit/`
443
+
427
444
  ## License
428
445
 
429
446
  MIT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "the-frame-ai",
3
- "version": "0.13.0",
3
+ "version": "0.15.0",
4
4
  "description": "FRAME — Framework for AI-Assisted Solo Development",
5
5
  "type": "module",
6
6
  "bin": {
@@ -38,6 +38,8 @@
38
38
  "node": ">=18.0.0"
39
39
  },
40
40
  "scripts": {
41
- "test": "node --test test/*.test.js"
41
+ "test": "node --test test/*.test.js",
42
+ "gen-readme": "node scripts/gen-readme-tables.js",
43
+ "check-readme": "node scripts/gen-readme-tables.js --check"
42
44
  }
43
45
  }
package/src/cli.js CHANGED
@@ -8,29 +8,27 @@ const HELP = `
8
8
  FRAME — Framework for AI-Assisted Solo Development v${VERSION}
9
9
 
10
10
  Usage:
11
- the-frame init [target-dir] Install FRAME into a project
12
- the-frame update [target-dir] Update FRAME files in a project
13
- the-frame doctor [target-dir] Check FRAME installation health
14
- the-frame version Show CLI version
15
- the-frame help Show this help message
11
+ the-frame-ai init [target-dir] Install FRAME into a project
12
+ the-frame-ai update [target-dir] Update FRAME files in a project
13
+ the-frame-ai doctor [target-dir] Check FRAME installation health
14
+ the-frame-ai version Show CLI version
15
+ the-frame-ai help Show this help message
16
16
 
17
17
  Options:
18
18
  --lang <code> Set response language (e.g. en, ru, zh). Overrides FRAME_LANG env var.
19
19
  --dry-run (update only) Show what would be updated without making changes.
20
- --copilot (update only) Enable GitHub Copilot Chat support (adds .vscode/*.prompt.md).
21
20
 
22
21
  Examples:
23
- npx the-frame init Install in current directory
24
- npx the-frame init ../my-app Install in specific directory
25
- npx the-frame init --lang ru Install with Russian language preset
26
- npx the-frame update Update in current directory
27
- npx the-frame update --dry-run Preview update without applying
28
- npx the-frame update --copilot Enable Copilot Chat support on existing install
29
- npx the-frame doctor Check health in current directory
22
+ npx the-frame-ai init Install in current directory
23
+ npx the-frame-ai init ../my-app Install in specific directory
24
+ npx the-frame-ai init --lang ru Install with Russian language preset
25
+ npx the-frame-ai update Update in current directory
26
+ npx the-frame-ai update --dry-run Preview update without applying
27
+ npx the-frame-ai doctor Check health in current directory
30
28
  `;
31
29
 
32
30
  function parseFlags(args) {
33
- const flags = { lang: null, dryRun: false, yes: false, copilot: false };
31
+ const flags = { lang: null, dryRun: false, yes: false };
34
32
  const rest = [];
35
33
  for (let i = 0; i < args.length; i++) {
36
34
  if (args[i] === '--lang' && args[i + 1]) {
@@ -39,8 +37,6 @@ function parseFlags(args) {
39
37
  flags.dryRun = true;
40
38
  } else if (args[i] === '--yes' || args[i] === '-y') {
41
39
  flags.yes = true;
42
- } else if (args[i] === '--copilot') {
43
- flags.copilot = true;
44
40
  } else {
45
41
  rest.push(args[i]);
46
42
  }
package/src/doctor.js CHANGED
@@ -16,10 +16,9 @@ const REQUIRED_FILES = [
16
16
  'CLAUDE.md',
17
17
  '.frame/config.json',
18
18
  '.frame/.frame-version',
19
- '.claude/settings.local.json',
19
+ '.claude/settings.json',
20
20
  '.planning/STATE.md',
21
21
  '.planning/MAP.md',
22
- '.planning/pause-state.json',
23
22
  ];
24
23
 
25
24
  const HOOK_FILES = [
@@ -161,4 +160,6 @@ export async function doctor(target) {
161
160
  if (warnings > 0) logWarn(`${warnings} warning(s) found`);
162
161
  }
163
162
  log('');
163
+
164
+ return { errors, warnings };
164
165
  }