claude-code-kit 0.10.0__tar.gz → 0.11.3__tar.gz

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
       "name": "claude-kit",
       "source": "./",
       "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker): install CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json, then run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.",
-      "version": "0.10.0",
+      "version": "0.11.3",
       "license": "MIT",
       "keywords": ["sdlc", "agents", "orchestration", "quality-gates", "workflow", "scaffold", "cookiecutter"]
     }

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-kit",
-  "version": "0.10.0",
+  "version": "0.11.3",
   "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker). `claude-kit init` asks ordered questions and installs CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates with working memory and a self-improving learnings loop.",
   "author": {
     "name": "Arjunsingh Yadav",

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/CHANGELOG.md

@@ -4,6 +4,205 @@ All notable changes to claude-kit are documented here. The format follows
 [Keep a Changelog](https://keepachangelog.com/), and the project uses
 [semantic versioning](https://semver.org/).
 
+## [0.11.3] — 2026-06-15
+
+A field review of a **reference table of ecosystem repos** — official + community **MCP-server
+directories** ([modelcontextprotocol/servers](https://github.com/modelcontextprotocol/servers),
+[wong2/awesome-mcp-servers](https://github.com/wong2/awesome-mcp-servers),
+[appcypher/awesome-mcp-servers](https://github.com/appcypher/awesome-mcp-servers)), **Cursor-rules**
+collections ([PatrickJS/awesome-cursorrules](https://github.com/PatrickJS/awesome-cursorrules),
+[sanjeed5/awesome-cursor-rules-mdc](https://github.com/sanjeed5/awesome-cursor-rules-mdc)), a
+**community skills** index ([GetBindu/awesome-claude-code-and-skills](https://github.com/GetBindu/awesome-claude-code-and-skills)),
+and a **plugins** marketplace ([ComposioHQ/awesome-claude-plugins](https://github.com/ComposioHQ/awesome-claude-plugins)) —
+run through the same adversarial map→verify pass (six candidates surfaced, each refuted against the
+actual kit files). Exactly **one** survived. (anthropics/skills, wshobson/agents,
+hesreallyhim/awesome-claude-code, rohitg00/awesome-claude-code-toolkit, and
+anthropics/claude-plugins-official were re-confirmed at **zero** from prior reviews.)
+
+### Added
+- **`catalog/mcp.yaml`** — a new opt-in **`sentry`** MCP server (error monitoring / issue triage:
+  top unresolved issues, stacktraces, performance & trace data, Seer root-cause analysis). This fills
+  a gap the kit had already *designed in*: `agents/incident-responder.md` explicitly says *"If an
+  error-tracking / monitoring integration is connected (e.g. via an MCP), pull the top unresolved
+  issue + event trend"* and lists an "error-tracking issue" as a triage signal — yet no catalog entry
+  fulfilled it, even though the kit ships both `incident-responder` and `observability-engineer`
+  agents. Uses the **hosted OAuth HTTP endpoint** (`https://mcp.sentry.dev/mcp`, matching the
+  `linear`/`docs` http style) so **no credentials are generated**. NOT bundled — only referenced; the
+  server's source is **FSL-1.1-Apache-2.0 (source-available)**, flagged inline in the label exactly
+  like the `repowise` AGPL note (a self-hosted/token `npx @sentry/mcp-server` alternative is
+  documented in a comment). Opt-in (catalog default stays *none*), stack-agnostic, zero resolver
+  change. (+2 tests, 80.)
+
+### Not adopted (deliberately, per the assessment)
+- **Semgrep MCP** (MIT, modelcontextprotocol directories) — SAST is already owned by `owasp-reviewer`
+  + `security-reviewer` + `secret-scanner` + `dependency-scanner`, which follow the kit's "shell out to
+  an installed CLI via Bash" pattern (`gitleaks detect`, `pip-audit`/`npm audit`); `owasp-reviewer`
+  can run `semgrep --config auto` today with no catalog change. An MCP would add a privilege surface
+  for zero new capability (`agent-guardrails §4`: treat MCP servers as untrusted until reviewed).
+- **Composio `connect-apps` MCP** (ComposioHQ) — a closed commercial broker holding one key to authed
+  **write** access across 500+ SaaS apps via an external relay. It overlaps the existing
+  `github`/`linear`/`jira` servers and is the textbook supply-chain + data-egress risk that
+  `agent-guardrails §4` and `human-in-the-loop` (outward-facing actions = mandatory STOP) warn
+  against. Contradicts the catalog's deliberate one-server-per-purpose, least-privilege posture.
+- **PatrickJS/awesome-cursorrules, sanjeed5/awesome-cursor-rules-mdc** (CC0) — overwhelmingly
+  *stack-specific* `.cursorrules`/`.mdc` files (one per framework/language), which cannot enter the
+  agnostic core. The one cross-cutting near-miss — anti-sycophancy *directed at the user* (resist
+  manufactured urgency/authority) — is already expressed in `code-review-and-quality` ("Push back;
+  sycophancy is a failure mode"), `idea-refine`, and `interview-me`, and its residual angle sits
+  awkwardly against `human-in-the-loop`'s human-as-authority contract. The generator tool is out of
+  scope for a config-only kit.
+- **GetBindu skills** (Apache-2.0 index) — `should-i-care` (CVE applicability triage) duplicates the
+  "Triaging Dependency Audit Results" decision tree in `security-and-hardening` + `dependency-scanner`
+  (A06) and depends on a global `~/.config` state file foreign to the per-project `.claude/` model;
+  `claudemd-auditor` is meta/out-of-SDLC-scope and covered by `context-engineering` + the harness's own
+  `claude-md-management` skills.
+- **Re-confirmed zero** — anthropics/skills (grew 8→17 skills, still document-processing/source-available/
+  covered), wshobson/agents (stack-specific/covered), hesreallyhim & rohitg00 (meta-lists/aggregators),
+  anthropics/claude-plugins-official (distribution marketplace).
+
+## [0.11.2] — 2026-06-15
+
+A field review of **thirteen** more external collections — marketplaces, awesome-lists, subagent
+packs, and hook/config repos — run through the same adversarial map→verify pass against the actual
+kit files. Most are *distribution channels* (no copyable content) or *stack-specific* role packs that
+would violate the agnostic core. Crucially, grounding the strongest candidates against the real hook
+registry showed the kit **already** ships destructive-command blocking (`guard-rm-rf`,
+`guard-push-main`), secret protection (`protect-secrets`, `guard-commit-secrets`), and skill
+auto-routing (`skill-routing`) — refuting the headline ideas. Exactly **one** genuine gap survived.
+Reviewed: [anthropics/claude-plugins-official](https://github.com/anthropics/claude-code) ·
+claude-plugins-community · [hesreallyhim/awesome-claude-code](https://github.com/hesreallyhim/awesome-claude-code) ·
+ccplugins/awesome-claude-code-plugins · rohitg00/awesome-claude-code-toolkit ·
+[VoltAgent/awesome-claude-code-subagents](https://github.com/VoltAgent/awesome-claude-code-subagents) ·
+[0xfurai/claude-code-subagents](https://github.com/0xfurai/claude-code-subagents) ·
+[disler/claude-code-hooks-mastery](https://github.com/disler/claude-code-hooks-mastery) ·
+yurukusa/claude-code-hooks (cc-safe-setup) · alirezarezvani/claude-skills ·
+eddiemessiah/config-claude-code · ChrisWiles/claude-code-showcase.
+
+### Added
+- **`hooks/scripts/guard-destructive-git.sh`** + the `guard-destructive-git` hook (PreToolUse·Bash,
+  `standard`→`enterprise`; absent in `lean`). A hard **block** (exit 2) for the git commands that
+  irreversibly destroy *uncommitted* work — `git reset --hard`, `git clean -f`, and worktree-wide
+  discards (`git checkout/restore .`) — each message pointing at the reversible alternative
+  (`git stash`). This completes the `guard-rm-rf` / `guard-push-main` destructive-command family with
+  the single most common irreversible agent mistake: nuking its own output. A *warn* would be theatre
+  here (the command would still run and the work would be gone), so this is a guard, consistent with
+  `guard-rm-rf`. Scope is deliberately git-only and conservative — no false positives on
+  `git clean -n`, branch checkouts, or single-file restores; fail-open without `jq`. (+2 tests, 78.)
+
+### Not adopted (deliberately, per the assessment)
+- **Marketplaces** (anthropics official/community) — Apache-2.0 *distribution* manifests, not content;
+  claude-kit already ships its own `.claude-plugin/marketplace.json`. Nothing to copy.
+- **Awesome-lists** (hesreallyhim, ccplugins, rohitg00) — curated discovery indexes; no installable
+  components of their own.
+- **Subagent packs** (VoltAgent 154+, 0xfurai 100+; MIT) — overwhelmingly language/framework
+  specialists (violate the stack-agnostic core) or roles the kit already has; `api-designer`→
+  `technical-architect`/`api-and-interface-design`, `chaos-engineer`→`incident-responder`+`load-testing`,
+  `penetration-tester`→`security-reviewer`/`owasp-reviewer`/`threat-model`, `product-manager`→ the org
+  `pm-copilot` persona + `interview-me`/`idea-refine`. No genuine stack-agnostic SDLC role gap.
+- **disler/claude-code-hooks-mastery** (no licence) — its destructive-command guard and skill-suggestion
+  ideas are already covered (`guard-rm-rf`/`guard-push-main`, `skill-routing`); lifecycle hooks
+  (SessionEnd/PreCompact continuity persistence) are covered by the continuity rule + `load-continuity`
+  + the SessionStart:compact reload. The one residual — git work-loss blocking — became the adoption above.
+- **yurukusa/cc-safe-setup** (MIT) — its **database-wipe** guard (`migrate reset`/`drop database`) was
+  considered and **rejected as over-reach**: DB resets are legitimate in local dev and a hook can't tell
+  dev from prod, so a block would break normal workflows and a warn would be theatre. DB risk stays
+  governed by `risk-classification.md` (production-data/migrations → high/restricted) + `warn-sensitive-files`
+  on migration edits.
+- **alirezarezvani/claude-skills** — a codebase-onboarding skill duplicates `context-engineering` +
+  `source-driven-development` (+ the org `repo-onboarding` skill).
+- **eddiemessiah/config-claude-code, ChrisWiles/claude-code-showcase** (MIT) — personal config
+  collections; the transferable ideas (tool-budget hygiene → `agent-guardrails`§3/`tool-design`/
+  `context-engineering`; skill auto-suggestion → `skill-routing`; scheduled-maintenance CI → out of
+  scope for a config-only kit, covered by `ci-cd-and-automation`/`devops-engineer`) are already covered.
+
+## [0.11.1] — 2026-06-15
+
+A field review of **seven** external projects, each run through the same adversarial map→verify pass
+(read the source *and* the actual kit files; adopt only genuine, non-duplicative, config-only,
+stack-agnostic, IP-safe gaps). The result is deliberately tiny: across all seven, exactly **one** real
+gap survived — everything else is already covered, runtime-only, stack-specific, out of SDLC scope, or
+IP-unsafe to copy. Reviewed: [obra/superpowers](https://github.com/obra/superpowers),
+[wshobson/agents](https://github.com/wshobson/agents),
+[anthropics/skills](https://github.com/anthropics/skills),
+[karpathy/autoresearch](https://github.com/karpathy/autoresearch),
+[browser-use](https://github.com/browser-use/browser-use),
+[x1xhlol/system-prompts-and-models-of-ai-tools](https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools),
+and [langgenius/dify](https://github.com/langgenius/dify).
+
+### Changed
+- **`rules/testing.md`** — the "Async/Event-Loop Systems" guidance gains a **condition-based waiting**
+  rule (distilled from superpowers' `condition-based-waiting`, MIT, re-expressed in original,
+  stack-agnostic words): never wait on a fixed delay/sleep, poll for the observable condition instead
+  (framework waiter or a small `wait_for(condition, timeout)`), and avoid the three flakiness traps
+  (no timeout, interval too tight, stale reads). The section previously only said "mock I/O, use
+  async/await" — it never addressed timing-dependent test flakiness.
+
+### Not adopted (deliberately, per the assessment)
+- **superpowers** — 14 skills, ~all duplicate existing kit skills (TDD, `systematic-debugging`→
+  `debugging-and-error-recovery`, `brainstorming`→`idea-refine`/`doubt-driven-development`/`interview-me`,
+  `writing-plans`→`planning-and-task-breakdown`, `executing-plans`→`execute`, `requesting`/`receiving-code-review`→
+  `code-review-and-quality`, `using-git-worktrees`/`finishing-a-development-branch`→`git-workflow-and-versioning`/
+  `shipping-and-launch`/`pr-raiser`, `verification-before-completion`→`rarv-cycle`+`mandatory-workflow`,
+  `dispatching-parallel-agents`→`orchestrator`, `writing-skills`→`using-agent-skills`). Its
+  `testing-anti-patterns` was refuted as a near-duplicate of the TDD skill's existing anti-pattern table.
+- **wshobson/agents** — almost entirely language/framework specialists (violate the stack-agnostic core)
+  or roles the kit already has (`code-reviewer`, `security-auditor`, `incident-responder`,
+  `observability-engineer`, `performance-engineer`, `debugger`, `docs-architect`, `architect-reviewer`,
+  database/devops roles), plus out-of-SDLC-scope domains (SEO, business, data-science). No general gap.
+- **anthropics/skills** — document skills are source-available (not open) and out of scope; the example
+  skills are out of scope (art/design/comms) or duplicative (`skill-creator`→`using-agent-skills`,
+  `frontend-design`→`frontend-ui-engineering`). The `SKILL.md` `name`+`description` convention is already followed.
+- **karpathy/autoresearch** — the closed-loop / single-metric / fixed-budget principles are covered by
+  `evals` + `goal-setting-and-monitoring`; the ML-training loop itself is stack-specific. "Iterate the
+  instructions, not the code" is what the kit already *is* (config-only).
+- **browser-use** — a runtime library; browser automation is already covered by the opt-in `playwright`
+  MCP entry + `browser-testing-with-devtools`/`playwright-verification`. Its "treat DOM/console/network
+  as untrusted" guidance is already a verbatim "Security Boundaries" section in `browser-testing-with-devtools`.
+- **x1xhlol/system-prompts** — GPL-3.0 archive of prompts extracted from proprietary tools (double IP
+  hazard: copyleft + unresolved vendor rights). Its generic principles (plan-first, tool discipline,
+  minimal diffs, verification, concise comms, refusal/secret-safety) are already in `reasoning-techniques`,
+  `tool-design`, `mandatory-workflow`, `agent-guardrails`, `human-in-the-loop`, and `code-review-and-quality`.
+  Nothing was copied.
+- **langgenius/dify** — a runtime platform (Apache-2.0 *with additional conditions*); its principles
+  (ReAct/function-calling agents, inspectable workflow steps, RAG stages, prompt-management feedback)
+  are covered by `reasoning-techniques`, `tool-design`, `context-engineering`, `evals`, and `devops-observability`.
+
+## [0.11.0] — 2026-06-15
+
+Distils a field review of [repowise](https://github.com/repowise-dev/repowise) (a runtime
+codebase-intelligence engine: dependency graph, git analytics, LLM wiki, code-health biomarkers,
+change-risk, dead code). An adversarial map→verify pass over six candidates found that repowise is
+overwhelmingly a **runtime product** whose config-equivalents claude-kit already ships — so the
+honest, reuse-first result is small: one genuine kit-owned methodology gap and one sanctioned,
+opt-in external-tool reference. No application code, no Docker, nothing bundled.
+
+### Added
+- **`catalog/mcp.yaml`** gains an **opt-in** `repowise` MCP server (codebase intelligence: hotspots,
+  change-risk, co-change coupling, dead code). It is **only** written into `.mcp.json` when explicitly
+  selected at init — the kit *references* repowise, never bundles it. The label flags that it is
+  **AGPL-3.0** and requires installing it separately (`pip install repowise`) and indexing the repo
+  once (`repowise init`); the repo path is supplied via the `${REPOWISE_PROJECT_ROOT}` env placeholder
+  (same pattern as postgres's `${DATABASE_URL}`), so this is pure catalog data with no resolver change.
+
+### Changed
+- **`skills/code-review-and-quality`** gains a **"Where to Focus: Change Hotspots & Coupling"** section:
+  a tool-agnostic, `git log`-only technique for spending review attention where defects cluster —
+  churn × complexity hotspots, co-change coupling (hidden dependencies), and single-owner/bus-factor
+  files. It notes that a codebase-intelligence MCP (e.g. the optional repowise server) provides the
+  same signals precomputed via `get_risk`/`get_health`, but always as **advisory input, never a
+  blocking gate**. A matching checklist item was added.
+
+### Not done (deliberately, per the assessment)
+- repowise's engine itself — dependency graph, dashboard (`repowise serve`), deterministic PR bot,
+  LLM wiki/RAG, the 25 code-health biomarkers — is runtime and **cannot** be config. Its
+  config-equivalents already exist and were **not** duplicated: dead-code hygiene
+  (`over-engineering-review` / `code-simplification` / `code-review-and-quality` / `mandatory-workflow`),
+  noisy-output compression a.k.a. "distill" (`tool-design` rule + `context-engineering` skill),
+  read-an-overview-first (`context-engineering` / `source-driven-development`), ADRs
+  (`documentation-and-adrs`), commit provenance (`git-workflow-and-versioning`), and auto-generated
+  project instructions (`templates/CLAUDE.md`). No new rule/agent/skill/gate (the hotspot technique is
+  advisory, so it enriches a profile-gated skill rather than becoming a mandatory rule).
+
 ## [0.10.0] — 2026-06-15
 
 Adds **LLM / AI application-security** guidance distilled from a field review of

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: claude-code-kit
-Version: 0.10.0
+Version: 0.11.3
 Summary: Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.
 Project-URL: Homepage, https://github.com/ajyadav013/claude-kit
 Project-URL: Repository, https://github.com/ajyadav013/claude-kit

claude_code_kit-0.11.3/catalog/mcp.yaml

@@ -0,0 +1,80 @@
+# claude-kit optional MCP integrations. Selected servers are written into a project-root `.mcp.json`
+# ONLY when chosen at init (default: none). Configs use ${ENV} placeholders — no credentials are ever
+# generated. Fill the referenced env vars (e.g. in your shell or .env) before using a server.
+
+version: 1
+
+servers:
+  github:
+    label: "GitHub (issues, PRs, repos)"
+    config:
+      type: stdio
+      command: npx
+      args: ["-y", "@modelcontextprotocol/server-github"]
+      env:
+        GITHUB_PERSONAL_ACCESS_TOKEN: "${GITHUB_PERSONAL_ACCESS_TOKEN}"
+  linear:
+    label: "Linear (issues)"
+    config:
+      type: http
+      url: "https://mcp.linear.app/mcp"
+  jira:
+    label: "Jira (issues)"
+    config:
+      type: stdio
+      command: npx
+      args: ["-y", "mcp-atlassian"]
+      env:
+        JIRA_URL: "${JIRA_URL}"
+        JIRA_API_TOKEN: "${JIRA_API_TOKEN}"
+  postgres:
+    label: "PostgreSQL (query the database)"
+    config:
+      type: stdio
+      command: npx
+      args: ["-y", "@modelcontextprotocol/server-postgres", "${DATABASE_URL}"]
+  mongodb:
+    label: "MongoDB (query the database)"
+    config:
+      type: stdio
+      command: npx
+      args: ["-y", "mongodb-mcp-server"]
+      env:
+        MDB_MCP_CONNECTION_STRING: "${MONGODB_URI}"
+  playwright:
+    label: "Playwright (browser automation / E2E)"
+    config:
+      type: stdio
+      command: npx
+      args: ["-y", "@playwright/mcp@latest"]
+  docs:
+    label: "Docs / Context7 (live library docs)"
+    config:
+      type: http
+      url: "https://mcp.context7.com/mcp"
+  # Sentry (github.com/getsentry/sentry-mcp) — official, vendor-maintained MCP for production error
+  # monitoring / issue triage: top unresolved issues, stacktraces, performance & trace data, and Seer
+  # root-cause analysis. Fills the error-monitoring gap the `incident-responder` + `observability-engineer`
+  # agents already expect (incident-responder.md: "If an error-tracking / monitoring integration is
+  # connected (e.g. via an MCP), pull the top unresolved issue + event trend"). NOT bundled — only
+  # referenced; the hosted HTTP endpoint below uses OAuth and generates NO credentials. The server's
+  # source is FSL-1.1-Apache-2.0 (source-available; converts to Apache-2.0 two years after each
+  # release) — flagged in the label like the repowise AGPL note; this entry references only the
+  # OAuth-hosted service, not the source. Self-hosted/token alternative (instead of the http url):
+  #   command: npx, args: ["-y", "@sentry/mcp-server@latest"], env: SENTRY_ACCESS_TOKEN: "${SENTRY_ACCESS_TOKEN}".
+  sentry:
+    label: "Sentry (error monitoring / issue triage; source-available FSL-1.1)"
+    config:
+      type: http
+      url: "https://mcp.sentry.dev/mcp"
+  # Repowise (github.com/repowise-dev/repowise) — optional codebase-intelligence engine exposing an
+  # MCP server: deterministic hotspots (churn × complexity), change-risk, co-change coupling, dead
+  # code, and a dependency graph. NOT bundled (claude-kit only references it): it is AGPL-3.0, so
+  # install it separately (`pip install repowise`) and index the repo once (`repowise init`) before
+  # first use. Point it at the repo via the env var below (e.g. `export REPOWISE_PROJECT_ROOT=$(pwd)`).
+  repowise:
+    label: "Repowise codebase intelligence (AGPL-3.0; needs `pip install repowise` + `repowise init`)"
+    config:
+      type: stdio
+      command: repowise
+      args: ["mcp", "${REPOWISE_PROJECT_ROOT}", "--transport", "stdio"]

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/catalog/profiles.yaml

@@ -83,7 +83,7 @@ profiles:
       - simplification-debt
       - task-tracker-sync
     gates: [spec-complete, em-approved, code-review, build-green, test-coverage, security-clear]
-    hooks: [load-continuity, load-learnings, load-autonomy, skill-routing, learning-detection, guard-rm-rf, guard-push-main, protect-secrets, guard-commit-secrets, warn-shared-modules, warn-llm-io, lint-fix, type-check]
+    hooks: [load-continuity, load-learnings, load-autonomy, skill-routing, learning-detection, guard-rm-rf, guard-push-main, guard-destructive-git, protect-secrets, guard-commit-secrets, warn-shared-modules, warn-llm-io, lint-fix, type-check]
 
   enterprise:
     label: "Enterprise — adds DevOps, Observability, full audit + acceptance"

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/hooks/hooks.json

@@ -30,6 +30,7 @@
       "hooks": [
         { "type": "command", "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'rm[[:space:]]+-[^[:space:]]*r[^[:space:]]*f'; then echo 'BLOCKED: rm -rf is disabled by claude-kit. Move to trash or delete specific paths explicitly.' >&2; exit 2; fi" },
         { "type": "command", "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'git[[:space:]]+push.*[[:space:]:](main|master)([[:space:]]|$)'; then echo 'BLOCKED: refusing to push to main/master — use a feature branch and a PR.' >&2; exit 2; fi" },
+        { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/hooks/scripts/guard-destructive-git.sh\"" },
         { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/hooks/scripts/guard-secrets.sh\"" }
       ]
     },

claude_code_kit-0.11.3/hooks/scripts/guard-destructive-git.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+# PreToolUse(Bash): BLOCK git commands that irreversibly destroy *uncommitted* work —
+# `git reset --hard`, `git clean -f`, and worktree-wide discards (`git checkout/restore .`).
+#
+# Why a guard (block, exit 2) and not a warn: a PreToolUse advisory here would be theatre — the
+# command would still run and the work would already be gone. So this guard refuses and points at
+# the reversible alternative (`git stash`), exactly like guard-rm-rf points at trash. It completes
+# the guard-rm-rf / guard-push-main destructive-command family with the single most common
+# irreversible agent mistake: nuking its own uncommitted output.
+#
+# Scope is deliberately git-only and conservative — no false positives on `git clean -n` (dry run),
+# plain branch checkouts, or single-file restores. Database wipes (`migrate reset`, `drop database`)
+# stay OUT on purpose: they are legitimate in local dev, so blocking them would be over-reach; they
+# are governed by .claude/rules/risk-classification.md and warn-sensitive-files on migration edits.
+#
+# Degrades to a no-op (fail-open) without jq.
+command -v jq >/dev/null 2>&1 || exit 0
+CMD="$(jq -r '.tool_input.command // empty' 2>/dev/null || true)"
+[ -z "$CMD" ] && exit 0
+
+# 1. reset --hard : discards all uncommitted tracked changes
+if printf '%s' "$CMD" | grep -qE 'git[[:space:]]+reset[[:space:]].*--hard'; then
+  echo "BLOCKED: 'git reset --hard' discards uncommitted work irreversibly. Run 'git stash' to set it aside (recoverable via 'git stash list'), or 'git stash && git stash drop' to discard deliberately." >&2
+  exit 2
+fi
+
+# 2. clean -f / --force : permanently deletes untracked files
+if printf '%s' "$CMD" | grep -qE 'git[[:space:]]+clean[[:space:]].*(-[a-zA-Z]*f|--force)'; then
+  echo "BLOCKED: 'git clean -f' permanently deletes untracked files. Preview with 'git clean -n' first; to keep them, 'git stash -u'." >&2
+  exit 2
+fi
+
+# 3. checkout/restore of the whole worktree ('.') : discards every unstaged change at once
+if printf '%s' "$CMD" | grep -qE 'git[[:space:]]+(checkout|restore)[[:space:]]+(.*[[:space:]])?\.([[:space:]]|$)'; then
+  echo "BLOCKED: 'git checkout/restore .' discards every unstaged change in the worktree. Run 'git stash' first to keep a recoverable copy (restore a single file by naming it instead of '.')." >&2
+  exit 2
+fi
+
+exit 0

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "claude-code-kit"
-version = "0.10.0"
+version = "0.11.3"
 description = "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop."
 readme = "README.md"
 requires-python = ">=3.9"

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/rules/testing.md

@@ -383,6 +383,16 @@ For systems with async I/O or event loops (Node.js, Python asyncio, Go goroutine
 - Mock all I/O operations (database, HTTP, file system)
 - Use the test framework's async support (`async/await` in tests)
 - Never use blocking I/O in tests for async systems — mock it or use async equivalents
+- **Wait on conditions, never on the clock.** A fixed delay ("sleep" to let the async work finish)
+  is the single biggest source of flaky tests — too short and it fails under load, too long and it
+  drags out the whole suite. Instead, **poll for the observable condition you actually care about**
+  (the value, state, or side effect) and continue the instant it holds:
+  - Use your framework's condition waiter — e.g. `waitFor` / `expect.poll` (JS), `Awaitility` (JVM),
+    `tenacity` or a polling fixture (Python), `Eventually` (Go) — or a small generic
+    `wait_for(condition, timeout)` that re-checks the live value on a short interval.
+  - Three mistakes that quietly re-introduce flakiness: (1) **no timeout** — the test hangs forever
+    instead of failing; (2) **interval too tight** — a busy-loop that pegs the CPU; (3) **stale
+    reads** — re-evaluate the live value on every poll, never assert against a snapshot captured once.
 
 ### Multi-Tenant/Authorization Systems
 

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/skills/code-review-and-quality/SKILL.md

@@ -80,6 +80,21 @@ For detailed profiling and optimization, see `performance-optimization`. Does th
 - Any missing pagination on list endpoints?
 - Any large objects created in hot paths?
 
+## Where to Focus: Change Hotspots & Coupling
+
+You can't give every line equal attention — on a large change or an unfamiliar codebase, spend the most scrutiny where defects actually cluster. The project's own git history surfaces this for free, no special tooling required:
+
+- **Hotspots (churn × complexity).** Files that change *often* **and** are *large/complex* carry the most risk. List the frequently-changed files and weight review toward the complex ones among them — a rarely-touched file is usually stable, while a hotspot edited in *this* change deserves extra correctness and test scrutiny.
+  ```bash
+  # Most-churned files over the last 6 months — pair the top hits with their size/complexity
+  git log --since="6 months ago" --name-only --pretty=format: | sort | uniq -c | sort -rn | head -20
+  ```
+  Use the project's own complexity tooling if it has one; file size is only a rough proxy for complexity.
+- **Co-change coupling (hidden dependencies).** Files historically committed together often share an implicit contract. If this change touches one side of a known pair but not the other, ask whether the coupled file also needs updating — `git log` on a changed file reveals what usually moves with it.
+- **Single-owner / bus-factor files.** Code with one dominant author has had fewer eyes. Treat changes there with extra care and prefer a second reviewer.
+
+These are deterministic signals an agent can derive from `git log` alone. If a codebase-intelligence MCP server is configured (e.g. the optional **repowise** server in the catalog), its `get_risk` / `get_health` tools surface the same hotspot, coupling, and change-risk signals precomputed — use them when available, but treat the output as **advisory input to your judgment, never a blocking gate**.
+
 ## Change Sizing
 
 Small, focused changes are easier to review, faster to merge, and safer to deploy. Target these sizes:
@@ -272,6 +287,7 @@ Part of code review is dependency review:
 
 ### Context
 - [ ] I understand what this change does and why
+- [ ] For a large/unfamiliar change, I focused review on the riskiest files (hotspots, coupled files)
 
 ### Correctness
 - [ ] Change matches spec/task requirements

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/src/claude_kit/__init__.py

@@ -7,4 +7,4 @@ Docker): ``claude-kit init`` asks ordered questions and lays down ``CLAUDE.md``
 as a plugin. Extensibility is data-driven via the ``catalog/`` (stacks, profiles, MCP).
 """
 
-__version__ = "0.10.0"
+__version__ = "0.11.3"

{claude_code_kit-0.10.0 → claude_code_kit-0.11.3}/src/claude_kit/hooks.py

@@ -118,6 +118,12 @@ HOOK_REGISTRY: dict[str, dict[str, Any]] = {
         "entry": {"type": "command", "command": _PUSH_GUARD},
         "script": None,
     },
+    "guard-destructive-git": {
+        "event": "PreToolUse",
+        "matcher": "Bash",
+        "entry": _script_entry("guard-destructive-git.sh"),
+        "script": "guard-destructive-git.sh",
+    },
     "protect-secrets": {
         "event": "PreToolUse",
         "matcher": "Read",

claude_code_kit-0.10.0/catalog/mcp.yaml

@@ -1,54 +0,0 @@
-# claude-kit optional MCP integrations. Selected servers are written into a project-root `.mcp.json`
-# ONLY when chosen at init (default: none). Configs use ${ENV} placeholders — no credentials are ever
-# generated. Fill the referenced env vars (e.g. in your shell or .env) before using a server.
-
-version: 1
-
-servers:
-  github:
-    label: "GitHub (issues, PRs, repos)"
-    config:
-      type: stdio
-      command: npx
-      args: ["-y", "@modelcontextprotocol/server-github"]
-      env:
-        GITHUB_PERSONAL_ACCESS_TOKEN: "${GITHUB_PERSONAL_ACCESS_TOKEN}"
-  linear:
-    label: "Linear (issues)"
-    config:
-      type: http
-      url: "https://mcp.linear.app/mcp"
-  jira:
-    label: "Jira (issues)"
-    config:
-      type: stdio
-      command: npx
-      args: ["-y", "mcp-atlassian"]
-      env:
-        JIRA_URL: "${JIRA_URL}"
-        JIRA_API_TOKEN: "${JIRA_API_TOKEN}"
-  postgres:
-    label: "PostgreSQL (query the database)"
-    config:
-      type: stdio
-      command: npx
-      args: ["-y", "@modelcontextprotocol/server-postgres", "${DATABASE_URL}"]
-  mongodb:
-    label: "MongoDB (query the database)"
-    config:
-      type: stdio
-      command: npx
-      args: ["-y", "mongodb-mcp-server"]
-      env:
-        MDB_MCP_CONNECTION_STRING: "${MONGODB_URI}"
-  playwright:
-    label: "Playwright (browser automation / E2E)"
-    config:
-      type: stdio
-      command: npx
-      args: ["-y", "@playwright/mcp@latest"]
-  docs:
-    label: "Docs / Context7 (live library docs)"
-    config:
-      type: http
-      url: "https://mcp.context7.com/mcp"