claude-code-kit 0.11.3__tar.gz → 0.12.0__tar.gz

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
       "name": "claude-kit",
       "source": "./",
       "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker): install CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json, then run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.",
-      "version": "0.11.3",
+      "version": "0.12.0",
       "license": "MIT",
       "keywords": ["sdlc", "agents", "orchestration", "quality-gates", "workflow", "scaffold", "cookiecutter"]
     }

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-kit",
-  "version": "0.11.3",
+  "version": "0.12.0",
   "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker). `claude-kit init` asks ordered questions and installs CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates with working memory and a self-improving learnings loop.",
   "author": {
     "name": "Arjunsingh Yadav",

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/CHANGELOG.md

@@ -4,6 +4,91 @@ All notable changes to claude-kit are documented here. The format follows
 [Keep a Changelog](https://keepachangelog.com/), and the project uses
 [semantic versioning](https://semver.org/).
 
+## [0.12.0] — 2026-06-15
+
+An **improvement brief** (external self-review, no repo access) proposed ~15 changes — four P0, five
+P1, six P2. Run through the kit's own mandated **adversarial reuse-first mapping** (an 18-agent
+map→verify pass), **every substantive (P0/P1) item resolved to _extend an existing component_, not add
+a new one** — the brief, written without the repo, repeatedly proposed agents/gates/skills that already
+ship. The result is **one new quality gate, one new artifact template, one new slash command, and a set
+of surgical edits to existing files — zero new agents, skills, or rules** (counts unchanged: 28 core
+agents · 50 skills · 23 rules). Config-only, stack-agnostic, no Docker, no new `resolve()` branches.
+
+### Added
+- **`contract-clear` quality gate** (enterprise profile; API-exposing backend stacks only). A
+  pre-merge **API backward-compatibility** gate **owned by the existing `merge-reviewer`** (not a new
+  agent): it diffs the API contract against the base branch (`git show <base>:<contract>`), classifies
+  each delta by the kit's severity model (removed/renamed endpoint or field, narrowed type, new
+  required field, removed status code = **Critical/High**), and blocks a breaking change that lacks an
+  approved migration note + version bump. **Self-skips** when the stack has no contract surface, so it
+  is inert for non-API projects. Wired as **data** in `catalog/profiles.yaml` (enterprise gate list),
+  documented in `rules/quality-gates.md` §4, and sequenced as the mechanical counterpart to
+  `mandatory-workflow.md` §2d. Builds **on** §2d's existing manual breaking-change check rather than
+  replacing it.
+- **`templates/artifacts/api-change-report.md`** — the `contract-clear` gate's output artifact
+  (contract source · base ref · added/changed/removed tables with per-row severity · backward-compat
+  verdict · affected consumers). Installs with the other artifact templates.
+- **`/claude-kit:abort`** slash command (`commands/abort.md`) — a guided, **reversible** mid-pipeline
+  cleanup: confirm a run is in progress, remove **only the worktrees this run created**, mark
+  `CONTINUITY.md` aborted. Deliberately **not** a `claude-kit abort` CLI subcommand (a destructive
+  one-shot CLI for "remove worktrees" is exactly the kind of irreversible action the kit gates).
+
+### Changed (surgical extensions to existing components)
+- **`skills/ci-cd-and-automation`** — named **Blue/Green vs Canary** as an explicit deployment-strategy
+  subsection (blue/green was never named anywhere in the kit; cross-refs the existing Rollout Decision
+  Thresholds). *(P0-1 — the only real gap; see "Not adopted" for the rest of P0-1.)*
+- **`rules/devops-observability.md` + `agents/observability-engineer.md`** — Observability Ready now
+  requires, **for a hot / SLO-bearing backend path**, an empirical load run (drive the existing
+  `load-testing` skill) that meets its p95/p99 latency, error-rate, and throughput budgets; a budget
+  breach is **High**. Recorded in the `quality-gates.md` §4 row. No new gate, no new agent. *(P0-3)*
+- **`agents/dependency-scanner.md`** — added a **Cadence Mode** (a whole-project, scheduled
+  supply-chain maintenance pass: batch grouped upgrades, defer triage to `security-and-hardening`,
+  re-run the existing gates on applied upgrades). Scheduling is left to org CI (the kit has no
+  time-driven hook). No new skill. *(P0-4)*
+- **`rules/model-tiers.md`** — added a **profile cost expectations** subsection (relative, non-currency
+  ballpark: lean cheapest → enterprise heaviest, noting enterprise still runs only four opus agents).
+  *(P1-1)*
+- **`skills/sdlc` + `agents/orchestrator.md`** — `/sdlc` now **detects an in-progress run** from
+  `CONTINUITY.md` and offers **resume** (re-enter at the first gate after the last PASS, read from the
+  orchestrator's `PIPELINE:` state line) **vs restart**; the orchestrator's Stage-7 summary now reports
+  per-gate PASS/FAIL + severity + PR-or-ABORTED and **tears down this run's worktrees**. *(P1-2, P1-3)*
+- **`rules/mandatory-workflow.md`** — §2a now states the **worktree lifecycle** (one per lane → merge
+  after gates pass → remove after the PR is raised or the run is aborted); §2d gained a note pointing
+  at the mechanical `contract-clear` counterpart. *(P1-3)*
+- **`rules/continuity.md`** — added a **Concurrency** subsection (one live `CONTINUITY.md` per working
+  dir; use a worktree per concurrent `/sdlc`; `agent-memory` is intentionally shared, not namespaced).
+  *(P1-4)*
+- **`src/claude_kit/validator.py` + README** — `claude-kit doctor` now reports **platform visibility**:
+  on Windows without `jq` it WARNs (actionable: run under WSL/Git Bash; config + CLI work natively
+  regardless) and on Windows *with* `jq` it confirms a POSIX shell is providing the hooks — **never a
+  failure**. README gained a Windows prerequisites note + troubleshooting row. *(P1-5)*
+
+### Not adopted (deliberately — the kit already covers these)
+- **P0-1 `release-manager`/`release-ready`/`rollback-safety` (new agent + gate + rule).** Release &
+  rollback are **already owned by `devops-engineer`** (and the Pipeline Green gate already requires a
+  *verified* rollback + runbook); canary, feature flags, staged rollout, and rollback are already
+  covered in depth by the `shipping-and-launch` skill. Only "blue/green was never named" was a genuine
+  gap — fixed above as one subsection, no new components.
+- **P0-2 `contract-reviewer` agent in the _standard_ profile.** Reused `merge-reviewer` instead of a
+  new agent, and placed the gate in **enterprise** (heavyweight gates default to enterprise per the
+  profile policy), not standard. It also **builds on** `mandatory-workflow.md` §2d rather than
+  duplicating it.
+- **P0-3 `performance-engineer` agent + standalone performance gate.** Folded into the existing
+  Observability Ready gate + `observability-engineer` + `load-testing` skill.
+- **P0-4 `dependency-maintenance` skill.** Folded into the existing `dependency-scanner` agent as a
+  mode; no competing skill.
+- **P1-1 `cost-estimate` skill + a per-run cost hook.** A doc subsection in `model-tiers.md` conveys
+  the expectation without a runtime token-accounting surface the kit can't reliably measure.
+- **P1-3 a `run-report` subsystem / structured run trace.** Already covered by `CONTINUITY.md` working
+  memory + the orchestrator's Stage-7 summary; only the genuine gaps (worktree teardown + clean abort)
+  were added.
+- **P1-5 a PowerShell hook port.** The hooks stay POSIX `.sh`; `doctor` now tells Windows users to run
+  under WSL/Git Bash. Porting every guard to PowerShell would double the maintenance surface for a
+  shell most users already have via WSL/Git Bash.
+- **The P2 items** (repo metadata, PyPI publish, listing submissions) that require a human / `gh` are
+  left as follow-ups; the **E2E worked example**, **positioning section**, and **README on-ramp** were
+  partly addressed (a "How claude-kit compares" positioning block + the adoption row were added).
+
 ## [0.11.3] — 2026-06-15
 
 A field review of a **reference table of ecosystem repos** — official + community **MCP-server

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: claude-code-kit
-Version: 0.11.3
+Version: 0.12.0
 Summary: Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.
 Project-URL: Homepage, https://github.com/ajyadav013/claude-kit
 Project-URL: Repository, https://github.com/ajyadav013/claude-kit
@@ -122,6 +122,11 @@ claude-kit init --defaults      # non-interactive: React + Python/FastAPI + Post
 > **Prerequisites:** [Claude Code](https://www.claude.com/product/claude-code); Python ≥ 3.9 for the
 > CLI; `jq` to enable the shell hooks (they no-op without it); Node / `npx` only if you enable an MCP
 > (Model Context Protocol) server.
+>
+> **Windows:** the config (agents · skills · rules) and the `claude-kit` CLI work natively. The shell
+> hooks (`guard-*`, `warn-*`) need a POSIX shell + `jq`, so run inside **WSL or Git Bash** to enable
+> them — `claude-kit doctor` detects Windows and tells you which case you're in. Without a POSIX shell
+> the hooks silently no-op (the kit still functions; you just lose the deterministic guards).
 
 <details>
 <summary><b>What the init flow asks &amp; what lands on disk</b></summary>
@@ -239,6 +244,7 @@ non-duplicative gaps**, minimally and catalog-wired.
 | **[ponytail](https://github.com/DietrichGebert/ponytail)** | YAGNI / anti-over-engineering as an explicit recurring pass; deferral-debt tracking; surfacing the active autonomy level | `over-engineering-review` & `simplification-debt` skills, the `load-autonomy` hook, median-of-N in `evals` | `0.8.0` |
 | **[GitHub spec-kit](https://github.com/github/spec-kit)** | Spec → tasks → **analyze** coverage gate; tasks → tracker issues; stable requirement IDs + assumptions in specs | Wired the (previously orphaned) `story-planner` as the **coverage gate (1f)**, a tracker-agnostic `task-tracker-sync` skill, and enriched the feature-spec template | `0.9.0` |
 | **[protectai/llm-guard](https://github.com/protectai/llm-guard)** | Input→model→output guardrails for LLM features — prompt injection, PII vault, treating model output as untrusted | **Opt-in** "LLM / AI Feature Security" guidance in `security-and-hardening` + the advisory `warn-llm-io` hook (warns, **never blocks**) | `0.10.0` |
+| **Improvement brief** (external self-review) | API backward-compat as a gate; load-against-SLO as a release criterion; supply-chain maintenance cadence; pipeline resumability, clean abort, and worktree lifecycle; pipeline cost/concurrency/cross-platform transparency | The enterprise **`contract-clear`** gate (owned by `merge-reviewer`) + `api-change-report` template; a load-vs-SLO criterion in Observability Ready; dependency **Cadence Mode**; `/sdlc` resume-vs-restart, `/claude-kit:abort`, worktree teardown; cost/concurrency/Windows notes — **9 surgical extensions, 0 new agents/skills/rules** | `0.12.0` |
 
 > Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
 > deliberately **did not** add because the kit already covered it.
@@ -273,6 +279,28 @@ mandatory security gate — that would have made it mandatory.
 
 </details>
 
+<details>
+<summary><b>How claude-kit compares (positioning)</b></summary>
+
+<br>
+
+claude-kit is a **config-only, stack-agnostic SDLC scaffolder** — it installs a governed pipeline
+(agents · skills · rules · gates · hooks) into your project's `.claude/` and then gets out of the way.
+It is **not** a runtime, an orchestration engine, or a code library. That framing is the difference:
+
+| Project | What it is | How claude-kit differs |
+|---|---|---|
+| **[wshobson/agents](https://github.com/wshobson/agents)** & similar agent collections | Large libraries of individual subagent prompts you pick from | claude-kit ships a **smaller, opinionated set wired into a sequenced pipeline with owned quality gates** — agents aren't a menu, they're stages that hand off and block on each other. Adopt-by-reuse, not by accumulation. |
+| **[GitHub spec-kit](https://github.com/github/spec-kit)** | A spec-driven workflow (constitution → spec → tasks → analyze) | claude-kit **absorbed spec-kit's coverage-gate idea** (the `story-planner` 1f gate + `task-tracker-sync`) into a **broader** lifecycle that also covers review, security, build, test, release, and observability gates. Complementary, wider scope. |
+| **claude-flow / multi-agent runtimes** | Runtime orchestrators that *execute* swarms of agents | claude-kit produces **portable configuration**, not a running process — the orchestration is described in rules the host (Claude Code) executes. No daemon, no lock-in, no app code. |
+| **dotfiles / `CLAUDE.md` starters** | A single rules file or settings snippet | claude-kit is a **catalog-driven generator**: it resolves your stack/profile/scope into the right subset of 23 rules, ~28 agents, ~50 skills, gates, and hooks, and keeps them **upgradeable** (`claude-kit upgrade` preserves your edits via owner + checksum). |
+
+**Choose claude-kit when** you want a consistent, reviewable, **gate-enforced** autonomous-SDLC setup
+that's the same across every repo and stack, installs in seconds, ships nothing you have to run, and
+**evolves reuse-first** rather than by piling on near-duplicate agents.
+
+</details>
+
 ---
 
 ## The agents
@@ -424,6 +452,7 @@ hints.
 |---|---|---|
 | `/sdlc`, agents, or skills "not found" right after `init` | Claude Code hasn't loaded the new project config yet | **Restart Claude Code** — or use `/claude-kit:sdlc <task>` (works without a restart) |
 | Guard / quality hooks seem to do nothing | `jq` isn't installed (the hooks parse tool input with it) | Install `jq`; without it the hooks degrade to no-ops by design |
+| Hooks do nothing on **Windows** | No POSIX shell — `.sh` hooks can't run under `cmd`/PowerShell | Run claude-kit inside **WSL or Git Bash** (with `jq`); `claude-kit doctor` confirms. Config + CLI work natively regardless |
 | A selected MCP server won't start | `node` / `npx` missing (most MCP servers launch via `npx`) | Install Node.js, or remove the server from `.mcp.json` |
 | `pip install claude-code-kit` fails | Not yet published to PyPI | Use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
 | `validate` reports missing files | Partial or outdated install | Re-run `claude-kit init` (choose **merge**), or `claude-kit upgrade` |

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/README.md

@@ -95,6 +95,11 @@ claude-kit init --defaults      # non-interactive: React + Python/FastAPI + Post
 > **Prerequisites:** [Claude Code](https://www.claude.com/product/claude-code); Python ≥ 3.9 for the
 > CLI; `jq` to enable the shell hooks (they no-op without it); Node / `npx` only if you enable an MCP
 > (Model Context Protocol) server.
+>
+> **Windows:** the config (agents · skills · rules) and the `claude-kit` CLI work natively. The shell
+> hooks (`guard-*`, `warn-*`) need a POSIX shell + `jq`, so run inside **WSL or Git Bash** to enable
+> them — `claude-kit doctor` detects Windows and tells you which case you're in. Without a POSIX shell
+> the hooks silently no-op (the kit still functions; you just lose the deterministic guards).
 
 <details>
 <summary><b>What the init flow asks &amp; what lands on disk</b></summary>
@@ -212,6 +217,7 @@ non-duplicative gaps**, minimally and catalog-wired.
 | **[ponytail](https://github.com/DietrichGebert/ponytail)** | YAGNI / anti-over-engineering as an explicit recurring pass; deferral-debt tracking; surfacing the active autonomy level | `over-engineering-review` & `simplification-debt` skills, the `load-autonomy` hook, median-of-N in `evals` | `0.8.0` |
 | **[GitHub spec-kit](https://github.com/github/spec-kit)** | Spec → tasks → **analyze** coverage gate; tasks → tracker issues; stable requirement IDs + assumptions in specs | Wired the (previously orphaned) `story-planner` as the **coverage gate (1f)**, a tracker-agnostic `task-tracker-sync` skill, and enriched the feature-spec template | `0.9.0` |
 | **[protectai/llm-guard](https://github.com/protectai/llm-guard)** | Input→model→output guardrails for LLM features — prompt injection, PII vault, treating model output as untrusted | **Opt-in** "LLM / AI Feature Security" guidance in `security-and-hardening` + the advisory `warn-llm-io` hook (warns, **never blocks**) | `0.10.0` |
+| **Improvement brief** (external self-review) | API backward-compat as a gate; load-against-SLO as a release criterion; supply-chain maintenance cadence; pipeline resumability, clean abort, and worktree lifecycle; pipeline cost/concurrency/cross-platform transparency | The enterprise **`contract-clear`** gate (owned by `merge-reviewer`) + `api-change-report` template; a load-vs-SLO criterion in Observability Ready; dependency **Cadence Mode**; `/sdlc` resume-vs-restart, `/claude-kit:abort`, worktree teardown; cost/concurrency/Windows notes — **9 surgical extensions, 0 new agents/skills/rules** | `0.12.0` |
 
 > Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
 > deliberately **did not** add because the kit already covered it.
@@ -246,6 +252,28 @@ mandatory security gate — that would have made it mandatory.
 
 </details>
 
+<details>
+<summary><b>How claude-kit compares (positioning)</b></summary>
+
+<br>
+
+claude-kit is a **config-only, stack-agnostic SDLC scaffolder** — it installs a governed pipeline
+(agents · skills · rules · gates · hooks) into your project's `.claude/` and then gets out of the way.
+It is **not** a runtime, an orchestration engine, or a code library. That framing is the difference:
+
+| Project | What it is | How claude-kit differs |
+|---|---|---|
+| **[wshobson/agents](https://github.com/wshobson/agents)** & similar agent collections | Large libraries of individual subagent prompts you pick from | claude-kit ships a **smaller, opinionated set wired into a sequenced pipeline with owned quality gates** — agents aren't a menu, they're stages that hand off and block on each other. Adopt-by-reuse, not by accumulation. |
+| **[GitHub spec-kit](https://github.com/github/spec-kit)** | A spec-driven workflow (constitution → spec → tasks → analyze) | claude-kit **absorbed spec-kit's coverage-gate idea** (the `story-planner` 1f gate + `task-tracker-sync`) into a **broader** lifecycle that also covers review, security, build, test, release, and observability gates. Complementary, wider scope. |
+| **claude-flow / multi-agent runtimes** | Runtime orchestrators that *execute* swarms of agents | claude-kit produces **portable configuration**, not a running process — the orchestration is described in rules the host (Claude Code) executes. No daemon, no lock-in, no app code. |
+| **dotfiles / `CLAUDE.md` starters** | A single rules file or settings snippet | claude-kit is a **catalog-driven generator**: it resolves your stack/profile/scope into the right subset of 23 rules, ~28 agents, ~50 skills, gates, and hooks, and keeps them **upgradeable** (`claude-kit upgrade` preserves your edits via owner + checksum). |
+
+**Choose claude-kit when** you want a consistent, reviewable, **gate-enforced** autonomous-SDLC setup
+that's the same across every repo and stack, installs in seconds, ships nothing you have to run, and
+**evolves reuse-first** rather than by piling on near-duplicate agents.
+
+</details>
+
 ---
 
 ## The agents
@@ -397,6 +425,7 @@ hints.
 |---|---|---|
 | `/sdlc`, agents, or skills "not found" right after `init` | Claude Code hasn't loaded the new project config yet | **Restart Claude Code** — or use `/claude-kit:sdlc <task>` (works without a restart) |
 | Guard / quality hooks seem to do nothing | `jq` isn't installed (the hooks parse tool input with it) | Install `jq`; without it the hooks degrade to no-ops by design |
+| Hooks do nothing on **Windows** | No POSIX shell — `.sh` hooks can't run under `cmd`/PowerShell | Run claude-kit inside **WSL or Git Bash** (with `jq`); `claude-kit doctor` confirms. Config + CLI work natively regardless |
 | A selected MCP server won't start | `node` / `npx` missing (most MCP servers launch via `npx`) | Install Node.js, or remove the server from `.mcp.json` |
 | `pip install claude-code-kit` fails | Not yet published to PyPI | Use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
 | `validate` reports missing files | Partial or outdated install | Re-run `claude-kit init` (choose **merge**), or `claude-kit upgrade` |

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/agents/dependency-scanner.md

@@ -82,3 +82,21 @@ Backend deps: {N} · Frontend deps: {N} · Vulns: Critical {N} / High {N} / Medi
 ## HANDOFF
 
 Return counts by severity + the finding table to `security-reviewer`. If a CVE has no patch, recommend a workaround or replacement and mark it for an allowlist-with-review-date decision (route to the human via the Orchestrator). Log durable findings to `.claude/CONTINUITY.md`.
+
+## CADENCE MODE (whole-project maintenance pass)
+
+The same audit can be dispatched **standalone** — outside any one feature — as a recurring
+maintenance pass over the *whole* project (the ongoing CVE-remediation loop):
+
+- Run the **same METHOD** across every manifest in the repo, not just one feature's dependencies.
+- **Batch** the findings into grouped upgrade proposals — group by ecosystem and by major-vs-minor,
+  and keep **security** patches separate from routine bumps — ordered by the
+  `.claude/rules/quality-gates.md` severity model.
+- **Triage stays in** `.claude/skills/security-and-hardening` §"Triaging Dependency Audit Results"
+  (reachability → fix-timing); cite it, do not restate it. Reuse the same recommend→apply split: you
+  **recommend**; the **developer lane applies** (manifest edits need user approval).
+- Posture is **advisory** — you propose; the human/Orchestrator decides what to schedule and apply.
+  Every applied upgrade re-runs the existing **security-clear + build-green + test-coverage** gates
+  (no new gate logic, no new skill).
+- **Scheduling** (cron/CI) is the consuming project's CI concern, not the kit's — claude-kit hooks are
+  event-driven (no time trigger). Wire a periodic job in the project's CI to invoke this pass.

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/agents/merge-reviewer.md

@@ -168,6 +168,32 @@ Frontend code reviewed: ✓ | Build/tests: ✓
 
 ---
 
+## Join Point: API Backward-Compatibility (contract-clear gate)
+
+> **Extends** `.claude/rules/mandatory-workflow.md` §2d (Breaking Changes + Impact Check). §2d is the
+> Developer's manual consumer/signature check for *internal* exports; this is its **mechanical
+> counterpart for the externally-exposed contract** — a base-branch surface diff. It runs **only**
+> when the selected stack exposes an API surface (a committed OpenAPI/GraphQL schema, or typed routes
+> a generator can emit). **Degrade to a no-op** (PASS, note "no API contract surface") when no schema
+> source is found — mirror the hooks' detect-then-skip pattern; never block a project that has no
+> contract.
+
+Owns the **contract-clear** gate (enterprise; or any profile an org opts into via `org.yaml`
+strictness). With `Bash`:
+
+1. **Locate or generate the contract** — a committed `openapi.(json|yaml)` / GraphQL SDL, or generate it from the framework's typed routes.
+2. **Diff against the base branch** — `git show <base>:<contract-path>` vs the working copy.
+3. **Classify each delta** by `.claude/rules/quality-gates.md` §1:
+   - **Critical/High** — a removed or renamed endpoint/field, a narrowed type, a new **required** request field, or a removed status code clients branch on (backward-incompatible for already-shipped consumers).
+   - **Medium** — an undocumented additive change, or a deprecation with no migration note.
+   - **Low/Cosmetic** — an additive **optional** field, or a doc-only change.
+4. **Require a migration path** — any Critical/High breaking delta needs an approved migration note (cross-ref `.claude/skills/deprecation-and-migration`) **and** a version bump before PASS.
+5. **Emit** `docs/api/{feature-name}_api-change-report.md` from the `api-change-report.md` artifact template.
+
+**Rule:** *contract-clear* PASSes only at zero Critical/High/Medium per the severity model; a breaking change shipped without an approved migration note + version bump is **auto-High**.
+
+---
+
 ## Defect Loop Integration
 
 When the Tester or Senior Tester finds defects after your verification:

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/agents/observability-engineer.md

@@ -45,6 +45,7 @@ You are the **Observability Engineer** agent. You make a feature **operable in p
 ### 1. SLOs / SLIs
 - For each critical journey the feature adds, define a measurable objective: latency (p95/p99), availability/success-rate, or error budget.
 - Record them where the project keeps them (e.g., `docs/observability/{feature}-slo.md`); reference the spec's NFR targets.
+- When the feature adds a **hot / concurrency-sensitive backend path**, don't stop at *defining* the SLO — drive `.claude/skills/load-testing` against it, attach the run to the SLO doc (record under `docs/performance/`), and confirm it **meets** the budget. A budget breach (p95/p99 latency, error rate, or throughput) is **High** per `.claude/rules/quality-gates.md`. Skip (note why in `CONTINUITY.md`) for changes with no concurrency-sensitive surface.
 
 ### 2. Health & Readiness
 - Liveness endpoint stays trivial and dependency-free (always 200 if the process is up).

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/agents/orchestrator.md

@@ -392,7 +392,8 @@ For backend-only or frontend-only tasks, spawn a single tester in `full` mode
 
 ### Stage 7: Pipeline Complete
 - Report PR URL to the human.
-- Summarize: specs, dev docs, design, reviews (senior dev + tech architect + EM per lane), code reviewed, merge verified, testing validated + verified, Devil's Advocate (if unanimous), DevOps + Observability (where applicable), PR raised.
+- Summarize: specs, dev docs, design, reviews (senior dev + tech architect + EM per lane), code reviewed, merge verified, testing validated + verified, Devil's Advocate (if unanimous), DevOps + Observability (where applicable), PR raised. State the summary as **per-gate PASS/FAIL**, open findings by **Critical/High/Medium**, and **PR-or-ABORTED** status (`.claude/rules/quality-gates.md` severity model).
+- **Tear down this run's worktrees.** Once the PR is raised (or the run is abandoned), remove the per-lane worktrees this run created via the Agent tool's `isolation: "worktree"` — they auto-clean when unchanged; for merged lanes confirm removal with `git worktree remove`. **Only** remove worktrees this run created — never the user's other worktrees or the primary checkout. If a run must be cancelled mid-pipeline before this stage, use `/claude-kit:abort`.
 
 ---
 

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/catalog/profiles.yaml

@@ -95,5 +95,5 @@ profiles:
       - incident-responder
       - risk-classifier
     skills: all
-    gates: [spec-complete, em-approved, code-review, build-green, test-coverage, security-clear, pipeline-green, observability-ready, acceptance]
+    gates: [spec-complete, em-approved, code-review, build-green, test-coverage, security-clear, contract-clear, pipeline-green, observability-ready, acceptance]
     hooks: all

claude_code_kit-0.12.0/commands/abort.md

@@ -0,0 +1,27 @@
+---
+description: Abort the in-progress /sdlc run — remove only this run's worktrees and mark CONTINUITY aborted
+argument-hint: "[reason]"
+allowed-tools: Bash, Read, Edit
+---
+
+Cleanly abort the in-progress autonomous SDLC run in this project. There is **no destructive CLI** for
+this by design — aborting is a guided, reversible cleanup you perform, never removing anything this run
+did not create.
+
+1. **Confirm a run is in progress.** Read `.claude/CONTINUITY.md` — check **Current Phase** /
+   **Active Tasks** and the orchestrator's `PIPELINE:` line to see which lanes/worktrees this run
+   created. If no run is in progress, say so and stop.
+2. **List worktrees:** `git worktree list`. Identify **only** the worktrees this run created for its
+   lanes (the `developer` lanes use the Agent tool's `isolation: "worktree"`). **Never** remove a
+   worktree this run did not create, and never the primary checkout.
+3. **Remove them:** `git worktree remove <path>` for each identified worktree. Unchanged worktrees are
+   auto-cleaned by the Agent tool; this handles any that remain. Add `--force` **only** after telling
+   the user exactly what uncommitted lane work would be lost and getting confirmation.
+4. **Mark the run aborted:** append `ABORTED <date> — <reason from $ARGUMENTS>` under **Current Phase**
+   in `.claude/CONTINUITY.md`, and reset **Active Tasks** / **Next Steps** so the next `/sdlc` starts
+   fresh. (To merely *pause*, leave the `PIPELINE:` line intact so `/sdlc` can offer RESUME instead.)
+5. **Report** what was removed and the final state. Do not touch the user's branches, commits, or other
+   worktrees.
+
+This is the counterpart to the worktree-teardown step in `orchestrator` Stage 7: use it when a run must
+be cancelled mid-pipeline rather than completing to a PR.

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/docs/agents.md

@@ -54,8 +54,9 @@ Request ─▶ classify ─▶ Spec & Dev Docs ─▶ [Gate: EM approved]
 ```
 
 Which gates actually run depends on the profile: **lean** = code-review · build-green; **standard**
-adds spec/EM/coverage/security; **enterprise** adds pipeline-green · observability-ready ·
-acceptance. A **fast-track** path (bug fixes / < 5 files) skips planning: Developer → Code Reviewer →
+adds spec/EM/coverage/security; **enterprise** adds contract-clear · pipeline-green ·
+observability-ready · acceptance (contract-clear self-skips on stacks with no API contract surface). A
+**fast-track** path (bug fixes / < 5 files) skips planning: Developer → Code Reviewer →
 Tester → PR.
 
 Every gate uses the same severity model — a gate passes only with **zero Critical/High/Medium**

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "claude-code-kit"
-version = "0.11.3"
+version = "0.12.0"
 description = "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop."
 readme = "README.md"
 requires-python = ">=3.9"

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/rules/continuity.md

@@ -22,6 +22,12 @@ When a CONTINUITY entry under **Mistakes & Learnings** is durable (a correction,
 - **Seed:** `.claude/CONTINUITY.template.md` — committed. The `load-continuity.sh` SessionStart hook copies the template to the live file if the live file is missing, then prints it into context.
 - Never commit the live file. Never store secrets, tokens, or credentials in it.
 
+## Concurrency
+
+- There is exactly **one** live `.claude/CONTINUITY.md` per working directory. Two pipeline runs in the **same** checkout share it and will clobber each other's state — don't run concurrent `/sdlc` in one directory.
+- To run pipelines **concurrently** on one repo, give each its own **git worktree** (the isolation primitive already used for parallel lanes in `.claude/rules/mandatory-workflow.md`). Each worktree is a separate checkout, so the `load-continuity.sh` SessionStart hook seeds it an independent `CONTINUITY.md` (it copies the template to `$ROOT/.claude/CONTINUITY.md` when absent).
+- `agent-memory/` is the opposite by design: a single **shared, committed** store any session reads and contributes to (last-writer-wins on distinct kebab-case files; the `remember` skill dedups). It is intentionally **not** namespaced per branch — cross-run learnings pool on purpose.
+
 ## Protocol
 
 **At the start of every turn / session / after compaction:**

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/rules/devops-observability.md

@@ -41,6 +41,7 @@ Ensures the feature is **operable in production**: you can tell when it breaks a
 
 **Observability Ready passes when:**
 - [ ] **SLOs/SLIs** defined for each critical user journey the feature adds (e.g., "p95 endpoint latency < 200ms", "login success rate ≥ 99.5%").
+- [ ] **Load verified against the SLO** — for a change to a hot / SLO-bearing backend path, an empirical load run (drive `.claude/skills/load-testing`) was executed against the defined SLO and **met** its p95/p99 latency + error-rate + throughput budgets; record it under `docs/performance/` and link it from the feature SLO doc. *Skip (note why in `CONTINUITY.md`) for changes with no concurrency-sensitive surface.* A budget breach is **High** (`.claude/rules/quality-gates.md`).
 - [ ] **Health/readiness** — any new external dependency (database, cache, third-party service) is reflected in the readiness check; liveness stays dependency-free.
 - [ ] **Structured logging** — new state changes log via the project's structured logger as JSON key-values, semantic event names, **no secrets/PII**; error paths log at `error`/`exception` level.
 - [ ] **Alerts** — alert rules defined for the feature's failure modes (error-rate spike, latency breach, dependency down) with a severity and an owner.

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/rules/mandatory-workflow.md

@@ -176,7 +176,10 @@ CANNOT start until coverage is complete.
 # Phase 2 — Development (Stages 4-5)
 
 ## 2a — Read Existing Code & Confirm Scope `[Developer]`
-Work in an **isolated git worktree**. Before writing code, read the approved spec + dev docs,
+Work in an **isolated git worktree** (lifecycle: create one per lane → merge after the gates pass →
+**remove it after the PR is raised or the run is aborted** — only the worktrees this run created, never
+the user's others; `git worktree remove`, see `.claude/skills/git-workflow-and-versioning/SKILL.md`).
+Before writing code, read the approved spec + dev docs,
 the relevant `.claude/rules/*` for your stack, and EVERY file you plan to modify — in full.
 Understand a function's callers/returns before changing it. Reuse existing utilities and
 components — search before creating.
@@ -220,6 +223,13 @@ every consumer and verify it still works. Run the full test suite (not just your
 Review the diff for changes outside your scope.
 **Gate:** zero regressions verified across the codebase.
 
+> **Mechanical counterpart (enterprise, API-exposing stacks):** the `merge-reviewer` runs the
+> **contract-clear** gate — a base-branch API-surface diff (`git show <base>:<schema>`) that classifies
+> each delta by severity and blocks backward-incompatible changes lacking an approved migration note +
+> version bump. It self-skips when no API contract surface exists. This §2d is the manual consumer
+> check; contract-clear is its automated, externally-exposed-contract complement. See
+> `.claude/agents/merge-reviewer.md`.
+
 ---
 
 # Phase 3 — Testing & Delivery (Stages 6-7)

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/rules/model-tiers.md

@@ -32,3 +32,21 @@ tier — they are focused specialists/personas, not deep-reasoning orchestrators
   (`secret-scanner`, `dependency-scanner`, `policy-validator`) are `sonnet` (pattern/tool work).
 - **Re-map when names/prices change.** Keep the tier *intent* (Critical / Default / Fast); swap the
   concrete alias if Anthropic's model lineup shifts.
+
+## Profile cost expectations
+
+Token cost scales with the **profile** (the agent / skill / hook set it installs — see
+`catalog/profiles.yaml`): more agents and more parallel review lanes mean more model turns. As a
+*relative* guide (not a currency figure):
+
+- **lean** — cheapest: ~5 agents, a single review lane, no Devil's Advocate, fewest gates. Only
+  `orchestrator` + `developer` run on `opus`; the rest are `sonnet`/`haiku`.
+- **standard** — adds the spec / design / test / security lanes and the blind-review + Devil's
+  Advocate pass: mostly `sonnet` reviewers and scanners layered on top of lean.
+- **enterprise** — heaviest: adds the DevOps / Observability / audit agents, `skills: all`, and
+  `hooks: all`, with more gates — but still only the four `opus` agents (`orchestrator`, `developer`,
+  `devils-advocate`, `owasp-reviewer`); everything it adds is `sonnet`/`haiku`.
+
+Scale effort to the work, not the ceremony: pick the smallest profile that fits, and use the per-agent
+tier table above plus `.claude/rules/reasoning-techniques.md` ("resource-aware effort") to avoid
+spending `opus` on mechanical turns.

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/rules/quality-gates.md

@@ -90,7 +90,8 @@ Where the agent is installed, a gate reached by unanimous PASS is not PASS until
 | Test coverage verified | 3 | All acceptance criteria covered across lanes | **Yes** — senior testers blind, Devil's Advocate on unanimous PASS |
 | Security clear | 5.4 | 0 Critical/High/Medium, no secrets, deps patched, policies enforced | No — `security-reviewer` + sub-scanners |
 | Pipeline green | DevOps | CI valid, container/build artifacts healthy, runbook complete | No — see `devops-observability.md` |
-| Observability ready | Observability | SLOs, health checks, alerts, structured logs | No — see `devops-observability.md` |
+| Observability ready | Observability | SLOs, health checks, alerts, structured logs + (for hot backend paths) a load run meets the SLO | No — see `devops-observability.md` |
+| Contract clear *(enterprise; API stacks)* | Pre-merge | API contract diff vs base branch: 0 backward-incompatible deltas without an approved migration note + version bump; self-skips when no contract surface | No — `merge-reviewer` |
 
 ---
 

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/skills/ci-cd-and-automation/SKILL.md

@@ -236,6 +236,15 @@ return renderLegacyCheckout();
 
 **Flag lifecycle:** Create → Enable for testing → Canary → Full rollout → Remove the flag and dead code. Flags that live forever become technical debt — set a cleanup date when you create them.
 
+### Blue/Green vs Canary
+
+Two complementary cutover strategies — both keep rollback fast:
+
+- **Blue/green** — run two identical production environments (blue = current, green = new). Deploy to the idle one, smoke-test it, then flip the router/load balancer in a single switch. Rollback is instant: flip back. Choose it when you need an atomic cutover and a clean, immediate revert and can afford two full environments.
+- **Canary** — keep one environment and shift a *percentage* of traffic (or users, via a flag) to the new version — 5% → 25% → 50% → 100% — watching error rate, latency, and business metrics at each step before advancing. Choose it to limit blast radius on real traffic, tolerating both versions running at once.
+
+Pick blue/green for atomic switch + instant revert, canary for gradual observable exposure. Either way, define the advance / hold / rollback thresholds **before** you start — reuse the Rollout Decision Thresholds table in `.claude/skills/shipping-and-launch/SKILL.md` rather than inventing new ones.
+
 ### Staged Rollouts
 
 ```

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/skills/sdlc/SKILL.md

@@ -25,6 +25,18 @@ Before doing anything, read:
   and the blind-review + Devil's Advocate protocol.
 - `.claude/rules/rarv-cycle.md` — the Reason → Act → Reflect → Verify self-check every agent runs.
 
+Then read `.claude/CONTINUITY.md` (the `load-continuity` SessionStart hook has already printed it into
+context). **Detect an in-progress run:** if **Current Phase** is not idle and **Active Tasks** names a
+run matching `$ARGUMENTS`, an earlier pipeline is in flight. Tell the user the **last PASSed gate** and
+the active lane(s) from the mirrored `PIPELINE:` line (the orchestrator's authoritative, gate-precise
+state line — see `.claude/rules/continuity.md`), then ask whether to:
+
+- **RESUME** — re-enter the orchestrator at the first gate *after* the last passed one, re-running only
+  un-passed or defect-affected lanes; or
+- **RESTART** — reset **Current Phase** / **Next Steps** and begin again from spec.
+
+If **Current Phase** is idle (or CONTINUITY was freshly seeded), proceed as a fresh run.
+
 ## 2. Discover the active profile (this decides which gates run)
 
 Read `.claude/config/stack-catalog.snapshot.yaml`. Its `gates:` and `agents:` lists are the
@@ -53,8 +65,9 @@ and the stack selection. Instruct it to:
 1. **Classify** the work — bug fix vs. feature; single-stream vs. parallel lanes (backend/frontend);
    fast-track (< 5 files) vs. full pipeline. Fast-track collapses to the lean gate set regardless of
    profile.
-2. **Record** the plan and initial state in `.claude/CONTINUITY.md` (working memory survives
-   compaction — update it at every phase transition).
+2. **Record** (or, **on resume**, update) the plan and state in `.claude/CONTINUITY.md` (working memory
+   survives compaction — update it at every phase transition). On resume, re-enter at the first gate
+   *after* the last PASSed gate per the `PIPELINE:` line rather than restarting from spec.
 3. **Run each active phase with its gate**, in order, using only the profile's agents:
    spec & dev-docs → story planning → (design, if UI) → senior/architect/EM review →
    implementation (one worktree per lane) → code review → unit + e2e tests → test-coverage merge →

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/src/claude_kit/__init__.py

@@ -7,4 +7,4 @@ Docker): ``claude-kit init`` asks ordered questions and lays down ``CLAUDE.md``
 as a plugin. Extensibility is data-driven via the ``catalog/`` (stacks, profiles, MCP).
 """
 
-__version__ = "0.11.3"
+__version__ = "0.12.0"

{claude_code_kit-0.11.3 → claude_code_kit-0.12.0}/src/claude_kit/validator.py

@@ -9,6 +9,7 @@ and choose an exit code.
 from __future__ import annotations
 
 import json
+import platform
 import shutil
 from pathlib import Path
 
@@ -171,6 +172,20 @@ def doctor(target: str | Path) -> tuple[bool, list[str]]:
         else:
             msgs.append(f"WARN  {tool} not on PATH — {why}")
 
+    # Platform visibility: the shell hooks need a POSIX shell + jq. On Windows they no-op silently
+    # unless run under WSL/Git Bash; the config and CLI work natively regardless. Never a failure.
+    if platform.system() == "Windows":
+        if shutil.which("jq"):
+            msgs.append(
+                "OK    Windows with jq on PATH — a POSIX shell (Git Bash/WSL) is providing the hooks"
+            )
+        else:
+            msgs.append(
+                "WARN  Windows detected and jq not on PATH — the shell hooks (guard-*, warn-*) will "
+                "no-op. Run claude-kit inside WSL or Git Bash to enable them; the kit config "
+                "(agents/skills/rules) and the claude-kit CLI work natively on Windows regardless."
+            )
+
     hooks_dir = claude / "hooks"
     if hooks_dir.is_dir():
         nonexec = [

claude_code_kit-0.12.0/templates/artifacts/api-change-report.md

@@ -0,0 +1,29 @@
+# API change report: <feature / version>
+
+> Produced by the **contract-clear** gate (`merge-reviewer`, enterprise / API-exposing stacks). It
+> diffs the externally-exposed API contract against the base branch. Backward-incompatible deltas for
+> already-shipped consumers block the gate unless an approved migration note + version bump accompany
+> them. The gate self-skips when no contract surface (OpenAPI / GraphQL / typed routes) is found.
+
+## Contract source
+- Spec: <openapi.(json|yaml) | GraphQL SDL | generated-from-typed-routes>
+- Base ref: <branch/commit the working copy was diffed against>
+
+## Added (non-breaking)
+- <new endpoint / new optional field / new enum value>
+
+## Changed
+| Delta | Endpoint / field | Severity | Backward-incompatible? | Migration note |
+|-------|------------------|----------|------------------------|----------------|
+| <type narrowed / new required field / status code changed / renamed> | … | Critical/High/Medium/Low | yes/no | <link or N/A> |
+
+## Removed / deprecated
+- <removed or renamed endpoint/field> — deprecation + removal plan: <link to `.claude/skills/deprecation-and-migration` output>
+
+## Backward-compatibility verdict
+- Breaking deltas: <count> · each carries an approved migration note + version bump: <yes/no>
+- Version bump: <major | minor | patch> — <old → new>
+- **contract-clear:** <PASS / FAIL> (PASS only at zero Critical/High/Medium per `.claude/rules/quality-gates.md`)
+
+## Affected consumers
+- <known internal/external consumers of the changed surfaces, and how each is migrated>