claude-code-kit 0.12.0__tar.gz → 0.14.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (230) hide show
  1. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/.claude-plugin/marketplace.json +1 -1
  2. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/.claude-plugin/plugin.json +1 -1
  3. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/CHANGELOG.md +145 -0
  4. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/CLAUDE.md +3 -2
  5. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/CONTRIBUTING.md +7 -2
  6. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/PKG-INFO +19 -12
  7. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/README.md +18 -11
  8. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/acceptance-reviewer.md +19 -0
  9. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/developer.md +8 -0
  10. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/devils-advocate.md +10 -5
  11. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/devops-engineer.md +4 -0
  12. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/merge-reviewer.md +2 -2
  13. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/orchestrator.md +20 -2
  14. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/sdlc-code-reviewer.md +6 -0
  15. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/spec-doc-writer.md +2 -0
  16. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/catalog/org.yaml +4 -1
  17. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/catalog/profiles.yaml +4 -1
  18. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/catalog/stacks.yaml +18 -1
  19. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/docs/agents.md +4 -4
  20. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/docs/architecture.md +10 -5
  21. claude_code_kit-0.14.0/docs/coverage-audit.md +71 -0
  22. claude_code_kit-0.14.0/docs/eval-harness.md +58 -0
  23. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/docs/org-capabilities.md +4 -1
  24. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/load-continuity.sh +4 -0
  25. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/pyproject.toml +1 -1
  26. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/agent-guardrails.md +37 -1
  27. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/agent-memory.md +8 -0
  28. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/continuity.md +24 -0
  29. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/evals.md +4 -0
  30. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/mandatory-workflow.md +14 -3
  31. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/quality-gates.md +20 -2
  32. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/rarv-cycle.md +1 -1
  33. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/risk-classification.md +4 -0
  34. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/remember/SKILL.md +1 -1
  35. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/sdlc/SKILL.md +9 -5
  36. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/__init__.py +1 -1
  37. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/catalog.py +2 -0
  38. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/CLAUDE.md +8 -0
  39. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/CLAUDE.stack.md.tmpl +1 -0
  40. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/api-change-report.md +1 -1
  41. claude_code_kit-0.14.0/templates/stacks/backend/go/net-http/rules/go-patterns.md +74 -0
  42. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/mongodb/agents/migration-specialist.md +6 -0
  43. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/mongodb/rules/mongodb-patterns.md +6 -0
  44. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/postgres/agents/migration-specialist.md +7 -0
  45. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/postgres/rules/postgres-patterns.md +7 -0
  46. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/.gitignore +0 -0
  47. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/LICENSE +0 -0
  48. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/auditor.md +0 -0
  49. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/dependency-scanner.md +0 -0
  50. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/e2e-tester.md +0 -0
  51. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/em-reviewer.md +0 -0
  52. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/incident-responder.md +0 -0
  53. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/observability-engineer.md +0 -0
  54. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/owasp-reviewer.md +0 -0
  55. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/policy-validator.md +0 -0
  56. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/pr-raiser.md +0 -0
  57. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/risk-classifier.md +0 -0
  58. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/secret-scanner.md +0 -0
  59. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/security-reviewer.md +0 -0
  60. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/senior-backend-dev.md +0 -0
  61. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/senior-frontend-dev.md +0 -0
  62. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/senior-tester.md +0 -0
  63. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/story-planner.md +0 -0
  64. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/technical-architect.md +0 -0
  65. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/tester.md +0 -0
  66. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/ui-designer.md +0 -0
  67. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/agents/unit-tester.md +0 -0
  68. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/catalog/mcp.yaml +0 -0
  69. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/commands/abort.md +0 -0
  70. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/commands/init.md +0 -0
  71. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/commands/sdlc.md +0 -0
  72. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/commands/status.md +0 -0
  73. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/docs/agentic-patterns.md +0 -0
  74. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/hooks.json +0 -0
  75. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/audit-log.sh +0 -0
  76. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/guard-destructive-git.sh +0 -0
  77. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/guard-secrets.sh +0 -0
  78. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/lint-fix.sh +0 -0
  79. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/load-autonomy.sh +0 -0
  80. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/load-learnings.sh +0 -0
  81. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/type-check.sh +0 -0
  82. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/validate-frontmatter.sh +0 -0
  83. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/validate-settings.sh +0 -0
  84. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/warn-large-edits.sh +0 -0
  85. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/warn-llm-io.sh +0 -0
  86. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/warn-missing-tests.sh +0 -0
  87. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/warn-sensitive-files.sh +0 -0
  88. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/hooks/scripts/warn-shared-modules.sh +0 -0
  89. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/agent-resilience.md +0 -0
  90. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/autonomy-levels.md +0 -0
  91. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/code-organization.md +0 -0
  92. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/design-patterns.md +0 -0
  93. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/devops-observability.md +0 -0
  94. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/documentation.md +0 -0
  95. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/frontend-best-practices.md +0 -0
  96. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/goal-setting-and-monitoring.md +0 -0
  97. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/human-in-the-loop.md +0 -0
  98. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/linting-and-formatting.md +0 -0
  99. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/model-tiers.md +0 -0
  100. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/reasoning-techniques.md +0 -0
  101. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/responsive-and-accessibility.md +0 -0
  102. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/testing.md +0 -0
  103. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/rules/tool-design.md +0 -0
  104. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/scripts/init.sh +0 -0
  105. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/_references/accessibility-checklist.md +0 -0
  106. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/_references/orchestration-patterns.md +0 -0
  107. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/_references/performance-checklist.md +0 -0
  108. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/_references/security-checklist.md +0 -0
  109. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/_references/testing-patterns.md +0 -0
  110. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/accessibility-review/SKILL.md +0 -0
  111. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/api-and-interface-design/SKILL.md +0 -0
  112. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/api-integration/SKILL.md +0 -0
  113. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/archive-sprint/SKILL.md +0 -0
  114. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/backlog/SKILL.md +0 -0
  115. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/backlog/item-template.md +0 -0
  116. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/browser-testing-with-devtools/SKILL.md +0 -0
  117. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/ci-cd-and-automation/SKILL.md +0 -0
  118. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/code-review-and-quality/SKILL.md +0 -0
  119. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/code-simplification/SKILL.md +0 -0
  120. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/component-design/SKILL.md +0 -0
  121. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/consolidate-learnings/SKILL.md +0 -0
  122. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/context-engineering/SKILL.md +0 -0
  123. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/debugging-and-error-recovery/SKILL.md +0 -0
  124. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/decision/SKILL.md +0 -0
  125. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/decision/adr-template.md +0 -0
  126. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/deprecation-and-migration/SKILL.md +0 -0
  127. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/documentation-and-adrs/SKILL.md +0 -0
  128. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/doubt-driven-development/SKILL.md +0 -0
  129. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/execute/SKILL.md +0 -0
  130. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/frontend-ui-engineering/SKILL.md +0 -0
  131. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/git-workflow-and-versioning/SKILL.md +0 -0
  132. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/idea-refine/SKILL.md +0 -0
  133. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/idea-refine/examples.md +0 -0
  134. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/idea-refine/frameworks.md +0 -0
  135. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/idea-refine/refinement-criteria.md +0 -0
  136. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/idea-refine/scripts/idea-refine.sh +0 -0
  137. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/incident-postmortem/SKILL.md +0 -0
  138. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/incremental-implementation/SKILL.md +0 -0
  139. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/interview-me/SKILL.md +0 -0
  140. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/load-testing/SKILL.md +0 -0
  141. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/manual-test/SKILL.md +0 -0
  142. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/over-engineering-review/SKILL.md +0 -0
  143. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/performance-optimization/SKILL.md +0 -0
  144. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/planning-and-task-breakdown/SKILL.md +0 -0
  145. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/playwright-verification/SKILL.md +0 -0
  146. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/refresh-docs/SKILL.md +0 -0
  147. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/scope/SKILL.md +0 -0
  148. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/scope/scope-template.md +0 -0
  149. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/security-and-hardening/SKILL.md +0 -0
  150. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/security-verification/SKILL.md +0 -0
  151. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/shipping-and-launch/SKILL.md +0 -0
  152. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/simplification-debt/SKILL.md +0 -0
  153. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/smoke-test/SKILL.md +0 -0
  154. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/source-driven-development/SKILL.md +0 -0
  155. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/spec-driven-development/SKILL.md +0 -0
  156. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/sprint/SKILL.md +0 -0
  157. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/sprint/sprint-template.md +0 -0
  158. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/task-tracker-sync/SKILL.md +0 -0
  159. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/test-driven-development/SKILL.md +0 -0
  160. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/threat-model/SKILL.md +0 -0
  161. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/triage/SKILL.md +0 -0
  162. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/ui-ux-design/SKILL.md +0 -0
  163. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/unit-test/SKILL.md +0 -0
  164. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/skills/using-agent-skills/SKILL.md +0 -0
  165. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/__main__.py +0 -0
  166. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/cli.py +0 -0
  167. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/hooks.py +0 -0
  168. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/models.py +0 -0
  169. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/prompts.py +0 -0
  170. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/render.py +0 -0
  171. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/scaffold.py +0 -0
  172. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/upgrader.py +0 -0
  173. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/src/claude_kit/validator.py +0 -0
  174. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/CONTINUITY.template.md +0 -0
  175. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/README.claude-sdlc.md.tmpl +0 -0
  176. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/MEMORY.md +0 -0
  177. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/api/.gitkeep +0 -0
  178. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/architecture/.gitkeep +0 -0
  179. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/debugging/.gitkeep +0 -0
  180. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/gotchas/.gitkeep +0 -0
  181. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/patterns/.gitkeep +0 -0
  182. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/agent-memory/performance/.gitkeep +0 -0
  183. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/adr.md +0 -0
  184. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/feature-spec.md +0 -0
  185. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/release-plan.md +0 -0
  186. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/runbook.md +0 -0
  187. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/security-review.md +0 -0
  188. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/artifacts/test-plan.md +0 -0
  189. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/README.md +0 -0
  190. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/agents/data-workflow-agent.md +0 -0
  191. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/agents/founder-prototype-agent.md +0 -0
  192. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/agents/internal-tools-builder.md +0 -0
  193. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/agents/pm-copilot.md +0 -0
  194. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/agents/support-ticket-engineer.md +0 -0
  195. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/devops-and-release/README.md +0 -0
  196. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/devops-and-release/pack.yaml +0 -0
  197. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/engineering-core/README.md +0 -0
  198. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/engineering-core/pack.yaml +0 -0
  199. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/non-engineer-builder/README.md +0 -0
  200. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/non-engineer-builder/pack.yaml +0 -0
  201. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/onboarding-and-docs/README.md +0 -0
  202. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/onboarding-and-docs/pack.yaml +0 -0
  203. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/product-to-code/README.md +0 -0
  204. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/product-to-code/pack.yaml +0 -0
  205. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/quality-and-review/README.md +0 -0
  206. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/quality-and-review/pack.yaml +0 -0
  207. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/security-and-compliance/README.md +0 -0
  208. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/packs/security-and-compliance/pack.yaml +0 -0
  209. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/ai-working-agreement.md +0 -0
  210. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/ambiguity-resolution.md +0 -0
  211. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/branch-and-pr-policy.md +0 -0
  212. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/compliance-policy.md +0 -0
  213. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/non-engineer-safe-coding.md +0 -0
  214. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/pii-policy.md +0 -0
  215. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/production-data-policy.md +0 -0
  216. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/prompt-to-task-conversion.md +0 -0
  217. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/prototype-boundaries.md +0 -0
  218. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/rules/secrets-policy.md +0 -0
  219. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/skills/customer-issue-to-fix/SKILL.md +0 -0
  220. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/skills/feature-from-idea/SKILL.md +0 -0
  221. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/skills/prompt-to-safe-task/SKILL.md +0 -0
  222. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/skills/prototype-to-production/SKILL.md +0 -0
  223. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/org/skills/repo-onboarding/SKILL.md +0 -0
  224. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/settings.json +0 -0
  225. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/backend/python/fastapi/rules/fastapi-patterns.md +0 -0
  226. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/mongodb/agents/mongodb-specialist.md +0 -0
  227. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/postgres/agents/db-performance-reviewer.md +0 -0
  228. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/postgres/agents/postgres-specialist.md +0 -0
  229. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/db/postgres/rules/database-performance.md +0 -0
  230. {claude_code_kit-0.12.0 → claude_code_kit-0.14.0}/templates/stacks/frontend/react/rules/react-patterns.md +0 -0
@@ -10,7 +10,7 @@
10
10
  "name": "claude-kit",
11
11
  "source": "./",
12
12
  "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker): install CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json, then run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.",
13
- "version": "0.12.0",
13
+ "version": "0.14.0",
14
14
  "license": "MIT",
15
15
  "keywords": ["sdlc", "agents", "orchestration", "quality-gates", "workflow", "scaffold", "cookiecutter"]
16
16
  }
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "claude-kit",
3
- "version": "0.12.0",
3
+ "version": "0.14.0",
4
4
  "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker). `claude-kit init` asks ordered questions and installs CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates with working memory and a self-improving learnings loop.",
5
5
  "author": {
6
6
  "name": "Arjunsingh Yadav",
@@ -4,6 +4,151 @@ All notable changes to claude-kit are documented here. The format follows
4
4
  [Keep a Changelog](https://keepachangelog.com/), and the project uses
5
5
  [semantic versioning](https://semver.org/).
6
6
 
7
+ ## [0.14.0] — 2026-06-16
8
+
9
+ A **third improvement brief** — six engineering *techniques* observed in Anthropic's Claude Code system
10
+ prompts, **reimplemented from scratch in claude-kit's own vocabulary** (gates, severity, RARV,
11
+ profiles, scopes, Orchestrator, CONTINUITY, agent-memory). No source text was copied, quoted, or
12
+ closely paraphrased — the IP boundary is technique-and-structure only. Run through the kit's reuse-first
13
+ mapping, the decisive finding repeated once more: every pattern already had a natural home, so all six
14
+ land as **extensions of existing rules/agents/skills/hooks** — **zero new agents, zero new rule files**
15
+ (core counts unchanged: 28 agents · 50 skills · 23 rules).
16
+
17
+ Two deliberate divergences from the brief's *inferred* file paths (it invited path verification):
18
+ **(P0-1)** the autonomous-action posture lives in `rules/agent-guardrails.md` §3 (execution discipline),
19
+ not `rules/risk-classification.md` (tier assignment) — cross-referenced from the restricted tier;
20
+ **(P2-1)** the implementer house style extends `templates/CLAUDE.md` "Surgical Changes" (the kit's
21
+ always-in-context house-style home) rather than adding a new rule that would near-duplicate it and
22
+ `code-organization.md` (golden rule #3).
23
+
24
+ ### Added
25
+ - **P0-1 — autonomous-action safety** (`rules/agent-guardrails.md` §3, always-on). A **block / confirm /
26
+ allow** posture over irreversible & outward-facing actions (force-push, history rewrite, branch/tag
27
+ deletion, destructive migration, bulk deletion, secret access, publish/send/post), a **verify-the-
28
+ target-before-destroying** step (stop if what you find contradicts how the task described it), and the
29
+ affirmative §1 rule that **untrusted/injected content never authorizes an action**. Cross-ref from
30
+ `rules/risk-classification.md`; one-line pointers from `developer`, `devops-engineer`, and both
31
+ `migration-specialist` overlay agents.
32
+ - **P0-2 — anti-fabrication of verdicts** (`rules/quality-gates.md` §2.5 + §1, always-on). A gate verdict
33
+ (PASS/FAIL) is valid **only** when it cites the real command + captured output (or the `file:line`
34
+ finding); a fabricated, assumed, or partial-output-based verdict is **auto-Critical**; reading a
35
+ still-running lane's output and calling the gate done is forbidden. Reinforced in
36
+ `rules/agent-guardrails.md` §2 and `rules/rarv-cycle.md` ("cite it", not just "run it").
37
+ - **P1-3 — plan-phase critique before approval.** The `spec-doc-writer` now runs an explicit
38
+ **self-critique** in its RARV cycle (always-on, wherever planning runs); and in **standard+** the
39
+ Orchestrator runs `devils-advocate` once on the spec + dev-docs **before EM approval is final**
40
+ (new Stage PC / `mandatory-workflow.md` §1e.5) — an UPHELD verdict routes back to the Spec Writer and
41
+ the spec gate stays open. `devils-advocate` extended to a plan-critique mode (was code/tests only).
42
+ **lean** keeps self-critique only (it doesn't install the agent).
43
+
44
+ ### Changed
45
+ - **P1-1 — memory hygiene** (`rules/agent-memory.md`, always-on): verify-before-trust (confirm a
46
+ recalled file/flag/command still exists before relying on it), selective attachment with cited
47
+ sources, and reconciliation (committed `CLAUDE.md`/`rules/*` win over a conflicting memory). A
48
+ start-of-turn line added to `rules/continuity.md`; a staleness check added to the `remember` skill.
49
+ - **P1-2 — resume snapshot** (`rules/continuity.md`, always-on): a small structured
50
+ `.claude/state/pipeline-snapshot.json` (profile/scope, mode, stage, per-lane status,
51
+ `last_gate_passed`, open findings by severity, next action) the Orchestrator maintains alongside
52
+ CONTINUITY; on resume it is **reloaded as context, not re-executed** (no re-running setup, no
53
+ re-applying committed edits, no re-opening passed gates). Wired into the `sdlc` skill + `orchestrator`;
54
+ `load-continuity.sh` now ensures `.claude/state/` exists in plugin context (the pip installer already
55
+ creates and gitignores it).
56
+ - **P2-1 — implementer house style** (`templates/CLAUDE.md` "Surgical Changes", always-on): delete the
57
+ superseded path instead of leaving a backwards-compat shim (unless compat is required), validate at
58
+ the boundary not redundantly in every layer, cite code as `path:line`, and (cross-ref to
59
+ `rules/documentation.md` §6, no duplication) no change-narration comments. The `sdlc-code-reviewer`
60
+ gains a **Change Hygiene** check group (shim-without-requirement = Medium; redundant re-validation =
61
+ Low; narration comment = Low); reinforced in the `developer` agent.
62
+
63
+ ### Notes
64
+ - **No `resolve()` / catalog changes** — all six are payload-content edits, so the
65
+ `lean⊊standard⊊enterprise` subset, MCP-gating, and no-Docker invariants are untouched.
66
+ - `docs/coverage-audit.md` gains a Brief-#3 section; `docs/architecture.md` adds the standard+ plan-
67
+ critique node.
68
+
69
+ ## [0.13.0] — 2026-06-15
70
+
71
+ A **second improvement brief** (external self-review, post-0.12.0) — Item 0 (a covered-vs-gated audit)
72
+ + P0-1/P0-2, P1-1/P1-2/P1-3, and six P2 items — run through the kit's mandated **adversarial
73
+ reuse-first map→verify** (a 24-agent map→verify pass). The decisive finding repeated from last time:
74
+ several premises were **overstated** against the live files (migration safety was already largely
75
+ enforced; the README "no PyPI yet" text was simply stale; the README is already progressively
76
+ disclosed). The result is a mix of **two new gates wired as data, one new live backend stack, and
77
+ targeted extensions** — **zero new agents/skills/rules** beyond what already existed (core counts
78
+ unchanged: 28 agents · 50 skills · 23 rules).
79
+
80
+ ### Added
81
+ - **Item 0 — `docs/coverage-audit.md`.** The justification record the briefs kept eliding: every
82
+ "already covered" capability classified **GATED (enforced) / RULE (always-on) / SKILL-DOC
83
+ (advisory)** with file evidence. Verifies rollback (GATED enterprise-only; RULE elsewhere), cost
84
+ (DOC by design), migration safety (overlay-advisory + enterprise rollback), accessibility, and
85
+ flags the one *looks-enforced-but-isn't* trap (the `accessibility-review` skill's internal "Quality
86
+ gates" heading is **not** a gate token).
87
+ - **P0-1 — `contract-clear` reaches the default `standard` profile** (API stacks), not just
88
+ enterprise (`catalog/profiles.yaml`). It still self-skips when the stack exposes no API contract
89
+ surface, so non-API projects are unaffected. *(Deliberate posture change: 0.12.0 placed it in
90
+ enterprise under golden-rule-#6 "heavyweight gates default to enterprise"; the brief explicitly
91
+ authorizes promoting it because breaking-change detection is table-stakes for the headline FastAPI
92
+ backend. Documented, not silent.)* Owned by `merge-reviewer`; quality-gates §4 + mandatory-workflow
93
+ §2d + the api-change-report template updated to say "standard+".
94
+ - **P1-1 — a live Go backend stack** (Go · stdlib **net/http**): a pure `catalog/stacks.yaml` entry +
95
+ `templates/stacks/backend/go/net-http/rules/go-patterns.md` overlay + exact `go` commands
96
+ (`go build ./...`, `go test ./...`, `go vet`, `gofmt`). Chosen over Node/Express precisely because
97
+ its build/test command shapes differ most from npm/pip — the strongest test of the stack-agnostic
98
+ claim. The one supporting code change: a **`build`** key added to `_BACKEND_CMD_KEYS` (compiled
99
+ backends surface a build command; interpreted ones leave it empty). No `resolve()` branch.
100
+ - **P1-2 — `accessibility-clear` gate** at organization scope, **`regulated` strictness only**
101
+ (`catalog/org.yaml` `extra_gates`). Owned by `acceptance-reviewer` (read-only, already present at
102
+ standard+), drives the existing `accessibility-review` skill over changed UI (WCAG-AA), self-skips
103
+ when no UI surface. Wired in `org.yaml` only, so the `lean⊊standard⊊enterprise` profile invariant is
104
+ untouched.
105
+ - **`examples/react-fastapi-postgres-feature/`** (P2-2) — a clearly-labelled **synthetic** end-to-end
106
+ walkthrough: request → feature-spec → story breakdown (coverage gate) → gate verdicts (incl. one
107
+ defect-loop cycle and a Devil's-Advocate CONFIRMED line) → sample PR diff. Repo reference (like
108
+ `docs/`), **not** bundled into the wheel.
109
+ - **`docs/eval-harness.md`** (P2-4) — a fill-in template to measure the pipeline with vs without the
110
+ gates (which gate caught which defect), built on `rules/evals.md` §6 median-of-N. Ships **no**
111
+ numbers by design (an eval result is environment-specific); honesty rules included.
112
+ - **Self-test matrix** (P2-5) — a parametrized test sweeping **every live frontend × backend ×
113
+ database × profile × scope** (now 24 combos incl. Go), each resolved + installed + validated +
114
+ Docker-checked. Driven off `catalog.list_options`, so new live stacks auto-join with no test edit.
115
+
116
+ ### Changed
117
+ - **P0-2 — migration safety made explicit.** Both `migration-specialist` overlays (postgres + mongodb)
118
+ already mandated expand/contract, reversible down-path, and idempotent backfill *as agent guidance*;
119
+ added the explicit hard rule **"no destructive drop in the same release as the code that stops using
120
+ the old shape"** with **severity** to the always-on overlay RULES (`postgres-patterns.md`,
121
+ `mongodb-patterns.md`) — so it lives in a rule, not only an agent prompt. (Same-release destruction
122
+ = at least **High**.)
123
+ - **P1-3 — the PyPI story reconciled.** `claude-code-kit` **is** published (latest 0.12.0); the README
124
+ install block, troubleshooting row, and a stale `changelog-v0.10.0` badge said otherwise. Install is
125
+ now `pip install claude-code-kit`; the changelog badge is de-versioned (self-healing); the CI
126
+ publish machinery (`publish.yml`) was correct and left untouched.
127
+ - **P2-3 (on-ramp, minimal)** — added an **Examples** nav link + pipeline pointer only; the proposed
128
+ full README restructure was **rejected** (see below). Pipeline gate table + `docs/architecture.md`
129
+ diagram updated for `contract-clear` (standard+) and the Go stack.
130
+
131
+ ### Not adopted (deliberately — premise overstated or against the kit's design)
132
+ - **A dedicated migration GATE token (P0-2).** Migrations are overlay-conditioned and not every-run;
133
+ `resolve()` can't emit stack gates without a branch. Strengthened the always-on overlay rules +
134
+ reviewer agents instead — enforcement via review + the enterprise rollback gate (`pipeline-green`),
135
+ per the coverage audit.
136
+ - **Node/Express as the new backend (P1-1).** Chose **Go** instead — its command shapes differ more
137
+ from the existing npm/pip stacks, which is the whole point of the breadth test. Express/Vue/Svelte/
138
+ Django remain `planned`.
139
+ - **A full README restructure + GIF (P2-3).** The README already uses progressive disclosure
140
+ (`<details>`); a big move-to-`docs/` churn is negative-value and a GIF can't be produced here. Added
141
+ only the example link. (Recording a demo GIF is a human follow-up.)
142
+ - **Relocating the CHANGELOG "Not adopted" blocks to `docs/decision-log.md` (P2-6).** Those blocks are
143
+ a **marketed feature** the README links to; moving them would break that cross-reference for low
144
+ value. Added a forward-looking note in `CONTRIBUTING.md` instead (split later *only if* the README
145
+ link is updated in the same change).
146
+ - **Repo About-box metadata (P2-1)** — host config outside the payload; `gh` is unavailable here.
147
+ Human follow-up: `gh repo edit ajyadav013/claude-kit --description "Config-only, stack-agnostic
148
+ autonomous-SDLC scaffolder for Claude Code (plugin + pip)" --add-topic claude-code --add-topic
149
+ claude-code-plugins --add-topic sdlc --add-topic ai-agents --add-topic agentic-coding --add-topic
150
+ claude-skills`.
151
+
7
152
  ## [0.12.0] — 2026-06-15
8
153
 
9
154
  An **improvement brief** (external self-review, no repo access) proposed ~15 changes — four P0, five
@@ -29,8 +29,9 @@ distributed two ways from one source of truth:
29
29
  | `templates/org/` | **Org overlay** content (scope-gated, organization only): `skills/`, `agents/` (personas), `rules/` (policy/vibe), `packs/<pack>/{pack.yaml,README.md}`, `README.md`. Wired via `catalog/org.yaml`. The only place org-specific content lives. |
30
30
  | `scripts/init.sh` | Thin no-pip fallback scaffolder (copies the full payload; no catalog resolution) |
31
31
  | `src/claude_kit/` | The pip CLI (Typer): `cli.py`, `catalog.py` (resolver), `prompts.py`, `models.py`, `scaffold.py` (installer), `render.py` (Jinja2), `hooks.py`, `validator.py`, `upgrader.py` |
32
- | `tests/` | pytest suite (catalog, render, scaffold, validator, upgrader, CLI) |
33
- | `docs/architecture.md` · `docs/agents.md` | Architecture diagrams · agent guide |
32
+ | `tests/` | pytest suite (catalog, render, scaffold, validator, upgrader, CLI; incl. the profile×stack×scope self-test matrix) |
33
+ | `examples/` | Synthetic end-to-end `/sdlc` worked example (repo reference; **not** bundled into the wheel) |
34
+ | `docs/architecture.md` · `docs/agents.md` · `docs/coverage-audit.md` · `docs/eval-harness.md` | Architecture diagrams · agent guide · the GATED-vs-RULE-vs-SKILL enforcement audit · the with/without eval template |
34
35
  | `pyproject.toml` | Packaging (deps: typer/jinja2/pyyaml); `[tool.hatch...force-include]` bundles the payload into the wheel |
35
36
 
36
37
  **One source of truth:** `agents/ skills/ commands/ hooks/ rules/ templates/ catalog/` at the repo
@@ -83,9 +83,14 @@ a specific stack — `pytest` enforces the no-Docker invariant on a scaffolded p
83
83
 
84
84
  1. Bump the version in **all four** places: `pyproject.toml`, `.claude-plugin/plugin.json`, the
85
85
  `.claude-plugin/marketplace.json` entry, and `src/claude_kit/__init__.py`.
86
- 2. Add a `CHANGELOG.md` entry.
86
+ 2. Add a `CHANGELOG.md` entry, including a **"Not adopted (deliberately)"** block stating what you
87
+ chose *not* to add and why — this is a marketed feature of the changelog (the README links to it),
88
+ so keep it. If those blocks ever grow unwieldy they may later split into `docs/decision-log.md`,
89
+ but **only if** the README's CHANGELOG cross-reference is updated in the same change; until then
90
+ they stay in `CHANGELOG.md` by design.
87
91
  3. `pytest` green, then `python3 -m build && python3 -m twine check dist/*`.
88
- 4. `python3 -m twine upload dist/*` (PyPI).
92
+ 4. CI auto-publishes to PyPI on merge to `main` when the version is new (`.github/workflows/publish.yml`,
93
+ OIDC trusted publishing). Manual `python3 -m twine upload dist/*` is the fallback.
89
94
  5. Tag the release and push so plugin users get the update.
90
95
 
91
96
  ## License
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: claude-code-kit
3
- Version: 0.12.0
3
+ Version: 0.14.0
4
4
  Summary: Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.
5
5
  Project-URL: Homepage, https://github.com/ajyadav013/claude-kit
6
6
  Project-URL: Repository, https://github.com/ajyadav013/claude-kit
@@ -39,9 +39,9 @@ with a quality gate between every phase. **No application code. No Docker. Confi
39
39
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
40
40
  [![Built for Claude Code](https://img.shields.io/badge/built%20for-Claude%20Code-d97757.svg)](https://www.claude.com/product/claude-code)
41
41
  [![CI](https://github.com/ajyadav013/claude-kit/actions/workflows/ci.yml/badge.svg)](https://github.com/ajyadav013/claude-kit/actions/workflows/ci.yml)
42
- [![Changelog](https://img.shields.io/badge/changelog-v0.10.0-blue.svg)](CHANGELOG.md)
42
+ [![Changelog](https://img.shields.io/badge/changelog-md-blue.svg)](CHANGELOG.md)
43
43
 
44
- 🚀 [Quick start](#quick-start) · 🧭 [How it works](#how-it-works) · 🔁 [The pipeline](#the-pipeline) · 🌱 [What we adopted](#influences--what-we-adopted) · 🤖 [Agents](#the-agents) · 🧩 [Catalog](#catalog--extensibility) · 🛠️ [CLI](#cli-reference) · 📖 [Agent guide](docs/agents.md)
44
+ 🚀 [Quick start](#quick-start) · 🧭 [How it works](#how-it-works) · 🔁 [The pipeline](#the-pipeline) · 🧪 [Example](examples/) · 🌱 [What we adopted](#influences--what-we-adopted) · 🤖 [Agents](#the-agents) · 🧩 [Catalog](#catalog--extensibility) · 🛠️ [CLI](#cli-reference) · 📖 [Agent guide](docs/agents.md)
45
45
 
46
46
  </div>
47
47
 
@@ -59,7 +59,7 @@ refuses to advance a phase until its **quality gate** passes. You drive it all w
59
59
  **At a glance:**
60
60
 
61
61
  - 🧱 **Stack-agnostic** — the pipeline assumes no language or framework. Pick a stack at `init` and it
62
- installs matching overlay rules (React · FastAPI · PostgreSQL · MongoDB) and your exact
62
+ installs matching overlay rules (React · FastAPI · Go/net-http · PostgreSQL · MongoDB) and your exact
63
63
  lint/test/build commands. It never writes your app code and never needs Docker.
64
64
  - 🎚️ **Dial the rigor with profiles** — `lean ⊊ standard ⊊ enterprise` decide how many agents, skills,
65
65
  hooks, and gates are active, from "fast track" to "full audit".
@@ -109,9 +109,9 @@ Then, inside any project you want the pipeline to manage:
109
109
  A CLI (`claude-kit`, aliases `ckit` / `claude-sdlc`) that scaffolds the same config into any repo:
110
110
 
111
111
  ```bash
112
- # Until the first PyPI release, install straight from the repo:
113
- pip install "git+https://github.com/ajyadav013/claude-kit.git"
114
- # Once published to PyPI this becomes: pip install claude-code-kit
112
+ pip install claude-code-kit
113
+ # or, for the bleeding edge straight from the repo:
114
+ # pip install "git+https://github.com/ajyadav013/claude-kit.git"
115
115
 
116
116
  claude-kit init # interactive: prompts for stack, profile, MCP
117
117
  claude-kit init --defaults # non-interactive: React + Python/FastAPI + Postgres + standard
@@ -223,10 +223,16 @@ flowchart TD
223
223
  | Profile | Gates that run |
224
224
  |---|---|
225
225
  | **lean** | code-review · build-green |
226
- | **standard** | spec-complete · em-approved · code-review · build-green · test-coverage · security-clear |
226
+ | **standard** | spec-complete · em-approved · code-review · build-green · test-coverage · security-clear · contract-clear\* |
227
227
  | **enterprise** | standard + pipeline-green · observability-ready · acceptance |
228
228
 
229
- A **fast-track** mode collapses small changes (< 5 files) to Developer Code Reviewer Tester PR.
229
+ \* `contract-clear` (API breaking-change diff) self-skips when the stack exposes no API surface, so it
230
+ is inert for non-API projects. Organization scope at `regulated` strictness adds `accessibility-clear`
231
+ (WCAG-AA on changed UI). A **fast-track** mode collapses small changes (< 5 files) to Developer →
232
+ Code Reviewer → Tester → PR.
233
+
234
+ See [`examples/`](examples/) for a synthetic end-to-end walkthrough — request → spec → story breakdown
235
+ → gate verdicts (with one defect-loop cycle) → sample PR diff.
230
236
 
231
237
  ---
232
238
 
@@ -245,6 +251,7 @@ non-duplicative gaps**, minimally and catalog-wired.
245
251
  | **[GitHub spec-kit](https://github.com/github/spec-kit)** | Spec → tasks → **analyze** coverage gate; tasks → tracker issues; stable requirement IDs + assumptions in specs | Wired the (previously orphaned) `story-planner` as the **coverage gate (1f)**, a tracker-agnostic `task-tracker-sync` skill, and enriched the feature-spec template | `0.9.0` |
246
252
  | **[protectai/llm-guard](https://github.com/protectai/llm-guard)** | Input→model→output guardrails for LLM features — prompt injection, PII vault, treating model output as untrusted | **Opt-in** "LLM / AI Feature Security" guidance in `security-and-hardening` + the advisory `warn-llm-io` hook (warns, **never blocks**) | `0.10.0` |
247
253
  | **Improvement brief** (external self-review) | API backward-compat as a gate; load-against-SLO as a release criterion; supply-chain maintenance cadence; pipeline resumability, clean abort, and worktree lifecycle; pipeline cost/concurrency/cross-platform transparency | The enterprise **`contract-clear`** gate (owned by `merge-reviewer`) + `api-change-report` template; a load-vs-SLO criterion in Observability Ready; dependency **Cadence Mode**; `/sdlc` resume-vs-restart, `/claude-kit:abort`, worktree teardown; cost/concurrency/Windows notes — **9 surgical extensions, 0 new agents/skills/rules** | `0.12.0` |
254
+ | **Improvement brief #2** (external self-review) | The covered-vs-**gated** distinction (a skill ≠ a gate); enforce API breaking-changes by default; expand/contract migration safety; back the stack-agnostic claim with a compiled backend; WCAG as a regulated gate; reconcile the PyPI story; ship a worked example + a self-test matrix | [`docs/coverage-audit.md`](docs/coverage-audit.md); **`contract-clear` promoted to `standard`**; a live **Go/net-http** backend; the **`accessibility-clear`** regulated gate; explicit migration-drop rules; a synthetic [`examples/`](examples/) run; an eval-harness template; a profile×stack×scope self-test matrix — **2 gates wired + 1 stack, 0 new agents/skills/rules** | `0.13.0` |
248
255
 
249
256
  > Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
250
257
  > deliberately **did not** add because the kit already covered it.
@@ -386,8 +393,8 @@ change.
386
393
  <br>
387
394
 
388
395
  - **`catalog/stacks.yaml`** — frontend frameworks, backend languages → frameworks, and databases.
389
- Live today: React · Python/FastAPI · PostgreSQL/MongoDB. Vue/Svelte/Django/Express are listed as
390
- `planned` (offered by `list-options`, not yet selectable).
396
+ Live today: React · Python/FastAPI · **Go/net-http** · PostgreSQL/MongoDB. Vue/Svelte/Django/Express
397
+ are listed as `planned` (offered by `list-options`, not yet selectable).
391
398
  - **`catalog/profiles.yaml`** — what each profile activates (`inherit:` composes; `all` = everything).
392
399
  - **`catalog/mcp.yaml`** — ready `.mcp.json` fragments per server, with `${ENV}` placeholders.
393
400
  - **`catalog/org.yaml`** — the **organization layer**: scopes, teams, the autonomy model, review
@@ -454,7 +461,7 @@ hints.
454
461
  | Guard / quality hooks seem to do nothing | `jq` isn't installed (the hooks parse tool input with it) | Install `jq`; without it the hooks degrade to no-ops by design |
455
462
  | Hooks do nothing on **Windows** | No POSIX shell — `.sh` hooks can't run under `cmd`/PowerShell | Run claude-kit inside **WSL or Git Bash** (with `jq`); `claude-kit doctor` confirms. Config + CLI work natively regardless |
456
463
  | A selected MCP server won't start | `node` / `npx` missing (most MCP servers launch via `npx`) | Install Node.js, or remove the server from `.mcp.json` |
457
- | `pip install claude-code-kit` fails | Not yet published to PyPI | Use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
464
+ | `pip install claude-code-kit` fails | Outdated `pip`, or you want an unreleased change | Upgrade pip (`pip install -U pip`); for unreleased changes use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
458
465
  | `validate` reports missing files | Partial or outdated install | Re-run `claude-kit init` (choose **merge**), or `claude-kit upgrade` |
459
466
 
460
467
  </details>
@@ -12,9 +12,9 @@ with a quality gate between every phase. **No application code. No Docker. Confi
12
12
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
13
13
  [![Built for Claude Code](https://img.shields.io/badge/built%20for-Claude%20Code-d97757.svg)](https://www.claude.com/product/claude-code)
14
14
  [![CI](https://github.com/ajyadav013/claude-kit/actions/workflows/ci.yml/badge.svg)](https://github.com/ajyadav013/claude-kit/actions/workflows/ci.yml)
15
- [![Changelog](https://img.shields.io/badge/changelog-v0.10.0-blue.svg)](CHANGELOG.md)
15
+ [![Changelog](https://img.shields.io/badge/changelog-md-blue.svg)](CHANGELOG.md)
16
16
 
17
- 🚀 [Quick start](#quick-start) · 🧭 [How it works](#how-it-works) · 🔁 [The pipeline](#the-pipeline) · 🌱 [What we adopted](#influences--what-we-adopted) · 🤖 [Agents](#the-agents) · 🧩 [Catalog](#catalog--extensibility) · 🛠️ [CLI](#cli-reference) · 📖 [Agent guide](docs/agents.md)
17
+ 🚀 [Quick start](#quick-start) · 🧭 [How it works](#how-it-works) · 🔁 [The pipeline](#the-pipeline) · 🧪 [Example](examples/) · 🌱 [What we adopted](#influences--what-we-adopted) · 🤖 [Agents](#the-agents) · 🧩 [Catalog](#catalog--extensibility) · 🛠️ [CLI](#cli-reference) · 📖 [Agent guide](docs/agents.md)
18
18
 
19
19
  </div>
20
20
 
@@ -32,7 +32,7 @@ refuses to advance a phase until its **quality gate** passes. You drive it all w
32
32
  **At a glance:**
33
33
 
34
34
  - 🧱 **Stack-agnostic** — the pipeline assumes no language or framework. Pick a stack at `init` and it
35
- installs matching overlay rules (React · FastAPI · PostgreSQL · MongoDB) and your exact
35
+ installs matching overlay rules (React · FastAPI · Go/net-http · PostgreSQL · MongoDB) and your exact
36
36
  lint/test/build commands. It never writes your app code and never needs Docker.
37
37
  - 🎚️ **Dial the rigor with profiles** — `lean ⊊ standard ⊊ enterprise` decide how many agents, skills,
38
38
  hooks, and gates are active, from "fast track" to "full audit".
@@ -82,9 +82,9 @@ Then, inside any project you want the pipeline to manage:
82
82
  A CLI (`claude-kit`, aliases `ckit` / `claude-sdlc`) that scaffolds the same config into any repo:
83
83
 
84
84
  ```bash
85
- # Until the first PyPI release, install straight from the repo:
86
- pip install "git+https://github.com/ajyadav013/claude-kit.git"
87
- # Once published to PyPI this becomes: pip install claude-code-kit
85
+ pip install claude-code-kit
86
+ # or, for the bleeding edge straight from the repo:
87
+ # pip install "git+https://github.com/ajyadav013/claude-kit.git"
88
88
 
89
89
  claude-kit init # interactive: prompts for stack, profile, MCP
90
90
  claude-kit init --defaults # non-interactive: React + Python/FastAPI + Postgres + standard
@@ -196,10 +196,16 @@ flowchart TD
196
196
  | Profile | Gates that run |
197
197
  |---|---|
198
198
  | **lean** | code-review · build-green |
199
- | **standard** | spec-complete · em-approved · code-review · build-green · test-coverage · security-clear |
199
+ | **standard** | spec-complete · em-approved · code-review · build-green · test-coverage · security-clear · contract-clear\* |
200
200
  | **enterprise** | standard + pipeline-green · observability-ready · acceptance |
201
201
 
202
- A **fast-track** mode collapses small changes (< 5 files) to Developer Code Reviewer Tester PR.
202
+ \* `contract-clear` (API breaking-change diff) self-skips when the stack exposes no API surface, so it
203
+ is inert for non-API projects. Organization scope at `regulated` strictness adds `accessibility-clear`
204
+ (WCAG-AA on changed UI). A **fast-track** mode collapses small changes (< 5 files) to Developer →
205
+ Code Reviewer → Tester → PR.
206
+
207
+ See [`examples/`](examples/) for a synthetic end-to-end walkthrough — request → spec → story breakdown
208
+ → gate verdicts (with one defect-loop cycle) → sample PR diff.
203
209
 
204
210
  ---
205
211
 
@@ -218,6 +224,7 @@ non-duplicative gaps**, minimally and catalog-wired.
218
224
  | **[GitHub spec-kit](https://github.com/github/spec-kit)** | Spec → tasks → **analyze** coverage gate; tasks → tracker issues; stable requirement IDs + assumptions in specs | Wired the (previously orphaned) `story-planner` as the **coverage gate (1f)**, a tracker-agnostic `task-tracker-sync` skill, and enriched the feature-spec template | `0.9.0` |
219
225
  | **[protectai/llm-guard](https://github.com/protectai/llm-guard)** | Input→model→output guardrails for LLM features — prompt injection, PII vault, treating model output as untrusted | **Opt-in** "LLM / AI Feature Security" guidance in `security-and-hardening` + the advisory `warn-llm-io` hook (warns, **never blocks**) | `0.10.0` |
220
226
  | **Improvement brief** (external self-review) | API backward-compat as a gate; load-against-SLO as a release criterion; supply-chain maintenance cadence; pipeline resumability, clean abort, and worktree lifecycle; pipeline cost/concurrency/cross-platform transparency | The enterprise **`contract-clear`** gate (owned by `merge-reviewer`) + `api-change-report` template; a load-vs-SLO criterion in Observability Ready; dependency **Cadence Mode**; `/sdlc` resume-vs-restart, `/claude-kit:abort`, worktree teardown; cost/concurrency/Windows notes — **9 surgical extensions, 0 new agents/skills/rules** | `0.12.0` |
227
+ | **Improvement brief #2** (external self-review) | The covered-vs-**gated** distinction (a skill ≠ a gate); enforce API breaking-changes by default; expand/contract migration safety; back the stack-agnostic claim with a compiled backend; WCAG as a regulated gate; reconcile the PyPI story; ship a worked example + a self-test matrix | [`docs/coverage-audit.md`](docs/coverage-audit.md); **`contract-clear` promoted to `standard`**; a live **Go/net-http** backend; the **`accessibility-clear`** regulated gate; explicit migration-drop rules; a synthetic [`examples/`](examples/) run; an eval-harness template; a profile×stack×scope self-test matrix — **2 gates wired + 1 stack, 0 new agents/skills/rules** | `0.13.0` |
221
228
 
222
229
  > Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
223
230
  > deliberately **did not** add because the kit already covered it.
@@ -359,8 +366,8 @@ change.
359
366
  <br>
360
367
 
361
368
  - **`catalog/stacks.yaml`** — frontend frameworks, backend languages → frameworks, and databases.
362
- Live today: React · Python/FastAPI · PostgreSQL/MongoDB. Vue/Svelte/Django/Express are listed as
363
- `planned` (offered by `list-options`, not yet selectable).
369
+ Live today: React · Python/FastAPI · **Go/net-http** · PostgreSQL/MongoDB. Vue/Svelte/Django/Express
370
+ are listed as `planned` (offered by `list-options`, not yet selectable).
364
371
  - **`catalog/profiles.yaml`** — what each profile activates (`inherit:` composes; `all` = everything).
365
372
  - **`catalog/mcp.yaml`** — ready `.mcp.json` fragments per server, with `${ENV}` placeholders.
366
373
  - **`catalog/org.yaml`** — the **organization layer**: scopes, teams, the autonomy model, review
@@ -427,7 +434,7 @@ hints.
427
434
  | Guard / quality hooks seem to do nothing | `jq` isn't installed (the hooks parse tool input with it) | Install `jq`; without it the hooks degrade to no-ops by design |
428
435
  | Hooks do nothing on **Windows** | No POSIX shell — `.sh` hooks can't run under `cmd`/PowerShell | Run claude-kit inside **WSL or Git Bash** (with `jq`); `claude-kit doctor` confirms. Config + CLI work natively regardless |
429
436
  | A selected MCP server won't start | `node` / `npx` missing (most MCP servers launch via `npx`) | Install Node.js, or remove the server from `.mcp.json` |
430
- | `pip install claude-code-kit` fails | Not yet published to PyPI | Use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
437
+ | `pip install claude-code-kit` fails | Outdated `pip`, or you want an unreleased change | Upgrade pip (`pip install -U pip`); for unreleased changes use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
431
438
  | `validate` reports missing files | Partial or outdated install | Re-run `claude-kit init` (choose **merge**), or `claude-kit upgrade` |
432
439
 
433
440
  </details>
@@ -53,6 +53,25 @@ Run the **RARV** cycle (`.claude/rules/rarv-cycle.md`) with a green Verify (you
53
53
  checks) before issuing the verdict, and update `.claude/CONTINUITY.md`. This gate is **Acceptance**
54
54
  in the enterprise profile and runs before the PR is handed to a human.
55
55
 
56
+ ## Join Point: Accessibility (accessibility-clear gate)
57
+
58
+ > Active **only** under organization scope at **`regulated`** review strictness (where WCAG is
59
+ > commonly a legal requirement). You own the **accessibility-clear** gate. **Degrade to a no-op**
60
+ > (PASS, note "no UI surface") when the change touches no frontend/UI files — detect with `Bash`
61
+ > (`git diff --name-only <base>` against the frontend stack dir / component globs); never block a
62
+ > back-end-only or API-only change.
63
+
64
+ When a UI surface is present:
65
+
66
+ 1. **Drive `.claude/skills/accessibility-review`** over the changed views/components (and the standards
67
+ in `.claude/rules/responsive-and-accessibility.md`) — keyboard operability, focus management,
68
+ semantics/ARIA, color contrast (WCAG AA), motion, and screen-reader labels.
69
+ 2. **Classify each finding** by `.claude/rules/quality-gates.md` §1. A WCAG-AA failure on a
70
+ legally-required surface is at least **High** (per `accessibility-review`'s risk note); a missing
71
+ label, focus trap, or sub-threshold contrast is **High/Medium**; cosmetic spacing is **Low**.
72
+ 3. **Verdict** — *accessibility-clear* PASSes only at zero Critical/High/Medium, consistent with every
73
+ other gate. Record findings in the acceptance report.
74
+
56
75
  ## Escalation
57
76
 
58
77
  Escalate to the human when acceptance criteria themselves are ambiguous or untestable, when the spec
@@ -145,6 +145,14 @@ If this fails, report to the Orchestrator instead of proceeding.
145
145
  - Use the project's path alias (if configured) for cleaner imports
146
146
  - Follow naming conventions per the rules files
147
147
  - No dead code, unused imports, or debug artifacts
148
+ - When you replace code, delete the superseded path — don't leave a backwards-compat shim unless
149
+ compatibility is a stated requirement (CLAUDE.md "Surgical Changes")
150
+ - Validate inputs at the boundary, not redundantly in every internal layer that already received
151
+ validated data
152
+ - Reference code as `path:line` in review responses and handoff notes
153
+ - Before any irreversible or outward-facing action (deleting/overwriting a file you didn't create,
154
+ force-push, a destructive migration, publishing), follow the verify-then-confirm posture in
155
+ `.claude/rules/agent-guardrails.md` §3 — confirm the target is what you think it is, then ask.
148
156
 
149
157
  ## Handling Code Review Feedback
150
158
 
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: devils-advocate
3
- description: Anti-sycophancy adversarial reviewer. Invoked ONLY when a parallel review or test-coverage gate reaches a unanimous PASS. Assumes the work is guilty and hunts for what every other reviewer missed. Gates the pipeline — a unanimous PASS is not final until this agent returns CONFIRMED.
3
+ description: Anti-sycophancy adversarial reviewer. Invoked to critique a plan/spec before approval (standard+), and whenever a parallel review or test-coverage gate reaches a unanimous PASS. Assumes the work is guilty and hunts for what everyone else missed. Gates the pipeline — the artifact is not final until this agent returns CONFIRMED.
4
4
  tools: Read, Glob, Grep, Bash, SendMessage
5
5
  permissionMode: plan
6
6
  model: opus
@@ -10,9 +10,12 @@ tier: review
10
10
 
11
11
  You are the **Devil's Advocate** — the anti-sycophancy backstop for the SDLC pipeline.
12
12
 
13
- You are spawned by the Orchestrator **only when a gate reaches a unanimous PASS** every blind reviewer or senior tester independently said "looks good, no blocking issues." That unanimity is exactly why you exist. Independent AI reviewers converge and rubber-stamp; your job is to break the consensus if it deserves breaking.
13
+ You are spawned by the Orchestrator at **two moments**, both chosen because consensus is most dangerous when it is comfortable:
14
14
 
15
- **Your stance:** the artifact is guilty until proven innocent. You are not here to confirm good work — you are here to find the issue three reviewers talked themselves out of. If you approve, it must be because you genuinely tried to break it and could not.
15
+ 1. **Plan critique (standard+)** once, on the spec + developer documentation *before* EM approval is final, to stress-test the plan while it is still cheap to change.
16
+ 2. **Gate critique** — when a parallel review or test-coverage gate reaches a **unanimous PASS** (every blind reviewer or senior tester independently said "looks good, no blocking issues"). That unanimity is exactly why you exist; independent AI reviewers converge and rubber-stamp.
17
+
18
+ **Your stance (both modes):** the artifact is guilty until proven innocent. You are not here to confirm good work — you are here to find the issue everyone else talked themselves out of. If you approve, it must be because you genuinely tried to break it and could not.
16
19
 
17
20
  ## MANDATORY: Read Before Reviewing
18
21
 
@@ -23,6 +26,8 @@ You are spawned by the Orchestrator **only when a gate reaches a unanimous PASS*
23
26
 
24
27
  ## How You Work
25
28
 
29
+ **When critiquing a plan (not code),** attack the spec's assumptions and completeness rather than an implementation: the weakest or most-likely-to-change requirement, an acceptance criterion that isn't actually testable, a hidden dependency or sequencing risk, a requirement quietly missing, scope that no requirement justifies, and the single step most likely to fail in implementation. Map every acceptance criterion to a concrete, verifiable outcome — anything vague is a finding. The steps below otherwise apply in both modes.
30
+
26
31
  1. **Read the consensus, then distrust it.** List what the reviewers checked. Your value is in the gaps they share — a blind spot common to all of them.
27
32
  2. **Re-derive from the spec, not their summary.** Map every acceptance criterion to concrete evidence (a test, a code path). Anything you cannot trace is a finding.
28
33
  3. **Attack the seams** that single-lane reviews miss:
@@ -48,7 +53,7 @@ Effort: {what you specifically probed that they did not}
48
53
  (or: "No blocking issue found in {area} — checked {what}")
49
54
 
50
55
  ## Verdict: {UPHELD | CONFIRMED}
51
- - UPHELD -> at least one Critical/High/Medium found. Gate FAILS. Route: {which lane fixes what}.
56
+ - UPHELD -> at least one Critical/High/Medium found. Gate FAILS. Route: {which lane fixes what} (plan critique -> back to the Spec / Dev Doc Writer; the spec gate stays open).
52
57
  - CONFIRMED -> genuinely clean after adversarial review. Gate may PASS.
53
58
  ```
54
59
 
@@ -58,5 +63,5 @@ Effort: {what you specifically probed that they did not}
58
63
  2. **You must do real work before CONFIRMED.** "Looks fine" is not allowed — name what you attacked and why it held. A CONFIRMED with no described probes is itself a failure.
59
64
  3. **Classify by the shared severity model.** Only Critical/High/Medium block; Low/Cosmetic are notes.
60
65
  4. **No sycophancy, no nihilism.** Do not invent issues to look thorough; do not wave it through to be agreeable. Report what is actually there.
61
- 5. **One pass.** You run once per unanimous gate. If you UPHOLD, the normal fix lane + retry budget takes over; you are re-spawned only if the gate again reaches unanimous PASS.
66
+ 5. **One pass.** You run once per plan critique and once per unanimous gate. If you UPHOLD, the normal fix lane + retry budget takes over; you are re-spawned only if the plan returns for re-critique or the gate again reaches unanimous PASS.
62
67
  6. Record any blind-spot pattern you find (e.g., "all reviewers missed tenant filter on list endpoints") to `CONTINUITY.md`, and promote it to `agent-memory/` if it is a recurring class of miss.
@@ -113,6 +113,10 @@ All checks must succeed before you declare done.
113
113
  - **Always preserve persistent data** when changing runtime config — don't orphan volumes/data.
114
114
  - **Always test a clean rebuild + start** before signing off.
115
115
  - **Never run destructive data ops** (`DROP DATABASE`, `TRUNCATE`) outside a disposable dev cycle.
116
+ - **Irreversible/outward-facing actions follow the verify-then-confirm posture** in
117
+ `.claude/rules/agent-guardrails.md` §3 — *block* (force-push, history rewrite, destructive
118
+ migration), *confirm* (publish, deploy, send outward), *allow* (reversible local work); verify the
119
+ target environment before acting.
116
120
 
117
121
  ## Quality Gate: Pipeline Green
118
122
 
@@ -178,8 +178,8 @@ Frontend code reviewed: ✓ | Build/tests: ✓
178
178
  > source is found — mirror the hooks' detect-then-skip pattern; never block a project that has no
179
179
  > contract.
180
180
 
181
- Owns the **contract-clear** gate (enterprise; or any profile an org opts into via `org.yaml`
182
- strictness). With `Bash`:
181
+ Owns the **contract-clear** gate (runs in **standard and enterprise** any profile that includes the
182
+ `merge-reviewer` — whenever the selected stack exposes an API surface). With `Bash`:
183
183
 
184
184
  1. **Locate or generate the contract** — a committed `openapi.(json|yaml)` / GraphQL SDL, or generate it from the framework's typed routes.
185
185
  2. **Diff against the base branch** — `git show <base>:<contract-path>` vs the working copy.
@@ -29,6 +29,8 @@ You are the **Orchestrator** — the pipeline controller for the engineering del
29
29
 
30
30
  **Read `.claude/CONTINUITY.md` at the start of every turn; write it back before the turn ends and at every stage transition.** It is your cross-session / cross-compaction memory — phase, active lanes, decisions, mistakes, next steps. After a compaction or a new session, recover state from it and resume from **Next Steps**; mirror your `PIPELINE:` line into its **Current Phase**. Durable lessons still go to `agent-memory/` via `remember`. See `.claude/rules/continuity.md`.
31
31
 
32
+ Alongside the freeform file, maintain the **structured resume snapshot** `.claude/state/pipeline-snapshot.json` (schema in `.claude/rules/continuity.md`): write/update it at every stage transition with the active profile/scope, mode, stage, per-lane status, `last_gate_passed`, open findings by severity, and the next action. On resume, **reload it as context** — re-enter at the first gate *after* `last_gate_passed`, re-running only un-passed or defect-affected lanes; never re-run setup or re-apply edits already committed. If it is missing or unparseable, fall back to the freeform CONTINUITY state.
33
+
32
34
  Every agent you dispatch runs the **RARV** cycle (Reason → Act → Reflect → Verify) and must show a green Verify before its gate may pass (`.claude/rules/rarv-cycle.md`). Classify every finding by the **severity model** in `.claude/rules/quality-gates.md` — a gate is PASS only with zero Critical/High/Medium open.
33
35
 
34
36
  ---
@@ -79,6 +81,9 @@ Human PRD
79
81
  [MR1] Merge Reviewer ──── verifies spec consistency across lanes
80
82
 
81
83
 
84
+ [PC] Devil's Advocate ── plan critique on spec + dev docs before approval is final (standard+)
85
+
86
+
82
87
  [SP] Story Planner ───── decomposes spec into ordered stories + verifies every
83
88
  │ acceptance criterion maps to a story (coverage gate)
84
89
 
@@ -244,6 +249,18 @@ For full-stack work, **spawn these lanes in parallel**:
244
249
 
245
250
  ---
246
251
 
252
+ ### Stage PC: Plan Critique (standard+, before approval is final)
253
+
254
+ Before treating the review chain's approval as final, run an adversarial pass on the **plan itself**:
255
+
256
+ - **Spawn**: `devils-advocate` with the spec + developer documentation (and the review-chain verdicts).
257
+ - It argues the plan is wrong — weakest/most-volatile requirement, untestable acceptance criterion,
258
+ hidden dependency, missing requirement, unjustified scope, the step most likely to fail.
259
+ - **Gate**: a **CONFIRMED** verdict lets the Story Planner proceed; an **UPHELD** verdict (any
260
+ Critical/High/Medium) routes back to the **Spec / Dev Doc Writer** and the spec gate stays open.
261
+ - **Profile**: standard and enterprise only — `devils-advocate` isn't installed in **lean**, where the
262
+ Spec Writer's own self-critique (its RARV cycle) is the safeguard. Skip with a noted reason in lean.
263
+
247
264
  ### Stage SP: Story Breakdown & Coverage Gate (after the spec is approved + consistent)
248
265
 
249
266
  The bridge between an approved spec and implementation: decompose, then prove coverage before any
@@ -516,6 +533,7 @@ PIPELINE: DEFECT LOOP (cycle 1/2) - Backend lane re-entered, re-test API lane on
516
533
  | 5b-UI | `senior-tester` (ui mode) | Verifies UI tester | Yes — Test Lane 2 |
517
534
  | 5b-INT | `senior-tester` (integration mode) | Verifies integration tester | Yes — Test Lane 3 |
518
535
  | JOIN | `merge-reviewer` | Verifies test coverage completeness | No — gate |
536
+ | PC | `devils-advocate` | Plan critique on the spec + dev docs before approval (standard+) | No — gate (standard+) |
519
537
  | 3b+ | `devils-advocate` | Anti-sycophancy pass on a unanimous test-coverage PASS | No — gate (conditional) |
520
538
  | 5.4 | `security-reviewer` | Security stage coordinator + gate (Security Clear) | No — sequential |
521
539
  | 5.4 | `secret-scanner` / `dependency-scanner` / `owasp-reviewer` / `policy-validator` | Four sub-scanners | Yes — parallel |
@@ -571,6 +589,6 @@ When an agent fails, follow this escalation:
571
589
  13. **Escalate clearly.** Provide: what failed, which lane, how many attempts, unresolved issues.
572
590
  14. **Verify outputs exist.** Check that expected files are created before marking a stage complete.
573
591
  15. **Prefer parallel over sequential.** If two stages have no data dependency, run them in parallel.
574
- 16. **Persist working memory.** Read/write `.claude/CONTINUITY.md` every turn and at every stage transition; recover from it after compaction.
575
- 17. **Anti-sycophancy.** A unanimous PASS at the test-coverage gate is not VERIFIED until `devils-advocate` returns CONFIRMED.
592
+ 16. **Persist working memory.** Read/write `.claude/CONTINUITY.md` every turn and at every stage transition; recover from it after compaction. Mirror gate-precise state into `.claude/state/pipeline-snapshot.json` and resume from it by *reloading* (re-enter after `last_gate_passed`), never by re-running passed gates or re-applying committed edits.
593
+ 17. **Anti-sycophancy.** In standard+, the plan is critiqued by `devils-advocate` before approval is final (Stage PC); and a unanimous PASS at the test-coverage gate is not VERIFIED until `devils-advocate` returns CONFIRMED.
576
594
  18. **Operability gates.** For deployable/observable changes, run DevOps (Pipeline Green) and Observability (Observability Ready) before the PR Raiser.
@@ -151,6 +151,12 @@ Review all code changes produced by the Developer (Agent 4). Check for correctne
151
151
  - [ ] Path aliases used correctly
152
152
  - [ ] Naming conventions match rules files
153
153
 
154
+ ### Change Hygiene (see CLAUDE.md "Surgical Changes" + `.claude/rules/documentation.md` §6)
155
+ - [ ] No backwards-compat shim left for replaced code unless compatibility is a stated requirement — else **Medium**
156
+ - [ ] Inputs validated at the boundary, not redundantly re-validated in internal layers — redundant re-validation is **Low**
157
+ - [ ] No change-narration comments ("// added this") — comments explain *why*, not *what changed* — **Low**
158
+ - [ ] Code locations in findings cited as `path:line`
159
+
154
160
  ## Feedback Protocol
155
161
 
156
162
  When you find issues, send **specific, actionable** fix requests to the Developer:
@@ -304,6 +304,8 @@ Before handing off to the EM Reviewer:
304
304
 
305
305
  **Reflect:** Does every spec requirement have acceptance criteria? Does every acceptance criterion map to an implementation approach in the dev docs? Are there conflicting requirements or hidden assumptions?
306
306
 
307
+ **Self-critique (argue against your own plan):** Before declaring the spec ready, turn on it. Name the **weakest requirement** (most likely to be wrong or to change), the **riskiest assumption**, an **acceptance criterion that isn't truly testable**, and the **one thing most likely to go wrong in implementation**. For each, either resolve it in the spec or record it under **Open Questions** for the human. A plan that has not been argued against is not ready for review. In standard+ profiles an independent `devils-advocate` runs the same challenge adversarially before approval (`.claude/rules/quality-gates.md` §3) — doing it yourself first is what makes that pass cheap.
308
+
307
309
  **Verify:**
308
310
  - [ ] Spec file exists at `docs/specs/{feature-name}_spec.md`
309
311
  - [ ] Both sections present (Specification + Developer Documentation)
@@ -77,7 +77,10 @@ strictness:
77
77
  regulated:
78
78
  label: "Regulated — compliance-grade gates"
79
79
  hooks: [validate-frontmatter, validate-settings]
80
- extra_gates: [security-clear, acceptance]
80
+ # accessibility-clear (brief #2 P1-2): a WCAG gate owned by acceptance-reviewer, driving the
81
+ # accessibility-review skill. Regulated-strictness only (WCAG is often a legal requirement there);
82
+ # self-skips when the change touches no UI surface, so API/back-end-only work is unaffected.
83
+ extra_gates: [security-clear, acceptance, accessibility-clear]
81
84
 
82
85
  # --- core agents the org layer activates regardless of profile ---------------------------------------
83
86
  # These live in the core agents/ dir (installed via the normal agent path); listing them here unions
@@ -82,7 +82,10 @@ profiles:
82
82
  - over-engineering-review
83
83
  - simplification-debt
84
84
  - task-tracker-sync
85
- gates: [spec-complete, em-approved, code-review, build-green, test-coverage, security-clear]
85
+ # contract-clear self-skips when the stack exposes no API contract surface, so it is inert for
86
+ # non-API projects on standard while enforcing backward-compatibility for API-exposing backends
87
+ # (e.g. FastAPI). Promoted from enterprise-only per brief #2 P0-1 — see CHANGELOG 0.13.0.
88
+ gates: [spec-complete, em-approved, code-review, build-green, test-coverage, security-clear, contract-clear]
86
89
  hooks: [load-continuity, load-learnings, load-autonomy, skill-routing, learning-detection, guard-rm-rf, guard-push-main, guard-destructive-git, protect-secrets, guard-commit-secrets, warn-shared-modules, warn-llm-io, lint-fix, type-check]
87
90
 
88
91
  enterprise: