claude-code-kit 0.50.0__tar.gz → 0.52.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (552) hide show
  1. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/.claude-plugin/marketplace.json +1 -1
  2. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/.claude-plugin/plugin.json +1 -1
  3. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/CHANGELOG.md +107 -0
  4. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/PKG-INFO +42 -21
  5. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/README.md +41 -20
  6. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/catalog/mcp.yaml +46 -0
  7. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/pyproject.toml +1 -1
  8. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/agent-guardrails.md +22 -0
  9. claude_code_kit-0.52.0/rules/devops-observability.md +123 -0
  10. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/human-in-the-loop.md +32 -0
  11. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/linting-and-formatting.md +86 -0
  12. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/reasoning-techniques.md +26 -0
  13. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/testing.md +96 -0
  14. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/tool-design.md +15 -1
  15. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-integration/SKILL.md +24 -0
  16. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/context-engineering/SKILL.md +30 -0
  17. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/performance-optimization/SKILL.md +22 -0
  18. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/security-and-hardening/SKILL.md +129 -0
  19. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/__init__.py +1 -1
  20. claude_code_kit-0.50.0/rules/devops-observability.md +0 -58
  21. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/.gitignore +0 -0
  22. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/CLAUDE.md +0 -0
  23. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/CONTRIBUTING.md +0 -0
  24. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/LICENSE +0 -0
  25. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/acceptance-reviewer.md +0 -0
  26. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/auditor.md +0 -0
  27. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/dependency-scanner.md +0 -0
  28. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/developer.md +0 -0
  29. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/devils-advocate.md +0 -0
  30. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/devops-engineer.md +0 -0
  31. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/e2e-tester.md +0 -0
  32. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/em-reviewer.md +0 -0
  33. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/incident-responder.md +0 -0
  34. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/merge-reviewer.md +0 -0
  35. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/observability-engineer.md +0 -0
  36. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/orchestrator.md +0 -0
  37. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/owasp-reviewer.md +0 -0
  38. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/policy-validator.md +0 -0
  39. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/pr-raiser.md +0 -0
  40. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/risk-classifier.md +0 -0
  41. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/sdlc-code-reviewer.md +0 -0
  42. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/secret-scanner.md +0 -0
  43. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/security-reviewer.md +0 -0
  44. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/senior-backend-dev.md +0 -0
  45. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/senior-frontend-dev.md +0 -0
  46. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/senior-tester.md +0 -0
  47. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/spec-doc-writer.md +0 -0
  48. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/story-planner.md +0 -0
  49. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/technical-architect.md +0 -0
  50. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/tester.md +0 -0
  51. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/ui-designer.md +0 -0
  52. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/agents/unit-tester.md +0 -0
  53. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/catalog/capture.yaml +0 -0
  54. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/catalog/org.yaml +0 -0
  55. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/catalog/profiles.yaml +0 -0
  56. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/catalog/stacks.yaml +0 -0
  57. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/commands/abort.md +0 -0
  58. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/commands/init.md +0 -0
  59. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/commands/sdlc.md +0 -0
  60. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/commands/status.md +0 -0
  61. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/agentic-patterns.md +0 -0
  62. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/agents.md +0 -0
  63. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/architecture.md +0 -0
  64. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/capture-a-real-run.md +0 -0
  65. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/coverage-audit.md +0 -0
  66. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/eval-harness.md +0 -0
  67. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/org-capabilities.md +0 -0
  68. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/stack-skills/GAP-ANALYSIS.md +0 -0
  69. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/stack-skills/README.md +0 -0
  70. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/docs/stack-skills/REPO-INVENTORY.md +0 -0
  71. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/hooks.json +0 -0
  72. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/audit-log.sh +0 -0
  73. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/capture-learnings.sh +0 -0
  74. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/guard-destructive-git.sh +0 -0
  75. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/guard-kubectl-delete.sh +0 -0
  76. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/guard-secrets.sh +0 -0
  77. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/lint-fix.sh +0 -0
  78. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/load-autonomy.sh +0 -0
  79. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/load-continuity.sh +0 -0
  80. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/load-learnings.sh +0 -0
  81. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/type-check.sh +0 -0
  82. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/validate-frontmatter.sh +0 -0
  83. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/validate-settings.sh +0 -0
  84. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/warn-large-edits.sh +0 -0
  85. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/warn-llm-io.sh +0 -0
  86. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/warn-missing-tests.sh +0 -0
  87. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/warn-sensitive-files.sh +0 -0
  88. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/hooks/scripts/warn-shared-modules.sh +0 -0
  89. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/agent-memory.md +0 -0
  90. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/agent-resilience.md +0 -0
  91. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/autonomy-levels.md +0 -0
  92. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/code-organization.md +0 -0
  93. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/continuity.md +0 -0
  94. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/design-patterns.md +0 -0
  95. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/documentation.md +0 -0
  96. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/evals.md +0 -0
  97. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/frontend-best-practices.md +0 -0
  98. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/goal-setting-and-monitoring.md +0 -0
  99. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/mandatory-workflow.md +0 -0
  100. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/model-tiers.md +0 -0
  101. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/quality-gates.md +0 -0
  102. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/rarv-cycle.md +0 -0
  103. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/responsive-and-accessibility.md +0 -0
  104. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/rules/risk-classification.md +0 -0
  105. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/scripts/capture-sdlc-run.sh +0 -0
  106. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/scripts/check_docs_consistency.py +0 -0
  107. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/scripts/gen_hooks.py +0 -0
  108. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/scripts/init.sh +0 -0
  109. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/_references/accessibility-checklist.md +0 -0
  110. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/_references/orchestration-patterns.md +0 -0
  111. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/_references/performance-checklist.md +0 -0
  112. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/_references/security-checklist.md +0 -0
  113. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/_references/testing-patterns.md +0 -0
  114. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/accessibility-review/SKILL.md +0 -0
  115. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/README.md +0 -0
  116. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/SKILL.md +0 -0
  117. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/references/alembic-setup-and-env.md +0 -0
  118. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/references/async-and-multitenant-migrations.md +0 -0
  119. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/references/repo-evidence.md +0 -0
  120. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/references/troubleshooting-and-debugging.md +0 -0
  121. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/alembic-migrations/references/writing-migrations.md +0 -0
  122. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/anthropic-vertex-integration/README.md +0 -0
  123. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/anthropic-vertex-integration/SKILL.md +0 -0
  124. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/anthropic-vertex-integration/references/generate-helpers-and-retry.md +0 -0
  125. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/anthropic-vertex-integration/references/repo-evidence.md +0 -0
  126. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/anthropic-vertex-integration/references/vertex-client-and-auth.md +0 -0
  127. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-and-interface-design/SKILL.md +0 -0
  128. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-pagination-filtering-sorting/README.md +0 -0
  129. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-pagination-filtering-sorting/SKILL.md +0 -0
  130. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-pagination-filtering-sorting/references/query-params-conventions.md +0 -0
  131. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-pagination-filtering-sorting/references/repo-evidence.md +0 -0
  132. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/api-pagination-filtering-sorting/references/response-metadata.md +0 -0
  133. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/archive-sprint/SKILL.md +0 -0
  134. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/async-python-patterns/README.md +0 -0
  135. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/async-python-patterns/SKILL.md +0 -0
  136. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/async-python-patterns/references/async-boundaries.md +0 -0
  137. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/async-python-patterns/references/lifecycle-and-gather.md +0 -0
  138. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/async-python-patterns/references/repo-evidence.md +0 -0
  139. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/README.md +0 -0
  140. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/SKILL.md +0 -0
  141. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/references/auth-dependencies.md +0 -0
  142. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/references/rbac-and-permissions.md +0 -0
  143. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/references/repo-evidence.md +0 -0
  144. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/references/security-hardening.md +0 -0
  145. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/auth-and-rbac/references/tokens-and-hashing.md +0 -0
  146. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/README.md +0 -0
  147. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/SKILL.md +0 -0
  148. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/references/deployment-patterns.md +0 -0
  149. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/references/entrypoint-and-config.md +0 -0
  150. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/references/repo-evidence.md +0 -0
  151. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/references/structure-patterns.md +0 -0
  152. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backend-repo-architecture/references/troubleshooting.md +0 -0
  153. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backlog/SKILL.md +0 -0
  154. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/backlog/item-template.md +0 -0
  155. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/browser-testing-with-devtools/SKILL.md +0 -0
  156. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/bug-hunt/SKILL.md +0 -0
  157. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/ci-cd-and-automation/SKILL.md +0 -0
  158. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/code-review-and-quality/SKILL.md +0 -0
  159. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/code-simplification/SKILL.md +0 -0
  160. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/component-design/SKILL.md +0 -0
  161. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/configargparse-yaml-env-layering/README.md +0 -0
  162. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/configargparse-yaml-env-layering/SKILL.md +0 -0
  163. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/configargparse-yaml-env-layering/references/config-layering-anatomy.md +0 -0
  164. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/configargparse-yaml-env-layering/references/mode-dispatch-and-precedence.md +0 -0
  165. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/configargparse-yaml-env-layering/references/repo-evidence.md +0 -0
  166. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/consolidate-learnings/SKILL.md +0 -0
  167. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/README.md +0 -0
  168. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/SKILL.md +0 -0
  169. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/references/deployment-and-secrets.md +0 -0
  170. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/references/dockerfile-and-compose.md +0 -0
  171. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/references/entrypoint-and-modes.md +0 -0
  172. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/references/kerberos-kinit-bootstrap.md +0 -0
  173. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/references/makefile-dev-workflow.md +0 -0
  174. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/containerization-and-deployment/references/repo-evidence.md +0 -0
  175. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/cron-and-scheduled-jobs/README.md +0 -0
  176. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/cron-and-scheduled-jobs/SKILL.md +0 -0
  177. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/cron-and-scheduled-jobs/references/choosing-and-operations.md +0 -0
  178. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/cron-and-scheduled-jobs/references/kubernetes-cronjob.md +0 -0
  179. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/cron-and-scheduled-jobs/references/repo-evidence.md +0 -0
  180. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/cron-and-scheduled-jobs/references/temporal-schedules.md +0 -0
  181. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/README.md +0 -0
  182. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/SKILL.md +0 -0
  183. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/references/bigquery-advanced-patterns.md +0 -0
  184. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/references/bigquery-gcs-io.md +0 -0
  185. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/references/medallion-architecture.md +0 -0
  186. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/references/repo-evidence.md +0 -0
  187. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/data-engineering-bigquery-gcs/references/temp-table-merge-pattern.md +0 -0
  188. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/debugging-and-error-recovery/SKILL.md +0 -0
  189. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/decision/SKILL.md +0 -0
  190. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/decision/adr-template.md +0 -0
  191. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dependency-verification/SKILL.md +0 -0
  192. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/deprecation-and-migration/SKILL.md +0 -0
  193. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/README.md +0 -0
  194. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/SKILL.md +0 -0
  195. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/references/anti-patterns.md +0 -0
  196. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/references/naming-and-layout.md +0 -0
  197. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/references/patterns-catalog.md +0 -0
  198. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/references/repo-evidence.md +0 -0
  199. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/references/testing-patterns.md +0 -0
  200. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-patterns-and-conventions/references/troubleshooting.md +0 -0
  201. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/README.md +0 -0
  202. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/SKILL.md +0 -0
  203. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/references/ai-readiness.md +0 -0
  204. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/references/drift-detection.md +0 -0
  205. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/references/governance-and-adoption.md +0 -0
  206. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/references/system-health-and-maturity.md +0 -0
  207. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/design-system-ops/references/token-architecture.md +0 -0
  208. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/doc-consolidation/SKILL.md +0 -0
  209. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-compose/README.md +0 -0
  210. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-compose/SKILL.md +0 -0
  211. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-compose/references/compose-services-and-healthchecks.md +0 -0
  212. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-compose/references/dev-vs-prod-variants.md +0 -0
  213. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-compose/references/repo-evidence.md +0 -0
  214. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-shared/README.md +0 -0
  215. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-shared/SKILL.md +0 -0
  216. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-shared/references/dockerignore-and-build-secrets.md +0 -0
  217. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-shared/references/repo-evidence.md +0 -0
  218. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-shared/references/shared-base-images.md +0 -0
  219. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/docker-shared/references/shared-compose-fragments.md +0 -0
  220. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-backend/README.md +0 -0
  221. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-backend/SKILL.md +0 -0
  222. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-backend/references/backend-dockerfile-anatomy.md +0 -0
  223. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-backend/references/repo-evidence.md +0 -0
  224. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-backend/references/system-deps-and-caching.md +0 -0
  225. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-frontend/README.md +0 -0
  226. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-frontend/SKILL.md +0 -0
  227. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-frontend/references/build-args-and-nginx.md +0 -0
  228. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-frontend/references/frontend-dockerfile-anatomy.md +0 -0
  229. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/dockerfile-frontend/references/repo-evidence.md +0 -0
  230. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/documentation-and-adrs/SKILL.md +0 -0
  231. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/doubt-driven-development/SKILL.md +0 -0
  232. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/edge-to-service-trust-boundary/README.md +0 -0
  233. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/edge-to-service-trust-boundary/SKILL.md +0 -0
  234. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/edge-to-service-trust-boundary/references/repo-evidence.md +0 -0
  235. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/edge-to-service-trust-boundary/references/trust-contract.md +0 -0
  236. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/execute/SKILL.md +0 -0
  237. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/README.md +0 -0
  238. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/SKILL.md +0 -0
  239. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/references/api-versioning.md +0 -0
  240. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/references/app-factory-and-lifespan.md +0 -0
  241. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/references/custom-route-and-middleware.md +0 -0
  242. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/references/dependency-injection.md +0 -0
  243. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/references/model-and-serialization-patterns.md +0 -0
  244. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/fastapi-service-patterns/references/repo-evidence.md +0 -0
  245. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/file-export-and-reporting/README.md +0 -0
  246. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/file-export-and-reporting/SKILL.md +0 -0
  247. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/file-export-and-reporting/references/excel-generation.md +0 -0
  248. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/file-export-and-reporting/references/repo-evidence.md +0 -0
  249. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/file-export-and-reporting/references/streaming-and-downloads.md +0 -0
  250. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/README.md +0 -0
  251. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/SKILL.md +0 -0
  252. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/references/api-layer-and-types.md +0 -0
  253. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/references/divergences.md +0 -0
  254. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/references/repo-evidence.md +0 -0
  255. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/references/structure-and-state.md +0 -0
  256. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-repo-architecture/references/testing-patterns.md +0 -0
  257. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/frontend-ui-engineering/SKILL.md +0 -0
  258. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcp-cloud-run-github-actions/README.md +0 -0
  259. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcp-cloud-run-github-actions/SKILL.md +0 -0
  260. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcp-cloud-run-github-actions/references/cloud-run-deploy.md +0 -0
  261. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcp-cloud-run-github-actions/references/repo-evidence.md +0 -0
  262. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcp-cloud-run-github-actions/references/workflow-structure.md +0 -0
  263. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcs-file-storage-patterns/README.md +0 -0
  264. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcs-file-storage-patterns/SKILL.md +0 -0
  265. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcs-file-storage-patterns/references/client-and-uploads.md +0 -0
  266. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcs-file-storage-patterns/references/repo-evidence.md +0 -0
  267. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/gcs-file-storage-patterns/references/signed-urls-and-reads.md +0 -0
  268. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/git-workflow-and-versioning/SKILL.md +0 -0
  269. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/README.md +0 -0
  270. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/SKILL.md +0 -0
  271. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/references/dashboard-json-and-templating.md +0 -0
  272. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/references/provisioning-and-organization.md +0 -0
  273. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/references/red-metrics-queries.md +0 -0
  274. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/references/repo-evidence.md +0 -0
  275. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/grafana-dashboards-and-alerts/references/unified-alerting.md +0 -0
  276. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/README.md +0 -0
  277. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/SKILL.md +0 -0
  278. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/references/apollo-client-frontend.md +0 -0
  279. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/references/apollo-client-setup.md +0 -0
  280. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/references/repo-evidence.md +0 -0
  281. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/references/strawberry-backend.md +0 -0
  282. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/graphql-patterns/references/when-to-use-graphql.md +0 -0
  283. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/idea-refine/SKILL.md +0 -0
  284. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/idea-refine/examples.md +0 -0
  285. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/idea-refine/frameworks.md +0 -0
  286. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/idea-refine/refinement-criteria.md +0 -0
  287. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/idea-refine/scripts/idea-refine.sh +0 -0
  288. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/incident-postmortem/SKILL.md +0 -0
  289. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/incremental-implementation/SKILL.md +0 -0
  290. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/interview-me/SKILL.md +0 -0
  291. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kafka-config-driven/README.md +0 -0
  292. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kafka-config-driven/SKILL.md +0 -0
  293. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kafka-config-driven/references/config-and-sasl-kerberos.md +0 -0
  294. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kafka-config-driven/references/consumer-producer-patterns.md +0 -0
  295. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kafka-config-driven/references/repo-evidence.md +0 -0
  296. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kafka-config-driven/references/troubleshooting-and-patterns.md +0 -0
  297. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/README.md +0 -0
  298. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/SKILL.md +0 -0
  299. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/references/command-reference.md +0 -0
  300. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/references/context-namespace-rbac.md +0 -0
  301. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/references/debugging-playbooks.md +0 -0
  302. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/references/output-formats-and-selectors.md +0 -0
  303. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubectl-operations/references/repo-evidence.md +0 -0
  304. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubernetes-workload-hardening/README.md +0 -0
  305. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubernetes-workload-hardening/SKILL.md +0 -0
  306. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubernetes-workload-hardening/references/networkpolicy-and-rbac.md +0 -0
  307. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubernetes-workload-hardening/references/repo-evidence.md +0 -0
  308. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/kubernetes-workload-hardening/references/securitycontext-and-podsecurity.md +0 -0
  309. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/langfuse-llm-tracing/README.md +0 -0
  310. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/langfuse-llm-tracing/SKILL.md +0 -0
  311. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/langfuse-llm-tracing/references/langfuse-client-and-tracing.md +0 -0
  312. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/langfuse-llm-tracing/references/python-and-typescript.md +0 -0
  313. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/langfuse-llm-tracing/references/repo-evidence.md +0 -0
  314. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/library-review/SKILL.md +0 -0
  315. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/load-testing/SKILL.md +0 -0
  316. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/manual-test/SKILL.md +0 -0
  317. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/README.md +0 -0
  318. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/SKILL.md +0 -0
  319. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/references/migration-best-practices.md +0 -0
  320. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/references/pydantic-v1-to-v2.md +0 -0
  321. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/references/repo-evidence.md +0 -0
  322. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/references/shared-internal-library.md +0 -0
  323. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/modernization-and-migration/references/sqlalchemy-14-to-20.md +0 -0
  324. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/multi-tenancy-patterns/README.md +0 -0
  325. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/multi-tenancy-patterns/SKILL.md +0 -0
  326. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/multi-tenancy-patterns/references/caching-patterns.md +0 -0
  327. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/multi-tenancy-patterns/references/isolation-strategies.md +0 -0
  328. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/multi-tenancy-patterns/references/repo-evidence.md +0 -0
  329. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/multi-tenancy-patterns/references/tenant-resolution.md +0 -0
  330. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-express-service/README.md +0 -0
  331. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-express-service/SKILL.md +0 -0
  332. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-express-service/references/app-factory-and-mode-dispatch.md +0 -0
  333. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-express-service/references/config-and-module-alias.md +0 -0
  334. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-express-service/references/middleware-patterns.md +0 -0
  335. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-express-service/references/repo-evidence.md +0 -0
  336. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-objection-knex/README.md +0 -0
  337. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-objection-knex/SKILL.md +0 -0
  338. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-objection-knex/references/migrations-and-validation.md +0 -0
  339. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-objection-knex/references/objection-model-and-knex.md +0 -0
  340. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/node-objection-knex/references/repo-evidence.md +0 -0
  341. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/notifications-and-messaging/README.md +0 -0
  342. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/notifications-and-messaging/SKILL.md +0 -0
  343. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/notifications-and-messaging/references/provider-abstraction.md +0 -0
  344. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/notifications-and-messaging/references/repo-evidence.md +0 -0
  345. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/notifications-and-messaging/references/templates-and-fallback.md +0 -0
  346. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/README.md +0 -0
  347. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/SKILL.md +0 -0
  348. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/references/health-and-readiness.md +0 -0
  349. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/references/logging-and-structlog.md +0 -0
  350. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/references/outbound-metrics-and-multi-mode.md +0 -0
  351. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/references/pii-redaction.md +0 -0
  352. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/references/repo-evidence.md +0 -0
  353. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/observability-and-logging/references/tracing-and-metrics.md +0 -0
  354. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/README.md +0 -0
  355. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/SKILL.md +0 -0
  356. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/references/collector.md +0 -0
  357. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/references/correlation.md +0 -0
  358. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/references/gotchas.md +0 -0
  359. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/references/instrumentation.md +0 -0
  360. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/references/sampling.md +0 -0
  361. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/otel-tracing/references/tempo.md +0 -0
  362. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/over-engineering-review/SKILL.md +0 -0
  363. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/planning-and-task-breakdown/SKILL.md +0 -0
  364. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/playwright-verification/SKILL.md +0 -0
  365. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/pydantic-schema-patterns/README.md +0 -0
  366. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/pydantic-schema-patterns/SKILL.md +0 -0
  367. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/pydantic-schema-patterns/references/repo-evidence.md +0 -0
  368. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/pydantic-schema-patterns/references/settings-and-validation.md +0 -0
  369. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/pydantic-schema-patterns/references/troubleshooting-and-common-errors.md +0 -0
  370. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/pydantic-schema-patterns/references/v1-vs-v2.md +0 -0
  371. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/README.md +0 -0
  372. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/SKILL.md +0 -0
  373. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/references/advanced-query-patterns.md +0 -0
  374. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/references/basedao-and-sessions.md +0 -0
  375. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/references/mongodb-advanced.md +0 -0
  376. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/references/other-db-mongodb.md +0 -0
  377. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/references/repo-evidence.md +0 -0
  378. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/python-dao-and-database/references/sqlalchemy-1x-vs-2x.md +0 -0
  379. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/radix-tailwind-component-patterns/README.md +0 -0
  380. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/radix-tailwind-component-patterns/SKILL.md +0 -0
  381. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/radix-tailwind-component-patterns/references/radix-primitives-and-variants.md +0 -0
  382. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/radix-tailwind-component-patterns/references/repo-evidence.md +0 -0
  383. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/radix-tailwind-component-patterns/references/tailwind-theme-and-cn.md +0 -0
  384. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/react-hook-form-zod-patterns/README.md +0 -0
  385. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/react-hook-form-zod-patterns/SKILL.md +0 -0
  386. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/react-hook-form-zod-patterns/references/form-setup-and-zod.md +0 -0
  387. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/react-hook-form-zod-patterns/references/multi-step-and-modes.md +0 -0
  388. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/react-hook-form-zod-patterns/references/repo-evidence.md +0 -0
  389. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/redis-caching-patterns/README.md +0 -0
  390. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/redis-caching-patterns/SKILL.md +0 -0
  391. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/redis-caching-patterns/references/cache-manager-and-fallback.md +0 -0
  392. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/redis-caching-patterns/references/namespacing-and-invalidation.md +0 -0
  393. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/redis-caching-patterns/references/repo-evidence.md +0 -0
  394. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/refresh-docs/SKILL.md +0 -0
  395. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/remember/SKILL.md +0 -0
  396. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/safety-critical-patterns/SKILL.md +0 -0
  397. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/scope/SKILL.md +0 -0
  398. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/scope/scope-template.md +0 -0
  399. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/sdlc/SKILL.md +0 -0
  400. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/security-verification/SKILL.md +0 -0
  401. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/shannon-ai-pentest/README.md +0 -0
  402. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/shannon-ai-pentest/SKILL.md +0 -0
  403. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/shannon-ai-pentest/references/operating-guide.md +0 -0
  404. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/shell-review/SKILL.md +0 -0
  405. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/shipping-and-launch/SKILL.md +0 -0
  406. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/simplification-debt/SKILL.md +0 -0
  407. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/smoke-test/SKILL.md +0 -0
  408. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/source-driven-development/SKILL.md +0 -0
  409. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/spec-driven-development/SKILL.md +0 -0
  410. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/sprint/SKILL.md +0 -0
  411. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/sprint/sprint-template.md +0 -0
  412. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/tanstack-react-query-patterns/README.md +0 -0
  413. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/tanstack-react-query-patterns/SKILL.md +0 -0
  414. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/tanstack-react-query-patterns/references/mutations-and-cache.md +0 -0
  415. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/tanstack-react-query-patterns/references/query-keys-and-hooks.md +0 -0
  416. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/tanstack-react-query-patterns/references/repo-evidence.md +0 -0
  417. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/task-tracker-sync/SKILL.md +0 -0
  418. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/README.md +0 -0
  419. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/SKILL.md +0 -0
  420. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/references/config-and-retry-idempotency.md +0 -0
  421. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/references/dag-dsl-interpreter.md +0 -0
  422. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/references/repo-evidence.md +0 -0
  423. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/references/schedule-registration.md +0 -0
  424. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/references/schedules-and-cron.md +0 -0
  425. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-config-driven/references/worker-workflow-activity-patterns.md +0 -0
  426. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/README.md +0 -0
  427. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/SKILL.md +0 -0
  428. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/references/cli.md +0 -0
  429. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/references/determinism.md +0 -0
  430. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/references/gotchas.md +0 -0
  431. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/references/languages.md +0 -0
  432. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/references/testing.md +0 -0
  433. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/temporal-developer/references/versioning.md +0 -0
  434. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/test-driven-development/SKILL.md +0 -0
  435. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/test-plan-review/SKILL.md +0 -0
  436. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/README.md +0 -0
  437. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/SKILL.md +0 -0
  438. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/async-and-mocking.md +0 -0
  439. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/coverage-gap-and-recommendations.md +0 -0
  440. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/github-actions-test-orchestration.md +0 -0
  441. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/pytest-and-fixtures.md +0 -0
  442. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/pytest-asyncio-modes.md +0 -0
  443. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/repo-evidence.md +0 -0
  444. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/security-regression-tests.md +0 -0
  445. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/testing-conventions/references/vitest-frontend-testing.md +0 -0
  446. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/threat-model/SKILL.md +0 -0
  447. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/triage/SKILL.md +0 -0
  448. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/ui-ux-design/SKILL.md +0 -0
  449. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/unit-test/SKILL.md +0 -0
  450. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/using-agent-skills/SKILL.md +0 -0
  451. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/vitest-rtl-msw-patterns/README.md +0 -0
  452. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/vitest-rtl-msw-patterns/SKILL.md +0 -0
  453. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/vitest-rtl-msw-patterns/references/msw-and-contract-tests.md +0 -0
  454. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/vitest-rtl-msw-patterns/references/repo-evidence.md +0 -0
  455. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/vitest-rtl-msw-patterns/references/vitest-rtl-setup.md +0 -0
  456. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zap-vapt-scanning/README.md +0 -0
  457. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zap-vapt-scanning/SKILL.md +0 -0
  458. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zap-vapt-scanning/references/operating-guide.md +0 -0
  459. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zap-vapt-scanning/scripts/endpoints.example.txt +0 -0
  460. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zap-vapt-scanning/scripts/requirements.txt +0 -0
  461. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zap-vapt-scanning/scripts/zap_vapt.py +0 -0
  462. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zustand-state-patterns/README.md +0 -0
  463. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zustand-state-patterns/SKILL.md +0 -0
  464. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zustand-state-patterns/references/async-polling-and-persistence.md +0 -0
  465. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zustand-state-patterns/references/repo-evidence.md +0 -0
  466. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/skills/zustand-state-patterns/references/store-structure-and-selectors.md +0 -0
  467. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/__main__.py +0 -0
  468. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/catalog.py +0 -0
  469. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/cli.py +0 -0
  470. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/hooks.py +0 -0
  471. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/models.py +0 -0
  472. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/pipeline.py +0 -0
  473. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/prompts.py +0 -0
  474. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/render.py +0 -0
  475. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/scaffold.py +0 -0
  476. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/upgrader.py +0 -0
  477. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/src/claude_kit/validator.py +0 -0
  478. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/CLAUDE.md +0 -0
  479. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/CLAUDE.stack.md.tmpl +0 -0
  480. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/CONTINUITY.template.md +0 -0
  481. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/README.claude-sdlc.md.tmpl +0 -0
  482. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/MEMORY.md +0 -0
  483. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/api/.gitkeep +0 -0
  484. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/architecture/.gitkeep +0 -0
  485. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/debugging/.gitkeep +0 -0
  486. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/gotchas/.gitkeep +0 -0
  487. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/patterns/.gitkeep +0 -0
  488. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/agent-memory/performance/.gitkeep +0 -0
  489. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/adr.md +0 -0
  490. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/api-change-report.md +0 -0
  491. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/change-proposal.md +0 -0
  492. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/feature-spec.md +0 -0
  493. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/release-plan.md +0 -0
  494. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/runbook.md +0 -0
  495. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/security-review.md +0 -0
  496. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/artifacts/test-plan.md +0 -0
  497. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/README.md +0 -0
  498. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/agents/data-workflow-agent.md +0 -0
  499. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/agents/founder-prototype-agent.md +0 -0
  500. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/agents/internal-tools-builder.md +0 -0
  501. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/agents/pm-copilot.md +0 -0
  502. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/agents/staff-pm-reviewer.md +0 -0
  503. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/agents/support-ticket-engineer.md +0 -0
  504. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/devops-and-release/README.md +0 -0
  505. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/devops-and-release/pack.yaml +0 -0
  506. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/engineering-core/README.md +0 -0
  507. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/engineering-core/pack.yaml +0 -0
  508. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/non-engineer-builder/README.md +0 -0
  509. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/non-engineer-builder/pack.yaml +0 -0
  510. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/onboarding-and-docs/README.md +0 -0
  511. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/onboarding-and-docs/pack.yaml +0 -0
  512. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/product-to-code/README.md +0 -0
  513. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/product-to-code/pack.yaml +0 -0
  514. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/quality-and-review/README.md +0 -0
  515. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/quality-and-review/pack.yaml +0 -0
  516. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/security-and-compliance/README.md +0 -0
  517. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/packs/security-and-compliance/pack.yaml +0 -0
  518. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/ai-working-agreement.md +0 -0
  519. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/ambiguity-resolution.md +0 -0
  520. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/branch-and-pr-policy.md +0 -0
  521. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/compliance-policy.md +0 -0
  522. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/non-engineer-safe-coding.md +0 -0
  523. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/pii-policy.md +0 -0
  524. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/production-data-policy.md +0 -0
  525. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/prompt-to-task-conversion.md +0 -0
  526. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/prototype-boundaries.md +0 -0
  527. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/rules/secrets-policy.md +0 -0
  528. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/customer-issue-to-fix/SKILL.md +0 -0
  529. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/feature-from-idea/SKILL.md +0 -0
  530. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/prompt-to-safe-task/SKILL.md +0 -0
  531. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/prototype-to-production/SKILL.md +0 -0
  532. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/repo-onboarding/SKILL.md +0 -0
  533. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/review-scope/SKILL.md +0 -0
  534. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/review-sprint/SKILL.md +0 -0
  535. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/review-sprint-plan/SKILL.md +0 -0
  536. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/org/skills/review-ux-flow/SKILL.md +0 -0
  537. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/settings.json +0 -0
  538. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/backend/go/net-http/rules/go-patterns.md +0 -0
  539. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/backend/python/fastapi/rules/fastapi-patterns.md +0 -0
  540. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/mongodb/agents/migration-specialist.md +0 -0
  541. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/mongodb/agents/mongodb-specialist.md +0 -0
  542. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/mongodb/rules/mongodb-patterns.md +0 -0
  543. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/postgres/agents/db-performance-reviewer.md +0 -0
  544. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/postgres/agents/migration-specialist.md +0 -0
  545. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/postgres/agents/postgres-specialist.md +0 -0
  546. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/postgres/rules/database-performance.md +0 -0
  547. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/db/postgres/rules/postgres-patterns.md +0 -0
  548. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/frontend/react/rules/design-system-compliance.md +0 -0
  549. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/frontend/react/rules/mobile-design-guidelines.md +0 -0
  550. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/frontend/react/rules/react-patterns.md +0 -0
  551. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/frontend/react/rules/ui-design-system.md +0 -0
  552. {claude_code_kit-0.50.0 → claude_code_kit-0.52.0}/templates/stacks/frontend/react/rules/ux-patterns.md +0 -0
@@ -10,7 +10,7 @@
10
10
  "name": "claude-kit",
11
11
  "source": "./",
12
12
  "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker): install CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json, then run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.",
13
- "version": "0.50.0",
13
+ "version": "0.52.0",
14
14
  "license": "MIT",
15
15
  "keywords": ["sdlc", "agents", "orchestration", "quality-gates", "workflow", "scaffold", "cookiecutter"]
16
16
  }
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "claude-kit",
3
- "version": "0.50.0",
3
+ "version": "0.52.0",
4
4
  "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker). `claude-kit init` asks ordered questions and installs CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates with working memory and a self-improving learnings loop.",
5
5
  "author": {
6
6
  "name": "Arjunsingh Yadav",
@@ -4,6 +4,113 @@ All notable changes to claude-kit are documented here. The format follows
4
4
  [Keep a Changelog](https://keepachangelog.com/), and the project uses
5
5
  [semantic versioning](https://semver.org/).
6
6
 
7
+ ## [0.52.0] — 2026-06-28
8
+
9
+ **Adopt the verified wins from an exhaustive review of the entire `facebook` (Meta) GitHub org** (all
10
+ **168** repos — Meta long ago spun React, PyTorch, Jest, etc. into dedicated orgs, so the `facebook` org
11
+ itself is small). Every repo was surveyed (7 agents over every page — no repo skipped), candidates
12
+ deep-read for license + transferable practice, and the shortlist **adversarially verified** against the
13
+ live source. The org is almost entirely libraries/frameworks/language-tooling with nothing transferable
14
+ to a config scaffolder, and several famous repos were **already covered** (`infer` by the 0.51
15
+ compile-time-logic-bug lint layer; React by the kit's React overlay; testing by an already-deep
16
+ `testing.md`). The verify pass *dropped* the weak picks — `DNE-TaaC` (datacenter network-device testing,
17
+ 1★, overlaps the config-driven skills) and `mbt` (a 0★ Meta-service-specific binary-transparency client;
18
+ that practice belongs to Sigstore/Certificate-Transparency, not this org). **3 adoptions, all extensions
19
+ to existing rules — 0 new agents/skills/rules** (skill counts unchanged at 104/56/48; MCP fragments
20
+ unchanged at 17). All sources MIT / Apache-2.0.
21
+
22
+ Rules:
23
+
24
+ - **`linting-and-formatting.md`** — a new **Interprocedural Taint / Data-Flow Analysis** layer: declare
25
+ untrusted **sources**, dangerous **sinks**, and **sanitizers**, then trace data flow *across function
26
+ boundaries* and flag any unsanitized source→sink path — distinct from the single-line Security-Lint
27
+ layer and the Compile-Time Logic-Bug layer, and the automated codebase-wide complement to
28
+ `security-and-hardening`'s secure-by-construction wrappers (from the MIT `facebook/pyre-check`/Pysa and
29
+ `facebook/mariana-trench`; engines: Pysa/Mariana Trench/CodeQL/Semgrep).
30
+ - **`devops-observability.md`** — a **continuous performance-regression CI gate**: run the baseline
31
+ (control) and the PR commit (treatment) **concurrently on the same machine** to cancel environmental
32
+ variance, and gate on the **relative delta** (with a tolerance band) rather than an absolute number —
33
+ catching the gradual regressions the one-shot Load-vs-SLO gate misses (from the Apache-2.0
34
+ `facebook/FAI-PEP`).
35
+ - **`agent-guardrails.md`** — extended §4's sandbox **policy** with **defense-in-depth enforcement**:
36
+ L1 policy decision (existing) + L2 argument validation at the boundary (path canonicalization,
37
+ injection screening, response sanitization) + L3 OS-level runtime backstop (eBPF-LSM/seccomp
38
+ intercepting `open`/`connect`/`exec`) so a tool that ignores the declarative policy still cannot escape
39
+ scope (from the MIT `facebook/mcpguard-dynamic`).
40
+
41
+ What we **did not** add (already covered, or fails the bar): `infer`/`mariana-trench`-as-a-tool and
42
+ `sapp` (the kit's compile-time-logic-bug + new taint layer cover the discipline); `fbt` i18n (JS-specific,
43
+ archived); `memlab` (JS-only heap analysis); `Ax` (ML hyperparameter optimization, a library);
44
+ `chef-cookbooks`/`IT-CPE`/`taste-tester` (Chef IaC / IT fleet management); `ThreatExchange`/`threat-research`
45
+ (content-moderation / CTI data, out of SDLC scope); `akd`/`private_processing` (domain-specific crypto
46
+ libraries); plus the dropped `DNE-TaaC` and `mbt`.
47
+
48
+ ## [0.51.0] — 2026-06-28
49
+
50
+ **Adopt the verified wins from an exhaustive review of the entire `google` GitHub org** (all **2,881**
51
+ repos). Every repo was surveyed (60 agents over every page — no repo skipped), the top ~300 candidates
52
+ deep-read for license + transferable practice, and the shortlist **adversarially verified** against the
53
+ live source. The verify pass *dropped a third* of the shortlist: `deps.dev` (a REST/gRPC API, **not** an
54
+ MCP server), `licensecheck` (license *classification*, not the claimed compatibility gate), the
55
+ Go/Rust/C++-locked tools `capslock` · `rust-crate-audits` · `fuzztest` · `libprotobuf-mutator` (not
56
+ re-derivable stack-agnostic), `sqlcommenter` (archived → donated to OpenTelemetry), and `ax` (too early —
57
+ "major breaking changes prior to stable"). Everything is re-derived **in prose, never vendored**; all
58
+ sources Apache-2.0 / BSD-3-Clause / MIT except one CC-BY-4.0 book (concept-only). **21 adoptions, all
59
+ extensions to existing files — 0 new agents/skills/rules** (skill counts unchanged at 104/56/48); only the
60
+ **MCP fragment count rises 13 → 17**.
61
+
62
+ Rules:
63
+
64
+ - **`human-in-the-loop.md`** — a new **multi-party authorization** section: the two-person rule for the
65
+ highest-stakes actions, context-bound (multi-factor) approval, and **breakglass-with-auditing** (loud
66
+ emergency override + mandatory after-the-fact review), extending the simple approval gate beyond a
67
+ single approver (concept-only from the CC-BY-4.0 *Building Secure & Reliable Systems*,
68
+ `google/building-secure-and-reliable-systems`).
69
+ - **`testing.md`** — four techniques beyond example-based tests: **parameterized/table-driven** tests
70
+ (`google/patrick`); **semantic-equality & structured-diff** assertions, float tolerance over brittle
71
+ deep-equality (`google/go-cmp`); a **Fuzzing** section — coverage-guided + structure-aware + **continuous
72
+ fuzzing as a CI gate** (`google/atheris` · `google/honggfuzz` · `google/clusterfuzzlite`); and
73
+ **parallel execution + repeated-run flakiness detection** (`google/gtest-parallel`).
74
+ - **`linting-and-formatting.md`** — a **compile-time logic-bug analysis** layer (find bugs the type
75
+ checker accepts — `google/error-prone`), **license-header enforcement** as a check-mode CI gate
76
+ (`google/addlicense`), and **deterministic block sorting** via marker comments to cut merge conflicts
77
+ (`google/keep-sorted`).
78
+ - **`devops-observability.md`** — **multi-window burn-rate alerting** (alert on error-budget burn across
79
+ paired short/long windows, not raw error rate — `google/prometheus-slo-burn-example`) and **high-volume
80
+ logging** patterns (call-site rate-limiting + lazy argument evaluation — `google/flogger`).
81
+ - **`reasoning-techniques.md`** — **prompt-as-code**: treat a reusable prompt as a versioned, schema-validated,
82
+ testable artifact (`google/dotprompt`).
83
+ - **`tool-design.md`** — the §8 atomic-state note gains the **atomicity-vs-durability** nuance
84
+ (fsync-before-rename, same-filesystem, temp cleanup — `google/renameio`).
85
+
86
+ Skills:
87
+
88
+ - **`security-and-hardening`** — **reproducible-build verification** (independent rebuild → normalize
89
+ benign differences → attest equivalence — `google/oss-rebuild`); **source-level missing-patch detection**
90
+ for vendored/forked code via OSV-derived signatures (`google/vanir`); **secure-by-construction injection
91
+ defense** (compile-time-constant query text + typed trusted/untrusted wrappers — `google/safe-active-record`
92
+ · `google/mug`); **archive-extraction safety** (zip-slip / symlink — `google/safearchive`); and **ReDoS
93
+ defense** for untrusted regex input (`google/re2`).
94
+ - **`context-engineering`** — a **Long-Document Extraction** section: overlapping chunks → parallel
95
+ schema-constrained passes → source-interval grounding → multi-pass recall (`google/langextract`).
96
+ - **`performance-optimization`** — a **statistical browser benchmarking** discipline: interleaved repeated
97
+ sampling, 95 % confidence intervals, auto-sample-until-significance (`google/tachometer`).
98
+ - **`api-integration`** — a **record-replay** pattern for deterministic external-API tests (record real
99
+ responses with secrets redacted → replay offline → re-record on drift — `google/test-server`).
100
+
101
+ Catalog:
102
+
103
+ - **`catalog/mcp.yaml`** — **4 first-party Google Security Operations MCP fragments** (one upstream repo,
104
+ `google/mcp-security`, Apache-2.0): **secops** (Chronicle SIEM), **gti** (Google Threat Intelligence /
105
+ VirusTotal), **scc** (Security Command Center / cloud posture), **secops_soar** (SecOps SOAR) — the
106
+ SOC/operational-security capability domain the catalog had no entry for. Run via pinned `uvx`; each needs
107
+ a paid Google SecOps backend + ADC and is **referenced, never bundled** (like `sentry`/`repowise`).
108
+
109
+ What we **did not** add (already covered, or fails the bar): property-based testing (already in
110
+ `test-driven-development` §property-based, 0.38) — the new Fuzzing section builds on it; pre-add dependency
111
+ evaluation (already `library-review` + `dependency-verification`); SBOM/CVE supply-chain (already
112
+ `security-and-hardening`, 0.39/0.50); the dropped shortlist items above.
113
+
7
114
  ## [0.50.0] — 2026-06-28
8
115
 
9
116
  **Adopt the verified wins from an exhaustive review of the entire `microsoft` GitHub org** (all **8,147**
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: claude-code-kit
3
- Version: 0.50.0
3
+ Version: 0.52.0
4
4
  Summary: Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.
5
5
  Project-URL: Homepage, https://github.com/ajyadav013/claude-kit
6
6
  Project-URL: Repository, https://github.com/ajyadav013/claude-kit
@@ -89,7 +89,7 @@ Quick start) for the full breakdown of any row.
89
89
  | 🎚️ **Profiles, scopes & org** | **3** rigor profiles · **3** scopes · **5** autonomy levels · **7** org packs + **10** policy rules |
90
90
  | 🧠 **Memory & learning** | Working memory across context compaction + a cost-aware learnings loop (`capture_mode`) so the same mistake isn't repeated |
91
91
  | 🛠️ **Hooks & guards** | **17** event hooks — blocking safety guards vs. advisory warnings — that no-op gracefully without `jq` |
92
- | 📦 **Distribution & lifecycle** | Plugin **and** pip from one source, **13** ready MCP fragments, and edit-preserving `upgrade` |
92
+ | 📦 **Distribution & lifecycle** | Plugin **and** pip from one source, **17** ready MCP fragments, and edit-preserving `upgrade` |
93
93
  | ♻️ **Reuse-first by design** | Adopt-only-the-new reviews, opt-in LLM/AI security (OWASP LLM Top 10), a worked example + self-test matrix |
94
94
 
95
95
  ---
@@ -196,7 +196,7 @@ config — nothing else:
196
196
  3. **Backend language** (default: Python) → **backend framework** (default: FastAPI)
197
197
  4. **Database** (PostgreSQL · MongoDB)
198
198
  5. **SDLC profile** (`lean` · `standard` · `enterprise`)
199
- 6. **Optional MCP integrations** (GitHub · Jira/Linear · Azure DevOps · Postgres/Mongo · Playwright · Docs/MS Learn · Azure · Wassette) — a
199
+ 6. **Optional MCP integrations** (GitHub · Jira/Linear · Azure DevOps · Postgres/Mongo · Playwright · Docs/MS Learn · Azure · Wassette · Google SecOps) — a
200
200
  project-root `.mcp.json` is written **only** if you select any (env placeholders, never secrets)
201
201
 
202
202
  Non-interactive equivalents: `--defaults`, or `--config init.yaml` (flat or nested YAML). What lands:
@@ -356,7 +356,7 @@ need.
356
356
  - **Two channels, one source** — a first-class Claude Code **plugin** *and* a `pip` scaffolder
357
357
  (`claude-kit` / `ckit` / `claude-sdlc`) generate identical config.
358
358
  - **Catalog-driven extensibility** — adding a stack, framework, database, profile, MCP server, or org
359
- pack is a [`catalog/`](catalog/) YAML edit, never a code change; 13 MCP server fragments ship ready.
359
+ pack is a [`catalog/`](catalog/) YAML edit, never a code change; 17 MCP server fragments ship ready.
360
360
  - **MCP servers are third-party** — each fragment runs an external package or hosted endpoint that
361
361
  claude-kit references but does not vendor or audit; the `npx` commands are **pinned to an exact
362
362
  version** (not `@latest`) for reproducible, supply-chain-aware installs. Review a server's source and
@@ -518,6 +518,8 @@ non-duplicative gaps**, minimally and catalog-wired.
518
518
  | **[alibaba](https://github.com/alibaba) org review** (all 542 repos) | Staged leak-resistant evals; agent-operation authorization; tool-set orchestration + atomic state; agent-run span-tree instrumentation; live-attach debugging | `evals` §7, `agent-guardrails` §5, `tool-design` §8, `goal-setting-and-monitoring` §4, and live-attach debugging in `debugging-and-error-recovery` (from atrex-bench · open-agent-auth · app-controller · loongsuite-js · arthas) | `0.47.0` |
519
519
  | **[alibaba/open-code-review](https://github.com/alibaba/open-code-review)** | Partition-for-coverage review — deterministic full-file coverage on large changesets, related-file bundling, plan-before-deep-pass | The "Cover Every Changed File" section in `code-review-and-quality` + a Coverage category in `sdlc-code-reviewer` | `0.48.0` |
520
520
  | **[microsoft](https://github.com/microsoft) org review** (all 8,147 repos) | OWASP Agentic Top-10 (ASI01–ASI10) agent threats; agent-aware evals (multi-judge panels, multi-turn degradation, tool-vs-response grading); validator-in-the-loop + Medprompt prompting; sandbox policy schema & layered prompt-injection defense; approval-gate implementation; security-lint layer & SBOM; operationalized GenAI red-teaming; priority-based prompt pruning; quantified-lines PR sizing; first-party MCP servers | Extensions across `agent-guardrails` (ASI01–ASI10 + sandbox policy + injection layers), `evals` (§3 panels, §8 multi-turn), `reasoning-techniques`, `human-in-the-loop`, `linting-and-formatting`, `threat-model`, `security-and-hardening` (SBOM), `context-engineering`, `code-review-and-quality` + 4 MCP fragments (Azure · Azure DevOps · MS Learn · Wassette) — **0 new agents/skills/rules** (from agent-governance-toolkit · mxc · llmail-inject-challenge · lost_in_conversation · llm-as-judge · EvalsforAgentsInterop · promptbase · dsl-copilot · agents-humanoversight · PyRIT · eslint-plugin-sdl · sbom-tool · vscode-prompt-tsx · PullRequestQuantifier) | `0.50.0` |
521
+ | **[google](https://github.com/google) org review** (all 2,881 repos) | Reproducible-build verification & source-level missing-patch detection; secure-by-construction injection defense; archive-extraction & ReDoS hardening; multi-party authorization / breakglass; coverage-guided & continuous fuzzing; parameterized + semantic-equality + parallel/flaky testing; compile-time logic-bug & license-header lint layers + deterministic block sorting; multi-window burn-rate alerting & log rate-limiting; long-document extraction; prompt-as-code; statistical browser benchmarking; durable atomic writes; record-replay API testing; first-party SecOps MCP servers | Prose extensions across `security-and-hardening` (reproducible-build · missing-patch · secure-by-construction · archive · ReDoS), `human-in-the-loop` (MPA/breakglass), `testing` (fuzzing · parameterized · semantic-equality · parallel/flaky), `linting-and-formatting` (logic-bug + license-header layers · block sorting), `devops-observability` (burn-rate · log rate-limit), `context-engineering` (long-doc extraction), `reasoning-techniques` (prompt-as-code), `performance-optimization` (statistical benchmarking), `tool-design` (durable atomic writes), `api-integration` (record-replay) + **4 first-party SecOps MCP fragments** (Chronicle SIEM · GTI · SCC · SOAR) — **0 new agents/skills/rules** (from oss-rebuild · vanir · safe-active-record/mug · safearchive · re2 · building-secure-and-reliable-systems · patrick · go-cmp · atheris/honggfuzz/clusterfuzzlite · gtest-parallel · error-prone · addlicense · keep-sorted · prometheus-slo-burn · flogger · langextract · dotprompt · tachometer · renameio · test-server · mcp-security) | `0.51.0` |
522
+ | **[facebook](https://github.com/facebook) (Meta) org review** (all 168 repos) | Interprocedural taint / data-flow security analysis (source→sink across functions); continuous A/B performance-regression CI gate; defense-in-depth agent-sandbox enforcement (argument validation + OS-level backstop) | Prose extensions to `linting-and-formatting` (taint/data-flow layer), `devops-observability` (perf-regression gate), `agent-guardrails` (§4 layered sandbox enforcement) — **0 new agents/skills/rules** (from pyre-check/Pysa · mariana-trench · FAI-PEP · mcpguard-dynamic; the org is mostly libraries/frameworks, so the verify pass *dropped* the rest — `DNE-TaaC`, `mbt`, plus already-covered `infer`/`mariana-trench`-as-tool, `fbt`, `memlab`, …) | `0.52.0` |
521
523
 
522
524
  > Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
523
525
  > deliberately **did not** add because the kit already covered it.
@@ -527,23 +529,6 @@ non-duplicative gaps**, minimally and catalog-wired.
527
529
 
528
530
  <br>
529
531
 
530
- **🧭 alibaba org review → 5 agentic patterns (0.47.0).** We reviewed **all 542 repos** in the Alibaba
531
- org (survey every repo → deep-dive every candidate → adversarially verify). The overwhelming majority —
532
- Java middleware, ML/inference, mobile, frontend frameworks — carried nothing transferable to a config
533
- scaffolder, and the verify pass *dropped* a sixth candidate (`p3c`) as unsubstantiated and already
534
- covered. Five survived: staged leak-resistant evals (`evals` §7), agent-operation authorization
535
- (`agent-guardrails` §5), tool-set orchestration + atomic state (`tool-design` §8), agent-run span-tree
536
- instrumentation (`goal-setting-and-monitoring` §4), and live-attach debugging
537
- (`debugging-and-error-recovery`).
538
-
539
- **🔍 alibaba/open-code-review → coverage-partition review (0.48.0).** A detailed read showed most of its
540
- methodology (multi-axis review, line-level grounding + re-verify, severity, multi-model) was *already*
541
- in `code-review-and-quality`. The one genuine gap: **complete file coverage on large changesets** —
542
- where AI reviewers silently skip files. We added "Cover Every Changed File: Partition, Plan, Then
543
- Weight Depth" (enumerate from the diff as the checklist of record → bundle related files →
544
- isolated-context concurrent review → reconcile every file to a verdict), reframing the existing hotspot
545
- guidance as the *depth* step that follows coverage.
546
-
547
532
  **🟦 microsoft org review → agentic-AI hardening (0.50.0).** We reviewed **all 8,147 repos** in the
548
533
  Microsoft org (165 survey agents over every page → deep-dive the top candidates → adversarially verify
549
534
  the shortlist). The vast majority — SDKs, samples, Azure-product code, ML infra, OS/editor — carried
@@ -559,6 +544,42 @@ panels in §3, multi-turn degradation in §8) in `evals`; validator-in-the-loop
559
544
  sizing in `code-review-and-quality`; and **4 first-party MCP fragments** (Azure · Azure DevOps · MS
560
545
  Learn · Wassette).
561
546
 
547
+ **🔴 google org review → 21 hardening & testing patterns (0.51.0).** We reviewed **all 2,881 repos** in
548
+ the Google org (60 survey agents over every page → deep-dive the top ~300 candidates → adversarially
549
+ verify the shortlist). The vast majority — Android/Kotlin, C++ libraries, ML frameworks, language
550
+ runtimes, GCP product code — carried nothing transferable, and the verify pass *dropped* a third of the
551
+ shortlist: `deps.dev` (a REST/gRPC API, **not** an MCP server, despite the claim), `licensecheck`
552
+ (license *classification*, not the claimed compatibility gate), the Go/Rust/C++-locked tools
553
+ (`capslock`, `rust-crate-audits`, `fuzztest`, `libprotobuf-mutator` — can't be re-derived stack-agnostic),
554
+ `sqlcommenter` (archived → donated to OpenTelemetry), and `ax` (too early — "major breaking changes
555
+ prior to stable"). The survivors are **all prose extensions to existing files, zero new
556
+ agents/skills/rules**: reproducible-build verification, source-level missing-patch detection,
557
+ secure-by-construction injection defense, archive-extraction & ReDoS hardening in `security-and-hardening`;
558
+ multi-party authorization / breakglass in `human-in-the-loop`; coverage-guided & continuous fuzzing,
559
+ parameterized, semantic-equality, and parallel/flaky testing in `testing`; compile-time logic-bug &
560
+ license-header lint layers plus deterministic block sorting in `linting-and-formatting`; multi-window
561
+ burn-rate alerting & log rate-limiting in `devops-observability`; long-document extraction in
562
+ `context-engineering`; prompt-as-code in `reasoning-techniques`; statistical browser benchmarking in
563
+ `performance-optimization`; durable atomic writes in `tool-design`; record-replay API testing in
564
+ `api-integration`; and **4 first-party Google Security Operations MCP fragments** (Chronicle SIEM · GTI ·
565
+ SCC · SOAR).
566
+
567
+ **🔵 facebook (Meta) org review → 3 hardening & reliability patterns (0.52.0).** We reviewed **all 168
568
+ repos** in the Meta org (Meta long ago spun React, PyTorch, Jest, etc. into their own orgs, so the
569
+ `facebook` org is small). The org is almost entirely libraries, frameworks, and language tooling with
570
+ nothing transferable to a config scaffolder — and several famous repos were **already covered** (e.g.
571
+ `infer` by the 0.51 compile-time-logic-bug lint layer; React by the kit's React overlay; testing by an
572
+ already-deep `testing.md`). The verify pass *dropped* the weak picks: `DNE-TaaC` (datacenter
573
+ network-device testing, 1★, overlaps the config-driven skills) and `mbt` (a 0★ Meta-service-specific
574
+ binary-transparency client — that practice belongs to Sigstore/Certificate-Transparency, not this org).
575
+ Three genuine, stack-agnostic survivors, all **prose extensions, zero new agents/skills/rules**:
576
+ **interprocedural taint / data-flow analysis** (declare sources/sinks/sanitizers, trace untrusted data
577
+ across functions — distinct from single-line lint) in `linting-and-formatting` (from Pysa/`pyre-check` +
578
+ `mariana-trench`); a **continuous A/B performance-regression CI gate** (concurrent control vs treatment
579
+ to cancel environment noise, gate on the relative delta) in `devops-observability` (from `FAI-PEP`); and
580
+ **defense-in-depth agent-sandbox enforcement** (argument-validation layer + OS-level eBPF/seccomp backstop
581
+ *below* the existing declarative policy) in `agent-guardrails` §4 (from `mcpguard-dynamic`).
582
+
562
583
  </details>
563
584
 
564
585
  > **Comparing claude-kit to native subagents / Agent Teams, agent collections, spec-kit, or
@@ -59,7 +59,7 @@ Quick start) for the full breakdown of any row.
59
59
  | 🎚️ **Profiles, scopes & org** | **3** rigor profiles · **3** scopes · **5** autonomy levels · **7** org packs + **10** policy rules |
60
60
  | 🧠 **Memory & learning** | Working memory across context compaction + a cost-aware learnings loop (`capture_mode`) so the same mistake isn't repeated |
61
61
  | 🛠️ **Hooks & guards** | **17** event hooks — blocking safety guards vs. advisory warnings — that no-op gracefully without `jq` |
62
- | 📦 **Distribution & lifecycle** | Plugin **and** pip from one source, **13** ready MCP fragments, and edit-preserving `upgrade` |
62
+ | 📦 **Distribution & lifecycle** | Plugin **and** pip from one source, **17** ready MCP fragments, and edit-preserving `upgrade` |
63
63
  | ♻️ **Reuse-first by design** | Adopt-only-the-new reviews, opt-in LLM/AI security (OWASP LLM Top 10), a worked example + self-test matrix |
64
64
 
65
65
  ---
@@ -166,7 +166,7 @@ config — nothing else:
166
166
  3. **Backend language** (default: Python) → **backend framework** (default: FastAPI)
167
167
  4. **Database** (PostgreSQL · MongoDB)
168
168
  5. **SDLC profile** (`lean` · `standard` · `enterprise`)
169
- 6. **Optional MCP integrations** (GitHub · Jira/Linear · Azure DevOps · Postgres/Mongo · Playwright · Docs/MS Learn · Azure · Wassette) — a
169
+ 6. **Optional MCP integrations** (GitHub · Jira/Linear · Azure DevOps · Postgres/Mongo · Playwright · Docs/MS Learn · Azure · Wassette · Google SecOps) — a
170
170
  project-root `.mcp.json` is written **only** if you select any (env placeholders, never secrets)
171
171
 
172
172
  Non-interactive equivalents: `--defaults`, or `--config init.yaml` (flat or nested YAML). What lands:
@@ -326,7 +326,7 @@ need.
326
326
  - **Two channels, one source** — a first-class Claude Code **plugin** *and* a `pip` scaffolder
327
327
  (`claude-kit` / `ckit` / `claude-sdlc`) generate identical config.
328
328
  - **Catalog-driven extensibility** — adding a stack, framework, database, profile, MCP server, or org
329
- pack is a [`catalog/`](catalog/) YAML edit, never a code change; 13 MCP server fragments ship ready.
329
+ pack is a [`catalog/`](catalog/) YAML edit, never a code change; 17 MCP server fragments ship ready.
330
330
  - **MCP servers are third-party** — each fragment runs an external package or hosted endpoint that
331
331
  claude-kit references but does not vendor or audit; the `npx` commands are **pinned to an exact
332
332
  version** (not `@latest`) for reproducible, supply-chain-aware installs. Review a server's source and
@@ -488,6 +488,8 @@ non-duplicative gaps**, minimally and catalog-wired.
488
488
  | **[alibaba](https://github.com/alibaba) org review** (all 542 repos) | Staged leak-resistant evals; agent-operation authorization; tool-set orchestration + atomic state; agent-run span-tree instrumentation; live-attach debugging | `evals` §7, `agent-guardrails` §5, `tool-design` §8, `goal-setting-and-monitoring` §4, and live-attach debugging in `debugging-and-error-recovery` (from atrex-bench · open-agent-auth · app-controller · loongsuite-js · arthas) | `0.47.0` |
489
489
  | **[alibaba/open-code-review](https://github.com/alibaba/open-code-review)** | Partition-for-coverage review — deterministic full-file coverage on large changesets, related-file bundling, plan-before-deep-pass | The "Cover Every Changed File" section in `code-review-and-quality` + a Coverage category in `sdlc-code-reviewer` | `0.48.0` |
490
490
  | **[microsoft](https://github.com/microsoft) org review** (all 8,147 repos) | OWASP Agentic Top-10 (ASI01–ASI10) agent threats; agent-aware evals (multi-judge panels, multi-turn degradation, tool-vs-response grading); validator-in-the-loop + Medprompt prompting; sandbox policy schema & layered prompt-injection defense; approval-gate implementation; security-lint layer & SBOM; operationalized GenAI red-teaming; priority-based prompt pruning; quantified-lines PR sizing; first-party MCP servers | Extensions across `agent-guardrails` (ASI01–ASI10 + sandbox policy + injection layers), `evals` (§3 panels, §8 multi-turn), `reasoning-techniques`, `human-in-the-loop`, `linting-and-formatting`, `threat-model`, `security-and-hardening` (SBOM), `context-engineering`, `code-review-and-quality` + 4 MCP fragments (Azure · Azure DevOps · MS Learn · Wassette) — **0 new agents/skills/rules** (from agent-governance-toolkit · mxc · llmail-inject-challenge · lost_in_conversation · llm-as-judge · EvalsforAgentsInterop · promptbase · dsl-copilot · agents-humanoversight · PyRIT · eslint-plugin-sdl · sbom-tool · vscode-prompt-tsx · PullRequestQuantifier) | `0.50.0` |
491
+ | **[google](https://github.com/google) org review** (all 2,881 repos) | Reproducible-build verification & source-level missing-patch detection; secure-by-construction injection defense; archive-extraction & ReDoS hardening; multi-party authorization / breakglass; coverage-guided & continuous fuzzing; parameterized + semantic-equality + parallel/flaky testing; compile-time logic-bug & license-header lint layers + deterministic block sorting; multi-window burn-rate alerting & log rate-limiting; long-document extraction; prompt-as-code; statistical browser benchmarking; durable atomic writes; record-replay API testing; first-party SecOps MCP servers | Prose extensions across `security-and-hardening` (reproducible-build · missing-patch · secure-by-construction · archive · ReDoS), `human-in-the-loop` (MPA/breakglass), `testing` (fuzzing · parameterized · semantic-equality · parallel/flaky), `linting-and-formatting` (logic-bug + license-header layers · block sorting), `devops-observability` (burn-rate · log rate-limit), `context-engineering` (long-doc extraction), `reasoning-techniques` (prompt-as-code), `performance-optimization` (statistical benchmarking), `tool-design` (durable atomic writes), `api-integration` (record-replay) + **4 first-party SecOps MCP fragments** (Chronicle SIEM · GTI · SCC · SOAR) — **0 new agents/skills/rules** (from oss-rebuild · vanir · safe-active-record/mug · safearchive · re2 · building-secure-and-reliable-systems · patrick · go-cmp · atheris/honggfuzz/clusterfuzzlite · gtest-parallel · error-prone · addlicense · keep-sorted · prometheus-slo-burn · flogger · langextract · dotprompt · tachometer · renameio · test-server · mcp-security) | `0.51.0` |
492
+ | **[facebook](https://github.com/facebook) (Meta) org review** (all 168 repos) | Interprocedural taint / data-flow security analysis (source→sink across functions); continuous A/B performance-regression CI gate; defense-in-depth agent-sandbox enforcement (argument validation + OS-level backstop) | Prose extensions to `linting-and-formatting` (taint/data-flow layer), `devops-observability` (perf-regression gate), `agent-guardrails` (§4 layered sandbox enforcement) — **0 new agents/skills/rules** (from pyre-check/Pysa · mariana-trench · FAI-PEP · mcpguard-dynamic; the org is mostly libraries/frameworks, so the verify pass *dropped* the rest — `DNE-TaaC`, `mbt`, plus already-covered `infer`/`mariana-trench`-as-tool, `fbt`, `memlab`, …) | `0.52.0` |
491
493
 
492
494
  > Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
493
495
  > deliberately **did not** add because the kit already covered it.
@@ -497,23 +499,6 @@ non-duplicative gaps**, minimally and catalog-wired.
497
499
 
498
500
  <br>
499
501
 
500
- **🧭 alibaba org review → 5 agentic patterns (0.47.0).** We reviewed **all 542 repos** in the Alibaba
501
- org (survey every repo → deep-dive every candidate → adversarially verify). The overwhelming majority —
502
- Java middleware, ML/inference, mobile, frontend frameworks — carried nothing transferable to a config
503
- scaffolder, and the verify pass *dropped* a sixth candidate (`p3c`) as unsubstantiated and already
504
- covered. Five survived: staged leak-resistant evals (`evals` §7), agent-operation authorization
505
- (`agent-guardrails` §5), tool-set orchestration + atomic state (`tool-design` §8), agent-run span-tree
506
- instrumentation (`goal-setting-and-monitoring` §4), and live-attach debugging
507
- (`debugging-and-error-recovery`).
508
-
509
- **🔍 alibaba/open-code-review → coverage-partition review (0.48.0).** A detailed read showed most of its
510
- methodology (multi-axis review, line-level grounding + re-verify, severity, multi-model) was *already*
511
- in `code-review-and-quality`. The one genuine gap: **complete file coverage on large changesets** —
512
- where AI reviewers silently skip files. We added "Cover Every Changed File: Partition, Plan, Then
513
- Weight Depth" (enumerate from the diff as the checklist of record → bundle related files →
514
- isolated-context concurrent review → reconcile every file to a verdict), reframing the existing hotspot
515
- guidance as the *depth* step that follows coverage.
516
-
517
502
  **🟦 microsoft org review → agentic-AI hardening (0.50.0).** We reviewed **all 8,147 repos** in the
518
503
  Microsoft org (165 survey agents over every page → deep-dive the top candidates → adversarially verify
519
504
  the shortlist). The vast majority — SDKs, samples, Azure-product code, ML infra, OS/editor — carried
@@ -529,6 +514,42 @@ panels in §3, multi-turn degradation in §8) in `evals`; validator-in-the-loop
529
514
  sizing in `code-review-and-quality`; and **4 first-party MCP fragments** (Azure · Azure DevOps · MS
530
515
  Learn · Wassette).
531
516
 
517
+ **🔴 google org review → 21 hardening & testing patterns (0.51.0).** We reviewed **all 2,881 repos** in
518
+ the Google org (60 survey agents over every page → deep-dive the top ~300 candidates → adversarially
519
+ verify the shortlist). The vast majority — Android/Kotlin, C++ libraries, ML frameworks, language
520
+ runtimes, GCP product code — carried nothing transferable, and the verify pass *dropped* a third of the
521
+ shortlist: `deps.dev` (a REST/gRPC API, **not** an MCP server, despite the claim), `licensecheck`
522
+ (license *classification*, not the claimed compatibility gate), the Go/Rust/C++-locked tools
523
+ (`capslock`, `rust-crate-audits`, `fuzztest`, `libprotobuf-mutator` — can't be re-derived stack-agnostic),
524
+ `sqlcommenter` (archived → donated to OpenTelemetry), and `ax` (too early — "major breaking changes
525
+ prior to stable"). The survivors are **all prose extensions to existing files, zero new
526
+ agents/skills/rules**: reproducible-build verification, source-level missing-patch detection,
527
+ secure-by-construction injection defense, archive-extraction & ReDoS hardening in `security-and-hardening`;
528
+ multi-party authorization / breakglass in `human-in-the-loop`; coverage-guided & continuous fuzzing,
529
+ parameterized, semantic-equality, and parallel/flaky testing in `testing`; compile-time logic-bug &
530
+ license-header lint layers plus deterministic block sorting in `linting-and-formatting`; multi-window
531
+ burn-rate alerting & log rate-limiting in `devops-observability`; long-document extraction in
532
+ `context-engineering`; prompt-as-code in `reasoning-techniques`; statistical browser benchmarking in
533
+ `performance-optimization`; durable atomic writes in `tool-design`; record-replay API testing in
534
+ `api-integration`; and **4 first-party Google Security Operations MCP fragments** (Chronicle SIEM · GTI ·
535
+ SCC · SOAR).
536
+
537
+ **🔵 facebook (Meta) org review → 3 hardening & reliability patterns (0.52.0).** We reviewed **all 168
538
+ repos** in the Meta org (Meta long ago spun React, PyTorch, Jest, etc. into their own orgs, so the
539
+ `facebook` org is small). The org is almost entirely libraries, frameworks, and language tooling with
540
+ nothing transferable to a config scaffolder — and several famous repos were **already covered** (e.g.
541
+ `infer` by the 0.51 compile-time-logic-bug lint layer; React by the kit's React overlay; testing by an
542
+ already-deep `testing.md`). The verify pass *dropped* the weak picks: `DNE-TaaC` (datacenter
543
+ network-device testing, 1★, overlaps the config-driven skills) and `mbt` (a 0★ Meta-service-specific
544
+ binary-transparency client — that practice belongs to Sigstore/Certificate-Transparency, not this org).
545
+ Three genuine, stack-agnostic survivors, all **prose extensions, zero new agents/skills/rules**:
546
+ **interprocedural taint / data-flow analysis** (declare sources/sinks/sanitizers, trace untrusted data
547
+ across functions — distinct from single-line lint) in `linting-and-formatting` (from Pysa/`pyre-check` +
548
+ `mariana-trench`); a **continuous A/B performance-regression CI gate** (concurrent control vs treatment
549
+ to cancel environment noise, gate on the relative delta) in `devops-observability` (from `FAI-PEP`); and
550
+ **defense-in-depth agent-sandbox enforcement** (argument-validation layer + OS-level eBPF/seccomp backstop
551
+ *below* the existing declarative policy) in `agent-guardrails` §4 (from `mcpguard-dynamic`).
552
+
532
553
  </details>
533
554
 
534
555
  > **Comparing claude-kit to native subagents / Agent Teams, agent collections, spec-kit, or
@@ -138,3 +138,49 @@ servers:
138
138
  type: stdio
139
139
  command: repowise
140
140
  args: ["mcp", "${REPOWISE_PROJECT_ROOT}", "--transport", "stdio"]
141
+ # Google Security Operations cluster (github.com/google/mcp-security, Apache-2.0) — four first-party
142
+ # Google MCP servers covering the SOC/operational-security domain the catalog otherwise has no entry
143
+ # for (Sentry above is error-monitoring, not threat-intel/SIEM/SOAR/CSPM):
144
+ # • secops — Chronicle SIEM: search/UDM events, detections, IoC matches, case context
145
+ # • gti — Google Threat Intelligence (VirusTotal): file/URL/domain/IP reputation & relationships
146
+ # • scc — Security Command Center: cloud-security posture, findings, asset risk
147
+ # • secops_soar — SecOps SOAR (Siemplify): cases, playbooks, response actions
148
+ # These are Python servers run with `uvx` (install `uv` first: https://docs.astral.sh/uv/), pinned to
149
+ # exact PyPI versions (snapshot 2026-06-28; do not float). NOT bundled — claude-kit only references
150
+ # them. Each needs a PAID Google SecOps/Chronicle (or VirusTotal) backend and its own credentials —
151
+ # auth is via Application Default Credentials (`gcloud auth application-default login`, or a
152
+ # GOOGLE_APPLICATION_CREDENTIALS service-account file) plus the per-server env vars below; no
153
+ # credentials are generated here. Enable only the server(s) whose backend you actually have.
154
+ secops:
155
+ label: "Google SecOps / Chronicle SIEM (paid Chronicle backend + ADC required)"
156
+ config:
157
+ type: stdio
158
+ command: uvx
159
+ args: ["--from", "google-secops-mcp==0.7.0", "secops_mcp"]
160
+ env:
161
+ CHRONICLE_PROJECT_ID: "${CHRONICLE_PROJECT_ID}"
162
+ CHRONICLE_CUSTOMER_ID: "${CHRONICLE_CUSTOMER_ID}"
163
+ CHRONICLE_REGION: "${CHRONICLE_REGION}"
164
+ gti:
165
+ label: "Google Threat Intelligence / VirusTotal (needs VT_APIKEY)"
166
+ config:
167
+ type: stdio
168
+ command: uvx
169
+ args: ["--from", "gti-mcp==0.1.2", "gti_mcp"]
170
+ env:
171
+ VT_APIKEY: "${VT_APIKEY}"
172
+ scc:
173
+ label: "Security Command Center — cloud security posture (ADC required)"
174
+ config:
175
+ type: stdio
176
+ command: uvx
177
+ args: ["--from", "scc-mcp==0.1.0", "scc_mcp"]
178
+ secops_soar:
179
+ label: "Google SecOps SOAR / Siemplify (paid SOAR backend; needs SOAR_URL + SOAR_APP_KEY)"
180
+ config:
181
+ type: stdio
182
+ command: uvx
183
+ args: ["--from", "secops-soar-mcp==0.1.1", "secops_soar_mcp"]
184
+ env:
185
+ SOAR_URL: "${SOAR_URL}"
186
+ SOAR_APP_KEY: "${SOAR_APP_KEY}"
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "claude-code-kit"
7
- version = "0.50.0"
7
+ version = "0.52.0"
8
8
  description = "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop."
9
9
  readme = "README.md"
10
10
  requires-python = ">=3.9"
@@ -125,6 +125,28 @@ agent on a broken foundation.* Before worrying about prompt injection, enforce t
125
125
 
126
126
  A ready WASM-sandboxed execution runtime ships as the optional `wassette` MCP server in
127
127
  `catalog/mcp.yaml` for projects that want an off-the-shelf containment backend.
128
+ - **Enforce the policy in independent layers (defense in depth).** A declarative policy is necessary but
129
+ not sufficient: a misbehaving or compromised tool/MCP server can ignore an *advisory* policy, or smuggle
130
+ a forbidden action past it. So a high-risk tool call (especially one invoking an untrusted MCP server)
131
+ should pass **three independent checks**, each of which fails closed on its own:
132
+ - **L1 — policy decision.** The declarative policy above decides *is this call allowed at all* (which
133
+ tool, which scopes) before it runs.
134
+ - **L2 — argument validation at the boundary.** Validate the call's *arguments* against the policy:
135
+ **canonicalize** paths and resolve symlinks before the allow-check (so `../` and a symlinked path
136
+ can't escape an allowed prefix — mirrors the archive/path-traversal rule in `security-and-hardening`),
137
+ screen arguments for injection, and sanitize the tool's *response* before it re-enters the model
138
+ (it is untrusted content — §1).
139
+ - **L3 — runtime enforcement backstop.** Enforce the same scopes at the OS/runtime level —
140
+ seccomp / eBPF-LSM / container or microVM limits that intercept the actual `open`/`connect`/`exec`
141
+ syscalls — so a tool that ignored or hardcoded around L1/L2 *still* cannot touch a denied path,
142
+ host, or process. The backstop assumes the layers above it can be bypassed.
143
+
144
+ Log every denial to the §5 audit trail; an operator override is itself a scoped, audited action.
145
+
146
+ > Stack-agnostic adaptation of layered (defense-in-depth) MCP/agent tool-call sandboxing — declarative
147
+ > capability policy + argument-level validation + OS-level (eBPF-LSM/seccomp) enforcement backstop —
148
+ > from the MIT [`facebook/mcpguard-dynamic`](https://github.com/facebook/mcpguard-dynamic). Re-derived
149
+ > in prose; not vendored.
128
150
  - **Audit dependencies; don't auto-trust the ecosystem.** Treat third-party packages, MCP servers, and
129
151
  marketplace plugins as untrusted until reviewed — installing one grants it your agent's privileges.
130
152
 
@@ -0,0 +1,123 @@
1
+ # DevOps & Observability Phases
2
+
3
+ Two delivery-side phases that run **after** the test-coverage merge gate (MR3 VERIFIED) and **before** the PR Raiser, so that pipeline and observability artifacts ship *inside* the same PR as the code. They are owned by dedicated agents and each has its own quality gate.
4
+
5
+ ```
6
+ ... MR3 (test coverage VERIFIED)
7
+ -> [DevOps] devops-engineer -> Gate: Pipeline Green
8
+ -> [Observability] observability-engineer -> Gate: Observability Ready
9
+ -> PR Raiser
10
+ ```
11
+
12
+ ## When these phases run (conditional)
13
+
14
+ Run them when the change touches a **deployable or observable surface**:
15
+ - a new/changed endpoint, service, container, dependency, env var, port, or migration;
16
+ - anything that adds a user-facing critical path worth an SLO or an alert.
17
+
18
+ **Skip (note in CONTINUITY.md why)** for pure-internal changes with no deployment or observability surface — a refactor behind an unchanged interface, a copy tweak, a test-only change. Fast-track (Mode D) skips both unless infra/observability is the actual subject of the fix.
19
+
20
+ ---
21
+
22
+ ## Phase: DevOps · Agent: `devops-engineer` · Gate: **Pipeline Green**
23
+
24
+ Owns the infra seam (containerization, orchestration, migrations-at-boot, ports, CORS, env). For a feature, it ensures the change is **buildable and deployable**, not just runnable on the author's machine.
25
+
26
+ **Pipeline Green passes when:**
27
+ - [ ] CI config is valid and includes lint + type-check + unit tests for the changed stack(s) (CI pipeline config files — editing those requires user approval per CLAUDE.md).
28
+ - [ ] Container orchestration config resolves; a clean rebuild and restart brings all services up **healthy**.
29
+ - [ ] New env vars are in the project's settings/config, orchestration config, `.env.example`, and the README table.
30
+ - [ ] Migrations (if applicable) apply cleanly at boot and have a working rollback/downgrade.
31
+ - [ ] A short **runbook** entry exists for anything operationally new (how to deploy it, how to roll it back).
32
+ - [ ] No secrets committed; ports/CORS changes reflected in README.
33
+
34
+ Findings classified by `.claude/rules/quality-gates.md` severity; Critical/High/Medium block.
35
+
36
+ ---
37
+
38
+ ## Phase: Observability · Agent: `observability-engineer` · Gate: **Observability Ready**
39
+
40
+ Ensures the feature is **operable in production**: you can tell when it breaks and why. Builds on the project's existing health endpoints and structured logging.
41
+
42
+ **Observability Ready passes when:**
43
+ - [ ] **SLOs/SLIs** defined for each critical user journey the feature adds (e.g., "p95 endpoint latency < 200ms", "login success rate ≥ 99.5%").
44
+ - [ ] **Load verified against the SLO** — for a change to a hot / SLO-bearing backend path, an empirical load run (drive `.claude/skills/load-testing`) was executed against the defined SLO and **met** its p95/p99 latency + error-rate + throughput budgets; record it under `docs/performance/` and link it from the feature SLO doc. *Skip (note why in `CONTINUITY.md`) for changes with no concurrency-sensitive surface.* A budget breach is **High** (`.claude/rules/quality-gates.md`).
45
+ - [ ] **Health/readiness** — any new external dependency (database, cache, third-party service) is reflected in the readiness check; liveness stays dependency-free.
46
+ - [ ] **Structured logging** — new state changes log via the project's structured logger as JSON key-values, semantic event names, **no secrets/PII**; error paths log at `error`/`exception` level.
47
+ - [ ] **Alerts** — alert rules defined for the feature's failure modes (error-rate spike, latency breach, dependency down) with a severity and an owner.
48
+ - [ ] **Traceability** — correlation/request id flows through new code paths where the stack supports it.
49
+
50
+ Findings classified by `.claude/rules/quality-gates.md` severity; Critical/High/Medium block.
51
+
52
+ ### Multi-window burn-rate alerting (alert on the error budget, not raw error rate)
53
+
54
+ A static "error rate > X%" alert forces a bad trade-off: tight enough to catch a real outage means it
55
+ pages on every transient blip; loose enough to be quiet means slow burns go unnoticed until the budget
56
+ is gone. The SRE pattern is to alert on **how fast the SLO's error budget is burning**, across
57
+ **multiple time windows** at once:
58
+
59
+ - **Burn rate = (observed error ratio) ÷ (1 − SLO target).** A burn rate of 1 exactly exhausts the
60
+ budget over the SLO window; 14.4 exhausts it in ~2 % of the window.
61
+ - **Fast-burn (page):** a high burn rate confirmed over a **short *and* a medium** window (e.g. 14.4×
62
+ over 1h **and** 5m) — catches acute outages fast while the second window suppresses single-spike
63
+ false positives.
64
+ - **Slow-burn (ticket, not page):** a lower burn rate over **longer** windows (e.g. 6× over 6h/30m,
65
+ 3× over 24h/2h, 1× over 3d/6h) — catches a steady leak that would otherwise quietly drain the budget.
66
+ - Require **both** windows of a tier to fire (the long window detects, the short window confirms it's
67
+ still happening) so an alert clears quickly once the issue stops. Tie each tier's severity/owner to
68
+ the "Alerts" gate item above.
69
+
70
+ > Stack-agnostic adaptation of multi-window, multi-burn-rate SLO alerting (per the Google SRE Workbook)
71
+ > from the Apache-2.0
72
+ > [`google/prometheus-slo-burn-example`](https://github.com/google/prometheus-slo-burn-example).
73
+ > Re-derived in prose; not vendored — the windows/multipliers are a starting point to tune per SLO.
74
+
75
+ ### High-volume logging: rate-limit and defer
76
+
77
+ Logging on a hot path or in an error burst can become its own incident — the log call dominates CPU, or
78
+ a flood of identical lines buries the signal and runs up ingestion cost. Two patterns keep logging cheap
79
+ under load:
80
+
81
+ - **Rate-limit repetitive log statements at the call site** — emit "at most every N seconds" or "1 in
82
+ every N" for a given line, rather than once per iteration, so a tight loop or a sustained error
83
+ doesn't flood. (Aggregate the suppressed count so you still know the true volume.)
84
+ - **Defer the cost of expensive log arguments** until logging is *known to be enabled* at that level —
85
+ pass a lazily-evaluated value (a thunk/lambda), not an eagerly-built expensive string, so a disabled
86
+ `debug` log costs nothing. This pairs with the "no secrets/PII" structured-logging gate item above.
87
+
88
+ > Stack-agnostic adaptation of log rate-limiting (`atMostEvery`) and lazy argument evaluation from the
89
+ > Apache-2.0 [`google/flogger`](https://github.com/google/flogger). Re-derived in prose; not vendored —
90
+ > the patterns apply to any logging framework.
91
+
92
+ ### Continuous performance-regression gate (A/B, not absolute thresholds)
93
+
94
+ The Load-vs-SLO gate above is a *one-shot, pre-launch* check against an absolute budget. It won't catch a
95
+ **gradual** regression — a change that quietly adds 15 ms per release until the SLO is blown six PRs
96
+ later. For a hot / SLO-bearing path, add a **continuous** check that compares *this commit to a baseline*
97
+ on every change:
98
+
99
+ - **A/B the two commits to cancel environmental noise.** A single absolute number ("p95 = 210 ms") is
100
+ dominated by CI-runner variance, thermal throttling, and noisy neighbors — comparing today's run to
101
+ last week's run measures the *environment*, not the *code*. Instead run **control (baseline commit) and
102
+ treatment (the PR's commit) on the same machine, interleaved/concurrently**, and report the **relative
103
+ delta** (latency ratio, throughput delta), which cancels the shared environmental component.
104
+ - **Gate on the delta, with a tolerance band.** Fail the check when the treatment is worse than control
105
+ by more than a stated margin (e.g. ">5 % p95 latency"); a band absorbs residual noise so the gate
106
+ isn't flaky. A breach is **High** (`.claude/rules/quality-gates.md`) — same severity as a Load-vs-SLO
107
+ breach — and routes the fix back to the dev lane.
108
+ - **Scope it.** Run it for changes to a concurrency-sensitive or SLO-bearing path; *skip (note why in
109
+ `CONTINUITY.md`)* for changes with no performance surface. It complements, not replaces, the one-shot
110
+ Load-vs-SLO gate (absolute budget at launch) and frontend statistical benchmarking
111
+ (`.claude/skills/performance-optimization`).
112
+
113
+ > Stack-agnostic adaptation of A/B continuous performance-regression detection (concurrent
114
+ > control/treatment runs to isolate code from environment; gate on the relative delta) from the
115
+ > Apache-2.0 [`facebook/FAI-PEP`](https://github.com/facebook/FAI-PEP). Re-derived in prose; not vendored.
116
+
117
+ ---
118
+
119
+ ## Notes
120
+
121
+ - Both agents follow the **RARV cycle** (`.claude/rules/rarv-cycle.md`) and update `CONTINUITY.md` at handoff.
122
+ - Neither agent writes application business logic — they own infra and operability only. Logic gaps go back to the relevant dev lane.
123
+ - Editing CI pipeline config, package manifests, or other project-wide files still requires explicit user approval (CLAUDE.md §"Files that require user approval").
@@ -65,6 +65,38 @@ pause for a human — so the pause is enforced by the system, not left to the ag
65
65
  > [`microsoft/agents-humanoversight`](https://github.com/microsoft/agents-humanoversight). Re-derived in
66
66
  > prose; not vendored.
67
67
 
68
+ ## Multi-party authorization for the highest-stakes actions (MPA · breakglass)
69
+
70
+ For most stops a *single* human approval is right. But the most dangerous actions — deleting production
71
+ data, changing access control, deploying to a regulated system, rotating root credentials — should not
72
+ be unlockable by **one** person (or one person + a coerced/compromised agent). Raise the bar past a
73
+ single gate:
74
+
75
+ - **Multi-party authorization (MPA): require two.** A high-stakes action needs a *second independent
76
+ approver* who is not the requester — the "two-person rule." Beyond stopping a single bad actor, it
77
+ forces the requester to articulate the action clearly enough that a peer will sign it, which catches
78
+ honest mistakes. Make the second approval a real review (the approver sees *what* will run), not a
79
+ rubber stamp.
80
+ - **Bind approval to context, not just identity.** Stronger still: tie sensitive operations to a
81
+ trusted device/role/environment, so an approval also proves *where* and *how* it was given — not only
82
+ *who* gave it. (The principle behind "multi-factor / multi-channel" authorization: don't let one
83
+ stolen credential be sufficient.)
84
+ - **Breakglass, with auditing.** Keep a deliberate emergency override for when the normal path is down
85
+ (the on-call can't reach a second approver during an incident) — but make it *loud*: it requires a
86
+ written justification, it is heavily logged, and it triggers a **mandatory after-the-fact review**.
87
+ Breakglass is an exception that must be accounted for, never a quiet bypass.
88
+ - **Least privilege + separation of duties make MPA affordable.** The fewer actions that *need* two
89
+ approvers, the more meaningful each one is. Reserve MPA for genuinely irreversible / high-blast-radius
90
+ operations (see reversibility below); don't dilute it across routine changes.
91
+
92
+ These map onto the gate mechanics above: MPA is "the declarative gate, but the policy requires N≥2
93
+ distinct approvals," and breakglass is "the timeout/absence path, made auditable instead of fail-open."
94
+
95
+ > Stack-agnostic adaptation of multi-party / multi-factor authorization, breakglass-with-auditing, and
96
+ > separation-of-duties from *Building Secure & Reliable Systems* (Google/O'Reilly, CC-BY-4.0;
97
+ > [`google/building-secure-and-reliable-systems`](https://github.com/google/building-secure-and-reliable-systems)),
98
+ > Ch. 5 ("Design for Least Privilege") & Ch. 21. Concept-only (CC-BY); re-derived in prose, not vendored.
99
+
68
100
  ## Gate the depth of review to reversibility
69
101
 
70
102
  Not every stop deserves the same ceremony. Before a consequential decision, classify it by how hard it