claude-code-kit 0.7.1__tar.gz → 0.11.2__tar.gz

{claude_code_kit-0.7.1 → claude_code_kit-0.11.2}/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
       "name": "claude-kit",
       "source": "./",
       "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker): install CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json, then run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.",
-      "version": "0.7.1",
+      "version": "0.11.2",
       "license": "MIT",
       "keywords": ["sdlc", "agents", "orchestration", "quality-gates", "workflow", "scaffold", "cookiecutter"]
     }

{claude_code_kit-0.7.1 → claude_code_kit-0.11.2}/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-kit",
-  "version": "0.7.1",
+  "version": "0.11.2",
   "description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker). `claude-kit init` asks ordered questions and installs CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates with working memory and a self-improving learnings loop.",
   "author": {
     "name": "Arjunsingh Yadav",

{claude_code_kit-0.7.1 → claude_code_kit-0.11.2}/CHANGELOG.md

@@ -4,6 +4,265 @@ All notable changes to claude-kit are documented here. The format follows
 [Keep a Changelog](https://keepachangelog.com/), and the project uses
 [semantic versioning](https://semver.org/).
 
+## [0.11.2] — 2026-06-15
+
+A field review of **thirteen** more external collections — marketplaces, awesome-lists, subagent
+packs, and hook/config repos — run through the same adversarial map→verify pass against the actual
+kit files. Most are *distribution channels* (no copyable content) or *stack-specific* role packs that
+would violate the agnostic core. Crucially, grounding the strongest candidates against the real hook
+registry showed the kit **already** ships destructive-command blocking (`guard-rm-rf`,
+`guard-push-main`), secret protection (`protect-secrets`, `guard-commit-secrets`), and skill
+auto-routing (`skill-routing`) — refuting the headline ideas. Exactly **one** genuine gap survived.
+Reviewed: [anthropics/claude-plugins-official](https://github.com/anthropics/claude-code) ·
+claude-plugins-community · [hesreallyhim/awesome-claude-code](https://github.com/hesreallyhim/awesome-claude-code) ·
+ccplugins/awesome-claude-code-plugins · rohitg00/awesome-claude-code-toolkit ·
+[VoltAgent/awesome-claude-code-subagents](https://github.com/VoltAgent/awesome-claude-code-subagents) ·
+[0xfurai/claude-code-subagents](https://github.com/0xfurai/claude-code-subagents) ·
+[disler/claude-code-hooks-mastery](https://github.com/disler/claude-code-hooks-mastery) ·
+yurukusa/claude-code-hooks (cc-safe-setup) · alirezarezvani/claude-skills ·
+eddiemessiah/config-claude-code · ChrisWiles/claude-code-showcase.
+
+### Added
+- **`hooks/scripts/guard-destructive-git.sh`** + the `guard-destructive-git` hook (PreToolUse·Bash,
+  `standard`→`enterprise`; absent in `lean`). A hard **block** (exit 2) for the git commands that
+  irreversibly destroy *uncommitted* work — `git reset --hard`, `git clean -f`, and worktree-wide
+  discards (`git checkout/restore .`) — each message pointing at the reversible alternative
+  (`git stash`). This completes the `guard-rm-rf` / `guard-push-main` destructive-command family with
+  the single most common irreversible agent mistake: nuking its own output. A *warn* would be theatre
+  here (the command would still run and the work would be gone), so this is a guard, consistent with
+  `guard-rm-rf`. Scope is deliberately git-only and conservative — no false positives on
+  `git clean -n`, branch checkouts, or single-file restores; fail-open without `jq`. (+2 tests, 78.)
+
+### Not adopted (deliberately, per the assessment)
+- **Marketplaces** (anthropics official/community) — Apache-2.0 *distribution* manifests, not content;
+  claude-kit already ships its own `.claude-plugin/marketplace.json`. Nothing to copy.
+- **Awesome-lists** (hesreallyhim, ccplugins, rohitg00) — curated discovery indexes; no installable
+  components of their own.
+- **Subagent packs** (VoltAgent 154+, 0xfurai 100+; MIT) — overwhelmingly language/framework
+  specialists (violate the stack-agnostic core) or roles the kit already has; `api-designer`→
+  `technical-architect`/`api-and-interface-design`, `chaos-engineer`→`incident-responder`+`load-testing`,
+  `penetration-tester`→`security-reviewer`/`owasp-reviewer`/`threat-model`, `product-manager`→ the org
+  `pm-copilot` persona + `interview-me`/`idea-refine`. No genuine stack-agnostic SDLC role gap.
+- **disler/claude-code-hooks-mastery** (no licence) — its destructive-command guard and skill-suggestion
+  ideas are already covered (`guard-rm-rf`/`guard-push-main`, `skill-routing`); lifecycle hooks
+  (SessionEnd/PreCompact continuity persistence) are covered by the continuity rule + `load-continuity`
+  + the SessionStart:compact reload. The one residual — git work-loss blocking — became the adoption above.
+- **yurukusa/cc-safe-setup** (MIT) — its **database-wipe** guard (`migrate reset`/`drop database`) was
+  considered and **rejected as over-reach**: DB resets are legitimate in local dev and a hook can't tell
+  dev from prod, so a block would break normal workflows and a warn would be theatre. DB risk stays
+  governed by `risk-classification.md` (production-data/migrations → high/restricted) + `warn-sensitive-files`
+  on migration edits.
+- **alirezarezvani/claude-skills** — a codebase-onboarding skill duplicates `context-engineering` +
+  `source-driven-development` (+ the org `repo-onboarding` skill).
+- **eddiemessiah/config-claude-code, ChrisWiles/claude-code-showcase** (MIT) — personal config
+  collections; the transferable ideas (tool-budget hygiene → `agent-guardrails`§3/`tool-design`/
+  `context-engineering`; skill auto-suggestion → `skill-routing`; scheduled-maintenance CI → out of
+  scope for a config-only kit, covered by `ci-cd-and-automation`/`devops-engineer`) are already covered.
+
+## [0.11.1] — 2026-06-15
+
+A field review of **seven** external projects, each run through the same adversarial map→verify pass
+(read the source *and* the actual kit files; adopt only genuine, non-duplicative, config-only,
+stack-agnostic, IP-safe gaps). The result is deliberately tiny: across all seven, exactly **one** real
+gap survived — everything else is already covered, runtime-only, stack-specific, out of SDLC scope, or
+IP-unsafe to copy. Reviewed: [obra/superpowers](https://github.com/obra/superpowers),
+[wshobson/agents](https://github.com/wshobson/agents),
+[anthropics/skills](https://github.com/anthropics/skills),
+[karpathy/autoresearch](https://github.com/karpathy/autoresearch),
+[browser-use](https://github.com/browser-use/browser-use),
+[x1xhlol/system-prompts-and-models-of-ai-tools](https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools),
+and [langgenius/dify](https://github.com/langgenius/dify).
+
+### Changed
+- **`rules/testing.md`** — the "Async/Event-Loop Systems" guidance gains a **condition-based waiting**
+  rule (distilled from superpowers' `condition-based-waiting`, MIT, re-expressed in original,
+  stack-agnostic words): never wait on a fixed delay/sleep, poll for the observable condition instead
+  (framework waiter or a small `wait_for(condition, timeout)`), and avoid the three flakiness traps
+  (no timeout, interval too tight, stale reads). The section previously only said "mock I/O, use
+  async/await" — it never addressed timing-dependent test flakiness.
+
+### Not adopted (deliberately, per the assessment)
+- **superpowers** — 14 skills, ~all duplicate existing kit skills (TDD, `systematic-debugging`→
+  `debugging-and-error-recovery`, `brainstorming`→`idea-refine`/`doubt-driven-development`/`interview-me`,
+  `writing-plans`→`planning-and-task-breakdown`, `executing-plans`→`execute`, `requesting`/`receiving-code-review`→
+  `code-review-and-quality`, `using-git-worktrees`/`finishing-a-development-branch`→`git-workflow-and-versioning`/
+  `shipping-and-launch`/`pr-raiser`, `verification-before-completion`→`rarv-cycle`+`mandatory-workflow`,
+  `dispatching-parallel-agents`→`orchestrator`, `writing-skills`→`using-agent-skills`). Its
+  `testing-anti-patterns` was refuted as a near-duplicate of the TDD skill's existing anti-pattern table.
+- **wshobson/agents** — almost entirely language/framework specialists (violate the stack-agnostic core)
+  or roles the kit already has (`code-reviewer`, `security-auditor`, `incident-responder`,
+  `observability-engineer`, `performance-engineer`, `debugger`, `docs-architect`, `architect-reviewer`,
+  database/devops roles), plus out-of-SDLC-scope domains (SEO, business, data-science). No general gap.
+- **anthropics/skills** — document skills are source-available (not open) and out of scope; the example
+  skills are out of scope (art/design/comms) or duplicative (`skill-creator`→`using-agent-skills`,
+  `frontend-design`→`frontend-ui-engineering`). The `SKILL.md` `name`+`description` convention is already followed.
+- **karpathy/autoresearch** — the closed-loop / single-metric / fixed-budget principles are covered by
+  `evals` + `goal-setting-and-monitoring`; the ML-training loop itself is stack-specific. "Iterate the
+  instructions, not the code" is what the kit already *is* (config-only).
+- **browser-use** — a runtime library; browser automation is already covered by the opt-in `playwright`
+  MCP entry + `browser-testing-with-devtools`/`playwright-verification`. Its "treat DOM/console/network
+  as untrusted" guidance is already a verbatim "Security Boundaries" section in `browser-testing-with-devtools`.
+- **x1xhlol/system-prompts** — GPL-3.0 archive of prompts extracted from proprietary tools (double IP
+  hazard: copyleft + unresolved vendor rights). Its generic principles (plan-first, tool discipline,
+  minimal diffs, verification, concise comms, refusal/secret-safety) are already in `reasoning-techniques`,
+  `tool-design`, `mandatory-workflow`, `agent-guardrails`, `human-in-the-loop`, and `code-review-and-quality`.
+  Nothing was copied.
+- **langgenius/dify** — a runtime platform (Apache-2.0 *with additional conditions*); its principles
+  (ReAct/function-calling agents, inspectable workflow steps, RAG stages, prompt-management feedback)
+  are covered by `reasoning-techniques`, `tool-design`, `context-engineering`, `evals`, and `devops-observability`.
+
+## [0.11.0] — 2026-06-15
+
+Distils a field review of [repowise](https://github.com/repowise-dev/repowise) (a runtime
+codebase-intelligence engine: dependency graph, git analytics, LLM wiki, code-health biomarkers,
+change-risk, dead code). An adversarial map→verify pass over six candidates found that repowise is
+overwhelmingly a **runtime product** whose config-equivalents claude-kit already ships — so the
+honest, reuse-first result is small: one genuine kit-owned methodology gap and one sanctioned,
+opt-in external-tool reference. No application code, no Docker, nothing bundled.
+
+### Added
+- **`catalog/mcp.yaml`** gains an **opt-in** `repowise` MCP server (codebase intelligence: hotspots,
+  change-risk, co-change coupling, dead code). It is **only** written into `.mcp.json` when explicitly
+  selected at init — the kit *references* repowise, never bundles it. The label flags that it is
+  **AGPL-3.0** and requires installing it separately (`pip install repowise`) and indexing the repo
+  once (`repowise init`); the repo path is supplied via the `${REPOWISE_PROJECT_ROOT}` env placeholder
+  (same pattern as postgres's `${DATABASE_URL}`), so this is pure catalog data with no resolver change.
+
+### Changed
+- **`skills/code-review-and-quality`** gains a **"Where to Focus: Change Hotspots & Coupling"** section:
+  a tool-agnostic, `git log`-only technique for spending review attention where defects cluster —
+  churn × complexity hotspots, co-change coupling (hidden dependencies), and single-owner/bus-factor
+  files. It notes that a codebase-intelligence MCP (e.g. the optional repowise server) provides the
+  same signals precomputed via `get_risk`/`get_health`, but always as **advisory input, never a
+  blocking gate**. A matching checklist item was added.
+
+### Not done (deliberately, per the assessment)
+- repowise's engine itself — dependency graph, dashboard (`repowise serve`), deterministic PR bot,
+  LLM wiki/RAG, the 25 code-health biomarkers — is runtime and **cannot** be config. Its
+  config-equivalents already exist and were **not** duplicated: dead-code hygiene
+  (`over-engineering-review` / `code-simplification` / `code-review-and-quality` / `mandatory-workflow`),
+  noisy-output compression a.k.a. "distill" (`tool-design` rule + `context-engineering` skill),
+  read-an-overview-first (`context-engineering` / `source-driven-development`), ADRs
+  (`documentation-and-adrs`), commit provenance (`git-workflow-and-versioning`), and auto-generated
+  project instructions (`templates/CLAUDE.md`). No new rule/agent/skill/gate (the hotspot technique is
+  advisory, so it enriches a profile-gated skill rather than becoming a mandatory rule).
+
+## [0.10.0] — 2026-06-15
+
+Adds **LLM / AI application-security** guidance distilled from a field review of
+[protectai/llm-guard](https://github.com/protectai/llm-guard). An adversarial map→verify pass found a
+real, single gap: claude-kit secured (a) the *agent itself* (`agent-guardrails`, OWASP **Agentic**
+ASI01–10) and (b) *traditional* appsec of the product (`security-and-hardening` / `owasp-reviewer` =
+OWASP Top 10 **2021** web), but **nothing** covered securing the **LLM features a user builds into
+their product** (OWASP **LLM** Top 10 — prompt injection, insecure output handling, sensitive-info
+disclosure, model DoS). Per your steer, the new layer is **opt-in, bypassable, and states the security
+implications of bypassing** — and per golden rule #1 it reuses existing components rather than adding a
+new rule/agent/gate (all of which the verify pass flagged as either over-engineering or, for a new
+`rules/` file, a *mandatory*-framing conflict). No application code, no Docker; llm-guard is named only
+as one reference implementation, never a dependency.
+
+### Added
+- **`hooks/scripts/warn-llm-io.sh`** + the `warn-llm-io` hook (`standard`+, after `warn-shared-modules`):
+  an **advisory, non-blocking** PreToolUse(Edit|Write) hook. When an edited file looks like an LLM
+  feature (provider SDKs / prompt construction / RAG), it surfaces the LLM guardrails and the explicit
+  risks of skipping them (prompt-injection exfiltration, PII leaking to the provider,
+  insecure-output-handling XSS/SSRF/RCE), and names the bypass: record a one-line risk acceptance. It
+  always exits 0 (never blocks) and degrades to a no-op without `jq`.
+
+### Changed
+- **`skills/security-and-hardening`** gains an **"LLM / AI Feature Security (OWASP LLM Top 10) — opt-in"**
+  section: the input→model→output guard architecture; input guardrails (prompt-injection screening,
+  secrets scan, PII *anonymise/vault* pattern, token caps, topic limits, unicode canonicalisation);
+  output guardrails (treat output as untrusted — no eval/render-raw/auto-run; PII/secret leak scan;
+  malicious-URL/SSRF; structured-output validation); least-privilege model tools; an OWASP-LLM-Top-10
+  map; a **risk-acceptance/bypass** protocol; and a **security-implications-of-bypassing** table. (The
+  `security-reviewer` already reads this skill, so the security stage becomes LLM-aware for free.)
+- **`skills/threat-model`** adds an LLM/AI trigger and a step-6 LLM branch (walk the LLM Top 10; point
+  to the guardrails; record any bypass as a residual risk).
+- **`agents/owasp-reviewer`** A08 now states that **model output is untrusted data** — the existing
+  no-eval/exec/render-raw rule applies to it (insecure output handling stays a Critical), while the
+  broader LLM guardrails are explicitly **advisory** and must not block the gate.
+
+### Not done (deliberately, per the assessment)
+- No new `rules/` file (a rule installs in every profile and reads as *mandatory* — conflicts with the
+  opt-in requirement), no new `llm-security` agent, and no new blocking gate. The LLM Top 10 was **not**
+  folded into the mandatory `owasp-reviewer`/Security Clear gate (that would make it mandatory and dilute
+  a tightly-scoped 2021-web reviewer). LLM security stays a separate, advisory, bypassable path.
+
+## [0.9.0] — 2026-06-15
+
+Distils a field review of GitHub's [spec-kit](https://github.com/github/spec-kit) (Spec-Driven
+Development). An adversarial map→verify pass cross-checked spec-kit's seven distinctive features
+against claude-kit's existing spec-driven machinery; most were already covered (the `/constitution`
+artifact by `CLAUDE.md` "Project-specific rules" + the org `ai-working-agreement`; `/clarify` by
+`interview-me`; `/checklist` by `em-reviewer` + the spec-driven reframe + workflow §1b). Per golden
+rule #1 (reuse, don't duplicate), those were **not** re-implemented. The genuine gaps were a
+**built-but-unwired capability** and a **missing mechanism** — both addressed without new spec
+machinery, no application code, and no Docker.
+
+### Added
+- **`skills/task-tracker-sync`** (`standard`+): a thin, **tracker-agnostic** skill that mirrors an
+  existing task/story breakdown into the project's configured issue tracker (GitHub / Linear / Jira
+  via whichever MCP is set up), one issue per task, dependencies carried across, idempotent
+  (match-then-update, never blind-create). This implements spec-kit's `/taskstoissues` as the real
+  mechanism behind what was previously only a permission — `story-planner` said tasks *may* be
+  created, but nothing did it. It syncs a breakdown; it does not create one.
+
+### Changed
+- **Wired the orphaned `story-planner` agent into the pipeline as a coverage gate** — the headline
+  reuse. `story-planner` already decomposes an approved spec into ordered stories and verifies that
+  *every acceptance criterion maps to ≥1 story* (gaps and scope creep flagged), but it appeared in
+  neither `rules/mandatory-workflow.md` nor `agents/orchestrator.md`. It is now **stage 1f — Story
+  Breakdown & Coverage Gate**, between EM approval (1e) and the Developer (2a): implementation cannot
+  start until acceptance-criterion coverage is complete. This is spec-kit's tasks→analyze→implement
+  discipline, fulfilled with an existing component instead of a new one. Flow diagrams, the gating
+  table, and the orchestrator pipeline/spawn-reference/state-tracking were updated to match.
+- **`templates/artifacts/feature-spec.md`** now gives requirements stable ids (R1, R2 …) nesting
+  their Given/When/Then acceptance criteria, and adds an explicit **Assumptions** section — aligning
+  the artifact with the spec shape `mandatory-workflow.md` §1c already mandates and making the new
+  coverage gate concrete (stories and tests trace back to R-ids).
+- `agents/story-planner.md` and `skills/planning-and-task-breakdown` now point at `task-tracker-sync`
+  for pushing a plan to a tracker.
+
+## [0.8.0] — 2026-06-15
+
+Adds a **minimalism / anti-over-engineering** layer distilled from a field review of the
+[ponytail](https://github.com/DietrichGebert/ponytail) plugin. Most of ponytail's philosophy (YAGNI,
+stdlib-first, surgical diffs) was already enforced by `templates/CLAUDE.md` "Simplicity First",
+`skills/code-simplification`, and `rules/rarv-cycle`, so — per golden rule #1 (reuse, don't duplicate)
+— only the genuinely-missing *mechanisms* were added. No application code, no Docker; new components
+are wired through the catalog.
+
+### Added
+- **`skills/over-engineering-review`** (`standard`+): a complexity-**only**, report-**only** scan that
+  returns a terse delete-list (`delete:/stdlib:/native:/yagni:/shrink:` tags, each naming the
+  replacement) over a diff or a whole repo, ending with `net: -N lines possible` or `Lean already.
+  Ship.`. Complements the multi-axis `code-review-and-quality` (it isolates the complexity axis) and
+  stops short of the behavior-preserving refactor that `code-simplification` performs. Never flags the
+  kit's required test or the safety carve-outs.
+- **`skills/simplification-debt`** (`standard`+): harvests deliberately-deferred shortcuts
+  (`TODO(TICKET)`, `FIXME`, and inline `shortcut: ceiling — upgrade` markers) into one ledger grouped
+  by file, and flags any marker that names **no upgrade trigger** as a silent-rot risk. Report-only;
+  persists to a file only when asked.
+- **`load-autonomy` hook** (`SessionStart`, `standard`+): surfaces the repo's active autonomy level
+  (read from the install snapshot) into context each session, so `rules/autonomy-levels.md` is visible
+  and persistent rather than purely instructional. Degrades to a no-op without `jq`. Registered in the
+  hook registry and the plugin `hooks/hooks.json`.
+
+### Changed
+- **`rules/evals.md`** gains section 6: run repeated trials and report the **median of N**, and
+  **separate measurement metrics** (record-and-pass: LOC, cost, latency) **from gate metrics**
+  (execute-and-fail: run the output, assert it) — with the ponytail benchmark cited as a worked example.
+- **`rules/documentation.md`** now blesses an inline upgrade-path shortcut marker
+  (`# shortcut: ceiling — upgrade path`) as an alternative to a ticketed `TODO`, and points at the
+  `simplification-debt` skill that harvests them.
+- **CI now publishes on merge to `main`, gated by a version check.** `publish.yml` also triggers on
+  every push to `main` (in addition to version tags, releases, and manual dispatch). A `version-check`
+  job compares `pyproject.toml`'s version against PyPI and only builds/publishes when the version is
+  new; an unchanged version is skipped cleanly (PyPI versions are immutable). The publisher also passes
+  `skip-existing: true` as a race guard. Net effect: bump the version in a PR, merge it, and the
+  release ships automatically — no manual tag required.
+
 ## [0.7.1] — 2026-06-09
 
 A parity fix for the no-pip fallback scaffolder so the plugin's `/claude-kit:init` command works