claude-code-kit 0.9.0__tar.gz → 0.11.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/.claude-plugin/marketplace.json +1 -1
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/.claude-plugin/plugin.json +1 -1
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/CHANGELOG.md +78 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/PKG-INFO +186 -99
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/README.md +185 -98
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/owasp-reviewer.md +1 -1
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/catalog/mcp.yaml +11 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/catalog/profiles.yaml +1 -1
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/hooks.json +1 -0
- claude_code_kit-0.11.0/hooks/scripts/warn-llm-io.sh +26 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/pyproject.toml +1 -1
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/code-review-and-quality/SKILL.md +16 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/security-and-hardening/SKILL.md +84 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/threat-model/SKILL.md +8 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/__init__.py +1 -1
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/hooks.py +6 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/.gitignore +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/CLAUDE.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/CONTRIBUTING.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/LICENSE +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/acceptance-reviewer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/auditor.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/dependency-scanner.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/developer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/devils-advocate.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/devops-engineer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/e2e-tester.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/em-reviewer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/incident-responder.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/merge-reviewer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/observability-engineer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/orchestrator.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/policy-validator.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/pr-raiser.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/risk-classifier.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/sdlc-code-reviewer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/secret-scanner.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/security-reviewer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/senior-backend-dev.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/senior-frontend-dev.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/senior-tester.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/spec-doc-writer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/story-planner.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/technical-architect.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/tester.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/ui-designer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/agents/unit-tester.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/catalog/org.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/catalog/stacks.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/commands/init.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/commands/sdlc.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/commands/status.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/docs/agentic-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/docs/agents.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/docs/architecture.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/docs/org-capabilities.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/audit-log.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/guard-secrets.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/lint-fix.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/load-autonomy.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/load-continuity.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/load-learnings.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/type-check.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/validate-frontmatter.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/validate-settings.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/warn-large-edits.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/warn-missing-tests.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/warn-sensitive-files.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/hooks/scripts/warn-shared-modules.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/agent-guardrails.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/agent-memory.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/agent-resilience.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/autonomy-levels.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/code-organization.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/continuity.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/design-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/devops-observability.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/documentation.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/evals.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/frontend-best-practices.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/goal-setting-and-monitoring.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/human-in-the-loop.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/linting-and-formatting.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/mandatory-workflow.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/model-tiers.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/quality-gates.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/rarv-cycle.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/reasoning-techniques.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/responsive-and-accessibility.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/risk-classification.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/testing.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/rules/tool-design.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/scripts/init.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/_references/accessibility-checklist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/_references/orchestration-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/_references/performance-checklist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/_references/security-checklist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/_references/testing-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/accessibility-review/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/api-and-interface-design/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/api-integration/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/archive-sprint/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/backlog/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/backlog/item-template.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/browser-testing-with-devtools/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/ci-cd-and-automation/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/code-simplification/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/component-design/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/consolidate-learnings/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/context-engineering/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/debugging-and-error-recovery/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/decision/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/decision/adr-template.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/deprecation-and-migration/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/documentation-and-adrs/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/doubt-driven-development/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/execute/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/frontend-ui-engineering/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/git-workflow-and-versioning/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/idea-refine/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/idea-refine/examples.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/idea-refine/frameworks.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/idea-refine/refinement-criteria.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/idea-refine/scripts/idea-refine.sh +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/incident-postmortem/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/incremental-implementation/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/interview-me/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/load-testing/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/manual-test/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/over-engineering-review/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/performance-optimization/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/planning-and-task-breakdown/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/playwright-verification/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/refresh-docs/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/remember/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/scope/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/scope/scope-template.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/sdlc/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/security-verification/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/shipping-and-launch/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/simplification-debt/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/smoke-test/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/source-driven-development/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/spec-driven-development/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/sprint/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/sprint/sprint-template.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/task-tracker-sync/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/test-driven-development/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/triage/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/ui-ux-design/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/unit-test/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/skills/using-agent-skills/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/__main__.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/catalog.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/cli.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/models.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/prompts.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/render.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/scaffold.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/upgrader.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/src/claude_kit/validator.py +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/CLAUDE.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/CLAUDE.stack.md.tmpl +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/CONTINUITY.template.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/README.claude-sdlc.md.tmpl +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/MEMORY.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/api/.gitkeep +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/architecture/.gitkeep +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/debugging/.gitkeep +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/gotchas/.gitkeep +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/patterns/.gitkeep +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/agent-memory/performance/.gitkeep +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/artifacts/adr.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/artifacts/feature-spec.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/artifacts/release-plan.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/artifacts/runbook.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/artifacts/security-review.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/artifacts/test-plan.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/agents/data-workflow-agent.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/agents/founder-prototype-agent.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/agents/internal-tools-builder.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/agents/pm-copilot.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/agents/support-ticket-engineer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/devops-and-release/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/devops-and-release/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/engineering-core/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/engineering-core/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/non-engineer-builder/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/non-engineer-builder/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/onboarding-and-docs/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/onboarding-and-docs/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/product-to-code/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/product-to-code/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/quality-and-review/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/quality-and-review/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/security-and-compliance/README.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/packs/security-and-compliance/pack.yaml +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/ai-working-agreement.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/ambiguity-resolution.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/branch-and-pr-policy.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/compliance-policy.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/non-engineer-safe-coding.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/pii-policy.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/production-data-policy.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/prompt-to-task-conversion.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/prototype-boundaries.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/rules/secrets-policy.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/skills/customer-issue-to-fix/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/skills/feature-from-idea/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/skills/prompt-to-safe-task/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/skills/prototype-to-production/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/org/skills/repo-onboarding/SKILL.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/settings.json +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/backend/python/fastapi/rules/fastapi-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/mongodb/agents/migration-specialist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/mongodb/agents/mongodb-specialist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/mongodb/rules/mongodb-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/postgres/agents/db-performance-reviewer.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/postgres/agents/migration-specialist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/postgres/agents/postgres-specialist.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/postgres/rules/database-performance.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/db/postgres/rules/postgres-patterns.md +0 -0
- {claude_code_kit-0.9.0 → claude_code_kit-0.11.0}/templates/stacks/frontend/react/rules/react-patterns.md +0 -0
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
"name": "claude-kit",
|
|
11
11
|
"source": "./",
|
|
12
12
|
"description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker): install CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json, then run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.",
|
|
13
|
-
"version": "0.
|
|
13
|
+
"version": "0.11.0",
|
|
14
14
|
"license": "MIT",
|
|
15
15
|
"keywords": ["sdlc", "agents", "orchestration", "quality-gates", "workflow", "scaffold", "cookiecutter"]
|
|
16
16
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-kit",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.11.0",
|
|
4
4
|
"description": "Cookiecutter-style scaffolder for an autonomous Claude Code SDLC config (no app code, no Docker). `claude-kit init` asks ordered questions and installs CLAUDE.md + .claude/ (rules, the profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates with working memory and a self-improving learnings loop.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Arjunsingh Yadav",
|
|
@@ -4,6 +4,84 @@ All notable changes to claude-kit are documented here. The format follows
|
|
|
4
4
|
[Keep a Changelog](https://keepachangelog.com/), and the project uses
|
|
5
5
|
[semantic versioning](https://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.11.0] — 2026-06-15
|
|
8
|
+
|
|
9
|
+
Distils a field review of [repowise](https://github.com/repowise-dev/repowise) (a runtime
|
|
10
|
+
codebase-intelligence engine: dependency graph, git analytics, LLM wiki, code-health biomarkers,
|
|
11
|
+
change-risk, dead code). An adversarial map→verify pass over six candidates found that repowise is
|
|
12
|
+
overwhelmingly a **runtime product** whose config-equivalents claude-kit already ships — so the
|
|
13
|
+
honest, reuse-first result is small: one genuine kit-owned methodology gap and one sanctioned,
|
|
14
|
+
opt-in external-tool reference. No application code, no Docker, nothing bundled.
|
|
15
|
+
|
|
16
|
+
### Added
|
|
17
|
+
- **`catalog/mcp.yaml`** gains an **opt-in** `repowise` MCP server (codebase intelligence: hotspots,
|
|
18
|
+
change-risk, co-change coupling, dead code). It is **only** written into `.mcp.json` when explicitly
|
|
19
|
+
selected at init — the kit *references* repowise, never bundles it. The label flags that it is
|
|
20
|
+
**AGPL-3.0** and requires installing it separately (`pip install repowise`) and indexing the repo
|
|
21
|
+
once (`repowise init`); the repo path is supplied via the `${REPOWISE_PROJECT_ROOT}` env placeholder
|
|
22
|
+
(same pattern as postgres's `${DATABASE_URL}`), so this is pure catalog data with no resolver change.
|
|
23
|
+
|
|
24
|
+
### Changed
|
|
25
|
+
- **`skills/code-review-and-quality`** gains a **"Where to Focus: Change Hotspots & Coupling"** section:
|
|
26
|
+
a tool-agnostic, `git log`-only technique for spending review attention where defects cluster —
|
|
27
|
+
churn × complexity hotspots, co-change coupling (hidden dependencies), and single-owner/bus-factor
|
|
28
|
+
files. It notes that a codebase-intelligence MCP (e.g. the optional repowise server) provides the
|
|
29
|
+
same signals precomputed via `get_risk`/`get_health`, but always as **advisory input, never a
|
|
30
|
+
blocking gate**. A matching checklist item was added.
|
|
31
|
+
|
|
32
|
+
### Not done (deliberately, per the assessment)
|
|
33
|
+
- repowise's engine itself — dependency graph, dashboard (`repowise serve`), deterministic PR bot,
|
|
34
|
+
LLM wiki/RAG, the 25 code-health biomarkers — is runtime and **cannot** be config. Its
|
|
35
|
+
config-equivalents already exist and were **not** duplicated: dead-code hygiene
|
|
36
|
+
(`over-engineering-review` / `code-simplification` / `code-review-and-quality` / `mandatory-workflow`),
|
|
37
|
+
noisy-output compression a.k.a. "distill" (`tool-design` rule + `context-engineering` skill),
|
|
38
|
+
read-an-overview-first (`context-engineering` / `source-driven-development`), ADRs
|
|
39
|
+
(`documentation-and-adrs`), commit provenance (`git-workflow-and-versioning`), and auto-generated
|
|
40
|
+
project instructions (`templates/CLAUDE.md`). No new rule/agent/skill/gate (the hotspot technique is
|
|
41
|
+
advisory, so it enriches a profile-gated skill rather than becoming a mandatory rule).
|
|
42
|
+
|
|
43
|
+
## [0.10.0] — 2026-06-15
|
|
44
|
+
|
|
45
|
+
Adds **LLM / AI application-security** guidance distilled from a field review of
|
|
46
|
+
[protectai/llm-guard](https://github.com/protectai/llm-guard). An adversarial map→verify pass found a
|
|
47
|
+
real, single gap: claude-kit secured (a) the *agent itself* (`agent-guardrails`, OWASP **Agentic**
|
|
48
|
+
ASI01–10) and (b) *traditional* appsec of the product (`security-and-hardening` / `owasp-reviewer` =
|
|
49
|
+
OWASP Top 10 **2021** web), but **nothing** covered securing the **LLM features a user builds into
|
|
50
|
+
their product** (OWASP **LLM** Top 10 — prompt injection, insecure output handling, sensitive-info
|
|
51
|
+
disclosure, model DoS). Per your steer, the new layer is **opt-in, bypassable, and states the security
|
|
52
|
+
implications of bypassing** — and per golden rule #1 it reuses existing components rather than adding a
|
|
53
|
+
new rule/agent/gate (all of which the verify pass flagged as either over-engineering or, for a new
|
|
54
|
+
`rules/` file, a *mandatory*-framing conflict). No application code, no Docker; llm-guard is named only
|
|
55
|
+
as one reference implementation, never a dependency.
|
|
56
|
+
|
|
57
|
+
### Added
|
|
58
|
+
- **`hooks/scripts/warn-llm-io.sh`** + the `warn-llm-io` hook (`standard`+, after `warn-shared-modules`):
|
|
59
|
+
an **advisory, non-blocking** PreToolUse(Edit|Write) hook. When an edited file looks like an LLM
|
|
60
|
+
feature (provider SDKs / prompt construction / RAG), it surfaces the LLM guardrails and the explicit
|
|
61
|
+
risks of skipping them (prompt-injection exfiltration, PII leaking to the provider,
|
|
62
|
+
insecure-output-handling XSS/SSRF/RCE), and names the bypass: record a one-line risk acceptance. It
|
|
63
|
+
always exits 0 (never blocks) and degrades to a no-op without `jq`.
|
|
64
|
+
|
|
65
|
+
### Changed
|
|
66
|
+
- **`skills/security-and-hardening`** gains an **"LLM / AI Feature Security (OWASP LLM Top 10) — opt-in"**
|
|
67
|
+
section: the input→model→output guard architecture; input guardrails (prompt-injection screening,
|
|
68
|
+
secrets scan, PII *anonymise/vault* pattern, token caps, topic limits, unicode canonicalisation);
|
|
69
|
+
output guardrails (treat output as untrusted — no eval/render-raw/auto-run; PII/secret leak scan;
|
|
70
|
+
malicious-URL/SSRF; structured-output validation); least-privilege model tools; an OWASP-LLM-Top-10
|
|
71
|
+
map; a **risk-acceptance/bypass** protocol; and a **security-implications-of-bypassing** table. (The
|
|
72
|
+
`security-reviewer` already reads this skill, so the security stage becomes LLM-aware for free.)
|
|
73
|
+
- **`skills/threat-model`** adds an LLM/AI trigger and a step-6 LLM branch (walk the LLM Top 10; point
|
|
74
|
+
to the guardrails; record any bypass as a residual risk).
|
|
75
|
+
- **`agents/owasp-reviewer`** A08 now states that **model output is untrusted data** — the existing
|
|
76
|
+
no-eval/exec/render-raw rule applies to it (insecure output handling stays a Critical), while the
|
|
77
|
+
broader LLM guardrails are explicitly **advisory** and must not block the gate.
|
|
78
|
+
|
|
79
|
+
### Not done (deliberately, per the assessment)
|
|
80
|
+
- No new `rules/` file (a rule installs in every profile and reads as *mandatory* — conflicts with the
|
|
81
|
+
opt-in requirement), no new `llm-security` agent, and no new blocking gate. The LLM Top 10 was **not**
|
|
82
|
+
folded into the mandatory `owasp-reviewer`/Security Clear gate (that would make it mandatory and dilute
|
|
83
|
+
a tightly-scoped 2021-web reviewer). LLM security stays a separate, advisory, bypassable path.
|
|
84
|
+
|
|
7
85
|
## [0.9.0] — 2026-06-15
|
|
8
86
|
|
|
9
87
|
Distils a field review of GitHub's [spec-kit](https://github.com/github/spec-kit) (Spec-Driven
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: claude-code-kit
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.11.0
|
|
4
4
|
Summary: Cookiecutter-style scaffolder for an autonomous Claude Code SDLC configuration (no app code, no Docker). Asks ordered questions and installs CLAUDE.md + .claude/ (rules, the chosen profile's agents/skills, hooks, artifact templates) + optional .mcp.json; run /sdlc to drive spec → review → build → test → security → ship through profile-aware quality gates, working memory, and a self-improving learnings loop.
|
|
5
5
|
Project-URL: Homepage, https://github.com/ajyadav013/claude-kit
|
|
6
6
|
Project-URL: Repository, https://github.com/ajyadav013/claude-kit
|
|
@@ -31,18 +31,17 @@ Description-Content-Type: text/markdown
|
|
|
31
31
|
|
|
32
32
|
**A Cookiecutter-style scaffolder for an autonomous SDLC (software-delivery lifecycle) inside [Claude Code](https://www.claude.com/product/claude-code).**
|
|
33
33
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
turn a one-line request into reviewed, tested, secured, shippable code, with a quality gate between
|
|
37
|
-
every phase. **No application code. No Docker. Configuration only.**
|
|
34
|
+
One command turns a one-line request into reviewed, tested, secured, shippable code —
|
|
35
|
+
with a quality gate between every phase. **No application code. No Docker. Configuration only.**
|
|
38
36
|
|
|
39
37
|
[](https://pypi.org/project/claude-code-kit/)
|
|
40
38
|
[](https://pypi.org/project/claude-code-kit/)
|
|
41
39
|
[](LICENSE)
|
|
42
40
|
[](https://www.claude.com/product/claude-code)
|
|
43
41
|
[](https://github.com/ajyadav013/claude-kit/actions/workflows/ci.yml)
|
|
42
|
+
[](CHANGELOG.md)
|
|
44
43
|
|
|
45
|
-
|
|
44
|
+
🚀 [Quick start](#quick-start) · 🧭 [How it works](#how-it-works) · 🔁 [The pipeline](#the-pipeline) · 🌱 [What we adopted](#influences--what-we-adopted) · 🤖 [Agents](#the-agents) · 🧩 [Catalog](#catalog--extensibility) · 🛠️ [CLI](#cli-reference) · 📖 [Agent guide](docs/agents.md)
|
|
46
45
|
|
|
47
46
|
</div>
|
|
48
47
|
|
|
@@ -51,40 +50,36 @@ every phase. **No application code. No Docker. Configuration only.**
|
|
|
51
50
|
## What is this?
|
|
52
51
|
|
|
53
52
|
claude-kit installs a **complete software-delivery lifecycle** into Claude Code. Instead of one
|
|
54
|
-
assistant doing everything in
|
|
55
|
-
a spec writer, story planner, reviewers, a developer, code reviewers, testers, security scanners,
|
|
53
|
+
assistant doing everything in a single pass, your work flows through a pipeline of focused agents —
|
|
54
|
+
a spec writer, a story planner, reviewers, a developer, code reviewers, testers, security scanners,
|
|
56
55
|
and a PR raiser — coordinated by an **Orchestrator** that runs independent work in parallel and
|
|
57
56
|
refuses to advance a phase until its **quality gate** passes. You drive it all with one command:
|
|
58
|
-
|
|
57
|
+
**`/sdlc <your task>`**.
|
|
59
58
|
|
|
60
|
-
|
|
61
|
-
`init` time and claude-kit installs matching **overlay rules** (e.g. for React, FastAPI, PostgreSQL,
|
|
62
|
-
MongoDB) and fills `CLAUDE.md` with your stack's exact lint/test/build commands — but it never writes
|
|
63
|
-
your application code and never requires Docker.
|
|
59
|
+
**At a glance:**
|
|
64
60
|
|
|
65
|
-
|
|
61
|
+
- 🧱 **Stack-agnostic** — the pipeline assumes no language or framework. Pick a stack at `init` and it
|
|
62
|
+
installs matching overlay rules (React · FastAPI · PostgreSQL · MongoDB) and your exact
|
|
63
|
+
lint/test/build commands. It never writes your app code and never needs Docker.
|
|
64
|
+
- 🎚️ **Dial the rigor with profiles** — `lean ⊊ standard ⊊ enterprise` decide how many agents, skills,
|
|
65
|
+
hooks, and gates are active, from "fast track" to "full audit".
|
|
66
|
+
- 👥 **Scope to your team** — `individual` / `team` (default) / `organization`. Org scope adds a
|
|
67
|
+
vibe-coding layer so PMs, designers, QA, support, and founders can drive work safely too.
|
|
68
|
+
- 🧠 **Remembers across sessions** — working memory (`CONTINUITY.md`) survives context compaction, and a
|
|
69
|
+
learnings loop (`agent-memory/`) means the same mistake isn't made twice.
|
|
70
|
+
- 📦 **Two channels, one source** — a first-class Claude Code **plugin** *and* a **pip** scaffolder.
|
|
66
71
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
- **Scope** — `individual` / `team` (default) / `organization`. Organization scope adds a
|
|
70
|
-
**vibe-coding capability layer** so PMs, designers, QA, support, data, and founders can drive work
|
|
71
|
-
safely too — with role-based **packs**, an **autonomy model**, and **risk classification**. See
|
|
72
|
-
[`docs/org-capabilities.md`](docs/org-capabilities.md).
|
|
73
|
-
- **Working memory (`CONTINUITY.md`)** — the current task state is re-read every turn, so work
|
|
74
|
-
survives context compaction and brand-new sessions.
|
|
75
|
-
- **A self-improving learnings loop (`agent-memory/`)** — durable lessons are captured and
|
|
76
|
-
re-injected into future sessions, so the same mistake isn't made twice.
|
|
77
|
-
|
|
78
|
-
> Inspired by the autonomous-SDLC idea, rebuilt from the ground up **for Claude Code** — as a
|
|
79
|
-
> first-class plugin **and** a pip-installable scaffolder, both from one source of truth.
|
|
72
|
+
> Inspired by the autonomous-SDLC idea, rebuilt from the ground up **for Claude Code**, and kept small
|
|
73
|
+
> by a **reuse-first** policy — see [what we adopted](#influences--what-we-adopted) and from where.
|
|
80
74
|
|
|
81
75
|
---
|
|
82
76
|
|
|
83
|
-
##
|
|
77
|
+
## Quick start
|
|
84
78
|
|
|
85
|
-
|
|
79
|
+
<details open>
|
|
80
|
+
<summary><b>A) As a Claude Code plugin (recommended)</b></summary>
|
|
86
81
|
|
|
87
|
-
|
|
82
|
+
<br>
|
|
88
83
|
|
|
89
84
|
Makes all agents, skills, commands, and hooks available inside Claude Code:
|
|
90
85
|
|
|
@@ -93,7 +88,7 @@ Makes all agents, skills, commands, and hooks available inside Claude Code:
|
|
|
93
88
|
/plugin install claude-kit
|
|
94
89
|
```
|
|
95
90
|
|
|
96
|
-
Then, inside any project you want
|
|
91
|
+
Then, inside any project you want the pipeline to manage:
|
|
97
92
|
|
|
98
93
|
```text
|
|
99
94
|
/claude-kit:init # asks the ordered questions, lays down CLAUDE.md + .claude/
|
|
@@ -104,27 +99,34 @@ Then, inside any project you want managed by the pipeline:
|
|
|
104
99
|
> `/sdlc` is a **project skill** installed by `init`, so it becomes available after the restart. The
|
|
105
100
|
> plugin also exposes `/claude-kit:sdlc <task>`, which works immediately (no restart needed).
|
|
106
101
|
|
|
107
|
-
|
|
102
|
+
</details>
|
|
103
|
+
|
|
104
|
+
<details>
|
|
105
|
+
<summary><b>B) As a pip package (CI, onboarding, non-plugin workflows)</b></summary>
|
|
106
|
+
|
|
107
|
+
<br>
|
|
108
108
|
|
|
109
|
-
A CLI (`claude-kit`, aliases `ckit` / `claude-sdlc`) that scaffolds the same config into any repo
|
|
110
|
-
great for CI, onboarding, or non-plugin workflows:
|
|
109
|
+
A CLI (`claude-kit`, aliases `ckit` / `claude-sdlc`) that scaffolds the same config into any repo:
|
|
111
110
|
|
|
112
111
|
```bash
|
|
113
112
|
# Until the first PyPI release, install straight from the repo:
|
|
114
113
|
pip install "git+https://github.com/ajyadav013/claude-kit.git"
|
|
115
114
|
# Once published to PyPI this becomes: pip install claude-code-kit
|
|
116
115
|
|
|
117
|
-
claude-kit init # interactive: prompts for stack, profile, MCP
|
|
116
|
+
claude-kit init # interactive: prompts for stack, profile, MCP
|
|
118
117
|
claude-kit init --defaults # non-interactive: React + Python/FastAPI + Postgres + standard
|
|
119
118
|
```
|
|
120
119
|
|
|
120
|
+
</details>
|
|
121
|
+
|
|
121
122
|
> **Prerequisites:** [Claude Code](https://www.claude.com/product/claude-code); Python ≥ 3.9 for the
|
|
122
|
-
> CLI; `jq` to enable the shell hooks (they no-op without it); Node / `npx` only if you
|
|
123
|
-
>
|
|
123
|
+
> CLI; `jq` to enable the shell hooks (they no-op without it); Node / `npx` only if you enable an MCP
|
|
124
|
+
> (Model Context Protocol) server.
|
|
124
125
|
|
|
125
|
-
|
|
126
|
+
<details>
|
|
127
|
+
<summary><b>What the init flow asks & what lands on disk</b></summary>
|
|
126
128
|
|
|
127
|
-
|
|
129
|
+
<br>
|
|
128
130
|
|
|
129
131
|
`claude-kit init` asks an ordered set of questions (all with sensible defaults), then writes the
|
|
130
132
|
config — nothing else:
|
|
@@ -134,7 +136,7 @@ config — nothing else:
|
|
|
134
136
|
3. **Backend language** (default: Python) → **backend framework** (default: FastAPI)
|
|
135
137
|
4. **Database** (PostgreSQL · MongoDB)
|
|
136
138
|
5. **SDLC profile** (`lean` · `standard` · `enterprise`)
|
|
137
|
-
6. **Optional MCP
|
|
139
|
+
6. **Optional MCP integrations** (GitHub · Jira/Linear · Postgres/Mongo · Playwright · Docs) — a
|
|
138
140
|
project-root `.mcp.json` is written **only** if you select any (env placeholders, never secrets)
|
|
139
141
|
|
|
140
142
|
Non-interactive equivalents: `--defaults`, or `--config init.yaml` (flat or nested YAML). What lands:
|
|
@@ -154,6 +156,8 @@ README.claude-sdlc.md
|
|
|
154
156
|
.mcp.json # only if MCP servers were selected
|
|
155
157
|
```
|
|
156
158
|
|
|
159
|
+
</details>
|
|
160
|
+
|
|
157
161
|
---
|
|
158
162
|
|
|
159
163
|
## How it works
|
|
@@ -168,7 +172,7 @@ flowchart LR
|
|
|
168
172
|
H["hooks/"]
|
|
169
173
|
R["rules/"]
|
|
170
174
|
T["templates/"]
|
|
171
|
-
K["catalog/<br/>(stacks · profiles · mcp)"]
|
|
175
|
+
K["catalog/<br/>(stacks · profiles · mcp · org)"]
|
|
172
176
|
end
|
|
173
177
|
SRC -->|"pip install + claude-kit init"| PROJ["Your project<br/>CLAUDE.md + .claude/"]
|
|
174
178
|
SRC -->|"/plugin install"| CC["Claude Code<br/>(agents · skills · commands · hooks)"]
|
|
@@ -179,13 +183,13 @@ flowchart LR
|
|
|
179
183
|
Three ideas do the heavy lifting:
|
|
180
184
|
|
|
181
185
|
1. **Quality gates with a shared severity model.** Every finding is classified
|
|
182
|
-
Critical / High / Medium / Low / Cosmetic. A gate passes **only** with zero
|
|
183
|
-
|
|
184
|
-
2. **RARV self-check.** Every agent runs **R**eason → **A**ct → **R**eflect → **V**erify and
|
|
185
|
-
|
|
186
|
-
3. **Blind review + Devil's Advocate.** Parallel reviewers judge independently
|
|
187
|
-
|
|
188
|
-
|
|
186
|
+
Critical / High / Medium / Low / Cosmetic. A gate passes **only** with zero Critical/High/Medium
|
|
187
|
+
open. No silent advancement.
|
|
188
|
+
2. **RARV self-check.** Every agent runs **R**eason → **A**ct → **R**eflect → **V**erify and must show
|
|
189
|
+
a *green Verify* (real commands run, not imagined) before handing off.
|
|
190
|
+
3. **Blind review + Devil's Advocate.** Parallel reviewers judge independently; a *unanimous* PASS is
|
|
191
|
+
treated as suspicious and triggers an adversarial `devils-advocate` pass before the gate may close —
|
|
192
|
+
an explicit guard against agents rubber-stamping each other.
|
|
189
193
|
|
|
190
194
|
See [`docs/architecture.md`](docs/architecture.md) for the full diagrams.
|
|
191
195
|
|
|
@@ -221,12 +225,67 @@ A **fast-track** mode collapses small changes (< 5 files) to Developer → Code
|
|
|
221
225
|
|
|
222
226
|
---
|
|
223
227
|
|
|
228
|
+
## Influences & what we adopted
|
|
229
|
+
|
|
230
|
+
claude-kit is built **reuse-first**. We periodically review excellent open-source projects and adopt
|
|
231
|
+
**only the genuinely-new ideas** — never duplicating what the kit already does (near-duplicates would
|
|
232
|
+
dilute Claude's ability to auto-select the right skill). Each adoption follows the same method:
|
|
233
|
+
**fetch the real source → adversarially map it against the kit's existing files → ship only the
|
|
234
|
+
non-duplicative gaps**, minimally and catalog-wired.
|
|
235
|
+
|
|
236
|
+
| Source | What we learned | What we shipped | Since |
|
|
237
|
+
|---|---|---|:--:|
|
|
238
|
+
| **Agentic Design Patterns** — A. Gulli ([coverage map](docs/agentic-patterns.md)) | Reasoning, guardrails, resilience, human-in-the-loop, evals, and tool design as first-class agent disciplines | 8 agent-operation rules + [`docs/agentic-patterns.md`](docs/agentic-patterns.md) | `0.4.0` |
|
|
239
|
+
| **[ponytail](https://github.com/DietrichGebert/ponytail)** | YAGNI / anti-over-engineering as an explicit recurring pass; deferral-debt tracking; surfacing the active autonomy level | `over-engineering-review` & `simplification-debt` skills, the `load-autonomy` hook, median-of-N in `evals` | `0.8.0` |
|
|
240
|
+
| **[GitHub spec-kit](https://github.com/github/spec-kit)** | Spec → tasks → **analyze** coverage gate; tasks → tracker issues; stable requirement IDs + assumptions in specs | Wired the (previously orphaned) `story-planner` as the **coverage gate (1f)**, a tracker-agnostic `task-tracker-sync` skill, and enriched the feature-spec template | `0.9.0` |
|
|
241
|
+
| **[protectai/llm-guard](https://github.com/protectai/llm-guard)** | Input→model→output guardrails for LLM features — prompt injection, PII vault, treating model output as untrusted | **Opt-in** "LLM / AI Feature Security" guidance in `security-and-hardening` + the advisory `warn-llm-io` hook (warns, **never blocks**) | `0.10.0` |
|
|
242
|
+
|
|
243
|
+
> Each adoption is detailed in the [CHANGELOG](CHANGELOG.md) — including, for every review, what we
|
|
244
|
+
> deliberately **did not** add because the kit already covered it.
|
|
245
|
+
|
|
246
|
+
<details>
|
|
247
|
+
<summary><b>The latest three reviews, in a bit more depth</b></summary>
|
|
248
|
+
|
|
249
|
+
<br>
|
|
250
|
+
|
|
251
|
+
**🪶 ponytail → minimalism layer (0.8.0).** Most of ponytail's philosophy (YAGNI, stdlib-first,
|
|
252
|
+
surgical diffs) was already enforced by `CLAUDE.md` "Simplicity First" + `code-simplification`, so we
|
|
253
|
+
added only the missing *mechanisms*: `over-engineering-review` (a complexity-only, report-only
|
|
254
|
+
delete-list), `simplification-debt` (harvests `TODO`/`FIXME`/inline `shortcut:` markers into a ledger
|
|
255
|
+
and flags ones that name no upgrade path), and the `load-autonomy` SessionStart hook (surfaces the
|
|
256
|
+
active autonomy level each session).
|
|
257
|
+
|
|
258
|
+
**🧭 GitHub spec-kit → coverage gate + tracker sync (0.9.0).** The headline was *reuse*: the kit
|
|
259
|
+
already had a `story-planner` agent that verifies every acceptance criterion maps to a story, but it
|
|
260
|
+
was **never wired into the pipeline**. We made it **stage 1f** (between EM approval and the developer),
|
|
261
|
+
so implementation can't start until coverage is proven. We also added `task-tracker-sync` (mirrors a
|
|
262
|
+
plan into GitHub / Linear / Jira issues, dependencies preserved) and gave the feature-spec template
|
|
263
|
+
stable requirement IDs + an Assumptions section. We **skipped** spec-kit's `/constitution`,
|
|
264
|
+
`/clarify`, and `/checklist` — all already covered.
|
|
265
|
+
|
|
266
|
+
**🛡️ protectai/llm-guard → opt-in LLM security (0.10.0).** The kit secured the *agent itself* and
|
|
267
|
+
*traditional* web appsec, but nothing covered **the LLM features you build into your product** (the
|
|
268
|
+
OWASP LLM Top 10). Per request, the new layer is **opt-in, bypassable, and states the risk of
|
|
269
|
+
bypassing**: an "LLM / AI Feature Security" section in `security-and-hardening` (input/output
|
|
270
|
+
guardrails, PII vault, untrusted-output handling, a security-implications-of-bypassing table) plus a
|
|
271
|
+
non-blocking `warn-llm-io` hook. We deliberately did **not** add a new rule or fold it into the
|
|
272
|
+
mandatory security gate — that would have made it mandatory.
|
|
273
|
+
|
|
274
|
+
</details>
|
|
275
|
+
|
|
276
|
+
---
|
|
277
|
+
|
|
224
278
|
## The agents
|
|
225
279
|
|
|
226
|
-
28 specialized roles in [`agents/`](agents/), each tagged with a `tier`
|
|
227
|
-
specialist · review) and installed per profile
|
|
228
|
-
|
|
229
|
-
**[agent guide](docs/agents.md)**
|
|
280
|
+
**28 specialized roles** in [`agents/`](agents/), each tagged with a `tier`
|
|
281
|
+
(orchestrator · stage-lead · specialist · review) and installed per profile — plus per-database
|
|
282
|
+
**overlay agents** and, in organization scope, **persona agents**. The
|
|
283
|
+
**[agent guide](docs/agents.md)** explains how to drive them.
|
|
284
|
+
|
|
285
|
+
<details>
|
|
286
|
+
<summary><b>See the full roster (28 + overlays + personas)</b></summary>
|
|
287
|
+
|
|
288
|
+
<br>
|
|
230
289
|
|
|
231
290
|
| Agent | Role |
|
|
232
291
|
|-------|------|
|
|
@@ -245,23 +304,58 @@ your chosen DB, and **org persona agents** added only in organization scope. See
|
|
|
245
304
|
| `auditor` | Read-only audit for accessibility, performance, responsiveness, console errors |
|
|
246
305
|
| `devils-advocate` | Anti-sycophancy adversarial reviewer (runs on a unanimous PASS) |
|
|
247
306
|
| `acceptance-reviewer` | Verifies delivery against acceptance criteria before the human gate |
|
|
248
|
-
| `risk-classifier` | Read-only — classifies work
|
|
307
|
+
| `risk-classifier` | Read-only — classifies work low/medium/high/restricted and names the required gates (enterprise + org) |
|
|
249
308
|
| `security-reviewer` | Security stage coordinator — owns the Security Clear gate |
|
|
250
309
|
| `secret-scanner` · `dependency-scanner` · `owasp-reviewer` · `policy-validator` | The four parallel security sub-scanners |
|
|
251
310
|
| `devops-engineer` | CI/build/release, env, migrations, runbook — container-optional; owns Pipeline Green |
|
|
252
311
|
| `observability-engineer` | SLOs, health/readiness, structured logging, alerts — owns Observability Ready |
|
|
253
312
|
| `incident-responder` | Production-incident triage, mitigation, and postmortem (enterprise scope) |
|
|
254
313
|
| `pr-raiser` | Final checks, commit hygiene, and PR creation |
|
|
255
|
-
| **DB overlays** |
|
|
314
|
+
| **DB overlays** | installed for the selected database — PostgreSQL → `postgres-specialist` · `migration-specialist` · `db-performance-reviewer`; MongoDB → `mongodb-specialist` · `migration-specialist` |
|
|
256
315
|
| **Org personas** | `pm-copilot` · `founder-prototype-agent` · `support-ticket-engineer` · `data-workflow-agent` · `internal-tools-builder` (organization scope only) |
|
|
257
316
|
|
|
317
|
+
</details>
|
|
318
|
+
|
|
319
|
+
---
|
|
320
|
+
|
|
321
|
+
## Rules & skills
|
|
322
|
+
|
|
323
|
+
**Rules** ([`rules/`](rules/)) are the 23 stack-agnostic contracts every agent obeys — the
|
|
324
|
+
`mandatory-workflow` pipeline, `quality-gates`, `rarv-cycle`, `continuity`, `documentation`,
|
|
325
|
+
`testing`, the eight agent-operation rules (`reasoning-techniques`, `agent-guardrails`,
|
|
326
|
+
`agent-resilience`, `goal-setting-and-monitoring`, `human-in-the-loop`, `model-tiers`, `evals`,
|
|
327
|
+
`tool-design` — see [`docs/agentic-patterns.md`](docs/agentic-patterns.md)), and `autonomy-levels` +
|
|
328
|
+
`risk-classification` (see [`docs/org-capabilities.md`](docs/org-capabilities.md)). Stack **overlay
|
|
329
|
+
rules** (`fastapi-patterns`, `react-patterns`, `postgres-patterns`, …) and, in organization scope,
|
|
330
|
+
**org policy rules** (`secrets-policy`, `pii-policy`, `compliance-policy`, …) layer on top.
|
|
331
|
+
|
|
332
|
+
**Skills** ([`skills/`](skills/)) are on-demand capabilities Claude activates by context — led by the
|
|
333
|
+
`sdlc` entrypoint. Highlights, including this session's additions:
|
|
334
|
+
|
|
335
|
+
| Skill | What it does |
|
|
336
|
+
|---|---|
|
|
337
|
+
| `spec-driven-development` · `planning-and-task-breakdown` | Spec first, then a verifiable task breakdown |
|
|
338
|
+
| `task-tracker-sync` | Mirror a plan/story breakdown into GitHub / Linear / Jira issues (tracker-agnostic, idempotent) |
|
|
339
|
+
| `security-and-hardening` | Traditional appsec **+ opt-in LLM / AI Feature Security** (OWASP LLM Top 10, with a bypass + implications) |
|
|
340
|
+
| `threat-model` | Design-time STRIDE — now with an LLM/AI branch |
|
|
341
|
+
| `over-engineering-review` · `simplification-debt` | Keep the code lean: a complexity-only delete-list, and a deferral-debt ledger |
|
|
342
|
+
| `test-driven-development` · `debugging-and-error-recovery` · `code-review-and-quality` | The build / fix / review staples |
|
|
343
|
+
| `remember` | The self-improving learnings loop into `agent-memory/` |
|
|
344
|
+
|
|
345
|
+
Each profile installs a subset (`lean ⊂ standard ⊂ enterprise`).
|
|
346
|
+
|
|
258
347
|
---
|
|
259
348
|
|
|
260
349
|
## Catalog & extensibility
|
|
261
350
|
|
|
262
|
-
Everything selectable lives in [`catalog/`](catalog/) as data —
|
|
351
|
+
Everything selectable lives in [`catalog/`](catalog/) as **data** — adding a stack, framework,
|
|
263
352
|
database, profile, or MCP server is a YAML edit plus a `templates/stacks/<dir>/` folder, never a code
|
|
264
|
-
change
|
|
353
|
+
change.
|
|
354
|
+
|
|
355
|
+
<details>
|
|
356
|
+
<summary><b>The four catalog files</b></summary>
|
|
357
|
+
|
|
358
|
+
<br>
|
|
265
359
|
|
|
266
360
|
- **`catalog/stacks.yaml`** — frontend frameworks, backend languages → frameworks, and databases.
|
|
267
361
|
Live today: React · Python/FastAPI · PostgreSQL/MongoDB. Vue/Svelte/Django/Express are listed as
|
|
@@ -269,50 +363,28 @@ change**:
|
|
|
269
363
|
- **`catalog/profiles.yaml`** — what each profile activates (`inherit:` composes; `all` = everything).
|
|
270
364
|
- **`catalog/mcp.yaml`** — ready `.mcp.json` fragments per server, with `${ENV}` placeholders.
|
|
271
365
|
- **`catalog/org.yaml`** — the **organization layer**: scopes, teams, the autonomy model, review
|
|
272
|
-
strictness, and the 7 capability **packs**. Scope-gated content
|
|
273
|
-
|
|
366
|
+
strictness, and the 7 capability **packs**. Scope-gated content under `templates/org/` installs only
|
|
367
|
+
when `scope == organization`. See [`docs/org-capabilities.md`](docs/org-capabilities.md).
|
|
274
368
|
|
|
275
369
|
A third install dimension joins `profile` (a subset) and `stack` (an overlay): **org** (scope-gated).
|
|
276
370
|
`resolve()` stays branch-free — adding a pack, team, autonomy level, or org rule is a `catalog/org.yaml`
|
|
277
|
-
edit plus content under `templates/org/`, never a code change.
|
|
371
|
+
edit plus content under `templates/org/`, never a code change. Run **`claude-kit list-options`** to see
|
|
372
|
+
everything available.
|
|
278
373
|
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
---
|
|
282
|
-
|
|
283
|
-
## Rules & skills
|
|
284
|
-
|
|
285
|
-
**Rules** ([`rules/`](rules/)) are the stack-agnostic contracts every agent obeys — 23 files:
|
|
286
|
-
`mandatory-workflow`, `quality-gates`, `rarv-cycle`, `continuity`, `agent-memory`, `documentation`,
|
|
287
|
-
`design-patterns`, `code-organization`, `linting-and-formatting`, `testing`,
|
|
288
|
-
`frontend-best-practices`, `responsive-and-accessibility`, `devops-observability`, the
|
|
289
|
-
agent-operation rules `reasoning-techniques`, `agent-guardrails`, `agent-resilience`,
|
|
290
|
-
`goal-setting-and-monitoring`, `human-in-the-loop`, `model-tiers`, `evals`, and `tool-design` (how
|
|
291
|
-
the agents themselves reason, stay safe, recover, escalate, pick a model tier, run evals, and design
|
|
292
|
-
tools — see
|
|
293
|
-
[`docs/agentic-patterns.md`](docs/agentic-patterns.md)), plus `autonomy-levels` and
|
|
294
|
-
`risk-classification` (how much Claude may do before a human acts, and how work is risk-gated — see
|
|
295
|
-
[`docs/org-capabilities.md`](docs/org-capabilities.md)). Selected
|
|
296
|
-
**overlay rules** (e.g. `fastapi-patterns`, `react-patterns`, `postgres-patterns`,
|
|
297
|
-
`database-performance`) and, in organization scope, **org policy rules** (`secrets-policy`,
|
|
298
|
-
`pii-policy`, `production-data-policy`, `branch-and-pr-policy`, `compliance-policy`, …) are layered
|
|
299
|
-
on top.
|
|
300
|
-
|
|
301
|
-
**Skills** ([`skills/`](skills/)) are on-demand capabilities Claude activates by context — led by the
|
|
302
|
-
`sdlc` entrypoint, plus spec-driven development, planning, TDD, debugging, code review, security
|
|
303
|
-
hardening, API design, the `remember` learnings loop, and more. Each profile installs a subset.
|
|
374
|
+
</details>
|
|
304
375
|
|
|
305
376
|
---
|
|
306
377
|
|
|
307
378
|
## CLI reference
|
|
308
379
|
|
|
309
|
-
|
|
310
|
-
claude-kit
|
|
311
|
-
|
|
380
|
+
<details>
|
|
381
|
+
<summary><b>All commands</b> (<code>claude-kit</code> · aliases <code>ckit</code> · <code>claude-sdlc</code>)</summary>
|
|
382
|
+
|
|
383
|
+
<br>
|
|
312
384
|
|
|
313
385
|
| Command | Description |
|
|
314
386
|
|---------|-------------|
|
|
315
|
-
| `init [path] [--defaults] [--config FILE] [--force]` | Scaffold `CLAUDE.md` + `.claude/` (interactive
|
|
387
|
+
| `init [path] [--defaults] [--config FILE] [--force]` | Scaffold `CLAUDE.md` + `.claude/` (interactive or non-interactive) |
|
|
316
388
|
| `validate [path]` | Structurally validate an installed config |
|
|
317
389
|
| `doctor [path]` | Validate + environment/health checks with fix hints |
|
|
318
390
|
| `diff [path]` | Preview what an `upgrade` would change (no writes) |
|
|
@@ -320,40 +392,53 @@ claude-kit <command> # aliases: ckit · claude-sdlc
|
|
|
320
392
|
| `list-options` | List available frontend/backend/database/profile/MCP options |
|
|
321
393
|
| `status [path]` | Show what's installed, the selection, and working memory |
|
|
322
394
|
| `version` | Print the version |
|
|
323
|
-
| `package-org-pack` · `install-org-pack` | Package / install an organization capability pack (
|
|
395
|
+
| `package-org-pack` · `install-org-pack` | Package / install an organization capability pack (org scope) |
|
|
324
396
|
|
|
325
397
|
Plugin slash commands: `/claude-kit:init`, `/claude-kit:sdlc <task>`, `/claude-kit:status`; and the
|
|
326
398
|
`/sdlc` skill inside any scaffolded project.
|
|
327
399
|
|
|
328
|
-
|
|
400
|
+
</details>
|
|
329
401
|
|
|
330
|
-
|
|
402
|
+
<details>
|
|
403
|
+
<summary><b>Safe upgrades</b> — how your edits are protected</summary>
|
|
404
|
+
|
|
405
|
+
<br>
|
|
331
406
|
|
|
332
407
|
Every install records per-file checksums and an `owner` (kit / overlay / user-editable) in
|
|
333
408
|
`.claude/config/init-options.json`. `upgrade` refreshes kit and overlay files to the latest version,
|
|
334
|
-
**never clobbers your edits** (a user-modified file is kept and the new version
|
|
335
|
-
|
|
336
|
-
|
|
409
|
+
**never clobbers your edits** (a user-modified file is kept and the new version dropped beside it as a
|
|
410
|
+
`.claude-kit` sidecar), backs up anything it changes or removes, and restores files you deleted. Run
|
|
411
|
+
`diff` first to preview.
|
|
337
412
|
|
|
338
|
-
|
|
413
|
+
</details>
|
|
339
414
|
|
|
340
|
-
|
|
415
|
+
<details>
|
|
416
|
+
<summary><b>Troubleshooting</b></summary>
|
|
341
417
|
|
|
342
|
-
|
|
343
|
-
|
|
418
|
+
<br>
|
|
419
|
+
|
|
420
|
+
Run **`claude-kit doctor`** first — it checks your environment (git, `jq`, hook scripts) and prints fix
|
|
421
|
+
hints.
|
|
344
422
|
|
|
345
423
|
| Symptom | Likely cause | Fix |
|
|
346
424
|
|---|---|---|
|
|
347
|
-
| `/sdlc`, agents, or skills "not found" right after `init` | Claude Code hasn't loaded the new project config yet | **Restart Claude Code** — or use
|
|
425
|
+
| `/sdlc`, agents, or skills "not found" right after `init` | Claude Code hasn't loaded the new project config yet | **Restart Claude Code** — or use `/claude-kit:sdlc <task>` (works without a restart) |
|
|
348
426
|
| Guard / quality hooks seem to do nothing | `jq` isn't installed (the hooks parse tool input with it) | Install `jq`; without it the hooks degrade to no-ops by design |
|
|
349
427
|
| A selected MCP server won't start | `node` / `npx` missing (most MCP servers launch via `npx`) | Install Node.js, or remove the server from `.mcp.json` |
|
|
350
428
|
| `pip install claude-code-kit` fails | Not yet published to PyPI | Use `pip install "git+https://github.com/ajyadav013/claude-kit.git"` |
|
|
351
429
|
| `validate` reports missing files | Partial or outdated install | Re-run `claude-kit init` (choose **merge**), or `claude-kit upgrade` |
|
|
352
430
|
|
|
431
|
+
</details>
|
|
432
|
+
|
|
353
433
|
---
|
|
354
434
|
|
|
355
435
|
## Project structure
|
|
356
436
|
|
|
437
|
+
<details>
|
|
438
|
+
<summary><b>Repository layout</b></summary>
|
|
439
|
+
|
|
440
|
+
<br>
|
|
441
|
+
|
|
357
442
|
```
|
|
358
443
|
claude-kit/
|
|
359
444
|
├── .claude-plugin/ plugin.json + marketplace.json
|
|
@@ -369,6 +454,8 @@ claude-kit/
|
|
|
369
454
|
See [`docs/architecture.md`](docs/architecture.md) for the full picture and [`CLAUDE.md`](CLAUDE.md)
|
|
370
455
|
for how to develop the kit itself.
|
|
371
456
|
|
|
457
|
+
</details>
|
|
458
|
+
|
|
372
459
|
---
|
|
373
460
|
|
|
374
461
|
## Contributing
|