Browse Source

fix(docs): Repair dead skill references and stale counts

Mechanical cleanup bundle from ecosystem audit:

- review: drop dead "Reference Files" block (references/ is empty,
  framework-checks.md never existed)
- structural-search: fix citation security-ops.md -> security-patterns.md
- doc-scanner: delete stray root reference.md + templates.md that
  duplicated/shadowed the cited references/ files
- push-gate: cite references/gitleaks-config.toml (public-token
  allowlist) in the deps prose and Files table
- sync command: Quick Reference template counts -> "N available"
  placeholders so the template can't rot
- PLAN.md: tick Phase 1 CHANGELOG / doc-drift gate / CI skill-test
  boxes (all shipped in v3.0.0, wired in validate.yml); bump Last
  Updated (Commands count was already 3)
- hooks/README: add pre-write-peer-guard.sh + session-touched-ledger.sh
  to the tables, marked opt-in (not wired in hooks/hooks.json yet)
- marketplace.json: $schema anthropic.com URL (404s) -> SchemaStore
  claude-code-marketplace.json; claude plugin validate passes

Gates: claude plugin validate OK, tests/validate.sh 111 passed,
tests/doc-drift.sh clean.

NOTE: re-run scripts/install.ps1 after landing — ~/.claude is a copy
of this repo and serves stale files until synced.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
0xDarkMatter 6 days ago
parent
commit
eeb36d0064

+ 1 - 1
.claude-plugin/marketplace.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
+  "$schema": "https://json.schemastore.org/claude-code-marketplace.json",
   "name": "claude-mods",
   "description": "Custom commands, skills, agents, and rules for Claude Code",
   "owner": {

+ 2 - 2
commands/sync.md

@@ -288,8 +288,8 @@ Run `/auto-skill` to capture a workflow, or `auto-skill clear` to dismiss.
 | Category | Items |
 |----------|-------|
 | **Commands** | /save, /sync, /review, /testgen... |
-| **Skills** | 30 available |
-| **Agents** | 23 available |
+| **Skills** | N available |
+| **Agents** | N available |
 
 ## Next Steps
 

+ 4 - 4
docs/PLAN.md

@@ -3,7 +3,7 @@
 **Goal**: A centralized repository of custom Claude Code commands, agents, and skills that enhance Claude Code's native capabilities with persistent session state, specialized expert agents, and streamlined workflows.
 
 **Created**: 2025-11-27
-**Last Updated**: 2026-06-10
+**Last Updated**: 2026-07-05
 **Status**: Active Development
 
 > Historical record of what shipped lives in [CHANGELOG.md](../CHANGELOG.md) and the
@@ -33,9 +33,9 @@ Counts are enforced by the CI doc-drift gate (see roadmap) — if this table rot
 - [x] README skill/hook/rule tables match disk (24 missing skills added)
 - [x] Remove ghost references (`rules/thinking.md`, `docs/DASH.md`)
 - [x] Rename `tests/skills/functional/git-workflow.*` → `git-cli-tools.*`
-- [ ] `CHANGELOG.md` (keep-a-changelog format, seeded from Recent Updates)
-- [ ] CI: doc-drift gate (counts on disk vs README claims, ghost-link check)
-- [ ] CI: run every `skills/*/tests/run.sh` behavioural suite
+- [x] `CHANGELOG.md` (keep-a-changelog format, seeded from Recent Updates)
+- [x] CI: doc-drift gate (counts on disk vs README claims, ghost-link check)
+- [x] CI: run every `skills/*/tests/run.sh` behavioural suite
 
 ### Phase 2 — Skills-first restructure (v3.0)
 

+ 3 - 1
hooks/README.md

@@ -16,6 +16,8 @@ Claude Code hooks allow you to run custom scripts at key workflow points.
 | `config-change-guard.sh` | ConfigChange | Worm-persistence tripwire: when a Claude settings file changes mid-session, scan just that file for the vetted IOC set (curl\|sh, base64-decode eval, Invoke-Expression+Download, /dev/tcp, reads of `.claude/settings` / `.aws/credentials`). Silent on clean; advisory `systemMessage` on a finding. `SUPPLY_CHAIN_BLOCK=1` blocks the change (exit 2). Fast single-file sibling of `supply-chain-defense`'s `integrity-audit.sh`. |
 | `worktree-guard.sh` | PreToolUse (Bash) | Enforce `rules/worktree-boundaries.md`: flags `rm` on `.claude/worktrees`, `git worktree remove/prune` against worktrees, `git rm` on worktree gitlinks, and `git add -A`/`.` in a repo that has a `.claude/worktrees` dir. Sessions whose cwd is inside their own worktree are exempt. Advisory by default; `WORKTREE_GUARD_BLOCK=1` hard-denies (exit 2). |
 | `session-start-unicode-scan.sh` | SessionStart | One-shot hidden-Unicode scan of the project's instruction files (CLAUDE.md/AGENTS.md/SKILL.md/.cursorrules) at session boot. Silent on clean; advisory on a finding. Pairs with `prompt-injection-defense`. |
+| `pre-write-peer-guard.sh` | PreToolUse (Edit\|Write) | Mid-session peer-writer guard (`rules/worktree-boundaries.md`): before writing a file, warn if it was freshly modified by something that isn't this session — the signature of a live peer session sharing the checkout. Uses the touched-ledger to tell own edits apart. Advisory by default; `GUARD_BLOCK=1` denies the write. **Not yet wired in `hooks/hooks.json` — opt-in until wired.** |
+| `session-touched-ledger.sh` | PostToolUse (Edit\|Write) | Companion to `pre-write-peer-guard.sh`: records every file this session writes to `~/.claude/.session-touched/<session_id>.list` so the guard can distinguish this session's edits from a peer's. Silent, never blocks. **Not yet wired in `hooks/hooks.json` — opt-in until wired.** |
 | `pre-commit-unicode-scan.sh` | git pre-commit | Refuse commits that ADD hidden Unicode to instruction files. Silent on clean, warn on `high`, **block on `critical`** (tag-block / bidi override). Override once with `PROMPT_INJECTION_ALLOW=1`. |
 
 ## Auto-wired vs opt-in
@@ -27,7 +29,7 @@ paths resolved via `${CLAUDE_PLUGIN_ROOT}`:
 | Set | Hooks | Why |
 |-----|-------|-----|
 | **Auto-wired (security advisory)** | `pre-install-scan.sh` (PreToolUse Bash), `worktree-guard.sh` (PreToolUse Bash), `manifest-dep-scan.sh` (PostToolUse Write\|Edit), `session-start-unicode-scan.sh` (SessionStart), `config-change-guard.sh` (ConfigChange) | Silent-on-clean guardrails: zero noise until something is actually wrong, so they're safe to ship on by default. |
-| **Opt-in (opinionated / formatting)** | `pre-commit-lint.sh`, `post-edit-format.sh`, `dangerous-cmd-warn.sh`, `enforce-uv.sh`, `check-mail.sh`, `pre-commit-unicode-scan.sh` (a *git* hook) | Workflow opinions — wire them yourself per the examples below. |
+| **Opt-in (opinionated / formatting)** | `pre-commit-lint.sh`, `post-edit-format.sh`, `dangerous-cmd-warn.sh`, `enforce-uv.sh`, `check-mail.sh`, `pre-commit-unicode-scan.sh` (a *git* hook), `pre-write-peer-guard.sh` + `session-touched-ledger.sh` (peer-writer guard pair — wire both together) | Workflow opinions — wire them yourself per the examples below. |
 
 ### Env toggles (auto-wired set)
 

+ 0 - 82
skills/doc-scanner/reference.md

@@ -1,82 +0,0 @@
-# Supported Documentation Files
-
-Complete list of documentation files this skill scans for, organized by priority and category.
-
-## Glob Pattern
-
-Use this pattern to find all supported files:
-
-```
-{AGENTS,CLAUDE,GEMINI,COPILOT,CHATGPT,CODEIUM,CURSOR,WINDSURF,VSCODE,JETBRAINS,WARP,FIG,ZELLIJ,DEVCONTAINER,GITPOD,CODESPACES,AI,ASSISTANT}.md
-```
-
-## Files by Category
-
-### Priority 1: Platform-Agnostic
-
-| File | Description |
-|------|-------------|
-| `AGENTS.md` | Universal AI agent guide - works across all platforms |
-
-### Priority 2: Claude-Specific
-
-| File | Description |
-|------|-------------|
-| `CLAUDE.md` | Claude Code workflows, commands, and project conventions |
-
-### Priority 3: AI Assistants
-
-| File | Description |
-|------|-------------|
-| `GEMINI.md` | Google Gemini AI assistant configuration |
-| `COPILOT.md` | GitHub Copilot settings and workflows |
-| `CHATGPT.md` | ChatGPT/OpenAI integration guide |
-| `CODEIUM.md` | Codeium AI completion settings |
-
-### Priority 4: IDEs & Editors
-
-| File | Description |
-|------|-------------|
-| `CURSOR.md` | Cursor AI-first editor configuration |
-| `WINDSURF.md` | Windsurf editor workflows |
-| `VSCODE.md` | VS Code workspace settings and extensions |
-| `JETBRAINS.md` | IntelliJ, WebStorm, PyCharm configurations |
-
-### Priority 5: Terminal & CLI
-
-| File | Description |
-|------|-------------|
-| `WARP.md` | Warp terminal AI commands and workflows |
-| `FIG.md` | Fig terminal autocomplete scripts |
-| `ZELLIJ.md` | Zellij multiplexer layouts |
-
-### Priority 6: Development Environments
-
-| File | Description |
-|------|-------------|
-| `DEVCONTAINER.md` | VS Code dev container documentation |
-| `GITPOD.md` | Gitpod cloud development setup |
-| `CODESPACES.md` | GitHub Codespaces configuration |
-
-### Priority 7: Generic/Legacy
-
-| File | Description |
-|------|-------------|
-| `AI.md` | General AI assistant documentation |
-| `ASSISTANT.md` | Generic assistant guide |
-
-## Content Expectations
-
-Each documentation file typically contains:
-
-- **Recommended agents** - Which specialized agents to use
-- **Workflows** - Step-by-step processes for common tasks
-- **Commands** - CLI commands, scripts, or shortcuts
-- **Conventions** - Code style, naming, architecture patterns
-- **Project structure** - Directory layout explanations
-- **Testing** - How to run and write tests
-- **Deployment** - Build and release processes
-
-## Adding New Formats
-
-To support additional documentation formats, add them to the appropriate priority category above and update the glob pattern.

+ 0 - 197
skills/doc-scanner/templates.md

@@ -1,197 +0,0 @@
-# Documentation Templates
-
-Use these templates when creating or consolidating project documentation.
-
-## AGENTS.md Template
-
-```markdown
-# Project Name - Agent Guide
-
-Brief description of the project and what it does.
-
-## Quick Reference
-
-| Task | Agent | Example Prompt |
-|------|-------|----------------|
-| Web scraping | `firecrawl-expert` | "Extract structured data from this site" |
-| Project cleanup | `project-organizer` | "Restructure this directory layout" |
-| Git operations | `git-agent` | "Commit and open a PR for these changes" |
-
-## Primary Agents
-
-### agent-name
-
-**When to use:** Describe scenarios where this agent excels.
-
-**Example prompts:**
-- "Example task description 1"
-- "Example task description 2"
-
-**Capabilities:**
-- Capability 1
-- Capability 2
-
-### another-agent
-
-**When to use:** Different scenarios for this agent.
-
-**Example prompts:**
-- "Another example prompt"
-
-## Secondary Agents
-
-### situational-agent
-
-**When to use:** Specific situations only.
-
-## Project Structure
-
-```
-project/
-├── src/           # Source code
-├── tests/         # Test files
-├── docs/          # Documentation
-└── scripts/       # Utility scripts
-```
-
-## Common Workflows
-
-### Development
-
-1. Step one of workflow
-2. Step two of workflow
-3. Step three of workflow
-
-### Testing
-
-```bash
-# Run all tests
-npm test
-
-# Run specific test
-npm test -- --grep "pattern"
-```
-
-### Deployment
-
-```bash
-# Build for production
-npm run build
-
-# Deploy to staging
-npm run deploy:staging
-```
-
-## Conventions
-
-- **Naming:** camelCase for functions, PascalCase for classes
-- **Files:** kebab-case for file names
-- **Commits:** Conventional commits format
-
-## Environment Setup
-
-1. Clone repository
-2. Install dependencies: `npm install`
-3. Copy `.env.example` to `.env`
-4. Start development: `npm run dev`
-```
-
-## CLAUDE.md Template
-
-```markdown
-# Project Name - Claude Code Workflow
-
-## Project Overview
-
-Brief description of project purpose and architecture.
-
-## Directory Structure
-
-- `src/` - Main source code
-- `tests/` - Test suites
-- `scripts/` - Automation scripts
-
-## Development Commands
-
-```bash
-# Start development server
-npm run dev
-
-# Run tests
-npm test
-
-# Build for production
-npm run build
-```
-
-## Code Style
-
-- Use TypeScript strict mode
-- Prefer functional patterns
-- Document public APIs
-
-## Testing Strategy
-
-- Unit tests in `__tests__/` directories
-- Integration tests in `tests/integration/`
-- Run `npm test` before committing
-
-## Common Tasks
-
-### Adding a New Feature
-
-1. Create feature branch
-2. Implement with tests
-3. Update documentation
-4. Create PR
-
-### Debugging
-
-- Use `DEBUG=*` environment variable
-- Check logs in `logs/` directory
-
-## Architecture Notes
-
-Key architectural decisions and patterns used in this project.
-```
-
-## Consolidation Format
-
-When merging multiple docs, use this structure:
-
-```markdown
-# Project Name - Agent Guide
-
-<!-- Consolidated from: CLAUDE.md, CURSOR.md, WARP.md -->
-<!-- Generated: YYYY-MM-DD -->
-
-## Quick Reference
-
-[Merged quick reference from all sources]
-
-## Primary Agents
-
-[Combined agent recommendations]
-
-## Workflows
-
-### General Workflows
-
-[Platform-agnostic workflows]
-
-### Platform-Specific Notes
-
-<!-- Source: CURSOR.md -->
-**Cursor:** Specific keybindings or features
-
-<!-- Source: WARP.md -->
-**Warp:** Terminal-specific commands
-
-## Conventions
-
-[Merged conventions - note any conflicts]
-
-## Commands
-
-[Consolidated commands with platform annotations where needed]
-```

+ 2 - 1
skills/push-gate/SKILL.md

@@ -72,7 +72,7 @@ The script prints a structured report and exits with:
 | **ripgrep** (required) | Regex fallback layer + forbidden-file scan | Usually pre-installed; `winget install BurntSushi.ripgrep.MSVC` / `brew install ripgrep` |
 | **git** ≥ 2.30 | Core operations | Standard |
 
-Both secret layers must pass: gitleaks detects known token formats with a maintained corpus; the regex layer catches generic `password = "..."` / DSN / connection-string patterns that gitleaks may miss. See `references/secret-patterns.txt` for the regex corpus.
+Both secret layers must pass: gitleaks detects known token formats with a maintained corpus; the regex layer catches generic `password = "..."` / DSN / connection-string patterns that gitleaks may miss. See `references/secret-patterns.txt` for the regex corpus. Gitleaks runs with `references/gitleaks-config.toml` (default rule set + an allowlist for public-by-design tokens, e.g. Mapbox `pk.*`); if that file is absent, the scan falls back to gitleaks' built-in default config.
 
 ## Trigger phrases
 
@@ -103,4 +103,5 @@ The regex layer filters common false positives automatically (env-var references
 | `scripts/preflight.sh` | Main orchestration (Steps 1–8) |
 | `scripts/scan-secrets.sh` | Gitleaks + regex layer (Step 6) |
 | `references/secret-patterns.txt` | Regex corpus + false-positive filter words |
+| `references/gitleaks-config.toml` | Gitleaks config: default rules + public-token allowlist (used by `scan-secrets.sh` when present) |
 | `assets/` | (empty; reserved for future report templates) |

+ 0 - 7
skills/review/SKILL.md

@@ -401,13 +401,6 @@ command -v delta >/dev/null 2>&1 && git diff --cached | delta || git diff --cach
 
 ---
 
-## Reference Files
-
-For framework-specific checks, see:
-- `framework-checks.md` - React, TypeScript, Python, Go, Rust, Vue, SQL patterns
-
----
-
 ## Integration
 
 | Command | Relationship |

+ 1 - 1
skills/structural-search/SKILL.md

@@ -96,6 +96,6 @@ For complete patterns, load:
 - `./references/js-ts-patterns.md` - JavaScript/TypeScript patterns
 - `./references/python-patterns.md` - Python patterns
 - `./references/go-rust-patterns.md` - Go and Rust patterns
-- `./references/security-ops.md` - Security vulnerability detection
+- `./references/security-patterns.md` - Security vulnerability detection
 - `./references/advanced-usage.md` - YAML rules and tool integration
 - `./assets/rule-template.yaml` - Starter template for custom rules