- Fix path traversal regex prefix confusion in perl-security skill
- Revert v1.4.0 changelog entry (Perl not part of that release)
- Rename $a/$b to $x/$y to avoid shadowing sort globals
- Replace return undef with bare return per perlcritic rules
Add rules/perl/ with 5 rule files (coding-style, testing, patterns,
hooks, security) following the same structure as existing languages.
Update README.md, README.zh-CN.md, and rules/README.md to document
Perl support including badges, directory trees, install instructions,
and rule counts.
Revised the documentation for the `/save-session` command to reflect the actual resolved path to the session file, enhancing clarity for users regarding where their session data is stored. This change aligns with previous updates to session file management.
Revised the documentation for both the and commands to clarify that session files are saved and loaded from the project-level directory, rather than the global directory. This change enhances user understanding of session management and ensures consistency in file path references.
Updated the documentation for the `/resume-session` command to specify that session files are loaded from the project-level `.claude/sessions/` directory first, with a fallback to the global `~/.claude/sessions/` directory. Enhanced usage examples and clarified the process for locating session files, improving user understanding of session management.
Updated the documentation for the `/save-session` command to include detailed rules for generating the session short-id, including allowed characters, minimum length, and examples of valid and invalid formats. This improves clarity and helps users adhere to the required naming conventions.
Updated the documentation for the `/resume-session` and `/save-session` commands to reflect the correct file paths, changing references from `.claude/sessions/` to `~/.claude/sessions/`. This ensures clarity on the global directory used for session management and maintains consistency across commands.
Introduced two new commands: `/resume-session` and `/save-session`. The `/resume-session` command allows users to load the most recent session file or a specific session file, providing a structured briefing of the session's context. The `/save-session` command captures the current session state, saving it to a dated file for future reference. Both commands enhance user experience by enabling seamless session continuity and context preservation.
The Explore agent is a "Fast agent" optimized for codebase exploration,
not deep reasoning. The skill-stocktake V4 design requires holistic AI
judgment (actionability, scope fit, uniqueness, currency) which needs
the full reasoning capability of the conversation's main model.
Additionally, the Agent tool has no `model` parameter — specifying
`model: opus` was silently ignored, causing the evaluation to run on
the lightweight Explore model. This resulted in all skills receiving
"Keep" verdicts without genuine critical analysis.
Changing to `general-purpose` agent ensures evaluation runs on the
conversation's main model (e.g., Opus 4.6), enabling the holistic
judgment that V4 was designed for.
Replace the 5-dimension numeric scoring rubric with a checklist + holistic
verdict system (Save / Improve then Save / Absorb into [X] / Drop).
Key improvements:
- Explicit pre-save checklist: grep skills/ for duplicates, check MEMORY.md,
consider appending to existing skills, confirm reusability
- 4-way verdict instead of binary save/don't-save: adds "Absorb into [X]"
to prevent skill file proliferation, and "Improve then Save" for iterative
refinement
- Verdict-specific confirmation flows tailored to each outcome
- Design rationale explaining why holistic judgment outperforms numeric
scoring with modern frontier models
- Pin installation to specific commit hash (full SHA) to mitigate
supply-chain risk (cubic-dev-ai feedback)
- Add "When to Use", "How It Works", "Examples" sections to match
repo skill format conventions (coderabbitai feedback)
- Add review-before-update instructions for safe version upgrades
- Emphasize zero-runtime-risk: pure Markdown, no executable code
Claude Code sends tool output as `tool_response` in PostToolUse hook
payloads, but observe.sh only checked for `tool_output` and `output`.
This caused all observations to have empty output fields, making the
observer pipeline blind to tool results.
Adds `tool_response` as the primary field to check, with backward-
compatible fallback to the existing `tool_output` and `output` fields.
Extract BIOME_CONFIGS and PRETTIER_CONFIGS as shared constants to eliminate
duplication between PROJECT_ROOT_MARKERS and detectFormatter(). Unify the
biome/prettier branches in resolveFormatterBin() via a FORMATTER_PACKAGES
map. Remove redundant path.resolve() in quality-gate.js.
Handle Windows .cmd shim resolution via spawnSync with strict path
validation. Removes shell:true injection risk, uses strict equality,
and restores .cmd support with path injection guard.
Invoke hook scripts directly via require() when they export a
run(rawInput) function, eliminating one Node.js process spawn per
hook invocation (~50-100ms).
Includes path traversal guard, timeouts, error logging, PR review
feedback, legacy hooks guard, normalized filePath, and restored
findProjectRoot config detection with package manager support.
- Use local node_modules/.bin/biome binary instead of npx (~200-500ms savings)
- Change post-edit-format from `biome format --write` to `biome check --write`
(format + lint in one pass)
- Skip redundant biome check in quality-gate for JS/TS files already
handled by post-edit-format
- Fix quality-gate to use findProjectRoot instead of process.cwd()
- Export run() function from both hooks for direct invocation
- Update tests to match shared resolve-formatter module usage
Extract project-root discovery, formatter detection, and binary
resolution into a reusable module. Caches results per-process to
avoid redundant filesystem lookups on every Edit hook invocation.
This is the foundation for eliminating npx overhead in format hooks.
PR #344 replaced the blocking dev-server hook with auto-tmux-dev.js
which transforms commands into tmux sessions (exit 0) instead of
blocking them (exit 2). Updated 2 tests to match the new behavior.
The "Traction & Distribution" section contained internal business
context (sponsor-call checklists, partner reporting instructions)
that doesn't belong in a user-facing README.
The "Traction & Distribution" section contained internal business
context (sponsor-call checklists, partner reporting instructions)
that doesn't belong in a user-facing README. Moved to docs/business/.
