fix(skills): wire laravel plugin discovery into installs

- Add laraplugins MCP server to mcp-configs/mcp-servers.json
- Create laravel-plugin-discovery skill for Laravel package discovery
- Supports searching by keyword, health score, Laravel/PHP version
- No API key required - free for Laravel community

AGENTS.md

@@ -1,6 +1,6 @@
 # Everything Claude Code (ECC) — Agent Instructions
 
-This is a **production-ready AI coding plugin** providing 28 specialized agents, 125 skills, 60 commands, and automated hook workflows for software development.
+This is a **production-ready AI coding plugin** providing 28 specialized agents, 126 skills, 60 commands, and automated hook workflows for software development.
 
 **Version:** 1.9.0
 
@@ -142,7 +142,7 @@ Troubleshoot failures: check test isolation → verify mocks → fix implementat
 
 ```
 agents/          — 28 specialized subagents
-skills/          — 125 workflow skills and domain knowledge
+skills/          — 126 workflow skills and domain knowledge
 commands/        — 60 slash commands
 hooks/           — Trigger-based automations
 rules/           — Always-follow guidelines (common + per-language)

CONTRIBUTING.md

@@ -73,6 +73,13 @@ git add . && git commit -m "feat: add my-skill" && git push -u origin feat/my-co
 
 Skills are knowledge modules that Claude Code loads based on context.
 
+> **📚 Comprehensive Guide:** For detailed guidance on creating effective skills, see [Skill Development Guide](docs/SKILL-DEVELOPMENT-GUIDE.md). It covers:
+> - Skill architecture and categories
+> - Writing effective content with examples
+> - Best practices and common patterns
+> - Testing and validation
+> - Complete examples gallery
+
 ### Directory Structure
 
 ```
@@ -86,7 +93,7 @@ skills/
 ```markdown
 ---
 name: your-skill-name
-description: Brief description shown in skill list
+description: Brief description shown in skill list and used for auto-activation
 origin: ECC
 ---
 
@@ -94,6 +101,10 @@ origin: ECC
 
 Brief overview of what this skill covers.
 
+## When to Activate
+
+Describe scenarios where Claude should use this skill. This is critical for auto-activation.
+
 ## Core Concepts
 
 Explain key patterns and guidelines.
@@ -107,33 +118,54 @@ function example() {
 }
 \`\`\`
 
+## Anti-Patterns
+
+Show what NOT to do with examples.
+
 ## Best Practices
 
 - Actionable guidelines
 - Do's and don'ts
 - Common pitfalls to avoid
 
-## When to Use
+## Related Skills
 
-Describe scenarios where this skill applies.
+Link to complementary skills (e.g., `related-skill-1`, `related-skill-2`).
 ```
 
+### Skill Categories
+
+| Category | Purpose | Examples |
+|----------|---------|----------|
+| **Language Standards** | Idioms, conventions, best practices | `python-patterns`, `golang-patterns` |
+| **Framework Patterns** | Framework-specific guidance | `django-patterns`, `nextjs-patterns` |
+| **Workflow** | Step-by-step processes | `tdd-workflow`, `refactoring-workflow` |
+| **Domain Knowledge** | Specialized domains | `security-review`, `api-design` |
+| **Tool Integration** | Tool/library usage | `docker-patterns`, `supabase-patterns` |
+| **Template** | Project-specific skill templates | `project-guidelines-example` |
+
 ### Skill Checklist
 
-- [ ] Focused on one domain/technology
-- [ ] Includes practical code examples
-- [ ] Under 500 lines
+- [ ] Focused on one domain/technology (not too broad)
+- [ ] Includes "When to Activate" section for auto-activation
+- [ ] Includes practical, copy-pasteable code examples
+- [ ] Shows anti-patterns (what NOT to do)
+- [ ] Under 500 lines (800 max)
 - [ ] Uses clear section headers
 - [ ] Tested with Claude Code
+- [ ] Links to related skills
+- [ ] No sensitive data (API keys, tokens, paths)
 
 ### Example Skills
 
-| Skill | Purpose |
-|-------|---------|
-| `coding-standards/` | TypeScript/JavaScript patterns |
-| `frontend-patterns/` | React and Next.js best practices |
-| `backend-patterns/` | API and database patterns |
-| `security-review/` | Security checklist |
+| Skill | Category | Purpose |
+|-------|----------|---------|
+| `coding-standards/` | Language Standards | TypeScript/JavaScript patterns |
+| `frontend-patterns/` | Framework Patterns | React and Next.js best practices |
+| `backend-patterns/` | Framework Patterns | API and database patterns |
+| `security-review/` | Domain Knowledge | Security checklist |
+| `tdd-workflow/` | Workflow | Test-driven development process |
+| `project-guidelines-example/` | Template | Project-specific skill template |
 
 ---
 

README.md

@@ -222,7 +222,7 @@ For manual install instructions see the README in the `rules/` folder. When copy
 /plugin list everything-claude-code@everything-claude-code
 ```
 
-✨ **That's it!** You now have access to 28 agents, 125 skills, and 60 commands.
+✨ **That's it!** You now have access to 28 agents, 126 skills, and 60 commands.
 
 ### Multi-model commands require additional setup
 
@@ -1113,7 +1113,7 @@ The configuration is automatically detected from `.opencode/opencode.json`.
 |---------|-------------|----------|--------|
 | Agents | ✅ 28 agents | ✅ 12 agents | **Claude Code leads** |
 | Commands | ✅ 60 commands | ✅ 31 commands | **Claude Code leads** |
-| Skills | ✅ 125 skills | ✅ 37 skills | **Claude Code leads** |
+| Skills | ✅ 126 skills | ✅ 37 skills | **Claude Code leads** |
 | Hooks | ✅ 8 event types | ✅ 11 events | **OpenCode has more!** |
 | Rules | ✅ 29 rules | ✅ 13 instructions | **Claude Code leads** |
 | MCP Servers | ✅ 14 servers | ✅ Full | **Full parity** |

docs/SKILL-DEVELOPMENT-GUIDE.md

@@ -0,0 +1,919 @@
+# Skill Development Guide
+
+A comprehensive guide to creating effective skills for Everything Claude Code (ECC).
+
+## Table of Contents
+
+- [What Are Skills?](#what-are-skills)
+- [Skill Architecture](#skill-architecture)
+- [Creating Your First Skill](#creating-your-first-skill)
+- [Skill Categories](#skill-categories)
+- [Writing Effective Skill Content](#writing-effective-skill-content)
+- [Best Practices](#best-practices)
+- [Common Patterns](#common-patterns)
+- [Testing Your Skill](#testing-your-skill)
+- [Submitting Your Skill](#submitting-your-skill)
+- [Examples Gallery](#examples-gallery)
+
+---
+
+## What Are Skills?
+
+Skills are **knowledge modules** that Claude Code loads based on context. They provide:
+
+- **Domain expertise**: Framework patterns, language idioms, best practices
+- **Workflow definitions**: Step-by-step processes for common tasks
+- **Reference material**: Code snippets, checklists, decision trees
+- **Context injection**: Activate when specific conditions are met
+
+Unlike **agents** (specialized subassistants) or **commands** (user-triggered actions), skills are passive knowledge that Claude Code references when relevant.
+
+### When Skills Activate
+
+Skills activate when:
+- The user's task matches the skill's domain
+- Claude Code detects relevant context
+- A command references a skill
+- An agent needs domain knowledge
+
+### Skill vs Agent vs Command
+
+| Component | Purpose | Activation |
+|-----------|---------|------------|
+| **Skill** | Knowledge repository | Context-based (automatic) |
+| **Agent** | Task executor | Explicit delegation |
+| **Command** | User action | User-invoked (`/command`) |
+| **Hook** | Automation | Event-triggered |
+| **Rule** | Always-on guidelines | Always active |
+
+---
+
+## Skill Architecture
+
+### File Structure
+
+```
+skills/
+└── your-skill-name/
+    ├── SKILL.md           # Required: Main skill definition
+    ├── examples/          # Optional: Code examples
+    │   ├── basic.ts
+    │   └── advanced.ts
+    └── references/        # Optional: External references
+        └── links.md
+```
+
+### SKILL.md Format
+
+```markdown
+---
+name: skill-name
+description: Brief description shown in skill list and used for auto-activation
+origin: ECC
+---
+
+# Skill Title
+
+Brief overview of what this skill covers.
+
+## When to Activate
+
+Describe scenarios where Claude should use this skill.
+
+## Core Concepts
+
+Main patterns and guidelines.
+
+## Code Examples
+
+\`\`\`typescript
+// Practical, tested examples
+\`\`\`
+
+## Anti-Patterns
+
+Show what NOT to do with concrete examples.
+
+## Best Practices
+
+- Actionable guidelines
+- Do's and don'ts
+
+## Related Skills
+
+Link to complementary skills.
+```
+
+### YAML Frontmatter Fields
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `name` | Yes | Lowercase, hyphenated identifier (e.g., `react-patterns`) |
+| `description` | Yes | One-line description for skill list and auto-activation |
+| `origin` | No | Source identifier (e.g., `ECC`, `community`, project name) |
+| `tags` | No | Array of tags for categorization |
+| `version` | No | Skill version for tracking updates |
+
+---
+
+## Creating Your First Skill
+
+### Step 1: Choose a Focus
+
+Good skills are **focused and actionable**:
+
+| ✅ Good Focus | ❌ Too Broad |
+|---------------|--------------|
+| `react-hook-patterns` | `react` |
+| `postgresql-indexing` | `databases` |
+| `pytest-fixtures` | `python-testing` |
+| `nextjs-app-router` | `nextjs` |
+
+### Step 2: Create the Directory
+
+```bash
+mkdir -p skills/your-skill-name
+```
+
+### Step 3: Write SKILL.md
+
+Here's a minimal template:
+
+```markdown
+---
+name: your-skill-name
+description: Brief description of when to use this skill
+---
+
+# Your Skill Title
+
+Brief overview (1-2 sentences).
+
+## When to Activate
+
+- Scenario 1
+- Scenario 2
+- Scenario 3
+
+## Core Concepts
+
+### Concept 1
+
+Explanation with examples.
+
+### Concept 2
+
+Another pattern with code.
+
+## Code Examples
+
+\`\`\`typescript
+// Practical example
+\`\`\`
+
+## Best Practices
+
+- Do this
+- Avoid that
+
+## Related Skills
+
+- `related-skill-1`
+- `related-skill-2`
+```
+
+### Step 4: Add Content
+
+Write content that Claude can **immediately use**:
+
+- ✅ Copy-pasteable code examples
+- ✅ Clear decision trees
+- ✅ Checklists for verification
+- ❌ Vague explanations without examples
+- ❌ Long prose without actionable guidance
+
+---
+
+## Skill Categories
+
+### Language Standards
+
+Focus on idiomatic code, naming conventions, and language-specific patterns.
+
+**Examples:** `python-patterns`, `golang-patterns`, `typescript-standards`
+
+```markdown
+---
+name: python-patterns
+description: Python idioms, best practices, and patterns for clean, idiomatic code.
+---
+
+# Python Patterns
+
+## When to Activate
+
+- Writing Python code
+- Refactoring Python modules
+- Python code review
+
+## Core Concepts
+
+### Context Managers
+
+\`\`\`python
+# Always use context managers for resources
+with open('file.txt') as f:
+    content = f.read()
+\`\`\`
+```
+
+### Framework Patterns
+
+Focus on framework-specific conventions, common patterns, and anti-patterns.
+
+**Examples:** `django-patterns`, `nextjs-patterns`, `springboot-patterns`
+
+```markdown
+---
+name: django-patterns
+description: Django best practices for models, views, URLs, and templates.
+---
+
+# Django Patterns
+
+## When to Activate
+
+- Building Django applications
+- Creating models and views
+- Django URL configuration
+```
+
+### Workflow Skills
+
+Define step-by-step processes for common development tasks.
+
+**Examples:** `tdd-workflow`, `code-review-workflow`, `deployment-checklist`
+
+```markdown
+---
+name: code-review-workflow
+description: Systematic code review process for quality and security.
+---
+
+# Code Review Workflow
+
+## Steps
+
+1. **Understand Context** - Read PR description and linked issues
+2. **Check Tests** - Verify test coverage and quality
+3. **Review Logic** - Analyze implementation for correctness
+4. **Check Security** - Look for vulnerabilities
+5. **Verify Style** - Ensure code follows conventions
+```
+
+### Domain Knowledge
+
+Specialized knowledge for specific domains (security, performance, etc.).
+
+**Examples:** `security-review`, `performance-optimization`, `api-design`
+
+```markdown
+---
+name: api-design
+description: REST and GraphQL API design patterns, versioning, and best practices.
+---
+
+# API Design Patterns
+
+## RESTful Conventions
+
+| Method | Endpoint | Purpose |
+|--------|----------|---------|
+| GET | /resources | List all |
+| GET | /resources/:id | Get one |
+| POST | /resources | Create |
+```
+
+### Tool Integration
+
+Guidance for using specific tools, libraries, or services.
+
+**Examples:** `supabase-patterns`, `docker-patterns`, `mcp-server-patterns`
+
+---
+
+## Writing Effective Skill Content
+
+### 1. Start with "When to Activate"
+
+This section is **critical** for auto-activation. Be specific:
+
+```markdown
+## When to Activate
+
+- Creating new React components
+- Refactoring existing components
+- Debugging React state issues
+- Reviewing React code for best practices
+```
+
+### 2. Use "Show, Don't Tell"
+
+Bad:
+```markdown
+## Error Handling
+
+Always handle errors properly in async functions.
+```
+
+Good:
+```markdown
+## Error Handling
+
+\`\`\`typescript
+async function fetchData(url: string) {
+  try {
+    const response = await fetch(url)
+    
+    if (!response.ok) {
+      throw new Error(\`HTTP \${response.status}: \${response.statusText}\`)
+    }
+    
+    return await response.json()
+  } catch (error) {
+    console.error('Fetch failed:', error)
+    throw new Error('Failed to fetch data')
+  }
+}
+\`\`\`
+
+### Key Points
+
+- Check \`response.ok\` before parsing
+- Log errors for debugging
+- Re-throw with user-friendly message
+```
+
+### 3. Include Anti-Patterns
+
+Show what NOT to do:
+
+```markdown
+## Anti-Patterns
+
+### ❌ Direct State Mutation
+
+\`\`\`typescript
+// NEVER do this
+user.name = 'New Name'
+items.push(newItem)
+\`\`\`
+
+### ✅ Immutable Updates
+
+\`\`\`typescript
+// ALWAYS do this
+const updatedUser = { ...user, name: 'New Name' }
+const updatedItems = [...items, newItem]
+\`\`\`
+```
+
+### 4. Provide Checklists
+
+Checklists are actionable and easy to follow:
+
+```markdown
+## Pre-Deployment Checklist
+
+- [ ] All tests passing
+- [ ] No console.log in production code
+- [ ] Environment variables documented
+- [ ] Secrets not hardcoded
+- [ ] Error handling complete
+- [ ] Input validation in place
+```
+
+### 5. Use Decision Trees
+
+For complex decisions:
+
+```markdown
+## Choosing the Right Approach
+
+\`\`\`
+Need to fetch data?
+├── Single request → use fetch directly
+├── Multiple independent → Promise.all()
+├── Multiple dependent → await sequentially
+└── With caching → use SWR or React Query
+\`\`\`
+```
+
+---
+
+## Best Practices
+
+### DO
+
+| Practice | Example |
+|----------|---------|
+| **Be specific** | "Use \`useCallback\` for event handlers passed to child components" |
+| **Show examples** | Include copy-pasteable code |
+| **Explain WHY** | "Immutability prevents unexpected side effects in React state" |
+| **Link related skills** | "See also: \`react-performance\`" |
+| **Keep focused** | One skill = one domain/concept |
+| **Use sections** | Clear headers for easy scanning |
+
+### DON'T
+
+| Practice | Why It's Bad |
+|----------|--------------|
+| **Be vague** | "Write good code" - not actionable |
+| **Long prose** | Hard to parse, better as code |
+| **Cover too much** | "Python, Django, and Flask patterns" - too broad |
+| **Skip examples** | Theory without practice is less useful |
+| **Ignore anti-patterns** | Learning what NOT to do is valuable |
+
+### Content Guidelines
+
+1. **Length**: 200-500 lines typical, 800 lines maximum
+2. **Code blocks**: Include language identifier
+3. **Headers**: Use `##` and `###` hierarchy
+4. **Lists**: Use `-` for unordered, `1.` for ordered
+5. **Tables**: For comparisons and references
+
+---
+
+## Common Patterns
+
+### Pattern 1: Standards Skill
+
+```markdown
+---
+name: language-standards
+description: Coding standards and best practices for [language].
+---
+
+# [Language] Coding Standards
+
+## When to Activate
+
+- Writing [language] code
+- Code review
+- Setting up linting
+
+## Naming Conventions
+
+| Element | Convention | Example |
+|---------|------------|---------|
+| Variables | camelCase | userName |
+| Constants | SCREAMING_SNAKE | MAX_RETRY |
+| Functions | camelCase | fetchUser |
+| Classes | PascalCase | UserService |
+
+## Code Examples
+
+[Include practical examples]
+
+## Linting Setup
+
+[Include configuration]
+
+## Related Skills
+
+- `language-testing`
+- `language-security`
+```
+
+### Pattern 2: Workflow Skill
+
+```markdown
+---
+name: task-workflow
+description: Step-by-step workflow for [task].
+---
+
+# [Task] Workflow
+
+## When to Activate
+
+- [Trigger 1]
+- [Trigger 2]
+
+## Prerequisites
+
+- [Requirement 1]
+- [Requirement 2]
+
+## Steps
+
+### Step 1: [Name]
+
+[Description]
+
+\`\`\`bash
+[Commands]
+\`\`\`
+
+### Step 2: [Name]
+
+[Description]
+
+## Verification
+
+- [ ] [Check 1]
+- [ ] [Check 2]
+
+## Troubleshooting
+
+| Problem | Solution |
+|---------|----------|
+| [Issue] | [Fix] |
+```
+
+### Pattern 3: Reference Skill
+
+```markdown
+---
+name: api-reference
+description: Quick reference for [API/Library].
+---
+
+# [API/Library] Reference
+
+## When to Activate
+
+- Using [API/Library]
+- Looking up [API/Library] syntax
+
+## Common Operations
+
+### Operation 1
+
+\`\`\`typescript
+// Basic usage
+\`\`\`
+
+### Operation 2
+
+\`\`\`typescript
+// Advanced usage
+\`\`\`
+
+## Configuration
+
+[Include config examples]
+
+## Error Handling
+
+[Include error patterns]
+```
+
+---
+
+## Testing Your Skill
+
+### Local Testing
+
+1. **Copy to Claude Code skills directory**:
+   ```bash
+   cp -r skills/your-skill-name ~/.claude/skills/
+   ```
+
+2. **Test with Claude Code**:
+   ```
+   You: "I need to [task that should trigger your skill]"
+   
+   Claude should reference your skill's patterns.
+   ```
+
+3. **Verify activation**:
+   - Ask Claude to explain a concept from your skill
+   - Check if it uses your examples and patterns
+   - Ensure it follows your guidelines
+
+### Validation Checklist
+
+- [ ] **YAML frontmatter valid** - No syntax errors
+- [ ] **Name follows convention** - lowercase-with-hyphens
+- [ ] **Description is clear** - Tells when to use
+- [ ] **Examples work** - Code compiles and runs
+- [ ] **Links valid** - Related skills exist
+- [ ] **No sensitive data** - No API keys, tokens, paths
+
+### Code Example Testing
+
+Test all code examples:
+
+```bash
+# From the repo root
+npx tsc --noEmit skills/your-skill-name/examples/*.ts
+
+# Or from inside the skill directory
+npx tsc --noEmit examples/*.ts
+
+# From the repo root
+python -m py_compile skills/your-skill-name/examples/*.py
+
+# Or from inside the skill directory
+python -m py_compile examples/*.py
+
+# From the repo root
+go build ./skills/your-skill-name/examples/...
+
+# Or from inside the skill directory
+go build ./examples/...
+```
+
+---
+
+## Submitting Your Skill
+
+### 1. Fork and Clone
+
+```bash
+gh repo fork affaan-m/everything-claude-code --clone
+cd everything-claude-code
+```
+
+### 2. Create Branch
+
+```bash
+git checkout -b feat/skill-your-skill-name
+```
+
+### 3. Add Your Skill
+
+```bash
+mkdir -p skills/your-skill-name
+# Create SKILL.md
+```
+
+### 4. Validate
+
+```bash
+# Check YAML frontmatter
+head -10 skills/your-skill-name/SKILL.md
+
+# Verify structure
+ls -la skills/your-skill-name/
+
+# Run tests if available
+npm test
+```
+
+### 5. Commit and Push
+
+```bash
+git add skills/your-skill-name/
+git commit -m "feat(skills): add your-skill-name skill"
+git push -u origin feat/skill-your-skill-name
+```
+
+### 6. Create Pull Request
+
+Use this PR template:
+
+```markdown
+## Summary
+
+Brief description of the skill and why it's valuable.
+
+## Skill Type
+
+- [ ] Language standards
+- [ ] Framework patterns
+- [ ] Workflow
+- [ ] Domain knowledge
+- [ ] Tool integration
+
+## Testing
+
+How I tested this skill locally.
+
+## Checklist
+
+- [ ] YAML frontmatter valid
+- [ ] Code examples tested
+- [ ] Follows skill guidelines
+- [ ] No sensitive data
+- [ ] Clear activation triggers
+```
+
+---
+
+## Examples Gallery
+
+### Example 1: Language Standards
+
+**File:** `skills/rust-patterns/SKILL.md`
+
+```markdown
+---
+name: rust-patterns
+description: Rust idioms, ownership patterns, and best practices for safe, idiomatic code.
+origin: ECC
+---
+
+# Rust Patterns
+
+## When to Activate
+
+- Writing Rust code
+- Handling ownership and borrowing
+- Error handling with Result/Option
+- Implementing traits
+
+## Ownership Patterns
+
+### Borrowing Rules
+
+\`\`\`rust
+// ✅ CORRECT: Borrow when you don't need ownership
+fn process_data(data: &str) -> usize {
+    data.len()
+}
+
+// ✅ CORRECT: Take ownership when you need to modify or consume
+fn consume_data(data: Vec<u8>) -> String {
+    String::from_utf8(data).unwrap()
+}
+\`\`\`
+
+## Error Handling
+
+### Result Pattern
+
+\`\`\`rust
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum AppError {
+    #[error("IO error: {0}")]
+    Io(#[from] std::io::Error),
+    
+    #[error("Parse error: {0}")]
+    Parse(#[from] std::num::ParseIntError),
+}
+
+pub type AppResult<T> = Result<T, AppError>;
+\`\`\`
+
+## Related Skills
+
+- `rust-testing`
+- `rust-security`
+```
+
+### Example 2: Framework Patterns
+
+**File:** `skills/fastapi-patterns/SKILL.md`
+
+```markdown
+---
+name: fastapi-patterns
+description: FastAPI patterns for routing, dependency injection, validation, and async operations.
+origin: ECC
+---
+
+# FastAPI Patterns
+
+## When to Activate
+
+- Building FastAPI applications
+- Creating API endpoints
+- Implementing dependency injection
+- Handling async database operations
+
+## Project Structure
+
+\`\`\`
+app/
+├── main.py              # FastAPI app entry point
+├── routers/             # Route handlers
+│   ├── users.py
+│   └── items.py
+├── models/              # Pydantic models
+│   ├── user.py
+│   └── item.py
+├── services/            # Business logic
+│   └── user_service.py
+└── dependencies.py      # Shared dependencies
+\`\`\`
+
+## Dependency Injection
+
+\`\`\`python
+from fastapi import Depends
+from sqlalchemy.ext.asyncio import AsyncSession
+
+async def get_db() -> AsyncSession:
+    async with AsyncSessionLocal() as session:
+        yield session
+
+@router.get("/users/{user_id}")
+async def get_user(
+    user_id: int,
+    db: AsyncSession = Depends(get_db)
+):
+    # Use db session
+    pass
+\`\`\`
+
+## Related Skills
+
+- `python-patterns`
+- `pydantic-validation`
+```
+
+### Example 3: Workflow Skill
+
+**File:** `skills/refactoring-workflow/SKILL.md`
+
+```markdown
+---
+name: refactoring-workflow
+description: Systematic refactoring workflow for improving code quality without changing behavior.
+origin: ECC
+---
+
+# Refactoring Workflow
+
+## When to Activate
+
+- Improving code structure
+- Reducing technical debt
+- Simplifying complex code
+- Extracting reusable components
+
+## Prerequisites
+
+- All tests passing
+- Git working directory clean
+- Feature branch created
+
+## Workflow Steps
+
+### Step 1: Identify Refactoring Target
+
+- Look for code smells (long methods, duplicate code, large classes)
+- Check test coverage for target area
+- Document current behavior
+
+### Step 2: Ensure Tests Exist
+
+\`\`\`bash
+# Run tests to verify current behavior
+npm test
+
+# Check coverage for target files
+npm run test:coverage
+\`\`\`
+
+### Step 3: Make Small Changes
+
+- One refactoring at a time
+- Run tests after each change
+- Commit frequently
+
+### Step 4: Verify Behavior Unchanged
+
+\`\`\`bash
+# Run full test suite
+npm test
+
+# Run E2E tests
+npm run test:e2e
+\`\`\`
+
+## Common Refactorings
+
+| Smell | Refactoring |
+|-------|-------------|
+| Long method | Extract method |
+| Duplicate code | Extract to shared function |
+| Large class | Extract class |
+| Long parameter list | Introduce parameter object |
+
+## Checklist
+
+- [ ] Tests exist for target code
+- [ ] Made small, focused changes
+- [ ] Tests pass after each change
+- [ ] Behavior unchanged
+- [ ] Committed with clear message
+```
+
+---
+
+## Additional Resources
+
+- [CONTRIBUTING.md](../CONTRIBUTING.md) - General contribution guidelines
+- [project-guidelines-example](../skills/project-guidelines-example/SKILL.md) - Project-specific skill template
+- [coding-standards](../skills/coding-standards/SKILL.md) - Example of standards skill
+- [tdd-workflow](../skills/tdd-workflow/SKILL.md) - Example of workflow skill
+- [security-review](../skills/security-review/SKILL.md) - Example of domain knowledge skill
+
+---
+
+**Remember**: A good skill is focused, actionable, and immediately useful. Write skills you'd want to use yourself.

docs/ja-JP/README.md

@@ -409,7 +409,7 @@ claude --version
 Claude Code v2.1+は、インストール済みプラグインの`hooks/hooks.json`（規約）を自動読み込みします。`plugin.json`で明示的に宣言するとエラーが発生します：
 
 ```
-Duplicate hooks file detected: ./hooks/hooks.json resolves to already-loaded file
+Duplicate hook file detected: ./hooks/hooks.json is already resolved to a loaded file
 ```
 
 **背景:** これは本リポジトリで複数の修正/リバート循環を引き起こしました（[#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103)）。Claude Codeバージョン間で動作が変わったため混乱がありました。今後を防ぐため回帰テストがあります。

docs/ja-JP/agents/code-reviewer.md

@@ -77,9 +77,9 @@ model: opus
 各問題について:
 ```
 [CRITICAL] ハードコードされたAPIキー
-File: src/api/client.ts:42
-Issue: APIキーがソースコードに公開されている
-Fix: 環境変数に移動
+ファイル: src/api/client.ts:42
+問題: APIキーがソースコードに公開されている
+修正: 環境変数に移動
 
 const apiKey = "sk-abc123";  // ❌ Bad
 const apiKey = process.env.API_KEY;  // ✓ Good

docs/ja-JP/agents/go-build-resolver.md

@@ -341,20 +341,20 @@ x = x  // 無意味な代入を削除
 各修正試行後:
 
 ```text
-[FIXED] internal/handler/user.go:42
-Error: undefined: UserService
-Fix: Added import "project/internal/service"
+[修正済] internal/handler/user.go:42
+エラー: undefined: UserService
+修正: import を追加 "project/internal/service"
 
-Remaining errors: 3
+残りのエラー: 3
 ```
 
 最終サマリー:
 ```text
-Build Status: SUCCESS/FAILED
-Errors Fixed: N
-Vet Warnings Fixed: N
-Files Modified: list
-Remaining Issues: list (if any)
+ビルドステータス: SUCCESS/FAILED
+修正済みエラー: N
+Vet 警告修正済み: N
+変更ファイル: list
+残りの問題: list (ある場合)
 ```
 
 ## 重要な注意事項

docs/ja-JP/agents/go-reviewer.md

@@ -228,9 +228,9 @@ model: opus
 各問題について:
 ```text
 [CRITICAL] SQLインジェクション脆弱性
-File: internal/repository/user.go:42
-Issue: ユーザー入力がSQLクエリに直接連結されている
-Fix: パラメータ化クエリを使用
+ファイル: internal/repository/user.go:42
+問題: ユーザー入力がSQLクエリに直接連結されている
+修正: パラメータ化クエリを使用
 
 query := "SELECT * FROM users WHERE id = " + userID  // Bad
 query := "SELECT * FROM users WHERE id = $1"         // Good

docs/ja-JP/agents/python-reviewer.md

@@ -399,9 +399,9 @@ model: opus
 各問題について:
 ```text
 [CRITICAL] SQLインジェクション脆弱性
-File: app/routes/user.py:42
-Issue: ユーザー入力がSQLクエリに直接補間されている
-Fix: パラメータ化クエリを使用
+ファイル: app/routes/user.py:42
+問題: ユーザー入力がSQLクエリに直接補間されている
+修正: パラメータ化クエリを使用
 
 query = f"SELECT * FROM users WHERE id = {user_id}"  # Bad
 query = "SELECT * FROM users WHERE id = %s"          # Good

docs/ja-JP/commands/checkpoint.md

@@ -35,12 +35,12 @@ echo "$(date +%Y-%m-%d-%H:%M) | $CHECKPOINT_NAME | $(git rev-parse --short HEAD)
 3. レポート：
 
 ```
-CHECKPOINT COMPARISON: $NAME
+チェックポイント比較: $NAME
 ============================
-Files changed: X
-Tests: +Y passed / -Z failed
-Coverage: +X% / -Y%
-Build: [PASS/FAIL]
+変更されたファイル: X
+テスト: +Y 合格 / -Z 失敗
+カバレッジ: +X% / -Y%
+ビルド: [PASS/FAIL]
 ```
 
 ## チェックポイント一覧表示
@@ -57,13 +57,13 @@ Build: [PASS/FAIL]
 一般的なチェックポイント流：
 
 ```
-[Start] --> /checkpoint create "feature-start"
+[開始] --> /checkpoint create "feature-start"
    |
-[Implement] --> /checkpoint create "core-done"
+[実装] --> /checkpoint create "core-done"
    |
-[Test] --> /checkpoint verify "core-done"
+[テスト] --> /checkpoint verify "core-done"
    |
-[Refactor] --> /checkpoint create "refactor-done"
+[リファクタリング] --> /checkpoint create "refactor-done"
    |
 [PR] --> /checkpoint verify "feature-start"
 ```

docs/ja-JP/commands/e2e.md

@@ -38,24 +38,24 @@ e2e-runner エージェントは：
 ## 使用します示例
 
 ````
-User: /e2e Test the market search and view flow
+User: /e2e マーケット検索と表示フローをテスト
 
 Agent (e2e-runner):
-# E2E Test Generation: Market Search and View Flow
+# E2Eテスト生成: マーケット検索と表示フロー
 
-## Test Scenario Identified
+## 特定されたテストシナリオ
 
-**User Journey:** Market Search → View Results → Click Market → View Details
+**ユーザージャーニー:** マーケット検索 → 結果表示 → マーケットクリック → 詳細表示
 
-**Test Coverage:**
-1. Navigate to markets page
-2. Perform semantic search
-3. Verify search results
-4. Click on first result
-5. Verify market details page loads
-6. Verify chart renders
+**テストカバレッジ:**
+1. マーケットページに遷移
+2. セマンティック検索を実行
+3. 検索結果を検証
+4. 最初の結果をクリック
+5. マーケット詳細ページの読み込みを検証
+6. チャートの描画を検証
 
-## Generated Test Code
+## 生成されたテストコード
 
 ```typescript
 // tests/e2e/markets/search-and-view.spec.ts
@@ -160,7 +160,7 @@ test.describe('Market Search and View Flow', () => {
 ## テスト実行
 
 ```bash
-# Run the generated test
+# 生成されたテストを実行
 npx playwright test tests/e2e/markets/search-and-view.spec.ts
 
 Running 3 tests using 3 workers
@@ -181,54 +181,54 @@ Artifacts generated:
 
 ```
 ╔══════════════════════════════════════════════════════════════╗
-║                    E2E Test Results                          ║
+║                    E2Eテスト結果                          ║
 ╠══════════════════════════════════════════════════════════════╣
-║ Status:     ✅ ALL TESTS PASSED                              ║
-║ Total:      3 tests                                          ║
-║ Passed:     3 (100%)                                         ║
-║ Failed:     0                                                ║
-║ Flaky:      0                                                ║
-║ Duration:   9.1s                                             ║
+║ ステータス: ✅ 全テスト合格                              ║
+║ 合計:       3テスト                                          ║
+║ 合格:       3 (100%)                                         ║
+║ 失敗:       0                                                ║
+║ 不安定:     0                                                ║
+║ 所要時間:   9.1s                                             ║
 ╚══════════════════════════════════════════════════════════════╝
 
-Artifacts:
-📸 Screenshots: 2 files
-📹 Videos: 0 files (only on failure)
-🔍 Traces: 0 files (only on failure)
-📊 HTML Report: playwright-report/index.html
+アーティファクト:
+📸 スクリーンショット: 2ファイル
+📹 ビデオ: 0ファイル (失敗時のみ)
+🔍 トレース: 0ファイル (失敗時のみ)
+📊 HTMLレポート: playwright-report/index.html
 
-View report: npx playwright show-report
+レポート表示: npx playwright show-report
 ```
 
 ✅ E2E テストスイートは CI/CD 統合の準備ができました！
 
 ````
 
-## Test Artifacts
+## テストアーティファクト
 
-When tests run, the following artifacts are captured:
+テスト実行時、以下のアーティファクトがキャプチャされます:
 
-**On All Tests:**
-- HTML Report with timeline and results
-- JUnit XML for CI integration
+**全テスト共通:**
+- タイムラインと結果を含むHTMLレポート
+- CI統合用のJUnit XML
 
-**On Failure Only:**
-- Screenshot of the failing state
-- Video recording of the test
-- Trace file for debugging (step-by-step replay)
-- Network logs
-- Console logs
+**失敗時のみ:**
+- 失敗状態のスクリーンショット
+- テストのビデオ録画
+- デバッグ用トレースファイル (ステップバイステップ再生)
+- ネットワークログ
+- コンソールログ
 
-## Viewing Artifacts
+## アーティファクトの確認
 
 ```bash
-# View HTML report in browser
+# ブラウザでHTMLレポートを表示
 npx playwright show-report
 
-# View specific trace file
+# 特定のトレースファイルを表示
 npx playwright show-trace artifacts/trace-abc123.zip
 
-# Screenshots are saved in artifacts/ directory
+# スクリーンショットはartifacts/ディレクトリに保存
 open artifacts/search-results.png
 ````
 
@@ -239,18 +239,18 @@ open artifacts/search-results.png
 ```
 ⚠️  FLAKY TEST DETECTED: tests/e2e/markets/trade.spec.ts
 
-Test passed 7/10 runs (70% pass rate)
+テストは10回中7回合格 (合格率70%)
 
-Common failure:
+よくある失敗:
 "Timeout waiting for element '[data-testid="confirm-btn"]'"
 
-Recommended fixes:
-1. Add explicit wait: await page.waitForSelector('[data-testid="confirm-btn"]')
-2. Increase timeout: { timeout: 10000 }
-3. Check for race conditions in component
-4. Verify element is not hidden by animation
+推奨修正:
+1. 明示的な待機を追加: await page.waitForSelector('[data-testid="confirm-btn"]')
+2. タイムアウトを増加: { timeout: 10000 }
+3. コンポーネントの競合状態を確認
+4. 要素がアニメーションで隠れていないか確認
 
-Quarantine recommendation: Mark as test.fixme() until fixed
+隔離推奨: 修正されるまでtest.fixme()としてマーク
 ```
 
 ## ブラウザ設定
@@ -350,21 +350,21 @@ PMX の場合、以下の E2E テストを優先：
 ## 快速命令
 
 ```bash
-# Run all E2E tests
+# 全E2Eテストを実行
 npx playwright test
 
-# Run specific test file
+# 特定のテストファイルを実行
 npx playwright test tests/e2e/markets/search.spec.ts
 
-# Run in headed mode (see browser)
+# ヘッドモードで実行 (ブラウザ表示)
 npx playwright test --headed
 
-# Debug test
+# テストをデバッグ
 npx playwright test --debug
 
-# Generate test code
+# テストコードを生成
 npx playwright codegen http://localhost:3000
 
-# View report
+# レポートを表示
 npx playwright show-report
 ```

docs/ja-JP/commands/evolve.md

@@ -92,36 +92,36 @@ instinctsが分離の恩恵を受ける複雑な複数ステップのプロセ
 ## 出力フォーマット
 
 ```
-🧬 Evolve Analysis
+🧬 進化分析
 ==================
 
 進化の準備ができた3つのクラスターを発見:
 
 ## クラスター1: データベースマイグレーションワークフロー
 Instincts: new-table-migration, update-schema, regenerate-types
-Type: Command
-Confidence: 85%(12件の観測に基づく)
+タイプ: Command
+信頼度: 85%(12件の観測に基づく)
 
 作成: /new-tableコマンド
-Files:
+ファイル:
   - ~/.claude/homunculus/evolved/commands/new-table.md
 
 ## クラスター2: 関数型コードスタイル
 Instincts: prefer-functional, use-immutable, avoid-classes, pure-functions
-Type: Skill
-Confidence: 78%(8件の観測に基づく)
+タイプ: Skill
+信頼度: 78%(8件の観測に基づく)
 
 作成: functional-patternsスキル
-Files:
+ファイル:
   - ~/.claude/homunculus/evolved/skills/functional-patterns.md
 
 ## クラスター3: デバッグプロセス
 Instincts: debug-check-logs, debug-isolate, debug-reproduce, debug-verify
-Type: Agent
-Confidence: 72%(6件の観測に基づく)
+タイプ: Agent
+信頼度: 72%(6件の観測に基づく)
 
 作成: debuggerエージェント
-Files:
+ファイル:
   - ~/.claude/homunculus/evolved/agents/debugger.md
 
 ---

docs/ja-JP/commands/go-build.md

@@ -62,9 +62,9 @@ internal/handler/api.go:58:2: missing return at end of function
 
 ## 修正1: 未定義の識別子
 
-File: internal/service/user.go:25
-Error: undefined: UserRepository
-Cause: インポート欠落
+ファイル: internal/service/user.go:25
+エラー: undefined: UserRepository
+原因: インポート欠落
 
 ```go
 // インポートを追加
@@ -83,8 +83,8 @@ $ go build ./...
 
 ## 修正2: 型の不一致
 
-File: internal/handler/api.go:42
-Error: cannot use x (type string) as type int
+ファイル: internal/handler/api.go:42
+エラー: cannot use x (type string) as type int
 
 ```go
 // 変更前
@@ -101,8 +101,8 @@ $ go build ./...
 
 ## 修正3: 戻り値の欠落
 
-File: internal/handler/api.go:58
-Error: missing return at end of function
+ファイル: internal/handler/api.go:58
+エラー: missing return at end of function
 
 ```go
 func GetUser(id string) (*User, error) {

docs/ja-JP/commands/go-review.md

@@ -85,8 +85,8 @@ Agent:
 ## 発見された問題
 
 [CRITICAL] 競合状態
-File: internal/service/auth.go:45
-Issue: 同期化なしで共有マップにアクセス
+ファイル: internal/service/auth.go:45
+問題: 同期化なしで共有マップにアクセス
 ```go
 var cache = map[string]*Session{}  // 並行アクセス!
 
@@ -94,7 +94,7 @@ func GetSession(id string) *Session {
     return cache[id]  // 競合状態
 }
 ```
-Fix: sync.RWMutexまたはsync.Mapを使用
+修正: sync.RWMutexまたはsync.Mapを使用
 ```go
 var (
     cache   = map[string]*Session{}
@@ -109,12 +109,12 @@ func GetSession(id string) *Session {
 ```
 
 [HIGH] エラーコンテキストの欠落
-File: internal/handler/user.go:28
-Issue: コンテキストなしでエラーを返す
+ファイル: internal/handler/user.go:28
+問題: コンテキストなしでエラーを返す
 ```go
 return err  // コンテキストなし
 ```
-Fix: コンテキストでラップ
+修正: コンテキストでラップ
 ```go
 return fmt.Errorf("get user %s: %w", userID, err)
 ```

docs/ja-JP/commands/instinct-import.md

@@ -45,40 +45,40 @@ python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py import <
 ## インポートプロセス
 
 ```
-📥 Importing instincts from: team-instincts.yaml
+📥 instinctsをインポート中: team-instincts.yaml
 ================================================
 
-Found 12 instincts to import.
+12件のinstinctsが見つかりました。
 
-Analyzing conflicts...
+競合を分析中...
 
-## New Instincts (8)
-These will be added:
+## 新規instincts (8)
+以下が追加されます:
   ✓ use-zod-validation (confidence: 0.7)
   ✓ prefer-named-exports (confidence: 0.65)
   ✓ test-async-functions (confidence: 0.8)
   ...
 
-## Duplicate Instincts (3)
-Already have similar instincts:
+## 重複instincts (3)
+類似のinstinctsが既に存在:
   ⚠️ prefer-functional-style
-     Local: 0.8 confidence, 12 observations
-     Import: 0.7 confidence
-     → Keep local (higher confidence)
+     ローカル: 信頼度0.8, 12回の観測
+     インポート: 信頼度0.7
+     → ローカルを保持 (信頼度が高い)
 
   ⚠️ test-first-workflow
-     Local: 0.75 confidence
-     Import: 0.9 confidence
-     → Update to import (higher confidence)
+     ローカル: 信頼度0.75
+     インポート: 信頼度0.9
+     → インポートに更新 (信頼度が高い)
 
-## Conflicting Instincts (1)
-These contradict local instincts:
+## 競合instincts (1)
+ローカルのinstinctsと矛盾:
   ❌ use-classes-for-services
-     Conflicts with: avoid-classes
-     → Skip (requires manual resolution)
+     競合: avoid-classes
+     → スキップ (手動解決が必要)
 
 ---
-Import 8 new, update 1, skip 3?
+8件を新規追加、1件を更新、3件をスキップしますか?
 ```
 
 ## マージ戦略
@@ -130,13 +130,13 @@ Skill Creatorからインポートする場合:
 
 インポート後:
 ```
-✅ Import complete!
+✅ インポート完了!
 
-Added: 8 instincts
-Updated: 1 instinct
-Skipped: 3 instincts (2 duplicates, 1 conflict)
+追加: 8件のinstincts
+更新: 1件のinstinct
+スキップ: 3件のinstincts (2件の重複, 1件の競合)
 
-New instincts saved to: ~/.claude/homunculus/instincts/inherited/
+新規instinctsの保存先: ~/.claude/homunculus/instincts/inherited/
 
-Run /instinct-status to see all instincts.
+/instinct-statusを実行してすべてのinstinctsを確認できます。
 ```

docs/ja-JP/commands/instinct-status.md

@@ -39,42 +39,42 @@ python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py status
 ## 出力形式
 
 ```
-📊 Instinct Status
+📊 instinctステータス
 ==================
 
-## Code Style (4 instincts)
+## コードスタイル (4 instincts)
 
 ### prefer-functional-style
-Trigger: when writing new functions
-Action: Use functional patterns over classes
-Confidence: ████████░░ 80%
-Source: session-observation | Last updated: 2025-01-22
+トリガー: 新しい関数を書くとき
+アクション: クラスより関数型パターンを使用
+信頼度: ████████░░ 80%
+ソース: session-observation | 最終更新: 2025-01-22
 
 ### use-path-aliases
-Trigger: when importing modules
-Action: Use @/ path aliases instead of relative imports
-Confidence: ██████░░░░ 60%
-Source: repo-analysis (github.com/acme/webapp)
+トリガー: モジュールをインポートするとき
+アクション: 相対インポートの代わりに@/パスエイリアスを使用
+信頼度: ██████░░░░ 60%
+ソース: repo-analysis (github.com/acme/webapp)
 
-## Testing (2 instincts)
+## テスト (2 instincts)
 
 ### test-first-workflow
-Trigger: when adding new functionality
-Action: Write test first, then implementation
-Confidence: █████████░ 90%
-Source: session-observation
+トリガー: 新しい機能を追加するとき
+アクション: テストを先に書き、次に実装
+信頼度: █████████░ 90%
+ソース: session-observation
 
-## Workflow (3 instincts)
+## ワークフロー (3 instincts)
 
 ### grep-before-edit
-Trigger: when modifying code
-Action: Search with Grep, confirm with Read, then Edit
-Confidence: ███████░░░ 70%
-Source: session-observation
+トリガー: コードを変更するとき
+アクション: Grepで検索、Readで確認、次にEdit
+信頼度: ███████░░░ 70%
+ソース: session-observation
 
 ---
-Total: 9 instincts (4 personal, 5 inherited)
-Observer: Running (last analysis: 5 min ago)
+合計: 9 instincts (4個人, 5継承)
+オブザーバー: 実行中 (最終分析: 5分前)
 ```
 
 ## フラグ

docs/ja-JP/commands/orchestrate.md

@@ -99,36 +99,36 @@ security-reviewer -> code-reviewer -> architect
 ## 最終レポート形式
 
 ```
-ORCHESTRATION REPORT
+オーケストレーションレポート
 ====================
-Workflow: feature
-Task: Add user authentication
-Agents: planner -> tdd-guide -> code-reviewer -> security-reviewer
+ワークフロー: feature
+タスク: ユーザー認証の追加
+エージェント: planner -> tdd-guide -> code-reviewer -> security-reviewer
 
-SUMMARY
+サマリー
 -------
 [1段落の要約]
 
-AGENT OUTPUTS
+エージェント出力
 -------------
 Planner: [要約]
 TDD Guide: [要約]
 Code Reviewer: [要約]
 Security Reviewer: [要約]
 
-FILES CHANGED
+変更ファイル
 -------------
 [変更されたすべてのファイルをリスト]
 
-TEST RESULTS
+テスト結果
 ------------
 [テスト合格/不合格の要約]
 
-SECURITY STATUS
+セキュリティステータス
 ---------------
 [セキュリティの発見事項]
 
-RECOMMENDATION
+推奨事項
 --------------
 [リリース可 / 要修正 / ブロック中]
 ```

docs/ja-JP/commands/python-review.md

@@ -95,26 +95,26 @@ Agent:
 ## 発見された問題
 
 [CRITICAL] SQLインジェクション脆弱性
-File: app/routes/user.py:42
-Issue: ユーザー入力が直接SQLクエリに挿入されている
+ファイル: app/routes/user.py:42
+問題: ユーザー入力が直接SQLクエリに挿入されている
 ```python
 query = f"SELECT * FROM users WHERE id = {user_id}"  # 悪い
 ```
-Fix: パラメータ化クエリを使用
+修正: パラメータ化クエリを使用
 ```python
 query = "SELECT * FROM users WHERE id = %s"  # 良い
 cursor.execute(query, (user_id,))
 ```
 
 [HIGH] 可変デフォルト引数
-File: app/services/auth.py:18
-Issue: 可変デフォルト引数が共有状態を引き起こす
+ファイル: app/services/auth.py:18
+問題: 可変デフォルト引数が共有状態を引き起こす
 ```python
 def process_items(items=[]):  # 悪い
     items.append("new")
     return items
 ```
-Fix: デフォルトにNoneを使用
+修正: デフォルトにNoneを使用
 ```python
 def process_items(items=None):  # 良い
     if items is None:
@@ -124,27 +124,27 @@ def process_items(items=None):  # 良い
 ```
 
 [MEDIUM] 型ヒントの欠落
-File: app/services/auth.py:25
-Issue: 型アノテーションのない公開関数
+ファイル: app/services/auth.py:25
+問題: 型アノテーションのない公開関数
 ```python
 def get_user(user_id):  # 悪い
     return db.find(user_id)
 ```
-Fix: 型ヒントを追加
+修正: 型ヒントを追加
 ```python
 def get_user(user_id: str) -> Optional[User]:  # 良い
     return db.find(user_id)
 ```
 
 [MEDIUM] コンテキストマネージャーを使用していない
-File: app/routes/user.py:55
-Issue: 例外時にファイルがクローズされない
+ファイル: app/routes/user.py:55
+問題: 例外時にファイルがクローズされない
 ```python
 f = open("config.json")  # 悪い
 data = f.read()
 f.close()
 ```
-Fix: コンテキストマネージャーを使用
+修正: コンテキストマネージャーを使用
 ```python
 with open("config.json") as f:  # 良い
     data = f.read()

docs/ja-JP/commands/verify.md

@@ -36,16 +36,16 @@
 簡潔な検証レポートを生成します:
 
 ```
-VERIFICATION: [PASS/FAIL]
+検証結果: [PASS/FAIL]
 
-Build:    [OK/FAIL]
-Types:    [OK/X errors]
-Lint:     [OK/X issues]
-Tests:    [X/Y passed, Z% coverage]
-Secrets:  [OK/X found]
-Logs:     [OK/X console.logs]
+ビルド:       [OK/FAIL]
+型:           [OK/Xエラー]
+Lint:         [OK/X件の問題]
+テスト:       [X/Y合格, Z%カバレッジ]
+シークレット: [OK/X件発見]
+ログ:         [OK/X件のconsole.log]
 
-Ready for PR: [YES/NO]
+PR準備完了: [YES/NO]
 ```
 
 重大な問題がある場合は、修正案とともにリストアップします。

docs/ja-JP/examples/CLAUDE.md

@@ -43,7 +43,7 @@
 
 ```
 src/
-|-- app/              # Next.js app router
+|-- app/              # Next.js App Router
 |-- components/       # 再利用可能なUIコンポーネント
 |-- hooks/            # カスタムReactフック
 |-- lib/              # ユーティリティライブラリ

docs/ja-JP/skills/coding-standards/SKILL.md

@@ -234,14 +234,14 @@ setCount(count + 1)  // Can be stale in async scenarios
 ### REST API規約
 
 ```
-GET    /api/markets              # List all markets
-GET    /api/markets/:id          # Get specific market
-POST   /api/markets              # Create new market
-PUT    /api/markets/:id          # Update market (full)
-PATCH  /api/markets/:id          # Update market (partial)
-DELETE /api/markets/:id          # Delete market
+GET    /api/markets              # すべてのマーケットを一覧
+GET    /api/markets/:id          # 特定のマーケットを取得
+POST   /api/markets              # 新しいマーケットを作成
+PUT    /api/markets/:id          # マーケットを更新（全体）
+PATCH  /api/markets/:id          # マーケットを更新（部分）
+DELETE /api/markets/:id          # マーケットを削除
 
-# Query parameters for filtering
+# フィルタリング用クエリパラメータ
 GET /api/markets?status=active&limit=10&offset=0
 ```
 
@@ -312,29 +312,29 @@ export async function POST(request: Request) {
 ```
 src/
 ├── app/                    # Next.js App Router
-│   ├── api/               # API routes
-│   ├── markets/           # Market pages
-│   └── (auth)/           # Auth pages (route groups)
-├── components/            # React components
-│   ├── ui/               # Generic UI components
-│   ├── forms/            # Form components
-│   └── layouts/          # Layout components
-├── hooks/                # Custom React hooks
-├── lib/                  # Utilities and configs
-│   ├── api/             # API clients
-│   ├── utils/           # Helper functions
-│   └── constants/       # Constants
-├── types/                # TypeScript types
-└── styles/              # Global styles
+│   ├── api/               # API ルート
+│   ├── markets/           # マーケットページ
+│   └── (auth)/           # 認証ページ（ルートグループ）
+├── components/            # React コンポーネント
+│   ├── ui/               # 汎用 UI コンポーネント
+│   ├── forms/            # フォームコンポーネント
+│   └── layouts/          # レイアウトコンポーネント
+├── hooks/                # カスタム React フック
+├── lib/                  # ユーティリティと設定
+│   ├── api/             # API クライアント
+│   ├── utils/           # ヘルパー関数
+│   └── constants/       # 定数
+├── types/                # TypeScript 型定義
+└── styles/              # グローバルスタイル
 ```
 
 ### ファイル命名
 
 ```
-components/Button.tsx          # PascalCase for components
-hooks/useAuth.ts              # camelCase with 'use' prefix
-lib/formatDate.ts             # camelCase for utilities
-types/market.types.ts         # camelCase with .types suffix
+components/Button.tsx          # コンポーネントは PascalCase
+hooks/useAuth.ts              # フックは 'use' プレフィックス付き camelCase
+lib/formatDate.ts             # ユーティリティは camelCase
+types/market.types.ts         # 型定義は .types サフィックス付き camelCase
 ```
 
 ## コメントとドキュメント

docs/ja-JP/skills/continuous-learning-v2/SKILL.md

@@ -51,13 +51,13 @@ source: "session-observation"
 ## 仕組み
 
 ```
-Session Activity
+セッションアクティビティ
       │
       │ フックがプロンプト + ツール使用をキャプチャ（100%信頼性）
       ▼
 ┌─────────────────────────────────────────┐
 │         observations.jsonl              │
-│   (prompts, tool calls, outcomes)       │
+│   （プロンプト、ツール呼び出し、結果）       │
 └─────────────────────────────────────────┘
       │
       │ Observerエージェントが読み取り（バックグラウンド、Haiku）

docs/ja-JP/skills/eval-harness/SKILL.md

@@ -22,24 +22,24 @@ Claude Codeセッションの正式な評価フレームワークで、評価駆
 Claudeが以前できなかったことができるようになったかをテスト：
 ```markdown
 [CAPABILITY EVAL: feature-name]
-Task: Claudeが達成すべきことの説明
-Success Criteria:
+タスク: Claudeが達成すべきことの説明
+成功基準:
   - [ ] 基準1
   - [ ] 基準2
   - [ ] 基準3
-Expected Output: 期待される結果の説明
+期待される出力: 期待される結果の説明
 ```
 
 ### リグレッション評価
 変更が既存の機能を破壊しないことを確認：
 ```markdown
 [REGRESSION EVAL: feature-name]
-Baseline: SHAまたはチェックポイント名
-Tests:
+ベースライン: SHAまたはチェックポイント名
+テスト:
   - existing-test-1: PASS/FAIL
   - existing-test-2: PASS/FAIL
   - existing-test-3: PASS/FAIL
-Result: X/Y passed (previously Y/Y)
+結果: X/Y 成功（以前は Y/Y）
 ```
 
 ## 評価者タイプ
@@ -67,17 +67,17 @@ Claudeを使用して自由形式の出力を評価：
 3. エッジケースは処理されていますか？
 4. エラー処理は適切ですか？
 
-Score: 1-5 (1=poor, 5=excellent)
-Reasoning: [説明]
+スコア: 1-5（1=不良、5=優秀）
+理由: [説明]
 ```
 
 ### 3. 人間評価者
 手動レビューのためにフラグを立てる：
 ```markdown
 [HUMAN REVIEW REQUIRED]
-Change: 何が変更されたかの説明
-Reason: 人間のレビューが必要な理由
-Risk Level: LOW/MEDIUM/HIGH
+変更内容: 何が変更されたかの説明
+理由: 人間のレビューが必要な理由
+リスクレベル: LOW/MEDIUM/HIGH
 ```
 
 ## メトリクス
@@ -98,21 +98,21 @@ Risk Level: LOW/MEDIUM/HIGH
 
 ### 1. 定義（コーディング前）
 ```markdown
-## EVAL DEFINITION: feature-xyz
+## 評価定義: feature-xyz
 
-### Capability Evals
+### 能力評価
 1. 新しいユーザーアカウントを作成できる
 2. メール形式を検証できる
 3. パスワードを安全にハッシュ化できる
 
-### Regression Evals
+### リグレッション評価
 1. 既存のログインが引き続き機能する
 2. セッション管理が変更されていない
 3. ログアウトフローが維持されている
 
-### Success Metrics
-- pass@3 > 90% for capability evals
-- pass^3 = 100% for regression evals
+### 成功メトリクス
+- 能力評価で pass@3 > 90%
+- リグレッション評価で pass^3 = 100%
 ```
 
 ### 2. 実装
@@ -131,26 +131,26 @@ npm test -- --testPathPattern="existing"
 
 ### 4. レポート
 ```markdown
-EVAL REPORT: feature-xyz
+評価レポート: feature-xyz
 ========================
 
-Capability Evals:
+能力評価:
   create-user:     PASS (pass@1)
   validate-email:  PASS (pass@2)
   hash-password:   PASS (pass@1)
-  Overall:         3/3 passed
+  全体:            3/3 成功
 
-Regression Evals:
+リグレッション評価:
   login-flow:      PASS
   session-mgmt:    PASS
   logout-flow:     PASS
-  Overall:         3/3 passed
+  全体:            3/3 成功
 
-Metrics:
+メトリクス:
   pass@1: 67% (2/3)
   pass@3: 100% (3/3)
 
-Status: READY FOR REVIEW
+ステータス: レビュー準備完了
 ```
 
 ## 統合パターン
@@ -199,29 +199,29 @@ Status: READY FOR REVIEW
 ```markdown
 ## EVAL: add-authentication
 
-### Phase 1: Define (10 min)
-Capability Evals:
+### フェーズ 1: 定義（10分）
+能力評価:
 - [ ] ユーザーはメール/パスワードで登録できる
 - [ ] ユーザーは有効な資格情報でログインできる
 - [ ] 無効な資格情報は適切なエラーで拒否される
 - [ ] セッションはページリロード後も持続する
 - [ ] ログアウトはセッションをクリアする
 
-Regression Evals:
+リグレッション評価:
 - [ ] 公開ルートは引き続きアクセス可能
 - [ ] APIレスポンスは変更されていない
 - [ ] データベーススキーマは互換性がある
 
-### Phase 2: Implement (varies)
+### フェーズ 2: 実装（可変）
 [コードを書く]
 
-### Phase 3: Evaluate
+### フェーズ 3: 評価
 Run: /eval check add-authentication
 
-### Phase 4: Report
-EVAL REPORT: add-authentication
+### フェーズ 4: レポート
+評価レポート: add-authentication
 ==============================
-Capability: 5/5 passed (pass@3: 100%)
-Regression: 3/3 passed (pass^3: 100%)
-Status: SHIP IT
+能力: 5/5 成功（pass@3: 100%）
+リグレッション: 3/3 成功（pass^3: 100%）
+ステータス: 出荷可能
 ```

docs/ja-JP/skills/golang-patterns/SKILL.md

@@ -368,17 +368,17 @@ func WriteAndFlush(w io.Writer, data []byte) error {
 myproject/
 ├── cmd/
 │   └── myapp/
-│       └── main.go           # Entry point
+│       └── main.go           # エントリポイント
 ├── internal/
-│   ├── handler/              # HTTP handlers
-│   ├── service/              # Business logic
-│   ├── repository/           # Data access
-│   └── config/               # Configuration
+│   ├── handler/              # HTTP ハンドラー
+│   ├── service/              # ビジネスロジック
+│   ├── repository/           # データアクセス
+│   └── config/               # 設定
 ├── pkg/
-│   └── client/               # Public API client
+│   └── client/               # 公開 API クライアント
 ├── api/
-│   └── v1/                   # API definitions (proto, OpenAPI)
-├── testdata/                 # Test fixtures
+│   └── v1/                   # API 定義（proto、OpenAPI）
+├── testdata/                 # テストフィクスチャ
 ├── go.mod
 ├── go.sum
 └── Makefile

docs/ja-JP/skills/golang-testing/SKILL.md

@@ -113,7 +113,7 @@ mypackage/
 ├── testdata/             # テストフィクスチャ
 │   ├── valid_user.json
 │   └── invalid_user.json
-└── export_test.go        # 内部のテストのための非公開のエクスポート
+└── export_test.go        # 内部テスト用の非公開エクスポート
 ```
 
 ### テストパッケージ

docs/ja-JP/skills/python-testing/SKILL.md

@@ -594,18 +594,18 @@ def test_with_tmpdir(tmpdir):
 
 ```
 tests/
-├── conftest.py                 # Shared fixtures
+├── conftest.py                 # 共有フィクスチャ
 ├── __init__.py
-├── unit/                       # Unit tests
+├── unit/                       # ユニットテスト
 │   ├── __init__.py
 │   ├── test_models.py
 │   ├── test_utils.py
 │   └── test_services.py
-├── integration/                # Integration tests
+├── integration/                # 統合テスト
 │   ├── __init__.py
 │   ├── test_api.py
 │   └── test_database.py
-└── e2e/                        # End-to-end tests
+└── e2e/                        # エンドツーエンドテスト
     ├── __init__.py
     └── test_user_flow.py
 ```

docs/zh-CN/skills/prompt-optimizer/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: prompt-optimizer
-description: 分析原始提示，识别意图和差距，匹配ECC组件（技能/命令/代理/钩子），并输出一个可直接粘贴的优化提示。仅提供咨询角色——绝不自行执行任务。触发时机：当用户说“优化提示”、“改进我的提示”、“如何编写提示”、“帮我优化这个指令”或明确要求提高提示质量时。中文等效表达同样触发：“优化prompt”、“改进prompt”、“怎么写prompt”、“帮我优化这个指令”。不触发时机：当用户希望直接执行任务，或说“直接做”时。不触发时机：当用户说“优化代码”、“优化性能”、“optimize performance”、“optimize this code”时——这些是重构/性能优化任务，而非提示优化。origin: community
+description: 分析原始提示，识别意图和差距，匹配ECC组件（技能/命令/代理/钩子），并输出一个可直接粘贴的优化提示。仅提供咨询角色——绝不自行执行任务。触发时机：当用户说“优化提示”、“改进我的提示”、“如何编写提示”、“帮我优化这个指令”或明确要求提高提示质量时。中文等效表达同样触发：“优化prompt”、“改进prompt”、“怎么写prompt”、“帮我优化这个指令”。不触发时机：当用户希望直接执行任务，或说“直接做”时。不触发时机：当用户说“优化代码”、“优化性能”、“optimize performance”、“optimize this code”时——这些是重构/性能优化任务，而非提示优化。
+origin: community
 metadata:
   author: YannJY02
   version: "1.0.0"

install.ps1

@@ -34,5 +34,20 @@ while ($true) {
 $scriptDir = Split-Path -Parent $scriptPath
 $installerScript = Join-Path -Path (Join-Path -Path $scriptDir -ChildPath 'scripts') -ChildPath 'install-apply.js'
 
+# Auto-install Node dependencies when running from a git clone
+$nodeModules = Join-Path -Path $scriptDir -ChildPath 'node_modules'
+if (-not (Test-Path -LiteralPath $nodeModules)) {
+    Write-Host '[ECC] Installing dependencies...'
+    Push-Location $scriptDir
+    try {
+        & npm install --no-audit --no-fund --loglevel=error
+        if ($LASTEXITCODE -ne 0) {
+            Write-Error "npm install failed with exit code $LASTEXITCODE"
+            exit $LASTEXITCODE
+        }
+    }
+    finally { Pop-Location }
+}
+
 & node $installerScript @args
 exit $LASTEXITCODE

install.sh

@@ -14,4 +14,10 @@ while [ -L "$SCRIPT_PATH" ]; do
 done
 SCRIPT_DIR="$(cd "$(dirname "$SCRIPT_PATH")" && pwd)"
 
+# Auto-install Node dependencies when running from a git clone
+if [ ! -d "$SCRIPT_DIR/node_modules" ]; then
+    echo "[ECC] Installing dependencies..."
+    (cd "$SCRIPT_DIR" && npm install --no-audit --no-fund --loglevel=error)
+fi
+
 exec node "$SCRIPT_DIR/scripts/install-apply.js" "$@"

manifests/install-modules.json

@@ -125,6 +125,7 @@
         "skills/kotlin-ktor-patterns",
         "skills/kotlin-patterns",
         "skills/kotlin-testing",
+        "skills/laravel-plugin-discovery",
         "skills/laravel-patterns",
         "skills/laravel-tdd",
         "skills/laravel-verification",

mcp-configs/mcp-servers.json

@@ -133,6 +133,11 @@
       "args": ["-y", "token-optimizer-mcp"],
       "description": "Token optimization for 95%+ context reduction via content deduplication and compression"
     },
+    "laraplugins": {
+      "type": "http",
+      "url": "https://laraplugins.io/mcp/plugins",
+      "description": "Laravel plugin discovery — search packages by keyword, health score, Laravel/PHP version compatibility. Use with laravel-plugin-discovery skill."
+    },
     "confluence": {
       "command": "npx",
       "args": ["-y", "confluence-mcp-server"],

rules/common/code-review.md

@@ -0,0 +1,124 @@
+# Code Review Standards
+
+## Purpose
+
+Code review ensures quality, security, and maintainability before code is merged. This rule defines when and how to conduct code reviews.
+
+## When to Review
+
+**MANDATORY review triggers:**
+
+- After writing or modifying code
+- Before any commit to shared branches
+- When security-sensitive code is changed (auth, payments, user data)
+- When architectural changes are made
+- Before merging pull requests
+
+**Pre-Review Requirements:**
+
+Before requesting review, ensure:
+
+- All automated checks (CI/CD) are passing
+- Merge conflicts are resolved
+- Branch is up to date with target branch
+
+## Review Checklist
+
+Before marking code complete:
+
+- [ ] Code is readable and well-named
+- [ ] Functions are focused (<50 lines)
+- [ ] Files are cohesive (<800 lines)
+- [ ] No deep nesting (>4 levels)
+- [ ] Errors are handled explicitly
+- [ ] No hardcoded secrets or credentials
+- [ ] No console.log or debug statements
+- [ ] Tests exist for new functionality
+- [ ] Test coverage meets 80% minimum
+
+## Security Review Triggers
+
+**STOP and use security-reviewer agent when:**
+
+- Authentication or authorization code
+- User input handling
+- Database queries
+- File system operations
+- External API calls
+- Cryptographic operations
+- Payment or financial code
+
+## Review Severity Levels
+
+| Level | Meaning | Action |
+|-------|---------|--------|
+| CRITICAL | Security vulnerability or data loss risk | **BLOCK** - Must fix before merge |
+| HIGH | Bug or significant quality issue | **WARN** - Should fix before merge |
+| MEDIUM | Maintainability concern | **INFO** - Consider fixing |
+| LOW | Style or minor suggestion | **NOTE** - Optional |
+
+## Agent Usage
+
+Use these agents for code review:
+
+| Agent | Purpose |
+|-------|---------|
+| **code-reviewer** | General code quality, patterns, best practices |
+| **security-reviewer** | Security vulnerabilities, OWASP Top 10 |
+| **typescript-reviewer** | TypeScript/JavaScript specific issues |
+| **python-reviewer** | Python specific issues |
+| **go-reviewer** | Go specific issues |
+| **rust-reviewer** | Rust specific issues |
+
+## Review Workflow
+
+```
+1. Run git diff to understand changes
+2. Check security checklist first
+3. Review code quality checklist
+4. Run relevant tests
+5. Verify coverage >= 80%
+6. Use appropriate agent for detailed review
+```
+
+## Common Issues to Catch
+
+### Security
+
+- Hardcoded credentials (API keys, passwords, tokens)
+- SQL injection (string concatenation in queries)
+- XSS vulnerabilities (unescaped user input)
+- Path traversal (unsanitized file paths)
+- CSRF protection missing
+- Authentication bypasses
+
+### Code Quality
+
+- Large functions (>50 lines) - split into smaller
+- Large files (>800 lines) - extract modules
+- Deep nesting (>4 levels) - use early returns
+- Missing error handling - handle explicitly
+- Mutation patterns - prefer immutable operations
+- Missing tests - add test coverage
+
+### Performance
+
+- N+1 queries - use JOINs or batching
+- Missing pagination - add LIMIT to queries
+- Unbounded queries - add constraints
+- Missing caching - cache expensive operations
+
+## Approval Criteria
+
+- **Approve**: No CRITICAL or HIGH issues
+- **Warning**: Only HIGH issues (merge with caution)
+- **Block**: CRITICAL issues found
+
+## Integration with Other Rules
+
+This rule works with:
+
+- [testing.md](testing.md) - Test coverage requirements
+- [security.md](security.md) - Security checklist
+- [git-workflow.md](git-workflow.md) - Commit standards
+- [agents.md](agents.md) - Agent delegation

rules/common/development-workflow.md

@@ -36,3 +36,9 @@ The Feature Implementation Workflow describes the development pipeline: research
    - Detailed commit messages
    - Follow conventional commits format
    - See [git-workflow.md](./git-workflow.md) for commit message format and PR process
+
+5. **Pre-Review Checks**
+   - Verify all automated checks (CI/CD) are passing
+   - Resolve any merge conflicts
+   - Ensure branch is up to date with target branch
+   - Only request review after these checks pass

rules/zh/README.md

@@ -0,0 +1,108 @@
+# 规则
+
+## 结构
+
+规则按**通用**层和**语言特定**目录组织：
+
+```
+rules/
+├── common/          # 语言无关的原则（始终安装）
+│   ├── coding-style.md
+│   ├── git-workflow.md
+│   ├── testing.md
+│   ├── performance.md
+│   ├── patterns.md
+│   ├── hooks.md
+│   ├── agents.md
+│   ├── security.md
+│   ├── code-review.md
+│   └── development-workflow.md
+├── zh/              # 中文翻译版本
+│   ├── coding-style.md
+│   ├── git-workflow.md
+│   ├── testing.md
+│   ├── performance.md
+│   ├── patterns.md
+│   ├── hooks.md
+│   ├── agents.md
+│   ├── security.md
+│   ├── code-review.md
+│   └── development-workflow.md
+├── typescript/      # TypeScript/JavaScript 特定
+├── python/          # Python 特定
+├── golang/          # Go 特定
+├── swift/           # Swift 特定
+└── php/             # PHP 特定
+```
+
+- **common/** 包含通用原则 — 无语言特定的代码示例。
+- **zh/** 包含 common 目录的中文翻译版本。
+- **语言目录** 扩展通用规则，包含框架特定的模式、工具和代码示例。每个文件引用其对应的通用版本。
+
+## 安装
+
+### 选项 1：安装脚本（推荐）
+
+```bash
+# 安装通用 + 一个或多个语言特定的规则集
+./install.sh typescript
+./install.sh python
+./install.sh golang
+./install.sh swift
+./install.sh php
+
+# 同时安装多种语言
+./install.sh typescript python
+```
+
+### 选项 2：手动安装
+
+> **重要提示：** 复制整个目录 — 不要使用 `/*` 展开。
+> 通用和语言特定目录包含同名文件。
+> 将它们展开到一个目录会导致语言特定文件覆盖通用规则，
+> 并破坏语言特定文件使用的 `../common/` 相对引用。
+
+```bash
+# 创建目标目录
+mkdir -p ~/.claude/rules
+
+# 安装通用规则（所有项目必需）
+cp -r rules/common ~/.claude/rules/common
+
+# 安装中文翻译版本（可选）
+cp -r rules/zh ~/.claude/rules/zh
+
+# 根据项目技术栈安装语言特定规则
+cp -r rules/typescript ~/.claude/rules/typescript
+cp -r rules/python ~/.claude/rules/python
+cp -r rules/golang ~/.claude/rules/golang
+cp -r rules/swift ~/.claude/rules/swift
+cp -r rules/php ~/.claude/rules/php
+```
+
+## 规则 vs 技能
+
+- **规则** 定义广泛适用的标准、约定和检查清单（如"80% 测试覆盖率"、"禁止硬编码密钥"）。
+- **技能**（`skills/` 目录）为特定任务提供深入、可操作的参考材料（如 `python-patterns`、`golang-testing`）。
+
+语言特定的规则文件在适当的地方引用相关技能。规则告诉你*做什么*；技能告诉你*怎么做*。
+
+## 规则优先级
+
+当语言特定规则与通用规则冲突时，**语言特定规则优先**（特定覆盖通用）。这遵循标准的分层配置模式（类似于 CSS 特异性或 `.gitignore` 优先级）。
+
+- `rules/common/` 定义适用于所有项目的通用默认值。
+- `rules/golang/`、`rules/python/`、`rules/swift/`、`rules/php/`、`rules/typescript/` 等在语言习惯不同时覆盖这些默认值。
+- `rules/zh/` 是通用规则的中文翻译，与英文版本内容一致。
+
+### 示例
+
+`common/coding-style.md` 推荐不可变性作为默认原则。语言特定的 `golang/coding-style.md` 可以覆盖这一点：
+
+> 惯用的 Go 使用指针接收器进行结构体变更 — 参见 [common/coding-style.md](../common/coding-style.md) 了解通用原则，但这里首选符合 Go 习惯的变更方式。
+
+### 带覆盖说明的通用规则
+
+`rules/common/` 中可能被语言特定文件覆盖的规则会被标记：
+
+> **语言说明**：此规则可能会被语言特定规则覆盖；对于某些语言，该模式可能并不符合惯用写法。

rules/zh/agents.md

@@ -0,0 +1,50 @@
+# 代理编排
+
+## 可用代理
+
+位于 `~/.claude/agents/`：
+
+| 代理 | 用途 | 何时使用 |
+|-------|---------|------------|
+| planner | 实现规划 | 复杂功能、重构 |
+| architect | 系统设计 | 架构决策 |
+| tdd-guide | 测试驱动开发 | 新功能、bug 修复 |
+| code-reviewer | 代码审查 | 编写代码后 |
+| security-reviewer | 安全分析 | 提交前 |
+| build-error-resolver | 修复构建错误 | 构建失败时 |
+| e2e-runner | E2E 测试 | 关键用户流程 |
+| refactor-cleaner | 死代码清理 | 代码维护 |
+| doc-updater | 文档 | 更新文档 |
+| rust-reviewer | Rust 代码审查 | Rust 项目 |
+
+## 立即使用代理
+
+无需用户提示：
+1. 复杂功能请求 - 使用 **planner** 代理
+2. 刚编写/修改的代码 - 使用 **code-reviewer** 代理
+3. Bug 修复或新功能 - 使用 **tdd-guide** 代理
+4. 架构决策 - 使用 **architect** 代理
+
+## 并行任务执行
+
+对独立操作始终使用并行 Task 执行：
+
+```markdown
+# 好：并行执行
+同时启动 3 个代理：
+1. 代理 1：认证模块安全分析
+2. 代理 2：缓存系统性能审查
+3. 代理 3：工具类型检查
+
+# 坏：不必要的顺序
+先代理 1，然后代理 2，然后代理 3
+```
+
+## 多视角分析
+
+对于复杂问题，使用分角色子代理：
+- 事实审查者
+- 高级工程师
+- 安全专家
+- 一致性审查者
+- 冗余检查者

rules/zh/code-review.md

@@ -0,0 +1,124 @@
+# 代码审查标准
+
+## 目的
+
+代码审查确保代码合并前的质量、安全性和可维护性。此规则定义何时以及如何进行代码审查。
+
+## 何时审查
+
+**强制审查触发条件：**
+
+- 编写或修改代码后
+- 提交到共享分支之前
+- 更改安全敏感代码时（认证、支付、用户数据）
+- 进行架构更改时
+- 合并 pull request 之前
+
+**审查前要求：**
+
+在请求审查之前，确保：
+
+- 所有自动化检查（CI/CD）已通过
+- 合并冲突已解决
+- 分支已与目标分支同步
+
+## 审查检查清单
+
+在标记代码完成之前：
+
+- [ ] 代码可读且命名良好
+- [ ] 函数聚焦（<50 行）
+- [ ] 文件内聚（<800 行）
+- [ ] 无深层嵌套（>4 层）
+- [ ] 错误显式处理
+- [ ] 无硬编码密钥或凭据
+- [ ] 无 console.log 或调试语句
+- [ ] 新功能有测试
+- [ ] 测试覆盖率满足 80% 最低要求
+
+## 安全审查触发条件
+
+**停止并使用 security-reviewer 代理当：**
+
+- 认证或授权代码
+- 用户输入处理
+- 数据库查询
+- 文件系统操作
+- 外部 API 调用
+- 加密操作
+- 支付或金融代码
+
+## 审查严重级别
+
+| 级别 | 含义 | 行动 |
+|-------|---------|--------|
+| CRITICAL（关键） | 安全漏洞或数据丢失风险 | **阻止** - 合并前必须修复 |
+| HIGH（高） | Bug 或重大质量问题 | **警告** - 合并前应修复 |
+| MEDIUM（中） | 可维护性问题 | **信息** - 考虑修复 |
+| LOW（低） | 风格或次要建议 | **注意** - 可选 |
+
+## 代理使用
+
+使用这些代理进行代码审查：
+
+| 代理 | 用途 |
+|-------|--------|
+| **code-reviewer** | 通用代码质量、模式、最佳实践 |
+| **security-reviewer** | 安全漏洞、OWASP Top 10 |
+| **typescript-reviewer** | TypeScript/JavaScript 特定问题 |
+| **python-reviewer** | Python 特定问题 |
+| **go-reviewer** | Go 特定问题 |
+| **rust-reviewer** | Rust 特定问题 |
+
+## 审查工作流
+
+```
+1. 运行 git diff 了解更改
+2. 先检查安全检查清单
+3. 审查代码质量检查清单
+4. 运行相关测试
+5. 验证覆盖率 >= 80%
+6. 使用适当的代理进行详细审查
+```
+
+## 常见问题捕获
+
+### 安全
+
+- 硬编码凭据（API 密钥、密码、令牌）
+- SQL 注入（查询中的字符串拼接）
+- XSS 漏洞（未转义的用户输入）
+- 路径遍历（未净化的文件路径）
+- CSRF 保护缺失
+- 认证绕过
+
+### 代码质量
+
+- 大函数（>50 行）- 拆分为更小的
+- 大文件（>800 行）- 提取模块
+- 深层嵌套（>4 层）- 使用提前返回
+- 缺少错误处理 - 显式处理
+- 变更模式 - 优先使用不可变操作
+- 缺少测试 - 添加测试覆盖
+
+### 性能
+
+- N+1 查询 - 使用 JOIN 或批处理
+- 缺少分页 - 给查询添加 LIMIT
+- 无界查询 - 添加约束
+- 缺少缓存 - 缓存昂贵操作
+
+## 批准标准
+
+- **批准**：无关键或高优先级问题
+- **警告**：仅有高优先级问题（谨慎合并）
+- **阻止**：发现关键问题
+
+## 与其他规则的集成
+
+此规则与以下规则配合：
+
+- [testing.md](testing.md) - 测试覆盖率要求
+- [security.md](security.md) - 安全检查清单
+- [git-workflow.md](git-workflow.md) - 提交标准
+- [agents.md](agents.md) - 代理委托

rules/zh/coding-style.md

@@ -0,0 +1,48 @@
+# 编码风格
+
+## 不可变性（关键）
+
+始终创建新对象，永远不要修改现有对象：
+
+```
+// 伪代码
+错误:  modify(original, field, value) → 就地修改 original
+正确: update(original, field, value) → 返回带有更改的新副本
+```
+
+原理：不可变数据防止隐藏的副作用，使调试更容易，并启用安全的并发。
+
+## 文件组织
+
+多个小文件 > 少量大文件：
+- 高内聚，低耦合
+- 典型 200-400 行，最多 800 行
+- 从大模块中提取工具函数
+- 按功能/领域组织，而非按类型
+
+## 错误处理
+
+始终全面处理错误：
+- 在每一层显式处理错误
+- 在面向 UI 的代码中提供用户友好的错误消息
+- 在服务器端记录详细的错误上下文
+- 永远不要静默吞掉错误
+
+## 输入验证
+
+始终在系统边界验证：
+- 处理前验证所有用户输入
+- 在可用的情况下使用基于模式的验证
+- 快速失败并给出清晰的错误消息
+- 永远不要信任外部数据（API 响应、用户输入、文件内容）
+
+## 代码质量检查清单
+
+在标记工作完成前：
+- [ ] 代码可读且命名良好
+- [ ] 函数很小（<50 行）
+- [ ] 文件聚焦（<800 行）
+- [ ] 没有深层嵌套（>4 层）
+- [ ] 正确的错误处理
+- [ ] 没有硬编码值（使用常量或配置）
+- [ ] 没有变更（使用不可变模式）

rules/zh/development-workflow.md

@@ -0,0 +1,44 @@
+# 开发工作流
+
+> 此文件扩展 [common/git-workflow.md](./git-workflow.md)，包含 git 操作之前的完整功能开发流程。
+
+功能实现工作流描述了开发管道：研究、规划、TDD、代码审查，然后提交到 git。
+
+## 功能实现工作流
+
+0. **研究与重用** _(任何新实现前必需)_
+   - **GitHub 代码搜索优先：** 在编写任何新代码之前，运行 `gh search repos` 和 `gh search code` 查找现有实现、模板和模式。
+   - **库文档其次：** 使用 Context7 或主要供应商文档确认 API 行为、包使用和版本特定细节。
+   - **仅当前两者不足时使用 Exa：** 在 GitHub 搜索和主要文档之后，使用 Exa 进行更广泛的网络研究或发现。
+   - **检查包注册表：** 在编写工具代码之前搜索 npm、PyPI、crates.io 和其他注册表。首选久经考验的库而非手工编写的解决方案。
+   - **搜索可适配的实现：** 寻找解决问题 80%+ 且可以分支、移植或包装的开源项目。
+   - 当满足需求时，优先采用或移植经验证的方法而非从头编写新代码。
+
+1. **先规划**
+   - 使用 **planner** 代理创建实现计划
+   - 编码前生成规划文档：PRD、架构、系统设计、技术文档、任务列表
+   - 识别依赖和风险
+   - 分解为阶段
+
+2. **TDD 方法**
+   - 使用 **tdd-guide** 代理
+   - 先写测试（RED）
+   - 实现以通过测试（GREEN）
+   - 重构（IMPROVE）
+   - 验证 80%+ 覆盖率
+
+3. **代码审查**
+   - 编写代码后立即使用 **code-reviewer** 代理
+   - 解决关键和高优先级问题
+   - 尽可能修复中优先级问题
+
+4. **提交与推送**
+   - 详细的提交消息
+   - 遵循约定式提交格式
+   - 参见 [git-workflow.md](./git-workflow.md) 了解提交消息格式和 PR 流程
+
+5. **审查前检查**
+   - 验证所有自动化检查（CI/CD）已通过
+   - 解决任何合并冲突
+   - 确保分支已与目标分支同步
+   - 仅在这些检查通过后请求审查

rules/zh/git-workflow.md

@@ -0,0 +1,24 @@
+# Git 工作流
+
+## 提交消息格式
+```
+<类型>: <描述>
+
+<可选正文>
+```
+
+类型：feat, fix, refactor, docs, test, chore, perf, ci
+
+注意：通过 ~/.claude/settings.json 全局禁用归属。
+
+## Pull Request 工作流
+
+创建 PR 时：
+1. 分析完整提交历史（不仅是最新提交）
+2. 使用 `git diff [base-branch]...HEAD` 查看所有更改
+3. 起草全面的 PR 摘要
+4. 包含带有 TODO 的测试计划
+5. 如果是新分支，使用 `-u` 标志推送
+
+> 对于 git 操作之前的完整开发流程（规划、TDD、代码审查），
+> 参见 [development-workflow.md](./development-workflow.md)。

rules/zh/hooks.md

@@ -0,0 +1,30 @@
+# 钩子系统
+
+## 钩子类型
+
+- **PreToolUse**：工具执行前（验证、参数修改）
+- **PostToolUse**：工具执行后（自动格式化、检查）
+- **Stop**：会话结束时（最终验证）
+
+## 自动接受权限
+
+谨慎使用：
+- 为可信、定义明确的计划启用
+- 探索性工作时禁用
+- 永远不要使用 dangerously-skip-permissions 标志
+- 改为在 `~/.claude.json` 中配置 `allowedTools`
+
+## TodoWrite 最佳实践
+
+使用 TodoWrite 工具：
+- 跟踪多步骤任务的进度
+- 验证对指令的理解
+- 启用实时引导
+- 显示细粒度的实现步骤
+
+待办列表揭示：
+- 顺序错误的步骤
+- 缺失的项目
+- 多余的不必要项目
+- 错误的粒度
+- 误解的需求

rules/zh/patterns.md

@@ -0,0 +1,31 @@
+# 常用模式
+
+## 骨架项目
+
+实现新功能时：
+1. 搜索久经考验的骨架项目
+2. 使用并行代理评估选项：
+   - 安全性评估
+   - 可扩展性分析
+   - 相关性评分
+   - 实现规划
+3. 克隆最佳匹配作为基础
+4. 在经验证的结构内迭代
+
+## 设计模式
+
+### 仓储模式
+
+将数据访问封装在一致的接口后面：
+- 定义标准操作：findAll、findById、create、update、delete
+- 具体实现处理存储细节（数据库、API、文件等）
+- 业务逻辑依赖抽象接口，而非存储机制
+- 便于轻松切换数据源，并简化使用模拟的测试
+
+### API 响应格式
+
+对所有 API 响应使用一致的信封：
+- 包含成功/状态指示器
+- 包含数据负载（错误时可为空）
+- 包含错误消息字段（成功时可为空）
+- 包含分页响应的元数据（total、page、limit）

rules/zh/performance.md

@@ -0,0 +1,55 @@
+# 性能优化
+
+## 模型选择策略
+
+**Haiku 4.5**（Sonnet 90% 的能力，3 倍成本节省）：
+- 频繁调用的轻量级代理
+- 结对编程和代码生成
+- 多代理系统中的工作者代理
+
+**Sonnet 4.6**（最佳编码模型）：
+- 主要开发工作
+- 编排多代理工作流
+- 复杂编码任务
+
+**Opus 4.5**（最深度推理）：
+- 复杂架构决策
+- 最大推理需求
+- 研究和分析任务
+
+## 上下文窗口管理
+
+避免在上下文窗口的最后 20% 进行以下操作：
+- 大规模重构
+- 跨多个文件的功能实现
+- 调试复杂交互
+
+上下文敏感度较低的任务：
+- 单文件编辑
+- 独立工具创建
+- 文档更新
+- 简单 bug 修复
+
+## 扩展思考 + 规划模式
+
+扩展思考默认启用，为内部推理保留最多 31,999 个 token。
+
+通过以下方式控制扩展思考：
+- **切换**：Option+T（macOS）/ Alt+T（Windows/Linux）
+- **配置**：在 `~/.claude/settings.json` 中设置 `alwaysThinkingEnabled`
+- **预算上限**：`export MAX_THINKING_TOKENS=10000`
+- **详细模式**：Ctrl+O 查看思考输出
+
+对于需要深度推理的复杂任务：
+1. 确保扩展思考已启用（默认开启）
+2. 启用**规划模式**进行结构化方法
+3. 使用多轮审查进行彻底分析
+4. 使用分角色子代理获得多样化视角
+
+## 构建排查
+
+如果构建失败：
+1. 使用 **build-error-resolver** 代理
+2. 分析错误消息
+3. 增量修复
+4. 每次修复后验证

rules/zh/security.md

@@ -0,0 +1,29 @@
+# 安全指南
+
+## 强制安全检查
+
+在任何提交之前：
+- [ ] 无硬编码密钥（API 密钥、密码、令牌）
+- [ ] 所有用户输入已验证
+- [ ] SQL 注入防护（参数化查询）
+- [ ] XSS 防护（净化 HTML）
+- [ ] CSRF 保护已启用
+- [ ] 认证/授权已验证
+- [ ] 所有端点启用速率限制
+- [ ] 错误消息不泄露敏感数据
+
+## 密钥管理
+
+- 永远不要在源代码中硬编码密钥
+- 始终使用环境变量或密钥管理器
+- 启动时验证所需的密钥是否存在
+- 轮换任何可能已暴露的密钥
+
+## 安全响应协议
+
+如果发现安全问题：
+1. 立即停止
+2. 使用 **security-reviewer** 代理
+3. 在继续之前修复关键问题
+4. 轮换任何已暴露的密钥
+5. 审查整个代码库中的类似问题

rules/zh/testing.md

@@ -0,0 +1,29 @@
+# 测试要求
+
+## 最低测试覆盖率：80%
+
+测试类型（全部必需）：
+1. **单元测试** - 单个函数、工具、组件
+2. **集成测试** - API 端点、数据库操作
+3. **E2E 测试** - 关键用户流程（框架根据语言选择）
+
+## 测试驱动开发
+
+强制工作流：
+1. 先写测试（RED）
+2. 运行测试 - 应该失败
+3. 编写最小实现（GREEN）
+4. 运行测试 - 应该通过
+5. 重构（IMPROVE）
+6. 验证覆盖率（80%+）
+
+## 测试失败排查
+
+1. 使用 **tdd-guide** 代理
+2. 检查测试隔离
+3. 验证模拟是否正确
+4. 修复实现，而非测试（除非测试有误）
+
+## 代理支持
+
+- **tdd-guide** - 主动用于新功能，强制先写测试

scripts/codex/check-codex-global-state.sh

@@ -11,7 +11,7 @@ CODEX_HOME="${CODEX_HOME:-$HOME/.codex}"
 CONFIG_FILE="$CODEX_HOME/config.toml"
 AGENTS_FILE="$CODEX_HOME/AGENTS.md"
 PROMPTS_DIR="$CODEX_HOME/prompts"
-SKILLS_DIR="$CODEX_HOME/skills"
+SKILLS_DIR="${AGENTS_HOME:-$HOME/.agents}/skills"
 HOOKS_DIR_EXPECT="${ECC_GLOBAL_HOOKS_DIR:-$CODEX_HOME/git-hooks}"
 
 failures=0
@@ -150,12 +150,12 @@ if [[ -d "$SKILLS_DIR" ]]; then
   done
 
   if [[ "$missing_skills" -eq 0 ]]; then
-    ok "All 16 ECC Codex skills are present"
+    ok "All 16 ECC skills are present in $SKILLS_DIR"
   else
-    fail "$missing_skills required skills are missing"
+    warn "$missing_skills ECC skills missing from $SKILLS_DIR (install via ECC installer or npx skills)"
   fi
 else
-  fail "Skills directory missing ($SKILLS_DIR)"
+  warn "Skills directory missing ($SKILLS_DIR) — install via ECC installer or npx skills"
 fi
 
 if [[ -f "$PROMPTS_DIR/ecc-prompts-manifest.txt" ]]; then

scripts/sync-ecc-to-codex.sh

@@ -4,7 +4,6 @@ set -euo pipefail
 # Sync Everything Claude Code (ECC) assets into a local Codex CLI setup.
 # - Backs up ~/.codex config and AGENTS.md
 # - Merges ECC AGENTS.md into existing AGENTS.md (marker-based, preserves user content)
-# - Syncs Codex-ready skills from .agents/skills
 # - Generates prompt files from commands/*.md
 # - Generates Codex QA wrappers and optional language rule-pack prompts
 # - Installs global git safety hooks (pre-commit and pre-push)
@@ -28,8 +27,6 @@ CONFIG_FILE="$CODEX_HOME/config.toml"
 AGENTS_FILE="$CODEX_HOME/AGENTS.md"
 AGENTS_ROOT_SRC="$REPO_ROOT/AGENTS.md"
 AGENTS_CODEX_SUPP_SRC="$REPO_ROOT/.codex/AGENTS.md"
-SKILLS_SRC="$REPO_ROOT/.agents/skills"
-SKILLS_DEST="$CODEX_HOME/skills"
 PROMPTS_SRC="$REPO_ROOT/commands"
 PROMPTS_DEST="$CODEX_HOME/prompts"
 HOOKS_INSTALLER="$REPO_ROOT/scripts/codex/install-global-git-hooks.sh"
@@ -133,7 +130,6 @@ MCP_MERGE_SCRIPT="$REPO_ROOT/scripts/codex/merge-mcp-config.js"
 
 require_path "$REPO_ROOT/AGENTS.md" "ECC AGENTS.md"
 require_path "$AGENTS_CODEX_SUPP_SRC" "ECC Codex AGENTS supplement"
-require_path "$SKILLS_SRC" "ECC skills directory"
 require_path "$PROMPTS_SRC" "ECC commands directory"
 require_path "$HOOKS_INSTALLER" "ECC global git hooks installer"
 require_path "$SANITY_CHECKER" "ECC global sanity checker"
@@ -235,17 +231,9 @@ else
   fi
 fi
 
-log "Syncing ECC Codex skills"
-run_or_echo mkdir -p "$SKILLS_DEST"
-skills_count=0
-for skill_dir in "$SKILLS_SRC"/*; do
-  [[ -d "$skill_dir" ]] || continue
-  skill_name="$(basename "$skill_dir")"
-  dest="$SKILLS_DEST/$skill_name"
-  run_or_echo rm -rf "$dest"
-  run_or_echo cp -R "$skill_dir" "$dest"
-  skills_count=$((skills_count + 1))
-done
+# Skills are NOT synced here — Codex CLI reads directly from
+# ~/.agents/skills/ (installed by ECC installer / npx skills).
+# Copying into ~/.codex/skills/ was unnecessary.
 
 log "Generating prompt files from ECC commands"
 run_or_echo mkdir -p "$PROMPTS_DEST"
@@ -486,7 +474,6 @@ fi
 
 log "Sync complete"
 log "Backup saved at: $BACKUP_DIR"
-log "Skills synced: $skills_count"
 log "Prompts generated: $((prompt_count + extension_count)) (commands: $prompt_count, extensions: $extension_count)"
 
 if [[ "$MODE" == "apply" ]]; then

skills/laravel-plugin-discovery/SKILL.md

@@ -0,0 +1,229 @@
+---
+name: laravel-plugin-discovery
+description: Discover and evaluate Laravel packages via LaraPlugins.io MCP. Use when the user wants to find plugins, check package health, or assess Laravel/PHP compatibility.
+origin: ECC
+---
+
+# Laravel Plugin Discovery
+
+Find, evaluate, and choose healthy Laravel packages using the LaraPlugins.io MCP server.
+
+## When to Use
+
+- User wants to find Laravel packages for a specific feature (e.g. "auth", "permissions", "admin panel")
+- User asks "what package should I use for..." or "is there a Laravel package for..."
+- User wants to check if a package is actively maintained
+- User needs to verify Laravel version compatibility
+- User wants to assess package health before adding to a project
+
+## MCP Requirement
+
+LaraPlugins MCP server must be configured. Add to your `~/.claude.json` mcpServers:
+
+```json
+"laraplugins": {
+  "type": "http",
+  "url": "https://laraplugins.io/mcp/plugins"
+}
+```
+
+No API key required — the server is free for the Laravel community.
+
+## MCP Tools
+
+The LaraPlugins MCP provides two primary tools:
+
+### SearchPluginTool
+
+Search packages by keyword, health score, vendor, and version compatibility.
+
+**Parameters:**
+- `text_search` (string, optional): Keyword to search (e.g. "permission", "admin", "api")
+- `health_score` (string, optional): Filter by health band — `Healthy`, `Medium`, `Unhealthy`, or `Unrated`
+- `laravel_compatibility` (string, optional): Filter by Laravel version — `"5"`, `"6"`, `"7"`, `"8"`, `"9"`, `"10"`, `"11"`, `"12"`, `"13"`
+- `php_compatibility` (string, optional): Filter by PHP version — `"7.4"`, `"8.0"`, `"8.1"`, `"8.2"`, `"8.3"`, `"8.4"`, `"8.5"`
+- `vendor_filter` (string, optional): Filter by vendor name (e.g. "spatie", "laravel")
+- `page` (number, optional): Page number for pagination
+
+### GetPluginDetailsTool
+
+Fetch detailed metrics, readme content, and version history for a specific package.
+
+**Parameters:**
+- `package` (string, required): Full Composer package name (e.g. "spatie/laravel-permission")
+- `include_versions` (boolean, optional): Include version history in response
+
+---
+
+## How It Works
+
+### Finding Packages
+
+When the user wants to discover packages for a feature:
+
+1. Use `SearchPluginTool` with relevant keywords
+2. Apply filters for health score, Laravel version, or PHP version
+3. Review the results with package names, descriptions, and health indicators
+
+### Evaluating Packages
+
+When the user wants to assess a specific package:
+
+1. Use `GetPluginDetailsTool` with the package name
+2. Review health score, last updated date, Laravel version support
+3. Check vendor reputation and risk indicators
+
+### Checking Compatibility
+
+When the user needs Laravel or PHP version compatibility:
+
+1. Search with `laravel_compatibility` filter set to their version
+2. Or get details on a specific package to see its supported versions
+
+---
+
+## Examples
+
+### Example: Find Authentication Packages
+
+```
+SearchPluginTool({
+  text_search: "authentication",
+  health_score: "Healthy"
+})
+```
+
+Returns packages matching "authentication" with healthy status:
+- spatie/laravel-permission
+- laravel/breeze
+- laravel/passport
+- etc.
+
+### Example: Find Laravel 12 Compatible Packages
+
+```
+SearchPluginTool({
+  text_search: "admin panel",
+  laravel_compatibility: "12"
+})
+```
+
+Returns packages compatible with Laravel 12.
+
+### Example: Get Package Details
+
+```
+GetPluginDetailsTool({
+  package: "spatie/laravel-permission",
+  include_versions: true
+})
+```
+
+Returns:
+- Health score and last activity
+- Laravel/PHP version support
+- Vendor reputation (risk score)
+- Version history
+- Brief description
+
+### Example: Find Packages by Vendor
+
+```
+SearchPluginTool({
+  vendor_filter: "spatie",
+  health_score: "Healthy"
+})
+```
+
+Returns all healthy packages from vendor "spatie".
+
+---
+
+## Filtering Best Practices
+
+### By Health Score
+
+| Health Band | Meaning |
+|-------------|---------|
+| `Healthy` | Active maintenance, recent updates |
+| `Medium` | Occasional updates, may need attention |
+| `Unhealthy` | Abandoned or infrequently maintained |
+| `Unrated` | Not yet assessed |
+
+**Recommendation**: Prefer `Healthy` packages for production applications.
+
+### By Laravel Version
+
+| Version | Notes |
+|---------|-------|
+| `13` | Latest Laravel |
+| `12` | Current stable |
+| `11` | Still widely used |
+| `10` | Legacy but common |
+| `5`-`9` | Deprecated |
+
+**Recommendation**: Match the target project's Laravel version.
+
+### Combining Filters
+
+```typescript
+// Find healthy, Laravel 12 compatible packages for permissions
+SearchPluginTool({
+  text_search: "permission",
+  health_score: "Healthy",
+  laravel_compatibility: "12"
+})
+```
+
+---
+
+## Response Interpretation
+
+### Search Results
+
+Each result includes:
+- Package name (e.g. `spatie/laravel-permission`)
+- Brief description
+- Health status indicator
+- Laravel version support badges
+
+### Package Details
+
+The detailed response includes:
+- **Health Score**: Numeric or band indicator
+- **Last Activity**: When the package was last updated
+- **Laravel Support**: Version compatibility matrix
+- **PHP Support**: PHP version compatibility
+- **Risk Score**: Vendor trust indicators
+- **Version History**: Recent release timeline
+
+---
+
+## Common Use Cases
+
+| Scenario | Recommended Approach |
+|----------|---------------------|
+| "What package for auth?" | Search "auth" with healthy filter |
+| "Is spatie/package still maintained?" | Get details, check health score |
+| "Need Laravel 12 packages" | Search with laravel_compatibility: "12" |
+| "Find admin panel packages" | Search "admin panel", review results |
+| "Check vendor reputation" | Search by vendor, check details |
+
+---
+
+## Best Practices
+
+1. **Always filter by health** — Use `health_score: "Healthy"` for production projects
+2. **Match Laravel version** — Always check `laravel_compatibility` matches the target project
+3. **Check vendor reputation** — Prefer packages from known vendors (spatie, laravel, etc.)
+4. **Review before recommending** — Use GetPluginDetailsTool for a comprehensive assessment
+5. **No API key needed** — The MCP is free, no authentication required
+
+---
+
+## Related Skills
+
+- `laravel-patterns` — Laravel architecture and patterns
+- `laravel-tdd` — Test-driven development for Laravel
+- `laravel-security` — Laravel security best practices
+- `documentation-lookup` — General library documentation lookup (Context7)

skills/repo-scan/SKILL.md

@@ -0,0 +1,78 @@
+---
+name: repo-scan
+description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
+origin: community
+---
+
+# repo-scan
+
+> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
+
+## When to Use
+
+- Taking over a large legacy codebase and need a structural overview
+- Before major refactoring — identify what's core, what's duplicate, what's dead
+- Auditing third-party dependencies embedded directly in source (not declared in package managers)
+- Preparing architecture decision records for monorepo reorganization
+
+## Installation
+
+```bash
+# Fetch only the pinned commit for reproducibility
+mkdir -p ~/.claude/skills/repo-scan
+git init repo-scan
+cd repo-scan
+git remote add origin https://github.com/haibindev/repo-scan.git
+git fetch --depth 1 origin 2742664
+git checkout --detach FETCH_HEAD
+cp -r . ~/.claude/skills/repo-scan
+```
+
+> Review the source before installing any agent skill.
+
+## Core Capabilities
+
+| Capability | Description |
+|---|---|
+| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
+| **File classification** | Every file tagged as project code, third-party, or build artifact |
+| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
+| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
+| **HTML reports** | Interactive dark-theme pages with drill-down navigation |
+| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
+
+## Analysis Depth Levels
+
+| Level | Files Read | Use Case |
+|---|---|---|
+| `fast` | 1-2 per module | Quick inventory of huge directories |
+| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
+| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
+| `full` | All files | Pre-merge comprehensive review |
+
+## How It Works
+
+1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
+2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
+3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
+4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
+5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.
+
+## Examples
+
+On a 50,000-file C++ monorepo:
+- Found FFmpeg 2.x (2015 vintage) still in production
+- Discovered the same SDK wrapper duplicated 3 times
+- Identified 636 MB of committed Debug/ipch/obj build artifacts
+- Classified: 3 MB project code vs 596 MB third-party
+
+## Best Practices
+
+- Start with `standard` depth for first-time audits
+- Use `fast` for monorepos with 100+ modules to get a quick inventory
+- Run `deep` incrementally on modules flagged for refactoring
+- Review the cross-module analysis for duplicate detection across sub-projects
+
+## Links
+
+- [GitHub Repository](https://github.com/haibindev/repo-scan)

skills/tdd-workflow/SKILL.md

@@ -47,6 +47,19 @@ ALWAYS write tests first, then implement code to make tests pass.
 - Browser automation
 - UI interactions
 
+### 4. Git Checkpoints
+- If the repository is under Git, create a checkpoint commit after each TDD stage
+- Do not squash or rewrite these checkpoint commits until the workflow is complete
+- Each checkpoint commit message must describe the stage and the exact evidence captured
+- Count only commits created on the current active branch for the current task
+- Do not treat commits from other branches, earlier unrelated work, or distant branch history as valid checkpoint evidence
+- Before treating a checkpoint as satisfied, verify that the commit is reachable from the current `HEAD` on the active branch and belongs to the current task sequence
+- The preferred compact workflow is:
+  - one commit for failing test added and RED validated
+  - one commit for minimal fix applied and GREEN validated
+  - one optional commit for refactor complete
+- Separate evidence-only commits are not required if the test commit clearly corresponds to RED and the fix commit clearly corresponds to GREEN
+
 ## TDD Workflow Steps
 
 ### Step 1: Write User Journeys
@@ -87,6 +100,29 @@ npm test
 # Tests should fail - we haven't implemented yet
 ```
 
+This step is mandatory and is the RED gate for all production changes.
+
+Before modifying business logic or other production code, you must verify a valid RED state via one of these paths:
+- Runtime RED:
+  - The relevant test target compiles successfully
+  - The new or changed test is actually executed
+  - The result is RED
+- Compile-time RED:
+  - The new test newly instantiates, references, or exercises the buggy code path
+  - The compile failure is itself the intended RED signal
+- In either case, the failure is caused by the intended business-logic bug, undefined behavior, or missing implementation
+- The failure is not caused only by unrelated syntax errors, broken test setup, missing dependencies, or unrelated regressions
+
+A test that was only written but not compiled and executed does not count as RED.
+
+Do not edit production code until this RED state is confirmed.
+
+If the repository is under Git, create a checkpoint commit immediately after this stage is validated.
+Recommended commit message format:
+- `test: add reproducer for <feature or bug>`
+- This commit may also serve as the RED validation checkpoint if the reproducer was compiled and executed and failed for the intended reason
+- Verify that this checkpoint commit is on the current active branch before continuing
+
 ### Step 4: Implement Code
 Write minimal code to make tests pass:
 
@@ -97,12 +133,24 @@ export async function searchMarkets(query: string) {
 }
 ```
 
+If the repository is under Git, stage the minimal fix now but defer the checkpoint commit until GREEN is validated in Step 5.
+
 ### Step 5: Run Tests Again
 ```bash
 npm test
 # Tests should now pass
 ```
 
+Rerun the same relevant test target after the fix and confirm the previously failing test is now GREEN.
+
+Only after a valid GREEN result may you proceed to refactor.
+
+If the repository is under Git, create a checkpoint commit immediately after GREEN is validated.
+Recommended commit message format:
+- `fix: <feature or bug>`
+- The fix commit may also serve as the GREEN validation checkpoint if the same relevant test target was rerun and passed
+- Verify that this checkpoint commit is on the current active branch before continuing
+
 ### Step 6: Refactor
 Improve code quality while keeping tests green:
 - Remove duplication
@@ -110,6 +158,11 @@ Improve code quality while keeping tests green:
 - Optimize performance
 - Enhance readability
 
+If the repository is under Git, create a checkpoint commit immediately after refactoring is complete and tests remain green.
+Recommended commit message format:
+- `refactor: clean up after <feature or bug> implementation`
+- Verify that this checkpoint commit is on the current active branch before considering the TDD cycle complete
+
 ### Step 7: Verify Coverage
 ```bash
 npm run test:coverage

tests/scripts/sync-ecc-to-codex.test.js

@@ -69,8 +69,9 @@ function runTests() {
 
   if (test('filesystem-changing calls use argv-form run_or_echo invocations', () => {
     assert.ok(source.includes('run_or_echo mkdir -p "$BACKUP_DIR"'), 'mkdir should use argv form');
-    assert.ok(source.includes('run_or_echo rm -rf "$dest"'), 'rm should use argv form');
-    assert.ok(source.includes('run_or_echo cp -R "$skill_dir" "$dest"'), 'recursive copy should use argv form');
+    // Skills sync rm/cp calls were removed — Codex reads from ~/.agents/skills/ natively
+    assert.ok(!source.includes('run_or_echo rm -rf "$dest"'), 'skill sync rm should be removed');
+    assert.ok(!source.includes('run_or_echo cp -R "$skill_dir" "$dest"'), 'skill sync cp should be removed');
   })) passed++; else failed++;
 
   console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);