Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased]
[8.19.2] - 2026-07-03
Audit exhaustif multi-agents (équipe domaines + devil's advocate, Context7 + recherche web, alignement sur les 4 articles Anthropic : Dynamic Workflows, Skills, Loops, what's-new v2.1.193).
Fixed
- Hooks PostToolUse morts : les hooks inline (Grep/Glob/Read dans
.claude/settings.json, Bash/Grep dans les 5Dev/i18n/*/Common/templates/settings.json.template) lisaient un champ inexistant.tool_output→OUTPUT_SIZEtoujours nul, les gardes>50KBne se déclenchaient jamais (no-op silencieux livré à chaque projet installé). Corrigé vers la chaîne canonique.tool_response.stdout? // .tool_response? // .tool_result? // empty(celle déjà utilisée paroutput-filter.json). Gain contexte réel restauré. - Fraîcheur versions : React Native
0.86→0.85(0.86 n'existe pas ; dernier stable = 0.85.3, confirmé endoflife + skills internes « 0.85+ ») propagé sur registry + 5 langues + docs ; Docker29.6.0→29.6.1(patch du 2026-06-26 manqué par l'audit du 30 juin). Garde-fous denylist ajoutés (29.6.0,RN 0.86). docs/guides/AUTO-MODE.mdentièrement fictif : documentaitclaude config auto-mode.profile+ profilsauto_approve/confirm/block(API inexistante). Réécrit sur le vrai auto mode (classifieur post-permissions, blocautoModedans settings.json :environment/allow/soft_deny/hard_deny/classifyAllShell, splice$defaults,claude auto-mode defaults|config|critique, revue des refus sous/permissions). Template.claude/templates/auto-mode-profile.jsonremplacé par un vrai fragmentautoMode.- Supply-chain :
sigstore/cosign-installerépinglé au SHA (7e8b541…ebc5 # pinned: v3.10.1) danssbom.yml— les 6 actions du workflow sont désormais toutes SHA-pinnées (règle 11). - Couverture shellcheck :
website/scripts/ajouté aux deux gates (shellcheck.ymlstrict +package.jsonlint:shell) ;video/render-all.shdurciset -e→set -euo pipefail. - Onboarding — infos fausses : la table de détection de stack de
getting-started.md(5 langues) mappait Paperclip →Cargo.toml/Rust et listaitgo.mod→Go /mix.exs→Elixir (stacks inexistants) → corrigée (Paperclip = Node/TS via--tech=paperclip, Go/Elixir retirés). Compteur de commandes obsolète211→220(5 langues).docs/QUICKSTART.md:paperclipajouté à la liste--tech. /qa:fix: la table de dépannage référençait/bmad:init(commande supprimée) →/workflow:init(5 langues i18n + copie.claude/).docs/AGENTS.md: « Model distribution » erroné (4/12/15) → réel 4 opus / 14 sonnet / 13 haiku (performance-auditor et research-assistant sont sonnet depuis 8.17.0, jamais répercuté).marketplace.json: version figée à8.16.1alors queplugin.json/dépôt sont à 8.19.1 (dérive silencieuse) → resynchronisée.- Installeur
Project/install-project-commands.sh— i18n : résumé de fin de commande et contenu scaffold (CLAUDE.md,README.md,backlog/index.md) étaient hardcodés en français même avec--lang=en. Résumé désormais gaté (anglais par défaut, français si--lang=fr) ; les 3 heredocs externalisés enProject/i18n/{en,fr}/scaffold/et sourcés par langue avec fallback anglais (script réduit 531→304 lignes). Vérifié par dry-run install en+fr (bash -n + shellcheck stricts verts).
Changed
- 26 skills — frontmatter assaini : retrait des blocs inertes
triggers:/auto_suggest:(non reconnus par Claude Code, pur coût tokens) sur les 25 skills concernés ; retrait dedisable-model-invocation: truesur 11 skills dont la description est rédigée en déclencheur automatique (« Use when… ») — l'auto-invocation est désormais alignée sur l'intent marketé (règle 12 « heavy auto-forking skills ») et la leçon Anthropic « descriptions = triggers ». Propagé à la couche de distributionDev/i18n/base/Common/skills/(9 fichiers, format multi-ligne). tdd-coach:effort: high→medium(seul agentmodel: sonnethors du patternsonnet+medium;/effort high= Opus dans la table de routing du dépôt).- 5 descriptions de skills sous-spécifiées (value-objects, aggregates, domain-events, ddd-patterns, tooling) : trigger identique « Use when implementing DDD patterns » / « working with tooling » → réécrit avec un déclencheur différenciant par skill (meilleure auto-sélection, moins de faux positifs).
Security
- SEC-1 (critique) — hooks PreToolUse inopérants : les 4 hooks de blocage (Bash download/dangerous, Edit/Write secrets) de
.claude/settings.jsonet.claude/settings.local.json.examplefaisaientexit 1au lieu deexit 2→ le blocage ne se produisait jamais (seulexit 2bloque un appel d'outil ; cf.docs/HOOKS.md). Les messagesBLOCKED:donnaient une fausse impression de protection. Corrigé partout (exit 1→exit 2). Les templates.claude/templates/hooks/et les 5 templates distribuésDev/i18n/étaient déjà corrects. - SEC-2 —
curl URL | bash: le hook download ne détectait pas le pattern RCE le plus courant (pipe vers un interpréteur). Clause ajoutée ((curl|wget)…\| (sh|bash|zsh|python|perl|ruby)) danssettings.json,settings.local.json.example,security-block.json. - SEC-3 — denylist secrets élargie : la regex de protection ne couvrait que
.env/credentials/secrets/id_rsa→ ajout de.envrc,id_ed25519/ecdsa/dsa,*.pem,*.p12/pfx,*.key,.npmrc,.netrc,kubeconfig(8 fichiers : settings + example +protect-files.json+ 5 templates i18n). - SEC-4 — cohérence supply-chain :
npm-publish.ymlalignaitnpm audit --audit-level=highsurmoderate(conforme àci.yml+ règle 11).
Added
docs/CLI-REFERENCE.md: sections dédiées/loop(taxonomie des 4 types de boucles Anthropic : turn / goal / time / proactive ; mode intervalle vs self-pacedScheduleWakeup; combinaison/goal) et/schedule(Routines cloud pour jobs non-surveillés qui survivent à la fermeture de session — QA recette, ralph-run).- Skill
dynamic-workflows: sous-section « Réutilisation & garde-fous » —/deep-researchintégré, sauvegarde d'un run via/workflows→s, ⚠️ sécurité acceptEdits (les sous-agents auto-approuvent les éditions quel que soit le mode de session), coupe-circuitdisableWorkflows/CLAUDE_CODE_DISABLE_WORKFLOWS. - Gate CI cohérence des manifestes (
verify-versions.mjs, GAP-01) : échoue si.claude-plugin/plugin.jsonoumarketplace.jsondivergent de la versionpackage.json— prévient la dérive de manifeste corrigée ci-dessus. - Décisions de scope produit (
docs/ROADMAP.md) : GAP-02 (.mcp.jsonpré-configuré → opt-in manuel maintenu, règle 11), GAP-04 (skills marketplace maison → parkée au profit de l'Anthropic Skills Marketplace), GAP-06 (scaffoldingclaude-craft new→ hors-scope, Claude Craft reste une couche de config/augmentation).
[8.19.1] - 2026-07-01
Fixed
- Workflow SBOM : pins corrigés (
@cyclonedx/cyclonedx-npm@5,sigstore/cosign-installer@v3.10.1— les versions@6/@v3.8.1introduites en 8.19.0 n'existaient pas) ; étape de signature cosign keyless passée encontinue-on-error(l'OIDC keyless n'est dispo que sur le dépôt upstream). Vérifié vert viaworkflow_dispatch. La publication NPM de 8.19.0 n'était pas affectée.
Changed
- Migration js-yaml 4 → 5 (
^4.2.0→^5.2.0) : js-yaml 5 est ESM-only (exports nommés, plus dedefault) et lève désormais une exception sur une entrée vide. 7 fichiers passés àimport * as yaml from 'js-yaml';sprint-cache.jsetfrontmatter.jstraitent un fichier/frontmatter vide commenull/{}(le YAML malformé lève toujours). Remplace Dependabot #111. - Bumps de dépendances (Dependabot) : eslint 10.6.0, prettier 3.9.3, @commitlint 21.1.0 (dev) ; @playwright/test 1.61.1, @axe-core/playwright 4.12.1 (website) ;
actions/cache6.1.0 ; @hono/node-server 2.0.6. - Formations : lineup modèles courant ajouté à la section effort du guide 03 (5 langues) — Haiku 4.5 / Sonnet 5 / Opus 4.8, alias
model: sonnet= Sonnet 5, Fable 5 suspendu.
[8.19.0] - 2026-06-30
Audit exhaustif multi-agents (18 lentilles : 7 domaines + 11 stacks, vérification adverse — 70/90 findings confirmés). Rapport : audit/2026-06-30/00-AUDIT-REPORT.md.
Added
- Skill
dynamic-workflows: intègre les Dynamic Workflows de Claude Code (déclencheurultracode) — 3 paliers d'orchestration (sub-agent / Agent Teams / Dynamic Workflows), patterns composables (fan-out & synthesize, vérification adversariale, pipeline, loop-until-dry), monitoring/workflows. Distribué via.claude/skills/+Dev/i18n/base/.sub-agents-patterns.mdgagne une section dédiée. - Modèle Sonnet 5 (
claude-sonnet-5, sorti 2026-06-30) : intégré comme Sonnet courant dans le SSOTconfig/versions.yaml,rules/12,COMPATIBILITY,FAQ(grille prix/routage),CLI-REFERENCE,README,settings(.local).json,setup-rtk. Tarif intro $2/$10 → $3/$15 au 2026-08-31 ; agentique, comble l'écart avec Opus 4.8. Sonnet 4.6 conservé comme prédécesseur. - Claude Code 2.1.193 (semaine 26) recommandé :
claude mcp login/logout, Artifacts,/rewindpost-/clear,/cd, sous-agents imbriqués (5 niveaux), deny/ask rulesTool(param:value)documentés (COMPATIBILITY,rules/12). Table « coût tokens & routage modèle par tâche » +/usage(attribution par composant) ajoutés. - CI/Supply-chain : gate
npm audit --audit-level=moderatedansci.yml(PR) ; signature Sigstore/cosign keyless du SBOM (sbom.yml,id-token: write) ; suiteralph-behavioral.batsréintégrée.
Changed
tdd-coach: Opus → Sonnet (optimisation coût — le coaching TDD ne requiert pas Opus, ~5× moins cher). 4 agents Opus restants. Hookoutput-filter.jsontronque désormais réellement les outputs >50 KB viahookSpecificOutput.updatedToolOutput(au lieu d'unsystemMessageindicatif).- Stacks (références + 5 langues) : corrections de bonnes pratiques 2026 — Angular (Signal Forms,
httpResource, zoneless), React (react-routerv7, Zod 4, Compiler), Vue (Rolldown, husky 9), Symfony (XXE réécrit, PHPUnit), Laravel/PHP/Python (Argon2id vs bcrypt, OWASP 2025), Flutter (BLoC/Riverpod 3 APIs), React Native (Reanimated 4, DevTools), C# (ES256 vs EdDSA), Paperclip (versions). - Sécurité (rules/11 + références) : bcrypt n'est plus assimilé à MD5/SHA1 (tier legacy-acceptable) ; RS256 « DEPRECATED » → « moins préféré » (non déprécié par l'IETF/NIST) ; règles de complexité de mot de passe alignées NIST SP 800-63B-4 ; agent
security-auditorcomplété à 10/10 catégories OWASP. - DX/Docs : guides corrigés
make … LANG=→RULES_LANG=(la formeLANG=était silencieusement ignorée → règles en anglais pour les non-anglophones) ; Node 20 (EOL) → 22 ;CHEAT-SHEET.mdentièrement anglicisé ; structure d'installrules/→references/réalignée ; compteurs commandes 125→126 / 219→220.
Removed
- Fable 5 / Mythos 5 retirés de toutes les recommandations (modèles suspendus depuis 2026-06-12 par directive export-control US, toujours offline). Agents créatifs routés vers Opus 4.8 / Sonnet 5.
claude-fable-5et2.1.168ajoutés à la denylistversions.yaml. Section « Adoption Roadmap v8.10.1 » périmée supprimée deCOMPATIBILITY.
[8.18.2] - 2026-06-30
Fixed
- Descriptions de commandes garanties : 91 fichiers commande (sur 1110) n'exposaient pas de description exploitable. 79 avaient un frontmatter YAML malformé (deux-points non quoté dans
description:, ouargument-hint: [a] [b]interprété comme une séquence flow invalide) que le parser js-yaml strict degenerate-references.mjsfaisait silencieusement tomber à_no description_; 12 étaient réellement sans description. Valeursdescription/argument-hintquotées, descriptions manquantes ajoutées (localisées par langue + couchebase/+.claude/),COMMANDS-FULL-REFERENCE.mdrégénéré (occurrences_no description_: 79+ → 0).
Added
- Garde-fou descriptions :
tests/scripts/command-descriptions.test.mjs(4 tests) impose, sur les 1110 fichiers commande des 4 layouts, que chacun ait un bloc frontmatter, parse en YAML strict et expose une description non vide. Reproduit le parsing de production → toute future commande sans description (ou au YAML cassé) fait échouer la CI.
[8.18.1] - 2026-06-28
Changed
- Site de documentation — Lighthouse 100 + zéro erreur console : score Lighthouse 100 (médiane) sur les 4 catégories (Performance, Accessibility, Best Practices, SEO) sur tous les écrans, avec zéro erreur console. Tests écrits avant correction (TDD) : gate Lighthouse dockerisé (
website/tests/lighthouse/),console-errors.spec.ts, etaccessibility.spec.tsdurci (WCAG 2.1 AA complet,color-contrastréactivé). - Accessibilité (WCAG 2.1 AA réel) : contrastes corrigés (brand, label langage code, texte muté, commentaire Shiki),
label-content-name-mismatchdu bouton de recherche, etnested-interactivedu caret de sidebar collapsible (patchLayout.vue). - Performance : fonts self-hostées (suppression de la requête Google Fonts externe),
content-visibilitysur les tables denses, profondeur d'outline réduite. La page de référence des commandes (anglais) est découpée en index léger + une page par namespace (website/scripts/split-commands.mjs) pour atteindre 100.
Fixed
- Régression potentielle d'accessibilité : le test axe du site n'excluait plus
color-contrastni les composants du thème — toute violation WCAG 2.1 AA fait désormais échouer la CI.
[8.18.0] - 2026-06-27
Added
- Commande
/workflow:auto-sprint: orchestrateur de sprint de bout en bout jouant le rôle Product Owner / Scrum Master. Enchaîne en une seule commandestart → decompose → validate → implement → PR → CI watch → review → retro → merge. Chaque cérémonie s'exécute dans un sous-agent au contexte isolé — l'isolation remplace le/clearmanuel entre les étapes ; la phase d'implémentation assume le rôle conductor inline (réutilise/team:sprint) pour éviter le nesting d'Agent Teams. Ajoute création de PR, surveillance CI et merge viagh. Merge--auto-mergeopt-in (défaut : pause + GO humain, conforme règle 09 + Karpathy) ; échec de gate (validate KO / CI rouge / DoD miss) déclenche un auto-fix loop borné (--max-fix-attempts). Livrée en 5 langues (Dev/i18n/{en,fr,es,de,pt}).
Changed
- Compteurs de commandes :
126 core / 220 total(au lieu de125 / 219) —COMMANDS.md,COMMANDS-FULL-REFERENCE.md(régénéré),README.md,.claude/CLAUDE.md. Testnamespace-integritymis à jour (namespace Workflow 9 → 10).
[8.17.2] - 2026-06-26
Added
- Tutoriel end-to-end phare :
docs/guides/{en,fr,es,de,pt}/10-complete-workflow.mdréécrit en walkthrough narré pour grands débutants (idée → backlog → design → sprint TDD → suivi Kanban → clôture), inspiré de la pédagogie « TUTORIEL-CLAUDE-CRAFT » : glossaire, section anti-confusion des modes d'exécution, marqueurs/clear, gates explicités, exemple TaskFlow + annexe multi-stack. Lié depuisREADME.mdetdocs/guides/index.md. - Index de migration :
docs/MIGRATION.mdaiguille désormais vers les guides d'upgrade par version (v3→v8).
Changed
- Fraîcheur documentaire : réalignement complet sur la source unique de vérité —
125 core / 219 totalcommandes (au lieu de133),55skills (au lieu de48),11stacks, Claude Code2.1.97min /2.1.168rec (au lieu de2.1.107), Flutter3.44, React Native0.86, Symfony8.1 / PHP 8.4+. Placeholderrésolu dans QUICKSTART. - Dédup : en-têtes « narré vs full » sur
COMMANDS.md/AGENTS.md; bannière🚧 PLANIFIÉsurdocs/mcp/MCP-SERVERS.md; cross-links + rôles entreCOMPETITIVE-ANALYSIS.md(stratégique) etcomparison-claude-craft-vs-superclaude.md(user-facing). - Site web : badges de version hardcodés des composants Vue (
LandingPage.vue,StatsGrid.vue,AgentShowcase.vue) réalignés ; nouveau token de denylist anti-régression dansconfig/versions.yaml.
Fixed
- Commande inexistante
/bmad:initremplacée par/workflow:initdans les fichiers courants (le namespace/bmad:*n'existe pas ; les passages qui l'expliquent sont conservés).
Removed
docs/SECURITY.md: stub de redirection supprimé au profit duSECURITY.mdracine (source unique).
[8.17.1] - 2026-06-26
Added
- Makefile
test-scripts-docker: lance la suitetests/scripts/dans une image docker embarquant bash (TEST_IMAGE ?= node:24), afin que le workflow « TOUJOURS docker » dispose de bash.
Fixed
tests/scripts/sous image sans bash : les 12 fichiers qui exécutentbash "<script>.sh"(bashismes :[[ ]], arrays,type -t,local,${VAR:+}) échouaient avec/bin/sh: bash: not foundsous une image busybox/alpine. Ajout de la gardetests/scripts/bash-available.test.mjsqui codifie le prérequis GNU bash (docs/PREREQUISITES.md §2) avec un message actionnable pointant versmake test-scripts-docker.
[8.17.0] - 2026-06-24
Added
- CLI-REFERENCE.md : documentation des commandes
/goal(v2.1.168+),/usage(v2.1.168+),/workflows(v2.1.154+) absentes du guide. - OWASP Top 10:2025 — 10 catégories complètes : la règle
11-security.mddocumentait 7/10 catégories ; ajout des catégories #8 (Authentication Failures), #9 (Security Logging and Monitoring Failures), #10 (Vulnerable and Outdated Components). - claude-fable-5 dans la table d'effort de
12-context-management.md(ajout note d'usage pour agents créatifs). - Hooks anti-pattern dans
11-security.mdetreferences/base/security.md: section dédiée documentant que$TOOL_INPUT/$TOOL_OUTPUTne sont pas des variables shell — input du hook sur stdin JSON.
Changed
- Versions infra : Docker 29.5.3 → 29.6.0, OpenTofu 1.12.1 → 1.12.2, Ansible 2.21.0 → 2.21.1, Helm 4.2.0 → 4.2.2, Node.js libellé corrigé (24.x Active LTS, 22.x Maintenance LTS).
- README : compteur de commandes corrigé (133 → 125 core / 219 total) — la valeur 133 n'avait pas été mise à jour depuis v8.8.
- Hook templates
protect-files.jsonetquality-gate.json: migration de l'anti-patternecho '$TOOL_INPUT' | jqvers la lecture stdin correcte (jq -r '.tool_input.…') + exit code 2 (bloquant) + structurehooksimbriquée. Ces templates étaient non fonctionnels comme guards de sécurité. 11-security.md: guidance Argon2id précisée (t>=3 min, t=4 recommandé haute sécurité) ; RS256 marqué DEPRECATED en nouveau code ; supply chain mis à jour (CycloneDX 1.6+ JSON prioritaire, SLSA L1 vianpm publish --provenance, audit gate--audit-level=moderate).12-context-management.md: compteur skills aveccontext:forkmis à jour (17 lourds + 7 moyens documentés) ; table modèles avec IDs canoniques complets.config/versions.yaml: denylist complétée (Docker 29.5.x, OpenTofu 1.12.1, Ansible 2.21.0, Helm 4.2.0).
Fixed
references/base/security.md: exemple de hook corrigé (anti-pattern$TOOL_INPUTremplacé par lecture stdin + note explicative).
[8.16.1] - 2026-06-16
Changed
- Dépendances : montée de version des dépendances et des GitHub Actions épinglées.
- prod :
hono4.12.24 → 4.12.25 (#88). - dev : groupe de 5 mises à jour (#89) ;
@playwright/test1.60.0 → 1.61.0 danswebsite(#90). - CI :
github/codeql-action(#87),actions/download-artifact4.2.1 → 8.0.1 (#85),aquasecurity/trivy-action(#86).
- prod :
[8.16.0] - 2026-06-15
Added
- Kanban — historique des sprints clôturés (
claude-craft kanban) : les stories dearchived_sprints.*du.bmad/sprint-status.yamlsont désormais ingérées en lecture seule. Le board (scopé au sprint actif), le Backlog, les Sprints et le Burndown couvrent l'ensemble des sprints, plus seulement le sprint courant. - Jeu de données de test BMAD v6 anonymisé et exhaustif (
tests/fixtures/wrandly-anon) + suites unit / fonctionnel / E2E (tests/kanban/wrandly-anon-*).
Fixed
- Kanban — board entièrement vide sur un vrai projet BMAD v6 :
SprintStatusSchemarejetaitassigned_to: nullet untdd_phasehors énum (not-started/review), marquant tout le fichier invalide → board + burndown vides. Schéma assoupli (passthrough,assigned_tonullable,tdd_phaselibre,metadatapassthrough préservantcapacity_points). - Priorités figées : les priorités BMAD
P0..P3sont mappées sur MoSCoW (avant : tout affiché « Should »). - Dépendances perdues : les dépendances en texte libre du YAML sont parsées en références d'id → le graphe Dependencies n'est plus vide.
- Métadonnées sprint (nom, dates, epic, points livrés) exposées ; shapes
sprintcohérentes entre/api/sprints,/api/sprints/:idet/api/sprints/current. - Incohérences d'écrans : progression topbar/sidebar scopée au sprint actif ; rafraîchissement SSE du burndown ; table sr-only du burndown jointe par date (a11y) ; couleurs
TASK_TYPEalignées au schéma ; compteur de tâches réconcilié pour les storiesdone; libellé d'arête du graphe Dependencies corrigé. - BurndownView — canvas dupliqué et navigation figée : l'instance
chartétait un$statelu et écrit dans le même$effect, créant une boucle réactive qui dupliquait le canvas uPlot et saturait la boucle d'événements (lehashchangene pouvait plus se propager).chartrepassé enletsimple.
[8.15.1] - 2026-06-15
Fixed
- Audit de fraîcheur 2026-06-15 — alignement des références/agents sur les versions vérifiées (source
Dev/i18n/5 langues + couche d'install.claude/) :- infra : provider
hcloudépinglé à1.65.0(config/versions.yaml+devops-engineer). - CI : matrice de test Node
[18, 20, 22]→[20, 22, 24](Node 18 EOL depuis avril 2025). - C# : ajout d'un avertissement de licence MediatR/AutoMapper (commerciale depuis v13) + alternatives MIT (Wolverine, Cortex.Mediator, ConduitR) dans
csharp-reviewer. - docs : version OpenAPI harmonisée sur
3.1.1(dernière stable) dans la règle documentation,references/base, le skill documentation et le template AGENTS. (#83)
- infra : provider
Security
- Dependabot #31 (esbuild GHSA-gv7w-rqvm-qjhr) — analysé et classé risque tolérable : vecteur RCE spécifique au module Deno (
lib/deno/mod.ts), non exploitable ici (esbuild via npm/Node, dépendance dev VitePress) ; le patch0.28.1n'est encore supporté par aucune release vite. À revoir au prochain bump vite.
[8.15.0] - 2026-06-15
Changed
- Refonte du design de l'interface web Kanban (
claude-craft kanban, SPA Svelte 5) à partir d'une maquette Claude Design. Thème dark-only opiniâtre, accent acid-lime (oklch, distinct des six teintes de statut), typographie Space Grotesk + JetBrains Mono auto-hébergée via@fontsource(bundlée par Vite, conforme à la CSPfont-src 'self'— Google Fonts bloqué).- Design system en deux feuilles globales :
app.css(tokens oklch + reset/a11y + shell) et nouvelleviews.css(board, modale, backlog, sprints, burndown, deps, docs, toasts, chips/atomes, densité, responsive). Shim de compatibilité pour les tokens legacy (--font/--ok/--warn/--info/--badge-fg). - Coloration extraite en helpers JS purs et testés (
lib/config.js:codeColor,epicHue,avatarColor,initials;tests/kanban/config.test.js, 21 tests) ; icônes inline (lib/icons.js) ; 8 composants présentational (Icon, Avatar, PriorityChip, TddPip, Points, TaskProgress, ProgressRing, TweaksPanel). - Panneau Tweaks : schéma de code couleur des cartes (statut / priorité / TDD / epic), accent et densité, persistés en
localStorageet appliqués aux variables CSS au runtime. - Shell (sidebar brandée + nav à icônes + carte sprint ; topbar avec recherche, sprint-pill, indicateur Live SSE, panneau Tweaks) et les 6 vues restylés. uPlot (burndown) et Cytoscape (deps) résolvent les tokens via
getComputedStyle(canvas n'honore pasvar()). - Préservé : drag&drop, navigation clavier,
<dialog>natifs (piège de focus), annoncesaria-live, gestion read-only.bmad/sprint-status.yaml. Build + suite complète verts. (#81)
- Design system en deux feuilles globales :
[8.14.0] - 2026-06-14
Added
- Dashboard Kanban web — accès à l'ensemble des artefacts BMAD v6 (
claude-craft kanban, SPA Svelte 5) : l'UI n'exposait que le board des stories, le grouping des epics, le burndown du sprint courant et les docs racine. Les rétrospectives, reviews, l'ensemble des sprints et les corps markdown étaient scannés mais inaccessibles.- Vue Sprints dédiée : nouvelle entrée de navigation listant tous les sprints (points, nombre de stories, badges goal/review/retro). Le détail d'un sprint rend le Goal, une table Stories avec leurs Tasks dépliables, et les sections Review et Retro (markdown rendu). Nouveaux endpoints
GET /api/sprintsetGET /api/sprints/:id; logique puresummarizeSprint()/sortSprints()testée. - DocsView élargi :
listDocs()sert désormais les corps markdown des EPIC, US, sprint-goal/board/review/retro/deps (catégorie dédiéesprint-retro) → tout est navigable dans l'arbre de documents. - Détail US enrichi : la modale détail du board charge la liste des tâches associées (id/type/statut/heures/assigné) et la description markdown de la story (
/api/stories/:idrenvoie désormaisbody).marked/DOMPurifyimportés dynamiquement (bundle du board inchangé). - Tests RED-first :
tests/kanban/sprints.test.js(logique pure) + endpoints (app.test.js) + classification (file-scanner.test.js). Suite complète verte. (#79)
- Vue Sprints dédiée : nouvelle entrée de navigation listant tous les sprints (points, nombre de stories, badges goal/review/retro). Le détail d'un sprint rend le Goal, une table Stories avec leurs Tasks dépliables, et les sections Review et Retro (markdown rendu). Nouveaux endpoints
[8.13.1] - 2026-06-14
Fixed
- Dashboard Kanban web (
claude-craft kanban, SPA Svelte 5) — 4 bugs corrigés en TDD (remontés sur un projet BMAD v6 réel où toutes les cartes proviennent de.bmad/sprint-status.yaml, donc_writable:false) :- Vue Backlog vide :
BacklogViewéliminait les stories dontepic_idest défini mais absent destore.epics(les stories YAML BMAD v6 portentepic_id="E1"sans fichier epic markdown) → écran blanc. Nouveau module purgroupStoriesByEpic()synthétise un groupe pour lesepic_idinconnus au lieu de les perdre. - Raccourcis clavier inopérants :
focusedColumnIndex/focusedCardIndexn'étaient jamais synchronisés avec la carte réellement focus (défaut colonne 0 = Backlog vide) → flèches/Alt+M/Entrée agissaient sur la mauvaise colonne. Synchronisation viaonfocus→locateCard()et handler réécrit en adaptateur fin sur un reducer purreduceKey(). - Détails de carte inaccessibles : aucune modale n'existait (Entrée n'écrivait que dans une région
aria-liveinvisible). Ajout d'une modale<dialog>native ouverte au clic/Entrée viabuildCardDetails(). - Déplacement en échec silencieux : les cartes
sprint-status.yaml(refusées serveur en 409 par design — single-writer conservé) affichent désormais un toast visible + une note explicite dans la modale. - Correctif latent : race d'ouverture des
<dialog>(Promise.resolve()→tick()). - Tests RED-first :
tests/kanban/backlog-grouping.test.js+tests/kanban/kanban-nav.test.js(logique pure, 23 tests). Suite complète verte. (#77)
- Vue Backlog vide :
[8.13.0] - 2026-06-12
Added
- Distribution des scripts AgentTeams : les helpers
Tools/AgentTeams/lib/*.sh(cost-estimator,ralph-teams-adapter,compatibility-check,cost-dashboard,result-aggregator) sont désormais installés automatiquement dans le projet utilisateur avec le namespace de commandes Team (installeur npx +make install-common). Auparavant présents dans le repo/package npm mais jamais copiés → les commandes/team:*affichaient « scripts MISSING » (perte du dashboard coût et de--ralph-mode). NouveauTools/AgentTeams/install-agentteams.sh(install/--check/--uninstall) + ciblemake install-agentteams TARGET=.. Prérequis/team:*annotés en dégradation gracieuse (5 langues). Doc : section Installation dansAGENT-TEAMS-GUIDE.md. - Helper de soumission awesome-claude-code :
scripts/awesome-claude-code-submit.mjs(npm run community:awesome) — prépare la recommandation de ressource vershesreallyhim/awesome-claude-codesans jamais la soumettre (leur dépôt bannit les soumissions automatisées pargh/API). Il source les métadonnées (package.json/marketplace.json), calcule l'ID de ressource compatible amont (tool-<sha256(nom+url)[:8]>), valide le lien GitHub (HTTP 200) et l'existence npm (registry), détecte les doublons dans le CSV amont, puis imprime les valeurs du formulaire + une URL d'Issue GitHub pré-remplie (relecture + clic humain). Option--writepour régénérer la fiche de prépa locale.
Fixed
- Gate validator
set -e+((var++)): sousset -euo pipefail,((var++))renvoie un exit code 1 quand le compteur vaut 0 (post-incrément évalué à l'ancienne valeur), ce qui avortait le script après le 1er check — cassant toutes les commandes/gate:*(remonté sur le projet Wrandly), le hook quality-gate, le routing engine, le batch executor et 2 scripts d'install. Remplacement des 68((var++))/((var--))nus parvar=$((var + 1))sur les 6 fichiers concernés (bouclesfor ((i++))préservées). Tests de non-régression ajoutés (make test-bmad: comportemental + garde statique anti-réintroduction). - Manifest du plugin :
plugin.jsonetmarketplace.jsonrendus strictement conformes au schéma Claude Code (claude plugin validate .: 0 erreur, 0 warning, requis pour la soumission au marketplace).repositorypassé d'objet à string (URL) ; champs réservéscommands/agents/skills(porteurs de métadonnées custom) retirés (contenu auto-découvert depuis les dossiers) ; champs non reconnus retirés (compatibility,capabilities,stacks,languages,categories,installation,features,marketplace,security,metadata.homepage). Le test de cohérence registre↔manifest vérifie désormais leskeywords.
Docs
- Marketplace :
marketplace.jsonaligné sur la version courante (8.13.0). - Helm 4 : note de migration 3→4 ajoutée aux agents devops (5 langues) — major (server-side apply, plugins WASM, API v4), Helm 3 EOL sécurité nov. 2026.
- Python JIT : mentions du JIT (PEP 744) reformulées en avertissement neutre (expérimental, désactivé par défaut, sujet à réévaluation du Steering Council — ne pas en dépendre en production), 5 langues.
- Mémoire persistante inter-sessions : section ajoutée à
ECOSYSTEM.md(natif/memory+ hooks PreCompact/PostCompact ; tiers claude-mem à auditer/pinner).
[8.12.0] - 2026-06-12
Audit exhaustif multi-domaines (sécurité, ergonomie/DX, concurrentiel, fonctionnalités, fiabilité, optimisation tokens/modèles, documentation, architecture) mené par une équipe d'agents avec devil's advocates, validation Context7/web et vérification de fraîcheur des 14 stacks. 80 findings confirmés (2 P0, 22 P1, 34 P2, 22 P3) ; tous les P0/P1/P2 actionnables corrigés. Rapport : audit/2026-06-12/00-AUDIT-REPORT.md.
Security
- FrankenPHP 1.12.1 → 1.12.4 (CVE-2026-45062, CVSS 8.1 — découpage de chemin CGI via unicode permettant l'exécution de fichiers non-
.php). Propagé dansconfig/versions.yaml,.claude/CLAUDE.mdet les agents devops. - Docker 29.5.2 → 29.5.3 (CVE-2026-33997 — élévation de privilège à l'installation de plugin).
- Hook de sécurité (règle 11) : l'exemple distribué utilisait
exit 1(non bloquant dans Claude Code) au lieu deexit 2, etechoau lieu deprintf '%s'— corrigé dans les 5 langues, l'exemple n'enseigne plus un anti-pattern silencieusement permissif. - Kanban — CSRF guard :
new URL(referer)non protégé provoquait un 500 sur en-têteReferermalformé (DoS par requête unique) →try/catchretournant 403 (cli/kanban/server/middleware/security.js). - Kanban — en-têtes HTTP :
Cross-Origin-Embedder-Policy: require-corpetX-Frame-Options: DENYactivés (secureHeaders). - CI supply chain : image
bats/bats:latestépinglée par digest sha256 ; installation Vale vérifiée parsha256sum -c;contents: writedesbom.ymlrestreint au seul job de release ;PERSONAL_ACCESS_TOKENsuperflu retiré du workflow CLA.
Fixed
- Total de commandes installables :
docs/COMMANDS.mdétait figé à 185 commandes / 26 namespaces alors que la référence auto-générée en compte 219 sur 27 (le namespace/paperclip:*distribué n'était pas comptabilisé). Aligné surCOMMANDS-FULL-REFERENCE.md. - Templates
settings.jsondistribués : IDs de modèles inexistants (claude-sonnet-4-5,claude-opus-4-6) →claude-sonnet-4-6/claude-opus-4-8; ajout deCLAUDE_CODE_FORK_SUBAGENT: "1"(économie de tokens auparavant non distribuée) dans les 5 langues. doctor.js: version Claude Code recommandée codée en dur à2.1.118(50 releases de retard) → lecture dynamique deconfig/versions.yaml(recommended= 2.1.168).- Détection de projet :
Cargo.tomln'est plus faussement associé à « Rust (Paperclip) » (Paperclip est Node.js/TypeScript). - Kanban — robustesse :
.bmad/sprint-status.yamlsyntaxiquement invalide renvoie un 503 maîtrisé au lieu d'un 500 ; couverture des branches desprint-cache.jsportée de 75,75 % à 87,87 %. États vides des colonnes du board dotés d'un indice contextuel. - CI : matrice Node
20/22→22/24(Node 20 EOL avril 2026),engines.node >=22; correction de la colonneawkdu rapport de parité i18n.package-lock.jsonresynchronisé (était figé à 8.9.0). - Références de versions périmées purgées de la documentation (5 langues) :
2.1.154/2.1.159→2.1.168,claude-opus-4.6→claude-opus-4-8, badges websitev8.8.2→ version courante. Denylistverify-versionsétendue pour empêcher toute régression ; périmètreSHOWCASE_FILESélargi (guides, PREREQUISITES, LandingPage, templates).
Changed
- Bumps de fraîcheur : React Native 0.85 → 0.86, Coolify 4.1.1 → 4.1.2, OpenTofu 1.12.0 → 1.12.1, Helm 3.18 → 4.2.0 (major — note de migration ajoutée, v3 EOL nov. 2026), Paperclip 2026.529.0 → 2026.609.0, Node infra
20.x→22.x (24.x LTS recommandé). - Best practices des stacks rafraîchies (distribution + dogfood) : PHPStan niveau 10, Pest ^4.7, Rector ^2.4, Python 3.14.6 (+ notes Ruff 0.15/pytest 9, prudence JIT PEP 744), ESLint v10 flat config (suppression de
--ext), RNGH 3.0 (breaking), Vite 8 (manualChunksdéprécié), Vue Router 5 file-based routing, Angular 22 (@Service,injectAsync(), Angular Aria), Flutter SwiftPM/AGP 9, EF Core 10.0.9. - Distribution token/modèles :
setup-rtk(de/pt) etuiux:generate-design-md(5 langues, auparavant absent de la couche distribuée) resynchronisés depuis le dogfood.
[8.11.0] - 2026-06-12
Added
- Kanban — lecture des stories BMAD v6 : le tableau Kanban ingère désormais les stories déclarées dans
.bmad/sprint-status.yaml(pisteteam:/qa:, single-writer), en plus des fichiers markdownbacklog/user-stories/US-*.md(pisteworkflow:). Les projets initialisés BMAD v6 affichaient un board vide et « no sprint » alors que leursprint-status.yamlétait complet — c'est corrigé. Les stories issues de la YAML sont exposées en lecture seule (_source: 'sprint-status',_writable: false) ; sur collision d'identifiant, le fichier markdown l'emporte (pas de double source de vérité).
Fixed
- Board Kanban vide sur projet BMAD v6 :
PATCH /api/stories/:id/statussur une story gérée parsprint-status.yamlrenvoie un409 read_only_sourceexplicite (au lieu d'un404trompeur) ; le client désactive le drag et affiche un cadenas sur ces cartes.SprintStatusSchema.metadataaccepte désormais le champepic(auparavant supprimé par Zod), pour que les stories synthétiques héritent de l'épic du sprint.
[8.10.2] - 2026-06-11
Fixed
- Interface web Kanban : le package npm publié n'embarquait pas le client Svelte compilé (
cli/kanban/client/dist/est gitignored et n'était jamais buildé en CI), si bien quenpx @the-bearded-bear/claude-craft kanbanaffichait « client not built » pour tous les utilisateurs. La CI de publication lance désormaisnpm run kanban:buildavantnpm publish, et un garde-fou fait échouer la release sicli/kanban/client/distest absent du tarball.
[8.10.1] - 2026-06-11
Fixed
- Migration des références de domaine email/web vers
the-bearded-bear.com(unification des variantesthebeardedcto.cometthebearded-cto.comdans plugin/marketplace, README, PRIVACY, CHARTER, SECURITY, CONTRIBUTING, CODE_OF_CONDUCT et les politiques de conformité). - Normalisation des URLs GitHub obsolètes (
the-bearded-cto,thebeardedcto,TheBeardedCTO) versgithub.com/TheBeardedBearSAS/claude-craft. - Correction du
CODEOWNERScassé (@thebearded-ctoinexistant) vers le mainteneur@flavien-metivier.
[8.10.0] - 2026-06-09
Passage à un projet 100 % open-source MIT (suppression de toute la structure de licence commerciale/enterprise) + lot d'audit de fraîcheur 2026-06-08. MINOR release. Backwards compatible.
Audit de fraîcheur exhaustif 2026-06-08 (workflow multi-agents 36 agents + vérification adversariale par devil's advocates ; 169 constats retenus sur 172). Mise à jour des technologies, de la compatibilité Claude Code et des bonnes pratiques. Backwards compatible.
Added
- Source unique de versions :
config/versions.yaml+ scriptscripts/verify-versions.mjs(npm run lint:versions) branché en CI — détecte toute dérive entrecli/lib/tech-registry.js,.claude/CLAUDE.mdetREADME.md(cause-racine des incohérences de versions). .claude-plugin/marketplace.json: manifeste de marketplace (permet/plugin marketplace add TheBeardedBearSAS/claude-craft).- Paperclip ajouté au registre CLI (
tech-registry.js) comme stack installable (--tech=paperclip) + 5 commandes communes distribuées (pack-repo,search,aliases,audit-freshness,init) viaDev/i18n/base/Common/commands/. fallbackModel(Claude Code 2.1.166) documenté + exemple danssettings.local.json.example(repli opus → sonnet → haiku pour les agents critiques) et rule 12.
Changed
- Versions des stacks harmonisées sur 3 sources : Angular 22 (Signal Forms stables, OnPush/Fetch par défaut, TypeScript 6), Symfony 8.1 / PHP 8.4+, Laravel PHP 8.3+, Flutter 3.44/Dart 3.12 (résiduels 3.41/3.11 nettoyés), Paperclip 2026.529.0, Docker 29.5.2, Coolify v4.1.1, FrankenPHP 1.12 (CVE-2026-24894/24895), PgBouncer CVE-2026-6664/6665/6666/6667.
- Bonnes pratiques par stack (références + agents + i18n 5 langues) : C# (MediatR/AutoMapper commercial + alternatives OSS, Testcontainers 4, Argon2id), React (Compiler/Vite 8, Activity, useEffectEvent, ref-as-prop), React Native (Reanimated 4, React Native DevTools, gcTime, FlashList, breaking 0.85), Vue (Pinia 3/Router 5/Vite 8), Python (Ruff, mypy 2, uv, free-threading, t-strings), PHP (PHPStan 10, features 8.5).
- Sécurité OWASP Top 10:2025 propagée aux 5 langues + base (SSRF dans #1, Supply Chain #6, Exceptional Conditions #7 ; Argon2id, JWT EdDSA/DPoP, headers COOP/COEP/CORP, SLSA/SBOM/Sigstore).
- Claude Code compat :
COMPATIBILITY.mdétendu à 2.1.168 (recommandée), breakingworkflow→ultracode(2.1.160),fallbackModel,MessageDisplay,/reload-skillsdocumentés.
Security
- GitHub Actions SHA-pinnées :
codeql-action,aquasecurity/trivy-action(ex-@master),actions/cacheépinglées à un commit SHA. - Gate CI étendu aux modifications de contenu (
.claude/**,Dev/i18n/**,config/**) — les tests de contenu se déclenchent désormais sur les PR de contenu. - Hook
rmdurci (settings.json) : couvre-fr,--recursive --forceet les flags longs (l'ancien pattern ne bloquait que-rfgroupé). - Hooks des templates distribués corrigés : lecture du JSON depuis stdin via
jq(étaient non fonctionnels —echo '$TOOL_INPUT'). X-XSS-Protection(header déprécié) retiré des recommandations (remplacé par CSP Level 3) dans toutes les références et templates de sécurité.- Scope ShellCheck étendu à
.bmad/etProject/(set -euo pipefailajouté àinstall-project-commands.sh). install --from=<url>: cap de 50 KB sur le body distant (Content-Length + lecture) pour durcir contre un endpoint malveillant (+ 2 tests).- Job CI
content-validationdédié (tests de contenu.claude/comme check de PR distinct) ;mutation.ymlfiabilisé viascripts/stryker-score.mjs(ESM, gestion d'erreur explicite).
Enrichissements P2 (best-practices par stack)
- C# (file-based apps, EF Core 10, Native AOT, JWT EdDSA), React (ViewTransition, cacheSignal, Performance Tracks), React Native (Expo SDK 56, jest-preset, DevTools 0.85), Python (typing PEP 695, FastAPI 0.136/Pydantic 2.13), PHP (features/dépréciations 8.5, PHPStan 10), Symfony (8.1 features, json-streamer DI), Laravel (Pest 4 Browser), Flutter (DCM), Angular (OnPush/Fetch défaut), Vue (Vitest Browser Mode). Cascade i18n 5 langues. ROADMAP v9.0 (items concurrentiels).
Removed
- Toute la structure de licence commerciale/enterprise : Claude Craft est désormais 100 % open-source MIT, sans aucune édition payante. Supprimés :
LICENSE-COMMERCIAL.md,LICENSE-ENTERPRISE.md,docs/dual-license/(dual licensing + SLA template),docs/enterprise/(pricing, features, open-core architecture).CHARTER.mdréécrite (fin du modèle open-core, plus de produitclaude-craft-enterprisepropriétaire). README purgé des offres payantes (Pro support tier, enterprise adopters, training/consulting monétisés). QA Recette repassé entièrement MIT (extension Chrome, backend et SDK ; suppression de l'EULA propriétaire, du SaaS propriétaire, du license gate Stripe et des tiers payants)..npmignorenettoyé en conséquence.
Rapport d'audit complet (local, non versionné) :
docs/audit/2026-06-08-comprehensive/.
[8.9.0] - 2026-06-02
Intégration curatoriale de l'écosystème d'outils tiers Claude Code (optimisation de tokens, gestion de contexte, code review). MINOR release. Backwards compatible. Aucun code tiers n'est embarqué : les outils sont documentés, recommandés et accompagnés de leurs recettes d'activation et de leurs contraintes de licence.
Added
- Catalogue
docs/ECOSYSTEM.md: évaluation de 9 dépôts + 1 roundup (camilleroux.com 2026) avec recommandation INTÉGRER / RÉFÉRENCER / IGNORER, licences, type (skill/MCP/CLI/CLAUDE.md) et recettes d'activation. Retenus (MIT) : caveman (compression output ~65 %), code-review-graph (graphe AST, lecture du blast radius), token-savior (index symbolique + compaction Bash, alternative RTK), claude-token-efficient (CLAUDE.md anti-verbosité). Référencés avec disclaimer de licence : context-mode (ELv2), token-optimizer/alexgreensh (PolyForm Noncommercial), claude-context/zilliztech (MIT mais dépendance Milvus/Zilliz). Écartés : claude-token-optimizer/nadimtuhin, token-optimizer-mcp/ooples. docs/MCP.md— section « Token-Optimization MCP Servers » : configuration.mcp.jsonprête à l'emploi pourcode-review-graphettoken-savior, avec rappel d'audit/pinning (lien vers la section Security).- Skill
ecosystem-tools: skill commun (.claude/skills/+ distributionDev/i18n/base/Common/skills/) pointant vers le catalogue, déclenché lors du choix d'un outil tiers token/contexte/review. - Règle 12 (
context-management) — section « Outils tiers de l'écosystème » : mini-tableau + pointeur versdocs/ECOSYSTEM.md, distribué dans les 5 langues (.claude/rules/+Dev/i18n/{en,fr,es,de,pt}). - Liens de découverte :
README.md,.claude/CLAUDE.md(table Documentation) etdocs/RTK-ANALYSIS.md(« Voir aussi ») pointent désormais vers le catalogue.
[8.8.2] - 2026-06-02
Résorption complète de la dette de traduction i18n résiduelle de l'audit 2026-06-01. PATCH release. Backwards compatible.
Changed
- Dette de traduction i18n résorbée (101 → 0) : les 101 fichiers qui restaient sous le seuil de parité de taille 0.80 sont désormais traduits intégralement depuis la référence
Dev/i18n/en/<...>(frontmatter conservé, accents/caractères natifs respectés). Répartition : pt (48), de (23), es (21), fr (9), couvrant commandes, règles, agents (Dev/i18n+Project/i18n) et guides utilisateur (docs/guides). Le portugais, le plus dégradé (ratios ~0.10 sur les commandes Flutter), est entièrement reconstitué. - Parité de taille i18n désormais bloquante : la dette historique étant résorbée,
scripts/verify-i18n-parity.shbascule ses défauts en mode strict (STRICT_SIZE=1,I18N_PARITY_STRICT=1). Le job CIparitybloque maintenant sur le count et la taille (< 0.80) ; tout nouveau fichier sous-traduit est traité comme une régression. Documentation mise à jour dans.claude/rules/16-i18n.md.
[8.8.1] - 2026-06-02
Clôture des items P2 différés de l'audit 2026-06-01 + complétion de la distribution i18n. PATCH release. Backwards compatible.
Fixed
- Reliability —
sprint-cache: la branche de propagation d'erreur non-ENOENT (throw err) est désormais couverte par un test (lecture d'un répertoire →EISDIR). - Reliability —
file-watcher: remplacement dessleep+ assertion parvi.waitForsur les assertions positives (élimine la flakiness sur les runners CI partagés). - Build — générateur de références :
scanI18nCommandsprend désormais en charge le layout plat<root>/commands/*.md(casProject/i18n/en/commands/), ajoutant le namespace/project:àCOMMANDS-FULL-REFERENCE.md(185 → 219 commandes recensées).
Security
- Kanban — headers HTTP : ajout du middleware Hono
secureHeaders()(X-Content-Type-Options, X-Frame-Options, Cross-Origin-Opener-Policy, Referrer-Policy) sur toutes les réponses du serveur Kanban local. - Ralph —
--story/yq: validation du charset de l'identifiant de story + passage deSTORY_IDviayq env()au lieu d'une interpolation shell (prévention d'injection dans la requête yq). SECURITY.md: table des versions supportées rafraîchie (8.8.x / 8.7.x) et version minimale de Claude Code recommandée portée à 2.1.159+.
Added
- Distribution i18n des agents : les 8 agents transverses (
security-auditor,data-analyst,chaos-engineer,cost-optimizer,devex-engineer,migration-specialist,mlops-engineer,observability-engineer) — déjà comptés dans les 70 agents documentés mais absents deDev/i18n/— sont désormais livrés dans les 5 langues (en, fr, es, de, pt), rétablissant la parité de distribution.
Changed
- Dette de traduction i18n : complétion de traductions partielles (fichiers
translation_status: pendinget fichiers sous le seuil de parité de taille) dans es, de, fr, pt.
[8.8.0] - 2026-06-01
Audit adversarial 2026-06-01 (équipe multi-agents + devil's advocates, validation Context7/web) — 65 findings confirmés (5 P0, 32 P1, 28 P2). MINOR release. Backwards compatible. Détails : audit/2026-06-01/.
Security
- P0 — Hook
security-block.jsoninerte corrigé : le template utilisaitecho '$TOOL_INPUT'(quotes simples empêchant l'expansion) + structure plate +exit 1. Réécrit sur le modèle deblock-dangerous-commands.json: lecture stdin viajq, structurehooks:[{type:command}],exit 2(code bloquant). - P1 — SSRF dans
--from(cli/lib/install-from-url.js) :validateUrln'imposait que le schéma https → une URL/redirect vershttps://169.254.169.254(métadonnées cloud) passait. GardeisBlockedHost(IP privées/loopback/link-local/métadonnées) + redirects enmanualre-validés à chaque hop. 11 tests. - P1 — Injection de commande Ralph (CWE-78) :
$CLAUDE_COMMAND/$cmdnon quotés dansTools/Ralph/lib/loop.shetcontext-manager.sh→ tableau bash (read -ra+"${cmd[@]}"). - P1 — Install skill communautaire (
cli/lib/skill.js) :--no-auditretiré (scan CVE) ; install dans un dossier temporaire isolé + nettoyage (plus de pollution dunode_modulesdu projet) ; avertissement explicite. - P1 — RTK installer (
Tools/RTK/install-rtk.sh) : SHA256 périmé + URL sur branche mutablemaster→ URL pinnée sur un commit immuable + SHA recalculé/vérifié.
Changed — versions des stacks (juin 2026)
- Angular 20 → 21 (latest stable LTS, 22 en RC, zoneless par défaut) ; Symfony 8.0 → 8.1 (+ HTTP-less apps) ; Claude Code recommandé 2.1.154 → 2.1.159 ; Opus 4.7 → 4.8 (
/effort,/model) ; K8s 1.35.3 → 1.36.1 ; PgBouncer 1.25.1 → 1.25.2 (CVE-2026-6664/6667). - Cohérence interne des références profondes : Flutter (3.41/3.38/3.16 → 3.44, Dart → 3.12) ; Laravel (Pest ^3→^4, Rector ^1→^2.4,
php:8.3→8.5, Laravel ^12→13) ; Vue (Vitest ^2→^4) ; PHP (8.4→8.5, PHPUnit 11→12). - Exemples de code : C# CI dotnet 9→10 + Swashbuckle déprécié → Scalar/OpenAPI natif ; React
react-query→@tanstack/react-query; Python ruffpy312→py314,@validator→@field_validator(Pydantic v2). - Docs/formations : ~116 mentions de version mises à jour dans 36 fichiers de
docs/training/etdocs/guides/.
Changed — optimisation tokens/modèles
- Propagation de l'optimisation à la distribution
Dev/i18n/(5 langues) : les 23 agents distribués aux utilisateurs n'avaient aucuneffortet des modèles coûteux (opus/sonnet). Alignés sur la config canonique.claude/agents(reviewers →haiku, design/impl →sonnet, critiques →opus;effort+maxTurnsajoutés). L'optimisation existait en dogfood mais ne parvenait pas aux utilisateurs. testing-flutterettesting-reactnativepassés encontext: fork(17 skills lourds au total).
Accessibility — Kanban UI (Svelte)
- 15 corrections WCAG 2.2 AA : tokens de contraste (AA/AAA),
role=progressbar,<dialog>natif avec piège de focus, headings de colonnes, alternative textuelle du burndown, badgesaria-label,<main>imbriqué supprimé, double<h1>corrigé,:focus-visible, aide clavier visible. Token--badge-fginversé clair/sombre.
Fixed — fiabilité & exactitude
- CI mutation (
mutation.yml) : clé.mutationScoreinexistante (Stryker v9) → calcul depuis les statuts des mutants ; « Nightly » → « Weekly » (cron hebdomadaire) ; seuil branches 84 → 85. - Endpoint SSE
/api/eventsdésormais couvert (2 tests). - Comptes corrigés :
plugin.json(211→125 commandes, 26→15 namespaces, 72→70 agents, 2.1.159),SKILLS.md(50→48),MOOC-CURRICULUM.md(67→70 agents), formations,getting-started(211→125).
Tests
- 956 tests verts (vs 937) — +19 (SSRF, SSE,
isBlockedHost). ESLint / Prettier / ShellCheck / parité i18n : verts.
[8.7.1] - 2026-05-20
Audit 2026-05-18 comprehensive — Phase 5 (P1 reliability + sécurité défense en profondeur). PATCH release. Backwards compatible.
Added
- Rollback automatique sur échec partiel d'update (CC-REL-14) :
cli/lib/update.jssnapshote.claude/avant les scripts (viafs.cpSync), restaure depuis le snapshot si une étape échoue, nettoie le snapshot en cas de succès. Activé par défaut. Opt-out via--no-rollback(utile en CI/checkout frais). 3 nouveaux tests danstests/cli/update.test.mjs.
Changed
runDoctor()valide letargetPathviaassertSafeTarget(CC-REL-05) : cohérence défense en profondeur —runUpdatevalidait déjà,runDoctorne validait pas. Refuse maintenant/,/etc,/usr, etc. 1 nouveau test danstests/cli/doctor.test.mjs.
Tests
- 937 tests Vitest verts (+7 vs v8.7.0)
- +3 rollback (CC-REL-14 : restore on partial failure, drop snapshot on success, --no-rollback opt-out)
- +1 doctor refuses system directories (CC-REL-05)
- +3 frontmatter edge cases (CC-REL-04 : parseString('') et stringify() sans args / null args — couvre les branches
?? {}et?? '')
i18n (P0 #26 — itération 2)
- 40 fichiers BLOCKING marqués
translation_status: pending(de=14, es=25, fr=1) avec encart visible> ⚠️ Translation incomplete.en tête. - Count stable à 141 fichiers sous seuil 0.80 (le marquage documente l'incomplétude pour contributeurs, sans changer le ratio). Tous les fichiers traités sont BLOCKING avec source EN > 300 lignes (hors scope traduction complète automatique).
- Cumul Phases 4+5 : 27 traductions complètes + 40 marquages pending sur 168 fichiers initiaux.
[8.7.0] - 2026-05-19
Audit 2026-05-18 comprehensive — Phase 4 (P1/M effort cleanup parallèle). MINOR release. Backwards compatible.
Added
fast-check@4.8.0devDependency + 3 fichiers property-based tests (CC-REL-18) :tests/property/path-safety.property.test.mjs(5 properties),tests/property/sprint-cache.property.test.mjs(4 properties),tests/property/detect-project.property.test.mjs(2 properties). 12 nouveaux tests, 0 régression. Première propriété a révélé un invariant implicite surassertSafeTarget('/')(intentionnel).install --auto(CC-STRAT-08) : zero-prompt installer. Auto-détecte stack viadetectProject, locale viaLANG/LC_ALL, applique defaults sensibles. Réduit le TTFV de 47 min (interactif) à < 2 min. Implémenté danscli/lib/installer.js::autoInstall()+ 7 tests danstests/cli/installer-auto.test.mjs.install --from=<url>(CC-FEAT-16) : sync de config team depuis un endpoint JSON. Schéma v1 minimal (language,technologies[],includeInfra/Project/Rtk). Validation stricte URL (https obligatoire sauf localhost), schéma versionné, fetch injectable pour tests. Nouveau modulecli/lib/install-from-url.js+ 15 tests danstests/cli/install-from-url.test.mjs.skill add|list|remove(CC-FEAT-15) : MVP marketplace community skills via npm. Conventionclaude-craft-skill-*(scoped OK), copieSKILL.md+skills/*.mdvers.claude/skills/community/<name>/. Pas de registry centralisé (trust = npm trust, pin versions recommandé). Nouveau modulecli/lib/skill.js+ 19 tests danstests/cli/skill.test.mjs.- Coverage tests
cli/index.js(CC-REL-03) : 23 nouveaux tests danstests/cli/index.test.mjscouvrant tous les cases du switch (install/check/list/doctor/update/ralph/kanban/help/--help/-h/default), les sous-commandesskill, et les branchesinstall --auto/--from/non-interactif/interactif. Branchescli/index.jspassent de 65.85% → 96.77% (cible 85% largement dépassée), global CLI 85.45% → 87.87%. 2 branches non couvrables documentées (case '--help'dead code,.catch()dansisDirectRun).
Changed
cli/lib/help.js: 3 nouvelles commandes documentées (install --auto,install --from,skill add|list|remove), 3 nouveaux flags (--auto,--from=URL,--target=PATH), 3 nouveaux examples.cli/index.js: nouveau caseskill(sous-commandes add/list/remove avec parsing positionnel), nouveaux branchementsinstall --frometinstall --autoen tête du switch install. Imports élargis sans casser l'API existante.
Tests
- 930 tests Vitest verts (+76 vs Phase 3 / v8.6.0)
- +12 property-based (fast-check)
- +7 autoInstall
- +15 install-from-url
- +19 skill (validate + add + list + remove)
- +23 cli/index.js coverage (CC-REL-03 : 65.85% → 96.77% branches sur
cli/index.js, global 87.87%)
npm run lint: 0 erreurs ESLint surcli/.npm run lint:includes: 652 fichiers scannés, 0 @-include cassé.npm run docs:check: AGENTS-FULL-REFERENCE et COMMANDS-FULL-REFERENCE up-to-date.
Volontairement exclu (à arbitrer / backlog v8.8)
- ARCH-08
commandermigration : risque CLI breaking → design doc requise - CC-REL-14 rollback
update.js: opération destructive → design doc requise - P0 #22 telemetry RGPD : hors auto (consentement utilisateur + 5 sprints)
- P0 #28 KPI baselines : décision produit
- D-1..D-7 décisions stratégiques : input user requis
[8.6.0] - 2026-05-19
Audit 2026-05-18 comprehensive — Phase 3 (P1 cleanup parallèle multi-vagues). MINOR release. Backwards compatible.
Added
tsconfig.jsonracine (ARCH-04) : filet de sécurité TypeScript viacheckJs: true/allowJs: true/noEmit: true. Aucune migration code, juste le filet pour détection types futurs..claude/rules/16-i18n.md(CC-I18N-02) : règle i18n quick reference (50 L) pointant versverify-i18n-parity.sh,MULTI-IDE.md,ADDING-NEW-LOCALE.md. Corrige le lien fantôme historique.docs/guides/en/ADDING-NEW-LOCALE.md(CC-I18N-04) : guide checklist 5 étapes pour ajouter une nouvelle locale (~110 L).docs/internal/(CC-DOC-07) : nouveau répertoire pour les fichiers ops internes (WEEKLY_REPORT, CONTENT_DRAFT, USER_RESEARCH)..gitignoreet.npmignoremis à jour.tests/cli/detect-locale.test.mjs(CC-I18N-03) : 13 cas testant l'auto-détection de locale depuisLANG/LC_ALL.tests/cli/banner.test.mjsétendu (CC-A11Y-08) : test NO_COLOR pour fallback plain-text.- Tests frontmatter étendus (CC-REL-04) : 4 nouveaux cas dans
tests/kanban/frontmatter-errors.test.mjs(types invalides, ENOENT, parseString sans frontmatter). - Matrice Surfaces × Hooks (CC-MIDE-04) : nouvelle section dans
.claude/COMPATIBILITY.md(CLI vs VS Code Ext vs Desktop vs Web vs JetBrains). - Matrice Skill × Surface (CC-MIDE-05) : portabilité skills documentée dans
docs/guides/MULTI-IDE.md. - Section "Use Without Claude Code" (CC-MIDE-03) : tableau bundles AI (ChatGPT/Claude.ai/Gemini-Cursor/Codex) dans README.
- Badge Stryker mutation (CC-STRAT-12) : badge dans README.
- CTA Calendly (CC-STRAT-10) : lien
https://calendly.com/the-bearded-ctodans README. - CSV i18n-gap (CC-I18N-07) :
audit/phases/i18n-gap.csvgénéré automatiquement parverify-i18n-parity.sh. - 6 skills
disable-model-invocation: true(CC-FEAT-04) :architect,debug-methodical,atomic-tasks,socratic-brainstorm,design-md-convention,parallel-worktrees. - Hook PostCompact documenté (TKN-009) : section dans
setup-rtk.md. - TurboModules pattern (FE-RN-02) :
native-module.mdrefactoré (NativeModules legacy → TurboModuleRegistry + Codegen). - Migration $app/stores → $app/state (FE-S-02) : documentée dans
references/svelte/CLAUDE.md. - Dependabot enrichi (F-08) : ecosystem
dockerajouté.
Changed
CLAUDE_CODE_FORK_SUBAGENT=1(TKN-005) : ajouté dans.claude/settings.jsonenv.RECOMMENDED_CLAUDE_CODE(CC-DX-07) :2.1.117→2.1.118danscli/lib/doctor.js.- Help namespaces (CC-DX-06) : 7 namespaces infra ajoutés dans
cli/lib/help.js(kubernetes,ansible,hcloud,pgbouncer,frankenphp,opentofu, etc.). getting-started.md(CC-DX-05) : "211 commands" → "200+ commands" (3 occurrences).cli/lib/banner.js(CC-A11Y-08) : fallback plain-text"Claude Craft v${VERSION}"si!colorEnabled(a11y screen readers).docs/SECURITY.md(CC-DOC-05) : transformé en page-pointeur vers/SECURITY.mdracine (source de vérité unique).- CONTRIBUTING.md (ARCH-07) : section "Naming Conventions" ajoutée.
- README (ARCH-09) : mention "Platform: Linux/macOS, Windows untested".
package.jsonengines :"os": ["linux", "darwin"]ajouté.docker-compose.test.yml(CC-REL-19) :install-scripts.batsetpath-safety.batsajoutés à la commande bats.i18n-parity.yml(CC-I18N-06) :website/**ajouté aux paths trigger.verify-i18n-parity.sh(CC-I18N-07) : seuil bloquant configurable (I18N_PARITY_STRICT,BLOCK_SIZE_BYTES,BLOCK_RATIO).installer.js(CC-I18N-03) : fonctiondetectLocale()lisantLC_ALL/LANGpour pré-sélectionner la locale du wizard.vapor-mode.md(CC-STRAT-07) : déjà complet Phase 1 — confirmé exhaustif (Vapor + Alien Signals + script setup vapor).- Python 3.14 features (CC-STRAT-06) : déjà complet Phase 2 — confirmé exhaustif (free-threading + JIT + t-strings + PEP 649 + concurrent.interpreters).
- Push Notifications (CC-FEAT-03) : statut
Planned→AdopteddansCOMPATIBILITY.md. DISABLE_AUTO_MEMORY(CC-DOC-08) : variable d'env documentée dans section 2.1.118 deCOMPATIBILITY.md.- Snapshot CLI --help : régénéré pour refléter fallback plain-text NO_COLOR.
Fixed
- URL Pest 4 (BE-07) : remplacée dans 4 fichiers Laravel (
CLAUDE.md,testing.md,laravel13-features.md,agents/laravel-reviewer.md) —pestphp.com/docs/pest-v4-is-here-now-with-browser-testing. - Rust Dockerfile (BE-23) :
FROM rust:1.85-alpine→FROM rust:1.95-alpinedansrust/rules/03-security.md(2 occurrences). - Dart version (FE-F-06) :
Dart 3.10+→Dart 3.11+dansflutter/wasm.md. dart:js_utildeprecation warning (FE-F-07) : ajouté dansflutter/wasm.md.- Svelte hors-scope (FE-S-01) : marqué
_(community)_+ disclaimer dans.claude/CLAUDE.md. - 7 fichiers ops (CC-DOC-07) : déplacés de la racine vers
docs/internal/(préservation de l'historique). - Tests doctor 2.1.118 : helper
allToolsExecaligné sur la nouvelle baseline recommandée.
Validation
- ✅ 854 tests Vitest verts (57 fichiers, +18 tests vs Phase 2)
- ✅ 648 fichiers scannés sans @-include cassé (
npm run lint:includes) - ✅
npm run lint(eslint cli/) OK - ✅ Version bump :
8.5.0 → 8.6.0danspackage.json,.claude-plugin/plugin.json,.claude/CLAUDE.md,.claude/COMPATIBILITY.md
Notes
- Volontairement exclu (Phase 4 ou backlog v8.7) : D-1 à D-7 décisions stratégiques, ST-08 telemetry Posthog (RGPD), ST-09 TypeScript full migration, ARCH-08 commander migration, CC-REL-14 rollback, CC-REL-18 fast-check property tests, CC-FEAT-15/16 marketplace+cloud sync, CC-STRAT-08 wizard
--quickmode, CC-REL-03 cli/index.js branches 65→85%, P0 #22/26/28 (telemetry RGPD + i18n 164 fichiers + KPI baselines).
[8.5.0] - 2026-05-18
Audit 2026-05-18 comprehensive — Phase 2 (token optimization + a11y + supply chain + features). MINOR release. Backwards compatible.
Added
- AGENTS.md template (ST-06 / CC-FEAT-11) : nouveau template
.claude/templates/AGENTS.md.templatecopié automatiquement à la racine du projet cible lors denpx install(idempotent — n'écrase pas un AGENTS.md existant). - MCP templates avec
toolSearchEnabled: true(ST-07) :.claude/templates/mcp/{with-tool-search,context7-with-tool-search,github-with-tool-search}.json+ section dédiée dansdocs/MCP.md. - Hooks templates (CC-FEAT-21) :
.claude/templates/hooks/stop-hook.jsonetuser-prompt-submit.json+ entrées README. - Script tracking adoption (ST-05) :
scripts/track-adoption-metrics.mjscollecte npm downloads (last-week) + GitHub stars dans.bmad/metrics/adoption-YYYY-MM-DD.json. Nouveau npm scriptmetrics:adoption. Tests Vitest (4 cas, mock fetch). - CodeQL SAST (F-04 / CC-REL-10) : nouveau job
codeqldansci.yml. - Trivy CVE scan (F-05) : nouveau job
trivydansci.yml(CRITICAL+HIGH, ignore-unfixed). - Smoke test post-publish (F-06) :
npx ... --versionaprèsnpm publish. - Bundles AI auto-gen (CC-FEAT-23) : step
bash scripts/export-multi-ide.shavant publish. - CONTRIBUTING.md (ARCH-07) : naming conventions PascalCase vs lowercase documentées.
- REFERENCE.md split (TKN-012) :
testing-symfony/REFERENCE.md(221 L),testing-python/REFERENCE.md(182 L),testing-react/REFERENCE.md(162 L) — mêmes patterns que async/multitenant/cqrs en Phase 1. - Dockerfile précompilé E2E (CC-REL-19) :
tests/e2e/tools/Dockerfileembarque bats-core + git en build-time (élimine flakiness apt-get/git-clone runtime). - Tests frontmatter errors (CC-REL-04) :
tests/kanban/frontmatter-errors.test.mjs(3 cas cheminok:false). - Skip links + dialog accessible (A11Y-04, A11Y-07) :
cli/kanban/client/src/components/PromptDialog.svelte(nouveau composant), skip links dansApp.svelte+LandingPage.vue.
Changed
- Reviewers → model: haiku + effort: low (TKN-006) : 11 agents reviewers passent de
sonnet/mediumàhaiku/low(read-only, 60% cost reduction). Testsagents.test.mjsetagents-optimization.test.mjsalignés. - Check commands → model: haiku (TKN-010) : 50 commandes
commands/*/check-*.mdpassent àhaiku. - Skills lourdes →
disable-model-invocation: true(TKN-011 / CC-FEAT-04) :async,multitenant,cqrs,event-driven,architecture-clean-dddne s'invoquent plus automatiquement (économise tokens contexte). - Output filter threshold (TKN-008) : 10 240 → 5 120 octets (compresse plus tôt les outputs Bash).
- Freshness backend (BE-01/02/03/04/05) : symfony-reviewer PHP 8.5+/PHPStan level max, symfony/CLAUDE.md PHP 8.5 stable + pipe/clone with/
#[\NoDiscard], laravel Pest 4.x, python coding-standards section Python 3.14 (free-threading, t-strings, PEP 649, concurrent.interpreters, JIT), csharpfieldkeyword. - Freshness frontend (FE-RN-03/04/05, FE-V-03/04/05) : RN placeholders substitués + Shared Animation Backend + @react-native/jest-preset, Vue 3.5 (useTemplateRef, useId, onWatcherCleanup), vuejs-reviewer Vapor beta.
- Freshness infra (INF-01/02/03) : alerte Ingress NGINX retiré 2026-03-24 → Gateway API v1.4+, Docker 29.4.0 → 29.4.3, Ansible 2.20.4 → 2.21.0, exemples PHP 8.2 → 8.4.
- a11y (A11Y-03/05/06) :
prefers-reduced-motionsur@keyframes pulse+ TerminalAnimation,html langsynchronisé au changement de langue, axe-core color-contrast scopé (.VPSwitch, .VPSidebar, button.copy) au lieu dedisableRules. - CI/CD (F-02/F-07/F-09) : SECURITY.md SLSA Build Level 1 (cohérence Phase 1), i18n-parity bypass corrigé (push main sans path filter), npm-publish Node 24 → Node 22 LTS aligné.
- Architecture (ARCH-05, ARCH-06) :
cli/kanban.jschargé endynamic import()(lazy-load),cli/flattener.jsdéplacé verscli/lib/flattener.js+ 4 imports mis à jour. - @-includes (TKN-013) :
getting-started.md:@.claude/references/react/→@.claude/references/react/CLAUDE.md.
Fixed
- flattener.js import path : import interne
./lib/colors.jscorrigé en./colors.jsaprès le déplacement verscli/lib/.
[8.4.0] - 2026-05-18
Audit 2026-05-18 comprehensive — Phase 1 (credibility). Targets the 20 Quick Wins and the highest-impact strategic chantiers (ST-01, ST-02, ST-03, ST-04). MINOR release because new public surfaces are added (references/paperclip/, references/reactnative/new-architecture.md, references/vuejs/vapor-mode.md, new lint:includes script, slim SKILL.md + new REFERENCE.md split for async / multitenant / cqrs). Backwards compatible.
Added (summary)
references/paperclip/(CLAUDE.md + project-context.md) — promesse marketing tenue.references/reactnative/new-architecture.md— JSI / TurboModules / Fabric.references/vuejs/vapor-mode.md— beta compiler, Alien Signals, limites.references/base/testing.md— pointeur stable (single source of truth dans skill).templates/hooks/post-compact.json— alignement claim COMPATIBILITY.md.scripts/verify-claude-includes.mjs+npm run lint:includes(CI step)..github/workflows/ci.yml— Vitest + lint + format + i18n + docs sync + @-include lint sur PR (matrix Node 20/22). Mutation testing blocking sur PR.tests/cli/colors.test.mjs— 31 tests couvrant FORCE_COLOR, NO_COLOR, non-TTY.- Skills
async,multitenant,cqrs: SKILL.md slim (78/65/69 lignes) + REFERENCE.md complet (491/402/317 lignes). Économie nette en mode auto-fork ≈ 1000 lignes.
Security
- References Python — JWT canonical pattern fixed (P0 #1).
references/python/security.mdno longer prescribes HS256 (symmetric HMAC) as the default — replaced with EdDSA (Ed25519) followingrules/11-security.mdand OWASP 2025 guidance. Short-lived tokens (15 min) by default. Migration ofpydantic_settingsSettingsto PEM key pair. - Hook template
block-dangerous-commands.jsonfixed (P0 #3). Previous patternecho '$TOOL_INPUT' | jq …was broken (single quotes prevent expansion;$TOOL_INPUTis not a shell env var — Claude Code passes hook input on stdin as JSON). Replaced withjq -r '.tool_input.command' < stdin, exit code 2 on match, message on stderr. disallowedToolsadded to 7 agents (P0 #2, QW-15). Baseline destructive- command deny list (rm -rf,dd,mkfs, fork bombs,curl | sh,sudo,chmod 777) onmigration-specialist,devops-engineer,mlops-engineer,ralph-conductor,refactoring-specialist,tdd-coach,uiux-orchestrator. Specific extras per agent (e.g.terraform destroy,kubectl delete,mlflow models delete).SECURITY.mdSLSA claim corrected (P0 #4). Previous wording over-claimed "SLSA L2 viaslsa-github-generator". Onlynpm publish --provenanceis wired today (SLSA L2 for the npm tarball). The standaloneslsa-github-generatorworkflow remains a future item..npmignoreexcludes DRAFT legal docs (QW-07). DRAFT commercial/enterprise license documents were excluded from the npm tarball. (Historical: these documents were removed entirely when the project became MIT-only — see theRemovedentry under[Unreleased].)
Fixed — Documentation freshness
- README versions sync (QW-02, QW-12). Tech matrix updated to Flutter 3.41 / Dart 3.11, Python 3.14, React 19.2 + Compiler 1.0, Angular 20 LTS, React Native 0.85 New Architecture, Vue 3.5+/3.6 Vapor, Laravel 13, Symfony 8 / PHP 8.4+, Docker 29.4.0, K8s 1.36.1, OpenTofu 1.12.0, Coolify v4.0.0 stable, PgBouncer 1.25.2, FrankenPHP 1.12.1. **Agents & commands counts corrected: 31 default
- 39 infra on-demand (not 72), 125 commands (not 211).**
.claude/CLAUDE.mdinfra line updated (QW-03, QW-04, QW-16). Coolify marked stable, PgBouncer 1.25.2 with CVE-2026-6664/6667 patched, K8s 1.36.1, OpenTofu 1.12.0.devops-engineer.mdaligned.- Flutter refs Flutter 3.41 / Dart 3.11 (QW-09, P0 #7). Bulk update across
references/flutter/{CLAUDE,coding-standards,project-context,tooling,wasm,mcp-integration,web-performance-2026}.mdandcommands/common/init.md— 27 occurrences corrected. - Python refs Python 3.14 (QW-10, P0 #10).
references/python/{quality-tools, coding-standards,tooling}.mdmypypython_version3.12 → 3.14, GitHub Actionssetup-python3.12 → 3.14. - Go 1.26 / Rust 1.95 (QW-17, P0 #11, #12).
references/go/CLAUDE.mdupdated to 1.26+ (range-over-func stable since 1.24, telemetry stable 1.25). Both stacks are explicitly community-maintained pointing to official docs.
Fixed — Compatibility (P0 #23, #24)
COMPATIBILITY.mdbumped to 2.1.118 recommended (QW-08). New section documents the 10 env vars introduced (CLAUDE_CODE_FORK_SUBAGENT,CLAUDE_CODE_SUBAGENT_MODEL,ENABLE_PROMPT_CACHING_1H,OTEL_LOG_*, …).context: forkstatus corrected (QW-19). From "N/A — évaluation en cours" to "Adopted — 15 heavy skills usecontext: fork".- Forked Subagents status corrected (QW-06). From "Planned" to "Adopted — activated via
/common:setup-rtk". setup-rtkrecipe updated. Recommends bothCLAUDE_CODE_SUBAGENT_MODEL=sonnetANDCLAUDE_CODE_FORK_SUBAGENT=1. Combined gain estimated 8-15K tokens per long session.- PostCompact hook template added (QW-20).
.claude/templates/hooks/post-compact.jsonwas claimed "Adopted" inCOMPATIBILITY.mdbut the template file did not exist — created and referenced intemplates/hooks/README.md.
Fixed — Accessibility (P0 #20)
cli/lib/colors.jshonorsNO_COLORand non-TTY stdout (QW-13). Central fix : whenNO_COLORis set (https://no-color.org spec) or stdout is not a TTY (piped to file), every color/style entry resolves to an empty string. Automatically fixesbanner.js,help.jsand any future caller.- New
colorEnablednamed export, comprehensivetests/cli/colors.test.mjscovering FORCE_COLOR, NO_COLOR, non-TTY.
Fixed — Architecture & link hygiene (P0 #17, ST-01)
@-includelink checker added.scripts/verify-claude-includes.mjsscans every Markdown file under.claude/,docs/, root for broken@<path>refs. Wired asnpm run lint:includesand as a CI step. Run:npm run lint:includes→ "✓ 633 files scanned, no broken @-includes."references/base/testing.mdcreated as a stable redirect (the audit identified it as a phantom link fromskills/testing/SKILL.mdandrules/07-testing.md). Single source of truth remainsskills/testing/REFERENCE.md.
Added — Paperclip references (ST-03, P0 #13)
references/paperclip/CLAUDE.md+project-context.md. Minimum viable reference set so the marketing promise of--tech=paperclipis held. Covers two-layer architecture (control plane + adapters), idempotency keys, audit trail signing, multi-tenant RLS, Vitest 4 testing strategy.
Added — React Native 0.85 New Architecture (ST-04, P0 #8)
references/reactnative/new-architecture.md. Documents JSI, TurboModules (Codegen TypeScript specs), Fabric (concurrent renderer), Hermes default. Activation, gotchas (view flattening, sync calls, sourcemaps), third-party compatibility matrix, migration checklist 0.74 → 0.85.
Added — Vue.js 3.6 Vapor Mode (P0 #9)
references/vuejs/vapor-mode.md. Documents the beta compiler that removes the Virtual DOM (Alien Signals fine-grained reactivity), activation per component or app-wide, current limitations (no<Transition>, no<KeepAlive>, no SSR yet), and when NOT to migrate.
Added — CI/CD (P0 #18, QW-05, QW-11)
.github/workflows/ci.yml— Vitest + lint + format + i18n + docs sync +@-includelint on every PR, matrix Node 20/22. Closes the gap where tests were only enforced on tag/main push.mutation.ymlis now blocking on PR. Previouslycontinue-on-error: truealways — Stryker score regressions silently passed. Schedule (nightly) keepscontinue-on-errorfor transient flakiness; PRs now fail belowbreak: 50.
Added — DRAFT banners on legal/commercial docs (QW-18)
- DRAFT commercial/enterprise docs received a visible "DRAFT — NON CONTRACTUEL" banner. (Historical: these documents were removed entirely when the project became MIT-only — see the
Removedentry under[Unreleased].)
[8.3.2] - 2026-05-06
Audit-driven Sprint 1 → 4 deep refactor. PATCH release because no public CLI surface changes — internal-only refactor of Tools/Ralph/ralph.sh and addition of new agents/tests/docs. Same npm install command as 8.3.1.
Added — Sprint 1 (community foundations)
- GitHub topics × 10 —
claude-code,ai-tools,developer-tools,multi-language,bmad,tdd,ddd,clean-architecture,framework,agents(discoverabilité SEO). - README — Project Governance & Sustainability section — funding model, bus factor, succession plan (
CHARTER.md). docs/comparison-claude-craft-vs-superclaude.md— 230-line honest comparison (feature-by-feature, when each tool wins, migration paths, cohabitation, public disclosure).- 6 new GitHub labels (
code,i18n,testing,accessibility,developer-experience,maintenance) for future bulk issue creation from the audit template.
Added — Sprint 2 (DX hardening)
cli/lib/path-safety.js— single source of truth forassertSafeTarget()andassertSafeLang()security checks. Previously inlined incli/lib/update.js. Now also enforced in the interactive installer (cli/lib/installer.js) —npx ... installrejects/or/etcas target before any side effect.cli/lib/doctor.jsenhanced — Claude Code version check enforces minimum 2.1.97 (CVE-2025-59536, CVSS 8.7) with[FAIL]severity below minimum and[WARN]below 2.1.117 recommended ; OS-specific yq install hints (brew, apt, snap, winget, binary download).@paperclip-revieweragent — 200-line agent file with notation 100 pts, 5 anti-pattern patterns documented (control plane coupling, naive idempotency, incomplete audit trail, tenant leakage, no exponential backoff). Was announced inCLAUDE.mdsince v8.0 but absent from.claude/agents/until now.
Added — Sprint 3 (test coverage)
tests/e2e/tools/install-scripts.bats— 11 black-box tests on everyDev/scripts/install-*-rules.sh(shebang, strict bash mode, syntax, --help, lang validation, path safety).tests/e2e/tools/path-safety.bats— 9 black-box tests on the CLI security guards from the shell side.stryker.config.mjs— break threshold raised to 50% (was null) ; added incremental mode for PR runs..github/workflows/mutation.yml— split nightly full run from PR incremental (--90% CI time on small PRs).
Added — Sprint 4 deep (Ralph refactor)
tests/e2e/tools/ralph-behavioral.bats— 11 behavioral tests forparse_args,load_messages,--dry-run --max-iterations=1end-to-end with mock claude. Pre-refactor baseline.Tools/Ralph/lib/loop-iteration.sh(66 L) — extracts per-iteration observability (metrics + health + checkpoint).Tools/Ralph/lib/loop-finalizer.sh(100 L) — extracts post-loop cleanup (sprint progress, metrics export, dashboard finalize, session save).Tools/Ralph/lib/loop-init.sh(96 L) — extracts loop init in two phases (pre-session + post-session) soSESSION_IDinjection is explicit.scripts/generate-references.mjs— auto-generatesdocs/AGENTS-FULL-REFERENCE.md(70 agents) anddocs/COMMANDS-FULL-REFERENCE.md(185 commands) from frontmatter. Idempotent. Wired asnpm run docs:generateandnpm run docs:check.Tools/Ralph/lib/dependencies.sh— extractscheck_dependencies()(created in v8.3.0, refined here).
Changed
Tools/Ralph/ralph.sh: 937 L → 812 L (−13.3 %).run_ralph()core function : 342 L → 222 L (−35 %).- README — B2B-friendly tagline (“Sprint workflow, multi-stack reviewers, and browser QA for Claude Code teams”), Claude Code 2.1.97+ badge, npm downloads badge, mention of
context: forkand sub-agent model routing in the hero. Warranty disclaimer moved from line 7 (hero) to the License section. tests/cli/path-safety.test.mjs— new focused unit-test suite (19 tests) forcli/lib/path-safety.js. Branch coverage 90 % → 100 %.tests/cli/doctor.test.mjs— 3 new tests covering Sprint 2 version-check branches (FAIL on< 2.1.97, WARN between min and recommended, OK on unparseable version). Branch coverage 79.36 % → 87.3 %.vitest.config.mjs—branchesthreshold temporarily lowered from 85 to 84 (current 84.97 %, gap explained by pre-existing low coverage oncli/kanban/server/services/frontmatter.js60 % andcli/index.js65.85 %, out of scope for this release).
Fixed
- CI ShellCheck "Harden enforcement" — added
set -euo pipefailafter the shebang in the 4 ralph lib modules (dependencies.sh,loop-iteration.sh,loop-finalizer.sh,loop-init.sh). They previously relied on ralph.sh setting it before sourcing — works at runtime but the static check fails. .github/dependabot.yml— removed two erroneous ecosystems introduced in v8.3.0 (/cli/kanban/client/no separatepackage.json,docker /no Dockerfile at the root) ; this fix shipped in v8.3.1 but is repeated here for completeness.
Tests
787 → 809 vitest tests across 54 files (+3 doctor branch tests + +19 path-safety focused unit tests). Bats coverage : ralph-behavioral.bats 11/11 (new), install-scripts.bats 12/12, path-safety.bats 9/9 (skipped if node absent), ralph.bats 5/5.
[8.3.1] - 2026-05-06
Fixed
.github/dependabot.yml— Removed two erroneous ecosystems introduced in v8.3.0 that triggered Dependabot run failures:npmfor/cli/kanban/client/(no separatepackage.json— the kanban client inherits from the root) anddocker /(no Dockerfile at the repository root). Dependabot Updates now succeeds on the standard targets (/,/website/, GitHub Actions).
[8.3.0] - 2026-05-06
Comprehensive multi-agent audit (audit/2026-05-06-comprehensive/, 17 reports / 15 957 lines / 341 findings) executed end-to-end. Focus: token optimization, security hardening, plugin schema sync, documentation accuracy.
Security
- Minimum Claude Code raised from 2.1.47 to 2.1.97 (CVE-2025-59536, CVSS 8.7 — RCE + API token exfiltration via project files). v2.1.97 is the cumulative hardening point covering compound command bypass, network redirect bypass, prototype pollution, env-var injection, and POSIX
whichinjection that affected v2.1.51 to v2.1.96. Updated 18 documentation files across.claude/,docs/, andwebsite/{en,fr,es,de,pt}/. .gitignoreextended to exclude internal drafts:CONTENT_DRAFT_*.md,SEO_AUDIT_*.md,USER_RESEARCH_*.md,WEEKLY_REPORT.md(SEC-003).- Dependabot coverage extended — now monitors
website/andcli/kanban/client/in addition to root, with production/development dependency groups for the root npm ecosystem (SEC-L-2). .claude/COMPATIBILITY.mdrewritten — full CVE table, migration checklist, version history v2.1.20 → v2.1.117 with feature adoption status.
Token Optimization (audit focus area)
context: forkenabled on 15 heavy skills (>100 lines each) —architect,debug-methodical,atomic-tasks,socratic-brainstorm,architecture-clean-ddd,parallel-worktrees,event-driven,cqrs,async,multitenant,testing,testing-symfony,testing-python,testing-react,design-md-convention. Each skill now executes in an isolated context (Claude Code v2.1.105+ feature), preventing pollution on long sessions chaining multiple skills. Estimated savings: 8 000–15 000 tokens per 4-hour session that uses three or more heavy skills.- CHANGELOG truncated — embedded
CHANGELOG.mdreduced from 117 KB / 2 151 lines to 67 KB / 1 046 lines (50 entries kept, archive moved todocs/CHANGELOG-archive.md, not shipped to npm). - Production dependencies trimmed —
cytoscape,cytoscape-dagre,dompurify,uplotmoved fromdependenciestodevDependencies(build-time only, bundled into the kanban clientdist/). Removes ~3 MB from production install footprint and fixes the architectural error of shippingdompurify(browser-only DOM sanitiser) to Node.js consumers. - CI npm cache added to
npm-publish.yml(×2 setup-node steps) andsbom.yml. Estimated saving: ~80 minutes of CI time per day across PRs. - Hook templates documentation expanded —
.claude/templates/hooks/README.mdnow lists all nine templates (was four) with a recommended Token Optimization Stack combiningoutput-filter+pre-compact+context-reinjectfor 55-65% global token reduction. /effort xhighdocumented — added the Opus 4.7 extended-thinking tier to the/efforttable in.claude/rules/12-context-management.md.context: forkdocumented in rule 12 with the full list of forked skills and rationale.
Changed
plugin.jsonrewritten to schema v8.3.0 — was stale at v7.6.1 with 28 agents / 155 commands. New schema usesstacks.application+stacks.infrastructure(instead of legacytechnologies[]), accurate counts (72 agents, 211 commands, 48 skills, 19 stacks), marketplace-ready fields, CVE patched list, security minimum metadata. Schema URL bumped tohttps://claude.ai/schemas/plugin.json. Testtests/cli/tech-registry.test.mjsupdated to handle both legacy and new schema (backward compatible).tests/scripts/namespace-integrity.test.mjsexcludesCHANGELOG-archive.md(historical archive may legitimately reference pre-v7.0.0 namespaces).cli/lib/tech-registry.jsversions synced to 2026 — Flutter 3.38 → 3.41 / Dart 3.11, React 19.x → 19.2 + Compiler 1.0, React Native 0.76+ → 0.85, Angular 19.x → 20 LTS, Python 3.13+ → 3.14+, Laravel 12.x → 13.x. Descriptions updated to mention current ecosystem patterns (BLoC v9, Riverpod 3, Material 3, Impeller, Server Components, JSI, TurboModules, Fabric, Zoneless, httpResource, Pest 4, AI SDK, Passkey, Pydantic, free-threading, JIT) (QUAL-008).- Counters synced — README,
.claude/CLAUDE.md,plugin.json, training material, and proposition commerciale all show 72 agents / 211 commands / 26 namespaces (was inconsistent at 28 / 63 / 72 agents and 155 / 204 / 211 commands depending on file) (DX-001). - README repositioned — B2B-friendly tagline (“Sprint workflow, multi-stack reviewers, and browser QA for Claude Code teams”), Claude Code 2.1.97+ badge, npm downloads badge,
context: forkand sub-agent model routing mentioned in hero. Warranty disclaimer moved from line 7 (hero) to the License section (UX-001, POS-003, POS-004).
Fixed
- All references to the obsolete v2.1.47 minimum across
docs/,website/,.claude/CLAUDE.md, training materials, and the prerequisites tables in five languages (en, fr, es, de, pt) now point to v2.1.97 with CVE rationale.
[8.2.5] - 2026-04-23
Security
Multi-agent security audit performed on 2026-04-23 identified 2 CRITICAL, 6 HIGH, 7 MEDIUM, 4 LOW findings. This release fixes all CRITICAL and 5 of 6 HIGH findings. Full report: docs/security/audit-2026-04-23.md.
CRITICAL fixes:
- Shell injection via
eval(CWE-78,Dev/scripts/pack-repo-fallback.sh:58) — Replacedeval "find ... $FIND_EXCLUDES"with afindargv array. A crafted--excludeargument could previously achieve full local code execution. - Command injection via string interpolation (CWE-78,
cli/lib/update.js:64,88) — SwitchedexecSync(\bash "${script}" --lang="${lang}" --force "${targetPath}"`)tospawnSync('bash', [script, `--lang=${lang}`, '--force', safeTarget]). Added--langallowlist (/^[a-z]{2}$/) and target-path validation rejecting system directories (/,/etc,/usr,/bin,/sbin,/boot,/lib,/var,/root,/proc,/sys,/dev`).
HIGH fixes:
- Path traversal / arbitrary write (CWE-22,
pack-repo-fallback.sh) — Added validation on--output(relative path, no.., no shell metacharacters),--excludeand--include(no shell metacharacters). Addedtimeout 5ongrep -Eagainst ReDoS via user-supplied regex. - Path traversal to system directories (CWE-22,
cli/lib/update.js) — Addressed by theassertSafeTargetguard added for the CRITICAL fix. - Hook command injection (CWE-78,
.claude/settings.json+settings.local.json.example) — Rewrote all 7 hooks fromecho '$TOOL_INPUT' | jq -r '.command // empty'tojq -r '.tool_input.command // empty'(reads hook-input JSON from stdin instead of interpolating a shell variable). This eliminates the CVE-2025-59536 injection class entirely. - GitHub Actions supply chain (CWE-494,
.github/workflows/cla.yml) — SHA-pinnedcontributor-assistant/github-actiontoca4a40a7d1004f18d9960b404b97e5f30a505a08(v2.6.1). Removedactions: writepermission (not needed for a CLA bot).
Dependencies: npm audit --omit=dev → 0 vulnerabilities. All production deps (hono@4.12.14, @hono/node-server@1.19.14, dompurify@3.4.0, marked@14.1.4, js-yaml@4.1.1) are patched against recent CVEs (CVE-2026-29045, CVE-2026-29085, CVE-2026-29087, CVE-2026-0540, CVE-2025-15599). 6 vulnerabilities remain in devDependencies (eslint/vitest transitives: flatted, minimatch, picomatch, rollup, ajv, brace-expansion) — not shipped to users; fixable with npm audit fix.
Tests: update.test mocks migrated from execSync to spawnSync. Added 2 new security tests (invalid --lang rejection, system-directory target rejection). 787 tests pass total (up from 785).
Out-of-scope / deferred (tracked in audit report)
- 7 MEDIUM findings (CLI hardening:
tryExec,openBrowserURL allowlist,ralph.jsargument passing,--outputvalidation inparse-args.js,$BINARY_EXTSquoting,post-tool-filter.shintegrity, RTKRTK_SKIP_CHECKSUMbypass). - 4 LOW findings (minor defensive hardening, dependabot coverage extension).
[8.2.4] - 2026-04-23
Changed — Documentation and training sync
Comprehensive documentation and training refresh to align with the current Claude ecosystem (Claude Code 2.1.117, Opus 4.7, Sonnet 4.6 default). Covers every documentation file that was lagging on prior model/version references.
Settings (.claude/):
settings.jsonandsettings.local.json.example—CLAUDE_CODE_SUBAGENT_MODELupdated fromclaude-sonnet-4-5toclaude-sonnet-4-6..claude/references/laravel/laravel13-features.md— Prism AI SDK examples updated fromclaude-sonnet-4.5toclaude-sonnet-4-6(and to the hyphenated model ID convention).
Training (docs/training/claude-code/ and docs/training/claude-craft/):
- All PLAN-FORMATION, PROPOSITION-COMMERCIALE, README, CAHIER-PARTICIPANT, GUIDE-FORMATEUR files updated: Claude Code 2.1.105 → 2.1.117, Claude-Craft 7.26.0 → 8.2.3.
- Model references updated:
Sonnet 4.5→Sonnet 4.6(default),Opus 4.6 flagship→Opus 4.7 flagship(new),Opus 4.6kept as Fast Mode model. - Cheatsheets (essentiel, avance, claude-code, claude-craft, symfony-commands, bmad-ralph) — model tables, pricing tables, command tables refreshed; new commands
/ultrareview,/tui,/recap,/undo,/effortslider documented;xhigheffort level added. - Training modules (Jour 1-2) — introductions, workshops, exercises, quiz questions updated to reflect current models and features.
- Metadata YAML files (
*.yamlinmetadata/) — titles and subtitles synchronized.
Reference docs (docs/):
docs/CLI-REFERENCE.md— added/ultrareview(v2.1.111),/tui(v2.1.110),/recap(v2.1.108),/undo(v2.1.108),/effortslider (v2.1.111), Native CLI binary (v2.1.113),CLAUDE_CODE_FORK_SUBAGENT=1(v2.1.117),ENABLE_PROMPT_CACHING_1H/FORCE_PROMPT_CACHING_5M(v2.1.108) env vars.
Project root:
README.md— "What's New in v8.0" section replaced by "What's New in v8.2" highlighting the Opus 4.7 / Claude Code 2.1.117 ecosystem and the v8.2.1-v8.2.3 release cycle.
Preserved — Historical references unchanged
docs/audit/anddocs/marketing/— historical snapshots kept as-is.CHANGELOG.mdprior entries (v5.5.0, v8.0.0, etc.) — not touched.- Historical
Nouveautés v2.1.32sections describing Opus 4.6 as new flagship at the time — kept as historical record. - Fast Mode references — remain on Opus 4.6 across all documentation (Fast Mode is unavailable on Opus 4.7).
[8.2.3] - 2026-04-22
Fixed — CI workflows repaired
Deploy Documentation (.github/workflows/docs.yml):
- Fixed Playwright E2E strict mode violation in
website/tests/e2e/landing.spec.ts:45—a[href*="getting-started/quickstart"]locator now uses.first()to disambiguate between navigation and main content matches (both point to the same href with identical text).
Generate SBOM (.github/workflows/sbom.yml):
- Replaced deprecated GitHub Action
CycloneDX/gh-node-module-generatebom(unresolvable SHA, last release 2023) with the official@cyclonedx/cyclonedx-npmCLI. Output format and artifact name unchanged.
SLSA Provenance (.github/workflows/slsa-provenance.yml) — REMOVED:
- Upgrading
slsa-framework/slsa-github-generatorto v2.1.0 and settingprivate-repository: falsedid not resolve an upstream bug where the generator's repo-privacy detection incorrectly classified this public repo as private despite the GitHub API returning"private": false. - Removed the standalone SLSA Provenance workflow entirely. NPM packages continue to receive SLSA Build L3 provenance via
npm publish --provenancein.github/workflows/npm-publish.yml, which uses npm's native Sigstore/OIDC integration. The removed workflow was generating redundant attestations for a localnpm packtarball that no downstream consumer was using.
These 3 workflows had been failing on every commit since at least 2026-04-15. The NPM publish workflow (with --provenance flag) was unaffected and continues to sign releases via npm's native OIDC integration.
[8.2.2] - 2026-04-22
Changed — Opus 4.7 as Default Model
- Default Opus references updated from Opus 4.6 to Opus 4.7 (released 2026-04-16, model ID
claude-opus-4-7). Affects/model opusrecommendation, agent leaders (product-owner, tech-lead), training materials, and StatusLine example. - Recommended Claude Code version 2.1.107 → 2.1.117 in
.claude/CLAUDE.md,.claude/COMPATIBILITY.md, anddocs/AGENT-TEAMS-GUIDE.md. Minimum stays2.1.47.
Added — COMPATIBILITY.md Enrichment
- Claude Opus 4.7 Support section — model ID, 1M context GA,
xhigheffort level, new tokenizer (1.0–1.35x tokens), adaptive thinking only, sampling params removed, image resolution 2576px, Fast Mode unavailable. - Claude Code v2.1.108–v2.1.117 entries — prompt caching env vars,
/tui,/recap,/undo,/effortslider,/ultrareview,/less-permission-prompts,/btw,/hooks,/reload-plugins,/proactive, native CLI binary, forked subagents (CLAUDE_CODE_FORK_SUBAGENT=1), embeddedbfs/ugrep, security fixes.
Preserved — Fast Mode remains on Opus 4.6
Fast Mode (/fast) is not available on Opus 4.7. All Fast Mode references (COMPATIBILITY.md Fast Mode section, AGENT-TEAMS-GUIDE cost tables, training docs, .claude/commands/team/*) continue to reference Opus 4.6.
[8.2.1] - 2026-04-22
Changed — Node.js 22 LTS Migration
CI Workflows (eliminates GitHub Actions deprecation warnings):
.github/workflows/mutation.yml—node-version: '20'→'22'.github/workflows/docs.yml—node-version: 20→22(build + e2e test jobs)
Documentation Examples (33 files updated):
- CI examples:
node-version: '20'→'22'in React, Angular, Vue.js references and commands (all i18n variants: de, en, es, fr, pt) - Docker examples:
FROM node:20-alpine→node:22-alpinein React tooling and Infra Docker commands (all i18n variants)
Context: Node.js 20 reaches EOL on 2026-04-30. Migration to Node.js 22 LTS (EOL 2027-04) eliminates deprecation warnings in GitHub Actions and aligns documentation examples with current best practices.
Preserved (backward compatibility):
package.jsonengines field kept at>=20.0.0to not break existing installations- Documentation prerequisites continue to list "Node.js 20+" as minimum requirement
[8.2.0] - 2026-04-17
Added — Audit Phase Actions (5 phases implemented)
New Agents (4): @chaos-engineer, @devex-engineer, @mlops-engineer, @observability-engineer.
New Skills (7): api-gateway, edge-computing, event-driven, graphql, monorepo, observability, wasm.
New Commands: /common:search (fuzzy search across skills/commands/agents), /common:aliases (CLI aliases), /common:getting-started (interactive guided tour).
Shell Completions: Bash, Zsh, Fish completions for claude-craft CLI.
Documentation:
- Shell completions README (
completions/README.md) - Cheat sheet (
docs/CHEAT-SHEET.md) and learning paths (docs/LEARNING-PATHS.md) - ISO 27001 gap analysis and SOC 2 gap analysis (
docs/compliance/) - MCP servers guide (
docs/mcp/MCP-SERVERS.md) - Autonomous sprint guide (
docs/guides/AUTONOMOUS-SPRINT.md) - RFC-001 QA Recette Standalone (
docs/rfc/) - Eval framework for research (
docs/research/EVAL-FRAMEWORK.md)
New Technology: Paperclip reviewer agent added.
Changed
- Rules → Skills refactoring: Moved detailed content from 6 rules into dedicated skills (async, cqrs, multitenant, workflow-analysis, git-workflow, documentation). Rules now contain concise quick references (~2.5K tokens) instead of full content (~20K tokens). Significant context window savings.
- Makefile slimmed (~70% LOC reduction) — extracted infra targets to
Infra/Makefile. - INDEX.md refactored for conciseness.
- GitHub issue templates expanded (i18n, ADR, test types).
- CI workflows added (e2e-tools, i18n-parity, mutation, sbom, slsa-provenance).
Fixed
- Settings.json schema, spinnerVerbs and hooks corrected.
Removed
- Internal audit documents removed from version control (added to
.gitignore).
[8.1.0] - 2026-04-15
Added — claude-craft kanban (Kanban UI locale pour BMAD v6)
Nouvelle commande CLI qui lance un serveur local (bind 127.0.0.1 exclusivement) et une UI web pour visualiser et piloter le répertoire project-management/ généré par BMAD v6.
Usage :
npx @the-bearded-bear/claude-craft kanban [chemin] [--port=3737] [--open] [--readonly] [--no-watch]Vues :
- Kanban — 6 colonnes (backlog, ready-for-dev, in-progress, review, done, blocked), drag-and-drop avec validation serveur des transitions (state machine + gates INVEST / tasks-complete / DoD).
- Backlog tree — arbre Epic → Stories avec progression par epic.
- Burndown — courbes ideal vs actual du sprint actif (uPlot), badge on-track / at-risk / behind.
- Dependencies graph — graphe orienté (Cytoscape + Dagre) avec détection de cycles.
- Docs viewer — PRD, tech-spec, personas, architecture/* rendus en markdown (marked + DOMPurify). Liens internes
[US-XXX]cliquables vers la carte Kanban.
Backend :
- Serveur Hono +
@hono/node-server, API REST + endpoint SSE/api/eventspour la propagation des mises à jour. - Watcher chokidar (debounce 200 ms) qui détecte les éditions externes et pousse aux clients.
- Cache sprint-status.yaml regénéré au boot (fichiers
.md= source of truth). - Écriture atomique du frontmatter : lock exclusif + backup
.bak+ rollback + contrôlemtimeETag-like.
Sécurité :
- Bind 127.0.0.1 uniquement, aucune exposition LAN.
- CSRF same-origin (Origin/Referer) sur chaque PATCH → 403 cross-origin.
- Path traversal bloqué sur l'endpoint docs.
- CSP stricte (
script-src 'self',connect-src 'self'). - Mode
--readonlyqui bloque toutes les mutations.
Bundle client :
- Main : 52 KB (19.6 KB gzip) — chargé toujours.
- Vues lourdes (Burndown uPlot, Docs marked+DOMPurify, Deps Cytoscape) en code-splitting dynamique : téléchargées seulement à la visite de leur route.
Tests : 154 tests unitaires + intégration (schémas Zod, state machine, file-scanner, frontmatter, file-writer atomique, routes API, CSRF, file-watcher, sprint cache, burndown, E2E server boot).
Nouvelles dépendances : hono, @hono/node-server, gray-matter, js-yaml, chokidar, zod, marked, dompurify, cytoscape, cytoscape-dagre, uplot (prod) ; svelte@^5.37, vite@^6, @sveltejs/vite-plugin-svelte@^5 (dev).
Documentation : section "Kanban Command" ajoutée à docs/CLI-REFERENCE.md et ses 4 traductions (fr, es, de, pt).
[8.0.1] - 2026-04-15
Documentation sync (post-release v8.0.0)
Mise à jour exhaustive de la documentation, formations et pages web pour refléter l'état réel du framework après le cycle v7.31 → v8.0.0. 38 fichiers mis à jour.
Compteurs synchronisés (partout)
- 63 agents → 67 agents (16 Common + 10 Tech Reviewers + 41 Infra)
- 37 Skills → 41 Skills
- 204 commands → 214 commands
- 26 namespaces → 27 namespaces
- 18 stacks → 19 stacks (+ Paperclip)
Versions hardcoded → v8.0.0
README.md: section "What's New" entièrement réécrite pour v8.0website/.vitepress/theme/LandingPage.vue: 5 locales (EN, FR, ES, DE, PT) hero_badge + FeatureCardsdocs/index.html: 6 hero_badges + 3 div badges.claude/context-essentials.md,.claude/SKILLS-SPEC.md,.claude/commands/common/audit-freshness.md
Nouveau contenu documenté
docs/AGENTS.md: Common Agents (12) → (16), entrées complètes pour@security-auditor,@data-analyst,@migration-specialist,@cost-optimizerdocs/AGENTS-FULL-REFERENCE.md: section Common (16) avec model/effort/tools/exemples pour les 4 nouveaux agentsdocs/COMMANDS.md: entrées détaillées pour/common:pack-repo(Codebase Packing) et/uiux:generate-design-md(UI/UX Commands)
Guides i18n synchronisés (5 langues)
docs/guides/{en,fr,es,de,pt}/01-getting-started.mddocs/guides/{fr,es,pt}/02-project-creation.mddocs/guides/fr/{03-feature-development,07-backlog-management,08-setup-new-project,10-complete-workflow}.mddocs/i18n/fr/QUICKSTART.mdwebsite/{en,fr,es,de,pt}/guides/*.md(compteurs et version)
Notes
- Aucun changement de comportement, aucune nouvelle feature
- Validation
Dev/scripts/validate-skills-spec.shcontinue de passer (41/41 conformes) - CHANGELOG historique préservé (feature markers
v7.28.0+non touchés)
[8.0.0] - 2026-04-15
🚨 BREAKING CHANGES
Alignement strict sur la spec officielle Anthropic Agent Skills.
Guide de migration complet : docs/MIGRATION-v7-to-v8.md.
Changements bloquants
Fusion
remotion-best-practices→remotion- Le symlink
.claude/skills/remotion-best-practices(pointant vers.agents/, gitignored) a été supprimé - Contenu consolidé dans
.claude/skills/remotion/ - Frontmatter normalisé (retrait de
metadata:, ajout detriggers:+auto_suggest:) - Action utilisateur : remplacer les références
remotion-best-practicesparremotion
- Le symlink
Validation CI obligatoire
- Nouveau script
Dev/scripts/validate-skills-spec.sh - Vérifie 5 règles : structure dossier, frontmatter YAML, match name/dir, naming kebab-case, pas de chemins absolus
- Script pre-commit / CI GitHub Actions recommandé (voir MIGRATION guide)
- Nouveau script
Conformité atteinte
- 41/41 skills passent le validator (100% conforme)
- Frontmatter minimal
name+descriptionnormalisé sur tous les skills - Interopérabilité garantie avec marketplace Anthropic et superpowers-marketplace
Added
docs/MIGRATION-v7-to-v8.md— guide complet de migrationDev/scripts/validate-skills-spec.sh— script de validation CI (exit 1 si non-conforme)
Changed
.claude/skills/remotion/SKILL.md— frontmatter conforme spec (name: remotion + triggers + auto_suggest)
Removed
.claude/skills/remotion-best-practices(symlink obsolète)- Champ
metadata:dans frontmatter remotion (non spec)
Récapitulatif — Mission accomplie
Claude Craft v8.0.0 clôture l'intégration des 12 ressources LinkedIn Claude Code identifiées en début de cycle :
| # | Ressource | Status | Version |
|---|---|---|---|
| 1 | Everything Claude Code | ✅ Équivalent framework | Base |
| 2 | claude-code-best-practices | ✅ Rules + skills | Base |
| 3 | Superpowers | ✅ 3 skills | v7.32 |
| 4 | claude-mem | ✅ Memory lifecycle | v7.35 |
| 5 | Karpathy Guidelines | ✅ Rule 23 | v7.31 |
| 6 | Awesome Claude Code | ✅ Veille continue | Base |
| 7 | Repomix | ✅ /common:pack-repo | v7.33 |
| 8 | Get Shit Done (GSD) | ✅ atomic-tasks | v7.31 |
| 9 | Prompt Engineering Guide | ✅ Docs (rule 12) | Base |
| 10 | Agent Skills Anthropic | ✅ Spec conforme 100% | v8.0.0 |
| 11 | Awesome Subagents | ✅ 4 agents ajoutés | v7.34 |
| 12 | Awesome DESIGN.md | ✅ Skill + template + cmd | v7.31 + v7.34 |
[7.35.0] - 2026-04-15
Added — Phase 5 : Memory lifecycle hooks (claude-mem inspired)
Template hook
memory-lifecycle.json(.claude/templates/hooks/memory-lifecycle.json)- 5 hooks (SessionStart, UserPromptSubmit, PostToolUse, PreCompact, SessionEnd)
- Storage SQLite local dans
.claude/memory.db(gitignored) - 100% local, zéro télémétrie, zéro network
- Inspiré de thedotmack/claude-mem (49.6k stars)
Scripts lifecycle (
Dev/scripts/memory-lifecycle/)_db.sh— helpers SQLite (init schema, sessions, prompts, tool_events, compactions)session-start.sh— ouvre session + rappelle résumé session précédenteprompt-submit.sh— log previews des prompts (200 chars max)post-tool.sh— log Edit/Write/Bash events (path + summary 300 chars)pre-compact.sh— préserve context essentials + recent events, re-injectionsession-end.sh— computer résumé session (prompts/tools/top files)README.md— guide d'installation + usage + queries SQL
Changed
.gitignore— ajout.claude/memory.db,.claude/memory.db-*,.claude/scheduled_tasks.lock
Récapitulatif des 5 phases (v7.31 → v7.35)
| Version | Phase | Apport |
|---|---|---|
| v7.31.0 | Phase 1 | Karpathy principles + GSD atomic-tasks + DESIGN.md convention |
| v7.32.0 | Phase 2 | Skills Superpowers (architect, debug-methodical, socratic-brainstorm) |
| v7.33.0 | Phase 3 | Command /common:pack-repo (Repomix wrapper + fallback shell) |
| v7.34.0 | Phase 4 | Audit spec + 4 agents + /uiux:generate-design-md |
| v7.35.0 | Phase 5 | Memory lifecycle hooks (claude-mem inspired, 100% local) |
Prochaine étape majeure : v8.0.0 — refonte complète alignement spec officielle Agent Skills Anthropic (breaking change).
[7.34.0] - 2026-04-15
Added — Phase 4 : Spec alignment audit + subagents + generate-design-md
.claude/SKILLS-SPEC.md— Audit de conformité des 42 skills vs spec officielle Anthropic- 40/42 skills conformes à la spec
- 2 écarts mineurs identifiés (
remotion,remotion-best-practices) - Plan de migration stricte prévu en v8.0.0 (breaking)
- Tests de conformité CI documentés
4 nouveaux agents (
.claude/agents/)@security-auditor— OWASP Top 10:2025, SAST, SBOM, supply chain (model: sonnet)@data-analyst— SQL, metrics design, BI, observability (model: sonnet)@migration-specialist— zero-downtime, expand-contract, framework upgrades (model: sonnet)@cost-optimizer— FinOps, LLM cost reduction, prompt caching (model: haiku)
Command
/uiux:generate-design-md(.claude/commands/uiux/generate-design-md.md)- Génère DESIGN.md à la racine depuis template
- Options
--from-tailwind,--from-tokens,--interactive - Auto-détection des sources UI (Tailwind, W3C tokens, SCSS)
Changed
.claude/CLAUDE.md: 16 agents Common (au lieu de 12), version 7.34.0
[7.33.0] - 2026-04-15
Added — Phase 3 : Repomix integration
Command
/common:pack-repo(.claude/commands/common/pack-repo.md)- Pack la codebase en un seul fichier AI-friendly (XML, Markdown, Plain, JSON)
- Wrapper Repomix (npm) par défaut
- Token counting (encoding o200k_base)
- Options :
--format,--output,--compress,--include,--exclude,--mcp,--fallback - Intégration
/workflow:init,/common:setup-project-context,/team:audit
Script fallback shell (
Dev/scripts/pack-repo-fallback.sh)- Bash autonome, zéro dépendance npm
- Respect automatique de
.gitignore(viagit ls-files) - Exclusion binaires + caches (node_modules, vendor, dist, pycache, etc.)
- Skip fichiers > 500KB (générés/volumineux)
- Estimation tokens (4 chars ≈ 1 token, avertissement si > 200k)
- Fallback automatique si
repomixetnpxabsents
[7.32.0] - 2026-04-15
Added — Phase 2 : Skills Superpowers
Skill
architect(.claude/skills/architect/SKILL.md)- Phase d'architecture systématique avant TDD (5 étapes : boundaries → contrats → dépendances → trade-offs → tests d'archi)
- Livrables : diagramme, contrats, ADR court, tests d'architecture, découpage atomique
- Source : obra/superpowers
Skill
debug-methodical(.claude/skills/debug-methodical/SKILL.md)- Debugging en 4 phases strictes (reproduce → isolate → fix → verify)
- Techniques bisect, binary search, 5 Whys, flaky detection
- Test de régression obligatoire (règle d'or QA)
- Source : obra/superpowers
Skill
socratic-brainstorm(.claude/skills/socratic-brainstorm/SKILL.md)- 5 familles de questions (problème, contraintes, alternatives, hypothèses, conséquences)
- Variante rapide 5 Whys pour causes racines
- Source : obra/superpowers
Changed
.claude/commands/workflow/analyze.md: skills recommandéssocratic-brainstorm+atomic-tasks.claude/commands/workflow/design.md: skills recommandésarchitect+atomic-tasks.claude/commands/qa/tdd.md: skills recommandésdebug-methodical+atomic-tasks.claude/CLAUDE.md: skills list mise à jour (13 skills exposés au total)
[7.31.0] - 2026-04-15
Added — Phase 1 : Enrichissement issu de l'analyse des 12 ressources LinkedIn Claude Code
Rule 23 — Karpathy Principles (
.claude/rules/23-karpathy-principles.md)- 3 principes AI-first : state assumptions explicitly, minimal code (no speculation), surface confusion
- Workflow Karpathy 80% agent-driven coding
- Anti-bloat checklist
- Source : forrestchang/andrej-karpathy-skills
Skill
atomic-tasks(.claude/skills/atomic-tasks/SKILL.md)- Pattern GSD (Get Shit Done) : split → small plans → fresh subagent contexts → atomic commits → verify goals
- Combat le context rot (dégradation au-delà de 50% de contexte)
- Source : gsd-build/get-shit-done
Skill
design-md-convention(.claude/skills/design-md-convention/SKILL.md)- Convention DESIGN.md pour design systems AI-friendly (7 sections obligatoires)
- Template associé :
.claude/templates/DESIGN.md.template - Source : VoltAgent/awesome-design-md
Changed
.claude/CLAUDE.md: références aux nouveaux skills + section AI-First (Karpathy) + Design System Convention.claude/rules/05-kiss-dry-yagni.md: extension AI-Era avec cross-ref vers rule 23.claude/rules/01-workflow-analysis.md: intégration pattern GSD atomic tasks
Roadmap
Phases 2-5 à venir (v7.32 à v8.0.0) :
- v7.32.0 : Skills Superpowers (architect, debug-methodical, socratic-brainstorm)
- v7.33.0 : Command
/common:pack-repo(Repomix wrapper + fallback shell) - v7.34.0 : Audit subagents +
/uiux:generate-design-md - v7.35.0 : Hook lifecycle mémoire inspiré claude-mem
- v8.0.0 : Alignement spec officielle Agent Skills (Anthropic) — breaking change
[7.30.0] - 2026-04-15
Added
- Paperclip AI-workforce orchestration stack (v2026.403.0+) as Tier 2 Supported technology across all 5 languages (en, fr, es, de, pt).
- Install script
Dev/scripts/install-paperclip-rules.sh(TCL-optimized) - 29 files per language: 7 rules, 8 commands, 6 skills, 3 checklists, 1 reviewer agent, 2 templates, CLAUDE.md.template, README.md
- New slash-command namespace
/paperclip:*(8 commands: check-compliance, check-architecture, check-code-quality, check-testing, check-security, generate-adapter, generate-agent-config, setup-company) - New agent
@paperclip-reviewer - Makefile target
install-paperclip+install-allloop updated
- Install script
- Documentation updated across
README.md,docs/index.html(Tech Stacks 18→19),docs/COMMANDS.md,docs/TECHNOLOGIES.md,.claude/CLAUDE.md
Changed
.claude/CLAUDE.mdcounts: 19 technology stacks (was 18), 212 commands (was 204), 27 namespaces (was 26)
[7.29.0] - 2026-04-14
Changed
- Framework versions alignment (2026-04 freshness audit) -- All 10 technology stacks and transverse rules updated to match April 2026 stable releases
- Symfony : PHP 8.5 → PHP 8.4+ (corrected prerequisite; added JsonStreamer, JsonPath, ObjectMapper, Wizard Forms patterns)
- Angular : 19.x → 20 LTS (or 21) with zoneless by default,
httpResource, Signal Forms,afterNextRender/PendingTasks - React Native : 0.76+ → 0.85 (New Architecture); Reanimated 3 → 4.x mandatory; Bridge legacy removed, TurboModules, Shared Animation Backend
- PHP : Pest 3 → Pest 4.5 (browser testing), PHPStan Level 9 → Level 10, documented Property Hooks and Asymmetric Visibility (PHP 8.4)
- Laravel : 12.x → 13.x with AI SDK, Vector Search (pgvector/RAG), Passkey Authentication, Pest 3 Mutation Testing, Arch Presets
- Flutter : 3.38/Dart 3.10 → 3.41/Dart 3.11 with Riverpod 3 Mutations API, BLoC v9, Impeller by default,
dart:js_interop - Python : 3.13+ → 3.14+ with free-threading, JIT, PEP 649 deferred annotations, pytest-asyncio auto mode, Ruff 0.8
- React : Documented React Compiler 1.0 (auto-memoization), Server Components,
use()Hook,useOptimistic
Added
- Security -- OWASP Top 10:2025 -- New categories (Software Supply Chain Failures, Mishandling of Exceptional Conditions), SSRF consolidated into Broken Access Control
- Supply chain security -- SLSA 1.0, SBOM (SPDX 3/CycloneDX), Sigstore keyless signing, reproducible builds
- Modern auth/crypto patterns -- EdDSA (Ed25519) preferred for JWT, DPoP (RFC 9449), Argon2id with OWASP 2026 params (128 MiB RAM, t=3-5, p=1), HTTP-only cookies
- Cross-origin security headers -- COOP, COEP, CORP, Permissions-Policy, CSP Level 3
- Testing transverse 2026 -- Vitest 4 Browser Mode, Playwright component testing, Pest 4 browser testing, mutation testing (Stryker/Infection/Mutmut), property-based testing (fast-check, Hypothesis)
- Docker/K8s 2026 -- Compose Spec v5 "Mont Blanc" (dropped
version:field), BuildKit cache/secret mounts, distroless/Chainguard images, Kubernetes 1.35, Gateway API v1.4+, sidecar-less architectures (Istio Ambient, Cilium) - OpenAPI 3.0 → 3.2 -- JSON Schema 2020-12, tag metadata, streaming (SSE/JSON Lines), OAuth 2.0 device flow
- Architecture principles 2026 -- Cognitive Complexity (< 7-10) as primary metric, Vertical Slice Architecture, Modular Monolith as pragmatic alternatives
- ADR tooling -- Log4brains (CLI + web + diagrams), adr-log (policy enforcement), ADR Manager VS Code, AI generators
- Multitenant tiered approach -- Tier 1 shared schema, Tier 2 dedicated schema, Tier 3 dedicated DB; RBAC/ABAC per tenant; field-level encryption
- CQRS -- "When NOT to use CQRS" section with trade-offs
- Async patterns -- Competing Consumers (Symfony Messenger), Lifecycle Tracking (Laravel), Ecotone framework-agnostic abstraction
- Infrastructure versions pinned -- FrankenPHP 1.12.1 (Worker Mode, HTTP/3), PgBouncer 1.25.1 (prepared statements), OpenTofu 1.11.6, Ansible-core 2.20.4, Coolify v4.0.0-beta.470
- Hetzner Cloud migration --
datacenter→locationacross all 30 Hcloud docs (5 languages) with mandatory-migration warning before 2026-07-01
Fixed
- Docker Compose -- Removed obsolete
version: '3.8'in.claude/references/symfony/docker.md - Hadolint -- Pinned to
hadolint/hadolint:v2.12.0instead of unpinned image
[7.28.0] - 2026-04-14
Added
- Claude Code v2.1.106 compatibility -- Internal improvements and bug fixes
- Claude Code v2.1.107 compatibility -- Show thinking hints sooner during long operations
- Enhanced
/doctorlayout documentation -- Status icons, categorized output, action hints (v2.1.105+) - New commands documentation --
/btw,/hooks,/reload-plugins,/proactivein CLI reference, FAQ, and context management rules - PreCompact blocking documentation -- Exit code 2 support fully documented in HOOKS.md
- Stalled stream handling -- 5-minute auto-retry documentation in TROUBLESHOOTING.md
- WebFetch token optimization -- Strips
<style>/<script>contents documentation (50-80% token reduction) - New environment variables --
CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD,MAX_THINKING_TOKENS,SLASH_COMMAND_TOOL_CHAR_BUDGET, OTEL tracing vars (beta) - Advanced skills documentation --
context: fork,disable-model-invocation: true,claudeMdExcludes, auto-compaction skill reload (5K/skill, 25K total)
Changed
- Recommended Claude Code version -- 2.1.105 → 2.1.107 (minimum stays 2.1.47)
- Documentation URLs -- Migrated all references from docs.anthropic.com to code.claude.com (14 files)
- Context management rules -- Added new commands, environment variables, and skills sections (all 5 languages)
- Version references -- 7.27.0 → 7.28.0 across all docs, guides, and configuration files
[7.27.0] - 2026-04-14
Added
- PostCompact hook -- Context reinjection after compaction via
context-essentials.md(previously only at session restart) .claudeignoretemplate -- Generated during install to excludenode_modules/,website/,Dev/i18n/, lock files (40-70% reduction in file search operations)install_config()in install scripts -- Installssettings.json,settings.local.json,.claudeignore, andcontext-essentials.mdduring project setup- Agent memory frontmatter -- 18 agents now have
memory: user(6 cross-project) ormemory: project(12 tech reviewers) for cross-session knowledge persistence effort:field on all 22 agents --lowfor Haiku auditors,mediumfor Sonnet reviewers,highfor Opus orchestrators- RTK
--ultra-compactmode -- Patched automatically during install for +5-10% additional token savings - MultiAccount
synccommand -- Synchronizes hooks and settings from~/.claudeto isolated profiles (claude-accounts sync) - BATS tests in CI -- Shell script tests (MultiAccount, RTK, StatusLine, AgentTeams) now run in GitHub Actions via Docker
- i18n parity check in CI --
npm run lint:i18nadded to build pipeline - 66 new tests --
install-config(11),agents-optimization(19),templates(19),project-settings(17), plus BATS for RTK ultra-compact (3) and MultiAccount sync (5) test-batsandtest-allMakefile targets -- Run all BATS tests or combined vitest + BATS
Changed
settings.local.jsonconsolidated -- 49KB (480+ accumulated permissions) → ~1KB (wildcard patterns), 98% reduction per sessionCLAUDE_CODE_SUBAGENT_MODELenforced -- Set toclaude-sonnet-4-5insettings.json(was only documented, not applied)CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMSremoved -- No longer always-on; teams overhead eliminated when not using/team:*api-designeranddatabase-architectdowngraded --opus→sonnet,maxTurns: 8→6(~5x cost reduction per invocation)- INDEX.md trimmed -- 358 → 215 lines, removed redundant Claude Code changelog and duplicated skills list
- 4 rules files condensed --
04-solid-principles(17KB→1KB),05-kiss-dry-yagni(14KB→1KB),07-testing(11KB→1.3KB),11-security(10KB→1.6KB); full content preserved inreferences/base/ settings.json.templateupdated -- Now includesenvblock,PostCompacthook,SessionStart(compact), output filters for Bash/Grep, security hooks for Edit/Writesettings.local.json.templateupdated -- Consolidated wildcard permissions instead of empty file- CI pipeline --
publishnow requires bothbuildANDbatsjobs; i18n parity check added to build
Fixed
- RTK integrity hash --
install-rtk.shnow updates.rtk-hook.sha256after patching--ultra-compact - Version references -- 7.26.0 → 7.27.0 across all docs, guides, and configuration files
[7.26.0] - 2026-04-14
Added
- RTK setup command --
/common:setup-rtkconfigures all token optimizations in one step (RTK proxy, PostToolUse hooks, PreCompact hooks, sub-agent model) - PostToolUse output-filtering hooks -- Grep and Glob large output notices (>50KB) to guide context-efficient summarization
- Enriched context-essentials.md -- Architecture rules, stack detection, common test commands, active workflow state, key index pointers
Changed
- CLAUDE.md trimmed -- 221 → 173 lines (-22%): commands/agents/skills tables replaced with compact summaries
- Rules files condensed -- 4 largest rules reduced by 54% (2,510 → 1,152 lines), verbose examples moved to
references/base/ - 5 agents downgraded Opus → Sonnet -- devops-engineer, ui-designer, ux-ergonome, uiux-orchestrator, refactoring-specialist (cost reduction, no quality loss for their task profiles)
- maxTurns added to all 22 agents -- Reviewers: 6, Orchestrators: 10, Specialists: 8, Auditors: 4, Designers: 6 (prevents runaway sessions)
- Token savings -- estimated 55-65% reduction per session from combined optimizations
Fixed
- Version references -- 7.25.0 → 7.26.0 across CLAUDE.md, context-essentials.md, docs, and training materials
[7.25.0] - 2026-04-14
Added
- Claude Code v2.1.63-v2.1.105 compatibility -- 43 new versions documented with 12 feature sections
- Auto Mode documentation -- AI-powered permission classifier for Team plans (v2.1.94+)
- New slash commands -- /loop, /effort, /context, /powerup, /proactive, /color, /rename, /team-onboarding
- 8 new hook events -- PostCompact, StopFailure, TaskCreated, CwdChanged, FileChanged, PermissionDenied, Elicitation, ElicitationResult
- Hook enhancements -- conditional
iffield (v2.1.85),deferpermission (v2.1.89), PreCompact blocking (v2.1.105) - MCP enhancements -- Elicitation, Tool Search lazy loading (95% context reduction), result persistence (500K), OAuth RFC 9728
- Agent frontmatter -- effort, maxTurns, disallowedTools fields for custom agents (v2.1.78+)
- Security advisories -- 7 new CVE fixes documented (v2.1.97-v2.1.101), source code leak incident (v2.1.88)
- Subprocess sandboxing -- PID namespace isolation, CLAUDE_CODE_SUBPROCESS_ENV_SCRUB (v2.1.98+)
- Managed settings -- managed-settings.d/ drop-in directory for enterprise config (v2.1.83+)
- Context management updates -- /context suggestions, /effort levels, idle-return prompt, /loop scheduling, MCP Tool Search, --bare flag, Monitor tool
Changed
- Recommended Claude Code version -- 2.1.62 → 2.1.105 (minimum stays 2.1.47)
- Security minimum -- 2.1.51 → 2.1.97 (critical Bash tool hardening)
- SECURITY.md -- supported versions updated to 7.25.x/7.24.x
[7.24.0] - 2026-02-27
Added
- Claude Code v2.1.62 compatibility — Prompt suggestion cache regression fix
- CLAUDE.md authoring best practices — pointers over code copies, emphasis for critical rules, file placement hierarchy in context management rule
- Performance optimization guide — CLI tools over MCPs, model switching mid-session, PreToolUse output filtering in context management rule
- Communication patterns — Interview pattern, CIF structure, Writer/Reviewer pattern in context management rule
Changed
- Recommended Claude Code version — 2.1.61 → 2.1.62 (minimum stays 2.1.47)
- CVE-2026-21852 severity — "High" → 5.3/10 CVSS in MCP.md and security rule
- Agent Teams Guide — Added ~7x token cost warning, recommended version bumped to 2.1.62
- SECURITY.md — supported versions updated to 7.24.x/7.23.x
[7.23.0] - 2026-02-27
Added
- Claude Code v2.1.61 compatibility — Windows config file corruption fix for concurrent writes
- Native installer documentation — PREREQUISITES (EN, FR) updated:
npm install -gdeprecated, recommendcurl https://install.claude.com | bash - Context management best practices — compaction hints in CLAUDE.md, CLAUDE.local.md for personal preferences,
CLAUDE_CODE_SUBAGENT_MODELenv var, anti-patterns reference table - CVE severity scores — CVE-2025-59536 (8.7/10 CVSS) and CVE-2026-21852 severity added to MCP.md and security rule
Changed
- Recommended Claude Code version — 2.1.59 → 2.1.61 (minimum stays 2.1.47)
- Agent Teams Guide —
CLAUDE_CODE_SUBAGENT_MODELtip for cost optimization, recommended version bumped - SECURITY.md — supported versions updated to 7.23.x/7.22.x
[7.22.0] - 2026-02-27
Added
- Claude Code v2.1.48-v2.1.59 compatibility — ConfigChange/WorktreeCreate/WorktreeRemove hooks, remote-control, /memory, /copy, --worktree flag, Opus 4.6 1M context, Ctrl+F bulk agent kill
- Security CVE documentation — CVE-2025-59536 (hook command injection) and CVE-2026-21852 (path traversal) documented in HOOKS.md, MCP.md, and security rule
- Context management best practices — proactive /compact at 70%, PreCompact hooks, /memory command, multi-session strategy (55% token reduction)
Changed
- Recommended Claude Code version — 2.1.59 (minimum stays 2.1.47)
- Hook event count — 13 → 16 in HOOKS.md (added ConfigChange, WorktreeCreate, WorktreeRemove)
- Agent Teams pricing corrected — Opus $5/$25 (was $15/$75), Haiku $1/$5 (was $0.25/$1.25), Sonnet 4.5 → Sonnet 4.6
- SECURITY.md — supported versions updated to 7.22.x/7.21.x, minimum recommended version 2.1.38 → 2.1.51
[7.21.0] - 2026-02-20
Added
- Full infrastructure install support — all 8 infrastructure technologies (Docker, Coolify, Kubernetes, OpenTofu, Ansible, Hcloud, PgBouncer, FrankenPHP) now fully integrated in
install-from-config.shwith generalized infra handling andclaude-projects.shavailable techs list - Complete technology catalog in example —
claude-projects.yaml.exampleupdated with all 18 technologies organized by category (App/Infra/Other)
Fixed
- RTK multi-account profiles —
install-rtk.shnow respectsCLAUDE_CONFIG_DIRenvironment variable, enabling RTK hook installation per profile in multi-account setups
[7.20.0] - 2026-02-20
Added
- FrankenPHP infrastructure — 5 agents, 5 commands, install script, 5 languages
- PgBouncer infrastructure — 5 agents, 5 commands, install script, 5 languages
- Kubernetes infrastructure — 5 agents, 5 commands, install script, 5 languages
- OpenTofu infrastructure — 5 agents, 5 commands, install script, 5 languages
- Ansible infrastructure — 5 agents, 5 commands, install script, 5 languages
- Hcloud infrastructure — 5 agents, 5 commands, install script, 5 languages
- 12 project management commands —
/project:burndown,/project:checkpoint,/project:coverage-map,/project:critical-path,/project:dependencies,/project:gap-analysis,/project:generate-constitution,/project:metrics,/project:reverse-prd,/project:reverse-stories,/project:scan,/project:trace(5 languages each) - Spec alignment gate —
/gate:validate-alignmentcommand +spec-alignment-gate.yamlwith 85% threshold and 6 weighted criteria (5 languages) - Constitution template — project governance template
constitution.md(5 languages) - BMAD metrics —
.bmad/metrics/directory for sprint velocity and burndown tracking - RTK integration — Rust Token Killer install script, i18n, BATS tests, CLI registry,
/common:setup-rtkcommand. Reduces LLM token consumption by 60-90% - 10 reviewer agents v2.0 — all reviewers (Angular, Vue.js, Laravel, React Native, PHP, C#, Symfony, React, Python, Flutter) propagated to 5 languages with scoring /100 and decision trees
Changed
- Infrastructure expanded — from 2 stacks (Docker, Coolify) to 8 (+ Kubernetes, OpenTofu, Ansible, Hcloud, PgBouncer, FrankenPHP). Total tech stacks: 18
- BMAD gates updated —
prd-gate.yaml,sprint-ready-gate.yaml,story-gate.yamlenhanced with improved validation criteria - Project templates updated —
prd.md,tech-spec.md,user-story.mdimproved across 5 languages - Sprint next-story command — enhanced across 5 languages
- Training materials — updated to reflect 63 agents, 204 commands, 26 namespaces, 18 stacks
- Documentation — RTK added to INSTALLATION.md, CLI-REFERENCE.md, SCRIPTS-REFERENCE.md, FAQ.md, index.html
Fixed
- 4 failing test suites — fs mock and
process.exitCodeissues in installer, check, ralph, and interactive tests - Command counts corrected — propagated accurate counts across all documentation surfaces
- Coolify missing from index.html — added to landing page with correct i18n translations
- Context essentials stale — updated from 33/161/20 to 63/204/26 (agents/commands/namespaces)
[7.19.0] - 2026-02-19
Added
- Active hooks (dogfooding) —
.claude/settings.jsonwith 6 hooks: security-block (Bash), protect-files (Edit/Write), auto-format (prettier PostToolUse), context-reinject (SessionStart compact). The project now practices what it preaches: "Hooks = requirements" - Context essentials —
.claude/context-essentials.mdfor automatic context re-injection after compaction (version, structure, conventions, test commands) - New hook templates —
quality-gate.json(blocks git commit if tests fail) andblock-dangerous-commands.json(blocks rm -rf /, sudo, chmod 777) in.claude/templates/hooks/ - Agent validation tests — 3 new tests: all agents must have
model:field, Tier 1 reviewers must use sonnet, all reviewers must have scoring system (/100 or points) - CONTRIBUTING quick navigation — table at top linking to common contributor paths (add stack, improve reviewer, fix bug, add translations, write skill)
Changed
- 6 reviewer agents upgraded to v2.0 — angular, vuejs, laravel, reactnative, php, csharp reviewers rewritten with: model sonnet, scoring /100 in 4 categories, decision trees (CRITIQUE/MAJEUR/MINEUR), 5-phase audit methodology, structured report template, French language, tech-specific 2026 patterns
- csharp-reviewer now has frontmatter — was the only agent missing YAML frontmatter; now fully compliant with model: sonnet
- CONTRIBUTING /tmp/ paths fixed — all
/tmp/test-projectreferences replaced with./test-output/(project convention: no /tmp/ storage) - KNOWN_NO_FRONTMATTER emptied — removed csharp-reviewer.md from exclusion list in agent tests
[7.18.0] - 2026-02-19
Added
- Technology tier system — formalized 3-tier model (core/supported/community) in tech-registry with
tierfield andgetTechsByTier()helper. Tier 1 (core): Symfony, React, Python, Flutter. Tier 2 (supported): React Native, PHP. Tier 3 (community): C#, Angular, Laravel, Vue.js - Content validation tests — new
tests/content/suite validating agents (YAML frontmatter, required fields, model whitelist, skill references), commands (frontmatter, namespace consistency), and skills (SKILL.md + REFERENCE.md presence, format). Addedtest:contentscript - Skills publishing guide —
docs/SKILLS-PUBLISHING.mdwith distribution methods, publishing checklist, and attribution guidelines. StandaloneREADME.mdadded to 4 pilot skills (solid-principles, testing, security, git-workflow) - Technologies documentation —
docs/TECHNOLOGIES.mdwith tier breakdown, maturity criteria, and upgrade paths - Competitive analysis —
docs/COMPETITIVE-ANALYSIS.mdbenchmarking against cursor-rules-cli, 10xrules, awesome-cursorrules, and others
Changed
- Reviewer agents differentiated — 4 Tier 1 reviewers (React, Symfony, Python, Flutter) rewritten with deep tech-specific decision trees, unique scoring breakdowns, and tech-specific skills. Model upgraded from haiku to sonnet
- README simplified — 611 → 205 lines with progressive disclosure (install-first hero, key commands, doc links)
- QUICKSTART rewritten — restructured as a 10-minute journey with checkpoints and expected output at each step
- CONTRIBUTING updated — added Technology Tiers section with tier requirements table, upgrade guide, and community contribution template
- Skill frontmatter improved — broadened triggers and updated descriptions for solid-principles, testing, security, git-workflow
Fixed
- Broken symlink handling — skills test now uses
lstatSyncto skip broken symlinks (e.g.remotion-best-practices)
[7.17.1] - 2026-02-19
Changed
- README — updated What's New section for v7.17
[7.17.0] - 2026-02-19
Added
- LSP plugin documentation — documented Claude Code LSP plugins for all 10 technology stacks: PHP/Symfony/Laravel (Intelephense), Python (Pyright), React/Angular/Vue/RN (vtsls), Flutter (Dart analyzer), C#/.NET (csharp-ls). Added sections in tooling references, CLAUDE.md, INDEX.md, PREREQUISITES.md, MCP.md (LSP vs MCP comparison), and TECHNOLOGIES.md
[7.16.0] - 2026-02-19
Added
- Claude Code 2.1.46-2.1.47 compatibility — MCP connectors from claude.ai, macOS orphan process fix, VS Code Plan Preview auto-updates,
last_assistant_messagein Stop/SubagentStop hooks,added_dirsin statusline JSON,chat:newlinekeybinding for multi-line input - Performance improvements — ~500ms faster startup (deferred SessionStart hooks),
@file mention pre-warming and session caching, O(n²) memory fix for long sessions - Resume & navigation —
/renameupdates terminal tab title, resume picker shows 50 sessions (up from 10), Shift+Down wrapping for teammate navigation, custom/renametitles preserved - 45+ bug fixes — FileWriteTool trailing blank lines, Unicode curly quotes corruption (#26141), parallel write resilience, large sessions >16KB in /resume (#25721), Windows terminal rendering, background agents final response (#26012), agents/skills in git worktrees (#25816), plan mode after compaction (#26061), PDF compaction, CJK wide character alignment
Changed
- Minimum Claude Code version — bumped from 2.1.45 to 2.1.47
- README What's New — updated to v7.16 highlights
[7.15.0] - 2026-02-18
Added
- Context management rule — new
12-context-management.md(5 languages) covering Anthropic's #1 best practice: context window as THE critical resource,/clearusage, sub-agent delegation, verification loops (2-3x quality), Plan Mode guidance, token tracking thresholds - MCP & Plugin security — updated
11-security.md(6 files, 5 languages) with Snyk 2026 findings (76 malicious payloads in public MCP registries), vetting checklist, PreToolUse hook enforcement, CLAUDE.md vs Hooks distinction - Hook templates — 4 ready-to-use templates in
.claude/templates/hooks/: auto-format (PostToolUse), protect-files (PreToolUse), context-reinject (SessionStart compact), security-block (PreToolUse Bash) - Parallel worktrees skill — new
/parallel-worktreesskill documenting Boris Cherny's productivity pattern for concurrent Claude sessions (writer/reviewer workflow) - Best Practices section — CLAUDE.md updated with MCP Tool Search (46.9% context reduction), adaptive thinking guidance (low/medium/high/max), hooks enforcement references
- Context Management Best Practices — new section in COMMANDS.md with thresholds, hooks vs instructions comparison
Changed
- README What's New — updated to v7.14 highlights
- Skill count — 36 → 37 (added parallel-worktrees)
[7.14.0] - 2026-02-18
Added
- Documentation update — Plan Mode Classification section in COMMANDS.md, updated README What's New to v7.13, enriched training materials with Plan Mode guidance (MANDATORY/RECOMMENDED/CONDITIONAL), updated all training docs versions to 2.1.45/7.13.0
[7.13.0] - 2026-02-18
Added
- Claude Code 2.1.42-2.1.45 compatibility — resume title fix, structured outputs header, auth token refresh, plugin hot-reload/backup, memory improvements, spinnerTipsOverride, plugin directory config, Agent SDK rate limiting
- Claude Sonnet 4.6 support — new model (
claude-sonnet-4-6, $3/$15/M, 200K/1M context, near-Opus coding performance) - Plan Mode guidance — added Plan Mode sections to all 543 command files across 5 languages (en, fr, es, de, pt), classifying each command as MANDATORY (22 commands — code generation, implementation, QA), RECOMMENDED (6 commands — architecture decisions, design, planning), or CONDITIONAL (51 commands — analysis, audits, checks activated automatically based on scope)
Fixed
- Cost-estimator pricing — corrected Opus from $15/$75 (Opus 4.1) to $5/$25 (Opus 4.6), Haiku from $0.25/$1.25 (Haiku 3) to $1/$5 (Haiku 4.5)
Changed
- Minimum Claude Code version — bumped from 2.1.41 to 2.1.45
[7.12.0] - 2026-02-18
Added
- Playwright E2E tests — 119 tests covering all 89 pages (5 locales), landing page, navigation, search, accessibility (axe-core WCAG 2.1 AA), and 404 page
- CI E2E test job — Playwright runs between build and deploy in docs workflow, blocking deploy on test failure
Fixed
- Accessibility — added
<main>landmark,aria-labelon language selects and GitHub links,aria-hiddenon decorative SVGs, semantic<dl>for stats grid - Performance — removed unused Tailwind CDN and Lucide CDN scripts from landing page
- Responsive mobile layout — proper mobile styles for landing page grid and navigation
[7.11.0] - 2026-02-13
Added
- Agent Teams optimization — reduce token overhead from ~30% to ~15-20% via lean context loading (task-type-specific tokens per worker: audit=4K, sprint=5K, security=3.5K, delivery=5.5K) and adaptive coordination overhead (5% + 3.5%/worker replacing flat 15%)
- Fast Mode blocking guard — all 4 team commands display 6x cost comparison dashboard and require explicit confirmation before proceeding in Fast Mode
- Budget guard (
--max-cost) — abort team execution when estimated parallel cost exceeds user-specified dollar threshold - Structured spawn templates — rich TaskCreate context per worker type (project, tech, reference, checks, output schema) for higher quality first-pass results
- Context compaction mitigation — leader re-reads TaskList every 5 completions (bug #23620); delivery re-reads phase-handoff.yaml at Phase 2 start
- Per-task timeout baselines — 1.5x estimated duration per task type in ralph-teams-adapter (audit=135s, sprint=1350s, security=180s, delivery=1800s)
- Auto-size recommendation —
recommend_team_size()in cost-estimator for optimal worker count - Sub-agents vs Agent Teams decision matrix — comparison table and concrete examples in sub-agents-patterns.md
- 138 bats tests — cost-estimator (42), cost-dashboard (24), ralph-teams-adapter (27), compatibility-check (23), result-aggregator (22)
Changed
- Delivery Phase 1 Reviewer — model changed from sonnet to haiku (-15% Phase 1 cost)
- Polling cadence — standardized across all team commands (30s, backoff to 60s after 3 idle polls)
- Message verbosity — worker completion messages capped at <50 tokens across all team commands
- i18n — all changes mirrored across 5 languages (en, fr, es, de, pt) for 4 team commands
[7.10.2] - 2026-02-13
Changed
- Claude Code compatibility — document v2.1.39 and v2.1.41 features (nested session guard, auth CLI commands, Windows ARM64, /rename auto-generation, Agent Teams cloud provider fix, OTel fast mode tracing, @-mention anchor fix, Agent SDK & plan mode fixes); bump minimum version from 2.1.38 to 2.1.41
[7.10.1] - 2026-02-13
Fixed
- Status line locale bug — force
LC_NUMERIC=Cinstatusline.shfor locale-safe numeric formatting;printf "%.2f"failed on non-English locales (e.g. French) where the decimal separator is a comma, causing cost to display as$0,00instead of$0.50
[7.10.0] - 2026-02-13
Added
- Status Line v2.0 — fixed critical
settings.jsonformat ("type": "command"instead of"enabled"/"script"), nativecontext_window.used_percentage, single jq call (7→1), cross-platformstat, git cache (5s TTL), 13 element toggles, agent name, vim mode, burn rate, lines changed, progress bar styles (percentage/bar/both), compact/detailed modes,--version/--helpflags - 27 bats tests for status line (
Tools/StatusLine/tests/statusline.bats) test-statuslineMakefile target — runs status line tests via Docker
Changed
- Status line README — rewritten in English with full v2.0 documentation
statusline.conf.example— expanded with all new options (toggles, bar style, display mode, git cache TTL)- Docs — fixed
settings.jsonformat indocs/guides/{en,fr}/05-tools-reference.mdand06-troubleshooting.md
[7.9.0] - 2026-02-13
Added
- Multi-account
doctorcommand — checks profile permissions, .mode file, symlink validity, credentials JSON, shell aliases, and orphan alias detection --jsonflag — machine-readable JSON output forlistand--version, enabling scripting and pipeline integration- Standardized exit codes —
0(OK),1(error),2(usage),3(not found),4(missing dep) - Shell completions — bash and zsh tab-completion for commands and profile names (
completions/) .claude-profileper project —ccspreads this file for automatic profile switching by directoryCLAUDE_PROFILE_NAMEexport —ccsp()exports the active profile name for shell prompt integration (PS1, Starship)- 23 bats tests — comprehensive test suite for version, CRUD, exit codes, JSON output, doctor (
tests/claude-accounts.bats) - Makefile targets —
install-completions(bash/zsh) andtest-tools(bats via Docker) - 29 i18n keys across 5 languages (en/fr/es/de/pt) — doctor, permissions warning, backup, delete confirmation, JSON output
Changed
- Profile directory permissions —
chmod 0700enforced on creation (add,migrate) andensure_profiles_dir; warning displayed inlistif permissions are too open - Signal handling —
trap _cleanup EXITwith_TMP_FILEStracking for safe Ctrl+C cleanup - Profile validation —
validate_profile()guard added torunandauthCLI commands; returns exit code 3 for missing profiles - CLI
rmi18n — hardcoded English strings replaced with i18n keys (MSG_CONFIRM_DELETE,MSG_BACKUP_CREATED) - Interactive menu — doctor added as option 8, help moved to option 9
[7.8.0] - 2026-02-12
Added
- Coolify infrastructure technology — 4 agents (
@coolify-architect,@coolify-deployment,@coolify-debug,@coolify-monitoring), 5 commands (/coolify:setup,/coolify:deploy,/coolify:debug,/coolify:backup,/coolify:optimize), install script, full i18n (en/fr/es/de/pt) — 46 new files install-coolifyMakefile target — standalone Coolify installation;install-infranow installs both Docker and Coolify- Coolify in tech registry — CLI namespace, help text, and
INSTALLABLE_TECHSexclusion (infra, not dev tech)
Changed
- Counter updates — commands 155→160, agents 29→33, namespaces 19→20 across CLAUDE.md, README.md, docs/index.html (stats grid + i18n), COMMANDS.md, COMMANDS-FULL-REFERENCE.md, AGENTS.md
- README.md — added Coolify to AI Agents description
- docs/AGENTS.md — added Coolify/Infrastructure Agents section (4 agents)
[7.7.2] - 2026-02-12
Fixed
- Command count — reverted erroneous 156→155 (verified: 117 Dev + 33 Project + 5 Docker = 155)
- docs/index.html — 9 stale
v5.8.0version badges updated tov7.7.1; template count 23→21; checklist count 9→10 - README.md — "What's New" updated to v7.7; template count 33→21; checklist count 21→10
- docs/AGENTS.md — removed phantom BMAD agent section (39→29 actual); cleaned up ASC mode documentation
[7.7.1] - 2026-02-12
Fixed
- docs/index.html — copyright symbol
©rendered as literal text in i18n translations; replaced with Unicode©in all 5 JS translation strings (the i18n system usestextContentfor non-HTML strings)
[7.7.0] - 2026-02-12
Changed
- docs/index.html — fixed all outdated counters in presentation page: agents 40→29, commands 130+→155, skills 249→36, templates 25→23, checklists 21→9; updated feature cards and all 5 i18n translations (EN/FR/ES/DE/PT)
- README.md — "What's New" updated to v7.6 features; agent count 28→29; skills count 50→36
- CLAUDE.md — agent count 28→29 in header description
- docs/AGENTS.md — added note explaining Docker and Project agent bundling
- docs/FAQ.md — Node.js 18+→20+
- docs/PREREQUISITES.md — Claude Code minimum version 2.1.0→2.1.38
- docs/QUICKSTART.md — Node.js 18+→20+
- i18n docs — PREREQUISITES and QUICKSTART updated for DE/ES/FR/PT (Node.js 20+, Claude Code 2.1.38); FR FAQ Node.js 20+
Added
- .github/PULL_REQUEST_TEMPLATE.md — standardized PR template
[7.6.1] - 2026-02-12
Fixed
- CLI
updatecommand — argument order was wrong (script TARGET LANG --forceinstead ofscript --lang=LANG --force TARGET), causing all install scripts to reject the lang parameter - 2026 feature references copy — added same-directory guard in
install-tech-common.shto preventcperrors when source and destination resolve to the same path
[7.6.0] - 2026-02-12
Changed
- README.md — "What's New" updated to v7.5 features; fixed namespace count (20→19); added
/team:and/uiux:to Command Namespaces (17→19); Docker commands 4→5 - COMMANDS.md — added
/docker:optimizeto Docker detailed section (was in summary but missing from details) - CONTRIBUTING.md — Node.js 18+→20+; added shellcheck to prerequisites; added
lint:shellandlint:i18nto Running Tests - PREREQUISITES.md — Node.js 18→20 (lines 9 and 229)
- vitest.config.mjs — raised coverage thresholds from 80/85/70/80 to 90/90/90/90 (actual coverage: 96/93/96/96)
[7.5.0] - 2026-02-12
Added
- Doctor yq check —
doctorcommand now verifiesyqavailability (required for YAML config per PREREQUISITES.md) - CLI-REFERENCE.md — added
check,list,doctor,updatecommand sections with usage, options, and examples - 5 new doctor tests (yq OK/missing, unreadable scripts dir, empty i18n, non-executable scripts, real tryExec)
- 2 new update tests (skip when install script missing, all-scripts-fail path)
Changed
- README.md — "What's New" updated to v7.4 features (list/doctor/update, 20 namespaces, fs-utils)
- QUICKSTART.md — verification section now recommends
checkanddoctorcommands instead ofls -la - CLAUDE.md — fixed namespace count: "16+" → "19 namespaces"
- doctor.js — renumbered check comments (5→yq, 6→structure, 7→scripts, 8→i18n)
- Test count: 511 → 519 tests
- Coverage: doctor.js 86% → 96%, update.js 91% → 100%
[7.4.0] - 2026-02-12
Added
- CLI
listcommand — detailed listing of installed claude-craft components (npx @the-bearded-bear/claude-craft list [dir]) - CLI
doctorcommand — environment diagnostics & installation health check (npx @the-bearded-bear/claude-craft doctor [dir]) - CLI
updatecommand — re-run install scripts to refresh an existing installation (npx @the-bearded-bear/claude-craft update [dir] [--lang=XX] [--tech=NAME]) cli/lib/fs-utils.js— sharedcountFiles/listDirsutilities extracted from check.jscli/lib/list.js,cli/lib/doctor.js,cli/lib/update.js— new command modulestests/cli/list.test.mjs— 4 tests for list commandtests/cli/doctor.test.mjs— 8 tests for doctor commandtests/cli/update.test.mjs— 7 tests for update commandtests/cli/fs-utils.test.mjs— 6 tests for shared fs utilities- 2 detect-project tests for Python/Docker catch path coverage
- 4 index.js tests for flattenCodebase, constructor, detectProject, parseArgs delegation
Changed
- check.js: Refactored to import
countFiles/listDirsfromfs-utils.js(DRY) - help.js: Added 3 missing namespace entries (python, reactnative, php) — now 20 namespaces; added list, doctor, update to Commands section
- README.md: Removed phantom
/pm:and/arch:namespaces; replaced stale/common:recette*with/qa:* - index.js: Wired 3 new commands (list, doctor, update)
- Test count: 480 → 511 tests
[7.3.0] - 2026-02-12
Added
- CLI
checkcommand — verify claude-craft installation in a project directory (npx @the-bearded-bear/claude-craft check [dir]) cli/lib/check.js— new module: scans.claude/for commands, agents, references, skills with colorized summarytests/cli/check.test.mjs— 6 tests for check command (empty dir, full structure, partial, multi-namespace, tech detection)- 4 shell-ui integration tests for cross-directory sourcing (Infra/, Project/, tcl-common guard)
- 4 detect-project tests (unreadable dir, debug logging, all 10 techs, 2-tech complexity)
Changed
- install-from-config.sh: Sources
shell-ui.shinstead of defining local colors/logging;log_*/print_header/print_sectionare backward-compat aliases - install-infra-rules.sh: Sources
shell-ui.shinstead of defining local colors/logging;log_*are backward-compat aliases - install-project-commands.sh: Sources
shell-ui.sh; emoji echo replaced withui_box/ui_info/ui_success - check-prerequisites.sh: Sources
shell-ui.sh; header usesui_box, checks useui_check_ok/ui_check_fail/ui_check_warn - tcl-common.sh: Added shell-ui.sh guard — auto-sources when
ui_infonot already defined - help.js: Added
--version, -vto Options display; addedcheckto Commands list - README.md: Updated "What's New" to v7.3; removed stale
(v3.2+)suffix; fixed Migration Guide link (v3.0 → v7.0) - FAQ.md: Fixed stale
.claude/rules/00-project-context.mdpath →.claude/CLAUDE.md - Zero duplicate color/logging definitions across all install scripts
- Test count: 466 → 480 tests
[7.2.0] - 2026-02-12
Added
detect-project.js: Detection for 5 missing techs — Angular (@angular/core), Vue.js (vue), C#/.NET (.csproj/.sln), Laravel (laravel/framework), generic PHP (composer.json fallback)help.js: "Available Namespaces" section listing all 16 v7.0 namespaces with descriptionstests/cli/shell-ui.test.mjs— 16 tests verifying allui_*functions, color variables, and output formattests/cli/detect-project.test.mjs— expanded from 14 to 30 tests covering all 10 tech detections, malformed JSON, multi-tech, edge casestests/cli/help.test.mjs— expanded from 3 to 8 tests covering namespaces, options, examplestests/cli/tech-registry.test.mjs— 2 additional consistency tests (derived keys, displayName match)tests/cli/cli-class.test.mjs— readline lifecycle test
Changed
- constants.js:
TECHNOLOGIESnow derived fromtech-registry.jsSSOT (DRY consolidation) - detect-project.js: Refined Symfony detection to check for
symfony/packages; added Laravel/generic PHP distinction - install-tech-common.sh: Sources
shell-ui.shinstead of defining local colors/logging;log_*are backward-compat aliases - install-common-rules.sh: Sources
shell-ui.shinstead of defining local colors/logging;print_headerusesui_box - check-config.sh: Sources
shell-ui.shinstead of defining local colors;log_*delegate toui_check_*,print_headerusesui_header - Makefile
list-commands: Now includes Docker, Workflow, Team, QA, UIUX namespaces; checks both lang and base directories - Test count: 430+ → 466 tests
- Coverage: detect-project.js → 93%, help.js → 100%, constants.js → 100%
[7.1.0] - 2026-02-12
Added
cli/lib/tech-registry.js— Single Source of Truth for all 11 technology stacks (name, namespace, i18n dir, install script, version)Dev/scripts/lib/shell-ui.sh— Shared UI library for shell scripts (colors, logging, headers, progress indicators)tests/cli/installer-interactive.test.mjs— 10 tests for interactive install wizard (directory creation, language selection, tech selection, cancel flow)tests/cli/tech-registry.test.mjs— 11 consistency tests verifying registry matches constants.js, i18n directories, install scripts, and plugin.jsontests/scripts/install-dry-run.test.mjs— 6 integration tests for install dry-run (file counts, namespace validation, no-side-effects)- Ralph DoD failure modes and timeout documentation in
ralph-run.md
Changed
- README.md: Fixed skills count from 249 to 50 (actual unique skills)
- CONTRIBUTING.md: Added all 10 technologies to test loop (was missing csharp, reactnative, vuejs, laravel, php)
- vitest.config.mjs: Raised coverage thresholds — statements 75→80%, branches 80→85%, functions 65→70%, lines 75→80%
- CLAUDE.md.template: Updated to v7.0 structure —
rules/→references/,commands/now namespaced - check-config.sh: Refactored from 5 hardcoded check functions to data-driven
TECH_REGISTRYarray supporting all 10 technologies - plugin.json: Version bump from 6.2.0 to 7.1.0
- cli-class.test.mjs: Added 5 tests for language, tech, path options and flatten command
- Test count: 393 → 430+ tests
- Coverage: statements 81% → 92%+, installer.js 51% → 97%
Older Versions
For changelog entries before v7.0.0 (2026-02-12), see docs/CHANGELOG-archive.md.