Merge pull request 'feat: Command consolidation + 8 new plugins (v8.1.0 → v9.0.0)' (#445 ) from feat/phase-1b-command-consolidation into development

Reviewed-on: #445
feat(marketplace): command consolidation + 8 new plugins (v8.1.0 → v9.0.0) [BREAKING]
2026-02-06 20:02:12 +00:00 · 2026-02-06 14:52:11 -05:00 · 2026-02-06 17:31:18 +00:00 · 2026-02-06 12:28:06 -05:00 · 2026-02-06 11:50:21 -05:00 · 2026-02-05 02:39:33 +00:00
524 changed files with 32946 additions and 12274 deletions
--- a/.claude-plugin/marketplace-full.json
+++ b/.claude-plugin/marketplace-full.json
@@ -0,0 +1,205 @@
+{
+  "name": "leo-claude-mktplace",
+  "owner": {
+    "name": "Leo Miranda",
+    "email": "leobmiranda@gmail.com"
+  },
+  "metadata": {
+    "description": "Project management plugins with Gitea and NetBox integrations",
+    "version": "7.1.0"
+  },
+  "plugins": [
+    {
+      "name": "projman",
+      "version": "7.1.0",
+      "description": "Sprint planning and project management with Gitea integration",
+      "source": "./plugins/projman",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["sprint", "agile", "gitea", "project-management"],
+      "license": "MIT"
+    },
+    {
+      "name": "doc-guardian",
+      "version": "7.1.0",
+      "description": "Automatic documentation drift detection and synchronization",
+      "source": "./plugins/doc-guardian",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/doc-guardian/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["documentation", "drift-detection", "sync"],
+      "license": "MIT"
+    },
+    {
+      "name": "code-sentinel",
+      "version": "7.1.0",
+      "description": "Security scanning and code refactoring tools",
+      "source": "./plugins/code-sentinel",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "security",
+      "tags": ["security-scan", "refactoring", "vulnerabilities"],
+      "license": "MIT"
+    },
+    {
+      "name": "project-hygiene",
+      "version": "7.1.0",
+      "description": "Post-task cleanup hook that removes temp files and manages orphaned files",
+      "source": "./plugins/project-hygiene",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/project-hygiene/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["cleanup", "automation", "hygiene"],
+      "license": "MIT"
+    },
+    {
+      "name": "cmdb-assistant",
+      "version": "7.1.0",
+      "description": "NetBox CMDB integration with data quality validation and machine registration",
+      "source": "./plugins/cmdb-assistant",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/cmdb-assistant/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "infrastructure",
+      "tags": ["cmdb", "netbox", "dcim", "ipam", "data-quality", "validation"],
+      "license": "MIT"
+    },
+    {
+      "name": "claude-config-maintainer",
+      "version": "7.1.0",
+      "description": "CLAUDE.md and settings.local.json optimization for Claude Code projects",
+      "source": "./plugins/claude-config-maintainer",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/claude-config-maintainer/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["claude-md", "configuration", "optimization"],
+      "license": "MIT"
+    },
+    {
+      "name": "clarity-assist",
+      "version": "7.1.0",
+      "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
+      "source": "./plugins/clarity-assist",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["prompts", "requirements", "clarification", "nd-friendly"],
+      "license": "MIT"
+    },
+    {
+      "name": "git-flow",
+      "version": "7.1.0",
+      "description": "Git workflow automation with intelligent commit messages and branch management",
+      "source": "./plugins/git-flow",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["git", "workflow", "commits", "branching"],
+      "license": "MIT"
+    },
+    {
+      "name": "pr-review",
+      "version": "7.1.0",
+      "description": "Multi-agent pull request review with confidence scoring and actionable feedback",
+      "source": "./plugins/pr-review",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["code-review", "pull-requests", "security", "quality"],
+      "license": "MIT"
+    },
+    {
+      "name": "data-platform",
+      "version": "7.1.0",
+      "description": "Data engineering tools with pandas, PostgreSQL/PostGIS, and dbt integration",
+      "source": "./plugins/data-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "data",
+      "tags": ["pandas", "postgresql", "postgis", "dbt", "data-engineering", "etl"],
+      "license": "MIT"
+    },
+    {
+      "name": "viz-platform",
+      "version": "7.1.0",
+      "description": "Visualization tools with Dash Mantine Components validation, Plotly charts, and theming",
+      "source": "./plugins/viz-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/viz-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "visualization",
+      "tags": ["dash", "plotly", "mantine", "charts", "dashboards", "theming", "dmc"],
+      "license": "MIT"
+    },
+    {
+      "name": "contract-validator",
+      "version": "7.1.0",
+      "description": "Cross-plugin compatibility validation and Claude.md agent verification",
+      "source": "./plugins/contract-validator",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/contract-validator/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["validation", "contracts", "compatibility", "agents", "interfaces", "cross-plugin"],
+      "license": "MIT"
+    }
+  ]
+}
--- a/.claude-plugin/marketplace-lean.json
+++ b/.claude-plugin/marketplace-lean.json
@@ -0,0 +1,109 @@
+{
+  "name": "leo-claude-mktplace",
+  "owner": {
+    "name": "Leo Miranda",
+    "email": "leobmiranda@gmail.com"
+  },
+  "metadata": {
+    "description": "Project management plugins with Gitea and NetBox integrations",
+    "version": "7.1.0"
+  },
+  "plugins": [
+    {
+      "name": "projman",
+      "version": "7.1.0",
+      "description": "Sprint planning and project management with Gitea integration",
+      "source": "./plugins/projman",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["sprint", "agile", "gitea", "project-management"],
+      "license": "MIT"
+    },
+    {
+      "name": "git-flow",
+      "version": "7.1.0",
+      "description": "Git workflow automation with intelligent commit messages and branch management",
+      "source": "./plugins/git-flow",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["git", "workflow", "commits", "branching"],
+      "license": "MIT"
+    },
+    {
+      "name": "pr-review",
+      "version": "7.1.0",
+      "description": "Multi-agent pull request review with confidence scoring and actionable feedback",
+      "source": "./plugins/pr-review",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["code-review", "pull-requests", "security", "quality"],
+      "license": "MIT"
+    },
+    {
+      "name": "clarity-assist",
+      "version": "7.1.0",
+      "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
+      "source": "./plugins/clarity-assist",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["prompts", "requirements", "clarification", "nd-friendly"],
+      "license": "MIT"
+    },
+    {
+      "name": "code-sentinel",
+      "version": "7.1.0",
+      "description": "Security scanning and code refactoring tools",
+      "source": "./plugins/code-sentinel",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "security",
+      "tags": ["security-scan", "refactoring", "vulnerabilities"],
+      "license": "MIT"
+    },
+    {
+      "name": "doc-guardian",
+      "version": "7.1.0",
+      "description": "Automatic documentation drift detection and synchronization",
+      "source": "./plugins/doc-guardian",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/doc-guardian/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["documentation", "drift-detection", "sync"],
+      "license": "MIT"
+    }
+  ]
+}
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -6,12 +6,12 @@
  },
  "metadata": {
    "description": "Project management plugins with Gitea and NetBox integrations",
-    "version": "5.4.0"
+    "version": "9.0.0"
  },
  "plugins": [
    {
      "name": "projman",
-      "version": "3.3.0",
+      "version": "7.1.0",
      "description": "Sprint planning and project management with Gitea integration",
      "source": "./plugins/projman",
      "author": {
@@ -21,12 +21,18 @@
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
      "category": "development",
-      "tags": ["sprint", "agile", "gitea", "project-management"],
-      "license": "MIT"
+      "tags": [
+        "sprint",
+        "agile",
+        "gitea",
+        "project-management"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "doc-guardian",
-      "version": "1.1.0",
+      "version": "7.1.0",
      "description": "Automatic documentation drift detection and synchronization",
      "source": "./plugins/doc-guardian",
      "author": {
@@ -35,14 +41,18 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/doc-guardian/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "productivity",
-      "tags": ["documentation", "drift-detection", "sync"],
-      "license": "MIT"
+      "tags": [
+        "documentation",
+        "drift-detection",
+        "sync"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "code-sentinel",
-      "version": "1.0.0",
+      "version": "7.1.0",
      "description": "Security scanning and code refactoring tools",
      "source": "./plugins/code-sentinel",
      "author": {
@@ -51,14 +61,21 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "security",
-      "tags": ["security-scan", "refactoring", "vulnerabilities"],
-      "license": "MIT"
+      "tags": [
+        "security-scan",
+        "refactoring",
+        "vulnerabilities"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "project-hygiene",
-      "version": "0.1.0",
+      "version": "7.1.0",
      "description": "Post-task cleanup hook that removes temp files and manages orphaned files",
      "source": "./plugins/project-hygiene",
      "author": {
@@ -67,14 +84,18 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/project-hygiene/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "productivity",
-      "tags": ["cleanup", "automation", "hygiene"],
-      "license": "MIT"
+      "tags": [
+        "cleanup",
+        "automation",
+        "hygiene"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "cmdb-assistant",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "NetBox CMDB integration with data quality validation and machine registration",
      "source": "./plugins/cmdb-assistant",
      "author": {
@@ -83,14 +104,25 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/cmdb-assistant/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "infrastructure",
-      "tags": ["cmdb", "netbox", "dcim", "ipam", "data-quality", "validation"],
-      "license": "MIT"
+      "tags": [
+        "cmdb",
+        "netbox",
+        "dcim",
+        "ipam",
+        "data-quality",
+        "validation"
+      ],
+      "license": "MIT",
+      "domain": "ops"
    },
    {
      "name": "claude-config-maintainer",
-      "version": "1.1.0",
-      "description": "CLAUDE.md optimization and maintenance for Claude Code projects",
+      "version": "7.1.0",
+      "description": "CLAUDE.md and settings.local.json optimization for Claude Code projects",
      "source": "./plugins/claude-config-maintainer",
      "author": {
        "name": "Leo Miranda",
@@ -99,12 +131,17 @@
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/claude-config-maintainer/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
      "category": "development",
-      "tags": ["claude-md", "configuration", "optimization"],
-      "license": "MIT"
+      "tags": [
+        "claude-md",
+        "configuration",
+        "optimization"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "clarity-assist",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
      "source": "./plugins/clarity-assist",
      "author": {
@@ -113,13 +150,22 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "productivity",
-      "tags": ["prompts", "requirements", "clarification", "nd-friendly"],
-      "license": "MIT"
+      "tags": [
+        "prompts",
+        "requirements",
+        "clarification",
+        "nd-friendly"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "git-flow",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Git workflow automation with intelligent commit messages and branch management",
      "source": "./plugins/git-flow",
      "author": {
@@ -128,13 +174,22 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "development",
-      "tags": ["git", "workflow", "commits", "branching"],
-      "license": "MIT"
+      "tags": [
+        "git",
+        "workflow",
+        "commits",
+        "branching"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "pr-review",
-      "version": "1.1.0",
+      "version": "7.1.0",
      "description": "Multi-agent pull request review with confidence scoring and actionable feedback",
      "source": "./plugins/pr-review",
      "author": {
@@ -144,12 +199,18 @@
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
      "category": "development",
-      "tags": ["code-review", "pull-requests", "security", "quality"],
-      "license": "MIT"
+      "tags": [
+        "code-review",
+        "pull-requests",
+        "security",
+        "quality"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "data-platform",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Data engineering tools with pandas, PostgreSQL/PostGIS, and dbt integration",
      "source": "./plugins/data-platform",
      "author": {
@@ -159,12 +220,20 @@
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-platform/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
      "category": "data",
-      "tags": ["pandas", "postgresql", "postgis", "dbt", "data-engineering", "etl"],
-      "license": "MIT"
+      "tags": [
+        "pandas",
+        "postgresql",
+        "postgis",
+        "dbt",
+        "data-engineering",
+        "etl"
+      ],
+      "license": "MIT",
+      "domain": "data"
    },
    {
      "name": "viz-platform",
-      "version": "1.1.0",
+      "version": "7.1.0",
      "description": "Visualization tools with Dash Mantine Components validation, Plotly charts, and theming",
      "source": "./plugins/viz-platform",
      "author": {
@@ -174,12 +243,21 @@
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/viz-platform/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
      "category": "visualization",
-      "tags": ["dash", "plotly", "mantine", "charts", "dashboards", "theming", "dmc"],
-      "license": "MIT"
+      "tags": [
+        "dash",
+        "plotly",
+        "mantine",
+        "charts",
+        "dashboards",
+        "theming",
+        "dmc"
+      ],
+      "license": "MIT",
+      "domain": "data"
    },
    {
      "name": "contract-validator",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Cross-plugin compatibility validation and Claude.md agent verification",
      "source": "./plugins/contract-validator",
      "author": {
@@ -189,8 +267,196 @@
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/contract-validator/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
      "category": "development",
-      "tags": ["validation", "contracts", "compatibility", "agents", "interfaces", "cross-plugin"],
-      "license": "MIT"
+      "tags": [
+        "validation",
+        "contracts",
+        "compatibility",
+        "agents",
+        "interfaces",
+        "cross-plugin"
+      ],
+      "license": "MIT",
+      "domain": "core"
+    },
+    {
+      "name": "saas-api-platform",
+      "version": "0.1.0",
+      "description": "REST and GraphQL API scaffolding for FastAPI and Express projects",
+      "source": "./plugins/saas-api-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-api-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "api",
+        "rest",
+        "graphql",
+        "fastapi",
+        "express",
+        "openapi"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "saas-db-migrate",
+      "version": "0.1.0",
+      "description": "Database migration management for Alembic, Prisma, and raw SQL",
+      "source": "./plugins/saas-db-migrate",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-db-migrate/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "database",
+        "migrations",
+        "alembic",
+        "prisma",
+        "sql",
+        "schema"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "saas-react-platform",
+      "version": "0.1.0",
+      "description": "React frontend development toolkit for Next.js and Vite projects",
+      "source": "./plugins/saas-react-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-react-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "react",
+        "nextjs",
+        "vite",
+        "typescript",
+        "frontend",
+        "components"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "saas-test-pilot",
+      "version": "0.1.0",
+      "description": "Test automation toolkit for pytest, Jest, Vitest, and Playwright",
+      "source": "./plugins/saas-test-pilot",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-test-pilot/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "testing",
+        "pytest",
+        "jest",
+        "vitest",
+        "playwright",
+        "coverage"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "data-seed",
+      "version": "0.1.0",
+      "description": "Test data generation and database seeding with relationship-aware profiles",
+      "source": "./plugins/data-seed",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-seed/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "data",
+      "tags": [
+        "seed-data",
+        "test-data",
+        "faker",
+        "fixtures",
+        "database"
+      ],
+      "license": "MIT",
+      "domain": "data"
+    },
+    {
+      "name": "ops-release-manager",
+      "version": "0.1.0",
+      "description": "Release management with semantic versioning, changelogs, and tag automation",
+      "source": "./plugins/ops-release-manager",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/ops-release-manager/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "release",
+        "semver",
+        "changelog",
+        "versioning",
+        "tags"
+      ],
+      "license": "MIT",
+      "domain": "ops"
+    },
+    {
+      "name": "ops-deploy-pipeline",
+      "version": "0.1.0",
+      "description": "CI/CD deployment pipeline management for Docker Compose and systemd services",
+      "source": "./plugins/ops-deploy-pipeline",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/ops-deploy-pipeline/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "infrastructure",
+      "tags": [
+        "deploy",
+        "docker-compose",
+        "systemd",
+        "caddy",
+        "cicd"
+      ],
+      "license": "MIT",
+      "domain": "ops"
+    },
+    {
+      "name": "debug-mcp",
+      "version": "0.1.0",
+      "description": "MCP server debugging, inspection, and development toolkit",
+      "source": "./plugins/debug-mcp",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/debug-mcp/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "mcp",
+        "debugging",
+        "diagnostics",
+        "server",
+        "development"
+      ],
+      "license": "MIT",
+      "domain": "debug"
    }
  ]
 }
--- a/.claude/backups/CLAUDE.md.2026-01-22_132037
+++ b/.claude/backups/CLAUDE.md.2026-01-22_132037
@@ -0,0 +1,249 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code when working with code in this repository.
+
+## Project Overview
+
+**Repository:** leo-claude-mktplace
+**Version:** 3.0.1
+**Status:** Production Ready
+
+A plugin marketplace for Claude Code containing:
+
+| Plugin | Description | Version |
+|--------|-------------|---------|
+| `projman` | Sprint planning and project management with Gitea integration | 3.0.0 |
+| `git-flow` | Git workflow automation with smart commits and branch management | 1.0.0 |
+| `pr-review` | Multi-agent PR review with confidence scoring | 1.0.0 |
+| `clarity-assist` | Prompt optimization with ND-friendly accommodations | 1.0.0 |
+| `doc-guardian` | Automatic documentation drift detection and synchronization | 1.0.0 |
+| `code-sentinel` | Security scanning and code refactoring tools | 1.0.0 |
+| `claude-config-maintainer` | CLAUDE.md optimization and maintenance | 1.0.0 |
+| `cmdb-assistant` | NetBox CMDB integration for infrastructure management | 1.0.0 |
+| `project-hygiene` | Post-task cleanup automation via hooks | 0.1.0 |
+
+## Quick Start
+
+```bash
+# Validate marketplace compliance
+./scripts/validate-marketplace.sh
+
+# Setup commands (in a target project with plugin installed)
+/initial-setup    # First time: full setup wizard
+/project-init     # New project: quick config
+/project-sync     # After repo move: sync config
+
+# Run projman commands
+/sprint-plan      # Start sprint planning
+/sprint-status    # Check progress
+/review           # Pre-close code quality review
+/test-check       # Verify tests before close
+/sprint-close     # Complete sprint
+```
+
+## Repository Structure
+
+```
+leo-claude-mktplace/
+├── .claude-plugin/
+│   └── marketplace.json          # Marketplace manifest
+├── mcp-servers/                  # SHARED MCP servers (v3.0.0+)
+│   ├── gitea/                    # Gitea MCP (issues, PRs, wiki)
+│   └── netbox/                   # NetBox MCP (CMDB)
+├── plugins/
+│   ├── projman/                  # Sprint management
+│   │   ├── .claude-plugin/plugin.json
+│   │   ├── .mcp.json
+│   │   ├── mcp-servers/gitea -> ../../../mcp-servers/gitea  # SYMLINK
+│   │   ├── commands/             # 12 commands (incl. setup)
+│   │   ├── hooks/                # SessionStart mismatch detection
+│   │   ├── agents/               # 4 agents
+│   │   └── skills/label-taxonomy/
+│   ├── git-flow/                 # Git workflow automation
+│   │   ├── .claude-plugin/plugin.json
+│   │   ├── commands/             # 8 commands
+│   │   └── agents/
+│   ├── pr-review/                # Multi-agent PR review
+│   │   ├── .claude-plugin/plugin.json
+│   │   ├── .mcp.json
+│   │   ├── mcp-servers/gitea -> ../../../mcp-servers/gitea  # SYMLINK
+│   │   ├── commands/             # 6 commands (incl. setup)
+│   │   ├── hooks/                # SessionStart mismatch detection
+│   │   └── agents/               # 5 agents
+│   ├── clarity-assist/           # Prompt optimization (NEW v3.0.0)
+│   │   ├── .claude-plugin/plugin.json
+│   │   ├── commands/             # 2 commands
+│   │   └── agents/
+│   ├── doc-guardian/             # Documentation drift detection
+│   ├── code-sentinel/            # Security scanning & refactoring
+│   ├── claude-config-maintainer/
+│   ├── cmdb-assistant/
+│   └── project-hygiene/
+├── scripts/
+│   ├── setup.sh, post-update.sh
+│   └── validate-marketplace.sh   # Marketplace compliance validation
+└── docs/
+    ├── CANONICAL-PATHS.md        # Single source of truth for paths
+    └── CONFIGURATION.md          # Centralized configuration guide
+```
+
+## CRITICAL: Rules You MUST Follow
+
+### File Operations
+- **NEVER** create files in repository root unless listed in "Allowed Root Files"
+- **NEVER** modify `.gitignore` without explicit permission
+- **ALWAYS** use `.scratch/` for temporary/exploratory work
+- **ALWAYS** verify paths against `docs/CANONICAL-PATHS.md` before creating files
+
+### Plugin Development
+- **plugin.json MUST be in `.claude-plugin/` directory** (not plugin root)
+- **Every plugin MUST be listed in marketplace.json**
+- **MCP servers are SHARED at root** with symlinks from plugins
+- **MCP server venv path**: `${CLAUDE_PLUGIN_ROOT}/mcp-servers/{name}/.venv/bin/python`
+- **CLI tools forbidden** - Use MCP tools exclusively (never `tea`, `gh`, etc.)
+
+### Hooks (Valid Events Only)
+`PreToolUse`, `PostToolUse`, `UserPromptSubmit`, `SessionStart`, `SessionEnd`, `Notification`, `Stop`, `SubagentStop`, `PreCompact`
+
+**INVALID:** `task-completed`, `file-changed`, `git-commit-msg-needed`
+
+### Allowed Root Files
+`CLAUDE.md`, `README.md`, `LICENSE`, `CHANGELOG.md`, `.gitignore`, `.env.example`
+
+### Allowed Root Directories
+`.claude/`, `.claude-plugin/`, `.claude-plugins/`, `.scratch/`, `docs/`, `hooks/`, `mcp-servers/`, `plugins/`, `scripts/`
+
+## Architecture
+
+### Four-Agent Model (projman)
+
+| Agent | Personality | Responsibilities |
+|-------|-------------|------------------|
+| **Planner** | Thoughtful, methodical | Sprint planning, architecture analysis, issue creation, lesson search |
+| **Orchestrator** | Concise, action-oriented | Sprint execution, parallel batching, Git operations, lesson capture |
+| **Executor** | Implementation-focused | Code implementation, branch management, MR creation |
+| **Code Reviewer** | Thorough, practical | Pre-close quality review, security scan, test verification |
+
+### MCP Server Tools (Gitea)
+
+| Category | Tools |
+|----------|-------|
+| Issues | `list_issues`, `get_issue`, `create_issue`, `update_issue`, `add_comment` |
+| Labels | `get_labels`, `suggest_labels`, `create_label` |
+| Milestones | `list_milestones`, `get_milestone`, `create_milestone`, `update_milestone` |
+| Dependencies | `list_issue_dependencies`, `create_issue_dependency`, `get_execution_order` |
+| Wiki | `list_wiki_pages`, `get_wiki_page`, `create_wiki_page`, `create_lesson`, `search_lessons` |
+| **Pull Requests** | `list_pull_requests`, `get_pull_request`, `get_pr_diff`, `get_pr_comments`, `create_pr_review`, `add_pr_comment` *(NEW v3.0.0)* |
+| Validation | `validate_repo_org`, `get_branch_protection` |
+
+### Hybrid Configuration
+
+| Level | Location | Purpose |
+|-------|----------|---------|
+| System | `~/.config/claude/gitea.env` | Credentials (GITEA_API_URL, GITEA_API_TOKEN) |
+| Project | `.env` in project root | Repository specification (GITEA_ORG, GITEA_REPO) |
+
+**Note:** `GITEA_ORG` is at project level since different projects may belong to different organizations.
+
+### Branch-Aware Security
+
+| Branch Pattern | Mode | Capabilities |
+|----------------|------|--------------|
+| `development`, `feat/*` | Development | Full access |
+| `staging` | Staging | Read-only code, can create issues |
+| `main`, `master` | Production | Read-only, emergency only |
+
+## Label Taxonomy
+
+43 labels total: 27 organization + 16 repository
+
+**Organization:** Agent/2, Complexity/3, Efforts/5, Priority/4, Risk/3, Source/4, Type/6
+**Repository:** Component/9, Tech/7
+
+Sync with `/labels-sync` command.
+
+## Lessons Learned System
+
+Stored in Gitea Wiki under `lessons-learned/sprints/`.
+
+**Workflow:**
+1. Orchestrator captures at sprint close via MCP tools
+2. Planner searches at sprint start using `search_lessons`
+3. Tags enable cross-project discovery
+
+## Common Operations
+
+### Adding a New Plugin
+
+1. Create `plugins/{name}/.claude-plugin/plugin.json`
+2. Add entry to `.claude-plugin/marketplace.json` with category, tags, license
+3. Create `README.md` and `claude-md-integration.md`
+4. If using MCP server, create symlink: `ln -s ../../../mcp-servers/{server} plugins/{name}/mcp-servers/{server}`
+5. Run `./scripts/validate-marketplace.sh`
+6. Update `CHANGELOG.md`
+
+### Adding a Command to projman
+
+1. Create `plugins/projman/commands/{name}.md`
+2. Update `plugins/projman/README.md`
+3. Update marketplace description if significant
+
+### Validation
+
+```bash
+./scripts/validate-marketplace.sh  # Validates all manifests
+```
+
+## Path Verification Protocol
+
+**Before creating any file:**
+
+1. Read `docs/CANONICAL-PATHS.md`
+2. List all paths to be created/modified
+3. Verify each against canonical paths
+4. If not in canonical paths, STOP and ask
+
+## Documentation Index
+
+| Document | Purpose |
+|----------|---------|
+| `docs/CANONICAL-PATHS.md` | **Single source of truth** for paths |
+| `docs/COMMANDS-CHEATSHEET.md` | All commands quick reference with workflow examples |
+| `docs/CONFIGURATION.md` | Centralized setup guide |
+| `docs/UPDATING.md` | Update guide for the marketplace |
+| `plugins/projman/CONFIGURATION.md` | Quick reference (links to central) |
+| `plugins/projman/README.md` | Projman full documentation |
+
+## Versioning and Changelog Rules
+
+### Version Display
+**The marketplace version is displayed ONLY in the main `README.md` title.**
+
+- Format: `# Leo Claude Marketplace - vX.Y.Z`
+- Do NOT add version numbers to individual plugin documentation titles
+- Do NOT add version numbers to configuration guides
+- Do NOT add version numbers to CLAUDE.md or other docs
+
+### Changelog Maintenance (MANDATORY)
+**`CHANGELOG.md` is the authoritative source for version history.**
+
+When releasing a new version:
+1. Update main `README.md` title with new version
+2. Update `CHANGELOG.md` with:
+   - Version number and date: `## [X.Y.Z] - YYYY-MM-DD`
+   - **Added**: New features, commands, files
+   - **Changed**: Modifications to existing functionality
+   - **Fixed**: Bug fixes
+   - **Removed**: Deleted features, files, deprecated items
+3. Update `marketplace.json` metadata version
+4. Update plugin `plugin.json` versions if plugin-specific changes
+
+### Version Format
+- Follow [Semantic Versioning](https://semver.org/): MAJOR.MINOR.PATCH
+- MAJOR: Breaking changes
+- MINOR: New features, backward compatible
+- PATCH: Bug fixes, minor improvements
+
+---
+
+**Last Updated:** 2026-01-20
--- a/.doc-guardian-queue
+++ b/.doc-guardian-queue
@@ -0,0 +1,66 @@
+# Doc Guardian Queue - cleared after sync on 2026-02-02
+2026-02-02T11:41:00 | .claude-plugin | /home/lmiranda/claude-plugins-work/.claude-plugin/marketplace.json | CLAUDE.md .claude-plugin/marketplace.json
+2026-02-02T13:35:48 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/sprint-approval.md | README.md
+2026-02-02T13:36:03 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/sprint-start.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:36:16 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/orchestrator.md | README.md CLAUDE.md
+2026-02-02T13:39:07 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/rfc.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:39:15 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:39:32 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/rfc-workflow.md | README.md
+2026-02-02T13:43:14 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/rfc-templates.md | README.md
+2026-02-02T13:44:55 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/sprint-lifecycle.md | README.md
+2026-02-02T13:45:04 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/label-taxonomy/labels-reference.md | README.md
+2026-02-02T13:45:14 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/sprint-plan.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:45:48 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:46:07 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/sprint-close.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:46:21 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/sprint-status.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:46:38 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/planner.md | README.md CLAUDE.md
+2026-02-02T13:46:57 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/code-reviewer.md | README.md CLAUDE.md
+2026-02-02T13:49:13 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/design-gate.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:49:24 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-gate.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-02T13:49:35 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/domain-consultation.md | README.md
+2026-02-02T13:50:04 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/validation_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-02T13:50:59 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/server.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-02T13:51:32 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/tests/test_validation_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-02T13:51:49 | skills | /home/lmiranda/claude-plugins-work/plugins/contract-validator/skills/validation-rules.md | README.md
+2026-02-02T13:52:07 | skills | /home/lmiranda/claude-plugins-work/plugins/contract-validator/skills/mcp-tools-reference.md | README.md
+2026-02-02T13:59:09 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/progress-tracking.md | README.md
+2026-02-02T14:01:34 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/test.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:38 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:39 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit-push.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:40 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit-merge.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:41 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit-sync.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:49 | commands | /home/lmiranda/claude-plugins-work/plugins/cmdb-assistant/commands/cmdb-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:50 | commands | /home/lmiranda/claude-plugins-work/plugins/pr-review/commands/project-init.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:51 | skills | /home/lmiranda/claude-plugins-work/plugins/cmdb-assistant/skills/visual-header.md | README.md
+2026-02-03T21:08:51 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:53 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-test.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:54 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/review-checklist.md | README.md
+2026-02-03T21:08:55 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/visual-output.md | README.md
+2026-02-03T21:08:58 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/setup-workflows.md | README.md
+2026-02-03T21:08:59 | skills | /home/lmiranda/claude-plugins-work/plugins/git-flow/skills/sync-workflow.md | README.md
+2026-02-03T21:09:00 | skills | /home/lmiranda/claude-plugins-work/plugins/git-flow/skills/commit-conventions.md | README.md
+2026-02-03T21:09:00 | skills | /home/lmiranda/claude-plugins-work/plugins/git-flow/skills/merge-workflow.md | README.md
+2026-02-03T21:09:08 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:08 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:10 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-run.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:10 | commands | /home/lmiranda/claude-plugins-work/plugins/contract-validator/commands/cv-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:11 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-debug.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:13 | agents | /home/lmiranda/claude-plugins-work/plugins/contract-validator/agents/full-validation.md | README.md CLAUDE.md
+2026-02-03T21:09:14 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-ingest.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:18 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-profile.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:18 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:20 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-schema.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:20 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-theme.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:23 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-theme-new.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:24 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-explain.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:26 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-lineage.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:26 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-theme-css.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:29 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-chart.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:32 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-chart-export.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:33 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:35 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-dashboard.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:38 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-component.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:40 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-breakpoints.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:46 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/design-review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:10:22 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/accessibility-check.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-04T21:32:01 | .claude-plugin | /home/lmiranda/claude-plugins-work/.claude-plugin/marketplace-lean.json | CLAUDE.md .claude-plugin/marketplace.json
--- a/.env
+++ b/.env
@@ -0,0 +1 @@
+GITEA_REPO=personal-projects/leo-claude-mktplace
--- a/.gitignore
+++ b/.gitignore
@@ -84,6 +84,13 @@ Thumbs.db
 # Claude Code
 .claude/settings.local.json
 .claude/history/
+.claude/backups/
+
+# Doc Guardian transient files
+.doc-guardian-queue
+
+# Development convenience links
+.marketplaces-link

 # Logs
 logs/
@@ -125,4 +132,5 @@ site/
 *credentials*
 *secret*
 *token*
+!**/token-budget-report.md
 !.gitkeep
--- a/.mcp-full.json
+++ b/.mcp-full.json
@@ -0,0 +1,24 @@
+{
+  "mcpServers": {
+    "gitea": {
+      "command": "./mcp-servers/gitea/run.sh",
+      "args": []
+    },
+    "netbox": {
+      "command": "./mcp-servers/netbox/run.sh",
+      "args": []
+    },
+    "viz-platform": {
+      "command": "./mcp-servers/viz-platform/run.sh",
+      "args": []
+    },
+    "data-platform": {
+      "command": "./mcp-servers/data-platform/run.sh",
+      "args": []
+    },
+    "contract-validator": {
+      "command": "./mcp-servers/contract-validator/run.sh",
+      "args": []
+    }
+  }
+}
--- a/.mcp-lean.json
+++ b/.mcp-lean.json
@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "gitea": {
+      "command": "./mcp-servers/gitea/run.sh",
+      "args": []
+    }
+  }
+}
--- a/.mcp.json
+++ b/.mcp.json
@@ -1,23 +1,23 @@
 {
  "mcpServers": {
    "gitea": {
-      "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/gitea/run.sh",
+      "command": "./mcp-servers/gitea/run.sh",
      "args": []
    },
    "netbox": {
-      "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/netbox/run.sh",
+      "command": "./mcp-servers/netbox/run.sh",
      "args": []
    },
    "viz-platform": {
-      "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/viz-platform/run.sh",
+      "command": "./mcp-servers/viz-platform/run.sh",
      "args": []
    },
    "data-platform": {
-      "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/data-platform/run.sh",
+      "command": "./mcp-servers/data-platform/run.sh",
      "args": []
    },
    "contract-validator": {
-      "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/contract-validator/run.sh",
+      "command": "./mcp-servers/contract-validator/run.sh",
      "args": []
    }
  }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,566 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 ## [Unreleased]

+### Added
+
+- **Phase 3: 8 new plugin scaffolds**
+  - `saas-api-platform` (domain: saas) — REST/GraphQL API scaffolding for FastAPI and Express. 6 commands, 2 agents, 5 skills
+  - `saas-db-migrate` (domain: saas) — Database migration management for Alembic, Prisma, and raw SQL. 6 commands, 2 agents, 5 skills
+  - `saas-react-platform` (domain: saas) — React frontend toolkit for Next.js and Vite projects. 6 commands, 2 agents, 6 skills
+  - `saas-test-pilot` (domain: saas) — Test automation for pytest, Jest, Vitest, and Playwright. 6 commands, 2 agents, 6 skills
+  - `data-seed` (domain: data) — Test data generation and database seeding. 5 commands, 2 agents, 5 skills
+  - `ops-release-manager` (domain: ops) — Release management with SemVer, changelogs, and tag automation. 6 commands, 2 agents, 5 skills
+  - `ops-deploy-pipeline` (domain: ops) — CI/CD deployment pipeline for Docker Compose and systemd. 6 commands, 2 agents, 6 skills
+  - `debug-mcp` (domain: debug) — MCP server debugging, inspection, and development toolkit. 5 commands, 1 agent, 5 skills
+- 8 design documents in `docs/designs/` for all new plugins
+
+---
+
+## [9.0.0] - 2026-02-06
+
+### BREAKING CHANGES
+
+#### Command Consolidation (v9.0.0)
+
+All commands renamed to `/<noun> <action>` sub-command pattern. Every command across all 12 plugins now follows this convention. See [MIGRATION-v9.md](./docs/MIGRATION-v9.md) for the complete old-to-new mapping.
+
+**Key changes:**
+- **projman:** `/sprint-plan` → `/sprint plan`, `/pm-setup` → `/projman setup`, `/pm-review` → `/sprint review`, `/pm-test` → `/sprint test`, `/labels-sync` → `/labels sync`
+- **git-flow:** 8→5 commands. `/git-commit` → `/gitflow commit`. Three commit variants (`-push`, `-merge`, `-sync`) consolidated into `--push`/`--merge`/`--sync` flags. `/branch-start` → `/gitflow branch-start`, `/git-status` → `/gitflow status`, `/git-config` → `/gitflow config`
+- **pr-review:** `/pr-review` → `/pr review`, `/project-init` → `/pr init`, `/project-sync` → `/pr sync`
+- **clarity-assist:** `/clarify` → `/clarity clarify`, `/quick-clarify` → `/clarity quick-clarify`
+- **doc-guardian:** `/doc-audit` → `/doc audit`, `/changelog-gen` → `/doc changelog-gen`, `/stale-docs` → `/doc stale-docs`
+- **code-sentinel:** `/security-scan` → `/sentinel scan`, `/refactor` → `/sentinel refactor`
+- **claude-config-maintainer:** `/config-analyze` → `/claude-config analyze` (all 8 commands prefixed)
+- **contract-validator:** `/validate-contracts` → `/cv validate`, `/check-agent` → `/cv check-agent`
+- **cmdb-assistant:** `/cmdb-search` → `/cmdb search`, `/change-audit` → `/cmdb change-audit`, `/ip-conflicts` → `/cmdb ip-conflicts`
+- **data-platform:** `/data-ingest` → `/data ingest`, `/dbt-test` → `/data dbt-test`, `/lineage-viz` → `/data lineage-viz`
+- **viz-platform:** `/accessibility-check` → `/viz accessibility-check`, `/design-gate` → `/viz design-gate`, `/design-review` → `/viz design-review`
+
+### Added
+
+- Dispatch files for all 12 plugins — each plugin now has a `<noun>.md` routing table listing all sub-commands
+- `name:` frontmatter field added to all command files for sub-command resolution
+- `docs/MIGRATION-v9.md` — Complete old-to-new command mapping for consumer migration
+- `docs/COMMANDS-CHEATSHEET.md` — Full rewrite with v9.0.0 command names
+
+### Changed
+
+- All documentation updated with new command names: CLAUDE.md, README.md, CONFIGURATION.md, UPDATING.md, agent-workflow.spec.md, netbox/README.md
+- All cross-plugin references updated (skills, agents, integration files)
+- `marketplace.json` version bumped to 9.0.0
+
+---
+
+## [8.1.0] - 2026-02-06
+
+### BREAKING CHANGES
+
+#### Hook Migration (v8.1.0)
+
+All `SessionStart` and `PostToolUse` hooks removed. Only `PreToolUse` safety hooks and `UserPromptSubmit` quality hooks remain. Plugins that relied on automatic startup checks or post-write automation must use manual commands instead.
+
+### Added
+
+- **projman:** 7 new skills — `source-analysis`, `project-charter`, `adr-conventions`, `epic-conventions`, `wbs`, `risk-register`, `sprint-roadmap`
+- **projman:** `/project` command family — `initiation`, `plan`, `status`, `close` for full project lifecycle management
+- **projman:** `/adr` command family — `create`, `list`, `update`, `supersede` for Architecture Decision Records
+- **projman:** Expanded `wiki-conventions.md` with dependency headers, R&D notes, page naming patterns
+- **projman:** Epic/* labels (5) and RnD/* labels (4) added to label taxonomy
+- **project-hygiene:** `/hygiene check` manual command replacing PostToolUse hook
+- **contract-validator:** `/cv status` marketplace-wide health check command
+
+### Changed
+
+- `verify-hooks.sh` rewritten to validate post-migration hook inventory (4 plugins, 5 hooks)
+- `config-permissions-map.md` updated to reflect reduced hook inventory
+- `settings-optimization.md` updated for current hook landscape
+- `sprint-plan.md` no longer loads `token-budget-report.md` skill
+- `sprint-close.md` loads `rfc-workflow.md` conditionally; manual CHANGELOG review replaces `/suggest-version`
+- `planner.md` and `orchestrator.md` no longer reference domain consultation or domain gates
+- Label taxonomy updated from 43 to 58 labels (added Status/4, Domain/2, Epic/5, RnD/4)
+
+### Removed
+
+- **hooks:** 8 hooks.json files deleted (projman, pr-review, doc-guardian, project-hygiene, claude-config-maintainer, viz-platform, data-platform, contract-validator SessionStart/PostToolUse hooks)
+- **hooks:** Orphaned shell scripts deleted (startup-check.sh, notify.sh, cleanup.sh, enforce-rules.sh, schema-diff-check.sh, auto-validate.sh, breaking-change-check.sh)
+- **projman:** `/pm-debug`, `/suggest-version`, `/proposal-status` commands deleted
+- **projman:** `domain-consultation.md` skill deleted
+- **cmdb-assistant:** SessionStart hook removed (PreToolUse hook retained)
+
+---
+
+## [8.0.0] - 2026-02-06
+
+### BREAKING CHANGES
+
+#### Domain Metadata Required (v8.0.0)
+
+All plugin manifests now require a `domain` field. `validate-marketplace.sh` rejects plugins without it.
+
+### Added
+
+- **marketplace:** `domain` field added to all 12 `plugin.json` files and all `marketplace.json` entries
+- **marketplace:** Domain validation in `validate-marketplace.sh` — validates presence, allowed values, and cross-file consistency
+- **marketplace:** New launch profiles: `saas`, `ops`, `debug` in `claude-launch.sh`
+- **marketplace:** `data-seed` added to `data` launch profile (forward-looking)
+- **docs:** Domain metadata conventions in `CANONICAL-PATHS.md`
+- **docs:** Domain field requirements in `CLAUDE.md` "Adding a New Plugin" section
+
+### Changed
+
+- `validate-marketplace.sh` now requires `domain` in both `plugin.json` and `marketplace.json` (breaking change for validation pipeline)
+- `claude-launch.sh` profiles expanded: sprint, data, saas, ops, review, debug, full
+
+### Deprecated
+
+- `infra` launch profile — use `ops` instead (auto-redirects with warning)
+
+### Fixed
+
+- Confirmed projman `metadata.json` exists with gitea MCP mapping
+- Synced `marketplace-full.json` and `marketplace-lean.json` to current version (were stale)
+- Added `metadata.json` validation to `validate-marketplace.sh` — rejects `mcp_servers` in `plugin.json`, verifies MCP server references
+- Updated `CANONICAL-PATHS.md` to current version
+- Deprecated `switch-profile.sh` in favor of `claude-launch.sh`
+
+---
+
+## [7.1.0] - 2026-02-04
+
+### Added
+
+- **marketplace:** Task-specific launcher script for token optimization
+  - New script: `scripts/claude-launch.sh` loads only needed plugins via `--plugin-dir`
+  - Profiles: sprint (default), review, data, infra, full
+  - Reduces token overhead from ~22K to ~4-6K tokens
+  - Enables `ENABLE_TOOL_SEARCH=true` for MCP lazy loading
+- **marketplace:** Lean/full profile config files for manual switching (superseded by `claude-launch.sh`)
+  - Files: `.mcp-lean.json`, `.mcp-full.json`, `marketplace-lean.json`, `marketplace-full.json`
+  - Script `scripts/switch-profile.sh` available but `claude-launch.sh` is the recommended approach
+  - Full profile remains the default baseline; launcher handles selective loading
+- **projman:** Token usage estimation reporting at sprint workflow boundaries
+  - New skill: `token-budget-report.md` with MCP overhead and skill loading estimation model
+  - Token report displayed at end of `/sprint-plan` and `/sprint-close`
+  - On-demand via `/sprint-status --tokens`
+  - Helps identify which phases and components consume the most context budget
+
+### Changed
+
+- **projman:** `/sprint-status` now uses conditional skill loading for reduced token overhead
+  - Only loads `mcp-tools-reference.md` by default (~1.5k tokens vs ~5k)
+  - `--diagram` flag loads `dependency-management.md` and `progress-tracking.md`
+  - `--tokens` flag loads `token-budget-report.md`
+  - Estimated savings: ~3.5k tokens per status check
+
+### Fixed
+
+- **docs:** Stale command references in data-platform visual-header.md and viz-platform claude-md-integration.md updated to v7.0.0 namespaced names
+- **docs:** git-flow visual-header.md and git-status.md quick actions updated to namespaced commands
+- **docs:** projman/CONFIGURATION.md and docs/DEBUGGING-CHECKLIST.md updated with correct command names
+
+---
+
+## [7.0.0] - 2026-02-03
+
+### BREAKING CHANGES
+
+#### Command Namespace Rename
+
+All generic command names are now prefixed with their plugin's namespace to eliminate collisions across the marketplace. This is a **breaking change** for consuming projects — update your CLAUDE.md integration snippets.
+
+**Full Rename Map:**
+
+| Plugin | Old | New |
+|--------|-----|-----|
+| projman | `/setup` | `/pm-setup` |
+| projman | `/review` | `/pm-review` |
+| projman | `/test` | `/pm-test` |
+| projman | `/debug` | `/pm-debug` |
+| git-flow | `/commit` | `/git-commit` |
+| git-flow | `/commit-push` | `/git-commit-push` |
+| git-flow | `/commit-merge` | `/git-commit-merge` |
+| git-flow | `/commit-sync` | `/git-commit-sync` |
+| pr-review | `/initial-setup` | `/pr-setup` |
+| cmdb-assistant | `/initial-setup` | `/cmdb-setup` |
+| data-platform | `/initial-setup` | `/data-setup` |
+| data-platform | `/run` | `/data-run` |
+| data-platform | `/ingest` | `/data-ingest` |
+| data-platform | `/profile` | `/data-profile` |
+| data-platform | `/schema` | `/data-schema` |
+| data-platform | `/explain` | `/data-explain` |
+| data-platform | `/lineage` | `/data-lineage` |
+| viz-platform | `/initial-setup` | `/viz-setup` |
+| viz-platform | `/theme` | `/viz-theme` |
+| viz-platform | `/theme-new` | `/viz-theme-new` |
+| viz-platform | `/theme-css` | `/viz-theme-css` |
+| viz-platform | `/chart` | `/viz-chart` |
+| viz-platform | `/chart-export` | `/viz-chart-export` |
+| viz-platform | `/dashboard` | `/viz-dashboard` |
+| viz-platform | `/component` | `/viz-component` |
+| viz-platform | `/breakpoints` | `/viz-breakpoints` |
+| contract-validator | `/initial-setup` | `/cv-setup` |
+
+**Migration:** Update your project's CLAUDE.md integration snippets to use the new command names. Run `/plugin list` to verify installed plugins are using v7.0.0+.
+
+**Unchanged:** Commands already using plugin-namespaced prefixes (`/sprint-*`, `/cmdb-*`, `/labels-sync`, `/branch-*`, `/git-status`, `/git-config`, `/pr-review`, `/pr-summary`, `/pr-findings`, `/pr-diff`, `/project-init`, `/project-sync`, `/config-*`, `/design-*`, `/data-quality`, `/data-review`, `/data-gate`, `/lineage-viz`, `/dbt-test`, `/accessibility-check`, `/validate-contracts`, `/check-agent`, `/list-interfaces`, `/dependency-graph`, `/doc-audit`, `/doc-sync`, `/security-scan`, `/refactor`, `/refactor-dry`, `/clarify`, `/suggest-version`, `/proposal-status`, `/rfc`, `/change-audit`, `/ip-conflicts`) are **not affected**.
+
+### Added
+
+#### Plan-Then-Batch Skill Optimization (projman)
+
+New execution pattern that separates cognitive work from mechanical API operations, reducing skill-related token consumption by ~76-83% during sprint workflows.
+
+- **`skills/batch-execution.md`** — New skill defining the plan-then-batch protocol:
+  - Phase 1: Cognitive work with all skills loaded
+  - Phase 2: Execution manifest (structured plan of all API operations)
+  - Phase 3: Batch execute API calls using only frontmatter skills
+  - Phase 4: Batch report with success/failure summary
+  - Error handling: continue on individual failures, report at end
+
+- **Frontmatter skill promotion:**
+  - Planner agent: `mcp-tools-reference` and `batch-execution` promoted to frontmatter (auto-injected, zero re-read cost)
+  - Orchestrator agent: same promotion
+  - Eliminates per-operation skill file re-reads during API execution loops
+
+- **Phase-based skill loading:**
+  - Planner: 3 phases (validation → analysis → approval) with explicit "read once" instructions
+  - Orchestrator: 2 phases (startup → dispatch) with same pattern
+  - New `## Skill Loading Protocol` section replaces flat `## Skills to Load` in agent files
+
+### Changed
+
+- **`planning-workflow.md`** — Steps 8-10 restructured:
+  - Step 8: "Draft Issue Specifications" (no API calls — resolve all parameters first)
+  - Step 8a: "Batch Execute Issue Creation" (tight API loop, frontmatter skills only)
+  - Step 9: Merged into Step 8a (dependencies created in batch)
+  - Step 10: Milestone creation moved before batch (must exist for assignment)
+
+- **Agent matrix updated:**
+  - Planner: `body text (14)` → `frontmatter (2) + body text (12)`
+  - Orchestrator: `body text (12)` → `frontmatter (2) + body text (10)`
+
+- **`docs/CONFIGURATION.md`** — New "Phase-Based Skill Loading" subsection documenting the pattern
+
+### Token Impact
+
+| Scenario | Before | After | Savings |
+|----------|--------|-------|---------|
+| 6-issue sprint (planning) | ~23,800 lines | ~5,600 lines | ~76% |
+| 10-issue sprint (planning) | ~35,000 lines | ~7,000 lines | ~80% |
+| 8-issue status updates (orchestrator) | ~9,600 lines | ~1,600 lines | ~83% |
+
+---
+
+## [5.10.0] - 2026-02-03
+
+### Added
+
+#### NetBox MCP Server: Module-Based Tool Filtering
+
+Environment-variable-driven module filtering to reduce token consumption:
+
+- **New config option**: `NETBOX_ENABLED_MODULES` in `~/.config/claude/netbox.env`
+- **Token savings**: ~15,000 tokens (from ~19,810 to ~4,500) with recommended config
+- **Default behavior**: All modules enabled if env var unset (backward compatible)
+- **Startup logging**: Shows enabled modules and tool count on initialization
+- **Routing guard**: Clear error message when calling disabled module's tools
+
+**Recommended configuration for cmdb-assistant users:**
+```bash
+NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+```
+
+This enables ~43 tools covering all cmdb-assistant commands while staying well below the 25K token warning threshold.
+
+### Fixed
+
+#### cmdb-assistant Documentation: Incorrect Tool Names
+
+Fixed documentation referencing non-existent `virtualization_*` tool names:
+
+| File | Wrong | Correct |
+|------|-------|---------|
+| `claude-md-integration.md` | `virtualization_list_virtual_machines` | `virt_list_vms` |
+| `claude-md-integration.md` | `virtualization_create_virtual_machine` | `virt_create_vm` |
+| `cmdb-search.md` | `virtualization_list_virtual_machines` | `virt_list_vms` |
+
+Also fixed NetBox README.md tool name references for virtualization, wireless, and circuits modules.
+
+#### Gitea MCP Server: Standardized Build Backend
+
+Changed `mcp-servers/gitea/pyproject.toml` from hatchling to setuptools:
+- Matches all other MCP servers (contract-validator, viz-platform, data-platform)
+- Updated license format to PEP 639 compliance
+- Added pytest configuration for consistency
+
+---
+
+## [5.9.0] - 2026-02-03
+
+### Added
+
+#### Plugin Installation Scripts
+New scripts for installing marketplace plugins into consumer projects:
+
+- **`scripts/install-plugin.sh`** — Install a plugin to a consumer project
+  - Adds MCP server entry to target's `.mcp.json` (if plugin has MCP server)
+  - Appends integration snippet to target's `CLAUDE.md`
+  - Idempotent: safe to run multiple times
+  - Validates plugin exists and target path is valid
+
+- **`scripts/uninstall-plugin.sh`** — Remove a plugin from a consumer project
+  - Removes MCP server entry from `.mcp.json`
+  - Removes integration section from `CLAUDE.md`
+
+- **`scripts/list-installed.sh`** — Show installed plugins in a project
+  - Lists fully installed, partially installed, and available plugins
+  - Shows plugin versions and descriptions
+
+**Usage:**
+```bash
+./scripts/install-plugin.sh data-platform ~/projects/personal-portfolio
+./scripts/list-installed.sh ~/projects/personal-portfolio
+./scripts/uninstall-plugin.sh data-platform ~/projects/personal-portfolio
+```
+
+**Documentation:** `docs/CONFIGURATION.md` updated with "Installing Plugins to Consumer Projects" section.
+
+### Fixed
+
+#### Plugin Installation Scripts — MCP Mapping & Section Markers
+
+**MCP Server Mapping:**
+- Added `mcp_servers` field to plugin.json for plugins that use shared MCP servers
+- `projman` and `pr-review` now correctly install `gitea` MCP server
+- `cmdb-assistant` now correctly installs `netbox` MCP server
+- Scripts read MCP server names from plugin.json instead of assuming plugin name = server name
+
+**CLAUDE.md Section Markers:**
+- Install script now wraps integration content with HTML comment markers:
+  `<!-- BEGIN marketplace-plugin: {name} -->` and `<!-- END marketplace-plugin: {name} -->`
+- Uninstall script uses markers for precise section removal (no more code block false positives)
+- Backward compatible: falls back to legacy header detection for pre-marker installations
+
+**Plugins updated with `mcp_servers` field:**
+- `projman` → `["gitea"]`
+- `pr-review` → `["gitea"]`
+- `cmdb-assistant` → `["netbox"]`
+- `data-platform` → `["data-platform"]`
+- `viz-platform` → `["viz-platform"]`
+- `contract-validator` → `["contract-validator"]`
+
+#### Agent Model Selection
+
+Per-agent model selection using Claude Code's now-supported `model` frontmatter field.
+
+- All 25 marketplace agents assigned appropriate model (`sonnet`, `haiku`, or `inherit`)
+- Model assignment based on reasoning depth, tool complexity, and latency requirements
+- Documentation added to `CLAUDE.md` and `docs/CONFIGURATION.md`
+
+**Supported values:** `sonnet` (default), `opus`, `haiku`, `inherit`
+
+**Model assignments:**
+| Model | Agent Types |
+|-------|-------------|
+| sonnet | Planner, Orchestrator, Executor, Code Reviewer, Coordinator, Security Reviewers, Data Advisor, Design Reviewer, etc. |
+| haiku | Maintainability Auditor, Test Validator, Component Check, Theme Setup, Git Assistant, Data Ingestion, Agent Check |
+
+### Fixed
+
+#### Agent Frontmatter Standardization
+
+- Fixed viz-platform and data-platform agents using non-standard `agent:` field (now `name:`)
+- Removed non-standard `triggers:` field from domain agents (trigger info already in agent body)
+- Added missing frontmatter to 13 agents across pr-review, viz-platform, contract-validator, clarity-assist, git-flow, doc-guardian, code-sentinel, cmdb-assistant, and data-platform
+- All 25 agents now have consistent `name`, `description`, and `model` fields
+
+### Changed
+
+#### Agent Frontmatter Hardening v3
+
+Comprehensive agent-level configuration using Claude Code's supported frontmatter fields.
+
+**permissionMode added to all 25 agents:**
+- `bypassPermissions` (1): Executor — full autonomy with code-sentinel + Code Reviewer safety nets
+- `acceptEdits` (7): Orchestrator, Data Ingestion, Theme Setup, Refactor Advisor, Doc Analyzer, Git Assistant, Maintainer
+- `default` (7): Planner, Code Reviewer, Data Advisor, Layout Builder, Full Validation, Clarity Coach, CMDB Assistant
+- `plan` (10): All pr-review agents (5), Data Analysis, Design Reviewer, Component Check, Agent Check, Security Reviewer (code-sentinel)
+
+**disallowedTools added to 12 agents:**
+- All `plan`-mode agents (10) + Code Reviewer + Clarity Coach receive `disallowedTools: Write, Edit, MultiEdit`
+- Enforces read-only contracts at platform level (defense-in-depth with `permissionMode`)
+
+**Model promotions:**
+- Planner: `sonnet` → `opus` (architectural reasoning benefits from deeper analysis)
+- Code Reviewer: `sonnet` → `opus` (quality gate benefits from thorough review)
+
+**skills frontmatter on 3 agents:**
+- Executor: 7 safety-critical skills auto-injected (branch-security, runaway-detection, etc.)
+- Code Reviewer: 4 review skills auto-injected
+- Maintainer: 2 config skills auto-injected
+- Body text `## Skills to Load` removed for these agents to avoid duplication
+
+**Documentation:**
+- `CLAUDE.md` and `docs/CONFIGURATION.md` updated with complete agent configuration matrix
+- New subsections: permissionMode Guide, disallowedTools Guide, skills Frontmatter Guide
+
+---
+
+## [5.8.0] - 2026-02-02
+
+### Added
+
+#### claude-config-maintainer v1.2.0 - Settings Audit Feature
+
+New commands for auditing and optimizing `settings.local.json` permission configurations:
+
+- **`/config-audit-settings`** — Audit `settings.local.json` permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit
+- **`/config-optimize-settings`** — Apply permission optimizations with dry-run, named profiles (`conservative`, `reviewed`, `autonomous`), and consolidation modes
+- **`/config-permissions-map`** — Generate Mermaid diagram of review layer coverage and permission gaps
+- **`skills/settings-optimization.md`** — Comprehensive skill for permission pattern analysis, consolidation rules, review-layer-aware recommendations, and named profiles
+
+**Key Features:**
+- Settings Efficiency Score (100 points) alongside existing CLAUDE.md score
+- Review layer verification — agent reads `hooks/hooks.json` from installed plugins before recommending auto-allow patterns
+- Three named profiles: `conservative` (prompts for most writes), `reviewed` (for projects with ≥2 review layers), `autonomous` (sandboxed environments)
+- Pattern consolidation detection: duplicates, subsets, merge candidates, stale entries, conflicts
+
+#### Projman Hardening Sprint
+Targeted improvements to safety gates, command structure, lifecycle tracking, and cross-plugin contracts.
+
+**Sprint Lifecycle State Machine:**
+- New `skills/sprint-lifecycle.md` - defines valid states and transitions via milestone metadata
+- States: idle -> Sprint/Planning -> Sprint/Executing -> Sprint/Reviewing -> idle
+- All sprint commands check and set lifecycle state on entry/exit
+- Out-of-order calls produce warnings with guidance, `--force` override available
+
+**Sprint Dispatch Log:**
+- Orchestrator now maintains a structured dispatch log during execution
+- Records task dispatch, completion, failure, gate checks, and resume events
+- Enables timeline reconstruction after interrupted sessions
+
+**Gate Contract Versioning:**
+- Gate commands (`/design-gate`, `/data-gate`) declare `gate_contract: v1` in frontmatter
+- `domain-consultation.md` Gate Command Reference includes expected contract version
+- `validate_workflow_integration` now checks contract version compatibility
+- Mismatch produces WARNING, missing contract produces INFO suggestion
+
+**Shared Visual Output Skill:**
+- New `skills/visual-output.md` - single source of truth for projman visual headers
+- All 4 agent files reference the skill instead of inline templates
+- Phase Registry maps agents to emoji and phase names
+
+### Changed
+
+**Sprint Approval Gate Hardened:**
+- Approval is now a hard block, not a warning (was "recommended", now required)
+- `--force` flag added to bypass in emergencies (logged to milestone)
+- Consistent language across sprint-approval.md, sprint-start.md, and orchestrator.md
+
+**RFC Commands Normalized:**
+- 5 individual commands (`/rfc-create`, `/rfc-list`, `/rfc-review`, `/rfc-approve`, `/rfc-reject`) consolidated into `/rfc create|list|review|approve|reject`
+- `/clear-cache` absorbed into `/setup --clear-cache`
+- Command count reduced from 17 to 12
+
+**`/test` Command Documentation Expanded:**
+- Sprint integration section (pre-close verification workflow)
+- Concrete usage examples for all modes
+- Edge cases table
+- DO NOT rules for both modes
+
+### Removed
+
+- `plugins/projman/commands/rfc-create.md` (replaced by `/rfc create`)
+- `plugins/projman/commands/rfc-list.md` (replaced by `/rfc list`)
+- `plugins/projman/commands/rfc-review.md` (replaced by `/rfc review`)
+- `plugins/projman/commands/rfc-approve.md` (replaced by `/rfc approve`)
+- `plugins/projman/commands/rfc-reject.md` (replaced by `/rfc reject`)
+- `plugins/projman/commands/clear-cache.md` (replaced by `/setup --clear-cache`)
+
+---
+
+## [5.7.1] - 2026-02-02
+
+### Added
+- **contract-validator**: New `validate_workflow_integration` MCP tool — validates domain plugins expose required advisory interfaces (gate command, review command, advisory agent)
+- **contract-validator**: New `MISSING_INTEGRATION` issue type for workflow integration validation
+
+### Fixed
+- `scripts/setup.sh` banner version updated from v5.1.0 to v5.7.1
+
+### Reverted
+- **marketplace.json**: Removed `integrates_with` field — Claude Code schema does not support custom plugin fields (causes marketplace load failure)
+
+---
+
+## [5.7.0] - 2026-02-02
+
+### Added
+- **data-platform**: New `data-advisor` agent for data integrity, schema, and dbt compliance validation
+- **data-platform**: New `data-integrity-audit.md` skill defining audit rules, severity levels, and scanning strategies
+- **data-platform**: New `/data-gate` command for binary pass/fail data integrity gates (projman integration)
+- **data-platform**: New `/data-review` command for comprehensive data integrity audits
+
+### Changed
+- Domain Advisory Pattern now fully operational for both Viz and Data domains
+- projman orchestrator `Domain/Data` gates now resolve to live `/data-gate` command (previously fell through to "gate unavailable" warning)
+
+---
+
+## [5.6.0] - 2026-02-01
+
+### Added
+- **Domain Advisory Pattern**: Cross-plugin integration enabling projman to consult domain-specific plugins during sprint lifecycle
+- **projman**: New `domain-consultation.md` skill for domain detection and gate protocols
+- **viz-platform**: New `design-reviewer` agent for design system compliance auditing
+- **viz-platform**: New `design-system-audit.md` skill defining audit rules and severity levels
+- **viz-platform**: New `/design-review` command for detailed design system audits
+- **viz-platform**: New `/design-gate` command for binary pass/fail validation gates
+- **Labels**: New `Domain/Viz` and `Domain/Data` labels for domain routing
+
+### Changed
+- **projman planner**: Now loads domain-consultation skill and performs domain detection during planning
+- **projman orchestrator**: Now runs domain gates before marking Domain/* labeled issues as complete
+
+---
+
+## [5.5.0] - 2026-02-01
+
+### Added
+
+#### RFC System for Feature Tracking
+Wiki-based Request for Comments (RFC) system for capturing, reviewing, and tracking feature ideas through their lifecycle.
+
+**New Commands (projman):**
+- `/rfc-create` - Create new RFC from conversation or clarified specification
+- `/rfc-list` - List all RFCs grouped by status (Draft, Review, Approved, Implementing, Implemented, Rejected, Stale)
+- `/rfc-review` - Submit Draft RFC for maintainer review
+- `/rfc-approve` - Approve RFC, making it available for sprint planning
+- `/rfc-reject` - Reject RFC with documented reason
+
+**RFC Lifecycle:**
+- Draft → Review → Approved → Implementing → Implemented
+- Terminal states: Rejected, Superseded
+- Stale: Drafts with no activity >90 days
+
+**Sprint Integration:**
+- `/sprint-plan` now detects approved RFCs and offers selection
+- `/sprint-close` updates RFC status to Implemented on completion
+- RFC-Index wiki page auto-maintained with status sections
+
+**Clarity-Assist Integration:**
+- Vagueness hook now detects feature request patterns
+- Suggests `/rfc-create` for feature ideas
+- `/clarify` offers RFC creation after delivering clarified spec
+
+**New MCP Tool:**
+- `allocate_rfc_number` - Allocates next sequential RFC number
+
+**New Skills:**
+- `skills/rfc-workflow.md` - RFC lifecycle and state transitions
+- `skills/rfc-templates.md` - RFC page template specifications
+
 ### Changed

 #### Sprint 8: Hook Efficiency Quick Wins
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,5 +1,37 @@
 # CLAUDE.md

+## ⛔ MANDATORY BEHAVIOR RULES - READ FIRST
+
+**These rules are NON-NEGOTIABLE. Violating them wastes the user's time and money.**
+
+### 1. WHEN USER ASKS YOU TO CHECK SOMETHING - CHECK EVERYTHING
+- Search ALL locations, not just where you think it is
+- Check cache directories: `~/.claude/plugins/cache/`
+- Check installed: `~/.claude/plugins/marketplaces/`
+- Check source directories
+- **NEVER say "no" or "that's not the issue" without exhaustive verification**
+
+### 2. WHEN USER SAYS SOMETHING IS WRONG - BELIEVE THEM
+- The user knows their system better than you
+- Investigate thoroughly before disagreeing
+- **Your confidence is often wrong. User's instincts are often right.**
+
+### 3. NEVER SAY "DONE" WITHOUT VERIFICATION
+- Run the actual command/script to verify
+- Show the output to the user
+- **"Done" means VERIFIED WORKING, not "I made changes"**
+
+### 4. SHOW EXACTLY WHAT USER ASKS FOR
+- If user asks for messages, show the MESSAGES
+- If user asks for code, show the CODE
+- **Do not interpret or summarize unless asked**
+
+**FAILURE TO FOLLOW THESE RULES = WASTED USER TIME = UNACCEPTABLE**
+
+---
+
+
+
 This file provides guidance to Claude Code when working with code in this repository.

 ## ⛔ RULES - READ FIRST
@@ -96,25 +128,33 @@ These plugins exist in source but are **NOT relevant** to this project's workflo
 | **data-platform** | For data engineering projects (pandas, PostgreSQL, dbt) |
 | **viz-platform** | For dashboard projects (Dash, Plotly) |
 | **cmdb-assistant** | For infrastructure projects (NetBox) |
+| **saas-api-platform** | For REST/GraphQL API projects (FastAPI, Express) |
+| **saas-db-migrate** | For database migration projects (Alembic, Prisma) |
+| **saas-react-platform** | For React frontend projects (Next.js, Vite) |
+| **saas-test-pilot** | For test automation projects (pytest, Jest, Playwright) |
+| **data-seed** | For test data generation and seeding |
+| **ops-release-manager** | For release management workflows |
+| **ops-deploy-pipeline** | For deployment pipeline management |
+| **debug-mcp** | For MCP server debugging and development |

-**Do NOT suggest** `/ingest`, `/profile`, `/chart`, `/cmdb-*` commands - they don't apply here.
+**Do NOT suggest** `/data ingest`, `/data profile`, `/viz chart`, `/cmdb *`, `/api *`, `/db-migrate *`, `/react *`, `/test *`, `/seed *`, `/release *`, `/deploy *`, `/debug-mcp *` commands - they don't apply here.

 ### Key Distinction

 | Context | Path | What To Do |
 |---------|------|------------|
 | **Editing plugin source** | `~/claude-plugins-work/plugins/` | Modify code, add features |
-| **Using installed plugins** | `~/.claude/plugins/marketplaces/` | Run commands like `/sprint-plan` |
+| **Using installed plugins** | `~/.claude/plugins/marketplaces/` | Run commands like `/sprint plan` |

-When user says "run /sprint-plan", use the INSTALLED plugin.
-When user says "fix the sprint-plan command", edit the SOURCE code.
+When user says "run /sprint plan", use the INSTALLED plugin.
+When user says "fix the sprint plan command", edit the SOURCE code.

 ---

 ## Project Overview

 **Repository:** leo-claude-mktplace
-**Version:** 5.4.0
+**Version:** 9.0.0
 **Status:** Production Ready

 A plugin marketplace for Claude Code containing:
@@ -129,10 +169,18 @@ A plugin marketplace for Claude Code containing:
 | `code-sentinel` | Security scanning and code refactoring tools | 1.0.1 |
 | `claude-config-maintainer` | CLAUDE.md optimization and maintenance | 1.0.0 |
 | `cmdb-assistant` | NetBox CMDB integration for infrastructure management | 1.2.0 |
-| `data-platform` | pandas, PostgreSQL, and dbt integration for data engineering | 1.1.0 |
+| `data-platform` | pandas, PostgreSQL, and dbt integration for data engineering | 1.3.0 |
 | `viz-platform` | DMC validation, Plotly charts, and theming for dashboards | 1.1.0 |
 | `contract-validator` | Cross-plugin compatibility validation and agent verification | 1.1.0 |
-| `project-hygiene` | Post-task cleanup automation via hooks | 0.1.0 |
+| `project-hygiene` | Project file organization and cleanup checks | 0.1.0 |
+| `saas-api-platform` | REST/GraphQL API scaffolding for FastAPI and Express | 0.1.0 |
+| `saas-db-migrate` | Database migration management for Alembic, Prisma, raw SQL | 0.1.0 |
+| `saas-react-platform` | React frontend toolkit for Next.js and Vite | 0.1.0 |
+| `saas-test-pilot` | Test automation for pytest, Jest, Vitest, Playwright | 0.1.0 |
+| `data-seed` | Test data generation and database seeding | 0.1.0 |
+| `ops-release-manager` | Release management with SemVer and changelog automation | 0.1.0 |
+| `ops-deploy-pipeline` | Deployment pipeline for Docker Compose and systemd | 0.1.0 |
+| `debug-mcp` | MCP server debugging and development toolkit | 0.1.0 |

 ## Quick Start

@@ -148,16 +196,17 @@ A plugin marketplace for Claude Code containing:

 | Category | Commands |
 |----------|----------|
-| **Setup** | `/setup` (modes: `--full`, `--quick`, `--sync`) |
-| **Sprint** | `/sprint-plan`, `/sprint-start`, `/sprint-status` (with `--diagram`), `/sprint-close` |
-| **Quality** | `/review`, `/test` (modes: `run`, `gen`) |
-| **Versioning** | `/suggest-version` |
-| **PR Review** | `/pr-review`, `/pr-summary`, `/pr-findings`, `/pr-diff` |
-| **Docs** | `/doc-audit`, `/doc-sync`, `/changelog-gen`, `/doc-coverage`, `/stale-docs` |
-| **Security** | `/security-scan`, `/refactor`, `/refactor-dry` |
-| **Config** | `/config-analyze`, `/config-optimize`, `/config-diff`, `/config-lint` |
-| **Validation** | `/validate-contracts`, `/check-agent`, `/list-interfaces`, `/dependency-graph` |
-| **Debug** | `/debug` (modes: `report`, `review`) |
+| **Setup** | `/projman setup` (modes: `--full`, `--quick`, `--sync`) |
+| **Sprint** | `/sprint plan`, `/sprint start`, `/sprint status` (with `--diagram`), `/sprint close` |
+| **Quality** | `/sprint review`, `/sprint test` (modes: `run`, `gen`) |
+| **Project** | `/project initiation\|plan\|status\|close` |
+| **ADR** | `/adr create\|list\|update\|supersede` |
+| **PR Review** | `/pr review`, `/pr summary`, `/pr findings`, `/pr diff` |
+| **Docs** | `/doc audit`, `/doc sync`, `/doc changelog-gen`, `/doc coverage`, `/doc stale-docs` |
+| **Security** | `/sentinel scan`, `/sentinel refactor`, `/sentinel refactor-dry` |
+| **Config** | `/claude-config analyze`, `/claude-config optimize`, `/claude-config diff`, `/claude-config lint` |
+| **Validation** | `/cv validate`, `/cv check-agent`, `/cv list-interfaces`, `/cv dependency-graph`, `/cv status` |
+| **Maintenance** | `/hygiene check` |

 ### Plugin Commands - NOT RELEVANT to This Project

@@ -165,9 +214,17 @@ These commands are being developed but don't apply to this project's workflow:

 | Category | Commands | For Projects Using |
 |----------|----------|-------------------|
-| **Data** | `/ingest`, `/profile`, `/schema`, `/lineage`, `/dbt-test` | pandas, PostgreSQL, dbt |
-| **Visualization** | `/component`, `/chart`, `/dashboard`, `/theme` | Dash, Plotly dashboards |
-| **CMDB** | `/cmdb-search`, `/cmdb-device`, `/cmdb-sync` | NetBox infrastructure |
+| **Data** | `/data ingest`, `/data profile`, `/data schema`, `/data lineage`, `/data dbt-test` | pandas, PostgreSQL, dbt |
+| **Visualization** | `/viz component`, `/viz chart`, `/viz dashboard`, `/viz theme` | Dash, Plotly dashboards |
+| **CMDB** | `/cmdb search`, `/cmdb device`, `/cmdb sync` | NetBox infrastructure |
+| **API** | `/api scaffold`, `/api validate`, `/api docs`, `/api middleware` | FastAPI, Express |
+| **DB Migrate** | `/db-migrate generate`, `/db-migrate validate`, `/db-migrate plan` | Alembic, Prisma |
+| **React** | `/react component`, `/react route`, `/react state`, `/react hook` | Next.js, Vite |
+| **Testing** | `/test generate`, `/test coverage`, `/test fixtures`, `/test e2e` | pytest, Jest, Playwright |
+| **Seeding** | `/seed generate`, `/seed profile`, `/seed apply` | Faker, test data |
+| **Release** | `/release prepare`, `/release validate`, `/release tag` | SemVer releases |
+| **Deploy** | `/deploy generate`, `/deploy validate`, `/deploy check` | Docker Compose, systemd |
+| **Debug MCP** | `/debug-mcp status`, `/debug-mcp test`, `/debug-mcp logs` | MCP server development |

 ## Repository Structure

@@ -185,18 +242,16 @@ leo-claude-mktplace/
 ├── plugins/
 │   ├── projman/                  # Sprint management
 │   │   ├── .claude-plugin/plugin.json
-│   │   ├── commands/             # 12 commands
-│   │   ├── hooks/                # SessionStart: mismatch detection
+│   │   ├── commands/             # 19 commands
 │   │   ├── agents/               # 4 agents
-│   │   └── skills/               # 17 reusable skill files
+│   │   └── skills/               # 23 reusable skill files
 │   ├── git-flow/                 # Git workflow automation
 │   │   ├── .claude-plugin/plugin.json
-│   │   ├── commands/             # 8 commands
+│   │   ├── commands/             # 5 commands
 │   │   └── agents/
 │   ├── pr-review/                # Multi-agent PR review
 │   │   ├── .claude-plugin/plugin.json
-│   │   ├── commands/             # 6 commands
-│   │   ├── hooks/                # SessionStart mismatch detection
+│   │   ├── commands/             # 8 commands
 │   │   └── agents/               # 5 agents
 │   ├── clarity-assist/           # Prompt optimization
 │   │   ├── .claude-plugin/plugin.json
@@ -205,12 +260,10 @@ leo-claude-mktplace/
 │   ├── data-platform/            # Data engineering
 │   │   ├── .claude-plugin/plugin.json
 │   │   ├── commands/             # 7 commands
-│   │   ├── hooks/                # SessionStart PostgreSQL check
 │   │   └── agents/               # 2 agents
 │   ├── viz-platform/             # Visualization
 │   │   ├── .claude-plugin/plugin.json
 │   │   ├── commands/             # 7 commands
-│   │   ├── hooks/                # SessionStart DMC check
 │   │   └── agents/               # 3 agents
 │   ├── doc-guardian/             # Documentation drift detection
 │   ├── code-sentinel/            # Security scanning & refactoring
@@ -239,6 +292,61 @@ leo-claude-mktplace/
 | **Executor** | Implementation-focused | Code implementation, branch management, MR creation |
 | **Code Reviewer** | Thorough, practical | Pre-close quality review, security scan, test verification |

+### Agent Frontmatter Configuration
+
+Agents specify their configuration in frontmatter using Claude Code's supported fields. Reference: https://code.claude.com/docs/en/sub-agents
+
+**Supported frontmatter fields:**
+
+| Field | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `name` | Yes | — | Unique identifier, lowercase + hyphens |
+| `description` | Yes | — | When Claude should delegate to this subagent |
+| `model` | No | `inherit` | `sonnet`, `opus`, `haiku`, or `inherit` |
+| `permissionMode` | No | `default` | Controls permission prompts: `default`, `acceptEdits`, `dontAsk`, `bypassPermissions`, `plan` |
+| `disallowedTools` | No | none | Comma-separated tools to remove from agent's toolset |
+| `skills` | No | none | Comma-separated skills auto-injected into context at startup |
+| `hooks` | No | none | Lifecycle hooks scoped to this subagent |
+
+**Complete agent matrix:**
+
+| Plugin | Agent | `model` | `permissionMode` | `disallowedTools` | `skills` |
+|--------|-------|---------|-------------------|--------------------|----------|
+| projman | planner | opus | default | — | frontmatter (2) + body text (12) |
+| projman | orchestrator | sonnet | acceptEdits | — | frontmatter (2) + body text (10) |
+| projman | executor | sonnet | bypassPermissions | — | frontmatter (7) |
+| projman | code-reviewer | opus | default | Write, Edit, MultiEdit | frontmatter (4) |
+| pr-review | coordinator | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | performance-analyst | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | maintainability-auditor | haiku | plan | Write, Edit, MultiEdit | — |
+| pr-review | test-validator | haiku | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-advisor | sonnet | default | — | — |
+| data-platform | data-analysis | sonnet | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-ingestion | haiku | acceptEdits | — | — |
+| viz-platform | design-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| viz-platform | layout-builder | sonnet | default | — | — |
+| viz-platform | component-check | haiku | plan | Write, Edit, MultiEdit | — |
+| viz-platform | theme-setup | haiku | acceptEdits | — | — |
+| contract-validator | full-validation | sonnet | default | — | — |
+| contract-validator | agent-check | haiku | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | refactor-advisor | sonnet | acceptEdits | — | — |
+| doc-guardian | doc-analyzer | sonnet | acceptEdits | — | — |
+| clarity-assist | clarity-coach | sonnet | default | Write, Edit, MultiEdit | — |
+| git-flow | git-assistant | haiku | acceptEdits | — | — |
+| claude-config-maintainer | maintainer | sonnet | acceptEdits | — | frontmatter (2) |
+| cmdb-assistant | cmdb-assistant | sonnet | default | — | — |
+
+**Design principles:**
+- `bypassPermissions` is granted to exactly ONE agent (Executor) which has code-sentinel PreToolUse hook + Code Reviewer downstream as safety nets.
+- `plan` mode is assigned to all pure analysis agents (pr-review, read-only validators).
+- `disallowedTools: Write, Edit, MultiEdit` provides defense-in-depth on agents that should never write files.
+- `skills` frontmatter is used for agents with ≤7 skills where guaranteed loading is safety-critical. Agents with 8+ skills use body text `## Skills to Load` for selective loading.
+- `hooks` (agent-scoped) is reserved for future use (v6.0+).
+
+Override any field by editing the agent's `.md` file in `plugins/{plugin}/agents/`.
+
 ### MCP Server Tools (Gitea)

 | Category | Tools |
@@ -247,7 +355,7 @@ leo-claude-mktplace/
 | Labels | `get_labels`, `suggest_labels`, `create_label`, `create_label_smart` |
 | Milestones | `list_milestones`, `get_milestone`, `create_milestone`, `update_milestone`, `delete_milestone` |
 | Dependencies | `list_issue_dependencies`, `create_issue_dependency`, `remove_issue_dependency`, `get_execution_order` |
-| Wiki | `list_wiki_pages`, `get_wiki_page`, `create_wiki_page`, `update_wiki_page`, `create_lesson`, `search_lessons` |
+| Wiki | `list_wiki_pages`, `get_wiki_page`, `create_wiki_page`, `update_wiki_page`, `create_lesson`, `search_lessons`, `allocate_rfc_number` |
 | **Pull Requests** | `list_pull_requests`, `get_pull_request`, `get_pr_diff`, `get_pr_comments`, `create_pr_review`, `add_pr_comment` |
 | Validation | `validate_repo_org`, `get_branch_protection` |

@@ -268,14 +376,28 @@ leo-claude-mktplace/
 | `staging` | Staging | Read-only code, can create issues |
 | `main`, `master` | Production | Read-only, emergency only |

+### RFC System
+
+Wiki-based Request for Comments system for tracking feature ideas from proposal through implementation.
+
+**RFC Wiki Naming:**
+- RFC pages: `RFC-NNNN: Short Title` (4-digit zero-padded)
+- Index page: `RFC-Index` (auto-maintained)
+
+**Lifecycle:** Draft → Review → Approved → Implementing → Implemented
+
+**Integration with Sprint Planning:**
+- `/sprint plan` detects approved RFCs and offers selection
+- `/sprint close` updates RFC status on completion
+
 ## Label Taxonomy

-43 labels total: 27 organization + 16 repository
+58 labels total: 31 organization + 27 repository

-**Organization:** Agent/2, Complexity/3, Efforts/5, Priority/4, Risk/3, Source/4, Type/6
-**Repository:** Component/9, Tech/7
+**Organization:** Agent/2, Complexity/3, Efforts/5, Priority/4, Risk/3, Source/4, Status/4, Type/6
+**Repository:** Component/9, Tech/7, Domain/2, Epic/5, RnD/4

-Sync with `/labels-sync` command.
+Sync with `/labels sync` command.

 ## Lessons Learned System

@@ -290,13 +412,34 @@ Stored in Gitea Wiki under `lessons-learned/sprints/`.

 ### Adding a New Plugin

-1. Create `plugins/{name}/.claude-plugin/plugin.json`
-2. Add entry to `.claude-plugin/marketplace.json` with category, tags, license
+1. Create `plugins/{name}/.claude-plugin/plugin.json` — must include `"domain"` field (`core`, `data`, `saas`, `ops`, or `debug`)
+2. Add entry to `.claude-plugin/marketplace.json` with category, tags, license, and `"domain"` field (must match plugin.json)
 3. Create `claude-md-integration.md`
 4. If using new MCP server, add to root `mcp-servers/` and update `.mcp.json`
-5. Run `./scripts/validate-marketplace.sh`
+5. Run `./scripts/validate-marketplace.sh` — rejects plugins without valid `domain` field
 6. Update `CHANGELOG.md`

+**Domain field is required (v8.0.0+):**
+```json
+{
+  "name": "plugin-name",
+  "domain": "core",
+  ...
+}
+```
+
+**Naming convention:** New plugins use domain prefix (`saas-*`, `ops-*`, `data-*`, `debug-*`). Core plugins have no prefix.
+
+### Domain Assignments
+
+| Domain | Plugins |
+|--------|---------|
+| `core` | projman, git-flow, pr-review, code-sentinel, doc-guardian, clarity-assist, contract-validator, claude-config-maintainer, project-hygiene |
+| `data` | data-platform, viz-platform, data-seed |
+| `saas` | saas-api-platform, saas-db-migrate, saas-react-platform, saas-test-pilot |
+| `ops` | cmdb-assistant, ops-release-manager, ops-deploy-pipeline |
+| `debug` | debug-mcp |
+
 ### Adding a Command to projman

 1. Create `plugins/projman/commands/{name}.md`
@@ -348,12 +491,12 @@ See `docs/DEBUGGING-CHECKLIST.md` for systematic troubleshooting.
 | Symptom | Likely Cause | Fix |
 |---------|--------------|-----|
 | "X MCP servers failed" | Missing venv in installed path | `cd ~/.claude/plugins/marketplaces/leo-claude-mktplace && ./scripts/setup.sh` |
-| MCP tools not available | Venv missing or .mcp.json misconfigured | Run `/debug report` to diagnose |
+| MCP tools not available | Venv missing or .mcp.json misconfigured | Run `/cv status` to diagnose |
 | Changes not taking effect | Editing source, not installed | Reinstall plugin or edit installed path |

-**Debug Commands:**
- `/debug report` - Run full diagnostics, create issue if needed
- `/debug review` - Investigate and propose fixes
+**Diagnostic Commands:**
+- `/cv status` - Marketplace-wide health check (installation, MCP, configuration)
+- `/hygiene check` - Project file organization and cleanup check

 ## Versioning Workflow

@@ -407,4 +550,4 @@ The script will:

 ---

-**Last Updated:** 2026-01-30
+**Last Updated:** 2026-02-06
--- a/README.md
+++ b/README.md
@@ -1,7 +1,32 @@
-# Leo Claude Marketplace - v5.4.0
+# Leo Claude Marketplace - v9.0.0

 A collection of Claude Code plugins for project management, infrastructure automation, and development workflows.

+## Quick Start
+
+Use the launcher script to load only the plugins you need, reducing token overhead from ~22K to ~4-6K tokens:
+
+```bash
+./scripts/claude-launch.sh [profile] [extra-args...]
+```
+
+| Profile | Plugins Loaded | Use Case |
+|---------|----------------|----------|
+| `sprint` | projman, git-flow, pr-review, code-sentinel, doc-guardian, clarity-assist | Default. Sprint planning and development |
+| `review` | pr-review, code-sentinel | Lightweight code review |
+| `data` | data-platform, viz-platform | Data engineering and visualization |
+| `infra` | cmdb-assistant | Infrastructure/CMDB management |
+| `full` | All 20 plugins via marketplace.json | When you need everything |
+
+**Examples:**
+```bash
+./scripts/claude-launch.sh                    # Default sprint profile
+./scripts/claude-launch.sh data --model opus  # Data profile with Opus
+./scripts/claude-launch.sh full               # Load all plugins
+```
+
+The script enables `ENABLE_TOOL_SEARCH=true` for MCP lazy loading.
+
 ## Plugins

 ### Development & Project Management
@@ -12,6 +37,7 @@ A collection of Claude Code plugins for project management, infrastructure autom
 AI-guided sprint planning with full Gitea integration. Transforms a proven 15-sprint workflow into a distributable plugin.

 - Four-agent model: Planner, Orchestrator, Executor, Code Reviewer
+- Plan-then-batch execution: skills loaded once per phase, API calls batched for ~80% token savings
 - Intelligent label suggestions from 43-label taxonomy
 - Lessons learned capture via Gitea Wiki
 - Native issue dependencies with parallel execution
@@ -19,9 +45,9 @@ AI-guided sprint planning with full Gitea integration. Transforms a proven 15-sp
 - Branch-aware security (development/staging/production)
 - Pre-sprint-close code quality review and test verification

-**Commands:** `/sprint-plan`, `/sprint-start`, `/sprint-status`, `/sprint-close`, `/labels-sync`, `/setup`, `/review`, `/test`, `/debug`, `/suggest-version`, `/proposal-status`, `/clear-cache`
+**Commands:** `/sprint plan`, `/sprint start`, `/sprint status`, `/sprint close`, `/labels sync`, `/projman setup`, `/sprint review`, `/sprint test`, `/projman debug`, `/projman suggest-version`, `/projman proposal-status`, `/rfc`

-#### [git-flow](./plugins/git-flow) *NEW in v3.0.0*
+#### [git-flow](./plugins/git-flow)
 **Git Workflow Automation**

 Smart git operations with intelligent commit messages and branch management.
@@ -32,9 +58,9 @@ Smart git operations with intelligent commit messages and branch management.
 - Merge and cleanup automation
 - Protected branch awareness

-**Commands:** `/commit`, `/commit-push`, `/commit-merge`, `/commit-sync`, `/branch-start`, `/branch-cleanup`, `/git-status`, `/git-config`
+**Commands:** `/gitflow commit` (with `--push`, `--merge`, `--sync` flags), `/gitflow branch-start`, `/gitflow branch-cleanup`, `/gitflow status`, `/gitflow config`

-#### [pr-review](./plugins/pr-review) *NEW in v3.0.0*
+#### [pr-review](./plugins/pr-review)
 **Multi-Agent PR Review**

 Comprehensive pull request review using specialized agents.
@@ -44,16 +70,16 @@ Comprehensive pull request review using specialized agents.
 - Actionable feedback with suggested fixes
 - Gitea integration for automated review submission

-**Commands:** `/pr-review`, `/pr-summary`, `/pr-findings`, `/pr-diff`, `/initial-setup`, `/project-init`, `/project-sync`
+**Commands:** `/pr review`, `/pr summary`, `/pr findings`, `/pr diff`, `/pr setup`, `/pr init`, `/pr sync`

 #### [claude-config-maintainer](./plugins/claude-config-maintainer)
-**CLAUDE.md Optimization and Maintenance**
+**CLAUDE.md and Settings Optimization**

-Analyze, optimize, and create CLAUDE.md configuration files for Claude Code projects.
+Analyze, optimize, and create CLAUDE.md configuration files. Audit and optimize settings.local.json permissions.

-**Commands:** `/config-analyze`, `/config-optimize`, `/config-init`, `/config-diff`, `/config-lint`
+**Commands:** `/claude-config analyze`, `/claude-config optimize`, `/claude-config init`, `/claude-config diff`, `/claude-config lint`, `/claude-config audit-settings`, `/claude-config optimize-settings`, `/claude-config permissions-map`

-#### [contract-validator](./plugins/contract-validator) *NEW in v5.0.0*
+#### [contract-validator](./plugins/contract-validator)
 **Cross-Plugin Compatibility Validation**

 Validate plugin marketplaces for command conflicts, tool overlaps, and broken agent references.
@@ -64,11 +90,11 @@ Validate plugin marketplaces for command conflicts, tool overlaps, and broken ag
 - Data flow validation for agent sequences
 - Markdown or JSON reports with actionable suggestions

-**Commands:** `/validate-contracts`, `/check-agent`, `/list-interfaces`, `/dependency-graph`, `/initial-setup`
+**Commands:** `/cv validate`, `/cv check-agent`, `/cv list-interfaces`, `/cv dependency-graph`, `/cv setup`

 ### Productivity

-#### [clarity-assist](./plugins/clarity-assist) *NEW in v3.0.0*
+#### [clarity-assist](./plugins/clarity-assist)
 **Prompt Optimization with ND Accommodations**

 Transform vague requests into clear specifications using structured methodology.
@@ -77,14 +103,14 @@ Transform vague requests into clear specifications using structured methodology.
 - ND-friendly question patterns (option-based, chunked)
 - Conflict detection and escalation protocols

-**Commands:** `/clarify`, `/quick-clarify`
+**Commands:** `/clarity clarify`, `/clarity quick-clarify`

 #### [doc-guardian](./plugins/doc-guardian)
 **Documentation Lifecycle Management**

 Automatic documentation drift detection and synchronization.

-**Commands:** `/doc-audit`, `/doc-sync`, `/changelog-gen`, `/doc-coverage`, `/stale-docs`
+**Commands:** `/doc audit`, `/doc sync`, `/doc changelog-gen`, `/doc coverage`, `/doc stale-docs`

 #### [project-hygiene](./plugins/project-hygiene)
 **Post-Task Cleanup Automation**
@@ -98,7 +124,7 @@ Hook-based cleanup that runs after Claude completes work.

 Security vulnerability detection and code refactoring tools.

-**Commands:** `/security-scan`, `/refactor`, `/refactor-dry`
+**Commands:** `/sentinel scan`, `/sentinel refactor`, `/sentinel refactor-dry`

 ### Infrastructure

@@ -107,11 +133,11 @@ Security vulnerability detection and code refactoring tools.

 Full CRUD operations for network infrastructure management directly from Claude Code.

-**Commands:** `/initial-setup`, `/cmdb-search`, `/cmdb-device`, `/cmdb-ip`, `/cmdb-site`, `/cmdb-audit`, `/cmdb-register`, `/cmdb-sync`, `/cmdb-topology`, `/change-audit`, `/ip-conflicts`
+**Commands:** `/cmdb setup`, `/cmdb search`, `/cmdb device`, `/cmdb ip`, `/cmdb site`, `/cmdb audit`, `/cmdb register`, `/cmdb sync`, `/cmdb topology`, `/cmdb change-audit`, `/cmdb ip-conflicts`

 ### Data Engineering

-#### [data-platform](./plugins/data-platform) *NEW in v4.0.0*
+#### [data-platform](./plugins/data-platform)
 **pandas, PostgreSQL/PostGIS, and dbt Integration**

 Comprehensive data engineering toolkit with persistent DataFrame storage.
@@ -122,11 +148,11 @@ Comprehensive data engineering toolkit with persistent DataFrame storage.
 - 100k row limit with chunking support
 - Auto-detection of dbt projects

-**Commands:** `/ingest`, `/profile`, `/schema`, `/explain`, `/lineage`, `/lineage-viz`, `/run`, `/dbt-test`, `/data-quality`, `/initial-setup`
+**Commands:** `/data ingest`, `/data profile`, `/data schema`, `/data explain`, `/data lineage`, `/data lineage-viz`, `/data run`, `/data dbt-test`, `/data quality`, `/data review`, `/data gate`, `/data setup`

 ### Visualization

-#### [viz-platform](./plugins/viz-platform) *NEW in v4.0.0*
+#### [viz-platform](./plugins/viz-platform)
 **Dash Mantine Components Validation and Theming**

 Visualization toolkit with version-locked component validation and design token theming.
@@ -138,7 +164,124 @@ Visualization toolkit with version-locked component validation and design token
 - 5 Page tools for multi-page app structure
 - Dual theme storage: user-level and project-level

-**Commands:** `/chart`, `/chart-export`, `/dashboard`, `/theme`, `/theme-new`, `/theme-css`, `/component`, `/accessibility-check`, `/breakpoints`, `/initial-setup`
+**Commands:** `/viz chart`, `/viz chart-export`, `/viz dashboard`, `/viz theme`, `/viz theme-new`, `/viz theme-css`, `/viz component`, `/viz accessibility-check`, `/viz breakpoints`, `/viz design-review`, `/viz design-gate`, `/viz setup`
+
+#### [data-seed](./plugins/data-seed)
+**Test Data Generation and Database Seeding**
+
+Relationship-aware test data generation with reusable seed profiles.
+
+- Schema inference from existing databases
+- Faker-based data generation with locale support
+- Foreign key relationship resolution
+- Reusable seed profiles for consistent test environments
+
+**Commands:** `/seed setup`, `/seed generate`, `/seed profile`, `/seed validate`, `/seed apply`
+
+### SaaS Development
+
+#### [saas-api-platform](./plugins/saas-api-platform)
+**REST and GraphQL API Scaffolding**
+
+API development toolkit for FastAPI and Express projects with OpenAPI integration.
+
+- Framework-aware scaffolding (FastAPI, Express)
+- OpenAPI spec generation and validation
+- Middleware catalog with authentication, CORS, rate limiting
+- Route pattern enforcement and test generation
+
+**Commands:** `/api setup`, `/api scaffold`, `/api validate`, `/api docs`, `/api middleware`, `/api test-routes`
+
+#### [saas-db-migrate](./plugins/saas-db-migrate)
+**Database Migration Management**
+
+Migration toolkit for Alembic, Prisma, and raw SQL with safety validation.
+
+- ORM/tool auto-detection
+- Migration safety analysis (data loss, locks, rollback)
+- Execution planning with rollback strategies
+- Migration history tracking
+
+**Commands:** `/db-migrate setup`, `/db-migrate generate`, `/db-migrate validate`, `/db-migrate plan`, `/db-migrate history`, `/db-migrate rollback`
+
+#### [saas-react-platform](./plugins/saas-react-platform)
+**React Frontend Development Toolkit**
+
+Component scaffolding, routing, and state management for Next.js and Vite projects.
+
+- Framework detection (Next.js App Router/Pages, Vite, CRA, Remix)
+- TypeScript-first component generation with co-located tests
+- State management pattern selection (Context, Zustand, Redux Toolkit)
+- Anti-pattern detection and component tree analysis
+
+**Commands:** `/react setup`, `/react component`, `/react route`, `/react state`, `/react hook`, `/react lint`
+
+#### [saas-test-pilot](./plugins/saas-test-pilot)
+**Test Automation Toolkit**
+
+Test generation and coverage analysis for pytest, Jest, Vitest, and Playwright.
+
+- Framework auto-detection and configuration
+- Test case generation from code analysis
+- Coverage gap detection with risk prioritization
+- E2E test scenario generation from user stories
+
+**Commands:** `/test setup`, `/test generate`, `/test coverage`, `/test fixtures`, `/test e2e`, `/test run`
+
+### Operations
+
+#### [ops-release-manager](./plugins/ops-release-manager)
+**Release Management Automation**
+
+Semantic versioning, changelog generation, and tag management.
+
+- Version location auto-detection across manifests
+- Conventional commit-based bump suggestions
+- Keep a Changelog format automation
+- Release branch/tag creation and rollback
+
+**Commands:** `/release setup`, `/release prepare`, `/release validate`, `/release tag`, `/release rollback`, `/release status`
+
+#### [ops-deploy-pipeline](./plugins/ops-deploy-pipeline)
+**Deployment Pipeline Management**
+
+CI/CD for Docker Compose and systemd-based services on self-hosted infrastructure.
+
+- Docker Compose configuration generation
+- Caddy reverse proxy patterns
+- Environment-specific config management
+- Pre-deployment health checks and rollback planning
+
+**Commands:** `/deploy setup`, `/deploy generate`, `/deploy validate`, `/deploy env`, `/deploy check`, `/deploy rollback`
+
+### Debugging
+
+#### [debug-mcp](./plugins/debug-mcp)
+**MCP Server Debugging Toolkit**
+
+Diagnostic tools for MCP server health, testing, and development.
+
+- MCP server health status dashboard
+- Individual tool call testing
+- Server log analysis with error pattern recognition
+- MCP server scaffold generation
+
+**Commands:** `/debug-mcp status`, `/debug-mcp test`, `/debug-mcp logs`, `/debug-mcp inspect`, `/debug-mcp scaffold`
+
+## Domain Advisory Pattern
+
+The marketplace supports cross-plugin domain advisory integration:
+
+- **Domain Detection**: projman automatically detects when issues involve specialized domains (frontend/viz, data engineering)
+- **Acceptance Criteria**: Domain-specific acceptance criteria are added to issues during planning
+- **Execution Gates**: Domain validation gates (`/viz design-gate`, `/data gate`) run before issue completion
+- **Extensible**: New domains can be added by creating advisory agents and gate commands
+
+**Current Domains:**
+| Domain | Plugin | Gate Command |
+|--------|--------|--------------|
+| Visualization | viz-platform | `/viz design-gate` |
+| Data | data-platform | `/data gate` |

 ## MCP Servers

@@ -155,7 +298,7 @@ Full Gitea API integration for project management.
 | Wiki | `list_wiki_pages`, `get_wiki_page`, `create_wiki_page`, `update_wiki_page`, `create_lesson`, `search_lessons` |
 | Milestones | `list_milestones`, `get_milestone`, `create_milestone`, `update_milestone`, `delete_milestone` |
 | Dependencies | `list_issue_dependencies`, `create_issue_dependency`, `remove_issue_dependency`, `get_execution_order` |
-| **Pull Requests** | `list_pull_requests`, `get_pull_request`, `get_pr_diff`, `get_pr_comments`, `create_pr_review`, `add_pr_comment` *(NEW in v3.0.0)* |
+| **Pull Requests** | `list_pull_requests`, `get_pull_request`, `get_pr_diff`, `get_pr_comments`, `create_pr_review`, `add_pr_comment` |
 | Validation | `validate_repo_org`, `get_branch_protection` |

 ### NetBox MCP Server (shared)
@@ -170,7 +313,7 @@ Comprehensive NetBox REST API integration for infrastructure management.
 | Virtualization | Clusters, VMs, Interfaces |
 | Extras | Tags, Custom Fields, Audit Log |

-### Data Platform MCP Server (shared) *NEW in v4.0.0*
+### Data Platform MCP Server (shared)

 pandas, PostgreSQL/PostGIS, and dbt integration for data engineering.

@@ -181,7 +324,7 @@ pandas, PostgreSQL/PostGIS, and dbt integration for data engineering.
 | PostGIS | `st_tables`, `st_geometry_type`, `st_srid`, `st_extent` |
 | dbt | `dbt_parse`, `dbt_run`, `dbt_test`, `dbt_build`, `dbt_compile`, `dbt_ls`, `dbt_docs_generate`, `dbt_lineage` |

-### Viz Platform MCP Server (shared) *NEW in v4.0.0*
+### Viz Platform MCP Server (shared)

 Dash Mantine Components validation and visualization tools.

@@ -193,14 +336,14 @@ Dash Mantine Components validation and visualization tools.
 | Theme | `theme_create`, `theme_extend`, `theme_validate`, `theme_export_css`, `theme_list`, `theme_activate` |
 | Page | `page_create`, `page_add_navbar`, `page_set_auth`, `page_list`, `page_get_app_config` |

-### Contract Validator MCP Server (shared) *NEW in v5.0.0*
+### Contract Validator MCP Server (shared)

 Cross-plugin compatibility validation tools.

 | Category | Tools |
 |----------|-------|
 | Parse | `parse_plugin_interface`, `parse_claude_md_agents` |
-| Validation | `validate_compatibility`, `validate_agent_refs`, `validate_data_flow` |
+| Validation | `validate_compatibility`, `validate_agent_refs`, `validate_data_flow`, `validate_workflow_integration` |
 | Report | `generate_compatibility_report`, `list_issues` |

 ## Installation
@@ -239,7 +382,7 @@ Add to `.claude/settings.json` in your target project:
 After installing plugins, run the setup wizard:

 ```
-/initial-setup
+/projman setup
 ```

 The wizard handles everything:
@@ -251,12 +394,12 @@ The wizard handles everything:

 **For new projects** (when system is already configured):
 ```
-/project-init
+/pr init
 ```

 **After moving a repository:**
 ```
-/project-sync
+/pr sync
 ```

 See [docs/CONFIGURATION.md](./docs/CONFIGURATION.md) for manual setup and advanced options.
@@ -291,17 +434,17 @@ After installing plugins, the `/plugin` command may show `(no content)` - this i

 | Plugin | Test Command |
 |--------|--------------|
-| git-flow | `/git-flow:git-status` |
+| git-flow | `/git-flow:gitflow-status` |
 | projman | `/projman:sprint-status` |
 | pr-review | `/pr-review:pr-summary` |
-| clarity-assist | `/clarity-assist:clarify` |
+| clarity-assist | `/clarity-assist:clarity-clarify` |
 | doc-guardian | `/doc-guardian:doc-audit` |
-| code-sentinel | `/code-sentinel:security-scan` |
-| claude-config-maintainer | `/claude-config-maintainer:config-analyze` |
+| code-sentinel | `/code-sentinel:sentinel-scan` |
+| claude-config-maintainer | `/claude-config-maintainer:claude-config-analyze` |
 | cmdb-assistant | `/cmdb-assistant:cmdb-search` |
-| data-platform | `/data-platform:ingest` |
-| viz-platform | `/viz-platform:chart` |
-| contract-validator | `/contract-validator:validate-contracts` |
+| data-platform | `/data-platform:data-ingest` |
+| viz-platform | `/viz-platform:viz-chart` |
+| contract-validator | `/contract-validator:cv-validate` |

 ## Repository Structure

--- a/docs/CANONICAL-PATHS.md
+++ b/docs/CANONICAL-PATHS.md
@@ -2,7 +2,7 @@

 **This file defines ALL valid paths in this repository. No exceptions. No inference. No assumptions.**

-Last Updated: 2026-01-30 (v5.5.0)
+Last Updated: 2026-02-06 (v8.0.0)

 ---

@@ -12,10 +12,18 @@ Last Updated: 2026-01-30 (v5.5.0)
 leo-claude-mktplace/
 ├── .claude/                    # Claude Code local settings
 ├── .claude-plugin/             # Marketplace manifest
-│   └── marketplace.json
+│   ├── marketplace.json
+│   ├── marketplace-lean.json   # Lean profile (6 core plugins)
+│   └── marketplace-full.json   # Full profile (all plugins)
+├── .mcp-lean.json              # Lean profile MCP config (gitea only)
+├── .mcp-full.json              # Full profile MCP config (all servers)
 ├── .scratch/                   # Transient work (auto-cleaned)
 ├── docs/                       # All documentation
 │   ├── architecture/           # Draw.io diagrams and specs
+│   ├── prompts/                # Shared prompt templates
+│   │   └── INDEX.md            # Prompt template index
+│   ├── project-lessons-learned/ # Project-level lessons (not sprint-specific)
+│   │   └── INDEX.md            # Lessons index
 │   ├── CANONICAL-PATHS.md      # This file - single source of truth
 │   ├── COMMANDS-CHEATSHEET.md  # All commands quick reference
 │   ├── CONFIGURATION.md        # Centralized configuration guide
@@ -150,7 +158,9 @@ leo-claude-mktplace/
 │   ├── validate-marketplace.sh # Marketplace compliance validation
 │   ├── verify-hooks.sh         # Verify all hooks use correct event types
 │   ├── setup-venvs.sh          # Setup MCP server venvs (create only, never delete)
-│   └── release.sh              # Release automation with version bumping
+│   ├── release.sh              # Release automation with version bumping
+│   ├── claude-launch.sh        # Task-specific launcher with profile selection
+│   └── switch-profile.sh       # DEPRECATED: use claude-launch.sh instead
 ├── CLAUDE.md
 ├── README.md
 ├── LICENSE
@@ -162,12 +172,40 @@ leo-claude-mktplace/

 ## Path Patterns (MANDATORY)

+### Phase 1a Paths (v8.1.0)
+
+New files added in v8.1.0:
+
+```
+plugins/projman/commands/project.md
+plugins/projman/commands/project-initiation.md
+plugins/projman/commands/project-plan.md
+plugins/projman/commands/project-status.md
+plugins/projman/commands/project-close.md
+plugins/projman/commands/adr.md
+plugins/projman/commands/adr-create.md
+plugins/projman/commands/adr-list.md
+plugins/projman/commands/adr-update.md
+plugins/projman/commands/adr-supersede.md
+plugins/projman/skills/source-analysis.md
+plugins/projman/skills/project-charter.md
+plugins/projman/skills/adr-conventions.md
+plugins/projman/skills/epic-conventions.md
+plugins/projman/skills/wbs.md
+plugins/projman/skills/risk-register.md
+plugins/projman/skills/sprint-roadmap.md
+plugins/projman/skills/wiki-conventions.md
+plugins/project-hygiene/commands/hygiene-check.md
+plugins/contract-validator/commands/cv-status.md
+```
+
 ### Plugin Paths

 | Context | Pattern | Example |
 |---------|---------|---------|
 | Plugin location | `plugins/{plugin-name}/` | `plugins/projman/` |
 | Plugin manifest | `plugins/{plugin-name}/.claude-plugin/plugin.json` | `plugins/projman/.claude-plugin/plugin.json` |
+| Plugin MCP mapping (optional) | `plugins/{plugin-name}/.claude-plugin/metadata.json` | `plugins/projman/.claude-plugin/metadata.json` |
 | Plugin commands | `plugins/{plugin-name}/commands/` | `plugins/projman/commands/` |
 | Plugin agents | `plugins/{plugin-name}/agents/` | `plugins/projman/agents/` |
 | Plugin skills | `plugins/{plugin-name}/skills/` | `plugins/projman/skills/` |
@@ -182,10 +220,42 @@ MCP servers are **shared at repository root** and configured in `.mcp.json`.
 | MCP configuration | `.mcp.json` | `.mcp.json` (at repo root) |
 | Shared MCP server | `mcp-servers/{server}/` | `mcp-servers/gitea/` |
 | MCP server code | `mcp-servers/{server}/mcp_server/` | `mcp-servers/gitea/mcp_server/` |
-| MCP venv | `mcp-servers/{server}/.venv/` | `mcp-servers/gitea/.venv/` |
+| MCP venv (local) | `mcp-servers/{server}/.venv/` | `mcp-servers/gitea/.venv/` |

 **Note:** Plugins do NOT have their own `mcp-servers/` directories. All MCP servers are shared at root and configured via `.mcp.json`.

+### MCP Venv Paths - CRITICAL
+
+**Venvs live in a CACHE directory that SURVIVES marketplace updates.**
+
+When checking for venvs, ALWAYS check in this order:
+
+| Priority | Path | Survives Updates? |
+|----------|------|-------------------|
+| 1 (CHECK FIRST) | `~/.cache/claude-mcp-venvs/leo-claude-mktplace/{server}/.venv/` | YES |
+| 2 (fallback) | `{marketplace}/mcp-servers/{server}/.venv/` | NO |
+
+**Why cache first?**
+- Marketplace directory gets WIPED on every update/reinstall
+- Cache directory SURVIVES updates
+- False "venv missing" errors waste hours of debugging
+
+**Pattern for hooks checking venvs:**
+```bash
+CACHE_VENV="$HOME/.cache/claude-mcp-venvs/leo-claude-mktplace/{server}/.venv/bin/python"
+LOCAL_VENV="$MARKETPLACE_ROOT/mcp-servers/{server}/.venv/bin/python"
+
+if [[ -f "$CACHE_VENV" ]]; then
+    VENV_PATH="$CACHE_VENV"
+elif [[ -f "$LOCAL_VENV" ]]; then
+    VENV_PATH="$LOCAL_VENV"
+else
+    echo "venv missing"
+fi
+```
+
+**See lesson learned:** [Startup Hooks Must Check Venv Cache Path First](https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/wiki/lessons/patterns/startup-hooks-must-check-venv-cache-path-first)
+
 ### Documentation Paths

 | Type | Location |
@@ -269,10 +339,64 @@ All MCP servers are defined in `.mcp.json` at repository root:

 ---

+## Domain Metadata
+
+### Domain Field Locations
+
+Both manifest files require a `domain` field (v8.0.0+):
+
+| Location | Field | Example |
+|----------|-------|---------|
+| `plugins/{name}/.claude-plugin/plugin.json` | `"domain": "core"` | `plugins/projman/.claude-plugin/plugin.json` |
+| `.claude-plugin/marketplace.json` | `"domain": "core"` per plugin entry | `.claude-plugin/marketplace.json` |
+
+### Allowed Domain Values
+
+| Domain | Purpose | Existing Plugins |
+|--------|---------|-----------------|
+| `core` | Development workflow plugins | projman, git-flow, pr-review, code-sentinel, doc-guardian, clarity-assist, contract-validator, claude-config-maintainer, project-hygiene |
+| `data` | Data engineering and visualization | data-platform, viz-platform |
+| `ops` | Operations and infrastructure | cmdb-assistant |
+| `saas` | SaaS application development | (Phase 2) |
+| `debug` | Debugging and diagnostics | (Phase 2) |
+
+### Plugin Naming Convention
+
+- **Core plugins:** No prefix (existing names never change)
+- **New plugins:** Domain prefix: `saas-*`, `ops-*`, `data-*`, `debug-*`
+- Domain is always in metadata — prefix is a naming convention, not a requirement
+
+### Domain Query Examples
+
+```bash
+# List all plugins in a domain
+jq '.plugins[] | select(.domain=="saas") | .name' .claude-plugin/marketplace.json
+
+# Count plugins per domain
+jq '[.plugins[] | .domain] | group_by(.) | map({domain: .[0], count: length})' .claude-plugin/marketplace.json
+```
+
+### Future Plugin Path Patterns
+
+```
+plugins/saas-api-platform/
+plugins/saas-db-migrate/
+plugins/saas-react-platform/
+plugins/saas-test-pilot/
+plugins/data-seed/
+plugins/ops-release-manager/
+plugins/ops-deploy-pipeline/
+plugins/debug-mcp/
+```
+
+---
+
 ## Change Log

 | Date | Change | By |
 |------|--------|-----|
+| 2026-02-06 | v8.0.0: Added domain metadata section, Phase 1a paths, future plugin paths | Claude Code |
+| 2026-02-04 | v7.1.0: Added profile configs, prompts/, project-lessons-learned/, metadata.json, deprecated switch-profile.sh | Claude Code |
 | 2026-01-30 | v5.5.0: Removed plugin-level mcp-servers symlinks - all MCP config now in root .mcp.json | Claude Code |
 | 2026-01-26 | v5.0.0: Added contract-validator plugin and MCP server | Claude Code |
 | 2026-01-26 | v4.1.0: Added viz-platform plugin and MCP server | Claude Code |
--- a/docs/COMMANDS-CHEATSHEET.md
+++ b/docs/COMMANDS-CHEATSHEET.md
@@ -1,6 +1,8 @@
 # Plugin Commands Cheat Sheet

-Quick reference for all commands in the Leo Claude Marketplace.
+Quick reference for all commands in the Leo Claude Marketplace (v9.0.0+).
+
+All commands follow the `/<noun> <action>` sub-command pattern.

 ---

@@ -8,91 +10,96 @@ Quick reference for all commands in the Leo Claude Marketplace.

 | Plugin | Command | Auto | Manual | Description |
 |--------|---------|:----:|:------:|-------------|
-| **projman** | `/sprint-plan` | | X | Start sprint planning with AI-guided architecture analysis and issue creation |
-| **projman** | `/sprint-start` | | X | Begin sprint execution with dependency analysis and parallel task coordination |
-| **projman** | `/sprint-status` | | X | Check current sprint progress (add `--diagram` for Mermaid visualization) |
-| **projman** | `/review` | | X | Pre-sprint-close code quality review (debug artifacts, security, error handling) |
-| **projman** | `/test` | | X | Run tests (`/test run`) or generate tests (`/test gen <target>`) |
-| **projman** | `/sprint-close` | | X | Complete sprint and capture lessons learned to Gitea Wiki |
-| **projman** | `/labels-sync` | | X | Synchronize label taxonomy from Gitea |
-| **projman** | `/setup` | | X | Auto-detect mode or use `--full`, `--quick`, `--sync` |
-| **projman** | *SessionStart hook* | X | | Detects git remote vs .env mismatch, warns to run `/setup --sync` |
-| **projman** | `/debug` | | X | Diagnostics (`/debug report`) or investigate (`/debug review`) |
-| **projman** | `/suggest-version` | | X | Analyze CHANGELOG and recommend semantic version bump |
-| **projman** | `/proposal-status` | | X | View proposal and implementation hierarchy with status |
-| **projman** | `/clear-cache` | | X | Clear plugin cache to force fresh configuration reload |
-| **git-flow** | `/commit` | | X | Create commit with auto-generated conventional message |
-| **git-flow** | `/commit-push` | | X | Commit and push to remote in one operation |
-| **git-flow** | `/commit-merge` | | X | Commit current changes, then merge into target branch |
-| **git-flow** | `/commit-sync` | | X | Full sync: commit, push, and sync with upstream/base branch |
-| **git-flow** | `/branch-start` | | X | Create new feature/fix/chore branch with naming conventions |
-| **git-flow** | `/branch-cleanup` | | X | Remove merged branches locally and optionally on remote |
-| **git-flow** | `/git-status` | | X | Enhanced git status with recommendations |
-| **git-flow** | `/git-config` | | X | Configure git-flow settings for the project |
-| **pr-review** | `/initial-setup` | | X | Setup wizard for pr-review (shares Gitea MCP with projman) |
-| **pr-review** | `/project-init` | | X | Quick project setup for PR reviews |
-| **pr-review** | `/project-sync` | | X | Sync config with git remote after repo move/rename |
-| **pr-review** | *SessionStart hook* | X | | Detects git remote vs .env mismatch |
-| **pr-review** | `/pr-review` | | X | Full multi-agent PR review with confidence scoring |
-| **pr-review** | `/pr-summary` | | X | Quick summary of PR changes |
-| **pr-review** | `/pr-findings` | | X | List and filter review findings by category/severity |
-| **pr-review** | `/pr-diff` | | X | Formatted diff with inline review comments and annotations |
-| **clarity-assist** | `/clarify` | | X | Full 4-D prompt optimization with ND accommodations |
-| **clarity-assist** | `/quick-clarify` | | X | Rapid single-pass clarification for simple requests |
-| **doc-guardian** | `/doc-audit` | | X | Full documentation audit - scans for doc drift |
-| **doc-guardian** | `/doc-sync` | | X | Synchronize pending documentation updates |
-| **doc-guardian** | `/changelog-gen` | | X | Generate changelog from conventional commits |
-| **doc-guardian** | `/doc-coverage` | | X | Documentation coverage metrics by function/class |
-| **doc-guardian** | `/stale-docs` | | X | Flag documentation behind code changes |
-| **doc-guardian** | *PostToolUse hook* | X | | Silently detects doc drift on Write/Edit |
-| **code-sentinel** | `/security-scan` | | X | Full security audit (SQL injection, XSS, secrets, etc.) |
-| **code-sentinel** | `/refactor` | | X | Apply refactoring patterns to improve code |
-| **code-sentinel** | `/refactor-dry` | | X | Preview refactoring without applying changes |
+| **projman** | `/sprint plan` | | X | Start sprint planning with AI-guided architecture analysis and issue creation |
+| **projman** | `/sprint start` | | X | Begin sprint execution with dependency analysis and parallel task coordination (requires approval or `--force`) |
+| **projman** | `/sprint status` | | X | Check current sprint progress (add `--diagram` for Mermaid visualization) |
+| **projman** | `/sprint review` | | X | Pre-sprint-close code quality review (debug artifacts, security, error handling) |
+| **projman** | `/sprint test` | | X | Run tests (`/sprint test run`) or generate tests (`/sprint test gen <target>`) |
+| **projman** | `/sprint close` | | X | Complete sprint and capture lessons learned to Gitea Wiki |
+| **projman** | `/labels sync` | | X | Synchronize label taxonomy from Gitea |
+| **projman** | `/projman setup` | | X | Auto-detect mode or use `--full`, `--quick`, `--sync`, `--clear-cache` |
+| **projman** | `/rfc create\|list\|review\|approve\|reject` | | X | RFC lifecycle management |
+| **projman** | `/project initiation\|plan\|status\|close` | | X | Project lifecycle management |
+| **projman** | `/adr create\|list\|update\|supersede` | | X | Architecture Decision Records |
+| **git-flow** | `/gitflow commit` | | X | Create commit with auto-generated conventional message. Flags: `--push`, `--merge`, `--sync` |
+| **git-flow** | `/gitflow branch-start` | | X | Create new feature/fix/chore branch with naming conventions |
+| **git-flow** | `/gitflow branch-cleanup` | | X | Remove merged branches locally and optionally on remote |
+| **git-flow** | `/gitflow status` | | X | Enhanced git status with recommendations |
+| **git-flow** | `/gitflow config` | | X | Configure git-flow settings for the project |
+| **pr-review** | `/pr setup` | | X | Setup wizard for pr-review (shares Gitea MCP with projman) |
+| **pr-review** | `/pr init` | | X | Quick project setup for PR reviews |
+| **pr-review** | `/pr sync` | | X | Sync config with git remote after repo move/rename |
+| **pr-review** | `/pr review` | | X | Full multi-agent PR review with confidence scoring |
+| **pr-review** | `/pr summary` | | X | Quick summary of PR changes |
+| **pr-review** | `/pr findings` | | X | List and filter review findings by category/severity |
+| **pr-review** | `/pr diff` | | X | Formatted diff with inline review comments and annotations |
+| **clarity-assist** | `/clarity clarify` | | X | Full 4-D prompt optimization with ND accommodations |
+| **clarity-assist** | `/clarity quick-clarify` | | X | Rapid single-pass clarification for simple requests |
+| **doc-guardian** | `/doc audit` | | X | Full documentation audit - scans for doc drift |
+| **doc-guardian** | `/doc sync` | | X | Synchronize pending documentation updates |
+| **doc-guardian** | `/doc changelog-gen` | | X | Generate changelog from conventional commits |
+| **doc-guardian** | `/doc coverage` | | X | Documentation coverage metrics by function/class |
+| **doc-guardian** | `/doc stale-docs` | | X | Flag documentation behind code changes |
+| **code-sentinel** | `/sentinel scan` | | X | Full security audit (SQL injection, XSS, secrets, etc.) |
+| **code-sentinel** | `/sentinel refactor` | | X | Apply refactoring patterns to improve code |
+| **code-sentinel** | `/sentinel refactor-dry` | | X | Preview refactoring without applying changes |
 | **code-sentinel** | *PreToolUse hook* | X | | Scans code before writing; blocks critical issues |
-| **claude-config-maintainer** | `/config-analyze` | | X | Analyze CLAUDE.md for optimization opportunities |
-| **claude-config-maintainer** | `/config-optimize` | | X | Optimize CLAUDE.md structure with preview/backup |
-| **claude-config-maintainer** | `/config-init` | | X | Initialize new CLAUDE.md for a project |
-| **claude-config-maintainer** | `/config-diff` | | X | Track CLAUDE.md changes over time with behavioral impact |
-| **claude-config-maintainer** | `/config-lint` | | X | Lint CLAUDE.md for anti-patterns and best practices |
-| **cmdb-assistant** | `/initial-setup` | | X | Setup wizard for NetBox MCP server |
-| **cmdb-assistant** | `/cmdb-search` | | X | Search NetBox for devices, IPs, sites |
-| **cmdb-assistant** | `/cmdb-device` | | X | Manage network devices (create, view, update, delete) |
-| **cmdb-assistant** | `/cmdb-ip` | | X | Manage IP addresses and prefixes |
-| **cmdb-assistant** | `/cmdb-site` | | X | Manage sites, locations, racks, and regions |
-| **cmdb-assistant** | `/cmdb-audit` | | X | Data quality analysis (VMs, devices, naming, roles) |
-| **cmdb-assistant** | `/cmdb-register` | | X | Register current machine into NetBox with running apps |
-| **cmdb-assistant** | `/cmdb-sync` | | X | Sync machine state with NetBox (detect drift, update) |
-| **cmdb-assistant** | `/cmdb-topology` | | X | Infrastructure topology diagrams (rack, network, site views) |
-| **cmdb-assistant** | `/change-audit` | | X | NetBox audit trail queries with filtering |
-| **cmdb-assistant** | `/ip-conflicts` | | X | Detect IP conflicts and overlapping prefixes |
-| **project-hygiene** | *PostToolUse hook* | X | | Removes temp files, warns about unexpected root files |
-| **data-platform** | `/ingest` | | X | Load data from CSV, Parquet, JSON into DataFrame |
-| **data-platform** | `/profile` | | X | Generate data profiling report with statistics |
-| **data-platform** | `/schema` | | X | Explore database schemas, tables, columns |
-| **data-platform** | `/explain` | | X | Explain query execution plan |
-| **data-platform** | `/lineage` | | X | Show dbt model lineage and dependencies |
-| **data-platform** | `/run` | | X | Run dbt models with validation |
-| **data-platform** | `/lineage-viz` | | X | dbt lineage visualization as Mermaid diagrams |
-| **data-platform** | `/dbt-test` | | X | Formatted dbt test runner with summary and failure details |
-| **data-platform** | `/data-quality` | | X | DataFrame quality checks (nulls, duplicates, types, outliers) |
-| **data-platform** | `/initial-setup` | | X | Setup wizard for data-platform MCP servers |
-| **data-platform** | *SessionStart hook* | X | | Checks PostgreSQL connection (non-blocking warning) |
-| **viz-platform** | `/initial-setup` | | X | Setup wizard for viz-platform MCP server |
-| **viz-platform** | `/chart` | | X | Create Plotly charts with theme integration |
-| **viz-platform** | `/dashboard` | | X | Create dashboard layouts with filters and grids |
-| **viz-platform** | `/theme` | | X | Apply existing theme to visualizations |
-| **viz-platform** | `/theme-new` | | X | Create new custom theme with design tokens |
-| **viz-platform** | `/theme-css` | | X | Export theme as CSS custom properties |
-| **viz-platform** | `/component` | | X | Inspect DMC component props and validation |
-| **viz-platform** | `/chart-export` | | X | Export charts to PNG, SVG, PDF via kaleido |
-| **viz-platform** | `/accessibility-check` | | X | Color blind validation (WCAG contrast ratios) |
-| **viz-platform** | `/breakpoints` | | X | Configure responsive layout breakpoints |
-| **viz-platform** | *SessionStart hook* | X | | Checks DMC version (non-blocking warning) |
-| **contract-validator** | `/validate-contracts` | | X | Full marketplace compatibility validation |
-| **contract-validator** | `/check-agent` | | X | Validate single agent definition |
-| **contract-validator** | `/list-interfaces` | | X | Show all plugin interfaces |
-| **contract-validator** | `/dependency-graph` | | X | Mermaid visualization of plugin dependencies |
-| **contract-validator** | `/initial-setup` | | X | Setup wizard for contract-validator MCP |
+| **claude-config-maintainer** | `/claude-config analyze` | | X | Analyze CLAUDE.md for optimization opportunities |
+| **claude-config-maintainer** | `/claude-config optimize` | | X | Optimize CLAUDE.md structure with preview/backup |
+| **claude-config-maintainer** | `/claude-config init` | | X | Initialize new CLAUDE.md for a project |
+| **claude-config-maintainer** | `/claude-config diff` | | X | Track CLAUDE.md changes over time with behavioral impact |
+| **claude-config-maintainer** | `/claude-config lint` | | X | Lint CLAUDE.md for anti-patterns and best practices |
+| **claude-config-maintainer** | `/claude-config audit-settings` | | X | Audit settings.local.json permissions (100-point score) |
+| **claude-config-maintainer** | `/claude-config optimize-settings` | | X | Optimize permissions (profiles, consolidation, dry-run) |
+| **claude-config-maintainer** | `/claude-config permissions-map` | | X | Visual review layer + permission coverage map |
+| **cmdb-assistant** | `/cmdb setup` | | X | Setup wizard for NetBox MCP server |
+| **cmdb-assistant** | `/cmdb search` | | X | Search NetBox for devices, IPs, sites |
+| **cmdb-assistant** | `/cmdb device` | | X | Manage network devices (create, view, update, delete) |
+| **cmdb-assistant** | `/cmdb ip` | | X | Manage IP addresses and prefixes |
+| **cmdb-assistant** | `/cmdb site` | | X | Manage sites, locations, racks, and regions |
+| **cmdb-assistant** | `/cmdb audit` | | X | Data quality analysis (VMs, devices, naming, roles) |
+| **cmdb-assistant** | `/cmdb register` | | X | Register current machine into NetBox with running apps |
+| **cmdb-assistant** | `/cmdb sync` | | X | Sync machine state with NetBox (detect drift, update) |
+| **cmdb-assistant** | `/cmdb topology` | | X | Infrastructure topology diagrams (rack, network, site views) |
+| **cmdb-assistant** | `/cmdb change-audit` | | X | NetBox audit trail queries with filtering |
+| **cmdb-assistant** | `/cmdb ip-conflicts` | | X | Detect IP conflicts and overlapping prefixes |
+| **project-hygiene** | `/hygiene check` | | X | Project file organization and cleanup check |
+| **data-platform** | `/data ingest` | | X | Load data from CSV, Parquet, JSON into DataFrame |
+| **data-platform** | `/data profile` | | X | Generate data profiling report with statistics |
+| **data-platform** | `/data schema` | | X | Explore database schemas, tables, columns |
+| **data-platform** | `/data explain` | | X | Explain query execution plan |
+| **data-platform** | `/data lineage` | | X | Show dbt model lineage and dependencies |
+| **data-platform** | `/data run` | | X | Run dbt models with validation |
+| **data-platform** | `/data lineage-viz` | | X | dbt lineage visualization as Mermaid diagrams |
+| **data-platform** | `/data dbt-test` | | X | Formatted dbt test runner with summary and failure details |
+| **data-platform** | `/data quality` | | X | DataFrame quality checks (nulls, duplicates, types, outliers) |
+| **data-platform** | `/data review` | | X | Comprehensive data integrity audits |
+| **data-platform** | `/data gate` | | X | Binary pass/fail data integrity gates |
+| **data-platform** | `/data setup` | | X | Setup wizard for data-platform MCP servers |
+| **viz-platform** | `/viz setup` | | X | Setup wizard for viz-platform MCP server |
+| **viz-platform** | `/viz chart` | | X | Create Plotly charts with theme integration |
+| **viz-platform** | `/viz chart-export` | | X | Export charts to PNG, SVG, PDF via kaleido |
+| **viz-platform** | `/viz dashboard` | | X | Create dashboard layouts with filters and grids |
+| **viz-platform** | `/viz theme` | | X | Apply existing theme to visualizations |
+| **viz-platform** | `/viz theme-new` | | X | Create new custom theme with design tokens |
+| **viz-platform** | `/viz theme-css` | | X | Export theme as CSS custom properties |
+| **viz-platform** | `/viz component` | | X | Inspect DMC component props and validation |
+| **viz-platform** | `/viz accessibility-check` | | X | Color blind validation (WCAG contrast ratios) |
+| **viz-platform** | `/viz breakpoints` | | X | Configure responsive layout breakpoints |
+| **viz-platform** | `/viz design-review` | | X | Detailed design system audits |
+| **viz-platform** | `/viz design-gate` | | X | Binary pass/fail design system validation gates |
+| **contract-validator** | `/cv validate` | | X | Full marketplace compatibility validation |
+| **contract-validator** | `/cv check-agent` | | X | Validate single agent definition |
+| **contract-validator** | `/cv list-interfaces` | | X | Show all plugin interfaces |
+| **contract-validator** | `/cv dependency-graph` | | X | Mermaid visualization of plugin dependencies |
+| **contract-validator** | `/cv setup` | | X | Setup wizard for contract-validator MCP |
+| **contract-validator** | `/cv status` | | X | Marketplace-wide health check (installation, MCP, configuration) |
+
+---
+
+## Migration from v8.x
+
+All commands were renamed in v9.0.0 to follow `/<noun> <action>` pattern. See [MIGRATION-v9.md](./MIGRATION-v9.md) for the complete old-to-new mapping.

 ---

@@ -100,7 +107,7 @@ Quick reference for all commands in the Leo Claude Marketplace.

 | Category | Plugins | Primary Use |
 |----------|---------|-------------|
-| **Setup** | projman, pr-review, cmdb-assistant, data-platform | `/setup`, `/initial-setup` |
+| **Setup** | projman, pr-review, cmdb-assistant, data-platform, viz-platform, contract-validator | `/projman setup`, `/pr setup`, `/cmdb setup`, `/data setup`, `/viz setup`, `/cv setup` |
 | **Task Planning** | projman, clarity-assist | Sprint management, requirement clarification |
 | **Code Quality** | code-sentinel, pr-review | Security scanning, PR reviews |
 | **Documentation** | doc-guardian, claude-config-maintainer | Doc sync, CLAUDE.md maintenance |
@@ -109,7 +116,7 @@ Quick reference for all commands in the Leo Claude Marketplace.
 | **Data Engineering** | data-platform | pandas, PostgreSQL, dbt operations |
 | **Visualization** | viz-platform | DMC validation, Plotly charts, theming |
 | **Validation** | contract-validator | Cross-plugin compatibility checks |
-| **Maintenance** | project-hygiene | Automatic cleanup |
+| **Maintenance** | project-hygiene | Manual cleanup via `/hygiene check` |

 ---

@@ -117,34 +124,47 @@ Quick reference for all commands in the Leo Claude Marketplace.

 | Plugin | Hook Event | Behavior |
 |--------|------------|----------|
-| **projman** | SessionStart | Checks git remote vs .env; warns if mismatch detected; suggests sprint planning if issues exist |
-| **pr-review** | SessionStart | Checks git remote vs .env; warns if mismatch detected |
-| **doc-guardian** | PostToolUse (Write/Edit) | Tracks documentation drift; auto-updates dependent docs |
-| **code-sentinel** | PreToolUse (Write/Edit) | Scans for security issues; blocks critical vulnerabilities |
-| **project-hygiene** | PostToolUse (Write/Edit) | Cleans temp files, warns about misplaced files |
-| **data-platform** | SessionStart | Checks PostgreSQL connection; non-blocking warning if unavailable |
-| **viz-platform** | SessionStart | Checks DMC version; non-blocking warning if mismatch detected |
+| **code-sentinel** | PreToolUse (Write/Edit/MultiEdit) | Scans code before writing; blocks critical security issues |
+| **git-flow** | PreToolUse (Bash) | Validates branch naming and commit message conventions |
+| **cmdb-assistant** | PreToolUse (MCP create/update) | Validates input data before NetBox writes |
+| **clarity-assist** | UserPromptSubmit | Detects vague prompts and suggests clarification |

 ---

 ## Dev Workflow Examples

+### Example 0: RFC-Driven Feature Development
+
+Full workflow from idea to implementation using RFCs:
+
+```
+1. /clarity clarify            # Clarify the feature idea
+2. /rfc create                 # Create RFC from clarified spec
+   ... refine RFC content ...
+3. /rfc review 0001            # Submit RFC for review
+   ... review discussion ...
+4. /rfc approve 0001           # Approve RFC for implementation
+5. /sprint plan                # Select approved RFC for sprint
+   ... implement feature ...
+6. /sprint close               # Complete sprint, RFC marked Implemented
+```
+
 ### Example 1: Starting a New Feature Sprint

 A typical workflow for planning and executing a feature sprint:

 ```
-1. /clarify                  # Clarify requirements if vague
-2. /sprint-plan              # Plan the sprint with architecture analysis
-3. /labels-sync              # Ensure labels are up-to-date
-4. /sprint-start             # Begin execution with dependency ordering
-5. /branch-start feat/...    # Create feature branch
+1. /clarity clarify             # Clarify requirements if vague
+2. /sprint plan                 # Plan the sprint with architecture analysis
+3. /labels sync                 # Ensure labels are up-to-date
+4. /sprint start                # Begin execution with dependency ordering
+5. /gitflow branch-start feat/...  # Create feature branch
   ... implement features ...
-6. /commit                   # Commit with conventional message
-7. /sprint-status --diagram  # Check progress with visualization
-8. /review                   # Pre-close quality review
-9. /test run                 # Verify test coverage
-10. /sprint-close            # Capture lessons learned
+6. /gitflow commit              # Commit with conventional message
+7. /sprint status --diagram     # Check progress with visualization
+8. /sprint review               # Pre-close quality review
+9. /sprint test run             # Verify test coverage
+10. /sprint close               # Capture lessons learned
 ```

 ### Example 2: Daily Development Cycle
@@ -152,12 +172,12 @@ A typical workflow for planning and executing a feature sprint:
 Quick daily workflow with git-flow:

 ```
-1. /git-status               # Check current state
-2. /branch-start fix/...     # Start bugfix branch
+1. /gitflow status              # Check current state
+2. /gitflow branch-start fix/...  # Start bugfix branch
   ... make changes ...
-3. /commit                   # Auto-generate commit message
-4. /commit-push              # Push to remote
-5. /branch-cleanup           # Clean merged branches
+3. /gitflow commit              # Auto-generate commit message
+4. /gitflow commit --push       # Commit and push to remote
+5. /gitflow branch-cleanup      # Clean merged branches
 ```

 ### Example 3: Pull Request Review Workflow
@@ -165,10 +185,10 @@ Quick daily workflow with git-flow:
 Reviewing a PR before merge:

 ```
-1. /pr-summary               # Quick overview of changes
-2. /pr-review                # Full multi-agent review
-3. /pr-findings              # Filter findings by severity
-4. /security-scan            # Deep security audit if needed
+1. /pr summary                  # Quick overview of changes
+2. /pr review                   # Full multi-agent review
+3. /pr findings                 # Filter findings by severity
+4. /sentinel scan               # Deep security audit if needed
 ```

 ### Example 4: Documentation Maintenance
@@ -176,10 +196,10 @@ Reviewing a PR before merge:
 Keeping docs in sync:

 ```
-1. /doc-audit                # Scan for documentation drift
-2. /doc-sync                 # Apply pending updates
-3. /config-analyze           # Check CLAUDE.md health
-4. /config-optimize          # Optimize if needed
+1. /doc audit                   # Scan for documentation drift
+2. /doc sync                    # Apply pending updates
+3. /claude-config analyze       # Check CLAUDE.md health
+4. /claude-config optimize      # Optimize if needed
 ```

 ### Example 5: Code Refactoring Session
@@ -187,11 +207,11 @@ Keeping docs in sync:
 Safe refactoring with preview:

 ```
-1. /refactor-dry             # Preview opportunities
-2. /security-scan            # Baseline security check
-3. /refactor                 # Apply improvements
-4. /test run                 # Verify nothing broke
-5. /commit                   # Commit with descriptive message
+1. /sentinel refactor-dry       # Preview opportunities
+2. /sentinel scan               # Baseline security check
+3. /sentinel refactor           # Apply improvements
+4. /sprint test run             # Verify nothing broke
+5. /gitflow commit              # Commit with descriptive message
 ```

 ### Example 6: Infrastructure Documentation
@@ -199,10 +219,10 @@ Safe refactoring with preview:
 Managing infrastructure with CMDB:

 ```
-1. /cmdb-search "server"     # Find existing devices
-2. /cmdb-device view X       # Check device details
-3. /cmdb-ip list             # List available IPs
-4. /cmdb-site view Y         # Check site info
+1. /cmdb search "server"        # Find existing devices
+2. /cmdb device view X          # Check device details
+3. /cmdb ip list                # List available IPs
+4. /cmdb site view Y            # Check site info
 ```

 ### Example 6b: Data Engineering Workflow
@@ -210,12 +230,12 @@ Managing infrastructure with CMDB:
 Working with data pipelines:

 ```
-1. /ingest file.csv          # Load data into DataFrame
-2. /profile                  # Generate data profiling report
-3. /schema                   # Explore database schemas
-4. /lineage model_name       # View dbt model dependencies
-5. /run model_name           # Execute dbt models
-6. /explain "SELECT ..."     # Analyze query execution plan
+1. /data ingest file.csv        # Load data into DataFrame
+2. /data profile                # Generate data profiling report
+3. /data schema                 # Explore database schemas
+4. /data lineage model_name     # View dbt model dependencies
+5. /data run model_name         # Execute dbt models
+6. /data explain "SELECT ..."   # Analyze query execution plan
 ```

 ### Example 7: First-Time Setup (New Machine)
@@ -223,13 +243,13 @@ Working with data pipelines:
 Setting up the marketplace for the first time:

 ```
-1. /setup --full             # Full setup: MCP + system config + project
+1. /projman setup --full        # Full setup: MCP + system config + project
   # → Follow prompts for Gitea URL, org
   # → Add token manually when prompted
   # → Confirm repository name
 2. # Restart Claude Code session
-3. /labels-sync              # Sync Gitea labels
-4. /sprint-plan              # Plan first sprint
+3. /labels sync                 # Sync Gitea labels
+4. /sprint plan                 # Plan first sprint
 ```

 ### Example 8: New Project Setup (System Already Configured)
@@ -237,22 +257,23 @@ Setting up the marketplace for the first time:
 Adding a new project when system config exists:

 ```
-1. /setup --quick            # Quick project setup (auto-detected)
+1. /projman setup --quick       # Quick project setup (auto-detected)
   # → Confirms detected repo name
   # → Creates .env
-2. /labels-sync              # Sync Gitea labels
-3. /sprint-plan              # Plan first sprint
+2. /labels sync                 # Sync Gitea labels
+3. /sprint plan                 # Plan first sprint
 ```

 ---

 ## Quick Tips

- **Hooks run automatically** - doc-guardian and code-sentinel protect you without manual invocation
- **Use `/commit` over `git commit`** - generates better commit messages following conventions
- **Run `/review` before `/sprint-close`** - catches issues before closing the sprint
- **Use `/clarify` for vague requests** - especially helpful for complex requirements
- **`/refactor-dry` is safe** - always preview before applying refactoring changes
+- **Hooks run automatically** - code-sentinel and git-flow protect you without manual invocation
+- **Use `/gitflow commit` over `git commit`** - generates better commit messages following conventions
+- **Run `/sprint review` before `/sprint close`** - catches issues before closing the sprint
+- **Use `/clarity clarify` for vague requests** - especially helpful for complex requirements
+- **`/sentinel refactor-dry` is safe** - always preview before applying refactoring changes
+- **`/gitflow commit --push`** replaces the old `/git-commit-push` - fewer commands to remember

 ---

@@ -273,4 +294,4 @@ Ensure credentials are configured in `~/.config/claude/gitea.env`, `~/.config/cl

 ---

-*Last Updated: 2026-01-30*
+*Last Updated: 2026-02-06*
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -9,7 +9,7 @@ Centralized configuration documentation for all plugins and MCP servers in the L
 **After installing the marketplace and plugins via Claude Code:**

 ```
-/setup
+/projman setup
 ```

 The interactive wizard auto-detects what's needed and handles everything except manually adding your API tokens.
@@ -25,8 +25,8 @@ The interactive wizard auto-detects what's needed and handles everything except
 └─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
-                              /setup --full
-                          (or /setup auto-detects)
+                             /projman setup --full
+                         (or /projman setup auto-detects)
                                    │
     ┌──────────────────────────────┼──────────────────────────────┐
     ▼                              ▼                              ▼
@@ -79,7 +79,7 @@ The interactive wizard auto-detects what's needed and handles everything except
                                    │
                    ┌───────────────┴───────────────┐
                    ▼                               ▼
-             /setup --quick                     /setup
+            /projman setup --quick                  /projman setup
             (explicit mode)               (auto-detects mode)
                    │                               │
                    │                    ┌──────────┴──────────┐
@@ -109,7 +109,7 @@ The interactive wizard auto-detects what's needed and handles everything except

 ## What Runs Automatically vs User Interaction

-### `/setup --full` - Full Setup
+### `/projman setup --full` - Full Setup

 | Phase | Type | What Happens |
 |-------|------|--------------|
@@ -121,7 +121,7 @@ The interactive wizard auto-detects what's needed and handles everything except
 | **6. Project Config** | Automated | Creates `.env` file, checks `.gitignore` |
 | **7. Validation** | Automated | Tests API connectivity, shows summary |

-### `/setup --quick` - Quick Project Setup
+### `/projman setup --quick` - Quick Project Setup

 | Phase | Type | What Happens |
 |-------|------|--------------|
@@ -136,10 +136,10 @@ The interactive wizard auto-detects what's needed and handles everything except

 | Mode | When to Use | What It Does |
 |------|-------------|--------------|
-| `/setup` | Any time | Auto-detects: runs full, quick, or sync as needed |
-| `/setup --full` | First time on a machine | Full setup: MCP server + system config + project config |
-| `/setup --quick` | Starting a new project | Quick setup: project config only (assumes system is ready) |
-| `/setup --sync` | After repo move/rename | Updates .env to match current git remote |
+| `/projman setup` | Any time | Auto-detects: runs full, quick, or sync as needed |
+| `/projman setup --full` | First time on a machine | Full setup: MCP server + system config + project config |
+| `/projman setup --quick` | Starting a new project | Quick setup: project config only (assumes system is ready) |
+| `/projman setup --sync` | After repo move/rename | Updates .env to match current git remote |

 **Auto-detection logic:**
 1. No system config → **full** mode
@@ -148,9 +148,9 @@ The interactive wizard auto-detects what's needed and handles everything except
 4. Both exist, match → already configured, offer to reconfigure

 **Typical workflow:**
-1. Install plugin → run `/setup` (auto-runs full mode)
-2. Start new project → run `/setup` (auto-runs quick mode)
-3. Repository moved? → run `/setup` (auto-runs sync mode)
+1. Install plugin → run `/projman setup` (auto-runs full mode)
+2. Start new project → run `/projman setup` (auto-runs quick mode)
+3. Repository moved? → run `/projman setup` (auto-runs sync mode)

 ---

@@ -182,7 +182,7 @@ This marketplace uses a **hybrid configuration** approach:

 **Benefits:**
 - Single token per service (update once, use everywhere)
- Easy multi-project setup (just run `/setup` in each project)
+- Easy multi-project setup (just run `/projman setup` in each project)
 - Security (tokens never committed to git, never typed into AI chat)
 - Project isolation (each project can override defaults)

@@ -190,7 +190,7 @@ This marketplace uses a **hybrid configuration** approach:

 ## Prerequisites

-Before running `/setup`:
+Before running `/projman setup`:

 1. **Python 3.10+** installed
   ```bash
@@ -213,7 +213,7 @@ Before running `/setup`:
 Run the setup wizard in Claude Code:

 ```
-/setup
+/projman setup
 ```

 The wizard will guide you through each step interactively and auto-detect the appropriate mode.
@@ -387,17 +387,18 @@ PR_REVIEW_AUTO_SUBMIT=false

 | Plugin | System Config | Project Config | Setup Command |
 |--------|---------------|----------------|---------------|
-| **projman** | gitea.env | .env (GITEA_REPO=owner/repo) | `/setup` |
-| **pr-review** | gitea.env | .env (GITEA_REPO=owner/repo) | `/initial-setup` |
+| **projman** | gitea.env | .env (GITEA_REPO=owner/repo) | `/projman setup` |
+| **pr-review** | gitea.env | .env (GITEA_REPO=owner/repo) | `/pr setup` |
 | **git-flow** | git-flow.env (optional) | .env (optional) | None needed |
 | **clarity-assist** | None | None | None needed |
-| **cmdb-assistant** | netbox.env | None | `/initial-setup` |
-| **data-platform** | postgres.env | .env (optional) | `/initial-setup` |
-| **viz-platform** | None | .env (optional DMC_VERSION) | `/initial-setup` |
+| **cmdb-assistant** | netbox.env | None | `/cmdb setup` |
+| **data-platform** | postgres.env | .env (optional) | `/data setup` |
+| **viz-platform** | None | .env (optional DMC_VERSION) | `/viz setup` |
 | **doc-guardian** | None | None | None needed |
 | **code-sentinel** | None | None | None needed |
 | **project-hygiene** | None | None | None needed |
 | **claude-config-maintainer** | None | None | None needed |
+| **contract-validator** | None | None | `/cv setup` |

 ---

@@ -407,18 +408,230 @@ Once system-level config is set up, adding new projects is simple:

 ```
 cd ~/projects/new-project
-/setup
+/projman setup
 ```

 The command auto-detects that system config exists and runs quick project setup.

 ---

+## Installing Plugins to Consumer Projects
+
+The marketplace provides scripts to install plugins into consumer projects. This sets up the MCP server connections and adds CLAUDE.md integration snippets.
+
+### Install a Plugin
+
+```bash
+cd /path/to/leo-claude-mktplace
+./scripts/install-plugin.sh <plugin-name> <target-project-path>
+```
+
+**Examples:**
+```bash
+# Install data-platform to a portfolio project
+./scripts/install-plugin.sh data-platform ~/projects/personal-portfolio
+
+# Install multiple plugins
+./scripts/install-plugin.sh viz-platform ~/projects/personal-portfolio
+./scripts/install-plugin.sh projman ~/projects/personal-portfolio
+```
+
+**What it does:**
+1. Validates the plugin exists in the marketplace
+2. Adds MCP server entry to target's `.mcp.json` (if plugin has MCP server)
+3. Appends integration snippet to target's `CLAUDE.md`
+4. Reports changes and lists available commands
+
+**After installation:** Restart your Claude Code session for MCP tools to become available.
+
+### Uninstall a Plugin
+
+```bash
+./scripts/uninstall-plugin.sh <plugin-name> <target-project-path>
+```
+
+Removes the MCP server entry and CLAUDE.md integration section.
+
+### List Installed Plugins
+
+```bash
+./scripts/list-installed.sh <target-project-path>
+```
+
+Shows which marketplace plugins are installed, partially installed, or available.
+
+**Output example:**
+```
+✓ Fully Installed:
+  PLUGIN                   VERSION    DESCRIPTION
+  ------                   -------    -----------
+  data-platform            1.3.0      pandas, PostgreSQL, and dbt integration...
+  viz-platform             1.1.0      DMC validation, Plotly charts, and theming...
+
+○ Available (not installed):
+  projman                  3.4.0      Sprint planning and project management...
+```
+
+### Plugins with MCP Servers
+
+Not all plugins have MCP servers. The install script handles this automatically:
+
+| Plugin | Has MCP Server | Notes |
+|--------|---------------|-------|
+| data-platform | ✓ | pandas, PostgreSQL, dbt tools |
+| viz-platform | ✓ | DMC validation, chart, theme tools |
+| contract-validator | ✓ | Plugin compatibility validation |
+| cmdb-assistant | ✓ (via netbox) | NetBox CMDB tools |
+| projman | ✓ (via gitea) | Issue, wiki, PR tools |
+| pr-review | ✓ (via gitea) | PR review tools |
+| git-flow | ✗ | Commands only |
+| doc-guardian | ✗ | Commands and hooks only |
+| code-sentinel | ✗ | Commands and hooks only |
+| clarity-assist | ✗ | Commands only |
+
+### Script Requirements
+
+- **jq** must be installed (`sudo apt install jq`)
+- Scripts are idempotent (safe to run multiple times)
+
+---
+
+## Agent Frontmatter Configuration
+
+Agents specify their configuration in frontmatter using Claude Code's supported fields. Reference: https://code.claude.com/docs/en/sub-agents
+
+### Supported Frontmatter Fields
+
+| Field | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `name` | Yes | — | Unique identifier, lowercase + hyphens |
+| `description` | Yes | — | When Claude should delegate to this subagent |
+| `model` | No | `inherit` | `sonnet`, `opus`, `haiku`, or `inherit` |
+| `permissionMode` | No | `default` | Controls permission prompts: `default`, `acceptEdits`, `dontAsk`, `bypassPermissions`, `plan` |
+| `disallowedTools` | No | none | Comma-separated tools to remove from agent's toolset |
+| `skills` | No | none | Comma-separated skills auto-injected into context at startup |
+| `hooks` | No | none | Lifecycle hooks scoped to this subagent |
+
+### Complete Agent Matrix
+
+| Plugin | Agent | `model` | `permissionMode` | `disallowedTools` | `skills` |
+|--------|-------|---------|-------------------|--------------------|----------|
+| projman | planner | opus | default | — | frontmatter (2) + body text (12) |
+| projman | orchestrator | sonnet | acceptEdits | — | frontmatter (2) + body text (10) |
+| projman | executor | sonnet | bypassPermissions | — | frontmatter (7) |
+| projman | code-reviewer | opus | default | Write, Edit, MultiEdit | frontmatter (4) |
+| pr-review | coordinator | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | performance-analyst | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | maintainability-auditor | haiku | plan | Write, Edit, MultiEdit | — |
+| pr-review | test-validator | haiku | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-advisor | sonnet | default | — | — |
+| data-platform | data-analysis | sonnet | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-ingestion | haiku | acceptEdits | — | — |
+| viz-platform | design-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| viz-platform | layout-builder | sonnet | default | — | — |
+| viz-platform | component-check | haiku | plan | Write, Edit, MultiEdit | — |
+| viz-platform | theme-setup | haiku | acceptEdits | — | — |
+| contract-validator | full-validation | sonnet | default | — | — |
+| contract-validator | agent-check | haiku | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | refactor-advisor | sonnet | acceptEdits | — | — |
+| doc-guardian | doc-analyzer | sonnet | acceptEdits | — | — |
+| clarity-assist | clarity-coach | sonnet | default | Write, Edit, MultiEdit | — |
+| git-flow | git-assistant | haiku | acceptEdits | — | — |
+| claude-config-maintainer | maintainer | sonnet | acceptEdits | — | frontmatter (2) |
+| cmdb-assistant | cmdb-assistant | sonnet | default | — | — |
+
+### Design Principles
+
+- `bypassPermissions` is granted to exactly ONE agent (Executor) which has code-sentinel PreToolUse hook + Code Reviewer downstream as safety nets.
+- `plan` mode is assigned to all pure analysis agents (pr-review, read-only validators).
+- `disallowedTools: Write, Edit, MultiEdit` provides defense-in-depth on agents that should never write files.
+- `skills` frontmatter is used for agents with ≤7 skills where guaranteed loading is safety-critical. Agents with 8+ skills use body text `## Skills to Load` for selective loading.
+- `hooks` (agent-scoped) is reserved for future use (v6.0+).
+
+Override any field by editing the agent's `.md` file in `plugins/{plugin}/agents/`.
+
+### permissionMode Guide
+
+| Value | Prompts for file ops? | Prompts for Bash? | Prompts for MCP? | Use when |
+|-------|-----------------------|-------------------|-------------------|----------|
+| `default` | Yes | Yes | No (MCP bypasses permissions) | You want full visibility |
+| `acceptEdits` | No | Yes | No | Core job is file read/write, Bash visibility useful |
+| `dontAsk` | No | No (most) | No | Even Bash prompts are friction |
+| `bypassPermissions` | No | No | No | Agent has downstream safety layers |
+| `plan` | N/A (read-only) | N/A (read-only) | No | Pure analysis, no modifications |
+
+### disallowedTools Guide
+
+Use `disallowedTools` to remove specific tools from an agent's toolset. This is a blacklist — the agent inherits all tools from the main thread, then the listed tools are removed.
+
+Prefer `disallowedTools` over `tools` (whitelist) because:
+- New MCP servers are automatically available without updating every agent.
+- Less configuration to maintain.
+- Easier to audit — you only list what's blocked.
+
+Common patterns:
+- `disallowedTools: Write, Edit, MultiEdit` — read-only agent, cannot modify files.
+- `disallowedTools: Bash` — no shell access (rare, most agents need at least read-only Bash).
+
+### skills Frontmatter Guide
+
+The `skills` field auto-injects skill file contents into the agent's context window at startup. The agent does NOT need to read the files — they are already present.
+
+**When to use frontmatter `skills`:**
+- Agent has ≤7 skills.
+- Skills are safety-critical (e.g., `branch-security`, `runaway-detection`).
+- You need guaranteed loading — no risk of the agent skipping a skill.
+
+**When to keep body text `## Skills to Load`:**
+- Agent has 8+ skills (context window cost too high for full injection).
+- Skills are situational — not all needed for every invocation.
+- Agent benefits from selective loading based on the specific task.
+
+Skill names in frontmatter are resolved relative to the plugin's `skills/` directory. Use the filename without the `.md` extension.
+
+### Phase-Based Skill Loading (Body Text)
+
+For agents with 8+ skills, use **phase-based loading** in the agent body text. This structures skill reads into logical phases, with explicit instructions to read each skill exactly once.
+
+**Pattern:**
+
+```markdown
+## Skill Loading Protocol
+
+**Frontmatter skills (auto-injected, always available — DO NOT re-read these):**
+- `skill-a` — description
+- `skill-b` — description
+
+**Phase 1 skills — read ONCE at session start:**
+- skills/validation-skill.md
+- skills/safety-skill.md
+
+**Phase 2 skills — read ONCE when entering main work:**
+- skills/workflow-skill.md
+- skills/domain-skill.md
+
+**CRITICAL: Read each skill file exactly ONCE. Do NOT re-read skill files between MCP API calls.**
+```
+
+**Benefits:**
+- Frontmatter skills (always needed) are auto-injected — zero file read cost
+- Phase skills are read once at the appropriate time — not re-read per API call
+- `batch-execution` skill provides protocol for API-heavy phases
+- ~76-83% reduction in skill-related token consumption for typical sprints
+
+**Currently applied to:**
+- Planner agent: 2 frontmatter + 12 body text (3 phases)
+- Orchestrator agent: 2 frontmatter + 10 body text (2 phases)
+
+---
+
 ## Automatic Validation Features

 ### API Validation

-When running `/setup`, the command:
+When running `/projman setup`, the command:

 1. **Detects** organization and repository from git remote URL
 2. **Validates** via Gitea API: `GET /api/v1/repos/{org}/{repo}`
@@ -433,7 +646,7 @@ When you start a Claude Code session, a hook automatically:

 1. Reads `GITEA_REPO` (in `owner/repo` format) from `.env`
 2. Compares with current `git remote get-url origin`
-3. **Warns** if mismatch detected: "Repository location mismatch. Run `/setup --sync` to update."
+3. **Warns** if mismatch detected: "Repository location mismatch. Run `/projman setup --sync` to update."

 This helps when you:
 - Move a repository to a different organization
@@ -455,7 +668,7 @@ curl -H "Authorization: token $GITEA_API_TOKEN" "$GITEA_API_URL/user"

 In Claude Code, after restarting your session:
 ```
-/labels-sync
+/labels sync
 ```

 If this works, your setup is complete.
@@ -528,7 +741,7 @@ cat .env

 3. **Never type tokens into AI chat**
   - Always edit config files directly in your editor
-   - The `/setup` wizard respects this
+   - The `/projman setup` wizard respects this

 4. **Rotate tokens periodically**
   - Every 6-12 months
--- a/docs/DEBUGGING-CHECKLIST.md
+++ b/docs/DEBUGGING-CHECKLIST.md
@@ -279,8 +279,8 @@ Error: Could not find a suitable TLS CA certificate bundle, invalid path:

 Use these commands for automated checking:

- `/debug report` - Run full diagnostics, create issue if problems found
- `/debug review` - Investigate existing diagnostic issues and propose fixes
+- `/cv status` - Marketplace-wide health check (installation, MCP, configuration)
+- `/hygiene check` - Project file organization and cleanup check

 ---

--- a/docs/MIGRATION-v9.md
+++ b/docs/MIGRATION-v9.md
@@ -0,0 +1,215 @@
+# Migration Guide: v8.x → v9.0.0
+
+## Overview
+
+v9.0.0 standardizes all commands to the `/<noun> <action>` sub-command pattern. Every command in the marketplace now follows this convention.
+
+**Breaking change:** All old command names are removed. Update your workflows, scripts, and CLAUDE.md references.
+
+---
+
+## Complete Command Mapping
+
+### projman
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/sprint-plan` | `/sprint plan` | |
+| `/sprint-start` | `/sprint start` | |
+| `/sprint-status` | `/sprint status` | |
+| `/sprint-close` | `/sprint close` | |
+| `/pm-review` | `/sprint review` | Moved under `/sprint` |
+| `/pm-test` | `/sprint test` | Moved under `/sprint` |
+| `/pm-setup` | `/projman setup` | Moved under `/projman` |
+| `/pm-debug` | `/projman debug` | Moved under `/projman` |
+| `/labels-sync` | `/labels sync` | |
+| `/suggest-version` | `/projman suggest-version` | Moved under `/projman` |
+| `/proposal-status` | `/projman proposal-status` | Moved under `/projman` |
+| `/rfc <sub>` | `/rfc <sub>` | Unchanged |
+| `/project <sub>` | `/project <sub>` | Unchanged |
+| `/adr <sub>` | `/adr <sub>` | Unchanged |
+
+### git-flow
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/git-commit` | `/gitflow commit` | |
+| `/git-commit-push` | `/gitflow commit --push` | **Consolidated** into flag |
+| `/git-commit-merge` | `/gitflow commit --merge` | **Consolidated** into flag |
+| `/git-commit-sync` | `/gitflow commit --sync` | **Consolidated** into flag |
+| `/branch-start` | `/gitflow branch-start` | |
+| `/branch-cleanup` | `/gitflow branch-cleanup` | |
+| `/git-status` | `/gitflow status` | |
+| `/git-config` | `/gitflow config` | |
+
+**Note:** The three commit variants (`-push`, `-merge`, `-sync`) are now flags on `/gitflow commit`. This reduces 8 commands to 5.
+
+### pr-review
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/pr-review` | `/pr review` | |
+| `/pr-summary` | `/pr summary` | |
+| `/pr-findings` | `/pr findings` | |
+| `/pr-diff` | `/pr diff` | |
+| `/pr-setup` | `/pr setup` | |
+| `/project-init` | `/pr init` | Renamed |
+| `/project-sync` | `/pr sync` | Renamed |
+
+### clarity-assist
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/clarify` | `/clarity clarify` | |
+| `/quick-clarify` | `/clarity quick-clarify` | |
+
+### doc-guardian
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/doc-audit` | `/doc audit` | |
+| `/doc-sync` | `/doc sync` | |
+| `/changelog-gen` | `/doc changelog-gen` | Moved under `/doc` |
+| `/doc-coverage` | `/doc coverage` | |
+| `/stale-docs` | `/doc stale-docs` | Moved under `/doc` |
+
+### code-sentinel
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/security-scan` | `/sentinel scan` | |
+| `/refactor` | `/sentinel refactor` | |
+| `/refactor-dry` | `/sentinel refactor-dry` | |
+
+### claude-config-maintainer
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/config-analyze` (or `/analyze`) | `/claude-config analyze` | |
+| `/config-optimize` (or `/optimize`) | `/claude-config optimize` | |
+| `/config-init` (or `/init`) | `/claude-config init` | |
+| `/config-diff` | `/claude-config diff` | |
+| `/config-lint` | `/claude-config lint` | |
+| `/config-audit-settings` | `/claude-config audit-settings` | |
+| `/config-optimize-settings` | `/claude-config optimize-settings` | |
+| `/config-permissions-map` | `/claude-config permissions-map` | |
+
+### contract-validator
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/validate-contracts` | `/cv validate` | |
+| `/check-agent` | `/cv check-agent` | |
+| `/list-interfaces` | `/cv list-interfaces` | |
+| `/dependency-graph` | `/cv dependency-graph` | |
+| `/cv-setup` | `/cv setup` | |
+| `/cv status` | `/cv status` | Unchanged |
+
+### cmdb-assistant
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/cmdb-setup` | `/cmdb setup` | |
+| `/cmdb-search` | `/cmdb search` | |
+| `/cmdb-device` | `/cmdb device` | |
+| `/cmdb-ip` | `/cmdb ip` | |
+| `/cmdb-site` | `/cmdb site` | |
+| `/cmdb-audit` | `/cmdb audit` | |
+| `/cmdb-register` | `/cmdb register` | |
+| `/cmdb-sync` | `/cmdb sync` | |
+| `/cmdb-topology` | `/cmdb topology` | |
+| `/change-audit` | `/cmdb change-audit` | Moved under `/cmdb` |
+| `/ip-conflicts` | `/cmdb ip-conflicts` | Moved under `/cmdb` |
+
+### data-platform
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/data-ingest` | `/data ingest` | |
+| `/data-profile` | `/data profile` | |
+| `/data-schema` | `/data schema` | |
+| `/data-explain` | `/data explain` | |
+| `/data-lineage` | `/data lineage` | |
+| `/data-run` | `/data run` | |
+| `/lineage-viz` | `/data lineage-viz` | Moved under `/data` |
+| `/dbt-test` | `/data dbt-test` | Moved under `/data` |
+| `/data-quality` | `/data quality` | |
+| `/data-review` | `/data review` | |
+| `/data-gate` | `/data gate` | |
+| `/data-setup` | `/data setup` | |
+
+### viz-platform
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/viz-setup` | `/viz setup` | |
+| `/viz-chart` | `/viz chart` | |
+| `/viz-chart-export` | `/viz chart-export` | |
+| `/viz-dashboard` | `/viz dashboard` | |
+| `/viz-theme` | `/viz theme` | |
+| `/viz-theme-new` | `/viz theme-new` | |
+| `/viz-theme-css` | `/viz theme-css` | |
+| `/viz-component` | `/viz component` | |
+| `/accessibility-check` | `/viz accessibility-check` | Moved under `/viz` |
+| `/viz-breakpoints` | `/viz breakpoints` | |
+| `/design-review` | `/viz design-review` | Moved under `/viz` |
+| `/design-gate` | `/viz design-gate` | Moved under `/viz` |
+
+### project-hygiene
+
+No changes — already used `/<noun> <action>` pattern.
+
+| Command | Status |
+|---------|--------|
+| `/hygiene check` | Unchanged |
+
+---
+
+## Verifying Plugin Installation (v9.0.0)
+
+Test commands use the new format:
+
+| Plugin | Test Command |
+|--------|--------------|
+| git-flow | `/git-flow:gitflow-status` |
+| projman | `/projman:sprint-status` |
+| pr-review | `/pr-review:pr-summary` |
+| clarity-assist | `/clarity-assist:clarity-clarify` |
+| doc-guardian | `/doc-guardian:doc-audit` |
+| code-sentinel | `/code-sentinel:sentinel-scan` |
+| claude-config-maintainer | `/claude-config-maintainer:claude-config-analyze` |
+| cmdb-assistant | `/cmdb-assistant:cmdb-search` |
+| data-platform | `/data-platform:data-ingest` |
+| viz-platform | `/viz-platform:viz-chart` |
+| contract-validator | `/contract-validator:cv-validate` |
+
+---
+
+## CLAUDE.md Updates
+
+If your project's CLAUDE.md references old command names, update them:
+
+**Find old references:**
+```bash
+grep -rn '/sprint-plan\|/pm-setup\|/git-commit\|/pr-review\|/security-scan\|/config-analyze\|/validate-contracts\|/cmdb-search\|/data-ingest\|/viz-chart\b\|/clarify\b\|/doc-audit' CLAUDE.md
+```
+
+**Key patterns to search and replace:**
+- `/sprint-plan` → `/sprint plan`
+- `/pm-setup` → `/projman setup`
+- `/pm-review` → `/sprint review`
+- `/git-commit` → `/gitflow commit`
+- `/pr-review` → `/pr review`
+- `/security-scan` → `/sentinel scan`
+- `/refactor` → `/sentinel refactor`
+- `/config-analyze` → `/claude-config analyze`
+- `/validate-contracts` → `/cv validate`
+- `/clarify` → `/clarity clarify`
+- `/doc-audit` → `/doc audit`
+- `/cmdb-search` → `/cmdb search`
+- `/data-ingest` → `/data ingest`
+- `/viz-chart` → `/viz chart`
+
+---
+
+*Last Updated: 2026-02-06*
--- a/docs/UPDATING.md
+++ b/docs/UPDATING.md
@@ -46,9 +46,9 @@ cd ~/.claude/plugins/marketplaces/leo-claude-mktplace && ./scripts/setup.sh

 ## After Updating: Re-run Setup if Needed

-### When to Re-run `/initial-setup`
+### When to Re-run Setup

-You typically **don't need** to re-run setup after updates. However, re-run if:
+You typically **don't need** to re-run setup after updates. However, re-run your plugin's setup command (e.g., `/projman setup`, `/pr setup`, `/cmdb setup`) if:

 - Changelog mentions **new required environment variables**
 - Changelog mentions **breaking changes** to configuration
@@ -59,7 +59,7 @@ You typically **don't need** to re-run setup after updates. However, re-run if:
 If an update requires new project-level configuration:

 ```
-/project-init
+/pr init
 ```

 This will detect existing settings and only add what's missing.
@@ -97,9 +97,9 @@ When updating, review if changes affect the setup workflow:

 1. **Check for setup command changes:**
   ```bash
-   git diff HEAD~1 plugins/*/commands/initial-setup.md
-   git diff HEAD~1 plugins/*/commands/project-init.md
-   git diff HEAD~1 plugins/*/commands/project-sync.md
+   git diff HEAD~1 plugins/*/commands/*-setup.md
+   git diff HEAD~1 plugins/*/commands/pr-init.md
+   git diff HEAD~1 plugins/*/commands/pr-sync.md
   ```

 2. **Check for hook changes:**
@@ -114,7 +114,7 @@ When updating, review if changes affect the setup workflow:

 **If setup commands changed:**
 - Review what's new (new validation steps, new prompts, etc.)
- Consider re-running `/initial-setup` or `/project-init` to benefit from improvements
+- Consider re-running your plugin's setup command or `/pr init` to benefit from improvements
 - Existing configurations remain valid unless changelog notes breaking changes

 **If hooks changed:**
@@ -123,7 +123,7 @@ When updating, review if changes affect the setup workflow:

 **If configuration structure changed:**
 - Check if new variables are required
- Run `/project-sync` if repository detection logic improved
+- Run `/pr sync` if repository detection logic improved

 ---

@@ -142,7 +142,7 @@ deactivate
 ### Configuration no longer works

 1. Check CHANGELOG.md for breaking changes
-2. Run `/initial-setup` to re-validate and fix configuration
+2. Run your plugin's setup command (e.g., `/projman setup`) to re-validate and fix configuration
 3. Compare your config files with documentation in `docs/CONFIGURATION.md`

 ### MCP server won't start after update
--- a/docs/architecture/agent-workflow.spec.md
+++ b/docs/architecture/agent-workflow.spec.md
@@ -27,7 +27,7 @@

 | ID | Label | Type | Lane | Sequence |
 |----|-------|------|------|----------|
-| p1-start | /sprint-plan | rounded-rect | user-lane | 1 |
+| p1-start | /sprint plan | rounded-rect | user-lane | 1 |
 | p1-activate | Planner Activates | rectangle | planner-lane | 2 |
 | p1-search-lessons | Search Lessons Learned | rectangle | planner-lane | 3 |
 | p1-gitea-wiki-query | Query Past Lessons (Wiki) | rectangle | gitea-lane | 4 |
@@ -61,7 +61,7 @@

 | ID | Label | Type | Lane | Sequence |
 |----|-------|------|------|----------|
-| p2-start | /sprint-start | rounded-rect | user-lane | 11 |
+| p2-start | /sprint start | rounded-rect | user-lane | 11 |
 | p2-orch-activate | Orchestrator Activates | rectangle | orchestrator-lane | 12 |
 | p2-fetch-issues | Fetch Sprint Issues | rectangle | orchestrator-lane | 13 |
 | p2-gitea-list | List Open Issues | rectangle | gitea-lane | 14 |
@@ -128,7 +128,7 @@

 | ID | Label | Type | Lane | Sequence |
 |----|-------|------|------|----------|
-| p3-start | /sprint-close | rounded-rect | user-lane | 31 |
+| p3-start | /sprint close | rounded-rect | user-lane | 31 |
 | p3-orch-activate | Orchestrator Activates | rectangle | orchestrator-lane | 32 |
 | p3-review | Review Sprint | rectangle | orchestrator-lane | 33 |
 | p3-gitea-status | Get Final Status | rectangle | gitea-lane | 34 |
--- a/docs/designs/data-seed.md
+++ b/docs/designs/data-seed.md
@@ -0,0 +1,70 @@
+# Design: data-seed
+
+**Domain:** `data`
+**Target Version:** v9.3.0
+
+## Purpose
+
+Test data generation and database seeding. Generates realistic fake data based on schema definitions, supports reproducible seeds, and manages seed files for development and testing environments.
+
+## Target Users
+
+- Developers needing test data for local development
+- QA teams requiring reproducible datasets
+- Projects with complex relational data models
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/seed setup` | Setup wizard — detect schema source, configure output paths |
+| `/seed generate` | Generate seed data from schema or model definitions |
+| `/seed apply` | Apply seed data to database or create fixture files |
+| `/seed profile` | Define reusable data profiles (small, medium, large, edge-cases) |
+| `/seed validate` | Validate seed data against schema constraints and foreign keys |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `seed-generator` | sonnet | acceptEdits | Data generation, profile management |
+| `seed-validator` | haiku | plan | Read-only validation of seed data integrity |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `schema-inference` | Infer data types and constraints from models/migrations |
+| `faker-patterns` | Realistic data generation patterns (names, emails, addresses, etc.) |
+| `relationship-resolution` | Foreign key and relationship-aware data generation |
+| `profile-management` | Seed profile definitions and sizing |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** Seed data is generated as files (JSON, SQL, CSV). Database insertion is handled by the application's own tooling.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| saas-db-migrate | Schema models used as seed generation input |
+| data-platform | Generated data can be loaded via `/data ingest` |
+| saas-test-pilot | Seed data used in integration test fixtures |
+| projman | Issue labels: `Component/Data`, `Tech/Faker` |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~500 |
+| Dispatch file (`seed.md`) | ~200 |
+| 5 commands (avg) | ~3,000 |
+| 2 agents | ~1,000 |
+| 5 skills | ~2,000 |
+| **Total** | **~6,700** |
+
+## Open Questions
+
+- Should we support database-specific seed formats (pg_dump, mysqldump)?
+- Integration with Faker library or custom generation?
--- a/docs/designs/debug-mcp.md
+++ b/docs/designs/debug-mcp.md
@@ -0,0 +1,70 @@
+# Design: debug-mcp
+
+**Domain:** `debug`
+**Target Version:** v9.8.0
+
+## Purpose
+
+MCP server debugging and development toolkit. Provides tools for inspecting MCP server health, testing tool calls, viewing server logs, and developing new MCP servers. Essential for marketplace developers building or troubleshooting MCP integrations.
+
+## Target Users
+
+- Plugin developers building MCP servers
+- Users troubleshooting MCP connectivity issues
+- Marketplace maintainers validating MCP configurations
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/debug-mcp status` | Show all MCP servers: running/failed, tool count, last error |
+| `/debug-mcp test` | Test a specific MCP tool call with sample input |
+| `/debug-mcp logs` | View recent MCP server stderr/stdout logs |
+| `/debug-mcp inspect` | Inspect MCP server config (.mcp.json entry, venv, dependencies) |
+| `/debug-mcp scaffold` | Generate MCP server skeleton (Python, stdio transport) |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `mcp-debugger` | sonnet | default | Server inspection, log analysis, scaffold generation |
+
+Single agent is sufficient — this plugin is primarily diagnostic with one generative command.
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `mcp-protocol` | MCP stdio protocol, tool/resource/prompt schemas |
+| `server-patterns` | Python MCP server patterns (FastMCP, raw protocol) |
+| `venv-diagnostics` | Virtual environment health checks, dependency validation |
+| `log-analysis` | MCP server error pattern recognition |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** This plugin inspects other MCP servers via file system (reading .mcp.json, checking venvs, reading logs). It does not need its own MCP server.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| contract-validator | `/cv status` delegates to debug-mcp for detailed MCP diagnostics |
+| projman | `/projman setup` can invoke `/debug-mcp status` for post-setup verification |
+| All plugins with MCP | Debug-mcp can diagnose any MCP server in the marketplace |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~500 |
+| Dispatch file (`debug-mcp.md`) | ~200 |
+| 5 commands (avg) | ~3,000 |
+| 1 agent | ~600 |
+| 5 skills | ~2,000 |
+| **Total** | **~6,300** |
+
+## Open Questions
+
+- Should this plugin have a hook that auto-runs on MCP failure (SessionStart)?
+- Should `/debug-mcp scaffold` generate both Python and TypeScript templates?
--- a/docs/designs/ops-deploy-pipeline.md
+++ b/docs/designs/ops-deploy-pipeline.md
@@ -0,0 +1,72 @@
+# Design: ops-deploy-pipeline
+
+**Domain:** `ops`
+**Target Version:** v9.7.0
+
+## Purpose
+
+CI/CD deployment pipeline management for Docker Compose and systemd-based services. Generates deployment configurations, validates pipeline definitions, and manages environment-specific settings. Tailored for self-hosted infrastructure (not cloud-native).
+
+## Target Users
+
+- Self-hosted service operators (Raspberry Pi, VPS, bare-metal)
+- Teams deploying via Docker Compose
+- Projects needing environment-specific configuration management
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/deploy setup` | Setup wizard — detect deployment method, configure targets |
+| `/deploy generate` | Generate docker-compose.yml, Caddyfile entries, systemd units |
+| `/deploy validate` | Validate deployment configs (ports, volumes, networks, env vars) |
+| `/deploy env` | Manage environment-specific config files (.env.production, etc.) |
+| `/deploy check` | Pre-deployment health check (disk, memory, port conflicts) |
+| `/deploy rollback` | Generate rollback plan for a deployment |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `deploy-planner` | sonnet | default | Configuration generation, rollback planning |
+| `deploy-validator` | haiku | plan | Read-only validation of configs and pre-flight checks |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `compose-patterns` | Docker Compose best practices, multi-service patterns |
+| `caddy-conventions` | Caddyfile reverse proxy patterns, subdomain routing |
+| `env-management` | Environment variable management across environments |
+| `health-checks` | Pre-deployment system health validation |
+| `rollback-patterns` | Deployment rollback strategies |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required initially.** Could add SSH-based remote execution MCP server in the future for remote deployment.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| cmdb-assistant | Deployment targets pulled from NetBox device inventory |
+| ops-release-manager | Release tags trigger deployment preparation |
+| projman | Issue labels: `Component/Infra`, `Tech/Docker`, `Tech/Caddy` |
+| code-sentinel | Security scan of deployment configs (exposed ports, secrets in env) |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~700 |
+| Dispatch file (`deploy.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 6 skills | ~2,500 |
+| **Total** | **~8,200** |
+
+## Open Questions
+
+- Should this support Kubernetes/Helm for users who need it?
+- SSH-based remote execution via MCP server for actual deployments?
--- a/docs/designs/ops-release-manager.md
+++ b/docs/designs/ops-release-manager.md
@@ -0,0 +1,71 @@
+# Design: ops-release-manager
+
+**Domain:** `ops`
+**Target Version:** v9.6.0
+
+## Purpose
+
+Release management automation including semantic versioning, changelog generation, release branch creation, and tag management. Coordinates the release process across git, changelogs, and package manifests.
+
+## Target Users
+
+- Project maintainers managing releases
+- Teams following SemVer and conventional commits
+- Projects with multiple version locations to keep in sync
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/release setup` | Setup wizard — detect version locations, configure release flow |
+| `/release prepare` | Prepare release: bump versions, update changelog, create branch |
+| `/release validate` | Pre-release checks (clean tree, tests pass, changelog has content) |
+| `/release tag` | Create and push git tag with release notes |
+| `/release rollback` | Revert a release (delete tag, revert version bump commit) |
+| `/release status` | Show current version, unreleased changes, next version suggestion |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `release-coordinator` | sonnet | acceptEdits | Version bumping, changelog updates, branch/tag creation |
+| `release-validator` | haiku | plan | Pre-release validation, dependency checks |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `version-detection` | Find version locations (package.json, pyproject.toml, marketplace.json, etc.) |
+| `semver-rules` | SemVer bump logic based on conventional commits |
+| `changelog-conventions` | Keep a Changelog format, unreleased section management |
+| `release-workflow` | Branch-based vs tag-based release patterns |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** All operations are git and file-based.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| git-flow | `/release prepare` uses gitflow conventions for branch creation |
+| doc-guardian | `/release validate` checks documentation is up to date |
+| projman | Sprint close can trigger `/release prepare` for sprint-based releases |
+| ops-deploy-pipeline | Release tags trigger deployment pipeline |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~600 |
+| Dispatch file (`release.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 5 skills | ~2,000 |
+| **Total** | **~7,600** |
+
+## Open Questions
+
+- Should this subsume the existing `release.sh` script in this repo?
+- Support for GitHub Releases / Gitea Releases API via MCP?
--- a/docs/designs/saas-api-platform.md
+++ b/docs/designs/saas-api-platform.md
@@ -0,0 +1,71 @@
+# Design: saas-api-platform
+
+**Domain:** `saas`
+**Target Version:** v9.1.0
+
+## Purpose
+
+Provides scaffolding, validation, and development workflow tools for REST and GraphQL API backends. Supports FastAPI (Python) and Express (Node.js) with OpenAPI spec generation, route validation, and middleware management.
+
+## Target Users
+
+- Backend developers building API services
+- Teams using FastAPI or Express frameworks
+- Projects requiring OpenAPI/Swagger documentation
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/api setup` | Setup wizard — detect framework, configure MCP server |
+| `/api scaffold` | Generate API routes, models, schemas from spec or description |
+| `/api validate` | Validate routes against OpenAPI spec, check missing endpoints |
+| `/api docs` | Generate/update OpenAPI spec from code annotations |
+| `/api test-routes` | Generate request/response test cases for API endpoints |
+| `/api middleware` | Add/configure middleware (auth, CORS, rate-limiting, logging) |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `api-architect` | sonnet | default | Route design, schema generation, middleware planning |
+| `api-validator` | haiku | plan | Read-only validation of routes against spec |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `framework-detection` | Detect FastAPI vs Express, identify project structure |
+| `openapi-conventions` | OpenAPI 3.x spec generation rules and patterns |
+| `route-patterns` | RESTful route naming, versioning, pagination conventions |
+| `middleware-catalog` | Common middleware patterns per framework |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** All operations are file-based (reading/writing code and specs). No external API needed.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | Issue labels: `Component/API`, `Tech/FastAPI`, `Tech/Express` |
+| code-sentinel | PreToolUse hook scans generated routes for security issues |
+| saas-test-pilot | `/api test-routes` generates stubs consumable by test-pilot |
+| saas-db-migrate | Schema models shared between API models and migrations |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~800 |
+| Dispatch file (`api.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 5 skills | ~2,500 |
+| **Total** | **~8,300** |
+
+## Open Questions
+
+- Should MCP server be added later for live API testing (curl-like requests)?
+- Support for gRPC/tRPC in addition to REST/GraphQL?
--- a/docs/designs/saas-db-migrate.md
+++ b/docs/designs/saas-db-migrate.md
@@ -0,0 +1,71 @@
+# Design: saas-db-migrate
+
+**Domain:** `saas`
+**Target Version:** v9.2.0
+
+## Purpose
+
+Database migration management for SQL databases. Supports Alembic (Python/SQLAlchemy), Prisma (Node.js), and raw SQL migrations. Provides migration generation, validation, rollback planning, and drift detection.
+
+## Target Users
+
+- Backend developers managing database schemas
+- Teams using SQLAlchemy/Alembic or Prisma
+- Projects needing migration safety checks before deployment
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/db-migrate setup` | Setup wizard — detect ORM/migration tool, configure paths |
+| `/db-migrate generate` | Generate migration from model diff or description |
+| `/db-migrate validate` | Check migration safety (destructive ops, data loss risk, locking) |
+| `/db-migrate plan` | Show migration execution plan with rollback strategy |
+| `/db-migrate history` | Display migration history and current state |
+| `/db-migrate rollback` | Generate rollback migration for a given migration |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `migration-planner` | sonnet | default | Migration generation, rollback planning |
+| `migration-auditor` | haiku | plan | Read-only safety validation (destructive op detection) |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `orm-detection` | Detect Alembic vs Prisma vs raw SQL, identify config |
+| `migration-safety` | Rules for detecting destructive operations (DROP, ALTER, data loss) |
+| `rollback-patterns` | Standard rollback generation patterns per tool |
+| `naming-conventions` | Migration file naming and ordering conventions |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** Migrations are file-based. Database connectivity is handled by the ORM tool itself, not by Claude.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | Issue labels: `Component/Database`, `Tech/SQLAlchemy`, `Tech/Prisma` |
+| saas-api-platform | Schema models shared between API and migration layers |
+| code-sentinel | Migration validation as part of security scan |
+| data-platform | PostgreSQL tools can inspect live schema for drift detection |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~600 |
+| Dispatch file (`db-migrate.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 5 skills | ~2,000 |
+| **Total** | **~7,600** |
+
+## Open Questions
+
+- Should this integrate with data-platform's PostgreSQL MCP server for live schema comparison?
+- Support for NoSQL migration tools (Mongoose, etc.)?
--- a/docs/designs/saas-react-platform.md
+++ b/docs/designs/saas-react-platform.md
@@ -0,0 +1,73 @@
+# Design: saas-react-platform
+
+**Domain:** `saas`
+**Target Version:** v9.4.0
+
+## Purpose
+
+React frontend development toolkit with component scaffolding, routing setup, state management patterns, and build configuration. Supports Next.js and Vite-based React projects with TypeScript.
+
+## Target Users
+
+- Frontend developers building React applications
+- Teams using Next.js or Vite + React
+- Projects needing consistent component architecture
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/react setup` | Setup wizard — detect framework (Next.js/Vite), configure paths |
+| `/react component` | Scaffold React component with props, types, tests, stories |
+| `/react route` | Add route with page component, loader, and error boundary |
+| `/react state` | Set up state management pattern (Context, Zustand, Redux Toolkit) |
+| `/react hook` | Generate custom hook with TypeScript types and tests |
+| `/react lint` | Validate component tree, check prop drilling, detect anti-patterns |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `react-architect` | sonnet | default | Component design, routing, state management |
+| `react-auditor` | haiku | plan | Read-only lint and anti-pattern detection |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `framework-detection` | Detect Next.js vs Vite, App Router vs Pages Router |
+| `component-patterns` | Standard component structure, naming, file organization |
+| `state-patterns` | State management patterns and when to use each |
+| `routing-conventions` | Route naming, dynamic routes, middleware patterns |
+| `typescript-patterns` | TypeScript utility types, generics, prop typing |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** All operations are file-based (component generation, route configuration).
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | Issue labels: `Component/Frontend`, `Tech/React`, `Tech/Next.js` |
+| viz-platform | DMC components integrate with React component architecture |
+| saas-api-platform | API client generation from OpenAPI spec |
+| saas-test-pilot | Component test generation via `/react component` |
+| code-sentinel | Security scan for XSS, unsafe HTML, client-side secrets |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~800 |
+| Dispatch file (`react.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 6 skills | ~3,000 |
+| **Total** | **~8,800** |
+
+## Open Questions
+
+- Should we support Vue.js/Svelte as alternative frameworks?
+- Integration with Storybook for component documentation?
--- a/docs/designs/saas-test-pilot.md
+++ b/docs/designs/saas-test-pilot.md
@@ -0,0 +1,73 @@
+# Design: saas-test-pilot
+
+**Domain:** `saas`
+**Target Version:** v9.5.0
+
+## Purpose
+
+Test automation toolkit supporting unit, integration, and end-to-end testing. Generates test cases from code analysis, manages test fixtures, and provides coverage analysis with gap detection.
+
+## Target Users
+
+- Developers writing tests for Python or JavaScript/TypeScript projects
+- Teams enforcing test coverage requirements
+- Projects needing test generation from existing code
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/test setup` | Setup wizard — detect test framework, configure paths |
+| `/test generate` | Generate test cases for functions/classes/modules |
+| `/test coverage` | Analyze test coverage and identify untested code paths |
+| `/test fixtures` | Generate or manage test fixtures and mocks |
+| `/test e2e` | Generate end-to-end test scenarios from user stories |
+| `/test run` | Run tests with formatted output and failure analysis |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `test-architect` | sonnet | acceptEdits | Test generation, fixture creation, e2e scenarios |
+| `coverage-analyst` | haiku | plan | Read-only coverage analysis and gap detection |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `framework-detection` | Detect pytest/Jest/Vitest/Playwright, identify config |
+| `test-patterns` | Unit/integration/e2e test patterns and best practices |
+| `mock-patterns` | Mocking strategies for different dependency types |
+| `coverage-analysis` | Coverage gap detection and prioritization |
+| `fixture-management` | Fixture organization, factories, builders |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** Test generation is file-based. Test execution uses the project's own test runner via Bash.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | `/sprint test` delegates to test-pilot when installed |
+| saas-api-platform | API route tests generated from `/api test-routes` |
+| saas-react-platform | Component tests generated alongside components |
+| data-seed | Test fixtures use seed data profiles |
+| code-sentinel | Security test patterns included in generation |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~700 |
+| Dispatch file (`test.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 6 skills | ~2,500 |
+| **Total** | **~8,200** |
+
+## Open Questions
+
+- Should `/test run` replace projman's `/sprint test run` or supplement it?
+- Support for property-based testing (Hypothesis, fast-check)?
--- a/docs/prompts/INDEX.md
+++ b/docs/prompts/INDEX.md
--- a/mcp-servers/contract-validator/.doc-guardian-queue
+++ b/mcp-servers/contract-validator/.doc-guardian-queue
@@ -0,0 +1,20 @@
+2026-01-26T14:36:42 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T14:37:38 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T14:37:48 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T14:38:05 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T14:38:55 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T14:39:35 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T14:40:19 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T15:02:30 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/tests/test_parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T15:02:37 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/tests/test_parse_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T15:03:41 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/tests/test_report_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-02T10:56:19 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/mcp_server/validation_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-02T10:57:49 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/contract-validator/tests/test_validation_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-02T10:58:22 | skills | /home/lmiranda/claude-plugins-work/plugins/contract-validator/skills/mcp-tools-reference.md | README.md
+2026-02-02T10:58:38 | skills | /home/lmiranda/claude-plugins-work/plugins/contract-validator/skills/validation-rules.md | README.md
+2026-02-02T10:59:13 | .claude-plugin | /home/lmiranda/claude-plugins-work/.claude-plugin/marketplace.json | CLAUDE.md .claude-plugin/marketplace.json
+2026-02-02T13:55:33 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/visual-output.md | README.md
+2026-02-02T13:55:41 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/planner.md | README.md CLAUDE.md
+2026-02-02T13:55:55 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/orchestrator.md | README.md CLAUDE.md
+2026-02-02T13:56:14 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/executor.md | README.md CLAUDE.md
+2026-02-02T13:56:34 | agents | /home/lmiranda/claude-plugins-work/plugins/projman/agents/code-reviewer.md | README.md CLAUDE.md
--- a/mcp-servers/contract-validator/mcp_server/server.py
+++ b/mcp-servers/contract-validator/mcp_server/server.py
@@ -131,6 +131,28 @@ class ContractValidatorMCPServer:
                        "required": ["agent_name", "claude_md_path"]
                    }
                ),
+                Tool(
+                    name="validate_workflow_integration",
+                    description="Validate that a domain plugin exposes the required advisory interfaces (gate command, review command, advisory agent) expected by projman's domain-consultation skill. Also checks gate contract version compatibility.",
+                    inputSchema={
+                        "type": "object",
+                        "properties": {
+                            "plugin_path": {
+                                "type": "string",
+                                "description": "Path to the domain plugin directory"
+                            },
+                            "domain_label": {
+                                "type": "string",
+                                "description": "The Domain/* label it claims to handle, e.g. Domain/Viz"
+                            },
+                            "expected_contract": {
+                                "type": "string",
+                                "description": "Expected contract version (e.g., 'v1'). If provided, validates the gate command's contract matches."
+                            }
+                        },
+                        "required": ["plugin_path", "domain_label"]
+                    }
+                ),
                # Report tools (to be implemented in #188)
                Tool(
                    name="generate_compatibility_report",
@@ -198,6 +220,8 @@ class ContractValidatorMCPServer:
                    result = await self._validate_agent_refs(**arguments)
                elif name == "validate_data_flow":
                    result = await self._validate_data_flow(**arguments)
+                elif name == "validate_workflow_integration":
+                    result = await self._validate_workflow_integration(**arguments)
                elif name == "generate_compatibility_report":
                    result = await self._generate_compatibility_report(**arguments)
                elif name == "list_issues":
@@ -241,6 +265,17 @@ class ContractValidatorMCPServer:
        """Validate agent data flow"""
        return await self.validation_tools.validate_data_flow(agent_name, claude_md_path)

+    async def _validate_workflow_integration(
+        self,
+        plugin_path: str,
+        domain_label: str,
+        expected_contract: str = None
+    ) -> dict:
+        """Validate domain plugin exposes required advisory interfaces"""
+        return await self.validation_tools.validate_workflow_integration(
+            plugin_path, domain_label, expected_contract
+        )
+
    # Report tool implementations (Issue #188)

    async def _generate_compatibility_report(self, marketplace_path: str, format: str = "markdown") -> dict:
--- a/mcp-servers/contract-validator/mcp_server/validation_tools.py
+++ b/mcp-servers/contract-validator/mcp_server/validation_tools.py
@@ -26,6 +26,7 @@ class IssueType(str, Enum):
    OPTIONAL_DEPENDENCY = "optional_dependency"
    UNDECLARED_OUTPUT = "undeclared_output"
    INVALID_SEQUENCE = "invalid_sequence"
+    MISSING_INTEGRATION = "missing_integration"


 class ValidationIssue(BaseModel):
@@ -65,6 +66,18 @@ class DataFlowResult(BaseModel):
    issues: list[ValidationIssue] = []


+class WorkflowIntegrationResult(BaseModel):
+    """Result of workflow integration validation for domain plugins"""
+    plugin_name: str
+    domain_label: str
+    valid: bool
+    gate_command_found: bool
+    gate_contract: Optional[str] = None  # Contract version declared by gate command
+    review_command_found: bool
+    advisory_agent_found: bool
+    issues: list[ValidationIssue] = []
+
+
 class ValidationTools:
    """Tools for validating plugin compatibility and agent references"""

@@ -336,3 +349,145 @@ class ValidationTools:
        )

        return result.model_dump()
+
+    async def validate_workflow_integration(
+        self,
+        plugin_path: str,
+        domain_label: str,
+        expected_contract: Optional[str] = None
+    ) -> dict:
+        """
+        Validate that a domain plugin exposes required advisory interfaces.
+
+        Checks for:
+        - Gate command (e.g., /design-gate, /data-gate) - REQUIRED
+        - Gate contract version (gate_contract in frontmatter) - INFO if missing
+        - Review command (e.g., /design-review, /data-review) - recommended
+        - Advisory agent referencing the domain label - recommended
+
+        Args:
+            plugin_path: Path to the domain plugin directory
+            domain_label: The Domain/* label it claims to handle (e.g., Domain/Viz)
+            expected_contract: Expected contract version (e.g., 'v1'). If provided,
+                              validates the gate command's contract matches.
+
+        Returns:
+            Validation result with found interfaces and issues
+        """
+        import re
+
+        plugin_path_obj = Path(plugin_path)
+        issues = []
+
+        # Extract plugin name from path
+        plugin_name = plugin_path_obj.name
+        if not plugin_path_obj.exists():
+            return {
+                "error": f"Plugin directory not found: {plugin_path}",
+                "plugin_path": plugin_path,
+                "domain_label": domain_label
+            }
+
+        # Extract domain short name from label (e.g., "Domain/Viz" -> "viz", "Domain/Data" -> "data")
+        domain_short = domain_label.split("/")[-1].lower() if "/" in domain_label else domain_label.lower()
+
+        # Check for gate command
+        commands_dir = plugin_path_obj / "commands"
+        gate_command_found = False
+        gate_contract = None
+        gate_patterns = ["pass", "fail", "PASS", "FAIL", "Binary pass/fail", "gate"]
+
+        if commands_dir.exists():
+            for cmd_file in commands_dir.glob("*.md"):
+                if "gate" in cmd_file.name.lower():
+                    # Verify it's actually a gate command by checking content
+                    content = cmd_file.read_text()
+                    if any(pattern in content for pattern in gate_patterns):
+                        gate_command_found = True
+                        # Parse frontmatter for gate_contract
+                        frontmatter_match = re.match(r'^---\n(.*?)\n---', content, re.DOTALL)
+                        if frontmatter_match:
+                            frontmatter = frontmatter_match.group(1)
+                            contract_match = re.search(r'gate_contract:\s*(\S+)', frontmatter)
+                            if contract_match:
+                                gate_contract = contract_match.group(1)
+                        break
+
+        if not gate_command_found:
+            issues.append(ValidationIssue(
+                severity=IssueSeverity.ERROR,
+                issue_type=IssueType.MISSING_INTEGRATION,
+                message=f"Plugin '{plugin_name}' lacks a gate command for domain '{domain_label}'",
+                location=str(commands_dir),
+                suggestion=f"Create commands/{domain_short}-gate.md with binary PASS/FAIL output"
+            ))
+
+        # Check for review command
+        review_command_found = False
+        if commands_dir.exists():
+            for cmd_file in commands_dir.glob("*.md"):
+                if "review" in cmd_file.name.lower() and "gate" not in cmd_file.name.lower():
+                    review_command_found = True
+                    break
+
+        if not review_command_found:
+            issues.append(ValidationIssue(
+                severity=IssueSeverity.WARNING,
+                issue_type=IssueType.MISSING_INTEGRATION,
+                message=f"Plugin '{plugin_name}' lacks a review command for domain '{domain_label}'",
+                location=str(commands_dir),
+                suggestion=f"Create commands/{domain_short}-review.md for detailed audits"
+            ))
+
+        # Check for advisory agent
+        agents_dir = plugin_path_obj / "agents"
+        advisory_agent_found = False
+
+        if agents_dir.exists():
+            for agent_file in agents_dir.glob("*.md"):
+                content = agent_file.read_text()
+                # Check if agent references the domain label or gate command
+                if domain_label in content or f"{domain_short}-gate" in content.lower() or "advisor" in agent_file.name.lower() or "reviewer" in agent_file.name.lower():
+                    advisory_agent_found = True
+                    break
+
+        if not advisory_agent_found:
+            issues.append(ValidationIssue(
+                severity=IssueSeverity.WARNING,
+                issue_type=IssueType.MISSING_INTEGRATION,
+                message=f"Plugin '{plugin_name}' lacks an advisory agent for domain '{domain_label}'",
+                location=str(agents_dir) if agents_dir.exists() else str(plugin_path_obj),
+                suggestion=f"Create agents/{domain_short}-advisor.md referencing '{domain_label}'"
+            ))
+
+        # Check gate contract version
+        if gate_command_found:
+            if not gate_contract:
+                issues.append(ValidationIssue(
+                    severity=IssueSeverity.INFO,
+                    issue_type=IssueType.MISSING_INTEGRATION,
+                    message=f"Gate command does not declare a contract version",
+                    location=str(commands_dir),
+                    suggestion="Consider adding `gate_contract: v1` to frontmatter for version tracking"
+                ))
+            elif expected_contract and gate_contract != expected_contract:
+                issues.append(ValidationIssue(
+                    severity=IssueSeverity.WARNING,
+                    issue_type=IssueType.INTERFACE_MISMATCH,
+                    message=f"Contract version mismatch: gate declares {gate_contract}, projman expects {expected_contract}",
+                    location=str(commands_dir),
+                    suggestion=f"Update domain-consultation.md Gate Command Reference table to {gate_contract}, or update gate command to {expected_contract}"
+                ))
+
+        result = WorkflowIntegrationResult(
+            plugin_name=plugin_name,
+            domain_label=domain_label,
+            valid=gate_command_found,  # Only gate is required for validity
+            gate_command_found=gate_command_found,
+            gate_contract=gate_contract,
+            review_command_found=review_command_found,
+            advisory_agent_found=advisory_agent_found,
+            issues=issues
+        )
+
+        return result.model_dump()
--- a/mcp-servers/contract-validator/tests/test_validation_tools.py
+++ b/mcp-servers/contract-validator/tests/test_validation_tools.py
@@ -254,3 +254,261 @@ async def test_validate_data_flow_missing_producer(validation_tools, tmp_path):
    # Should have warning about missing producer
    warning_issues = [i for i in result["issues"] if i["severity"].value == "warning"]
    assert len(warning_issues) > 0
+
+
+# --- Workflow Integration Tests ---
+
+@pytest.fixture
+def domain_plugin_complete(tmp_path):
+    """Create a complete domain plugin with gate, review, and advisory agent"""
+    plugin_dir = tmp_path / "viz-platform"
+    plugin_dir.mkdir()
+    (plugin_dir / ".claude-plugin").mkdir()
+    (plugin_dir / "commands").mkdir()
+    (plugin_dir / "agents").mkdir()
+
+    # Gate command with PASS/FAIL pattern
+    gate_cmd = plugin_dir / "commands" / "design-gate.md"
+    gate_cmd.write_text("""# /design-gate
+
+Binary pass/fail validation gate for design system compliance.
+
+## Output
+
+- **PASS**: All design system checks passed
+- **FAIL**: Design system violations detected
+""")
+
+    # Review command
+    review_cmd = plugin_dir / "commands" / "design-review.md"
+    review_cmd.write_text("""# /design-review
+
+Comprehensive design system audit.
+""")
+
+    # Advisory agent
+    agent = plugin_dir / "agents" / "design-reviewer.md"
+    agent.write_text("""# design-reviewer
+
+Design system compliance auditor.
+
+Handles issues with `Domain/Viz` label.
+""")
+
+    return str(plugin_dir)
+
+
+@pytest.fixture
+def domain_plugin_missing_gate(tmp_path):
+    """Create domain plugin with review and agent but no gate command"""
+    plugin_dir = tmp_path / "data-platform"
+    plugin_dir.mkdir()
+    (plugin_dir / ".claude-plugin").mkdir()
+    (plugin_dir / "commands").mkdir()
+    (plugin_dir / "agents").mkdir()
+
+    # Review command (but no gate)
+    review_cmd = plugin_dir / "commands" / "data-review.md"
+    review_cmd.write_text("""# /data-review
+
+Data integrity audit.
+""")
+
+    # Advisory agent
+    agent = plugin_dir / "agents" / "data-advisor.md"
+    agent.write_text("""# data-advisor
+
+Data integrity advisor for Domain/Data issues.
+""")
+
+    return str(plugin_dir)
+
+
+@pytest.fixture
+def domain_plugin_minimal(tmp_path):
+    """Create minimal plugin with no commands or agents"""
+    plugin_dir = tmp_path / "minimal-plugin"
+    plugin_dir.mkdir()
+    (plugin_dir / ".claude-plugin").mkdir()
+
+    readme = plugin_dir / "README.md"
+    readme.write_text("# Minimal Plugin\n\nNo commands or agents.")
+
+    return str(plugin_dir)
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_integration_complete(validation_tools, domain_plugin_complete):
+    """Test complete domain plugin returns valid with all interfaces found"""
+    result = await validation_tools.validate_workflow_integration(
+        domain_plugin_complete,
+        "Domain/Viz"
+    )
+
+    assert "error" not in result
+    assert result["valid"] is True
+    assert result["gate_command_found"] is True
+    assert result["review_command_found"] is True
+    assert result["advisory_agent_found"] is True
+    # May have INFO issue about missing contract version (not an error/warning)
+    error_or_warning = [i for i in result["issues"]
+                        if i["severity"].value in ("error", "warning")]
+    assert len(error_or_warning) == 0
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_integration_missing_gate(validation_tools, domain_plugin_missing_gate):
+    """Test plugin missing gate command returns invalid with ERROR"""
+    result = await validation_tools.validate_workflow_integration(
+        domain_plugin_missing_gate,
+        "Domain/Data"
+    )
+
+    assert "error" not in result
+    assert result["valid"] is False
+    assert result["gate_command_found"] is False
+    assert result["review_command_found"] is True
+    assert result["advisory_agent_found"] is True
+
+    # Should have one ERROR for missing gate
+    error_issues = [i for i in result["issues"] if i["severity"].value == "error"]
+    assert len(error_issues) == 1
+    assert "gate" in error_issues[0]["message"].lower()
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_integration_minimal(validation_tools, domain_plugin_minimal):
+    """Test minimal plugin returns invalid with multiple issues"""
+    result = await validation_tools.validate_workflow_integration(
+        domain_plugin_minimal,
+        "Domain/Test"
+    )
+
+    assert "error" not in result
+    assert result["valid"] is False
+    assert result["gate_command_found"] is False
+    assert result["review_command_found"] is False
+    assert result["advisory_agent_found"] is False
+
+    # Should have one ERROR (gate) and two WARNINGs (review, agent)
+    error_issues = [i for i in result["issues"] if i["severity"].value == "error"]
+    warning_issues = [i for i in result["issues"] if i["severity"].value == "warning"]
+    assert len(error_issues) == 1
+    assert len(warning_issues) == 2
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_integration_nonexistent_plugin(validation_tools, tmp_path):
+    """Test error when plugin directory doesn't exist"""
+    result = await validation_tools.validate_workflow_integration(
+        str(tmp_path / "nonexistent"),
+        "Domain/Test"
+    )
+
+    assert "error" in result
+    assert "not found" in result["error"].lower()
+
+
+# --- Gate Contract Version Tests ---
+
+@pytest.fixture
+def domain_plugin_with_contract(tmp_path):
+    """Create domain plugin with gate_contract: v1 in frontmatter"""
+    plugin_dir = tmp_path / "viz-platform-versioned"
+    plugin_dir.mkdir()
+    (plugin_dir / ".claude-plugin").mkdir()
+    (plugin_dir / "commands").mkdir()
+    (plugin_dir / "agents").mkdir()
+
+    # Gate command with gate_contract in frontmatter
+    gate_cmd = plugin_dir / "commands" / "design-gate.md"
+    gate_cmd.write_text("""---
+description: Design system compliance gate (pass/fail)
+gate_contract: v1
+---
+
+# /design-gate
+
+Binary pass/fail validation gate for design system compliance.
+
+## Output
+
+- **PASS**: All design system checks passed
+- **FAIL**: Design system violations detected
+""")
+
+    # Review command
+    review_cmd = plugin_dir / "commands" / "design-review.md"
+    review_cmd.write_text("""# /design-review
+
+Comprehensive design system audit.
+""")
+
+    # Advisory agent
+    agent = plugin_dir / "agents" / "design-reviewer.md"
+    agent.write_text("""# design-reviewer
+
+Design system compliance auditor for Domain/Viz issues.
+""")
+
+    return str(plugin_dir)
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_contract_match(validation_tools, domain_plugin_with_contract):
+    """Test that matching expected_contract produces no warning"""
+    result = await validation_tools.validate_workflow_integration(
+        domain_plugin_with_contract,
+        "Domain/Viz",
+        expected_contract="v1"
+    )
+
+    assert "error" not in result
+    assert result["valid"] is True
+    assert result["gate_contract"] == "v1"
+
+    # Should have no warnings about contract mismatch
+    warning_issues = [i for i in result["issues"] if i["severity"].value == "warning"]
+    contract_warnings = [i for i in warning_issues if "contract" in i["message"].lower()]
+    assert len(contract_warnings) == 0
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_contract_mismatch(validation_tools, domain_plugin_with_contract):
+    """Test that mismatched expected_contract produces WARNING"""
+    result = await validation_tools.validate_workflow_integration(
+        domain_plugin_with_contract,
+        "Domain/Viz",
+        expected_contract="v2"  # Gate has v1
+    )
+
+    assert "error" not in result
+    assert result["valid"] is True  # Contract mismatch doesn't affect validity
+    assert result["gate_contract"] == "v1"
+
+    # Should have warning about contract mismatch
+    warning_issues = [i for i in result["issues"] if i["severity"].value == "warning"]
+    contract_warnings = [i for i in warning_issues if "contract" in i["message"].lower()]
+    assert len(contract_warnings) == 1
+    assert "mismatch" in contract_warnings[0]["message"].lower()
+    assert "v1" in contract_warnings[0]["message"]
+    assert "v2" in contract_warnings[0]["message"]
+
+
+@pytest.mark.asyncio
+async def test_validate_workflow_no_contract(validation_tools, domain_plugin_complete):
+    """Test that missing gate_contract produces INFO suggestion"""
+    result = await validation_tools.validate_workflow_integration(
+        domain_plugin_complete,
+        "Domain/Viz"
+    )
+
+    assert "error" not in result
+    assert result["valid"] is True
+    assert result["gate_contract"] is None
+
+    # Should have info issue about missing contract
+    info_issues = [i for i in result["issues"] if i["severity"].value == "info"]
+    contract_info = [i for i in info_issues if "contract" in i["message"].lower()]
+    assert len(contract_info) == 1
+    assert "does not declare" in contract_info[0]["message"].lower()
--- a/mcp-servers/gitea/.doc-guardian-queue
+++ b/mcp-servers/gitea/.doc-guardian-queue
@@ -0,0 +1,6 @@
+2026-02-03T14:09:25 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/tests/test_config.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:09:33 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/tests/test_gitea_client.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:10:22 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/tests/test_issues.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:17:12 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/README.md | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:18:27 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/CHANGELOG.md | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:18:41 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/TESTING.md | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
--- a/mcp-servers/gitea/CHANGELOG.md
+++ b/mcp-servers/gitea/CHANGELOG.md
@@ -0,0 +1,92 @@
+# Changelog
+
+All notable changes to the Gitea MCP Server will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.3.0] - 2026-02-03
+
+### Added
+- Pull request tools (7 tools):
+  - `list_pull_requests` - List PRs from repository
+  - `get_pull_request` - Get specific PR details
+  - `get_pr_diff` - Get PR diff content
+  - `get_pr_comments` - Get comments on a PR
+  - `create_pr_review` - Create PR review (approve/request changes/comment)
+  - `add_pr_comment` - Add comment to PR
+  - `create_pull_request` - Create new pull request
+- Label creation tools (3 tools):
+  - `create_label` - Create repo-level label
+  - `create_org_label` - Create organization-level label
+  - `create_label_smart` - Auto-detect org vs repo for label creation
+- Validation tools (2 tools):
+  - `validate_repo_org` - Check if repo belongs to organization
+  - `get_branch_protection` - Get branch protection rules
+
+### Changed
+- Total tools increased from 20 to 36
+- Updated test suite to 64 tests (was 42)
+
+### Fixed
+- Test fixtures updated to use `owner/repo` format
+- Fixed aggregate_issues tests to pass required `org` argument
+
+## [1.2.0] - 2026-01-28
+
+### Added
+- Milestone management tools (5 tools):
+  - `list_milestones` - List all milestones
+  - `get_milestone` - Get specific milestone
+  - `create_milestone` - Create new milestone
+  - `update_milestone` - Update existing milestone
+  - `delete_milestone` - Delete a milestone
+- Issue dependency tools (4 tools):
+  - `list_issue_dependencies` - List blocking issues
+  - `create_issue_dependency` - Create dependency between issues
+  - `remove_issue_dependency` - Remove dependency
+  - `get_execution_order` - Calculate parallelizable execution order
+
+## [1.1.0] - 2026-01-21
+
+### Added
+- Wiki and lessons learned tools (7 tools):
+  - `list_wiki_pages` - List all wiki pages
+  - `get_wiki_page` - Get specific wiki page content
+  - `create_wiki_page` - Create new wiki page
+  - `update_wiki_page` - Update existing wiki page
+  - `create_lesson` - Create lessons learned entry
+  - `search_lessons` - Search lessons by query/tags
+  - `allocate_rfc_number` - Get next available RFC number
+- Automatic git remote URL detection for repository configuration
+- Support for SSH, HTTPS, and HTTP git URL formats
+
+### Changed
+- Configuration now uses `owner/repo` format exclusively
+- Removed separate `GITEA_OWNER` configuration (now derived from repo path)
+
+## [1.0.0] - 2025-01-06
+
+### Added
+- Initial release with 8 core tools:
+  - `list_issues` - List issues from repository
+  - `get_issue` - Get specific issue details
+  - `create_issue` - Create new issue with labels
+  - `update_issue` - Update existing issue
+  - `add_comment` - Add comment to issue
+  - `get_labels` - Get all labels (org + repo)
+  - `suggest_labels` - Intelligent label suggestion
+  - `aggregate_issues` - Cross-repository issue aggregation (PMO mode)
+- Hybrid configuration system (system + project level)
+- Branch-aware security model
+- Mode detection (project vs company/PMO)
+- 42 unit tests with mocks
+- Comprehensive documentation
+
+[Unreleased]: https://github.com/owner/repo/compare/v1.3.0...HEAD
+[1.3.0]: https://github.com/owner/repo/compare/v1.2.0...v1.3.0
+[1.2.0]: https://github.com/owner/repo/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/owner/repo/compare/v1.0.0...v1.1.0
+[1.0.0]: https://github.com/owner/repo/releases/tag/v1.0.0
--- a/mcp-servers/gitea/README.md
+++ b/mcp-servers/gitea/README.md
@@ -19,8 +19,9 @@ The Gitea MCP Server provides Claude Code with direct access to Gitea for issue
 - **Hybrid Configuration**: System-level credentials + project-level paths
 - **PMO Support**: Multi-repository aggregation for organization-wide views

-### Tools Provided
+### Tools Provided (36 total)

+#### Issue Management (6 tools)
 | Tool | Description | Mode |
 |------|-------------|------|
 | `list_issues` | List issues from repository | Both |
@@ -28,9 +29,61 @@ The Gitea MCP Server provides Claude Code with direct access to Gitea for issue
 | `create_issue` | Create new issue with labels | Both |
 | `update_issue` | Update existing issue | Both |
 | `add_comment` | Add comment to issue | Both |
+| `aggregate_issues` | Cross-repository issue aggregation | PMO Only |
+
+#### Label Management (5 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
 | `get_labels` | Get all labels (org + repo) | Both |
 | `suggest_labels` | Intelligent label suggestion | Both |
-| `aggregate_issues` | Cross-repository issue aggregation | PMO Only |
+| `create_label` | Create repo-level label | Both |
+| `create_org_label` | Create organization-level label | Both |
+| `create_label_smart` | Auto-detect org vs repo for label creation | Both |
+
+#### Wiki & Lessons Learned (7 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_wiki_pages` | List all wiki pages | Both |
+| `get_wiki_page` | Get specific wiki page content | Both |
+| `create_wiki_page` | Create new wiki page | Both |
+| `update_wiki_page` | Update existing wiki page | Both |
+| `create_lesson` | Create lessons learned entry | Both |
+| `search_lessons` | Search lessons by query/tags | Both |
+| `allocate_rfc_number` | Get next available RFC number | Both |
+
+#### Milestone Management (5 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_milestones` | List all milestones | Both |
+| `get_milestone` | Get specific milestone | Both |
+| `create_milestone` | Create new milestone | Both |
+| `update_milestone` | Update existing milestone | Both |
+| `delete_milestone` | Delete a milestone | Both |
+
+#### Issue Dependencies (4 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_issue_dependencies` | List blocking issues | Both |
+| `create_issue_dependency` | Create dependency between issues | Both |
+| `remove_issue_dependency` | Remove dependency | Both |
+| `get_execution_order` | Calculate parallelizable execution order | Both |
+
+#### Pull Request Tools (7 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_pull_requests` | List PRs from repository | Both |
+| `get_pull_request` | Get specific PR details | Both |
+| `get_pr_diff` | Get PR diff content | Both |
+| `get_pr_comments` | Get comments on a PR | Both |
+| `create_pr_review` | Create PR review (approve/request changes) | Both |
+| `add_pr_comment` | Add comment to PR | Both |
+| `create_pull_request` | Create new pull request | Both |
+
+#### Validation Tools (2 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `validate_repo_org` | Check if repo belongs to organization | Both |
+| `get_branch_protection` | Get branch protection rules | Both |

 ## Architecture

@@ -40,15 +93,20 @@ The Gitea MCP Server provides Claude Code with direct access to Gitea for issue
 mcp-servers/gitea/
 ├── .venv/                      # Python virtual environment
 ├── requirements.txt            # Python dependencies
+├── run.sh                      # Entry point script
 ├── mcp_server/
 │   ├── __init__.py
-│   ├── server.py              # MCP server entry point
-│   ├── config.py              # Configuration loader
+│   ├── server.py              # MCP server entry point (36 tools)
+│   ├── config.py              # Configuration loader with auto-detection
 │   ├── gitea_client.py        # Gitea API client
 │   └── tools/
 │       ├── __init__.py
-│       ├── issues.py          # Issue tools
-│       └── labels.py          # Label tools
+│       ├── issues.py          # Issue management tools
+│       ├── labels.py          # Label management tools
+│       ├── wiki.py            # Wiki & lessons learned tools
+│       ├── milestones.py      # Milestone management tools
+│       ├── dependencies.py    # Issue dependency tools
+│       └── pull_requests.py   # Pull request tools
 ├── tests/
 │   ├── __init__.py
 │   ├── test_config.py
@@ -56,7 +114,8 @@ mcp-servers/gitea/
 │   ├── test_issues.py
 │   └── test_labels.py
 ├── README.md                   # This file
-└── TESTING.md                  # Testing instructions
+├── TESTING.md                  # Testing instructions
+└── CHANGELOG.md                # Version history
 ```

 ### Mode Detection
@@ -111,7 +170,6 @@ mkdir -p ~/.config/claude
 cat > ~/.config/claude/gitea.env << EOF
 GITEA_API_URL=https://gitea.example.com/api/v1
 GITEA_API_TOKEN=your_gitea_token_here
-GITEA_OWNER=bandit
 EOF

 chmod 600 ~/.config/claude/gitea.env
@@ -137,14 +195,34 @@ For company/PMO mode, omit the `.env` file or don't set `GITEA_REPO`.
 **Required Variables**:
 - `GITEA_API_URL` - Gitea API endpoint (e.g., `https://gitea.example.com/api/v1`)
 - `GITEA_API_TOKEN` - Personal access token with repo permissions
- `GITEA_OWNER` - Organization or user name (e.g., `bandit`)

 ### Project-Level Configuration

 **File**: `<project-root>/.env`

 **Optional Variables**:
- `GITEA_REPO` - Repository name (enables project mode)
+- `GITEA_REPO` - Repository in `owner/repo` format (enables project mode)
+
+### Automatic Repository Detection
+
+If `GITEA_REPO` is not set, the server auto-detects the repository from your git remote:
+
+**Supported URL Formats**:
+- SSH: `ssh://git@gitea.example.com:22/owner/repo.git`
+- SSH short: `git@gitea.example.com:owner/repo.git`
+- HTTPS: `https://gitea.example.com/owner/repo.git`
+- HTTP: `http://gitea.example.com/owner/repo.git`
+
+The repository is extracted as `owner/repo` format automatically.
+
+### Project Directory Detection
+
+The server finds your project directory using these strategies (in order):
+
+1. `CLAUDE_PROJECT_DIR` environment variable (highest priority)
+2. `PWD` environment variable (if `.git` or `.env` present)
+3. Current working directory (if `.git` or `.env` present)
+4. Falls back to company/PMO mode if no project found

 ### Generating Gitea API Token

@@ -220,13 +298,13 @@ suggestions = await label_tools.suggest_labels(context)

 ### Unit Tests

-Run all 42 unit tests with mocks:
+Run all 64 unit tests with mocks:

 ```bash
 pytest tests/ -v
 ```

-Expected: `42 passed in 0.57s`
+Expected: `64 passed`

 ### Integration Tests

@@ -327,11 +405,15 @@ See [TESTING.md](./TESTING.md#troubleshooting) for more details.

 ### Project Structure

- `config.py` - Hybrid configuration loader with mode detection
+- `config.py` - Hybrid configuration loader with auto-detection
 - `gitea_client.py` - Synchronous Gitea API client using requests
- `tools/issues.py` - Async wrappers with branch detection
- `tools/labels.py` - Label management and suggestion
- `server.py` - MCP server with JSON-RPC 2.0 over stdio
+- `tools/issues.py` - Issue management with branch detection
+- `tools/labels.py` - Label management and intelligent suggestions
+- `tools/wiki.py` - Wiki pages and lessons learned
+- `tools/milestones.py` - Milestone CRUD operations
+- `tools/dependencies.py` - Issue dependency tracking
+- `tools/pull_requests.py` - PR review and management
+- `server.py` - MCP server with 36 tools over JSON-RPC 2.0 stdio

 ### Adding New Tools

@@ -374,18 +456,14 @@ def list_issues(self, state='open', labels=None, repo=None):

 ## Changelog

-### v1.0.0 (2025-01-06) - Phase 1 Complete
+See [CHANGELOG.md](./CHANGELOG.md) for full version history.

-✅ Initial implementation:
- Configuration management (hybrid system + project)
- Gitea API client with all CRUD operations
- MCP server with 8 tools
- Issue tools with branch detection
- Label tools with intelligent suggestions
- Mode detection (project vs company)
- Branch-aware security model
- 42 unit tests (100% passing)
- Comprehensive documentation
+### Recent Updates
+
+- **v1.3.0** - Pull request tools (7 tools), label creation tools (3)
+- **v1.2.0** - Milestone management (5 tools), issue dependencies (4 tools)
+- **v1.1.0** - Wiki & lessons learned system (7 tools)
+- **v1.0.0** - Initial release with core issue/label tools (8 tools)

 ## License

@@ -407,6 +485,6 @@ For issues or questions:
 ---

 **Built for**: Leo Claude Marketplace - Project Management Plugins
-**Phase**: 1 (Complete)
+**Tools**: 36
 **Status**: ✅ Production Ready
-**Last Updated**: 2025-01-06
+**Last Updated**: 2026-02-03
--- a/mcp-servers/gitea/TESTING.md
+++ b/mcp-servers/gitea/TESTING.md
@@ -28,7 +28,7 @@ source .venv/bin/activate  # Linux/Mac

 ### Running All Tests

-Run all 42 unit tests:
+Run all 64 unit tests:

 ```bash
 pytest tests/ -v
@@ -36,7 +36,7 @@ pytest tests/ -v

 Expected output:
 ```
-============================== 42 passed in 0.57s ==============================
+============================== 64 passed ==============================
 ```

 ### Running Specific Test Files
@@ -532,7 +532,7 @@ python -m mcp_server.server

 After completing all tests, verify:

- ✅ All 42 unit tests pass
+- ✅ All 64 unit tests pass
 - ✅ MCP server starts without errors
 - ✅ Configuration loads correctly
 - ✅ Gitea API client connects successfully
@@ -548,7 +548,7 @@ After completing all tests, verify:

 Phase 1 is complete when:

-1. **All unit tests pass** (42/42)
+1. **All unit tests pass** (64/64)
 2. **MCP server starts without errors**
 3. **Can list issues from Gitea**
 4. **Can create issues with labels** (in development mode)
--- a/mcp-servers/gitea/mcp_server/init.py
+++ b/mcp-servers/gitea/mcp_server/init.py
@@ -0,0 +1,30 @@
+"""
+Gitea MCP Server package.
+
+Provides MCP tools for Gitea integration via JSON-RPC 2.0.
+
+For external consumers (e.g., HTTP transport), use:
+    from mcp_server import get_tool_definitions, create_tool_dispatcher, GiteaClient
+
+    # Get tool schemas
+    tools = get_tool_definitions()
+
+    # Create dispatcher bound to a client
+    client = GiteaClient()
+    dispatch = create_tool_dispatcher(client)
+    result = await dispatch("list_issues", {"state": "open"})
+"""
+
+__version__ = "1.0.0"
+
+from .tool_registry import get_tool_definitions, create_tool_dispatcher
+from .gitea_client import GiteaClient
+from .config import GiteaConfig
+
+__all__ = [
+    "__version__",
+    "get_tool_definitions",
+    "create_tool_dispatcher",
+    "GiteaClient",
+    "GiteaConfig",
+]
--- a/mcp-servers/gitea/mcp_server/server.py
+++ b/mcp-servers/gitea/mcp_server/server.py
--- a/mcp-servers/gitea/mcp_server/tool_registry.py
+++ b/mcp-servers/gitea/mcp_server/tool_registry.py
--- a/mcp-servers/gitea/mcp_server/tools/wiki.py
+++ b/mcp-servers/gitea/mcp_server/tools/wiki.py
@@ -4,9 +4,11 @@ Wiki management tools for MCP server.
 Provides async wrappers for wiki operations to support lessons learned:
 - Page CRUD operations
 - Lessons learned creation and search
+- RFC number allocation
 """
 import asyncio
 import logging
+import re
 from typing import List, Dict, Optional

 logging.basicConfig(level=logging.INFO)
@@ -147,3 +149,39 @@ class WikiTools:
            lambda: self.gitea.search_lessons(query, tags, repo)
        )
        return results[:limit]
+
+    async def allocate_rfc_number(self, repo: Optional[str] = None) -> Dict:
+        """
+        Allocate the next available RFC number.
+
+        Scans existing wiki pages for RFC-NNNN pattern and returns
+        the next sequential number.
+
+        Args:
+            repo: Repository in owner/repo format
+
+        Returns:
+            Dict with 'next_number' (int) and 'formatted' (str like 'RFC-0001')
+        """
+        pages = await self.list_wiki_pages(repo)
+
+        # Extract RFC numbers from page titles
+        rfc_numbers = []
+        rfc_pattern = re.compile(r'^RFC-(\d{4})')
+
+        for page in pages:
+            title = page.get('title', '')
+            match = rfc_pattern.match(title)
+            if match:
+                rfc_numbers.append(int(match.group(1)))
+
+        # Calculate next number
+        if rfc_numbers:
+            next_num = max(rfc_numbers) + 1
+        else:
+            next_num = 1
+
+        return {
+            'next_number': next_num,
+            'formatted': f'RFC-{next_num:04d}'
+        }
--- a/mcp-servers/gitea/pyproject.toml
+++ b/mcp-servers/gitea/pyproject.toml
@@ -0,0 +1,43 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "gitea-mcp-server"
+version = "1.0.0"
+description = "MCP Server for Gitea integration - provides issue, label, wiki, milestone, dependency, and PR tools"
+readme = "README.md"
+requires-python = ">=3.10"
+license = {text = "MIT"}
+authors = [
+    { name = "Leo Miranda" }
+]
+keywords = ["mcp", "gitea", "claude", "tools"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+]
+dependencies = [
+    "mcp>=0.9.0",
+    "python-dotenv>=1.0.0",
+    "requests>=2.31.0",
+    "pydantic>=2.5.0",
+]
+
+[project.optional-dependencies]
+test = [
+    "pytest>=7.4.3",
+    "pytest-asyncio>=0.23.0",
+]
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["mcp_server*"]
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+testpaths = ["tests"]
--- a/mcp-servers/gitea/tests/test_config.py
+++ b/mcp-servers/gitea/tests/test_config.py
@@ -28,7 +28,6 @@ def test_load_system_config(tmp_path, monkeypatch):

    assert result['api_url'] == 'https://test.com/api/v1'
    assert result['api_token'] == 'test_token'
-    assert result['owner'] == 'test_owner'
    assert result['mode'] == 'company'  # No repo specified
    assert result['repo'] is None

--- a/mcp-servers/gitea/tests/test_gitea_client.py
+++ b/mcp-servers/gitea/tests/test_gitea_client.py
@@ -14,8 +14,7 @@ def mock_config():
        mock_instance.load.return_value = {
            'api_url': 'https://test.com/api/v1',
            'api_token': 'test_token',
-            'owner': 'test_owner',
-            'repo': 'test_repo',
+            'repo': 'test_owner/test_repo',  # Combined owner/repo format
            'mode': 'project'
        }
        yield mock_cfg
@@ -31,8 +30,7 @@ def test_client_initialization(gitea_client):
    """Test client initializes with correct configuration"""
    assert gitea_client.base_url == 'https://test.com/api/v1'
    assert gitea_client.token == 'test_token'
-    assert gitea_client.owner == 'test_owner'
-    assert gitea_client.repo == 'test_repo'
+    assert gitea_client.repo == 'test_owner/test_repo'  # Combined format
    assert gitea_client.mode == 'project'
    assert 'Authorization' in gitea_client.session.headers
    assert gitea_client.session.headers['Authorization'] == 'token test_token'
@@ -92,15 +90,20 @@ def test_create_issue(gitea_client):
    }
    mock_response.raise_for_status = Mock()

-    with patch.object(gitea_client.session, 'post', return_value=mock_response):
-        issue = gitea_client.create_issue(
-            title='New Issue',
-            body='Issue body',
-            labels=['Type/Bug']
-        )
+    # Mock is_org_repo to avoid network call during label resolution
+    with patch.object(gitea_client, 'is_org_repo', return_value=True):
+        # Mock get_org_labels and get_labels for label resolution
+        with patch.object(gitea_client, 'get_org_labels', return_value=[{'name': 'Type/Bug', 'id': 1}]):
+            with patch.object(gitea_client, 'get_labels', return_value=[]):
+                with patch.object(gitea_client.session, 'post', return_value=mock_response):
+                    issue = gitea_client.create_issue(
+                        title='New Issue',
+                        body='Issue body',
+                        labels=['Type/Bug']
+                    )

-        assert issue['title'] == 'New Issue'
-        gitea_client.session.post.assert_called_once()
+                    assert issue['title'] == 'New Issue'
+                    gitea_client.session.post.assert_called_once()


 def test_update_issue(gitea_client):
@@ -161,7 +164,7 @@ def test_get_org_labels(gitea_client):
    mock_response.raise_for_status = Mock()

    with patch.object(gitea_client.session, 'get', return_value=mock_response):
-        labels = gitea_client.get_org_labels()
+        labels = gitea_client.get_org_labels(org='test_owner')

        assert len(labels) == 2

@@ -176,7 +179,7 @@ def test_list_repos(gitea_client):
    mock_response.raise_for_status = Mock()

    with patch.object(gitea_client.session, 'get', return_value=mock_response):
-        repos = gitea_client.list_repos()
+        repos = gitea_client.list_repos(org='test_owner')

        assert len(repos) == 2
        assert repos[0]['name'] == 'repo1'
@@ -196,7 +199,7 @@ def test_aggregate_issues(gitea_client):
        [{'number': 2, 'title': 'Issue 2'}]   # repo2
    ])

-    aggregated = gitea_client.aggregate_issues(state='open')
+    aggregated = gitea_client.aggregate_issues(org='test_owner', state='open')

    assert 'repo1' in aggregated
    assert 'repo2' in aggregated
@@ -205,14 +208,13 @@ def test_aggregate_issues(gitea_client):


 def test_no_repo_specified_error(gitea_client):
-    """Test error when repository not specified"""
+    """Test error when repository not specified or invalid format"""
    # Create client without repo
    with patch('mcp_server.gitea_client.GiteaConfig') as mock_cfg:
        mock_instance = mock_cfg.return_value
        mock_instance.load.return_value = {
            'api_url': 'https://test.com/api/v1',
            'api_token': 'test_token',
-            'owner': 'test_owner',
            'repo': None,  # No repo
            'mode': 'company'
        }
@@ -221,7 +223,7 @@ def test_no_repo_specified_error(gitea_client):
        with pytest.raises(ValueError) as exc_info:
            client.list_issues()

-        assert "Repository not specified" in str(exc_info.value)
+        assert "Use 'owner/repo' format" in str(exc_info.value)


 # ========================================
--- a/mcp-servers/gitea/tests/test_issues.py
+++ b/mcp-servers/gitea/tests/test_issues.py
@@ -119,22 +119,26 @@ async def test_aggregate_issues_company_mode(issue_tools):
            'repo2': [{'number': 2}]
        })

-        aggregated = await issue_tools.aggregate_issues()
+        aggregated = await issue_tools.aggregate_issues(org='test_owner')

        assert 'repo1' in aggregated
        assert 'repo2' in aggregated


@pytest.mark.asyncio
-async def test_aggregate_issues_project_mode_error(issue_tools):
-    """Test that aggregate_issues fails in project mode"""
+async def test_aggregate_issues_project_mode(issue_tools):
+    """Test that aggregate_issues works in project mode with org argument"""
    issue_tools.gitea.mode = 'project'

    with patch.object(issue_tools, '_get_current_branch', return_value='development'):
-        with pytest.raises(ValueError) as exc_info:
-            await issue_tools.aggregate_issues()
+        issue_tools.gitea.aggregate_issues = Mock(return_value={
+            'repo1': [{'number': 1}]
+        })

-        assert "only available in company mode" in str(exc_info.value)
+        # aggregate_issues now works in any mode when org is provided
+        aggregated = await issue_tools.aggregate_issues(org='test_owner')
+
+        assert 'repo1' in aggregated


 def test_branch_detection():
--- a/mcp-servers/netbox/README.md
+++ b/mcp-servers/netbox/README.md
@@ -79,6 +79,69 @@ Add to your Claude Code MCP configuration (`~/.config/claude/mcp.json` or projec
 1. **System-level** (`~/.config/claude/netbox.env`): Credentials and defaults
 2. **Project-level** (`.env` in current directory): Optional overrides

+## Module Filtering (Token Optimization)
+
+By default, the NetBox MCP server registers all 182 tools across 8 modules, consuming ~19,810 tokens of context. For most workflows, you only need a subset of modules.
+
+### Configuration
+
+Add `NETBOX_ENABLED_MODULES` to your `~/.config/claude/netbox.env`:
+
+```bash
+# Enable only specific modules (comma-separated)
+NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+```
+
+If unset, all modules are enabled (backward compatible).
+
+### Available Modules
+
+| Module | Tool Count | Description | cmdb-assistant Commands |
+|--------|------------|-------------|------------------------|
+| `dcim` | ~60 | Sites, devices, racks, interfaces, cables | `/cmdb device`, `/cmdb site`, `/cmdb search`, `/cmdb topology` |
+| `ipam` | ~40 | IP addresses, prefixes, VLANs, VRFs | `/cmdb ip`, `/cmdb ip-conflicts`, `/cmdb search` |
+| `virtualization` | ~20 | Clusters, VMs, VM interfaces | `/cmdb search`, `/cmdb audit`, `/cmdb register` |
+| `extras` | ~12 | Tags, journal entries, audit log | `/cmdb change-audit`, `/cmdb register` |
+| `circuits` | ~15 | Providers, circuits, terminations | — |
+| `tenancy` | ~12 | Tenants, contacts | — |
+| `vpn` | ~15 | Tunnels, IKE/IPSec policies, L2VPN | — |
+| `wireless` | ~8 | Wireless LANs, links, groups | — |
+
+### Recommended Configurations
+
+**For cmdb-assistant users** (~43 tools, ~4,500 tokens):
+```bash
+NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+```
+
+**Basic infrastructure** (~100 tools):
+```bash
+NETBOX_ENABLED_MODULES=dcim,ipam
+```
+
+**Full CMDB** (all modules, ~182 tools):
+```bash
+# Omit NETBOX_ENABLED_MODULES or set to all modules
+NETBOX_ENABLED_MODULES=dcim,ipam,circuits,virtualization,tenancy,vpn,wireless,extras
+```
+
+### Startup Logging
+
+On startup, the server logs enabled modules and tool count:
+
+```
+NetBox MCP Server initialized: 43 tools registered (modules: dcim, extras, ipam, virtualization)
+```
+
+### Disabled Tool Behavior
+
+Calling a tool from a disabled module returns a clear error:
+
+```
+Tool 'circuits_list_circuits' is not available (module 'circuits' not enabled).
+Enabled modules: dcim, extras, ipam, virtualization
+```
+
 ## Available Tools

 ### DCIM (Data Center Infrastructure Management)
@@ -128,18 +191,18 @@ Add to your Claude Code MCP configuration (`~/.config/claude/mcp.json` or projec
 | `circuits_create_provider` | Create a provider |
 | `circuits_list_circuits` | List circuits |
 | `circuits_create_circuit` | Create a circuit |
-| `circuits_list_circuit_terminations` | List terminations |
+| `circ_list_terminations` | List terminations |
 | ... and more |

 ### Virtualization

 | Tool | Description |
 |------|-------------|
-| `virtualization_list_clusters` | List clusters |
-| `virtualization_create_cluster` | Create a cluster |
-| `virtualization_list_virtual_machines` | List VMs |
-| `virtualization_create_virtual_machine` | Create a VM |
-| `virtualization_list_vm_interfaces` | List VM interfaces |
+| `virt_list_clusters` | List clusters |
+| `virt_create_cluster` | Create a cluster |
+| `virt_list_vms` | List VMs |
+| `virt_create_vm` | Create a VM |
+| `virt_list_vm_ifaces` | List VM interfaces |
 | ... and more |

 ### Tenancy
@@ -167,9 +230,9 @@ Add to your Claude Code MCP configuration (`~/.config/claude/mcp.json` or projec

 | Tool | Description |
 |------|-------------|
-| `wireless_list_wireless_lans` | List wireless LANs |
-| `wireless_create_wireless_lan` | Create a WLAN |
-| `wireless_list_wireless_links` | List wireless links |
+| `wlan_list_lans` | List wireless LANs |
+| `wlan_create_lan` | Create a WLAN |
+| `wlan_list_links` | List wireless links |
 | ... and more |

 ### Extras
--- a/mcp-servers/netbox/mcp_server/config.py
+++ b/mcp-servers/netbox/mcp_server/config.py
@@ -9,11 +9,17 @@ from pathlib import Path
 from dotenv import load_dotenv
 import os
 import logging
-from typing import Dict, Optional
+from typing import Dict, List, Optional, Set

 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)

+# All available NetBox modules
+ALL_MODULES = frozenset([
+    'dcim', 'ipam', 'circuits', 'virtualization',
+    'tenancy', 'vpn', 'wireless', 'extras'
+])
+

 class NetBoxConfig:
    """Configuration loader for NetBox MCP Server"""
@@ -23,6 +29,7 @@ class NetBoxConfig:
        self.api_token: Optional[str] = None
        self.verify_ssl: bool = True
        self.timeout: int = 30
+        self.enabled_modules: Set[str] = set(ALL_MODULES)

    def load(self) -> Dict[str, any]:
        """
@@ -73,6 +80,9 @@ class NetBoxConfig:
            self.timeout = 30
            logger.warning(f"Invalid NETBOX_TIMEOUT value '{timeout_str}', using default 30")

+        # Module filtering
+        self.enabled_modules = self._load_enabled_modules()
+
        # Validate required variables
        self._validate()

@@ -84,7 +94,8 @@ class NetBoxConfig:
            'api_url': self.api_url,
            'api_token': self.api_token,
            'verify_ssl': self.verify_ssl,
-            'timeout': self.timeout
+            'timeout': self.timeout,
+            'enabled_modules': self.enabled_modules
        }

    def _validate(self) -> None:
@@ -106,3 +117,40 @@ class NetBoxConfig:
                f"Missing required configuration: {', '.join(missing)}\n"
                "Check your ~/.config/claude/netbox.env file"
            )
+
+    def _load_enabled_modules(self) -> Set[str]:
+        """
+        Load enabled modules from NETBOX_ENABLED_MODULES environment variable.
+
+        Format: Comma-separated list of module names.
+        Example: NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+
+        Returns:
+            Set of enabled module names. If env var is unset/empty, returns all modules.
+        """
+        modules_str = os.getenv('NETBOX_ENABLED_MODULES', '').strip()
+
+        if not modules_str:
+            logger.info("NETBOX_ENABLED_MODULES not set, all modules enabled (default)")
+            return set(ALL_MODULES)
+
+        # Parse comma-separated list, strip whitespace
+        requested = {m.strip().lower() for m in modules_str.split(',') if m.strip()}
+
+        # Validate module names
+        invalid = requested - ALL_MODULES
+        if invalid:
+            logger.warning(
+                f"Unknown modules in NETBOX_ENABLED_MODULES: {', '.join(sorted(invalid))}. "
+                f"Valid modules: {', '.join(sorted(ALL_MODULES))}"
+            )
+
+        # Return only valid modules
+        enabled = requested & ALL_MODULES
+
+        if not enabled:
+            logger.warning("No valid modules enabled, falling back to all modules")
+            return set(ALL_MODULES)
+
+        logger.info(f"Enabled modules: {', '.join(sorted(enabled))}")
+        return enabled
--- a/mcp-servers/netbox/mcp_server/server.py
+++ b/mcp-servers/netbox/mcp_server/server.py
@@ -8,11 +8,12 @@ Tenancy, VPN, Wireless, and Extras.
 import asyncio
 import logging
 import json
+from typing import Optional, Set
 from mcp.server import Server
 from mcp.server.stdio import stdio_server
 from mcp.types import Tool, TextContent

-from .config import NetBoxConfig
+from .config import NetBoxConfig, ALL_MODULES
 from .netbox_client import NetBoxClient
 from .tools.dcim import DCIMTools
 from .tools.ipam import IPAMTools
@@ -1453,6 +1454,49 @@ TOOL_NAME_MAP = {
 }


+# Map tool name prefixes to module names.
+# This handles both full prefixes and shortened prefixes used in TOOL_NAME_MAP.
+PREFIX_TO_MODULE = {
+    'dcim': 'dcim',
+    'ipam': 'ipam',
+    'circuits': 'circuits',
+    'circ': 'circuits',           # Shortened prefix
+    'virtualization': 'virtualization',
+    'virt': 'virtualization',     # Shortened prefix
+    'tenancy': 'tenancy',
+    'vpn': 'vpn',
+    'wireless': 'wireless',
+    'wlan': 'wireless',           # Shortened prefix
+    'extras': 'extras',
+}
+
+
+def _get_tool_module(tool_name: str) -> Optional[str]:
+    """
+    Determine which module a tool belongs to.
+
+    Checks TOOL_NAME_MAP first for shortened names, then falls back to prefix extraction.
+
+    Args:
+        tool_name: The tool name (e.g., 'dcim_list_devices', 'virt_list_vms')
+
+    Returns:
+        Module name (e.g., 'dcim', 'virtualization') or None if unknown
+    """
+    # Check mapped short names first
+    if tool_name in TOOL_NAME_MAP:
+        category, _ = TOOL_NAME_MAP[tool_name]
+        return category
+
+    # Fall back to prefix extraction
+    parts = tool_name.split('_', 1)
+    if len(parts) < 2:
+        return None
+
+    prefix = parts[0]
+    return PREFIX_TO_MODULE.get(prefix)
+
+
 class NetBoxMCPServer:
    """MCP Server for NetBox integration"""

@@ -1460,6 +1504,8 @@ class NetBoxMCPServer:
        self.server = Server("netbox-mcp")
        self.config = None
        self.client = None
+        self.enabled_modules: Set[str] = set(ALL_MODULES)
+        # Tool instances - only instantiated for enabled modules
        self.dcim_tools = None
        self.ipam_tools = None
        self.circuits_tools = None
@@ -1474,18 +1520,39 @@ class NetBoxMCPServer:
        try:
            config_loader = NetBoxConfig()
            self.config = config_loader.load()
+            self.enabled_modules = self.config['enabled_modules']

            self.client = NetBoxClient()
-            self.dcim_tools = DCIMTools(self.client)
-            self.ipam_tools = IPAMTools(self.client)
-            self.circuits_tools = CircuitsTools(self.client)
-            self.virtualization_tools = VirtualizationTools(self.client)
-            self.tenancy_tools = TenancyTools(self.client)
-            self.vpn_tools = VPNTools(self.client)
-            self.wireless_tools = WirelessTools(self.client)
-            self.extras_tools = ExtrasTools(self.client)

-            logger.info(f"NetBox MCP Server initialized for {self.config['api_url']}")
+            # Conditionally instantiate tool classes for enabled modules only
+            if 'dcim' in self.enabled_modules:
+                self.dcim_tools = DCIMTools(self.client)
+            if 'ipam' in self.enabled_modules:
+                self.ipam_tools = IPAMTools(self.client)
+            if 'circuits' in self.enabled_modules:
+                self.circuits_tools = CircuitsTools(self.client)
+            if 'virtualization' in self.enabled_modules:
+                self.virtualization_tools = VirtualizationTools(self.client)
+            if 'tenancy' in self.enabled_modules:
+                self.tenancy_tools = TenancyTools(self.client)
+            if 'vpn' in self.enabled_modules:
+                self.vpn_tools = VPNTools(self.client)
+            if 'wireless' in self.enabled_modules:
+                self.wireless_tools = WirelessTools(self.client)
+            if 'extras' in self.enabled_modules:
+                self.extras_tools = ExtrasTools(self.client)
+
+            # Count tools that will be registered
+            tool_count = sum(
+                1 for name in TOOL_DEFINITIONS
+                if _get_tool_module(name) in self.enabled_modules
+            )
+
+            modules_str = ', '.join(sorted(self.enabled_modules))
+            logger.info(
+                f"NetBox MCP Server initialized: {tool_count} tools registered "
+                f"(modules: {modules_str})"
+            )
        except Exception as e:
            logger.error(f"Failed to initialize: {e}")
            raise
@@ -1495,9 +1562,14 @@ class NetBoxMCPServer:

        @self.server.list_tools()
        async def list_tools() -> list[Tool]:
-            """Return list of available tools"""
+            """Return list of available tools, filtered by enabled modules"""
            tools = []
            for name, definition in TOOL_DEFINITIONS.items():
+                # Filter tools by enabled modules
+                module = _get_tool_module(name)
+                if module not in self.enabled_modules:
+                    continue
+
                tools.append(Tool(
                    name=name,
                    description=definition['description'],
@@ -1532,6 +1604,14 @@ class NetBoxMCPServer:
        'virtualization_list_virtual_machines') to meet the 28-character
        limit. TOOL_NAME_MAP handles the translation to actual method names.
        """
+        # Check module is enabled (routing guard)
+        module = _get_tool_module(name)
+        if module and module not in self.enabled_modules:
+            raise ValueError(
+                f"Tool '{name}' is not available (module '{module}' not enabled). "
+                f"Enabled modules: {', '.join(sorted(self.enabled_modules))}"
+            )
+
        # Check if this is a mapped short name
        if name in TOOL_NAME_MAP:
            category, method_name = TOOL_NAME_MAP[name]
--- a/mcp-servers/viz-platform/.doc-guardian-queue
+++ b/mcp-servers/viz-platform/.doc-guardian-queue
@@ -0,0 +1,5 @@
+2026-01-26T11:40:11 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/viz-platform/registry/dmc_2_5.json | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T13:46:31 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/viz-platform/tests/test_chart_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T13:46:32 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/viz-platform/tests/test_theme_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T13:46:34 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/viz-platform/tests/test_theme_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-01-26T13:46:35 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/viz-platform/tests/test_theme_tools.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
--- a/plugins/clarity-assist/.claude-plugin/plugin.json
+++ b/plugins/clarity-assist/.claude-plugin/plugin.json
@@ -1,6 +1,6 @@
 {
  "name": "clarity-assist",
-  "version": "1.0.0",
+  "version": "1.2.0",
  "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
  "author": {
    "name": "Leo Miranda",
@@ -16,5 +16,8 @@
    "requirements",
    "methodology"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "core"
 }
--- a/plugins/clarity-assist/agents/clarity-coach.md
+++ b/plugins/clarity-assist/agents/clarity-coach.md
@@ -1,3 +1,11 @@
+---
+name: clarity-coach
+description: Patient, structured coach helping users articulate requirements clearly. Uses neurodivergent-friendly communication patterns.
+model: sonnet
+permissionMode: default
+disallowedTools: Write, Edit, MultiEdit
+---
+
 # Clarity Coach Agent

 ## Visual Output Requirements
@@ -111,7 +119,7 @@ Track gathered information in a mental model:

 ### After Clarification

-Produce a clear specification (see /clarify command for format).
+Produce a clear specification (see /clarity clarify command for format).

 ## Example Session

--- a/plugins/clarity-assist/claude-md-integration.md
+++ b/plugins/clarity-assist/claude-md-integration.md
@@ -18,8 +18,8 @@ This project uses the clarity-assist plugin for requirement gathering.

 | Command | Use Case |
 |---------|----------|
-| `/clarify` | Full 4-D methodology for complex requests |
-| `/quick-clarify` | Rapid mode for simple disambiguation |
+| `/clarity clarify` | Full 4-D methodology for complex requests |
+| `/clarity quick-clarify` | Rapid mode for simple disambiguation |

 ### Communication Style

--- a/plugins/clarity-assist/commands/clarify.md
+++ b/plugins/clarity-assist/commands/clarify.md
@@ -1,149 +0,0 @@
-# /clarify - Full Prompt Optimization
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  💬 CLARITY-ASSIST · Prompt Optimization                         │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the workflow.
-
-## Purpose
-
-Transform vague, incomplete, or ambiguous requests into clear, actionable specifications using the 4-D methodology with neurodivergent-friendly accommodations.
-
-## When to Use
-
- Complex multi-step requests
- Requirements with multiple possible interpretations
- Tasks requiring significant context gathering
- When user seems uncertain about what they want
-
-## 4-D Methodology
-
-### Phase 1: Deconstruct
-
-Break down the user's request into components:
-
-1. **Extract explicit requirements** - What was directly stated
-2. **Identify implicit assumptions** - What seems assumed but not stated
-3. **Note ambiguities** - Points that could go multiple ways
-4. **List dependencies** - External factors that might affect implementation
-
-### Phase 2: Diagnose
-
-Analyze gaps and potential issues:
-
-1. **Missing information** - What do we need to know?
-2. **Conflicting requirements** - Do any stated goals contradict?
-3. **Scope boundaries** - What's in/out of scope?
-4. **Technical constraints** - Platform, language, architecture limits
-
-### Phase 3: Develop
-
-Gather clarifications through structured questioning:
-
-**ND-Friendly Question Rules:**
- Present 2-4 concrete options (never open-ended alone)
- Include "Other" for custom responses
- Ask 1-2 questions at a time maximum
- Provide brief context for why you're asking
- Check for conflicts with previous answers
-
-**Example Format:**
-```
-To help me understand the scope better:
-
-**How should errors be handled?**
-1. Silent logging (user sees nothing)
-2. Toast notifications (brief, dismissible)
-3. Modal dialogs (requires user action)
-4. Other
-
-[Context: This affects both UX and how much error-handling code we need]
-```
-
-### Phase 4: Deliver
-
-Produce the refined specification:
-
-```markdown
-## Clarified Request
-
-### Summary
-[1-2 sentence description of what will be built]
-
-### Scope
-**In Scope:**
- [Item 1]
- [Item 2]
-
-**Out of Scope:**
- [Item 1]
-
-### Requirements
-
-| # | Requirement | Priority | Notes |
-|---|-------------|----------|-------|
-| 1 | ... | Must | ... |
-| 2 | ... | Should | ... |
-
-### Assumptions
- [Assumption made based on conversation]
-
-### Open Questions
- [Any remaining ambiguities, if any]
-```
-
-## Conflict Detection
-
-Before each question, review previous answers for conflicts:
-
-```
-[Internal check]
-Previous: User said "keep it simple"
-Current question about: Adding configuration options
-Potential conflict: More options = more complexity
-→ Acknowledge: "Earlier you mentioned keeping it simple. With that in mind..."
-```
-
-## Escalation Protocol
-
-If the request is particularly messy or the user seems overwhelmed:
-
-1. Acknowledge the complexity
-2. Offer to start with just ONE aspect
-3. Build incrementally
-
-```
-"This touches a lot of areas. Rather than tackle everything at once,
-let's start with [most critical piece]. Once that's clear, we can
-add the other parts. Sound good?"
-```
-
-## Example Interaction
-
-**User:** Make the app faster
-
-**Clarify Response:**
-
-```
-Let me help clarify what kind of performance improvements you're looking for.
-
-**What type of slowness are you experiencing?**
-1. Initial page load takes too long
-2. Interactions feel sluggish (clicking, typing)
-3. API calls are slow
-4. All of the above
-5. Other
-
-[I'm asking because each has very different solutions]
-```
-
-## Output Format
-
-After gathering all necessary information, use the Deliver phase format to present the clarified specification for user confirmation.
--- a/plugins/clarity-assist/commands/clarity-clarify.md
+++ b/plugins/clarity-assist/commands/clarity-clarify.md
@@ -0,0 +1,68 @@
+---
+name: clarity clarify
+---
+
+# /clarity clarify - Full Prompt Optimization
+
+## Visual Output
+
+```
+----------------------------------------------------------------------+
+|  CLARITY-ASSIST - Prompt Optimization                                |
+----------------------------------------------------------------------+
+```
+
+## Purpose
+
+Transform vague, incomplete, or ambiguous requests into clear, actionable specifications using the 4-D methodology with neurodivergent-friendly accommodations.
+
+## When to Use
+
+- Complex multi-step requests
+- Requirements with multiple possible interpretations
+- Tasks requiring significant context gathering
+- When user seems uncertain about what they want
+
+## Skills to Load
+
+Load these skills before proceeding:
+
+- `skills/4d-methodology.md` - Core 4-phase process
+- `skills/nd-accommodations.md` - ND-friendly question patterns
+- `skills/clarification-techniques.md` - Anti-patterns and templates
+- `skills/escalation-patterns.md` - When to adjust approach
+
+## Workflow
+
+1. **Deconstruct** - Break down request into components
+2. **Diagnose** - Identify gaps and conflicts
+3. **Develop** - Gather clarifications via structured questions
+4. **Deliver** - Present refined specification
+5. **Offer RFC Creation** - For feature work, offer to save as RFC
+
+## Output Format
+
+Use the Deliver phase template from `skills/4d-methodology.md` to present the clarified specification for user confirmation.
+
+## RFC Creation Offer (Step 5)
+
+After presenting the clarified specification, if the request appears to be a feature or enhancement:
+
+```
+---
+
+Would you like to save this as an RFC for formal tracking?
+
+An RFC (Request for Comments) provides:
+- Structured documentation of the proposal
+- Review workflow before implementation
+- Integration with sprint planning
+
+[1] Yes, create RFC from this specification
+[2] No, proceed with implementation directly
+```
+
+If user selects [1]:
+- Pass clarified specification to `/rfc-create`
+- The Summary, Motivation, and Design sections will be populated from the clarified spec
+- User can then refine the RFC and submit for review
--- a/plugins/clarity-assist/commands/clarity-quick-clarify.md
+++ b/plugins/clarity-assist/commands/clarity-quick-clarify.md
@@ -0,0 +1,49 @@
+---
+name: clarity quick-clarify
+---
+
+# /clarity quick-clarify - Rapid Clarification Mode
+
+## Visual Output
+
+```
+----------------------------------------------------------------------+
+|  CLARITY-ASSIST - Quick Clarify                                      |
+----------------------------------------------------------------------+
+```
+
+## Purpose
+
+Single-pass clarification for requests that are mostly clear but need minor disambiguation.
+
+## When to Use
+
+- Request is fairly clear, just one or two ambiguities
+- User is in a hurry
+- Follow-up to an already-clarified request
+- Simple feature additions or bug fixes
+
+## Skills to Load
+
+- `skills/nd-accommodations.md` - ND-friendly question patterns
+- `skills/clarification-techniques.md` - Echo and micro-summary techniques
+- `skills/escalation-patterns.md` - When to escalate to full `/clarity clarify`
+
+## Workflow
+
+1. **Echo Understanding** - Restate in a single sentence
+2. **Quick Disambiguation** - Ask ONE multiple-choice question if needed
+3. **Proceed or Confirm** - Start work or offer micro-summary
+
+## Output Format
+
+No formal specification document needed. Proceed after brief confirmation, documenting assumptions inline with the work.
+
+## Escalation
+
+If complexity emerges, offer to switch to full `/clarity clarify`:
+
+```
+"This is more involved than it first appeared. Want me to switch
+to a more thorough clarification process?"
+```
--- a/plugins/clarity-assist/commands/clarity.md
+++ b/plugins/clarity-assist/commands/clarity.md
@@ -0,0 +1,14 @@
+---
+description: Prompt optimization and requirement clarification
+---
+
+# /clarity
+
+Prompt optimization and requirement clarification with ND-friendly accommodations.
+
+## Sub-commands
+
+| Sub-command | Description |
+|-------------|-------------|
+| `/clarity clarify` | Full 4-D methodology for complex requests |
+| `/clarity quick-clarify` | Rapid mode for simple disambiguation |
--- a/plugins/clarity-assist/commands/quick-clarify.md
+++ b/plugins/clarity-assist/commands/quick-clarify.md
@@ -1,96 +0,0 @@
-# /quick-clarify - Rapid Clarification Mode
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  💬 CLARITY-ASSIST · Quick Clarify                               │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the workflow.
-
-## Purpose
-
-Single-pass clarification for requests that are mostly clear but need minor disambiguation.
-
-## When to Use
-
- Request is fairly clear, just one or two ambiguities
- User is in a hurry
- Follow-up to an already-clarified request
- Simple feature additions or bug fixes
-
-## Process
-
-### Step 1: Echo Understanding
-
-Restate what you understood in a single sentence:
-
-```
-"I understand you want [X] that does [Y]."
-```
-
-### Step 2: Quick Disambiguation
-
-If needed, ask ONE multiple-choice question:
-
-```
-**Just to confirm:** Should this [A] or [B]?
-1. [Option A with brief description]
-2. [Option B with brief description]
-3. Both
-4. Neither / Other approach
-```
-
-### Step 3: Proceed or Confirm
-
-If confident (>90%), proceed with a brief confirmation:
-
-```
-"Got it. I'll implement [X with chosen option]. Starting now."
-```
-
-If less confident, offer a micro-summary:
-
-```
-"Quick summary before I start:
- [Key point 1]
- [Key point 2]
- [Assumption made]
-
-Proceed? (Or clarify anything)"
-```
-
-## Example Interaction
-
-**User:** Add a delete button to the user list
-
-**Quick-Clarify Response:**
-
-```
-I'll add a delete button to each row in the user list.
-
-**Should deletion require confirmation?**
-1. Yes - show confirmation dialog (Recommended)
-2. No - delete immediately
-3. Soft delete - mark as deleted but keep data
-
-[Asking because accidental deletions can be problematic]
-```
-
-## Escalation to Full /clarify
-
-If quick-clarify reveals complexity:
-
-```
-"This is more involved than it first appeared - there are
-several decisions to make. Want me to switch to a more
-thorough clarification process? (Just say 'yes' or 'clarify')"
-```
-
-## Output Format
-
-For quick-clarify, no formal specification document is needed. Just proceed with the task after brief confirmation, documenting assumptions inline with the work.
--- a/plugins/clarity-assist/docs/ND-SUPPORT.md
+++ b/plugins/clarity-assist/docs/ND-SUPPORT.md
@@ -58,8 +58,8 @@ Our design philosophy centers on three principles:
 ### 3. Customizable Verbosity

 **Detail Levels**
- `/clarify` - Full methodology for complex requests (more thorough, more questions)
- `/quick-clarify` - Rapid mode for simple disambiguation (fewer questions, faster)
+- `/clarity clarify` - Full methodology for complex requests (more thorough, more questions)
+- `/clarity quick-clarify` - Rapid mode for simple disambiguation (fewer questions, faster)

 **User Control**
 - Users can always say "that's enough detail" to end questioning early
@@ -68,7 +68,7 @@ Our design philosophy centers on three principles:

 ### 4. Vagueness Detection

-The `UserPromptSubmit` hook automatically detects prompts that might benefit from clarification and gently suggests using `/clarify`.
+The `UserPromptSubmit` hook automatically detects prompts that might benefit from clarification and gently suggests using `/clarity clarify`.

 **Detection Signals**
 - Short prompts (< 10 words) without specific technical terms
@@ -156,10 +156,10 @@ This triggers vagueness detection because:
 - No specific technical context
 - No measurable outcome

-### After: Clarified with /clarify
+### After: Clarified with /clarity clarify

 ```
-User: /clarify Make the app faster
+User: /clarity clarify Make the app faster

 Claude: Let me help clarify what kind of performance improvements you're looking for.

@@ -235,7 +235,7 @@ Optimize initial page load time to under 2 seconds by addressing bundle size and
 For simpler requests that just need minor disambiguation:

 ```
-User: /quick-clarify Add a delete button to the user list
+User: /clarity quick-clarify Add a delete button to the user list

 Claude: I'll add a delete button to each row in the user list.

@@ -286,14 +286,14 @@ export CLARITY_ASSIST_VAGUENESS_THRESHOLD=0.8

 ### If You're Feeling Overwhelmed

- Use `/quick-clarify` instead of `/clarify` for faster interactions
+- Use `/clarity quick-clarify` instead of `/clarity clarify` for faster interactions
 - Say "let's focus on just one thing" to narrow scope
 - Ask to "pause and summarize" at any point
 - It's OK to say "I don't know" - the plugin will offer concrete alternatives

 ### If You Have Executive Function Challenges

- Start with `/clarify` even for tasks you think are simple - it helps with planning
+- Start with `/clarity clarify` even for tasks you think are simple - it helps with planning
 - The structured specification can serve as a checklist
 - Use the scope boundaries to prevent scope creep

--- a/plugins/clarity-assist/hooks/hooks.json
+++ b/plugins/clarity-assist/hooks/hooks.json
@@ -2,8 +2,13 @@
  "hooks": {
    "UserPromptSubmit": [
      {
-        "type": "command",
-        "command": "${CLAUDE_PLUGIN_ROOT}/hooks/vagueness-check.sh"
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/vagueness-check.sh"
+          }
+        ]
      }
    ]
  }
--- a/plugins/clarity-assist/hooks/vagueness-check.sh
+++ b/plugins/clarity-assist/hooks/vagueness-check.sh
@@ -197,6 +197,38 @@ if (( $(echo "$SCORE > 1.0" | bc -l) )); then
    SCORE="1.0"
 fi

+# ============================================================================
+# Feature Request Detection (for RFC suggestion)
+# ============================================================================
+
+FEATURE_REQUEST=false
+
+# Feature request phrases
+FEATURE_PHRASES=(
+    "we should"
+    "it would be nice"
+    "feature request"
+    "idea:"
+    "suggestion:"
+    "what if we"
+    "wouldn't it be great"
+    "i think we need"
+    "we need to add"
+    "we could add"
+    "how about adding"
+    "can we add"
+    "new feature"
+    "enhancement"
+    "proposal"
+)
+
+for phrase in "${FEATURE_PHRASES[@]}"; do
+    if [[ "$PROMPT_LOWER" == *"$phrase"* ]]; then
+        FEATURE_REQUEST=true
+        break
+    fi
+done
+
 # ============================================================================
 # Output suggestion if score exceeds threshold
 # ============================================================================
@@ -208,8 +240,16 @@ if (( $(echo "$SCORE >= $THRESHOLD" | bc -l) )); then

    # Gentle, non-blocking suggestion
    echo "$PREFIX Your prompt could benefit from more clarity."
-    echo "$PREFIX Consider running /clarity-assist to refine your request."
+    echo "$PREFIX Consider running /clarity clarify to refine your request."
    echo "$PREFIX (Vagueness score: ${SCORE_PCT}% - this is a suggestion, not a block)"
+
+    # Additional RFC suggestion if feature request detected
+    if [[ "$FEATURE_REQUEST" == true ]]; then
+        echo "$PREFIX This looks like a feature idea. Consider /rfc-create to track it formally."
+    fi
+elif [[ "$FEATURE_REQUEST" == true ]]; then
+    # Feature request detected but not vague - still suggest RFC
+    echo "$PREFIX This looks like a feature idea. Consider /rfc-create to track it formally."
 fi

 # Always exit 0 - this hook is non-blocking
--- a/plugins/clarity-assist/skills/4d-methodology.md
+++ b/plugins/clarity-assist/skills/4d-methodology.md
@@ -0,0 +1,76 @@
+# 4-D Methodology for Prompt Clarification
+
+The 4-D methodology transforms vague requests into actionable specifications.
+
+## Phase 1: Deconstruct
+
+Break down the user's request into components:
+
+1. **Extract explicit requirements** - What was directly stated
+2. **Identify implicit assumptions** - What seems assumed but not stated
+3. **Note ambiguities** - Points that could go multiple ways
+4. **List dependencies** - External factors that might affect implementation
+
+## Phase 2: Diagnose
+
+Analyze gaps and potential issues:
+
+1. **Missing information** - What do we need to know?
+2. **Conflicting requirements** - Do any stated goals contradict?
+3. **Scope boundaries** - What is in/out of scope?
+4. **Technical constraints** - Platform, language, architecture limits
+
+## Phase 3: Develop
+
+Gather clarifications through structured questioning:
+
+- Present 2-4 concrete options (never open-ended alone)
+- Include "Other" for custom responses
+- Ask 1-2 questions at a time maximum
+- Provide brief context for why you are asking
+- Check for conflicts with previous answers
+
+**Example Format:**
+```
+To help me understand the scope better:
+
+**How should errors be handled?**
+1. Silent logging (user sees nothing)
+2. Toast notifications (brief, dismissible)
+3. Modal dialogs (requires user action)
+4. Other
+
+[Context: This affects both UX and how much error-handling code we need]
+```
+
+## Phase 4: Deliver
+
+Produce the refined specification:
+
+```markdown
+## Clarified Request
+
+### Summary
+[1-2 sentence description of what will be built]
+
+### Scope
+**In Scope:**
+- [Item 1]
+- [Item 2]
+
+**Out of Scope:**
+- [Item 1]
+
+### Requirements
+
+| # | Requirement | Priority | Notes |
+|---|-------------|----------|-------|
+| 1 | ... | Must | ... |
+| 2 | ... | Should | ... |
+
+### Assumptions
+- [Assumption made based on conversation]
+
+### Open Questions
+- [Any remaining ambiguities, if any]
+```
--- a/plugins/clarity-assist/skills/clarification-techniques.md
+++ b/plugins/clarity-assist/skills/clarification-techniques.md
@@ -0,0 +1,86 @@
+# Clarification Techniques
+
+Structured approaches for disambiguating user requests.
+
+## Anti-Patterns to Detect
+
+### Vague Requests
+**Triggers:** "improve", "fix", "update", "change", "better", "faster", "cleaner"
+
+**Response:** Ask for specific metrics or outcomes
+
+### Scope Creep Signals
+**Triggers:** "while you're at it", "also", "might as well", "and another thing"
+
+**Response:** Acknowledge, then isolate: "I'll note that for after the main task"
+
+### Assumption Gaps
+**Triggers:** References to "the" thing (which thing?), "it" (what?), "there" (where?)
+
+**Response:** Echo back specific understanding
+
+### Conflicting Requirements
+**Triggers:** "Simple but comprehensive", "Fast but thorough", "Minimal but complete"
+
+**Response:** Prioritize: "Which matters more: simplicity or completeness?"
+
+## Question Templates
+
+### For Unclear Purpose
+```
+**What problem does this solve?**
+1. [Specific problem A]
+2. [Specific problem B]
+3. Combination
+4. Different problem: ____
+```
+
+### For Missing Scope
+```
+**What should this include?**
+- [ ] Feature A
+- [ ] Feature B
+- [ ] Feature C
+- [ ] Other: ____
+```
+
+### For Ambiguous Behavior
+```
+**When [trigger event], what should happen?**
+1. [Behavior option A]
+2. [Behavior option B]
+3. Nothing (ignore)
+4. Depends on: ____
+```
+
+### For Technical Decisions
+```
+**Implementation approach:**
+1. [Approach A] - pros: X, cons: Y
+2. [Approach B] - pros: X, cons: Y
+3. Let me decide based on codebase
+4. Need more info about: ____
+```
+
+## Echo Understanding Technique
+
+Before diving into questions, restate understanding:
+
+```
+"I understand you want [X] that does [Y]."
+```
+
+This validates comprehension and gives user a chance to correct early.
+
+## Micro-Summary Technique
+
+For quick confirmations before proceeding:
+
+```
+"Quick summary before I start:
+- [Key point 1]
+- [Key point 2]
+- [Assumption made]
+
+Proceed? (Or clarify anything)"
+```
--- a/plugins/clarity-assist/skills/escalation-patterns.md
+++ b/plugins/clarity-assist/skills/escalation-patterns.md
@@ -0,0 +1,57 @@
+# Escalation Patterns
+
+Guidelines for when to escalate between clarification modes.
+
+## Quick-Clarify to Full Clarify
+
+Escalate when quick-clarify reveals unexpected complexity:
+
+```
+"This is more involved than it first appeared - there are
+several decisions to make. Want me to switch to a more
+thorough clarification process? (Just say 'yes' or 'clarify')"
+```
+
+### Triggers for Escalation
+
+- Multiple ambiguities discovered during quick pass
+- User's answer reveals hidden dependencies
+- Scope expands beyond original understanding
+- Technical constraints emerge that need discussion
+- Conflicting requirements surface
+
+## Full Clarify to Incremental
+
+When user is overwhelmed by full 4-D process:
+
+```
+"This touches a lot of areas. Rather than tackle everything at once,
+let's start with [most critical piece]. Once that's clear, we can
+add the other parts. Sound good?"
+```
+
+### Signs of Overwhelm
+
+- Long pauses or hesitation
+- "I don't know" responses
+- Requesting breaks
+- Contradicting earlier answers
+- Expressing frustration
+
+## Choosing Initial Mode
+
+### Use /clarity quick-clarify When
+
+- Request is fairly clear, just one or two ambiguities
+- User is in a hurry
+- Follow-up to an already-clarified request
+- Simple feature additions or bug fixes
+- Confidence is high (>90%)
+
+### Use /clarity clarify When
+
+- Complex multi-step requests
+- Requirements with multiple possible interpretations
+- Tasks requiring significant context gathering
+- User seems uncertain about what they want
+- First time working on this feature/area
--- a/plugins/clarity-assist/skills/nd-accommodations.md
+++ b/plugins/clarity-assist/skills/nd-accommodations.md
@@ -0,0 +1,74 @@
+# Neurodivergent-Friendly Accommodations
+
+Guidelines for making clarification interactions accessible and comfortable for neurodivergent users.
+
+## Core Principles
+
+### Reduce Cognitive Load
+- Maximum 4 options per question
+- Always include "Other" escape hatch
+- Provide examples, not just descriptions
+- Use numbered lists for easy reference
+
+### Support Working Memory
+- Summarize frequently
+- Reference earlier decisions explicitly
+- Do not assume user remembers context from many turns ago
+- Echo back understanding before proceeding
+
+### Allow Processing Time
+- Do not rapid-fire questions
+- Validate answers before moving on
+- Offer to revisit or change earlier answers
+- One question block at a time
+
+### Manage Overwhelm
+- Offer to break into smaller sessions
+- Prioritize must-haves vs nice-to-haves
+- Provide "good enough for now" options
+- Acknowledge complexity openly
+
+## Question Formatting Rules
+
+**Always do:**
+```
+**How should errors be handled?**
+1. Silent logging (user sees nothing)
+2. Toast notifications (brief, dismissible)
+3. Modal dialogs (requires user action)
+4. Other
+
+[Context: This affects both UX and error-handling complexity]
+```
+
+**Never do:**
+```
+How do you want to handle errors? There are many approaches...
+```
+
+## Conflict Acknowledgment
+
+Before asking about something that might conflict with a previous answer:
+
+```
+[Internal check]
+Previous: User said "keep it simple"
+Current question about: Adding configuration options
+Potential conflict: More options = more complexity
+```
+
+Then acknowledge: "Earlier you mentioned keeping it simple. With that in mind..."
+
+## Escalation for Overwhelm
+
+If the request is particularly complex or user seems overwhelmed:
+
+1. Acknowledge the complexity openly
+2. Offer to start with just ONE aspect
+3. Build incrementally
+
+```
+"This touches a lot of areas. Rather than tackle everything at once,
+let's start with [most critical piece]. Once that's clear, we can
+add the other parts. Sound good?"
+```
--- a/plugins/claude-config-maintainer/.claude-plugin/plugin.json
+++ b/plugins/claude-config-maintainer/.claude-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
  "name": "claude-config-maintainer",
-  "version": "1.0.0",
-  "description": "Maintains and optimizes CLAUDE.md configuration files for Claude Code projects",
+  "version": "1.2.0",
+  "description": "Maintains and optimizes CLAUDE.md and settings.local.json configuration files for Claude Code projects",
  "author": {
    "name": "Leo Miranda",
    "email": "leobmiranda@gmail.com"
@@ -14,7 +14,12 @@
    "configuration",
    "optimization",
    "claude-md",
-    "developer-tools"
+    "developer-tools",
+    "settings",
+    "permissions"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "core"
 }
--- a/plugins/claude-config-maintainer/agents/maintainer.md
+++ b/plugins/claude-config-maintainer/agents/maintainer.md
@@ -1,6 +1,9 @@
 ---
 name: maintainer
 description: CLAUDE.md optimization and maintenance agent
+model: sonnet
+permissionMode: acceptEdits
+skills: visual-header, settings-optimization
 ---

 # CLAUDE.md Maintainer Agent
@@ -99,7 +102,7 @@ Also check for hook-based plugins (project-hygiene uses `PostToolUse` hooks).

 For each detected plugin, search CLAUDE.md for:
 - Plugin name mention (e.g., "projman", "cmdb-assistant")
- Command references (e.g., `/sprint-plan`, `/cmdb-search`)
+- Command references (e.g., `/sprint plan`, `/cmdb search`)
 - MCP tool mentions (e.g., `list_issues`, `dcim_list_devices`)

 **Step 3: Load Integration Snippets**
@@ -114,7 +117,54 @@ Report plugin coverage percentage and offer to add missing integrations:
 - Display the integration content that would be added
 - Ask user for confirmation before modifying CLAUDE.md

-### 2. Optimize CLAUDE.md Structure
+### 2. Audit Settings Files
+
+When auditing settings files, perform:
+
+#### A. Permission Analysis
+
+Read `.claude/settings.local.json` (primary) and check `.claude/settings.json` and `~/.claude.json` project entries (secondary).
+
+Evaluate using `skills/settings-optimization.md`:
+
+**Redundancy:**
+- Duplicate entries in allow/deny arrays
+- Subset patterns covered by broader patterns
+- Patterns that could be merged
+
+**Coverage:**
+- Common safe tools missing from allow list
+- MCP server tools not covered
+- Directory scopes with no matching permission
+
+**Safety Alignment:**
+- Deny rules cover secrets and destructive commands
+- Allow rules don't bypass active review layers
+- No overly broad patterns without justification
+
+**Profile Fit:**
+- Compare against recommended profile for the project's review architecture
+- Identify specific additions/removals to reach target profile
+
+#### B. Review Layer Verification
+
+Before recommending auto-allow patterns, verify active review layers:
+
+1. Read `plugins/*/hooks/hooks.json` for each installed plugin
+2. Map hook types (PreToolUse, PostToolUse) to tool matchers (Write, Edit, Bash)
+3. Confirm plugins are listed in `.claude-plugin/marketplace.json`
+4. Only recommend auto-allow for scopes covered by ≥2 verified review layers
+
+#### C. Settings Efficiency Score (100 points)
+
+| Category | Points |
+|----------|--------|
+| Redundancy | 25 |
+| Coverage | 25 |
+| Safety Alignment | 25 |
+| Profile Fit | 25 |
+
+### 3. Optimize CLAUDE.md Structure

 **Recommended Structure:**

@@ -149,7 +199,7 @@ Common issues and solutions.
 - Use headers that scan easily
 - Include examples where they add clarity

-### 3. Apply Best Practices
+### 4. Apply Best Practices

 **DO:**
 - Use clear, direct language
@@ -166,7 +216,7 @@ Common issues and solutions.
 - Add generic advice that applies to all projects
 - Use emojis unless project requires them

-### 4. Generate Improvement Reports
+### 5. Generate Improvement Reports

 After analyzing a CLAUDE.md, provide:

@@ -202,7 +252,7 @@ Suggested Actions:
 Would you like me to implement these improvements?
 ```

-### 5. Insert Plugin Integrations
+### 6. Insert Plugin Integrations

 When adding plugin integration content to CLAUDE.md:

@@ -237,7 +287,7 @@ Add this integration to CLAUDE.md?
 - Allow users to skip specific plugins they don't want documented
 - Preserve existing CLAUDE.md structure and content

-### 6. Create New CLAUDE.md Files
+### 7. Create New CLAUDE.md Files

 When creating a new CLAUDE.md:

--- a/plugins/claude-config-maintainer/claude-md-integration.md
+++ b/plugins/claude-config-maintainer/claude-md-integration.md
@@ -1,16 +1,21 @@
 ## CLAUDE.md Maintenance (claude-config-maintainer)

-This project uses the **claude-config-maintainer** plugin to analyze and optimize CLAUDE.md configuration files.
+This project uses the **claude-config-maintainer** plugin to analyze and optimize CLAUDE.md and settings.local.json configuration files.

 ### Available Commands

 | Command | Description |
 |---------|-------------|
-| `/config-analyze` | Analyze CLAUDE.md for optimization opportunities with 100-point scoring |
-| `/config-optimize` | Automatically optimize CLAUDE.md structure and content |
-| `/config-init` | Initialize a new CLAUDE.md file for a project |
+| `/claude-config analyze` | Analyze CLAUDE.md for optimization opportunities with 100-point scoring |
+| `/claude-config optimize` | Automatically optimize CLAUDE.md structure and content |
+| `/claude-config init` | Initialize a new CLAUDE.md file for a project |
+| `/claude-config diff` | Track CLAUDE.md changes over time with behavioral impact analysis |
+| `/claude-config lint` | Lint CLAUDE.md for anti-patterns and best practices (31 rules) |
+| `/claude-config audit-settings` | Audit settings.local.json permissions with 100-point scoring |
+| `/claude-config optimize-settings` | Optimize permission patterns and apply named profiles |
+| `/claude-config permissions-map` | Visual map of review layers and permission coverage |

-### Scoring System
+### CLAUDE.md Scoring System

 The analysis uses a 100-point scoring system across four categories:

@@ -21,10 +26,31 @@ The analysis uses a 100-point scoring system across four categories:
 | Completeness | 25 | Overview, quick start, critical rules, workflows |
 | Conciseness | 25 | Efficiency, no repetition, appropriate length |

+### Settings Scoring System
+
+The settings audit uses a 100-point scoring system across four categories:
+
+| Category | Points | What It Measures |
+|----------|--------|------------------|
+| Redundancy | 25 | No duplicates, no subset patterns, efficient rules |
+| Coverage | 25 | Common tools allowed, MCP servers covered |
+| Safety Alignment | 25 | Deny rules for secrets/destructive ops, review layers verified |
+| Profile Fit | 25 | Alignment with recommended profile for review layer count |
+
+### Permission Profiles
+
+| Profile | Use Case |
+|---------|----------|
+| `conservative` | New users, minimal auto-allow, prompts for most writes |
+| `reviewed` | Projects with 2+ review layers (code-sentinel, doc-guardian, PR review) |
+| `autonomous` | Trusted CI/sandboxed environments only |
+
 ### Usage Guidelines

- Run `/config-analyze` periodically to assess CLAUDE.md quality
+- Run `/claude-config analyze` periodically to assess CLAUDE.md quality
+- Run `/claude-config audit-settings` to check permission efficiency
 - Target a score of **70+/100** for effective Claude Code operation
 - Address HIGH priority issues first when optimizing
- Use `/config-init` when setting up new projects to start with best practices
+- Use `/claude-config init` when setting up new projects to start with best practices
+- Use `/claude-config permissions-map` to visualize review layer coverage
 - Re-analyze after making changes to verify improvements
--- a/plugins/claude-config-maintainer/commands/analyze.md
+++ b/plugins/claude-config-maintainer/commands/analyze.md
@@ -1,235 +0,0 @@
---
-description: Analyze CLAUDE.md for optimization opportunities and plugin integration
---
-
-# Analyze CLAUDE.md
-
-This command analyzes your project's CLAUDE.md file and provides a detailed report on optimization opportunities and plugin integration status.
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  ⚙️ CONFIG-MAINTAINER · CLAUDE.md Analysis                       │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the analysis.
-
-## What This Command Does
-
-1. **Read CLAUDE.md** - Locates and reads the project's CLAUDE.md file
-2. **Analyze Structure** - Evaluates organization, headers, and flow
-3. **Check Content** - Reviews clarity, completeness, and conciseness
-4. **Identify Issues** - Finds redundancy, verbosity, and missing sections
-5. **Detect Active Plugins** - Identifies marketplace plugins enabled in the project
-6. **Check Plugin Integration** - Verifies CLAUDE.md references active plugins
-7. **Generate Report** - Provides scored assessment with recommendations
-
-## Usage
-
-```
-/config-analyze
-```
-
-Or invoke the maintainer agent directly:
-
-```
-Analyze the CLAUDE.md file in this project
-```
-
-## Analysis Criteria
-
-### Structure (25 points)
- Logical section ordering
- Clear header hierarchy
- Easy navigation
- Appropriate grouping
-
-### Clarity (25 points)
- Clear instructions
- Good examples
- Unambiguous language
- Appropriate detail level
-
-### Completeness (25 points)
- Project overview present
- Quick start commands documented
- Critical rules highlighted
- Key workflows covered
- **Pre-Change Protocol section present** (MANDATORY - see below)
-
-### Conciseness (25 points)
- No unnecessary repetition
- Efficient information density
- Appropriate length for project size
- No generic filler content
-
-## Pre-Change Protocol Check (MANDATORY)
-
-**This check is CRITICAL.** The Pre-Change Protocol section ensures Claude performs comprehensive dependency analysis before making any code changes, preventing missed references and incomplete updates.
-
-### What to Check
-
-Search CLAUDE.md for:
- Section header containing "Pre-Change" or "Before Any Code Change"
- References to `grep -rn` or impact search
- Checklist with "Files That Will Be Affected"
- Requirement for user verification before proceeding
-
-### If Missing
-
-**Flag as HIGH PRIORITY issue:**
-
-```
-1. [HIGH] Missing Pre-Change Protocol section
-   CLAUDE.md lacks mandatory dependency-check protocol.
-   Impact: Claude may miss file references when making changes,
-   leading to broken dependencies and incomplete updates.
-
-   Recommendation: Add Pre-Change Protocol section immediately.
-   This is the #1 cause of cascading bugs from incomplete changes.
-```
-
-### Required Section Content
-
-The Pre-Change Protocol section must include:
-1. Requirement to run grep search and show results
-2. List of files that will be affected
-3. List of files searched but not changed (with reasoning)
-4. Documentation that references the change target
-5. User verification checkpoint before proceeding
-6. Post-change verification step
-
-## Plugin Integration Analysis
-
-After the content analysis, the command detects and analyzes marketplace plugin integration:
-
-### Detection Method
-
-1. **Read `.claude/settings.local.json`** - Check for enabled MCP servers
-2. **Map MCP servers to plugins** - Use marketplace registry to identify active plugins:
-   - `gitea` → projman
-   - `netbox` → cmdb-assistant
-3. **Check for hooks** - Identify hook-based plugins (project-hygiene)
-4. **Scan CLAUDE.md** - Look for plugin integration content
-
-### Plugin Coverage Scoring
-
-For each detected plugin, verify CLAUDE.md contains:
- Plugin section header or mention
- Available commands documentation
- MCP tools reference (if applicable)
- Usage guidelines
-
-Coverage is reported as percentage: `(plugins referenced / plugins detected) * 100`
-
-## Expected Output
-
-```
-CLAUDE.md Analysis Report
-=========================
-
-File: /path/to/project/CLAUDE.md
-Lines: 245
-Last Modified: 2025-01-18
-
-Overall Score: 72/100
-
-Category Scores:
- Structure:    20/25 (Good)
- Clarity:      18/25 (Good)
- Completeness: 22/25 (Excellent)
- Conciseness:  12/25 (Needs Work)
-
-Strengths:
-+ Clear project overview with good context
-+ Critical rules prominently displayed
-+ Comprehensive coverage of workflows
-
-Issues Found:
-
-1. [HIGH] Verbose explanations (lines 45-78)
-   Section "Running Tests" has 34 lines that could be 8 lines.
-   Impact: Harder to scan, important info buried
-
-2. [MEDIUM] Duplicate content (lines 102-115, 189-200)
-   Same git workflow documented twice.
-   Impact: Maintenance burden, inconsistency risk
-
-3. [MEDIUM] Missing Quick Start section
-   No clear "how to get started" instructions.
-   Impact: Slower onboarding for Claude
-
-4. [LOW] Inconsistent header formatting
-   Mix of "## Title" and "## Title:" styles.
-   Impact: Minor readability issue
-
-Recommendations:
-1. Add Quick Start section at top (priority: high)
-2. Condense Testing section to essentials (priority: high)
-3. Remove duplicate git workflow (priority: medium)
-4. Standardize header formatting (priority: low)
-
-Estimated improvement: 15-20 points after changes
-
---
-
-Plugin Integration Analysis
-===========================
-
-Detected Active Plugins:
-  ✓ projman (via gitea MCP server)
-  ✓ cmdb-assistant (via netbox MCP server)
-  ✓ project-hygiene (via PostToolUse hook)
-
-Plugin Coverage: 33% (1/3 plugins referenced)
-
-  ✓ projman - Referenced in CLAUDE.md
-  ✗ cmdb-assistant - NOT referenced
-  ✗ project-hygiene - NOT referenced
-
-Missing Integration Content:
-
-1. cmdb-assistant
-   Add infrastructure management commands and NetBox MCP tools reference.
-
-2. project-hygiene
-   Add cleanup hook documentation and configuration options.
-
---
-
-Would you like me to:
-[1] Implement all content recommendations
-[2] Add missing plugin integrations to CLAUDE.md
-[3] Do both (recommended)
-[4] Show preview of changes first
-```
-
-## When to Use
-
-Run `/config-analyze` when:
- Setting up a new project with existing CLAUDE.md
- CLAUDE.md feels too long or hard to use
- Claude seems to miss instructions
- Before major project changes
- Periodic maintenance (quarterly)
- After installing new marketplace plugins
- When Claude doesn't seem to use available plugin tools
-
-## Follow-Up Actions
-
-After analysis, you can:
- Run `/config-optimize` to automatically improve the file
- Manually address specific issues
- Request detailed recommendations for any section
- Compare with best practice templates
-
-## Tips
-
- Run analysis after significant project changes
- Address HIGH priority issues first
- Keep scores above 70/100 for best results
- Re-analyze after making changes to verify improvement
--- a/plugins/claude-config-maintainer/commands/claude-config-analyze.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-analyze.md
@@ -0,0 +1,50 @@
+---
+name: claude-config analyze
+description: Analyze CLAUDE.md for optimization opportunities and plugin integration
+---
+
+# /claude-config analyze
+
+Analyze your CLAUDE.md and provide a scored report with recommendations.
+
+## Skills to Load
+
+- skills/visual-header.md
+- skills/analysis-workflow.md
+- skills/optimization-patterns.md
+- skills/pre-change-protocol.md
+
+## Visual Output
+
+Display: `CONFIG-MAINTAINER - CLAUDE.md Analysis`
+
+## Usage
+
+```
+/claude-config analyze
+```
+
+## Workflow
+
+1. Locate and parse CLAUDE.md
+2. Evaluate structure, clarity, completeness, conciseness
+3. Find redundancy, verbosity, missing sections
+4. Detect active marketplace plugins
+5. Verify plugin integration in CLAUDE.md
+6. Generate scored report with recommendations
+
+## Scoring (100 points)
+
+| Category | Points |
+|----------|--------|
+| Structure | 25 |
+| Clarity | 25 |
+| Completeness | 25 |
+| Conciseness | 25 |
+
+## Follow-Up Actions
+
+1. Implement content recommendations
+2. Add missing plugin integrations
+3. Do both (recommended)
+4. Show preview first
--- a/plugins/claude-config-maintainer/commands/claude-config-audit-settings.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-audit-settings.md
@@ -0,0 +1,204 @@
+---
+name: claude-config audit-settings
+description: Audit settings.local.json for permission optimization opportunities
+---
+
+# /claude-config audit-settings
+
+Audit Claude Code `settings.local.json` permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit.
+
+## Skills to Load
+
+Before executing, load:
+- `skills/visual-header.md`
+- `skills/settings-optimization.md`
+
+## Visual Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Audit                              |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+```
+/claude-config audit-settings              # Full audit with recommendations
+/claude-config audit-settings --diagram    # Include Mermaid diagram of review layer coverage
+```
+
+## Workflow
+
+### Step 1: Locate Settings Files
+
+Search in order:
+1. `.claude/settings.local.json` (primary target)
+2. `.claude/settings.json` (shared config)
+3. `~/.claude.json` project entry (legacy)
+
+Report which format is in use.
+
+### Step 2: Parse Permission Arrays
+
+Extract and analyze:
+- `permissions.allow` array
+- `permissions.deny` array
+- `permissions.ask` array (if present)
+- Legacy `allowedTools` array (if legacy format)
+
+### Step 3: Run Pattern Consolidation Analysis
+
+Using `settings-optimization.md` Section 3, detect:
+
+| Check | Description |
+|-------|-------------|
+| Duplicates | Exact same pattern appearing multiple times |
+| Subsets | Narrower patterns covered by broader ones |
+| Merge candidates | 4+ similar patterns that could be consolidated |
+| Overly broad | Unscoped tool permissions (e.g., `Bash` without pattern) |
+| Stale entries | Patterns referencing non-existent paths |
+| Conflicts | Same pattern in both allow and deny |
+
+### Step 4: Detect Active Marketplace Hooks
+
+Read `plugins/*/hooks/hooks.json` files:
+
+```bash
+# Check each plugin's hooks
+plugins/code-sentinel/hooks/hooks.json     # PreToolUse security
+plugins/doc-guardian/hooks/hooks.json      # PostToolUse drift detection
+plugins/project-hygiene/hooks/hooks.json   # PostToolUse cleanup
+plugins/data-platform/hooks/hooks.json     # PostToolUse schema diff
+plugins/contract-validator/hooks/hooks.json # Plugin validation
+```
+
+Parse each to identify:
+- Hook event type (PreToolUse, PostToolUse)
+- Tool matchers (Write, Edit, MultiEdit, Bash)
+- Whether hook is command type (reliable) or prompt type (unreliable)
+
+### Step 5: Map Review Layers to Directory Scopes
+
+For each directory scope in `settings-optimization.md` Section 4:
+1. Count how many review layers are verified active
+2. Determine if auto-allow is justified (≥2 layers required)
+3. Note any scopes that lack coverage
+
+### Step 6: Compare Against Recommended Profile
+
+Based on review layer count:
+- 0-1 layers: Recommend `conservative` profile
+- 2+ layers: Recommend `reviewed` profile
+- CI/sandboxed: May recommend `autonomous` profile
+
+Calculate profile fit percentage.
+
+### Step 7: Generate Scored Report
+
+Calculate scores using `settings-optimization.md` Section 6.
+
+## Output Format
+
+```
+Settings Efficiency Score: XX/100
+  Redundancy:       XX/25
+  Coverage:         XX/25
+  Safety Alignment: XX/25
+  Profile Fit:      XX/25
+
+Current Profile: [closest match or "custom"]
+Recommended Profile: [target based on review layers]
+
+Issues Found:
+  🔴 CRITICAL: [description]
+  🟠 HIGH: [description]
+  🟡 MEDIUM: [description]
+  🔵 LOW: [description]
+
+Active Review Layers Detected:
+  ✓ code-sentinel (PreToolUse: Write|Edit|MultiEdit)
+  ✓ doc-guardian (PostToolUse: Write|Edit|MultiEdit)
+  ✓ project-hygiene (PostToolUse: Write|Edit)
+  ✗ data-platform schema-diff (not detected)
+
+Recommendations:
+  1. [specific action with pattern]
+  2. [specific action with pattern]
+  ...
+
+Follow-Up Actions:
+  1. Run /claude-config optimize-settings to apply recommendations
+  2. Run /claude-config optimize-settings --dry-run to preview first
+  3. Run /claude-config optimize-settings --profile=reviewed to apply profile
+```
+
+## Diagram Output (--diagram flag)
+
+When `--diagram` is specified, generate a Mermaid flowchart showing:
+
+**Before generating:** Read `/mnt/skills/user/mermaid-diagrams/SKILL.md` for diagram requirements.
+
+**Diagram structure:**
+- Left column: File operation types (Write, Edit, Bash)
+- Middle: Review layers that intercept each operation
+- Right column: Current permission status (auto-allowed, prompted, denied)
+
+**Color coding:**
+- PreToolUse hooks: Blue
+- PostToolUse hooks: Green
+- Sprint Approval: Amber
+- PR Review: Purple
+
+Example structure:
+```mermaid
+flowchart LR
+    subgraph Operations
+        W[Write]
+        E[Edit]
+        B[Bash]
+    end
+
+    subgraph Review Layers
+        CS[code-sentinel]
+        DG[doc-guardian]
+        PR[pr-review]
+    end
+
+    subgraph Permission
+        A[Auto-allowed]
+        P[Prompted]
+        D[Denied]
+    end
+
+    W --> CS
+    W --> DG
+    E --> CS
+    E --> DG
+    CS --> A
+    DG --> A
+    B --> P
+
+    classDef preHook fill:#e3f2fd
+    classDef postHook fill:#e8f5e9
+    classDef prReview fill:#f3e5f5
+    class CS preHook
+    class DG postHook
+    class PR prReview
+```
+
+## Issue Severity Levels
+
+| Severity | Icon | Examples |
+|----------|------|----------|
+| CRITICAL | 🔴 | Unscoped `Bash` in allow, missing deny for secrets |
+| HIGH | 🟠 | Overly broad patterns, missing MCP coverage |
+| MEDIUM | 🟡 | Subset redundancy, merge candidates |
+| LOW | 🔵 | Exact duplicates, minor optimizations |
+
+## DO NOT
+
+- Modify any files (this is audit only)
+- Recommend `autonomous` profile unless explicitly sandboxed environment
+- Recommend auto-allow for scopes with <2 verified review layers
+- Skip hook verification before making recommendations
--- a/plugins/claude-config-maintainer/commands/claude-config-diff.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-diff.md
@@ -0,0 +1,49 @@
+---
+name: claude-config diff
+description: Show diff between current CLAUDE.md and last commit
+---
+
+# /claude-config diff
+
+Show differences between CLAUDE.md versions to track configuration drift.
+
+## Skills to Load
+
+- skills/visual-header.md
+- skills/diff-analysis.md
+
+## Visual Output
+
+Display: `CONFIG-MAINTAINER - CLAUDE.md Diff`
+
+## Usage
+
+```
+/claude-config diff                           # Working vs last commit
+/claude-config diff --commit=abc1234          # Working vs specific commit
+/claude-config diff --from=v1.0 --to=v2.0     # Compare two commits
+/claude-config diff --section="Critical Rules"  # Specific section only
+```
+
+## Workflow
+
+1. Find project's CLAUDE.md file
+2. Show diff against target revision
+3. Group changes by affected sections
+4. Explain behavioral implications
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `--commit=REF` | Compare against specific commit |
+| `--from=REF` | Starting point |
+| `--to=REF` | Ending point (default: HEAD) |
+| `--section=NAME` | Show only specific section |
+| `--stat` | Statistics only |
+
+## When to Use
+
+- Before committing CLAUDE.md changes
+- Reviewing changes after pull
+- Debugging unexpected behavior
--- a/plugins/claude-config-maintainer/commands/claude-config-init.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-init.md
@@ -0,0 +1,50 @@
+---
+name: claude-config init
+description: Initialize a new CLAUDE.md file for a project
+---
+
+# /claude-config init
+
+Create a new CLAUDE.md file tailored to your project.
+
+## Skills to Load
+
+- skills/visual-header.md
+- skills/claude-md-structure.md
+- skills/pre-change-protocol.md
+
+## Visual Output
+
+Display: `CONFIG-MAINTAINER - CLAUDE.md Initialization`
+
+## Usage
+
+```
+/claude-config init                    # Interactive
+/claude-config init --minimal          # Minimal version
+/claude-config init --comprehensive    # Detailed version
+```
+
+## Workflow
+
+1. Analyze project structure, ask clarifying questions
+2. Detect technologies, frameworks, tools
+3. Generate tailored CLAUDE.md sections
+4. Allow review and customization
+5. Save file in project root
+
+## Templates
+
+| Template | Sections |
+|----------|----------|
+| Minimal | Overview, Quick Start, Critical Rules, Pre-Change Protocol |
+| Standard | + Architecture, Common Operations, File Structure |
+| Comprehensive | + Troubleshooting, Integration Points, Workflow |
+
+**Note:** Pre-Change Protocol is MANDATORY in all templates.
+
+## When to Use
+
+- Starting a new project
+- Project lacks CLAUDE.md
+- Taking over unfamiliar project
--- a/plugins/claude-config-maintainer/commands/claude-config-lint.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-lint.md
@@ -0,0 +1,49 @@
+---
+name: claude-config lint
+description: Lint CLAUDE.md for common anti-patterns and best practices
+---
+
+# /claude-config lint
+
+Check CLAUDE.md against best practices and detect common anti-patterns.
+
+## Skills to Load
+
+- skills/visual-header.md
+- skills/lint-rules.md
+
+## Visual Output
+
+Display: `CONFIG-MAINTAINER - CLAUDE.md Lint`
+
+## Usage
+
+```
+/claude-config lint                         # Full lint
+/claude-config lint --fix                   # Auto-fix issues
+/claude-config lint --rules=security        # Check specific category
+```
+
+## Workflow
+
+1. Parse markdown structure and hierarchy
+2. Check for hardcoded paths, secrets, sensitive data
+3. Identify content anti-patterns
+4. Verify consistent formatting
+5. Generate report with fix suggestions
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `--fix` | Auto-fix issues |
+| `--rules=LIST` | Check specific categories |
+| `--ignore=LIST` | Skip specified rules |
+| `--severity=LEVEL` | Filter by severity |
+| `--strict` | Treat warnings as errors |
+
+## When to Use
+
+- Before committing CLAUDE.md changes
+- During code review
+- Periodically as maintenance
--- a/plugins/claude-config-maintainer/commands/claude-config-optimize-settings.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-optimize-settings.md
@@ -0,0 +1,243 @@
+---
+name: claude-config optimize-settings
+description: Optimize settings.local.json permissions based on audit recommendations
+---
+
+# /claude-config optimize-settings
+
+Optimize Claude Code `settings.local.json` permission patterns and apply named profiles.
+
+## Skills to Load
+
+Before executing, load:
+- `skills/visual-header.md`
+- `skills/settings-optimization.md`
+- `skills/pre-change-protocol.md`
+
+## Visual Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+```
+/claude-config optimize-settings                    # Apply audit recommendations
+/claude-config optimize-settings --dry-run          # Preview only, no changes
+/claude-config optimize-settings --profile=reviewed # Apply named profile
+/claude-config optimize-settings --consolidate-only # Only merge/dedupe, no new rules
+```
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `--dry-run` | Preview changes without applying |
+| `--profile=NAME` | Apply named profile (`conservative`, `reviewed`, `autonomous`) |
+| `--consolidate-only` | Only deduplicate and merge patterns, don't add new rules |
+| `--no-backup` | Skip backup (not recommended) |
+
+## Workflow
+
+### Step 1: Run Audit Analysis
+
+Execute the same analysis as `/claude-config audit-settings`:
+1. Locate settings file
+2. Parse permission arrays
+3. Detect issues (duplicates, subsets, merge candidates, etc.)
+4. Verify active review layers
+5. Calculate current score
+
+### Step 2: Generate Optimization Plan
+
+Based on audit results, create a change plan:
+
+**For `--consolidate-only`:**
+- Remove exact duplicates
+- Remove subset patterns covered by broader patterns
+- Merge similar patterns (4+ threshold)
+- Remove stale patterns for non-existent paths
+- Remove conflicting allow entries that are already denied
+
+**For `--profile=NAME`:**
+- Calculate diff between current permissions and target profile
+- Show additions and removals
+- Preserve any custom deny rules not in profile
+
+**For default (full optimization):**
+- Apply all consolidation changes
+- Add recommended patterns based on verified review layers
+- Suggest profile alignment if appropriate
+
+### Step 3: Show Before/After Preview
+
+**MANDATORY:** Always show preview before applying changes.
+
+```
+Current Settings:
+  allow: [12 patterns]
+  deny: [4 patterns]
+
+Proposed Changes:
+
+  REMOVE from allow (redundant):
+    - Write(plugins/projman/*) [covered by Write(plugins/**)]
+    - Write(plugins/git-flow/*) [covered by Write(plugins/**)]
+    - Bash(git status) [covered by Bash(git *)]
+
+  ADD to allow (recommended):
+    + Bash(npm *) [2 review layers active]
+    + Bash(pytest *) [2 review layers active]
+
+  ADD to deny (security):
+    + Bash(curl * | bash*) [missing safety rule]
+
+After Optimization:
+  allow: [10 patterns]
+  deny: [5 patterns]
+
+Score Impact: 67/100 → 85/100 (+18 points)
+```
+
+### Step 4: Request User Approval
+
+Ask for confirmation before proceeding:
+
+```
+Apply these changes to .claude/settings.local.json?
+  [1] Yes, apply changes
+  [2] No, cancel
+  [3] Apply partial (select which changes)
+```
+
+### Step 5: Create Backup
+
+**Before any write operation:**
+
+```bash
+# Backup location
+.claude/backups/settings.local.json.{YYYYMMDD-HHMMSS}
+```
+
+Create the `.claude/backups/` directory if it doesn't exist.
+
+### Step 6: Apply Changes
+
+Write the optimized `settings.local.json` file.
+
+### Step 7: Verify
+
+Re-read the file and re-calculate the score to confirm improvement.
+
+```
+Optimization Complete!
+
+Backup saved: .claude/backups/settings.local.json.20260202-143022
+
+Settings Efficiency Score: 85/100 (+18 from 67)
+  Redundancy:       25/25 (+8)
+  Coverage:         22/25 (+5)
+  Safety Alignment: 23/25 (+3)
+  Profile Fit:      15/25 (+2)
+
+Changes applied:
+  - Removed 3 redundant patterns
+  - Added 2 recommended patterns
+  - Added 1 safety deny rule
+```
+
+## Profile Application
+
+When using `--profile=NAME`:
+
+### `conservative`
+```
+Switching to conservative profile...
+
+This profile:
+  - Allows: Read, Glob, Grep, LS, basic Bash commands
+  - Allows: Write/Edit only for docs/
+  - Denies: .env*, secrets/, rm -rf, sudo
+
+All other Write/Edit operations will prompt for approval.
+```
+
+### `reviewed`
+```
+Switching to reviewed profile...
+
+Prerequisites verified:
+  ✓ code-sentinel hook active (PreToolUse)
+  ✓ doc-guardian hook active (PostToolUse)
+  ✓ 2+ review layers detected
+
+This profile:
+  - Allows: All file operations (Edit, Write, MultiEdit)
+  - Allows: Scoped Bash commands (git, npm, python, etc.)
+  - Denies: .env*, secrets/, rm -rf, sudo, curl|bash
+```
+
+### `autonomous`
+```
+⚠️  WARNING: Autonomous profile requested
+
+This profile allows unscoped Bash execution.
+Only use in fully sandboxed environments (CI, containers).
+
+Confirm this is a sandboxed environment?
+  [1] Yes, this is sandboxed - apply autonomous profile
+  [2] No, cancel
+```
+
+## Safety Rules
+
+1. **ALWAYS backup before writing** (unless `--no-backup`)
+2. **NEVER remove deny rules without explicit confirmation**
+3. **NEVER add unscoped `Bash` to allow** — always use scoped patterns
+4. **Preview is MANDATORY** before applying changes
+5. **Verify review layers** before recommending broad permissions
+
+## Output Format
+
+### Dry Run Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+
+DRY RUN - No changes will be made
+
+[... preview content ...]
+
+To apply these changes, run:
+  /claude-config optimize-settings
+```
+
+### Applied Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+
+Optimization Applied Successfully
+
+Backup: .claude/backups/settings.local.json.20260202-143022
+
+[... summary of changes ...]
+
+Score: 67/100 → 85/100
+```
+
+## DO NOT
+
+- Apply changes without showing preview
+- Remove deny rules silently
+- Add unscoped `Bash` permission
+- Skip backup without explicit `--no-backup` flag
+- Apply `autonomous` profile without sandbox confirmation
+- Recommend broad permissions without verifying review layers
--- a/plugins/claude-config-maintainer/commands/claude-config-optimize.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-optimize.md
@@ -0,0 +1,51 @@
+---
+name: claude-config optimize
+description: Optimize CLAUDE.md structure and content
+---
+
+# /claude-config optimize
+
+Automatically optimize CLAUDE.md based on best practices.
+
+## Skills to Load
+
+- skills/visual-header.md
+- skills/optimization-patterns.md
+- skills/pre-change-protocol.md
+- skills/claude-md-structure.md
+
+## Visual Output
+
+Display: `CONFIG-MAINTAINER - CLAUDE.md Optimization`
+
+## Usage
+
+```
+/claude-config optimize                # Full optimization
+/claude-config optimize --condense     # Reduce verbosity
+/claude-config optimize --dry-run      # Preview only
+```
+
+## Workflow
+
+1. Identify optimization opportunities
+2. Plan restructure, condense, or add actions
+3. Show before/after preview
+4. Apply changes with approval
+5. Verify improvements
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `--dry-run` | Preview without applying |
+| `--no-backup` | Skip backup |
+| `--aggressive` | Maximum condensation |
+| `--section=NAME` | Optimize specific section |
+
+**Priority:** Add Pre-Change Protocol if missing.
+
+## Safety
+
+- Auto backup to `.claude/backups/`
+- Preview before applying
--- a/plugins/claude-config-maintainer/commands/claude-config-permissions-map.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-permissions-map.md
@@ -0,0 +1,243 @@
+---
+name: claude-config permissions-map
+description: Generate visual map of review layers and permission coverage
+---
+
+# /claude-config permissions-map
+
+Generate a Mermaid diagram showing the relationship between file operations, review layers, and permission status.
+
+## Skills to Load
+
+Before executing, load:
+- `skills/visual-header.md`
+- `skills/settings-optimization.md`
+
+Also read: `/mnt/skills/user/mermaid-diagrams/SKILL.md` (for diagram requirements)
+
+## Visual Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+```
+/claude-config permissions-map           # Generate and display diagram
+/claude-config permissions-map --save    # Save diagram to .mermaid file
+```
+
+## Workflow
+
+### Step 1: Detect Active Hooks
+
+Read all plugin hooks from the marketplace:
+
+```
+plugins/code-sentinel/hooks/hooks.json
+plugins/git-flow/hooks/hooks.json
+plugins/cmdb-assistant/hooks/hooks.json
+plugins/clarity-assist/hooks/hooks.json
+```
+
+For each hook, extract:
+- Event type (PreToolUse, UserPromptSubmit)
+- Tool matchers (Write, Edit, MultiEdit, Bash patterns)
+- Hook command/script
+
+### Step 2: Map Hooks to File Scopes
+
+Create a mapping of which review layers cover which operations:
+
+| Operation | PreToolUse Hooks | Other Gates |
+|-----------|------------------|-------------|
+| Write | code-sentinel | PR review |
+| Edit | code-sentinel | PR review |
+| MultiEdit | code-sentinel | PR review |
+| Bash(git *) | git-flow | — |
+| MCP(netbox create/update) | cmdb-assistant | — |
+
+### Step 3: Read Current Permissions
+
+Load `.claude/settings.local.json` and parse:
+- `allow` array → auto-allowed operations
+- `deny` array → blocked operations
+- `ask` array → always-prompted operations
+
+### Step 4: Generate Mermaid Flowchart
+
+**Diagram requirements (from mermaid-diagrams skill):**
+- Use `classDef` for styling
+- Maximum 3 colors (blue, green, amber/purple)
+- Semantic arrow labels
+- Left-to-right flow
+
+**Structure:**
+
+```mermaid
+flowchart LR
+    subgraph ops[File Operations]
+        direction TB
+        W[Write]
+        E[Edit]
+        ME[MultiEdit]
+        BG[Bash git]
+        BN[Bash npm]
+        BO[Bash other]
+    end
+
+    subgraph pre[PreToolUse Hooks]
+        direction TB
+        CS[code-sentinel<br/>Security Scan]
+        GF[git-flow<br/>Branch Check]
+        CA[clarity-assist<br/>Prompt Quality]
+    end
+
+    subgraph perm[Permission Status]
+        direction TB
+        AA[Auto-Allowed]
+        PR[Prompted]
+        DN[Denied]
+    end
+
+    W -->|intercepted| CS
+    E -->|intercepted| CS
+    BG -->|checked| GF
+
+    CS -->|passed| AA
+    GF -->|valid| AA
+    BO -->|no hook| PR
+
+    classDef preHook fill:#e3f2fd,stroke:#1976d2
+    classDef quality fill:#fff3e0,stroke:#f57c00
+    classDef prReview fill:#f3e5f5,stroke:#7b1fa2
+    classDef allowed fill:#c8e6c9,stroke:#2e7d32
+    classDef prompted fill:#fff9c4,stroke:#f9a825
+    classDef denied fill:#ffcdd2,stroke:#c62828
+
+    class CS,GF preHook
+    class CA quality
+    class AA allowed
+    class PR prompted
+    class DN denied
+```
+
+### Step 5: Generate Coverage Summary Table
+
+```
+Review Layer Coverage Summary
+=============================
+
+| Directory Scope          | Layers | Status          | Recommendation |
+|--------------------------|--------|-----------------|----------------|
+| plugins/*/commands/*.md  |   3    | ✓ Auto-allowed  | — |
+| plugins/*/skills/*.md    |   2    | ✓ Auto-allowed  | — |
+| mcp-servers/**/*.py      |   3    | ✓ Auto-allowed  | — |
+| docs/**                  |   2    | ✓ Auto-allowed  | — |
+| scripts/*.sh             |   2    | ⚠ Prompted      | Consider auto-allow |
+| .env*                    |   0    | ✗ Denied        | Correct - secrets |
+| Root directory           |   1    | ⚠ Prompted      | Keep prompted |
+
+Legend:
+  ✓ = Covered by ≥2 review layers, auto-allowed
+  ⚠ = Fewer than 2 layers or not allowed
+  ✗ = Explicitly denied
+```
+
+### Step 6: Identify Gaps
+
+Report any gaps in coverage:
+
+```
+Coverage Gaps Detected:
+  1. Bash(npm *) — not in allow list, but npm operations are common
+     → 2 review layers active, could be auto-allowed
+
+  2. mcp__data-platform__* — MCP server configured but tools not allowed
+     → Add to allow list to avoid prompts
+
+  3. scripts/*.sh — 2 review layers but still prompted
+     → Consider adding Write(scripts/**) to allow
+```
+
+### Step 7: Output Diagram
+
+Display the Mermaid diagram inline.
+
+If `--save` flag is used:
+- Save to `.claude/permissions-map.mermaid`
+- Report the file path
+
+## Output Format
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+
+
+Review Layer Status
+===================
+
+PreToolUse Hooks (intercept before operation):
+  ✓ code-sentinel — Write, Edit, MultiEdit
+  ✓ git-flow — Bash(git checkout *), Bash(git commit *)
+  ✓ cmdb-assistant — MCP(netbox create/update)
+
+UserPromptSubmit Hooks (check prompt quality):
+  ✓ clarity-assist — vagueness detection
+
+Other Review Gates:
+  ✓ Sprint Approval (projman milestone workflow)
+  ✓ PR Review (pr-review multi-agent)
+
+Permissions Flow Diagram
+========================
+
+```mermaid
+[diagram here]
+```
+
+Coverage Summary
+================
+
+[table here]
+
+Gaps & Recommendations
+======================
+
+[gaps list here]
+```
+
+## File Output (--save flag)
+
+When `--save` is specified:
+
+```
+Diagram saved to: .claude/permissions-map.mermaid
+
+To view:
+  - Open in VS Code with Mermaid extension
+  - Paste into https://mermaid.live
+  - Include in documentation with ```mermaid code fence
+```
+
+## Color Scheme
+
+| Element | Color | Hex |
+|---------|-------|-----|
+| PreToolUse hooks | Blue | #e3f2fd |
+| Sprint/Planning gates | Amber | #fff3e0 |
+| PR Review | Purple | #f3e5f5 |
+| Auto-allowed | Light green | #c8e6c9 |
+| Prompted | Light yellow | #fff9c4 |
+| Denied | Light red | #ffcdd2 |
+
+## DO NOT
+
+- Generate diagrams without reading the mermaid-diagrams skill
+- Use more than 3 primary colors in the diagram
+- Skip the coverage summary table
+- Fail to identify coverage gaps
--- a/plugins/claude-config-maintainer/commands/claude-config.md
+++ b/plugins/claude-config-maintainer/commands/claude-config.md
@@ -0,0 +1,20 @@
+---
+description: CLAUDE.md and settings optimization
+---
+
+# /claude-config
+
+CLAUDE.md and settings.local.json optimization for Claude Code projects.
+
+## Sub-commands
+
+| Sub-command | Description |
+|-------------|-------------|
+| `/claude-config analyze` | Analyze CLAUDE.md for optimization opportunities |
+| `/claude-config optimize` | Optimize CLAUDE.md structure with preview/backup |
+| `/claude-config init` | Initialize new CLAUDE.md for a project |
+| `/claude-config diff` | Track CLAUDE.md changes over time with behavioral impact |
+| `/claude-config lint` | Lint CLAUDE.md for anti-patterns and best practices |
+| `/claude-config audit-settings` | Audit settings.local.json permissions (100-point score) |
+| `/claude-config optimize-settings` | Optimize permissions (profiles, consolidation, dry-run) |
+| `/claude-config permissions-map` | Visual review layer + permission coverage map |
--- a/plugins/claude-config-maintainer/commands/config-diff.md
+++ b/plugins/claude-config-maintainer/commands/config-diff.md
@@ -1,251 +0,0 @@
---
-description: Show diff between current CLAUDE.md and last commit
---
-
-# Compare CLAUDE.md Changes
-
-This command shows differences between your current CLAUDE.md file and previous versions, helping track configuration drift and review changes before committing.
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  ⚙️ CONFIG-MAINTAINER · CLAUDE.md Diff                           │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the diff.
-
-## What This Command Does
-
-1. **Detect CLAUDE.md Location** - Finds the project's CLAUDE.md file
-2. **Compare Versions** - Shows diff against last commit or specified revision
-3. **Highlight Sections** - Groups changes by affected sections
-4. **Summarize Impact** - Explains what the changes mean for Claude's behavior
-
-## Usage
-
-```
-/config-diff
-```
-
-Compare against a specific commit:
-
-```
-/config-diff --commit=abc1234
-/config-diff --commit=HEAD~3
-```
-
-Compare two specific commits:
-
-```
-/config-diff --from=abc1234 --to=def5678
-```
-
-Show only specific sections:
-
-```
-/config-diff --section="Critical Rules"
-/config-diff --section="Quick Start"
-```
-
-## Comparison Modes
-
-### Default: Working vs Last Commit
-Shows uncommitted changes to CLAUDE.md:
-```
-/config-diff
-```
-
-### Working vs Specific Commit
-Shows changes since a specific point:
-```
-/config-diff --commit=v1.0.0
-```
-
-### Commit to Commit
-Shows changes between two historical versions:
-```
-/config-diff --from=v1.0.0 --to=v2.0.0
-```
-
-### Branch Comparison
-Shows CLAUDE.md differences between branches:
-```
-/config-diff --branch=main
-/config-diff --from=feature-branch --to=main
-```
-
-## Expected Output
-
-```
-CLAUDE.md Diff Report
-=====================
-
-File: /path/to/project/CLAUDE.md
-Comparing: Working copy vs HEAD (last commit)
-Commit: abc1234 "Update build commands" (2 days ago)
-
-Summary:
- Lines added: 12
- Lines removed: 5
- Net change: +7 lines
- Sections affected: 3
-
-Section Changes:
----------------
-
-## Quick Start [MODIFIED]
-  - Added new environment variable requirement
-  - Updated test command with coverage flag
-
-## Critical Rules [ADDED CONTENT]
-  + New rule: "Never modify database migrations directly"
-
-## Architecture [UNCHANGED]
-
-## Common Operations [MODIFIED]
-  - Removed deprecated deployment command
-  - Added new Docker workflow
-
-Detailed Diff:
--------------
-
--- CLAUDE.md (HEAD)
-+++ CLAUDE.md (working)
-
-@@ -15,7 +15,10 @@
- ## Quick Start
-
- ```bash
-+export DATABASE_URL=postgres://...  # Required
- pip install -r requirements.txt
-pytest
-+pytest --cov=src                    # Run with coverage
- uvicorn main:app --reload
- ```
-
-@@ -45,6 +48,7 @@
- ## Critical Rules
-
- - Never modify `.env` files directly
-+- Never modify database migrations directly
- - Always run tests before committing
-
-Behavioral Impact:
------------------
-
-These changes will affect Claude's behavior:
-
-1. [NEW REQUIREMENT] Claude will now export DATABASE_URL before running
-2. [MODIFIED] Test command now includes coverage reporting
-3. [NEW RULE] Claude will avoid direct migration modifications
-
-Review: Do these changes reflect your intended configuration?
-```
-
-## Section-Focused View
-
-When using `--section`, output focuses on specific areas:
-
-```
-/config-diff --section="Critical Rules"
-
-CLAUDE.md Section Diff: Critical Rules
-======================================
-
--- HEAD
-+++ Working
-
- ## Critical Rules
-
- - Never modify `.env` files directly
-+- Never modify database migrations directly
-+- Always use type hints in Python code
- - Always run tests before committing
-- Keep functions under 50 lines
-
-Changes:
-  + 2 rules added
-  - 1 rule removed
-
-Impact: Claude will follow 2 new constraints and no longer enforce
-the 50-line function limit.
-```
-
-## Options
-
-| Option | Description |
-|--------|-------------|
-| `--commit=REF` | Compare working copy against specific commit/tag |
-| `--from=REF` | Starting point for comparison |
-| `--to=REF` | Ending point for comparison (default: HEAD) |
-| `--branch=NAME` | Compare against branch tip |
-| `--section=NAME` | Show only changes to specific section |
-| `--stat` | Show only statistics, no detailed diff |
-| `--no-color` | Disable colored output |
-| `--context=N` | Lines of context around changes (default: 3) |
-
-## Understanding the Output
-
-### Change Indicators
-
-| Symbol | Meaning |
-|--------|---------|
-| `+` | Line added |
-| `-` | Line removed |
-| `@@` | Location marker showing line numbers |
-| `[MODIFIED]` | Section has changes |
-| `[ADDED]` | New section created |
-| `[REMOVED]` | Section deleted |
-| `[UNCHANGED]` | No changes to section |
-
-### Impact Categories
-
- **NEW REQUIREMENT** - Claude will now need to do something new
- **REMOVED REQUIREMENT** - Claude no longer needs to do something
- **MODIFIED** - Existing behavior changed
- **NEW RULE** - New constraint added
- **RELAXED RULE** - Constraint removed or softened
-
-## When to Use
-
-Run `/config-diff` when:
- Before committing CLAUDE.md changes
- Reviewing what changed after pulling updates
- Debugging unexpected Claude behavior
- Auditing configuration changes over time
- Comparing configurations across branches
-
-## Integration with Other Commands
-
-| Workflow | Commands |
-|----------|----------|
-| Review before commit | `/config-diff` then `git commit` |
-| After optimization | `/config-optimize` then `/config-diff` |
-| Audit history | `/config-diff --from=v1.0.0 --to=HEAD` |
-| Branch comparison | `/config-diff --branch=main` |
-
-## Tips
-
-1. **Review before committing** - Always check what changed
-2. **Track behavioral changes** - Focus on rules and requirements sections
-3. **Use section filtering** - Large files benefit from focused diffs
-4. **Compare across releases** - Use tags to track major changes
-5. **Check after merges** - Ensure CLAUDE.md didn't get conflict artifacts
-
-## Troubleshooting
-
-### "No changes detected"
- CLAUDE.md matches the comparison target
- Check if you're comparing the right commits
-
-### "File not found in commit"
- CLAUDE.md didn't exist at that commit
- Use `git log -- CLAUDE.md` to find when it was created
-
-### "Not a git repository"
- This command requires git history
- Initialize git or use file backup comparison instead
--- a/plugins/claude-config-maintainer/commands/config-lint.md
+++ b/plugins/claude-config-maintainer/commands/config-lint.md
@@ -1,346 +0,0 @@
---
-description: Lint CLAUDE.md for common anti-patterns and best practices
---
-
-# Lint CLAUDE.md
-
-This command checks your CLAUDE.md file against best practices and detects common anti-patterns that can cause issues with Claude Code.
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  ⚙️ CONFIG-MAINTAINER · CLAUDE.md Lint                           │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the linting.
-
-## What This Command Does
-
-1. **Parse Structure** - Validates markdown structure and hierarchy
-2. **Check Security** - Detects hardcoded paths, secrets, and sensitive data
-3. **Validate Content** - Identifies anti-patterns and problematic instructions
-4. **Verify Format** - Ensures consistent formatting and style
-5. **Generate Report** - Provides actionable findings with fix suggestions
-
-## Usage
-
-```
-/config-lint
-```
-
-Lint with auto-fix:
-
-```
-/config-lint --fix
-```
-
-Check specific rules only:
-
-```
-/config-lint --rules=security,structure
-```
-
-## Linting Rules
-
-### Security Rules (SEC)
-
-| Rule | Description | Severity |
-|------|-------------|----------|
-| SEC001 | Hardcoded absolute paths | Warning |
-| SEC002 | Potential secrets/API keys | Error |
-| SEC003 | Hardcoded IP addresses | Warning |
-| SEC004 | Exposed credentials patterns | Error |
-| SEC005 | Hardcoded URLs with tokens | Error |
-| SEC006 | Environment variable values (not names) | Warning |
-
-### Structure Rules (STR)
-
-| Rule | Description | Severity |
-|------|-------------|----------|
-| STR001 | Missing required sections | Error |
-| STR002 | Invalid header hierarchy (h3 before h2) | Warning |
-| STR003 | Orphaned content (text before first header) | Info |
-| STR004 | Excessive nesting depth (>4 levels) | Warning |
-| STR005 | Empty sections | Warning |
-| STR006 | Missing section content | Warning |
-
-### Content Rules (CNT)
-
-| Rule | Description | Severity |
-|------|-------------|----------|
-| CNT001 | Contradictory instructions | Error |
-| CNT002 | Vague or ambiguous rules | Warning |
-| CNT003 | Overly long sections (>100 lines) | Info |
-| CNT004 | Duplicate content | Warning |
-| CNT005 | TODO/FIXME in production config | Warning |
-| CNT006 | Outdated version references | Info |
-| CNT007 | Broken internal links | Warning |
-
-### Format Rules (FMT)
-
-| Rule | Description | Severity |
-|------|-------------|----------|
-| FMT001 | Inconsistent header styles | Info |
-| FMT002 | Inconsistent list markers | Info |
-| FMT003 | Missing code block language | Info |
-| FMT004 | Trailing whitespace | Info |
-| FMT005 | Missing blank lines around headers | Info |
-| FMT006 | Inconsistent indentation | Info |
-
-### Best Practice Rules (BPR)
-
-| Rule | Description | Severity |
-|------|-------------|----------|
-| BPR001 | No Quick Start section | Warning |
-| BPR002 | No Critical Rules section | Warning |
-| BPR003 | Instructions without examples | Info |
-| BPR004 | Commands without explanation | Info |
-| BPR005 | Rules without rationale | Info |
-| BPR006 | Missing plugin integration docs | Info |
-
-## Expected Output
-
-```
-CLAUDE.md Lint Report
-=====================
-
-File: /path/to/project/CLAUDE.md
-Rules checked: 25
-Time: 0.3s
-
-Summary:
-  Errors:   2
-  Warnings: 5
-  Info:     3
-
-Findings:
---------
-
-[ERROR] SEC002: Potential secret detected (line 45)
-  │ api_key = "sk-1234567890abcdef"
-  │          ^^^^^^^^^^^^^^^^^^^^^^
-  └─ Hardcoded API key found. Use environment variable reference instead.
-
-  Suggested fix:
-  - api_key = "sk-1234567890abcdef"
-  + api_key = $OPENAI_API_KEY  # Set in environment
-
-[ERROR] CNT001: Contradictory instructions (lines 23, 67)
-  │ Line 23: "Always run tests before committing"
-  │ Line 67: "Skip tests for documentation-only changes"
-  │
-  └─ These rules conflict. Clarify the exception explicitly.
-
-  Suggested fix:
-  + "Always run tests before committing, except for documentation-only
-  +  changes (files in docs/ directory)"
-
-[WARNING] SEC001: Hardcoded absolute path (line 12)
-  │ Database location: /home/user/data/myapp.db
-  │                    ^^^^^^^^^^^^^^^^^^^^^^^^
-  └─ Absolute paths break portability. Use relative or variable.
-
-  Suggested fix:
-  - Database location: /home/user/data/myapp.db
-  + Database location: ./data/myapp.db  # Or $DATA_DIR/myapp.db
-
-[WARNING] STR002: Invalid header hierarchy (line 34)
-  │ ### Subsection
-  │ (no preceding ## header)
-  │
-  └─ H3 header without parent H2. Add H2 or promote to H2.
-
-[WARNING] CNT004: Duplicate content (lines 45-52, 89-96)
-  │ Same git workflow documented twice
-  │
-  └─ Remove duplicate or consolidate into single section.
-
-[WARNING] STR005: Empty section (line 78)
-  │ ## Troubleshooting
-  │ (no content)
-  │
-  └─ Add content or remove empty section.
-
-[WARNING] BPR002: No Critical Rules section
-  │ Missing "Critical Rules" or "Important Rules" section
-  │
-  └─ Add a section highlighting must-follow rules for Claude.
-
-[INFO] FMT003: Missing code block language (line 56)
-  │ ```
-  │ npm install
-  │ ```
-  │
-  └─ Specify language for syntax highlighting: ```bash
-
-[INFO] CNT003: Overly long section (lines 100-215)
-  │ "Architecture" section is 115 lines
-  │
-  └─ Consider breaking into subsections or condensing.
-
-[INFO] FMT001: Inconsistent header styles
-  │ Line 10: "## Quick Start"
-  │ Line 25: "## Architecture:"
-  │           (colon suffix inconsistent)
-  │
-  └─ Standardize header format throughout document.
-
---
-
-Auto-fixable: 4 issues (run with --fix)
-Manual review required: 6 issues
-
-Run `/config-lint --fix` to apply automatic fixes.
-```
-
-## Options
-
-| Option | Description |
-|--------|-------------|
-| `--fix` | Automatically fix auto-fixable issues |
-| `--rules=LIST` | Check only specified rule categories |
-| `--ignore=LIST` | Skip specified rules (e.g., `--ignore=FMT001,FMT002`) |
-| `--severity=LEVEL` | Show only issues at or above level (error/warning/info) |
-| `--format=FORMAT` | Output format: `text` (default), `json`, `sarif` |
-| `--config=FILE` | Use custom lint configuration |
-| `--strict` | Treat warnings as errors |
-
-## Rule Categories
-
-Use `--rules` to focus on specific areas:
-
-```
-/config-lint --rules=security        # Only security checks
-/config-lint --rules=structure       # Only structure checks
-/config-lint --rules=security,content  # Multiple categories
-```
-
-Available categories:
- `security` - SEC rules
- `structure` - STR rules
- `content` - CNT rules
- `format` - FMT rules
- `bestpractice` - BPR rules
-
-## Custom Configuration
-
-Create `.claude-lint.json` in project root:
-
-```json
-{
-  "rules": {
-    "SEC001": "warning",
-    "FMT001": "off",
-    "CNT003": {
-      "severity": "warning",
-      "maxLines": 150
-    }
-  },
-  "ignore": [
-    "FMT*"
-  ],
-  "requiredSections": [
-    "Quick Start",
-    "Critical Rules",
-    "Project Overview"
-  ]
-}
-```
-
-## Anti-Pattern Examples
-
-### Hardcoded Secrets (SEC002)
-```markdown
-# BAD
-API_KEY=sk-1234567890abcdef
-
-# GOOD
-API_KEY=$OPENAI_API_KEY  # Set via environment
-```
-
-### Hardcoded Paths (SEC001)
-```markdown
-# BAD
-Config file: /home/john/projects/myapp/config.yml
-
-# GOOD
-Config file: ./config.yml
-Config file: $PROJECT_ROOT/config.yml
-```
-
-### Contradictory Rules (CNT001)
-```markdown
-# BAD
- Always use TypeScript
- JavaScript files are acceptable for scripts
-
-# GOOD
- Always use TypeScript for source code
- JavaScript (.js) is acceptable only for config files and scripts
-```
-
-### Vague Instructions (CNT002)
-```markdown
-# BAD
- Be careful with the database
-
-# GOOD
- Never run DELETE without WHERE clause
- Always backup before migrations
-```
-
-### Invalid Hierarchy (STR002)
-```markdown
-# BAD
-# Main Title
-### Skipped Level
-
-# GOOD
-# Main Title
-## Section
-### Subsection
-```
-
-## When to Use
-
-Run `/config-lint` when:
- Before committing CLAUDE.md changes
- During code review for CLAUDE.md modifications
- Setting up CI/CD checks for configuration files
- After major edits to catch introduced issues
- Periodically as maintenance check
-
-## Integration with CI/CD
-
-Add to your CI pipeline:
-
-```yaml
-# GitHub Actions example
- name: Lint CLAUDE.md
-  run: claude /config-lint --strict --format=sarif > lint-results.sarif
-
- name: Upload SARIF
-  uses: github/codeql-action/upload-sarif@v2
-  with:
-    sarif_file: lint-results.sarif
-```
-
-## Tips
-
-1. **Start with errors** - Fix errors before warnings
-2. **Use --fix carefully** - Review auto-fixes before committing
-3. **Configure per-project** - Different projects have different needs
-4. **Integrate in CI** - Catch issues before they reach main
-5. **Review periodically** - Run lint check monthly as maintenance
-
-## Related Commands
-
-| Command | Relationship |
-|---------|--------------|
-| `/config-analyze` | Deeper content analysis (complements lint) |
-| `/config-optimize` | Applies fixes and improvements |
-| `/config-diff` | Shows what changed (run lint before commit) |
--- a/plugins/claude-config-maintainer/commands/init.md
+++ b/plugins/claude-config-maintainer/commands/init.md
@@ -1,258 +0,0 @@
---
-description: Initialize a new CLAUDE.md file for a project
---
-
-# Initialize CLAUDE.md
-
-This command creates a new CLAUDE.md file tailored to your project, gathering context and generating appropriate content.
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  ⚙️ CONFIG-MAINTAINER · CLAUDE.md Initialization                 │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the initialization.
-
-## What This Command Does
-
-1. **Gather Context** - Analyzes project structure and asks clarifying questions
-2. **Detect Stack** - Identifies technologies, frameworks, and tools
-3. **Generate Content** - Creates tailored CLAUDE.md sections
-4. **Review & Refine** - Allows customization before saving
-5. **Save File** - Creates the CLAUDE.md in project root
-
-## Usage
-
-```
-/config-init
-```
-
-Or with options:
-
-```
-/config-init --template=api        # Use API project template
-/config-init --minimal             # Create minimal version
-/config-init --comprehensive       # Create detailed version
-```
-
-## Initialization Workflow
-
-```
-CLAUDE.md Initialization
-========================
-
-Step 1: Project Analysis
------------------------
-Scanning project structure...
-
-Detected:
- Language: Python 3.11
- Framework: FastAPI
- Package Manager: pip (requirements.txt found)
- Testing: pytest
- Docker: Yes (Dockerfile found)
- Git: Yes (.git directory)
-
-Step 2: Clarifying Questions
----------------------------
-
-1. Project Description:
-   What does this project do? (1-2 sentences)
-   > [User provides description]
-
-2. Build/Run Commands:
-   Detected commands - are these correct?
-   - Install: pip install -r requirements.txt
-   - Test: pytest
-   - Run: uvicorn main:app --reload
-   [Y/n/edit]
-
-3. Critical Rules:
-   Any rules Claude MUST follow?
-   Examples: "Never modify migrations", "Always use type hints"
-   > [User provides rules]
-
-4. Sensitive Areas:
-   Any files/directories Claude should be careful with?
-   > [User provides or skips]
-
-Step 3: Generate CLAUDE.md
--------------------------
-
-Generating content based on:
- Project type: FastAPI web API
- Detected technologies
- Your provided context
-
-Preview:
-
---
-# CLAUDE.md
-
-## Project Overview
-[Generated description]
-
-## Quick Start
-
-```bash
-pip install -r requirements.txt  # Install dependencies
-pytest                           # Run tests
-uvicorn main:app --reload        # Start dev server
-```
-
-## Architecture
-[Generated based on structure]
-
-## Critical Rules
-[Your provided rules]
-
-## File Structure
-[Generated from analysis]
---
-
-Save this CLAUDE.md? [Y/n/edit]
-
-Step 4: Complete
----------------
-
-CLAUDE.md created successfully!
-
-Location: /path/to/project/CLAUDE.md
-Lines: 87
-Score: 85/100 (following best practices)
-
-Recommendations:
- Run /config-analyze periodically to maintain quality
- Update when adding major features
- Add troubleshooting section as issues are discovered
-```
-
-## Templates
-
-### Minimal Template
-For small projects or when starting fresh:
- Project Overview (required)
- Quick Start (required)
- Critical Rules (required)
- **Pre-Change Protocol (required)**
-
-### Standard Template (default)
-For typical projects:
- Project Overview
- Quick Start
- Architecture
- Critical Rules
- **Pre-Change Protocol**
- Common Operations
- File Structure
-
-### Comprehensive Template
-For large or complex projects:
- All standard sections plus:
- Detailed Architecture
- **Pre-Change Protocol**
- Troubleshooting
- Integration Points
- Development Workflow
- Deployment Notes
-
-### Pre-Change Protocol Section (MANDATORY in ALL templates)
-
-**This section MUST be included in every generated CLAUDE.md:**
-
-```markdown
-## ⛔ MANDATORY: Before Any Code Change
-
-**Claude MUST show this checklist BEFORE editing any file:**
-
-### 1. Impact Search Results
-Run and show output of:
-\`\`\`bash
-grep -rn "PATTERN" --include="*.sh" --include="*.md" --include="*.json" --include="*.py" | grep -v ".git"
-\`\`\`
-
-### 2. Files That Will Be Affected
-Numbered list of every file to be modified, with the specific change for each.
-
-### 3. Files Searched But Not Changed (and why)
-Proof that related files were checked and determined unchanged.
-
-### 4. Documentation That References This
-List of docs that mention this feature/script/function.
-
-**User verifies this list before Claude proceeds. If Claude skips this, stop immediately.**
-
-### After Changes
-Run the same grep and show results proving no references remain unaddressed.
-```
-
-**Rationale:** This protocol prevents incomplete changes where Claude modifies some files but misses others that reference the same code, causing cascading bugs.
-
-## Auto-Detection
-
-The command automatically detects:
-
-| What | How |
-|------|-----|
-| Language | File extensions, config files |
-| Framework | package.json, requirements.txt, etc. |
-| Build system | Makefile, package.json scripts, etc. |
-| Testing | pytest.ini, jest.config, etc. |
-| Docker | Dockerfile, docker-compose.yml |
-| Database | Connection strings, ORM configs |
-
-## Customization
-
-After generation, you can:
- Edit any section before saving
- Add additional sections
- Remove unnecessary sections
- Adjust detail level
- Add project-specific content
-
-## When to Use
-
-Run `/config-init` when:
- Starting a new project
- Project lacks CLAUDE.md
- Existing CLAUDE.md is outdated/poor quality
- Taking over an unfamiliar project
-
-## Tips
-
-1. **Provide accurate description** - This shapes the whole file
-2. **Include critical rules** - What must Claude never do?
-3. **Review generated content** - Auto-detection isn't perfect
-4. **Start minimal, grow as needed** - Add sections when required
-5. **Keep it current** - Update when project changes significantly
-
-## Examples
-
-### For a CLI Tool
-```
-/config-init
-
-> Description: CLI tool for managing cloud infrastructure
-> Critical rules: Never delete resources without confirmation, always show dry-run first
-```
-
-### For a Web App
-```
-/config-init
-
-> Description: E-commerce platform with React frontend and Node.js backend
-> Critical rules: Never expose API keys, always validate user input, follow the existing component patterns
-```
-
-### For a Library
-```
-/config-init --template=minimal
-
-> Description: Python library for parsing log files
-> Critical rules: Maintain backward compatibility, all public functions need docstrings
-```
--- a/plugins/claude-config-maintainer/commands/optimize.md
+++ b/plugins/claude-config-maintainer/commands/optimize.md
@@ -1,234 +0,0 @@
---
-description: Optimize CLAUDE.md structure and content
---
-
-# Optimize CLAUDE.md
-
-This command automatically optimizes your project's CLAUDE.md file based on best practices and identified issues.
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  ⚙️ CONFIG-MAINTAINER · CLAUDE.md Optimization                   │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the optimization.
-
-## What This Command Does
-
-1. **Analyze Current File** - Identifies all optimization opportunities
-2. **Plan Changes** - Determines what to restructure, condense, or add
-3. **Show Preview** - Displays before/after comparison
-4. **Apply Changes** - Updates the file with your approval
-5. **Verify Results** - Confirms improvements achieved
-
-## Usage
-
-```
-/config-optimize
-```
-
-Or specify specific optimizations:
-
-```
-/config-optimize --condense        # Focus on reducing verbosity
-/config-optimize --restructure     # Focus on reorganization
-/config-optimize --add-missing     # Focus on adding missing sections
-```
-
-## Optimization Actions
-
-### Restructure
- Reorder sections by importance
- Group related content together
- Improve header hierarchy
- Add navigation aids
-
-### Condense
- Remove redundant explanations
- Convert verbose text to bullet points
- Eliminate duplicate content
- Shorten overly detailed sections
-
-### Enhance
- Add missing essential sections
- **Add Pre-Change Protocol if missing (HIGH PRIORITY)**
- Improve unclear instructions
- Add helpful examples
- Highlight critical rules
-
-### Format
- Standardize header styles
- Fix code block formatting
- Align list formatting
- Improve table layouts
-
-## Expected Output
-
-```
-CLAUDE.md Optimization
-======================
-
-Current Analysis:
- Score: 72/100
- Lines: 245
- Issues: 4
-
-Planned Optimizations:
-
-1. ADD: Quick Start section (new, ~15 lines)
-   + Build command
-   + Test command
-   + Run command
-
-2. CONDENSE: Testing section (34 → 8 lines)
-   Before: Verbose explanation with redundant setup info
-   After: Concise command reference with comments
-
-3. REMOVE: Duplicate git workflow (lines 189-200)
-   Keeping: Original at lines 102-115
-
-4. FORMAT: Standardize headers
-   Changing 12 headers from "## Title:" to "## Title"
-
-Preview Changes? [Y/n] y
-
--- CLAUDE.md (before)
-+++ CLAUDE.md (after)
-
-@@ -1,5 +1,20 @@
- # CLAUDE.md
-
-+## Quick Start
-+
-+```bash
-+# Install dependencies
-+pip install -r requirements.txt
-+
-+# Run tests
-+pytest
-+
-+# Start development server
-+python manage.py runserver
-+```
-+
- ## Project Overview
- ...
-
-[Full diff shown]
-
-Apply these changes? [Y/n] y
-
-Optimization Complete!
- Previous score: 72/100
- New score: 89/100
- Lines reduced: 245 → 198 (-19%)
- Issues resolved: 4/4
-
-Backup saved to: .claude/backups/CLAUDE.md.2025-01-18
-```
-
-## Safety Features
-
-### Backup Creation
- Automatic backup before changes
- Stored in `.claude/backups/`
- Easy restoration if needed
-
-### Preview Mode
- All changes shown before applying
- Diff format for easy review
- Option to approve/reject
-
-### Selective Application
- Can apply individual changes
- Skip specific optimizations
- Iterative refinement
-
-## Options
-
-| Option | Description |
-|--------|-------------|
-| `--dry-run` | Show changes without applying |
-| `--no-backup` | Skip backup creation |
-| `--aggressive` | Maximum condensation |
-| `--preserve-comments` | Keep all existing comments |
-| `--section=NAME` | Optimize specific section only |
-
-## Pre-Change Protocol (Mandatory Addition)
-
-**If CLAUDE.md is missing the Pre-Change Protocol section, optimization MUST add it.**
-
-This is the highest priority enhancement because it prevents cascading bugs from incomplete code changes.
-
-### Detection
-
-Search CLAUDE.md for:
- "Pre-Change" or "Before Any Code Change" in headers
- References to impact search or grep verification
- User verification checkpoint
-
-### If Missing
-
-Add this section (position: after Critical Rules, before Common Operations):
-
-```markdown
-## ⛔ MANDATORY: Before Any Code Change
-
-**Claude MUST show this checklist BEFORE editing any file:**
-
-### 1. Impact Search Results
-Run and show output of:
-\`\`\`bash
-grep -rn "PATTERN" --include="*.sh" --include="*.md" --include="*.json" --include="*.py" | grep -v ".git"
-\`\`\`
-
-### 2. Files That Will Be Affected
-Numbered list of every file to be modified, with the specific change for each.
-
-### 3. Files Searched But Not Changed (and why)
-Proof that related files were checked and determined unchanged.
-
-### 4. Documentation That References This
-List of docs that mention this feature/script/function.
-
-**User verifies this list before Claude proceeds. If Claude skips this, stop immediately.**
-
-### After Changes
-Run the same grep and show results proving no references remain unaddressed.
-```
-
-## When to Use
-
-Run `/config-optimize` when:
- Analysis shows score below 70
- File has grown too long
- Structure needs reorganization
- Missing critical sections
- After major refactoring
-
-## Best Practices
-
-1. **Run analysis first** - Understand current state
-2. **Review preview carefully** - Ensure nothing important lost
-3. **Test after changes** - Verify Claude follows instructions
-4. **Keep backups** - Restore if issues arise
-5. **Iterate** - Multiple small optimizations beat one large one
-
-## Rollback
-
-If optimization causes issues:
-
-```bash
-# Restore from backup
-cp .claude/backups/CLAUDE.md.TIMESTAMP ./CLAUDE.md
-```
-
-Or ask:
-```
-Restore CLAUDE.md from the most recent backup
-```
--- a/plugins/claude-config-maintainer/hooks/enforce-rules.sh
+++ b/plugins/claude-config-maintainer/hooks/enforce-rules.sh
@@ -1,68 +0,0 @@
-#!/bin/bash
-# claude-config-maintainer: enforce mandatory behavior rules
-# Checks if CLAUDE.md has the rules, adds them if missing
-
-PREFIX="[claude-config-maintainer]"
-
-# Find CLAUDE.md in current directory or parent
-CLAUDE_MD=""
-if [ -f "./CLAUDE.md" ]; then
-    CLAUDE_MD="./CLAUDE.md"
-elif [ -f "../CLAUDE.md" ]; then
-    CLAUDE_MD="../CLAUDE.md"
-fi
-
-# If no CLAUDE.md found, exit silently
-if [ -z "$CLAUDE_MD" ]; then
-    exit 0
-fi
-
-# Check if mandatory rules exist
-if grep -q "MANDATORY BEHAVIOR RULES" "$CLAUDE_MD" 2>/dev/null; then
-    # Rules exist, all good
-    exit 0
-fi
-
-# Rules missing - add them
-RULES='## ⛔ MANDATORY BEHAVIOR RULES - READ FIRST
-
-**These rules are NON-NEGOTIABLE. Violating them wastes the user'\''s time and money.**
-
-### 1. WHEN USER ASKS YOU TO CHECK SOMETHING - CHECK EVERYTHING
- Search ALL locations, not just where you think it is
- Check cache directories: `~/.claude/plugins/cache/`
- Check installed: `~/.claude/plugins/marketplaces/`
- Check source directories
- **NEVER say "no" or "that'\''s not the issue" without exhaustive verification**
-
-### 2. WHEN USER SAYS SOMETHING IS WRONG - BELIEVE THEM
- The user knows their system better than you
- Investigate thoroughly before disagreeing
- **Your confidence is often wrong. User'\''s instincts are often right.**
-
-### 3. NEVER SAY "DONE" WITHOUT VERIFICATION
- Run the actual command/script to verify
- Show the output to the user
- **"Done" means VERIFIED WORKING, not "I made changes"**
-
-### 4. SHOW EXACTLY WHAT USER ASKS FOR
- If user asks for messages, show the MESSAGES
- If user asks for code, show the CODE
- **Do not interpret or summarize unless asked**
-
-**FAILURE TO FOLLOW THESE RULES = WASTED USER TIME = UNACCEPTABLE**
-
---
-
-'
-
-# Create temp file with rules + existing content
-{
-    head -1 "$CLAUDE_MD"
-    echo ""
-    echo "$RULES"
-    tail -n +2 "$CLAUDE_MD"
-} > "${CLAUDE_MD}.tmp"
-
-mv "${CLAUDE_MD}.tmp" "$CLAUDE_MD"
-echo "$PREFIX Added mandatory behavior rules to CLAUDE.md"
--- a/plugins/claude-config-maintainer/hooks/hooks.json
+++ b/plugins/claude-config-maintainer/hooks/hooks.json
@@ -1,10 +0,0 @@
-{
-  "hooks": {
-    "SessionStart": [
-      {
-        "type": "command",
-        "command": "${CLAUDE_PLUGIN_ROOT}/hooks/enforce-rules.sh"
-      }
-    ]
-  }
-}
--- a/plugins/claude-config-maintainer/skills/analysis-workflow.md
+++ b/plugins/claude-config-maintainer/skills/analysis-workflow.md
@@ -0,0 +1,112 @@
+# CLAUDE.md Analysis Workflow
+
+This skill defines the workflow for analyzing CLAUDE.md files.
+
+## Analysis Steps
+
+1. **Locate File** - Find CLAUDE.md in project root
+2. **Parse Structure** - Extract headers and sections
+3. **Evaluate Content** - Score against criteria
+4. **Detect Plugins** - Identify active marketplace plugins
+5. **Check Integration** - Verify plugin references
+6. **Generate Report** - Provide scored assessment
+
+## Content Analysis
+
+### What to Check
+
+| Area | Check For |
+|------|-----------|
+| Structure | Header hierarchy, section ordering, grouping |
+| Clarity | Clear instructions, examples, unambiguous language |
+| Completeness | Required sections present, workflows documented |
+| Conciseness | No redundancy, efficient density, appropriate length |
+
+### Required Sections Check
+
+1. Project Overview - present?
+2. Quick Start - present with commands?
+3. Critical Rules - present?
+4. **Pre-Change Protocol** - present? (HIGH PRIORITY if missing)
+
+## Plugin Integration Analysis
+
+### Detection Method
+
+1. Read `.claude/settings.local.json` for enabled MCP servers
+2. Map MCP servers to plugins:
+   - `gitea` -> projman
+   - `netbox` -> cmdb-assistant
+3. Check for hook-based plugins (project-hygiene)
+4. Scan CLAUDE.md for plugin references
+
+### Coverage Scoring
+
+For each detected plugin, verify CLAUDE.md contains:
+- Plugin section header or mention
+- Available commands documentation
+- MCP tools reference (if applicable)
+- Usage guidelines
+
+Coverage = (plugins referenced / plugins detected) * 100%
+
+## Report Format
+
+```
+CLAUDE.md Analysis Report
+=========================
+
+File: /path/to/project/CLAUDE.md
+Lines: N
+Last Modified: YYYY-MM-DD
+
+Overall Score: NN/100
+
+Category Scores:
+- Structure:    NN/25 (Rating)
+- Clarity:      NN/25 (Rating)
+- Completeness: NN/25 (Rating)
+- Conciseness:  NN/25 (Rating)
+
+Strengths:
+ [Positive finding]
+
+Issues Found:
+
+N. [SEVERITY] Issue description (location)
+   Context explaining the problem.
+   Impact: What happens if not fixed.
+
+Recommendations:
+N. Action to take (priority: high/medium/low)
+
+---
+
+Plugin Integration Analysis
+===========================
+
+Detected Active Plugins:
+  [check] plugin-name (via detection method)
+
+Plugin Coverage: NN% (N/N plugins referenced)
+
+Missing Integration Content:
+N. plugin-name
+   What to add.
+```
+
+## Issue Severity
+
+| Level | When to Use |
+|-------|-------------|
+| HIGH | Missing mandatory sections, security issues |
+| MEDIUM | Missing recommended content, duplicate content |
+| LOW | Formatting issues, minor improvements |
+
+## Follow-Up Actions
+
+After analysis, offer:
+1. Implement all content recommendations
+2. Add missing plugin integrations
+3. Do both (recommended)
+4. Show preview of changes first
--- a/plugins/claude-config-maintainer/skills/claude-md-structure.md
+++ b/plugins/claude-config-maintainer/skills/claude-md-structure.md
@@ -0,0 +1,113 @@
+# CLAUDE.md Structure Reference
+
+This skill defines the standard structure, required sections, and templates for CLAUDE.md files.
+
+## Required Sections
+
+Every CLAUDE.md MUST have these sections:
+
+| Section | Purpose | Priority |
+|---------|---------|----------|
+| Project Overview | What the project does | Required |
+| Quick Start | Build/test/run commands | Required |
+| Critical Rules | Must-follow constraints | Required |
+| Pre-Change Protocol | Dependency check before edits | **MANDATORY** |
+
+## Recommended Sections
+
+| Section | When to Include |
+|---------|-----------------|
+| Architecture | Complex projects with multiple components |
+| Common Operations | Projects with repetitive tasks |
+| File Structure | Large codebases |
+| Troubleshooting | Projects with known gotchas |
+| Integration Points | Projects with external dependencies |
+
+## Header Hierarchy
+
+```
+# CLAUDE.md (H1 - only one)
+## Section (H2 - main sections)
+### Subsection (H3 - within sections)
+#### Detail (H4 - rarely needed)
+```
+
+**Rules:**
+- Never skip levels (no H3 before H2)
+- Maximum depth: 4 levels
+- No orphaned content before first header
+
+## Templates
+
+### Minimal Template
+For small projects:
+```markdown
+# CLAUDE.md
+
+## Project Overview
+[Description]
+
+## Quick Start
+[Commands]
+
+## Critical Rules
+[Constraints]
+
+## Pre-Change Protocol
+[Mandatory section - see pre-change-protocol.md]
+```
+
+### Standard Template (Default)
+```markdown
+# CLAUDE.md
+
+## Project Overview
+## Quick Start
+## Architecture
+## Critical Rules
+## Pre-Change Protocol
+## Common Operations
+## File Structure
+```
+
+### Comprehensive Template
+For large projects - adds:
+- Detailed Architecture
+- Troubleshooting
+- Integration Points
+- Development Workflow
+- Deployment Notes
+
+## Auto-Detection Signals
+
+| Technology | Detection Method |
+|------------|------------------|
+| Language | File extensions, config files |
+| Framework | package.json, requirements.txt, Cargo.toml |
+| Build system | Makefile, scripts in package.json |
+| Testing | pytest.ini, jest.config.js, go.mod |
+| Docker | Dockerfile, docker-compose.yml |
+| Database | ORM configs, connection strings |
+
+## Section Content Guidelines
+
+### Project Overview
+- 1-3 sentences describing purpose
+- Target audience if relevant
+- Key technologies used
+
+### Quick Start
+- Install command
+- Test command
+- Run command
+- Each with brief inline comment
+
+### Critical Rules
+- Numbered or bulleted list
+- Specific, actionable constraints
+- Include rationale for non-obvious rules
+
+### Architecture
+- High-level component diagram (ASCII or description)
+- Data flow explanation
+- Key file/directory purposes
--- a/plugins/claude-config-maintainer/skills/diff-analysis.md
+++ b/plugins/claude-config-maintainer/skills/diff-analysis.md
@@ -0,0 +1,97 @@
+# CLAUDE.md Diff Analysis
+
+This skill defines how to analyze and present CLAUDE.md differences.
+
+## Comparison Modes
+
+| Mode | Command | Description |
+|------|---------|-------------|
+| Working vs HEAD | `/claude-config diff` | Uncommitted changes |
+| Working vs Commit | `--commit=REF` | Changes since specific point |
+| Commit to Commit | `--from=X --to=Y` | Historical comparison |
+| Branch Comparison | `--branch=NAME` | Cross-branch differences |
+
+## Change Indicators
+
+| Symbol | Meaning |
+|--------|---------|
+| `+` | Line added |
+| `-` | Line removed |
+| `@@` | Location marker (line numbers) |
+| `[MODIFIED]` | Section has changes |
+| `[ADDED]` | New section created |
+| `[REMOVED]` | Section deleted |
+| `[UNCHANGED]` | No changes to section |
+
+## Impact Categories
+
+| Category | Meaning |
+|----------|---------|
+| NEW REQUIREMENT | Claude will need to do something new |
+| REMOVED REQUIREMENT | Claude no longer needs to do something |
+| MODIFIED | Existing behavior changed |
+| NEW RULE | New constraint added |
+| RELAXED RULE | Constraint removed or softened |
+
+## Report Format
+
+```
+CLAUDE.md Diff Report
+=====================
+
+File: /path/to/project/CLAUDE.md
+Comparing: [mode description]
+Commit: [ref] "[message]" (time ago)
+
+Summary:
+- Lines added: N
+- Lines removed: N
+- Net change: +/-N lines
+- Sections affected: N
+
+Section Changes:
+----------------
+
+## Section Name [STATUS]
+  +/- Change description
+
+Detailed Diff:
+--------------
+
+--- CLAUDE.md (before)
+++ CLAUDE.md (after)
+
+@@ -N,M +N,M @@
+ context
+-removed
+added
+ context
+
+Behavioral Impact:
+------------------
+
+These changes will affect Claude's behavior:
+
+N. [CATEGORY] Description of impact
+```
+
+## Section-Focused View
+
+When using `--section=NAME`:
+- Filter diff to only that section
+- Show section-specific statistics
+- Highlight behavioral impact for that area
+
+## Troubleshooting
+
+### No changes detected
+- File matches comparison target
+- Verify comparing correct commits
+
+### File not found in commit
+- CLAUDE.md didn't exist at that point
+- Use `git log -- CLAUDE.md` to find creation
+
+### Not a git repository
+- Command requires git history
+- Initialize git or use file backup comparison
--- a/plugins/claude-config-maintainer/skills/lint-rules.md
+++ b/plugins/claude-config-maintainer/skills/lint-rules.md
@@ -0,0 +1,136 @@
+# CLAUDE.md Lint Rules
+
+This skill defines all linting rules for validating CLAUDE.md files.
+
+## Rule Categories
+
+### Security Rules (SEC)
+
+| Rule | Description | Severity | Auto-fix |
+|------|-------------|----------|----------|
+| SEC001 | Hardcoded absolute paths | Warning | Yes |
+| SEC002 | Potential secrets/API keys | Error | No |
+| SEC003 | Hardcoded IP addresses | Warning | No |
+| SEC004 | Exposed credentials patterns | Error | No |
+| SEC005 | Hardcoded URLs with tokens | Error | No |
+| SEC006 | Environment variable values (not names) | Warning | No |
+
+### Structure Rules (STR)
+
+| Rule | Description | Severity | Auto-fix |
+|------|-------------|----------|----------|
+| STR001 | Missing required sections | Error | Yes |
+| STR002 | Invalid header hierarchy (h3 before h2) | Warning | Yes |
+| STR003 | Orphaned content before first header | Info | No |
+| STR004 | Excessive nesting depth (>4 levels) | Warning | No |
+| STR005 | Empty sections | Warning | Yes |
+| STR006 | Missing section content | Warning | No |
+
+### Content Rules (CNT)
+
+| Rule | Description | Severity | Auto-fix |
+|------|-------------|----------|----------|
+| CNT001 | Contradictory instructions | Error | No |
+| CNT002 | Vague or ambiguous rules | Warning | No |
+| CNT003 | Overly long sections (>100 lines) | Info | No |
+| CNT004 | Duplicate content | Warning | No |
+| CNT005 | TODO/FIXME in production config | Warning | No |
+| CNT006 | Outdated version references | Info | No |
+| CNT007 | Broken internal links | Warning | No |
+
+### Format Rules (FMT)
+
+| Rule | Description | Severity | Auto-fix |
+|------|-------------|----------|----------|
+| FMT001 | Inconsistent header styles | Info | Yes |
+| FMT002 | Inconsistent list markers | Info | Yes |
+| FMT003 | Missing code block language | Info | Yes |
+| FMT004 | Trailing whitespace | Info | Yes |
+| FMT005 | Missing blank lines around headers | Info | Yes |
+| FMT006 | Inconsistent indentation | Info | Yes |
+
+### Best Practice Rules (BPR)
+
+| Rule | Description | Severity | Auto-fix |
+|------|-------------|----------|----------|
+| BPR001 | No Quick Start section | Warning | No |
+| BPR002 | No Critical Rules section | Warning | No |
+| BPR003 | Instructions without examples | Info | No |
+| BPR004 | Commands without explanation | Info | No |
+| BPR005 | Rules without rationale | Info | No |
+| BPR006 | Missing plugin integration docs | Info | No |
+
+## Anti-Pattern Examples
+
+### SEC002: Hardcoded Secrets
+```markdown
+# BAD
+API_KEY=sk-1234567890abcdef
+
+# GOOD
+API_KEY=$OPENAI_API_KEY  # Set via environment
+```
+
+### SEC001: Hardcoded Paths
+```markdown
+# BAD
+Config file: /home/john/projects/myapp/config.yml
+
+# GOOD
+Config file: ./config.yml
+Config file: $PROJECT_ROOT/config.yml
+```
+
+### CNT001: Contradictory Rules
+```markdown
+# BAD
+- Always use TypeScript
+- JavaScript files are acceptable for scripts
+
+# GOOD
+- Always use TypeScript for source code
+- JavaScript (.js) is acceptable only for config files and scripts
+```
+
+### CNT002: Vague Instructions
+```markdown
+# BAD
+- Be careful with the database
+
+# GOOD
+- Never run DELETE without WHERE clause
+- Always backup before migrations
+```
+
+### STR002: Invalid Hierarchy
+```markdown
+# BAD
+# Main Title
+### Skipped Level
+
+# GOOD
+# Main Title
+## Section
+### Subsection
+```
+
+## Output Format
+
+```
+[SEVERITY] RULE_ID: Description (line N)
+  | Context line showing issue
+  |          ^^^^^^ indicator
+  +-- Explanation of problem
+
+  Suggested fix:
+  - old line
+  + new line
+```
+
+## Severity Levels
+
+| Level | Meaning | Action |
+|-------|---------|--------|
+| Error | Must fix | Blocks commit |
+| Warning | Should fix | Review recommended |
+| Info | Consider fixing | Optional improvement |
--- a/plugins/claude-config-maintainer/skills/optimization-patterns.md
+++ b/plugins/claude-config-maintainer/skills/optimization-patterns.md
@@ -0,0 +1,136 @@
+# CLAUDE.md Optimization Patterns
+
+This skill defines patterns for optimizing CLAUDE.md files.
+
+## Optimization Categories
+
+### Restructure
+- Reorder sections by importance (Quick Start near top)
+- Group related content together
+- Improve header hierarchy
+- Add navigation aids (TOC for long files)
+
+### Condense
+- Remove redundant explanations
+- Convert verbose text to bullet points
+- Eliminate duplicate content
+- Shorten overly detailed sections
+
+### Enhance
+- Add missing essential sections
+- **Add Pre-Change Protocol if missing (HIGH PRIORITY)**
+- Improve unclear instructions
+- Add helpful examples
+- Highlight critical rules
+
+### Format
+- Standardize header styles (no trailing colons)
+- Fix code block formatting (add language tags)
+- Align list formatting (consistent markers)
+- Improve table layouts
+
+## Scoring Criteria
+
+### Structure (25 points)
+- Logical section ordering
+- Clear header hierarchy
+- Easy navigation
+- Appropriate grouping
+
+### Clarity (25 points)
+- Clear instructions
+- Good examples
+- Unambiguous language
+- Appropriate detail level
+
+### Completeness (25 points)
+- Project overview present
+- Quick start commands documented
+- Critical rules highlighted
+- Key workflows covered
+- Pre-Change Protocol present (MANDATORY)
+
+### Conciseness (25 points)
+- No unnecessary repetition
+- Efficient information density
+- Appropriate length for project size
+- No generic filler content
+
+## Score Interpretation
+
+| Score | Rating | Action |
+|-------|--------|--------|
+| 90-100 | Excellent | Maintenance only |
+| 70-89 | Good | Minor improvements |
+| 50-69 | Needs Work | Optimization recommended |
+| Below 50 | Poor | Major restructuring needed |
+
+## Common Optimizations
+
+### Verbose to Concise
+```markdown
+# Before (34 lines)
+## Running Tests
+To run the tests, you first need to make sure you have all the
+dependencies installed. The dependencies are listed in requirements.txt.
+Once you have installed the dependencies, you can run the tests using
+pytest. Pytest will automatically discover all test files...
+
+# After (8 lines)
+## Running Tests
+```bash
+pip install -r requirements.txt  # Install dependencies
+pytest                           # Run all tests
+pytest -v                        # Verbose output
+pytest tests/unit/               # Run specific directory
+```
+```
+
+### Duplicate Removal
+- Keep first occurrence
+- Add cross-reference if needed: "See [Section Name] above"
+
+### Header Standardization
+```markdown
+# Before
+## Quick Start:
+## Architecture
+## Testing:
+
+# After
+## Quick Start
+## Architecture
+## Testing
+```
+
+### Code Block Enhancement
+```markdown
+# Before
+```
+npm install
+npm test
+```
+
+# After
+```bash
+npm install  # Install dependencies
+npm test     # Run test suite
+```
+```
+
+## Safety Features
+
+### Backup Creation
+- Always backup before changes
+- Store in `.claude/backups/CLAUDE.md.TIMESTAMP`
+- Easy restoration if needed
+
+### Preview Mode
+- Show all changes before applying
+- Use diff format for easy review
+- Allow approve/reject per change
+
+### Selective Application
+- Can apply individual changes
+- Skip specific optimizations
+- Iterative refinement supported
--- a/plugins/claude-config-maintainer/skills/pre-change-protocol.md
+++ b/plugins/claude-config-maintainer/skills/pre-change-protocol.md
@@ -0,0 +1,83 @@
+# Pre-Change Protocol
+
+This skill defines the mandatory Pre-Change Protocol section that MUST be included in every CLAUDE.md file.
+
+## Why This Is Mandatory
+
+The Pre-Change Protocol prevents the #1 cause of bugs from AI-assisted coding: **incomplete changes where Claude modifies some files but misses others that reference the same code**.
+
+Without this protocol:
+- Claude may rename a function but miss callers
+- Claude may modify a config but miss documentation
+- Claude may update a schema but miss dependent code
+
+## Detection
+
+Search CLAUDE.md for these indicators:
+- Header containing "Pre-Change" or "Before Any Code Change"
+- References to `grep -rn` or impact search
+- Checklist with "Files That Will Be Affected"
+- User verification checkpoint
+
+## Required Section Content
+
+```markdown
+## MANDATORY: Before Any Code Change
+
+**Claude MUST show this checklist BEFORE editing any file:**
+
+### 1. Impact Search Results
+Run and show output of:
+```bash
+grep -rn "PATTERN" --include="*.sh" --include="*.md" --include="*.json" --include="*.py" | grep -v ".git"
+```
+
+### 2. Files That Will Be Affected
+Numbered list of every file to be modified, with the specific change for each.
+
+### 3. Files Searched But Not Changed (and why)
+Proof that related files were checked and determined unchanged.
+
+### 4. Documentation That References This
+List of docs that mention this feature/script/function.
+
+**User verifies this list before Claude proceeds. If Claude skips this, stop immediately.**
+
+### After Changes
+Run the same grep and show results proving no references remain unaddressed.
+```
+
+## Placement
+
+Insert Pre-Change Protocol section:
+- **After:** Critical Rules section
+- **Before:** Common Operations section
+
+## If Missing During Analysis
+
+Flag as **HIGH PRIORITY** issue:
+
+```
+1. [HIGH] Missing Pre-Change Protocol section
+   CLAUDE.md lacks mandatory dependency-check protocol.
+   Impact: Claude may miss file references when making changes,
+   leading to broken dependencies and incomplete updates.
+
+   Recommendation: Add Pre-Change Protocol section immediately.
+   This is the #1 cause of cascading bugs from incomplete changes.
+```
+
+## If Missing During Optimization
+
+**Automatically add the section** at the correct position. This is the highest priority enhancement.
+
+## Variations
+
+The exact wording can vary, but these elements are required:
+
+1. **Search requirement** - Must run grep/search before changes
+2. **Affected files list** - Must enumerate all files to modify
+3. **Non-affected files proof** - Must show what was checked but unchanged
+4. **Documentation check** - Must list referencing docs
+5. **User checkpoint** - Must pause for user verification
+6. **Post-change verification** - Must verify after changes
--- a/plugins/claude-config-maintainer/skills/settings-optimization.md
+++ b/plugins/claude-config-maintainer/skills/settings-optimization.md
@@ -0,0 +1,377 @@
+# Settings Optimization Skill
+
+This skill provides comprehensive knowledge for auditing and optimizing Claude Code `settings.local.json` permission configurations.
+
+---
+
+## Section 1: Settings File Locations & Format
+
+Claude Code uses two configuration formats for permissions:
+
+### Newer Format (Recommended)
+
+**Primary target:** `.claude/settings.local.json` (project-local, gitignored)
+
+**Secondary locations:**
+- `.claude/settings.json` (shared, committed)
+- `~/.claude.json` (legacy global config)
+
+```json
+{
+  "permissions": {
+    "allow": ["Edit", "Write(plugins/**)", "Bash(git *)"],
+    "deny": ["Read(.env*)", "Bash(rm *)"],
+    "ask": ["Bash(pip install *)"]
+  }
+}
+```
+
+**Field meanings:**
+- `allow`: Operations auto-approved without prompting
+- `deny`: Operations blocked entirely
+- `ask`: Operations that always prompt (overrides allow)
+
+### Legacy Format
+
+Found in `~/.claude.json` with per-project entries:
+
+```json
+{
+  "projects": {
+    "/path/to/project": {
+      "allowedTools": ["Read", "Write", "Bash(git *)"]
+    }
+  }
+}
+```
+
+**Detection strategy:**
+1. Check `.claude/settings.local.json` first (primary)
+2. Check `.claude/settings.json` (shared)
+3. Check `~/.claude.json` for project entry (legacy)
+4. Report which format is in use
+
+---
+
+## Section 2: Permission Rule Syntax Reference
+
+| Pattern | Meaning |
+|---------|---------|
+| `Tool` or `Tool(*)` | Allow all uses of that tool |
+| `Bash(npm run build)` | Exact command match |
+| `Bash(npm run test *)` | Prefix match (space+asterisk = word boundary) |
+| `Bash(npm*)` | Prefix match without word boundary |
+| `Write(plugins/**)` | Glob — all files recursively under `plugins/` |
+| `Write(plugins/projman/*)` | Glob — direct children only |
+| `Read(.env*)` | Pattern matching `.env`, `.env.local`, etc. |
+| `mcp__gitea__*` | All tools from the gitea MCP server |
+| `mcp__netbox__list_*` | Specific MCP tool pattern |
+| `WebFetch(domain:github.com)` | Domain-restricted web fetch |
+
+### Important Nuances
+
+**Word boundary matching:**
+- `Bash(ls *)` (with space) matches `ls -la` but NOT `lsof`
+- `Bash(ls*)` (no space) matches both `ls -la` AND `lsof`
+
+**Precedence rules:**
+- `deny` rules take precedence over `allow` rules
+- `ask` rules override both (always prompts even if allowed)
+- More specific patterns do NOT override broader patterns
+
+**Command operators:**
+- Piped commands (`cmd1 | cmd2`) may not match individual command rules (known Claude Code limitation)
+- Shell operators (`&&`, `||`) — Claude Code is aware of these and won't let prefix rules bypass them
+- Commands with redirects (`>`, `>>`, `<`) are evaluated as complete strings
+
+---
+
+## Section 3: Pattern Consolidation Rules
+
+The audit detects these optimization opportunities:
+
+| Issue | Example | Recommendation |
+|-------|---------|----------------|
+| **Exact duplicates** | `Write(plugins/**)` listed twice | Remove duplicate |
+| **Subset redundancy** | `Write(plugins/projman/*)` when `Write(plugins/**)` exists | Remove the narrower pattern — already covered |
+| **Merge candidates** | `Write(plugins/projman/*)`, `Write(plugins/git-flow/*)`, `Write(plugins/pr-review/*)` ... (4+ similar patterns) | Merge to `Write(plugins/**)` |
+| **Overly broad** | `Bash` (no specifier = allows ALL bash) | Flag as security concern, suggest scoped patterns |
+| **Stale patterns** | `Write(plugins/old-plugin/**)` for a plugin that no longer exists | Remove stale entry |
+| **Missing MCP permissions** | MCP servers in `.mcp.json` but no `mcp__servername__*` in allow | Suggest adding if server is trusted |
+| **Conflicting rules** | Same pattern in both `allow` and `deny` | Flag conflict — deny wins, but allow is dead weight |
+
+### Consolidation Algorithm
+
+1. **Deduplicate:** Remove exact duplicates from each array
+2. **Subset elimination:** For each pattern, check if a broader pattern exists
+   - `Write(plugins/projman/*)` is subset of `Write(plugins/**)`
+   - `Bash(git status)` is subset of `Bash(git *)`
+3. **Merge detection:** If 4+ patterns share a common prefix, suggest merge
+   - Threshold: 4 patterns minimum before suggesting consolidation
+4. **Stale detection:** Cross-reference file patterns against actual filesystem
+5. **Conflict detection:** Check for patterns appearing in multiple arrays
+
+---
+
+## Section 4: Review-Layer-Aware Recommendations
+
+This is the key section. Map upstream review processes to directory scopes:
+
+| Directory Scope | Active Review Layers | Auto-Allow Recommendation |
+|----------------|---------------------|---------------------------|
+| `plugins/*/commands/*.md` | Sprint approval, PR review | `Write(plugins/*/commands/**)` — 2 layers cover this |
+| `plugins/*/skills/*.md` | Sprint approval, PR review | `Write(plugins/*/skills/**)` — 2 layers |
+| `plugins/*/agents/*.md` | Sprint approval, PR review | `Write(plugins/*/agents/**)` — 2 layers |
+| `mcp-servers/*/mcp_server/*.py` | Code-sentinel PreToolUse, sprint approval, PR review | `Write(mcp-servers/**)` + `Edit(mcp-servers/**)` — sentinel catches secrets |
+| `docs/*.md` | PR review | `Write(docs/**)` + `Edit(docs/**)` — with caution flag |
+| `.claude-plugin/*.json` | validate-marketplace.sh, PR review | `Write(.claude-plugin/**)` |
+| `scripts/*.sh` | Code-sentinel, PR review | `Write(scripts/**)` — with caution flag |
+| `CLAUDE.md`, `CHANGELOG.md`, `README.md` | PR review | `Write(CLAUDE.md)`, `Write(CHANGELOG.md)`, `Write(README.md)` |
+
+### Critical Rule: Hook Verification
+
+**Before recommending auto-allow for a scope, the agent MUST verify the hook is actually configured.**
+
+Read the relevant `plugins/*/hooks/hooks.json` file:
+- If code-sentinel's hook is missing or disabled, do NOT recommend auto-allowing `mcp-servers/**` writes
+- If git-flow's hook is missing, do NOT recommend auto-allowing `Bash(git *)` operations
+- If cmdb-assistant's hook is missing, do NOT recommend auto-allowing MCP netbox create/update operations
+- Count the number of verified review layers before making recommendations
+
+**Minimum threshold:** Only recommend auto-allow for scopes with ≥2 verified review layers.
+
+---
+
+## Section 5: Permission Profiles
+
+Three named profiles for different project contexts:
+
+### `conservative` (Default for New Users)
+
+Minimal permissions, prompts for most write operations:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Glob",
+      "Grep",
+      "LS",
+      "Write(docs/**)",
+      "Edit(docs/**)",
+      "Bash(git status *)",
+      "Bash(git diff *)",
+      "Bash(git log *)",
+      "Bash(cat *)",
+      "Bash(ls *)",
+      "Bash(head *)",
+      "Bash(tail *)",
+      "Bash(wc *)",
+      "Bash(grep *)"
+    ],
+    "deny": [
+      "Read(.env*)",
+      "Read(./secrets/**)",
+      "Bash(rm -rf *)",
+      "Bash(sudo *)"
+    ]
+  }
+}
+```
+
+### `reviewed` (Projects with ≥2 Upstream Review Layers)
+
+This is the target profile for projects using the marketplace's multi-layer review architecture:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Glob",
+      "Grep",
+      "LS",
+      "Edit",
+      "Write",
+      "MultiEdit",
+      "Bash(git *)",
+      "Bash(python *)",
+      "Bash(pip install *)",
+      "Bash(cd *)",
+      "Bash(cat *)",
+      "Bash(ls *)",
+      "Bash(head *)",
+      "Bash(tail *)",
+      "Bash(wc *)",
+      "Bash(grep *)",
+      "Bash(find *)",
+      "Bash(mkdir *)",
+      "Bash(cp *)",
+      "Bash(mv *)",
+      "Bash(touch *)",
+      "Bash(chmod *)",
+      "Bash(source *)",
+      "Bash(echo *)",
+      "Bash(sed *)",
+      "Bash(awk *)",
+      "Bash(sort *)",
+      "Bash(uniq *)",
+      "Bash(diff *)",
+      "Bash(jq *)",
+      "Bash(npm *)",
+      "Bash(npx *)",
+      "Bash(node *)",
+      "Bash(pytest *)",
+      "Bash(python -m *)",
+      "Bash(./scripts/*)",
+      "WebFetch",
+      "WebSearch"
+    ],
+    "deny": [
+      "Read(.env*)",
+      "Read(./secrets/**)",
+      "Bash(rm -rf *)",
+      "Bash(sudo *)",
+      "Bash(curl * | bash*)",
+      "Bash(wget * | bash*)"
+    ]
+  }
+}
+```
+
+### `autonomous` (Trusted CI/Sandboxed Environments Only)
+
+Maximum permissions for automated environments:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Glob",
+      "Grep",
+      "LS",
+      "Edit",
+      "Write",
+      "MultiEdit",
+      "Bash",
+      "WebFetch",
+      "WebSearch"
+    ],
+    "deny": [
+      "Read(.env*)",
+      "Read(./secrets/**)",
+      "Bash(rm -rf /)",
+      "Bash(sudo *)"
+    ]
+  }
+}
+```
+
+**Warning:** The `autonomous` profile allows unscoped `Bash` — only use in fully sandboxed environments.
+
+---
+
+## Section 6: Scoring Criteria (Settings Efficiency Score — 100 points)
+
+| Category | Points | What It Measures |
+|----------|--------|------------------|
+| **Redundancy** | 25 | No duplicates, no subset patterns, merged where possible |
+| **Coverage** | 25 | Common tools allowed, MCP servers covered, no unnecessary gaps |
+| **Safety Alignment** | 25 | Deny rules cover secrets, destructive commands; review layers verified |
+| **Profile Fit** | 25 | How close to recommended profile for the project's review layer count |
+
+### Scoring Breakdown
+
+**Redundancy (25 points):**
+- 25: No duplicates, no subsets, patterns are consolidated
+- 20: 1-2 minor redundancies
+- 15: 3-5 redundancies or 1 merge candidate group
+- 10: 6+ redundancies or 2+ merge candidate groups
+- 5: Significant redundancy (10+ issues)
+- 0: Severe redundancy (20+ issues)
+
+**Coverage (25 points):**
+- 25: All common tools allowed, MCP servers covered
+- 20: Missing 1-2 common tool patterns
+- 15: Missing 3-5 patterns or 1 MCP server
+- 10: Missing 6+ patterns or 2+ MCP servers
+- 5: Significant gaps causing frequent prompts
+- 0: Minimal coverage (prompts on most operations)
+
+**Safety Alignment (25 points):**
+- 25: Deny rules cover secrets + destructive ops, review layers verified
+- 20: Minor gaps (e.g., missing one secret pattern)
+- 15: Overly broad allow without review layer coverage
+- 10: Missing deny rules for secrets or destructive commands
+- 5: Unsafe patterns without review layer justification
+- 0: Security concerns (e.g., unscoped `Bash` without review layers)
+
+**Profile Fit (25 points):**
+- 25: Matches recommended profile exactly
+- 20: Within 90% of recommended profile
+- 15: Within 80% of recommended profile
+- 10: Within 70% of recommended profile
+- 5: Significant deviation from recommended profile
+- 0: No alignment with any named profile
+
+### Score Interpretation
+
+| Score Range | Status | Meaning |
+|-------------|--------|---------|
+| 90-100 | Optimized | Minimal prompt interruptions, safety maintained |
+| 70-89 | Good | Minor consolidation opportunities |
+| 50-69 | Needs Work | Significant redundancy or missing permissions |
+| Below 50 | Poor | Likely getting constant approval prompts unnecessarily |
+
+---
+
+## Section 7: Hook Detection Method
+
+To verify which review layers are active, read these files:
+
+| File | Hook Type | Tool Matcher | Purpose |
+|------|-----------|--------------|---------|
+| `plugins/code-sentinel/hooks/hooks.json` | PreToolUse | Write\|Edit\|MultiEdit | Blocks hardcoded secrets |
+| `plugins/git-flow/hooks/hooks.json` | PreToolUse | Bash | Branch naming + commit format |
+| `plugins/cmdb-assistant/hooks/hooks.json` | PreToolUse | MCP create/update | NetBox input validation |
+| `plugins/clarity-assist/hooks/hooks.json` | UserPromptSubmit | (all prompts) | Vagueness detection |
+
+### Verification Process
+
+1. **Read each hooks.json file**
+2. **Parse the JSON to find hook configurations**
+3. **Check the `type` field** — must be `"command"` (not `"prompt"`)
+4. **Check the `event` field** — maps to when hook runs
+5. **Check the `tools` array** — which operations are intercepted
+6. **Verify plugin is in marketplace** — check `.claude-plugin/marketplace.json`
+
+### Example Hook Structure
+
+```json
+{
+  "hooks": [
+    {
+      "event": "PreToolUse",
+      "type": "command",
+      "command": "./hooks/security-check.sh",
+      "tools": ["Write", "Edit", "MultiEdit"]
+    }
+  ]
+}
+```
+
+### Review Layer Count
+
+Count verified review layers for each scope:
+
+| Layer | Verification |
+|-------|-------------|
+| Sprint approval | Check if projman plugin is installed (milestone workflow) |
+| PR review | Check if pr-review plugin is installed |
+| code-sentinel PreToolUse | hooks.json exists with PreToolUse on Write/Edit/MultiEdit |
+| git-flow PreToolUse | hooks.json exists with PreToolUse on Bash |
+| cmdb-assistant PreToolUse | hooks.json exists with PreToolUse on MCP create/update |
+
+**Recommendation threshold:** Only recommend auto-allow for scopes with ≥2 verified layers.
--- a/plugins/claude-config-maintainer/skills/visual-header.md
+++ b/plugins/claude-config-maintainer/skills/visual-header.md
@@ -0,0 +1,73 @@
+# Visual Header Display
+
+This skill defines the standard visual header for claude-config-maintainer commands.
+
+## Header Format
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - [Command Name]                              |
+-----------------------------------------------------------------+
+```
+
+## Command-Specific Headers
+
+### /claude-config analyze
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - CLAUDE.md Analysis                          |
+-----------------------------------------------------------------+
+```
+
+### /claude-config optimize
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - CLAUDE.md Optimization                      |
+-----------------------------------------------------------------+
+```
+
+### /claude-config lint
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - CLAUDE.md Lint                              |
+-----------------------------------------------------------------+
+```
+
+### /claude-config diff
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - CLAUDE.md Diff                              |
+-----------------------------------------------------------------+
+```
+
+### /claude-config init
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - CLAUDE.md Initialization                    |
+-----------------------------------------------------------------+
+```
+
+### /claude-config audit-settings
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Audit                              |
+-----------------------------------------------------------------+
+```
+
+### /claude-config optimize-settings
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+```
+
+### /claude-config permissions-map
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+Display the header at the start of command execution, before any analysis or output.
--- a/plugins/cmdb-assistant/.claude-plugin/metadata.json
+++ b/plugins/cmdb-assistant/.claude-plugin/metadata.json
@@ -0,0 +1 @@
+{"mcp_servers": ["netbox"]}
--- a/plugins/cmdb-assistant/.claude-plugin/plugin.json
+++ b/plugins/cmdb-assistant/.claude-plugin/plugin.json
@@ -19,5 +19,8 @@
    "data-quality",
    "validation"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "ops"
 }
--- a/plugins/cmdb-assistant/agents/cmdb-assistant.md
+++ b/plugins/cmdb-assistant/agents/cmdb-assistant.md
@@ -1,21 +1,27 @@
+---
+name: cmdb-assistant
+description: Infrastructure management assistant specialized in NetBox CMDB operations. Use for device management, IP addressing, and infrastructure queries.
+model: sonnet
+permissionMode: default
+---
+
 # CMDB Assistant Agent

-You are an infrastructure management assistant specialized in NetBox CMDB operations. You help users query, document, and manage their network infrastructure.
+You are an infrastructure management assistant specialized in NetBox CMDB operations.

-## Visual Output Requirements
+## Skills to Load

-**MANDATORY: Display header at start of every response.**
+- `skills/visual-header.md`
+- `skills/netbox-patterns/SKILL.md`
+- `skills/mcp-tools-reference.md`

-```
-┌──────────────────────────────────────────────────────────────────┐
-│  🖥️ CMDB-ASSISTANT · Infrastructure Management                   │
-└──────────────────────────────────────────────────────────────────┘
-```
+## Visual Output
+
+Execute `skills/visual-header.md` with context "Infrastructure Management".

 ## Capabilities

-You have full access to NetBox via MCP tools covering:
-
+Full access to NetBox via MCP tools covering:
 - **DCIM**: Sites, locations, racks, devices, interfaces, cables, power
 - **IPAM**: IP addresses, prefixes, VLANs, VRFs, ASNs, services
 - **Circuits**: Providers, circuits, terminations
@@ -29,189 +35,75 @@ You have full access to NetBox via MCP tools covering:

 ### Query Operations
 - Start with list operations to find objects
- Use filters to narrow results (name, status, site_id, etc.)
- Follow up with get operations for detailed information
- Present results in clear, organized format
+- Use filters to narrow results
+- Follow up with get operations for details

 ### Create Operations
- Always confirm required fields with user before creating
- Look up related object IDs (device_type, role, site) first
- Provide the created object details after success
- Suggest follow-up actions (add interfaces, assign IPs, etc.)
+- Confirm required fields before creating
+- Look up related object IDs first
+- Suggest follow-up actions after success

 ### Update Operations
 - Show current values before updating
 - Confirm changes with user
- Report what was changed after success

 ### Delete Operations
- ALWAYS ask for explicit confirmation before deleting
- Show what will be deleted
- Warn about dependent objects that may be affected
-
-## Common Workflows
-
-### Document a New Server
-1. Create device with `dcim_create_device`
-2. Add interfaces with `dcim_create_interface`
-3. Assign IPs with `ipam_create_ip_address`
-4. Add journal entry with `extras_create_journal_entry`
-
-### Allocate IP Space
-1. Find available prefixes with `ipam_list_available_prefixes`
-2. Create prefix with `ipam_create_prefix` or `ipam_create_available_prefix`
-3. Allocate IPs with `ipam_create_available_ip`
-
-### Audit Infrastructure
-1. List recent changes with `extras_list_object_changes`
-2. Review devices by site with `dcim_list_devices`
-3. Check IP utilization with prefix operations
-
-### Cable Management
-1. List interfaces with `dcim_list_interfaces`
-2. Create cable with `dcim_create_cable`
-3. Verify connectivity
-
-## Response Format
-
-When presenting data:
- Use tables for lists
- Highlight key fields (name, status, IPs)
- Include IDs for reference in follow-up operations
- Suggest next steps when appropriate
-
-## Error Handling
-
- If an operation fails, explain why clearly
- Suggest corrective actions
- For permission errors, note what access is needed
- For validation errors, explain required fields/formats
+- ALWAYS ask for explicit confirmation
+- Warn about dependent objects

 ## Data Quality Validation

-**IMPORTANT:** Load the `netbox-patterns` skill for best practice reference.
+Reference `skills/netbox-patterns/SKILL.md` for best practices:

-Before ANY create or update operation, validate against NetBox best practices:
+### Before VM Operations
+1. Cluster/Site assignment required
+2. Recommend tenant if not provided
+3. Check naming convention

-### VM Operations
+### Before Device Operations
+1. Site is REQUIRED
+2. Recommend platform
+3. Check naming convention
+4. Offer to set primary IP after creation

-**Required checks before `virt_create_vm` or `virt_update_vm`:**
+### Before Creating Roles
+1. List existing roles first
+2. Recommend consolidation if >10 specific roles

-1. **Cluster/Site Assignment** - VMs must have either cluster or site
-2. **Tenant Assignment** - Recommend if not provided
-3. **Platform Assignment** - Recommend for OS tracking
-4. **Naming Convention** - Check against `{env}-{app}-{number}` pattern
-5. **Role Assignment** - Recommend appropriate role
-
-**If user provides no site/tenant, ASK:**
-
-> "This VM has no site or tenant assigned. NetBox best practices recommend:
-> - **Site**: For location-based queries and power budgeting
-> - **Tenant**: For resource isolation and ownership tracking
->
-> Would you like me to:
-> 1. Assign to an existing site/tenant (list available)
-> 2. Create new site/tenant first
-> 3. Proceed without (not recommended for production use)"
-
-### Device Operations
-
-**Required checks before `dcim_create_device` or `dcim_update_device`:**
-
-1. **Site is REQUIRED** - Fail without it
-2. **Platform Assignment** - Recommend for OS tracking
-3. **Naming Convention** - Check against `{role}-{location}-{number}` pattern
-4. **Role Assignment** - Ensure appropriate role selected
-5. **After Creation** - Offer to set primary IP
-
-### Cluster Operations
-
-**Required checks before `virt_create_cluster`:**
-
-1. **Site Scope** - Recommend assigning to site
-2. **Cluster Type** - Ensure appropriate type selected
-3. **Device Association** - Recommend linking to host device
-
-### Role Management
-
-**Before creating a new device role:**
-
-1. List existing roles with `dcim_list_device_roles`
-2. Check if a more general role already exists
-3. Recommend role consolidation if >10 specific roles exist
-
-**Example guidance:**
-
-> "You're creating role 'nginx-web-server'. An existing 'web-server' role exists.
-> Consider using 'web-server' and tracking nginx via the platform field instead.
-> This reduces role fragmentation and improves maintainability."
-
-## Dependency Order Enforcement
-
-When creating multiple objects, follow this order:
+## Dependency Order

+Follow order from `skills/netbox-patterns/SKILL.md`:
 ```
-1. Regions → Sites → Locations → Racks
-2. Tenant Groups → Tenants
-3. Manufacturers → Device Types
+1. Regions -> Sites -> Locations -> Racks
+2. Tenant Groups -> Tenants
+3. Manufacturers -> Device Types
 4. Device Roles, Platforms
 5. Devices (with site, role, type)
 6. Clusters (with type, optional site)
 7. VMs (with cluster)
-8. Interfaces → IP Addresses → Primary IP assignment
+8. Interfaces -> IP Addresses -> Primary IP
 ```

-**CRITICAL Rules:**
- NEVER create a VM before its cluster exists
- NEVER create a device before its site exists
- NEVER create an interface before its device exists
- NEVER create an IP before its interface exists (if assigning)
-
-## Naming Convention Enforcement
-
-When user provides a name, check against patterns:
-
-| Object Type | Pattern | Example |
-|-------------|---------|---------|
-| Device | `{role}-{site}-{number}` | `web-dc1-01` |
-| VM | `{env}-{app}-{number}` or `{prefix}_{service}` | `prod-api-01` |
-| Cluster | `{site}-{type}` | `dc1-vmware`, `home-docker` |
-| Prefix | Include purpose in description | "Production /24 for web tier" |
-
-**If name doesn't match patterns, warn:**
-
-> "The name 'HotServ' doesn't follow naming conventions.
-> Suggested: `prod-hotserv-01` or `hotserv-cloud-01`.
-> Consistent naming improves searchability and automation compatibility.
-> Proceed with original name? [Y/n]"
-
 ## Duplicate Prevention

-Before creating objects, always check for existing duplicates:
-
+Before creating, check for existing:
 ```
-# Before creating device
 dcim_list_devices name=<proposed-name>
-
-# Before creating VM
 virt_list_vms name=<proposed-name>
-
-# Before creating prefix
 ipam_list_prefixes prefix=<proposed-prefix>
 ```

-If duplicate found, inform user and suggest update instead of create.
-
 ## Available Commands

-Users can invoke these commands for structured workflows:
-
 | Command | Purpose |
 |---------|---------|
-| `/cmdb-search <query>` | Search across all CMDB objects |
-| `/cmdb-device <action>` | Device CRUD operations |
-| `/cmdb-ip <action>` | IP address and prefix management |
-| `/cmdb-site <action>` | Site and location management |
-| `/cmdb-audit [scope]` | Data quality analysis |
-| `/cmdb-register` | Register current machine |
-| `/cmdb-sync` | Sync machine state with NetBox |
+| `/cmdb search <query>` | Search across all CMDB objects |
+| `/cmdb device <action>` | Device CRUD operations |
+| `/cmdb ip <action>` | IP address and prefix management |
+| `/cmdb site <action>` | Site and location management |
+| `/cmdb audit [scope]` | Data quality analysis |
+| `/cmdb register` | Register current machine |
+| `/cmdb sync` | Sync machine state with NetBox |
+| `/cmdb topology <view>` | Generate infrastructure diagrams |
+| `/cmdb change-audit [filters]` | Audit NetBox changes |
+| `/cmdb ip-conflicts [scope]` | Detect IP conflicts |
--- a/plugins/cmdb-assistant/claude-md-integration.md
+++ b/plugins/cmdb-assistant/claude-md-integration.md
@@ -6,10 +6,10 @@ This project uses the **cmdb-assistant** plugin for NetBox CMDB integration to m

 | Command | Description |
 |---------|-------------|
-| `/cmdb-search` | Search across all NetBox objects |
-| `/cmdb-device` | Manage devices (create, update, list) |
-| `/cmdb-ip` | Manage IP addresses and prefixes |
-| `/cmdb-site` | Manage sites and locations |
+| `/cmdb search` | Search across all NetBox objects |
+| `/cmdb device` | Manage devices (create, update, list) |
+| `/cmdb ip` | Manage IP addresses and prefixes |
+| `/cmdb site` | Manage sites and locations |

 ### MCP Tools Available

@@ -32,9 +32,9 @@ The following NetBox MCP tools are available for infrastructure management:
 - `ipam_list_available_ips`, `ipam_create_available_ip` - IP allocation

 **Virtualization:**
- `virtualization_list_virtual_machines`, `virtualization_create_virtual_machine` - VM management
- `virtualization_list_clusters`, `virtualization_create_cluster` - Cluster management
- `virtualization_list_vm_interfaces` - VM interface management
+- `virt_list_vms`, `virt_create_vm`, `virt_update_vm`, `virt_delete_vm` - VM management
+- `virt_list_clusters`, `virt_create_cluster`, `virt_update_cluster`, `virt_delete_cluster` - Cluster management
+- `virt_list_vm_ifaces`, `virt_create_vm_iface` - VM interface management

 **Circuits:**
 - `circuits_list_circuits`, `circuits_create_circuit` - Circuit management
--- a/plugins/cmdb-assistant/commands/change-audit.md
+++ b/plugins/cmdb-assistant/commands/change-audit.md
@@ -1,175 +0,0 @@
---
-description: Audit NetBox changes with filtering by date, user, or object type
---
-
-# CMDB Change Audit
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  🖥️ CMDB-ASSISTANT · Change Audit                                │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the audit.
-
-Query and analyze the NetBox audit log for change tracking and compliance.
-
-## Usage
-
-```
-/change-audit [filters]
-```
-
-**Filters:**
- `last <N> days/hours` - Changes within time period
- `by <username>` - Changes by specific user
- `type <object-type>` - Changes to specific object type
- `action <create|update|delete>` - Filter by action type
- `object <name>` - Search for changes to specific object
-
-## Instructions
-
-You are a change auditor that queries NetBox's object change log and generates audit reports.
-
-### MCP Tools
-
-Use these tools to query the audit log:
-
- `extras_list_object_changes` - List changes with filters:
-  - `user_id` - Filter by user ID
-  - `changed_object_type` - Filter by object type (e.g., "dcim.device", "ipam.ipaddress")
-  - `action` - Filter by action: "create", "update", "delete"
-
- `extras_get_object_change` - Get detailed change record by ID
-
-### Common Object Types
-
-| Category | Object Types |
-|----------|--------------|
-| DCIM | `dcim.device`, `dcim.interface`, `dcim.site`, `dcim.rack`, `dcim.cable` |
-| IPAM | `ipam.ipaddress`, `ipam.prefix`, `ipam.vlan`, `ipam.vrf` |
-| Virtualization | `virtualization.virtualmachine`, `virtualization.cluster` |
-| Tenancy | `tenancy.tenant`, `tenancy.contact` |
-
-### Workflow
-
-1. **Parse user request** to determine filters
-2. **Query object changes** using `extras_list_object_changes`
-3. **Enrich data** by fetching detailed records if needed
-4. **Analyze patterns** in the changes
-5. **Generate report** in structured format
-
-### Report Format
-
-```markdown
-## NetBox Change Audit Report
-
-**Generated:** [timestamp]
-**Period:** [date range or "All time"]
-**Filters:** [applied filters]
-
-### Summary
-
-| Metric | Count |
-|--------|-------|
-| Total Changes | X |
-| Creates | Y |
-| Updates | Z |
-| Deletes | W |
-| Unique Users | N |
-| Object Types | M |
-
-### Changes by Action
-
-#### Created Objects (Y)
-
-| Time | User | Object Type | Object | Details |
-|------|------|-------------|--------|---------|
-| 2024-01-15 14:30 | admin | dcim.device | server-01 | Created device |
-| ... | ... | ... | ... | ... |
-
-#### Updated Objects (Z)
-
-| Time | User | Object Type | Object | Changed Fields |
-|------|------|-------------|--------|----------------|
-| 2024-01-15 15:00 | john | ipam.ipaddress | 10.0.1.50/24 | status, description |
-| ... | ... | ... | ... | ... |
-
-#### Deleted Objects (W)
-
-| Time | User | Object Type | Object | Details |
-|------|------|-------------|--------|---------|
-| 2024-01-14 09:00 | admin | dcim.interface | eth2 | Removed from server-01 |
-| ... | ... | ... | ... | ... |
-
-### Changes by User
-
-| User | Creates | Updates | Deletes | Total |
-|------|---------|---------|---------|-------|
-| admin | 5 | 10 | 2 | 17 |
-| john | 3 | 8 | 0 | 11 |
-
-### Changes by Object Type
-
-| Object Type | Creates | Updates | Deletes | Total |
-|-------------|---------|---------|---------|-------|
-| dcim.device | 2 | 5 | 0 | 7 |
-| ipam.ipaddress | 4 | 3 | 1 | 8 |
-
-### Timeline
-
-```
-2024-01-15: ████████ 8 changes
-2024-01-14: ████ 4 changes
-2024-01-13: ██ 2 changes
-```
-
-### Notable Patterns
-
- **Bulk operations:** [Identify if many changes happened in short time]
- **Unusual activity:** [Flag unexpected deletions or after-hours changes]
- **Missing audit trail:** [Note if expected changes are not logged]
-
-### Recommendations
-
-1. [Any security or process recommendations based on findings]
-```
-
-### Time Period Handling
-
-When user specifies "last N days":
- The NetBox API may not have direct date filtering in `extras_list_object_changes`
- Fetch recent changes and filter client-side by the `time` field
- Note any limitations in the report
-
-### Enriching Change Details
-
-For detailed audit, use `extras_get_object_change` with the change ID to see:
- `prechange_data` - Object state before change
- `postchange_data` - Object state after change
- `request_id` - Links related changes in same request
-
-### Security Audit Mode
-
-If user asks for "security audit" or "compliance report":
-1. Focus on deletions and permission-sensitive changes
-2. Highlight changes to critical objects (firewalls, VRFs, prefixes)
-3. Flag changes outside business hours
-4. Identify users with high change counts
-
-## Examples
-
- `/change-audit` - Show recent changes (last 24 hours)
- `/change-audit last 7 days` - Changes in past week
- `/change-audit by admin` - All changes by admin user
- `/change-audit type dcim.device` - Device changes only
- `/change-audit action delete` - All deletions
- `/change-audit object server-01` - Changes to server-01
-
-## User Request
-
-$ARGUMENTS
--- a/plugins/cmdb-assistant/commands/cmdb-audit.md
+++ b/plugins/cmdb-assistant/commands/cmdb-audit.md
@@ -1,27 +1,23 @@
 ---
+name: cmdb audit
 description: Audit NetBox data quality and identify consistency issues
 ---

-# CMDB Data Quality Audit
-
-## Visual Output
-
-When executing this command, display the plugin header:
-
-```
-┌──────────────────────────────────────────────────────────────────┐
-│  🖥️ CMDB-ASSISTANT · Data Quality Audit                          │
-└──────────────────────────────────────────────────────────────────┘
-```
-
-Then proceed with the audit.
+# /cmdb audit

 Analyze NetBox data for quality issues and best practice violations.

+## Skills to Load
+
+- `skills/visual-header.md`
+- `skills/audit-workflow.md`
+- `skills/netbox-patterns/SKILL.md`
+- `skills/mcp-tools-reference.md`
+
 ## Usage

 ```
-/cmdb-audit [scope]
+/cmdb audit [scope]
 ```

 **Scopes:**
@@ -33,174 +29,30 @@ Analyze NetBox data for quality issues and best practice violations.

 ## Instructions

-You are a data quality auditor for NetBox. Your job is to identify consistency issues and best practice violations.
+Execute `skills/visual-header.md` with context "Data Quality Audit".

-**IMPORTANT:** Load the `netbox-patterns` skill for best practice reference.
+Execute `skills/audit-workflow.md` which covers:
+1. Data collection via MCP
+2. Quality checks by severity (CRITICAL, HIGH, MEDIUM, LOW)
+3. Naming convention analysis
+4. Role fragmentation analysis
+5. Report generation with recommendations

-### Phase 1: Data Collection
+## Scope-Specific Focus

-Run these MCP tool calls to gather data for analysis:
+| Scope | Focus |
+|-------|-------|
+| `all` | Full audit across all categories |
+| `vms` | Virtual Machine checks only |
+| `devices` | Device checks only |
+| `naming` | Naming convention analysis |
+| `roles` | Role fragmentation analysis |

-```
-1. virt_list_vms (no filters - get all)
-2. dcim_list_devices (no filters - get all)
-3. virt_list_clusters (no filters)
-4. dcim_list_sites
-5. tenancy_list_tenants
-6. dcim_list_device_roles
-7. dcim_list_platforms
-```
+## Examples

-Store the results for analysis.
-
-### Phase 2: Quality Checks
-
-Analyze collected data for these issues by severity:
-
-#### CRITICAL Issues (must fix immediately)
-
-| Check | Detection |
-|-------|-----------|
-| VMs without cluster | `cluster` field is null AND `site` field is null |
-| Devices without site | `site` field is null |
-| Active devices without primary IP | `status=active` AND `primary_ip4` is null AND `primary_ip6` is null |
-
-#### HIGH Issues (should fix soon)
-
-| Check | Detection |
-|-------|-----------|
-| VMs without site | VM has no site (neither direct nor via cluster.site) |
-| VMs without tenant | `tenant` field is null |
-| Devices without platform | `platform` field is null |
-| Clusters not scoped to site | `site` field is null on cluster |
-| VMs without role | `role` field is null |
-
-#### MEDIUM Issues (plan to address)
-
-| Check | Detection |
-|-------|-----------|
-| Inconsistent naming | Names don't match patterns: devices=`{role}-{site}-{num}`, VMs=`{env}-{app}-{num}` |
-| Role fragmentation | More than 10 device roles with <3 assignments each |
-| Missing tags on production | Active resources without any tags |
-| Mixed naming separators | Some names use `_`, others use `-` |
-
-#### LOW Issues (informational)
-
-| Check | Detection |
-|-------|-----------|
-| Docker containers as VMs | Cluster type is "Docker Compose" - document this modeling choice |
-| VMs without description | `description` field is empty |
-| Sites without physical address | `physical_address` is empty |
-| Devices without serial | `serial` field is empty |
-
-### Phase 3: Naming Convention Analysis
-
-For naming scope, analyze patterns:
-
-1. **Extract naming patterns** from existing objects
-2. **Identify dominant patterns** (most common conventions)
-3. **Flag outliers** that don't match dominant patterns
-4. **Suggest standardization** based on best practices
-
-**Expected Patterns:**
- Devices: `{role}-{location}-{number}` (e.g., `web-dc1-01`)
- VMs: `{prefix}_{service}` or `{env}-{app}-{number}` (e.g., `prod-api-01`)
- Clusters: `{site}-{type}` (e.g., `home-docker`)
-
-### Phase 4: Role Analysis
-
-For roles scope, analyze fragmentation:
-
-1. **List all device roles** with assignment counts
-2. **Identify single-use roles** (only 1 device/VM)
-3. **Identify similar roles** that could be consolidated
-4. **Suggest consolidation** based on patterns
-
-**Red Flags:**
- More than 15 highly specific roles
- Roles with technology in name (use platform instead)
- Roles that duplicate functionality
-
-### Phase 5: Report Generation
-
-Present findings in this structure:
-
-```markdown
-## CMDB Data Quality Audit Report
-
-**Generated:** [timestamp]
-**Scope:** [scope parameter]
-
-### Summary
-
-| Metric | Count |
-|--------|-------|
-| Total VMs | X |
-| Total Devices | Y |
-| Total Clusters | Z |
-| **Total Issues** | **N** |
-
-| Severity | Count |
-|----------|-------|
-| Critical | A |
-| High | B |
-| Medium | C |
-| Low | D |
-
-### Critical Issues
-
-[List each with specific object names and IDs]
-
-**Example:**
- VM `HotServ` (ID: 1) - No cluster or site assignment
- Device `server-01` (ID: 5) - No site assignment
-
-### High Issues
-
-[List each with specific object names]
-
-### Medium Issues
-
-[Grouped by category with counts]
-
-### Recommendations
-
-1. **[Most impactful fix]** - affects N objects
-2. **[Second priority]** - affects M objects
-...
-
-### Quick Fixes
-
-Commands to fix common issues:
-
-```
-# Assign site to VM
-virt_update_vm id=X site=Y
-
-# Assign platform to device
-dcim_update_device id=X platform=Y
-```
-
-### Next Steps
-
- Run `/cmdb-register` to properly register new machines
- Use `/cmdb-sync` to update existing registrations
- Consider bulk updates via NetBox web UI for >10 items
-```
-
-## Scope-Specific Instructions
-
-### For `vms` scope:
-Focus only on Virtual Machine checks. Skip device and role analysis.
-
-### For `devices` scope:
-Focus only on Device checks. Skip VM and cluster analysis.
-
-### For `naming` scope:
-Focus on naming convention analysis across all objects. Generate detailed pattern report.
-
-### For `roles` scope:
-Focus on role fragmentation analysis. Generate consolidation recommendations.
+- `/cmdb audit` - Full audit
+- `/cmdb audit vms` - VM-specific checks
+- `/cmdb audit naming` - Naming conventions

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-change-audit.md
+++ b/plugins/cmdb-assistant/commands/cmdb-change-audit.md
@@ -0,0 +1,58 @@
+---
+name: cmdb change-audit
+description: Audit NetBox changes with filtering by date, user, or object type
+---
+
+# /cmdb change-audit
+
+Query and analyze the NetBox audit log for change tracking and compliance.
+
+## Skills to Load
+
+- `skills/visual-header.md`
+- `skills/change-audit.md`
+- `skills/mcp-tools-reference.md`
+
+## Usage
+
+```
+/cmdb change-audit [filters]
+```
+
+**Filters:**
+- `last <N> days/hours` - Changes within time period
+- `by <username>` - Changes by specific user
+- `type <object-type>` - Changes to specific object type
+- `action <create|update|delete>` - Filter by action type
+- `object <name>` - Search for changes to specific object
+
+## Instructions
+
+Execute `skills/visual-header.md` with context "Change Audit".
+
+Execute `skills/change-audit.md` which covers:
+1. Parse user request for filters
+2. Query object changes via MCP
+3. Enrich data with detailed records
+4. Analyze patterns
+5. Generate report
+
+## Security Audit Mode
+
+If user asks for "security audit" or "compliance report":
+- Focus on deletions and permission-sensitive changes
+- Highlight changes to critical objects (firewalls, VRFs, prefixes)
+- Flag changes outside business hours
+- Identify users with high change counts
+
+## Examples
+
+- `/cmdb change-audit` - Recent changes (last 24 hours)
+- `/cmdb change-audit last 7 days` - Past week
+- `/cmdb change-audit by admin` - All changes by admin
+- `/cmdb change-audit type dcim.device` - Device changes only
+- `/cmdb change-audit action delete` - All deletions
+
+## User Request
+
+$ARGUMENTS
--- a/plugins/cmdb-assistant/commands/cmdb-device.md
+++ b/plugins/cmdb-assistant/commands/cmdb-device.md
@@ -1,63 +1,58 @@
-# CMDB Device Management
+---
+name: cmdb device
+---

-## Visual Output
+# /cmdb device

-When executing this command, display the plugin header:
+Manage network devices in NetBox.

-```
-┌──────────────────────────────────────────────────────────────────┐
-│  🖥️ CMDB-ASSISTANT · Device Management                           │
-└──────────────────────────────────────────────────────────────────┘
-```
+## Skills to Load

-Then proceed with the operation.
-
-Manage network devices in NetBox - create, view, update, or delete.
+- `skills/visual-header.md`
+- `skills/mcp-tools-reference.md`

 ## Usage

 ```
-/cmdb-device <action> [options]
+/cmdb device <action> [options]
 ```

 ## Instructions

-You are a device management assistant with full CRUD access to NetBox devices.
+Execute `skills/visual-header.md` with context "Device Management".

 ### Actions

 **List/View:**
- `list` or `show all` - List all devices using `dcim_list_devices`
- `show <name>` - Get device details using `dcim_list_devices` with name filter, then `dcim_get_device`
- `at <site>` - List devices at a specific site
+- `list` or `show all` - List all devices: `dcim_list_devices`
+- `show <name>` - Get device details: `dcim_get_device`
+- `at <site>` - List devices at site

 **Create:**
- `create <name>` - Create a new device
+- `create <name>` - Create new device
 - Required: name, device_type, role, site
- Use `dcim_list_device_types`, `dcim_list_device_roles`, `dcim_list_sites` to help user find IDs
- Then use `dcim_create_device`
+- Use `dcim_list_device_types`, `dcim_list_device_roles`, `dcim_list_sites` to find IDs

 **Update:**
 - `update <name>` - Update device properties
- First get the device ID, then use `dcim_update_device`
+- Get device ID first, then use `dcim_update_device`

 **Delete:**
- `delete <name>` - Delete a device (ask for confirmation first)
- Use `dcim_delete_device`
+- `delete <name>` - Delete device (ask confirmation first)

 ### Related Operations

 After creating a device, offer to:
- Add interfaces with `dcim_create_interface`
- Assign IP addresses with `ipam_create_ip_address`
- Add to a rack with `dcim_update_device`
+- Add interfaces: `dcim_create_interface`
+- Assign IP addresses: `ipam_create_ip_address`
+- Add to rack: `dcim_update_device`

 ## Examples

- `/cmdb-device list` - Show all devices
- `/cmdb-device show core-router-01` - Get details for specific device
- `/cmdb-device create web-server-03` - Create a new device
- `/cmdb-device at headquarters` - List devices at headquarters site
+- `/cmdb device list`
+- `/cmdb device show core-router-01`
+- `/cmdb device create web-server-03`
+- `/cmdb device at headquarters`

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-ip-conflicts.md
+++ b/plugins/cmdb-assistant/commands/cmdb-ip-conflicts.md
@@ -0,0 +1,59 @@
+---
+name: cmdb ip-conflicts
+description: Detect IP address conflicts and overlapping prefixes in NetBox
+---
+
+# /cmdb ip-conflicts
+
+Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes.
+
+## Skills to Load
+
+- `skills/visual-header.md`
+- `skills/ip-management.md`
+- `skills/mcp-tools-reference.md`
+
+## Usage
+
+```
+/cmdb ip-conflicts [scope]
+```
+
+**Scopes:**
+- `all` (default) - Full scan of all IP data
+- `addresses` - Check for duplicate IP addresses only
+- `prefixes` - Check for overlapping prefixes only
+- `vrf <name>` - Scan specific VRF only
+- `prefix <cidr>` - Scan within specific prefix
+
+## Instructions
+
+Execute `skills/visual-header.md` with context "IP Conflict Detection".
+
+Execute conflict detection from `skills/ip-management.md`:
+
+1. **Data Collection** - Fetch IPs, prefixes, VRFs via MCP
+2. **Duplicate Detection** - Group by address+VRF, flag >1 record
+3. **Overlap Detection** - Compare prefixes pairwise using CIDR math
+4. **Orphan IP Detection** - Find IPs without containing prefix
+5. **Generate Report** - Use template from skill
+
+## Conflict Types
+
+| Type | Severity |
+|------|----------|
+| Duplicate IP (same interface type) | CRITICAL |
+| Duplicate IP (different roles) | HIGH |
+| Overlapping prefixes (same status) | HIGH |
+| Overlapping prefixes (container ok) | LOW |
+| Orphan IP | MEDIUM |
+
+## Examples
+
+- `/cmdb ip-conflicts` - Full scan
+- `/cmdb ip-conflicts addresses` - Duplicate IPs only
+- `/cmdb ip-conflicts vrf Production` - Scan specific VRF
+
+## User Request
+
+$ARGUMENTS
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`GITEA_REPO=personal-projects/leo-claude-mktplace`