Merge pull request 'feat: Command consolidation + 8 new plugins (v8.1.0 → v9.0.0)' (#445 ) from feat/phase-1b-command-consolidation into development

Reviewed-on: #445
feat(marketplace): command consolidation + 8 new plugins (v8.1.0 → v9.0.0) [BREAKING]
2026-02-06 20:02:12 +00:00 · 2026-02-06 14:52:11 -05:00 · 2026-02-06 17:31:18 +00:00 · 2026-02-06 12:28:06 -05:00 · 2026-02-06 11:50:21 -05:00 · 2026-02-05 02:39:33 +00:00
427 changed files with 20559 additions and 3969 deletions
--- a/.claude-plugin/marketplace-full.json
+++ b/.claude-plugin/marketplace-full.json
@@ -0,0 +1,205 @@
+{
+  "name": "leo-claude-mktplace",
+  "owner": {
+    "name": "Leo Miranda",
+    "email": "leobmiranda@gmail.com"
+  },
+  "metadata": {
+    "description": "Project management plugins with Gitea and NetBox integrations",
+    "version": "7.1.0"
+  },
+  "plugins": [
+    {
+      "name": "projman",
+      "version": "7.1.0",
+      "description": "Sprint planning and project management with Gitea integration",
+      "source": "./plugins/projman",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["sprint", "agile", "gitea", "project-management"],
+      "license": "MIT"
+    },
+    {
+      "name": "doc-guardian",
+      "version": "7.1.0",
+      "description": "Automatic documentation drift detection and synchronization",
+      "source": "./plugins/doc-guardian",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/doc-guardian/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["documentation", "drift-detection", "sync"],
+      "license": "MIT"
+    },
+    {
+      "name": "code-sentinel",
+      "version": "7.1.0",
+      "description": "Security scanning and code refactoring tools",
+      "source": "./plugins/code-sentinel",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "security",
+      "tags": ["security-scan", "refactoring", "vulnerabilities"],
+      "license": "MIT"
+    },
+    {
+      "name": "project-hygiene",
+      "version": "7.1.0",
+      "description": "Post-task cleanup hook that removes temp files and manages orphaned files",
+      "source": "./plugins/project-hygiene",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/project-hygiene/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["cleanup", "automation", "hygiene"],
+      "license": "MIT"
+    },
+    {
+      "name": "cmdb-assistant",
+      "version": "7.1.0",
+      "description": "NetBox CMDB integration with data quality validation and machine registration",
+      "source": "./plugins/cmdb-assistant",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/cmdb-assistant/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "infrastructure",
+      "tags": ["cmdb", "netbox", "dcim", "ipam", "data-quality", "validation"],
+      "license": "MIT"
+    },
+    {
+      "name": "claude-config-maintainer",
+      "version": "7.1.0",
+      "description": "CLAUDE.md and settings.local.json optimization for Claude Code projects",
+      "source": "./plugins/claude-config-maintainer",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/claude-config-maintainer/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["claude-md", "configuration", "optimization"],
+      "license": "MIT"
+    },
+    {
+      "name": "clarity-assist",
+      "version": "7.1.0",
+      "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
+      "source": "./plugins/clarity-assist",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["prompts", "requirements", "clarification", "nd-friendly"],
+      "license": "MIT"
+    },
+    {
+      "name": "git-flow",
+      "version": "7.1.0",
+      "description": "Git workflow automation with intelligent commit messages and branch management",
+      "source": "./plugins/git-flow",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["git", "workflow", "commits", "branching"],
+      "license": "MIT"
+    },
+    {
+      "name": "pr-review",
+      "version": "7.1.0",
+      "description": "Multi-agent pull request review with confidence scoring and actionable feedback",
+      "source": "./plugins/pr-review",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["code-review", "pull-requests", "security", "quality"],
+      "license": "MIT"
+    },
+    {
+      "name": "data-platform",
+      "version": "7.1.0",
+      "description": "Data engineering tools with pandas, PostgreSQL/PostGIS, and dbt integration",
+      "source": "./plugins/data-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "data",
+      "tags": ["pandas", "postgresql", "postgis", "dbt", "data-engineering", "etl"],
+      "license": "MIT"
+    },
+    {
+      "name": "viz-platform",
+      "version": "7.1.0",
+      "description": "Visualization tools with Dash Mantine Components validation, Plotly charts, and theming",
+      "source": "./plugins/viz-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/viz-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "visualization",
+      "tags": ["dash", "plotly", "mantine", "charts", "dashboards", "theming", "dmc"],
+      "license": "MIT"
+    },
+    {
+      "name": "contract-validator",
+      "version": "7.1.0",
+      "description": "Cross-plugin compatibility validation and Claude.md agent verification",
+      "source": "./plugins/contract-validator",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/contract-validator/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["validation", "contracts", "compatibility", "agents", "interfaces", "cross-plugin"],
+      "license": "MIT"
+    }
+  ]
+}
--- a/.claude-plugin/marketplace-lean.json
+++ b/.claude-plugin/marketplace-lean.json
@@ -0,0 +1,109 @@
+{
+  "name": "leo-claude-mktplace",
+  "owner": {
+    "name": "Leo Miranda",
+    "email": "leobmiranda@gmail.com"
+  },
+  "metadata": {
+    "description": "Project management plugins with Gitea and NetBox integrations",
+    "version": "7.1.0"
+  },
+  "plugins": [
+    {
+      "name": "projman",
+      "version": "7.1.0",
+      "description": "Sprint planning and project management with Gitea integration",
+      "source": "./plugins/projman",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["sprint", "agile", "gitea", "project-management"],
+      "license": "MIT"
+    },
+    {
+      "name": "git-flow",
+      "version": "7.1.0",
+      "description": "Git workflow automation with intelligent commit messages and branch management",
+      "source": "./plugins/git-flow",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["git", "workflow", "commits", "branching"],
+      "license": "MIT"
+    },
+    {
+      "name": "pr-review",
+      "version": "7.1.0",
+      "description": "Multi-agent pull request review with confidence scoring and actionable feedback",
+      "source": "./plugins/pr-review",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "development",
+      "tags": ["code-review", "pull-requests", "security", "quality"],
+      "license": "MIT"
+    },
+    {
+      "name": "clarity-assist",
+      "version": "7.1.0",
+      "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
+      "source": "./plugins/clarity-assist",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["prompts", "requirements", "clarification", "nd-friendly"],
+      "license": "MIT"
+    },
+    {
+      "name": "code-sentinel",
+      "version": "7.1.0",
+      "description": "Security scanning and code refactoring tools",
+      "source": "./plugins/code-sentinel",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "security",
+      "tags": ["security-scan", "refactoring", "vulnerabilities"],
+      "license": "MIT"
+    },
+    {
+      "name": "doc-guardian",
+      "version": "7.1.0",
+      "description": "Automatic documentation drift detection and synchronization",
+      "source": "./plugins/doc-guardian",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/doc-guardian/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "hooks": ["./hooks/hooks.json"],
+      "category": "productivity",
+      "tags": ["documentation", "drift-detection", "sync"],
+      "license": "MIT"
+    }
+  ]
+}
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -6,12 +6,12 @@
  },
  "metadata": {
    "description": "Project management plugins with Gitea and NetBox integrations",
-    "version": "5.8.0"
+    "version": "9.0.0"
  },
  "plugins": [
    {
      "name": "projman",
-      "version": "3.4.0",
+      "version": "7.1.0",
      "description": "Sprint planning and project management with Gitea integration",
      "source": "./plugins/projman",
      "author": {
@@ -20,14 +20,19 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "development",
-      "tags": ["sprint", "agile", "gitea", "project-management"],
-      "license": "MIT"
+      "tags": [
+        "sprint",
+        "agile",
+        "gitea",
+        "project-management"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "doc-guardian",
-      "version": "1.1.0",
+      "version": "7.1.0",
      "description": "Automatic documentation drift detection and synchronization",
      "source": "./plugins/doc-guardian",
      "author": {
@@ -36,14 +41,18 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/doc-guardian/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "productivity",
-      "tags": ["documentation", "drift-detection", "sync"],
-      "license": "MIT"
+      "tags": [
+        "documentation",
+        "drift-detection",
+        "sync"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "code-sentinel",
-      "version": "1.0.1",
+      "version": "7.1.0",
      "description": "Security scanning and code refactoring tools",
      "source": "./plugins/code-sentinel",
      "author": {
@@ -52,14 +61,21 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "security",
-      "tags": ["security-scan", "refactoring", "vulnerabilities"],
-      "license": "MIT"
+      "tags": [
+        "security-scan",
+        "refactoring",
+        "vulnerabilities"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "project-hygiene",
-      "version": "0.1.0",
+      "version": "7.1.0",
      "description": "Post-task cleanup hook that removes temp files and manages orphaned files",
      "source": "./plugins/project-hygiene",
      "author": {
@@ -68,14 +84,18 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/project-hygiene/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "productivity",
-      "tags": ["cleanup", "automation", "hygiene"],
-      "license": "MIT"
+      "tags": [
+        "cleanup",
+        "automation",
+        "hygiene"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "cmdb-assistant",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "NetBox CMDB integration with data quality validation and machine registration",
      "source": "./plugins/cmdb-assistant",
      "author": {
@@ -84,15 +104,25 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/cmdb-assistant/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "infrastructure",
-      "tags": ["cmdb", "netbox", "dcim", "ipam", "data-quality", "validation"],
-      "license": "MIT"
+      "tags": [
+        "cmdb",
+        "netbox",
+        "dcim",
+        "ipam",
+        "data-quality",
+        "validation"
+      ],
+      "license": "MIT",
+      "domain": "ops"
    },
    {
      "name": "claude-config-maintainer",
-      "version": "1.1.0",
-      "description": "CLAUDE.md optimization and maintenance for Claude Code projects",
+      "version": "7.1.0",
+      "description": "CLAUDE.md and settings.local.json optimization for Claude Code projects",
      "source": "./plugins/claude-config-maintainer",
      "author": {
        "name": "Leo Miranda",
@@ -100,14 +130,18 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/claude-config-maintainer/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "development",
-      "tags": ["claude-md", "configuration", "optimization"],
-      "license": "MIT"
+      "tags": [
+        "claude-md",
+        "configuration",
+        "optimization"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "clarity-assist",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
      "source": "./plugins/clarity-assist",
      "author": {
@@ -116,14 +150,22 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "productivity",
-      "tags": ["prompts", "requirements", "clarification", "nd-friendly"],
-      "license": "MIT"
+      "tags": [
+        "prompts",
+        "requirements",
+        "clarification",
+        "nd-friendly"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "git-flow",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Git workflow automation with intelligent commit messages and branch management",
      "source": "./plugins/git-flow",
      "author": {
@@ -132,14 +174,22 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
+      "hooks": [
+        "./hooks/hooks.json"
+      ],
      "category": "development",
-      "tags": ["git", "workflow", "commits", "branching"],
-      "license": "MIT"
+      "tags": [
+        "git",
+        "workflow",
+        "commits",
+        "branching"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "pr-review",
-      "version": "1.1.0",
+      "version": "7.1.0",
      "description": "Multi-agent pull request review with confidence scoring and actionable feedback",
      "source": "./plugins/pr-review",
      "author": {
@@ -148,14 +198,19 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "development",
-      "tags": ["code-review", "pull-requests", "security", "quality"],
-      "license": "MIT"
+      "tags": [
+        "code-review",
+        "pull-requests",
+        "security",
+        "quality"
+      ],
+      "license": "MIT",
+      "domain": "core"
    },
    {
      "name": "data-platform",
-      "version": "1.3.0",
+      "version": "7.1.0",
      "description": "Data engineering tools with pandas, PostgreSQL/PostGIS, and dbt integration",
      "source": "./plugins/data-platform",
      "author": {
@@ -164,14 +219,21 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-platform/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "data",
-      "tags": ["pandas", "postgresql", "postgis", "dbt", "data-engineering", "etl"],
-      "license": "MIT"
+      "tags": [
+        "pandas",
+        "postgresql",
+        "postgis",
+        "dbt",
+        "data-engineering",
+        "etl"
+      ],
+      "license": "MIT",
+      "domain": "data"
    },
    {
      "name": "viz-platform",
-      "version": "1.1.0",
+      "version": "7.1.0",
      "description": "Visualization tools with Dash Mantine Components validation, Plotly charts, and theming",
      "source": "./plugins/viz-platform",
      "author": {
@@ -180,14 +242,22 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/viz-platform/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "visualization",
-      "tags": ["dash", "plotly", "mantine", "charts", "dashboards", "theming", "dmc"],
-      "license": "MIT"
+      "tags": [
+        "dash",
+        "plotly",
+        "mantine",
+        "charts",
+        "dashboards",
+        "theming",
+        "dmc"
+      ],
+      "license": "MIT",
+      "domain": "data"
    },
    {
      "name": "contract-validator",
-      "version": "1.2.0",
+      "version": "7.1.0",
      "description": "Cross-plugin compatibility validation and Claude.md agent verification",
      "source": "./plugins/contract-validator",
      "author": {
@@ -196,10 +266,197 @@
      },
      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/contract-validator/README.md",
      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
-      "hooks": ["./hooks/hooks.json"],
      "category": "development",
-      "tags": ["validation", "contracts", "compatibility", "agents", "interfaces", "cross-plugin"],
-      "license": "MIT"
+      "tags": [
+        "validation",
+        "contracts",
+        "compatibility",
+        "agents",
+        "interfaces",
+        "cross-plugin"
+      ],
+      "license": "MIT",
+      "domain": "core"
+    },
+    {
+      "name": "saas-api-platform",
+      "version": "0.1.0",
+      "description": "REST and GraphQL API scaffolding for FastAPI and Express projects",
+      "source": "./plugins/saas-api-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-api-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "api",
+        "rest",
+        "graphql",
+        "fastapi",
+        "express",
+        "openapi"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "saas-db-migrate",
+      "version": "0.1.0",
+      "description": "Database migration management for Alembic, Prisma, and raw SQL",
+      "source": "./plugins/saas-db-migrate",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-db-migrate/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "database",
+        "migrations",
+        "alembic",
+        "prisma",
+        "sql",
+        "schema"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "saas-react-platform",
+      "version": "0.1.0",
+      "description": "React frontend development toolkit for Next.js and Vite projects",
+      "source": "./plugins/saas-react-platform",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-react-platform/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "react",
+        "nextjs",
+        "vite",
+        "typescript",
+        "frontend",
+        "components"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "saas-test-pilot",
+      "version": "0.1.0",
+      "description": "Test automation toolkit for pytest, Jest, Vitest, and Playwright",
+      "source": "./plugins/saas-test-pilot",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/saas-test-pilot/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "testing",
+        "pytest",
+        "jest",
+        "vitest",
+        "playwright",
+        "coverage"
+      ],
+      "license": "MIT",
+      "domain": "saas"
+    },
+    {
+      "name": "data-seed",
+      "version": "0.1.0",
+      "description": "Test data generation and database seeding with relationship-aware profiles",
+      "source": "./plugins/data-seed",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-seed/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "data",
+      "tags": [
+        "seed-data",
+        "test-data",
+        "faker",
+        "fixtures",
+        "database"
+      ],
+      "license": "MIT",
+      "domain": "data"
+    },
+    {
+      "name": "ops-release-manager",
+      "version": "0.1.0",
+      "description": "Release management with semantic versioning, changelogs, and tag automation",
+      "source": "./plugins/ops-release-manager",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/ops-release-manager/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "release",
+        "semver",
+        "changelog",
+        "versioning",
+        "tags"
+      ],
+      "license": "MIT",
+      "domain": "ops"
+    },
+    {
+      "name": "ops-deploy-pipeline",
+      "version": "0.1.0",
+      "description": "CI/CD deployment pipeline management for Docker Compose and systemd services",
+      "source": "./plugins/ops-deploy-pipeline",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/ops-deploy-pipeline/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "infrastructure",
+      "tags": [
+        "deploy",
+        "docker-compose",
+        "systemd",
+        "caddy",
+        "cicd"
+      ],
+      "license": "MIT",
+      "domain": "ops"
+    },
+    {
+      "name": "debug-mcp",
+      "version": "0.1.0",
+      "description": "MCP server debugging, inspection, and development toolkit",
+      "source": "./plugins/debug-mcp",
+      "author": {
+        "name": "Leo Miranda",
+        "email": "leobmiranda@gmail.com"
+      },
+      "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/debug-mcp/README.md",
+      "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
+      "category": "development",
+      "tags": [
+        "mcp",
+        "debugging",
+        "diagnostics",
+        "server",
+        "development"
+      ],
+      "license": "MIT",
+      "domain": "debug"
    }
  ]
 }
--- a/.doc-guardian-queue
+++ b/.doc-guardian-queue
@@ -25,3 +25,42 @@
 2026-02-02T13:52:07 | skills | /home/lmiranda/claude-plugins-work/plugins/contract-validator/skills/mcp-tools-reference.md | README.md
 2026-02-02T13:59:09 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/progress-tracking.md | README.md
 2026-02-02T14:01:34 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/test.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:38 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:39 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit-push.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:40 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit-merge.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:41 | commands | /home/lmiranda/claude-plugins-work/plugins/git-flow/commands/git-commit-sync.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:49 | commands | /home/lmiranda/claude-plugins-work/plugins/cmdb-assistant/commands/cmdb-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:50 | commands | /home/lmiranda/claude-plugins-work/plugins/pr-review/commands/project-init.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:51 | skills | /home/lmiranda/claude-plugins-work/plugins/cmdb-assistant/skills/visual-header.md | README.md
+2026-02-03T21:08:51 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:53 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-test.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:08:54 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/review-checklist.md | README.md
+2026-02-03T21:08:55 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/visual-output.md | README.md
+2026-02-03T21:08:58 | skills | /home/lmiranda/claude-plugins-work/plugins/projman/skills/setup-workflows.md | README.md
+2026-02-03T21:08:59 | skills | /home/lmiranda/claude-plugins-work/plugins/git-flow/skills/sync-workflow.md | README.md
+2026-02-03T21:09:00 | skills | /home/lmiranda/claude-plugins-work/plugins/git-flow/skills/commit-conventions.md | README.md
+2026-02-03T21:09:00 | skills | /home/lmiranda/claude-plugins-work/plugins/git-flow/skills/merge-workflow.md | README.md
+2026-02-03T21:09:08 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:08 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:10 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-run.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:10 | commands | /home/lmiranda/claude-plugins-work/plugins/contract-validator/commands/cv-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:11 | commands | /home/lmiranda/claude-plugins-work/plugins/projman/commands/pm-debug.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:13 | agents | /home/lmiranda/claude-plugins-work/plugins/contract-validator/agents/full-validation.md | README.md CLAUDE.md
+2026-02-03T21:09:14 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-ingest.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:18 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-profile.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:18 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-setup.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:20 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-schema.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:20 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-theme.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:23 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-theme-new.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:24 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-explain.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:26 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-lineage.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:26 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-theme-css.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:29 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-chart.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:32 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-chart-export.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:33 | commands | /home/lmiranda/claude-plugins-work/plugins/data-platform/commands/data-review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:35 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-dashboard.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:38 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-component.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:40 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/viz-breakpoints.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:09:46 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/design-review.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-03T21:10:22 | commands | /home/lmiranda/claude-plugins-work/plugins/viz-platform/commands/accessibility-check.md | docs/COMMANDS-CHEATSHEET.md README.md
+2026-02-04T21:32:01 | .claude-plugin | /home/lmiranda/claude-plugins-work/.claude-plugin/marketplace-lean.json | CLAUDE.md .claude-plugin/marketplace.json
--- a/.gitignore
+++ b/.gitignore
@@ -84,6 +84,13 @@ Thumbs.db
 # Claude Code
 .claude/settings.local.json
 .claude/history/
+.claude/backups/
+
+# Doc Guardian transient files
+.doc-guardian-queue
+
+# Development convenience links
+.marketplaces-link

 # Logs
 logs/
@@ -125,4 +132,5 @@ site/
 *credentials*
 *secret*
 *token*
+!**/token-budget-report.md
 !.gitkeep
--- a/.mcp-full.json
+++ b/.mcp-full.json
@@ -0,0 +1,24 @@
+{
+  "mcpServers": {
+    "gitea": {
+      "command": "./mcp-servers/gitea/run.sh",
+      "args": []
+    },
+    "netbox": {
+      "command": "./mcp-servers/netbox/run.sh",
+      "args": []
+    },
+    "viz-platform": {
+      "command": "./mcp-servers/viz-platform/run.sh",
+      "args": []
+    },
+    "data-platform": {
+      "command": "./mcp-servers/data-platform/run.sh",
+      "args": []
+    },
+    "contract-validator": {
+      "command": "./mcp-servers/contract-validator/run.sh",
+      "args": []
+    }
+  }
+}
--- a/.mcp-lean.json
+++ b/.mcp-lean.json
@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "gitea": {
+      "command": "./mcp-servers/gitea/run.sh",
+      "args": []
+    }
+  }
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,10 +4,433 @@ All notable changes to the Leo Claude Marketplace will be documented in this fil

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

+## [Unreleased]
+
+### Added
+
+- **Phase 3: 8 new plugin scaffolds**
+  - `saas-api-platform` (domain: saas) — REST/GraphQL API scaffolding for FastAPI and Express. 6 commands, 2 agents, 5 skills
+  - `saas-db-migrate` (domain: saas) — Database migration management for Alembic, Prisma, and raw SQL. 6 commands, 2 agents, 5 skills
+  - `saas-react-platform` (domain: saas) — React frontend toolkit for Next.js and Vite projects. 6 commands, 2 agents, 6 skills
+  - `saas-test-pilot` (domain: saas) — Test automation for pytest, Jest, Vitest, and Playwright. 6 commands, 2 agents, 6 skills
+  - `data-seed` (domain: data) — Test data generation and database seeding. 5 commands, 2 agents, 5 skills
+  - `ops-release-manager` (domain: ops) — Release management with SemVer, changelogs, and tag automation. 6 commands, 2 agents, 5 skills
+  - `ops-deploy-pipeline` (domain: ops) — CI/CD deployment pipeline for Docker Compose and systemd. 6 commands, 2 agents, 6 skills
+  - `debug-mcp` (domain: debug) — MCP server debugging, inspection, and development toolkit. 5 commands, 1 agent, 5 skills
+- 8 design documents in `docs/designs/` for all new plugins
+
+---
+
+## [9.0.0] - 2026-02-06
+
+### BREAKING CHANGES
+
+#### Command Consolidation (v9.0.0)
+
+All commands renamed to `/<noun> <action>` sub-command pattern. Every command across all 12 plugins now follows this convention. See [MIGRATION-v9.md](./docs/MIGRATION-v9.md) for the complete old-to-new mapping.
+
+**Key changes:**
+- **projman:** `/sprint-plan` → `/sprint plan`, `/pm-setup` → `/projman setup`, `/pm-review` → `/sprint review`, `/pm-test` → `/sprint test`, `/labels-sync` → `/labels sync`
+- **git-flow:** 8→5 commands. `/git-commit` → `/gitflow commit`. Three commit variants (`-push`, `-merge`, `-sync`) consolidated into `--push`/`--merge`/`--sync` flags. `/branch-start` → `/gitflow branch-start`, `/git-status` → `/gitflow status`, `/git-config` → `/gitflow config`
+- **pr-review:** `/pr-review` → `/pr review`, `/project-init` → `/pr init`, `/project-sync` → `/pr sync`
+- **clarity-assist:** `/clarify` → `/clarity clarify`, `/quick-clarify` → `/clarity quick-clarify`
+- **doc-guardian:** `/doc-audit` → `/doc audit`, `/changelog-gen` → `/doc changelog-gen`, `/stale-docs` → `/doc stale-docs`
+- **code-sentinel:** `/security-scan` → `/sentinel scan`, `/refactor` → `/sentinel refactor`
+- **claude-config-maintainer:** `/config-analyze` → `/claude-config analyze` (all 8 commands prefixed)
+- **contract-validator:** `/validate-contracts` → `/cv validate`, `/check-agent` → `/cv check-agent`
+- **cmdb-assistant:** `/cmdb-search` → `/cmdb search`, `/change-audit` → `/cmdb change-audit`, `/ip-conflicts` → `/cmdb ip-conflicts`
+- **data-platform:** `/data-ingest` → `/data ingest`, `/dbt-test` → `/data dbt-test`, `/lineage-viz` → `/data lineage-viz`
+- **viz-platform:** `/accessibility-check` → `/viz accessibility-check`, `/design-gate` → `/viz design-gate`, `/design-review` → `/viz design-review`
+
+### Added
+
+- Dispatch files for all 12 plugins — each plugin now has a `<noun>.md` routing table listing all sub-commands
+- `name:` frontmatter field added to all command files for sub-command resolution
+- `docs/MIGRATION-v9.md` — Complete old-to-new command mapping for consumer migration
+- `docs/COMMANDS-CHEATSHEET.md` — Full rewrite with v9.0.0 command names
+
+### Changed
+
+- All documentation updated with new command names: CLAUDE.md, README.md, CONFIGURATION.md, UPDATING.md, agent-workflow.spec.md, netbox/README.md
+- All cross-plugin references updated (skills, agents, integration files)
+- `marketplace.json` version bumped to 9.0.0
+
+---
+
+## [8.1.0] - 2026-02-06
+
+### BREAKING CHANGES
+
+#### Hook Migration (v8.1.0)
+
+All `SessionStart` and `PostToolUse` hooks removed. Only `PreToolUse` safety hooks and `UserPromptSubmit` quality hooks remain. Plugins that relied on automatic startup checks or post-write automation must use manual commands instead.
+
+### Added
+
+- **projman:** 7 new skills — `source-analysis`, `project-charter`, `adr-conventions`, `epic-conventions`, `wbs`, `risk-register`, `sprint-roadmap`
+- **projman:** `/project` command family — `initiation`, `plan`, `status`, `close` for full project lifecycle management
+- **projman:** `/adr` command family — `create`, `list`, `update`, `supersede` for Architecture Decision Records
+- **projman:** Expanded `wiki-conventions.md` with dependency headers, R&D notes, page naming patterns
+- **projman:** Epic/* labels (5) and RnD/* labels (4) added to label taxonomy
+- **project-hygiene:** `/hygiene check` manual command replacing PostToolUse hook
+- **contract-validator:** `/cv status` marketplace-wide health check command
+
+### Changed
+
+- `verify-hooks.sh` rewritten to validate post-migration hook inventory (4 plugins, 5 hooks)
+- `config-permissions-map.md` updated to reflect reduced hook inventory
+- `settings-optimization.md` updated for current hook landscape
+- `sprint-plan.md` no longer loads `token-budget-report.md` skill
+- `sprint-close.md` loads `rfc-workflow.md` conditionally; manual CHANGELOG review replaces `/suggest-version`
+- `planner.md` and `orchestrator.md` no longer reference domain consultation or domain gates
+- Label taxonomy updated from 43 to 58 labels (added Status/4, Domain/2, Epic/5, RnD/4)
+
+### Removed
+
+- **hooks:** 8 hooks.json files deleted (projman, pr-review, doc-guardian, project-hygiene, claude-config-maintainer, viz-platform, data-platform, contract-validator SessionStart/PostToolUse hooks)
+- **hooks:** Orphaned shell scripts deleted (startup-check.sh, notify.sh, cleanup.sh, enforce-rules.sh, schema-diff-check.sh, auto-validate.sh, breaking-change-check.sh)
+- **projman:** `/pm-debug`, `/suggest-version`, `/proposal-status` commands deleted
+- **projman:** `domain-consultation.md` skill deleted
+- **cmdb-assistant:** SessionStart hook removed (PreToolUse hook retained)
+
+---
+
+## [8.0.0] - 2026-02-06
+
+### BREAKING CHANGES
+
+#### Domain Metadata Required (v8.0.0)
+
+All plugin manifests now require a `domain` field. `validate-marketplace.sh` rejects plugins without it.
+
+### Added
+
+- **marketplace:** `domain` field added to all 12 `plugin.json` files and all `marketplace.json` entries
+- **marketplace:** Domain validation in `validate-marketplace.sh` — validates presence, allowed values, and cross-file consistency
+- **marketplace:** New launch profiles: `saas`, `ops`, `debug` in `claude-launch.sh`
+- **marketplace:** `data-seed` added to `data` launch profile (forward-looking)
+- **docs:** Domain metadata conventions in `CANONICAL-PATHS.md`
+- **docs:** Domain field requirements in `CLAUDE.md` "Adding a New Plugin" section
+
+### Changed
+
+- `validate-marketplace.sh` now requires `domain` in both `plugin.json` and `marketplace.json` (breaking change for validation pipeline)
+- `claude-launch.sh` profiles expanded: sprint, data, saas, ops, review, debug, full
+
+### Deprecated
+
+- `infra` launch profile — use `ops` instead (auto-redirects with warning)
+
+### Fixed
+
+- Confirmed projman `metadata.json` exists with gitea MCP mapping
+- Synced `marketplace-full.json` and `marketplace-lean.json` to current version (were stale)
+- Added `metadata.json` validation to `validate-marketplace.sh` — rejects `mcp_servers` in `plugin.json`, verifies MCP server references
+- Updated `CANONICAL-PATHS.md` to current version
+- Deprecated `switch-profile.sh` in favor of `claude-launch.sh`
+
+---
+
+## [7.1.0] - 2026-02-04
+
+### Added
+
+- **marketplace:** Task-specific launcher script for token optimization
+  - New script: `scripts/claude-launch.sh` loads only needed plugins via `--plugin-dir`
+  - Profiles: sprint (default), review, data, infra, full
+  - Reduces token overhead from ~22K to ~4-6K tokens
+  - Enables `ENABLE_TOOL_SEARCH=true` for MCP lazy loading
+- **marketplace:** Lean/full profile config files for manual switching (superseded by `claude-launch.sh`)
+  - Files: `.mcp-lean.json`, `.mcp-full.json`, `marketplace-lean.json`, `marketplace-full.json`
+  - Script `scripts/switch-profile.sh` available but `claude-launch.sh` is the recommended approach
+  - Full profile remains the default baseline; launcher handles selective loading
+- **projman:** Token usage estimation reporting at sprint workflow boundaries
+  - New skill: `token-budget-report.md` with MCP overhead and skill loading estimation model
+  - Token report displayed at end of `/sprint-plan` and `/sprint-close`
+  - On-demand via `/sprint-status --tokens`
+  - Helps identify which phases and components consume the most context budget
+
+### Changed
+
+- **projman:** `/sprint-status` now uses conditional skill loading for reduced token overhead
+  - Only loads `mcp-tools-reference.md` by default (~1.5k tokens vs ~5k)
+  - `--diagram` flag loads `dependency-management.md` and `progress-tracking.md`
+  - `--tokens` flag loads `token-budget-report.md`
+  - Estimated savings: ~3.5k tokens per status check
+
+### Fixed
+
+- **docs:** Stale command references in data-platform visual-header.md and viz-platform claude-md-integration.md updated to v7.0.0 namespaced names
+- **docs:** git-flow visual-header.md and git-status.md quick actions updated to namespaced commands
+- **docs:** projman/CONFIGURATION.md and docs/DEBUGGING-CHECKLIST.md updated with correct command names
+
+---
+
+## [7.0.0] - 2026-02-03
+
+### BREAKING CHANGES
+
+#### Command Namespace Rename
+
+All generic command names are now prefixed with their plugin's namespace to eliminate collisions across the marketplace. This is a **breaking change** for consuming projects — update your CLAUDE.md integration snippets.
+
+**Full Rename Map:**
+
+| Plugin | Old | New |
+|--------|-----|-----|
+| projman | `/setup` | `/pm-setup` |
+| projman | `/review` | `/pm-review` |
+| projman | `/test` | `/pm-test` |
+| projman | `/debug` | `/pm-debug` |
+| git-flow | `/commit` | `/git-commit` |
+| git-flow | `/commit-push` | `/git-commit-push` |
+| git-flow | `/commit-merge` | `/git-commit-merge` |
+| git-flow | `/commit-sync` | `/git-commit-sync` |
+| pr-review | `/initial-setup` | `/pr-setup` |
+| cmdb-assistant | `/initial-setup` | `/cmdb-setup` |
+| data-platform | `/initial-setup` | `/data-setup` |
+| data-platform | `/run` | `/data-run` |
+| data-platform | `/ingest` | `/data-ingest` |
+| data-platform | `/profile` | `/data-profile` |
+| data-platform | `/schema` | `/data-schema` |
+| data-platform | `/explain` | `/data-explain` |
+| data-platform | `/lineage` | `/data-lineage` |
+| viz-platform | `/initial-setup` | `/viz-setup` |
+| viz-platform | `/theme` | `/viz-theme` |
+| viz-platform | `/theme-new` | `/viz-theme-new` |
+| viz-platform | `/theme-css` | `/viz-theme-css` |
+| viz-platform | `/chart` | `/viz-chart` |
+| viz-platform | `/chart-export` | `/viz-chart-export` |
+| viz-platform | `/dashboard` | `/viz-dashboard` |
+| viz-platform | `/component` | `/viz-component` |
+| viz-platform | `/breakpoints` | `/viz-breakpoints` |
+| contract-validator | `/initial-setup` | `/cv-setup` |
+
+**Migration:** Update your project's CLAUDE.md integration snippets to use the new command names. Run `/plugin list` to verify installed plugins are using v7.0.0+.
+
+**Unchanged:** Commands already using plugin-namespaced prefixes (`/sprint-*`, `/cmdb-*`, `/labels-sync`, `/branch-*`, `/git-status`, `/git-config`, `/pr-review`, `/pr-summary`, `/pr-findings`, `/pr-diff`, `/project-init`, `/project-sync`, `/config-*`, `/design-*`, `/data-quality`, `/data-review`, `/data-gate`, `/lineage-viz`, `/dbt-test`, `/accessibility-check`, `/validate-contracts`, `/check-agent`, `/list-interfaces`, `/dependency-graph`, `/doc-audit`, `/doc-sync`, `/security-scan`, `/refactor`, `/refactor-dry`, `/clarify`, `/suggest-version`, `/proposal-status`, `/rfc`, `/change-audit`, `/ip-conflicts`) are **not affected**.
+
+### Added
+
+#### Plan-Then-Batch Skill Optimization (projman)
+
+New execution pattern that separates cognitive work from mechanical API operations, reducing skill-related token consumption by ~76-83% during sprint workflows.
+
+- **`skills/batch-execution.md`** — New skill defining the plan-then-batch protocol:
+  - Phase 1: Cognitive work with all skills loaded
+  - Phase 2: Execution manifest (structured plan of all API operations)
+  - Phase 3: Batch execute API calls using only frontmatter skills
+  - Phase 4: Batch report with success/failure summary
+  - Error handling: continue on individual failures, report at end
+
+- **Frontmatter skill promotion:**
+  - Planner agent: `mcp-tools-reference` and `batch-execution` promoted to frontmatter (auto-injected, zero re-read cost)
+  - Orchestrator agent: same promotion
+  - Eliminates per-operation skill file re-reads during API execution loops
+
+- **Phase-based skill loading:**
+  - Planner: 3 phases (validation → analysis → approval) with explicit "read once" instructions
+  - Orchestrator: 2 phases (startup → dispatch) with same pattern
+  - New `## Skill Loading Protocol` section replaces flat `## Skills to Load` in agent files
+
+### Changed
+
+- **`planning-workflow.md`** — Steps 8-10 restructured:
+  - Step 8: "Draft Issue Specifications" (no API calls — resolve all parameters first)
+  - Step 8a: "Batch Execute Issue Creation" (tight API loop, frontmatter skills only)
+  - Step 9: Merged into Step 8a (dependencies created in batch)
+  - Step 10: Milestone creation moved before batch (must exist for assignment)
+
+- **Agent matrix updated:**
+  - Planner: `body text (14)` → `frontmatter (2) + body text (12)`
+  - Orchestrator: `body text (12)` → `frontmatter (2) + body text (10)`
+
+- **`docs/CONFIGURATION.md`** — New "Phase-Based Skill Loading" subsection documenting the pattern
+
+### Token Impact
+
+| Scenario | Before | After | Savings |
+|----------|--------|-------|---------|
+| 6-issue sprint (planning) | ~23,800 lines | ~5,600 lines | ~76% |
+| 10-issue sprint (planning) | ~35,000 lines | ~7,000 lines | ~80% |
+| 8-issue status updates (orchestrator) | ~9,600 lines | ~1,600 lines | ~83% |
+
+---
+
+## [5.10.0] - 2026-02-03
+
+### Added
+
+#### NetBox MCP Server: Module-Based Tool Filtering
+
+Environment-variable-driven module filtering to reduce token consumption:
+
+- **New config option**: `NETBOX_ENABLED_MODULES` in `~/.config/claude/netbox.env`
+- **Token savings**: ~15,000 tokens (from ~19,810 to ~4,500) with recommended config
+- **Default behavior**: All modules enabled if env var unset (backward compatible)
+- **Startup logging**: Shows enabled modules and tool count on initialization
+- **Routing guard**: Clear error message when calling disabled module's tools
+
+**Recommended configuration for cmdb-assistant users:**
+```bash
+NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+```
+
+This enables ~43 tools covering all cmdb-assistant commands while staying well below the 25K token warning threshold.
+
+### Fixed
+
+#### cmdb-assistant Documentation: Incorrect Tool Names
+
+Fixed documentation referencing non-existent `virtualization_*` tool names:
+
+| File | Wrong | Correct |
+|------|-------|---------|
+| `claude-md-integration.md` | `virtualization_list_virtual_machines` | `virt_list_vms` |
+| `claude-md-integration.md` | `virtualization_create_virtual_machine` | `virt_create_vm` |
+| `cmdb-search.md` | `virtualization_list_virtual_machines` | `virt_list_vms` |
+
+Also fixed NetBox README.md tool name references for virtualization, wireless, and circuits modules.
+
+#### Gitea MCP Server: Standardized Build Backend
+
+Changed `mcp-servers/gitea/pyproject.toml` from hatchling to setuptools:
+- Matches all other MCP servers (contract-validator, viz-platform, data-platform)
+- Updated license format to PEP 639 compliance
+- Added pytest configuration for consistency
+
+---
+
+## [5.9.0] - 2026-02-03
+
+### Added
+
+#### Plugin Installation Scripts
+New scripts for installing marketplace plugins into consumer projects:
+
+- **`scripts/install-plugin.sh`** — Install a plugin to a consumer project
+  - Adds MCP server entry to target's `.mcp.json` (if plugin has MCP server)
+  - Appends integration snippet to target's `CLAUDE.md`
+  - Idempotent: safe to run multiple times
+  - Validates plugin exists and target path is valid
+
+- **`scripts/uninstall-plugin.sh`** — Remove a plugin from a consumer project
+  - Removes MCP server entry from `.mcp.json`
+  - Removes integration section from `CLAUDE.md`
+
+- **`scripts/list-installed.sh`** — Show installed plugins in a project
+  - Lists fully installed, partially installed, and available plugins
+  - Shows plugin versions and descriptions
+
+**Usage:**
+```bash
+./scripts/install-plugin.sh data-platform ~/projects/personal-portfolio
+./scripts/list-installed.sh ~/projects/personal-portfolio
+./scripts/uninstall-plugin.sh data-platform ~/projects/personal-portfolio
+```
+
+**Documentation:** `docs/CONFIGURATION.md` updated with "Installing Plugins to Consumer Projects" section.
+
+### Fixed
+
+#### Plugin Installation Scripts — MCP Mapping & Section Markers
+
+**MCP Server Mapping:**
+- Added `mcp_servers` field to plugin.json for plugins that use shared MCP servers
+- `projman` and `pr-review` now correctly install `gitea` MCP server
+- `cmdb-assistant` now correctly installs `netbox` MCP server
+- Scripts read MCP server names from plugin.json instead of assuming plugin name = server name
+
+**CLAUDE.md Section Markers:**
+- Install script now wraps integration content with HTML comment markers:
+  `<!-- BEGIN marketplace-plugin: {name} -->` and `<!-- END marketplace-plugin: {name} -->`
+- Uninstall script uses markers for precise section removal (no more code block false positives)
+- Backward compatible: falls back to legacy header detection for pre-marker installations
+
+**Plugins updated with `mcp_servers` field:**
+- `projman` → `["gitea"]`
+- `pr-review` → `["gitea"]`
+- `cmdb-assistant` → `["netbox"]`
+- `data-platform` → `["data-platform"]`
+- `viz-platform` → `["viz-platform"]`
+- `contract-validator` → `["contract-validator"]`
+
+#### Agent Model Selection
+
+Per-agent model selection using Claude Code's now-supported `model` frontmatter field.
+
+- All 25 marketplace agents assigned appropriate model (`sonnet`, `haiku`, or `inherit`)
+- Model assignment based on reasoning depth, tool complexity, and latency requirements
+- Documentation added to `CLAUDE.md` and `docs/CONFIGURATION.md`
+
+**Supported values:** `sonnet` (default), `opus`, `haiku`, `inherit`
+
+**Model assignments:**
+| Model | Agent Types |
+|-------|-------------|
+| sonnet | Planner, Orchestrator, Executor, Code Reviewer, Coordinator, Security Reviewers, Data Advisor, Design Reviewer, etc. |
+| haiku | Maintainability Auditor, Test Validator, Component Check, Theme Setup, Git Assistant, Data Ingestion, Agent Check |
+
+### Fixed
+
+#### Agent Frontmatter Standardization
+
+- Fixed viz-platform and data-platform agents using non-standard `agent:` field (now `name:`)
+- Removed non-standard `triggers:` field from domain agents (trigger info already in agent body)
+- Added missing frontmatter to 13 agents across pr-review, viz-platform, contract-validator, clarity-assist, git-flow, doc-guardian, code-sentinel, cmdb-assistant, and data-platform
+- All 25 agents now have consistent `name`, `description`, and `model` fields
+
+### Changed
+
+#### Agent Frontmatter Hardening v3
+
+Comprehensive agent-level configuration using Claude Code's supported frontmatter fields.
+
+**permissionMode added to all 25 agents:**
+- `bypassPermissions` (1): Executor — full autonomy with code-sentinel + Code Reviewer safety nets
+- `acceptEdits` (7): Orchestrator, Data Ingestion, Theme Setup, Refactor Advisor, Doc Analyzer, Git Assistant, Maintainer
+- `default` (7): Planner, Code Reviewer, Data Advisor, Layout Builder, Full Validation, Clarity Coach, CMDB Assistant
+- `plan` (10): All pr-review agents (5), Data Analysis, Design Reviewer, Component Check, Agent Check, Security Reviewer (code-sentinel)
+
+**disallowedTools added to 12 agents:**
+- All `plan`-mode agents (10) + Code Reviewer + Clarity Coach receive `disallowedTools: Write, Edit, MultiEdit`
+- Enforces read-only contracts at platform level (defense-in-depth with `permissionMode`)
+
+**Model promotions:**
+- Planner: `sonnet` → `opus` (architectural reasoning benefits from deeper analysis)
+- Code Reviewer: `sonnet` → `opus` (quality gate benefits from thorough review)
+
+**skills frontmatter on 3 agents:**
+- Executor: 7 safety-critical skills auto-injected (branch-security, runaway-detection, etc.)
+- Code Reviewer: 4 review skills auto-injected
+- Maintainer: 2 config skills auto-injected
+- Body text `## Skills to Load` removed for these agents to avoid duplication
+
+**Documentation:**
+- `CLAUDE.md` and `docs/CONFIGURATION.md` updated with complete agent configuration matrix
+- New subsections: permissionMode Guide, disallowedTools Guide, skills Frontmatter Guide
+
+---
+
 ## [5.8.0] - 2026-02-02

 ### Added

+#### claude-config-maintainer v1.2.0 - Settings Audit Feature
+
+New commands for auditing and optimizing `settings.local.json` permission configurations:
+
+- **`/config-audit-settings`** — Audit `settings.local.json` permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit
+- **`/config-optimize-settings`** — Apply permission optimizations with dry-run, named profiles (`conservative`, `reviewed`, `autonomous`), and consolidation modes
+- **`/config-permissions-map`** — Generate Mermaid diagram of review layer coverage and permission gaps
+- **`skills/settings-optimization.md`** — Comprehensive skill for permission pattern analysis, consolidation rules, review-layer-aware recommendations, and named profiles
+
+**Key Features:**
+- Settings Efficiency Score (100 points) alongside existing CLAUDE.md score
+- Review layer verification — agent reads `hooks/hooks.json` from installed plugins before recommending auto-allow patterns
+- Three named profiles: `conservative` (prompts for most writes), `reviewed` (for projects with ≥2 review layers), `autonomous` (sandboxed environments)
+- Pattern consolidation detection: duplicates, subsets, merge candidates, stale entries, conflicts
+
 #### Projman Hardening Sprint
 Targeted improvements to safety gates, command structure, lifecycle tracking, and cross-plugin contracts.

--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -128,25 +128,33 @@ These plugins exist in source but are **NOT relevant** to this project's workflo
 | **data-platform** | For data engineering projects (pandas, PostgreSQL, dbt) |
 | **viz-platform** | For dashboard projects (Dash, Plotly) |
 | **cmdb-assistant** | For infrastructure projects (NetBox) |
+| **saas-api-platform** | For REST/GraphQL API projects (FastAPI, Express) |
+| **saas-db-migrate** | For database migration projects (Alembic, Prisma) |
+| **saas-react-platform** | For React frontend projects (Next.js, Vite) |
+| **saas-test-pilot** | For test automation projects (pytest, Jest, Playwright) |
+| **data-seed** | For test data generation and seeding |
+| **ops-release-manager** | For release management workflows |
+| **ops-deploy-pipeline** | For deployment pipeline management |
+| **debug-mcp** | For MCP server debugging and development |

-**Do NOT suggest** `/ingest`, `/profile`, `/chart`, `/cmdb-*` commands - they don't apply here.
+**Do NOT suggest** `/data ingest`, `/data profile`, `/viz chart`, `/cmdb *`, `/api *`, `/db-migrate *`, `/react *`, `/test *`, `/seed *`, `/release *`, `/deploy *`, `/debug-mcp *` commands - they don't apply here.

 ### Key Distinction

 | Context | Path | What To Do |
 |---------|------|------------|
 | **Editing plugin source** | `~/claude-plugins-work/plugins/` | Modify code, add features |
-| **Using installed plugins** | `~/.claude/plugins/marketplaces/` | Run commands like `/sprint-plan` |
+| **Using installed plugins** | `~/.claude/plugins/marketplaces/` | Run commands like `/sprint plan` |

-When user says "run /sprint-plan", use the INSTALLED plugin.
-When user says "fix the sprint-plan command", edit the SOURCE code.
+When user says "run /sprint plan", use the INSTALLED plugin.
+When user says "fix the sprint plan command", edit the SOURCE code.

 ---

 ## Project Overview

 **Repository:** leo-claude-mktplace
-**Version:** 5.4.0
+**Version:** 9.0.0
 **Status:** Production Ready

 A plugin marketplace for Claude Code containing:
@@ -161,10 +169,18 @@ A plugin marketplace for Claude Code containing:
 | `code-sentinel` | Security scanning and code refactoring tools | 1.0.1 |
 | `claude-config-maintainer` | CLAUDE.md optimization and maintenance | 1.0.0 |
 | `cmdb-assistant` | NetBox CMDB integration for infrastructure management | 1.2.0 |
-| `data-platform` | pandas, PostgreSQL, and dbt integration for data engineering | 1.1.0 |
+| `data-platform` | pandas, PostgreSQL, and dbt integration for data engineering | 1.3.0 |
 | `viz-platform` | DMC validation, Plotly charts, and theming for dashboards | 1.1.0 |
 | `contract-validator` | Cross-plugin compatibility validation and agent verification | 1.1.0 |
-| `project-hygiene` | Post-task cleanup automation via hooks | 0.1.0 |
+| `project-hygiene` | Project file organization and cleanup checks | 0.1.0 |
+| `saas-api-platform` | REST/GraphQL API scaffolding for FastAPI and Express | 0.1.0 |
+| `saas-db-migrate` | Database migration management for Alembic, Prisma, raw SQL | 0.1.0 |
+| `saas-react-platform` | React frontend toolkit for Next.js and Vite | 0.1.0 |
+| `saas-test-pilot` | Test automation for pytest, Jest, Vitest, Playwright | 0.1.0 |
+| `data-seed` | Test data generation and database seeding | 0.1.0 |
+| `ops-release-manager` | Release management with SemVer and changelog automation | 0.1.0 |
+| `ops-deploy-pipeline` | Deployment pipeline for Docker Compose and systemd | 0.1.0 |
+| `debug-mcp` | MCP server debugging and development toolkit | 0.1.0 |

 ## Quick Start

@@ -180,16 +196,17 @@ A plugin marketplace for Claude Code containing:

 | Category | Commands |
 |----------|----------|
-| **Setup** | `/setup` (modes: `--full`, `--quick`, `--sync`) |
-| **Sprint** | `/sprint-plan`, `/sprint-start`, `/sprint-status` (with `--diagram`), `/sprint-close` |
-| **Quality** | `/review`, `/test` (modes: `run`, `gen`) |
-| **Versioning** | `/suggest-version` |
-| **PR Review** | `/pr-review`, `/pr-summary`, `/pr-findings`, `/pr-diff` |
-| **Docs** | `/doc-audit`, `/doc-sync`, `/changelog-gen`, `/doc-coverage`, `/stale-docs` |
-| **Security** | `/security-scan`, `/refactor`, `/refactor-dry` |
-| **Config** | `/config-analyze`, `/config-optimize`, `/config-diff`, `/config-lint` |
-| **Validation** | `/validate-contracts`, `/check-agent`, `/list-interfaces`, `/dependency-graph` |
-| **Debug** | `/debug` (modes: `report`, `review`) |
+| **Setup** | `/projman setup` (modes: `--full`, `--quick`, `--sync`) |
+| **Sprint** | `/sprint plan`, `/sprint start`, `/sprint status` (with `--diagram`), `/sprint close` |
+| **Quality** | `/sprint review`, `/sprint test` (modes: `run`, `gen`) |
+| **Project** | `/project initiation\|plan\|status\|close` |
+| **ADR** | `/adr create\|list\|update\|supersede` |
+| **PR Review** | `/pr review`, `/pr summary`, `/pr findings`, `/pr diff` |
+| **Docs** | `/doc audit`, `/doc sync`, `/doc changelog-gen`, `/doc coverage`, `/doc stale-docs` |
+| **Security** | `/sentinel scan`, `/sentinel refactor`, `/sentinel refactor-dry` |
+| **Config** | `/claude-config analyze`, `/claude-config optimize`, `/claude-config diff`, `/claude-config lint` |
+| **Validation** | `/cv validate`, `/cv check-agent`, `/cv list-interfaces`, `/cv dependency-graph`, `/cv status` |
+| **Maintenance** | `/hygiene check` |

 ### Plugin Commands - NOT RELEVANT to This Project

@@ -197,9 +214,17 @@ These commands are being developed but don't apply to this project's workflow:

 | Category | Commands | For Projects Using |
 |----------|----------|-------------------|
-| **Data** | `/ingest`, `/profile`, `/schema`, `/lineage`, `/dbt-test` | pandas, PostgreSQL, dbt |
-| **Visualization** | `/component`, `/chart`, `/dashboard`, `/theme` | Dash, Plotly dashboards |
-| **CMDB** | `/cmdb-search`, `/cmdb-device`, `/cmdb-sync` | NetBox infrastructure |
+| **Data** | `/data ingest`, `/data profile`, `/data schema`, `/data lineage`, `/data dbt-test` | pandas, PostgreSQL, dbt |
+| **Visualization** | `/viz component`, `/viz chart`, `/viz dashboard`, `/viz theme` | Dash, Plotly dashboards |
+| **CMDB** | `/cmdb search`, `/cmdb device`, `/cmdb sync` | NetBox infrastructure |
+| **API** | `/api scaffold`, `/api validate`, `/api docs`, `/api middleware` | FastAPI, Express |
+| **DB Migrate** | `/db-migrate generate`, `/db-migrate validate`, `/db-migrate plan` | Alembic, Prisma |
+| **React** | `/react component`, `/react route`, `/react state`, `/react hook` | Next.js, Vite |
+| **Testing** | `/test generate`, `/test coverage`, `/test fixtures`, `/test e2e` | pytest, Jest, Playwright |
+| **Seeding** | `/seed generate`, `/seed profile`, `/seed apply` | Faker, test data |
+| **Release** | `/release prepare`, `/release validate`, `/release tag` | SemVer releases |
+| **Deploy** | `/deploy generate`, `/deploy validate`, `/deploy check` | Docker Compose, systemd |
+| **Debug MCP** | `/debug-mcp status`, `/debug-mcp test`, `/debug-mcp logs` | MCP server development |

 ## Repository Structure

@@ -217,18 +242,16 @@ leo-claude-mktplace/
 ├── plugins/
 │   ├── projman/                  # Sprint management
 │   │   ├── .claude-plugin/plugin.json
-│   │   ├── commands/             # 12 commands
-│   │   ├── hooks/                # SessionStart: mismatch detection
+│   │   ├── commands/             # 19 commands
 │   │   ├── agents/               # 4 agents
-│   │   └── skills/               # 17 reusable skill files
+│   │   └── skills/               # 23 reusable skill files
 │   ├── git-flow/                 # Git workflow automation
 │   │   ├── .claude-plugin/plugin.json
-│   │   ├── commands/             # 8 commands
+│   │   ├── commands/             # 5 commands
 │   │   └── agents/
 │   ├── pr-review/                # Multi-agent PR review
 │   │   ├── .claude-plugin/plugin.json
-│   │   ├── commands/             # 6 commands
-│   │   ├── hooks/                # SessionStart mismatch detection
+│   │   ├── commands/             # 8 commands
 │   │   └── agents/               # 5 agents
 │   ├── clarity-assist/           # Prompt optimization
 │   │   ├── .claude-plugin/plugin.json
@@ -237,12 +260,10 @@ leo-claude-mktplace/
 │   ├── data-platform/            # Data engineering
 │   │   ├── .claude-plugin/plugin.json
 │   │   ├── commands/             # 7 commands
-│   │   ├── hooks/                # SessionStart PostgreSQL check
 │   │   └── agents/               # 2 agents
 │   ├── viz-platform/             # Visualization
 │   │   ├── .claude-plugin/plugin.json
 │   │   ├── commands/             # 7 commands
-│   │   ├── hooks/                # SessionStart DMC check
 │   │   └── agents/               # 3 agents
 │   ├── doc-guardian/             # Documentation drift detection
 │   ├── code-sentinel/            # Security scanning & refactoring
@@ -271,6 +292,61 @@ leo-claude-mktplace/
 | **Executor** | Implementation-focused | Code implementation, branch management, MR creation |
 | **Code Reviewer** | Thorough, practical | Pre-close quality review, security scan, test verification |

+### Agent Frontmatter Configuration
+
+Agents specify their configuration in frontmatter using Claude Code's supported fields. Reference: https://code.claude.com/docs/en/sub-agents
+
+**Supported frontmatter fields:**
+
+| Field | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `name` | Yes | — | Unique identifier, lowercase + hyphens |
+| `description` | Yes | — | When Claude should delegate to this subagent |
+| `model` | No | `inherit` | `sonnet`, `opus`, `haiku`, or `inherit` |
+| `permissionMode` | No | `default` | Controls permission prompts: `default`, `acceptEdits`, `dontAsk`, `bypassPermissions`, `plan` |
+| `disallowedTools` | No | none | Comma-separated tools to remove from agent's toolset |
+| `skills` | No | none | Comma-separated skills auto-injected into context at startup |
+| `hooks` | No | none | Lifecycle hooks scoped to this subagent |
+
+**Complete agent matrix:**
+
+| Plugin | Agent | `model` | `permissionMode` | `disallowedTools` | `skills` |
+|--------|-------|---------|-------------------|--------------------|----------|
+| projman | planner | opus | default | — | frontmatter (2) + body text (12) |
+| projman | orchestrator | sonnet | acceptEdits | — | frontmatter (2) + body text (10) |
+| projman | executor | sonnet | bypassPermissions | — | frontmatter (7) |
+| projman | code-reviewer | opus | default | Write, Edit, MultiEdit | frontmatter (4) |
+| pr-review | coordinator | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | performance-analyst | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | maintainability-auditor | haiku | plan | Write, Edit, MultiEdit | — |
+| pr-review | test-validator | haiku | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-advisor | sonnet | default | — | — |
+| data-platform | data-analysis | sonnet | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-ingestion | haiku | acceptEdits | — | — |
+| viz-platform | design-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| viz-platform | layout-builder | sonnet | default | — | — |
+| viz-platform | component-check | haiku | plan | Write, Edit, MultiEdit | — |
+| viz-platform | theme-setup | haiku | acceptEdits | — | — |
+| contract-validator | full-validation | sonnet | default | — | — |
+| contract-validator | agent-check | haiku | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | refactor-advisor | sonnet | acceptEdits | — | — |
+| doc-guardian | doc-analyzer | sonnet | acceptEdits | — | — |
+| clarity-assist | clarity-coach | sonnet | default | Write, Edit, MultiEdit | — |
+| git-flow | git-assistant | haiku | acceptEdits | — | — |
+| claude-config-maintainer | maintainer | sonnet | acceptEdits | — | frontmatter (2) |
+| cmdb-assistant | cmdb-assistant | sonnet | default | — | — |
+
+**Design principles:**
+- `bypassPermissions` is granted to exactly ONE agent (Executor) which has code-sentinel PreToolUse hook + Code Reviewer downstream as safety nets.
+- `plan` mode is assigned to all pure analysis agents (pr-review, read-only validators).
+- `disallowedTools: Write, Edit, MultiEdit` provides defense-in-depth on agents that should never write files.
+- `skills` frontmatter is used for agents with ≤7 skills where guaranteed loading is safety-critical. Agents with 8+ skills use body text `## Skills to Load` for selective loading.
+- `hooks` (agent-scoped) is reserved for future use (v6.0+).
+
+Override any field by editing the agent's `.md` file in `plugins/{plugin}/agents/`.
+
 ### MCP Server Tools (Gitea)

 | Category | Tools |
@@ -311,17 +387,17 @@ Wiki-based Request for Comments system for tracking feature ideas from proposal
 **Lifecycle:** Draft → Review → Approved → Implementing → Implemented

 **Integration with Sprint Planning:**
- `/sprint-plan` detects approved RFCs and offers selection
- `/sprint-close` updates RFC status on completion
+- `/sprint plan` detects approved RFCs and offers selection
+- `/sprint close` updates RFC status on completion

 ## Label Taxonomy

-43 labels total: 27 organization + 16 repository
+58 labels total: 31 organization + 27 repository

-**Organization:** Agent/2, Complexity/3, Efforts/5, Priority/4, Risk/3, Source/4, Type/6
-**Repository:** Component/9, Tech/7
+**Organization:** Agent/2, Complexity/3, Efforts/5, Priority/4, Risk/3, Source/4, Status/4, Type/6
+**Repository:** Component/9, Tech/7, Domain/2, Epic/5, RnD/4

-Sync with `/labels-sync` command.
+Sync with `/labels sync` command.

 ## Lessons Learned System

@@ -336,13 +412,34 @@ Stored in Gitea Wiki under `lessons-learned/sprints/`.

 ### Adding a New Plugin

-1. Create `plugins/{name}/.claude-plugin/plugin.json`
-2. Add entry to `.claude-plugin/marketplace.json` with category, tags, license
+1. Create `plugins/{name}/.claude-plugin/plugin.json` — must include `"domain"` field (`core`, `data`, `saas`, `ops`, or `debug`)
+2. Add entry to `.claude-plugin/marketplace.json` with category, tags, license, and `"domain"` field (must match plugin.json)
 3. Create `claude-md-integration.md`
 4. If using new MCP server, add to root `mcp-servers/` and update `.mcp.json`
-5. Run `./scripts/validate-marketplace.sh`
+5. Run `./scripts/validate-marketplace.sh` — rejects plugins without valid `domain` field
 6. Update `CHANGELOG.md`

+**Domain field is required (v8.0.0+):**
+```json
+{
+  "name": "plugin-name",
+  "domain": "core",
+  ...
+}
+```
+
+**Naming convention:** New plugins use domain prefix (`saas-*`, `ops-*`, `data-*`, `debug-*`). Core plugins have no prefix.
+
+### Domain Assignments
+
+| Domain | Plugins |
+|--------|---------|
+| `core` | projman, git-flow, pr-review, code-sentinel, doc-guardian, clarity-assist, contract-validator, claude-config-maintainer, project-hygiene |
+| `data` | data-platform, viz-platform, data-seed |
+| `saas` | saas-api-platform, saas-db-migrate, saas-react-platform, saas-test-pilot |
+| `ops` | cmdb-assistant, ops-release-manager, ops-deploy-pipeline |
+| `debug` | debug-mcp |
+
 ### Adding a Command to projman

 1. Create `plugins/projman/commands/{name}.md`
@@ -394,12 +491,12 @@ See `docs/DEBUGGING-CHECKLIST.md` for systematic troubleshooting.
 | Symptom | Likely Cause | Fix |
 |---------|--------------|-----|
 | "X MCP servers failed" | Missing venv in installed path | `cd ~/.claude/plugins/marketplaces/leo-claude-mktplace && ./scripts/setup.sh` |
-| MCP tools not available | Venv missing or .mcp.json misconfigured | Run `/debug report` to diagnose |
+| MCP tools not available | Venv missing or .mcp.json misconfigured | Run `/cv status` to diagnose |
 | Changes not taking effect | Editing source, not installed | Reinstall plugin or edit installed path |

-**Debug Commands:**
- `/debug report` - Run full diagnostics, create issue if needed
- `/debug review` - Investigate and propose fixes
+**Diagnostic Commands:**
+- `/cv status` - Marketplace-wide health check (installation, MCP, configuration)
+- `/hygiene check` - Project file organization and cleanup check

 ## Versioning Workflow

@@ -453,4 +550,4 @@ The script will:

 ---

-**Last Updated:** 2026-01-30
+**Last Updated:** 2026-02-06
--- a/README.md
+++ b/README.md
@@ -1,7 +1,32 @@
-# Leo Claude Marketplace - v5.8.0
+# Leo Claude Marketplace - v9.0.0

 A collection of Claude Code plugins for project management, infrastructure automation, and development workflows.

+## Quick Start
+
+Use the launcher script to load only the plugins you need, reducing token overhead from ~22K to ~4-6K tokens:
+
+```bash
+./scripts/claude-launch.sh [profile] [extra-args...]
+```
+
+| Profile | Plugins Loaded | Use Case |
+|---------|----------------|----------|
+| `sprint` | projman, git-flow, pr-review, code-sentinel, doc-guardian, clarity-assist | Default. Sprint planning and development |
+| `review` | pr-review, code-sentinel | Lightweight code review |
+| `data` | data-platform, viz-platform | Data engineering and visualization |
+| `infra` | cmdb-assistant | Infrastructure/CMDB management |
+| `full` | All 20 plugins via marketplace.json | When you need everything |
+
+**Examples:**
+```bash
+./scripts/claude-launch.sh                    # Default sprint profile
+./scripts/claude-launch.sh data --model opus  # Data profile with Opus
+./scripts/claude-launch.sh full               # Load all plugins
+```
+
+The script enables `ENABLE_TOOL_SEARCH=true` for MCP lazy loading.
+
 ## Plugins

 ### Development & Project Management
@@ -12,6 +37,7 @@ A collection of Claude Code plugins for project management, infrastructure autom
 AI-guided sprint planning with full Gitea integration. Transforms a proven 15-sprint workflow into a distributable plugin.

 - Four-agent model: Planner, Orchestrator, Executor, Code Reviewer
+- Plan-then-batch execution: skills loaded once per phase, API calls batched for ~80% token savings
 - Intelligent label suggestions from 43-label taxonomy
 - Lessons learned capture via Gitea Wiki
 - Native issue dependencies with parallel execution
@@ -19,9 +45,9 @@ AI-guided sprint planning with full Gitea integration. Transforms a proven 15-sp
 - Branch-aware security (development/staging/production)
 - Pre-sprint-close code quality review and test verification

-**Commands:** `/sprint-plan`, `/sprint-start`, `/sprint-status`, `/sprint-close`, `/labels-sync`, `/setup`, `/review`, `/test`, `/debug`, `/suggest-version`, `/proposal-status`, `/rfc`
+**Commands:** `/sprint plan`, `/sprint start`, `/sprint status`, `/sprint close`, `/labels sync`, `/projman setup`, `/sprint review`, `/sprint test`, `/projman debug`, `/projman suggest-version`, `/projman proposal-status`, `/rfc`

-#### [git-flow](./plugins/git-flow) *NEW in v3.0.0*
+#### [git-flow](./plugins/git-flow)
 **Git Workflow Automation**

 Smart git operations with intelligent commit messages and branch management.
@@ -32,9 +58,9 @@ Smart git operations with intelligent commit messages and branch management.
 - Merge and cleanup automation
 - Protected branch awareness

-**Commands:** `/commit`, `/commit-push`, `/commit-merge`, `/commit-sync`, `/branch-start`, `/branch-cleanup`, `/git-status`, `/git-config`
+**Commands:** `/gitflow commit` (with `--push`, `--merge`, `--sync` flags), `/gitflow branch-start`, `/gitflow branch-cleanup`, `/gitflow status`, `/gitflow config`

-#### [pr-review](./plugins/pr-review) *NEW in v3.0.0*
+#### [pr-review](./plugins/pr-review)
 **Multi-Agent PR Review**

 Comprehensive pull request review using specialized agents.
@@ -44,16 +70,16 @@ Comprehensive pull request review using specialized agents.
 - Actionable feedback with suggested fixes
 - Gitea integration for automated review submission

-**Commands:** `/pr-review`, `/pr-summary`, `/pr-findings`, `/pr-diff`, `/initial-setup`, `/project-init`, `/project-sync`
+**Commands:** `/pr review`, `/pr summary`, `/pr findings`, `/pr diff`, `/pr setup`, `/pr init`, `/pr sync`

 #### [claude-config-maintainer](./plugins/claude-config-maintainer)
-**CLAUDE.md Optimization and Maintenance**
+**CLAUDE.md and Settings Optimization**

-Analyze, optimize, and create CLAUDE.md configuration files for Claude Code projects.
+Analyze, optimize, and create CLAUDE.md configuration files. Audit and optimize settings.local.json permissions.

-**Commands:** `/config-analyze`, `/config-optimize`, `/config-init`, `/config-diff`, `/config-lint`
+**Commands:** `/claude-config analyze`, `/claude-config optimize`, `/claude-config init`, `/claude-config diff`, `/claude-config lint`, `/claude-config audit-settings`, `/claude-config optimize-settings`, `/claude-config permissions-map`

-#### [contract-validator](./plugins/contract-validator) *NEW in v5.0.0*
+#### [contract-validator](./plugins/contract-validator)
 **Cross-Plugin Compatibility Validation**

 Validate plugin marketplaces for command conflicts, tool overlaps, and broken agent references.
@@ -64,11 +90,11 @@ Validate plugin marketplaces for command conflicts, tool overlaps, and broken ag
 - Data flow validation for agent sequences
 - Markdown or JSON reports with actionable suggestions

-**Commands:** `/validate-contracts`, `/check-agent`, `/list-interfaces`, `/dependency-graph`, `/initial-setup`
+**Commands:** `/cv validate`, `/cv check-agent`, `/cv list-interfaces`, `/cv dependency-graph`, `/cv setup`

 ### Productivity

-#### [clarity-assist](./plugins/clarity-assist) *NEW in v3.0.0*
+#### [clarity-assist](./plugins/clarity-assist)
 **Prompt Optimization with ND Accommodations**

 Transform vague requests into clear specifications using structured methodology.
@@ -77,14 +103,14 @@ Transform vague requests into clear specifications using structured methodology.
 - ND-friendly question patterns (option-based, chunked)
 - Conflict detection and escalation protocols

-**Commands:** `/clarify`, `/quick-clarify`
+**Commands:** `/clarity clarify`, `/clarity quick-clarify`

 #### [doc-guardian](./plugins/doc-guardian)
 **Documentation Lifecycle Management**

 Automatic documentation drift detection and synchronization.

-**Commands:** `/doc-audit`, `/doc-sync`, `/changelog-gen`, `/doc-coverage`, `/stale-docs`
+**Commands:** `/doc audit`, `/doc sync`, `/doc changelog-gen`, `/doc coverage`, `/doc stale-docs`

 #### [project-hygiene](./plugins/project-hygiene)
 **Post-Task Cleanup Automation**
@@ -98,7 +124,7 @@ Hook-based cleanup that runs after Claude completes work.

 Security vulnerability detection and code refactoring tools.

-**Commands:** `/security-scan`, `/refactor`, `/refactor-dry`
+**Commands:** `/sentinel scan`, `/sentinel refactor`, `/sentinel refactor-dry`

 ### Infrastructure

@@ -107,11 +133,11 @@ Security vulnerability detection and code refactoring tools.

 Full CRUD operations for network infrastructure management directly from Claude Code.

-**Commands:** `/initial-setup`, `/cmdb-search`, `/cmdb-device`, `/cmdb-ip`, `/cmdb-site`, `/cmdb-audit`, `/cmdb-register`, `/cmdb-sync`, `/cmdb-topology`, `/change-audit`, `/ip-conflicts`
+**Commands:** `/cmdb setup`, `/cmdb search`, `/cmdb device`, `/cmdb ip`, `/cmdb site`, `/cmdb audit`, `/cmdb register`, `/cmdb sync`, `/cmdb topology`, `/cmdb change-audit`, `/cmdb ip-conflicts`

 ### Data Engineering

-#### [data-platform](./plugins/data-platform) *NEW in v4.0.0*
+#### [data-platform](./plugins/data-platform)
 **pandas, PostgreSQL/PostGIS, and dbt Integration**

 Comprehensive data engineering toolkit with persistent DataFrame storage.
@@ -122,11 +148,11 @@ Comprehensive data engineering toolkit with persistent DataFrame storage.
 - 100k row limit with chunking support
 - Auto-detection of dbt projects

-**Commands:** `/ingest`, `/profile`, `/schema`, `/explain`, `/lineage`, `/lineage-viz`, `/run`, `/dbt-test`, `/data-quality`, `/initial-setup`
+**Commands:** `/data ingest`, `/data profile`, `/data schema`, `/data explain`, `/data lineage`, `/data lineage-viz`, `/data run`, `/data dbt-test`, `/data quality`, `/data review`, `/data gate`, `/data setup`

 ### Visualization

-#### [viz-platform](./plugins/viz-platform) *NEW in v4.0.0*
+#### [viz-platform](./plugins/viz-platform)
 **Dash Mantine Components Validation and Theming**

 Visualization toolkit with version-locked component validation and design token theming.
@@ -138,7 +164,109 @@ Visualization toolkit with version-locked component validation and design token
 - 5 Page tools for multi-page app structure
 - Dual theme storage: user-level and project-level

-**Commands:** `/chart`, `/chart-export`, `/dashboard`, `/theme`, `/theme-new`, `/theme-css`, `/component`, `/accessibility-check`, `/breakpoints`, `/design-review`, `/design-gate`, `/initial-setup`
+**Commands:** `/viz chart`, `/viz chart-export`, `/viz dashboard`, `/viz theme`, `/viz theme-new`, `/viz theme-css`, `/viz component`, `/viz accessibility-check`, `/viz breakpoints`, `/viz design-review`, `/viz design-gate`, `/viz setup`
+
+#### [data-seed](./plugins/data-seed)
+**Test Data Generation and Database Seeding**
+
+Relationship-aware test data generation with reusable seed profiles.
+
+- Schema inference from existing databases
+- Faker-based data generation with locale support
+- Foreign key relationship resolution
+- Reusable seed profiles for consistent test environments
+
+**Commands:** `/seed setup`, `/seed generate`, `/seed profile`, `/seed validate`, `/seed apply`
+
+### SaaS Development
+
+#### [saas-api-platform](./plugins/saas-api-platform)
+**REST and GraphQL API Scaffolding**
+
+API development toolkit for FastAPI and Express projects with OpenAPI integration.
+
+- Framework-aware scaffolding (FastAPI, Express)
+- OpenAPI spec generation and validation
+- Middleware catalog with authentication, CORS, rate limiting
+- Route pattern enforcement and test generation
+
+**Commands:** `/api setup`, `/api scaffold`, `/api validate`, `/api docs`, `/api middleware`, `/api test-routes`
+
+#### [saas-db-migrate](./plugins/saas-db-migrate)
+**Database Migration Management**
+
+Migration toolkit for Alembic, Prisma, and raw SQL with safety validation.
+
+- ORM/tool auto-detection
+- Migration safety analysis (data loss, locks, rollback)
+- Execution planning with rollback strategies
+- Migration history tracking
+
+**Commands:** `/db-migrate setup`, `/db-migrate generate`, `/db-migrate validate`, `/db-migrate plan`, `/db-migrate history`, `/db-migrate rollback`
+
+#### [saas-react-platform](./plugins/saas-react-platform)
+**React Frontend Development Toolkit**
+
+Component scaffolding, routing, and state management for Next.js and Vite projects.
+
+- Framework detection (Next.js App Router/Pages, Vite, CRA, Remix)
+- TypeScript-first component generation with co-located tests
+- State management pattern selection (Context, Zustand, Redux Toolkit)
+- Anti-pattern detection and component tree analysis
+
+**Commands:** `/react setup`, `/react component`, `/react route`, `/react state`, `/react hook`, `/react lint`
+
+#### [saas-test-pilot](./plugins/saas-test-pilot)
+**Test Automation Toolkit**
+
+Test generation and coverage analysis for pytest, Jest, Vitest, and Playwright.
+
+- Framework auto-detection and configuration
+- Test case generation from code analysis
+- Coverage gap detection with risk prioritization
+- E2E test scenario generation from user stories
+
+**Commands:** `/test setup`, `/test generate`, `/test coverage`, `/test fixtures`, `/test e2e`, `/test run`
+
+### Operations
+
+#### [ops-release-manager](./plugins/ops-release-manager)
+**Release Management Automation**
+
+Semantic versioning, changelog generation, and tag management.
+
+- Version location auto-detection across manifests
+- Conventional commit-based bump suggestions
+- Keep a Changelog format automation
+- Release branch/tag creation and rollback
+
+**Commands:** `/release setup`, `/release prepare`, `/release validate`, `/release tag`, `/release rollback`, `/release status`
+
+#### [ops-deploy-pipeline](./plugins/ops-deploy-pipeline)
+**Deployment Pipeline Management**
+
+CI/CD for Docker Compose and systemd-based services on self-hosted infrastructure.
+
+- Docker Compose configuration generation
+- Caddy reverse proxy patterns
+- Environment-specific config management
+- Pre-deployment health checks and rollback planning
+
+**Commands:** `/deploy setup`, `/deploy generate`, `/deploy validate`, `/deploy env`, `/deploy check`, `/deploy rollback`
+
+### Debugging
+
+#### [debug-mcp](./plugins/debug-mcp)
+**MCP Server Debugging Toolkit**
+
+Diagnostic tools for MCP server health, testing, and development.
+
+- MCP server health status dashboard
+- Individual tool call testing
+- Server log analysis with error pattern recognition
+- MCP server scaffold generation
+
+**Commands:** `/debug-mcp status`, `/debug-mcp test`, `/debug-mcp logs`, `/debug-mcp inspect`, `/debug-mcp scaffold`

 ## Domain Advisory Pattern

@@ -146,14 +274,14 @@ The marketplace supports cross-plugin domain advisory integration:

 - **Domain Detection**: projman automatically detects when issues involve specialized domains (frontend/viz, data engineering)
 - **Acceptance Criteria**: Domain-specific acceptance criteria are added to issues during planning
- **Execution Gates**: Domain validation gates (`/design-gate`, `/data-gate`) run before issue completion
+- **Execution Gates**: Domain validation gates (`/viz design-gate`, `/data gate`) run before issue completion
 - **Extensible**: New domains can be added by creating advisory agents and gate commands

 **Current Domains:**
 | Domain | Plugin | Gate Command |
 |--------|--------|--------------|
-| Visualization | viz-platform | `/design-gate` |
-| Data | data-platform | `/data-gate` |
+| Visualization | viz-platform | `/viz design-gate` |
+| Data | data-platform | `/data gate` |

 ## MCP Servers

@@ -170,7 +298,7 @@ Full Gitea API integration for project management.
 | Wiki | `list_wiki_pages`, `get_wiki_page`, `create_wiki_page`, `update_wiki_page`, `create_lesson`, `search_lessons` |
 | Milestones | `list_milestones`, `get_milestone`, `create_milestone`, `update_milestone`, `delete_milestone` |
 | Dependencies | `list_issue_dependencies`, `create_issue_dependency`, `remove_issue_dependency`, `get_execution_order` |
-| **Pull Requests** | `list_pull_requests`, `get_pull_request`, `get_pr_diff`, `get_pr_comments`, `create_pr_review`, `add_pr_comment` *(NEW in v3.0.0)* |
+| **Pull Requests** | `list_pull_requests`, `get_pull_request`, `get_pr_diff`, `get_pr_comments`, `create_pr_review`, `add_pr_comment` |
 | Validation | `validate_repo_org`, `get_branch_protection` |

 ### NetBox MCP Server (shared)
@@ -185,7 +313,7 @@ Comprehensive NetBox REST API integration for infrastructure management.
 | Virtualization | Clusters, VMs, Interfaces |
 | Extras | Tags, Custom Fields, Audit Log |

-### Data Platform MCP Server (shared) *NEW in v4.0.0*
+### Data Platform MCP Server (shared)

 pandas, PostgreSQL/PostGIS, and dbt integration for data engineering.

@@ -196,7 +324,7 @@ pandas, PostgreSQL/PostGIS, and dbt integration for data engineering.
 | PostGIS | `st_tables`, `st_geometry_type`, `st_srid`, `st_extent` |
 | dbt | `dbt_parse`, `dbt_run`, `dbt_test`, `dbt_build`, `dbt_compile`, `dbt_ls`, `dbt_docs_generate`, `dbt_lineage` |

-### Viz Platform MCP Server (shared) *NEW in v4.0.0*
+### Viz Platform MCP Server (shared)

 Dash Mantine Components validation and visualization tools.

@@ -208,7 +336,7 @@ Dash Mantine Components validation and visualization tools.
 | Theme | `theme_create`, `theme_extend`, `theme_validate`, `theme_export_css`, `theme_list`, `theme_activate` |
 | Page | `page_create`, `page_add_navbar`, `page_set_auth`, `page_list`, `page_get_app_config` |

-### Contract Validator MCP Server (shared) *NEW in v5.0.0*
+### Contract Validator MCP Server (shared)

 Cross-plugin compatibility validation tools.

@@ -254,7 +382,7 @@ Add to `.claude/settings.json` in your target project:
 After installing plugins, run the setup wizard:

 ```
-/initial-setup
+/projman setup
 ```

 The wizard handles everything:
@@ -266,12 +394,12 @@ The wizard handles everything:

 **For new projects** (when system is already configured):
 ```
-/project-init
+/pr init
 ```

 **After moving a repository:**
 ```
-/project-sync
+/pr sync
 ```

 See [docs/CONFIGURATION.md](./docs/CONFIGURATION.md) for manual setup and advanced options.
@@ -306,17 +434,17 @@ After installing plugins, the `/plugin` command may show `(no content)` - this i

 | Plugin | Test Command |
 |--------|--------------|
-| git-flow | `/git-flow:git-status` |
+| git-flow | `/git-flow:gitflow-status` |
 | projman | `/projman:sprint-status` |
 | pr-review | `/pr-review:pr-summary` |
-| clarity-assist | `/clarity-assist:clarify` |
+| clarity-assist | `/clarity-assist:clarity-clarify` |
 | doc-guardian | `/doc-guardian:doc-audit` |
-| code-sentinel | `/code-sentinel:security-scan` |
-| claude-config-maintainer | `/claude-config-maintainer:config-analyze` |
+| code-sentinel | `/code-sentinel:sentinel-scan` |
+| claude-config-maintainer | `/claude-config-maintainer:claude-config-analyze` |
 | cmdb-assistant | `/cmdb-assistant:cmdb-search` |
-| data-platform | `/data-platform:ingest` |
-| viz-platform | `/viz-platform:chart` |
-| contract-validator | `/contract-validator:validate-contracts` |
+| data-platform | `/data-platform:data-ingest` |
+| viz-platform | `/viz-platform:viz-chart` |
+| contract-validator | `/contract-validator:cv-validate` |

 ## Repository Structure

--- a/docs/CANONICAL-PATHS.md
+++ b/docs/CANONICAL-PATHS.md
@@ -2,7 +2,7 @@

 **This file defines ALL valid paths in this repository. No exceptions. No inference. No assumptions.**

-Last Updated: 2026-01-30 (v5.4.1)
+Last Updated: 2026-02-06 (v8.0.0)

 ---

@@ -12,10 +12,18 @@ Last Updated: 2026-01-30 (v5.4.1)
 leo-claude-mktplace/
 ├── .claude/                    # Claude Code local settings
 ├── .claude-plugin/             # Marketplace manifest
-│   └── marketplace.json
+│   ├── marketplace.json
+│   ├── marketplace-lean.json   # Lean profile (6 core plugins)
+│   └── marketplace-full.json   # Full profile (all plugins)
+├── .mcp-lean.json              # Lean profile MCP config (gitea only)
+├── .mcp-full.json              # Full profile MCP config (all servers)
 ├── .scratch/                   # Transient work (auto-cleaned)
 ├── docs/                       # All documentation
 │   ├── architecture/           # Draw.io diagrams and specs
+│   ├── prompts/                # Shared prompt templates
+│   │   └── INDEX.md            # Prompt template index
+│   ├── project-lessons-learned/ # Project-level lessons (not sprint-specific)
+│   │   └── INDEX.md            # Lessons index
 │   ├── CANONICAL-PATHS.md      # This file - single source of truth
 │   ├── COMMANDS-CHEATSHEET.md  # All commands quick reference
 │   ├── CONFIGURATION.md        # Centralized configuration guide
@@ -150,7 +158,9 @@ leo-claude-mktplace/
 │   ├── validate-marketplace.sh # Marketplace compliance validation
 │   ├── verify-hooks.sh         # Verify all hooks use correct event types
 │   ├── setup-venvs.sh          # Setup MCP server venvs (create only, never delete)
-│   └── release.sh              # Release automation with version bumping
+│   ├── release.sh              # Release automation with version bumping
+│   ├── claude-launch.sh        # Task-specific launcher with profile selection
+│   └── switch-profile.sh       # DEPRECATED: use claude-launch.sh instead
 ├── CLAUDE.md
 ├── README.md
 ├── LICENSE
@@ -162,12 +172,40 @@ leo-claude-mktplace/

 ## Path Patterns (MANDATORY)

+### Phase 1a Paths (v8.1.0)
+
+New files added in v8.1.0:
+
+```
+plugins/projman/commands/project.md
+plugins/projman/commands/project-initiation.md
+plugins/projman/commands/project-plan.md
+plugins/projman/commands/project-status.md
+plugins/projman/commands/project-close.md
+plugins/projman/commands/adr.md
+plugins/projman/commands/adr-create.md
+plugins/projman/commands/adr-list.md
+plugins/projman/commands/adr-update.md
+plugins/projman/commands/adr-supersede.md
+plugins/projman/skills/source-analysis.md
+plugins/projman/skills/project-charter.md
+plugins/projman/skills/adr-conventions.md
+plugins/projman/skills/epic-conventions.md
+plugins/projman/skills/wbs.md
+plugins/projman/skills/risk-register.md
+plugins/projman/skills/sprint-roadmap.md
+plugins/projman/skills/wiki-conventions.md
+plugins/project-hygiene/commands/hygiene-check.md
+plugins/contract-validator/commands/cv-status.md
+```
+
 ### Plugin Paths

 | Context | Pattern | Example |
 |---------|---------|---------|
 | Plugin location | `plugins/{plugin-name}/` | `plugins/projman/` |
 | Plugin manifest | `plugins/{plugin-name}/.claude-plugin/plugin.json` | `plugins/projman/.claude-plugin/plugin.json` |
+| Plugin MCP mapping (optional) | `plugins/{plugin-name}/.claude-plugin/metadata.json` | `plugins/projman/.claude-plugin/metadata.json` |
 | Plugin commands | `plugins/{plugin-name}/commands/` | `plugins/projman/commands/` |
 | Plugin agents | `plugins/{plugin-name}/agents/` | `plugins/projman/agents/` |
 | Plugin skills | `plugins/{plugin-name}/skills/` | `plugins/projman/skills/` |
@@ -182,10 +220,42 @@ MCP servers are **shared at repository root** and configured in `.mcp.json`.
 | MCP configuration | `.mcp.json` | `.mcp.json` (at repo root) |
 | Shared MCP server | `mcp-servers/{server}/` | `mcp-servers/gitea/` |
 | MCP server code | `mcp-servers/{server}/mcp_server/` | `mcp-servers/gitea/mcp_server/` |
-| MCP venv | `mcp-servers/{server}/.venv/` | `mcp-servers/gitea/.venv/` |
+| MCP venv (local) | `mcp-servers/{server}/.venv/` | `mcp-servers/gitea/.venv/` |

 **Note:** Plugins do NOT have their own `mcp-servers/` directories. All MCP servers are shared at root and configured via `.mcp.json`.

+### MCP Venv Paths - CRITICAL
+
+**Venvs live in a CACHE directory that SURVIVES marketplace updates.**
+
+When checking for venvs, ALWAYS check in this order:
+
+| Priority | Path | Survives Updates? |
+|----------|------|-------------------|
+| 1 (CHECK FIRST) | `~/.cache/claude-mcp-venvs/leo-claude-mktplace/{server}/.venv/` | YES |
+| 2 (fallback) | `{marketplace}/mcp-servers/{server}/.venv/` | NO |
+
+**Why cache first?**
+- Marketplace directory gets WIPED on every update/reinstall
+- Cache directory SURVIVES updates
+- False "venv missing" errors waste hours of debugging
+
+**Pattern for hooks checking venvs:**
+```bash
+CACHE_VENV="$HOME/.cache/claude-mcp-venvs/leo-claude-mktplace/{server}/.venv/bin/python"
+LOCAL_VENV="$MARKETPLACE_ROOT/mcp-servers/{server}/.venv/bin/python"
+
+if [[ -f "$CACHE_VENV" ]]; then
+    VENV_PATH="$CACHE_VENV"
+elif [[ -f "$LOCAL_VENV" ]]; then
+    VENV_PATH="$LOCAL_VENV"
+else
+    echo "venv missing"
+fi
+```
+
+**See lesson learned:** [Startup Hooks Must Check Venv Cache Path First](https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/wiki/lessons/patterns/startup-hooks-must-check-venv-cache-path-first)
+
 ### Documentation Paths

 | Type | Location |
@@ -269,10 +339,64 @@ All MCP servers are defined in `.mcp.json` at repository root:

 ---

+## Domain Metadata
+
+### Domain Field Locations
+
+Both manifest files require a `domain` field (v8.0.0+):
+
+| Location | Field | Example |
+|----------|-------|---------|
+| `plugins/{name}/.claude-plugin/plugin.json` | `"domain": "core"` | `plugins/projman/.claude-plugin/plugin.json` |
+| `.claude-plugin/marketplace.json` | `"domain": "core"` per plugin entry | `.claude-plugin/marketplace.json` |
+
+### Allowed Domain Values
+
+| Domain | Purpose | Existing Plugins |
+|--------|---------|-----------------|
+| `core` | Development workflow plugins | projman, git-flow, pr-review, code-sentinel, doc-guardian, clarity-assist, contract-validator, claude-config-maintainer, project-hygiene |
+| `data` | Data engineering and visualization | data-platform, viz-platform |
+| `ops` | Operations and infrastructure | cmdb-assistant |
+| `saas` | SaaS application development | (Phase 2) |
+| `debug` | Debugging and diagnostics | (Phase 2) |
+
+### Plugin Naming Convention
+
+- **Core plugins:** No prefix (existing names never change)
+- **New plugins:** Domain prefix: `saas-*`, `ops-*`, `data-*`, `debug-*`
+- Domain is always in metadata — prefix is a naming convention, not a requirement
+
+### Domain Query Examples
+
+```bash
+# List all plugins in a domain
+jq '.plugins[] | select(.domain=="saas") | .name' .claude-plugin/marketplace.json
+
+# Count plugins per domain
+jq '[.plugins[] | .domain] | group_by(.) | map({domain: .[0], count: length})' .claude-plugin/marketplace.json
+```
+
+### Future Plugin Path Patterns
+
+```
+plugins/saas-api-platform/
+plugins/saas-db-migrate/
+plugins/saas-react-platform/
+plugins/saas-test-pilot/
+plugins/data-seed/
+plugins/ops-release-manager/
+plugins/ops-deploy-pipeline/
+plugins/debug-mcp/
+```
+
+---
+
 ## Change Log

 | Date | Change | By |
 |------|--------|-----|
+| 2026-02-06 | v8.0.0: Added domain metadata section, Phase 1a paths, future plugin paths | Claude Code |
+| 2026-02-04 | v7.1.0: Added profile configs, prompts/, project-lessons-learned/, metadata.json, deprecated switch-profile.sh | Claude Code |
 | 2026-01-30 | v5.5.0: Removed plugin-level mcp-servers symlinks - all MCP config now in root .mcp.json | Claude Code |
 | 2026-01-26 | v5.0.0: Added contract-validator plugin and MCP server | Claude Code |
 | 2026-01-26 | v4.1.0: Added viz-platform plugin and MCP server | Claude Code |
--- a/docs/COMMANDS-CHEATSHEET.md
+++ b/docs/COMMANDS-CHEATSHEET.md
@@ -1,6 +1,8 @@
 # Plugin Commands Cheat Sheet

-Quick reference for all commands in the Leo Claude Marketplace.
+Quick reference for all commands in the Leo Claude Marketplace (v9.0.0+).
+
+All commands follow the `/<noun> <action>` sub-command pattern.

 ---

@@ -8,95 +10,96 @@ Quick reference for all commands in the Leo Claude Marketplace.

 | Plugin | Command | Auto | Manual | Description |
 |--------|---------|:----:|:------:|-------------|
-| **projman** | `/sprint-plan` | | X | Start sprint planning with AI-guided architecture analysis and issue creation |
-| **projman** | `/sprint-start` | | X | Begin sprint execution with dependency analysis and parallel task coordination (requires approval or `--force`) |
-| **projman** | `/sprint-status` | | X | Check current sprint progress (add `--diagram` for Mermaid visualization) |
-| **projman** | `/review` | | X | Pre-sprint-close code quality review (debug artifacts, security, error handling) |
-| **projman** | `/test` | | X | Run tests (`/test run`) or generate tests (`/test gen <target>`) |
-| **projman** | `/sprint-close` | | X | Complete sprint and capture lessons learned to Gitea Wiki |
-| **projman** | `/labels-sync` | | X | Synchronize label taxonomy from Gitea |
-| **projman** | `/setup` | | X | Auto-detect mode or use `--full`, `--quick`, `--sync`, `--clear-cache` |
-| **projman** | *SessionStart hook* | X | | Detects git remote vs .env mismatch, warns to run `/setup --sync` |
-| **projman** | `/debug` | | X | Diagnostics (`/debug report`) or investigate (`/debug review`) |
-| **projman** | `/suggest-version` | | X | Analyze CHANGELOG and recommend semantic version bump |
-| **projman** | `/proposal-status` | | X | View proposal and implementation hierarchy with status |
-| **projman** | `/rfc` | | X | RFC lifecycle management (`/rfc create\|list\|review\|approve\|reject`) |
-| **git-flow** | `/commit` | | X | Create commit with auto-generated conventional message |
-| **git-flow** | `/commit-push` | | X | Commit and push to remote in one operation |
-| **git-flow** | `/commit-merge` | | X | Commit current changes, then merge into target branch |
-| **git-flow** | `/commit-sync` | | X | Full sync: commit, push, and sync with upstream/base branch |
-| **git-flow** | `/branch-start` | | X | Create new feature/fix/chore branch with naming conventions |
-| **git-flow** | `/branch-cleanup` | | X | Remove merged branches locally and optionally on remote |
-| **git-flow** | `/git-status` | | X | Enhanced git status with recommendations |
-| **git-flow** | `/git-config` | | X | Configure git-flow settings for the project |
-| **pr-review** | `/initial-setup` | | X | Setup wizard for pr-review (shares Gitea MCP with projman) |
-| **pr-review** | `/project-init` | | X | Quick project setup for PR reviews |
-| **pr-review** | `/project-sync` | | X | Sync config with git remote after repo move/rename |
-| **pr-review** | *SessionStart hook* | X | | Detects git remote vs .env mismatch |
-| **pr-review** | `/pr-review` | | X | Full multi-agent PR review with confidence scoring |
-| **pr-review** | `/pr-summary` | | X | Quick summary of PR changes |
-| **pr-review** | `/pr-findings` | | X | List and filter review findings by category/severity |
-| **pr-review** | `/pr-diff` | | X | Formatted diff with inline review comments and annotations |
-| **clarity-assist** | `/clarify` | | X | Full 4-D prompt optimization with ND accommodations |
-| **clarity-assist** | `/quick-clarify` | | X | Rapid single-pass clarification for simple requests |
-| **doc-guardian** | `/doc-audit` | | X | Full documentation audit - scans for doc drift |
-| **doc-guardian** | `/doc-sync` | | X | Synchronize pending documentation updates |
-| **doc-guardian** | `/changelog-gen` | | X | Generate changelog from conventional commits |
-| **doc-guardian** | `/doc-coverage` | | X | Documentation coverage metrics by function/class |
-| **doc-guardian** | `/stale-docs` | | X | Flag documentation behind code changes |
-| **doc-guardian** | *PostToolUse hook* | X | | Silently detects doc drift on Write/Edit |
-| **code-sentinel** | `/security-scan` | | X | Full security audit (SQL injection, XSS, secrets, etc.) |
-| **code-sentinel** | `/refactor` | | X | Apply refactoring patterns to improve code |
-| **code-sentinel** | `/refactor-dry` | | X | Preview refactoring without applying changes |
+| **projman** | `/sprint plan` | | X | Start sprint planning with AI-guided architecture analysis and issue creation |
+| **projman** | `/sprint start` | | X | Begin sprint execution with dependency analysis and parallel task coordination (requires approval or `--force`) |
+| **projman** | `/sprint status` | | X | Check current sprint progress (add `--diagram` for Mermaid visualization) |
+| **projman** | `/sprint review` | | X | Pre-sprint-close code quality review (debug artifacts, security, error handling) |
+| **projman** | `/sprint test` | | X | Run tests (`/sprint test run`) or generate tests (`/sprint test gen <target>`) |
+| **projman** | `/sprint close` | | X | Complete sprint and capture lessons learned to Gitea Wiki |
+| **projman** | `/labels sync` | | X | Synchronize label taxonomy from Gitea |
+| **projman** | `/projman setup` | | X | Auto-detect mode or use `--full`, `--quick`, `--sync`, `--clear-cache` |
+| **projman** | `/rfc create\|list\|review\|approve\|reject` | | X | RFC lifecycle management |
+| **projman** | `/project initiation\|plan\|status\|close` | | X | Project lifecycle management |
+| **projman** | `/adr create\|list\|update\|supersede` | | X | Architecture Decision Records |
+| **git-flow** | `/gitflow commit` | | X | Create commit with auto-generated conventional message. Flags: `--push`, `--merge`, `--sync` |
+| **git-flow** | `/gitflow branch-start` | | X | Create new feature/fix/chore branch with naming conventions |
+| **git-flow** | `/gitflow branch-cleanup` | | X | Remove merged branches locally and optionally on remote |
+| **git-flow** | `/gitflow status` | | X | Enhanced git status with recommendations |
+| **git-flow** | `/gitflow config` | | X | Configure git-flow settings for the project |
+| **pr-review** | `/pr setup` | | X | Setup wizard for pr-review (shares Gitea MCP with projman) |
+| **pr-review** | `/pr init` | | X | Quick project setup for PR reviews |
+| **pr-review** | `/pr sync` | | X | Sync config with git remote after repo move/rename |
+| **pr-review** | `/pr review` | | X | Full multi-agent PR review with confidence scoring |
+| **pr-review** | `/pr summary` | | X | Quick summary of PR changes |
+| **pr-review** | `/pr findings` | | X | List and filter review findings by category/severity |
+| **pr-review** | `/pr diff` | | X | Formatted diff with inline review comments and annotations |
+| **clarity-assist** | `/clarity clarify` | | X | Full 4-D prompt optimization with ND accommodations |
+| **clarity-assist** | `/clarity quick-clarify` | | X | Rapid single-pass clarification for simple requests |
+| **doc-guardian** | `/doc audit` | | X | Full documentation audit - scans for doc drift |
+| **doc-guardian** | `/doc sync` | | X | Synchronize pending documentation updates |
+| **doc-guardian** | `/doc changelog-gen` | | X | Generate changelog from conventional commits |
+| **doc-guardian** | `/doc coverage` | | X | Documentation coverage metrics by function/class |
+| **doc-guardian** | `/doc stale-docs` | | X | Flag documentation behind code changes |
+| **code-sentinel** | `/sentinel scan` | | X | Full security audit (SQL injection, XSS, secrets, etc.) |
+| **code-sentinel** | `/sentinel refactor` | | X | Apply refactoring patterns to improve code |
+| **code-sentinel** | `/sentinel refactor-dry` | | X | Preview refactoring without applying changes |
 | **code-sentinel** | *PreToolUse hook* | X | | Scans code before writing; blocks critical issues |
-| **claude-config-maintainer** | `/config-analyze` | | X | Analyze CLAUDE.md for optimization opportunities |
-| **claude-config-maintainer** | `/config-optimize` | | X | Optimize CLAUDE.md structure with preview/backup |
-| **claude-config-maintainer** | `/config-init` | | X | Initialize new CLAUDE.md for a project |
-| **claude-config-maintainer** | `/config-diff` | | X | Track CLAUDE.md changes over time with behavioral impact |
-| **claude-config-maintainer** | `/config-lint` | | X | Lint CLAUDE.md for anti-patterns and best practices |
-| **cmdb-assistant** | `/initial-setup` | | X | Setup wizard for NetBox MCP server |
-| **cmdb-assistant** | `/cmdb-search` | | X | Search NetBox for devices, IPs, sites |
-| **cmdb-assistant** | `/cmdb-device` | | X | Manage network devices (create, view, update, delete) |
-| **cmdb-assistant** | `/cmdb-ip` | | X | Manage IP addresses and prefixes |
-| **cmdb-assistant** | `/cmdb-site` | | X | Manage sites, locations, racks, and regions |
-| **cmdb-assistant** | `/cmdb-audit` | | X | Data quality analysis (VMs, devices, naming, roles) |
-| **cmdb-assistant** | `/cmdb-register` | | X | Register current machine into NetBox with running apps |
-| **cmdb-assistant** | `/cmdb-sync` | | X | Sync machine state with NetBox (detect drift, update) |
-| **cmdb-assistant** | `/cmdb-topology` | | X | Infrastructure topology diagrams (rack, network, site views) |
-| **cmdb-assistant** | `/change-audit` | | X | NetBox audit trail queries with filtering |
-| **cmdb-assistant** | `/ip-conflicts` | | X | Detect IP conflicts and overlapping prefixes |
-| **project-hygiene** | *PostToolUse hook* | X | | Removes temp files, warns about unexpected root files |
-| **data-platform** | `/ingest` | | X | Load data from CSV, Parquet, JSON into DataFrame |
-| **data-platform** | `/profile` | | X | Generate data profiling report with statistics |
-| **data-platform** | `/schema` | | X | Explore database schemas, tables, columns |
-| **data-platform** | `/explain` | | X | Explain query execution plan |
-| **data-platform** | `/lineage` | | X | Show dbt model lineage and dependencies |
-| **data-platform** | `/run` | | X | Run dbt models with validation |
-| **data-platform** | `/lineage-viz` | | X | dbt lineage visualization as Mermaid diagrams |
-| **data-platform** | `/dbt-test` | | X | Formatted dbt test runner with summary and failure details |
-| **data-platform** | `/data-quality` | | X | DataFrame quality checks (nulls, duplicates, types, outliers) |
-| **data-platform** | `/initial-setup` | | X | Setup wizard for data-platform MCP servers |
-| **data-platform** | *SessionStart hook* | X | | Checks PostgreSQL connection (non-blocking warning) |
-| **viz-platform** | `/initial-setup` | | X | Setup wizard for viz-platform MCP server |
-| **viz-platform** | `/chart` | | X | Create Plotly charts with theme integration |
-| **viz-platform** | `/dashboard` | | X | Create dashboard layouts with filters and grids |
-| **viz-platform** | `/theme` | | X | Apply existing theme to visualizations |
-| **viz-platform** | `/theme-new` | | X | Create new custom theme with design tokens |
-| **viz-platform** | `/theme-css` | | X | Export theme as CSS custom properties |
-| **viz-platform** | `/component` | | X | Inspect DMC component props and validation |
-| **viz-platform** | `/chart-export` | | X | Export charts to PNG, SVG, PDF via kaleido |
-| **viz-platform** | `/accessibility-check` | | X | Color blind validation (WCAG contrast ratios) |
-| **viz-platform** | `/breakpoints` | | X | Configure responsive layout breakpoints |
-| **viz-platform** | `/design-review` | | X | Detailed design system audits |
-| **viz-platform** | `/design-gate` | | X | Binary pass/fail design system validation gates |
-| **viz-platform** | *SessionStart hook* | X | | Checks DMC version (non-blocking warning) |
-| **data-platform** | `/data-review` | | X | Comprehensive data integrity audits |
-| **data-platform** | `/data-gate` | | X | Binary pass/fail data integrity gates |
-| **contract-validator** | `/validate-contracts` | | X | Full marketplace compatibility validation |
-| **contract-validator** | `/check-agent` | | X | Validate single agent definition |
-| **contract-validator** | `/list-interfaces` | | X | Show all plugin interfaces |
-| **contract-validator** | `/dependency-graph` | | X | Mermaid visualization of plugin dependencies |
-| **contract-validator** | `/initial-setup` | | X | Setup wizard for contract-validator MCP |
+| **claude-config-maintainer** | `/claude-config analyze` | | X | Analyze CLAUDE.md for optimization opportunities |
+| **claude-config-maintainer** | `/claude-config optimize` | | X | Optimize CLAUDE.md structure with preview/backup |
+| **claude-config-maintainer** | `/claude-config init` | | X | Initialize new CLAUDE.md for a project |
+| **claude-config-maintainer** | `/claude-config diff` | | X | Track CLAUDE.md changes over time with behavioral impact |
+| **claude-config-maintainer** | `/claude-config lint` | | X | Lint CLAUDE.md for anti-patterns and best practices |
+| **claude-config-maintainer** | `/claude-config audit-settings` | | X | Audit settings.local.json permissions (100-point score) |
+| **claude-config-maintainer** | `/claude-config optimize-settings` | | X | Optimize permissions (profiles, consolidation, dry-run) |
+| **claude-config-maintainer** | `/claude-config permissions-map` | | X | Visual review layer + permission coverage map |
+| **cmdb-assistant** | `/cmdb setup` | | X | Setup wizard for NetBox MCP server |
+| **cmdb-assistant** | `/cmdb search` | | X | Search NetBox for devices, IPs, sites |
+| **cmdb-assistant** | `/cmdb device` | | X | Manage network devices (create, view, update, delete) |
+| **cmdb-assistant** | `/cmdb ip` | | X | Manage IP addresses and prefixes |
+| **cmdb-assistant** | `/cmdb site` | | X | Manage sites, locations, racks, and regions |
+| **cmdb-assistant** | `/cmdb audit` | | X | Data quality analysis (VMs, devices, naming, roles) |
+| **cmdb-assistant** | `/cmdb register` | | X | Register current machine into NetBox with running apps |
+| **cmdb-assistant** | `/cmdb sync` | | X | Sync machine state with NetBox (detect drift, update) |
+| **cmdb-assistant** | `/cmdb topology` | | X | Infrastructure topology diagrams (rack, network, site views) |
+| **cmdb-assistant** | `/cmdb change-audit` | | X | NetBox audit trail queries with filtering |
+| **cmdb-assistant** | `/cmdb ip-conflicts` | | X | Detect IP conflicts and overlapping prefixes |
+| **project-hygiene** | `/hygiene check` | | X | Project file organization and cleanup check |
+| **data-platform** | `/data ingest` | | X | Load data from CSV, Parquet, JSON into DataFrame |
+| **data-platform** | `/data profile` | | X | Generate data profiling report with statistics |
+| **data-platform** | `/data schema` | | X | Explore database schemas, tables, columns |
+| **data-platform** | `/data explain` | | X | Explain query execution plan |
+| **data-platform** | `/data lineage` | | X | Show dbt model lineage and dependencies |
+| **data-platform** | `/data run` | | X | Run dbt models with validation |
+| **data-platform** | `/data lineage-viz` | | X | dbt lineage visualization as Mermaid diagrams |
+| **data-platform** | `/data dbt-test` | | X | Formatted dbt test runner with summary and failure details |
+| **data-platform** | `/data quality` | | X | DataFrame quality checks (nulls, duplicates, types, outliers) |
+| **data-platform** | `/data review` | | X | Comprehensive data integrity audits |
+| **data-platform** | `/data gate` | | X | Binary pass/fail data integrity gates |
+| **data-platform** | `/data setup` | | X | Setup wizard for data-platform MCP servers |
+| **viz-platform** | `/viz setup` | | X | Setup wizard for viz-platform MCP server |
+| **viz-platform** | `/viz chart` | | X | Create Plotly charts with theme integration |
+| **viz-platform** | `/viz chart-export` | | X | Export charts to PNG, SVG, PDF via kaleido |
+| **viz-platform** | `/viz dashboard` | | X | Create dashboard layouts with filters and grids |
+| **viz-platform** | `/viz theme` | | X | Apply existing theme to visualizations |
+| **viz-platform** | `/viz theme-new` | | X | Create new custom theme with design tokens |
+| **viz-platform** | `/viz theme-css` | | X | Export theme as CSS custom properties |
+| **viz-platform** | `/viz component` | | X | Inspect DMC component props and validation |
+| **viz-platform** | `/viz accessibility-check` | | X | Color blind validation (WCAG contrast ratios) |
+| **viz-platform** | `/viz breakpoints` | | X | Configure responsive layout breakpoints |
+| **viz-platform** | `/viz design-review` | | X | Detailed design system audits |
+| **viz-platform** | `/viz design-gate` | | X | Binary pass/fail design system validation gates |
+| **contract-validator** | `/cv validate` | | X | Full marketplace compatibility validation |
+| **contract-validator** | `/cv check-agent` | | X | Validate single agent definition |
+| **contract-validator** | `/cv list-interfaces` | | X | Show all plugin interfaces |
+| **contract-validator** | `/cv dependency-graph` | | X | Mermaid visualization of plugin dependencies |
+| **contract-validator** | `/cv setup` | | X | Setup wizard for contract-validator MCP |
+| **contract-validator** | `/cv status` | | X | Marketplace-wide health check (installation, MCP, configuration) |
+
+---
+
+## Migration from v8.x
+
+All commands were renamed in v9.0.0 to follow `/<noun> <action>` pattern. See [MIGRATION-v9.md](./MIGRATION-v9.md) for the complete old-to-new mapping.

 ---

@@ -104,7 +107,7 @@ Quick reference for all commands in the Leo Claude Marketplace.

 | Category | Plugins | Primary Use |
 |----------|---------|-------------|
-| **Setup** | projman, pr-review, cmdb-assistant, data-platform | `/setup`, `/initial-setup` |
+| **Setup** | projman, pr-review, cmdb-assistant, data-platform, viz-platform, contract-validator | `/projman setup`, `/pr setup`, `/cmdb setup`, `/data setup`, `/viz setup`, `/cv setup` |
 | **Task Planning** | projman, clarity-assist | Sprint management, requirement clarification |
 | **Code Quality** | code-sentinel, pr-review | Security scanning, PR reviews |
 | **Documentation** | doc-guardian, claude-config-maintainer | Doc sync, CLAUDE.md maintenance |
@@ -113,7 +116,7 @@ Quick reference for all commands in the Leo Claude Marketplace.
 | **Data Engineering** | data-platform | pandas, PostgreSQL, dbt operations |
 | **Visualization** | viz-platform | DMC validation, Plotly charts, theming |
 | **Validation** | contract-validator | Cross-plugin compatibility checks |
-| **Maintenance** | project-hygiene | Automatic cleanup |
+| **Maintenance** | project-hygiene | Manual cleanup via `/hygiene check` |

 ---

@@ -121,13 +124,10 @@ Quick reference for all commands in the Leo Claude Marketplace.

 | Plugin | Hook Event | Behavior |
 |--------|------------|----------|
-| **projman** | SessionStart | Checks git remote vs .env; warns if mismatch detected; suggests sprint planning if issues exist |
-| **pr-review** | SessionStart | Checks git remote vs .env; warns if mismatch detected |
-| **doc-guardian** | PostToolUse (Write/Edit) | Tracks documentation drift; auto-updates dependent docs |
-| **code-sentinel** | PreToolUse (Write/Edit) | Scans for security issues; blocks critical vulnerabilities |
-| **project-hygiene** | PostToolUse (Write/Edit) | Cleans temp files, warns about misplaced files |
-| **data-platform** | SessionStart | Checks PostgreSQL connection; non-blocking warning if unavailable |
-| **viz-platform** | SessionStart | Checks DMC version; non-blocking warning if mismatch detected |
+| **code-sentinel** | PreToolUse (Write/Edit/MultiEdit) | Scans code before writing; blocks critical security issues |
+| **git-flow** | PreToolUse (Bash) | Validates branch naming and commit message conventions |
+| **cmdb-assistant** | PreToolUse (MCP create/update) | Validates input data before NetBox writes |
+| **clarity-assist** | UserPromptSubmit | Detects vague prompts and suggests clarification |

 ---

@@ -138,15 +138,15 @@ Quick reference for all commands in the Leo Claude Marketplace.
 Full workflow from idea to implementation using RFCs:

 ```
-1. /clarify                  # Clarify the feature idea
-2. /rfc create               # Create RFC from clarified spec
+1. /clarity clarify            # Clarify the feature idea
+2. /rfc create                 # Create RFC from clarified spec
   ... refine RFC content ...
-3. /rfc review 0001          # Submit RFC for review
+3. /rfc review 0001            # Submit RFC for review
   ... review discussion ...
-4. /rfc approve 0001         # Approve RFC for implementation
-5. /sprint-plan              # Select approved RFC for sprint
+4. /rfc approve 0001           # Approve RFC for implementation
+5. /sprint plan                # Select approved RFC for sprint
   ... implement feature ...
-6. /sprint-close             # Complete sprint, RFC marked Implemented
+6. /sprint close               # Complete sprint, RFC marked Implemented
 ```

 ### Example 1: Starting a New Feature Sprint
@@ -154,17 +154,17 @@ Full workflow from idea to implementation using RFCs:
 A typical workflow for planning and executing a feature sprint:

 ```
-1. /clarify                  # Clarify requirements if vague
-2. /sprint-plan              # Plan the sprint with architecture analysis
-3. /labels-sync              # Ensure labels are up-to-date
-4. /sprint-start             # Begin execution with dependency ordering
-5. /branch-start feat/...    # Create feature branch
+1. /clarity clarify             # Clarify requirements if vague
+2. /sprint plan                 # Plan the sprint with architecture analysis
+3. /labels sync                 # Ensure labels are up-to-date
+4. /sprint start                # Begin execution with dependency ordering
+5. /gitflow branch-start feat/...  # Create feature branch
   ... implement features ...
-6. /commit                   # Commit with conventional message
-7. /sprint-status --diagram  # Check progress with visualization
-8. /review                   # Pre-close quality review
-9. /test run                 # Verify test coverage
-10. /sprint-close            # Capture lessons learned
+6. /gitflow commit              # Commit with conventional message
+7. /sprint status --diagram     # Check progress with visualization
+8. /sprint review               # Pre-close quality review
+9. /sprint test run             # Verify test coverage
+10. /sprint close               # Capture lessons learned
 ```

 ### Example 2: Daily Development Cycle
@@ -172,12 +172,12 @@ A typical workflow for planning and executing a feature sprint:
 Quick daily workflow with git-flow:

 ```
-1. /git-status               # Check current state
-2. /branch-start fix/...     # Start bugfix branch
+1. /gitflow status              # Check current state
+2. /gitflow branch-start fix/...  # Start bugfix branch
   ... make changes ...
-3. /commit                   # Auto-generate commit message
-4. /commit-push              # Push to remote
-5. /branch-cleanup           # Clean merged branches
+3. /gitflow commit              # Auto-generate commit message
+4. /gitflow commit --push       # Commit and push to remote
+5. /gitflow branch-cleanup      # Clean merged branches
 ```

 ### Example 3: Pull Request Review Workflow
@@ -185,10 +185,10 @@ Quick daily workflow with git-flow:
 Reviewing a PR before merge:

 ```
-1. /pr-summary               # Quick overview of changes
-2. /pr-review                # Full multi-agent review
-3. /pr-findings              # Filter findings by severity
-4. /security-scan            # Deep security audit if needed
+1. /pr summary                  # Quick overview of changes
+2. /pr review                   # Full multi-agent review
+3. /pr findings                 # Filter findings by severity
+4. /sentinel scan               # Deep security audit if needed
 ```

 ### Example 4: Documentation Maintenance
@@ -196,10 +196,10 @@ Reviewing a PR before merge:
 Keeping docs in sync:

 ```
-1. /doc-audit                # Scan for documentation drift
-2. /doc-sync                 # Apply pending updates
-3. /config-analyze           # Check CLAUDE.md health
-4. /config-optimize          # Optimize if needed
+1. /doc audit                   # Scan for documentation drift
+2. /doc sync                    # Apply pending updates
+3. /claude-config analyze       # Check CLAUDE.md health
+4. /claude-config optimize      # Optimize if needed
 ```

 ### Example 5: Code Refactoring Session
@@ -207,11 +207,11 @@ Keeping docs in sync:
 Safe refactoring with preview:

 ```
-1. /refactor-dry             # Preview opportunities
-2. /security-scan            # Baseline security check
-3. /refactor                 # Apply improvements
-4. /test run                 # Verify nothing broke
-5. /commit                   # Commit with descriptive message
+1. /sentinel refactor-dry       # Preview opportunities
+2. /sentinel scan               # Baseline security check
+3. /sentinel refactor           # Apply improvements
+4. /sprint test run             # Verify nothing broke
+5. /gitflow commit              # Commit with descriptive message
 ```

 ### Example 6: Infrastructure Documentation
@@ -219,10 +219,10 @@ Safe refactoring with preview:
 Managing infrastructure with CMDB:

 ```
-1. /cmdb-search "server"     # Find existing devices
-2. /cmdb-device view X       # Check device details
-3. /cmdb-ip list             # List available IPs
-4. /cmdb-site view Y         # Check site info
+1. /cmdb search "server"        # Find existing devices
+2. /cmdb device view X          # Check device details
+3. /cmdb ip list                # List available IPs
+4. /cmdb site view Y            # Check site info
 ```

 ### Example 6b: Data Engineering Workflow
@@ -230,12 +230,12 @@ Managing infrastructure with CMDB:
 Working with data pipelines:

 ```
-1. /ingest file.csv          # Load data into DataFrame
-2. /profile                  # Generate data profiling report
-3. /schema                   # Explore database schemas
-4. /lineage model_name       # View dbt model dependencies
-5. /run model_name           # Execute dbt models
-6. /explain "SELECT ..."     # Analyze query execution plan
+1. /data ingest file.csv        # Load data into DataFrame
+2. /data profile                # Generate data profiling report
+3. /data schema                 # Explore database schemas
+4. /data lineage model_name     # View dbt model dependencies
+5. /data run model_name         # Execute dbt models
+6. /data explain "SELECT ..."   # Analyze query execution plan
 ```

 ### Example 7: First-Time Setup (New Machine)
@@ -243,13 +243,13 @@ Working with data pipelines:
 Setting up the marketplace for the first time:

 ```
-1. /setup --full             # Full setup: MCP + system config + project
+1. /projman setup --full        # Full setup: MCP + system config + project
   # → Follow prompts for Gitea URL, org
   # → Add token manually when prompted
   # → Confirm repository name
 2. # Restart Claude Code session
-3. /labels-sync              # Sync Gitea labels
-4. /sprint-plan              # Plan first sprint
+3. /labels sync                 # Sync Gitea labels
+4. /sprint plan                 # Plan first sprint
 ```

 ### Example 8: New Project Setup (System Already Configured)
@@ -257,22 +257,23 @@ Setting up the marketplace for the first time:
 Adding a new project when system config exists:

 ```
-1. /setup --quick            # Quick project setup (auto-detected)
+1. /projman setup --quick       # Quick project setup (auto-detected)
   # → Confirms detected repo name
   # → Creates .env
-2. /labels-sync              # Sync Gitea labels
-3. /sprint-plan              # Plan first sprint
+2. /labels sync                 # Sync Gitea labels
+3. /sprint plan                 # Plan first sprint
 ```

 ---

 ## Quick Tips

- **Hooks run automatically** - doc-guardian and code-sentinel protect you without manual invocation
- **Use `/commit` over `git commit`** - generates better commit messages following conventions
- **Run `/review` before `/sprint-close`** - catches issues before closing the sprint
- **Use `/clarify` for vague requests** - especially helpful for complex requirements
- **`/refactor-dry` is safe** - always preview before applying refactoring changes
+- **Hooks run automatically** - code-sentinel and git-flow protect you without manual invocation
+- **Use `/gitflow commit` over `git commit`** - generates better commit messages following conventions
+- **Run `/sprint review` before `/sprint close`** - catches issues before closing the sprint
+- **Use `/clarity clarify` for vague requests** - especially helpful for complex requirements
+- **`/sentinel refactor-dry` is safe** - always preview before applying refactoring changes
+- **`/gitflow commit --push`** replaces the old `/git-commit-push` - fewer commands to remember

 ---

@@ -293,4 +294,4 @@ Ensure credentials are configured in `~/.config/claude/gitea.env`, `~/.config/cl

 ---

-*Last Updated: 2026-02-02*
+*Last Updated: 2026-02-06*
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -9,7 +9,7 @@ Centralized configuration documentation for all plugins and MCP servers in the L
 **After installing the marketplace and plugins via Claude Code:**

 ```
-/setup
+/projman setup
 ```

 The interactive wizard auto-detects what's needed and handles everything except manually adding your API tokens.
@@ -25,8 +25,8 @@ The interactive wizard auto-detects what's needed and handles everything except
 └─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
-                              /setup --full
-                          (or /setup auto-detects)
+                             /projman setup --full
+                         (or /projman setup auto-detects)
                                    │
     ┌──────────────────────────────┼──────────────────────────────┐
     ▼                              ▼                              ▼
@@ -79,7 +79,7 @@ The interactive wizard auto-detects what's needed and handles everything except
                                    │
                    ┌───────────────┴───────────────┐
                    ▼                               ▼
-             /setup --quick                     /setup
+            /projman setup --quick                  /projman setup
             (explicit mode)               (auto-detects mode)
                    │                               │
                    │                    ┌──────────┴──────────┐
@@ -109,7 +109,7 @@ The interactive wizard auto-detects what's needed and handles everything except

 ## What Runs Automatically vs User Interaction

-### `/setup --full` - Full Setup
+### `/projman setup --full` - Full Setup

 | Phase | Type | What Happens |
 |-------|------|--------------|
@@ -121,7 +121,7 @@ The interactive wizard auto-detects what's needed and handles everything except
 | **6. Project Config** | Automated | Creates `.env` file, checks `.gitignore` |
 | **7. Validation** | Automated | Tests API connectivity, shows summary |

-### `/setup --quick` - Quick Project Setup
+### `/projman setup --quick` - Quick Project Setup

 | Phase | Type | What Happens |
 |-------|------|--------------|
@@ -136,10 +136,10 @@ The interactive wizard auto-detects what's needed and handles everything except

 | Mode | When to Use | What It Does |
 |------|-------------|--------------|
-| `/setup` | Any time | Auto-detects: runs full, quick, or sync as needed |
-| `/setup --full` | First time on a machine | Full setup: MCP server + system config + project config |
-| `/setup --quick` | Starting a new project | Quick setup: project config only (assumes system is ready) |
-| `/setup --sync` | After repo move/rename | Updates .env to match current git remote |
+| `/projman setup` | Any time | Auto-detects: runs full, quick, or sync as needed |
+| `/projman setup --full` | First time on a machine | Full setup: MCP server + system config + project config |
+| `/projman setup --quick` | Starting a new project | Quick setup: project config only (assumes system is ready) |
+| `/projman setup --sync` | After repo move/rename | Updates .env to match current git remote |

 **Auto-detection logic:**
 1. No system config → **full** mode
@@ -148,9 +148,9 @@ The interactive wizard auto-detects what's needed and handles everything except
 4. Both exist, match → already configured, offer to reconfigure

 **Typical workflow:**
-1. Install plugin → run `/setup` (auto-runs full mode)
-2. Start new project → run `/setup` (auto-runs quick mode)
-3. Repository moved? → run `/setup` (auto-runs sync mode)
+1. Install plugin → run `/projman setup` (auto-runs full mode)
+2. Start new project → run `/projman setup` (auto-runs quick mode)
+3. Repository moved? → run `/projman setup` (auto-runs sync mode)

 ---

@@ -182,7 +182,7 @@ This marketplace uses a **hybrid configuration** approach:

 **Benefits:**
 - Single token per service (update once, use everywhere)
- Easy multi-project setup (just run `/setup` in each project)
+- Easy multi-project setup (just run `/projman setup` in each project)
 - Security (tokens never committed to git, never typed into AI chat)
 - Project isolation (each project can override defaults)

@@ -190,7 +190,7 @@ This marketplace uses a **hybrid configuration** approach:

 ## Prerequisites

-Before running `/setup`:
+Before running `/projman setup`:

 1. **Python 3.10+** installed
   ```bash
@@ -213,7 +213,7 @@ Before running `/setup`:
 Run the setup wizard in Claude Code:

 ```
-/setup
+/projman setup
 ```

 The wizard will guide you through each step interactively and auto-detect the appropriate mode.
@@ -387,18 +387,18 @@ PR_REVIEW_AUTO_SUBMIT=false

 | Plugin | System Config | Project Config | Setup Command |
 |--------|---------------|----------------|---------------|
-| **projman** | gitea.env | .env (GITEA_REPO=owner/repo) | `/setup` |
-| **pr-review** | gitea.env | .env (GITEA_REPO=owner/repo) | `/initial-setup` |
+| **projman** | gitea.env | .env (GITEA_REPO=owner/repo) | `/projman setup` |
+| **pr-review** | gitea.env | .env (GITEA_REPO=owner/repo) | `/pr setup` |
 | **git-flow** | git-flow.env (optional) | .env (optional) | None needed |
 | **clarity-assist** | None | None | None needed |
-| **cmdb-assistant** | netbox.env | None | `/initial-setup` |
-| **data-platform** | postgres.env | .env (optional) | `/initial-setup` |
-| **viz-platform** | None | .env (optional DMC_VERSION) | `/initial-setup` |
+| **cmdb-assistant** | netbox.env | None | `/cmdb setup` |
+| **data-platform** | postgres.env | .env (optional) | `/data setup` |
+| **viz-platform** | None | .env (optional DMC_VERSION) | `/viz setup` |
 | **doc-guardian** | None | None | None needed |
 | **code-sentinel** | None | None | None needed |
 | **project-hygiene** | None | None | None needed |
 | **claude-config-maintainer** | None | None | None needed |
-| **contract-validator** | None | None | `/initial-setup` |
+| **contract-validator** | None | None | `/cv setup` |

 ---

@@ -408,18 +408,230 @@ Once system-level config is set up, adding new projects is simple:

 ```
 cd ~/projects/new-project
-/setup
+/projman setup
 ```

 The command auto-detects that system config exists and runs quick project setup.

 ---

+## Installing Plugins to Consumer Projects
+
+The marketplace provides scripts to install plugins into consumer projects. This sets up the MCP server connections and adds CLAUDE.md integration snippets.
+
+### Install a Plugin
+
+```bash
+cd /path/to/leo-claude-mktplace
+./scripts/install-plugin.sh <plugin-name> <target-project-path>
+```
+
+**Examples:**
+```bash
+# Install data-platform to a portfolio project
+./scripts/install-plugin.sh data-platform ~/projects/personal-portfolio
+
+# Install multiple plugins
+./scripts/install-plugin.sh viz-platform ~/projects/personal-portfolio
+./scripts/install-plugin.sh projman ~/projects/personal-portfolio
+```
+
+**What it does:**
+1. Validates the plugin exists in the marketplace
+2. Adds MCP server entry to target's `.mcp.json` (if plugin has MCP server)
+3. Appends integration snippet to target's `CLAUDE.md`
+4. Reports changes and lists available commands
+
+**After installation:** Restart your Claude Code session for MCP tools to become available.
+
+### Uninstall a Plugin
+
+```bash
+./scripts/uninstall-plugin.sh <plugin-name> <target-project-path>
+```
+
+Removes the MCP server entry and CLAUDE.md integration section.
+
+### List Installed Plugins
+
+```bash
+./scripts/list-installed.sh <target-project-path>
+```
+
+Shows which marketplace plugins are installed, partially installed, or available.
+
+**Output example:**
+```
+✓ Fully Installed:
+  PLUGIN                   VERSION    DESCRIPTION
+  ------                   -------    -----------
+  data-platform            1.3.0      pandas, PostgreSQL, and dbt integration...
+  viz-platform             1.1.0      DMC validation, Plotly charts, and theming...
+
+○ Available (not installed):
+  projman                  3.4.0      Sprint planning and project management...
+```
+
+### Plugins with MCP Servers
+
+Not all plugins have MCP servers. The install script handles this automatically:
+
+| Plugin | Has MCP Server | Notes |
+|--------|---------------|-------|
+| data-platform | ✓ | pandas, PostgreSQL, dbt tools |
+| viz-platform | ✓ | DMC validation, chart, theme tools |
+| contract-validator | ✓ | Plugin compatibility validation |
+| cmdb-assistant | ✓ (via netbox) | NetBox CMDB tools |
+| projman | ✓ (via gitea) | Issue, wiki, PR tools |
+| pr-review | ✓ (via gitea) | PR review tools |
+| git-flow | ✗ | Commands only |
+| doc-guardian | ✗ | Commands and hooks only |
+| code-sentinel | ✗ | Commands and hooks only |
+| clarity-assist | ✗ | Commands only |
+
+### Script Requirements
+
+- **jq** must be installed (`sudo apt install jq`)
+- Scripts are idempotent (safe to run multiple times)
+
+---
+
+## Agent Frontmatter Configuration
+
+Agents specify their configuration in frontmatter using Claude Code's supported fields. Reference: https://code.claude.com/docs/en/sub-agents
+
+### Supported Frontmatter Fields
+
+| Field | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `name` | Yes | — | Unique identifier, lowercase + hyphens |
+| `description` | Yes | — | When Claude should delegate to this subagent |
+| `model` | No | `inherit` | `sonnet`, `opus`, `haiku`, or `inherit` |
+| `permissionMode` | No | `default` | Controls permission prompts: `default`, `acceptEdits`, `dontAsk`, `bypassPermissions`, `plan` |
+| `disallowedTools` | No | none | Comma-separated tools to remove from agent's toolset |
+| `skills` | No | none | Comma-separated skills auto-injected into context at startup |
+| `hooks` | No | none | Lifecycle hooks scoped to this subagent |
+
+### Complete Agent Matrix
+
+| Plugin | Agent | `model` | `permissionMode` | `disallowedTools` | `skills` |
+|--------|-------|---------|-------------------|--------------------|----------|
+| projman | planner | opus | default | — | frontmatter (2) + body text (12) |
+| projman | orchestrator | sonnet | acceptEdits | — | frontmatter (2) + body text (10) |
+| projman | executor | sonnet | bypassPermissions | — | frontmatter (7) |
+| projman | code-reviewer | opus | default | Write, Edit, MultiEdit | frontmatter (4) |
+| pr-review | coordinator | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | performance-analyst | sonnet | plan | Write, Edit, MultiEdit | — |
+| pr-review | maintainability-auditor | haiku | plan | Write, Edit, MultiEdit | — |
+| pr-review | test-validator | haiku | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-advisor | sonnet | default | — | — |
+| data-platform | data-analysis | sonnet | plan | Write, Edit, MultiEdit | — |
+| data-platform | data-ingestion | haiku | acceptEdits | — | — |
+| viz-platform | design-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| viz-platform | layout-builder | sonnet | default | — | — |
+| viz-platform | component-check | haiku | plan | Write, Edit, MultiEdit | — |
+| viz-platform | theme-setup | haiku | acceptEdits | — | — |
+| contract-validator | full-validation | sonnet | default | — | — |
+| contract-validator | agent-check | haiku | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | security-reviewer | sonnet | plan | Write, Edit, MultiEdit | — |
+| code-sentinel | refactor-advisor | sonnet | acceptEdits | — | — |
+| doc-guardian | doc-analyzer | sonnet | acceptEdits | — | — |
+| clarity-assist | clarity-coach | sonnet | default | Write, Edit, MultiEdit | — |
+| git-flow | git-assistant | haiku | acceptEdits | — | — |
+| claude-config-maintainer | maintainer | sonnet | acceptEdits | — | frontmatter (2) |
+| cmdb-assistant | cmdb-assistant | sonnet | default | — | — |
+
+### Design Principles
+
+- `bypassPermissions` is granted to exactly ONE agent (Executor) which has code-sentinel PreToolUse hook + Code Reviewer downstream as safety nets.
+- `plan` mode is assigned to all pure analysis agents (pr-review, read-only validators).
+- `disallowedTools: Write, Edit, MultiEdit` provides defense-in-depth on agents that should never write files.
+- `skills` frontmatter is used for agents with ≤7 skills where guaranteed loading is safety-critical. Agents with 8+ skills use body text `## Skills to Load` for selective loading.
+- `hooks` (agent-scoped) is reserved for future use (v6.0+).
+
+Override any field by editing the agent's `.md` file in `plugins/{plugin}/agents/`.
+
+### permissionMode Guide
+
+| Value | Prompts for file ops? | Prompts for Bash? | Prompts for MCP? | Use when |
+|-------|-----------------------|-------------------|-------------------|----------|
+| `default` | Yes | Yes | No (MCP bypasses permissions) | You want full visibility |
+| `acceptEdits` | No | Yes | No | Core job is file read/write, Bash visibility useful |
+| `dontAsk` | No | No (most) | No | Even Bash prompts are friction |
+| `bypassPermissions` | No | No | No | Agent has downstream safety layers |
+| `plan` | N/A (read-only) | N/A (read-only) | No | Pure analysis, no modifications |
+
+### disallowedTools Guide
+
+Use `disallowedTools` to remove specific tools from an agent's toolset. This is a blacklist — the agent inherits all tools from the main thread, then the listed tools are removed.
+
+Prefer `disallowedTools` over `tools` (whitelist) because:
+- New MCP servers are automatically available without updating every agent.
+- Less configuration to maintain.
+- Easier to audit — you only list what's blocked.
+
+Common patterns:
+- `disallowedTools: Write, Edit, MultiEdit` — read-only agent, cannot modify files.
+- `disallowedTools: Bash` — no shell access (rare, most agents need at least read-only Bash).
+
+### skills Frontmatter Guide
+
+The `skills` field auto-injects skill file contents into the agent's context window at startup. The agent does NOT need to read the files — they are already present.
+
+**When to use frontmatter `skills`:**
+- Agent has ≤7 skills.
+- Skills are safety-critical (e.g., `branch-security`, `runaway-detection`).
+- You need guaranteed loading — no risk of the agent skipping a skill.
+
+**When to keep body text `## Skills to Load`:**
+- Agent has 8+ skills (context window cost too high for full injection).
+- Skills are situational — not all needed for every invocation.
+- Agent benefits from selective loading based on the specific task.
+
+Skill names in frontmatter are resolved relative to the plugin's `skills/` directory. Use the filename without the `.md` extension.
+
+### Phase-Based Skill Loading (Body Text)
+
+For agents with 8+ skills, use **phase-based loading** in the agent body text. This structures skill reads into logical phases, with explicit instructions to read each skill exactly once.
+
+**Pattern:**
+
+```markdown
+## Skill Loading Protocol
+
+**Frontmatter skills (auto-injected, always available — DO NOT re-read these):**
+- `skill-a` — description
+- `skill-b` — description
+
+**Phase 1 skills — read ONCE at session start:**
+- skills/validation-skill.md
+- skills/safety-skill.md
+
+**Phase 2 skills — read ONCE when entering main work:**
+- skills/workflow-skill.md
+- skills/domain-skill.md
+
+**CRITICAL: Read each skill file exactly ONCE. Do NOT re-read skill files between MCP API calls.**
+```
+
+**Benefits:**
+- Frontmatter skills (always needed) are auto-injected — zero file read cost
+- Phase skills are read once at the appropriate time — not re-read per API call
+- `batch-execution` skill provides protocol for API-heavy phases
+- ~76-83% reduction in skill-related token consumption for typical sprints
+
+**Currently applied to:**
+- Planner agent: 2 frontmatter + 12 body text (3 phases)
+- Orchestrator agent: 2 frontmatter + 10 body text (2 phases)
+
+---
+
 ## Automatic Validation Features

 ### API Validation

-When running `/setup`, the command:
+When running `/projman setup`, the command:

 1. **Detects** organization and repository from git remote URL
 2. **Validates** via Gitea API: `GET /api/v1/repos/{org}/{repo}`
@@ -434,7 +646,7 @@ When you start a Claude Code session, a hook automatically:

 1. Reads `GITEA_REPO` (in `owner/repo` format) from `.env`
 2. Compares with current `git remote get-url origin`
-3. **Warns** if mismatch detected: "Repository location mismatch. Run `/setup --sync` to update."
+3. **Warns** if mismatch detected: "Repository location mismatch. Run `/projman setup --sync` to update."

 This helps when you:
 - Move a repository to a different organization
@@ -456,7 +668,7 @@ curl -H "Authorization: token $GITEA_API_TOKEN" "$GITEA_API_URL/user"

 In Claude Code, after restarting your session:
 ```
-/labels-sync
+/labels sync
 ```

 If this works, your setup is complete.
@@ -529,7 +741,7 @@ cat .env

 3. **Never type tokens into AI chat**
   - Always edit config files directly in your editor
-   - The `/setup` wizard respects this
+   - The `/projman setup` wizard respects this

 4. **Rotate tokens periodically**
   - Every 6-12 months
--- a/docs/DEBUGGING-CHECKLIST.md
+++ b/docs/DEBUGGING-CHECKLIST.md
@@ -279,8 +279,8 @@ Error: Could not find a suitable TLS CA certificate bundle, invalid path:

 Use these commands for automated checking:

- `/debug report` - Run full diagnostics, create issue if problems found
- `/debug review` - Investigate existing diagnostic issues and propose fixes
+- `/cv status` - Marketplace-wide health check (installation, MCP, configuration)
+- `/hygiene check` - Project file organization and cleanup check

 ---

--- a/docs/MIGRATION-v9.md
+++ b/docs/MIGRATION-v9.md
@@ -0,0 +1,215 @@
+# Migration Guide: v8.x → v9.0.0
+
+## Overview
+
+v9.0.0 standardizes all commands to the `/<noun> <action>` sub-command pattern. Every command in the marketplace now follows this convention.
+
+**Breaking change:** All old command names are removed. Update your workflows, scripts, and CLAUDE.md references.
+
+---
+
+## Complete Command Mapping
+
+### projman
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/sprint-plan` | `/sprint plan` | |
+| `/sprint-start` | `/sprint start` | |
+| `/sprint-status` | `/sprint status` | |
+| `/sprint-close` | `/sprint close` | |
+| `/pm-review` | `/sprint review` | Moved under `/sprint` |
+| `/pm-test` | `/sprint test` | Moved under `/sprint` |
+| `/pm-setup` | `/projman setup` | Moved under `/projman` |
+| `/pm-debug` | `/projman debug` | Moved under `/projman` |
+| `/labels-sync` | `/labels sync` | |
+| `/suggest-version` | `/projman suggest-version` | Moved under `/projman` |
+| `/proposal-status` | `/projman proposal-status` | Moved under `/projman` |
+| `/rfc <sub>` | `/rfc <sub>` | Unchanged |
+| `/project <sub>` | `/project <sub>` | Unchanged |
+| `/adr <sub>` | `/adr <sub>` | Unchanged |
+
+### git-flow
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/git-commit` | `/gitflow commit` | |
+| `/git-commit-push` | `/gitflow commit --push` | **Consolidated** into flag |
+| `/git-commit-merge` | `/gitflow commit --merge` | **Consolidated** into flag |
+| `/git-commit-sync` | `/gitflow commit --sync` | **Consolidated** into flag |
+| `/branch-start` | `/gitflow branch-start` | |
+| `/branch-cleanup` | `/gitflow branch-cleanup` | |
+| `/git-status` | `/gitflow status` | |
+| `/git-config` | `/gitflow config` | |
+
+**Note:** The three commit variants (`-push`, `-merge`, `-sync`) are now flags on `/gitflow commit`. This reduces 8 commands to 5.
+
+### pr-review
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/pr-review` | `/pr review` | |
+| `/pr-summary` | `/pr summary` | |
+| `/pr-findings` | `/pr findings` | |
+| `/pr-diff` | `/pr diff` | |
+| `/pr-setup` | `/pr setup` | |
+| `/project-init` | `/pr init` | Renamed |
+| `/project-sync` | `/pr sync` | Renamed |
+
+### clarity-assist
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/clarify` | `/clarity clarify` | |
+| `/quick-clarify` | `/clarity quick-clarify` | |
+
+### doc-guardian
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/doc-audit` | `/doc audit` | |
+| `/doc-sync` | `/doc sync` | |
+| `/changelog-gen` | `/doc changelog-gen` | Moved under `/doc` |
+| `/doc-coverage` | `/doc coverage` | |
+| `/stale-docs` | `/doc stale-docs` | Moved under `/doc` |
+
+### code-sentinel
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/security-scan` | `/sentinel scan` | |
+| `/refactor` | `/sentinel refactor` | |
+| `/refactor-dry` | `/sentinel refactor-dry` | |
+
+### claude-config-maintainer
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/config-analyze` (or `/analyze`) | `/claude-config analyze` | |
+| `/config-optimize` (or `/optimize`) | `/claude-config optimize` | |
+| `/config-init` (or `/init`) | `/claude-config init` | |
+| `/config-diff` | `/claude-config diff` | |
+| `/config-lint` | `/claude-config lint` | |
+| `/config-audit-settings` | `/claude-config audit-settings` | |
+| `/config-optimize-settings` | `/claude-config optimize-settings` | |
+| `/config-permissions-map` | `/claude-config permissions-map` | |
+
+### contract-validator
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/validate-contracts` | `/cv validate` | |
+| `/check-agent` | `/cv check-agent` | |
+| `/list-interfaces` | `/cv list-interfaces` | |
+| `/dependency-graph` | `/cv dependency-graph` | |
+| `/cv-setup` | `/cv setup` | |
+| `/cv status` | `/cv status` | Unchanged |
+
+### cmdb-assistant
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/cmdb-setup` | `/cmdb setup` | |
+| `/cmdb-search` | `/cmdb search` | |
+| `/cmdb-device` | `/cmdb device` | |
+| `/cmdb-ip` | `/cmdb ip` | |
+| `/cmdb-site` | `/cmdb site` | |
+| `/cmdb-audit` | `/cmdb audit` | |
+| `/cmdb-register` | `/cmdb register` | |
+| `/cmdb-sync` | `/cmdb sync` | |
+| `/cmdb-topology` | `/cmdb topology` | |
+| `/change-audit` | `/cmdb change-audit` | Moved under `/cmdb` |
+| `/ip-conflicts` | `/cmdb ip-conflicts` | Moved under `/cmdb` |
+
+### data-platform
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/data-ingest` | `/data ingest` | |
+| `/data-profile` | `/data profile` | |
+| `/data-schema` | `/data schema` | |
+| `/data-explain` | `/data explain` | |
+| `/data-lineage` | `/data lineage` | |
+| `/data-run` | `/data run` | |
+| `/lineage-viz` | `/data lineage-viz` | Moved under `/data` |
+| `/dbt-test` | `/data dbt-test` | Moved under `/data` |
+| `/data-quality` | `/data quality` | |
+| `/data-review` | `/data review` | |
+| `/data-gate` | `/data gate` | |
+| `/data-setup` | `/data setup` | |
+
+### viz-platform
+
+| Old (v8.x) | New (v9.0.0) | Notes |
+|-------------|--------------|-------|
+| `/viz-setup` | `/viz setup` | |
+| `/viz-chart` | `/viz chart` | |
+| `/viz-chart-export` | `/viz chart-export` | |
+| `/viz-dashboard` | `/viz dashboard` | |
+| `/viz-theme` | `/viz theme` | |
+| `/viz-theme-new` | `/viz theme-new` | |
+| `/viz-theme-css` | `/viz theme-css` | |
+| `/viz-component` | `/viz component` | |
+| `/accessibility-check` | `/viz accessibility-check` | Moved under `/viz` |
+| `/viz-breakpoints` | `/viz breakpoints` | |
+| `/design-review` | `/viz design-review` | Moved under `/viz` |
+| `/design-gate` | `/viz design-gate` | Moved under `/viz` |
+
+### project-hygiene
+
+No changes — already used `/<noun> <action>` pattern.
+
+| Command | Status |
+|---------|--------|
+| `/hygiene check` | Unchanged |
+
+---
+
+## Verifying Plugin Installation (v9.0.0)
+
+Test commands use the new format:
+
+| Plugin | Test Command |
+|--------|--------------|
+| git-flow | `/git-flow:gitflow-status` |
+| projman | `/projman:sprint-status` |
+| pr-review | `/pr-review:pr-summary` |
+| clarity-assist | `/clarity-assist:clarity-clarify` |
+| doc-guardian | `/doc-guardian:doc-audit` |
+| code-sentinel | `/code-sentinel:sentinel-scan` |
+| claude-config-maintainer | `/claude-config-maintainer:claude-config-analyze` |
+| cmdb-assistant | `/cmdb-assistant:cmdb-search` |
+| data-platform | `/data-platform:data-ingest` |
+| viz-platform | `/viz-platform:viz-chart` |
+| contract-validator | `/contract-validator:cv-validate` |
+
+---
+
+## CLAUDE.md Updates
+
+If your project's CLAUDE.md references old command names, update them:
+
+**Find old references:**
+```bash
+grep -rn '/sprint-plan\|/pm-setup\|/git-commit\|/pr-review\|/security-scan\|/config-analyze\|/validate-contracts\|/cmdb-search\|/data-ingest\|/viz-chart\b\|/clarify\b\|/doc-audit' CLAUDE.md
+```
+
+**Key patterns to search and replace:**
+- `/sprint-plan` → `/sprint plan`
+- `/pm-setup` → `/projman setup`
+- `/pm-review` → `/sprint review`
+- `/git-commit` → `/gitflow commit`
+- `/pr-review` → `/pr review`
+- `/security-scan` → `/sentinel scan`
+- `/refactor` → `/sentinel refactor`
+- `/config-analyze` → `/claude-config analyze`
+- `/validate-contracts` → `/cv validate`
+- `/clarify` → `/clarity clarify`
+- `/doc-audit` → `/doc audit`
+- `/cmdb-search` → `/cmdb search`
+- `/data-ingest` → `/data ingest`
+- `/viz-chart` → `/viz chart`
+
+---
+
+*Last Updated: 2026-02-06*
--- a/docs/UPDATING.md
+++ b/docs/UPDATING.md
@@ -46,9 +46,9 @@ cd ~/.claude/plugins/marketplaces/leo-claude-mktplace && ./scripts/setup.sh

 ## After Updating: Re-run Setup if Needed

-### When to Re-run `/initial-setup`
+### When to Re-run Setup

-You typically **don't need** to re-run setup after updates. However, re-run if:
+You typically **don't need** to re-run setup after updates. However, re-run your plugin's setup command (e.g., `/projman setup`, `/pr setup`, `/cmdb setup`) if:

 - Changelog mentions **new required environment variables**
 - Changelog mentions **breaking changes** to configuration
@@ -59,7 +59,7 @@ You typically **don't need** to re-run setup after updates. However, re-run if:
 If an update requires new project-level configuration:

 ```
-/project-init
+/pr init
 ```

 This will detect existing settings and only add what's missing.
@@ -97,9 +97,9 @@ When updating, review if changes affect the setup workflow:

 1. **Check for setup command changes:**
   ```bash
-   git diff HEAD~1 plugins/*/commands/initial-setup.md
-   git diff HEAD~1 plugins/*/commands/project-init.md
-   git diff HEAD~1 plugins/*/commands/project-sync.md
+   git diff HEAD~1 plugins/*/commands/*-setup.md
+   git diff HEAD~1 plugins/*/commands/pr-init.md
+   git diff HEAD~1 plugins/*/commands/pr-sync.md
   ```

 2. **Check for hook changes:**
@@ -114,7 +114,7 @@ When updating, review if changes affect the setup workflow:

 **If setup commands changed:**
 - Review what's new (new validation steps, new prompts, etc.)
- Consider re-running `/initial-setup` or `/project-init` to benefit from improvements
+- Consider re-running your plugin's setup command or `/pr init` to benefit from improvements
 - Existing configurations remain valid unless changelog notes breaking changes

 **If hooks changed:**
@@ -123,7 +123,7 @@ When updating, review if changes affect the setup workflow:

 **If configuration structure changed:**
 - Check if new variables are required
- Run `/project-sync` if repository detection logic improved
+- Run `/pr sync` if repository detection logic improved

 ---

@@ -142,7 +142,7 @@ deactivate
 ### Configuration no longer works

 1. Check CHANGELOG.md for breaking changes
-2. Run `/initial-setup` to re-validate and fix configuration
+2. Run your plugin's setup command (e.g., `/projman setup`) to re-validate and fix configuration
 3. Compare your config files with documentation in `docs/CONFIGURATION.md`

 ### MCP server won't start after update
--- a/docs/architecture/agent-workflow.spec.md
+++ b/docs/architecture/agent-workflow.spec.md
@@ -27,7 +27,7 @@

 | ID | Label | Type | Lane | Sequence |
 |----|-------|------|------|----------|
-| p1-start | /sprint-plan | rounded-rect | user-lane | 1 |
+| p1-start | /sprint plan | rounded-rect | user-lane | 1 |
 | p1-activate | Planner Activates | rectangle | planner-lane | 2 |
 | p1-search-lessons | Search Lessons Learned | rectangle | planner-lane | 3 |
 | p1-gitea-wiki-query | Query Past Lessons (Wiki) | rectangle | gitea-lane | 4 |
@@ -61,7 +61,7 @@

 | ID | Label | Type | Lane | Sequence |
 |----|-------|------|------|----------|
-| p2-start | /sprint-start | rounded-rect | user-lane | 11 |
+| p2-start | /sprint start | rounded-rect | user-lane | 11 |
 | p2-orch-activate | Orchestrator Activates | rectangle | orchestrator-lane | 12 |
 | p2-fetch-issues | Fetch Sprint Issues | rectangle | orchestrator-lane | 13 |
 | p2-gitea-list | List Open Issues | rectangle | gitea-lane | 14 |
@@ -128,7 +128,7 @@

 | ID | Label | Type | Lane | Sequence |
 |----|-------|------|------|----------|
-| p3-start | /sprint-close | rounded-rect | user-lane | 31 |
+| p3-start | /sprint close | rounded-rect | user-lane | 31 |
 | p3-orch-activate | Orchestrator Activates | rectangle | orchestrator-lane | 32 |
 | p3-review | Review Sprint | rectangle | orchestrator-lane | 33 |
 | p3-gitea-status | Get Final Status | rectangle | gitea-lane | 34 |
--- a/docs/designs/data-seed.md
+++ b/docs/designs/data-seed.md
@@ -0,0 +1,70 @@
+# Design: data-seed
+
+**Domain:** `data`
+**Target Version:** v9.3.0
+
+## Purpose
+
+Test data generation and database seeding. Generates realistic fake data based on schema definitions, supports reproducible seeds, and manages seed files for development and testing environments.
+
+## Target Users
+
+- Developers needing test data for local development
+- QA teams requiring reproducible datasets
+- Projects with complex relational data models
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/seed setup` | Setup wizard — detect schema source, configure output paths |
+| `/seed generate` | Generate seed data from schema or model definitions |
+| `/seed apply` | Apply seed data to database or create fixture files |
+| `/seed profile` | Define reusable data profiles (small, medium, large, edge-cases) |
+| `/seed validate` | Validate seed data against schema constraints and foreign keys |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `seed-generator` | sonnet | acceptEdits | Data generation, profile management |
+| `seed-validator` | haiku | plan | Read-only validation of seed data integrity |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `schema-inference` | Infer data types and constraints from models/migrations |
+| `faker-patterns` | Realistic data generation patterns (names, emails, addresses, etc.) |
+| `relationship-resolution` | Foreign key and relationship-aware data generation |
+| `profile-management` | Seed profile definitions and sizing |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** Seed data is generated as files (JSON, SQL, CSV). Database insertion is handled by the application's own tooling.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| saas-db-migrate | Schema models used as seed generation input |
+| data-platform | Generated data can be loaded via `/data ingest` |
+| saas-test-pilot | Seed data used in integration test fixtures |
+| projman | Issue labels: `Component/Data`, `Tech/Faker` |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~500 |
+| Dispatch file (`seed.md`) | ~200 |
+| 5 commands (avg) | ~3,000 |
+| 2 agents | ~1,000 |
+| 5 skills | ~2,000 |
+| **Total** | **~6,700** |
+
+## Open Questions
+
+- Should we support database-specific seed formats (pg_dump, mysqldump)?
+- Integration with Faker library or custom generation?
--- a/docs/designs/debug-mcp.md
+++ b/docs/designs/debug-mcp.md
@@ -0,0 +1,70 @@
+# Design: debug-mcp
+
+**Domain:** `debug`
+**Target Version:** v9.8.0
+
+## Purpose
+
+MCP server debugging and development toolkit. Provides tools for inspecting MCP server health, testing tool calls, viewing server logs, and developing new MCP servers. Essential for marketplace developers building or troubleshooting MCP integrations.
+
+## Target Users
+
+- Plugin developers building MCP servers
+- Users troubleshooting MCP connectivity issues
+- Marketplace maintainers validating MCP configurations
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/debug-mcp status` | Show all MCP servers: running/failed, tool count, last error |
+| `/debug-mcp test` | Test a specific MCP tool call with sample input |
+| `/debug-mcp logs` | View recent MCP server stderr/stdout logs |
+| `/debug-mcp inspect` | Inspect MCP server config (.mcp.json entry, venv, dependencies) |
+| `/debug-mcp scaffold` | Generate MCP server skeleton (Python, stdio transport) |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `mcp-debugger` | sonnet | default | Server inspection, log analysis, scaffold generation |
+
+Single agent is sufficient — this plugin is primarily diagnostic with one generative command.
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `mcp-protocol` | MCP stdio protocol, tool/resource/prompt schemas |
+| `server-patterns` | Python MCP server patterns (FastMCP, raw protocol) |
+| `venv-diagnostics` | Virtual environment health checks, dependency validation |
+| `log-analysis` | MCP server error pattern recognition |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** This plugin inspects other MCP servers via file system (reading .mcp.json, checking venvs, reading logs). It does not need its own MCP server.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| contract-validator | `/cv status` delegates to debug-mcp for detailed MCP diagnostics |
+| projman | `/projman setup` can invoke `/debug-mcp status` for post-setup verification |
+| All plugins with MCP | Debug-mcp can diagnose any MCP server in the marketplace |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~500 |
+| Dispatch file (`debug-mcp.md`) | ~200 |
+| 5 commands (avg) | ~3,000 |
+| 1 agent | ~600 |
+| 5 skills | ~2,000 |
+| **Total** | **~6,300** |
+
+## Open Questions
+
+- Should this plugin have a hook that auto-runs on MCP failure (SessionStart)?
+- Should `/debug-mcp scaffold` generate both Python and TypeScript templates?
--- a/docs/designs/ops-deploy-pipeline.md
+++ b/docs/designs/ops-deploy-pipeline.md
@@ -0,0 +1,72 @@
+# Design: ops-deploy-pipeline
+
+**Domain:** `ops`
+**Target Version:** v9.7.0
+
+## Purpose
+
+CI/CD deployment pipeline management for Docker Compose and systemd-based services. Generates deployment configurations, validates pipeline definitions, and manages environment-specific settings. Tailored for self-hosted infrastructure (not cloud-native).
+
+## Target Users
+
+- Self-hosted service operators (Raspberry Pi, VPS, bare-metal)
+- Teams deploying via Docker Compose
+- Projects needing environment-specific configuration management
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/deploy setup` | Setup wizard — detect deployment method, configure targets |
+| `/deploy generate` | Generate docker-compose.yml, Caddyfile entries, systemd units |
+| `/deploy validate` | Validate deployment configs (ports, volumes, networks, env vars) |
+| `/deploy env` | Manage environment-specific config files (.env.production, etc.) |
+| `/deploy check` | Pre-deployment health check (disk, memory, port conflicts) |
+| `/deploy rollback` | Generate rollback plan for a deployment |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `deploy-planner` | sonnet | default | Configuration generation, rollback planning |
+| `deploy-validator` | haiku | plan | Read-only validation of configs and pre-flight checks |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `compose-patterns` | Docker Compose best practices, multi-service patterns |
+| `caddy-conventions` | Caddyfile reverse proxy patterns, subdomain routing |
+| `env-management` | Environment variable management across environments |
+| `health-checks` | Pre-deployment system health validation |
+| `rollback-patterns` | Deployment rollback strategies |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required initially.** Could add SSH-based remote execution MCP server in the future for remote deployment.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| cmdb-assistant | Deployment targets pulled from NetBox device inventory |
+| ops-release-manager | Release tags trigger deployment preparation |
+| projman | Issue labels: `Component/Infra`, `Tech/Docker`, `Tech/Caddy` |
+| code-sentinel | Security scan of deployment configs (exposed ports, secrets in env) |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~700 |
+| Dispatch file (`deploy.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 6 skills | ~2,500 |
+| **Total** | **~8,200** |
+
+## Open Questions
+
+- Should this support Kubernetes/Helm for users who need it?
+- SSH-based remote execution via MCP server for actual deployments?
--- a/docs/designs/ops-release-manager.md
+++ b/docs/designs/ops-release-manager.md
@@ -0,0 +1,71 @@
+# Design: ops-release-manager
+
+**Domain:** `ops`
+**Target Version:** v9.6.0
+
+## Purpose
+
+Release management automation including semantic versioning, changelog generation, release branch creation, and tag management. Coordinates the release process across git, changelogs, and package manifests.
+
+## Target Users
+
+- Project maintainers managing releases
+- Teams following SemVer and conventional commits
+- Projects with multiple version locations to keep in sync
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/release setup` | Setup wizard — detect version locations, configure release flow |
+| `/release prepare` | Prepare release: bump versions, update changelog, create branch |
+| `/release validate` | Pre-release checks (clean tree, tests pass, changelog has content) |
+| `/release tag` | Create and push git tag with release notes |
+| `/release rollback` | Revert a release (delete tag, revert version bump commit) |
+| `/release status` | Show current version, unreleased changes, next version suggestion |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `release-coordinator` | sonnet | acceptEdits | Version bumping, changelog updates, branch/tag creation |
+| `release-validator` | haiku | plan | Pre-release validation, dependency checks |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `version-detection` | Find version locations (package.json, pyproject.toml, marketplace.json, etc.) |
+| `semver-rules` | SemVer bump logic based on conventional commits |
+| `changelog-conventions` | Keep a Changelog format, unreleased section management |
+| `release-workflow` | Branch-based vs tag-based release patterns |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** All operations are git and file-based.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| git-flow | `/release prepare` uses gitflow conventions for branch creation |
+| doc-guardian | `/release validate` checks documentation is up to date |
+| projman | Sprint close can trigger `/release prepare` for sprint-based releases |
+| ops-deploy-pipeline | Release tags trigger deployment pipeline |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~600 |
+| Dispatch file (`release.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 5 skills | ~2,000 |
+| **Total** | **~7,600** |
+
+## Open Questions
+
+- Should this subsume the existing `release.sh` script in this repo?
+- Support for GitHub Releases / Gitea Releases API via MCP?
--- a/docs/designs/saas-api-platform.md
+++ b/docs/designs/saas-api-platform.md
@@ -0,0 +1,71 @@
+# Design: saas-api-platform
+
+**Domain:** `saas`
+**Target Version:** v9.1.0
+
+## Purpose
+
+Provides scaffolding, validation, and development workflow tools for REST and GraphQL API backends. Supports FastAPI (Python) and Express (Node.js) with OpenAPI spec generation, route validation, and middleware management.
+
+## Target Users
+
+- Backend developers building API services
+- Teams using FastAPI or Express frameworks
+- Projects requiring OpenAPI/Swagger documentation
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/api setup` | Setup wizard — detect framework, configure MCP server |
+| `/api scaffold` | Generate API routes, models, schemas from spec or description |
+| `/api validate` | Validate routes against OpenAPI spec, check missing endpoints |
+| `/api docs` | Generate/update OpenAPI spec from code annotations |
+| `/api test-routes` | Generate request/response test cases for API endpoints |
+| `/api middleware` | Add/configure middleware (auth, CORS, rate-limiting, logging) |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `api-architect` | sonnet | default | Route design, schema generation, middleware planning |
+| `api-validator` | haiku | plan | Read-only validation of routes against spec |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `framework-detection` | Detect FastAPI vs Express, identify project structure |
+| `openapi-conventions` | OpenAPI 3.x spec generation rules and patterns |
+| `route-patterns` | RESTful route naming, versioning, pagination conventions |
+| `middleware-catalog` | Common middleware patterns per framework |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** All operations are file-based (reading/writing code and specs). No external API needed.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | Issue labels: `Component/API`, `Tech/FastAPI`, `Tech/Express` |
+| code-sentinel | PreToolUse hook scans generated routes for security issues |
+| saas-test-pilot | `/api test-routes` generates stubs consumable by test-pilot |
+| saas-db-migrate | Schema models shared between API models and migrations |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~800 |
+| Dispatch file (`api.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 5 skills | ~2,500 |
+| **Total** | **~8,300** |
+
+## Open Questions
+
+- Should MCP server be added later for live API testing (curl-like requests)?
+- Support for gRPC/tRPC in addition to REST/GraphQL?
--- a/docs/designs/saas-db-migrate.md
+++ b/docs/designs/saas-db-migrate.md
@@ -0,0 +1,71 @@
+# Design: saas-db-migrate
+
+**Domain:** `saas`
+**Target Version:** v9.2.0
+
+## Purpose
+
+Database migration management for SQL databases. Supports Alembic (Python/SQLAlchemy), Prisma (Node.js), and raw SQL migrations. Provides migration generation, validation, rollback planning, and drift detection.
+
+## Target Users
+
+- Backend developers managing database schemas
+- Teams using SQLAlchemy/Alembic or Prisma
+- Projects needing migration safety checks before deployment
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/db-migrate setup` | Setup wizard — detect ORM/migration tool, configure paths |
+| `/db-migrate generate` | Generate migration from model diff or description |
+| `/db-migrate validate` | Check migration safety (destructive ops, data loss risk, locking) |
+| `/db-migrate plan` | Show migration execution plan with rollback strategy |
+| `/db-migrate history` | Display migration history and current state |
+| `/db-migrate rollback` | Generate rollback migration for a given migration |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `migration-planner` | sonnet | default | Migration generation, rollback planning |
+| `migration-auditor` | haiku | plan | Read-only safety validation (destructive op detection) |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `orm-detection` | Detect Alembic vs Prisma vs raw SQL, identify config |
+| `migration-safety` | Rules for detecting destructive operations (DROP, ALTER, data loss) |
+| `rollback-patterns` | Standard rollback generation patterns per tool |
+| `naming-conventions` | Migration file naming and ordering conventions |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** Migrations are file-based. Database connectivity is handled by the ORM tool itself, not by Claude.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | Issue labels: `Component/Database`, `Tech/SQLAlchemy`, `Tech/Prisma` |
+| saas-api-platform | Schema models shared between API and migration layers |
+| code-sentinel | Migration validation as part of security scan |
+| data-platform | PostgreSQL tools can inspect live schema for drift detection |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~600 |
+| Dispatch file (`db-migrate.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 5 skills | ~2,000 |
+| **Total** | **~7,600** |
+
+## Open Questions
+
+- Should this integrate with data-platform's PostgreSQL MCP server for live schema comparison?
+- Support for NoSQL migration tools (Mongoose, etc.)?
--- a/docs/designs/saas-react-platform.md
+++ b/docs/designs/saas-react-platform.md
@@ -0,0 +1,73 @@
+# Design: saas-react-platform
+
+**Domain:** `saas`
+**Target Version:** v9.4.0
+
+## Purpose
+
+React frontend development toolkit with component scaffolding, routing setup, state management patterns, and build configuration. Supports Next.js and Vite-based React projects with TypeScript.
+
+## Target Users
+
+- Frontend developers building React applications
+- Teams using Next.js or Vite + React
+- Projects needing consistent component architecture
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/react setup` | Setup wizard — detect framework (Next.js/Vite), configure paths |
+| `/react component` | Scaffold React component with props, types, tests, stories |
+| `/react route` | Add route with page component, loader, and error boundary |
+| `/react state` | Set up state management pattern (Context, Zustand, Redux Toolkit) |
+| `/react hook` | Generate custom hook with TypeScript types and tests |
+| `/react lint` | Validate component tree, check prop drilling, detect anti-patterns |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `react-architect` | sonnet | default | Component design, routing, state management |
+| `react-auditor` | haiku | plan | Read-only lint and anti-pattern detection |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `framework-detection` | Detect Next.js vs Vite, App Router vs Pages Router |
+| `component-patterns` | Standard component structure, naming, file organization |
+| `state-patterns` | State management patterns and when to use each |
+| `routing-conventions` | Route naming, dynamic routes, middleware patterns |
+| `typescript-patterns` | TypeScript utility types, generics, prop typing |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** All operations are file-based (component generation, route configuration).
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | Issue labels: `Component/Frontend`, `Tech/React`, `Tech/Next.js` |
+| viz-platform | DMC components integrate with React component architecture |
+| saas-api-platform | API client generation from OpenAPI spec |
+| saas-test-pilot | Component test generation via `/react component` |
+| code-sentinel | Security scan for XSS, unsafe HTML, client-side secrets |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~800 |
+| Dispatch file (`react.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 6 skills | ~3,000 |
+| **Total** | **~8,800** |
+
+## Open Questions
+
+- Should we support Vue.js/Svelte as alternative frameworks?
+- Integration with Storybook for component documentation?
--- a/docs/designs/saas-test-pilot.md
+++ b/docs/designs/saas-test-pilot.md
@@ -0,0 +1,73 @@
+# Design: saas-test-pilot
+
+**Domain:** `saas`
+**Target Version:** v9.5.0
+
+## Purpose
+
+Test automation toolkit supporting unit, integration, and end-to-end testing. Generates test cases from code analysis, manages test fixtures, and provides coverage analysis with gap detection.
+
+## Target Users
+
+- Developers writing tests for Python or JavaScript/TypeScript projects
+- Teams enforcing test coverage requirements
+- Projects needing test generation from existing code
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `/test setup` | Setup wizard — detect test framework, configure paths |
+| `/test generate` | Generate test cases for functions/classes/modules |
+| `/test coverage` | Analyze test coverage and identify untested code paths |
+| `/test fixtures` | Generate or manage test fixtures and mocks |
+| `/test e2e` | Generate end-to-end test scenarios from user stories |
+| `/test run` | Run tests with formatted output and failure analysis |
+
+## Agent Architecture
+
+| Agent | Model | Mode | Role |
+|-------|-------|------|------|
+| `test-architect` | sonnet | acceptEdits | Test generation, fixture creation, e2e scenarios |
+| `coverage-analyst` | haiku | plan | Read-only coverage analysis and gap detection |
+
+## Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `framework-detection` | Detect pytest/Jest/Vitest/Playwright, identify config |
+| `test-patterns` | Unit/integration/e2e test patterns and best practices |
+| `mock-patterns` | Mocking strategies for different dependency types |
+| `coverage-analysis` | Coverage gap detection and prioritization |
+| `fixture-management` | Fixture organization, factories, builders |
+| `visual-header` | Standard command output headers |
+
+## MCP Server
+
+**Not required.** Test generation is file-based. Test execution uses the project's own test runner via Bash.
+
+## Integration Points
+
+| Plugin | Integration |
+|--------|-------------|
+| projman | `/sprint test` delegates to test-pilot when installed |
+| saas-api-platform | API route tests generated from `/api test-routes` |
+| saas-react-platform | Component tests generated alongside components |
+| data-seed | Test fixtures use seed data profiles |
+| code-sentinel | Security test patterns included in generation |
+
+## Token Budget
+
+| Component | Estimated Tokens |
+|-----------|-----------------|
+| `claude-md-integration.md` | ~700 |
+| Dispatch file (`test.md`) | ~200 |
+| 6 commands (avg) | ~3,600 |
+| 2 agents | ~1,200 |
+| 6 skills | ~2,500 |
+| **Total** | **~8,200** |
+
+## Open Questions
+
+- Should `/test run` replace projman's `/sprint test run` or supplement it?
+- Support for property-based testing (Hypothesis, fast-check)?
--- a/docs/prompts/INDEX.md
+++ b/docs/prompts/INDEX.md
--- a/mcp-servers/gitea/.doc-guardian-queue
+++ b/mcp-servers/gitea/.doc-guardian-queue
@@ -0,0 +1,6 @@
+2026-02-03T14:09:25 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/tests/test_config.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:09:33 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/tests/test_gitea_client.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:10:22 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/tests/test_issues.py | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:17:12 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/README.md | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:18:27 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/CHANGELOG.md | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
+2026-02-03T14:18:41 | mcp-servers | /home/lmiranda/claude-plugins-work/mcp-servers/gitea/TESTING.md | docs/COMMANDS-CHEATSHEET.md CLAUDE.md
--- a/mcp-servers/gitea/CHANGELOG.md
+++ b/mcp-servers/gitea/CHANGELOG.md
@@ -0,0 +1,92 @@
+# Changelog
+
+All notable changes to the Gitea MCP Server will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.3.0] - 2026-02-03
+
+### Added
+- Pull request tools (7 tools):
+  - `list_pull_requests` - List PRs from repository
+  - `get_pull_request` - Get specific PR details
+  - `get_pr_diff` - Get PR diff content
+  - `get_pr_comments` - Get comments on a PR
+  - `create_pr_review` - Create PR review (approve/request changes/comment)
+  - `add_pr_comment` - Add comment to PR
+  - `create_pull_request` - Create new pull request
+- Label creation tools (3 tools):
+  - `create_label` - Create repo-level label
+  - `create_org_label` - Create organization-level label
+  - `create_label_smart` - Auto-detect org vs repo for label creation
+- Validation tools (2 tools):
+  - `validate_repo_org` - Check if repo belongs to organization
+  - `get_branch_protection` - Get branch protection rules
+
+### Changed
+- Total tools increased from 20 to 36
+- Updated test suite to 64 tests (was 42)
+
+### Fixed
+- Test fixtures updated to use `owner/repo` format
+- Fixed aggregate_issues tests to pass required `org` argument
+
+## [1.2.0] - 2026-01-28
+
+### Added
+- Milestone management tools (5 tools):
+  - `list_milestones` - List all milestones
+  - `get_milestone` - Get specific milestone
+  - `create_milestone` - Create new milestone
+  - `update_milestone` - Update existing milestone
+  - `delete_milestone` - Delete a milestone
+- Issue dependency tools (4 tools):
+  - `list_issue_dependencies` - List blocking issues
+  - `create_issue_dependency` - Create dependency between issues
+  - `remove_issue_dependency` - Remove dependency
+  - `get_execution_order` - Calculate parallelizable execution order
+
+## [1.1.0] - 2026-01-21
+
+### Added
+- Wiki and lessons learned tools (7 tools):
+  - `list_wiki_pages` - List all wiki pages
+  - `get_wiki_page` - Get specific wiki page content
+  - `create_wiki_page` - Create new wiki page
+  - `update_wiki_page` - Update existing wiki page
+  - `create_lesson` - Create lessons learned entry
+  - `search_lessons` - Search lessons by query/tags
+  - `allocate_rfc_number` - Get next available RFC number
+- Automatic git remote URL detection for repository configuration
+- Support for SSH, HTTPS, and HTTP git URL formats
+
+### Changed
+- Configuration now uses `owner/repo` format exclusively
+- Removed separate `GITEA_OWNER` configuration (now derived from repo path)
+
+## [1.0.0] - 2025-01-06
+
+### Added
+- Initial release with 8 core tools:
+  - `list_issues` - List issues from repository
+  - `get_issue` - Get specific issue details
+  - `create_issue` - Create new issue with labels
+  - `update_issue` - Update existing issue
+  - `add_comment` - Add comment to issue
+  - `get_labels` - Get all labels (org + repo)
+  - `suggest_labels` - Intelligent label suggestion
+  - `aggregate_issues` - Cross-repository issue aggregation (PMO mode)
+- Hybrid configuration system (system + project level)
+- Branch-aware security model
+- Mode detection (project vs company/PMO)
+- 42 unit tests with mocks
+- Comprehensive documentation
+
+[Unreleased]: https://github.com/owner/repo/compare/v1.3.0...HEAD
+[1.3.0]: https://github.com/owner/repo/compare/v1.2.0...v1.3.0
+[1.2.0]: https://github.com/owner/repo/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/owner/repo/compare/v1.0.0...v1.1.0
+[1.0.0]: https://github.com/owner/repo/releases/tag/v1.0.0
--- a/mcp-servers/gitea/README.md
+++ b/mcp-servers/gitea/README.md
@@ -19,8 +19,9 @@ The Gitea MCP Server provides Claude Code with direct access to Gitea for issue
 - **Hybrid Configuration**: System-level credentials + project-level paths
 - **PMO Support**: Multi-repository aggregation for organization-wide views

-### Tools Provided
+### Tools Provided (36 total)

+#### Issue Management (6 tools)
 | Tool | Description | Mode |
 |------|-------------|------|
 | `list_issues` | List issues from repository | Both |
@@ -28,9 +29,61 @@ The Gitea MCP Server provides Claude Code with direct access to Gitea for issue
 | `create_issue` | Create new issue with labels | Both |
 | `update_issue` | Update existing issue | Both |
 | `add_comment` | Add comment to issue | Both |
+| `aggregate_issues` | Cross-repository issue aggregation | PMO Only |
+
+#### Label Management (5 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
 | `get_labels` | Get all labels (org + repo) | Both |
 | `suggest_labels` | Intelligent label suggestion | Both |
-| `aggregate_issues` | Cross-repository issue aggregation | PMO Only |
+| `create_label` | Create repo-level label | Both |
+| `create_org_label` | Create organization-level label | Both |
+| `create_label_smart` | Auto-detect org vs repo for label creation | Both |
+
+#### Wiki & Lessons Learned (7 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_wiki_pages` | List all wiki pages | Both |
+| `get_wiki_page` | Get specific wiki page content | Both |
+| `create_wiki_page` | Create new wiki page | Both |
+| `update_wiki_page` | Update existing wiki page | Both |
+| `create_lesson` | Create lessons learned entry | Both |
+| `search_lessons` | Search lessons by query/tags | Both |
+| `allocate_rfc_number` | Get next available RFC number | Both |
+
+#### Milestone Management (5 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_milestones` | List all milestones | Both |
+| `get_milestone` | Get specific milestone | Both |
+| `create_milestone` | Create new milestone | Both |
+| `update_milestone` | Update existing milestone | Both |
+| `delete_milestone` | Delete a milestone | Both |
+
+#### Issue Dependencies (4 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_issue_dependencies` | List blocking issues | Both |
+| `create_issue_dependency` | Create dependency between issues | Both |
+| `remove_issue_dependency` | Remove dependency | Both |
+| `get_execution_order` | Calculate parallelizable execution order | Both |
+
+#### Pull Request Tools (7 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `list_pull_requests` | List PRs from repository | Both |
+| `get_pull_request` | Get specific PR details | Both |
+| `get_pr_diff` | Get PR diff content | Both |
+| `get_pr_comments` | Get comments on a PR | Both |
+| `create_pr_review` | Create PR review (approve/request changes) | Both |
+| `add_pr_comment` | Add comment to PR | Both |
+| `create_pull_request` | Create new pull request | Both |
+
+#### Validation Tools (2 tools)
+| Tool | Description | Mode |
+|------|-------------|------|
+| `validate_repo_org` | Check if repo belongs to organization | Both |
+| `get_branch_protection` | Get branch protection rules | Both |

 ## Architecture

@@ -40,15 +93,20 @@ The Gitea MCP Server provides Claude Code with direct access to Gitea for issue
 mcp-servers/gitea/
 ├── .venv/                      # Python virtual environment
 ├── requirements.txt            # Python dependencies
+├── run.sh                      # Entry point script
 ├── mcp_server/
 │   ├── __init__.py
-│   ├── server.py              # MCP server entry point
-│   ├── config.py              # Configuration loader
+│   ├── server.py              # MCP server entry point (36 tools)
+│   ├── config.py              # Configuration loader with auto-detection
 │   ├── gitea_client.py        # Gitea API client
 │   └── tools/
 │       ├── __init__.py
-│       ├── issues.py          # Issue tools
-│       └── labels.py          # Label tools
+│       ├── issues.py          # Issue management tools
+│       ├── labels.py          # Label management tools
+│       ├── wiki.py            # Wiki & lessons learned tools
+│       ├── milestones.py      # Milestone management tools
+│       ├── dependencies.py    # Issue dependency tools
+│       └── pull_requests.py   # Pull request tools
 ├── tests/
 │   ├── __init__.py
 │   ├── test_config.py
@@ -56,7 +114,8 @@ mcp-servers/gitea/
 │   ├── test_issues.py
 │   └── test_labels.py
 ├── README.md                   # This file
-└── TESTING.md                  # Testing instructions
+├── TESTING.md                  # Testing instructions
+└── CHANGELOG.md                # Version history
 ```

 ### Mode Detection
@@ -111,7 +170,6 @@ mkdir -p ~/.config/claude
 cat > ~/.config/claude/gitea.env << EOF
 GITEA_API_URL=https://gitea.example.com/api/v1
 GITEA_API_TOKEN=your_gitea_token_here
-GITEA_OWNER=bandit
 EOF

 chmod 600 ~/.config/claude/gitea.env
@@ -137,14 +195,34 @@ For company/PMO mode, omit the `.env` file or don't set `GITEA_REPO`.
 **Required Variables**:
 - `GITEA_API_URL` - Gitea API endpoint (e.g., `https://gitea.example.com/api/v1`)
 - `GITEA_API_TOKEN` - Personal access token with repo permissions
- `GITEA_OWNER` - Organization or user name (e.g., `bandit`)

 ### Project-Level Configuration

 **File**: `<project-root>/.env`

 **Optional Variables**:
- `GITEA_REPO` - Repository name (enables project mode)
+- `GITEA_REPO` - Repository in `owner/repo` format (enables project mode)
+
+### Automatic Repository Detection
+
+If `GITEA_REPO` is not set, the server auto-detects the repository from your git remote:
+
+**Supported URL Formats**:
+- SSH: `ssh://git@gitea.example.com:22/owner/repo.git`
+- SSH short: `git@gitea.example.com:owner/repo.git`
+- HTTPS: `https://gitea.example.com/owner/repo.git`
+- HTTP: `http://gitea.example.com/owner/repo.git`
+
+The repository is extracted as `owner/repo` format automatically.
+
+### Project Directory Detection
+
+The server finds your project directory using these strategies (in order):
+
+1. `CLAUDE_PROJECT_DIR` environment variable (highest priority)
+2. `PWD` environment variable (if `.git` or `.env` present)
+3. Current working directory (if `.git` or `.env` present)
+4. Falls back to company/PMO mode if no project found

 ### Generating Gitea API Token

@@ -220,13 +298,13 @@ suggestions = await label_tools.suggest_labels(context)

 ### Unit Tests

-Run all 42 unit tests with mocks:
+Run all 64 unit tests with mocks:

 ```bash
 pytest tests/ -v
 ```

-Expected: `42 passed in 0.57s`
+Expected: `64 passed`

 ### Integration Tests

@@ -327,11 +405,15 @@ See [TESTING.md](./TESTING.md#troubleshooting) for more details.

 ### Project Structure

- `config.py` - Hybrid configuration loader with mode detection
+- `config.py` - Hybrid configuration loader with auto-detection
 - `gitea_client.py` - Synchronous Gitea API client using requests
- `tools/issues.py` - Async wrappers with branch detection
- `tools/labels.py` - Label management and suggestion
- `server.py` - MCP server with JSON-RPC 2.0 over stdio
+- `tools/issues.py` - Issue management with branch detection
+- `tools/labels.py` - Label management and intelligent suggestions
+- `tools/wiki.py` - Wiki pages and lessons learned
+- `tools/milestones.py` - Milestone CRUD operations
+- `tools/dependencies.py` - Issue dependency tracking
+- `tools/pull_requests.py` - PR review and management
+- `server.py` - MCP server with 36 tools over JSON-RPC 2.0 stdio

 ### Adding New Tools

@@ -374,18 +456,14 @@ def list_issues(self, state='open', labels=None, repo=None):

 ## Changelog

-### v1.0.0 (2025-01-06) - Phase 1 Complete
+See [CHANGELOG.md](./CHANGELOG.md) for full version history.

-✅ Initial implementation:
- Configuration management (hybrid system + project)
- Gitea API client with all CRUD operations
- MCP server with 8 tools
- Issue tools with branch detection
- Label tools with intelligent suggestions
- Mode detection (project vs company)
- Branch-aware security model
- 42 unit tests (100% passing)
- Comprehensive documentation
+### Recent Updates
+
+- **v1.3.0** - Pull request tools (7 tools), label creation tools (3)
+- **v1.2.0** - Milestone management (5 tools), issue dependencies (4 tools)
+- **v1.1.0** - Wiki & lessons learned system (7 tools)
+- **v1.0.0** - Initial release with core issue/label tools (8 tools)

 ## License

@@ -407,6 +485,6 @@ For issues or questions:
 ---

 **Built for**: Leo Claude Marketplace - Project Management Plugins
-**Phase**: 1 (Complete)
+**Tools**: 36
 **Status**: ✅ Production Ready
-**Last Updated**: 2025-01-06
+**Last Updated**: 2026-02-03
--- a/mcp-servers/gitea/TESTING.md
+++ b/mcp-servers/gitea/TESTING.md
@@ -28,7 +28,7 @@ source .venv/bin/activate  # Linux/Mac

 ### Running All Tests

-Run all 42 unit tests:
+Run all 64 unit tests:

 ```bash
 pytest tests/ -v
@@ -36,7 +36,7 @@ pytest tests/ -v

 Expected output:
 ```
-============================== 42 passed in 0.57s ==============================
+============================== 64 passed ==============================
 ```

 ### Running Specific Test Files
@@ -532,7 +532,7 @@ python -m mcp_server.server

 After completing all tests, verify:

- ✅ All 42 unit tests pass
+- ✅ All 64 unit tests pass
 - ✅ MCP server starts without errors
 - ✅ Configuration loads correctly
 - ✅ Gitea API client connects successfully
@@ -548,7 +548,7 @@ After completing all tests, verify:

 Phase 1 is complete when:

-1. **All unit tests pass** (42/42)
+1. **All unit tests pass** (64/64)
 2. **MCP server starts without errors**
 3. **Can list issues from Gitea**
 4. **Can create issues with labels** (in development mode)
--- a/mcp-servers/gitea/mcp_server/init.py
+++ b/mcp-servers/gitea/mcp_server/init.py
@@ -0,0 +1,30 @@
+"""
+Gitea MCP Server package.
+
+Provides MCP tools for Gitea integration via JSON-RPC 2.0.
+
+For external consumers (e.g., HTTP transport), use:
+    from mcp_server import get_tool_definitions, create_tool_dispatcher, GiteaClient
+
+    # Get tool schemas
+    tools = get_tool_definitions()
+
+    # Create dispatcher bound to a client
+    client = GiteaClient()
+    dispatch = create_tool_dispatcher(client)
+    result = await dispatch("list_issues", {"state": "open"})
+"""
+
+__version__ = "1.0.0"
+
+from .tool_registry import get_tool_definitions, create_tool_dispatcher
+from .gitea_client import GiteaClient
+from .config import GiteaConfig
+
+__all__ = [
+    "__version__",
+    "get_tool_definitions",
+    "create_tool_dispatcher",
+    "GiteaClient",
+    "GiteaConfig",
+]
--- a/mcp-servers/gitea/mcp_server/server.py
+++ b/mcp-servers/gitea/mcp_server/server.py
--- a/mcp-servers/gitea/mcp_server/tool_registry.py
+++ b/mcp-servers/gitea/mcp_server/tool_registry.py
--- a/mcp-servers/gitea/pyproject.toml
+++ b/mcp-servers/gitea/pyproject.toml
@@ -0,0 +1,43 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "gitea-mcp-server"
+version = "1.0.0"
+description = "MCP Server for Gitea integration - provides issue, label, wiki, milestone, dependency, and PR tools"
+readme = "README.md"
+requires-python = ">=3.10"
+license = {text = "MIT"}
+authors = [
+    { name = "Leo Miranda" }
+]
+keywords = ["mcp", "gitea", "claude", "tools"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+]
+dependencies = [
+    "mcp>=0.9.0",
+    "python-dotenv>=1.0.0",
+    "requests>=2.31.0",
+    "pydantic>=2.5.0",
+]
+
+[project.optional-dependencies]
+test = [
+    "pytest>=7.4.3",
+    "pytest-asyncio>=0.23.0",
+]
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["mcp_server*"]
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+testpaths = ["tests"]
--- a/mcp-servers/gitea/tests/test_config.py
+++ b/mcp-servers/gitea/tests/test_config.py
@@ -28,7 +28,6 @@ def test_load_system_config(tmp_path, monkeypatch):

    assert result['api_url'] == 'https://test.com/api/v1'
    assert result['api_token'] == 'test_token'
-    assert result['owner'] == 'test_owner'
    assert result['mode'] == 'company'  # No repo specified
    assert result['repo'] is None

--- a/mcp-servers/gitea/tests/test_gitea_client.py
+++ b/mcp-servers/gitea/tests/test_gitea_client.py
@@ -14,8 +14,7 @@ def mock_config():
        mock_instance.load.return_value = {
            'api_url': 'https://test.com/api/v1',
            'api_token': 'test_token',
-            'owner': 'test_owner',
-            'repo': 'test_repo',
+            'repo': 'test_owner/test_repo',  # Combined owner/repo format
            'mode': 'project'
        }
        yield mock_cfg
@@ -31,8 +30,7 @@ def test_client_initialization(gitea_client):
    """Test client initializes with correct configuration"""
    assert gitea_client.base_url == 'https://test.com/api/v1'
    assert gitea_client.token == 'test_token'
-    assert gitea_client.owner == 'test_owner'
-    assert gitea_client.repo == 'test_repo'
+    assert gitea_client.repo == 'test_owner/test_repo'  # Combined format
    assert gitea_client.mode == 'project'
    assert 'Authorization' in gitea_client.session.headers
    assert gitea_client.session.headers['Authorization'] == 'token test_token'
@@ -92,15 +90,20 @@ def test_create_issue(gitea_client):
    }
    mock_response.raise_for_status = Mock()

-    with patch.object(gitea_client.session, 'post', return_value=mock_response):
-        issue = gitea_client.create_issue(
-            title='New Issue',
-            body='Issue body',
-            labels=['Type/Bug']
-        )
+    # Mock is_org_repo to avoid network call during label resolution
+    with patch.object(gitea_client, 'is_org_repo', return_value=True):
+        # Mock get_org_labels and get_labels for label resolution
+        with patch.object(gitea_client, 'get_org_labels', return_value=[{'name': 'Type/Bug', 'id': 1}]):
+            with patch.object(gitea_client, 'get_labels', return_value=[]):
+                with patch.object(gitea_client.session, 'post', return_value=mock_response):
+                    issue = gitea_client.create_issue(
+                        title='New Issue',
+                        body='Issue body',
+                        labels=['Type/Bug']
+                    )

-        assert issue['title'] == 'New Issue'
-        gitea_client.session.post.assert_called_once()
+                    assert issue['title'] == 'New Issue'
+                    gitea_client.session.post.assert_called_once()


 def test_update_issue(gitea_client):
@@ -161,7 +164,7 @@ def test_get_org_labels(gitea_client):
    mock_response.raise_for_status = Mock()

    with patch.object(gitea_client.session, 'get', return_value=mock_response):
-        labels = gitea_client.get_org_labels()
+        labels = gitea_client.get_org_labels(org='test_owner')

        assert len(labels) == 2

@@ -176,7 +179,7 @@ def test_list_repos(gitea_client):
    mock_response.raise_for_status = Mock()

    with patch.object(gitea_client.session, 'get', return_value=mock_response):
-        repos = gitea_client.list_repos()
+        repos = gitea_client.list_repos(org='test_owner')

        assert len(repos) == 2
        assert repos[0]['name'] == 'repo1'
@@ -196,7 +199,7 @@ def test_aggregate_issues(gitea_client):
        [{'number': 2, 'title': 'Issue 2'}]   # repo2
    ])

-    aggregated = gitea_client.aggregate_issues(state='open')
+    aggregated = gitea_client.aggregate_issues(org='test_owner', state='open')

    assert 'repo1' in aggregated
    assert 'repo2' in aggregated
@@ -205,14 +208,13 @@ def test_aggregate_issues(gitea_client):


 def test_no_repo_specified_error(gitea_client):
-    """Test error when repository not specified"""
+    """Test error when repository not specified or invalid format"""
    # Create client without repo
    with patch('mcp_server.gitea_client.GiteaConfig') as mock_cfg:
        mock_instance = mock_cfg.return_value
        mock_instance.load.return_value = {
            'api_url': 'https://test.com/api/v1',
            'api_token': 'test_token',
-            'owner': 'test_owner',
            'repo': None,  # No repo
            'mode': 'company'
        }
@@ -221,7 +223,7 @@ def test_no_repo_specified_error(gitea_client):
        with pytest.raises(ValueError) as exc_info:
            client.list_issues()

-        assert "Repository not specified" in str(exc_info.value)
+        assert "Use 'owner/repo' format" in str(exc_info.value)


 # ========================================
--- a/mcp-servers/gitea/tests/test_issues.py
+++ b/mcp-servers/gitea/tests/test_issues.py
@@ -119,22 +119,26 @@ async def test_aggregate_issues_company_mode(issue_tools):
            'repo2': [{'number': 2}]
        })

-        aggregated = await issue_tools.aggregate_issues()
+        aggregated = await issue_tools.aggregate_issues(org='test_owner')

        assert 'repo1' in aggregated
        assert 'repo2' in aggregated


@pytest.mark.asyncio
-async def test_aggregate_issues_project_mode_error(issue_tools):
-    """Test that aggregate_issues fails in project mode"""
+async def test_aggregate_issues_project_mode(issue_tools):
+    """Test that aggregate_issues works in project mode with org argument"""
    issue_tools.gitea.mode = 'project'

    with patch.object(issue_tools, '_get_current_branch', return_value='development'):
-        with pytest.raises(ValueError) as exc_info:
-            await issue_tools.aggregate_issues()
+        issue_tools.gitea.aggregate_issues = Mock(return_value={
+            'repo1': [{'number': 1}]
+        })

-        assert "only available in company mode" in str(exc_info.value)
+        # aggregate_issues now works in any mode when org is provided
+        aggregated = await issue_tools.aggregate_issues(org='test_owner')
+
+        assert 'repo1' in aggregated


 def test_branch_detection():
--- a/mcp-servers/netbox/README.md
+++ b/mcp-servers/netbox/README.md
@@ -79,6 +79,69 @@ Add to your Claude Code MCP configuration (`~/.config/claude/mcp.json` or projec
 1. **System-level** (`~/.config/claude/netbox.env`): Credentials and defaults
 2. **Project-level** (`.env` in current directory): Optional overrides

+## Module Filtering (Token Optimization)
+
+By default, the NetBox MCP server registers all 182 tools across 8 modules, consuming ~19,810 tokens of context. For most workflows, you only need a subset of modules.
+
+### Configuration
+
+Add `NETBOX_ENABLED_MODULES` to your `~/.config/claude/netbox.env`:
+
+```bash
+# Enable only specific modules (comma-separated)
+NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+```
+
+If unset, all modules are enabled (backward compatible).
+
+### Available Modules
+
+| Module | Tool Count | Description | cmdb-assistant Commands |
+|--------|------------|-------------|------------------------|
+| `dcim` | ~60 | Sites, devices, racks, interfaces, cables | `/cmdb device`, `/cmdb site`, `/cmdb search`, `/cmdb topology` |
+| `ipam` | ~40 | IP addresses, prefixes, VLANs, VRFs | `/cmdb ip`, `/cmdb ip-conflicts`, `/cmdb search` |
+| `virtualization` | ~20 | Clusters, VMs, VM interfaces | `/cmdb search`, `/cmdb audit`, `/cmdb register` |
+| `extras` | ~12 | Tags, journal entries, audit log | `/cmdb change-audit`, `/cmdb register` |
+| `circuits` | ~15 | Providers, circuits, terminations | — |
+| `tenancy` | ~12 | Tenants, contacts | — |
+| `vpn` | ~15 | Tunnels, IKE/IPSec policies, L2VPN | — |
+| `wireless` | ~8 | Wireless LANs, links, groups | — |
+
+### Recommended Configurations
+
+**For cmdb-assistant users** (~43 tools, ~4,500 tokens):
+```bash
+NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+```
+
+**Basic infrastructure** (~100 tools):
+```bash
+NETBOX_ENABLED_MODULES=dcim,ipam
+```
+
+**Full CMDB** (all modules, ~182 tools):
+```bash
+# Omit NETBOX_ENABLED_MODULES or set to all modules
+NETBOX_ENABLED_MODULES=dcim,ipam,circuits,virtualization,tenancy,vpn,wireless,extras
+```
+
+### Startup Logging
+
+On startup, the server logs enabled modules and tool count:
+
+```
+NetBox MCP Server initialized: 43 tools registered (modules: dcim, extras, ipam, virtualization)
+```
+
+### Disabled Tool Behavior
+
+Calling a tool from a disabled module returns a clear error:
+
+```
+Tool 'circuits_list_circuits' is not available (module 'circuits' not enabled).
+Enabled modules: dcim, extras, ipam, virtualization
+```
+
 ## Available Tools

 ### DCIM (Data Center Infrastructure Management)
@@ -128,18 +191,18 @@ Add to your Claude Code MCP configuration (`~/.config/claude/mcp.json` or projec
 | `circuits_create_provider` | Create a provider |
 | `circuits_list_circuits` | List circuits |
 | `circuits_create_circuit` | Create a circuit |
-| `circuits_list_circuit_terminations` | List terminations |
+| `circ_list_terminations` | List terminations |
 | ... and more |

 ### Virtualization

 | Tool | Description |
 |------|-------------|
-| `virtualization_list_clusters` | List clusters |
-| `virtualization_create_cluster` | Create a cluster |
-| `virtualization_list_virtual_machines` | List VMs |
-| `virtualization_create_virtual_machine` | Create a VM |
-| `virtualization_list_vm_interfaces` | List VM interfaces |
+| `virt_list_clusters` | List clusters |
+| `virt_create_cluster` | Create a cluster |
+| `virt_list_vms` | List VMs |
+| `virt_create_vm` | Create a VM |
+| `virt_list_vm_ifaces` | List VM interfaces |
 | ... and more |

 ### Tenancy
@@ -167,9 +230,9 @@ Add to your Claude Code MCP configuration (`~/.config/claude/mcp.json` or projec

 | Tool | Description |
 |------|-------------|
-| `wireless_list_wireless_lans` | List wireless LANs |
-| `wireless_create_wireless_lan` | Create a WLAN |
-| `wireless_list_wireless_links` | List wireless links |
+| `wlan_list_lans` | List wireless LANs |
+| `wlan_create_lan` | Create a WLAN |
+| `wlan_list_links` | List wireless links |
 | ... and more |

 ### Extras
--- a/mcp-servers/netbox/mcp_server/config.py
+++ b/mcp-servers/netbox/mcp_server/config.py
@@ -9,11 +9,17 @@ from pathlib import Path
 from dotenv import load_dotenv
 import os
 import logging
-from typing import Dict, Optional
+from typing import Dict, List, Optional, Set

 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)

+# All available NetBox modules
+ALL_MODULES = frozenset([
+    'dcim', 'ipam', 'circuits', 'virtualization',
+    'tenancy', 'vpn', 'wireless', 'extras'
+])
+

 class NetBoxConfig:
    """Configuration loader for NetBox MCP Server"""
@@ -23,6 +29,7 @@ class NetBoxConfig:
        self.api_token: Optional[str] = None
        self.verify_ssl: bool = True
        self.timeout: int = 30
+        self.enabled_modules: Set[str] = set(ALL_MODULES)

    def load(self) -> Dict[str, any]:
        """
@@ -73,6 +80,9 @@ class NetBoxConfig:
            self.timeout = 30
            logger.warning(f"Invalid NETBOX_TIMEOUT value '{timeout_str}', using default 30")

+        # Module filtering
+        self.enabled_modules = self._load_enabled_modules()
+
        # Validate required variables
        self._validate()

@@ -84,7 +94,8 @@ class NetBoxConfig:
            'api_url': self.api_url,
            'api_token': self.api_token,
            'verify_ssl': self.verify_ssl,
-            'timeout': self.timeout
+            'timeout': self.timeout,
+            'enabled_modules': self.enabled_modules
        }

    def _validate(self) -> None:
@@ -106,3 +117,40 @@ class NetBoxConfig:
                f"Missing required configuration: {', '.join(missing)}\n"
                "Check your ~/.config/claude/netbox.env file"
            )
+
+    def _load_enabled_modules(self) -> Set[str]:
+        """
+        Load enabled modules from NETBOX_ENABLED_MODULES environment variable.
+
+        Format: Comma-separated list of module names.
+        Example: NETBOX_ENABLED_MODULES=dcim,ipam,virtualization,extras
+
+        Returns:
+            Set of enabled module names. If env var is unset/empty, returns all modules.
+        """
+        modules_str = os.getenv('NETBOX_ENABLED_MODULES', '').strip()
+
+        if not modules_str:
+            logger.info("NETBOX_ENABLED_MODULES not set, all modules enabled (default)")
+            return set(ALL_MODULES)
+
+        # Parse comma-separated list, strip whitespace
+        requested = {m.strip().lower() for m in modules_str.split(',') if m.strip()}
+
+        # Validate module names
+        invalid = requested - ALL_MODULES
+        if invalid:
+            logger.warning(
+                f"Unknown modules in NETBOX_ENABLED_MODULES: {', '.join(sorted(invalid))}. "
+                f"Valid modules: {', '.join(sorted(ALL_MODULES))}"
+            )
+
+        # Return only valid modules
+        enabled = requested & ALL_MODULES
+
+        if not enabled:
+            logger.warning("No valid modules enabled, falling back to all modules")
+            return set(ALL_MODULES)
+
+        logger.info(f"Enabled modules: {', '.join(sorted(enabled))}")
+        return enabled
--- a/mcp-servers/netbox/mcp_server/server.py
+++ b/mcp-servers/netbox/mcp_server/server.py
@@ -8,11 +8,12 @@ Tenancy, VPN, Wireless, and Extras.
 import asyncio
 import logging
 import json
+from typing import Optional, Set
 from mcp.server import Server
 from mcp.server.stdio import stdio_server
 from mcp.types import Tool, TextContent

-from .config import NetBoxConfig
+from .config import NetBoxConfig, ALL_MODULES
 from .netbox_client import NetBoxClient
 from .tools.dcim import DCIMTools
 from .tools.ipam import IPAMTools
@@ -1453,6 +1454,49 @@ TOOL_NAME_MAP = {
 }


+# Map tool name prefixes to module names.
+# This handles both full prefixes and shortened prefixes used in TOOL_NAME_MAP.
+PREFIX_TO_MODULE = {
+    'dcim': 'dcim',
+    'ipam': 'ipam',
+    'circuits': 'circuits',
+    'circ': 'circuits',           # Shortened prefix
+    'virtualization': 'virtualization',
+    'virt': 'virtualization',     # Shortened prefix
+    'tenancy': 'tenancy',
+    'vpn': 'vpn',
+    'wireless': 'wireless',
+    'wlan': 'wireless',           # Shortened prefix
+    'extras': 'extras',
+}
+
+
+def _get_tool_module(tool_name: str) -> Optional[str]:
+    """
+    Determine which module a tool belongs to.
+
+    Checks TOOL_NAME_MAP first for shortened names, then falls back to prefix extraction.
+
+    Args:
+        tool_name: The tool name (e.g., 'dcim_list_devices', 'virt_list_vms')
+
+    Returns:
+        Module name (e.g., 'dcim', 'virtualization') or None if unknown
+    """
+    # Check mapped short names first
+    if tool_name in TOOL_NAME_MAP:
+        category, _ = TOOL_NAME_MAP[tool_name]
+        return category
+
+    # Fall back to prefix extraction
+    parts = tool_name.split('_', 1)
+    if len(parts) < 2:
+        return None
+
+    prefix = parts[0]
+    return PREFIX_TO_MODULE.get(prefix)
+
+
 class NetBoxMCPServer:
    """MCP Server for NetBox integration"""

@@ -1460,6 +1504,8 @@ class NetBoxMCPServer:
        self.server = Server("netbox-mcp")
        self.config = None
        self.client = None
+        self.enabled_modules: Set[str] = set(ALL_MODULES)
+        # Tool instances - only instantiated for enabled modules
        self.dcim_tools = None
        self.ipam_tools = None
        self.circuits_tools = None
@@ -1474,18 +1520,39 @@ class NetBoxMCPServer:
        try:
            config_loader = NetBoxConfig()
            self.config = config_loader.load()
+            self.enabled_modules = self.config['enabled_modules']

            self.client = NetBoxClient()
-            self.dcim_tools = DCIMTools(self.client)
-            self.ipam_tools = IPAMTools(self.client)
-            self.circuits_tools = CircuitsTools(self.client)
-            self.virtualization_tools = VirtualizationTools(self.client)
-            self.tenancy_tools = TenancyTools(self.client)
-            self.vpn_tools = VPNTools(self.client)
-            self.wireless_tools = WirelessTools(self.client)
-            self.extras_tools = ExtrasTools(self.client)

-            logger.info(f"NetBox MCP Server initialized for {self.config['api_url']}")
+            # Conditionally instantiate tool classes for enabled modules only
+            if 'dcim' in self.enabled_modules:
+                self.dcim_tools = DCIMTools(self.client)
+            if 'ipam' in self.enabled_modules:
+                self.ipam_tools = IPAMTools(self.client)
+            if 'circuits' in self.enabled_modules:
+                self.circuits_tools = CircuitsTools(self.client)
+            if 'virtualization' in self.enabled_modules:
+                self.virtualization_tools = VirtualizationTools(self.client)
+            if 'tenancy' in self.enabled_modules:
+                self.tenancy_tools = TenancyTools(self.client)
+            if 'vpn' in self.enabled_modules:
+                self.vpn_tools = VPNTools(self.client)
+            if 'wireless' in self.enabled_modules:
+                self.wireless_tools = WirelessTools(self.client)
+            if 'extras' in self.enabled_modules:
+                self.extras_tools = ExtrasTools(self.client)
+
+            # Count tools that will be registered
+            tool_count = sum(
+                1 for name in TOOL_DEFINITIONS
+                if _get_tool_module(name) in self.enabled_modules
+            )
+
+            modules_str = ', '.join(sorted(self.enabled_modules))
+            logger.info(
+                f"NetBox MCP Server initialized: {tool_count} tools registered "
+                f"(modules: {modules_str})"
+            )
        except Exception as e:
            logger.error(f"Failed to initialize: {e}")
            raise
@@ -1495,9 +1562,14 @@ class NetBoxMCPServer:

        @self.server.list_tools()
        async def list_tools() -> list[Tool]:
-            """Return list of available tools"""
+            """Return list of available tools, filtered by enabled modules"""
            tools = []
            for name, definition in TOOL_DEFINITIONS.items():
+                # Filter tools by enabled modules
+                module = _get_tool_module(name)
+                if module not in self.enabled_modules:
+                    continue
+
                tools.append(Tool(
                    name=name,
                    description=definition['description'],
@@ -1532,6 +1604,14 @@ class NetBoxMCPServer:
        'virtualization_list_virtual_machines') to meet the 28-character
        limit. TOOL_NAME_MAP handles the translation to actual method names.
        """
+        # Check module is enabled (routing guard)
+        module = _get_tool_module(name)
+        if module and module not in self.enabled_modules:
+            raise ValueError(
+                f"Tool '{name}' is not available (module '{module}' not enabled). "
+                f"Enabled modules: {', '.join(sorted(self.enabled_modules))}"
+            )
+
        # Check if this is a mapped short name
        if name in TOOL_NAME_MAP:
            category, method_name = TOOL_NAME_MAP[name]
--- a/plugins/clarity-assist/.claude-plugin/plugin.json
+++ b/plugins/clarity-assist/.claude-plugin/plugin.json
@@ -1,6 +1,6 @@
 {
  "name": "clarity-assist",
-  "version": "1.0.0",
+  "version": "1.2.0",
  "description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
  "author": {
    "name": "Leo Miranda",
@@ -16,5 +16,8 @@
    "requirements",
    "methodology"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "core"
 }
--- a/plugins/clarity-assist/agents/clarity-coach.md
+++ b/plugins/clarity-assist/agents/clarity-coach.md
@@ -1,3 +1,11 @@
+---
+name: clarity-coach
+description: Patient, structured coach helping users articulate requirements clearly. Uses neurodivergent-friendly communication patterns.
+model: sonnet
+permissionMode: default
+disallowedTools: Write, Edit, MultiEdit
+---
+
 # Clarity Coach Agent

 ## Visual Output Requirements
@@ -111,7 +119,7 @@ Track gathered information in a mental model:

 ### After Clarification

-Produce a clear specification (see /clarify command for format).
+Produce a clear specification (see /clarity clarify command for format).

 ## Example Session

--- a/plugins/clarity-assist/claude-md-integration.md
+++ b/plugins/clarity-assist/claude-md-integration.md
@@ -18,8 +18,8 @@ This project uses the clarity-assist plugin for requirement gathering.

 | Command | Use Case |
 |---------|----------|
-| `/clarify` | Full 4-D methodology for complex requests |
-| `/quick-clarify` | Rapid mode for simple disambiguation |
+| `/clarity clarify` | Full 4-D methodology for complex requests |
+| `/clarity quick-clarify` | Rapid mode for simple disambiguation |

 ### Communication Style

--- a/plugins/clarity-assist/commands/clarity-clarify.md
+++ b/plugins/clarity-assist/commands/clarity-clarify.md
@@ -1,4 +1,8 @@
-# /clarify - Full Prompt Optimization
+---
+name: clarity clarify
+---
+
+# /clarity clarify - Full Prompt Optimization

 ## Visual Output

--- a/plugins/clarity-assist/commands/clarity-quick-clarify.md
+++ b/plugins/clarity-assist/commands/clarity-quick-clarify.md
@@ -1,4 +1,8 @@
-# /quick-clarify - Rapid Clarification Mode
+---
+name: clarity quick-clarify
+---
+
+# /clarity quick-clarify - Rapid Clarification Mode

 ## Visual Output

@@ -23,7 +27,7 @@ Single-pass clarification for requests that are mostly clear but need minor disa

 - `skills/nd-accommodations.md` - ND-friendly question patterns
 - `skills/clarification-techniques.md` - Echo and micro-summary techniques
- `skills/escalation-patterns.md` - When to escalate to full /clarify
+- `skills/escalation-patterns.md` - When to escalate to full `/clarity clarify`

 ## Workflow

@@ -37,7 +41,7 @@ No formal specification document needed. Proceed after brief confirmation, docum

 ## Escalation

-If complexity emerges, offer to switch to full `/clarify`:
+If complexity emerges, offer to switch to full `/clarity clarify`:

 ```
 "This is more involved than it first appeared. Want me to switch
--- a/plugins/clarity-assist/commands/clarity.md
+++ b/plugins/clarity-assist/commands/clarity.md
@@ -0,0 +1,14 @@
+---
+description: Prompt optimization and requirement clarification
+---
+
+# /clarity
+
+Prompt optimization and requirement clarification with ND-friendly accommodations.
+
+## Sub-commands
+
+| Sub-command | Description |
+|-------------|-------------|
+| `/clarity clarify` | Full 4-D methodology for complex requests |
+| `/clarity quick-clarify` | Rapid mode for simple disambiguation |
--- a/plugins/clarity-assist/docs/ND-SUPPORT.md
+++ b/plugins/clarity-assist/docs/ND-SUPPORT.md
@@ -58,8 +58,8 @@ Our design philosophy centers on three principles:
 ### 3. Customizable Verbosity

 **Detail Levels**
- `/clarify` - Full methodology for complex requests (more thorough, more questions)
- `/quick-clarify` - Rapid mode for simple disambiguation (fewer questions, faster)
+- `/clarity clarify` - Full methodology for complex requests (more thorough, more questions)
+- `/clarity quick-clarify` - Rapid mode for simple disambiguation (fewer questions, faster)

 **User Control**
 - Users can always say "that's enough detail" to end questioning early
@@ -68,7 +68,7 @@ Our design philosophy centers on three principles:

 ### 4. Vagueness Detection

-The `UserPromptSubmit` hook automatically detects prompts that might benefit from clarification and gently suggests using `/clarify`.
+The `UserPromptSubmit` hook automatically detects prompts that might benefit from clarification and gently suggests using `/clarity clarify`.

 **Detection Signals**
 - Short prompts (< 10 words) without specific technical terms
@@ -156,10 +156,10 @@ This triggers vagueness detection because:
 - No specific technical context
 - No measurable outcome

-### After: Clarified with /clarify
+### After: Clarified with /clarity clarify

 ```
-User: /clarify Make the app faster
+User: /clarity clarify Make the app faster

 Claude: Let me help clarify what kind of performance improvements you're looking for.

@@ -235,7 +235,7 @@ Optimize initial page load time to under 2 seconds by addressing bundle size and
 For simpler requests that just need minor disambiguation:

 ```
-User: /quick-clarify Add a delete button to the user list
+User: /clarity quick-clarify Add a delete button to the user list

 Claude: I'll add a delete button to each row in the user list.

@@ -286,14 +286,14 @@ export CLARITY_ASSIST_VAGUENESS_THRESHOLD=0.8

 ### If You're Feeling Overwhelmed

- Use `/quick-clarify` instead of `/clarify` for faster interactions
+- Use `/clarity quick-clarify` instead of `/clarity clarify` for faster interactions
 - Say "let's focus on just one thing" to narrow scope
 - Ask to "pause and summarize" at any point
 - It's OK to say "I don't know" - the plugin will offer concrete alternatives

 ### If You Have Executive Function Challenges

- Start with `/clarify` even for tasks you think are simple - it helps with planning
+- Start with `/clarity clarify` even for tasks you think are simple - it helps with planning
 - The structured specification can serve as a checklist
 - Use the scope boundaries to prevent scope creep

--- a/plugins/clarity-assist/hooks/vagueness-check.sh
+++ b/plugins/clarity-assist/hooks/vagueness-check.sh
@@ -240,7 +240,7 @@ if (( $(echo "$SCORE >= $THRESHOLD" | bc -l) )); then

    # Gentle, non-blocking suggestion
    echo "$PREFIX Your prompt could benefit from more clarity."
-    echo "$PREFIX Consider running /clarify to refine your request."
+    echo "$PREFIX Consider running /clarity clarify to refine your request."
    echo "$PREFIX (Vagueness score: ${SCORE_PCT}% - this is a suggestion, not a block)"

    # Additional RFC suggestion if feature request detected
--- a/plugins/clarity-assist/skills/escalation-patterns.md
+++ b/plugins/clarity-assist/skills/escalation-patterns.md
@@ -40,7 +40,7 @@ add the other parts. Sound good?"

 ## Choosing Initial Mode

-### Use /quick-clarify When
+### Use /clarity quick-clarify When

 - Request is fairly clear, just one or two ambiguities
 - User is in a hurry
@@ -48,7 +48,7 @@ add the other parts. Sound good?"
 - Simple feature additions or bug fixes
 - Confidence is high (>90%)

-### Use /clarify When
+### Use /clarity clarify When

 - Complex multi-step requests
 - Requirements with multiple possible interpretations
--- a/plugins/claude-config-maintainer/.claude-plugin/plugin.json
+++ b/plugins/claude-config-maintainer/.claude-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
  "name": "claude-config-maintainer",
-  "version": "1.0.0",
-  "description": "Maintains and optimizes CLAUDE.md configuration files for Claude Code projects",
+  "version": "1.2.0",
+  "description": "Maintains and optimizes CLAUDE.md and settings.local.json configuration files for Claude Code projects",
  "author": {
    "name": "Leo Miranda",
    "email": "leobmiranda@gmail.com"
@@ -14,7 +14,12 @@
    "configuration",
    "optimization",
    "claude-md",
-    "developer-tools"
+    "developer-tools",
+    "settings",
+    "permissions"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "core"
 }
--- a/plugins/claude-config-maintainer/agents/maintainer.md
+++ b/plugins/claude-config-maintainer/agents/maintainer.md
@@ -1,6 +1,9 @@
 ---
 name: maintainer
 description: CLAUDE.md optimization and maintenance agent
+model: sonnet
+permissionMode: acceptEdits
+skills: visual-header, settings-optimization
 ---

 # CLAUDE.md Maintainer Agent
@@ -99,7 +102,7 @@ Also check for hook-based plugins (project-hygiene uses `PostToolUse` hooks).

 For each detected plugin, search CLAUDE.md for:
 - Plugin name mention (e.g., "projman", "cmdb-assistant")
- Command references (e.g., `/sprint-plan`, `/cmdb-search`)
+- Command references (e.g., `/sprint plan`, `/cmdb search`)
 - MCP tool mentions (e.g., `list_issues`, `dcim_list_devices`)

 **Step 3: Load Integration Snippets**
@@ -114,7 +117,54 @@ Report plugin coverage percentage and offer to add missing integrations:
 - Display the integration content that would be added
 - Ask user for confirmation before modifying CLAUDE.md

-### 2. Optimize CLAUDE.md Structure
+### 2. Audit Settings Files
+
+When auditing settings files, perform:
+
+#### A. Permission Analysis
+
+Read `.claude/settings.local.json` (primary) and check `.claude/settings.json` and `~/.claude.json` project entries (secondary).
+
+Evaluate using `skills/settings-optimization.md`:
+
+**Redundancy:**
+- Duplicate entries in allow/deny arrays
+- Subset patterns covered by broader patterns
+- Patterns that could be merged
+
+**Coverage:**
+- Common safe tools missing from allow list
+- MCP server tools not covered
+- Directory scopes with no matching permission
+
+**Safety Alignment:**
+- Deny rules cover secrets and destructive commands
+- Allow rules don't bypass active review layers
+- No overly broad patterns without justification
+
+**Profile Fit:**
+- Compare against recommended profile for the project's review architecture
+- Identify specific additions/removals to reach target profile
+
+#### B. Review Layer Verification
+
+Before recommending auto-allow patterns, verify active review layers:
+
+1. Read `plugins/*/hooks/hooks.json` for each installed plugin
+2. Map hook types (PreToolUse, PostToolUse) to tool matchers (Write, Edit, Bash)
+3. Confirm plugins are listed in `.claude-plugin/marketplace.json`
+4. Only recommend auto-allow for scopes covered by ≥2 verified review layers
+
+#### C. Settings Efficiency Score (100 points)
+
+| Category | Points |
+|----------|--------|
+| Redundancy | 25 |
+| Coverage | 25 |
+| Safety Alignment | 25 |
+| Profile Fit | 25 |
+
+### 3. Optimize CLAUDE.md Structure

 **Recommended Structure:**

@@ -149,7 +199,7 @@ Common issues and solutions.
 - Use headers that scan easily
 - Include examples where they add clarity

-### 3. Apply Best Practices
+### 4. Apply Best Practices

 **DO:**
 - Use clear, direct language
@@ -166,7 +216,7 @@ Common issues and solutions.
 - Add generic advice that applies to all projects
 - Use emojis unless project requires them

-### 4. Generate Improvement Reports
+### 5. Generate Improvement Reports

 After analyzing a CLAUDE.md, provide:

@@ -202,7 +252,7 @@ Suggested Actions:
 Would you like me to implement these improvements?
 ```

-### 5. Insert Plugin Integrations
+### 6. Insert Plugin Integrations

 When adding plugin integration content to CLAUDE.md:

@@ -237,7 +287,7 @@ Add this integration to CLAUDE.md?
 - Allow users to skip specific plugins they don't want documented
 - Preserve existing CLAUDE.md structure and content

-### 6. Create New CLAUDE.md Files
+### 7. Create New CLAUDE.md Files

 When creating a new CLAUDE.md:

--- a/plugins/claude-config-maintainer/claude-md-integration.md
+++ b/plugins/claude-config-maintainer/claude-md-integration.md
@@ -1,16 +1,21 @@
 ## CLAUDE.md Maintenance (claude-config-maintainer)

-This project uses the **claude-config-maintainer** plugin to analyze and optimize CLAUDE.md configuration files.
+This project uses the **claude-config-maintainer** plugin to analyze and optimize CLAUDE.md and settings.local.json configuration files.

 ### Available Commands

 | Command | Description |
 |---------|-------------|
-| `/config-analyze` | Analyze CLAUDE.md for optimization opportunities with 100-point scoring |
-| `/config-optimize` | Automatically optimize CLAUDE.md structure and content |
-| `/config-init` | Initialize a new CLAUDE.md file for a project |
+| `/claude-config analyze` | Analyze CLAUDE.md for optimization opportunities with 100-point scoring |
+| `/claude-config optimize` | Automatically optimize CLAUDE.md structure and content |
+| `/claude-config init` | Initialize a new CLAUDE.md file for a project |
+| `/claude-config diff` | Track CLAUDE.md changes over time with behavioral impact analysis |
+| `/claude-config lint` | Lint CLAUDE.md for anti-patterns and best practices (31 rules) |
+| `/claude-config audit-settings` | Audit settings.local.json permissions with 100-point scoring |
+| `/claude-config optimize-settings` | Optimize permission patterns and apply named profiles |
+| `/claude-config permissions-map` | Visual map of review layers and permission coverage |

-### Scoring System
+### CLAUDE.md Scoring System

 The analysis uses a 100-point scoring system across four categories:

@@ -21,10 +26,31 @@ The analysis uses a 100-point scoring system across four categories:
 | Completeness | 25 | Overview, quick start, critical rules, workflows |
 | Conciseness | 25 | Efficiency, no repetition, appropriate length |

+### Settings Scoring System
+
+The settings audit uses a 100-point scoring system across four categories:
+
+| Category | Points | What It Measures |
+|----------|--------|------------------|
+| Redundancy | 25 | No duplicates, no subset patterns, efficient rules |
+| Coverage | 25 | Common tools allowed, MCP servers covered |
+| Safety Alignment | 25 | Deny rules for secrets/destructive ops, review layers verified |
+| Profile Fit | 25 | Alignment with recommended profile for review layer count |
+
+### Permission Profiles
+
+| Profile | Use Case |
+|---------|----------|
+| `conservative` | New users, minimal auto-allow, prompts for most writes |
+| `reviewed` | Projects with 2+ review layers (code-sentinel, doc-guardian, PR review) |
+| `autonomous` | Trusted CI/sandboxed environments only |
+
 ### Usage Guidelines

- Run `/config-analyze` periodically to assess CLAUDE.md quality
+- Run `/claude-config analyze` periodically to assess CLAUDE.md quality
+- Run `/claude-config audit-settings` to check permission efficiency
 - Target a score of **70+/100** for effective Claude Code operation
 - Address HIGH priority issues first when optimizing
- Use `/config-init` when setting up new projects to start with best practices
+- Use `/claude-config init` when setting up new projects to start with best practices
+- Use `/claude-config permissions-map` to visualize review layer coverage
 - Re-analyze after making changes to verify improvements
--- a/plugins/claude-config-maintainer/commands/claude-config-analyze.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-analyze.md
@@ -1,8 +1,9 @@
 ---
+name: claude-config analyze
 description: Analyze CLAUDE.md for optimization opportunities and plugin integration
 ---

-# Analyze CLAUDE.md
+# /claude-config analyze

 Analyze your CLAUDE.md and provide a scored report with recommendations.

@@ -20,7 +21,7 @@ Display: `CONFIG-MAINTAINER - CLAUDE.md Analysis`
 ## Usage

 ```
-/config-analyze
+/claude-config analyze
 ```

 ## Workflow
--- a/plugins/claude-config-maintainer/commands/claude-config-audit-settings.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-audit-settings.md
@@ -0,0 +1,204 @@
+---
+name: claude-config audit-settings
+description: Audit settings.local.json for permission optimization opportunities
+---
+
+# /claude-config audit-settings
+
+Audit Claude Code `settings.local.json` permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit.
+
+## Skills to Load
+
+Before executing, load:
+- `skills/visual-header.md`
+- `skills/settings-optimization.md`
+
+## Visual Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Audit                              |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+```
+/claude-config audit-settings              # Full audit with recommendations
+/claude-config audit-settings --diagram    # Include Mermaid diagram of review layer coverage
+```
+
+## Workflow
+
+### Step 1: Locate Settings Files
+
+Search in order:
+1. `.claude/settings.local.json` (primary target)
+2. `.claude/settings.json` (shared config)
+3. `~/.claude.json` project entry (legacy)
+
+Report which format is in use.
+
+### Step 2: Parse Permission Arrays
+
+Extract and analyze:
+- `permissions.allow` array
+- `permissions.deny` array
+- `permissions.ask` array (if present)
+- Legacy `allowedTools` array (if legacy format)
+
+### Step 3: Run Pattern Consolidation Analysis
+
+Using `settings-optimization.md` Section 3, detect:
+
+| Check | Description |
+|-------|-------------|
+| Duplicates | Exact same pattern appearing multiple times |
+| Subsets | Narrower patterns covered by broader ones |
+| Merge candidates | 4+ similar patterns that could be consolidated |
+| Overly broad | Unscoped tool permissions (e.g., `Bash` without pattern) |
+| Stale entries | Patterns referencing non-existent paths |
+| Conflicts | Same pattern in both allow and deny |
+
+### Step 4: Detect Active Marketplace Hooks
+
+Read `plugins/*/hooks/hooks.json` files:
+
+```bash
+# Check each plugin's hooks
+plugins/code-sentinel/hooks/hooks.json     # PreToolUse security
+plugins/doc-guardian/hooks/hooks.json      # PostToolUse drift detection
+plugins/project-hygiene/hooks/hooks.json   # PostToolUse cleanup
+plugins/data-platform/hooks/hooks.json     # PostToolUse schema diff
+plugins/contract-validator/hooks/hooks.json # Plugin validation
+```
+
+Parse each to identify:
+- Hook event type (PreToolUse, PostToolUse)
+- Tool matchers (Write, Edit, MultiEdit, Bash)
+- Whether hook is command type (reliable) or prompt type (unreliable)
+
+### Step 5: Map Review Layers to Directory Scopes
+
+For each directory scope in `settings-optimization.md` Section 4:
+1. Count how many review layers are verified active
+2. Determine if auto-allow is justified (≥2 layers required)
+3. Note any scopes that lack coverage
+
+### Step 6: Compare Against Recommended Profile
+
+Based on review layer count:
+- 0-1 layers: Recommend `conservative` profile
+- 2+ layers: Recommend `reviewed` profile
+- CI/sandboxed: May recommend `autonomous` profile
+
+Calculate profile fit percentage.
+
+### Step 7: Generate Scored Report
+
+Calculate scores using `settings-optimization.md` Section 6.
+
+## Output Format
+
+```
+Settings Efficiency Score: XX/100
+  Redundancy:       XX/25
+  Coverage:         XX/25
+  Safety Alignment: XX/25
+  Profile Fit:      XX/25
+
+Current Profile: [closest match or "custom"]
+Recommended Profile: [target based on review layers]
+
+Issues Found:
+  🔴 CRITICAL: [description]
+  🟠 HIGH: [description]
+  🟡 MEDIUM: [description]
+  🔵 LOW: [description]
+
+Active Review Layers Detected:
+  ✓ code-sentinel (PreToolUse: Write|Edit|MultiEdit)
+  ✓ doc-guardian (PostToolUse: Write|Edit|MultiEdit)
+  ✓ project-hygiene (PostToolUse: Write|Edit)
+  ✗ data-platform schema-diff (not detected)
+
+Recommendations:
+  1. [specific action with pattern]
+  2. [specific action with pattern]
+  ...
+
+Follow-Up Actions:
+  1. Run /claude-config optimize-settings to apply recommendations
+  2. Run /claude-config optimize-settings --dry-run to preview first
+  3. Run /claude-config optimize-settings --profile=reviewed to apply profile
+```
+
+## Diagram Output (--diagram flag)
+
+When `--diagram` is specified, generate a Mermaid flowchart showing:
+
+**Before generating:** Read `/mnt/skills/user/mermaid-diagrams/SKILL.md` for diagram requirements.
+
+**Diagram structure:**
+- Left column: File operation types (Write, Edit, Bash)
+- Middle: Review layers that intercept each operation
+- Right column: Current permission status (auto-allowed, prompted, denied)
+
+**Color coding:**
+- PreToolUse hooks: Blue
+- PostToolUse hooks: Green
+- Sprint Approval: Amber
+- PR Review: Purple
+
+Example structure:
+```mermaid
+flowchart LR
+    subgraph Operations
+        W[Write]
+        E[Edit]
+        B[Bash]
+    end
+
+    subgraph Review Layers
+        CS[code-sentinel]
+        DG[doc-guardian]
+        PR[pr-review]
+    end
+
+    subgraph Permission
+        A[Auto-allowed]
+        P[Prompted]
+        D[Denied]
+    end
+
+    W --> CS
+    W --> DG
+    E --> CS
+    E --> DG
+    CS --> A
+    DG --> A
+    B --> P
+
+    classDef preHook fill:#e3f2fd
+    classDef postHook fill:#e8f5e9
+    classDef prReview fill:#f3e5f5
+    class CS preHook
+    class DG postHook
+    class PR prReview
+```
+
+## Issue Severity Levels
+
+| Severity | Icon | Examples |
+|----------|------|----------|
+| CRITICAL | 🔴 | Unscoped `Bash` in allow, missing deny for secrets |
+| HIGH | 🟠 | Overly broad patterns, missing MCP coverage |
+| MEDIUM | 🟡 | Subset redundancy, merge candidates |
+| LOW | 🔵 | Exact duplicates, minor optimizations |
+
+## DO NOT
+
+- Modify any files (this is audit only)
+- Recommend `autonomous` profile unless explicitly sandboxed environment
+- Recommend auto-allow for scopes with <2 verified review layers
+- Skip hook verification before making recommendations
--- a/plugins/claude-config-maintainer/commands/claude-config-diff.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-diff.md
@@ -1,8 +1,9 @@
 ---
+name: claude-config diff
 description: Show diff between current CLAUDE.md and last commit
 ---

-# Compare CLAUDE.md Changes
+# /claude-config diff

 Show differences between CLAUDE.md versions to track configuration drift.

@@ -18,10 +19,10 @@ Display: `CONFIG-MAINTAINER - CLAUDE.md Diff`
 ## Usage

 ```
-/config-diff                           # Working vs last commit
-/config-diff --commit=abc1234          # Working vs specific commit
-/config-diff --from=v1.0 --to=v2.0     # Compare two commits
-/config-diff --section="Critical Rules"  # Specific section only
+/claude-config diff                           # Working vs last commit
+/claude-config diff --commit=abc1234          # Working vs specific commit
+/claude-config diff --from=v1.0 --to=v2.0     # Compare two commits
+/claude-config diff --section="Critical Rules"  # Specific section only
 ```

 ## Workflow
--- a/plugins/claude-config-maintainer/commands/claude-config-init.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-init.md
@@ -1,8 +1,9 @@
 ---
+name: claude-config init
 description: Initialize a new CLAUDE.md file for a project
 ---

-# Initialize CLAUDE.md
+# /claude-config init

 Create a new CLAUDE.md file tailored to your project.

@@ -19,9 +20,9 @@ Display: `CONFIG-MAINTAINER - CLAUDE.md Initialization`
 ## Usage

 ```
-/config-init                    # Interactive
-/config-init --minimal          # Minimal version
-/config-init --comprehensive    # Detailed version
+/claude-config init                    # Interactive
+/claude-config init --minimal          # Minimal version
+/claude-config init --comprehensive    # Detailed version
 ```

 ## Workflow
--- a/plugins/claude-config-maintainer/commands/claude-config-lint.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-lint.md
@@ -1,8 +1,9 @@
 ---
+name: claude-config lint
 description: Lint CLAUDE.md for common anti-patterns and best practices
 ---

-# Lint CLAUDE.md
+# /claude-config lint

 Check CLAUDE.md against best practices and detect common anti-patterns.

@@ -18,9 +19,9 @@ Display: `CONFIG-MAINTAINER - CLAUDE.md Lint`
 ## Usage

 ```
-/config-lint                         # Full lint
-/config-lint --fix                   # Auto-fix issues
-/config-lint --rules=security        # Check specific category
+/claude-config lint                         # Full lint
+/claude-config lint --fix                   # Auto-fix issues
+/claude-config lint --rules=security        # Check specific category
 ```

 ## Workflow
--- a/plugins/claude-config-maintainer/commands/claude-config-optimize-settings.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-optimize-settings.md
@@ -0,0 +1,243 @@
+---
+name: claude-config optimize-settings
+description: Optimize settings.local.json permissions based on audit recommendations
+---
+
+# /claude-config optimize-settings
+
+Optimize Claude Code `settings.local.json` permission patterns and apply named profiles.
+
+## Skills to Load
+
+Before executing, load:
+- `skills/visual-header.md`
+- `skills/settings-optimization.md`
+- `skills/pre-change-protocol.md`
+
+## Visual Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+```
+/claude-config optimize-settings                    # Apply audit recommendations
+/claude-config optimize-settings --dry-run          # Preview only, no changes
+/claude-config optimize-settings --profile=reviewed # Apply named profile
+/claude-config optimize-settings --consolidate-only # Only merge/dedupe, no new rules
+```
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `--dry-run` | Preview changes without applying |
+| `--profile=NAME` | Apply named profile (`conservative`, `reviewed`, `autonomous`) |
+| `--consolidate-only` | Only deduplicate and merge patterns, don't add new rules |
+| `--no-backup` | Skip backup (not recommended) |
+
+## Workflow
+
+### Step 1: Run Audit Analysis
+
+Execute the same analysis as `/claude-config audit-settings`:
+1. Locate settings file
+2. Parse permission arrays
+3. Detect issues (duplicates, subsets, merge candidates, etc.)
+4. Verify active review layers
+5. Calculate current score
+
+### Step 2: Generate Optimization Plan
+
+Based on audit results, create a change plan:
+
+**For `--consolidate-only`:**
+- Remove exact duplicates
+- Remove subset patterns covered by broader patterns
+- Merge similar patterns (4+ threshold)
+- Remove stale patterns for non-existent paths
+- Remove conflicting allow entries that are already denied
+
+**For `--profile=NAME`:**
+- Calculate diff between current permissions and target profile
+- Show additions and removals
+- Preserve any custom deny rules not in profile
+
+**For default (full optimization):**
+- Apply all consolidation changes
+- Add recommended patterns based on verified review layers
+- Suggest profile alignment if appropriate
+
+### Step 3: Show Before/After Preview
+
+**MANDATORY:** Always show preview before applying changes.
+
+```
+Current Settings:
+  allow: [12 patterns]
+  deny: [4 patterns]
+
+Proposed Changes:
+
+  REMOVE from allow (redundant):
+    - Write(plugins/projman/*) [covered by Write(plugins/**)]
+    - Write(plugins/git-flow/*) [covered by Write(plugins/**)]
+    - Bash(git status) [covered by Bash(git *)]
+
+  ADD to allow (recommended):
+    + Bash(npm *) [2 review layers active]
+    + Bash(pytest *) [2 review layers active]
+
+  ADD to deny (security):
+    + Bash(curl * | bash*) [missing safety rule]
+
+After Optimization:
+  allow: [10 patterns]
+  deny: [5 patterns]
+
+Score Impact: 67/100 → 85/100 (+18 points)
+```
+
+### Step 4: Request User Approval
+
+Ask for confirmation before proceeding:
+
+```
+Apply these changes to .claude/settings.local.json?
+  [1] Yes, apply changes
+  [2] No, cancel
+  [3] Apply partial (select which changes)
+```
+
+### Step 5: Create Backup
+
+**Before any write operation:**
+
+```bash
+# Backup location
+.claude/backups/settings.local.json.{YYYYMMDD-HHMMSS}
+```
+
+Create the `.claude/backups/` directory if it doesn't exist.
+
+### Step 6: Apply Changes
+
+Write the optimized `settings.local.json` file.
+
+### Step 7: Verify
+
+Re-read the file and re-calculate the score to confirm improvement.
+
+```
+Optimization Complete!
+
+Backup saved: .claude/backups/settings.local.json.20260202-143022
+
+Settings Efficiency Score: 85/100 (+18 from 67)
+  Redundancy:       25/25 (+8)
+  Coverage:         22/25 (+5)
+  Safety Alignment: 23/25 (+3)
+  Profile Fit:      15/25 (+2)
+
+Changes applied:
+  - Removed 3 redundant patterns
+  - Added 2 recommended patterns
+  - Added 1 safety deny rule
+```
+
+## Profile Application
+
+When using `--profile=NAME`:
+
+### `conservative`
+```
+Switching to conservative profile...
+
+This profile:
+  - Allows: Read, Glob, Grep, LS, basic Bash commands
+  - Allows: Write/Edit only for docs/
+  - Denies: .env*, secrets/, rm -rf, sudo
+
+All other Write/Edit operations will prompt for approval.
+```
+
+### `reviewed`
+```
+Switching to reviewed profile...
+
+Prerequisites verified:
+  ✓ code-sentinel hook active (PreToolUse)
+  ✓ doc-guardian hook active (PostToolUse)
+  ✓ 2+ review layers detected
+
+This profile:
+  - Allows: All file operations (Edit, Write, MultiEdit)
+  - Allows: Scoped Bash commands (git, npm, python, etc.)
+  - Denies: .env*, secrets/, rm -rf, sudo, curl|bash
+```
+
+### `autonomous`
+```
+⚠️  WARNING: Autonomous profile requested
+
+This profile allows unscoped Bash execution.
+Only use in fully sandboxed environments (CI, containers).
+
+Confirm this is a sandboxed environment?
+  [1] Yes, this is sandboxed - apply autonomous profile
+  [2] No, cancel
+```
+
+## Safety Rules
+
+1. **ALWAYS backup before writing** (unless `--no-backup`)
+2. **NEVER remove deny rules without explicit confirmation**
+3. **NEVER add unscoped `Bash` to allow** — always use scoped patterns
+4. **Preview is MANDATORY** before applying changes
+5. **Verify review layers** before recommending broad permissions
+
+## Output Format
+
+### Dry Run Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+
+DRY RUN - No changes will be made
+
+[... preview content ...]
+
+To apply these changes, run:
+  /claude-config optimize-settings
+```
+
+### Applied Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+
+Optimization Applied Successfully
+
+Backup: .claude/backups/settings.local.json.20260202-143022
+
+[... summary of changes ...]
+
+Score: 67/100 → 85/100
+```
+
+## DO NOT
+
+- Apply changes without showing preview
+- Remove deny rules silently
+- Add unscoped `Bash` permission
+- Skip backup without explicit `--no-backup` flag
+- Apply `autonomous` profile without sandbox confirmation
+- Recommend broad permissions without verifying review layers
--- a/plugins/claude-config-maintainer/commands/claude-config-optimize.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-optimize.md
@@ -1,8 +1,9 @@
 ---
+name: claude-config optimize
 description: Optimize CLAUDE.md structure and content
 ---

-# Optimize CLAUDE.md
+# /claude-config optimize

 Automatically optimize CLAUDE.md based on best practices.

@@ -20,9 +21,9 @@ Display: `CONFIG-MAINTAINER - CLAUDE.md Optimization`
 ## Usage

 ```
-/config-optimize                # Full optimization
-/config-optimize --condense     # Reduce verbosity
-/config-optimize --dry-run      # Preview only
+/claude-config optimize                # Full optimization
+/claude-config optimize --condense     # Reduce verbosity
+/claude-config optimize --dry-run      # Preview only
 ```

 ## Workflow
--- a/plugins/claude-config-maintainer/commands/claude-config-permissions-map.md
+++ b/plugins/claude-config-maintainer/commands/claude-config-permissions-map.md
@@ -0,0 +1,243 @@
+---
+name: claude-config permissions-map
+description: Generate visual map of review layers and permission coverage
+---
+
+# /claude-config permissions-map
+
+Generate a Mermaid diagram showing the relationship between file operations, review layers, and permission status.
+
+## Skills to Load
+
+Before executing, load:
+- `skills/visual-header.md`
+- `skills/settings-optimization.md`
+
+Also read: `/mnt/skills/user/mermaid-diagrams/SKILL.md` (for diagram requirements)
+
+## Visual Output
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+
+```
+
+## Usage
+
+```
+/claude-config permissions-map           # Generate and display diagram
+/claude-config permissions-map --save    # Save diagram to .mermaid file
+```
+
+## Workflow
+
+### Step 1: Detect Active Hooks
+
+Read all plugin hooks from the marketplace:
+
+```
+plugins/code-sentinel/hooks/hooks.json
+plugins/git-flow/hooks/hooks.json
+plugins/cmdb-assistant/hooks/hooks.json
+plugins/clarity-assist/hooks/hooks.json
+```
+
+For each hook, extract:
+- Event type (PreToolUse, UserPromptSubmit)
+- Tool matchers (Write, Edit, MultiEdit, Bash patterns)
+- Hook command/script
+
+### Step 2: Map Hooks to File Scopes
+
+Create a mapping of which review layers cover which operations:
+
+| Operation | PreToolUse Hooks | Other Gates |
+|-----------|------------------|-------------|
+| Write | code-sentinel | PR review |
+| Edit | code-sentinel | PR review |
+| MultiEdit | code-sentinel | PR review |
+| Bash(git *) | git-flow | — |
+| MCP(netbox create/update) | cmdb-assistant | — |
+
+### Step 3: Read Current Permissions
+
+Load `.claude/settings.local.json` and parse:
+- `allow` array → auto-allowed operations
+- `deny` array → blocked operations
+- `ask` array → always-prompted operations
+
+### Step 4: Generate Mermaid Flowchart
+
+**Diagram requirements (from mermaid-diagrams skill):**
+- Use `classDef` for styling
+- Maximum 3 colors (blue, green, amber/purple)
+- Semantic arrow labels
+- Left-to-right flow
+
+**Structure:**
+
+```mermaid
+flowchart LR
+    subgraph ops[File Operations]
+        direction TB
+        W[Write]
+        E[Edit]
+        ME[MultiEdit]
+        BG[Bash git]
+        BN[Bash npm]
+        BO[Bash other]
+    end
+
+    subgraph pre[PreToolUse Hooks]
+        direction TB
+        CS[code-sentinel<br/>Security Scan]
+        GF[git-flow<br/>Branch Check]
+        CA[clarity-assist<br/>Prompt Quality]
+    end
+
+    subgraph perm[Permission Status]
+        direction TB
+        AA[Auto-Allowed]
+        PR[Prompted]
+        DN[Denied]
+    end
+
+    W -->|intercepted| CS
+    E -->|intercepted| CS
+    BG -->|checked| GF
+
+    CS -->|passed| AA
+    GF -->|valid| AA
+    BO -->|no hook| PR
+
+    classDef preHook fill:#e3f2fd,stroke:#1976d2
+    classDef quality fill:#fff3e0,stroke:#f57c00
+    classDef prReview fill:#f3e5f5,stroke:#7b1fa2
+    classDef allowed fill:#c8e6c9,stroke:#2e7d32
+    classDef prompted fill:#fff9c4,stroke:#f9a825
+    classDef denied fill:#ffcdd2,stroke:#c62828
+
+    class CS,GF preHook
+    class CA quality
+    class AA allowed
+    class PR prompted
+    class DN denied
+```
+
+### Step 5: Generate Coverage Summary Table
+
+```
+Review Layer Coverage Summary
+=============================
+
+| Directory Scope          | Layers | Status          | Recommendation |
+|--------------------------|--------|-----------------|----------------|
+| plugins/*/commands/*.md  |   3    | ✓ Auto-allowed  | — |
+| plugins/*/skills/*.md    |   2    | ✓ Auto-allowed  | — |
+| mcp-servers/**/*.py      |   3    | ✓ Auto-allowed  | — |
+| docs/**                  |   2    | ✓ Auto-allowed  | — |
+| scripts/*.sh             |   2    | ⚠ Prompted      | Consider auto-allow |
+| .env*                    |   0    | ✗ Denied        | Correct - secrets |
+| Root directory           |   1    | ⚠ Prompted      | Keep prompted |
+
+Legend:
+  ✓ = Covered by ≥2 review layers, auto-allowed
+  ⚠ = Fewer than 2 layers or not allowed
+  ✗ = Explicitly denied
+```
+
+### Step 6: Identify Gaps
+
+Report any gaps in coverage:
+
+```
+Coverage Gaps Detected:
+  1. Bash(npm *) — not in allow list, but npm operations are common
+     → 2 review layers active, could be auto-allowed
+
+  2. mcp__data-platform__* — MCP server configured but tools not allowed
+     → Add to allow list to avoid prompts
+
+  3. scripts/*.sh — 2 review layers but still prompted
+     → Consider adding Write(scripts/**) to allow
+```
+
+### Step 7: Output Diagram
+
+Display the Mermaid diagram inline.
+
+If `--save` flag is used:
+- Save to `.claude/permissions-map.mermaid`
+- Report the file path
+
+## Output Format
+
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+
+
+Review Layer Status
+===================
+
+PreToolUse Hooks (intercept before operation):
+  ✓ code-sentinel — Write, Edit, MultiEdit
+  ✓ git-flow — Bash(git checkout *), Bash(git commit *)
+  ✓ cmdb-assistant — MCP(netbox create/update)
+
+UserPromptSubmit Hooks (check prompt quality):
+  ✓ clarity-assist — vagueness detection
+
+Other Review Gates:
+  ✓ Sprint Approval (projman milestone workflow)
+  ✓ PR Review (pr-review multi-agent)
+
+Permissions Flow Diagram
+========================
+
+```mermaid
+[diagram here]
+```
+
+Coverage Summary
+================
+
+[table here]
+
+Gaps & Recommendations
+======================
+
+[gaps list here]
+```
+
+## File Output (--save flag)
+
+When `--save` is specified:
+
+```
+Diagram saved to: .claude/permissions-map.mermaid
+
+To view:
+  - Open in VS Code with Mermaid extension
+  - Paste into https://mermaid.live
+  - Include in documentation with ```mermaid code fence
+```
+
+## Color Scheme
+
+| Element | Color | Hex |
+|---------|-------|-----|
+| PreToolUse hooks | Blue | #e3f2fd |
+| Sprint/Planning gates | Amber | #fff3e0 |
+| PR Review | Purple | #f3e5f5 |
+| Auto-allowed | Light green | #c8e6c9 |
+| Prompted | Light yellow | #fff9c4 |
+| Denied | Light red | #ffcdd2 |
+
+## DO NOT
+
+- Generate diagrams without reading the mermaid-diagrams skill
+- Use more than 3 primary colors in the diagram
+- Skip the coverage summary table
+- Fail to identify coverage gaps
--- a/plugins/claude-config-maintainer/commands/claude-config.md
+++ b/plugins/claude-config-maintainer/commands/claude-config.md
@@ -0,0 +1,20 @@
+---
+description: CLAUDE.md and settings optimization
+---
+
+# /claude-config
+
+CLAUDE.md and settings.local.json optimization for Claude Code projects.
+
+## Sub-commands
+
+| Sub-command | Description |
+|-------------|-------------|
+| `/claude-config analyze` | Analyze CLAUDE.md for optimization opportunities |
+| `/claude-config optimize` | Optimize CLAUDE.md structure with preview/backup |
+| `/claude-config init` | Initialize new CLAUDE.md for a project |
+| `/claude-config diff` | Track CLAUDE.md changes over time with behavioral impact |
+| `/claude-config lint` | Lint CLAUDE.md for anti-patterns and best practices |
+| `/claude-config audit-settings` | Audit settings.local.json permissions (100-point score) |
+| `/claude-config optimize-settings` | Optimize permissions (profiles, consolidation, dry-run) |
+| `/claude-config permissions-map` | Visual review layer + permission coverage map |
--- a/plugins/claude-config-maintainer/hooks/enforce-rules.sh
+++ b/plugins/claude-config-maintainer/hooks/enforce-rules.sh
@@ -1,68 +0,0 @@
-#!/bin/bash
-# claude-config-maintainer: enforce mandatory behavior rules
-# Checks if CLAUDE.md has the rules, adds them if missing
-
-PREFIX="[claude-config-maintainer]"
-
-# Find CLAUDE.md in current directory or parent
-CLAUDE_MD=""
-if [ -f "./CLAUDE.md" ]; then
-    CLAUDE_MD="./CLAUDE.md"
-elif [ -f "../CLAUDE.md" ]; then
-    CLAUDE_MD="../CLAUDE.md"
-fi
-
-# If no CLAUDE.md found, exit silently
-if [ -z "$CLAUDE_MD" ]; then
-    exit 0
-fi
-
-# Check if mandatory rules exist
-if grep -q "MANDATORY BEHAVIOR RULES" "$CLAUDE_MD" 2>/dev/null; then
-    # Rules exist, all good
-    exit 0
-fi
-
-# Rules missing - add them
-RULES='## ⛔ MANDATORY BEHAVIOR RULES - READ FIRST
-
-**These rules are NON-NEGOTIABLE. Violating them wastes the user'\''s time and money.**
-
-### 1. WHEN USER ASKS YOU TO CHECK SOMETHING - CHECK EVERYTHING
- Search ALL locations, not just where you think it is
- Check cache directories: `~/.claude/plugins/cache/`
- Check installed: `~/.claude/plugins/marketplaces/`
- Check source directories
- **NEVER say "no" or "that'\''s not the issue" without exhaustive verification**
-
-### 2. WHEN USER SAYS SOMETHING IS WRONG - BELIEVE THEM
- The user knows their system better than you
- Investigate thoroughly before disagreeing
- **Your confidence is often wrong. User'\''s instincts are often right.**
-
-### 3. NEVER SAY "DONE" WITHOUT VERIFICATION
- Run the actual command/script to verify
- Show the output to the user
- **"Done" means VERIFIED WORKING, not "I made changes"**
-
-### 4. SHOW EXACTLY WHAT USER ASKS FOR
- If user asks for messages, show the MESSAGES
- If user asks for code, show the CODE
- **Do not interpret or summarize unless asked**
-
-**FAILURE TO FOLLOW THESE RULES = WASTED USER TIME = UNACCEPTABLE**
-
---
-
-'
-
-# Create temp file with rules + existing content
-{
-    head -1 "$CLAUDE_MD"
-    echo ""
-    echo "$RULES"
-    tail -n +2 "$CLAUDE_MD"
-} > "${CLAUDE_MD}.tmp"
-
-mv "${CLAUDE_MD}.tmp" "$CLAUDE_MD"
-echo "$PREFIX Added mandatory behavior rules to CLAUDE.md"
--- a/plugins/claude-config-maintainer/hooks/hooks.json
+++ b/plugins/claude-config-maintainer/hooks/hooks.json
@@ -1,15 +0,0 @@
-{
-  "hooks": {
-    "SessionStart": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/enforce-rules.sh"
-          }
-        ]
-      }
-    ]
-  }
-}
--- a/plugins/claude-config-maintainer/skills/diff-analysis.md
+++ b/plugins/claude-config-maintainer/skills/diff-analysis.md
@@ -6,7 +6,7 @@ This skill defines how to analyze and present CLAUDE.md differences.

 | Mode | Command | Description |
 |------|---------|-------------|
-| Working vs HEAD | `/config-diff` | Uncommitted changes |
+| Working vs HEAD | `/claude-config diff` | Uncommitted changes |
 | Working vs Commit | `--commit=REF` | Changes since specific point |
 | Commit to Commit | `--from=X --to=Y` | Historical comparison |
 | Branch Comparison | `--branch=NAME` | Cross-branch differences |
--- a/plugins/claude-config-maintainer/skills/settings-optimization.md
+++ b/plugins/claude-config-maintainer/skills/settings-optimization.md
@@ -0,0 +1,377 @@
+# Settings Optimization Skill
+
+This skill provides comprehensive knowledge for auditing and optimizing Claude Code `settings.local.json` permission configurations.
+
+---
+
+## Section 1: Settings File Locations & Format
+
+Claude Code uses two configuration formats for permissions:
+
+### Newer Format (Recommended)
+
+**Primary target:** `.claude/settings.local.json` (project-local, gitignored)
+
+**Secondary locations:**
+- `.claude/settings.json` (shared, committed)
+- `~/.claude.json` (legacy global config)
+
+```json
+{
+  "permissions": {
+    "allow": ["Edit", "Write(plugins/**)", "Bash(git *)"],
+    "deny": ["Read(.env*)", "Bash(rm *)"],
+    "ask": ["Bash(pip install *)"]
+  }
+}
+```
+
+**Field meanings:**
+- `allow`: Operations auto-approved without prompting
+- `deny`: Operations blocked entirely
+- `ask`: Operations that always prompt (overrides allow)
+
+### Legacy Format
+
+Found in `~/.claude.json` with per-project entries:
+
+```json
+{
+  "projects": {
+    "/path/to/project": {
+      "allowedTools": ["Read", "Write", "Bash(git *)"]
+    }
+  }
+}
+```
+
+**Detection strategy:**
+1. Check `.claude/settings.local.json` first (primary)
+2. Check `.claude/settings.json` (shared)
+3. Check `~/.claude.json` for project entry (legacy)
+4. Report which format is in use
+
+---
+
+## Section 2: Permission Rule Syntax Reference
+
+| Pattern | Meaning |
+|---------|---------|
+| `Tool` or `Tool(*)` | Allow all uses of that tool |
+| `Bash(npm run build)` | Exact command match |
+| `Bash(npm run test *)` | Prefix match (space+asterisk = word boundary) |
+| `Bash(npm*)` | Prefix match without word boundary |
+| `Write(plugins/**)` | Glob — all files recursively under `plugins/` |
+| `Write(plugins/projman/*)` | Glob — direct children only |
+| `Read(.env*)` | Pattern matching `.env`, `.env.local`, etc. |
+| `mcp__gitea__*` | All tools from the gitea MCP server |
+| `mcp__netbox__list_*` | Specific MCP tool pattern |
+| `WebFetch(domain:github.com)` | Domain-restricted web fetch |
+
+### Important Nuances
+
+**Word boundary matching:**
+- `Bash(ls *)` (with space) matches `ls -la` but NOT `lsof`
+- `Bash(ls*)` (no space) matches both `ls -la` AND `lsof`
+
+**Precedence rules:**
+- `deny` rules take precedence over `allow` rules
+- `ask` rules override both (always prompts even if allowed)
+- More specific patterns do NOT override broader patterns
+
+**Command operators:**
+- Piped commands (`cmd1 | cmd2`) may not match individual command rules (known Claude Code limitation)
+- Shell operators (`&&`, `||`) — Claude Code is aware of these and won't let prefix rules bypass them
+- Commands with redirects (`>`, `>>`, `<`) are evaluated as complete strings
+
+---
+
+## Section 3: Pattern Consolidation Rules
+
+The audit detects these optimization opportunities:
+
+| Issue | Example | Recommendation |
+|-------|---------|----------------|
+| **Exact duplicates** | `Write(plugins/**)` listed twice | Remove duplicate |
+| **Subset redundancy** | `Write(plugins/projman/*)` when `Write(plugins/**)` exists | Remove the narrower pattern — already covered |
+| **Merge candidates** | `Write(plugins/projman/*)`, `Write(plugins/git-flow/*)`, `Write(plugins/pr-review/*)` ... (4+ similar patterns) | Merge to `Write(plugins/**)` |
+| **Overly broad** | `Bash` (no specifier = allows ALL bash) | Flag as security concern, suggest scoped patterns |
+| **Stale patterns** | `Write(plugins/old-plugin/**)` for a plugin that no longer exists | Remove stale entry |
+| **Missing MCP permissions** | MCP servers in `.mcp.json` but no `mcp__servername__*` in allow | Suggest adding if server is trusted |
+| **Conflicting rules** | Same pattern in both `allow` and `deny` | Flag conflict — deny wins, but allow is dead weight |
+
+### Consolidation Algorithm
+
+1. **Deduplicate:** Remove exact duplicates from each array
+2. **Subset elimination:** For each pattern, check if a broader pattern exists
+   - `Write(plugins/projman/*)` is subset of `Write(plugins/**)`
+   - `Bash(git status)` is subset of `Bash(git *)`
+3. **Merge detection:** If 4+ patterns share a common prefix, suggest merge
+   - Threshold: 4 patterns minimum before suggesting consolidation
+4. **Stale detection:** Cross-reference file patterns against actual filesystem
+5. **Conflict detection:** Check for patterns appearing in multiple arrays
+
+---
+
+## Section 4: Review-Layer-Aware Recommendations
+
+This is the key section. Map upstream review processes to directory scopes:
+
+| Directory Scope | Active Review Layers | Auto-Allow Recommendation |
+|----------------|---------------------|---------------------------|
+| `plugins/*/commands/*.md` | Sprint approval, PR review | `Write(plugins/*/commands/**)` — 2 layers cover this |
+| `plugins/*/skills/*.md` | Sprint approval, PR review | `Write(plugins/*/skills/**)` — 2 layers |
+| `plugins/*/agents/*.md` | Sprint approval, PR review | `Write(plugins/*/agents/**)` — 2 layers |
+| `mcp-servers/*/mcp_server/*.py` | Code-sentinel PreToolUse, sprint approval, PR review | `Write(mcp-servers/**)` + `Edit(mcp-servers/**)` — sentinel catches secrets |
+| `docs/*.md` | PR review | `Write(docs/**)` + `Edit(docs/**)` — with caution flag |
+| `.claude-plugin/*.json` | validate-marketplace.sh, PR review | `Write(.claude-plugin/**)` |
+| `scripts/*.sh` | Code-sentinel, PR review | `Write(scripts/**)` — with caution flag |
+| `CLAUDE.md`, `CHANGELOG.md`, `README.md` | PR review | `Write(CLAUDE.md)`, `Write(CHANGELOG.md)`, `Write(README.md)` |
+
+### Critical Rule: Hook Verification
+
+**Before recommending auto-allow for a scope, the agent MUST verify the hook is actually configured.**
+
+Read the relevant `plugins/*/hooks/hooks.json` file:
+- If code-sentinel's hook is missing or disabled, do NOT recommend auto-allowing `mcp-servers/**` writes
+- If git-flow's hook is missing, do NOT recommend auto-allowing `Bash(git *)` operations
+- If cmdb-assistant's hook is missing, do NOT recommend auto-allowing MCP netbox create/update operations
+- Count the number of verified review layers before making recommendations
+
+**Minimum threshold:** Only recommend auto-allow for scopes with ≥2 verified review layers.
+
+---
+
+## Section 5: Permission Profiles
+
+Three named profiles for different project contexts:
+
+### `conservative` (Default for New Users)
+
+Minimal permissions, prompts for most write operations:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Glob",
+      "Grep",
+      "LS",
+      "Write(docs/**)",
+      "Edit(docs/**)",
+      "Bash(git status *)",
+      "Bash(git diff *)",
+      "Bash(git log *)",
+      "Bash(cat *)",
+      "Bash(ls *)",
+      "Bash(head *)",
+      "Bash(tail *)",
+      "Bash(wc *)",
+      "Bash(grep *)"
+    ],
+    "deny": [
+      "Read(.env*)",
+      "Read(./secrets/**)",
+      "Bash(rm -rf *)",
+      "Bash(sudo *)"
+    ]
+  }
+}
+```
+
+### `reviewed` (Projects with ≥2 Upstream Review Layers)
+
+This is the target profile for projects using the marketplace's multi-layer review architecture:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Glob",
+      "Grep",
+      "LS",
+      "Edit",
+      "Write",
+      "MultiEdit",
+      "Bash(git *)",
+      "Bash(python *)",
+      "Bash(pip install *)",
+      "Bash(cd *)",
+      "Bash(cat *)",
+      "Bash(ls *)",
+      "Bash(head *)",
+      "Bash(tail *)",
+      "Bash(wc *)",
+      "Bash(grep *)",
+      "Bash(find *)",
+      "Bash(mkdir *)",
+      "Bash(cp *)",
+      "Bash(mv *)",
+      "Bash(touch *)",
+      "Bash(chmod *)",
+      "Bash(source *)",
+      "Bash(echo *)",
+      "Bash(sed *)",
+      "Bash(awk *)",
+      "Bash(sort *)",
+      "Bash(uniq *)",
+      "Bash(diff *)",
+      "Bash(jq *)",
+      "Bash(npm *)",
+      "Bash(npx *)",
+      "Bash(node *)",
+      "Bash(pytest *)",
+      "Bash(python -m *)",
+      "Bash(./scripts/*)",
+      "WebFetch",
+      "WebSearch"
+    ],
+    "deny": [
+      "Read(.env*)",
+      "Read(./secrets/**)",
+      "Bash(rm -rf *)",
+      "Bash(sudo *)",
+      "Bash(curl * | bash*)",
+      "Bash(wget * | bash*)"
+    ]
+  }
+}
+```
+
+### `autonomous` (Trusted CI/Sandboxed Environments Only)
+
+Maximum permissions for automated environments:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Glob",
+      "Grep",
+      "LS",
+      "Edit",
+      "Write",
+      "MultiEdit",
+      "Bash",
+      "WebFetch",
+      "WebSearch"
+    ],
+    "deny": [
+      "Read(.env*)",
+      "Read(./secrets/**)",
+      "Bash(rm -rf /)",
+      "Bash(sudo *)"
+    ]
+  }
+}
+```
+
+**Warning:** The `autonomous` profile allows unscoped `Bash` — only use in fully sandboxed environments.
+
+---
+
+## Section 6: Scoring Criteria (Settings Efficiency Score — 100 points)
+
+| Category | Points | What It Measures |
+|----------|--------|------------------|
+| **Redundancy** | 25 | No duplicates, no subset patterns, merged where possible |
+| **Coverage** | 25 | Common tools allowed, MCP servers covered, no unnecessary gaps |
+| **Safety Alignment** | 25 | Deny rules cover secrets, destructive commands; review layers verified |
+| **Profile Fit** | 25 | How close to recommended profile for the project's review layer count |
+
+### Scoring Breakdown
+
+**Redundancy (25 points):**
+- 25: No duplicates, no subsets, patterns are consolidated
+- 20: 1-2 minor redundancies
+- 15: 3-5 redundancies or 1 merge candidate group
+- 10: 6+ redundancies or 2+ merge candidate groups
+- 5: Significant redundancy (10+ issues)
+- 0: Severe redundancy (20+ issues)
+
+**Coverage (25 points):**
+- 25: All common tools allowed, MCP servers covered
+- 20: Missing 1-2 common tool patterns
+- 15: Missing 3-5 patterns or 1 MCP server
+- 10: Missing 6+ patterns or 2+ MCP servers
+- 5: Significant gaps causing frequent prompts
+- 0: Minimal coverage (prompts on most operations)
+
+**Safety Alignment (25 points):**
+- 25: Deny rules cover secrets + destructive ops, review layers verified
+- 20: Minor gaps (e.g., missing one secret pattern)
+- 15: Overly broad allow without review layer coverage
+- 10: Missing deny rules for secrets or destructive commands
+- 5: Unsafe patterns without review layer justification
+- 0: Security concerns (e.g., unscoped `Bash` without review layers)
+
+**Profile Fit (25 points):**
+- 25: Matches recommended profile exactly
+- 20: Within 90% of recommended profile
+- 15: Within 80% of recommended profile
+- 10: Within 70% of recommended profile
+- 5: Significant deviation from recommended profile
+- 0: No alignment with any named profile
+
+### Score Interpretation
+
+| Score Range | Status | Meaning |
+|-------------|--------|---------|
+| 90-100 | Optimized | Minimal prompt interruptions, safety maintained |
+| 70-89 | Good | Minor consolidation opportunities |
+| 50-69 | Needs Work | Significant redundancy or missing permissions |
+| Below 50 | Poor | Likely getting constant approval prompts unnecessarily |
+
+---
+
+## Section 7: Hook Detection Method
+
+To verify which review layers are active, read these files:
+
+| File | Hook Type | Tool Matcher | Purpose |
+|------|-----------|--------------|---------|
+| `plugins/code-sentinel/hooks/hooks.json` | PreToolUse | Write\|Edit\|MultiEdit | Blocks hardcoded secrets |
+| `plugins/git-flow/hooks/hooks.json` | PreToolUse | Bash | Branch naming + commit format |
+| `plugins/cmdb-assistant/hooks/hooks.json` | PreToolUse | MCP create/update | NetBox input validation |
+| `plugins/clarity-assist/hooks/hooks.json` | UserPromptSubmit | (all prompts) | Vagueness detection |
+
+### Verification Process
+
+1. **Read each hooks.json file**
+2. **Parse the JSON to find hook configurations**
+3. **Check the `type` field** — must be `"command"` (not `"prompt"`)
+4. **Check the `event` field** — maps to when hook runs
+5. **Check the `tools` array** — which operations are intercepted
+6. **Verify plugin is in marketplace** — check `.claude-plugin/marketplace.json`
+
+### Example Hook Structure
+
+```json
+{
+  "hooks": [
+    {
+      "event": "PreToolUse",
+      "type": "command",
+      "command": "./hooks/security-check.sh",
+      "tools": ["Write", "Edit", "MultiEdit"]
+    }
+  ]
+}
+```
+
+### Review Layer Count
+
+Count verified review layers for each scope:
+
+| Layer | Verification |
+|-------|-------------|
+| Sprint approval | Check if projman plugin is installed (milestone workflow) |
+| PR review | Check if pr-review plugin is installed |
+| code-sentinel PreToolUse | hooks.json exists with PreToolUse on Write/Edit/MultiEdit |
+| git-flow PreToolUse | hooks.json exists with PreToolUse on Bash |
+| cmdb-assistant PreToolUse | hooks.json exists with PreToolUse on MCP create/update |
+
+**Recommendation threshold:** Only recommend auto-allow for scopes with ≥2 verified layers.
--- a/plugins/claude-config-maintainer/skills/visual-header.md
+++ b/plugins/claude-config-maintainer/skills/visual-header.md
@@ -12,41 +12,62 @@ This skill defines the standard visual header for claude-config-maintainer comma

 ## Command-Specific Headers

-### /config-analyze
+### /claude-config analyze
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - CLAUDE.md Analysis                          |
 +-----------------------------------------------------------------+
 ```

-### /config-optimize
+### /claude-config optimize
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - CLAUDE.md Optimization                      |
 +-----------------------------------------------------------------+
 ```

-### /config-lint
+### /claude-config lint
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - CLAUDE.md Lint                              |
 +-----------------------------------------------------------------+
 ```

-### /config-diff
+### /claude-config diff
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - CLAUDE.md Diff                              |
 +-----------------------------------------------------------------+
 ```

-### /config-init
+### /claude-config init
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - CLAUDE.md Initialization                    |
 +-----------------------------------------------------------------+
 ```

+### /claude-config audit-settings
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Audit                              |
+-----------------------------------------------------------------+
+```
+
+### /claude-config optimize-settings
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+
+```
+
+### /claude-config permissions-map
+```
+-----------------------------------------------------------------+
+|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+
+```
+
 ## Usage

 Display the header at the start of command execution, before any analysis or output.
--- a/plugins/cmdb-assistant/.claude-plugin/metadata.json
+++ b/plugins/cmdb-assistant/.claude-plugin/metadata.json
@@ -0,0 +1 @@
+{"mcp_servers": ["netbox"]}
--- a/plugins/cmdb-assistant/.claude-plugin/plugin.json
+++ b/plugins/cmdb-assistant/.claude-plugin/plugin.json
@@ -19,5 +19,8 @@
    "data-quality",
    "validation"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "ops"
 }
--- a/plugins/cmdb-assistant/agents/cmdb-assistant.md
+++ b/plugins/cmdb-assistant/agents/cmdb-assistant.md
@@ -1,3 +1,10 @@
+---
+name: cmdb-assistant
+description: Infrastructure management assistant specialized in NetBox CMDB operations. Use for device management, IP addressing, and infrastructure queries.
+model: sonnet
+permissionMode: default
+---
+
 # CMDB Assistant Agent

 You are an infrastructure management assistant specialized in NetBox CMDB operations.
@@ -90,13 +97,13 @@ ipam_list_prefixes prefix=<proposed-prefix>

 | Command | Purpose |
 |---------|---------|
-| `/cmdb-search <query>` | Search across all CMDB objects |
-| `/cmdb-device <action>` | Device CRUD operations |
-| `/cmdb-ip <action>` | IP address and prefix management |
-| `/cmdb-site <action>` | Site and location management |
-| `/cmdb-audit [scope]` | Data quality analysis |
-| `/cmdb-register` | Register current machine |
-| `/cmdb-sync` | Sync machine state with NetBox |
-| `/cmdb-topology <view>` | Generate infrastructure diagrams |
-| `/change-audit [filters]` | Audit NetBox changes |
-| `/ip-conflicts [scope]` | Detect IP conflicts |
+| `/cmdb search <query>` | Search across all CMDB objects |
+| `/cmdb device <action>` | Device CRUD operations |
+| `/cmdb ip <action>` | IP address and prefix management |
+| `/cmdb site <action>` | Site and location management |
+| `/cmdb audit [scope]` | Data quality analysis |
+| `/cmdb register` | Register current machine |
+| `/cmdb sync` | Sync machine state with NetBox |
+| `/cmdb topology <view>` | Generate infrastructure diagrams |
+| `/cmdb change-audit [filters]` | Audit NetBox changes |
+| `/cmdb ip-conflicts [scope]` | Detect IP conflicts |
--- a/plugins/cmdb-assistant/claude-md-integration.md
+++ b/plugins/cmdb-assistant/claude-md-integration.md
@@ -6,10 +6,10 @@ This project uses the **cmdb-assistant** plugin for NetBox CMDB integration to m

 | Command | Description |
 |---------|-------------|
-| `/cmdb-search` | Search across all NetBox objects |
-| `/cmdb-device` | Manage devices (create, update, list) |
-| `/cmdb-ip` | Manage IP addresses and prefixes |
-| `/cmdb-site` | Manage sites and locations |
+| `/cmdb search` | Search across all NetBox objects |
+| `/cmdb device` | Manage devices (create, update, list) |
+| `/cmdb ip` | Manage IP addresses and prefixes |
+| `/cmdb site` | Manage sites and locations |

 ### MCP Tools Available

@@ -32,9 +32,9 @@ The following NetBox MCP tools are available for infrastructure management:
 - `ipam_list_available_ips`, `ipam_create_available_ip` - IP allocation

 **Virtualization:**
- `virtualization_list_virtual_machines`, `virtualization_create_virtual_machine` - VM management
- `virtualization_list_clusters`, `virtualization_create_cluster` - Cluster management
- `virtualization_list_vm_interfaces` - VM interface management
+- `virt_list_vms`, `virt_create_vm`, `virt_update_vm`, `virt_delete_vm` - VM management
+- `virt_list_clusters`, `virt_create_cluster`, `virt_update_cluster`, `virt_delete_cluster` - Cluster management
+- `virt_list_vm_ifaces`, `virt_create_vm_iface` - VM interface management

 **Circuits:**
 - `circuits_list_circuits`, `circuits_create_circuit` - Circuit management
--- a/plugins/cmdb-assistant/commands/cmdb-audit.md
+++ b/plugins/cmdb-assistant/commands/cmdb-audit.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb audit
 description: Audit NetBox data quality and identify consistency issues
 ---

-# CMDB Data Quality Audit
+# /cmdb audit

 Analyze NetBox data for quality issues and best practice violations.

@@ -16,7 +17,7 @@ Analyze NetBox data for quality issues and best practice violations.
 ## Usage

 ```
-/cmdb-audit [scope]
+/cmdb audit [scope]
 ```

 **Scopes:**
@@ -49,9 +50,9 @@ Execute `skills/audit-workflow.md` which covers:

 ## Examples

- `/cmdb-audit` - Full audit
- `/cmdb-audit vms` - VM-specific checks
- `/cmdb-audit naming` - Naming conventions
+- `/cmdb audit` - Full audit
+- `/cmdb audit vms` - VM-specific checks
+- `/cmdb audit naming` - Naming conventions

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-change-audit.md
+++ b/plugins/cmdb-assistant/commands/cmdb-change-audit.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb change-audit
 description: Audit NetBox changes with filtering by date, user, or object type
 ---

-# CMDB Change Audit
+# /cmdb change-audit

 Query and analyze the NetBox audit log for change tracking and compliance.

@@ -15,7 +16,7 @@ Query and analyze the NetBox audit log for change tracking and compliance.
 ## Usage

 ```
-/change-audit [filters]
+/cmdb change-audit [filters]
 ```

 **Filters:**
@@ -46,11 +47,11 @@ If user asks for "security audit" or "compliance report":

 ## Examples

- `/change-audit` - Recent changes (last 24 hours)
- `/change-audit last 7 days` - Past week
- `/change-audit by admin` - All changes by admin
- `/change-audit type dcim.device` - Device changes only
- `/change-audit action delete` - All deletions
+- `/cmdb change-audit` - Recent changes (last 24 hours)
+- `/cmdb change-audit last 7 days` - Past week
+- `/cmdb change-audit by admin` - All changes by admin
+- `/cmdb change-audit type dcim.device` - Device changes only
+- `/cmdb change-audit action delete` - All deletions

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-device.md
+++ b/plugins/cmdb-assistant/commands/cmdb-device.md
@@ -1,4 +1,8 @@
-# CMDB Device Management
+---
+name: cmdb device
+---
+
+# /cmdb device

 Manage network devices in NetBox.

@@ -10,7 +14,7 @@ Manage network devices in NetBox.
 ## Usage

 ```
-/cmdb-device <action> [options]
+/cmdb device <action> [options]
 ```

 ## Instructions
@@ -45,10 +49,10 @@ After creating a device, offer to:

 ## Examples

- `/cmdb-device list`
- `/cmdb-device show core-router-01`
- `/cmdb-device create web-server-03`
- `/cmdb-device at headquarters`
+- `/cmdb device list`
+- `/cmdb device show core-router-01`
+- `/cmdb device create web-server-03`
+- `/cmdb device at headquarters`

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-ip-conflicts.md
+++ b/plugins/cmdb-assistant/commands/cmdb-ip-conflicts.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb ip-conflicts
 description: Detect IP address conflicts and overlapping prefixes in NetBox
 ---

-# CMDB IP Conflict Detection
+# /cmdb ip-conflicts

 Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes.

@@ -15,7 +16,7 @@ Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes.
 ## Usage

 ```
-/ip-conflicts [scope]
+/cmdb ip-conflicts [scope]
 ```

 **Scopes:**
@@ -49,9 +50,9 @@ Execute conflict detection from `skills/ip-management.md`:

 ## Examples

- `/ip-conflicts` - Full scan
- `/ip-conflicts addresses` - Duplicate IPs only
- `/ip-conflicts vrf Production` - Scan specific VRF
+- `/cmdb ip-conflicts` - Full scan
+- `/cmdb ip-conflicts addresses` - Duplicate IPs only
+- `/cmdb ip-conflicts vrf Production` - Scan specific VRF

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-ip.md
+++ b/plugins/cmdb-assistant/commands/cmdb-ip.md
@@ -1,4 +1,8 @@
-# CMDB IP Management
+---
+name: cmdb ip
+---
+
+# /cmdb ip

 Manage IP addresses and prefixes in NetBox.

@@ -11,7 +15,7 @@ Manage IP addresses and prefixes in NetBox.
 ## Usage

 ```
-/cmdb-ip <action> [options]
+/cmdb ip <action> [options]
 ```

 ## Instructions
@@ -42,10 +46,10 @@ Execute operations from `skills/ip-management.md`.

 ## Examples

- `/cmdb-ip prefixes`
- `/cmdb-ip available in 10.0.1.0/24`
- `/cmdb-ip allocate from 10.0.1.0/24`
- `/cmdb-ip assign 10.0.1.50/24 to web-server-01 eth0`
+- `/cmdb ip prefixes`
+- `/cmdb ip available in 10.0.1.0/24`
+- `/cmdb ip allocate from 10.0.1.0/24`
+- `/cmdb ip assign 10.0.1.50/24 to web-server-01 eth0`

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-register.md
+++ b/plugins/cmdb-assistant/commands/cmdb-register.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb register
 description: Register the current machine into NetBox with all running applications
 ---

-# CMDB Machine Registration
+# /cmdb register

 Register the current machine into NetBox, including hardware info, network interfaces, and running applications.

@@ -17,7 +18,7 @@ Register the current machine into NetBox, including hardware info, network inter
 ## Usage

 ```
-/cmdb-register [--site <site-name>] [--tenant <tenant-name>] [--role <role-name>]
+/cmdb register [--site <site-name>] [--tenant <tenant-name>] [--role <role-name>]
 ```

 **Options:**
@@ -41,7 +42,7 @@ Execute `skills/device-registration.md` which covers:

 | Error | Action |
 |-------|--------|
-| Device already exists | Suggest `/cmdb-sync` or ask to proceed |
+| Device already exists | Suggest `/cmdb sync` or ask to proceed |
 | Site not found | List available sites, offer to create new |
 | Docker not available | Skip container registration, note in summary |
 | Permission denied | Note which operations failed, suggest fixes |
--- a/plugins/cmdb-assistant/commands/cmdb-search.md
+++ b/plugins/cmdb-assistant/commands/cmdb-search.md
@@ -1,4 +1,8 @@
-# CMDB Search
+---
+name: cmdb search
+---
+
+# /cmdb search

 ## Visual Output

@@ -17,7 +21,7 @@ Search NetBox for devices, IPs, sites, or any CMDB object.
 ## Usage

 ```
-/cmdb-search <query>
+/cmdb search <query>
 ```

 ## Instructions
@@ -31,15 +35,15 @@ When the user provides a search query, determine the best approach:
 3. **Site search**: Use `dcim_list_sites` with name filter
 4. **Prefix search**: Use `ipam_list_prefixes` with prefix or within filter
 5. **VLAN search**: Use `ipam_list_vlans` with vid or name filter
-6. **VM search**: Use `virtualization_list_virtual_machines` with name filter
+6. **VM search**: Use `virt_list_vms` with name filter

 For broad searches, query multiple endpoints and consolidate results.

 ## Examples

- `/cmdb-search router` - Find all devices with "router" in the name
- `/cmdb-search 10.0.1.0/24` - Find prefix and IPs within it
- `/cmdb-search datacenter` - Find sites matching "datacenter"
+- `/cmdb search router` - Find all devices with "router" in the name
+- `/cmdb search 10.0.1.0/24` - Find prefix and IPs within it
+- `/cmdb search datacenter` - Find sites matching "datacenter"

 ## User Query

--- a/plugins/cmdb-assistant/commands/initial-setup.md
+++ b/plugins/cmdb-assistant/commands/initial-setup.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb setup
 description: Interactive setup wizard for cmdb-assistant plugin
 ---

-# CMDB Assistant Setup Wizard
+# /cmdb setup

 Configure the cmdb-assistant plugin with NetBox integration.

@@ -18,7 +19,7 @@ Configure the cmdb-assistant plugin with NetBox integration.
 ## Usage

 ```
-/initial-setup
+/cmdb setup
 ```

 ## Instructions
@@ -63,10 +64,10 @@ System Config:         ~/.config/claude/netbox.env
 Restart your Claude Code session for MCP tools.

 After restart, try:
- /cmdb-device <hostname>
- /cmdb-ip <address>
- /cmdb-site <name>
- /cmdb-search <query>
+- /cmdb device <hostname>
+- /cmdb ip <address>
+- /cmdb site <name>
+- /cmdb search <query>
 ```

 ## User Request
--- a/plugins/cmdb-assistant/commands/cmdb-site.md
+++ b/plugins/cmdb-assistant/commands/cmdb-site.md
@@ -1,4 +1,8 @@
-# CMDB Site Management
+---
+name: cmdb site
+---
+
+# /cmdb site

 Manage sites and locations in NetBox.

@@ -10,7 +14,7 @@ Manage sites and locations in NetBox.
 ## Usage

 ```
-/cmdb-site <action> [options]
+/cmdb site <action> [options]
 ```

 ## Instructions
@@ -40,10 +44,10 @@ Execute `skills/visual-header.md` with context "Site Management".

 ## Examples

- `/cmdb-site list`
- `/cmdb-site show headquarters`
- `/cmdb-site create branch-office-nyc`
- `/cmdb-site racks at headquarters`
+- `/cmdb site list`
+- `/cmdb site show headquarters`
+- `/cmdb site create branch-office-nyc`
+- `/cmdb site racks at headquarters`

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb-sync.md
+++ b/plugins/cmdb-assistant/commands/cmdb-sync.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb sync
 description: Synchronize current machine state with existing NetBox record
 ---

-# CMDB Machine Sync
+# /cmdb sync

 Update an existing NetBox device record with the current machine state.

@@ -16,7 +17,7 @@ Update an existing NetBox device record with the current machine state.
 ## Usage

 ```
-/cmdb-sync [--full] [--dry-run]
+/cmdb sync [--full] [--dry-run]
 ```

 **Options:**
@@ -48,7 +49,7 @@ Execute `skills/sync-workflow.md` which covers:

 | Error | Action |
 |-------|--------|
-| Device not found | Suggest `/cmdb-register` |
+| Device not found | Suggest `/cmdb register` |
 | Permission denied | Note which failed, continue others |
 | Cluster not found | Offer to create or skip container sync |

--- a/plugins/cmdb-assistant/commands/cmdb-topology.md
+++ b/plugins/cmdb-assistant/commands/cmdb-topology.md
@@ -1,8 +1,9 @@
 ---
+name: cmdb topology
 description: Generate infrastructure topology diagrams from NetBox data
 ---

-# CMDB Topology Visualization
+# /cmdb topology

 Generate Mermaid diagrams showing infrastructure topology from NetBox.

@@ -15,7 +16,7 @@ Generate Mermaid diagrams showing infrastructure topology from NetBox.
 ## Usage

 ```
-/cmdb-topology <view> [scope]
+/cmdb topology <view> [scope]
 ```

 **Views:**
@@ -43,11 +44,11 @@ Always provide:

 ## Examples

- `/cmdb-topology rack server-rack-01` - Rack elevation
- `/cmdb-topology network` - All network connections
- `/cmdb-topology network Home` - Network for Home site
- `/cmdb-topology site Headquarters` - Site overview
- `/cmdb-topology full` - Full infrastructure
+- `/cmdb topology rack server-rack-01` - Rack elevation
+- `/cmdb topology network` - All network connections
+- `/cmdb topology network Home` - Network for Home site
+- `/cmdb topology site Headquarters` - Site overview
+- `/cmdb topology full` - Full infrastructure

 ## User Request

--- a/plugins/cmdb-assistant/commands/cmdb.md
+++ b/plugins/cmdb-assistant/commands/cmdb.md
@@ -0,0 +1,23 @@
+---
+description: NetBox CMDB infrastructure management
+---
+
+# /cmdb
+
+NetBox CMDB integration for infrastructure management.
+
+## Sub-commands
+
+| Sub-command | Description |
+|-------------|-------------|
+| `/cmdb search` | Search NetBox for devices, IPs, sites |
+| `/cmdb device` | Manage network devices (create, view, update, delete) |
+| `/cmdb ip` | Manage IP addresses and prefixes |
+| `/cmdb site` | Manage sites, locations, racks, and regions |
+| `/cmdb audit` | Data quality analysis (VMs, devices, naming, roles) |
+| `/cmdb register` | Register current machine into NetBox |
+| `/cmdb sync` | Sync machine state with NetBox (detect drift) |
+| `/cmdb topology` | Infrastructure topology diagrams |
+| `/cmdb change-audit` | NetBox audit trail queries with filtering |
+| `/cmdb ip-conflicts` | Detect IP conflicts and overlapping prefixes |
+| `/cmdb setup` | Setup wizard for NetBox MCP server |
--- a/plugins/cmdb-assistant/hooks/hooks.json
+++ b/plugins/cmdb-assistant/hooks/hooks.json
@@ -1,16 +1,5 @@
 {
  "hooks": {
-    "SessionStart": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/startup-check.sh"
-          }
-        ]
-      }
-    ],
    "PreToolUse": [
      {
        "matcher": "mcp__plugin_cmdb-assistant_netbox__virt_create|mcp__plugin_cmdb-assistant_netbox__virt_update|mcp__plugin_cmdb-assistant_netbox__dcim_create|mcp__plugin_cmdb-assistant_netbox__dcim_update",
--- a/plugins/cmdb-assistant/hooks/startup-check.sh
+++ b/plugins/cmdb-assistant/hooks/startup-check.sh
@@ -1,83 +0,0 @@
-#!/bin/bash
-# cmdb-assistant SessionStart hook
-# Tests NetBox API connectivity and checks for data quality issues
-# All output MUST have [cmdb-assistant] prefix
-# Non-blocking: always exits 0
-
-set -euo pipefail
-
-PREFIX="[cmdb-assistant]"
-
-# Load NetBox configuration
-NETBOX_CONFIG="$HOME/.config/claude/netbox.env"
-
-if [[ ! -f "$NETBOX_CONFIG" ]]; then
-    echo "$PREFIX NetBox not configured - run /cmdb-assistant:initial-setup"
-    exit 0
-fi
-
-# Source config
-source "$NETBOX_CONFIG"
-
-# Validate required variables
-if [[ -z "${NETBOX_API_URL:-}" ]] || [[ -z "${NETBOX_API_TOKEN:-}" ]]; then
-    echo "$PREFIX Missing NETBOX_API_URL or NETBOX_API_TOKEN in config"
-    exit 0
-fi
-
-# Helper function to make authenticated API calls
-# Token passed via curl config to avoid exposure in process listings
-netbox_curl() {
-    local url="$1"
-    curl -s -K - <<EOF 2>/dev/null
-H "Authorization: Token ${NETBOX_API_TOKEN}"
-H "Accept: application/json"
-url = "${url}"
-EOF
-}
-
-# Quick API connectivity test (5s timeout)
-HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -m 5 -K - <<EOF 2>/dev/null || echo "000"
-H "Authorization: Token ${NETBOX_API_TOKEN}"
-H "Accept: application/json"
-url = "${NETBOX_API_URL}/"
-EOF
-)
-
-if [[ "$HTTP_CODE" == "000" ]]; then
-    echo "$PREFIX NetBox API unreachable (timeout/connection error)"
-    exit 0
-elif [[ "$HTTP_CODE" != "200" ]]; then
-    echo "$PREFIX NetBox API returned HTTP $HTTP_CODE - check credentials"
-    exit 0
-fi
-
-# Check for VMs without site assignment (data quality)
-VMS_RESPONSE=$(curl -s -m 5 -K - <<EOF 2>/dev/null || echo '{"count":0}'
-H "Authorization: Token ${NETBOX_API_TOKEN}"
-H "Accept: application/json"
-url = "${NETBOX_API_URL}/virtualization/virtual-machines/?site__isnull=true&limit=1"
-EOF
-)
-
-VMS_NO_SITE=$(echo "$VMS_RESPONSE" | grep -o '"count":[0-9]*' | cut -d: -f2 || echo "0")
-
-if [[ "$VMS_NO_SITE" -gt 0 ]]; then
-    echo "$PREFIX $VMS_NO_SITE VMs without site assignment - run /cmdb-audit for details"
-fi
-
-# Check for devices without platform
-DEVICES_RESPONSE=$(curl -s -m 5 -K - <<EOF 2>/dev/null || echo '{"count":0}'
-H "Authorization: Token ${NETBOX_API_TOKEN}"
-H "Accept: application/json"
-url = "${NETBOX_API_URL}/dcim/devices/?platform__isnull=true&limit=1"
-EOF
-)
-
-DEVICES_NO_PLATFORM=$(echo "$DEVICES_RESPONSE" | grep -o '"count":[0-9]*' | cut -d: -f2 || echo "0")
-
-if [[ "$DEVICES_NO_PLATFORM" -gt 0 ]]; then
-    echo "$PREFIX $DEVICES_NO_PLATFORM devices without platform - consider updating"
-fi
-
-exit 0
--- a/plugins/cmdb-assistant/skills/audit-workflow.md
+++ b/plugins/cmdb-assistant/skills/audit-workflow.md
@@ -147,8 +147,8 @@ dcim_update_device id=X platform=Y

 ### Next Steps

- Run `/cmdb-register` to properly register new machines
- Use `/cmdb-sync` to update existing registrations
+- Run `/cmdb register` to properly register new machines
+- Use `/cmdb sync` to update existing registrations
 - Consider bulk updates via NetBox web UI for >10 items
 ```

--- a/plugins/cmdb-assistant/skills/device-registration.md
+++ b/plugins/cmdb-assistant/skills/device-registration.md
@@ -25,7 +25,7 @@ Use commands from `system-discovery` skill to gather:
   ```
   dcim_list_devices name=<hostname>
   ```
-   If exists, suggest `/cmdb-sync` instead.
+   If exists, suggest `/cmdb sync` instead.

 2. **Verify/Create site:**
   ```
@@ -131,7 +131,7 @@ Add journal entry:
 extras_create_journal_entry
  assigned_object_type="dcim.device"
  assigned_object_id=<device_id>
-  comments="Device registered via /cmdb-register command\n\nDiscovered:\n- X network interfaces\n- Y IP addresses\n- Z Docker containers"
+  comments="Device registered via /cmdb register command\n\nDiscovered:\n- X network interfaces\n- Y IP addresses\n- Z Docker containers"
 ```

 ## Summary Report Template
@@ -162,8 +162,8 @@ extras_create_journal_entry
 | media_jellyfin | Media Server | 2.0 | 2048MB | Active |

 ### Next Steps
- Run `/cmdb-sync` periodically to keep data current
- Run `/cmdb-audit` to check data quality
+- Run `/cmdb sync` periodically to keep data current
+- Run `/cmdb audit` to check data quality
 - Add tags for classification
 ```

@@ -171,7 +171,7 @@ extras_create_journal_entry

 | Error | Action |
 |-------|--------|
-| Device already exists | Suggest `/cmdb-sync` or ask to proceed |
+| Device already exists | Suggest `/cmdb sync` or ask to proceed |
 | Site not found | List available sites, offer to create new |
 | Docker not available | Skip container registration, note in summary |
 | Permission denied | Note which operations failed, suggest fixes |
--- a/plugins/cmdb-assistant/skills/sync-workflow.md
+++ b/plugins/cmdb-assistant/skills/sync-workflow.md
@@ -16,7 +16,7 @@ Load these skills:
 dcim_list_devices name=<hostname>
 ```

-If not found, suggest `/cmdb-register` first.
+If not found, suggest `/cmdb register` first.

 If found:
 - Store device ID and current field values
@@ -167,7 +167,7 @@ virt_update_vm id=<id> status="offline"
 extras_create_journal_entry
  assigned_object_type="dcim.device"
  assigned_object_id=<device_id>
-  comments="Device synced via /cmdb-sync command\n\nChanges applied:\n- <list>"
+  comments="Device synced via /cmdb sync command\n\nChanges applied:\n- <list>"
 ```

 ## Sync Modes
@@ -185,7 +185,7 @@ extras_create_journal_entry

 | Error | Action |
 |-------|--------|
-| Device not found | Suggest `/cmdb-register` |
+| Device not found | Suggest `/cmdb register` |
 | Permission denied | Note which failed, continue others |
 | Cluster not found | Offer to create or skip container sync |
 | API errors | Log error, continue with remaining |
--- a/plugins/cmdb-assistant/skills/visual-header.md
+++ b/plugins/cmdb-assistant/skills/visual-header.md
@@ -14,17 +14,17 @@ Standard visual header for cmdb-assistant commands.

 | Command | Context |
 |---------|---------|
-| `/cmdb-search` | Search |
-| `/cmdb-device` | Device Management |
-| `/cmdb-ip` | IP Management |
-| `/cmdb-site` | Site Management |
-| `/cmdb-audit` | Data Quality Audit |
-| `/cmdb-register` | Machine Registration |
-| `/cmdb-sync` | Machine Sync |
-| `/cmdb-topology` | Topology |
-| `/change-audit` | Change Audit |
-| `/ip-conflicts` | IP Conflict Detection |
-| `/initial-setup` | Setup Wizard |
+| `/cmdb search` | Search |
+| `/cmdb device` | Device Management |
+| `/cmdb ip` | IP Management |
+| `/cmdb site` | Site Management |
+| `/cmdb audit` | Data Quality Audit |
+| `/cmdb register` | Machine Registration |
+| `/cmdb sync` | Machine Sync |
+| `/cmdb topology` | Topology |
+| `/cmdb change-audit` | Change Audit |
+| `/cmdb ip-conflicts` | IP Conflict Detection |
+| `/cmdb setup` | Setup Wizard |
 | Agent mode | Infrastructure Management |

 ## Usage
--- a/plugins/code-sentinel/.claude-plugin/plugin.json
+++ b/plugins/code-sentinel/.claude-plugin/plugin.json
@@ -9,6 +9,15 @@
  "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/code-sentinel/README.md",
  "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git",
  "license": "MIT",
-  "keywords": ["security", "refactoring", "code-quality", "static-analysis", "hooks"],
-  "commands": ["./commands/"]
+  "keywords": [
+    "security",
+    "refactoring",
+    "code-quality",
+    "static-analysis",
+    "hooks"
+  ],
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "core"
 }
--- a/plugins/code-sentinel/agents/refactor-advisor.md
+++ b/plugins/code-sentinel/agents/refactor-advisor.md
@@ -1,5 +1,8 @@
 ---
-description: Code structure and refactoring specialist
+name: refactor-advisor
+description: Code structure and refactoring specialist. Use when analyzing code quality, design patterns, or planning refactoring work.
+model: sonnet
+permissionMode: acceptEdits
 ---

 # Refactor Advisor Agent
--- a/plugins/code-sentinel/agents/security-reviewer.md
+++ b/plugins/code-sentinel/agents/security-reviewer.md
@@ -1,6 +1,9 @@
 ---
 name: security-reviewer
 description: Security-focused code review agent
+model: sonnet
+permissionMode: plan
+disallowedTools: Write, Edit, MultiEdit
 ---

 # Security Reviewer Agent
--- a/plugins/code-sentinel/claude-md-integration.md
+++ b/plugins/code-sentinel/claude-md-integration.md
@@ -16,11 +16,11 @@ PreToolUse hooks scan all code changes for:
 Critical issues are blocked. Warnings are noted but allowed.

 ### Commands
- `/security-scan` - Full project security audit
- `/refactor <target>` - Apply refactoring pattern
- `/refactor-dry <target>` - Preview refactoring opportunities
+- `/sentinel scan` - Full project security audit
+- `/sentinel refactor <target>` - Apply refactoring pattern
+- `/sentinel refactor-dry <target>` - Preview refactoring opportunities

 ### Severity Levels
- 🔴 Critical: Must fix immediately
- 🟠 High: Fix before release
- 🟡 Medium: Improve when possible
+- Critical: Must fix immediately
+- High: Fix before release
+- Medium: Improve when possible
--- a/plugins/code-sentinel/commands/sentinel-refactor-dry.md
+++ b/plugins/code-sentinel/commands/sentinel-refactor-dry.md
@@ -1,8 +1,9 @@
 ---
+name: sentinel refactor-dry
 description: Preview refactoring changes without applying them
 ---

-# Refactor Dry Run
+# /sentinel refactor-dry

 Analyze and preview refactoring opportunities without making changes.

@@ -16,7 +17,7 @@ Analyze and preview refactoring opportunities without making changes.

 ## Usage
 ```
-/refactor-dry <target> [--all]
+/sentinel refactor-dry <target> [--all]
 ```

 **Target:** File path, function name, or "." for current file
@@ -41,7 +42,7 @@ Analyze and preview refactoring opportunities without making changes.
 ### Recommended (High Impact, Low Risk)
 1. **pattern** at lines X-Y
   - Impact: High | Risk: Low
-   - Run: `/refactor <target> --pattern=<pattern>`
+   - Run: `/sentinel refactor <target> --pattern=<pattern>`

 ### Optional
 - Lower priority items
--- a/plugins/code-sentinel/commands/sentinel-refactor.md
+++ b/plugins/code-sentinel/commands/sentinel-refactor.md
@@ -1,8 +1,9 @@
 ---
+name: sentinel refactor
 description: Apply refactoring patterns to improve code structure and maintainability
 ---

-# Refactor
+# /sentinel refactor

 Apply refactoring transformations to specified code.

@@ -16,7 +17,7 @@ Apply refactoring transformations to specified code.

 ## Usage
 ```
-/refactor <target> [--pattern=<pattern>]
+/sentinel refactor <target> [--pattern=<pattern>]
 ```

 **Target:** File path, function name, or "." for current context
--- a/plugins/code-sentinel/commands/sentinel-scan.md
+++ b/plugins/code-sentinel/commands/sentinel-scan.md
@@ -1,8 +1,9 @@
 ---
+name: sentinel scan
 description: Full security audit of codebase - scans all files for vulnerability patterns
 ---

-# Security Scan
+# /sentinel scan

 Comprehensive security audit of the project.

--- a/plugins/code-sentinel/commands/sentinel.md
+++ b/plugins/code-sentinel/commands/sentinel.md
@@ -0,0 +1,15 @@
+---
+description: Security scanning and code refactoring
+---
+
+# /sentinel
+
+Security scanning and safe code refactoring tools.
+
+## Sub-commands
+
+| Sub-command | Description |
+|-------------|-------------|
+| `/sentinel scan` | Full security audit (SQL injection, XSS, secrets, etc.) |
+| `/sentinel refactor` | Apply refactoring patterns to improve code |
+| `/sentinel refactor-dry` | Preview refactoring without applying changes |
--- a/plugins/code-sentinel/skills/dry-run-workflow.md
+++ b/plugins/code-sentinel/skills/dry-run-workflow.md
@@ -60,7 +60,7 @@ High impact, low risk opportunities:
   - Description of the change
   - Impact: High/Medium/Low (specific metric improvement)
   - Risk: Low/Medium/High (why)
-   - Run: `/refactor <target> --pattern=<pattern>`
+   - Run: `/sentinel refactor <target> --pattern=<pattern>`
 ```

 ### Optional Section
--- a/plugins/contract-validator/.claude-plugin/metadata.json
+++ b/plugins/contract-validator/.claude-plugin/metadata.json
@@ -0,0 +1 @@
+{"mcp_servers": ["contract-validator"]}
--- a/plugins/contract-validator/.claude-plugin/plugin.json
+++ b/plugins/contract-validator/.claude-plugin/plugin.json
@@ -1,6 +1,6 @@
 {
  "name": "contract-validator",
-  "version": "1.1.0",
+  "version": "1.2.0",
  "description": "Cross-plugin compatibility validation and Claude.md agent verification",
  "author": {
    "name": "Leo Miranda",
@@ -17,5 +17,8 @@
    "interfaces",
    "cross-plugin"
  ],
-  "commands": ["./commands/"]
+  "commands": [
+    "./commands/"
+  ],
+  "domain": "core"
 }
--- a/plugins/contract-validator/agents/agent-check.md
+++ b/plugins/contract-validator/agents/agent-check.md
@@ -1,6 +1,9 @@
 ---
 name: agent-check
 description: Agent definition validator for quick verification
+model: haiku
+permissionMode: plan
+disallowedTools: Write, Edit, MultiEdit
 ---

 # Agent Check Agent
@@ -88,7 +91,7 @@ You are an agent definition validator. Your role is to verify that a specific ag

 ## Example Interaction

-**User**: /check-agent Orchestrator
+**User**: /cv check-agent Orchestrator

 **Agent**:
 1. Parses CLAUDE.md, finds Orchestrator agent
@@ -98,7 +101,7 @@ You are an agent definition validator. Your role is to verify that a specific ag
 5. Validates data flow: no data producers/consumers used
 6. Reports: "Agent Orchestrator: VALID - all 3 tool references found"

-**User**: /check-agent InvalidAgent
+**User**: /cv check-agent InvalidAgent

 **Agent**:
 1. Parses CLAUDE.md, agent not found
--- a/Show More
+++ b/Show More