Merge pull request 'feat(claude-config-maintainer): add settings.local.json audit feature v1.2.0' (#391 ) from feat/config-maintainer-settings-audit into development

Reviewed-on: #391
feat(claude-config-maintainer): add settings.local.json audit feature v1.2.0
2026-02-02 21:02:43 +00:00 · 2026-02-02 15:54:15 -05:00 · 2026-02-02 19:30:27 +00:00 · 2026-02-02 14:28:09 -05:00
14 changed files with 1225 additions and 34 deletions
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -91,8 +91,8 @@
    },
    {
      "name": "claude-config-maintainer",
-      "version": "1.1.0",
+      "version": "1.2.0",
-      "description": "CLAUDE.md optimization and maintenance for Claude Code projects",
+      "description": "CLAUDE.md and settings.local.json optimization for Claude Code projects",
      "source": "./plugins/claude-config-maintainer",
      "author": {
        "name": "Leo Miranda",
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 #### claude-config-maintainer v1.2.0 - Settings Audit Feature
 New commands for auditing and optimizing `settings.local.json` permission configurations:
 - **`/config-audit-settings`** — Audit `settings.local.json` permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit
 - **`/config-optimize-settings`** — Apply permission optimizations with dry-run, named profiles (`conservative`, `reviewed`, `autonomous`), and consolidation modes
 - **`/config-permissions-map`** — Generate Mermaid diagram of review layer coverage and permission gaps
 - **`skills/settings-optimization.md`** — Comprehensive skill for permission pattern analysis, consolidation rules, review-layer-aware recommendations, and named profiles
 **Key Features:**
 - Settings Efficiency Score (100 points) alongside existing CLAUDE.md score
 - Review layer verification — agent reads `hooks/hooks.json` from installed plugins before recommending auto-allow patterns
 - Three named profiles: `conservative` (prompts for most writes), `reviewed` (for projects with ≥2 review layers), `autonomous` (sandboxed environments)
 - Pattern consolidation detection: duplicates, subsets, merge candidates, stale entries, conflicts
 #### Projman Hardening Sprint
 Targeted improvements to safety gates, command structure, lifecycle tracking, and cross-plugin contracts.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -146,7 +146,7 @@ When user says "fix the sprint-plan command", edit the SOURCE code.
 ## Project Overview
 **Repository:** leo-claude-mktplace
-**Version:** 5.4.0
+**Version:** 5.8.0
 **Status:** Production Ready
 A plugin marketplace for Claude Code containing:
@@ -161,7 +161,7 @@ A plugin marketplace for Claude Code containing:
 | `code-sentinel` | Security scanning and code refactoring tools | 1.0.1 |
 | `claude-config-maintainer` | CLAUDE.md optimization and maintenance | 1.0.0 |
 | `cmdb-assistant` | NetBox CMDB integration for infrastructure management | 1.2.0 |
-| `data-platform` | pandas, PostgreSQL, and dbt integration for data engineering | 1.1.0 |
+| `data-platform` | pandas, PostgreSQL, and dbt integration for data engineering | 1.3.0 |
 | `viz-platform` | DMC validation, Plotly charts, and theming for dashboards | 1.1.0 |
 | `contract-validator` | Cross-plugin compatibility validation and agent verification | 1.1.0 |
 | `project-hygiene` | Post-task cleanup automation via hooks | 0.1.0 |
@@ -453,4 +453,4 @@ The script will:
 ---
-**Last Updated:** 2026-01-30
+**Last Updated:** 2026-02-02
--- a/docs/COMMANDS-CHEATSHEET.md
+++ b/docs/COMMANDS-CHEATSHEET.md
@@ -54,6 +54,9 @@ Quick reference for all commands in the Leo Claude Marketplace.
 | **claude-config-maintainer** | `/config-init` | | X | Initialize new CLAUDE.md for a project |
 | **claude-config-maintainer** | `/config-diff` | | X | Track CLAUDE.md changes over time with behavioral impact |
 | **claude-config-maintainer** | `/config-lint` | | X | Lint CLAUDE.md for anti-patterns and best practices |
 | **claude-config-maintainer** | `/config-audit-settings` | | X | Audit settings.local.json permissions (100-point score) |
 | **claude-config-maintainer** | `/config-optimize-settings` | | X | Optimize permissions (profiles, consolidation, dry-run) |
 | **claude-config-maintainer** | `/config-permissions-map` | | X | Visual review layer + permission coverage map |
 | **cmdb-assistant** | `/initial-setup` | | X | Setup wizard for NetBox MCP server |
 | **cmdb-assistant** | `/cmdb-search` | | X | Search NetBox for devices, IPs, sites |
 | **cmdb-assistant** | `/cmdb-device` | | X | Manage network devices (create, view, update, delete) |
--- a/plugins/claude-config-maintainer/.claude-plugin/plugin.json
+++ b/plugins/claude-config-maintainer/.claude-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
  "name": "claude-config-maintainer",
-  "version": "1.0.0",
+  "version": "1.2.0",
-  "description": "Maintains and optimizes CLAUDE.md configuration files for Claude Code projects",
+  "description": "Maintains and optimizes CLAUDE.md and settings.local.json configuration files for Claude Code projects",
  "author": {
    "name": "Leo Miranda",
    "email": "leobmiranda@gmail.com"
@@ -14,7 +14,9 @@
    "configuration",
    "optimization",
    "claude-md",
-    "developer-tools"
+    "developer-tools",
    "settings",
    "permissions"
  ],
  "commands": ["./commands/"]
 }
--- a/plugins/claude-config-maintainer/agents/maintainer.md
+++ b/plugins/claude-config-maintainer/agents/maintainer.md
@@ -114,7 +114,54 @@ Report plugin coverage percentage and offer to add missing integrations:
 - Display the integration content that would be added
 - Ask user for confirmation before modifying CLAUDE.md
-### 2. Optimize CLAUDE.md Structure
+### 2. Audit Settings Files
 When auditing settings files, perform:
 #### A. Permission Analysis
 Read `.claude/settings.local.json` (primary) and check `.claude/settings.json` and `~/.claude.json` project entries (secondary).
 Evaluate using `skills/settings-optimization.md`:
 **Redundancy:**
 - Duplicate entries in allow/deny arrays
 - Subset patterns covered by broader patterns
 - Patterns that could be merged
 **Coverage:**
 - Common safe tools missing from allow list
 - MCP server tools not covered
 - Directory scopes with no matching permission
 **Safety Alignment:**
 - Deny rules cover secrets and destructive commands
 - Allow rules don't bypass active review layers
 - No overly broad patterns without justification
 **Profile Fit:**
 - Compare against recommended profile for the project's review architecture
 - Identify specific additions/removals to reach target profile
 #### B. Review Layer Verification
 Before recommending auto-allow patterns, verify active review layers:
 1. Read `plugins/*/hooks/hooks.json` for each installed plugin
 2. Map hook types (PreToolUse, PostToolUse) to tool matchers (Write, Edit, Bash)
 3. Confirm plugins are listed in `.claude-plugin/marketplace.json`
 4. Only recommend auto-allow for scopes covered by ≥2 verified review layers
 #### C. Settings Efficiency Score (100 points)
 | Category | Points |
 |----------|--------|
 | Redundancy | 25 |
 | Coverage | 25 |
 | Safety Alignment | 25 |
 | Profile Fit | 25 |
 ### 3. Optimize CLAUDE.md Structure
 **Recommended Structure:**
@@ -149,7 +196,7 @@ Common issues and solutions.
 - Use headers that scan easily
 - Include examples where they add clarity
-### 3. Apply Best Practices
+### 4. Apply Best Practices
 **DO:**
 - Use clear, direct language
@@ -166,7 +213,7 @@ Common issues and solutions.
 - Add generic advice that applies to all projects
 - Use emojis unless project requires them
-### 4. Generate Improvement Reports
+### 5. Generate Improvement Reports
 After analyzing a CLAUDE.md, provide:
@@ -202,7 +249,7 @@ Suggested Actions:
 Would you like me to implement these improvements?
 ```
-### 5. Insert Plugin Integrations
+### 6. Insert Plugin Integrations
 When adding plugin integration content to CLAUDE.md:
@@ -237,7 +284,7 @@ Add this integration to CLAUDE.md?
 - Allow users to skip specific plugins they don't want documented
 - Preserve existing CLAUDE.md structure and content
-### 6. Create New CLAUDE.md Files
+### 7. Create New CLAUDE.md Files
 When creating a new CLAUDE.md:
--- a/plugins/claude-config-maintainer/claude-md-integration.md
+++ b/plugins/claude-config-maintainer/claude-md-integration.md
@@ -1,6 +1,6 @@
 ## CLAUDE.md Maintenance (claude-config-maintainer)
-This project uses the **claude-config-maintainer** plugin to analyze and optimize CLAUDE.md configuration files.
+This project uses the **claude-config-maintainer** plugin to analyze and optimize CLAUDE.md and settings.local.json configuration files.
 ### Available Commands
@@ -9,8 +9,13 @@ This project uses the **claude-config-maintainer** plugin to analyze and optimiz
 | `/config-analyze` | Analyze CLAUDE.md for optimization opportunities with 100-point scoring |
 | `/config-optimize` | Automatically optimize CLAUDE.md structure and content |
 | `/config-init` | Initialize a new CLAUDE.md file for a project |
 | `/config-diff` | Track CLAUDE.md changes over time with behavioral impact analysis |
 | `/config-lint` | Lint CLAUDE.md for anti-patterns and best practices (31 rules) |
 | `/config-audit-settings` | Audit settings.local.json permissions with 100-point scoring |
 | `/config-optimize-settings` | Optimize permission patterns and apply named profiles |
 | `/config-permissions-map` | Visual map of review layers and permission coverage |
-### Scoring System
+### CLAUDE.md Scoring System
 The analysis uses a 100-point scoring system across four categories:
@@ -21,10 +26,31 @@ The analysis uses a 100-point scoring system across four categories:
 | Completeness | 25 | Overview, quick start, critical rules, workflows |
 | Conciseness | 25 | Efficiency, no repetition, appropriate length |
 ### Settings Scoring System
 The settings audit uses a 100-point scoring system across four categories:
 | Category | Points | What It Measures |
 |----------|--------|------------------|
 | Redundancy | 25 | No duplicates, no subset patterns, efficient rules |
 | Coverage | 25 | Common tools allowed, MCP servers covered |
 | Safety Alignment | 25 | Deny rules for secrets/destructive ops, review layers verified |
 | Profile Fit | 25 | Alignment with recommended profile for review layer count |
 ### Permission Profiles
 | Profile | Use Case |
 |---------|----------|
 | `conservative` | New users, minimal auto-allow, prompts for most writes |
 | `reviewed` | Projects with 2+ review layers (code-sentinel, doc-guardian, PR review) |
 | `autonomous` | Trusted CI/sandboxed environments only |
 ### Usage Guidelines
 - Run `/config-analyze` periodically to assess CLAUDE.md quality
 - Run `/config-audit-settings` to check permission efficiency
 - Target a score of **70+/100** for effective Claude Code operation
 - Address HIGH priority issues first when optimizing
 - Use `/config-init` when setting up new projects to start with best practices
 - Use `/config-permissions-map` to visualize review layer coverage
 - Re-analyze after making changes to verify improvements
--- a/plugins/claude-config-maintainer/commands/config-audit-settings.md
+++ b/plugins/claude-config-maintainer/commands/config-audit-settings.md
@@ -0,0 +1,204 @@
 ---
 name: config-audit-settings
 description: Audit settings.local.json for permission optimization opportunities
 ---
 # /config-audit-settings
 Audit Claude Code `settings.local.json` permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit.
 ## Skills to Load
 Before executing, load:
 - `skills/visual-header.md`
 - `skills/settings-optimization.md`
 ## Visual Output
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Settings Audit                              |
 +-----------------------------------------------------------------+
 ```
 ## Usage
 ```
 /config-audit-settings              # Full audit with recommendations
 /config-audit-settings --diagram    # Include Mermaid diagram of review layer coverage
 ```
 ## Workflow
 ### Step 1: Locate Settings Files
 Search in order:
 1. `.claude/settings.local.json` (primary target)
 2. `.claude/settings.json` (shared config)
 3. `~/.claude.json` project entry (legacy)
 Report which format is in use.
 ### Step 2: Parse Permission Arrays
 Extract and analyze:
 - `permissions.allow` array
 - `permissions.deny` array
 - `permissions.ask` array (if present)
 - Legacy `allowedTools` array (if legacy format)
 ### Step 3: Run Pattern Consolidation Analysis
 Using `settings-optimization.md` Section 3, detect:
 | Check | Description |
 |-------|-------------|
 | Duplicates | Exact same pattern appearing multiple times |
 | Subsets | Narrower patterns covered by broader ones |
 | Merge candidates | 4+ similar patterns that could be consolidated |
 | Overly broad | Unscoped tool permissions (e.g., `Bash` without pattern) |
 | Stale entries | Patterns referencing non-existent paths |
 | Conflicts | Same pattern in both allow and deny |
 ### Step 4: Detect Active Marketplace Hooks
 Read `plugins/*/hooks/hooks.json` files:
 ```bash
 # Check each plugin's hooks
 plugins/code-sentinel/hooks/hooks.json     # PreToolUse security
 plugins/doc-guardian/hooks/hooks.json      # PostToolUse drift detection
 plugins/project-hygiene/hooks/hooks.json   # PostToolUse cleanup
 plugins/data-platform/hooks/hooks.json     # PostToolUse schema diff
 plugins/contract-validator/hooks/hooks.json # Plugin validation
 ```
 Parse each to identify:
 - Hook event type (PreToolUse, PostToolUse)
 - Tool matchers (Write, Edit, MultiEdit, Bash)
 - Whether hook is command type (reliable) or prompt type (unreliable)
 ### Step 5: Map Review Layers to Directory Scopes
 For each directory scope in `settings-optimization.md` Section 4:
 1. Count how many review layers are verified active
 2. Determine if auto-allow is justified (≥2 layers required)
 3. Note any scopes that lack coverage
 ### Step 6: Compare Against Recommended Profile
 Based on review layer count:
 - 0-1 layers: Recommend `conservative` profile
 - 2+ layers: Recommend `reviewed` profile
 - CI/sandboxed: May recommend `autonomous` profile
 Calculate profile fit percentage.
 ### Step 7: Generate Scored Report
 Calculate scores using `settings-optimization.md` Section 6.
 ## Output Format
 ```
 Settings Efficiency Score: XX/100
  Redundancy:       XX/25
  Coverage:         XX/25
  Safety Alignment: XX/25
  Profile Fit:      XX/25
 Current Profile: [closest match or "custom"]
 Recommended Profile: [target based on review layers]
 Issues Found:
  🔴 CRITICAL: [description]
  🟠 HIGH: [description]
  🟡 MEDIUM: [description]
  🔵 LOW: [description]
 Active Review Layers Detected:
  ✓ code-sentinel (PreToolUse: Write|Edit|MultiEdit)
  ✓ doc-guardian (PostToolUse: Write|Edit|MultiEdit)
  ✓ project-hygiene (PostToolUse: Write|Edit)
  ✗ data-platform schema-diff (not detected)
 Recommendations:
  1. [specific action with pattern]
  2. [specific action with pattern]
  ...
 Follow-Up Actions:
  1. Run /config-optimize-settings to apply recommendations
  2. Run /config-optimize-settings --dry-run to preview first
  3. Run /config-optimize-settings --profile=reviewed to apply profile
 ```
 ## Diagram Output (--diagram flag)
 When `--diagram` is specified, generate a Mermaid flowchart showing:
 **Before generating:** Read `/mnt/skills/user/mermaid-diagrams/SKILL.md` for diagram requirements.
 **Diagram structure:**
 - Left column: File operation types (Write, Edit, Bash)
 - Middle: Review layers that intercept each operation
 - Right column: Current permission status (auto-allowed, prompted, denied)
 **Color coding:**
 - PreToolUse hooks: Blue
 - PostToolUse hooks: Green
 - Sprint Approval: Amber
 - PR Review: Purple
 Example structure:
 ```mermaid
 flowchart LR
    subgraph Operations
        W[Write]
        E[Edit]
        B[Bash]
    end
    subgraph Review Layers
        CS[code-sentinel]
        DG[doc-guardian]
        PR[pr-review]
    end
    subgraph Permission
        A[Auto-allowed]
        P[Prompted]
        D[Denied]
    end
    W --> CS
    W --> DG
    E --> CS
    E --> DG
    CS --> A
    DG --> A
    B --> P
    classDef preHook fill:#e3f2fd
    classDef postHook fill:#e8f5e9
    classDef prReview fill:#f3e5f5
    class CS preHook
    class DG postHook
    class PR prReview
 ```
 ## Issue Severity Levels
 | Severity | Icon | Examples |
 |----------|------|----------|
 | CRITICAL | 🔴 | Unscoped `Bash` in allow, missing deny for secrets |
 | HIGH | 🟠 | Overly broad patterns, missing MCP coverage |
 | MEDIUM | 🟡 | Subset redundancy, merge candidates |
 | LOW | 🔵 | Exact duplicates, minor optimizations |
 ## DO NOT
 - Modify any files (this is audit only)
 - Recommend `autonomous` profile unless explicitly sandboxed environment
 - Recommend auto-allow for scopes with <2 verified review layers
 - Skip hook verification before making recommendations
--- a/plugins/claude-config-maintainer/commands/config-optimize-settings.md
+++ b/plugins/claude-config-maintainer/commands/config-optimize-settings.md
@@ -0,0 +1,243 @@
 ---
 name: config-optimize-settings
 description: Optimize settings.local.json permissions based on audit recommendations
 ---
 # /config-optimize-settings
 Optimize Claude Code `settings.local.json` permission patterns and apply named profiles.
 ## Skills to Load
 Before executing, load:
 - `skills/visual-header.md`
 - `skills/settings-optimization.md`
 - `skills/pre-change-protocol.md`
 ## Visual Output
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Settings Optimization                       |
 +-----------------------------------------------------------------+
 ```
 ## Usage
 ```
 /config-optimize-settings                    # Apply audit recommendations
 /config-optimize-settings --dry-run          # Preview only, no changes
 /config-optimize-settings --profile=reviewed # Apply named profile
 /config-optimize-settings --consolidate-only # Only merge/dedupe, no new rules
 ```
 ## Options
 | Option | Description |
 |--------|-------------|
 | `--dry-run` | Preview changes without applying |
 | `--profile=NAME` | Apply named profile (`conservative`, `reviewed`, `autonomous`) |
 | `--consolidate-only` | Only deduplicate and merge patterns, don't add new rules |
 | `--no-backup` | Skip backup (not recommended) |
 ## Workflow
 ### Step 1: Run Audit Analysis
 Execute the same analysis as `/config-audit-settings`:
 1. Locate settings file
 2. Parse permission arrays
 3. Detect issues (duplicates, subsets, merge candidates, etc.)
 4. Verify active review layers
 5. Calculate current score
 ### Step 2: Generate Optimization Plan
 Based on audit results, create a change plan:
 **For `--consolidate-only`:**
 - Remove exact duplicates
 - Remove subset patterns covered by broader patterns
 - Merge similar patterns (4+ threshold)
 - Remove stale patterns for non-existent paths
 - Remove conflicting allow entries that are already denied
 **For `--profile=NAME`:**
 - Calculate diff between current permissions and target profile
 - Show additions and removals
 - Preserve any custom deny rules not in profile
 **For default (full optimization):**
 - Apply all consolidation changes
 - Add recommended patterns based on verified review layers
 - Suggest profile alignment if appropriate
 ### Step 3: Show Before/After Preview
 **MANDATORY:** Always show preview before applying changes.
 ```
 Current Settings:
  allow: [12 patterns]
  deny: [4 patterns]
 Proposed Changes:
  REMOVE from allow (redundant):
    - Write(plugins/projman/*) [covered by Write(plugins/**)]
    - Write(plugins/git-flow/*) [covered by Write(plugins/**)]
    - Bash(git status) [covered by Bash(git *)]
  ADD to allow (recommended):
    + Bash(npm *) [2 review layers active]
    + Bash(pytest *) [2 review layers active]
  ADD to deny (security):
    + Bash(curl * | bash*) [missing safety rule]
 After Optimization:
  allow: [10 patterns]
  deny: [5 patterns]
 Score Impact: 67/100 → 85/100 (+18 points)
 ```
 ### Step 4: Request User Approval
 Ask for confirmation before proceeding:
 ```
 Apply these changes to .claude/settings.local.json?
  [1] Yes, apply changes
  [2] No, cancel
  [3] Apply partial (select which changes)
 ```
 ### Step 5: Create Backup
 **Before any write operation:**
 ```bash
 # Backup location
 .claude/backups/settings.local.json.{YYYYMMDD-HHMMSS}
 ```
 Create the `.claude/backups/` directory if it doesn't exist.
 ### Step 6: Apply Changes
 Write the optimized `settings.local.json` file.
 ### Step 7: Verify
 Re-read the file and re-calculate the score to confirm improvement.
 ```
 Optimization Complete!
 Backup saved: .claude/backups/settings.local.json.20260202-143022
 Settings Efficiency Score: 85/100 (+18 from 67)
  Redundancy:       25/25 (+8)
  Coverage:         22/25 (+5)
  Safety Alignment: 23/25 (+3)
  Profile Fit:      15/25 (+2)
 Changes applied:
  - Removed 3 redundant patterns
  - Added 2 recommended patterns
  - Added 1 safety deny rule
 ```
 ## Profile Application
 When using `--profile=NAME`:
 ### `conservative`
 ```
 Switching to conservative profile...
 This profile:
  - Allows: Read, Glob, Grep, LS, basic Bash commands
  - Allows: Write/Edit only for docs/
  - Denies: .env*, secrets/, rm -rf, sudo
 All other Write/Edit operations will prompt for approval.
 ```
 ### `reviewed`
 ```
 Switching to reviewed profile...
 Prerequisites verified:
  ✓ code-sentinel hook active (PreToolUse)
  ✓ doc-guardian hook active (PostToolUse)
  ✓ 2+ review layers detected
 This profile:
  - Allows: All file operations (Edit, Write, MultiEdit)
  - Allows: Scoped Bash commands (git, npm, python, etc.)
  - Denies: .env*, secrets/, rm -rf, sudo, curl|bash
 ```
 ### `autonomous`
 ```
 ⚠️  WARNING: Autonomous profile requested
 This profile allows unscoped Bash execution.
 Only use in fully sandboxed environments (CI, containers).
 Confirm this is a sandboxed environment?
  [1] Yes, this is sandboxed - apply autonomous profile
  [2] No, cancel
 ```
 ## Safety Rules
 1. **ALWAYS backup before writing** (unless `--no-backup`)
 2. **NEVER remove deny rules without explicit confirmation**
 3. **NEVER add unscoped `Bash` to allow** — always use scoped patterns
 4. **Preview is MANDATORY** before applying changes
 5. **Verify review layers** before recommending broad permissions
 ## Output Format
 ### Dry Run Output
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Settings Optimization                       |
 +-----------------------------------------------------------------+
 DRY RUN - No changes will be made
 [... preview content ...]
 To apply these changes, run:
  /config-optimize-settings
 ```
 ### Applied Output
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Settings Optimization                       |
 +-----------------------------------------------------------------+
 Optimization Applied Successfully
 Backup: .claude/backups/settings.local.json.20260202-143022
 [... summary of changes ...]
 Score: 67/100 → 85/100
 ```
 ## DO NOT
 - Apply changes without showing preview
 - Remove deny rules silently
 - Add unscoped `Bash` permission
 - Skip backup without explicit `--no-backup` flag
 - Apply `autonomous` profile without sandbox confirmation
 - Recommend broad permissions without verifying review layers
--- a/plugins/claude-config-maintainer/commands/config-permissions-map.md
+++ b/plugins/claude-config-maintainer/commands/config-permissions-map.md
@@ -0,0 +1,256 @@
 ---
 name: config-permissions-map
 description: Generate visual map of review layers and permission coverage
 ---
 # /config-permissions-map
 Generate a Mermaid diagram showing the relationship between file operations, review layers, and permission status.
 ## Skills to Load
 Before executing, load:
 - `skills/visual-header.md`
 - `skills/settings-optimization.md`
 Also read: `/mnt/skills/user/mermaid-diagrams/SKILL.md` (for diagram requirements)
 ## Visual Output
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Permissions Map                             |
 +-----------------------------------------------------------------+
 ```
 ## Usage
 ```
 /config-permissions-map           # Generate and display diagram
 /config-permissions-map --save    # Save diagram to .mermaid file
 ```
 ## Workflow
 ### Step 1: Detect Active Hooks
 Read all plugin hooks from the marketplace:
 ```
 plugins/code-sentinel/hooks/hooks.json
 plugins/doc-guardian/hooks/hooks.json
 plugins/project-hygiene/hooks/hooks.json
 plugins/data-platform/hooks/hooks.json
 plugins/contract-validator/hooks/hooks.json
 plugins/cmdb-assistant/hooks/hooks.json
 ```
 For each hook, extract:
 - Event type (PreToolUse, PostToolUse, SessionStart, etc.)
 - Tool matchers (Write, Edit, MultiEdit, Bash patterns)
 - Hook command/script
 ### Step 2: Map Hooks to File Scopes
 Create a mapping of which review layers cover which operations:
 | Operation | PreToolUse Hooks | PostToolUse Hooks | Other Gates |
 |-----------|------------------|-------------------|-------------|
 | Write | code-sentinel | doc-guardian, project-hygiene | PR review |
 | Edit | code-sentinel | doc-guardian, project-hygiene | PR review |
 | MultiEdit | code-sentinel | doc-guardian | PR review |
 | Bash(git *) | git-flow | — | — |
 ### Step 3: Read Current Permissions
 Load `.claude/settings.local.json` and parse:
 - `allow` array → auto-allowed operations
 - `deny` array → blocked operations
 - `ask` array → always-prompted operations
 ### Step 4: Generate Mermaid Flowchart
 **Diagram requirements (from mermaid-diagrams skill):**
 - Use `classDef` for styling
 - Maximum 3 colors (blue, green, amber/purple)
 - Semantic arrow labels
 - Left-to-right flow
 **Structure:**
 ```mermaid
 flowchart LR
    subgraph ops[File Operations]
        direction TB
        W[Write]
        E[Edit]
        ME[MultiEdit]
        BG[Bash git]
        BN[Bash npm]
        BO[Bash other]
    end
    subgraph pre[PreToolUse Hooks]
        direction TB
        CS[code-sentinel<br/>Security Scan]
        GF[git-flow<br/>Branch Check]
    end
    subgraph post[PostToolUse Hooks]
        direction TB
        DG[doc-guardian<br/>Drift Detection]
        PH[project-hygiene<br/>Cleanup]
        DP[data-platform<br/>Schema Diff]
    end
    subgraph perm[Permission Status]
        direction TB
        AA[Auto-Allowed]
        PR[Prompted]
        DN[Denied]
    end
    W -->|intercepted| CS
    W -->|tracked| DG
    E -->|intercepted| CS
    E -->|tracked| DG
    BG -->|checked| GF
    CS -->|passed| AA
    DG -->|logged| AA
    GF -->|valid| AA
    BO -->|no hook| PR
    classDef preHook fill:#e3f2fd,stroke:#1976d2
    classDef postHook fill:#e8f5e9,stroke:#388e3c
    classDef sprint fill:#fff3e0,stroke:#f57c00
    classDef prReview fill:#f3e5f5,stroke:#7b1fa2
    classDef allowed fill:#c8e6c9,stroke:#2e7d32
    classDef prompted fill:#fff9c4,stroke:#f9a825
    classDef denied fill:#ffcdd2,stroke:#c62828
    class CS,GF preHook
    class DG,PH,DP postHook
    class AA allowed
    class PR prompted
    class DN denied
 ```
 ### Step 5: Generate Coverage Summary Table
 ```
 Review Layer Coverage Summary
 =============================
 | Directory Scope          | Layers | Status          | Recommendation |
 |--------------------------|--------|-----------------|----------------|
 | plugins/*/commands/*.md  |   3    | ✓ Auto-allowed  | — |
 | plugins/*/skills/*.md    |   2    | ✓ Auto-allowed  | — |
 | mcp-servers/**/*.py      |   3    | ✓ Auto-allowed  | — |
 | docs/**                  |   2    | ✓ Auto-allowed  | — |
 | scripts/*.sh             |   2    | ⚠ Prompted      | Consider auto-allow |
 | .env*                    |   0    | ✗ Denied        | Correct - secrets |
 | Root directory           |   1    | ⚠ Prompted      | Keep prompted |
 Legend:
  ✓ = Covered by ≥2 review layers, auto-allowed
  ⚠ = Fewer than 2 layers or not allowed
  ✗ = Explicitly denied
 ```
 ### Step 6: Identify Gaps
 Report any gaps in coverage:
 ```
 Coverage Gaps Detected:
  1. Bash(npm *) — not in allow list, but npm operations are common
     → 2 review layers active, could be auto-allowed
  2. mcp__data-platform__* — MCP server configured but tools not allowed
     → Add to allow list to avoid prompts
  3. scripts/*.sh — 2 review layers but still prompted
     → Consider adding Write(scripts/**) to allow
 ```
 ### Step 7: Output Diagram
 Display the Mermaid diagram inline.
 If `--save` flag is used:
 - Save to `.claude/permissions-map.mermaid`
 - Report the file path
 ## Output Format
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Permissions Map                             |
 +-----------------------------------------------------------------+
 Review Layer Status
 ===================
 PreToolUse Hooks (intercept before operation):
  ✓ code-sentinel — Write, Edit, MultiEdit
  ✓ git-flow — Bash(git checkout *), Bash(git commit *)
 PostToolUse Hooks (track after operation):
  ✓ doc-guardian — Write, Edit, MultiEdit
  ✓ project-hygiene — Write, Edit
  ✗ data-platform — not detected
 Other Review Gates:
  ✓ Sprint Approval (projman milestone workflow)
  ✓ PR Review (pr-review multi-agent)
 Permissions Flow Diagram
 ========================
 ```mermaid
 [diagram here]
 ```
 Coverage Summary
 ================
 [table here]
 Gaps & Recommendations
 ======================
 [gaps list here]
 ```
 ## File Output (--save flag)
 When `--save` is specified:
 ```
 Diagram saved to: .claude/permissions-map.mermaid
 To view:
  - Open in VS Code with Mermaid extension
  - Paste into https://mermaid.live
  - Include in documentation with ```mermaid code fence
 ```
 ## Color Scheme
 | Element | Color | Hex |
 |---------|-------|-----|
 | PreToolUse hooks | Blue | #e3f2fd |
 | PostToolUse hooks | Green | #e8f5e9 |
 | Sprint/Planning gates | Amber | #fff3e0 |
 | PR Review | Purple | #f3e5f5 |
 | Auto-allowed | Light green | #c8e6c9 |
 | Prompted | Light yellow | #fff9c4 |
 | Denied | Light red | #ffcdd2 |
 ## DO NOT
 - Generate diagrams without reading the mermaid-diagrams skill
 - Use more than 3 primary colors in the diagram
 - Skip the coverage summary table
 - Fail to identify coverage gaps
--- a/plugins/claude-config-maintainer/skills/settings-optimization.md
+++ b/plugins/claude-config-maintainer/skills/settings-optimization.md
@@ -0,0 +1,377 @@
 # Settings Optimization Skill
 This skill provides comprehensive knowledge for auditing and optimizing Claude Code `settings.local.json` permission configurations.
 ---
 ## Section 1: Settings File Locations & Format
 Claude Code uses two configuration formats for permissions:
 ### Newer Format (Recommended)
 **Primary target:** `.claude/settings.local.json` (project-local, gitignored)
 **Secondary locations:**
 - `.claude/settings.json` (shared, committed)
 - `~/.claude.json` (legacy global config)
 ```json
 {
  "permissions": {
    "allow": ["Edit", "Write(plugins/**)", "Bash(git *)"],
    "deny": ["Read(.env*)", "Bash(rm *)"],
    "ask": ["Bash(pip install *)"]
  }
 }
 ```
 **Field meanings:**
 - `allow`: Operations auto-approved without prompting
 - `deny`: Operations blocked entirely
 - `ask`: Operations that always prompt (overrides allow)
 ### Legacy Format
 Found in `~/.claude.json` with per-project entries:
 ```json
 {
  "projects": {
    "/path/to/project": {
      "allowedTools": ["Read", "Write", "Bash(git *)"]
    }
  }
 }
 ```
 **Detection strategy:**
 1. Check `.claude/settings.local.json` first (primary)
 2. Check `.claude/settings.json` (shared)
 3. Check `~/.claude.json` for project entry (legacy)
 4. Report which format is in use
 ---
 ## Section 2: Permission Rule Syntax Reference
 | Pattern | Meaning |
 |---------|---------|
 | `Tool` or `Tool(*)` | Allow all uses of that tool |
 | `Bash(npm run build)` | Exact command match |
 | `Bash(npm run test *)` | Prefix match (space+asterisk = word boundary) |
 | `Bash(npm*)` | Prefix match without word boundary |
 | `Write(plugins/**)` | Glob — all files recursively under `plugins/` |
 | `Write(plugins/projman/*)` | Glob — direct children only |
 | `Read(.env*)` | Pattern matching `.env`, `.env.local`, etc. |
 | `mcp__gitea__*` | All tools from the gitea MCP server |
 | `mcp__netbox__list_*` | Specific MCP tool pattern |
 | `WebFetch(domain:github.com)` | Domain-restricted web fetch |
 ### Important Nuances
 **Word boundary matching:**
 - `Bash(ls *)` (with space) matches `ls -la` but NOT `lsof`
 - `Bash(ls*)` (no space) matches both `ls -la` AND `lsof`
 **Precedence rules:**
 - `deny` rules take precedence over `allow` rules
 - `ask` rules override both (always prompts even if allowed)
 - More specific patterns do NOT override broader patterns
 **Command operators:**
 - Piped commands (`cmd1 | cmd2`) may not match individual command rules (known Claude Code limitation)
 - Shell operators (`&&`, `||`) — Claude Code is aware of these and won't let prefix rules bypass them
 - Commands with redirects (`>`, `>>`, `<`) are evaluated as complete strings
 ---
 ## Section 3: Pattern Consolidation Rules
 The audit detects these optimization opportunities:
 | Issue | Example | Recommendation |
 |-------|---------|----------------|
 | **Exact duplicates** | `Write(plugins/**)` listed twice | Remove duplicate |
 | **Subset redundancy** | `Write(plugins/projman/*)` when `Write(plugins/**)` exists | Remove the narrower pattern — already covered |
 | **Merge candidates** | `Write(plugins/projman/*)`, `Write(plugins/git-flow/*)`, `Write(plugins/pr-review/*)` ... (4+ similar patterns) | Merge to `Write(plugins/**)` |
 | **Overly broad** | `Bash` (no specifier = allows ALL bash) | Flag as security concern, suggest scoped patterns |
 | **Stale patterns** | `Write(plugins/old-plugin/**)` for a plugin that no longer exists | Remove stale entry |
 | **Missing MCP permissions** | MCP servers in `.mcp.json` but no `mcp__servername__*` in allow | Suggest adding if server is trusted |
 | **Conflicting rules** | Same pattern in both `allow` and `deny` | Flag conflict — deny wins, but allow is dead weight |
 ### Consolidation Algorithm
 1. **Deduplicate:** Remove exact duplicates from each array
 2. **Subset elimination:** For each pattern, check if a broader pattern exists
   - `Write(plugins/projman/*)` is subset of `Write(plugins/**)`
   - `Bash(git status)` is subset of `Bash(git *)`
 3. **Merge detection:** If 4+ patterns share a common prefix, suggest merge
   - Threshold: 4 patterns minimum before suggesting consolidation
 4. **Stale detection:** Cross-reference file patterns against actual filesystem
 5. **Conflict detection:** Check for patterns appearing in multiple arrays
 ---
 ## Section 4: Review-Layer-Aware Recommendations
 This is the key section. Map upstream review processes to directory scopes:
 | Directory Scope | Active Review Layers | Auto-Allow Recommendation |
 |----------------|---------------------|---------------------------|
 | `plugins/*/commands/*.md` | Sprint approval, PR review, doc-guardian PostToolUse | `Write(plugins/*/commands/**)` — 3 layers cover this |
 | `plugins/*/skills/*.md` | Sprint approval, PR review | `Write(plugins/*/skills/**)` — 2 layers |
 | `plugins/*/agents/*.md` | Sprint approval, PR review, contract-validator | `Write(plugins/*/agents/**)` — 3 layers |
 | `mcp-servers/*/mcp_server/*.py` | Code-sentinel PreToolUse, sprint approval, PR review | `Write(mcp-servers/**)` + `Edit(mcp-servers/**)` — sentinel catches secrets |
 | `docs/*.md` | Doc-guardian PostToolUse, PR review | `Write(docs/**)` + `Edit(docs/**)` |
 | `.claude-plugin/*.json` | validate-marketplace.sh, PR review | `Write(.claude-plugin/**)` |
 | `scripts/*.sh` | Code-sentinel, PR review | `Write(scripts/**)` — with caution flag |
 | `CLAUDE.md`, `CHANGELOG.md`, `README.md` | Doc-guardian, PR review | `Write(CLAUDE.md)`, `Write(CHANGELOG.md)`, `Write(README.md)` |
 ### Critical Rule: Hook Verification
 **Before recommending auto-allow for a scope, the agent MUST verify the hook is actually configured.**
 Read the relevant `plugins/*/hooks/hooks.json` file:
 - If code-sentinel's hook is missing or disabled, do NOT recommend auto-allowing `mcp-servers/**` writes
 - If doc-guardian's hook is missing, do NOT recommend auto-allowing `docs/**` without caution
 - Count the number of verified review layers before making recommendations
 **Minimum threshold:** Recommend auto-allow only for scopes covered by ≥2 verified review layers.
 ---
 ## Section 5: Permission Profiles
 Three named profiles for different project contexts:
 ### `conservative` (Default for New Users)
 Minimal permissions, prompts for most write operations:
 ```json
 {
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "LS",
      "Write(docs/**)",
      "Edit(docs/**)",
      "Bash(git status *)",
      "Bash(git diff *)",
      "Bash(git log *)",
      "Bash(cat *)",
      "Bash(ls *)",
      "Bash(head *)",
      "Bash(tail *)",
      "Bash(wc *)",
      "Bash(grep *)"
    ],
    "deny": [
      "Read(.env*)",
      "Read(./secrets/**)",
      "Bash(rm -rf *)",
      "Bash(sudo *)"
    ]
  }
 }
 ```
 ### `reviewed` (Projects with ≥2 Upstream Review Layers)
 This is the target profile for projects using the marketplace's multi-layer review architecture:
 ```json
 {
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "LS",
      "Edit",
      "Write",
      "MultiEdit",
      "Bash(git *)",
      "Bash(python *)",
      "Bash(pip install *)",
      "Bash(cd *)",
      "Bash(cat *)",
      "Bash(ls *)",
      "Bash(head *)",
      "Bash(tail *)",
      "Bash(wc *)",
      "Bash(grep *)",
      "Bash(find *)",
      "Bash(mkdir *)",
      "Bash(cp *)",
      "Bash(mv *)",
      "Bash(touch *)",
      "Bash(chmod *)",
      "Bash(source *)",
      "Bash(echo *)",
      "Bash(sed *)",
      "Bash(awk *)",
      "Bash(sort *)",
      "Bash(uniq *)",
      "Bash(diff *)",
      "Bash(jq *)",
      "Bash(npm *)",
      "Bash(npx *)",
      "Bash(node *)",
      "Bash(pytest *)",
      "Bash(python -m *)",
      "Bash(./scripts/*)",
      "WebFetch",
      "WebSearch"
    ],
    "deny": [
      "Read(.env*)",
      "Read(./secrets/**)",
      "Bash(rm -rf *)",
      "Bash(sudo *)",
      "Bash(curl * | bash*)",
      "Bash(wget * | bash*)"
    ]
  }
 }
 ```
 ### `autonomous` (Trusted CI/Sandboxed Environments Only)
 Maximum permissions for automated environments:
 ```json
 {
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "LS",
      "Edit",
      "Write",
      "MultiEdit",
      "Bash",
      "WebFetch",
      "WebSearch"
    ],
    "deny": [
      "Read(.env*)",
      "Read(./secrets/**)",
      "Bash(rm -rf /)",
      "Bash(sudo *)"
    ]
  }
 }
 ```
 **Warning:** The `autonomous` profile allows unscoped `Bash` — only use in fully sandboxed environments.
 ---
 ## Section 6: Scoring Criteria (Settings Efficiency Score — 100 points)
 | Category | Points | What It Measures |
 |----------|--------|------------------|
 | **Redundancy** | 25 | No duplicates, no subset patterns, merged where possible |
 | **Coverage** | 25 | Common tools allowed, MCP servers covered, no unnecessary gaps |
 | **Safety Alignment** | 25 | Deny rules cover secrets, destructive commands; review layers verified |
 | **Profile Fit** | 25 | How close to recommended profile for the project's review layer count |
 ### Scoring Breakdown
 **Redundancy (25 points):**
 - 25: No duplicates, no subsets, patterns are consolidated
 - 20: 1-2 minor redundancies
 - 15: 3-5 redundancies or 1 merge candidate group
 - 10: 6+ redundancies or 2+ merge candidate groups
 - 5: Significant redundancy (10+ issues)
 - 0: Severe redundancy (20+ issues)
 **Coverage (25 points):**
 - 25: All common tools allowed, MCP servers covered
 - 20: Missing 1-2 common tool patterns
 - 15: Missing 3-5 patterns or 1 MCP server
 - 10: Missing 6+ patterns or 2+ MCP servers
 - 5: Significant gaps causing frequent prompts
 - 0: Minimal coverage (prompts on most operations)
 **Safety Alignment (25 points):**
 - 25: Deny rules cover secrets + destructive ops, review layers verified
 - 20: Minor gaps (e.g., missing one secret pattern)
 - 15: Overly broad allow without review layer coverage
 - 10: Missing deny rules for secrets or destructive commands
 - 5: Unsafe patterns without review layer justification
 - 0: Security concerns (e.g., unscoped `Bash` without review layers)
 **Profile Fit (25 points):**
 - 25: Matches recommended profile exactly
 - 20: Within 90% of recommended profile
 - 15: Within 80% of recommended profile
 - 10: Within 70% of recommended profile
 - 5: Significant deviation from recommended profile
 - 0: No alignment with any named profile
 ### Score Interpretation
 | Score Range | Status | Meaning |
 |-------------|--------|---------|
 | 90-100 | Optimized | Minimal prompt interruptions, safety maintained |
 | 70-89 | Good | Minor consolidation opportunities |
 | 50-69 | Needs Work | Significant redundancy or missing permissions |
 | Below 50 | Poor | Likely getting constant approval prompts unnecessarily |
 ---
 ## Section 7: Hook Detection Method
 To verify which review layers are active, read these files:
 | File | Hook Type | Tool Matcher | Purpose |
 |------|-----------|--------------|---------|
 | `plugins/code-sentinel/hooks/hooks.json` | PreToolUse | Write\|Edit\|MultiEdit | Blocks hardcoded secrets |
 | `plugins/doc-guardian/hooks/hooks.json` | PostToolUse | Write\|Edit\|MultiEdit | Tracks documentation drift |
 | `plugins/project-hygiene/hooks/hooks.json` | PostToolUse | Write\|Edit | Cleanup tracking |
 | `plugins/data-platform/hooks/hooks.json` | PostToolUse | Edit\|Write | Schema diff detection |
 | `plugins/cmdb-assistant/hooks/hooks.json` | PreToolUse | (if exists) | Input validation |
 ### Verification Process
 1. **Read each hooks.json file**
 2. **Parse the JSON to find hook configurations**
 3. **Check the `type` field** — must be `"command"` (not `"prompt"`)
 4. **Check the `event` field** — maps to when hook runs
 5. **Check the `tools` array** — which operations are intercepted
 6. **Verify plugin is in marketplace** — check `.claude-plugin/marketplace.json`
 ### Example Hook Structure
 ```json
 {
  "hooks": [
    {
      "event": "PreToolUse",
      "type": "command",
      "command": "./hooks/security-check.sh",
      "tools": ["Write", "Edit", "MultiEdit"]
    }
  ]
 }
 ```
 ### Review Layer Count
 Count verified review layers for each scope:
 | Layer | Verification |
 |-------|-------------|
 | Sprint approval | Check if projman plugin is installed (milestone workflow) |
 | PR review | Check if pr-review plugin is installed |
 | code-sentinel PreToolUse | hooks.json exists with PreToolUse on Write/Edit |
 | doc-guardian PostToolUse | hooks.json exists with PostToolUse on Write/Edit |
 | contract-validator | Plugin installed + hooks present |
 **Recommendation threshold:** Only recommend auto-allow for scopes with ≥2 verified layers.
--- a/plugins/claude-config-maintainer/skills/visual-header.md
+++ b/plugins/claude-config-maintainer/skills/visual-header.md
@@ -47,6 +47,27 @@ This skill defines the standard visual header for claude-config-maintainer comma
 +-----------------------------------------------------------------+
 ```
 ### /config-audit-settings
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Settings Audit                              |
 +-----------------------------------------------------------------+
 ```
 ### /config-optimize-settings
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Settings Optimization                       |
 +-----------------------------------------------------------------+
 ```
 ### /config-permissions-map
 ```
 +-----------------------------------------------------------------+
 |  CONFIG-MAINTAINER - Permissions Map                             |
 +-----------------------------------------------------------------+
 ```
 ## Usage
 Display the header at the start of command execution, before any analysis or output.
--- a/plugins/projman/commands/review.md
+++ b/plugins/projman/commands/review.md
@@ -44,10 +44,7 @@ See `skills/review-checklist.md` for complete patterns:
 ## Visual Output
-```
+See `skills/visual-output.md`. This command invokes the **Code Reviewer** agent:
-╔══════════════════════════════════════════════════════════════════╗
+- Phase Emoji: 🔍
-║  📋 PROJMAN                                                      ║
+- Phase Name: REVIEW
-║  🏁 CLOSING                                                      ║
+- Context: Sprint Name
 ║  Code Review                                                     ║
 ╚══════════════════════════════════════════════════════════════════╝
 ```
--- a/plugins/projman/skills/visual-output.md
+++ b/plugins/projman/skills/visual-output.md
@@ -29,10 +29,10 @@ Projman uses the double-line box drawing header style with emoji phase indicator
 | Agent | Phase Emoji | Phase Name | Context |
 |-------|-------------|------------|---------|
-| Planner | Target | PLANNING | Sprint Name or Goal |
+| Planner | 🎯 Target | PLANNING | Sprint Name or Goal |
-| Orchestrator | Lightning | EXECUTION | Sprint Name |
+| Orchestrator | ⚡ Lightning | EXECUTION | Sprint Name |
-| Executor | Wrench | IMPLEMENTING | Issue Title |
+| Executor | 🔧 Wrench | IMPLEMENTING | Issue Title |
-| Code Reviewer | Magnifier | REVIEW | Sprint Name |
+| Code Reviewer | 🔍 Magnifier | REVIEW | Sprint Name |
 ### Command Headers (Non-Agent)
@@ -40,14 +40,14 @@ For commands that don't invoke a specific agent phase:
 | Command | Phase Emoji | Phase Name |
 |---------|-------------|------------|
-| `/sprint-status` | Chart | STATUS |
+| `/sprint-status` | 📊 Chart | STATUS |
-| `/setup` | Gear | SETUP |
+| `/setup` | ⚙️ Gear | SETUP |
-| `/debug` | Bug | DEBUG |
+| `/debug` | 🐛 Bug | DEBUG |
-| `/labels-sync` | Label | LABELS |
+| `/labels-sync` | 🏷️ Label | LABELS |
-| `/suggest-version` | Package | VERSION |
+| `/suggest-version` | 📦 Package | VERSION |
-| `/proposal-status` | Clipboard | PROPOSALS |
+| `/proposal-status` | 📋 Clipboard | PROPOSALS |
-| `/test` | Flask | TEST |
+| `/test` | 🧪 Flask | TEST |
-| `/rfc` | Document | RFC [Sub-Command] |
+| `/rfc` | 📄 Document | RFC [Sub-Command] |
 ---
Author	SHA1	Message	Date
Leo Miranda	120f00ece6	Merge pull request 'feat(claude-config-maintainer): add settings.local.json audit feature v1.2.0' (#391 ) from feat/config-maintainer-settings-audit into development Reviewed-on: #391	2026-02-02 21:02:43 +00:00
lmiranda	3012a7af68	feat(claude-config-maintainer): add settings.local.json audit feature v1.2.0 Add 3 new commands for auditing and optimizing Claude Code permission configurations, leveraging the marketplace's multi-layer review architecture. New commands: - /config-audit-settings - 100-point scoring across redundancy, coverage, safety alignment, and profile fit - /config-optimize-settings - apply optimizations with dry-run, named profiles (conservative, reviewed, autonomous), consolidation modes - /config-permissions-map - Mermaid diagram of review layer coverage New skill: - settings-optimization.md - 7 sections covering file formats, syntax reference, consolidation rules, review-layer-aware recommendations, named profiles, scoring criteria, and hook detection Updated agent maintainer.md with new "Audit Settings Files" responsibility. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 15:54:15 -05:00
Leo Miranda	d12d9b4962	Merge pull request 'docs: close 5.8.0 punch list — version sync, stale header, emoji clarity' (#389 ) from docs/punch-list-5.8.0-cleanup into development Reviewed-on: #389	2026-02-02 19:30:27 +00:00
lmiranda	b302a4237d	docs: close 5.8.0 punch list — version sync, stale header, emoji clarity - Fix /review command visual header: replace inline CLOSING box with skill reference (Code Reviewer uses 🔍 REVIEW, not 🏁 CLOSING) - Update CLAUDE.md version 5.4.0 → 5.8.0, fix data-platform version in plugin table (1.1.0 → 1.3.0), update Last Updated date - Add Unicode emoji to Phase Registry tables in visual-output.md (now shows 🎯 Target instead of just "Target") Items verified complete: - README.md already shows v5.8.0 - marketplace.json already shows 5.8.0 - CHANGELOG 5.8.0 entry complete (rfc-reject in both Changed/Removed) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 14:28:09 -05:00