Changelog

All notable changes to the jaan.to Claude Code Plugin will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[7.7.1] - 2026-03-15

Changed

qa- skills* — Add performance optimization guidance (parallelization, incremental mutation, coverage tool selection, fail-fast, E2E auth caching, batch generation, early-termination) based on research #86 and #87. Affected skills: qa-test-run, qa-test-mutate, qa-contract-validate, qa-test-generate, qa-test-cases, qa-tdd-orchestrate, qa-quality-gate
qa- reference docs* — Add parallel execution strategies, coverage tool benchmarks, incremental mutation commands, Schemathesis tuning to qa-test-run-reference, qa-test-mutate-reference, qa-contract-validate-reference

Fixed

qa- skill descriptions* — Shorten 3 descriptions exceeding 120-char V3.4 limit (qa-test-cases, qa-test-generate, qa-test-run) and remove 4 uncited percentage claims from inline text

[7.7.0] - 2026-03-05

Added

pm-sprint-plan skill — Assess project progress and build a prioritized sprint plan from ROADMAP gaps. Calculates progress matrix (spec/scaffold/code/test/infra %), classifies bottleneck via state machine, and builds prioritized execution queue (7 priority sources, max 12 items). Includes reference doc with scoring algorithms and output schema
team-sprint skill — Full development sprint cycle orchestrator from planning to PR. Chains pm-sprint-plan for assessment and team-ship --track sprint for execution. Owns git lifecycle (cycle branch creation, ROADMAP marking, gap report, PR to dev)
team-ship --track sprint — New sprint track that reads sprint plan artifacts and dynamically spawns Agent Teams based on the execution queue. Includes verification gates between task groups

Changed

Plugin marketplace — Updated from 56 to 58 skills with new skill paths registered
docs/skills/DEPENDENCIES.md — Added Sprint Cycle Flow dependency chain and updated skill inventory

[7.6.1] - 2026-02-28

Fixed

Co-author attribution cleanup — Removed Co-Authored-By: Jaan.to <noreply@jaan.to> from commit template examples in reference docs (4 files, 6 occurrences)
README badges — Updated badge URLs and consolidated duplicate CHANGELOG entries

Added

Research: CLI-first SaaS architecture — Architecture patterns for CLI-first SaaS products (Research #40)

[7.6.0] - 2026-02-26

Added

frontend-story-generate skill — Generate CSF3 Storybook stories for components with automatic CVA variant detection. Supports MCP graceful degradation (Storybook MCP for conventions, shadcn MCP for prop types, or source-reading fallback). Includes scan mode to find components missing stories
frontend-visual-verify skill — Visually verify components using Playwright MCP with dual output modes: visual-mode (accessibility tree + screenshot scoring, 0-10 scale) and static-mode (code-review-only, score=N/A). Localhost-only by default; external URLs require explicit confirmation
frontend-component-fix skill — Diagnose and fix UI bugs with output-only safety model (generates patch artifacts, never edits source directly). Guided single-run mode chains fix → integrate → verify in one approval
visual-reviewer agent — Lightweight haiku model agent for code-level visual review (semantic HTML, accessibility, design system consistency)
Story coverage advisory hook — Read-only PostToolUse hook suggests story generation when components are written without companion Storybook stories
Product changelog — Full product changelog (CHANGELOG-PRODUCT.md) covering all versions from 1.0.0 to 7.5.1, with product changelog page added to the documentation website
MCP connector documentation — Setup guides for Storybook MCP, shadcn MCP, and Playwright MCP connectors
UI workflow guide — End-to-end guide for setting up the Storybook + shadcn + Playwright visual development workflow
Design system context seed — New design.md seed template for component library, design tokens, Storybook conventions, and MCP server configuration
Shared UI workflow reference — frontend-ui-workflow-reference.md with CSF3 format spec, CVA detection patterns, MCP degradation patterns, and visual scoring rubric (shared across 5+ skills)
Research: Storybook + shadcn + Claude Code — Comprehensive guide for AI-powered component development workflow (Research #81)
Research: MCP foundation architecture — Architecture analysis of four MCP servers creating a coherent context layer (Research #82)
OpenAPI integration across pipeline — 12 skills now accept --contract for API-aware development. New shared reference (openapi-integration-reference.md) provides cross-skill Orval, MSW, and Scalar patterns. frontend-scaffold generates 4 API integration artifacts (Orval config, MSW handlers, MSW browser/server setup). team-ship full track flows API contracts from backend to frontend and QA teammates
Research: OpenAPI/Postman integration — Best practices for OpenAPI-first development with Orval, MSW, and Scalar tooling (Research #83)
Research: Swagger tooling for AI-driven development — Comprehensive Swagger/OpenAPI tooling analysis for AI-enhanced workflows (Research #84)

Changed

frontend-design skill — Now generates CSF3 Storybook stories alongside HTML preview when Storybook is detected; added --contract flag for response shape awareness from API specs
frontend-scaffold skill — Scaffold output now includes story files and CSF3 patterns when Storybook is detected; generates Orval config, MSW handlers, and browser/server setup files when API contract provided
detect-design skill — Added Storybook & component tooling signals detection plus MCP readiness assessment (Ready/Partial/Not Configured scoring)
dev-verify skill — Added package-manager-aware Storybook build verification and dev server health checks
jaan-init skill — Added UI stack detection (React/Vue/Svelte, Storybook, shadcn) with design.md seeding and MCP configuration guidance
team-ship integration — Frontend role now includes frontend-story-generate in both fast and full tracks. New visual-qa role for Phase 3 visual verification. Fixed QA teammate prompt to pass scaffold paths to qa-test-generate
Plugin marketplace — Updated from 53 to 56 skills with new skill paths registered
qa-test-cases skill — Added optional --contract flag to generate endpoint-specific BDD scenarios from OpenAPI specs (request validation, error codes, auth boundaries, pagination)
qa-test-run skill — Added --contract tier that delegates to qa-contract-validate (no tool duplication). Fixed missing --mutation in argument-hint
backend-pr-review skill — Added contract drift detection (Step 3.5) comparing route changes against OpenAPI spec
frontend-story-generate skill — Added --contract flag for MSW handler generation in stories (4 variants: success, loading, error, empty)
frontend-task-breakdown skill — Added --contract flag for API integration task mapping
frontend-visual-verify skill — Added MSW handler detection advisory note
frontend-component-fix skill — Added contract alignment check in root cause analysis
dev-project-assemble skill — Added Scalar API documentation page generation for Node.js/Next.js projects
dev-output-integrate skill — Added OpenAPI-aware integration (Orval config, MSW setup, Storybook preview MSW initialization). New allowed-tools: Bash(npx msw:*), Write(orval.config.ts), Write/Edit(.storybook/**)
team-ship orchestration — QA full track now includes qa-contract-validate. Per-track dependency resolution for contract handoff. Frontend prompt resequenced for API contract wait
License — Switched from MIT to proprietary license across all skills

[7.5.1] - 2026-02-25

Added

pm-changelog-rewrite skill — New skill for changelog rewrite and maintenance workflows
Roadmap/changelog skill enhancements — File discovery, auto-commit capabilities, and issue reference support added to pm-roadmap-update and release-iterate-changelog skills

Changed

pm-roadmap-update skill — Enhanced with file discovery and auto-commit capabilities
release-iterate-changelog skill — Enhanced with file discovery and issue reference linking

Fixed

Security hardening (6 rounds) — Closed multiple prompt injection bypass vectors in pre-tool security gate: brace expansion split-token bypass, path-based interpreter pipe bypasses, quoted and command-substituted interpreter pipe bypasses, cwd-relative path handling in Section E, and sed-exec regex hardening. Removed false-positive patterns from security gate
Layered prompt injection defenses — Added comprehensive prompt injection defense layers across all distributed skills
Codex skillpack rebuild — Rebuilt Codex skillpack after security hardening changes
Documentation corrections — Corrected skill count in DEPENDENCIES.md to 53

[7.5.0] - 2026-02-24

Added

qa-issue-report skill — Report clear issues to any GitHub/GitLab repository with smart session context analysis, codebase reference search, media attachments, and dual-platform support (GitHub CLI + GitLab REST API). Auto-detects target repo from git remote, collects environment info, enforces privacy sanitization, and always submits in English regardless of conversation language
qa-test-mutate skill (/qa-test-mutate) — Run mutation testing to validate test suite quality with multi-stack support (StrykerJS, Infection, go-mutesting, mutmut). Context-isolated feedback loop: run mutations → write survivors JSON → feed to qa-test-generate --from-mutants → re-run (max 2-3 iterations, delta < 5 stop). Survivor JSON handoff contract (schema v1.0) defines artifact-only interface between mutation and test generation skills. Unsupported stacks report null score gracefully. Codex degraded mode: single pass without iterative feedback loop
qa-tdd-orchestrate skill (/qa-tdd-orchestrate) — Orchestrate RED/GREEN/REFACTOR TDD cycle with context-isolated sub-agents via Task tool. Three-level isolation: artifact-only handoffs (no reasoning text transfer), prompt exclusion lists, and handoff manifest verification (handoff-{phase}.json). Double-loop coordination: outer BDD acceptance test from qa-test-cases, inner per-component TDD cycles. Phase gates verified via test execution. Claude Code only (codex-support: false — context isolation requires sub-agent fork)
qa-contract-validate skill (/qa-contract-validate) — Validate API contracts through a 4-tool pipeline: Spectral lint → oasdiff breaking changes → Prism conformance → Schemathesis fuzz testing. Preflight tool availability gate with npx --no-install for npm tools. Graceful degradation: skip unavailable tools with explicit warnings. 0 tools available = INCONCLUSIVE (not PASS). OpenAPI/Swagger specs only (v1 scope)
qa-quality-gate skill (/qa-quality-gate) — Compute composite quality score from upstream outputs (qa-test-run, detect-dev, sec-audit-remediate, backend-pr-review, qa-test-mutate). 6 weighted signals with null signal proportional redistribution. Routing: >0.85 auto-approve, 0.6-0.85 lightweight review, <0.6 full human review. Human decision is final — recommendation only, never auto-approve
qa-issue-validate skill (/qa-issue-validate) — Validate GitHub/GitLab issues against codebase with root cause analysis and reproduction scenarios. Given an issue (by ID, URL, or pasted text), extracts technical claims, validates them via 7-layer code search (file existence, function definitions, error messages, stack traces, routes, test coverage, git history), assigns verdict (VALID_BUG, VALID_FEATURE, VALID_IMPROVEMENT, INVALID_USER_ERROR, INVALID_CANNOT_REPRODUCE, INVALID_DUPLICATE, INVALID_STALE, NEEDS_INFO) with confidence level, and provides causal chain + 5 Whys RCA for valid bugs. Mandatory issue content threat scan (SAFE/SUSPICIOUS/DANGEROUS) defends against prompt injection, credential probing, path traversal, and embedded commands in untrusted issue text. Posts validation comment to issue, optionally closes invalid issues, and integrates with /pm-roadmap-add using sanitized text only (never raw issue content). Dual platform support (GitHub CLI + GitLab REST API). (Research #77)
TDD/BDD/AI orchestration research — Research document analyzing 8 areas: three-agent TDD cycle, BDD/Gherkin as spec interface, double-loop TDD, spec validation, mutation testing, hierarchical-pipeline architecture, automated quality gates, ISO 25010/DORA standards (Research #76)
pm-roadmap-add skill (/pm-roadmap-add) — Add prioritized items to any project roadmap with codebase-aware context scanning and duplication check. Supports three prioritization systems (MoSCoW, Value-Effort Matrix, RICE Scoring) with user selection on first use. Phase 1 scans existing PRDs (titles/summaries only), stories (titles/status only), and TODO/FIXME counts (file names only, never content) for accurate priority assessment. Milestone/theme detection suggests best-fit placement. PreToolUse validation hook (validate-roadmap.sh) enforces required sections, scans for leaked secrets, and blocks path traversal. Security-hardened: writes scoped to $JAAN_OUTPUTS_DIR/pm/roadmap/** only, zero git permissions, data boundary rules treat all stored roadmap text as untrusted data. Replaces internal roadmap-add skill
pm-roadmap-update skill (/pm-roadmap-update) — Review and maintain project roadmaps with 4 modes: review (cross-reference against PRDs, stories, code to find done/blocked/stale items), mark (mark specific item complete), reprioritize (re-evaluate all priorities based on current context), validate (check consistency, completeness, dependencies). Codebase-aware analysis detects completion candidates from code changes and stale items past target dates. Same security hardening as pm-roadmap-add: scoped writes/edits to $JAAN_OUTPUTS_DIR/pm/roadmap/**, no git operations, untrusted data treatment for all roadmap content. Replaces internal roadmap-update skill
pm-skill-discover skill (/pm-skill-discover) — Detect repeated workflow patterns from AI sessions and suggest skills to automate them. Analyzes three data sources: Claude Code session transcripts (tool usage sequences), git history (file-group patterns, commit frequency), and jaan-to learning files (skill usage frequency). Segments sessions into episodes, mines contiguous subsequences (length 3-6), and scores candidates using a 4-dimension rubric: frequency (30%), time saved (30%), parameterizability (25%), risk (15%). Matches detected patterns against 10 research-backed workflow archetypes (error diagnosis cycle, red-green-refactor loop, CI pipeline repair, feature scaffolding, etc.). Privacy-first: extracts structural metadata only (tool names, file types, timestamps), hashes file paths, never reads prompt content or code. Optional auto-invocation of /skill-create for selected candidates. (Research #80)
Skill discovery research — Comprehensive research analyzing skill discovery across Claude Code, OpenAI Codex, and Cursor. Documents the gap: no AI coding tool detects repeated developer workflows or proactively suggests automations. Provides reference architecture with event schema, segmentation algorithm, PrefixSpan mining, 8-dimension scoring rubric, and MVP implementation blueprint (~1,200 lines of code). Includes 10 coding workflow pattern archetypes, skill specification standard, integration architecture for each tool, 5 UX patterns to prevent suggestion fatigue, and privacy/safety model. (Research #80)

Changed

qa-test-cases declarative Gherkin enforcement — Added mandatory declarative enforcement rule (behavior-level steps, never imperative UI interactions), scenario structure limits (3-5 steps per scenario, 5-10 scenarios per feature), Scenario Outline promotion for data-driven testing, and standardized step templates
qa-test-generate mutation-guided mode — Added --from-mutants input mode reading survivor JSON from qa-test-mutate, generating targeted tests per surviving mutant. Optional companion config generation (stryker.config.mjs, infection.json5). Testing pyramid ratio validation warning (60-70% unit / 20-25% integration / 5-10% E2E)
qa-test-run mutation tier — Added --mutation tier flag, mutation score parsing from tool outputs only (StrykerJS, Infection, go-mutesting, mutmut), iteration tracking with configurable cap (default 10), same-test-failure escalation (3 failures → human)
devops-infra-scaffold quality pipeline stages — Added 4 optional CI stages: Spectral lint (on every commit), oasdiff breaking changes (PRs via pinned SHA action), mutation testing (incremental on PRs, full nightly), Schemathesis fuzz (nightly). Preflight availability gate for all tools
team-ship TDD track — Added --track tdd running qa-test-cases → qa-tdd-orchestrate → qa-test-mutate → qa-quality-gate pipeline. New tdd-writer and tdd-implementer roles. Fan-out cap (max 5 concurrent teammates), DAG validation, graceful qa-quality-gate degradation
backend-api-contract Spectral companion — Generates .spectral.yaml with built-in + OWASP rulesets alongside OpenAPI spec. Added "Validation Commands" section to companion markdown. References qa-contract-validate as suggested next step
detect-dev quality metrics — Added DORA metrics extraction, ISO 25010 quality characteristic mapping, mutation testing presence detection
detect-pack quality compliance — Added ISO 25010 compliance summary with characteristic mapping table. Added "Quality Gate Readiness" section referencing qa-quality-gate
dev-verify enhanced contract validation — Step 12 now uses Spectral/Prism for contract validation when installed, with structural-only checks as fallback
backend-scaffold test recommendations — Added test framework + mutation tool recommendation table per stack (Node.js/Vitest/StrykerJS, PHP/Pest/Infection, Go/testify/go-mutesting, Python/pytest/mutmut)
Plugin marketplace updated — 45 → 52 skills, added keywords: mutation-testing, tdd, contract-validation, quality-gates, issue-validation, skill-discovery

Fixed

Windows NTFS compatibility — Replaced jaan-to: colon prefix with jaan-to- dash prefix in all learn/template filenames. Colons in filenames are forbidden on Windows NTFS, preventing cloning of any repo with seeded jaan-to files. Auto-migration in bootstrap.sh renames existing colon-prefixed files on session start with three-branch collision handling (rename, dedup, or preserve with .legacy-colon.md suffix). Three-tier path resolution (jaan-to- → jaan-to: legacy → unprefixed) maintains backward compatibility. Updated across 68+ SKILL.md files, 20+ LEARN.md files, 17+ doc files, and all scripts. Closes #157

Removed

roadmap-add skill — Internal jaan-to-specific skill replaced by generic pm-roadmap-add. Old skill had hardcoded 8-phase structure and Bash(git:*) permissions for direct commits/pushes
roadmap-update skill — Internal jaan-to-specific skill replaced by generic pm-roadmap-update. Old skill had 11 git command permissions and release automation (version bumps, tagging, branch merging)
post-commit-roadmap.sh hook — Removed PostToolUse hook that auto-updated roadmap on git commits. New pm-roadmap-update skill handles roadmap maintenance explicitly via user-invoked commands

[7.4.0] - 2026-02-22

Added

Context7 MCP integration (Phase 7) — First MCP connector providing on-demand library documentation via the Context7 protocol. .mcp.json configures the @upstash/context7-mcp server with two tools: resolve-library-id (convert library names to Context7-compatible IDs) and get-library-docs (fetch documentation with code/info mode selection). Skills can now access real, up-to-date library documentation instead of relying on training data. Marketplace keywords updated with context7 and mcp tags for ecosystem discovery. (Task: mcp-context7)
dev-docs-fetch skill (/dev-docs-fetch) — Fetch and cache library documentation via Context7 MCP with smart caching and auto-detect. Tech-agnostic library detection via $JAAN_CONTEXT_DIR/tech.md (#current-stack and #frameworks sections) with explicit argument override and fallback prompting. Two-phase workflow: cache freshness check (7-day TTL with Bash-based cross-platform stat detection for macOS/Linux) → HARD STOP confirmation → resolve library IDs via mcp__context7__resolve-library-id → fetch documentation via mcp__context7__get-library-docs (code mode for API references, info mode for architecture/concepts, optional topic extraction) → store with YAML frontmatter (title, library_id, type, created, updated, context7_mode, topic, tags, source, cache_ttl). Cache path: $JAAN_OUTPUTS_DIR/dev/docs/context7/. Graceful error handling: library not found suggestions with retry/skip, API failure fallback to stale cache with user consent, network timeout retry (3x with backoff). Token-optimized: target <10,000 tokens per execution, max 3-5 libraries per run. Callable standalone or from other skills' Phase 1 for context enrichment. Codex runtime adapter included. (Task: mcp-context7)
Dual-runtime MCP support — Full MCP infrastructure for Codex runtime alongside Claude Code. Codex installer auto-configures Context7 in ~/.codex/config.toml with idempotent managed blocks and --no-mcp opt-out. New validate-mcp-servers.sh enforces dual-runtime MCP consistency. CI pipelines include MCP parity checks in dual-runtime gate and release-check.yml. New docs/mcp/ documentation section with Context7 connector page. Website MCP Connectors card added to Skills Catalog

Fixed

MCP config hardening — Hardened Codex MCP config update logic and server parsing in install-codex-skillpack.sh and validate-mcp-servers.sh for safer TOML block management
.mcp.json build distribution — Fixed missing copy_file call in build_claude_target() for .mcp.json, which caused validate-multi-runtime.sh CI failures
Stale skill count refs in website — Updated 2 missed references in website/index.html from 44 → 45 skills and corrected role count to 13

[7.3.0] - 2026-02-21

Added

Multi-runtime Codex support — Full dual-runtime governance enabling jaan-to skills to run on both Claude Code and OpenAI Codex. Single-source build targets generate Claude (dist/claude/) and Codex (dist/codex/) distributions from shared skill sources. Codex runner translates SKILL.md frontmatter into Codex-native .agents/ format with zero-argument handling. Installer-first global skillpack flow for Codex discovery. Auto-sync skillpack in skill creation and update PR workflows. CI enforcement: dual-runtime builds on dev PRs, integrated e2e smoke tests and full monitors for both runtimes

[7.2.0] - 2026-02-19

Added

Agent Skills open standard compatibility (agentskills.io) — Full compliance with the Agent Skills ecosystem for cross-platform skill discovery. marketplace.json now includes skills[] discovery array (44 entries) and metadata.pluginRoot for CLI resolution. All 44 SKILL.md files updated with license: MIT, compatibility field, and enriched descriptions with "Use when" trigger phrases (no colons). 13 overlong skills refactored below 500 lines via reference extraction (5 new + 8 expanded reference files in docs/extending/). CI enforcement via release-check.yml Agent Skills compliance step, validate-skills.sh Agent Skills section, validate-compliance.sh Check 11 (naming spec + manifest sync). New scripts/marketplace-sync-check.sh PostToolUse hook detects skill/manifest drift. skill-create template updated with license + compatibility fields. create-skill.md spec updated with Agent Skills Standard section. E2E test suite: 20 tests (12 success + 8 failure scenarios) in scripts/test/agent-skills-compliance-e2e.sh. Description budget: 10,282/15,000 chars (31% headroom)
Automated security enforcement — New scripts/validate-security.sh as single source of truth for security validation across CI, /jaan-release, and /jaan-issue-review. 4 check sections: (A) Skill permission safety — detects bare Write/Bash/Edit, credential access patterns, hardcoded secrets; (B) Shell script safety — enforces set -euo pipefail, blocks eval/curl|sh/chmod 777/$IFS; (C) Hook safety — validates static paths, no user input in commands; (D) Dangerous patterns — blocks rm -rf /, exec() in skill bodies. CI workflow updated with security gate step. Distributed skills are BLOCKING, local skills are ADVISORY. GitHub Actions annotations via ::error:: / ::warning::
Security audit remediation (13 findings) — Comprehensive security audit of all plugin scripts, hooks, and access patterns. Fixed: set -euo pipefail added to 17 scripts, 4 distributed skills narrowed from bare permissions to scoped access (pm-research-about, roadmap-update, skill-update, ux-microcopy-write), path validation patterns documented, privacy sanitization patterns for external data, PreToolUse security gate hardened, template security standards formalized. New docs: docs/security-strategy.md (developer security reference), docs/config/security.md (user-facing security guide)
team-ship agent teams orchestration skill — Assemble role-based AI teammates (PM, UX, Backend, Frontend, QA, DevOps, Security) to ship ideas from concept to production via Claude Code Agent Teams. One command (/team-ship "idea") spawns a virtual company with phased execution: PM defines (PRD gate) → parallel build team (Backend, Frontend, QA, UX) → integration + DevOps + Security → verification. Features: roles.md as scalable data layer (add role = zero SKILL.md changes), 3 tracks (--track fast 8 skills / --track full 20 skills / --detect 5 auditors), --dry-run plan preview, --resume checkpoint recovery, per-role model selection (haiku for detect, sonnet for code gen), fork-isolated orchestration. Token-optimized: reference extraction (SKILL.md 296 lines), phased teammate spawning (max 4-5 concurrent), compact spawn prompts (~200 tokens each). Three-mechanism roles.md sync: skill-create Step 14.5 (proactive add), skill-update Step 11.5 (proactive sync), PostToolUse drift detection hook. Three new hooks: TaskCompleted quality gate (blocks empty outputs), TeammateIdle redirect (suggests unclaimed tasks), roles-sync-check (warns on drift). Requires agent_teams_enabled: true + CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1. (Research #77)

Fixed

pm-prd-write output readability and RTL support (#141) — PRD generation now enforces bullet-point formatting for prose sections (Problem Statement, Executive Summary, Solution Overview), 4-column max table width, and per-entity status matrices instead of aggregate lists. Gap-analysis PRDs use a requirements-first document flow (Requirements Overview → Methodology → Current State Matrix → Gap Prioritization). RTL language support adds <div dir="rtl"> wrapper, native vocabulary preference, and orthography rules. Template updated with optional sections for audit-based PRDs. Quality checks extended to verify formatting compliance. Closes #141

Changed

Removed automatic .gitignore policy from bootstrap — Bootstrap no longer auto-adds jaan-to/ to the project's .gitignore on every session start. Instead, /jaan-init now asks users during initialization whether to add jaan-to/ to .gitignore, with the recommendation being no (commit jaan-to/ to version control). Updated bootstrap.sh, verify-install.sh, jaan-init SKILL.md, and all related documentation
Roadmap-update now enforces 6 structural consistency rules — Every run validates overview-to-section matching, sequential numbering, done-phase blockquotes, catalog accuracy, version accuracy, and future-focus compliance. Violations are reported before mode-specific work begins
Release-iterate-changelog now triggers roadmap sync — After writing changelog updates, the skill calls /pm-roadmap-update to keep the roadmap in sync automatically

[7.1.0] - 2026-02-16

Added

Asset embedding for document-generating skills (#119) — Skills that accept image/screenshot inputs now embed them as renderable markdown image links (![alt](path)) in generated output. Smart asset resolution: files inside $JAAN_* directories are referenced in-place (no copy), external files are copied to $OUTPUT_FOLDER/assets/ after user consent. New scripts/lib/asset-handler.sh utility provides is_jaan_path, resolve_asset_path, copy_external_assets, and url_encode_path functions. Shared reference at docs/extending/asset-embedding-reference.md keeps skill footprint minimal (~3-5 line pointer per skill). Updated 6 skills: pm-prd-write, ux-heatmap-analyze, frontend-task-breakdown, ux-flowchart-generate, pm-story-write, ux-microcopy-write. Added "Asset Embedding" section to docs/extending/create-skill.md. All skills stay within 600-line cap; description budget unchanged at 8,409/15,000 chars. Closes #119

[7.0.0] - 2026-02-16

Changed

Aggressive token optimization (Research #75) — Extracted reference material from 22 skills into 17 dedicated docs/extending/*-reference.md files, reducing per-skill SKILL.md sizes by 25-60%. Skills now delegate large reference tables, checklists, and report templates to external docs loaded on demand. validate-skills.sh enhanced with per-skill line count checks (hard cap 600, soft cap 500) and extraction guidance. 44 files changed, 2,211 insertions, 1,858 deletions
Bootstrap compact mode — bootstrap.sh now outputs minimal startup text, reducing per-session token overhead from hook stdout. New CI gate in release-check.yml enforces 1,200 character cap on hook stdout to prevent token regression

Documentation

Added "Idea to Product" guide section to README showing the full spec-to-ship workflow
Updated website Token Strategy section with v7 metrics (2,400 tokens/session, 9.7K tokens/invocation, 60% skill body reduction) and four-layer architecture (reference extraction, context isolation, CI enforcement)

6.4.0 - 2026-02-16

Added

backend-pr-review (#110) — Multi-stack backend PR review skill supporting PHP/Laravel, Node/TypeScript, Python/Django, Go, and Rust. Detects stack via tech.md with fallback prompting. Two-pass LLM analysis with variable confidence thresholds (CRITICAL >= 90, WARNING >= 85, INFO >= 80) reduces false positives by 40-60%. Risk-based file prioritization weights criticality (40%), change size (30%), finding density (20%), and file type (10%). Deterministic grep scanning from 3 stack-specific reference files (security, performance, code quality). GitHub and GitLab support including self-hosted instances with curl API fallback. Comment deduplication via bot marker for idempotent re-runs. Max 20 findings per review. Follows wp-pr-review pattern (456 lines). Closes #110

Fixed

wp-pr-review large PR fallback (#107) — Added paginated REST API fallback (gh api) when gh pr diff fails with HTTP 406 on large PRs (300+ files). PRs with 50+ PHP files are now processed in batches of 30 to reduce per-call context size, mitigating ECONNRESET from network intermediaries. Closes #107

6.3.0 - 2026-02-15

Added

detect-dev incremental audit mode (#81) — detect-dev now supports --incremental flag to scope scans to files changed since the last audit via git diff and .audit-state.yaml state tracking. Graceful fallback to full scan on missing state, invalid commit hash, or unreachable commits. Combines with --full for scoped full-depth analysis. Integration-aware evidence tagging (origin: integrated | hand-written) from dev-output-integrate logs. Post-integration suggestion added to dev-output-integrate Step 14. Reference material in docs/extending/detect-dev-reference.md. Closes #81
Health monitoring workflow (#83) — devops-infra-scaffold now generates ci/health-check.yml with cron endpoint monitoring, automatic incident issue creation, deduplication, and auto-close on recovery
Secret rotation reminder (#83) — devops-infra-scaffold now generates ci/secret-rotation-reminder.yml with quarterly issue creation and env var classification (rotatable credentials vs static IDs)
qa-test-run (/qa-test-run) — Execute tests across stacks (Node.js/TypeScript, PHP, Go), diagnose failures into 7 categories, auto-fix infrastructure issues, and generate coverage reports. Supports Vitest/Jest/Playwright, PHPUnit/Pest, and go test. Multi-stack detection via tech.md with lockfile fallback. Closes #82
dev-verify (/dev-verify) — Combined build and runtime verification for the Spec-to-Ship pipeline. Build phase: type/compile checks across stacks (Node.js/TypeScript, PHP, Go), error categorization with auto-fix for safe issues (missing deps, export mismatches, config gaps). Runtime phase: tech.md-driven service discovery (docker-compose, package.json, .env), health endpoint checks, OpenAPI contract validation, and smoke tests. Supports --build-only, --runtime-only, --skip-smoke, --skip-fix modes. Reports pass/fail with generic error categories. Closes #78 and #85
Integration drift detection (#75) — PostToolUse hook warns when new outputs appear in $JAAN_OUTPUTS_DIR/ after dev-output-integrate has run. Writes .last-integration-manifest at integration time and compares subsequent writes against it. Non-blocking, configurable via integration_drift_check setting. Works with all generation skills. Closes #75
Route file wiring in dev-output-integrate (#84) — Skill now distinguishes route-level outputs (pages, views, layouts) from component/library files and wires them into framework-specific route directories. Detection heuristic and per-stack wiring rules cover Next.js App Router, Laravel Inertia/Blade, and Go templates. Reference material in docs/extending/dev-output-integrate-reference.md
Build plugin dependency detection (#84) — frontend-scaffold and dev-project-assemble now detect that framework config can imply build dependencies (e.g., reactCompiler: true requires babel-plugin-react-compiler in devDependencies). Multi-stack detection table covers Node.js, PHP, and Go. Reference material in docs/extending/dev-project-assemble-reference.md
Repository variables in devops-deploy-activate (#84) — Skill now manages GitHub repository variables (gh variable set) for non-sensitive config values (service URLs, feature flags) after platform provisioning. Includes secrets-vs-variables guidance, URL capture commands per platform, and environment-scoped variable support. Reference material in docs/extending/devops-deploy-activate-reference.md. Closes #84
$JAAN_DOCS_DIR path variable (#95) — New configurable path variable for documentation output location (default: jaan-to/docs). Customize via paths_docs in settings.yaml or JAAN_DOCS_DIR environment variable. Follows the same pattern as the existing 4 path variables ($JAAN_OUTPUTS_DIR, $JAAN_TEMPLATES_DIR, $JAAN_LEARN_DIR, $JAAN_CONTEXT_DIR). Bootstrap resolves and outputs docs_dir alongside existing paths

Fixed

pnpm packageManager conflict (#83) — CI workflow generation now checks packageManager field in package.json and omits explicit version parameter from pnpm/action-setup@v4 when present, preventing ERR_PNPM_BAD_PM_VERSION
Next.js standalone output consistency (#83) — generates config/next.config.standalone.ts reference snippet and adds README verification step when Dockerfile.frontend expects .next/standalone output
docs-create and docs-update use $JAAN_DOCS_DIR for customizable output (#95) — Both documentation skills now use the new $JAAN_DOCS_DIR path variable (default: jaan-to/docs/) instead of hardcoded paths. Users can customize the docs output location via paths_docs in settings.yaml or JAAN_DOCS_DIR environment variable. Path tables, allowed-tools permissions, staleness detection, and archive operations all updated. Skills also share template/learn files (jaan-to:docs.template.md, jaan-to:docs.learn.md) and reference STYLE.md from plugin source. Closes #95
Bootstrap no longer creates extra scaffold files (#98) — Removed jaan-to/outputs/research/ directory creation, jaan-to/docs/STYLE.md copy, and jaan-to/docs/create-skill.md copy from bootstrap. These were remnants from before lazy loading (v6.1.0) — skills now read STYLE.md and create-skill.md directly from the plugin source at runtime. Closes #98
verify-install.sh updated for removed bootstrap artifacts (#98) — Removed stale checks for STYLE.md, create-skill.md, and research/ directory that bootstrap no longer creates. Reference docs are now verified in the plugin source instead
Stale documentation updated to match bootstrap changes (#98) — Updated bootstrap.md, seed-files.md, and quality-reviewer agent to reflect that STYLE.md and create-skill.md are loaded from plugin source at runtime. Agent references now use $JAAN_* variables and ${CLAUDE_PLUGIN_ROOT}

6.2.3 - 2026-02-14

Fixed

Pre-execution Step C (template seeding) now explicitly invoked (#92) — All 39 skills now use ## Pre-Execution Protocol with explicit step enumeration (Step 0 → A → B → C) instead of the previous ## Pre-Execution: Apply Past Lessons heading which biased execution toward only Step A (Load Lessons). Step C (Offer Template Seeding) was consistently skipped because skills delegated to the protocol document without enumerating steps. Also updates create-skill.md skeleton and adds a mandatory execution note to the protocol document. Closes #92

6.2.2 - 2026-02-14

Fixed

Pre-execution protocol adds initialization guard (Step 0) (#87) — All skills now actively check for jaan-to/ directory before executing and recommend /jaan-init if missing. Prevents partial directory creation and degraded output on uninitialized projects. Skips for jaan-init itself to avoid circular dependency. Complements the bootstrap hook message from v6.2.1 with invocation-level enforcement.

6.2.1 - 2026-02-14

Fixed

Bootstrap outputs actionable init guard for uninitialized projects (#87) — When jaan-to/ directory is missing, the SessionStart hook now outputs a clear instruction telling the AI to recommend /jaan-init before running any skill. Previously output a quiet JSON blob that was ignored, allowing skills to create partial directory structures without context files. Zero token cost — runs once as a shell script, not as LLM instructions per skill.

6.2.0 - 2026-02-14

Changed

jaan-issue-report conditional local file + default submit — Skill now defaults to GitHub submission when gh is authenticated (no first-run prompt). When submission succeeds, no local .md file is created. When in local-only mode or on submission failure, a copy-paste ready version of the issue is shown first, then the user is asked whether to save a local file. Phase 2 steps restructured: GitHub submission (Step 9) now runs before local file handling (Step 10). Users can opt out with --no-submit or issue_report_submit: false in settings.

6.1.1 - 2026-02-12

Fixed

Template seeding on plugin-source fallback (#73) — Pre-execution protocol now offers to seed a skill's template into jaan-to/templates/{skill}.template.md when it resolves from the plugin source fallback. Users accept or decline; subsequent runs find the project copy and skip the offer. New scripts/seed-template.sh helper handles the copy. Affects all 36 template-using skills via the shared protocol. Closes #73

6.1.0 - 2026-02-12

Added

dev-output-integrate (/dev-output-integrate) — Copy generated jaan-to outputs into operational project locations with README-based placement parsing, config file merging (package.json deep merge, tsconfig.json extends), entry point wiring (security plugin order, provider registration), dependency installation, and post-integration validation. Reference material extracted to docs/extending/dev-output-integrate-reference.md. Closes #70
devops-deploy-activate (/devops-deploy-activate) — Activate deployment pipeline from infra-scaffold output: configure GitHub secrets, pin GitHub Actions to SHA digests for supply chain security, provision backend/frontend platforms (Railway, Vercel, Fly.io), set up Turborepo remote cache, and trigger verification pipeline. Reference material extracted to docs/extending/devops-deploy-activate-reference.md. Closes #70
Post-detect seed reconciliation (#63) — All detect skills now check findings against project seed files after detection and report discrepancies. detect-pack goes further: it uses consolidated detection data as source of truth to actively update seed files (context/tech.md, tone-of-voice.template.md, integrations.md, localization.template.md) with a diff-style preview and user approval workflow ([y/all/n/pick]). Updates framework versions, adds missing tech entries, flags stale references for user decision, and suggests /learn-add commands for non-seed findings. Reconciliation report written to detect/seed-reconciliation.md. Shared logic in docs/extending/seed-reconciliation-reference.md. Closes #63

Changed

jaan-issue-report defaults to smart GitHub submission — Skill now detects gh CLI availability on first run, asks once whether to submit directly to GitHub (recommended), and saves the preference to jaan-to/config/settings.yaml. Added --no-submit flag for explicit opt-out. Submit mode resolution priority: --submit/--no-submit flags > saved issue_report_submit preference > smart detection with user prompt. Closes #61
Lazy template/learn seeding (#60) — Bootstrap no longer eagerly copies 34 templates and 37 learn files into the project. Templates and learn files are now loaded from the plugin at runtime using a three-tier fallback: project (prefixed) → project (unprefixed) → plugin source. New projects get clean, empty templates/ and learn/ directories.
Pre-execution protocol extended — Added template resolution (Step B) alongside the existing learn file loading (Step A), with backward-compatible fallback for both naming conventions
learn-add seeds from plugin — When creating a new project learn file via /learn-add, the plugin's LEARN.md is used as a starting point (preserving seed lessons) instead of an empty template

Removed

Legacy migration code removed from bootstrap — Removed all v2.0→v4.5.1 migration logic from session startup (.jaan-to/ directory rename, output path moves, old skill detection, .gitignore rewriting). Bootstrap is now simpler and faster for current users. Deleted scripts/lib/v3-autofix.sh, docs/guides/migration-v3.md, and docs/guides/migration-v3.24.md (-767 lines)

Fixed

Template/learn naming mismatch — Bootstrap created files as {skill}.template.md / {skill}.learn.md (without jaan-to: prefix) but all 38 skills expected jaan-to:{skill}.template.md / jaan-to:{skill}.learn.md. Eagerly-copied files were never found by skills. The pre-execution protocol and path-resolver now support both naming conventions for backward compatibility.
Seed settings.yaml showed wrong default paths — Commented-out path examples showed artifacts/jaan-to instead of actual default jaan-to/outputs (and similar mismatches for templates, learning, context). Existing projects auto-corrected on next session via bootstrap migration. Fixes #64

6.0.0 - 2026-02-11

Added

5 spec-to-ship skills closing the scaffold-to-deployment pipeline:
- dev-project-assemble (/dev-project-assemble) — Wire backend + frontend scaffold outputs into a runnable project with directory tree, configs, entry points, and provider wiring. Supports monorepo (Turborepo/Nx) and separate-project layouts, auto-detected from tech.md
- backend-service-implement (/backend-service-implement) — Generate full service implementations with business logic from TODO stubs and upstream specs (API contract, data model, task breakdown). Includes CRUD patterns, state machines, RFC 9457 error handling, pagination, and idempotency helpers
- qa-test-generate (/qa-test-generate) — Produce runnable Vitest unit tests and Playwright E2E specs from BDD test cases. Features tag-based routing (@unit/@integration/@e2e/@api), test data factories (Fishery + zod-mock), MSW mock handlers, and page objects
- sec-audit-remediate (/sec-audit-remediate) — Generate targeted security fixes from detect-dev SARIF findings with CWE-mapped fix strategies, severity triage, and regression tests for OWASP Top 10 vulnerability types
- devops-infra-scaffold (/devops-infra-scaffold) — Generate CI/CD workflows (GitHub Actions/GitLab CI), multi-stage Dockerfiles, docker-compose, environment configs, and deployment platform configs (Vercel/Railway/Fly.io/AWS ECS)
New roles: sec (Security) and devops (DevOps/Infrastructure) with documentation
Token strategy documentation — docs/token-strategy.md explaining the three-layer token optimization approach
Skill documentation pages for all 5 new skills in docs/skills/
Spec-to-Ship workflow added to docs/skills/DEPENDENCIES.md

Changed

Token-optimized all 5 new skills — Extracted reference material into docs/extending/*-reference.md files, reducing total SKILL.md lines by 844 (~25%)
Updated create-skill.md — Added Token Optimization Strategy section with line targets, reference extraction pattern, and frontmatter flags guidance for future skill development
Plugin skill count updated from 33 to 38
Roadmap updated with v6.0.0 changelog, task checklists, and quick reference table

5.1.0 - 2026-02-10

Added

jaan-issue-report skill (/jaan-issue-report) — Report bugs, feature requests, skill issues, or documentation problems to the jaan-to GitHub repo. Two delivery modes: --submit for direct GitHub issue creation via gh CLI, or local-only (default) saving to $JAAN_OUTPUTS_DIR/jaan-issues/. Features session context awareness (auto-drafts from conversation history when invoked mid-session), privacy sanitization (redacts private paths, tokens, credentials before preview), 4 issue types with auto-classification, upfront gh auth status check, and type-specific templates with environment info collection
jaan-issue-report documentation — docs/skills/core/jaan-issue-report.md and updated Core Skills README index

Changed

Bootstrap now opt-in per project — Projects require /jaan-init to activate. Existing projects with jaan-to/ directory continue working unchanged. New skill: /jaan-init

5.0.0 - 2026-02-10

Changed

Token optimization (v5) — Reduced plugin token footprint across all sessions and skill invocations
- CLAUDE.md trimmed from 282 → 97 lines — extracted Output Structure, Naming Conventions, and Development Workflow to docs/extending/ reference files (~1,700 tokens/session saved)
- Frontmatter flags — Added disable-model-invocation to 7 internal skills and context: fork to 6 detect skills (~280 tokens/session + ~30K-48K tokens per detect run saved)
- Boilerplate extraction — Extracted Language Settings and Pre-Execution blocks from 31 skills into shared docs/extending/language-protocol.md and docs/extending/pre-execution-protocol.md (~6,350 tokens per skill invocation saved)
- Body trimming — Extracted reference material from 8 large skills (skill-create, skill-update, detect-dev, pm-research-about, backend-task-breakdown, ux-microcopy-write, detect-pack, ux-research-synthesize) into dedicated docs/extending/ reference files (~3.5K-5.5K tokens per trimmed skill invocation saved)
- Total savings: ~2,000 tokens/session permanently, ~7K-48K tokens per skill invocation

4.5.1 - 2026-02-10

Fixed

Standardized output paths for all 7 backend/frontend skills — Aligned to {role}/{domain}/{id}-{slug}/{id}-{slug}.md convention, removing redundant domain names from filenames (e.g., {id}-data-model-{slug}.md → {id}-{slug}.md). Fixed stale dev-fe-*/dev-be-* references across 30 files (387a084)
Bootstrap migration for existing outputs — Added 4 migration blocks to bootstrap.sh: dev/contract/ → backend/api-contract/, backend/frontend numbered folder splitting by content pattern, and frontend/components/ → frontend/design/. Existing user outputs auto-migrate on next session start (387a084)
Docusaurus sidebar missing skill categories — Wired backend, frontend, release, and wp skill categories into sidebar config (d489f60)
Aligned specification docs to {id}-{slug}.md convention — Updated CLAUDE.md, skill-create, skill-update specs, and all roadmap task output paths (dev, backend, wp-*) to use {id}-{slug}.md instead of {id}-{report-type}-{slug}.md. Fixed stale dev-fe-state-machine refs. Updated config seed to v4.5.1 (c86c877)
Corrected plugin skill count — Fixed 32→31 in plugin.json, marketplace.json, and website landing page; added ux-flowchart-generate and release-iterate-changelog to roadmap quick reference commands table (359f317, 1851802)

Changed

Website landing page — Refreshed for v4.5.0 release (a1400aa)

Documentation

Synced skills README indexes — Updated 4 stale docs/skills/**/README.md files (skills root, pm, dev, ux), created missing QA README, enhanced docs-create and docs-update skills to auto-maintain README indexes (202a581)

4.5.0 - 2026-02-09

Added

ux-flowchart-generate skill (/ux-flowchart-generate) — Generate GitHub-renderable Mermaid flowcharts from PRDs, docs, codebases, or any combination with evidence maps tracing every node to its source, confidence scoring, and structured unknowns lists. Supports 4 source types (prd, doc, repo, mixed), 4 diagram goals (userflow, systemflow, architecture, stateflow), 17 machine-checkable quality gates, auto-split for large diagrams, update mode with manual section preservation, and GitHub Mermaid v11.4.1 constraint enforcement
LEARN.md seed file for ux-flowchart-generate — Pre-populated with research-validated lessons from 40+ sources (research 64/65-ux-flowchart-generate)

Changed

Plugin skill count — Updated from 31 to 32 skills across plugin.json and marketplace.json descriptions
Config seed — Added ux-flowchart-generate to Available Skills table

4.4.0 - 2026-02-09

Added

release-iterate-changelog skill (/release-iterate-changelog) — Generate user-facing changelogs with impact notes and support guidance from git history. 5 input modes (auto-generate, create, release, add, from-input), Conventional Commits parsing with freeform heuristic fallback, Keep a Changelog formatting, SemVer bump suggestion, user impact analysis (high/medium/low), and support guidance for downstream help articles
release role — New role for release management skills (iterate chain: top-fixes → changelog → help-article)
Release skills documentation — docs/skills/release/iterate-changelog.md and docs/skills/release/README.md

Changed

Plugin skill count — Updated from 30 to 31 skills across plugin.json and marketplace.json
Config seed — Added release-iterate-changelog to available skills table
Skills index — Added release role to docs/skills/README.md Available Roles table

4.3.0 - 2026-02-09

Added

wp-pr-review skill (/wp-pr-review) — Review WordPress plugin pull requests for security vulnerabilities, performance issues, WPCS standards violations, backward compatibility, and add-on ecosystem impact. 5-phase workflow with deterministic grep scanning, confidence-scored findings (>=80 threshold), and optional PR comment posting via GitHub/GitLab CLI
wp role — New WordPress-specific role for plugin development skills
references/ directory pattern — First skill to use progressive disclosure via reference files (5 checklists: security, performance, standards, vulnerability patterns, add-on ecosystem). Keeps SKILL.md under 500 lines while providing detailed knowledge on demand
WordPress skills documentation — docs/skills/wp/pr-review.md and docs/skills/wp/README.md

Changed

Plugin skill count — Updated from 29 to 30 skills across plugin.json and marketplace.json
Config seed — Added wp to enabled roles and wp-pr-review to available skills table
Skills index — Added wp role to docs/skills/README.md Available Roles table

4.2.1 - 2026-02-09

Fixed

backend-scaffold displaying as /backend-scaffold in command picker — Removed YAML-unsafe colon from description (specs: routes → with routes). Claude Code's parser misinterpreted the colon-space as a key-value separator, corrupting skill metadata (c1c5f0d)

Added

Colon detection in validate-skills.sh — New validation pass flags any skill description containing : (colon-space), preventing future YAML parsing issues (c1c5f0d)
Learn files tracked in repository — All 9 LEARN.md files now committed to git for version control and collaboration (9683ab7)
Lesson: No colons in YAML descriptions — Added to skill-create LEARN.md under Common Mistakes with symptom, fix, and prevention steps (c0b0285)

Documentation

Roadmap synced with v4.2.0 release (ec9b334)
Research index updated with changelog skill research (e2413fc)
Roadmap research refs and skill heading names fixed (6969a80)
Description colon rules added to docs/STYLE.md and docs/extending/create-skill.md (c1c5f0d)

4.2.0 - 2026-02-09

Added

backend-scaffold skill (/backend-scaffold) — Generate production-ready backend code from API contracts, data models, and task breakdowns. Supports Node.js (Fastify v5 + Prisma + Zod), PHP (Laravel 12 / Symfony 7), and Go (Chi / stdlib). Includes routes, service layer, validation schemas, middleware, and RFC 9457 error handling
frontend-scaffold skill (/frontend-scaffold) — Convert designs to React 19 / Next.js 15 component scaffolds with TailwindCSS v4 CSS-first config, typed API client hooks (Orval v7 + TanStack Query v5), Zustand v5 state management, and nuqs URL state. Generates components, hooks, types, pages, and config files
LEARN.md seed files for both scaffold skills — Pre-populated with research-validated lessons (Better Questions, Edge Cases, Workflow, Common Mistakes) from research output 63-dev-scaffolds

Changed

Plugin skill count — Updated from 27 to 29 skills across plugin.json and marketplace.json descriptions
Config seed — Added both scaffold skills to Available Skills table; updated dev role active count from 4 to 6

4.1.1 - 2026-02-09

Fixed

Skills writing to plugin directory instead of project directory — Replaced all hardcoded jaan-to/outputs/, jaan-to/context/, and jaan-to/templates/ paths with $JAAN_OUTPUTS_DIR, $JAAN_CONTEXT_DIR, and $JAAN_TEMPLATES_DIR environment variables across 19 skill files
Restored intentional exception lines in skill-create and skill-update that document deprecated v2.x patterns (bad examples, migration arrows)

Added

Step 12.9: Automated Path Scan in skill-create — scans generated SKILL.md for hardcoded paths before writing, preventing future regressions
V3.10: Display String Check in skill-update — catches hardcoded paths in preview/confirmation text during skill compliance checks

4.1.0 - 2026-02-09

Added

Light/Full mode for all 6 detect skills — All detect skills (detect-dev, detect-design, detect-writing, detect-product, detect-ux, detect-pack) now support --light (default) and --full modes
- Light mode (default, no flag): Reduced detection steps, single summary.md output per skill, megathink thinking mode — significantly lower token usage
- Full mode (--full): All detection steps, all output files (9/6/7/7/6/4+), ultrathink thinking mode — identical to previous behavior
- detect-writing partial exception: Backend/CLI platforms keep error message scoring even in light mode
- detect-pack mixed input handling: Automatically detects whether each domain provided light-mode (summary.md) or full-mode (individual files) outputs
- Stale file cleanup: Full mode deletes leftover summary.md; light mode preserves existing full-mode files
- N/A precedence: Platform UI-presence checks always take priority over run_depth gates

Changed

Detect skill documentation — All 6 detect skill docs + README updated with light/full mode usage, output tables, and examples
Roadmap — Added light/full mode tasks to Phase 5

4.0.0 - 2026-02-09

Changed

[Breaking] Renamed 5 dev skills to remove dev- prefix for cleaner naming:
- dev-be-data-model → backend-data-model (/backend-data-model)
- dev-be-task-breakdown → backend-task-breakdown (/backend-task-breakdown)
- dev-api-contract → backend-api-contract (/backend-api-contract)
- dev-fe-design → frontend-design (/frontend-design)
- dev-fe-task-breakdown → frontend-task-breakdown (/frontend-task-breakdown)
Documentation reorganization — Moved skill docs to role-based directories (docs/skills/backend/, docs/skills/frontend/)
Output paths simplified — Skills now write to outputs/backend/ and outputs/frontend/ instead of outputs/dev/backend/ and outputs/dev/frontend/

Fixed

Bootstrap migration — Automatically migrates existing outputs from old paths to new paths on session start
Language setting keys — Updated per-skill language override keys to match new skill names
Cross-skill references — Updated all command references in SKILL.md files and documentation

Documentation

All 104 files updated with new skill names and paths
Research files updated (4 files: 52-backend-task-breakdown.md, 60-backend-data-model.md, 51-frontend-task-breakdown.md, research README)
Website changelog synced with main CHANGELOG

3.24.0 - 2026-02-09

Added

Multi-platform support in all 6 detect skills — All detect skills (detect-dev, detect-design, detect-writing, detect-product, detect-ux, detect-pack) now automatically detect and analyze multi-platform monorepos (web, backend, mobile, TV apps, etc.)
- Platform auto-detection — Scans folder structure using configurable patterns (web/, backend/, mobile/, etc.) with disambiguation rules for edge cases (microservices, Turborepo/Nx, mobile subfolders)
- Platform-scoped filenames — Multi-platform outputs use flat files with platform suffixes (stack-web.md, stack-backend.md) instead of nested folders, maintaining backward compatibility
- Evidence ID prefixing — Multi-platform format: E-DEV-WEB-001, E-DSN-BACKEND-023; single-platform format unchanged: E-DEV-001
- Cross-platform evidence linking — Use related_evidence field to link findings across platforms (e.g., TypeScript issue in both web and backend)
- "Detect and Report N/A" pattern — Non-applicable domains (e.g., Design for backend) produce minimal output with informational finding and perfect score (10.0)
- Merged pack — detect-pack creates consolidated pack combining all platforms with cross-platform risk heatmap (platform × domain table), deduplicated findings, and unified unknowns backlog

Changed

pack-detect renamed to detect-pack — Command: /detect-pack (was /pack-detect); skill directory and 41 files renamed for naming consistency
Flat file architecture formalized — detect outputs officially documented as exception to ID-based folder structure in CLAUDE.md (alongside research); rationale: detect skills produce system state snapshots (overwritten each run), not versioned reports (archived)
detect-pack orchestration enhanced — Step 0 now asks "Is this a multi-platform project?" and displays platform-by-platform workflow guide
Evidence ID parsing updated — Regex now handles both single-platform (E-DEV-001) and multi-platform (E-DEV-WEB-001) formats

Documentation

Multi-platform sections added to all 6 detect skill docs — Platform auto-detection, evidence ID formats, skip logic, and platform-specific behavior documented
Migration guide created — Comprehensive v3.23 → v3.24 guide with FAQ, rollback instructions, and backward compatibility notes (docs/guides/migration-v3.24.md)
detect README updated — Added multi-platform pipeline flow diagram, cross-platform linking examples, and shared standards updates
6 templates updated — All detect templates now include target.platform field and evidence ID format examples

Breaking Changes

Command rename: /pack-detect → /detect-pack (old command removed)
Output paths (backward compatible):
- Single-platform: detect/dev/stack.md (unchanged)
- Multi-platform: detect/dev/stack-web.md, detect/dev/stack-backend.md (new format)
Evidence IDs (backward compatible): Both formats supported — single-platform E-DEV-001, multi-platform E-DEV-WEB-001

3.23.1 - 2026-02-09

Changed

Detect skills output paths standardized — All 6 detect skills (detect-dev, detect-design, detect-product, detect-ux, detect-writing, detect-pack) now write to $JAAN_OUTPUTS_DIR/detect/{domain}/ instead of hardcoded docs/current/{domain}/, aligning with the plugin's configurable output system (6bde383)

3.23.0 - 2026-02-08

Added

6 Detect & Knowledge Pack skills (Phase 5) — Evidence-based repo audits with SARIF-compatible evidence, 4-level confidence scoring, and machine-parseable markdown output
- /detect-dev — Engineering audit with OpenSSF-style scoring across 11+ language ecosystems, CI/CD security checks, and 9 output files (52eb72f)
- /detect-design — Design system detection with drift findings (paired evidence), token inventory, component classification, and 6 output files (280e4f7)
- /detect-writing — Writing system extraction with NNg tone dimensions (4 primary + 5 extended), 8-category UI copy classification, error message rubric, i18n maturity 0–5, and 6 output files (eb0b4f5)
- /detect-product — Product reality extraction with 3-layer evidence model (surface + copy + code path), monetization/entitlement scanning, analytics SDK detection, and 7 output files (ef3d455)
- /detect-ux — UX audit with framework-specific route extraction (React Router, Next.js, Vue Router, Angular, Express), Nielsen's 10 heuristics, Mermaid flow diagrams, and 7 output files (6fa7cb5)
- /detect-pack — Consolidate all detect outputs into scored knowledge index with risk heatmap, evidence ID validation, unknowns backlog, and Step 0 orchestration for partial runs (50a75f5)

Changed

dev-stack-detect merged into detect-dev — All scanning patterns absorbed; old skill removed. Detection → detect-dev, context population remains via bootstrap (bb9d0a7, 9d944de)
Bootstrap updated — Suggests /detect-pack instead of /dev-stack-detect when context has placeholders (9d944de)
Plugin description — Updated to reflect 27 skills (was 21)

Documentation

Detect skill docs aligned with implementations — All 7 docs updated with What It Scans tables, evidence ID namespaces, scoring formulas, and shared standards (29901ae)
Detect README — Added pipeline flow diagram, output file counts, and Shared Standards section (29901ae)
dev-stack-detect deprecated — Redirect doc pointing to detect-dev (9d944de)
30+ reference files updated — All dev-stack-detect references replaced with detect-dev/detect-pack across docs, scripts, seeds, context, website, and examples (9d944de)

3.22.0 - 2026-02-08

Added

Language settings in all 21 skills — Every skill now reads language preference from jaan-to/config/settings.yaml on execution. Three variants: standard block (13 skills), code exception for dev/data skills (7 skills), microcopy exception for ux-microcopy-write. Updated skill-create template and validation checklist for future compliance (b7cfa00)
Docusaurus documentation site — Full documentation site at website/docs/ with sidebar navigation, roadmap integration, and detect skills docs (7bec2d3)

Changed

Roadmap moved to docs/ — Relocated roadmaps/jaan-to/ to docs/roadmap/ and updated all references (f332657, b845900)
Versioning unified — Removed -dev suffix convention, both branches use X.Y.Z format (37516ab)

Documentation

Detect & Knowledge Pack — Added 6 detect skills documentation and Phase 5 roadmap details (6a1fd87, 2848e94)
4 gap skills identified — Added dev-be-scaffold, dev-fe-scaffold, sre-pipeline-create, pm-trace-links to roadmap (f470d3e)
Research index updates — Added repo-analysis output and content detection standards (3888926, 93e25b1)

Fixed

File naming — Fixed file name inconsistencies (c2ce826)
Roadmap path references — Updated all roadmaps/jaan-to/ references to docs/roadmap/ (b845900)

3.21.0 - 2026-02-08

Changed

Examples replaced with Jaanify showcase — Replaced starter-project examples with Jaanify README, a real-world project built entirely with jaan.to (0bf37a1)

Fixed

Plugin and marketplace version sync — Fixed marketplace.json plugins version mismatch (807cad5)

3.20.0 - 2026-02-08

Added

Language preference system — Set conversation and report language globally or per-skill via settings.yaml. Ask once on first skill run, persist for all future executions. Supports any language (en, fa, tr, etc.) with per-skill override (language_{skill-name}). Does not affect generated code, product localization, or ux-microcopy-write output.

Documentation

Customization guide updated — Added Step 2: Language Preference with settings table, YAML examples, scope boundaries, verification steps, and troubleshooting
Seed files doc updated — Settings row now mentions language preference

3.19.0 - 2026-02-08

Added

New skill: dev-be-data-model — Generate comprehensive data model documentation from entity descriptions with Mermaid ER diagrams, engine-specific table definitions (PostgreSQL, MySQL, SQLite), ESR-ordered composite indexes, zero-downtime migration playbooks, and 5-dimension quality scorecard. Research-informed from 420-line compendium covering NLP constraint extraction, multi-tenancy patterns, and GDPR/retention strategies.

3.18.0 - 2026-02-08

Added

New skill: dev-api-contract — Generate OpenAPI 3.1 contracts from API resource entities with RFC 9457 error schemas, cursor-based pagination, flat components/schemas architecture, and named examples. Outputs api.yaml + companion markdown quick-start guide. Research-informed from 40+ sources.

3.17.0 - 2026-02-07

Fixed

All 19 skills now discoverable — Trimmed skill descriptions to fit Claude Code's 15,000 char system prompt budget; removed Auto-triggers on: and Maps to: lines from all SKILL.md description fields

Added

CI: Skill budget validation — New scripts/validate-skills.sh checks total description chars; added to .github/workflows/release-check.yml to block over-budget PRs
Spec: Description budget rules — Updated docs/extending/create-skill.md with 120-char limit and budget documentation
Style: Skill description rules — Added description length limits to docs/STYLE.md
skill-update: V3.9 compliance check — Detects bloated descriptions during skill updates
skill-create: Lean descriptions — Template no longer generates Auto-triggers on: / Maps to: lines

Changed

Description format — Descriptions are now 1-2 sentences (single-line YAML) instead of multi-line with metadata

3.16.3 - 2026-02-07

Fixed

Spec: removed outdated "Logical Name" concept — Removed colon-format {role}:{domain-action} references from docs/extending/create-skill.md; H1 title guidance now uses # {name} (kebab-case)
skill-create: fixed command format — Command preview now shows /{name} instead of /{name}
skill-create: fixed spec path — Validation step referenced wrong path jaan-to/docs/create-skill.md → docs/extending/create-skill.md
skill-create: template uses {skill_name} — Replaced {logical_name} variable with {skill_name} in template.md
skill-update: fixed stale directory refs — Updated skills/pm-prd-write/ → skills/pm-prd-write/ (2 locations)
skill-update: fixed spec path — Same jaan-to/docs/ → docs/extending/ correction
LEARN.md files — Fixed stale jaan-to:pm-prd-write directory references in both skill LEARN.md files

3.16.2 - 2026-02-07

Changed

Skill naming standardization — Removed redundant jaan-to- and to-jaan- prefixes from all 19 skill directories
- Domain skills: jaan-to-pm-prd-write → pm-prd-write (12 skills)
- Internal skills: to-jaan-docs-create → docs-create (7 skills)
- Invocations now: /pm-prd-write instead of /jaan-to-pm-prd-write
Standardized colon-format names — Replaced all role:skill-name shorthand with role-skill-name hyphen format across SKILL.md (Maps to, H1), templates, docs, and roadmaps
Updated all references — scripts, agents, docs, roadmaps, seeds updated to use clean names with / prefix

Fixed

Renamed doc file — docs/skills/dev/jaan-to-dev-be-task-breakdown.md → be-task-breakdown.md
Fixed broken link paths — Markdown links using jaan-to: in file paths corrected
README badge — Updated stale version badge from 3.12.0 to 3.16.0
mcp-connectors.md — Added missing / prefix to 76+ bare skill references

3.15.2 - 2026-02-07

Fixed

Plugin installation failure — Removed skills, agents, hooks fields from plugin.json
- Root cause: "agents": "./agents/" triggers Claude Code manifest validation error: agents: Invalid input
- Claude Code auto-discovers components from standard directories (skills/, agents/, hooks/hooks.json)
- Official Anthropic plugins use minimal manifests with only name, version, description, author
CI release check — Inverted component path validation to reject (not require) skills/agents/hooks in plugin.json

Added

plugin.json Rules in CLAUDE.md — Documented that component paths must never be declared in manifest
Troubleshooting entry in README.md for "agents: Invalid input" error

3.15.1 - 2026-02-07

Added

Troubleshooting Section in README.md for plugin loading issues
Release Verification Step (step 7) in CONTRIBUTING.md release checklist

Fixed

Documented Workaround for Claude Code v1/v2 registry sync bug affecting marketplace plugins
- Users experiencing skills not loading can run: /plugin uninstall jaan-to then /plugin install jaan-to@jaan-to
- This is a Claude Code bug, not a jaan-to issue — workaround documented for all users

3.15.0 - 2026-02-07

Added

Two-Branch Development Workflow — main for stable releases, dev for development/preview (ba9c061)
- Users can install stable: /plugin marketplace add parhumm/jaan-to
- Users can install dev: /plugin marketplace add parhumm/jaan-to#dev
- Both branches use X.Y.Z format (e.g., 3.15.0)
Version Management Scripts
- scripts/bump-version.sh — Update version in all 3 required locations atomically (plugin.json, marketplace.json top-level, marketplace.json plugins[0])
- scripts/setup-branch-protection.sh — Configure GitHub branch protection (main: require PR + approval, dev: direct pushes allowed)
CI Release Validation — .github/workflows/release-check.yml for PRs to main
- Ensures all 3 version fields match
- Checks CHANGELOG entry exists
- Validates plugin.json has required component paths (skills, agents, hooks)

Changed

Skill Workflow Alignment — /skill-create and /skill-update now follow two-branch workflow (ba9c061)
- Feature branches checkout from dev instead of main
- PRs target dev branch (not main)
- gh pr create uses --base dev flag
Documentation Updates
- README.md: Added stable/dev installation instructions, version switching guide
- CONTRIBUTING.md: Added two-branch workflow documentation, release process checklist

Fixed

Plugin Loading Issue — Fixed skills not loading after marketplace installation (d56ea2f)
- Root cause: plugin.json was missing component paths (skills, agents, hooks)
- Added CI check to prevent regression

3.14.1 - 2026-02-07

Fixed

Marketplace Schema Validation — Fix repository field format in marketplace.json
- Changed from npm-style object { "type": "git", "url": "..." } to string "https://github.com/parhumm/jaan-to"
- Resolves: Invalid schema: plugins.0.repository: Expected string, received object

3.14.0 - 2026-02-03

Added

Frontend Component Design Skill — /dev-fe-design generates distinctive, production-grade frontend component code (48284c7)
- Creates working components in React, Vue, or vanilla JS/HTML based on tech.md detection
- Generates bold, distinctive designs that avoid generic "AI slop" aesthetics (no Inter/Roboto, no purple gradients, unexpected layouts)
- Full accessibility (WCAG AA minimum) with semantic HTML, ARIA, keyboard navigation, visible focus indicators
- Responsive design (mobile-first) using modern CSS: Grid, Container Queries, Custom Properties, :has(), prefers-color-scheme
- Complete deliverables: component code + documentation with design rationale + standalone preview file
- Output structure: dev/components/{id}-{slug}/ with ID-based folders and index management
- Reads settings.yaml for design direction defaults, design.md for existing patterns, brand.md for guidelines
- Complements /dev-fe-task-breakdown: task-breakdown plans what to build, fe-design builds the actual code
- 478-line SKILL.md with two-phase workflow, 137-line template with variable syntax, 47-line LEARN.md with best practices

3.13.0 - 2026-02-03

Added

Learning System Dashboard — Make accumulated learning discoverable and actionable (9f513c2)
- scripts/learning-summary.sh — Scan all LEARN.md files, count lessons per skill, extract Common Mistakes and Edge Cases sections, generate markdown/JSON report with stats
- /learn-report command — Display formatted learning insights with skill coverage analysis and actionable next steps
- docs/learning/LESSON-TEMPLATE.md — Structured lesson format with Context, What Happened, Root Cause, Fix, and Prevention sections
- Quality-reviewer agent enhancement: Check if skill outputs reference existing LEARN.md lessons, suggest creating entries for repeated patterns
Distribution Package for Marketplace — Lower barrier to adoption and enable community contributions (3c03529)
- examples/starter-project/ — Comprehensive EduStream Academy example with 37 markdown files (792KB) demonstrating 7+ skills across PM/Dev/UX/QA/Research roles
  - 3 PRDs (live streaming classroom, course marketplace, AI recommendations)
  - 6 user stories, backend/frontend task breakdowns, microcopy packs (7 languages), QA test cases
  - Complete roadmap showing 4 completed phases with Node.js/Express/React/WebRTC stack
- CONTRIBUTING.md — Complete contribution guide with skill creation, LEARN.md improvement, code style, testing, and release process
- docs/QUICKSTART-VIDEO.md — 3-5 minute demo video script for marketplace promotion
- scripts/verify-install.sh enhancement — Added skill discovery checks, hook registration verification, and installation report generation
Validation Utilities Documentation — docs/development/VALIDATION.md with jq-based validation patterns for hooks.json and agent frontmatter (3994ef5)
Skill Dependency Map — docs/skills/DEPENDENCIES.md documenting skill call chains with visual dependency tree (3108388)

Changed

Standards Compliance with Official Claude Code Patterns — Align plugin with 13 official Anthropic plugins analysis (3994ef5)
- Removed .claude/settings.json from plugin distribution (0/13 official plugins have this)
- Enhanced agent descriptions with concrete <example> blocks showing triggering scenarios (quality-reviewer, context-scout)
- Removed non-standard "capabilities" field from agent frontmatter
- Added .claude/ to .gitignore, documented optional project configuration in README
- Updated scripts/build-dist.sh to exclude .claude/ from distribution
Command Naming Convention — Renamed learning-report to learn-report following plugin naming standards (369a36e)
README Enhancement — Added badges, quick stats table (18 skills, 2 agents, 4 hooks), verification steps, real-world workflow examples (c386766)
Marketplace Metadata — Enhanced keywords (product-management, user-stories, gtm-tracking), updated plugin description with feature highlights (c386766)

Fixed

Broken Skill References — Removed references to non-existent follow-on skills (fe-state-machine, be-data-model) in task breakdown skills, added "Coming Soon" notes where appropriate (3108388)
Template Documentation — Added explicit notes in docs-create and docs-update skills explaining template references (3108388)

Documentation

WordPress Development Research — Added comprehensive WordPress Analytics Plugin Development guide to research index (c27cbcd)

3.12.0 - 2026-02-03

Added

/ux-research-synthesize skill — Transform raw UX research data (interviews, usability tests, surveys) into actionable insights using validated methodologies (550bf0f)
- Three synthesis modes: Speed (1-2h quick findings), Standard (1-2d full thematic analysis), Cross-Study (meta-analysis across multiple studies)
- AI-assisted analysis with human validation checkpoints implementing Braun & Clarke's Six-Phase Thematic Analysis and Atomic Research Framework
- 15-step workflow with HARD STOP between analysis (read-only) and generation (write phase)
- Quality gates: 14-point validation checklist covering executive summary length, theme quality, evidence traceability, participant coverage balance
- Participant coverage tracking prevents >25% single-participant bias
- Evidence traceability ensures every claim traces to verbatim quote with participant ID
- Dual outputs: main synthesis report + 1-page executive brief (auto-generated)
- Methodologies: Braun & Clarke Six-Phase, Atomic Research (Experiments → Facts → Insights → Recommendations), Nielsen Severity Ratings (0-4 scale), Impact × Effort Matrix (Quick Wins, Big Bets, Fill-Ins, Money Pits), ISO 9241-11:2018 usability dimensions
- Research-informed: 877-line methodology foundation (jaan-to/outputs/research/47-ux-research-synthesize.md)

Changed

/roadmap-update enhanced — Automatic release detection from git history when running in smart-default mode (602d651)

3.11.0 - 2026-02-03

Added

/qa-test-cases skill — Generate production-ready BDD/Gherkin test cases from acceptance criteria using ISTQB methodology (3f1a8a7)
- ISTQB test design techniques: Equivalence Partitioning, Boundary Value Analysis (3-value BVA), and edge case taxonomy
- Minimum 10 tests per acceptance criterion (3 positive + 3 negative + 2 boundary + 2 edge case)
- 5 priority edge case categories based on production defect frequency: Empty/Null States (32%), Boundary Values (28%), Error Conditions (22%), Concurrent Operations (12%), State Transitions (6%)
- 4 input modes: direct AC text, PRD file path, Jira ID (via MCP), or interactive wizard
- Concrete test data (no placeholders) with standard test data library for reproducible scenarios
- Quality validation: 10-point peer review checklist + 100-point scoring rubric (6 dimensions)
- ISTQB conversion notes for traditional test management tools (Xray, TestRail, Azure DevOps)
- Auxiliary quality checklist file with anti-patterns reference and coverage sufficiency analysis
- Two-phase workflow with systematic test design techniques and human approval gate
- Research-informed: 880-line methodology guide (50-qa-test-cases.md)

3.10.0 - 2026-02-03

Added

/ux-microcopy-write skill — Generate multi-language microcopy packs with cultural adaptation (e4809b3)
- 7 languages: EN, FA (فارسی / Persian), TR (Türkçe), DE (Deutsch), FR (Français), RU (Русский), TG (Тоҷикӣ)
- RTL/LTR support with ZWNJ handling for Persian, Persian punctuation (؟ ، ؛ « »)
- Tone-of-voice management via context files (localization.md, tone-of-voice.md)
- 11 microcopy categories with smart detection: Labels, Helper Text, Error Messages, Success Messages, Toast Notifications, Confirmation Dialogs, Empty States, Loading States, Tooltips, Placeholders, CTAs
- Options iteration workflow: 3-5 rounds with custom user text support and style-matched variations
- Dual output: Human-readable markdown + JSON for i18n frameworks (React i18next, Vue i18n, ICU MessageFormat)
- Cultural adaptation (not literal translation): language-specific formality rules, text expansion rates (German +35%, Turkish +33%), 3-form pluralization for Russian
- Research-informed: 2 comprehensive sources consulted (56-ux-ux-writing-persian.md, 57-ux-microcopy-write.md)

3.9.0 - 2026-02-03

Added

ID-based folder output structure — All output-generating skills now use standardized structure: jaan-to/outputs/{role}/{subdomain}/{id}-{slug}/{id}-{report-type}-{slug}.md (0364b4a)
- Per-subdomain sequential IDs (independent sequences for each subdomain)
- Slug reusability across different role/subdomain combinations for cross-role feature tracking
- Automatic index management via scripts/lib/index-updater.sh
- Executive Summary requirement (1-2 sentence summaries in all outputs)
- 7 skills updated: pm-prd-write, pm-story-write, data-gtm-datalayer, dev-fe-task-breakdown, dev-be-task-breakdown, ux-heatmap-analyze, dev-stack-detect
Output validation script — scripts/validate-outputs.sh with 4 compliance checks: subdomain indexes, folder naming patterns, file naming consistency, ID matching (c076da2)
Core utilities — scripts/lib/id-generator.sh and scripts/lib/index-updater.sh for sequential ID generation and automatic README.md index updates (0364b4a)

Changed

/skill-create now generates compliant skills — All new skills automatically include ID generation (Step 5.5), folder structure, index management, and Executive Summary sections in templates (95d082e)
/skill-update detects legacy output patterns — Added V3.8 compliance checks and automatic migration handler for non-compliant skills (68993d2)

Documentation

Comprehensive output standards — Added complete "Skill Output Standards" specification to docs/extending/create-skill.md with 6 components, implementation checklist, and common mistakes (4d5631e)
Master output index — Created jaan-to/outputs/README.md with organization overview, navigation guide, and slug scoping rules (4d5631e)
Updated AI behavioral rules — Expanded "Output Structure" section in CLAUDE.md with standardized patterns (4d5631e)
Meta-skill LEARN.md updates — Added output structure standards to skill-create/LEARN.md and compliance check patterns to skill-update/LEARN.md (978a077)

3.8.0 - 2026-02-03

Removed

AskUserQuestion from all skills — Reverted to simple text-based prompts for better compatibility and simpler skill implementation
- Removed AskUserQuestion documentation from docs/extending/create-skill.md
- Removed AskUserQuestion conversion option from /skill-update tool
- All skills now use clean text prompts instead of structured question blocks

Changed

All 16 skills now use text prompts instead of AskUserQuestion API:
- Simple prompts: > "Ready? [y/n]"
- Multiple choice: > "[1] Option A\n[2] Option B"
- Conditional: > "Confirm? [y/n/edit]"
- Affected skills: data-gtm-datalayer, pm-prd-write, pm-research-about, pm-story-write, dev-be-task-breakdown, ux-heatmap-analyze, dev-stack-detect, docs-create, docs-update, learn-add, roadmap-add, roadmap-update, skill-create, skill-update, and skill creation template

3.7.0 - 2026-02-03

Added

/dev-fe-task-breakdown skill — Transform UX design handoffs into production-ready frontend task breakdowns with component inventories, state matrices, estimate bands, dependency graphs (Mermaid), performance budgets, and risk assessment (af90d27)
- Atomic Design taxonomy: Atoms (XS) → Pages (XL) with T-shirt size estimates
- 6-state enumeration per component: Default, Loading, Success, Error, Empty, Partial
- 50+ item coverage checklist: accessibility, responsive, interaction states, performance, SEO, testing
- Core Web Vitals 2025 targets: LCP ≤2.5s, INP ≤200ms, CLS ≤0.1
- State machine stubs for complex components
- Tech-aware: reads $JAAN_CONTEXT_DIR/tech.md for framework-specific patterns
Dev role activated — Second technical role after Data; docs/skills/dev/ expanded

3.6.0 - 2026-02-03

Changed

/ux-heatmap-analyze output restructured — Report format shifted from research paper to action brief: insightful, practical, actionable
- "Executive Summary" (narrative) → Action Summary (bullets only)
- "Findings" (by severity) + "Recommendations" (separate table) → Findings & Actions (self-contained cards with Insight, Do this, ICE score, Evidence)
- New Test Ideas section: A/B test and UX research suggestions derived from findings
- Methodology + Metadata sections collapsed to single-line footer blockquote
- 4 new quality checks: action bullets, insight lines, concrete actions, test ideas (921a3f5)

3.5.0 - 2026-02-03

Added

User story auto-invoke in /pm-prd-write — After PRD is written, optionally invoke /pm-story-write to expand user stories into full detailed stories with INVEST validation and Gherkin acceptance criteria (90d67c3)

3.4.0 - 2026-02-03

Added

Roadmap auto-invoke — /skill-create and /skill-update now automatically call /roadmap-update at end of workflow to keep roadmap in sync
/dev-pr-review documentation added (2750902)

Fixed

Specification compliance for /skill-update and /skill-create:
- H1 titles use logical name format (skill:update, skill:create)
- Broken spec path reference fixed (jaan-to/docs/ → docs/extending/)
- Migration wizard converted to AskUserQuestion (4-option menu)
- Duplicate Step 18 numbering fixed (→ Step 20)
- template.md uses {{double-brace}} v3.0.0 syntax
/roadmap-update — Unreleased management and branch merge in release mode (db33d88)
Fixed stale path references (206dcfd)

Changed

Roadmap: Created v3.3.0 version section, refreshed Unreleased with post-tag commits

3.3.0 - 2026-02-03

Added

/ux-heatmap-analyze skill — First UX role skill. Analyze heatmap CSV exports and screenshots to generate prioritized UX research reports
- Two data formats: aggregated element-click (Format A) and raw coordinates (Format B)
- Claude Vision analysis of heatmap screenshots with cross-reference validation
- HTML cross-reference for CSS selector to human-readable element mapping
- Two-pass validation: corroborated findings (0.85-0.95), single-source (0.70-0.80)
- ICE-scored recommendations (Impact x Confidence x Ease)
- Output: jaan-to/outputs/ux/heatmap/{slug}/report.md
/dev-stack-detect skill — Auto-detect project tech stack and populate context
UX role activated — First role skill beyond PM and Data; docs/skills/ux/ created

Changed

Renamed roadmap-jaan-to.md to roadmap.md and vision-jaan-to.md to vision.md
scripts/seeds/config.md — UX moved from Planned to Enabled Roles

3.2.0 - 2026-02-03

Added

AskUserQuestion interactive prompts — All 11 skills now use structured multiple-choice UI instead of text-based [y/n] prompts
- HARD STOP gates with Yes/No/Edit options
- Preview approvals with Yes/No options
- Feedback capture with No/Fix now/Learn/Both options
- Mode selection with descriptive option labels
"User Interaction Patterns" section in skill creation spec (docs/extending/create-skill.md) — documents when to use AskUserQuestion vs text prompts, JSON schema reference, instruction syntax
V3.8 AskUserQuestion compliance check in /skill-update
Option [9] "Convert to AskUserQuestion" in /skill-update
Skill factory AskUserQuestion support — /skill-create now generates new skills with AskUserQuestion patterns

Changed

~73 text prompts converted to AskUserQuestion across all skills
Research size picker simplified: 5 options → 3 + "Other"
Role picker simplified: 6 options → 3 + "Other"
Feedback prompts consolidated: 2 sequential prompts → 1 AskUserQuestion
Skill template (template.md) updated with AskUserQuestion skeleton

3.1.0 - 2026-02-03

Added

/roadmap-update skill — Maintain and sync roadmap with codebase
- Detects stale tasks via git history comparison
- Syncs task status between roadmap and task files
- Generates progress reports and burndown summaries
- Supports quick mode (status only) and full audit mode
Post-commit roadmap hook — Automatically updates roadmap task status after commits
- Matches commit messages to roadmap tasks
- Marks tasks as complete with commit hash
Customization guide — Comprehensive guide for v3.0.0 configuration system
- Path customization, template inheritance, learning strategies
- Environment variables, tech stack integration

3.0.0 - 2026-02-02

Added

Multi-layer configuration system — Plugin defaults + project customization
Path customization — Configure templates, learning, context, output paths via jaan-to/config/settings.yaml
Template inheritance — Extend base templates, override sections (v3.1+ feature, scaffolded)
Learning merge strategy — Combine lessons from plugin + project sources
Tech stack integration — PRDs auto-reference your stack from jaan-to/context/tech.md
Template variables — Use {{field}}, {{env:VAR}}, {{config:key}}, {{import:path#section}} in templates
Environment variables — JAAN_* vars ($JAAN_TEMPLATES_DIR, $JAAN_LEARN_DIR, $JAAN_CONTEXT_DIR, $JAAN_OUTPUTS_DIR) for path overrides
Configuration file — jaan-to/config/settings.yaml for all customization
Enhanced tech.md — Structured sections with anchors: Current Stack, Frameworks, Technical Constraints, Versioning, Common Patterns, Tech Debt
Migration guide — Complete guide for upgrading from v2.x (docs/guides/migration-v3.md)
Configuration examples — 3 example configs: enterprise template, monorepo paths, learning override

Changed

BREAKING: Paths now use environment variables ($JAAN_TEMPLATES_DIR, etc.) instead of hardcoded jaan-to/ paths
BREAKING: Bootstrap creates jaan-to/config/settings.yaml on first run
All 10 skills updated to support path customization
Templates enhanced with variable support
tech.md structure improved with section anchors for imports
CLAUDE.md updated with customization documentation
File Locations table now includes "Customizable" column

Migration

See Migration Guide for detailed upgrade steps.

Quick summary:

Update plugin: /plugin update jaan-to
Review new config: jaan-to/config/settings.yaml (created automatically)
Customize if needed, or leave defaults (no action required)

Infrastructure

Phase 1: Configuration system with YAML-based 2-layer config (plugin + project)
Phase 2: Path resolution system with dynamic template/learning/context/output resolution
Phase 3: Template processor with variable substitution and section extraction
Phase 4: Learning merger for combining plugin + project lessons
Phase 5: Tech stack integration for tech-aware PRD generation
Phase 6: Full migration of all 10 skills + comprehensive documentation
Phase 7: Unified integration testing (38+ test assertions across 5 E2E suites)

Testing

✓ Phase 1 E2E: 8 tests (configuration system)
✓ Phase 2 E2E: 7 tests (path resolution)
✓ Phases 3-5 E2E: 3 tests (template + learning + tech)
✓ Phase 6 E2E: 5 tests (migration + docs)
✓ Unified Integration: 15+ assertions (full workflow)
✓ Master test suite: 5/5 passed, 0 failed

2.2.0 - 2026-02-02

Added

/pm-story-write skill — Generate user stories with Given/When/Then acceptance criteria following INVEST principles
- Two-phase workflow: Analysis (read-only) → HARD STOP → Generation (write phase)
- Input formats: [feature] [persona] [goal], narrative text, or Jira ID (via MCP)
- Quality gates: INVEST compliance (6 criteria), AC testability, Definition of Ready (10 items)
- Edge case mapping: Auto-detects 10 categories based on feature type (CRUD, API, workflow, forms, etc.)
- Story splitting: Suggests 6 proven patterns when >7 ACs or >8 points
- Export formats: Jira CSV and Linear JSON for easy import
- Output: jaan-to/outputs/pm/stories/{slug}/stories.md
- Research-informed: Based on comprehensive 45-pm-insights-synthesis.md framework

2.1.1 - 2026-02-02

Fixed

Research skill quality restored — /pm-research-about restructured to match original focused workflow
- Removed A- prefixes from all steps and phases (PHASE 1 instead of A-PHASE 1)
- Removed SECTION A/B framing that buried the research workflow
- Reduced input detection from 35 lines to 8 lines (less noise before research starts)
- Moved add-to-index to compact appendix (118 lines vs 250 lines mixed in)
- File size: 1,080 lines → 933 lines (-147 lines, -14%)
- Research workflow now identical to pre-merge to-jaan-research-about (808-line version)

Technical Details

Step numbering: Clean Step 0.1, Step 1, PHASE 1 (no A- prefixes)
Checkmarks restored: 10 ✓ and 4 □ for better UX
Add-to-index: Preserved as compact appendix at end of file
Both modes work: research topics via main flow, file/URL via appendix

2.1.0 - 2026-02-01

Changed

Research skills merged — to-jaan-research-about and to-jaan-research-add combined into pm-research-about
- Auto-detects input type: topic string triggers deep research, file path or URL triggers add-to-index
- Renamed from internal (to-jaan-*) to role-based (jaan-to-pm-*) naming convention
- Documentation moved from docs/skills/core/ to docs/skills/pm/

Removed

to-jaan-research-about skill (replaced by pm-research-about)
to-jaan-research-add skill (replaced by pm-research-about)

Migration Notes

/research-about <topic> → /pm-research-about <topic>
/research-add <file-or-url> → /pm-research-about <file-or-url>
Both commands now map to the same skill with automatic input detection

2.0.1 - 2026-02-01

Fixed

Marketplace and plugin manifests aligned to official Claude Code plugin schema
- Added $schema to marketplace.json
- Moved version and description to top-level (removed metadata wrapper)
- Replaced owner.url / author.url with email
- Removed non-standard fields (repository, homepage, license, keywords)
- Added category: "development" to plugin entry

2.0.0 - 2026-01-31

Changed

BREAKING: Project directory renamed .jaan-to/ → jaan-to/ (non-hidden)
- All skill references, scripts, and documentation updated
- Bootstrap auto-migrates existing .jaan-to/ directories

Added

Version management rules in CLAUDE.md — git tag + CHANGELOG required per release
Auto-migration in bootstrap.sh for existing .jaan-to/ directories
Retroactive git tags for v1.0.0, v1.3.0, v1.3.1

Migration Notes

Existing projects: bootstrap auto-migrates on next session
Manual: mv .jaan-to jaan-to + update .gitignore
Update any custom settings.json permissions: .jaan-to → jaan-to

1.3.1 - 2026-01-31

Fixed

Skills not reading LEARN files on installed projects — 5 skills had a Phase 0 (Input Validation, Git Branch, Duplicate Detection) that ran before the learn-file read step, causing Claude to skip it entirely. Moved learn-file reading to a mandatory Pre-Execution block before all phases.
Weak learn-file instructions — 3 skills had the learn step in the right position but used soft "if it exists" language. Upgraded to "MANDATORY FIRST ACTION" with explicit Read tool instruction.
Missing learn-file reference — roadmap-add had a LEARN.md but its SKILL.md never referenced it. Added Pre-Execution block and Context Files entry.

Changed

All 9 content-generating skills now use a consistent ## Pre-Execution: Apply Past Lessons block positioned before any Phase, ensuring learn files are always read first.

1.3.0 - 2026-01-31

Changed

Skill naming convention - Renamed all skills to use consistent prefixes:
- Role-based skills: {role}-{domain}-{action} (e.g., pm-prd-write, data-gtm-datalayer)
- Internal skills: {domain}-{action} (e.g., skill-create, docs-update, learn-add)
Directory structure - Updated all skill directories to match new naming convention
Documentation - Updated all references across scripts, roadmaps, and documentation

Migration Notes

Old skill names (e.g., pm-prd-write, jaan-docs-create) are deprecated
Commands now use new format: /pm-prd-write instead of /pm-prd-write
Internal commands: /skill-create instead of /jaan-skill-create

1.0.0 - 2026-01-29

Added

Skills (10)

pm-prd-write - Generate comprehensive PRD from initiative with validation
data-gtm-datalayer - Generate GTM tracking code and dataLayer specification
skill-create - Create new skill with wizard and research integration
skill-update - Update existing skill with specification compliance
docs-create - Create documentation with templates and style guide
docs-update - Audit and update stale documentation with git-based detection
learn-add - Add lesson to project's LEARN.md knowledge base
to-jaan-research-about - Deep research on any topic with source citations
to-jaan-research-add - Add file/URL to research index for future reference
roadmap-add - Add task to roadmap with priority and scope

Agents (2)

quality-reviewer - Reviews outputs for completeness, accuracy, and quality standards
context-scout - Gathers relevant context from codebase before generation

Hooks

PRD validation hook - Skill-scoped PreToolUse on pm-prd-write ensures required sections
Feedback capture hook - Global PostToolUse captures user feedback for learning

Context System

Context templates for tech stack (scripts/seeds/tech.md)
Context templates for team structure (scripts/seeds/team.md)
Context templates for integrations (scripts/seeds/integrations.md)
Boundary definitions for safe paths (scripts/seeds/boundaries.md)

Learning System

Accumulated LEARN.md knowledge from 50+ skill runs
Automatic feedback routing to appropriate skill's LEARN.md
Project-level learning storage in .jaan-to/learn/

Infrastructure

MCP scaffolding for future integrations
Bootstrap script for first-run setup
Plugin manifest (.claude-plugin/plugin.json)
Marketplace distribution metadata
Two-phase workflow with human approval checkpoints

Documentation

Comprehensive README with installation and usage
Getting started guide
Skill creation specification
Style guide for documentation
Vision and roadmap documents
Migration guide from standalone setup

Changed (v1.0.0)

Migrated from standalone .claude/skills/ setup to plugin architecture
Updated all skill command names to namespaced format
Moved context files from jaan-to/context/ to plugin-relative scripts/seeds/
Moved hooks from shell scripts to JSON configuration
Output directory standardized to project-relative .jaan-to/outputs/
Learning files moved to project-relative .jaan-to/learn/

Security

Restricted write permissions to .jaan-to/ directory only
Removed hooks section from settings.json (now plugin-managed)
Added permission tiers (Minimal, Standard, Power User)

[Unreleased]​

[7.7.1] - 2026-03-15​

Changed​

Fixed​

[7.7.0] - 2026-03-05​

Added​

Changed​

[7.6.1] - 2026-02-28​

Fixed​

Added​

[7.6.0] - 2026-02-26​

Added​

Changed​

[7.5.1] - 2026-02-25​

Added​

Changed​

Fixed​

[7.5.0] - 2026-02-24​

Added​

Changed​

Fixed​

Removed​

[7.4.0] - 2026-02-22​

Added​

Fixed​

[7.3.0] - 2026-02-21​

Added​

[7.2.0] - 2026-02-19​

Added​

Fixed​

Changed​

[7.1.0] - 2026-02-16​

Added​

[7.0.0] - 2026-02-16​

Changed​

Documentation​

6.4.0 - 2026-02-16​

Added​

Fixed​

6.3.0 - 2026-02-15​

Added​

Fixed​

6.2.3 - 2026-02-14​

Fixed​

6.2.2 - 2026-02-14​

Fixed​

6.2.1 - 2026-02-14​

Fixed​

6.2.0 - 2026-02-14​

Changed​

6.1.1 - 2026-02-12​

Fixed​

6.1.0 - 2026-02-12​

Added​

Changed​

Removed​

Fixed​

6.0.0 - 2026-02-11​

Added​

Changed​

5.1.0 - 2026-02-10​

Added​

Changed​

5.0.0 - 2026-02-10​

Changed​

4.5.1 - 2026-02-10​

Fixed​

Changed​

Documentation​

4.5.0 - 2026-02-09​

Added​

Changed​

4.4.0 - 2026-02-09​

Added​

Changed​

4.3.0 - 2026-02-09​

Added​

Changed​

4.2.1 - 2026-02-09​

Fixed​

[Unreleased]

[7.7.1] - 2026-03-15

Changed

Fixed

[7.7.0] - 2026-03-05

Added

Changed

[7.6.1] - 2026-02-28

Fixed

Added

[7.6.0] - 2026-02-26

Added

Changed

[7.5.1] - 2026-02-25

Added

Changed

Fixed

[7.5.0] - 2026-02-24

Added

Changed

Fixed

Removed

[7.4.0] - 2026-02-22

Added

Fixed

[7.3.0] - 2026-02-21

Added

[7.2.0] - 2026-02-19

Added

Fixed

Changed

[7.1.0] - 2026-02-16

Added

[7.0.0] - 2026-02-16

Changed

Documentation

6.4.0 - 2026-02-16

Added

Fixed

6.3.0 - 2026-02-15

Added

Fixed

6.2.3 - 2026-02-14

Fixed

6.2.2 - 2026-02-14

Fixed

6.2.1 - 2026-02-14

Fixed

6.2.0 - 2026-02-14

Changed

6.1.1 - 2026-02-12

Fixed

6.1.0 - 2026-02-12

Added

Changed

Removed

Fixed

6.0.0 - 2026-02-11

Added

Changed

5.1.0 - 2026-02-10

Added

Changed

5.0.0 - 2026-02-10

Changed

4.5.1 - 2026-02-10

Fixed

Changed

Documentation

4.5.0 - 2026-02-09

Added

Changed

4.4.0 - 2026-02-09

Added

Changed

4.3.0 - 2026-02-09

Added

Changed

4.2.1 - 2026-02-09

Fixed