Skip to content

What's New

Latest changes to the VisiTrans Claude Toolkit.

v3.33.0 (2026-04-22)

GitHub Issue Intake (SPEC-116) — Colleagues can now file issues on GitHub and have them flow automatically into the toolkit's intake pipeline. /vt-c-inbox-qualify gained Step 0, which fetches open GitHub issues, imports new ones into intake/inbox/, and tracks new comments on already-processed issues via comment IDs (structural diff, not heading counts). Issues are mapped to intake frontmatter by their GitHub labels: bugworkflow-defect / high, enhancementmissing-capability / medium, documentationmissing-pattern / low. Use --no-github to skip the sync for offline qualification.

Security-hardened import path — Imported GitHub content is treated as untrusted: body and comment text are wrapped in ~~~text fences so embedded SYSTEM: framing or [x] checklists cannot steer Claude downstream, filename slugs are built from an allowlist (no path traversal), issue numbers are validated as ^[0-9]+$ before shell use, YAML frontmatter values are JSON-encoded (no YAML injection), and a regex scanner redacts API keys / tokens / JWTs / bearer tokens / private keys to [REDACTED] before anything lands in intake/. Repo URL is derived from gh repo view so the skill works in any project that installs core-standards.

Renumbering: this spec started life as SPEC-050 and was renumbered to SPEC-116 to resolve a collision with the original SPEC-050 (namespace-convention, shipped 2026-03-06). Commit messages on the feature branch still reference SPEC-050.

v3.31.0 (2026-04-20)

Security baseline hardening (SPEC-114) — The security baseline grew from 5 categories / ~20 deny rules to 11 categories / ~128 deny rules. Six new categories close governance gaps that prior CLAUDE.md instructions failed to enforce: git safety (force push / hard reset / clean -f), inline code execution (python -c / node -e), database destructives (DROP / ORM reset), infrastructure teardown (terraform destroy / namespace delete), self-modification protection (global ~/.claude/ files and .git/), and agent governance (--dangerously-skip-permissions, crontab, audit-log removal).

Notable additions: - Category 2 bypass closedGrep and Glob mirrors now block the credential-read bypass that existed when only Read(**/.env) was denied. .env variants enumerated so .env.example remains readable (EC-01). - .claudeignore now actually enforced — Claude Code does not natively honor .claudeignore; the new claudeignore-guard.sh PreToolUse hook closes that gap. - Pre-commit fail-closed — the pre-commit hook now blocks staged .env files and invokes secret-scanner.sh on every staged file, failing the commit (with install instructions) if the scanner is missing rather than silently skipping. - Scaffold and bootstrap now generate .claudeignore for all project types and .gitleaks.toml for coding/mixed projects. The gitignore-base template gained .env entries that were previously missing for knowledge and design projects.

See SECURITY-CONFIG.md for the full threat model per category.

v3.30.0 (2026-03-30)

Recursive criticism gate (SPEC-105) — New /vt-c-recursive-criticism skill runs 1–3 focused self-review passes (security, error handling, edge cases) before the multi-agent code review, plus a pre-review ritual integrated into /vt-c-3-build.

Autoresearch optimization agent (SPEC-106) — New /vt-c-autoresearch-agent skill implements Karpathy's single-metric optimization loop: measure baseline, hypothesize, implement, measure, accept (git commit) or reject (git revert), repeat with configurable iteration budget and convergence detection.

Also in this release

  • Quality metrics integration (SPEC-109) — optional Step 5.8 in /vt-c-4-review auto-detects coverage tooling (nyc, c8, pytest-cov, go cover, SimpleCov), captures line/branch coverage, detects regressions over 2%, and writes results into the review gate (3.30.1)
  • Build verification loop (SPEC-108) — /vt-c-3-build Step 6.5a runs an auto-detected test command up to 5 iterations until convergence; --skip-verify available (3.30.1)
  • Dream + Open Brain consolidation (SPEC-107) — /vt-c-dream extends auto-memory consolidation to Open Brain persistent thoughts (3.30.1)
  • Playwright E2E integration (SPEC-110) — /vt-c-4-review Step 5.9 auto-runs Playwright for ui_scope: frontend or mixed specs, captures screenshots into the spec directory, and includes results in the review gate (3.30.2)
  • Phase checkpoint integration (SPEC-111) — all four phase skills auto-read on entry and auto-write on exit, enabling clean conversation clearing between phases (3.30.3)
  • Auto-compound on spec completion (SPEC-112) — /vt-c-complete Step 4.6 prompts for compound knowledge capture before marking specs done; auto-skips trivial specs (3.30.4)

v3.28.0 — v3.29.0 (2026-03-27)

Memory consolidation skill (SPEC-102, 3.28.0) — New /vt-c-dream skill performs reflective consolidation of Claude Code auto-memory files: detects stale dates, dead references, contradictions, and duplicates with human confirmation for uncertain deletions.

Remotion video generation (SPEC-099, 3.29.0) — New /vt-c-remotion-video skill generates programmatic videos via Remotion using a structured interview-then-generate pattern, intended for VisiTrans product demos and explainer content.

Also in this release

  • Security hardening (SPEC-103) — pinned MCP package versions in setup.sh, integrity hash verification (setup.sh --verify), Open Brain sanitization rule in CLAUDE.md, intake input validation in /inbox-qualify, SKILL.md tool-declaration audit, default npm ci --ignore-scripts, branch protection check in /repo-health, and a new security documentation set (overview, hardening, incident response) (3.29.1)
  • Memory consolidation enhancement (SPEC-104) — /vt-c-dream cross-references .design-state.yaml to detect stale memory entries referencing completed specs (3.29.1)

v3.27.0 (2026-03-27)

Skill testing & benchmarking framework (SPEC-098) — New /vt-c-skill-eval skill runs YAML-based eval test cases against skills using a quality-grader agent. Ships with 15 eval cases across vt-c-2-plan, vt-c-4-review, and vt-c-spec-from-requirements, plus eval infrastructure under tests/evals/.

Also in this release

  • VisiTrans design system canonical token source (SPEC-101) — five SKILL.md files and two brand_colors.py scripts now reference the canonical YAML token source instead of hardcoded values (3.27.1)
  • Skill prefix corrections (SPEC-097) — intent-skill-matcher and postcompact-recovery migrated from stale vt-i-* to vt-v-*; skill linter quick_validate.py gained prefix-aware name validation (3.26.1)

v3.26.0 (2026-03-24)

Workflow gate enforcement (SPEC-095) — Persistent gates added across all four phases: /vt-c-2-plan writes plan_gate, /vt-c-3-build writes build_gate, /vt-c-4-review writes review_gate, and /vt-c-5-finalize writes finalize_gate — all into specs/[N]-feature/state.yaml as committed YAML. /vt-c-complete Step 2.5 verifies all four gates before allowing completion. Emergency bypass is available but recorded permanently in state.yaml. Backed by global CLAUDE.md Rule 16 (Workflow Gate Enforcement).

v3.25.0 (2026-03-24)

Weekly planning skill — New /vt-c-weekly-planning skill drives a structured weekly planning session via Open Brain task management MCP tools: Asana sync, grouped task dashboard, interactive review/reschedule, new task creation, decision capture, and an Obsidian weekly review summary (SPEC-094).

v3.22.0 — v3.24.0 (2026-03-24)

User manual generation pipeline (SPEC-090, SPEC-091, SPEC-092) — Three skills compose a documentation lifecycle that follows code from PRD through implementation:

  • /vt-c-user-manual-generate (3.22.0) auto-generates a complete MkDocs user manual from a PRD with one page per feature, step-by-step usage, states, edge cases, and screenshot placeholders. /vt-c-pd-2-prd Step 8.5 prompts to generate after PRD completion; /vt-c-pd-6-handoff includes the link in its handoff README.
  • /vt-c-user-manual-update (3.23.0) auto-generates draft updates to manual pages when a spec is completed; spec-to-docs mapping uses a docs_page field in spec state.yaml. /vt-c-complete prompts after spec completion.
  • User manual build gate (3.24.0) — /vt-c-5-finalize Step 2.5 runs mkdocs build --strict against docs/user-manual/, blocks on failures, detects <!-- DRAFT --> markers, and reports documentation coverage. Same release added auto-version-bump in /vt-c-5-finalize Step 0c (MINOR/PATCH detection bumps registry.json, plugin.json, and CHANGELOG.md instead of blocking).

v3.20.0 (2026-03-23)

Bug intake pipeline (SPEC-016) — New /vt-c-bug-report and /vt-c-triage-bugs skills handle structured bug intake with auto-numbered BUG-NNN files, severity classification, and screenshot support. Promote / defer / duplicate triage uses git mv to preserve history. /vt-c-activate recognises BUG-NNN and creates fix/bug-NNN-* branches; /vt-c-complete detects those branches and updates bug state to verified. /vt-c-investigate-bug accepts a BUG-NNN argument and passes the report to the bugfix-orchestrator.

v3.19.0 (2026-03-22)

Repository evaluation safety protocol (SPEC-079) — New /vt-c-repo-evaluate skill assesses external GitHub repositories using a 4-level safety protocol: API-only analysis by default (Level 1), escalation-gated safe clone with hook inspection (Level 2), Docker sandbox and dependency audit guidance (Levels 3–4). Documented as a new section in the security governance guide.

Also in this release

  • Removed unsupported allowed-tools frontmatter field from 20 SKILL.md files
  • Optional from: field added to externalRelationships for C4 container view (overrides default last-declared-container routing)

v3.18.0 (2026-03-19)

Pre-PR simplify ritual (SPEC-081) — Added a /simplify reference guide with focused-mode syntax, a pre-PR ritual, and skip conditions. The code-simplicity-reviewer agent now respects the "What NOT to Change" sections added to four CLAUDE.md templates so protected patterns are not flagged. Advisory tips for the simplify ritual now appear in /vt-c-4-review PASS output and /vt-c-5-finalize GO output.

v3.17.0 (2026-03-19)

Intent engineering for skills and agents (SPEC-080) — Added an intent engineering checklist (references/intent-engineering-checklist.md) and applied Intent Boundaries sections to all six active orchestrators and three template agents (toolkit-developer, ims-writer, docs-pipeline). Five fork-context skills (workflow-4-review, workflow-5-finalize, pd-4-validate, mermaid-to-images, container-logistics-ux-expert) gained Intent Constraints sections. The audit-skill workflow now includes an intent engineering audit step.

v3.16.0 (2026-03-18)

Advanced diagram generation (SPEC-077) — Two new capabilities for diagram workflows:

  • Format auto-selection: vt-c-mermaid-diagrams-branded now counts diagram elements and warns when Mermaid's Dagre layout may struggle. Under 10 elements: proceed; 10–15: ask user; over 15: recommend PlantUML.
  • C4 from YAML (/vt-c-c4-diagram): Generate branded C4 context and container diagrams directly from c4: YAML frontmatter in system notes — no manual Mermaid authoring. Supports actors, containers, external systems, and typed relationships. VisiTrans brand colors applied automatically.

v3.15.0 (2026-03-18)

Strategic mentor review agent (SPEC-075) — Added strategic-mentor agent that provides VIABLE / NEEDS REVISION / FLAWED verdicts on plans and specs before build begins. Dispatched in parallel with plan-checker in /vt-c-2-plan Step 4.5 (informational, non-gating).

v3.9.0 (2026-03-08)

Hook security audit (SPEC-053) — Repo audit had no way to detect tampered, unauthorized, or rogue hook scripts. Added checksum verification, unknown hook detection, network call scanning, and permission checks against a trusted hooks manifest (configs/security/trusted-hooks.yaml) with SHA-256 checksums for all 23 hook scripts.

Also in this release

  • Wave-based dependency execution (SPEC-054) — parallel wave scheduling in /vt-c-activate and /vt-c-3-build
  • Visual reference enforcement (SPEC-056) — design implementation verification
  • Security review pipeline (SPEC-028) — structured security review workflow
  • /vt-c-complete skill split from /vt-c-activate --complete for dedicated spec completion
  • Deploy→finalize rename across all active files

v3.8.0 (2026-03-06)

Namespace convention (SPEC-050) — Skills, commands, agents, and hooks from the toolkit collided with identically-named artifacts from external plugins (compound-engineering). Applied vt-{p}-{name} namespace to all 102 skills, 37 commands, 54 agents, and 7 hooks. Created agent symlink manifest and manifest-based deployment in setup.sh.

Documentation refresh (SPEC-048) — Documentation had drifted from actual toolkit state across five gap categories. Updated component counts, completed all symlink manifests, added missing guides (security governance, composable skills, contributing), created plugin READMEs, and integrated architecture docs into the MkDocs site.

Also in this release

  • Worktree-aware phase transitions (SPEC-040) — workflow skills detect and switch to correct worktrees
  • Plan-checker validation loop (SPEC-042) — automated plan validation up to 3 iterations in /vt-c-2-plan
  • Adopted 3 orphaned hooks into governed plugin manifests
  • Cleaned up 8 orphaned agent files and 6 orphaned skill artifacts from ~/.claude/

v3.7.0 (2026-03-04)

GSD wave execution (SPEC-036) — Added wave-grouped dashboard to /vt-c-activate, parallel opportunity detection in /vt-c-3-build, and pre-plan /vt-c-shape skill for dependency-aware execution.

Agent architecture patterns (SPEC-044) — Created reference documentation for CC 2.1 patterns (skill hooks, policy islands, fork semantics, orchestrators) with examples and pitfall guidance.

Configuration drift audit (SPEC-046) — Extended /vt-c-repo-health to detect security configuration drift from baseline snapshots, flagging weakened deny rules and MCP server sprawl.

Also in this release

  • Document placement strategy (SPEC-038) — docs-only changes stay on current branch, eliminating visibility gaps
  • Beads activation (SPEC-034) — distributed issue tracker replaces file-todos for persistent work-item tracking

v3.6.0 (2026-03-03)

Security hardening (SPEC-035) — Established security baseline configs for Claude Code settings with deny rules and MCP whitelisting audit integration into /vt-c-repo-health.

CWP pre-PR checks (SPEC-037) — Automated pre-PR validation for CWP lifecycle with must-pass checks (MkDocs build, YAML frontmatter, no broken wikilinks) integrated into /vt-v-cwp.

Also in this release

  • UFI country enrichment pipeline (SPEC-039) — added country enrichment to /vt-u-sync for contacts and companies with confidence scoring

v3.5.0 (2026-03-02)

Skill permission governance (SPEC-029) — Addressed approval fatigue in long sessions by adding skill-to-agent permission binding, autonomy hooks for continuation decisions, and pre-authorized agent templates.

Skill quality assurance (SPEC-031) — Added pressure-test validation to skill-creator and spec-compliance review as a prerequisite to code quality checks, preventing untested and spec-drifted implementations.

v3.4.0 (2026-03-01)

Intelligent skill activation (SPEC-030) — Skills were forgotten after context compaction, hook matchers couldn't filter by file path, and there was no intent-based skill suggestion. Added three-layer skill amnesia mitigation (CLAUDE.md inventory, PreCompact hook, post-compaction recovery), a reusable path-match.sh utility for file-path filtering in hook scripts, and a UserPromptSubmit intent matcher that suggests relevant skills based on user input keywords.

Agent worktree isolation (SPEC-032) — Write-capable agents running concurrently could cause branch contamination. Audited all 58 agents and added isolation: worktree to 9 qualified agents. Updated agent creation guidelines with a 4-question isolation decision checklist.

Also in this release

  • Fixed vault-write-guard.sh to read from stdin JSON (was using unimplemented $CLAUDE_TOOL_INPUT)
  • Deployed path-match.sh symlink to ~/.claude/hooks/ for hook script reuse
  • Skill inventory (67 skills) added to user-global CLAUDE.md (Part 5)
  • Skill amnesia mitigation pattern documented at docs/solutions/patterns/

v3.3.0 (2026-02-27)

Finalize gate version enforcement (SPEC-023) — Releases could proceed without version bumps or changelog entries, causing silent drift between what was finalized and what documentation reflected. Added check-finalize-versions.sh that blocks /vt-c-5-finalize when version bump or changelog entry is missing for changed plugins.

Session start notifications (SPEC-022) — Users had no visibility into plugin version changes between sessions. Added a startup hook that compares registry versions against last-seen state and shows version diffs with top changelog entries for context.

Review auto-fix loop (SPEC-024) — Code reviews often returned findings that were mechanically fixable, adding friction. Added auto-fix loop to /vt-c-4-review that classifies findings as [AUTO-FIXABLE] or [HUMAN-REQUIRED] and applies mechanical fixes up to 2 iterations before surfacing remaining issues.

Documentation sync skill — Created /vt-c-doc-sync to audit documentation against actual toolkit state. Checks component counts, terminology, version references, and macros. Maintains a change ledger capturing the "why" behind each change.

Also in this release

  • Plugin versioning guide at docs/guides/plugin-versioning.md
  • CHANGELOG.md requirement in creating-plugins guide
  • Change ledger (docs/change-ledger.md) with entries for SPEC-020 through SPEC-024

v3.1.0 (2026-02-25)

IMS plugin extraction (SPEC-021) — The core-standards plugin had grown to include IMS agents and skills only relevant to compliance workflows. Extracted 6 agents and 6 skills into an independent ims plugin with its own metadata and changelog.

v3.0.0 (2026-02-14)

Multi-plugin architecture — The monolithic plugin structure couldn't support department-specific tooling. Introduced per-plugin .claude-plugin/ directories, plugins/registry.json as version authority, and setup.sh --plugins flag for selective installation.

Two-workflow architecture — Harmonized from three-workflow to two-workflow per constitution v1.0.0: Unified Product Development and Knowledge Work.

Also in this release

  • Finance department plugin as separate optional plugin
  • --list-plugins command for plugin discovery
  • /vt-c-content-evaluate skill for deep knowledge gap analysis
  • 13 legacy docs files removed (superseded by MkDocs site)

v2.1.0 (2026-02-12)

  • Product Design workflow (/vt-c-pd-0-start through /vt-c-pd-6-handoff)
  • Knowledge Work workflow (/vt-c-kw-0-start through /vt-c-kw-4-publish)
  • Research ingestion system (/vt-c-research-ingest, /vt-c-research-implement)

v2.0.0 (2026-02-10)

  • Numbered workflow sequence /vt-c-0-start through /vt-c-6-operate
  • Session journal and session consolidator for continuous knowledge capture
  • Production-ready components: incident response, continuous learning, quality infrastructure

Full changelog | Change ledger