rad-1password

Codebase-scoped SEO/AEO tooling for Claude Code with four pure-stdlib Python validators that turn the plugin's static-analysis claims into deterministic checks: `audit-ai-access.py` (per-AI-bot robots.txt allow/block matrix classed training vs citation — GPTBot, ClaudeBot, Google-Extended, CCBot vs OAI-SearchBot, ChatGPT-User, Claude-SearchBot/User, PerplexityBot/User, Bingbot, Googlebot — plus llms.txt existence/format check, Content-Signal/RSL/noai detection, JS-dependence heuristic, and optional CDN-block UA probing), `validate-jsonld.py` (extracts JSON-LD from HTML and framework source including dangerouslySetInnerHTML/set:html/template-literal forms, validates against ~20 SEO-impactful schema.org types, honest dynamic_jsonld findings for unverifiable JS-built blocks), `audit-meta-tags.py` (title/description lengths, canonical shape, charset, viewport, robots sanity, Open Graph 5-prop + Twitter Card 4-prop coverage, hreflang x-default), `check-broken-links.py` (parallel HEAD scanner with GET-Range fallback; URL list / sitemap / HTML-root inputs). Plus knowledge skills for AEO/GEO content optimization (with AI crawl-access gate and Lighthouse Agentic Browsing awareness), keyword ideation, content strategy, schema generation with 2026 rich-result deprecation awareness (FAQ/HowTo retired), E-E-A-T, and observable competitive research. Honest scope: does NOT measure numerical Core Web Vitals, keyword volumes, backlink profiles, or actual AI citation rates — those require Path B MCP integrations documented in references/CAPABILITIES.md.

MV3 Chrome extension development standards (WXT, React, TypeScript) with two pure-stdlib Python validators that catch what LLM eyeballing misses. Skills cover architecture, MV3 security (CSP, remote code ban, content script isolation), permission minimization and CWS compliance, typed messaging, storage selection, service worker lifecycle, React UI patterns, testing, and Chrome Web Store troubleshooting. The chrome-ext-reviewer agent runs two validators before LLM judgment: `audit-manifest.py` (manifest.json audit for MV3 compliance, permission overreach, weak CSP, web_accessible_resources scoping, MV2 leftovers, CWS-rejection causes; auto-discovers WXT `.output/` build manifests) and `scan-mv3-violations.py` (greps source for CSP-banned `eval` / `new Function` / `setTimeout('string')`, remote `<script src="http">` and dynamic imports of remote URLs, MV2-only `chrome.tabs.executeScript` / `chrome.browserAction` / `chrome.extension.getBackgroundPage`, blocking webRequest listeners, optional DOM-risk `innerHTML` / `document.write`). Both emit findings with severity and specific fix recommendations. Pure stdlib Python 3.8+.

3-role adversarial code review for Claude Code — Opus default, Sonnet/Haiku compatible. Parallel tool-call pipeline, JSON-first subagent output, compaction-safe checkpointing with `--resume`, and `--non-interactive` mode for agents/CI. Blame-aware diff scoping, 14-pattern AI slop detection (hallucinated imports, fake error handling, ghost type assertions, mock-shaped fallbacks, etc.), framework-specific IDOR for Next.js / Express / Fastify / Django / Rails / Go, WCAG 2.2 + dynamic ARIA state detection, performance heuristics, severity-ranked findings with release verdict, and accepted-risk expiry enforcement. Includes a `code-reviewer` agent for proactive autonomous review. v5.0: finding IDs shortened to `CR-NNN` (config/state paths unchanged); the hallucinated-imports validator is now wired into the automated-checks phase (offline, lockfile-verified, runs even in --local-only); history comparison matches findings across runs by fingerprint (category+file+title) instead of per-run IDs, making "show new findings only" trustworthy; the never-implemented `--engine claude|codex|both` flag removed in favor of the real `--adversarial-model <name>` cross-model challenge pass; reports save to `.radcr/history/` only (no loose root-level report file). Backed by `check-hallucinated-imports.py` — a pure-stdlib Python 3.8+ script that parses 9 lockfile formats (package-lock.json, yarn.lock, pnpm-lock.yaml, package.json deps, requirements.txt, pyproject.toml, Pipfile.lock, poetry.lock, uv.lock), extracts imports via Python `ast` + JS/TS regex, and flags packages not declared in any lockfile (slopsquatting risk). Runs standalone or in the orchestrator's Step 5g.

A repo manager for vibe coders — keeps a project's docs minimal, consistent, and honest so coding agents don't get confused or misled by contradictory information. It is the 'manager'; your coding agent is the 'employee.' Four skills, two of them deliberately lean: - `/startup` — orient at the start of a session: read the four active docs + git state, run the two cheap mechanical scans (loose docs, stale docs), surface where you are + what's next + whether the docs are trustworthy. Read-only; recommends `/repo-init` on a fresh repo or `/repo-align` when the scans show drift. - `/wrapup` — leave a clean handoff for a new chat or a post-compaction continuation. Overwrites `docs/handoff.md` from git evidence (not chat memory), then reconciles the active core docs with the session — applying scoped updates to the docs it owns (`docs/plan.md`, AGENTS.md operational sections) on your OK, and drafting exact edits to stale user-owned docs (prd/design/decisions) applied only on per-edit confirmation. Ends with a one-line hygiene pulse. No status/roadmap files, no auto-commit, never runs tests. - `/repo-init` — first-run setup: scaffold the compact doc model (core docs, thin agent shims, minimal folders) on a new or nearly empty repo. Creates only what's missing; never invents product content; never overwrites user-authored files without confirmation. - `/repo-align` — the opt-in deep clean: find drift (contradictions, redundancy, stale/loose/misplaced docs, broken read paths) and propose fixes interactively. Proposes — never auto-acts; moves tracked files with `git mv` to preserve history. Plus an ambient hook layer (Claude Code-only, silent in repos that don't use the doc model, never blocking, says nothing on green): SessionStart injects a one-line doc-health note when something is stale or loose; PreCompact preserves the handoff's raw material (validation results, files changed, next action) through compaction; Stop reminds about wrapup at most once per session when real work is uncommitted and the handoff isn't fresh. The doc model is a tiny, declared, defended core — `AGENTS.md`, `docs/prd.md`, `docs/plan.md`, `docs/handoff.md` (prd/plan/handoff carry an `**Updated:**` freshness stamp) — plus conditional `docs/design.md`, a closed `docs/reference/` catalog, and `docs/archive/` for history. The boundary that matters: `docs/plan.md` owns the durable roadmap/scope/gates/stop-conditions; `docs/handoff.md` owns only the short resume snapshot for the next chat. The plugin authors `AGENTS.md` operational sections, the `CLAUDE.md`/`GEMINI.md` shims, and `docs/handoff.md`; durable changes (prd, design, decision-log) are drafted as exact edits and applied only on your explicit per-edit confirmation. Five pure-stdlib validators: the cheap pair (`repo-scan`, `doc-freshness`) runs every session; the deep trio (`doc-contradiction`, `doc-redundancy`, `audit-user-content`) runs in `repo-align`. Replaces rad-session; Claude-side counterpart to the Codex rad-repo-manager skills. Pairs with rad-planner (which owns `docs/plan.md` content and can birth `docs/prd.md` from its discovery interview; wrapup recommends `/rad-planner:replan` when plan divergence is structural rather than restructuring it itself); works standalone.

A council of cognitive-framework advisors that debates any decision — repo plans, website designs, product/codebase critiques, marketing plans, anything — then votes and returns one ranked, confidence-rated recommendation with dissent preserved and a single concrete next step. Diversity comes from incompatible *reasoning lenses* (The Contrarian, First Principles, The Vulcan, The Metric, The Storyteller, The Outsider, The Executor, The Orator, The Expansionist, The Growth Catalyst), not personas — research shows cognitive frameworks beat roleplay, and that perspective diversity (not debate depth) is the dominant driver of quality. One skill, `convene`, with two modes: `standard` (independent drafts → one blind peer-review round + dot-vote → rigor-weighted synthesis) and `quick` (parallel critics → synthesis, no review round). A Blue Hat orchestrator auto-selects 3–5 seats for any topic by engineering natural tension between opposing lenses (hard cap 5). Synthesis weights by empirical rigor and logical consistency — never headcount — preserves genuine clashes, rates confidence 1–10, and commits to exactly one next step (disagree-and-commit). Guardrails are baked in against the documented failure modes of multi-agent debate: conformity drift (independent generation), sycophancy (framework constraints, not personas), false consensus (preserved dissent), and runaway cost (hard agent/round caps + effort scaling). Claude-only — no external API keys. Output is one self-contained markdown report, delivered where you choose, never auto-committed. Pairs with rad-brainstormer (diverge → converge) and rad-planner (decide → sequence); recommends rad-code-review for deep code passes rather than duplicating it.