rad-repo-manager

Codebase-scoped SEO/AEO tooling for Claude Code with four pure-stdlib Python validators that turn the plugin's static-analysis claims into deterministic checks: `audit-ai-access.py` (per-AI-bot robots.txt allow/block matrix classed training vs citation — GPTBot, ClaudeBot, Google-Extended, CCBot vs OAI-SearchBot, ChatGPT-User, Claude-SearchBot/User, PerplexityBot/User, Bingbot, Googlebot — plus llms.txt existence/format check, Content-Signal/RSL/noai detection, JS-dependence heuristic, and optional CDN-block UA probing), `validate-jsonld.py` (extracts JSON-LD from HTML and framework source including dangerouslySetInnerHTML/set:html/template-literal forms, validates against ~20 SEO-impactful schema.org types, honest dynamic_jsonld findings for unverifiable JS-built blocks), `audit-meta-tags.py` (title/description lengths, canonical shape, charset, viewport, robots sanity, Open Graph 5-prop + Twitter Card 4-prop coverage, hreflang x-default), `check-broken-links.py` (parallel HEAD scanner with GET-Range fallback; URL list / sitemap / HTML-root inputs). Plus knowledge skills for AEO/GEO content optimization (with AI crawl-access gate and Lighthouse Agentic Browsing awareness), keyword ideation, content strategy, schema generation with 2026 rich-result deprecation awareness (FAQ/HowTo retired), E-E-A-T, and observable competitive research. Honest scope: does NOT measure numerical Core Web Vitals, keyword volumes, backlink profiles, or actual AI citation rates — those require Path B MCP integrations documented in references/CAPABILITIES.md.

MV3 Chrome extension development standards (WXT, React, TypeScript) with two pure-stdlib Python validators that catch what LLM eyeballing misses. Skills cover architecture, MV3 security (CSP, remote code ban, content script isolation), permission minimization and CWS compliance, typed messaging, storage selection, service worker lifecycle, React UI patterns, testing, and Chrome Web Store troubleshooting. The chrome-ext-reviewer agent runs two validators before LLM judgment: `audit-manifest.py` (manifest.json audit for MV3 compliance, permission overreach, weak CSP, web_accessible_resources scoping, MV2 leftovers, CWS-rejection causes; auto-discovers WXT `.output/` build manifests) and `scan-mv3-violations.py` (greps source for CSP-banned `eval` / `new Function` / `setTimeout('string')`, remote `<script src="http">` and dynamic imports of remote URLs, MV2-only `chrome.tabs.executeScript` / `chrome.browserAction` / `chrome.extension.getBackgroundPage`, blocking webRequest listeners, optional DOM-risk `innerHTML` / `document.write`). Both emit findings with severity and specific fix recommendations. Pure stdlib Python 3.8+.

3-role adversarial code review for Claude Code — Opus default, Sonnet/Haiku compatible. Parallel tool-call pipeline, JSON-first subagent output, compaction-safe checkpointing with `--resume`, and `--non-interactive` mode for agents/CI. Blame-aware diff scoping, 14-pattern AI slop detection (hallucinated imports, fake error handling, ghost type assertions, mock-shaped fallbacks, etc.), framework-specific IDOR for Next.js / Express / Fastify / Django / Rails / Go, WCAG 2.2 + dynamic ARIA state detection, performance heuristics, severity-ranked findings with release verdict, and accepted-risk expiry enforcement. Includes a `code-reviewer` agent for proactive autonomous review. v5.0: finding IDs shortened to `CR-NNN` (config/state paths unchanged); the hallucinated-imports validator is now wired into the automated-checks phase (offline, lockfile-verified, runs even in --local-only); history comparison matches findings across runs by fingerprint (category+file+title) instead of per-run IDs, making "show new findings only" trustworthy; the never-implemented `--engine claude|codex|both` flag removed in favor of the real `--adversarial-model <name>` cross-model challenge pass; reports save to `.radcr/history/` only (no loose root-level report file). Backed by `check-hallucinated-imports.py` — a pure-stdlib Python 3.8+ script that parses 9 lockfile formats (package-lock.json, yarn.lock, pnpm-lock.yaml, package.json deps, requirements.txt, pyproject.toml, Pipfile.lock, poetry.lock, uv.lock), extracts imports via Python `ast` + JS/TS regex, and flags packages not declared in any lockfile (slopsquatting risk). Runs standalone or in the orchestrator's Step 5g.

Plan a project before you write code — and re-plan it as reality unfolds. Built for solo developers who aren't formally trained engineers: it interrogates you until it actually understands what you're building, then produces a plan a moderately experienced vibe coder can read AND a coding agent can execute. Strictly a planner — it never writes implementation code. The method is interview-driven, risk-first, adversarially-reviewed, and mechanically-validated: - The grilling: a structured discovery interview — eight coverage areas (end goal, users, MVP, success criteria, constraints, assets, exclusions, danger zones), each driven to settled-or-explicitly-unknown; the project mirrored back for correction; assumptions proposed for confirm/deny. Capped at 3 rounds so it stays fast. - The release ladder: every plan anchors to your end goal via a Now / Next / Later release map — Now (MVP/Beta, fully specced tasks), Next (V1 milestone outline), Later (end-goal themes). Detail decays with distance by design; pulling the next horizon into detail is a /replan event. - Written for two readers: a plain-language layer (how-to-read note, release map, 'After this ships' lines) for you; six-field task blocks (objective, files, dependencies, done-when, validation, rollback) for the coding agent. - Codegen-aware stack evaluation (AI-native Golden Path matrix), goal-backward decomposition, risk-first sequencing with size discipline. - Mechanical validation via `plan-lint.py` (required sections incl. the release map, per-task fields, dependency resolution + cycles, vague language) — a real pass/fail check, not the model grading itself. - Adversarial review via the `risk-assessor` agent against 14 documented anti-patterns (APPROVE / REVISE / RETHINK; iterative on the full path, single-pass on the quick path you can choose at discovery). Four skills — two doors in, one maintained plan: - `/plan` — greenfield or a clear next effort: the six-phase conversation → `docs/plan.md`. - `/rescue` — a project in an unclear state: read-only archaeology (code + git evidence), evidence-led interview (keep/cut/unknown per piece), then a fresh release-map plan from where the project actually is. Assesses and plans; never fixes, runs, or deletes code. - `/replan` — evidence-based plan update: marks shipped work from git + handoff (moved to a `## Shipped` section — history preserved, never deleted), re-baselines the rest, pulls the next horizon into detail when Now ships. - `/review-plan` — two-layer quality audit of an existing plan (mechanical lint + adversarial risk review). The PRD exception: when `docs/prd.md` is missing or skeletal, the planner offers to draft it — each section written from your own interview answers, applied only on per-section confirmation. After that birth the PRD is yours (rad-repo-manager keeps it fresh); the planner never edits an existing PRD. Other durable-doc changes go into a paste-ready `docs/[date]-update-prompt.md` for you to apply — durable docs stay under your control. Pairs with rad-repo-manager (which maintains plan.md status and PRD freshness between plans); works standalone. Two agents: `stack-advisor`, `risk-assessor`.

A council of cognitive-framework advisors that debates any decision — repo plans, website designs, product/codebase critiques, marketing plans, anything — then votes and returns one ranked, confidence-rated recommendation with dissent preserved and a single concrete next step. Diversity comes from incompatible *reasoning lenses* (The Contrarian, First Principles, The Vulcan, The Metric, The Storyteller, The Outsider, The Executor, The Orator, The Expansionist, The Growth Catalyst), not personas — research shows cognitive frameworks beat roleplay, and that perspective diversity (not debate depth) is the dominant driver of quality. One skill, `convene`, with two modes: `standard` (independent drafts → one blind peer-review round + dot-vote → rigor-weighted synthesis) and `quick` (parallel critics → synthesis, no review round). A Blue Hat orchestrator auto-selects 3–5 seats for any topic by engineering natural tension between opposing lenses (hard cap 5). Synthesis weights by empirical rigor and logical consistency — never headcount — preserves genuine clashes, rates confidence 1–10, and commits to exactly one next step (disagree-and-commit). Guardrails are baked in against the documented failure modes of multi-agent debate: conformity drift (independent generation), sycophancy (framework constraints, not personas), false consensus (preserved dissent), and runaway cost (hard agent/round caps + effort scaling). Claude-only — no external API keys. Output is one self-contained markdown report, delivered where you choose, never auto-committed. Pairs with rad-brainstormer (diverge → converge) and rad-planner (decide → sequence); recommends rad-code-review for deep code passes rather than duplicating it.