rad-seo-optimizer

MV3 Chrome extension development standards (WXT, React, TypeScript) with two pure-stdlib Python validators that catch what LLM eyeballing misses. Skills cover architecture, MV3 security (CSP, remote code ban, content script isolation), permission minimization and CWS compliance, typed messaging, storage selection, service worker lifecycle, React UI patterns, testing, and Chrome Web Store troubleshooting. The chrome-ext-reviewer agent runs two validators before LLM judgment: `audit-manifest.py` (manifest.json audit for MV3 compliance, permission overreach, weak CSP, web_accessible_resources scoping, MV2 leftovers, CWS-rejection causes; auto-discovers WXT `.output/` build manifests) and `scan-mv3-violations.py` (greps source for CSP-banned `eval` / `new Function` / `setTimeout('string')`, remote `<script src="http">` and dynamic imports of remote URLs, MV2-only `chrome.tabs.executeScript` / `chrome.browserAction` / `chrome.extension.getBackgroundPage`, blocking webRequest listeners, optional DOM-risk `innerHTML` / `document.write`). Both emit findings with severity and specific fix recommendations. Pure stdlib Python 3.8+.

3-role adversarial code review for Claude Code — Opus default, Sonnet/Haiku compatible. Parallel tool-call pipeline, JSON-first subagent output, compaction-safe checkpointing with `--resume`, and `--non-interactive` mode for agents/CI. Blame-aware diff scoping, 14-pattern AI slop detection (hallucinated imports, fake error handling, ghost type assertions, mock-shaped fallbacks, etc.), framework-specific IDOR for Next.js / Express / Fastify / Django / Rails / Go, WCAG 2.2 + dynamic ARIA state detection, performance heuristics, severity-ranked findings with release verdict, and accepted-risk expiry enforcement. Includes a `code-reviewer` agent for proactive autonomous review. v5.0: finding IDs shortened to `CR-NNN` (config/state paths unchanged); the hallucinated-imports validator is now wired into the automated-checks phase (offline, lockfile-verified, runs even in --local-only); history comparison matches findings across runs by fingerprint (category+file+title) instead of per-run IDs, making "show new findings only" trustworthy; the never-implemented `--engine claude|codex|both` flag removed in favor of the real `--adversarial-model <name>` cross-model challenge pass; reports save to `.radcr/history/` only (no loose root-level report file). Backed by `check-hallucinated-imports.py` — a pure-stdlib Python 3.8+ script that parses 9 lockfile formats (package-lock.json, yarn.lock, pnpm-lock.yaml, package.json deps, requirements.txt, pyproject.toml, Pipfile.lock, poetry.lock, uv.lock), extracts imports via Python `ast` + JS/TS regex, and flags packages not declared in any lockfile (slopsquatting risk). Runs standalone or in the orchestrator's Step 5g.

A repo manager for vibe coders — keeps a project's docs minimal, consistent, and honest so coding agents don't get confused or misled by contradictory information. It is the 'manager'; your coding agent is the 'employee.' Four skills, two of them deliberately lean: - `/startup` — orient at the start of a session: read the four active docs + git state, run the two cheap mechanical scans (loose docs, stale docs), surface where you are + what's next + whether the docs are trustworthy. Read-only; recommends `/repo-init` on a fresh repo or `/repo-align` when the scans show drift. - `/wrapup` — leave a clean handoff for a new chat or a post-compaction continuation. Overwrites `docs/handoff.md` from git evidence (not chat memory), then reconciles the active core docs with the session — applying scoped updates to the docs it owns (`docs/plan.md`, AGENTS.md operational sections) on your OK, and drafting exact edits to stale user-owned docs (prd/design/decisions) applied only on per-edit confirmation. Ends with a one-line hygiene pulse. No status/roadmap files, no auto-commit, never runs tests. - `/repo-init` — first-run setup: scaffold the compact doc model (core docs, thin agent shims, minimal folders) on a new or nearly empty repo. Creates only what's missing; never invents product content; never overwrites user-authored files without confirmation. - `/repo-align` — the opt-in deep clean: find drift (contradictions, redundancy, stale/loose/misplaced docs, broken read paths) and propose fixes interactively. Proposes — never auto-acts; moves tracked files with `git mv` to preserve history. Plus an ambient hook layer (Claude Code-only, silent in repos that don't use the doc model, never blocking, says nothing on green): SessionStart injects a one-line doc-health note when something is stale or loose; PreCompact preserves the handoff's raw material (validation results, files changed, next action) through compaction; Stop reminds about wrapup at most once per session when real work is uncommitted and the handoff isn't fresh. The doc model is a tiny, declared, defended core — `AGENTS.md`, `docs/prd.md`, `docs/plan.md`, `docs/handoff.md` (prd/plan/handoff carry an `**Updated:**` freshness stamp) — plus conditional `docs/design.md`, a closed `docs/reference/` catalog, and `docs/archive/` for history. The boundary that matters: `docs/plan.md` owns the durable roadmap/scope/gates/stop-conditions; `docs/handoff.md` owns only the short resume snapshot for the next chat. The plugin authors `AGENTS.md` operational sections, the `CLAUDE.md`/`GEMINI.md` shims, and `docs/handoff.md`; durable changes (prd, design, decision-log) are drafted as exact edits and applied only on your explicit per-edit confirmation. Five pure-stdlib validators: the cheap pair (`repo-scan`, `doc-freshness`) runs every session; the deep trio (`doc-contradiction`, `doc-redundancy`, `audit-user-content`) runs in `repo-align`. Replaces rad-session; Claude-side counterpart to the Codex rad-repo-manager skills. Pairs with rad-planner (which owns `docs/plan.md` content and can birth `docs/prd.md` from its discovery interview; wrapup recommends `/rad-planner:replan` when plan divergence is structural rather than restructuring it itself); works standalone.

Plan a project before you write code — and re-plan it as reality unfolds. Built for solo developers who aren't formally trained engineers: it interrogates you until it actually understands what you're building, then produces a plan a moderately experienced vibe coder can read AND a coding agent can execute. Strictly a planner — it never writes implementation code. The method is interview-driven, risk-first, adversarially-reviewed, and mechanically-validated: - The grilling: a structured discovery interview — eight coverage areas (end goal, users, MVP, success criteria, constraints, assets, exclusions, danger zones), each driven to settled-or-explicitly-unknown; the project mirrored back for correction; assumptions proposed for confirm/deny. Capped at 3 rounds so it stays fast. - The release ladder: every plan anchors to your end goal via a Now / Next / Later release map — Now (MVP/Beta, fully specced tasks), Next (V1 milestone outline), Later (end-goal themes). Detail decays with distance by design; pulling the next horizon into detail is a /replan event. - Written for two readers: a plain-language layer (how-to-read note, release map, 'After this ships' lines) for you; six-field task blocks (objective, files, dependencies, done-when, validation, rollback) for the coding agent. - Codegen-aware stack evaluation (AI-native Golden Path matrix), goal-backward decomposition, risk-first sequencing with size discipline. - Mechanical validation via `plan-lint.py` (required sections incl. the release map, per-task fields, dependency resolution + cycles, vague language) — a real pass/fail check, not the model grading itself. - Adversarial review via the `risk-assessor` agent against 14 documented anti-patterns (APPROVE / REVISE / RETHINK; iterative on the full path, single-pass on the quick path you can choose at discovery). Four skills — two doors in, one maintained plan: - `/plan` — greenfield or a clear next effort: the six-phase conversation → `docs/plan.md`. - `/rescue` — a project in an unclear state: read-only archaeology (code + git evidence), evidence-led interview (keep/cut/unknown per piece), then a fresh release-map plan from where the project actually is. Assesses and plans; never fixes, runs, or deletes code. - `/replan` — evidence-based plan update: marks shipped work from git + handoff (moved to a `## Shipped` section — history preserved, never deleted), re-baselines the rest, pulls the next horizon into detail when Now ships. - `/review-plan` — two-layer quality audit of an existing plan (mechanical lint + adversarial risk review). The PRD exception: when `docs/prd.md` is missing or skeletal, the planner offers to draft it — each section written from your own interview answers, applied only on per-section confirmation. After that birth the PRD is yours (rad-repo-manager keeps it fresh); the planner never edits an existing PRD. Other durable-doc changes go into a paste-ready `docs/[date]-update-prompt.md` for you to apply — durable docs stay under your control. Pairs with rad-repo-manager (which maintains plan.md status and PRD freshness between plans); works standalone. Two agents: `stack-advisor`, `risk-assessor`.

A council of cognitive-framework advisors that debates any decision — repo plans, website designs, product/codebase critiques, marketing plans, anything — then votes and returns one ranked, confidence-rated recommendation with dissent preserved and a single concrete next step. Diversity comes from incompatible *reasoning lenses* (The Contrarian, First Principles, The Vulcan, The Metric, The Storyteller, The Outsider, The Executor, The Orator, The Expansionist, The Growth Catalyst), not personas — research shows cognitive frameworks beat roleplay, and that perspective diversity (not debate depth) is the dominant driver of quality. One skill, `convene`, with two modes: `standard` (independent drafts → one blind peer-review round + dot-vote → rigor-weighted synthesis) and `quick` (parallel critics → synthesis, no review round). A Blue Hat orchestrator auto-selects 3–5 seats for any topic by engineering natural tension between opposing lenses (hard cap 5). Synthesis weights by empirical rigor and logical consistency — never headcount — preserves genuine clashes, rates confidence 1–10, and commits to exactly one next step (disagree-and-commit). Guardrails are baked in against the documented failure modes of multi-agent debate: conformity drift (independent generation), sycophancy (framework constraints, not personas), false consensus (preserved dissent), and runaway cost (hard agent/round caps + effort scaling). Claude-only — no external API keys. Output is one self-contained markdown report, delivered where you choose, never auto-committed. Pairs with rad-brainstormer (diverge → converge) and rad-planner (decide → sequence); recommends rad-code-review for deep code passes rather than duplicating it.