All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
rust-security-analystagent (agents/16-rust-security-analyst.md): a read-only vulnerability analyst for continuous-improvement cycles, built as the security counterpart torust-arch-analyst. Thin agent definition (sonnet + high effort) that delegates all expertise to thesecurity-auditskill. Scans existing codebases for dependency advisories, unsafe code, exposed secrets, injection and input-validation gaps, cryptography misuse, broken authentication, panic-based denial of service, and supply-chain risk. Never modifies source code,Cargo.toml, orCargo.lock— files GitHub security issues only.security-auditskill (skills/security-audit/SKILL.md): the vulnerability-audit protocol backingrust-security-analyst, mirroring the structure ofarch-inspect. Eight audit categories (dependencies,unsafe,secrets,input,crypto,auth,panics,supply-chain) each with concrete Rust anti-patterns and detection commands. Runs dependency scanners first (cargo audit,cargo deny,gitleaks) for zero-false-positive findings, then code-pattern categories. Ranks findings by exploitability with a Critical/High/Medium/Low → P0–P3 severity map, requires a concrete attack scenario per finding, and defines the GitHub issue and handoffSecurity Reviewoutput formats. Invocable directly as/rust-agents:security-audit [focus]for a single-session audit.
continuous-improvementskill: integratedrust-security-analystas the fourth CI-cycle agent. Added thesecurityfocus value (and folded the analyst intofull), asecuritytask row, the spawn block, and a### Security Auditsection in both the cycle-journal template and the Step 3 summary.init-projectcontinuous-improvement rules template: added a## Security Scopesection (trust boundaries, accepted risks, sensitive assets) so the security audit receives project-specific context; corrected the "used by" reference from the stalerust-ci-analystto the current four CI agents.- Root
README.mdandrust-code/README.md: documented the new agent and skill; agent count14 → 15, skill count18 → 19, version badge1.36.0 → 1.37.0; updated thecontinuous-improvementfocus tables to includesecurity. - Plugin and marketplace manifests: version bumped to
1.37.0; descriptions updated to name all four CI agents;marketplace.jsonspecialist-agent count corrected from the stale13to15; addedvulnerability-scanningandsecurity-auditkeywords.
- Root
README.mdandrust-code/README.md: synced with actual plugin state, which had drifted out of date (version badges still showed1.30.0/1.26.6, agent/skill counts were stale, and therust-arch-analystagent plusarch-inspectskill were missing entirely).- Version badges bumped to
1.36.0. - Agent count corrected from 13 to 14; added the missing
rust-arch-analystagent description and its use case. - Skill count corrected from 16 to 18; added the missing
arch-inspectskill section and therust-modern-apisbullet in the root README's skill list. continuous-improvementskill docs updated to include thearch/fullfocus values andrust-arch-analystas a spawned agent.rust-modern-apisreferences updated from1.89–1.96to1.89–1.97, with two new trigger-table rows for the 1.97 bit-manipulation methods (isolate_highest_one,bit_width).
- Version badges bumped to
rust-modern-apisskill: coverage extended to Rust 1.97 (released 2026-07-09). The headline additions are the integer bit-manipulation methods, now documented as trigger-table entries and inreferences/arithmetic.md:isolate_highest_one/isolate_lowest_one— keep only the most / least significant set bit (replaces1 << (BITS - 1 - x.leading_zeros())andx & x.wrapping_neg()).highest_one/lowest_one— index of the highest / lowest set bit (Option<u32>on plain integers, plainu32onNonZero).bit_width— minimum bits needed to represent the value (replacesBITS - x.leading_zeros()).- All five are
const fn, stabilized on every integer type and itsNonZeroequivalent. - Added a
**MSRV 1.97+**line to the version→MSRV gate list.
references/changelog.md: new## Rust 1.97 (2026-07-09)section covering thepin!deref-coercion soundness fix, v0 symbol mangling by default,char::is_controlconst, thebuild.warningsandresolver.lockfile-pathCargo configs,cargo clean --target-dirguardrail, rustdoc--emit/--remap-path-prefix, and the associated compatibility notes.
rust-modern-apisskill frontmatter and heading extended from the 1.89–1.96 range to 1.89–1.97 (August 2025 – July 2026); added the hand-rolled bit-manipulation idiom to the proactive-trigger list.- Plugin and marketplace manifests: version bumped to
1.36.0; descriptions and keywords updated to reference Rust 1.97.
rust-developeragent: prompt hardened with process-level quality controls. Generic "be careful / don't make mistakes" exhortations demonstrably do not reduce defects; these sections replace them with verification loops the agent must execute:- Grounding Rules — never modify a file not read in this session; never call a dependency API from memory (check the crate version in
Cargo.toml, then verify the signature viacargo doc/docs.rs/compiler); ambiguous requirements get an explicit// ASSUMPTION:marker at the code site plus a handoff entry instead of silently invented behavior. - Incremental Verification —
cargo checkafter each logical unit (function, impl block, module); never accumulate more than ~100 lines of unverified code. - Bug Fixes: Regression Test First — reproduce the bug with a failing test before fixing; the passing test defines "fixed" and stays in the suite as a regression guard.
- Never Weaken Checks — failing checks are fixed in code, never bypassed: no deleting/
#[ignore]-ing/loosening tests, no#[allow(...)]to silence lints, no hardcoded expected values, nolet _ =/.ok()error discarding. A check that cannot pass honestly must surface as astatus: blockedhandoff, not a fake green. - Self-Review Before Handoff — re-read the full
git diffagainst the Anti-patterns list before handing off. - Anti-patterns list extended with the check-weakening, unjustified-
#[allow], and unverified-API entries.
- Grounding Rules — never modify a file not read in this session; never call a dependency API from memory (check the crate version in
rust-developeragent tools: the prompt mandated actions its allowlist could not perform. The DRY policy instructsGrep/Globsearches but neither tool was granted; the mandatory handoff protocol needsdate,mkdir,cat,awk, none of which matchBash(cargo *)/Bash(rustc *); every edit required a whole-fileWriterewrite (noEdit); and the agent could not inspect its own diff (nogit). AddedEdit,Grep,Glob,Bash(git *),Bash(date *),Bash(mkdir *),Bash(cat *),Bash(awk *).
- Team-orchestration skills (
team-develop,team-debug,continuous-improvement) aligned with the current Claude Code agent-teams API (official docs as of 2026-06; the underlying behavior changed in Claude Code v2.1.178). The skills previously called tools and used message shapes that no longer exist, so a real team run would fail at the firstTeamCreate:- Removed all
TeamCreate/TeamDeletecalls — both tools were removed from Claude Code. Teams now form implicitly when the lead spawns the first teammate, and the team's shared directories are cleaned up automatically when the session ends. DroppedTeamCreate/TeamDeletefrom everyToolSearch("select:...")load list and replaced the "Team Setup" steps with an implicit-team note inteam-develop/SKILL.md,team-debug/SKILL.md,continuous-improvement/SKILL.md, and bothreferences/team-workflow.md. - Removed the deprecated
team_nameparameter from everyAgent(...)spawn call (~31 sites). It is accepted but ignored by the current Agent tool — the session has a single implicit team. - Corrected
SendMessagecall syntax across all team skills: the tool takesto+message+summary, not the previoustype: "message"/content:/recipient:shape. Teammate→lead messages now address the lead asto: "main"(wasto: "team-lead"/to: "ci-lead", which are not addressable recipients). Shutdown handshakes now use the structured formsmessage: {type: "shutdown_request", reason}andmessage: {type: "shutdown_response", request_id, approve}. - Removed the non-existent "broadcast" message type from both
communication-protocol.mdreferences — the currentSendMessagedelivers to one recipient; reach several teammates by sending one message each. - Removed the now-unfillable
{team-name}substitution from teammate spawn templates (the team name is session-derived and auto-generated). The teammate-discovery config path~/.claude/teams/{team-name}/config.jsonis unchanged — it is still valid per the docs.
- Removed all
README.md: updated the continuous-improvement workflow line to dropTeamCreate/team_name/TeamDelete.
- Verified against the official Claude Code sub-agents, agent-teams, and skills documentation (code.claude.com/docs). All
SKILL.mdfrontmatter fields used in the plugin (name,description,argument-hint,allowed-tools,disable-model-invocation,effort) were confirmed valid against the current skills frontmatter spec — no frontmatter changes were required.
team-developskill: the mandatory implementation-critic validation gate (impl-critic— adversarial critique of the implementation byrust-critic, report-only, on the validation step after the developer and before code review) is now enforced in every chain whererust-developerwrites code, not just the New Feature pipeline. Added avalidate-critiquetask (ownerimpl-critic) to the Bug Fix, Refactoring, Security, Dependency Bump, and Performance chains — updated each chain's task table, dependency graph (reviewnow blocks onvalidate-critique), and spawn order. The critic runs in parallel with the existing validators where a validation phase already exists (Bug Fix/Refactoring alongsidetester; Dependency Bump alongsidesecurity+tester; Performance alongsideperf verify+tester) and sequentially before review in the Security chain (which previously had no validation phase). Previously only the full New Feature pipeline ran an implementation critic; the reduced chains skipped it — Bug Fix and Refactoring did so explicitly ("No critic") — leaving five code-writing chains with no adversarial review of the implementation before merge.
team-developskill: explicit "Mandatory critic gate" rule in the Workflow Templates section. States that any chain with arust-developerphase must run animpl-criticafter the developer and before code review, and that the no-developer chains (Documentation, CI/CD, Spec-Driven) are exempt because they produce no implementation code.
team-developskill: corrected the Workflow Templates intro that described "the three reduced chains below" — the count was stale.
rust-arch-analystagent:effortraised frommediumtohigh. As a read-only continuous-improvement agent, its job is deep structural reasoning — detecting type-system anti-patterns, DRY violations, API naming issues, and async concurrency defects — which benefits from extended thinking.highis also Sonnet 4.6's default effort, so the previousmediumwas actively suppressing reasoning below baseline on the most analytical role of the cycle. This aligns all three continuous-improvement agents (rust-live-tester,rust-researcher,rust-arch-analyst) ateffort: high.
- Effort policy clarified and made consistent across the fleet: the three read-only continuous-improvement agents (
rust-live-tester,rust-researcher,rust-arch-analyst) run ateffort: highfor deep analysis; the code-writing team-develop agents (rust-developer,rust-testing-engineer,rust-performance-engineer,rust-code-reviewer,rust-cicd-devops,rust-debugger) run atmediumto trim cost below Sonnet 4.6'shighdefault; the reasoning-critical Opus roles (rust-architect,rust-critic,rust-security-maintenance) run athigh. This supersedes the 1.31.0 note that described Sonnet agents as uniformlymedium.
rust-architectandrust-criticagents: model pinned from the outdatedclaude-opus-4-6toclaude-opus-4-8. Both are reasoning-heavy roles, and the 4.6→4.8 jump lifts SWE-bench Verified from ~80.8% to 88.6% at the same $5/$25 per-MTok price, with a reported ~4x reduction in unreported code flaws — directly relevant to architecture design and adversarial critique.effort: highretained (the Opus default). The previous hard-coded4-6had frozen these two agents on an old version while the rest of the fleet tracked aliases.rust-security-maintenanceagent: model upgraded fromsonnettoclaude-opus-4-8. Security review is high-stakes (unsafe code, cryptography, auth, external input validation) where the cost of a missed vulnerability outweighs the higher token cost; Opus 4.8's reduced unreported-flaw rate applies directly. This raises the per-run cost of security passes (~2x vs Sonnet on output, partly offset by prompt caching) — an intentional quality/cost trade for this role.effort: highretained, now matching the Opus default. Brings the agent's manifest in line with the README, which already documented it asopus.
- The 12 other agents remain on
sonnet/haikualiases. Sonnet 4.6 (79.6% SWE-bench Verified) is a strong cost/quality fit for routine implementation, testing, review, and read-only analysis roles; promoting them to Opus would roughly double cost for a marginal quality gain. Effort levels vary by role: most Sonnet agents runmedium(below Sonnet 4.6'shighdefault) to trim cost, while the read-only continuous-improvement agentsrust-live-testerandrust-researcherrunhigh. Opus reasoning roles runhigh(the Opus default).
rust-modern-apisskill: full coverage of Rust 1.96 (2026-05-28). Updated frontmatter description and scope (1.89–1.96). Trigger table extended with three new patterns:assert!(matches!(..))/ manual match-panic test scaffolding →assert_matches!,LazyLock::new(|| value)for already-computed values →LazyLock::from/LazyCell::from, andstd::ops::Rangefields blocking#[derive(Copy)]→core::range::Range. NewMSRV 1.96+row in the MSRV gate.rust-modern-apisreferences/assertions.md: new reference file documentingassert_matches!/debug_assert_matches!— module pathcore/std::assert_matches, deliberately not in the prelude, before/after vsassert!(matches!(..)),Debug-on-failure output, guard and custom-message forms, and MSRV guidance.rust-modern-apisreferences/changelog.md: new "Rust 1.96 (2026-05-28)" section grouped by Language / Stabilized APIs / Compiler / Cargo / Security / Compatibility notes. Sources linked to releases.rs and the official release blog.rust-modern-apisreferences/sync.md: new section onFrom<T> for LazyCell<T>/LazyLock<T>— wrapping an already-computed value with no init closure.rust-modern-apisreferences/iterators.md: new section oncore::rangeCopy-able range types (Range/RangeFrom/RangeToInclusiveplus their iterators, RFC 3550) andNonZerorange iteration.rust-modern-apisreferences/compiler-cargo.md: 1.96 minimum external LLVM 21, Cargo dependency with simultaneous git + alternate-registry source,target.'cfg(..)'.rustdocflags, and the CVE-2026-5222 / CVE-2026-5223 security note.
- Metadata version-range references updated from 1.89–1.94 to 1.89–1.96 across
plugin.json,.claude-plugin/marketplace.json,rust-code/README.md, andagents/15-rust-arch-analyst.md(these had lagged since the 1.95 coverage). Therust-1-94keyword inplugin.jsonwas renamed torust-1-96.
team-developskill: newspec-driventask classification and matching workflow chainarchitect → critic → sdd → reviewer → commit-spec → follow-up issue. Design-only mode: no implementation code is produced; the chain outputs a versioned spec package underspecs/{feature-slug}/plus a GitHub issue that hands the spec off to a future implementation pass.team-developskill: Step 0 classification table extended with thespec-drivenrow. Triggers include "spec", "specification", "design doc", "RFC", "proposal", "BRD", "SRS", "NFR", "blueprint", "feasibility", "design only", "spec only", "research before implementing", "deep design", "draft a spec", "produce a spec".team-developskill: Mixed-Signal Rule updated —spec-drivensits outside the light→heavy chain order; when bothspec-drivenandnew-featurefit, the lead asks the user to choose between "spec now, code later" and "one combined PR".team-developskill: Escalation Rule extended to cover bidirectional scope changes — upgrade tospec-drivenwhen the architect cannot collapse the design in one pass, and downgradespec-driven→new-featurewhen sdd reports the scope is small enough to implement directly without a written spec.team-developskill: spec-driven workflow defines a code-ownership override (no source edits — only sdd writes spec artifacts, only team-lead commits and opens issues), a dedicated commit message template, and agh issue createtemplate that links the spec commit, lists testable acceptance criteria, and recommends/rust-agents:team-develop new-featureas the follow-up chain.team-developskill: spec-driven fix-review cycle routes fix messages tosdd(notdeveloper); reviewer focuses on spec completeness, traceability (BRD→SRS→spec→tasks), measurable NFRs, and well-formed YAML rather than code quality.
team-developskill: intro note about pre-existing specs rewritten —spec-drivenis now the canonical way to produce a spec from team-develop; standalone/rust-agents:sddis reserved for non-team use; the legacy.local/specs/convention still works for thenew-featurechain.
rust-testing-engineeragent: new Redundancy Audit responsibility. Agent now sweeps existing test suites for: exact duplicates, parametric duplicates (N tests differing only in input values), subset duplicates, property-test overlap with unit tests, tests of the stdlib or the mock itself, placeholder / smoke tests, coverage-equivalent unit ↔ integration pairs, and oversized fixtures. Triggers in three cases — validating existing code, before adding a new test (duplication check), and explicitaudit-moderequest from the user.rust-testing-engineeragent: detection process documented around the existing toolchain —cargo nextest listenumeration, name-pattern clustering, body comparison viaRead, property-vs-unit cross-check,cargo llvm-covcoverage diff for uncertain cases, and per-test timing via--message-format libtest-json. No new tools required.rust-testing-engineeragent: handoff frontmatter now carries aredundancyblock (total_tests,redundant,candidates_for_review,estimated_ci_savings_ms); body groups findings by file withfile:line — test_name [type]+ evidence + recommendation lines.rust-testing-engineeragent: new audit-mode workflow chain documented in Coordination —user "audit tests" → tester (audit-mode) → developer (applies deletions) → reviewer (verifies nothing important removed) → commit.
rust-testing-engineeragent: frontmatter description extended with audit triggers ("audit tests", "reduce CI time", "cleanup test suite", "audit-mode").rust-testing-engineeragent: Anti-Patterns section extended with five new entries covering the redundancy categories.rust-testing-engineeragent: Coordination "When Called After Another Agent" table now flags the redundancy-check focus for each upstream agent — exceptrust-debugger, where regression-test overlap is explicitly preserved as documentary value.
- Removal policy unchanged: tester does NOT delete tests. In team-develop chains the developer applies deletions in the next fix pass; in standalone use the user (or a spawned
rust-developer) applies them. Tester tools remainRead,Skill,Write,Bash(cargo *),Bash(cargo-nextest *),Bash(cargo-llvm-cov *),Bash(git *)— noEdit, norg/grep/find.
rust-modern-apisskill: full coverage of Rust 1.95 (2026-04-16). Updated frontmatter description and scope (1.89–1.95). Trigger table extended with six new patterns: atomiccompare_exchangeloops →AtomicPtr/Bool/Isize/Usize::update/try_update, integer-to-bool matching →bool::try_from(n),cfg_ifcrate →core::cfg_select!, manual#[cold]paths →core::hint::cold_path(), nested matches with optional binding →if letguards on match arms,unsafe { &*ptr }→<*const T>::as_ref_unchecked/<*mut T>::as_mut_unchecked. NewMSRV 1.95+row in the MSRV gate listing all 1.95 stabilizations.rust-modern-apisreferences/changelog.md: new "Rust 1.95 (2026-04-16)" section grouped by Language / Stabilized APIs / Compiler / Platform support / Performance and tools / Compatibility notes. Source link toreleases.rs/docs/1.95.0/included.rust-modern-apisreferences/sync.md: new section on atomicupdate/try_updatewith before/after CAS-loop example, ordering semantics, "when to prefer" notes, and the explicit list of unsupported types (AtomicI*/AtomicU*with explicit widths).rust-modern-apisreferences/arithmetic.md: new section onbool: TryFrom<{integer}>with use-case guidance (wire-format decoding vs. C-style truthiness) and zero-cost error type note.
team-developskill: Step 0 task classification with user confirmation. Before any team setup, the lead inspects$ARGUMENTS, maps it to one of eight chains via a signal table, and asks the user to confirm. The full pipeline is no longer the silent default.team-developskill: seven reduced workflows with explicit task graphs, dependency setups, and spawn order:- Bug Fix:
debugger → developer → tester → reviewer → commit. No architect/critic/perf/security validators. - Refactoring:
architect (lite) → developer → tester → reviewer → commit. Critic and perf/security validators dropped since behavior is preserved. - Security:
security → developer → reviewer → commit. Security agent leads (analysis only); developer applies fixes. - Documentation:
tech-writer → reviewer → commit. tech-writer (not developer) owns the change; doctests verified when rustdoc onpubitems is touched. - Dependency Bump:
developer → parallel(security, tester) → reviewer → commit. Security audit mandatory for new RUSTSEC advisories; full test suite required. - Performance:
perf → developer → parallel(perf-verify, tester) → reviewer → commit. perf engineer leads AND re-measures; commit includes before/after numbers. - CI/CD:
cicd → reviewer → commit. CI/CD engineer edits workflows/configs directly; no Rust agents involved.
- Bug Fix:
team-developskill: each chain can drop its lead agent (debugger/architect/security/perf) when the user's task already names the root cause, refactor scope, CVE, or hot path — start from developer in the matching chain.team-developskill: Mixed-Signal Rule for tasks hitting multiple classification rows. Pick by goal verb (outcome), not means; tie-break by heavier chain via explicit weight ordering (docs < ci-cd < dependency < bug-fix < refactoring < performance < security < new-feature); otherwise ask user.team-developskill: Escalation Rule for chain-breaking discoveries mid-flight. Lead stops the chain, shuts down idle agents, summarizes the finding, and proposes upgrade to a heavier chain — never silently morphs scope.
team-developskill: the previous "Workflow Templates" one-liner list at the SKILL footer is replaced by full subsections per chain that reuse Steps 8–10 (fix-review cycle, commit, shutdown) without duplicating them. The full pipeline (Steps 1–10) is now explicitly reserved fornew-featureclassification.
team-developskill: developer and reviewer agent spawn prompts now explicitly call their mandatory startup skills (rust-modern-apis) after handoff. Previously, the team communication template'sBEFORE any other work, call rust-agent-handoffinstruction silently suppressed additional skill calls defined in agent definitions.team-debugskill: live-tester spawn prompt now explicitly callslive-testingskill after handoff; reviewer spawn prompt now explicitly callsrust-modern-apisbefore consolidating findings.
arch-inspectskill: full rewrite of the audit checklist. Type safety promoted to primary principle with explicit goal "make illegal states unrepresentable". Added three new audit categories: Modularity (crate/module boundaries, visibility, workspace structure), Testability (trait-based deps, Clock abstraction, global state, test module structure), Readability (function length, single-letter bindings, comment quality). Existing categories expanded: type system now covers newtypes, typestate opportunities, unsafe SAFETY comments; DRY adds redundant trait detection; async adds tokio::spawn handle leak. Triage table updated to include all six categories. Focus table extended withmodularity,testability,readabilityvalues.
- New agent
rust-arch-analyst(sonnet + medium effort, read-only): audits existing codebases for type system anti-patterns, DRY violations, API naming violations, workspace structure issues, and async concurrency defects. Files GitHub issues for findings. Designed for CI inspection cycles, not new feature design. - New skill
arch-inspect: audit protocol containing the full checklist, triage rules, and issue filing instructions. Called byrust-arch-analystat startup viaSkill(...). Can also be invoked directly as/arch-inspect [focus]to run the audit in the current session without spawning a subagent.
continuous-improvementskill: replacedrust-architect(opus + high effort) withrust-arch-analyst(sonnet + medium) for thearchitectureandfullCI phases. The heavy architect agent is for designing new systems; the analyst is purpose-built for reviewing existing code. Agent spawn prompt simplified — audit checklist now lives in the agent definition itself.
continuous-improvementskill: addedrust-architectas a third agent for code quality and architecture review. New focus valuearchitecturespawns the architect alone;fullnow runs rust-researcher and rust-architect in parallel after rust-live-tester. The architect performs a READ-ONLY pass scanning for type system anti-patterns, DRY violations at architecture level, API naming violations, workspace structure issues, async concurrency problems, and inline comment quality. Each finding is filed as a GitHub issue witharchitectureorcode-qualitylabel. Journal template extended with an Architecture & Code Quality section; cycle summary includes anti-pattern counts by category and top structural concern.
- All 12 agents: added
Skilltotools:frontmatter — without it theSkill(...)tool calls in startup protocols were silently unavailable in spawned agent contexts. rust-developer,rust-code-reviewer: swapped startup protocol order sorust-modern-apisloads first (step 1) andrust-agent-handoffsecond (step 2). Previouslyrust-modern-apiswas step 2 and was frequently skipped after the handoff context loaded.
continuous-improvementskill: replaced singlejournal.mdwith rotating per-cycle filesjournal/ci-NNN.md(one file per cycle, three-digit zero-padded counter). File is created in Step 0 before agents start; path is passed to agents via{journal-path}in the team prompt; agents append Findings rows in real-time; Step 3 completes the Summary sections. Each file includes a Playbooks section with links to.local/testing/playbooks/,competitive-parity.md, andregressions.md. References updated insdd-integration.md(CI, live-testing, research-protocol copies),issue-management.md, andtesting-methodology.md(CI and live-testing copies).init-projectscaffold:journal.mdcreation replaced withmkdir -p .local/testing/journal/;templates.mdupdated to document the new format.
rust-architectagent: pinnedmodel: claude-opus-4-6(wasopusalias resolving to Opus 4.7). Same per-token price, but Opus 4.6 uses the previous tokenizer — Opus 4.7 may consume up to 35% more tokens for the same content. Effort stayshigh(intelligence-sensitive role: type-driven design, GATs, sealed traits, typestate).rust-criticagent: pinnedmodel: claude-opus-4-6, raisedeffort: medium→high. The critic's role is explicitly adversarial reasoning across eight dimensions (assumption audit, counterexample hunt, scalability stress, etc.) —medium("trade off some intelligence") contradicted the role.highis the documented minimum for intelligence-sensitive work; pinning to 4.6 offsets the cost.rust-security-maintenanceagent: switchedmodel: opus→sonnet, raisedeffort: medium→high. The prompt is largely procedural (cargo-deny, gitleaks, validation snippets) where Sonnet 4.6 is sufficient;higheffort improves quality over the priormediumwhile reducing per-token price by ~40%.
For a typical team-develop run with one architect + one critic + one security pass, the change cuts Opus token consumption per invocation by ~20–25% (tokenizer delta) for architect and critic, and shifts security from Opus to Sonnet (~1.67× cheaper per token). On Pro/Max subscription plans this directly relieves the weekly/5-hour budget; on the API the saving is direct dollar value. No agent contract or coordination chain changed.
rust-agent-handoffskill: trimmed from 238 to 94 lines (–60%) — removed redundant ASCII diagrams, verbose bash snippets, and duplicated Communication Model section; kept frontmatter schema, agent suffix table, status values, on-startup and before-finishing protocols, parallel-merge handling. The skill loads in every agent invocation, so this is the largest per-run token win.team-debugandteam-developskills: compressed embedded Team Communication Template from ~30 lines to ~12 lines — drops repeated boilerplate from every Agent() spawn; full routing matrices remain inreferences/communication-protocol.mdfor agents that need them.rust-developeragent: trimmed from 587 to 151 lines (–74%) — removed inline code examples for async combinators, builders, newtypes, iterators, error handling, and documentation standards (already in model weights); kept DRY policy, Scope Discipline, Out-of-Scope Findings handoff format, Technical Debt Markers, Inline Comments Policy, and Pre-Commit Checks.rust-architectagent: trimmed from 490 to 227 lines (–54%) — removed inline code examples for newtypes, GATs, sealed traits, PhantomData, typestate, and async combinators; kept Project Scale Classification, Type System Decisions, Workspace Architecture rules, Async Concurrency Architecture table, Edition 2024 considerations, and Pre-Implementation Checklist.rust-debuggeragent: trimmed from 464 to 170 lines (–63%) — removed borrow-checker / lifetime / lldb / gdb / tokio-console / memory-debugging code examples; kept full Root Cause → Prevention Protocol (decision tree, prevention techniques, summary checklist) introduced in 1.26.7, plus Compilation Errors as a compact table.rust-performance-engineeragent: trimmed from 424 to 156 lines (–63%) — removed long stream / join / timeout / allocation code examples; kept macOS-specific build optimizations (sccache, XProtect), profile.release config, concurrency tuning rules table, and stream combinator selection table.
Estimated savings per team-develop run (mixed Opus + Sonnet, ~11 agent invocations):
- handoff skill: ~1.7K tokens × 11 = ~18.7K
- communication template: ~420 tokens × 11 = ~4.6K
- trimmed agents (developer, architect, debugger, performance): ~6K total per affected invocation
Total: ~25–30K input tokens saved per team-develop run with no behavioral changes. All agent contracts (handoff schema, code ownership rules, coordination chains) are preserved.
rust-debuggeragent: added Root Cause → Prevention Protocol section — after identifying the root cause the agent now assesses structural fixes that eliminate the entire bug class at compile time; includes decision tree, typestate pattern, newtype wrappers, PhantomData markers, sealed enums, smart constructors, builder pattern, and ownership redesign; mandates a Prevention section in the handoff file
rust-criticagent: critique process now anchors to the task goal before applying dimensions — each finding must pass the filter "does this threaten the task goal?"; findings unrelated to the goal are capped at MINORrust-criticagent: deferral recommendations now require a Deferred Items section in the handoff with concrete// TODO(critic): ...markers; verbal-only deferral notes are prohibitedrust-agent-handoffcritic schema: added Deferred Items output section (id, description, reason, TODO marker) for functionality the critic recommends not implementing now
team-debugskill: addedrust-live-testerto the investigation phase — spawned in parallel withrust-debuggerwhen symptoms involve runtime behavior (panics, crashes, wrong output, flaky tests, async deadlocks); all review agents receive both static and runtime handoffsteam-debugskill: removedrust-criticfrom the review phase — adversarial signal is now provided by the two independent investigation agents (static vs. runtime) and their potential divergenceteam-debugskill: maderust-architectreview conditional — spawned only when symptoms mention recurring/systemic/design issues, or when investigation handoffs explicitly flag an architectural concern; otherwise skipped with task marked completed and removed from consolidate blockers
continuous-improvementskill: upgraded orchestration to use agent teams — addsTeamCreate/TeamDelete,TaskCreate/TaskUpdate, andSendMessagefor peer-to-peer control; agents now run under a named team with task tracking and proper shutdown handshake
rust-live-testeragent (agent 12): new specialist focused exclusively on live binary execution, anomaly detection, coverage tracking, and cross-interface consistency; uses the newlive-testingskillrust-researcheragent (agent 14): new specialist focused on dependency monitoring, security advisories, research & innovation, and competitive parity; uses the newresearch-protocolskilllive-testingskill: authoritative execution guide for rust-live-tester — sync, project discovery, live testing phases, anomaly classification, issue filing; carries dedicated copies of testing-methodology, issue-management, and sdd-integration referencesresearch-protocolskill: authoritative guide for rust-researcher — dependency monitoring, research & innovation, competitive parity; carries dedicated copies of research-protocol, issue-management, and sdd-integration references
continuous-improvementskill: refactored from a monolithic cycle into an orchestrator that spawnsrust-live-testerandrust-researcheras sub-agents based on the requested focus (testing,research,dependencies,parity,full); produces a consolidated cycle summary after both agents completerust-developeragent: added Scope Discipline section — developer never creates GitHub issues; out-of-scope findings are recorded in handoff under "Out-of-Scope Findings" with BLOCKER/NON-BLOCKER classification and suggested action; the code reviewer owns all triage decisions
rust-ci-analystagent: replaced by therust-live-tester+rust-researcherpair with clearer role boundaries
rust-code-revieweragent: added Issue Triage Decision section — after collecting findings the agent explicitly decides what to fix in-PR vs. defer; deferred items are filed as GitHub issues viagh issue createwith structured body and label; issue URLs are reported in the review summaryrust-code-revieweragent: addedBash(gh *)to the tool allowlist to enable GitHub issue creationrust-developerandrust-code-revieweragents now explicitly callrust-modern-apisskill as step 2 of the Startup Protocol, ensuring the trigger pattern table is loaded into working memory at the start of every session
rust-modern-apisskill: lookup table for stable Rust APIs added in 1.89–1.94; covers strings, paths, networking, arithmetic, iterators, collections, slices, I/O, sync, formatting, and results domainsrust-modern-apiswired intorust-developerandrust-code-revieweragents by default — proactively suggests modern replacements when trigger patterns are detected in code
team-debugskill: added Step 3.5 Live Reproduction — when the debugger's handoff indicates that the root cause requires live testing,rust-ci-analystis spawned to attempt reproduction following the continuous improvement protocol; result (confirmed / not reproduced / intermittent) is propagated to all parallel reviewers and included in the final report
team-debugskill: new multi-agent debugging workflow — debugger investigates root cause, parallel review by architect, critic, security, and conditionally performance engineer, code reviewer consolidates findings, debugger applies fixes, results presented to user for issue/epic creation and handoff toteam-develop
rust-teamskill renamed toteam-developfor naming clarity and consistency with the newteam-debugskill
continuous-improvementskill: SDD agent is now invoked before filing GitHub issues for all non-trivial findings (P0–P2 bugs, enhancements, research/parity gaps)- Added Phase 3.5 Spec Creation step in
SKILL.md— spawnssddagent with full finding context before filing - Phase 5 Research & Parity updated: each research finding gets a spec before the issue is filed
references/issue-management.md: step 4 in Filing Protocol now mandates spec creation above thresholdreferences/research-protocol.md: SDD invocation step added before duplicate check- New
references/sdd-integration.md: complete protocol — threshold table, non-interactive invocation template, spec naming convention, output contract, issue body template with spec reference
- Added Phase 3.5 Spec Creation step in
spec-from-streamskill: transforms stream-of-consciousness product descriptions into structured business requirements documents — BRD, SRS (ISO/IEC/IEEE 29148:2018), NFR (ISO/IEC 25010:2011), all formatted as Obsidian notes with full cross-linkingreferences/brd-template.md: Business Requirements Document templatereferences/srs-template.md: Software Requirements Specification template (ISO/IEC/IEEE 29148:2018)references/nfr-template.md: Non-Functional Requirements template (ISO/IEC 25010:2011)references/question-bank.md: guided gap-filling question bank with stop-signal detectionreferences/vault-template.md: Zettelkasten decomposition instructions for spec documents
rust-teamskill: SDD agent step removed from the orchestration workflow — SDD is now a prerequisite step that must be run by the user before launching rust-team, not embedded inside it. Added prerequisite note to the skill. Updated dependency chain: developer now unblocks after critic (was: after sdd).
sddagent: expanded from a formatting-only specialist to a full-cycle SDD orchestrator- Now covers the complete pipeline: stream-of-consciousness → BRD/SRS/NFR → spec/plan/tasks → knowledge base
- Added
spec-from-streamskill dependency - Upgraded model from
haikutosonnet, permission mode set toacceptEdits - Added routing logic to enter the pipeline at the correct phase based on user input
- BRD/SRS/NFR artifacts feed directly into spec/plan/tasks generation (Phase B reads Phase A output)
- Memory section added: agent captures user patterns and domain terms after each phase
rust-teamskill: added SDD agent step (Step 4.5 / Step 2.75) between critic approval and developer spawn — after the architecture critique is approved, therust-agents:sddagent creates or updates a structured specification in.local/specs/before implementation beginsrust-team: updated task dependency chain —specifytask now sits betweencritiqueandimplement, blocking the developer until the spec is readyrust-team: handoff accumulation chain extended — SDD handoff is passed to all subsequent agents (developer, validators, reviewer)rust-team: Refactoring workflow template updated to includecriticandsddsteps (architect → critic → sdd → developer → ...)
obsidian-zettelkastenskill: format documentation as Obsidian knowledge base using Zettelkasten method — atomic notes, wikilink cross-referencing, Maps of Content, YAML properties, callouts, tag taxonomyreferences/obsidian-syntax.md: complete Obsidian Markdown syntax reference (properties, wikilinks, embeds, callouts, tags, math, Mermaid, HTML)references/zettelkasten-structure.md: note types, linking patterns, vault conventions, templates, processing workflow
sddagent: addedobsidian-zettelkastenskill dependency, all spec artifacts now use Obsidian-flavored Markdownsddskill: all templates converted to Obsidian format — YAML frontmatter properties replace blockquote metadata, wikilinks replace plain links, Mermaid replaces ASCII diagrams, callouts replace raw blockquotes, MOC-specs index note added to init phase, Obsidian format check added to review phase. Formatting rules delegated toobsidian-zettelkasten(no duplication)rust-architectagent: removedsddskill dependency and Phase 0 (Specification). Architect produces architectural plans only; specifications are created by the dedicatedsddagent
rust-ci,rust-tech-writeroptimise model token usage
rust-teamskill: main session now acts as team lead directly — no separaterust-teamleadsubagent layer. Fixes teamlead self-implementing instead of delegating.rust-teamskill: fully self-contained — embedded team communication template, spawn instructions, fix-review cycle, report format. No morecat references/commands that failed outside plugin directory.solve-issueskill: step 5 now invokesrust-teamskill directly instead of spawningrust-teamleadsubagent.- All agent spawn templates: corrected
SendMessagerecipient from"teamlead"to"team-lead"(matchesTEAM_LEAD_NAMEconstant in Claude Code source).
rust-teamleadagent definition — redundant with the main session acting as team lead.
solve-issueskill: step 5 now spawnsrust-agents:rust-teamleadagent instead of invoking/rust-agents:rust-teamskill directly — prevents main Claude from acting as orchestrator without teamlead constraints, fixing the issue where teamlead was implementing code itselfsolve-issueskill: removed description ofrust-teaminternal agent sequence (separation of concerns)triage-and-solveskill: removed description ofsolve-issueinternal steps (separation of concerns)
solve-issueskill: removeddisable-model-invocationrestrictioncontinuous-improvementskill: removeddisable-model-invocationrestriction
init-projectskill: new.claude/rules/commits-and-issues.mdrule template — centralizes Conventional Commits 1.0.0 format specification and issue filing protocol in one placerust-teamleadagent: explicit requirement to follow Conventional Commits 1.0.0 and read.claude/rules/commits-and-issues.mdbefore composing commit messagesrust-code-revieweragent: commit message format added to approval criteria checklistsolve-issueskill: reads.claude/rules/commits-and-issues.mdwhen present for commit and issue conventions
continuous-improvement/references/issue-management.md: added pointer to canonical.claude/rules/commits-and-issues.mdto avoid duplication
tech-writeragent (agent 13): autonomous technical writer specializing in user-facing documentation with mdBook, progressive disclosure storytellingmdbook-tech-writerskill: write, structure, and maintain high-quality technical documentation using mdBook
rust-agent-handoffskill: handoff format migrated from flat YAML to Markdown+YAML frontmatter (.yaml→.md)- Frontmatter contains only flat scalar routing metadata:
id,parent,agent,status,summary,next_agent,next_task,next_priority - New
summaryfield in frontmatter: one sentence of what was done — enables ancestor chain traversal via frontmatter-only reads instead of full file reads - Body uses free Markdown sections (
## Context,## Output,## Blockers,## Acceptance Criteria) — eliminates YAML indentation errors in complex output - New inline frontmatter passing: agents return frontmatter block in response so parent can route without reading any files
- New frontmatter-only read command (
awk) for ancestor chain traversal — reduces token cost for deep chains by ~70% - All
references/*.mdrewritten: YAML output schemas replaced with Markdown section templates; domain knowledge preserved
- Frontmatter contains only flat scalar routing metadata:
- All agents: added explicit DRY (Don't Repeat Yourself) guidance to prevent code duplication
rust-developer: new "DRY" section with mandatory Grep/Glob search before implementing any function, trait, or module; anti-patterns updatedrust-code-reviewer: DRY violations added as 🟡 IMPORTANT review criterion; new DRY checklist in Code Quality Checklistrust-architect: new "DRY at Architecture Level" section — scan for existing abstractions before designing new ones; shared logic must go to core/domain craterust-testing-engineer: new "DRY in Tests" section — shared fixtures intests/common/, reuse mocks, extract repeated setup to helpersrust-critic: DRY violations (duplicated logic, copy-pasted error variants) added to "Alternative Hypotheses" red flags
rust-teamskill: added mandatory reading step at startup — model now explicitly readsreferences/team-workflow.md,references/communication-protocol.md, andreferences/result-aggregation.mdbefore proceeding
rust-teamleadagent: spawn prompt template in agent definition used ambiguousrun /rust-agent-handoff— replaced with explicitSkill(skill: "rust-agents:rust-agent-handoff")call and step-by-step handoff instructions (timestamp capture, schema reading, YAML write before finishing)rust-teamleadagent: teamlead's own handoff chain section also usedrun /rust-agent-handoff— replaced withSkill(...)call- All 9 specialist agents (architect, developer, testing, performance, security, reviewer, cicd, debugger, critic): added
# Startup Protocol (MANDATORY)section with explicitSkill(skill: "rust-agents:rust-agent-handoff")call, timestamp capture, schema read, and handoff write instructions — agents previously had the skill listed in frontmatter but no instruction to invoke it
rust-teamskill: replaced ambiguousrun /rust-agent-handoffin agent spawn prompts with explicitSkill(skill: "rust-agents:rust-agent-handoff")call — agents now correctly load and follow the handoff protocolrust-teamskill: communication-protocol template now includes step-by-step handoff instructions with timestamp capture, schema reading, and mandatory YAML write before finishing
rust-agent-handoffskill: correctedreference/path typo toreferences/in startup instructions — agents now correctly read agent-specific output schemasrust-agent-handoffskill: consolidated duplicate## On Startupsections into a single ordered sequence to prevent agents from missing timestamp capture or schema reading steps
rust-architectagent: added Phase 0 (Specification) — create/update spec via/sddskill after analysis when developing new functionalityrust-architectagent: added Specification section to Pre-Implementation Checklistrust-agent-handoffskill: addedspecfield to architect output schema for propagating spec path through handoff chainrust-agent-handoffskill: agents now checkoutput.specin handoff chain and read spec before starting work
rust-teamleadagent — team orchestrator for multi-agent collaborative development (merged from rust-team plugin)rust-teamskill — full team workflow with communication protocol, task structure, and result aggregation (merged from rust-team plugin)
rust-lifecycleskill — userust-teamskill instead for full development workflow orchestration
- Add
ToolSearch("select:TaskCreate,TaskUpdate,TaskList,TaskGet")as first step inrust-lifecycleworkflow-steps.md — task tools are deferred and must be loaded before use; without schema load the LLM emits wrong parameter names (e.g.idinstead oftaskId)
- Replace deprecated
TaskOutputreferences withReadon task output file path inrust-lifecycleskill
effortfrontmatter for all agents:highfor architect (deep architectural reasoning),mediumfor all others (security, critic, developer, testing, performance, cicd, debugger, code-reviewer, sdd)effortfrontmatter for skills:mediumfor sdd,lowfor fast-yamlmaxTurnsfrontmatter for critic (15) and code-reviewer (20) to prevent unbounded iterationsmaxTurnsprevents unbounded iterations in review-only agents
sddagent: Spec-Driven Development specialist for creating structured specifications, technical plans, and implementation task breakdownssddskill: Self-contained SDD workflow with embedded constitution, spec, plan, and tasks templates; supportsinit,specify,plan,tasks, andreviewphases
rust-architect: addedsddskill to enable structured spec output in SDD format when planning features
rust-architect: addedultrathinkdirective before the Architecture Decision Framework to trigger extended thinking on architectural decisionsrust-critic: addedultrathinkstep in the Critique Process before applying the eight dimensions to surface non-obvious failure modesrust-debugger: downgraded model fromopustosonnet— debugging is iterative tool use, not deep reasoning; sonnet's speed is an advantage
rust-code-reviewer: downgraded model fromopustosonnet— review tasks are pattern-based and do not require deep reasoning
readme-generatorskill: added warning that GitHub callouts ([!NOTE],[!TIP], etc.) render as plain blockquotes on PyPI and npm — avoid using them for Python and TypeScript/JavaScript packages
rust-lifecycleskill:rust-criticnow runs a second time in the parallel validation phase after implementation, alongsiderust-performance-engineer,rust-security-maintenance, andrust-testing-engineer- Added
phase-N-validate-critiquetask that blocks onphase-N-implementand unblocksphase-N-review, matching the dependency pattern of other validation tasks rust-code-reviewernow receives the critic's implementation handoff alongside performance, security, and testing handoffs for a more complete review context- Updated workflow diagram and task structure table in
SKILL.mdto reflect the new step
rust-criticworkflow diagrams: removed square brackets that implied optional invocation; added explicit(MANDATORY)marker and[!IMPORTANT]callout to enforce mandatory critic step
rust-lifecycleskill:rust-criticis now a mandatory step in the workflow, running after everyrust-architectphase before implementation begins- Workflow diagram and task table updated to include
phase-N-critiquetask between plan and implement phase-N-implementnow blocks onphase-N-critique, not onphase-N-plandirectly- Added verdict-based branching logic:
criticalandsignificantverdicts force architect redesign and critic re-run before implementation can proceed; onlyapprovedorminorunblock implementation workflow-steps.mdupdated with full execution guide for the critique phase including verdict handling
- New
rust-releaseskill for automated release preparation workflow- Supports patch/minor/major semver version bumps
- Creates release branch, updates all Cargo.toml manifests
- Finalizes CHANGELOG.md with versioned section and comparison links
- Refreshes README via
/readme-generatorskill integration - Runs pre-release quality checks (fmt, nextest, clippy, build)
- Creates commit, pushes branch, and opens PR via
gh - Handles both single-crate and workspace projects
- Reference documentation for changelog format conventions
- JSON → YAML conversion documentation in
fast-yamlskill- Added
fy convert yamlCLI command documentation - Python API examples for JSON → YAML conversion with helper functions
- Node.js/TypeScript API examples including batch conversion and CLI script
- Bidirectional conversion patterns for both YAML ↔ JSON directions
- Added
- Updated
fast-yamlskill description to include JSON → YAML triggers - Enhanced Quick Reference table with both conversion directions
- Updated CLI commands reference with comprehensive bidirectional conversion examples
- Changed memory scope from
project/localtouserfor all agents to resolve access issues with ~/.claude/ directory
- New
fast-yamlskill for YAML validation, formatting, and conversion- Complete CLI reference with batch processing and parallel execution support
- Python API documentation with linting and parallel processing capabilities
- Node.js/TypeScript API reference for modern JavaScript projects
- YAML 1.2.2 specification guide with migration examples from YAML 1.1
- Supports validation, formatting, linting, and YAML-to-JSON conversion
- Triggers on keywords: validate yaml, format yaml, lint yaml, check yaml syntax, convert yaml to json
- Added
memoryfrontmatter field to all 8 agents for persistent memory support (introduced in Claude Code v2.1.33)projectscope for 6 agents: rust-architect, rust-developer, rust-testing-engineer, rust-performance-engineer, rust-security-maintenance, rust-cicd-devopslocalscope for 2 agents: rust-code-reviewer, rust-debugger
- Agent frontmatter now includes memory configuration to enable context persistence across sessions
- Feature flags testing strategy in rust-cicd-devops agent
- Comprehensive CI/CD workflow examples for testing with different feature combinations
See git history for changes in versions 1.9.4 and earlier.