{"id":48855254,"url":"https://github.com/fatihkan/badi","last_synced_at":"2026-06-06T10:01:43.057Z","repository":{"id":350459237,"uuid":"1205691116","full_name":"fatihkan/badi","owner":"fatihkan","description":"Workflow management CLI for Anthropic Claude Code, Cursor, and Gemini CLI. 22 AI subagents, 83 commands, 13 hooks, 62 skill categories. Built for Claude Opus 4.7 and Sonnet 4.6.","archived":false,"fork":false,"pushed_at":"2026-06-05T11:51:14.000Z","size":3902,"stargazers_count":5,"open_issues_count":10,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-05T12:10:12.418Z","etag":null,"topics":["agents","ai-agents","ai-workflow","anthropic","chatgpt","claude","claude-cli","claude-code","cli","code-review","codex","cursor","developer-tools","gemini-cli","hooks","llm-tools","openai","owasp","productivity","subagents"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@fatihkan/badi","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fatihkan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["fatihkan"],"buy_me_a_coffee":"fatihkan"}},"created_at":"2026-04-09T07:37:56.000Z","updated_at":"2026-06-05T11:51:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fatihkan/badi","commit_stats":null,"previous_names":["fatihkan/badi"],"tags_count":58,"template":false,"template_full_name":null,"purl":"pkg:github/fatihkan/badi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihkan%2Fbadi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihkan%2Fbadi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihkan%2Fbadi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihkan%2Fbadi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fatihkan","download_url":"https://codeload.github.com/fatihkan/badi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihkan%2Fbadi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33977371,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai-agents","ai-workflow","anthropic","chatgpt","claude","claude-cli","claude-code","cli","code-review","codex","cursor","developer-tools","gemini-cli","hooks","llm-tools","openai","owasp","productivity","subagents"],"created_at":"2026-04-15T12:02:39.393Z","updated_at":"2026-06-06T10:01:43.048Z","avatar_url":"https://github.com/fatihkan.png","language":"JavaScript","funding_links":["https://github.com/sponsors/fatihkan","https://buymeacoffee.com/fatihkan"],"categories":[],"sub_categories":[],"readme":"# BADi: A Workflow Management System for Claude Code\n\n\u003e **Language / Dil:** **English** · [Turkce](README.tr.md)\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://img.shields.io/npm/v/@fatihkan/badi?color=00d4ff\u0026style=flat-square\" alt=\"npm version\" /\u003e\n \u003cimg src=\"https://img.shields.io/npm/dm/@fatihkan/badi?color=00d4ff\u0026style=flat-square\" alt=\"npm downloads per month\" /\u003e\n \u003cimg src=\"https://img.shields.io/npm/dt/@fatihkan/badi?color=00d4ff\u0026style=flat-square\" alt=\"npm total downloads\" /\u003e\n \u003cimg src=\"https://img.shields.io/npm/l/@fatihkan/badi?color=00d4ff\u0026style=flat-square\" alt=\"license\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/tests-1161%20passing-00d4ff?style=flat-square\" alt=\"tests\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/node-%3E%3D20.11-00d4ff?style=flat-square\" alt=\"node\" /\u003e\n\u003c/p\u003e\n\n**Workflow management CLI for Anthropic Claude Code, Cursor, and Gemini CLI** — built for **Claude Opus 4.7** and **Sonnet 4.6**. Ships **30 AI subagents** (incl. a virtual eng team, ads strategist, and market/SEO/data analysts), **84 slash commands** (profile-based core/dev/content/pentest management since v1.26), **14 automation hooks**, and **62 opt-in skill categories** (25 general + 25 pentest-* advisory/defensive since v1.25 + 12 expo-* mobile dev lifecycle since v1.27) with **prompt-aware auto-routing** for both skills and commands (v1.20+ / v1.26+). OWASP Top 10 scans, code review, content production, mobile/web SEO, App Store market research with `wishlist` + `gaps` analysis. Cuts token consumption ~96% on repetitive workflows. **v1.12+** adds multi-harness support — the same `.claude/` tree compiles into Cursor and Gemini CLI assets. **v1.16+** hardens CodeQL surface (TLS strict-first, DOM-based HTML parsing, URL hostname validation).\n\n## Demo\n\n\u003c!-- assets/demo.gif rendered from assets/demo.tape via `vhs`. See \"Render the demo\" below. --\u003e\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"assets/demo.gif\" alt=\"Badi 30-second demo: install, init, doctor, list, skills, stats\" /\u003e\n\u003c/p\u003e\n\n\u003e **Render the demo:** `brew install vhs \u0026\u0026 vhs assets/demo.tape` produces `assets/demo.gif` deterministically. The tape is text-checked into the repo so the GIF is reproducible.\n\n## Install Options (v1.30.1+)\n\n| Channel | Command | Status |\n|---------|---------|--------|\n| **npm** (primary) | `npm i -g @fatihkan/badi` | ✅ Live |\n| **Claude Code marketplace** | `/plugin install fatihkan/badi` | ✅ Live (manifest in repo) |\n| **Homebrew** (macOS / Linux) | `brew tap fatihkan/badi \u0026\u0026 brew install badi` | ⏳ Coming soon (tap repo setup pending) |\n| **Scoop** (Windows) | `scoop bucket add badi https://github.com/fatihkan/scoop-bucket \u0026\u0026 scoop install badi` | ⏳ Coming soon (bucket repo setup pending) |\n\nSource of truth: npm. Other channels mirror the same `@fatihkan/badi-\u003cversion\u003e.tgz`. Sha256/hashes are populated by the release workflow (`.github/workflows/dist-publish.yml`). Homebrew and Scoop channels are skeletoned in [`dist/`](dist/README.md) but the **tap/bucket mirror repos (`fatihkan/homebrew-badi`, `fatihkan/scoop-bucket`) are not yet created** — until then, use npm or the Claude Code marketplace.\n\n## One-Command Install\n\n**As a Claude Code plugin (no Node.js required for install)**:\n\n```bash\n# Inside Claude Code\n/plugin marketplace add fatihkan/badi\n/plugin install badi@badi-marketplace\n```\n\n**As an npm CLI (full feature set: 30 agents · 84 commands with profile management (v1.26+) · 14 hooks · 62 opt-in skill categories with auto-router)**:\n\n```bash\nnpx @fatihkan/badi init # interactive harness picker\nnpx @fatihkan/badi init --harness cursor # non-interactive: Cursor only\nnpx @fatihkan/badi init --harness all # write files for every supported harness\n```\n\n\u003e The plugin path ships agents, slash commands, and skills via `/plugin install`. The npm path adds hooks, the multi-harness compiler (Cursor / Gemini CLI), and the full `badi` CLI toolchain.\n\n### Windows install (v1.23+)\n\nBadi runs on Windows out of the box: hooks are pure Node.js (no bash required), the scheduler uses Windows Task Scheduler, and `badi doctor` reports OS-aware status.\n\n```powershell\n# PowerShell or cmd\nnpm install -g @fatihkan/badi\nbadi init --harness claude\nbadi doctor # OS / Bash / Sched / UTF-8 status\n```\n\nFor Turkish/UTF-8 output in cmd, run `chcp 65001` once or use Windows Terminal / PowerShell 7+. WSL users can install normally — Linux path is auto-detected.\n\n### Supported harnesses (v1.12+)\n\n| Harness | Rules | Commands | MCP | Subagents | Hooks | Skills |\n|---------|:-----:|:--------:|:---:|:---------:|:-----:|:------:|\n| Claude Code | `CLAUDE.md` | 84 | `.mcp.json` | 27 | 14 | 62 |\n| Cursor | `.cursor/rules/badi-main.mdc` | 84 | `.cursor/mcp.json` | — | — | — |\n| Gemini CLI | `GEMINI.md` (merged) | inline | `.gemini/settings.json` | — | — | — |\n| Windsurf (v1.30+) | `.windsurfrules` (merged) | inline | — | — | — | — |\n| AGENTS.md (v1.30+) | `AGENTS.md` (merged) | inline | — | — | — | — |\n\nClaude is the canonical source. Cursor/Gemini/Windsurf/AGENTS.md adapters compile from the same `.claude/` tree. Components a target harness does not support (hooks/skills/subagents) are listed in the `badi init` output under `skippedComponents`. AGENTS.md is the neutral fallback for OpenAI Codex CLI, Aider, and any other tool that reads project-level agent context.\n\n## What You Get\n\n| Feature | Details |\n|---------|---------|\n| **30 expert agents + 84 commands** | Full toolkit from security scanner to performance profiler, plus a virtual eng team (CEO / eng manager / release manager / QA lead) wired together by `/team`, and an ads strategist (`/meta-review`, `/ads-review`) — profile-based filtering (core/dev/content/pentest) since v1.26 |\n| **14 automation hooks + 62 opt-in skill categories** | Branch protection, backups, OWASP Top 10 scanning, 9 Frontend Taste variants. Skills load zero tokens by default since v1.17; auto-router (v1.20+) injects matching skills per prompt; pentest-* family (v1.25+ advisory/defensive); expo-* family (v1.27+ mobile dev lifecycle); command routing (v1.26+); plan-injection hook (v1.30+) |\n| **App Store market research** | `badi market discover/reviews/difficulty/wishlist/gaps` — competitor maps, demand×supply matrix (Reddit + App Store), opportunity gap cross-analysis |\n| **Multi-harness support (v1.12+, expanded v1.30+)** | Claude Code, Cursor, Gemini CLI, Windsurf, AGENTS.md — same `.claude/` source, 5 targets |\n| **Observability (v1.29+) + self-telemetry (v1.30+)** | Read Claude Code transcripts (`badi stats --session/--models/--cost`, `badi search`, `badi session`) + emit own command events (`badi events list/stats`, BADI_TELEMETRY=off to disable) |\n| **1161 passing tests** | CLI integration, harness adapters, schema/bundler/publish, watcher/scheduler, market, design, profile management, hook fail-safe resilience, secret-scan hardening, plugin manifest schema, transcript-reader, event emitter |\n| **Content engine (English)** | Template inheritance, auto-generated posts, threads, newsletters, podcasts, case studies |\n| **WordPress + SEO + ASO + Mobile modules** | WP-CLI/REST, 20+ SEO checks, App Store + Play Store, crash/deeplink/OTA scaffolding |\n| **Modular architecture** | 22 command modules, `lib/harnesses/` adapter layer, ~6MB `.claude/` tree |\n| **Open source (MIT)** | Community-first, transparent licensing |\n\n\u003e CLI language: all output, command grammar, and slash commands are English as of v1.32 (English-only migration complete).\n\n## Quick Start\n\n```bash\n# Install\nnpx @fatihkan/badi init\n\n# Verify\nbadi doctor\n\n# Daily workflow\nbadi list --agents # List 30 agents\nbadi stats # Usage analytics\nbadi schedule list # Reminders\n```\n\n### Auto Skill Router (v1.20+)\n\nStop manually opting skills in. The router reads each prompt, scores it against the vault's `SKILL.md` descriptions, and injects matching skill bodies into context only when relevant.\n\n```bash\nbadi skills route \"add schema markup for SEO\" # show ranked matches\nbadi skills route --inject \"...\" | jq # SKILL.md bodies + JSON\nbadi skills auto on # install UserPromptSubmit hook\nbadi skills auto off # remove hook\nbadi skills auto status # current state\n```\n\n#### Inside a Claude Code session — example flow\n\n```\nYou ▸ Build a 5-frame carousel for Instagram, keep the brand voice consistent.\n\n[Badi auto-router]\n Based on your prompt, these skills were auto-activated:\n - social-media (score 6) — triggers: instagram, post\n - content (score 4) — triggers: carousel, brief\n\nClaude ▸ {The SKILL.md bodies of social-media + content were injected into\n context — short-form publishing flow, hashtag strategy, and the\n brand-voice consistency guide are now loaded.}\n Building a 5-frame carousel...\n```\n\nPer-turn injection: the hook **does not write to the filesystem**, it only adds to that turn's context. The token cost applies only when there is a match — for a short prompt or no match, the hook silently passes.\n\n#### Example 2 — `seo-crawl-budget` skill auto-trigger\n\n```\nYou ▸ Blog posts on my new domain aren't getting indexed within 24 hours,\n how do I manage crawl budget? I have a long-tail keyword list.\n\n[Badi auto-router]\n Based on your prompt, these skills were auto-activated:\n - seo-crawl-budget (score 12) — triggers: crawl budget, indexing,\n long-tail, search console\n - seo (score 4) — triggers: SEO, keyword\n\nClaude ▸ {seo-crawl-budget SKILL.md injected: 6-phase campaign methodology,\n 20-article plan, cyclical internal-link matrix, and Search Console\n actions are loaded.}\n Planning a 20-article campaign: 10 articles in Group A\n (even publishing), 10 articles in Group B (spread over 5 days)...\n```\n\n**Manual usage** (without the auto-router):\n\n```bash\nbadi skills available | grep seo-crawl-budget # present in the list\nbadi skills add seo-crawl-budget # opt-in (persistent)\nbadi skills list # see active skills\n```\n\nWhen the skill is active, Claude Code loads the SKILL.md body on `/start` or in a new session. The difference from the auto-router: no persistent activation, it only kicks in on SEO-related prompts (token savings).\n\n### Profile-Based Commands + Command Router (v1.26+)\n\nSame opt-in philosophy applied to the 84 slash commands. Pick a profile (`core`, `dev`, `content`, `pentest`, `all`) to physically filter `.claude/commands/`; the canonical store lives in `.claude/commands-vault/`. The router additionally scores prompts against command descriptions and surfaces top matches as a lightweight hint blob — your skills router hook calls both routers automatically.\n\n```bash\n# Profile management\nbadi commands # status: active profile + counts\nbadi commands profile content --yes # switch profile, no prompt\nbadi commands profile dev --dry-run -v # preview which commands change\nbadi commands restore # back to \"all\" profile\nbadi commands available # list every command in the vault\n\n# Prompt-aware command routing\nbadi commands route \"write a new post\" # ranked matches\nbadi commands route \"react bug fix\" --top 5 --json\necho \"release plan\" | badi commands route --inject # hook-format hint blob\n```\n\nFull flag list: `badi commands --help` (route flags: `--top N`, `--inject`, `--json`; profile flags: `--yes`, `--dry-run`, `--force`, `--verbose`). User-authored commands (not registered in the profile map) are never touched on profile switch.\n\n### Output Styles + Status Line (v1.22+)\n\nCustomize Claude Code response style and the bottom status line:\n\n```bash\n# Output styles — concise/detailed/eli5 response modes\nbadi outputstyle available\nbadi outputstyle add terse\n# Then in Claude Code: /output-style terse\n\n# Status line — branch + skill chip\nbadi statusline set git # [branch*]\nbadi statusline set skill-chip # [branch] [skills:N]\n```\n\nBoth write to `.claude/` (output-styles/, status-line/, settings.json) — opt-in, project-scoped.\n\n### MCP Server (v1.23+)\n\nExpose Badi as a [Model Context Protocol](https://modelcontextprotocol.io/) server. Any MCP-compatible client (Claude Code, Cursor, Continue.dev, Claude Desktop) can call Badi tools/resources from any project:\n\n```bash\n# One-time install for Claude Code\nclaude mcp add badi -- npx -y @fatihkan/badi mcp serve\n\n# Or write the .mcp.json snippet manually\nbadi mcp config \u003e .mcp.json\n\n# Inspect what's exposed\nbadi mcp tools # 4 read-only tools\nbadi mcp resources # memory, knowledge-base, taskboard\n```\n\nZero external dependencies (JSON-RPC over stdio, ~100 LOC). Tools cover the auto-router (`badi.skills.route`, `.list`, `.available`, `.inject`) — perfect for piping prompt-aware skill injection into other agents.\n\n### Software Development\n```bash\n/start # Start the day\n/audit # Quality audit\n/security-scan # Security scan (48 skills)\n/review # Code review\n/wrap-up # End-of-day summary\n```\n\n### Content Production\n```bash\nbadi content start # Morning session\nbadi content post \"topic\" --lang tr,en # Parallel TR/EN generation\nbadi content carousel \"5 tips\" # Carousel template\nbadi content video \"tutorial\" # Video script\nbadi content search \"productivity\" # Archive search\nbadi content perf --trend # Performance tracking\nbadi content close # End-of-day summary\n```\n\n### WordPress Management (v1.4+)\n```bash\nbadi wp add blog https://blog.com --method rest # REST API\nbadi wp add staging --method wp-cli --ssh user@host # SSH + WP-CLI\nbadi wp add local --method wp-cli --path /var/www # Local WP-CLI\nbadi wp list # Registered sites\nbadi wp status blog # WP version + theme + plugins\nbadi wp plugins staging # Plugin listing\nbadi wp update staging all # Core + plugins + themes\nbadi wp security staging # 6-point security scan\n```\n\n### Mobile Development (v1.5+)\n```bash\nbadi mobile init MyApp --framework react-native # Project scaffold\nbadi mobile version bump minor # iOS + Android + Flutter sync\nbadi mobile build ios # Release build\nbadi mobile release testflight # TestFlight guide\nbadi mobile assets icon ./logo-1024.png # 40+ size guide\nbadi mobile assets screenshots # Sizes + built-in skill\n```\n\n### Frontend Taste - Premium UI Skills (v1.10+)\n```bash\nbadi taste # List the 9 design variants\nbadi taste show default # Print a variant's full SKILL.md\nbadi taste prompt brutalist # Show an example trigger prompt\nbadi taste status # Check install (9/9 variants)\n```\n\nNine bundled variants that stop Claude Code from generating generic \"AI-looking\" UI:\n\n| Variant | When to use |\n|---------|-------------|\n| **default** | All-rounder. Premium frontend with DESIGN_VARIANCE / MOTION_INTENSITY / VISUAL_DENSITY dials. |\n| **gpt-taste** | Strict editorial. Wide typography, AIDA structure, mandatory GSAP ScrollTriggers. |\n| **minimalist** | Clean editorial (Notion / Linear feel). Warm monochrome, flat bento grids. |\n| **brutalist** | Swiss typographic print + military terminal. Rigid grids, raw structure. |\n| **soft** | High-end agency feel. Calm, expensive, premium fonts, spring motion. |\n| **redesign** | Audits an existing UI and fixes generic AI patterns without breaking functionality. |\n| **output** | Anti-truncation. Stacks with any variant when the agent keeps leaving placeholders. |\n| **stitch** | Generates agent-friendly `DESIGN.md` files for Google Stitch. |\n| **images-first** | Image-first workflow - generate references, analyze, then implement. |\n\nTrigger in Claude Code by naming the variant in your prompt:\n\n```\nBuild a premium landing page hero. Use the frontend-taste/default skill.\nRedesign this dashboard. Use the frontend-taste/redesign skill.\n```\n\n### App Store Market Research (v1.15+)\n\n```bash\nbadi market 284882215 # Full report (Facebook example)\nbadi market 284882215 --country us,gb,de --pages 5 # Multi-region, deeper review pull\nbadi market discover 284882215 --limit 15 # Competitor discovery only\nbadi market difficulty 284882215 # 0-100 score + verdict\n```\n\nCombines competitor discovery, multi-region review aggregation, complaint categorization (11 codes), and a difficulty score (BLUE_OCEAN / COMPETITIVE / HARD / SATURATED) into one report. No API keys — uses iTunes Lookup, iTunes Search, and Apple RSS endpoints.\n\n### App Store Optimization (v1.5+, extended in v1.11)\n```bash\nbadi aso audit 284882215 # App listing audit (iOS)\nbadi aso playstore com.facebook.katana # Google Play listing audit (v1.11+)\nbadi aso reviews 284882215 --country us # Real reviews + sentiment (v1.11+)\nbadi aso screenshots 284882215 # App-specific asset analysis (v1.11+)\nbadi aso keywords 284882215 # Keyword analysis\nbadi aso compete 284882215 310633997 # Competitor comparison\nbadi aso metadata appstore # Character-limit guide\nbadi content release-notes --platform ios --version 2.0.0 --lang tr,en\n```\n\n### SEO (extended in v1.11)\n```bash\nbadi seo audit https://example.com # Full SEO audit (20+ checks)\nbadi seo meta https://example.com # Meta-tag analysis\nbadi seo sitemap https://example.com # sitemap.xml + robots.txt check\nbadi seo speed https://example.com # Page-speed + resource analysis\nbadi seo backlinks example.com # DuckDuckGo mentions + Wayback snapshots (v1.11+)\nbadi seo rank example.com \"keyword\" # DuckDuckGo organic rank check (v1.11+)\nbadi seo compare https://a.com https://b.com # Side-by-side SEO audit (v1.11+)\n```\n\n### Content Templates (extended in v1.11)\n```bash\nbadi content post \"launch\" # Social post (3 variants)\nbadi content carousel \"5 tips\" # Instagram/LinkedIn carousel\nbadi content video \"30s demo\" # Video script (hook → beats → CTA)\nbadi content newsletter \"weekly update\" # Email newsletter (v1.11+)\nbadi content podcast \"episode 01\" # Podcast episode + show notes (v1.11+)\nbadi content thread \"10 tips\" # X/LinkedIn 10-post thread (v1.11+)\nbadi content case-study \"acme\" # Customer success story (v1.11+)\n```\n\n### Mobile (extended in v1.11)\n```bash\nbadi mobile crash-setup react-native sentry # Sentry/Crashlytics scaffold (v1.11+)\nbadi mobile deeplink example.com # Universal link + AASA/assetlinks (v1.11+)\nbadi mobile ota expo # OTA update setup (v1.11+)\n```\n\n### Publish Orchestrator (v1.11+)\nOne command replaces the full release ritual.\n```bash\nbadi publish check # Preflight (git clean, branch, gh/npm auth)\nbadi publish --dry-run # Print every step without applying\nbadi publish --version minor # Bump + commit + tag + push + gh release + npm publish\nbadi publish --skip-npm # Git + GitHub only\n```\n\n### Domain Health (v1.6+)\n```bash\nbadi ssl example.com # SSL cert + TLS + cipher\nbadi dns example.com # A/MX/SPF/DMARC/CAA + email security score\nbadi whois example.com # Registration + expiry + transfer lock\n```\n\n### Performance \u0026 Accessibility (v1.6+)\n```bash\nbadi lighthouse https://site.com # Core Web Vitals + Perf/A11y/SEO/BP\nbadi a11y https://site.com # WCAG 2.1 (axe-core)\nbadi secret-scan # 17 patterns (working tree)\nbadi secret-scan --git # + last 100 commits\n```\n\n### AI/LLM Tools (v1.8+)\n```bash\nbadi ai token # .claude/ token-usage analysis\nbadi ai prompt-test # Slash/agent regression tests\nbadi ai memory-diff # memory.md limit check\nbadi ai review # Claude API code review (Haiku 4.5)\nbadi ai translate file.md --to en # Markdown translation\n\n# Claude API setup:\nexport ANTHROPIC_API_KEY=sk-ant-...\n```\n\n### DevOps + Code Quality (v1.8+)\n```bash\nbadi dev deps # Dependency update analysis\nbadi dev deps --apply-patch # Auto patch-level updates\nbadi dev bundle # Bundle size + framework detection\nbadi dev docker-lint # Dockerfile best practices\nbadi dev env-check # .env validation\nbadi dev api-test https://api.com/health # HTTP endpoint tester\n```\n\n### Git Workflow (v1.6+)\n```bash\nbadi commit # Conventional-type suggestions + staged diff\nbadi commit --check # Last commit format check\nbadi commit --message \"feat: X\" # Format validation + git commit\nbadi changelog # Preview\nbadi changelog --write --version 1.6.0 # Write to CHANGELOG.md\n```\n\n### SEO Audits (v1.4+)\n```bash\nbadi seo audit https://example.com # 20+ checks, SEO score\nbadi seo meta https://example.com # Meta tag analysis\nbadi seo sitemap https://example.com # robots.txt + sitemap.xml\nbadi seo speed https://example.com # TTFB + resource analysis\n```\n\nSEO audit checks: Title, Description, Open Graph, Twitter Card, H1 structure, image alt tags, canonical URL, viewport, lang, charset, HTTPS, Schema.org, robots meta, word count, link analysis.\n\n### Project Architecture\n```bash\n/architect # Turn an idea into 5 documents\n/scaffold # Generate code scaffolding\n/adr # Architecture Decision Record\n/spec-check # Spec compliance check\n```\n\n## Security Layer\n\nComprehensive scanning with the security + pentest-* skill families:\n\n| Category | Scope |\n|----------|-------|\n| **Injection** | SQLi, NoSQLi, XSS, CSRF, SSRF, SSTI, XXE, Command, LDAP |\n| **Auth \u0026 Access** | Authentication, Authorization, JWT, Privilege Escalation |\n| **Data** | Secret scanning, Crypto, Data exposure |\n| **API** | API security, CORS, GraphQL, Rate limiting, WebSocket |\n| **Infrastructure** | Docker, IaC, CI/CD security |\n| **Language scanners** | Go, TypeScript, Python, PHP, Rust, Java, C# |\n\n4-phase pipeline: **Discover** → **Scan** → **Verify** → **Report**\n\n### Harness-Compatible Artifact Chain (v1.34+)\n\nThe `security-check` skill family chains its phases through file contracts, using\nthe artifact names of [Anthropic's defending-code-reference-harness](https://github.com/anthropics/defending-code-reference-harness)\n(Apache-2.0) — badi emits the harness's artifact *names* and verdict vocabulary, so\noutput is structurally familiar to harness-side tooling (field-level value\ncompatibility is not guaranteed; badi intentionally diverges in places):\n\n```\nTHREAT_MODEL.md → VULN-FINDINGS.json/.md → TRIAGE.json/.md\n(threat model) (raw findings, hunt) (verified verdicts)\n```\n\nQuickstart (skills are opt-in):\n\n```bash\nbadi skills add security-check pentest-threat-model\n# then, in Claude Code:\n# \"create a threat model\" → writes THREAT_MODEL.md (commit it)\n# \"run security check\" → emits VULN-FINDINGS.json/.md, then TRIAGE.json/.md\n```\n\n- `VULN-FINDINGS.json` carries `confidence: null` by design — confidence is authored\n only by the verify stage (`sc-verifier`), never by the producer.\n- `TRIAGE.json` records `TRUE_POSITIVE` / `FALSE_POSITIVE` / `CANNOT_VERIFY` verdicts,\n dedupe links (`duplicate_of`), and 0-10 one-decimal confidence scores.\n- Interop is **outbound and name-level**; the upstream autonomous pipeline\n (gVisor + ASAN execution) is not reproduced — this is a simplified,\n advisory-only adaptation.\n- Gitignore the generated `VULN-FINDINGS.*` / `TRIAGE.*`; commit `THREAT_MODEL.md`.\n- Note: `badi security triage` (CLI) is a *deterministic severity filter* over\n `/security-review` reports — distinct from the agentic verify stage above.\n- Already activated `security-check` or `pentest-threat-model` before v1.34? Re-activate\n to pick up the chain: `badi skills remove \u003cname\u003e \u0026\u0026 badi skills add \u003cname\u003e`.\n\n### Security Notes (v1.31.0+)\n\n\u003e ⚠️ **`--dangerously-skip-permissions`**: Claude Code 2.1.126+ (May 2026) widened\n\u003e this flag's scope — it now also bypasses writes to `.claude/`, `.git/`, `.vscode/`,\n\u003e and shell config files. DO NOT USE this flag in Badi `init`/`update`/CI scripts.\n\u003e Only for manual debugging.\n\n\u003e 🔒 **Hook isolation (Claude Code 2.1.139+)**: All 14 of Badi's hooks are in the\n\u003e JSON output protocol or log-only category. No terminal manipulation.\n\u003e Audit report: [docs/hooks/isolation-audit.md](./docs/hooks/isolation-audit.md).\n\n\u003e 🏢 **Enterprise managed-settings compatibility**: `forceLoginOrgUUID`,\n\u003e `allowManagedDomainsOnly`, `allowManagedReadPathsOnly` are compatible with\n\u003e Anthropic managed-settings. Details: [docs/enterprise.md](./docs/enterprise.md).\n\n## Performance\n\n| Metric | Before | After |\n|--------|--------|-------|\n| CLI file | 3,812 lines | 157 lines (17 modules) |\n| Startup (v1.4.2) | 813ms | 26ms (**~97% reduction**) |\n| Token consumption | ~30K/session | ~2K/session |\n| CLAUDE.md | 6.8KB | 1.2KB |\n| Hook triggers | 200+/session | ~30/session |\n| Template loading | Eager (~800 lines) | Lazy (on demand) |\n\n## CLI Commands\n\n```bash\nbadi init [--target DIR] [--force] [--dry-run] [--harness ID] # Configure (v1.12+: harness; v1.30+: windsurf, agents)\nbadi update [--target DIR] [--force] [--harness ID] # Update (--force overwrites)\nbadi doctor [--target DIR] [--harness ID] # Verify setup (auto-detects installed harnesses)\nbadi list [--agents|--commands|--hooks|--skills|--mcp] # List components\nbadi plugin [install|remove|list|show|doctor|graph] # Plugin management (v1.30+: apiVersion + dep graph)\nbadi stats [--week|--month|--habits|--export csv|--session|--models|--cost] # Usage + transcript analytics\nbadi completion [bash|zsh|fish] # Shell completion\nbadi schedule [add|list|remove|check] # Reminders\nbadi content [post|carousel|video|visual|calendar|brand|search|template|perf]\nbadi wp [add|list|remove|status|plugins|themes|update|security] # v1.4+\nbadi seo [audit|meta|sitemap|speed|backlinks|rank|compare] # v1.4+ (backlinks/rank/compare v1.11+)\nbadi aso [audit|playstore|keywords|metadata|review|reviews|compete|screenshots|search] # v1.5+ (playstore/reviews v1.11+)\nbadi mobile [init|version|build|release|assets|crash-setup|deeplink|ota] # v1.5+ (crash-setup/deeplink/ota v1.11+)\nbadi taste [list|show|prompt|status] # v1.10+\nbadi publish [check|--version|--dry-run] # v1.11+\nbadi release check [--bump|--strict|--skip-test] # v1.30+ pre-flight verifier\nbadi agent [create|list|run|install|uninstall|tail|status|remove] # v1.13+\nbadi plan [list|new|show|status|approve|deny|reset] # v1.29+ local plan approval\nbadi search \"\u003cquery\u003e\" # v1.29+ AND search across transcripts\nbadi session \u003cid-prefix\u003e [--full|--tools|--files] # v1.29+ single Claude Code session detail\nbadi events [list|stats|tail|path|status] # v1.30+ self-telemetry (BADI_TELEMETRY=off to disable)\nbadi ssl|dns|whois [domain] # v1.6+\nbadi lighthouse|a11y [url] # v1.6+\nbadi secret-scan [--git] # v1.6+\nbadi commit|changelog [options] # v1.6+\nbadi ai [token|prompt-test|memory-diff|review|translate] # v1.8+\nbadi dev [deps|bundle|docker-lint|env-check|api-test] # v1.8+\n```\n\n## Agents (30)\n\n| Category | Agents |\n|----------|--------|\n| **Software** | auditor, security-scanner, performance-profiler, test-strategist, api-designer, migration-pilot, code-generator, refactoring-advisor, architecture-advisor, project-architect |\n| **Diagnostics** | archaeologist, error-whisperer, unsticker, yak-shave-detector, debt-collector |\n| **Content \u0026 Design** | content-creator, visual-director, tasarim-kurator |\n| **Strategy \u0026 Ops** | product-strategist, engineering-manager, release-manager, qa-lead, ads-strategist, market-researcher, seo-strategist, data-analyst |\n| **Support** | coach, onboarding-sherpa, pr-ghostwriter, rubber-duck |\n\n## Directory Structure\n\n```\nbin/badi.js Entry point (157 lines)\nlib/ 17 ESM modules\n cli.js Shared utilities (chalk, figlet, VERSION)\n commands/ 11 command modules (init, update, doctor, list,\n plugin, icerik, stats, completion, schedule,\n wp, seo)\n templates/ TR/EN template generators\n icerik-helpers.js Search, similarity, frontmatter\n.claude/\n agents/ 30 expert agents\n commands/ 84 workflow commands\n hooks/ 12 automation hooks\n skills/ 62 skill categories (25 general + 25 pentest + 12 expo)\n (incl. mobile/app-store-screenshots)\n references/ 8 project guides\n workspace/ Content files, task board\n settings.json Hook configuration\n```\n\n## Install Options\n\n```bash\n# npm (recommended)\nnpx @fatihkan/badi init\n\n# Global\nnpm install -g @fatihkan/badi\n\n# From GitHub\nnpm install -g github:fatihkan/badi\n\n# Development\ngit clone https://github.com/fatihkan/badi.git\ncd badi \u0026\u0026 npm install \u0026\u0026 npm link\n```\n\n### Requirements\n\n- **Node.js 18+** ([download](https://nodejs.org))\n- **Claude Code** CLI ([installation](https://docs.anthropic.com/en/docs/claude-code))\n- **jq** (for hooks: `brew install jq`)\n\n### Shell Completion\n\n```bash\nbadi completion bash \u003e\u003e ~/.bashrc\nbadi completion zsh \u003e\u003e ~/.zshrc\nbadi completion fish \u003e ~/.config/fish/completions/badi.fish\n```\n\n## Troubleshooting\n\n### `bash: .claude/hooks/guard-bash.sh: No such file or directory`\n\nA hook is defined in `.claude/settings.json` but the file is missing. Fix:\n\n```bash\nbadi update # Adds missing files, preserves user customizations (recommended)\nbadi doctor # Verify 14 hooks are present\n```\n\nIf the problem persists:\n```bash\nbadi update --force # Force-refresh slash/agent/hook files (preserves memory/workspace)\nbadi init --force # Fully reinstall (user customizations are lost)\nchmod +x .claude/hooks/*.sh # If files are not executable\n```\n\n### `badi: command not found`\n\n```bash\nnpm install -g @fatihkan/badi # Global install\n# or\nnpx @fatihkan/badi doctor # Run without installing\n```\n\n### Hook permission error\n```bash\nchmod +x .claude/hooks/*.sh\n```\n\n### Node version error\nBadi requires Node 20.11+:\n```bash\nnode --version # Must be v20.11.0+\n```\n\n### Temporarily disable all hooks\n```bash\nmv .claude/settings.json .claude/settings.json.bak\n```\n\n## Network Usage (Transparency)\n\nBadi makes network requests only for the features below. The single automatic one is the session-start dependency audit (24h-cached; disable with `BADI_NO_DEP_AUDIT=1`) — everything else fires only when you invoke it. No payload of yours is ever uploaded anywhere.\n\n| Feature | Endpoint | Purpose |\n|---------|----------|---------|\n| Update check | `registry.npmjs.org` | Notify when a newer version is published (opt-out: `BADI_NO_UPDATE_NOTIFIER=1`) |\n| Dependency audit hook (SessionStart) | package registry via `npm/yarn/pnpm audit` | Vulnerability counts at session start, 24h cache (opt-out: `BADI_NO_DEP_AUDIT=1`) |\n| `badi aso *` | `itunes.apple.com` | App Store listing data |\n| `badi seo *` | URL you provide | SEO audits |\n| `badi lighthouse`, `badi a11y` | `googleapis.com/pagespeedonline` | PageSpeed Insights |\n| `badi ai *` | `api.anthropic.com` | Claude API (requires `ANTHROPIC_API_KEY`) |\n| `badi wp *` | Your WordPress site | WP REST/WP-CLI operations |\n| `badi dev api-test` | URL you provide | HTTP endpoint testing |\n\nNo telemetry, no analytics. See `lib/update-check.js` and `lib/commands/*` for the source.\n\n## Development\n\n```bash\nnpm install\nnpm test # 1184 tests across 219 suites\nnpm run lint # Biome code-quality checks\nnpm run format # Biome formatting\n```\n\n## Version History\n\n| Version | Summary |\n|---------|---------|\n| **v1.34.0** | **Harness-compatible security artifact chain + `badi security pipeline`.** The `security-check` skill family now chains its phases through file contracts using the artifact names of Anthropic's defending-code-reference-harness (Apache-2.0): `THREAT_MODEL.md → VULN-FINDINGS.json/.md → TRIAGE.json/.md`. `sc-orchestrator` emits raw findings (producer `confidence: null` by design), `sc-verifier` emits triage verdicts (exhaustive 0-100 mapping, `duplicate_of` links), `pentest-threat-model` gains a file-output convention. New read-only CLI: `badi security pipeline [--json]` — per-stage exists/missing/stale + next-step suggestion. Interop is outbound and name-level; the upstream autonomous pipeline (gVisor + ASAN) is deliberately not reproduced. TR headline counts reconciled. 1185 → 1191 tests. |\n| **v1.33.2** | **Network transparency + discoverability.** The SessionStart dependency-audit hook's `npm audit` registry call — Badi's only automatic network call — is now disclosed in the README Network Usage table and can be disabled with `BADI_NO_DEP_AUDIT=1` (hook exits before any cache write or registry call; regression-tested). SECURITY.md refreshed (1.33.x, 14 hooks, 62 skill categories). `badi --help` gained six missing sections and the events/security same-line fix; `badi doctor` now verifies all 30 agents; README Version History backfilled (v1.19, v1.28–v1.31). npm keywords broadened for adjacent-ecosystem search (`chatgpt`, `codex`, `openai`, `copilot`…). 1185 tests. |\n| **v1.33.1** | **Fix: `badi skills auto on` registered a dead hook.** The prompt-aware auto-router opt-in wrote `bash .claude/hooks/skill-router.sh`, but hooks migrated `.sh → .mjs` (Node) in v1.22 — so the enabled hook silently never ran. Now registers `node .claude/hooks/skill-router.mjs`; test hardened to reject any `bash`/`.sh` form. (14 hook files ship; 13 default-active + `skill-router` opt-in.) 1184 tests. |\n| **v1.33.0** | **English-only migration verified clean + research/SEO/data agents + ads layer.** v1.32 renamed the CLI grammar; v1.33 translates every remaining body/comment/string across 60+ surfaces (30 agent bodies, 14 hooks, 84 commands, 59 SKILL.md, lib/tests/docs/dist/watchers) and proves zero residue via **7 rounds of adversarial multi-agent audit** (residue 171→55→6→4→7→0, `VERIFIED CLEAN`). New advisory agents: `ads-strategist` (+ `/meta-review`, `/ads-review`) and the atoms.dev gap-fill trio `market-researcher` / `seo-strategist` / `data-analyst`. Fleet 26→30 agents, 82→84 commands. **Fixed:** `badi init` clean English seed templates — no maintainer-data leak (new `lib/seed/`; `files[]` no longer ships maintainer memory/KB/workspace). 1184 tests. |\n| **v1.32.0** | **English-only migration completed + virtual engineering team.** The whole user-facing CLI surface is now English: command output (i18n phases 2p–2s), **command grammar** (`badi icerik`→`badi content`, `badi tasarim`→`badi design`, all subcommands/flags; `karousel`→`carousel`), and **slash commands** (`/icerik-uret`→`/content-generate` … 14 renamed under a `content-` prefix). New managerial agent layer (gstack-inspired \"virtual eng team\"): `product-strategist` / `engineering-manager` / `release-manager` / `qa-lead` agents + `/ceo-review`, `/eng-review`, `/qa`, `/ship`, and `/team` (end-to-end orchestrator). Fleet 22→26 agents, 77→82 commands. Tooling: biome 2.4.15→2.4.16, actions/checkout 4→6. **Breaking:** old Turkish commands/flags/slash commands are rejected. 1155 tests. |\n| **v1.31.0** | **Anthropic Claude Code 2.1.126–2.1.147 compatibility + `badi security` orchestration.** New `badi security baseline/triage/init --ci` bridges Anthropic's native `/security-review` (built-in in 2.1.140+) with a deterministic baseline (secret-scan + audit) and a GitHub Action scaffold wrapping the official `claude-code-security-review`. `/review` reaches `/code-review` (2.1.147+) feature parity (effort levels, `--comment`). Hook terminal-isolation audit (2.1.139+): every hook verified JSON-only stdout / no ANSI / empty stderr (45 new tests). Marketplace manifest gains `lastUpdated` (2.1.144+). 1074 → 1128 tests. |\n| **v1.30.x** | **Release pre-flight + self-telemetry + multi-channel distribution.** New `badi release check` (9 pre-flight checks: version presence, CHANGELOG entries, npm test…) and `badi release sync-manifest` (regenerates `.claude-plugin/` JSONs from package.json). New `badi events` self-telemetry — local JSONL command counters/durations, opt-out with `BADI_TELEMETRY=off`. Agent-agnostic context export adapters (`lib/harnesses/_single-file.js` factory), `inject-active-plan` UserPromptSubmit hook, plugin manifest `apiVersion` + `badi plugin doctor/graph`. Homebrew/Scoop distribution mirrors skeletoned in `dist/`. 967 → 1074 tests. |\n| **v1.29.0** | **Transcript-based observability + help-doctor.** New commands reading `~/.claude/projects/*.jsonl` locally (privacy-preserving, nothing leaves the machine): `badi stats --session`, `badi search \"\u003cquery\u003e\"` (multi-token AND), `badi session \u003cid-prefix\u003e`, `badi plan list/new/approve/deny` (local plan approval flow), `badi list --mcp`. New help-doctor drift detector (`badi doctor help`) walks every `lib/commands/*.js` and fails CI on help drift. Security hardening pass (6 `/security-scan` findings closed). 915 → 967 tests. |\n| **v1.28.0** | **secret-scan critical CI silent-pass fixed.** Empirical probes (planted secrets in a sandbox project) uncovered five real bugs — two merge-blocker critical: a CI pipeline using `badi secret-scan --format json` could pass green despite leaked credentials. Scanner restructured into exported pure functions, configurability + transparency flags added, suite rewritten (4 → 51 tests). Help completeness fixed across CLI surfaces. 868 → 915 tests. |\n| **v1.27.0** | **`expo-*` skill family (12 categories, advisory) + hook defensive fail-safe (#162).** Expo + React Native mobile development lifecycle: `expo-orchestrator` + `expo-router` + EAS triplet (build/submit/update) + `expo-config-plugin` + `expo-prebuild` + `expo-modules` + `expo-dev-client` + `expo-notifications` + `expo-app-config` + `expo-troubleshooting`. Each skill is advisory only — Badi guides configuration, command sequences, and trade-offs; user runs build/submit/update themselves. Stack-map: 6 new detection entries (`eas.json`, `expo-router`, `expo-modules`, `expo-notifications`, `expo-dev-client`, `expo-config-plugin`); existing `expo` entry expanded. 13 hooks hardened with a defensive `uncaughtException`/`unhandledRejection` handler that exits 0 (`BADI_HOOK_DEBUG=1` for opt-in stderr). 805 → 868 tests (+53 hook fail-safe resilience). |\n| **v1.26.0** | **Profile-based command management + prompt-aware command routing.** New `.claude/commands-vault/` canonical store (77 commands); `badi commands migrate / profile \u003ccore\\|dev\\|content\\|all\u003e / restore` filter active commands by profile (core 21 / dev 39 / content 17 / pentest 0). Top 10 verbose commands slimmed ~24% tokens / 45% lines (no info loss). New `badi commands route \"\u003cprompt\u003e\"` + `--inject` flag; `skill-router.mjs` hook now dispatches to both skills and commands routers. 774 → 805 tests. |\n| **v1.25.0** | **pentest-* skill family (25 categories, advisory/defensive).** Authorized penetration-testing engagement discipline added to the vault: orchestrator + engagement + recon + web + api + bizlogic + bugbounty + ad + cloud + mobile + wireless + cicd + social + llm + privesc + credentials + threat-model + detection + forensics + malware + stig + report + ctf + exploit-chain + opsec-evidence. Live exploit / payload / C2 explicitly excluded — methodology, output analysis, detection rule authoring, reporting only. Inspired by 0xSteph/pentest-ai-agents (MIT) engagement discipline (scope-guard, OPSEC QUIET/MODERATE/LOUD, hard refusal). 768 → 774 tests. |\n| **v1.24.0** | **Stack-aware skill curation (#152).** New `badi skills detect` (read-only project scan) + `badi skills auto-install` (interactive opt-in) — 35+ technologies → Badi skill manifest. Five signal types: packages, configFiles/Dirs, fileExtensions, manifestKeys, scripts. Inspired by midudev/autoskills install-time model. 727 → 768 tests. |\n| **v1.23.0** | **`badi gh sync` + `badi kb` knowledge graph.** GitHub integration (issue → TaskBoard) and knowledge base graph/backlinks/orphans/stats with vanilla SVG (zero CDN). XSS-safe rendering, O(1) graph build, spawnSync 50MB buffers. 624 → 727 tests. |\n| **v1.22.x** | **Windows compatibility + MCP server.** 13 bash hooks → Node.js (.mjs); platform-aware launchd/Task Scheduler; MCP stdio JSON-RPC server (`badi mcp serve`); outputstyle + statusline profiles. 577 → 624 tests. |\n| **v1.21.0** | **Plugin marketplace polish + auto-router improvements.** |\n| **v1.20.0** | **Auto skill router + market Phase 2.** New `badi skills route` and `badi skills auto on/off` — UserPromptSubmit hook reads each prompt, scores it against vault `SKILL.md` triggers (3x weight) + descriptions (1x), and injects matching skill bodies into context per-turn (no filesystem write). Stops manual `skills add` overhead. New `badi market gaps \u003cappId\u003e` — cross-analysis of difficulty + cross-competitor complaints + (optional) Reddit demand into ranked opportunity findings (`gapScore = coverage% × volume × (1 - difficulty/100)`). 538 → 577 tests. Closes #84 phase 2. |\n| **v1.19.0** | **`badi market wishlist` (#84 phase 2 start).** Demand × supply matrix: Reddit anonymous JSON search (demand signal, no API key, last 30 days) × App Store search result count (supply signal) → four quadrants `BLUE_OCEAN` / `COMPETITIVE` / `NICHE` / `SATURATED`; `--json` emits a structured report (top posts + subreddits, top apps) for piping. |\n| **v1.18.0** | **Agent frontmatter audit + `badi design` Phase 2.** All 22 agents now declare explicit `permissionMode: default`; the 15 read-only / advisor agents add `disallowedTools: [Write, Edit, NotebookEdit]` for defense-in-depth under Claude Code 2.1.119+ headless / `--print` execution. New `tasarim-kurator` agent: interactive DESIGN.md producer with 4-stage flow (brand identity → color psychology → typography → component decisions). New opt-in `design-tokens` skill: when active, agents producing UI/components/visuals consult the project's DESIGN.md frontmatter for canonical tokens. `visual-director` now delegates token reads to `design-tokens` and hands off new color/typography decisions to `tasarim-kurator`. Plus VitePress docs scaffold (GitHub Pages workflow), reproducible vhs demo tape, social preview SVG. 411 → 538 tests. |\n| **v1.17.0** | **Opt-in skills (BREAKING).** Skills no longer auto-load. All 23 categories live in `.claude/skills-vault/`; `.claude/skills/` starts empty. New `badi skills` command (status table + interactive picker, `add`/`remove`/`list`/`available`/`clear`/`reset`) lets users opt into exactly what they want. Plugin path also drops the `skills` field — no auto-load tax for plugin consumers either. Saves ~10–15k tokens per turn. Existing installs are protected: `.claude/skills/` is treated as user-customizable on update, so anything already there stays. Token analyzer reports vault size as \"Vault (not loaded)\" so the savings are visible. |\n| **v1.16.5** | **Plugin-level safety hooks.** The Claude Code plugin path now ships two universal Bash safety hooks inline in `plugin.json`: `guard-bash.sh` (blocks `rm -rf /`, force-push to main, `chmod 777`, `curl \\| bash`, secret exfiltration, etc.) and `branch-guard.sh` (refuses direct commits to main/master/production and force-push to release/*). Hooks reference scripts via `${CLAUDE_PLUGIN_ROOT}/.claude/hooks/` so they resolve from the plugin cache. Project-state hooks (memory handoff, logs, backups) stay npm-only — they need a writable `.claude/` tree the plugin cache can't provide. |\n| **v1.16.4** | **Claude Code plugin distribution.** Badi now installs via `/plugin marketplace add fatihkan/badi` + `/plugin install badi@badi-marketplace` — alongside the existing npm path. New `.claude-plugin/plugin.json` + `marketplace.json` declare 21 agents, 77 commands, and 23 skill categories via custom paths to the canonical `.claude/` tree (no duplication). Both manifests pass `claude plugin validate`; end-to-end smoke-tested. Hooks and the multi-harness compiler stay npm-only — they need a project-local writable `.claude/` tree the plugin cache can't provide. |\n| **v1.16.3** | SEO + discoverability push. English-first npm description and keywords (added `anthropic`, `claude`, `claude-opus`, `claude-sonnet`, `ai-agents`, `subagents`, `cli`, `developer-tools`, `security-scanner`, `owasp`, `code-review`, `cursor`, `gemini-cli`; dropped narrow terms). README hero rewritten with Anthropic + Claude Opus 4.7 / Sonnet 4.6 references. GitHub repo description + topics curated (20-topic limit). Component count drift fixed across CLAUDE.md and READMEs (21 agents · 77 commands · 12 hooks · 23 skill categories · 398 tests). Node badge corrected (\u003e=18 → \u003e=20.11). |\n| **v1.16.2** | Security + smoke-test hotfix. 8 CodeQL alerts (1 high error + 7 warnings) closed in a single PR: TLS strict-first, backslash escape before quote, `node-html-parser` for script/style strip, URL hostname exact match, workflow permissions. Plus `badi design` smoke fix: `lint` now exits 1 on `summary.errors \u003e 0`; new `--write \u003cpath\u003e` flag for `export`; `--out` help text clarified. 395 → 398 tests. v1.16.1 skipped (npm publish 401). |\n| **v1.16.0** | `badi design` — visual identity command (closes #58). Wraps Google's `@google/design.md` CLI (pinned `0.1.1`, via `npx`) for lint/export. Subcommands: `init` (skeleton or `--ornek`), `lint`, `export --format tailwind\\|dtcg`, `show --tokens\\|--prose`. Default location: `.claude/workspace/DESIGN.md`. 16 new tests (379 → 395). |\n| **v1.15.3** | Documentation polish. No code or test changes. |\n| **v1.15.2** | Documentation polish. No code or test changes. |\n| **v1.15.1** | Documentation polish. No code or test changes. |\n| **v1.15.0** | `badi market` — App Store market research command. MVP: competitor discovery + multi-region reviews + 11-code complaint categorization + difficulty score (BLUE_OCEAN / COMPETITIVE / HARD / SATURATED). Subcommands: `discover`, `reviews`, `difficulty`, full report. No API keys. 379 tests (+20). Phase 2 (issues): SensorTower revenue, wishlist demand×supply matrix, opportunity gaps. |\n| **v1.14.1** | Drop Node 18 from CI matrix. Tests use `import.meta.dirname` (Node 20.11+); Node 18 row was failing silently. `engines.node` bumped to `\u003e=20.11.0`. No runtime-code changes; production CLI already works on Node 20+. |\n| **v1.14.0** | Skill ecosystem MVP — portable skill bundle pipeline. New `lib/skills/schema.js` validator + `lib/harnesses/skills-bundler.js` compiler + `badi publish --skill-bundle` orchestrator. 23 `.claude/skills/*/SKILL.md` enriched with full frontmatter. New `badi-discipline` behavioral skill (8 principles) ready to ship in the separate `badi-skills` repo. Bootstrap kit under `_bootstrap/badi-skills/` for one-time repo setup. 307 → 359 tests (+52). Closes #56 and #57. |\n| **v1.13.2** | 7-finding code-review hotfix: UTC-bias in `icerik durum/kapat` \"today\" counts (now uses local `startOfToday`); `runTemplate` switch hardened with `default: throw`; \"unknown subcommand\" error lists all 21 valid commands; `icerik.js` shim removed (direct import in `bin/badi.js`); doc/comment polish. 307 tests still green. |\n| **v1.13.1** | Hotfix on v1.13.0 review: `agent install` confirmation actually waits for y/N (was logging the prompt then proceeding) + `--yes`/`-y` flag for scripted use. Clean errors for missing watchers in `install` and `tail`. Includes the icerik split refactor (issue #41) — `lib/commands/icerik.js` (1667 lines) split into per-subcommand modules under `lib/commands/icerik/`. 304 → 307 tests. |\n| **v1.13.0** | Background agents — define `.claude/watchers/*.md` with git/shell/file/log/http checks, install to launchd/systemd/cron, alerts surface in next `/start` briefing. 8 new `badi agent` subcommands + 2 templates + 38 new tests (total 304). |\n| **v1.12.1** | Hotfix — 10 review findings fixed (`BADI_PREFS_HOME` env isolation, non-TTY safe init, Cursor content preface, case-insensitive `--harness`, validation, brittle test cleanup). 266 tests. |\n| **v1.12.0** | Multi-harness support — `badi init` now targets Claude Code, Cursor, or Gemini CLI. Interactive picker + `--harness` flag. New `lib/harnesses/` adapter layer. Update + doctor auto-detect installed harnesses. 44 new tests (total 251). |\n| **v1.11.0** | Content types (newsletter, podcast, thread, case-study). ASO Play Store + real review sentiment + per-app screenshots. SEO backlinks/rank/compare. Mobile crash-setup/deeplink/ota. `badi publish` release orchestrator. |\n| **v1.10.0** | Frontend Taste — 9 bundled premium UI skills + `badi taste` command. Anti-slop design rules for Claude Code. |\n| **v1.9.0** | English-first docs (README/CHANGELOG); built-in `app-store-screenshots` skill under `.claude/skills/mobile/` |\n| **v1.8.2** | `badi update --force` — force-refresh slash/agent/hook files |\n| **v1.8.1** | Troubleshooting guide; better `doctor` output |\n| **v1.8.0** | AI/LLM (`badi ai`) + DevOps (`badi dev`) — 10 new CLIs, 10 new slashes |\n| **v1.7.0** | 9 new slash commands + slash/CLI integrations (66 slashes total) |\n| **v1.6.0** | Domain health (ssl/dns/whois), Lighthouse, secret-scan, a11y, commit/changelog |\n| **v1.5.0** | Mobile + ASO: `badi aso` (iTunes API), `badi mobile` (init/build/release/assets), release-notes |\n| **v1.4.3** | External references cleaned up, metadata simplified |\n| **v1.4.2** | Lazy loading: startup ~97% faster (813ms → 26ms) |\n| **v1.4.1** | SSRF protection, appPassword obfuscation, sitemap precedence fix |\n| **v1.4.0** | Digital agency: `badi wp` (WordPress) + `badi seo` (20+ checks) |\n| **v1.3.2** | 16 bug/security fixes, CI infra, community files |\n| **v1.3.1** | 48 security-skill integration |\n| **v1.3.0** | Modularization, token optimization, log rotation |\n| **v1.2.0** | Content search, multilingual (TR/EN), template inheritance, schedule |\n| **v1.1.0** | Stats, completion, content perf tracking, update notifier |\n| **v1.0.0** | Initial release: 21 agents, 50 commands, 12 hooks, plugin system |\n\n## License\n\nMIT — [Fatih Kan](https://github.com/fatihkan)\n\n## Contributing\n\nPRs, issues and stars are welcome. See `CONTRIBUTING.md`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffatihkan%2Fbadi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffatihkan%2Fbadi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffatihkan%2Fbadi/lists"}