Merge pull request #329 from syncable-dev/develop

Develop

Author: Alex793x

.claude-plugin/marketplace.json

@@ -6,14 +6,14 @@
   },
   "metadata": {
     "description": "Syncable CLI skills for AI coding agents — project analysis, security, vulnerabilities, dependencies, IaC validation, and cloud deployment.",
-    "version": "0.1.14"
+    "version": "0.1.15"
   },
   "plugins": [
     {
       "name": "syncable-cli-skills",
       "source": "./installer/plugins/syncable-cli-skills",
       "description": "Syncable CLI skills for project analysis, security scanning, vulnerability detection, dependency auditing, IaC validation, Kubernetes optimization, and cloud deployment.",
-      "version": "0.1.14",
+      "version": "0.1.15",
       "author": {
         "name": "Syncable",
         "email": "support@syncable.dev"

installer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "syncable-cli-skills",
-  "version": "0.1.14",
+  "version": "0.1.15",
   "type": "module",
   "description": "Install Syncable CLI skills for AI coding agents (Claude Code, Cursor, Windsurf, Codex, Gemini CLI)",
   "license": "GPL-3.0",

installer/plugins/syncable-cli-skills/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "syncable-cli-skills",
   "description": "Syncable CLI skills for project analysis, security scanning, vulnerability detection, dependency auditing, IaC validation, Kubernetes optimization, and cloud deployment.",
-  "version": "0.1.14",
+  "version": "0.1.15",
   "author": {
     "name": "Syncable",
     "email": "support@syncable.dev"

installer/plugins/syncable-cli-skills/skills/syncable-analyze/SKILL.md

@@ -1,103 +1,51 @@
 ---
-description: "Analyze a project's tech stack including languages, frameworks, runtimes, package managers, and dependencies using the Syncable CLI sync-ctl tool"
+description: "Use when the user asks to analyze a project, understand the tech stack, detect frameworks, check what languages are used, identify runtimes or package managers, or as a first step before security/vulnerability scans"
 ---
 
-## Purpose
+## Overview
 
-Analyze a project directory to detect its tech stack: programming languages, frameworks, runtimes, package managers, dependencies, Docker presence, and monorepo structure. This is the foundation skill — most workflows start here to understand what they're working with.
+Detect a project's tech stack — languages, frameworks, runtimes, package managers, dependencies, Docker presence, monorepo structure. Foundation command; most workflows start here.
 
-## Prerequisites
+## Quick Reference
 
-- `sync-ctl` binary installed and on PATH
-- Agent has access to the project directory
+| Flag | Purpose |
+|------|---------|
+| `--agent` | Compressed output for agent consumption (always use) |
+| `--display {matrix\|detailed\|summary}` | Human-readable format |
+| `--only <filters>` | Comma-separated: `languages`, `frameworks`, `dependencies` |
 
-## Commands
+## Steps
 
-### Basic analysis (agent output)
+### 1. Run analysis
 
 ```bash
 sync-ctl analyze <PATH> --agent
 ```
 
-### Human-readable matrix view
-
-```bash
-sync-ctl analyze <PATH> --display matrix
-```
-
-### Filtered analysis (only specific aspects)
-
-```bash
-sync-ctl analyze <PATH> --agent --only languages,frameworks
-sync-ctl analyze <PATH> --agent --only dependencies
-```
-
-### Key Flags
-
-| Flag | Purpose |
-|------|---------|
-| `--agent` | Compressed output for agent consumption (always use when processing results) |
-| `--detailed` | Show detailed analysis (legacy vertical format) |
-| `--display {matrix\|detailed\|summary}` | Display format for human-readable output |
-| `--only <filters>` | Comma-separated: `languages`, `frameworks`, `dependencies` |
-
-## Output Interpretation
+**Success criteria:** JSON output with `summary` and `full_data_ref` fields present.
 
-When reporting to the user, prioritize: primary language, main framework, runtime version, and whether Docker/K8s infrastructure exists.
+### 2. Report to user
 
-## Reading Results
+Prioritize: primary language, main framework, runtime version, Docker/K8s presence.
 
-When you use `--agent`, the output is a compressed summary — not the full analysis. Act on it directly for most decisions.
+### 3. Drill into details (if needed)
 
-The output JSON includes:
-- `summary` — project count, languages, frameworks detected
-- `full_data_ref` — reference ID for retrieving full data
-- `retrieval_hint` — exact command to get more details
+Save the `full_data_ref`. Use `sync-ctl retrieve` — do NOT re-run analyze:
 
-To drill into specifics:
 ```bash
-# Get framework details
 sync-ctl retrieve <ref_id> --query "section:frameworks"
-
-# Get language breakdown
 sync-ctl retrieve <ref_id> --query "section:languages"
-
-# Get specific project details (monorepos)
-sync-ctl retrieve <ref_id> --query "project:<project-name>"
-
-# Get specific language details
+sync-ctl retrieve <ref_id> --query "project:<name>"    # monorepos
 sync-ctl retrieve <ref_id> --query "language:Go"
-
-# Get specific framework details
 sync-ctl retrieve <ref_id> --query "framework:React"
-
-# List all stored outputs
-sync-ctl retrieve --list
 ```
 
-**Available query filters:** `section:summary`, `section:frameworks`, `section:languages`, `language:<name>`, `framework:<name>`, `project:<name>`, `compact:true`
+**Available queries:** `section:summary`, `section:frameworks`, `section:languages`, `language:<name>`, `framework:<name>`, `project:<name>`, `compact:true`
 
 ## Error Handling
 
-| Error | Cause | Action |
-|-------|-------|--------|
-| `No such file or directory` | Invalid path | Ask user to verify the project path |
-| Empty output | No recognizable project files | Tell user the directory may not contain a supported project. Run `sync-ctl support` to show supported technologies |
-| Timeout | Very large monorepo | Try `--only languages` for a faster partial scan |
-
-## Examples
-
-**Analyze current directory:**
-```bash
-sync-ctl analyze . --agent
-```
-
-**Analyze a specific project:**
-```bash
-sync-ctl analyze /path/to/project --agent
-```
-
-**Quick language-only check:**
-```bash
-sync-ctl analyze . --agent --only languages
-```
+| Error | Action |
+|-------|--------|
+| `No such file or directory` | Ask user to verify path |
+| Empty output | No supported project files. Run `sync-ctl support` |
+| Timeout on large monorepo | Try `--only languages` for partial scan |

installer/plugins/syncable-cli-skills/skills/syncable-dependencies/SKILL.md

@@ -1,93 +1,49 @@
 ---
-description: "Audit project dependencies for licenses, production vs development split, and detailed package analysis using the Syncable CLI sync-ctl tool"
+description: "Use when the user asks to audit dependencies, check licenses, list packages, review dependency health, check for copyleft issues, or see prod vs dev dependency split"
 ---
 
-## Purpose
+## Overview
 
-Analyze project dependencies in detail: list all packages, check license types, separate production from development dependencies, and optionally flag vulnerabilities inline. Use this for license compliance and dependency inventory.
+List all project dependencies with license types, prod/dev split, and ecosystem breakdown. Use for license compliance and dependency inventory.
 
-## Prerequisites
+## Flags
 
-- `sync-ctl` binary installed and on PATH
-- Agent has access to the project directory
+| Flag | Purpose |
+|------|---------|
+| `--agent` | Compressed output (always use) |
+| `--licenses` | Include license info per dependency |
+| `--vulnerabilities` | Quick inline vuln check (for thorough CVE scan, use `sync-ctl vulnerabilities` instead) |
+| `--prod-only` | Production dependencies only |
+| `--dev-only` | Development dependencies only |
 
-## Commands
+## Steps
 
-### Full dependency analysis with licenses
+### 1. Run dependency audit
 
 ```bash
 sync-ctl dependencies <PATH> --licenses --agent
 ```
 
-### Production dependencies only
-
-```bash
-sync-ctl dependencies <PATH> --licenses --prod-only --agent
-```
-
-### Key Flags
-
-| Flag | Purpose |
-|------|---------|
-| `--agent` | Compressed output for agent consumption (always use) |
-| `--licenses` | Include license information for each dependency |
-| `--vulnerabilities` | Quick inline vulnerability check (for thorough CVE scanning, use the standalone `sync-ctl vulnerabilities` command instead) |
-| `--prod-only` | Show only production dependencies |
-| `--dev-only` | Show only development dependencies |
-
-## Output Interpretation
-
-**Priority for reporting to user:**
-1. License concerns (copyleft in commercial projects, unknown licenses)
-2. Dependency counts (prod vs dev)
-3. Specific packages only if asked
+**Success criteria:** JSON output with `total`, `production`/`development` counts, and `by_license` distribution.
 
-**When to use `--vulnerabilities` vs standalone `vulnerabilities` command:**
-- Use `--vulnerabilities` here for a quick inline check alongside license info
-- Use `sync-ctl vulnerabilities` for a dedicated, thorough CVE scan
+### 2. Report to user
 
-## Reading Results
+Priority: license concerns (copyleft, unknown) > dependency counts (prod vs dev) > specific packages (only if asked).
 
-When you use `--agent`, the output is a **compressed summary** with counts, license distribution, and source breakdown. Individual package details are NOT in the compressed output — use `sync-ctl retrieve` to get them.
+### 3. Retrieve package details (if needed)
 
-**What's in the compressed output:**
-- `total` — total dependency count
-- `production` / `development` — prod vs dev split
-- `by_source` — counts per ecosystem (npm, crates.io, pypi, etc.)
-- `by_license` — license distribution
-- `full_data_ref` — reference ID for the full data
+Compressed output has counts and distributions only. Individual packages require retrieve:
 
-**To get individual package details, use retrieve:**
 ```bash
-# Get the full dependency list
 sync-ctl retrieve <ref_id>
-
-# Search for a specific package
 sync-ctl retrieve <ref_id> --query "file:package.json"
 ```
 
-Results are paginated (default 20). Use `--limit N --offset M` for more.
+Results paginated (default 20). Use `--limit N --offset M` for more.
 
 ## Error Handling
 
-| Error | Cause | Action |
-|-------|-------|--------|
-| `No dependencies found` | No package manager files | Verify project path, run `sync-ctl analyze` to check for supported package managers |
-| Incomplete results | Some package managers not fully parsed | Note which ecosystems were scanned and which may be missing |
-
-## Examples
-
-**Full audit with licenses:**
-```bash
-sync-ctl dependencies . --licenses --agent
-```
-
-**Production-only for license compliance:**
-```bash
-sync-ctl dependencies . --licenses --prod-only --agent
-```
-
-**Quick vulnerability check alongside deps:**
-```bash
-sync-ctl dependencies . --licenses --vulnerabilities --agent
-```
+| Error | Action |
+|-------|--------|
+| `No dependencies found` | Run `sync-ctl analyze` to verify supported package managers exist |
+| Incomplete results | Note which ecosystems were scanned vs missing |