Merge pull request #7 from charlesjones-dev/feat/v2.1.0-modernize-compliance-principles

feat: add ai-modernize, ai-compliance plugins and workflow-principles skill (v2.1.0)

Author: charlesjones-dev

.claude-plugin/marketplace.json

@@ -6,7 +6,7 @@
   },
   "metadata": {
     "description": "A curated list of custom Claude Code plugins, agents, and skills for developers.",
-    "version": "2.0.2",
+    "version": "2.1.0",
     "pluginRoot": "./plugins"
   },
   "plugins": [
@@ -121,8 +121,8 @@
     {
       "name": "ai-workflow",
       "source": "./plugins/ai-workflow",
-      "description": "AI-powered development workflow automation - Phase-based planning, implementation orchestration, preflight code quality checks with security scanning, and ship-it workflow for efficient sub-agent execution",
-      "version": "1.3.0",
+      "description": "AI-powered development workflow automation - Phase-based planning, implementation orchestration, preflight code quality checks with security scanning, ship-it workflow, and development principles generator for CLAUDE.md",
+      "version": "1.4.0",
       "keywords": [
         "ai",
         "workflow",
@@ -143,7 +143,10 @@
         "push",
         "pull-request",
         "automation",
-        "productivity"
+        "productivity",
+        "principles",
+        "standards",
+        "claude-md"
       ],
       "author": {
         "name": "Charles Jones",
@@ -215,6 +218,53 @@
         "url": "https://charlesjones.dev"
       },
       "repository": "https://github.com/charlesjones-dev/claude-code-plugins-dev"
+    },
+    {
+      "name": "ai-modernize",
+      "source": "./plugins/ai-modernize",
+      "description": "AI-powered codebase modernization assessment - Interactive audit and quick scan skills to identify technical debt, anti-patterns, and quality issues from older AI-generated code",
+      "version": "1.0.0",
+      "keywords": [
+        "ai",
+        "modernization",
+        "code-quality",
+        "technical-debt",
+        "refactoring",
+        "solid",
+        "dry",
+        "anti-patterns",
+        "ai-generated-code",
+        "skills"
+      ],
+      "author": {
+        "name": "Charles Jones",
+        "url": "https://charlesjones.dev"
+      },
+      "repository": "https://github.com/charlesjones-dev/claude-code-plugins-dev"
+    },
+    {
+      "name": "ai-compliance",
+      "source": "./plugins/ai-compliance",
+      "description": "AI-powered software compliance auditing - Interactive license audit and NOTICE/ATTRIBUTION file generation for open-source dependency compliance",
+      "version": "1.0.0",
+      "keywords": [
+        "ai",
+        "compliance",
+        "licensing",
+        "open-source",
+        "audit",
+        "attribution",
+        "notice",
+        "legal",
+        "copyleft",
+        "dependencies",
+        "skills"
+      ],
+      "author": {
+        "name": "Charles Jones",
+        "url": "https://charlesjones.dev"
+      },
+      "repository": "https://github.com/charlesjones-dev/claude-code-plugins-dev"
     }
   ]
 }

CHANGELOG.md

@@ -7,6 +7,69 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.1.0] - 2026-03-22
+
+### Added
+
+#### AI-Modernize Plugin (v1.0.0) - NEW PLUGIN
+
+- **New plugin for codebase modernization assessment** - Identifies technical debt, anti-patterns, and quality issues from older AI-generated or legacy code
+
+- `/modernize-audit` interactive skill for comprehensive modernization assessment
+  - Guided configuration: AI tool history, codebase era, tech stack detection, category selection, scope, severity threshold
+  - 12 assessment categories: SOLID/DRY/KISS violations, type safety, error handling, security, performance, testing, architecture, frontend debt, dependency health, AI hallucination artifacts, modern pattern gaps, configuration/DevOps
+  - Modernization Score (0-100) with category breakdown
+  - AI-assisted remediation time estimates (not manual development time)
+  - Phased modernization roadmap with prioritized checklist
+  - "Why Older AI Models Did This" educational context for each finding
+  - Delegates to `ai-modernize:modernize-auditor` subagent for deep analysis
+
+- `/modernize-scan` quick scan skill for fast, targeted assessments
+  - Accepts file or directory path argument (e.g., `/modernize-scan ./src`)
+  - Runs all categories with default settings, no interactive questions
+  - Auto-detects technology stack
+  - Produces abbreviated report with same scoring and estimate format
+
+- Reports saved to `/docs/modernize/` with timestamped filenames
+
+#### AI-Workflow Plugin (v1.4.0)
+
+- `/workflow-principles` new skill for generating context-aware Development Principles in CLAUDE.md
+  - Automated project discovery: detects monorepo structure, tech stack, frameworks, validation libraries, state management, testing tools
+  - Interactive configuration: principle categories (SOLID, DRY, KISS, YAGNI, modularity, components, type safety, error handling, testing)
+  - Monorepo-aware: detects shared packages, maps dependency direction, generates shared package rules with real package names
+  - Frontend-aware: generates component architecture rules tailored to detected framework (React, Vue, Angular, Svelte)
+  - Smart merge: appends, replaces, or merges with existing CLAUDE.md content
+  - Supports both project CLAUDE.md and user-level ~/.claude/CLAUDE.md
+  - Custom rules support for project-specific conventions
+  - Uses real package names, paths, and library names from the detected project (never generic placeholders)
+
+#### AI-Compliance Plugin (v1.0.0) - NEW PLUGIN
+
+- **New plugin for software license compliance auditing** - Detects open-source licenses, flags legal risks, and generates attribution files
+
+- `/compliance-license-audit` interactive skill for comprehensive license compliance audit
+  - Auto-detects project license with confirmation
+  - Scans all dependency manifests across 8 package ecosystems (npm, pip, NuGet, Go, Rust, Ruby, PHP, Java)
+  - Classifies licenses: Permissive, Weak Copyleft, Strong Copyleft, Unknown/None
+  - License compatibility analysis against the project's own license
+  - Flags copyleft contamination risks with configurable risk tolerance
+  - Optional transitive dependency analysis via lock files
+  - Source code scanning for license headers and vendored/copied code
+  - License Compliance Score (0-100)
+  - Identifies unfulfilled license obligations (missing NOTICE files, attribution)
+  - Provides alternative components for incompatible dependencies
+
+- `/compliance-notice-generate` interactive skill for generating attribution files
+  - Four output formats: NOTICE, THIRD-PARTY-NOTICES.md, ATTRIBUTION.md, licenses.json
+  - Configurable scope: production only, all dependencies, or custom groups
+  - Optional full license text inclusion
+  - Extracts actual copyright notices from LICENSE files
+  - Handles dual-licensed packages and license exceptions
+  - Detects existing attribution files with replace/create-alongside options
+
+- Reports saved to `/docs/compliance/` with timestamped filenames
+
 ## [2.0.2] - 2026-03-19
 
 ### Added

README.md

@@ -1,6 +1,6 @@
 # Claude Code Plugins for Developers
 
-[![Version](https://img.shields.io/badge/version-2.0.2-blue.svg)](https://github.com/charlesjones-dev/claude-code-plugins-dev/releases)
+[![Version](https://img.shields.io/badge/version-2.1.0-blue.svg)](https://github.com/charlesjones-dev/claude-code-plugins-dev/releases)
 [![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
 [![GitHub Issues](https://img.shields.io/github/issues/charlesjones-dev/claude-code-plugins-dev.svg)](https://github.com/charlesjones-dev/claude-code-plugins-dev/issues)
 [![GitHub Stars](https://img.shields.io/github/stars/charlesjones-dev/claude-code-plugins-dev.svg)](https://github.com/charlesjones-dev/claude-code-plugins-dev/stargazers)
@@ -25,7 +25,9 @@ This Claude Code plugin marketplace provides plugins that extend Claude Code's c
 | [ai-performance](plugins/ai-performance/) | AI-powered performance optimization and bottleneck detection | `/performance-audit` | `performance-auditor` |
 | [ai-security](plugins/ai-security/) | AI-powered security auditing with reproducible reports | `/security-init`, `/security-audit`, `/security-scan-dependencies` | `security-auditor`, `security-dependency-scanner` |
 | [ai-statusline](plugins/ai-statusline/) | AI-powered status line customization with progress bars | `/statusline-wizard`, `/statusline-edit` | - |
-| [ai-workflow](plugins/ai-workflow/) | AI-powered development workflow automation | `/workflow-plan-phases`, `/workflow-implement-phases`, `/workflow-preflight`, `/workflow-ship` | - |
+| [ai-workflow](plugins/ai-workflow/) | AI-powered development workflow automation | `/workflow-plan-phases`, `/workflow-implement-phases`, `/workflow-preflight`, `/workflow-ship`, `/workflow-principles` | - |
+| [ai-compliance](plugins/ai-compliance/) | AI-powered license compliance auditing and attribution generation | `/compliance-license-audit`, `/compliance-notice-generate` | - |
+| [ai-modernize](plugins/ai-modernize/) | AI-powered codebase modernization assessment for technical debt | `/modernize-audit`, `/modernize-scan` | `modernize-auditor` |
 | [ai-writing](plugins/ai-writing/) | AI-powered writing quality tools for natural-sounding text | `/writing-humanize` | - |
 
 > **📝 Note on Audit Plugins:** The `ai-accessibility`, `ai-security`, and `ai-performance` plugins are developer-focused analysis tools designed to identify issues during development. They perform static code analysis, with `ai-accessibility` and `ai-security` also offering URL scanning capabilities (`/accessibility-audit` with Playwright MCP and `/security-scan-dependencies` respectively). These plugins are meant to **complement** (not replace) runtime testing tools, professional services, and manual testing. Use these plugins to catch issues early in the development phase, then validate with specialized testing tools and services appropriate to your domain.

plugins/ai-compliance/.claude-plugin/plugin.json

@@ -0,0 +1,23 @@
+{
+  "name": "ai-compliance",
+  "version": "1.0.0",
+  "description": "AI-powered software compliance auditing - Interactive license audit and NOTICE/ATTRIBUTION file generation for open-source dependency compliance",
+  "author": {
+    "name": "Charles Jones",
+    "url": "https://charlesjones.dev"
+  },
+  "repository": "https://github.com/charlesjones-dev/claude-code-plugins-dev",
+  "license": "MIT",
+  "keywords": [
+    "compliance",
+    "licensing",
+    "open-source",
+    "audit",
+    "attribution",
+    "notice",
+    "legal",
+    "copyleft",
+    "dependencies",
+    "skills"
+  ]
+}

plugins/ai-compliance/README.md

@@ -0,0 +1,112 @@
+# AI Compliance Plugin
+
+AI-powered software compliance auditing for open-source license detection, risk assessment, and attribution file generation.
+
+## Overview
+
+Open-source license compliance is a legal obligation that many projects overlook. Using a GPL-licensed dependency in a proprietary project could require disclosing your source code. A dependency with no license at all is legally "all rights reserved" and can't be used without explicit permission. This plugin scans your dependency tree, identifies every license, flags incompatibilities with your project's license, and generates the attribution files required by licenses like MIT, BSD, and Apache 2.0.
+
+## Skills
+
+### `/compliance-license-audit` - License Compliance Audit
+
+Interactive, comprehensive audit of all open-source licenses in your dependency tree.
+
+**Features:**
+- Auto-detects your project's license with confirmation
+- Scans all dependency manifests (package.json, requirements.txt, .csproj, go.mod, Cargo.toml, etc.)
+- Identifies direct and transitive dependency licenses
+- Scans source code for license headers and vendored/copied code
+- Classifies licenses: Permissive, Weak Copyleft, Strong Copyleft, Unknown
+- Flags incompatibilities with your project's license
+- Identifies dependencies with no license (highest legal risk)
+- Produces a License Compliance Score (0-100)
+- Lists all unfulfilled license obligations (missing NOTICE files, attribution, etc.)
+- Provides specific alternatives for problematic dependencies
+
+**Usage:**
+```bash
+/compliance-license-audit
+```
+
+The skill will interactively ask about:
+1. Your project's license (auto-detected with confirmation)
+2. Audit scope (full, dependencies only, or source code only)
+3. Risk tolerance (strict, moderate, permissive only, or informational)
+4. Whether to include transitive dependencies
+
+**Report output:** `/docs/compliance/YYYY-MM-DD-HHMMSS-license-audit.md`
+
+### `/compliance-notice-generate` - Generate NOTICE / Attribution File
+
+Generates legally compliant NOTICE, ATTRIBUTION, or THIRD-PARTY-NOTICES files from your dependency tree.
+
+**Features:**
+- Four output formats: NOTICE, THIRD-PARTY-NOTICES.md, ATTRIBUTION.md, licenses.json
+- Configurable scope (production only, all, or custom dependency groups)
+- Optional full license text inclusion
+- Extracts actual copyright notices from LICENSE files
+- Handles dual-licensed packages
+- Supports all major package ecosystems
+- Detects and handles existing attribution files
+
+**Usage:**
+```bash
+/compliance-notice-generate
+```
+
+The skill will interactively ask about:
+1. Output format (NOTICE, THIRD-PARTY-NOTICES.md, ATTRIBUTION.md, or licenses.json)
+2. Content scope (production only, all, or custom)
+3. Whether to include full license texts
+4. How to handle existing attribution files (if any)
+
+**Output:** Generated file saved to project root directory.
+
+## License Classifications
+
+| Classification | Examples | Risk Level |
+|---------------|----------|------------|
+| Permissive | MIT, Apache-2.0, BSD-2, BSD-3, ISC, Unlicense | Low |
+| Weak Copyleft | LGPL-2.1, LGPL-3.0, MPL-2.0, EPL-2.0 | Moderate |
+| Strong Copyleft | GPL-2.0, GPL-3.0, AGPL-3.0, SSPL-1.0 | High-Critical |
+| No License | All rights reserved by default | Critical |
+
+## Supported Package Ecosystems
+
+| Ecosystem | Manifest | Lock File |
+|-----------|----------|-----------|
+| Node.js | package.json | package-lock.json, yarn.lock, pnpm-lock.yaml |
+| Python | requirements.txt, pyproject.toml, Pipfile | Pipfile.lock, poetry.lock |
+| .NET | *.csproj, packages.config | packages.lock.json |
+| Go | go.mod | go.sum |
+| Rust | Cargo.toml | Cargo.lock |
+| Ruby | Gemfile | Gemfile.lock |
+| PHP | composer.json | composer.lock |
+| Java/Kotlin | pom.xml, build.gradle | - |
+
+## Why This Matters
+
+- **MIT License** requires: "The above copyright notice and this permission notice shall be included in all copies"
+- **Apache 2.0** requires: Reproducing the NOTICE file in any distribution
+- **BSD 3-Clause** requires: "Redistributions in binary form must reproduce the above copyright notice"
+- **No license** means: "All rights reserved" - you legally cannot use the code
+- **GPL in proprietary code** means: You may be obligated to release your source code
+
+A single overlooked AGPL dependency in a SaaS application could theoretically require you to open-source your entire application.
+
+## Recommended Workflow
+
+1. Run `/compliance-license-audit` to get a full picture of your license landscape
+2. Address any critical findings (incompatible licenses, missing licenses)
+3. Run `/compliance-notice-generate` to create attribution files fulfilling your obligations
+4. Add attribution file maintenance to your release checklist
+
+## Plugin Details
+
+| Field | Value |
+|-------|-------|
+| Version | 1.0.0 |
+| Author | [Charles Jones](https://charlesjones.dev) |
+| License | MIT |
+| Repository | [claude-code-plugins-dev](https://github.com/charlesjones-dev/claude-code-plugins-dev) |