v1.6.3 - Fix sub-agent enforcement for workflow-implement-phases

Fixed

AI-Workflow Plugin (v1.0.3)

Fixed /workflow-implement-phases not using sub-agents for phase implementations

• Added explicit "Critical Requirements" section mandating Task() sub-agent usage for every phase
• Added "CRITICAL: Mandatory Sub-Agent Requirement" section to implement-phases skill
• Clarified orchestrator role: read plans, analyze dependencies, spawn sub-agents only
• Added correct/wrong pattern examples showing Task() usage vs direct implementation
• Updated parallel and sequential execution patterns with explicit Task() call examples
• Prevents main agent from implementing phases directly, ensuring context isolation

---

Full Changelog: v1.6.2...v1.6.3

v1.6.2 - AI-Workflow Bug Fixes

Fixed

AI-Workflow Plugin (v1.0.2)

• /workflow-plan-phases no longer auto-implements after planning

  • Added explicit Instructions and Important sections enforcing planning-only scope
  • Command now stops after presenting the plan and directs users to /workflow-implement-phases for execution

• /workflow-implement-phases now properly reads plan file arguments

  • Added automatic plan discovery when no file is provided (searches docs/plans/)
  • Plan file argument is now optional with interactive selection from available plans

Documentation

• Updated all command references in ai-workflow README to use workflow- prefix format

v1.6.1 - Command Metadata Standardization

What's Changed

Command Metadata Standardization

Added YAML frontmatter with name and description attributes to all 17 commands across 7 plugins. This standardizes command metadata for better discovery and documentation.

AI-Workflow Command Renaming

Renamed ai-workflow commands to use the workflow- prefix for consistency with other plugins:

Old Command	New Command
/plan-phases	/workflow-plan-phases
/implement-phases	/workflow-implement-phases
/preflight	/workflow-preflight

Version Updates

All plugins received patch version bumps:

• ai-ado: 1.2.2 → 1.2.3
• ai-accessibility: 1.2.0 → 1.2.1
• ai-git: 1.1.1 → 1.1.2
• ai-performance: 1.1.2 → 1.1.3
• ai-plugins: 1.2.2 → 1.2.3
• ai-security: 1.3.2 → 1.3.3
• ai-workflow: 1.0.0 → 1.0.1

Full Changelog: v1.6.0...v1.6.1

v1.6.0 - AI Workflow Plugin & Accessibility Enhancements

This release introduces the new ai-workflow plugin for structured, phase-based development workflows and enhances the ai-accessibility plugin with improved audit capabilities.

New Features

ai-workflow plugin (v1.0.0)

• /preflight - Run pre-implementation code quality and consistency checks before starting work
• /plan-phases - Break down complex tasks into structured implementation phases
• /implement-phases - Orchestrate multi-phase implementations with progress tracking

ai-accessibility improvements (v1.2.0)

• Enhanced Playwright MCP detection flow for more reliable browser-based audits
• Improved accessibility audit skill with better prompt engineering
• Updated accessibility-auditor agent with refined instructions

v1.5.4 - Security Scanner Tool Requirements Fix

🔧 Fixed

AI-Security Plugin (v1.3.2)

Fixed /security-scan-dependencies to require WebFetch or curl for HTTP header retrieval

The security dependency scanner now explicitly requires WebFetch or curl for retrieving HTTP response headers, preventing incomplete security scans.

What Changed

• ✅ Updated command and skill documentation to explicitly prohibit Playwright or MCP browser tools
• ✅ Added critical "Required Tools" section explaining that HTTP security headers (especially Content-Security-Policy) can ONLY be retrieved via WebFetch or curl
• ✅ Browser automation tools cannot access raw HTTP response headers needed for security header analysis
• ✅ Added "Required Tools" section to security-dependency-scanning skill with approved/prohibited tool lists
• ✅ Enhanced scanning methodology with explicit WebFetch/curl usage examples
• ✅ Updated quality assurance checklist to verify correct tool usage

Why This Matters

Browser automation tools like Playwright cannot access raw HTTP response headers, which are essential for analyzing security configurations like Content-Security-Policy, HSTS, X-Frame-Options, and other critical security headers. This fix ensures that security scans are always complete and accurate.

v1.5.3 - Plugin Version Sync and Playwright MCP Detection Fix

What's Fixed

Marketplace

• Version Synchronization: Updated all plugin versions in marketplace.json to match their individual plugin.json manifests, ensuring consistency across the marketplace
  • ai-ado: v1.2.2
  • ai-accessibility: v1.1.1
  • ai-git: v1.1.1
  • ai-performance: v1.1.2
  • ai-plugins: v1.2.2
  • ai-security: v1.3.1

AI-Accessibility Plugin (v1.1.1)

• Improved Playwright MCP Detection: The /accessibility-audit command now properly validates Playwright MCP installation by attempting browser navigation, providing more reliable detection before running accessibility audits

v1.5.2 - URL Accessibility Scanning & Command Documentation Improvements

What's New in v1.5.2

🎯 Major Features

AI-Accessibility Plugin v1.1.0 - URL Scanning with Playwright MCP

The ai-accessibility plugin now supports scanning live websites with optional visual accessibility testing:

• URL Accessibility Scanning - Audit live websites directly from Claude Code
• Playwright MCP Integration - Optional visual accessibility testing with:
  • Real-time color contrast measurements
  • Visual focus indicator verification
  • Accessibility tree analysis
  • Keyboard navigation testing
  • Touch target size measurements
  • Screenshot-based analysis with evidence
• Interactive MCP Setup - Automatic .mcp.json configuration with OS detection (Windows/Linux/Mac)
• Enhanced Reports - Screenshot evidence for visual findings saved to /docs/accessibility/screenshots/

📚 Documentation Improvements

Command Usage Clarification (All Plugins)

All 13 commands across all plugins now include explicit "no arguments" instructions:

• ✅ Clear documentation that commands are invoked without arguments
• ✅ Commands prompt interactively for all required information
• ✅ Prevents erroneous argument passing patterns
• Affected plugins: ai-accessibility, ai-security, ai-performance, ai-git, ai-plugins, ai-ado

v1.5.1 - Web Dependency Security Scanning

🔒 Web Dependency Security Scanning

This release adds comprehensive web dependency security scanning capabilities to the ai-security plugin, enabling URL-based security analysis of deployed websites without requiring source code access.

✨ What's New

/security-scan-dependencies Command

Scan any deployed website for outdated dependencies, known CVEs, and security misconfigurations:

/security-scan-dependencies
# Enter target URL (e.g., https://example.com)
# Select scan scope: libraries, CMS, security headers, or comprehensive
# Get detailed security report with CVE analysis and remediation steps

🎯 Key Features

• 🌐 URL-Based Scanning: Analyze deployed websites without source code access
• 📚 Frontend Library Detection: jQuery, React, Vue, Angular, Bootstrap, Tailwind, and 20+ libraries
• 🏢 CMS Platform Identification: WordPress, Drupal, Joomla, Sitecore, Umbraco, Optimizely, Kentico
• 🔒 Security Headers Audit: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
• 🔍 CVE Detection: Known vulnerability identification with CVSS v3.1 severity scoring
• ⚡ Context7 Integration: Latest version verification via MCP tools
• 📊 Comprehensive Reports: Timestamped reports with severity-based findings (C-001, H-001, M-001, L-001)

🎪 Architecture

• Agent: security-dependency-scanner - Specialized agent for web scanning
• Skill: security-dependency-scanning - Complete methodology for dependency analysis
• Command: /security-scan-dependencies - Interactive URL-based scanning

💼 Use Cases

• Third-party website security assessment
• Pre-acquisition technical due diligence
• Client-side dependency auditing
• Supply chain security analysis
• External security posture evaluation

📦 What's Included

AI-Security Plugin v1.3.0

• New command: /security-scan-dependencies
• New agent: security-dependency-scanner
• New skill: security-dependency-scanning
• Updated documentation with comparison tables and use cases

Repository Updates

• Added .gitignore for environment, OS, and IDE files
• Marketplace updated to v1.5.1
• Comprehensive changelog and documentation updates

🔄 Comparison with /security-audit

Feature	/security-audit	/security-scan-dependencies
Input	Local source code	Website URL
Analysis	Static code analysis	Client-side dependency analysis
Detects	Code vulnerabilities, OWASP Top 10	Outdated libraries, CVEs, headers
Use Case	Your own codebases	Third-party websites

v1.5.0 - Accessibility Auditing & Audit Plugin Standardization

🎉 Release v1.5.0

This release introduces the new AI-Accessibility plugin for comprehensive WCAG compliance auditing and standardizes the architecture across all audit plugins for improved consistency and maintainability.

---

🆕 New Features

AI-Accessibility Plugin (v1.0.0)

Comprehensive WCAG 2.1/2.2 accessibility auditing for your codebase:

• /accessibility-audit command - Interactive accessibility audits with configurable WCAG compliance levels
• WCAG 2.1 & 2.2 support - Choose between WCAG versions and conformance levels (A, AA, AAA)
• Scoped analysis - Audit entire codebase or specific directories/files
• Comprehensive pattern detection:
  • Semantic HTML structure and heading hierarchy
  • ARIA implementation and landmark regions
  • Keyboard navigation and focus management
  • Color contrast analysis
  • Form labels and error handling
  • Alternative text for images and multimedia
  • Screen reader compatibility
• Professional audit reports:
  • Severity-based findings (Critical, High, Medium, Low) with file paths and line numbers
  • WCAG compliance matrix showing status for each criterion
  • Code remediation examples with before/after comparisons
  • Prioritized remediation roadmap with effort estimates
  • Timestamped reports saved to /docs/accessibility/
• Hybrid Agent + Skill architecture for optimal context efficiency

---

🏗️ Improvements

Audit Plugin Standardization

All audit plugins now follow a consistent, maintainable architecture:

Consistent Naming Convention

• Renamed all audit skills to use -auditing suffix:
  • security-audit → security-auditing
  • performance-audit → performance-auditing
  • New: accessibility-auditing
• Renamed performance-optimizer agent → performance-auditor for consistency

Template Consolidation

• Moved comprehensive report templates from command files to SKILL.md files
• Eliminated duplication by maintaining single source of truth
• Dramatically reduced command file complexity:
  • accessibility: 602 → 66 lines (-89%)
  • security: 402 → 80 lines (-80%)
  • performance: 471 → 36 lines (-92%)

Documentation Enhancements

• Added "Note on Audit Plugins" section in main README
• Clarifies that audit plugins are developer-focused static code analysis tools
• Emphasizes plugins complement (not replace) runtime testing tools and professional services
• Provides guidance on proper workflow: early detection during development + validation with specialized tools

---

📦 Updated Plugin Versions

Plugin	Version	Changes
ai-accessibility	v1.0.0	🆕 New plugin
ai-security	v1.2.1	Standardized architecture, skill renamed
ai-performance	v1.1.1	Standardized architecture, agent & skill renamed
ai-plugins	v1.2.1	Updated for audit plugin standardization

---

Full Changelog: v1.4.1...v1.5.0

v1.4.1 - AI-ADO Timesheet Report Bug Fixes

🐛 Bug Fixes

AI-ADO Plugin (v1.2.1)

Fixed critical bugs in the /ado-timesheet-report command:

• Day-of-Week Calculation: Replaced manual calculation with platform-specific system commands (PowerShell on Windows, date on Mac/Linux) to prevent
  off-by-one errors in current week date range calculations
• MCP Tool Migration: Migrated from non-existent wit_query to wit_my_work_items MCP tool with client-side filtering
• Date Range Filtering: Fixed to use date-only comparison, preventing time-of-day issues when filtering work items

📝 Documentation

• Condensed changelog entries across all versions for improved readability

📦 Installation

Update your marketplace to the latest version:

git pull origin main

Or install/update the AI-ADO plugin directly from the marketplace.