docs(git-and-github): PR bodies lead with "Why this PR exists" (4.4.0)

.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claudius",
-  "version": "4.1.7",
+  "version": "4.4.0",
   "description": "Collection of specialized development agents and skills for Claude Code",
   "author": {
     "name": "lklimek",

CHANGELOG.md

@@ -6,6 +6,29 @@ Format follows [Keep a Changelog](https://keepachangelog.com/). This project use
 
 ## [Unreleased]
 
+## [4.4.0] - 2026-05-29
+
+### Changed
+
+- PR bodies now lead with a "Why this PR exists" rationale section (problem, reproduction/threat scenario, blocking relationship) before What/Testing/Breaking/Checklist. The skeleton lives in `skills/git-and-github/SKILL.md` (§Creating a PR); `skills/push/SKILL.md` delegates to it. Pinned by `tests/test_pr_body_template.py`.
+
+## [4.2.0] - 2026-05-28
+
+### Added
+
+- **Reviewer call-tree inspection**: `grumpy-review`, `review-pr`, and `check-pr-comments` now perform a deep transitive in-repo caller walk for every function modified by the diff. Reviewer probes the environment for the deepest analysis tool available (ctags, GNU global, ripgrep, tree-sitter, any installed LSP) and falls back to grep-based caller extraction. Findings emit in new `call_tree` category with `CALL-` ID prefix. Walk is capped at depth 5, 200 callers, 60s per function; reviewer ranks modified functions by risk (public API > private; trait/interface impl > leaf; signature-changed > body-only) and walks the top 10 when a PR touches many.
+- **Ephemeral-ID coding convention** in `skills/coding-best-practices/SKILL.md`: source code, comments, and committed docs MUST NOT reference transient review-finding IDs (e.g. `CMT-001`, `SEC-014`, `RUST-123`, `CALL-005`). Allow-list documented for permanent IDs (`ADR-NNN`, `RFC-NNN`, `CWE-NNN`, `CVE-YYYY-NNNN`, `OWASP-*`, GHSA, GitHub issue/PR refs, `TODO`/`FIXME`, committed test-spec IDs). Enforced two ways: Bilby (write-side, preloads BP) and `grumpy-review`/`review-pr` (review-side, via new `scripts/lint_ephemeral_ids.py`).
+- **Schema**: `schemas/review-report.schema.json` extended with `call_tree` category and `CALL-` ID pattern (additive, no schema version bump).
+- **Regression guards**: `tests/test_skill_frontmatter.py` parses every skill/agent frontmatter via PyYAML; `tests/test_bp_load_audit.py` asserts curated agent set loads `coding-best-practices`.
+
+### Changed
+
+- `coding-best-practices` skill is now loaded by every reviewer/coder agent (`architect-nagatha`, `claudius`, `developer-bilby` (already), `project-reviewer-adams` (already), `qa-engineer-marvin`, `security-engineer-smythe`, `technical-writer-trillian`, `ux-designer-diziet`) via YAML `skills:` frontmatter. Orchestrator skills that spawn coding/reviewing agents now explicitly require spawned agents preload BP (`grumpy-review` §3, `check-pr-comments` §3).
+
+### Fixed
+
+- `skills/release/SKILL.md`: YAML frontmatter `description:` value quoted to fix PyYAML parse error on unquoted colon. `claude plugin validate .` now exits 0 (previously reported this one error).
+
 ## [4.1.7] - 2026-05-27
 
 ### Changed

agents/architect-nagatha.md

@@ -2,7 +2,7 @@
 name: architect-nagatha
 description: "Use for system design, module boundaries, dependency review, architectural trade-offs, technology evaluation, library comparison, or validating plans before presenting to user."
 tools: ["Read", "Grep", "Glob", "Bash", "WebSearch", "WebFetch", "mcp__plugin_memcan_brain__search", "mcp__plugin_memcan_brain__search_memories", "mcp__plugin_memcan_brain__search_code", "mcp__plugin_memcan_brain__search_standards", "mcp__plugin_memcan_brain__add_memory", "mcp__plugin_claudius_github__get_file_contents", "mcp__plugin_claudius_github__search_repositories", "mcp__plugin_claudius_github__search_code", "mcp__plugin_claudius_github__pull_request_read", "mcp__plugin_claudius_github__list_pull_requests", "mcp__plugin_claudius_github__get_latest_release", "mcp__plugin_claudius_github__list_releases", "mcp__plugin_claudius_github__get_discussion", "mcp__plugin_claudius_github__get_discussion_comments"]
-skills: ["security-best-practices", "rust-best-practices"]
+skills: ["coding-best-practices", "security-best-practices", "rust-best-practices"]
 model: opus
 mcpServers: ["plugin_memcan_brain", "github"]
 ---

agents/claudius.md

@@ -1,7 +1,7 @@
 ---
 name: claudius
 description: "Personal software development assistant. Leads and coordinates development efforts. Always invoked when user interaction is needed."
-skills: ["git-and-github", "severity", "grand-admiral"]
+skills: ["coding-best-practices", "git-and-github", "severity", "grand-admiral"]
 memory: [user, project, local]
 model: opus[1m]
 mcpServers: ["plugin_memcan_brain", "github"]

agents/qa-engineer-marvin.md

@@ -3,7 +3,7 @@ name: qa-engineer-marvin
 description: "Use to validate that code matches requirements. Audits test coverage against specs, executes tests, and reports all mismatches."
 tools: ["Read", "Write", "Edit", "Grep", "Glob", "Bash", "Task", "mcp__plugin_memcan_brain__search", "mcp__plugin_memcan_brain__search_memories", "mcp__plugin_memcan_brain__search_code", "mcp__plugin_memcan_brain__search_standards", "mcp__plugin_memcan_brain__add_memory", "mcp__plugin_claudius_github__pull_request_read", "mcp__plugin_claudius_github__list_pull_requests", "mcp__plugin_claudius_github__issue_read", "mcp__plugin_claudius_github__list_issues", "mcp__plugin_claudius_github__search_issues", "mcp__plugin_claudius_github__actions_list", "mcp__plugin_claudius_github__actions_get", "mcp__plugin_claudius_github__get_job_logs"]
 model: opus
-skills: ["security-best-practices", "severity", "report-format"]
+skills: ["coding-best-practices", "security-best-practices", "severity", "report-format"]
 mcpServers: ["plugin_memcan_brain", "github"]
 ---
 

agents/security-engineer-smythe.md

@@ -2,7 +2,7 @@
 name: security-engineer-smythe
 description: "Use for security audits, auth/crypto/input validation reviews, dependency scanning, secret detection, or validating plans before presenting to user."
 tools: ["Read", "Write", "Grep", "Glob", "Bash", "WebSearch", "WebFetch", "Task", "mcp__plugin_memcan_brain__search", "mcp__plugin_memcan_brain__search_memories", "mcp__plugin_memcan_brain__search_code", "mcp__plugin_memcan_brain__search_standards", "mcp__plugin_memcan_brain__add_memory", "mcp__plugin_claudius_github__list_code_scanning_alerts", "mcp__plugin_claudius_github__get_code_scanning_alert", "mcp__plugin_claudius_github__list_dependabot_alerts", "mcp__plugin_claudius_github__get_dependabot_alert", "mcp__plugin_claudius_github__list_secret_scanning_alerts", "mcp__plugin_claudius_github__get_secret_scanning_alert", "mcp__plugin_claudius_github__list_repository_security_advisories", "mcp__plugin_claudius_github__list_org_repository_security_advisories", "mcp__plugin_claudius_github__list_global_security_advisories", "mcp__plugin_claudius_github__get_global_security_advisory", "mcp__plugin_claudius_github__pull_request_read", "mcp__plugin_claudius_github__list_pull_requests", "mcp__plugin_claudius_github__search_code", "mcp__plugin_claudius_github__search_repositories", "mcp__plugin_claudius_github__get_file_contents", "mcp__plugin_claudius_github__get_commit", "mcp__plugin_claudius_github__list_commits"]
-skills: ["security-best-practices", "severity", "report-format"]
+skills: ["coding-best-practices", "security-best-practices", "severity", "report-format"]
 model: opus
 mcpServers: ["plugin_memcan_brain", "github"]
 ---

agents/technical-writer-trillian.md

@@ -2,7 +2,7 @@
 name: technical-writer-trillian
 description: "Use for creating, maintaining, or reviewing documentation — READMEs, API docs, tutorials, guides, changelogs, ADRs."
 tools: ["Read", "Write", "Edit", "Grep", "Glob", "Bash", "mcp__plugin_memcan_brain__search", "mcp__plugin_memcan_brain__search_memories", "mcp__plugin_memcan_brain__search_code", "mcp__plugin_memcan_brain__search_standards", "mcp__plugin_memcan_brain__add_memory", "mcp__plugin_claudius_github__pull_request_read", "mcp__plugin_claudius_github__list_pull_requests", "mcp__plugin_claudius_github__issue_read", "mcp__plugin_claudius_github__list_issues", "mcp__plugin_claudius_github__list_releases", "mcp__plugin_claudius_github__get_latest_release", "mcp__plugin_claudius_github__get_release_by_tag", "mcp__plugin_claudius_github__list_tags", "mcp__plugin_claudius_github__get_file_contents", "mcp__plugin_claudius_github__get_discussion", "mcp__plugin_claudius_github__get_discussion_comments"]
-skills: ["report-format"]
+skills: ["coding-best-practices", "report-format"]
 model: sonnet
 mcpServers: ["plugin_memcan_brain", "github"]
 ---

agents/ux-designer-diziet.md

@@ -2,7 +2,7 @@
 name: ux-designer-diziet
 description: "Use at project start for requirements, domain analysis, stakeholder mapping, or during design for UI flows, interaction patterns, usability, accessibility, and validating plans before presenting to user."
 tools: ["Read", "Write", "Edit", "Grep", "Glob", "WebSearch", "WebFetch", "mcp__plugin_memcan_brain__search", "mcp__plugin_memcan_brain__search_memories", "mcp__plugin_memcan_brain__search_code", "mcp__plugin_memcan_brain__search_standards", "mcp__plugin_memcan_brain__add_memory", "mcp__plugin_claudius_github__pull_request_read", "mcp__plugin_claudius_github__list_pull_requests", "mcp__plugin_claudius_github__issue_read", "mcp__plugin_claudius_github__list_issues", "mcp__plugin_claudius_github__search_issues", "mcp__plugin_claudius_github__list_issue_types", "mcp__plugin_claudius_github__get_label", "mcp__plugin_claudius_github__get_discussion", "mcp__plugin_claudius_github__get_discussion_comments", "mcp__plugin_claudius_github__list_discussions", "mcp__plugin_claudius_github__list_discussion_categories"]
-skills: []
+skills: ["coding-best-practices"]
 model: opus
 memory: user
 mcpServers: ["plugin_memcan_brain", "github"]

schemas/review-report.schema.json

@@ -95,6 +95,7 @@
               "security": { "type": "integer", "minimum": 0 },
               "project": { "type": "integer", "minimum": 0 },
               "code_quality": { "type": "integer", "minimum": 0 },
+              "call_tree": { "type": "integer", "minimum": 0 },
               "dependencies": { "type": "integer", "minimum": 0 },
               "documentation": { "type": "integer", "minimum": 0 },
               "pr_comments": { "type": "integer", "minimum": 0 },
@@ -226,8 +227,8 @@
       "properties": {
         "id": {
           "type": "string",
-          "pattern": "^(SEC|QA|PROJ|CODE|RUST|PY|GO|FE|DOC|CMT|DEP|PPM)-\\d{3}$",
-          "description": "Finding ID with category prefix (SEC→security, PROJ→project, CODE/RUST/PY/GO/FE→code_quality, DOC→documentation, CMT→pr_comments, DEP→dependencies, PPM→pr_promises)"
+          "pattern": "^(SEC|QA|PROJ|CODE|RUST|PY|GO|FE|DOC|CMT|DEP|PPM|CALL)-\\d{3}$",
+          "description": "Finding ID with category prefix (SEC→security, PROJ→project, CODE/RUST/PY/GO/FE→code_quality, DOC→documentation, CMT→pr_comments, DEP→dependencies, PPM→pr_promises, CALL→call_tree)"
         },
         "severity": { "$ref": "#/$defs/severity" },
         "risk": { "$ref": "#/$defs/severity_float", "description": "OWASP Likelihood normalized to [0,1]." },
@@ -292,7 +293,7 @@
         "subtitle": { "type": "string" },
         "category": {
           "type": "string",
-          "enum": ["security", "project", "code_quality", "dependencies", "documentation", "pr_comments", "pr_promises"]
+          "enum": ["security", "project", "code_quality", "call_tree", "dependencies", "documentation", "pr_comments", "pr_promises"]
         },
         "findings": {
           "type": "array",

scripts/consolidate_reports.py

@@ -69,6 +69,7 @@
     "security": "SEC-",
     "project": "PROJ-",
     "code_quality": "CODE-",
+    "call_tree": "CALL-",
     "documentation": "DOC-",
     "pr_comments": "CMT-",
     "pr_promises": "PPM-",

scripts/generate_review_report.py

@@ -94,6 +94,7 @@
     "security": "Security",
     "project": "Project",
     "code_quality": "Code Quality",
+    "call_tree": "Call-Tree Inspection",
     "documentation": "Documentation",
     "dependencies": "Dependencies",
     "pr_comments": "PR Comments",
@@ -552,10 +553,11 @@ def render_markdown(data: dict[str, Any]) -> str:
         "security": "Part I: Security Findings",
         "project": "Part II: Project Consistency",
         "code_quality": "Part III: Code Quality & Language Best Practices",
-        "dependencies": "Part IV: Dependencies",
-        "documentation": "Part V: Documentation",
-        "pr_comments": "Part VI: PR Comment Verification",
-        "pr_promises": "Part VII: PR Promise Verification",
+        "call_tree": "Part IV: Call-Tree Inspection",
+        "dependencies": "Part V: Dependencies",
+        "documentation": "Part VI: Documentation",
+        "pr_comments": "Part VII: PR Comment Verification",
+        "pr_promises": "Part VIII: PR Promise Verification",
     }
     for section in data.get("findings", []):
         cat = section.get("category", "")
@@ -921,6 +923,7 @@ def render_markdown(data: dict[str, Any]) -> str:
     <option value="security">Security</option>
     <option value="project">Project</option>
     <option value="code_quality">Code Quality</option>
+    <option value="call_tree">Call-Tree Inspection</option>
     <option value="documentation">Documentation</option>
     <option value="dependencies">Dependencies</option>
     <option value="pr_comments">PR Comments</option>
@@ -1222,7 +1225,8 @@ def render_markdown(data: dict[str, Any]) -> str:
   const sevLabels = {5:"CRITICAL",4:"HIGH",3:"MEDIUM",2:"LOW",1:"INFO"};
   const sevColors = {{ sev_colors_json }};
   const catLabels = {"security":"Security","project":"Project Consistency",
-    "code_quality":"Code Quality","documentation":"Documentation",
+    "code_quality":"Code Quality","call_tree":"Call-Tree Inspection",
+    "documentation":"Documentation",
     "dependencies":"Dependencies","pr_comments":"PR Comments",
     "pr_promises":"PR Promises"};
 
@@ -1872,6 +1876,7 @@ def render_triage(data: dict[str, Any]) -> str:
     <option value="security">Security</option>
     <option value="project">Project</option>
     <option value="code_quality">Code Quality</option>
+    <option value="call_tree">Call-Tree Inspection</option>
     <option value="documentation">Documentation</option>
     <option value="dependencies">Dependencies</option>
     <option value="pr_comments">PR Comments</option>