v0.11.0

v0.11.0 — Backend Mission Router + Structure Bridge + Runbook Capture 🚀

Released: 2026-04-30 Theme: Six new mission commands extend Kasidit beyond UI fixes and reviews into backend work, DevOps planning, and replayable runbooks — all under the existing Master Orchestrator + tier discipline. File-path standardisation: hook files renamed kasidit-* → kasi-*.

TL;DR

v0.11 fills the holes a real backend developer hits every week: vague backend audit scopes, repo-wide grep noise, deploy procedures that get re-figured each time, and "what calls what?" questions that send AI on whole-repo grep tours. The new commands address each:

• /kasi-backend — multi-mode counterpart to /kasi-ui (fix · audit · scaffold · design · perf · security)
• /kasi-graph — function call graph, with subgraph extraction for scoped audits
• /kasi-struc — project state cache (auto-bridge: kasi-* commands read state, never rescan)
• /kasi-devopt — DevOps mission (deploy plan, env diff, data flow, secrets, runbook). Outputs the plan; never runs the deploy.
• /kasi-acknowledge — capture last-performed steps as a replayable runbook with auto-redaction
• /kasi-knowledge-list — browse + step-by-step replay of stored runbooks

What's new

1. /kasi-backend — backend mission router

Backend counterpart of /kasi-ui. Routes a backend mission to the right specialist with the right checklist for the detected stack.

/kasi-backend fix "store endpoint returns 500 on duplicate sku"
/kasi-backend audit app/Http/Controllers/SaleController.php
/kasi-backend perf api/sales/index
/kasi-backend security routes/api.php
/kasi-backend scaffold "POST /api/transfers — warehouse stock move"
/kasi-backend design "background job for daily inventory snapshot"

Stack auto-detection (in order):

1. composer.json + laravel/framework → Laravel mode → loads backend-laravel.md checklist
2. package.json + (express / fastify / hono / @nestjs/core / koa) → Node mode → loads backend-node.md
3. Both → asks user which surface
4. Neither → agnostic, loads backend-api-design.md

For audit and perf, the command auto-runs /kasi-graph build first and offers the user the chance to scope the audit to a subgraph instead of the whole repo.

2. /kasi-graph — function call graph

Build, query, and extract function-level subgraphs. Letss audits scope to a slice (10 functions) instead of the whole codebase (1000+).

/kasi-graph build                            # full scan, write FUNCTIONS.jsonl + HOTSPOTS.md
/kasi-graph extract SaleController::store    # subgraph (depth=2) for one entry point
/kasi-graph impact StockService::deduct      # who breaks if I change this?
/kasi-graph trace Migrate::run               # full callee tree
/kasi-graph cycles                           # detected cycles
/kasi-graph dead                             # potentially dead functions (no callers)

Storage:

.kasidit/
├── FUNCTIONS.jsonl       # one fn per line — {file, fn, calls, called_by, lang, line}
├── HOTSPOTS.md           # human-readable: top hubs / top callers / cycles / isolated / dead
└── subgraph-<id>.md      # extracted subgraph for current mission

Implementation: regex MVP for PHP + JS/TS in plugins/kasidit/skills/kasidit/scripts/build_graph.py. The ast-grep AST path is stubbed for v0.12 (per-fn-body call attribution).

3. /kasi-struc — project state cache + auto-bridge

The "auto-bridge" is the big idea: every kasi-* command should read project structure from a cached state file instead of re-walking the repo. v0.11 ships the state writer; subsequent commands consume it.

/kasi-struc build               # full scan
/kasi-struc refresh             # incremental — only re-scan files changed since last_sync
/kasi-struc show                # print summary
/kasi-struc tree                # directory tree (depth 3)
/kasi-struc module Services/StockService
/kasi-struc path app/Http/Controllers/SaleController.php
/kasi-struc bridge              # which kasi-* commands consume which STATE files
/kasi-struc verify              # walk repo, flag stale entries

Storage:

.kasidit/STATE/
├── structure.json          # top-level — dirs, files, languages, sizes, frameworks
├── modules.jsonl           # one module per line — name, files, lang counts, exports
├── routes.jsonl            # HTTP routes — method, path, handler, framework
├── config.json             # detected configs (composer.json / package.json / wrangler.toml / etc.)
├── changelog.jsonl         # append-only state-change log
└── last_sync               # timestamp + git ref of last build

The auto-bridge contract: a kasi-* command checks last_sync vs current git rev-parse HEAD. If the cache is current, use it. If stale, run refresh (incremental — only changed files) and append to changelog.jsonl before reasoning.

Implementation: plugins/kasidit/skills/kasidit/scripts/build_struc.py. Routes parsed for Laravel (Route::get/post/..., Route::resource) + Node (Express, Fastify, Hono, NestJS controllers). git diff powers incremental refresh; mtime fallback when no git.

4. /kasi-devopt — DevOps mission

DevOps counterpart of /kasi-backend. Deploy planning, env diffs, secret audits, runbook scaffolding — never executes the deploy itself. Outputs the plan; user runs the commands.

/kasi-devopt deploy staging              # build the deploy plan (preflight + commands + rollback)
/kasi-devopt env diff                    # diff env vars across .env templates and environments
/kasi-devopt data map                    # rebuild .kasidit/STATE/data_flow.json
/kasi-devopt data connect kasion-site ai-router    # document a new service edge
/kasi-devopt secrets audit               # find hardcoded keys, propose rotation plan
/kasi-devopt pipeline ci.yml             # inspect / suggest changes to CI pipeline
/kasi-devopt runbook "rollback kas-sass" # generate or update a runbook entry
/kasi-devopt health prod                 # check /healthz, queue depth, error rate, deploy state

Platform auto-detect: GitHub Actions, GitLab CI, Cloudflare Workers/Pages (wrangler.toml), Vercel, Netlify, Docker, Terraform, Kubernetes (k8s/ or helm/), Heroku-style (Procfile), Fly.io, Serverless Framework, Platform.sh.

Hard rules: /kasi-devopt never runs git push, kubectl apply, wrangler publish, or any deploy command. It writes a plan; the user executes.

5. /kasi-acknowledge + /kasi-knowledge-list — runbook capture and replay

After a manual deploy / migration / hotfix, capture the steps as a replayable runbook with auto-redaction.

/kasi-acknowledge                              # infer kind from session, draft entry
/kasi-acknowledge template deploy              # blank deploy template
/kasi-acknowledge from-history HEAD~5..HEAD    # capture from explicit git range
/kasi-acknowledge update deploy-kas-sass-staging   # bump `last_run`, append history
/kasi-acknowledge link <slug-a> <slug-b>       # related runbooks (sequence or alternative)

/kasi-knowledge-list                           # browse all (grouped by kind)
/kasi-knowledge-list recent                    # last 10 by `last_run`
/kasi-knowledge-list tag staging               # filter
/kasi-knowledge-list show <n|slug>             # print one runbook
/kasi-knowledge-list replay <slug>             # interactive walkthrough — print one step at a time, wait for user
/kasi-knowledge-list stats                     # counts per kind, freshness summary
/kasi-knowledge-list stale                     # not run in >90 days (review candidates)

Storage:

.kasidit/knowledge/runbooks/
├── INDEX.md              # auto-maintained list + pick-by-number
└── <kind>/
    └── <slug>-<YYYYMMDD>.md

Default redactions strip *KEY* / *TOKEN* / *SECRET* / *PASSWORD* env vars, Authorization: Bearer ... strings, DB URLs with credentials, and private IP ranges (asks user before stripping).

Replay never executes commands — Kasidit prints each step and waits for user. Same discipline as /kasi-devopt deploy: the user runs the commands; Kasidit only walks them through.

6. New default checklists (3)

plugins/kasidit/defaults/checklists/:

• backend-laravel.md — sections A–M + severity guide (Routing, Validation, Auth+AuthZ, Eloquent+Query, SQL injection, Mass-assignment+IDOR, File handling, Service layer, Queue+Jobs, API response, Config+secrets, Logging, Testing).
• backend-node.md — sections A–N (Framework+Routing, Validation, Auth+AuthZ, ORM, SQL/NoSQL injection, Operator injection / mass-assignment, File handling, Service layer, Async+concurrency, HTTP client, Logging, Config+secrets, Error handling, Dependencies).
• backend-api-design.md — stack-agnostic API design rules (Resource modeling, HTTP methods, Status codes, Request/Response shape, Versioning, Auth, Rate limit, Caching, Idempotency, Documentation, Edge cases, Security cross-cutting).

Total default checklists: 12 → 15.

7. New scripts (4)

plugins/kasidit/skills/kasidit/scripts/:

• build_graph.{sh,py} — function call graph builder. Regex MVP for PHP + JS/TS. ast-grep AST path stubbed.
• build_struc.{sh,py} — project state cache writer. Full + incremental modes. git diff based refresh.

install.sh extended (section 5b) to seed scripts dir at install time.

8. File-path standardisation: kasidit-* → kasi-*

For consistency with the /kasi-* command namespace, all hook files were renamed:

Before	After
kasidit-route.py	kasi-route.py
kasidit-verify.py	kasi-verify.py
kasidit-record.py	kasi-record.py
kasidit-log.{py,sh}	kasi-log.{py,sh}
kasidit-update-check.sh	kasi-update-check.sh
kasidit-drift-check.sh	kasi-drift-check.sh

Skill kasidit-default → kasi-default.

install.sh, test_hooks.py, SKILL.md, README.md updated.

Retained intentionally (would break protocol or existing JSONL stores):

• Internal emit-token protocol: [kasidit-log], [kasidit-pattern], [kasidit-memory], [kasidit-rule], [kasidit-verify], [kasidit-record]. The kasi-record.py parser regex accepts both [kasi-X] and [kasidit-X] so existing emit lines keep working.
• Brand prefix in route output: [kasidit] kind=... mode=....
• Env vars: KASIDIT_CENTER, KASIDIT_PROJECT_DIR, KASIDIT_LOG_DIR.
• Top-level skill / plugin / GitHub names: ~/.claude/skills/kasidit/, ~/.claude/plugins/marketplaces/kasidit/, kasidit-wansudon/kasidit.

Why this release

By v0.10, Kasidit had a great UI mission flow (/kasi-ui), great review/security audit flows, but no first-class backend equivalent. Backend missions either fell into /kasi-fix (too narrow) or /kasi-review (too broad). Auditing meant a whole-repo grep tour. Deploy procedures got re-figured every time. v0.11 closes those gaps.

The auto-bridge concept (/kasi-struc) is the long-term play: every kasi-* command should consume a cached project model rather than rebuild it. v0.11 ships the writer; v0.12+ wires more readers.

Honesty / known gaps

• Function call graph is regex-MVP. Per-file call attribution is shared across all functions in the file. Per-fn-body call attribution requires brace-tracking — deferred to ast-grep AST path in v0.12.
• /kasi-struc builder ships, but most kasi- commands do not yet read STATE/.* They will be wired to consume the cache progressively. Today, /kasi-backend audit is the only command that explicitly reads STATE/ + FUNCTIONS.jsonl.
• /kasi-devopt is AI-driven — there's no separate Python runner. The command file documents the flow; the AI executes it via Read / Write / Bash tools.
• Runbook redaction is heuristic. It strips obvious env-var-name patterns and Bearer tokens, but cannot catch project-specific secrets (custom var names, hardcoded constants in commands). Always review captured runbooks before promoting to the Centerlite hub.

Migration notes

For existing installs:

1. git pull the marketplace, or /plugin marketplace update kasidit in Claude Code.
2. Re-run bash plugins/kasidit/install.sh — idempotent. It will:
   • Copy renamed hook files (kasi-*) to ~/.claude/hooks/. Old kasidit-* files in your hooks dir can be deleted manually or kept as backward-compat symlinks.
   • Update ~/.claude/settings.json hook commands to reference the new file names.
   • Seed the 3 new backend checklists into ~/.claude/skills/kasidit/center/checklists/.
   • Seed the 4 scripts into ~/.claude/skills/kasidit/scripts/.
3. The [kasidit-log] emit token remains valid — the parser accepts both forms during the transition window.

Counts

	v0.10	v0.11
Slash commands	15	21
Default checklists	12	15
Specialist agents	8 + 3 stubs	8 (stubs removed)
Runtime hooks	5	5 (renamed)
Helper scripts (bundled)	0	4
Lines in SKILL.md	~1320	~1340

See also

• Commands — full reference, now including the 6 new commands
• Backend-Hooks — same 5 hooks, now under kasi-* filenames
• Checklists — 15 default checklists with descriptions
• Master-Orchestrator — discipline that all new commands respect
• v0.10.0 — previous release (Mode system + runtime hooks)
• v0.9.2 — Gravity Pattern (the hub /kasi-acknowledge writes runbooks into)