# v0.11.0 — Backend Mission Router + Structure Bridge + Runbook Capture 🚀

**Released:** 2026-04-30
**Theme:** Six new mission commands extend Kasidit beyond UI fixes and reviews into **backend work, DevOps planning, and replayable runbooks** — all under the existing Master Orchestrator + tier discipline. File-path standardisation: hook files renamed `kasidit-*` → `kasi-*`.

## TL;DR

v0.11 fills the holes a real backend developer hits every week: vague backend audit scopes, repo-wide grep noise, deploy procedures that get re-figured each time, and "what calls what?" questions that send AI on whole-repo grep tours. The new commands address each:

- **`/kasi-backend`** — multi-mode counterpart to `/kasi-ui` (fix · audit · scaffold · design · perf · security)
- **`/kasi-graph`** — function call graph, with subgraph extraction for scoped audits
- **`/kasi-struc`** — project state cache (auto-bridge: kasi-* commands read state, never rescan)
- **`/kasi-devopt`** — DevOps mission (deploy plan, env diff, data flow, secrets, runbook). Outputs the plan; never runs the deploy.
- **`/kasi-acknowledge`** — capture last-performed steps as a replayable runbook with auto-redaction
- **`/kasi-knowledge-list`** — browse + step-by-step replay of stored runbooks

## What's new

### 1. `/kasi-backend` — backend mission router

Backend counterpart of `/kasi-ui`. Routes a backend mission to the right specialist with the right checklist for the detected stack.

```
/kasi-backend fix "store endpoint returns 500 on duplicate sku"
/kasi-backend audit app/Http/Controllers/SaleController.php
/kasi-backend perf api/sales/index
/kasi-backend security routes/api.php
/kasi-backend scaffold "POST /api/transfers — warehouse stock move"
/kasi-backend design "background job for daily inventory snapshot"
```

Stack auto-detection (in order):

1. `composer.json` + `laravel/framework` → Laravel mode → loads `backend-laravel.md` checklist
2. `package.json` + (`express` / `fastify` / `hono` / `@nestjs/core` / `koa`) → Node mode → loads `backend-node.md`
3. Both → asks user which surface
4. Neither → agnostic, loads `backend-api-design.md`

For `audit` and `perf`, the command auto-runs `/kasi-graph build` first and offers the user the chance to scope the audit to a subgraph instead of the whole repo.

### 2. `/kasi-graph` — function call graph

Build, query, and extract function-level subgraphs. Letss audits scope to a slice (10 functions) instead of the whole codebase (1000+).

```
/kasi-graph build                            # full scan, write FUNCTIONS.jsonl + HOTSPOTS.md
/kasi-graph extract SaleController::store    # subgraph (depth=2) for one entry point
/kasi-graph impact StockService::deduct      # who breaks if I change this?
/kasi-graph trace Migrate::run               # full callee tree
/kasi-graph cycles                           # detected cycles
/kasi-graph dead                             # potentially dead functions (no callers)
```

Storage:

```
.kasidit/
├── FUNCTIONS.jsonl       # one fn per line — {file, fn, calls, called_by, lang, line}
├── HOTSPOTS.md           # human-readable: top hubs / top callers / cycles / isolated / dead
└── subgraph-<id>.md      # extracted subgraph for current mission
```

Implementation: regex MVP for PHP + JS/TS in `plugins/kasidit/skills/kasidit/scripts/build_graph.py`. The ast-grep AST path is stubbed for v0.12 (per-fn-body call attribution).

### 3. `/kasi-struc` — project state cache + auto-bridge

The "auto-bridge" is the big idea: every kasi-* command should read project structure from a cached state file instead of re-walking the repo. v0.11 ships the state writer; subsequent commands consume it.

```
/kasi-struc build               # full scan
/kasi-struc refresh             # incremental — only re-scan files changed since last_sync
/kasi-struc show                # print summary
/kasi-struc tree                # directory tree (depth 3)
/kasi-struc module Services/StockService
/kasi-struc path app/Http/Controllers/SaleController.php
/kasi-struc bridge              # which kasi-* commands consume which STATE files
/kasi-struc verify              # walk repo, flag stale entries
```

Storage:

```
.kasidit/STATE/
├── structure.json          # top-level — dirs, files, languages, sizes, frameworks
├── modules.jsonl           # one module per line — name, files, lang counts, exports
├── routes.jsonl            # HTTP routes — method, path, handler, framework
├── config.json             # detected configs (composer.json / package.json / wrangler.toml / etc.)
├── changelog.jsonl         # append-only state-change log
└── last_sync               # timestamp + git ref of last build
```

The auto-bridge contract: a kasi-* command checks `last_sync` vs current `git rev-parse HEAD`. If the cache is current, use it. If stale, run `refresh` (incremental — only changed files) and append to `changelog.jsonl` before reasoning.

Implementation: `plugins/kasidit/skills/kasidit/scripts/build_struc.py`. Routes parsed for Laravel (`Route::get/post/...`, `Route::resource`) + Node (Express, Fastify, Hono, NestJS controllers). `git diff` powers incremental refresh; mtime fallback when no git.

### 4. `/kasi-devopt` — DevOps mission

DevOps counterpart of `/kasi-backend`. Deploy planning, env diffs, secret audits, runbook scaffolding — **never executes the deploy itself**. Outputs the plan; user runs the commands.

```
/kasi-devopt deploy staging              # build the deploy plan (preflight + commands + rollback)
/kasi-devopt env diff                    # diff env vars across .env templates and environments
/kasi-devopt data map                    # rebuild .kasidit/STATE/data_flow.json
/kasi-devopt data connect kasion-site ai-router    # document a new service edge
/kasi-devopt secrets audit               # find hardcoded keys, propose rotation plan
/kasi-devopt pipeline ci.yml             # inspect / suggest changes to CI pipeline
/kasi-devopt runbook "rollback kas-sass" # generate or update a runbook entry
/kasi-devopt health prod                 # check /healthz, queue depth, error rate, deploy state
```

Platform auto-detect: GitHub Actions, GitLab CI, Cloudflare Workers/Pages (`wrangler.toml`), Vercel, Netlify, Docker, Terraform, Kubernetes (`k8s/` or `helm/`), Heroku-style (`Procfile`), Fly.io, Serverless Framework, Platform.sh.

**Hard rules:** `/kasi-devopt` never runs `git push`, `kubectl apply`, `wrangler publish`, or any deploy command. It writes a plan; the user executes.

### 5. `/kasi-acknowledge` + `/kasi-knowledge-list` — runbook capture and replay

After a manual deploy / migration / hotfix, capture the steps as a replayable runbook with auto-redaction.

```
/kasi-acknowledge                              # infer kind from session, draft entry
/kasi-acknowledge template deploy              # blank deploy template
/kasi-acknowledge from-history HEAD~5..HEAD    # capture from explicit git range
/kasi-acknowledge update deploy-kas-sass-staging   # bump `last_run`, append history
/kasi-acknowledge link <slug-a> <slug-b>       # related runbooks (sequence or alternative)

/kasi-knowledge-list                           # browse all (grouped by kind)
/kasi-knowledge-list recent                    # last 10 by `last_run`
/kasi-knowledge-list tag staging               # filter
/kasi-knowledge-list show <n|slug>             # print one runbook
/kasi-knowledge-list replay <slug>             # interactive walkthrough — print one step at a time, wait for user
/kasi-knowledge-list stats                     # counts per kind, freshness summary
/kasi-knowledge-list stale                     # not run in >90 days (review candidates)
```

Storage:

```
.kasidit/knowledge/runbooks/
├── INDEX.md              # auto-maintained list + pick-by-number
└── <kind>/
    └── <slug>-<YYYYMMDD>.md
```

Default redactions strip `*KEY*` / `*TOKEN*` / `*SECRET*` / `*PASSWORD*` env vars, `Authorization: Bearer ...` strings, DB URLs with credentials, and private IP ranges (asks user before stripping).

Replay never executes commands — Kasidit prints each step and waits for user. Same discipline as `/kasi-devopt deploy`: the user runs the commands; Kasidit only walks them through.

### 6. New default checklists (3)

`plugins/kasidit/defaults/checklists/`:

- **`backend-laravel.md`** — sections A–M + severity guide (Routing, Validation, Auth+AuthZ, Eloquent+Query, SQL injection, Mass-assignment+IDOR, File handling, Service layer, Queue+Jobs, API response, Config+secrets, Logging, Testing).
- **`backend-node.md`** — sections A–N (Framework+Routing, Validation, Auth+AuthZ, ORM, SQL/NoSQL injection, Operator injection / mass-assignment, File handling, Service layer, Async+concurrency, HTTP client, Logging, Config+secrets, Error handling, Dependencies).
- **`backend-api-design.md`** — stack-agnostic API design rules (Resource modeling, HTTP methods, Status codes, Request/Response shape, Versioning, Auth, Rate limit, Caching, Idempotency, Documentation, Edge cases, Security cross-cutting).

Total default checklists: 12 → **15**.

### 7. New scripts (4)

`plugins/kasidit/skills/kasidit/scripts/`:

- **`build_graph.{sh,py}`** — function call graph builder. Regex MVP for PHP + JS/TS. ast-grep AST path stubbed.
- **`build_struc.{sh,py}`** — project state cache writer. Full + incremental modes. `git diff` based refresh.

`install.sh` extended (section 5b) to seed scripts dir at install time.

### 8. File-path standardisation: `kasidit-*` → `kasi-*`

For consistency with the `/kasi-*` command namespace, all hook files were renamed:

| Before | After |
|---|---|
| `kasidit-route.py` | `kasi-route.py` |
| `kasidit-verify.py` | `kasi-verify.py` |
| `kasidit-record.py` | `kasi-record.py` |
| `kasidit-log.{py,sh}` | `kasi-log.{py,sh}` |
| `kasidit-update-check.sh` | `kasi-update-check.sh` |
| `kasidit-drift-check.sh` | `kasi-drift-check.sh` |

Skill `kasidit-default` → `kasi-default`.

`install.sh`, `test_hooks.py`, SKILL.md, README.md updated.

**Retained intentionally** (would break protocol or existing JSONL stores):

- Internal emit-token protocol: `[kasidit-log]`, `[kasidit-pattern]`, `[kasidit-memory]`, `[kasidit-rule]`, `[kasidit-verify]`, `[kasidit-record]`. The `kasi-record.py` parser regex accepts both `[kasi-X]` and `[kasidit-X]` so existing emit lines keep working.
- Brand prefix in route output: `[kasidit] kind=... mode=...`.
- Env vars: `KASIDIT_CENTER`, `KASIDIT_PROJECT_DIR`, `KASIDIT_LOG_DIR`.
- Top-level skill / plugin / GitHub names: `~/.claude/skills/kasidit/`, `~/.claude/plugins/marketplaces/kasidit/`, `kasidit-wansudon/kasidit`.

## Why this release

By v0.10, Kasidit had a great UI mission flow (`/kasi-ui`), great review/security audit flows, but **no first-class backend equivalent**. Backend missions either fell into `/kasi-fix` (too narrow) or `/kasi-review` (too broad). Auditing meant a whole-repo grep tour. Deploy procedures got re-figured every time. v0.11 closes those gaps.

The auto-bridge concept (`/kasi-struc`) is the long-term play: every kasi-* command should consume a cached project model rather than rebuild it. v0.11 ships the writer; v0.12+ wires more readers.

## Honesty / known gaps

- **Function call graph is regex-MVP.** Per-file call attribution is shared across all functions in the file. Per-fn-body call attribution requires brace-tracking — deferred to ast-grep AST path in v0.12.
- **`/kasi-struc` builder ships, but most kasi-* commands do not yet read STATE/.** They will be wired to consume the cache progressively. Today, `/kasi-backend audit` is the only command that explicitly reads `STATE/` + `FUNCTIONS.jsonl`.
- **`/kasi-devopt` is AI-driven** — there's no separate Python runner. The command file documents the flow; the AI executes it via Read / Write / Bash tools.
- **Runbook redaction is heuristic.** It strips obvious env-var-name patterns and Bearer tokens, but cannot catch project-specific secrets (custom var names, hardcoded constants in commands). Always review captured runbooks before promoting to the Centerlite hub.

## Migration notes

For existing installs:

1. `git pull` the marketplace, or `/plugin marketplace update kasidit` in Claude Code.
2. Re-run `bash plugins/kasidit/install.sh` — idempotent. It will:
   - Copy renamed hook files (`kasi-*`) to `~/.claude/hooks/`. Old `kasidit-*` files in your hooks dir can be deleted manually or kept as backward-compat symlinks.
   - Update `~/.claude/settings.json` hook commands to reference the new file names.
   - Seed the 3 new backend checklists into `~/.claude/skills/kasidit/center/checklists/`.
   - Seed the 4 scripts into `~/.claude/skills/kasidit/scripts/`.
3. The `[kasidit-log]` emit token remains valid — the parser accepts both forms during the transition window.

## Counts

| | v0.10 | v0.11 |
|---|---|---|
| Slash commands | 15 | **21** |
| Default checklists | 12 | **15** |
| Specialist agents | 8 + 3 stubs | 8 (stubs removed) |
| Runtime hooks | 5 | 5 (renamed) |
| Helper scripts (bundled) | 0 | **4** |
| Lines in `SKILL.md` | ~1320 | ~1340 |

## See also

- [[Commands]] — full reference, now including the 6 new commands
- [[Backend-Hooks]] — same 5 hooks, now under `kasi-*` filenames
- [[Checklists]] — 15 default checklists with descriptions
- [[Master-Orchestrator]] — discipline that all new commands respect
- [[v0.10.0]] — previous release (Mode system + runtime hooks)
- [[v0.9.2]] — Gravity Pattern (the hub `/kasi-acknowledge` writes runbooks into)