staginglisted

# /staging End-to-end pre-deploy gate. Orchestrates the three existing release- quality skills and rolls their outputs into one verdict so you don't have to read three reports separately. ## What it does Runs in this order — earliest-failing wins (no point auditing if tests are red, no point spec-checking if the security audit caught a P0): 1. **`/test`** — Vitest suites for `extension` + `companion`. 2. **`/audit`** — security + performance walk of the Chrome extension. 3. **Svelte best-practices audit** — installs the official Svelte AI skills (`svelte-code-writer`, `svelte-core-bestpractices`) if not already present, then runs `@sveltejs/mcp svelte-autofixer` over `extension/src/**/*.svelte` to surface reactivity / `$state` / `$effect` mistakes Pinta's own audit checklist can't catch. 4. **Claude Code / Anthropic policy compliance** — verify Pinta stays bring-your-own-Claude + interactive-terminal-only: no credential proxying, Agent SDK, headless `claude -p`, or Claude.ai OAuth that would move it into Anthropic's banned third-party-tool lane (the crackdown that cut off OpenClaw, Apr 2026). A change here is an account-ban risk for every user, so it gates the release. 5. **Browser-extension store-policy compliance** — verify the manifest stays Chrome-Web-Store-shippable: MV3, no remotely hosted code, CSP unloosened, permissions not creeping past the justified baseline, privacy disclosure intact. A regression here means CWS review re