Release Date: November 19, 2025 Release Type: Major Feature Release Backward Compatibility: ✅ Fully backward compatible (no breaking changes)
Claude Code Tresor v2.7.0 is a major release introducing the Intelligent Orchestration System - 10 production-grade commands that coordinate multiple specialist agents for complex development tasks. This release also includes the Tresor Workflow Framework, comprehensive documentation overhaul, and agent structure consolidation.
Highlights:
- 🚀 10 NEW Orchestration Commands (12,682 lines of intelligent orchestration)
- 🤖 Intelligent Agent Selection from 141-agent ecosystem
- 🔄 Multi-Phase Orchestration with dependency verification
- 📚 4 Comprehensive Guides (1,401 lines of documentation)
- 🔗 Complete Workflow Integration (auto-todo creation, meta-prompting, session handoff)
- 📦 Agent Consolidation to
/subagents/(backward compatible)
/audit - Comprehensive Security Audit
- Duration: 2-4 hours
- Phases: 4 (1 parallel + 3 sequential)
- Agents: 4-5 intelligently selected
- Features:
- OWASP Top 10 vulnerability scanning
- Infrastructure security review (AWS, Kubernetes, Docker)
- Active penetration testing (read-only, safe)
- Comprehensive root cause analysis
- Output: Security findings, todos, expert prompts, consolidated report
- Use Case: Quarterly security reviews, pre-audit preparation
/vulnerability-scan - CVE & Dependency Scanning
- Duration: 30-60 minutes
- Phases: 3 (1 parallel + 2 sequential/conditional)
- Agents: 2-4 intelligently selected
- Features:
- NVD/GitHub Advisories correlation
- Dependency tree analysis (transitive vulnerabilities)
- SAST code pattern matching
- Exploit correlation (Exploit-DB, Metasploit)
- Auto-remediation (
--auto-fixflag)
- Output: Vulnerability list with fix commands, auto-upgrades
- Use Case: Weekly security scans, CI/CD integration, pre-deployment checks
/compliance-check - Regulatory Compliance Validation
- Duration: 1-2 hours
- Phases: 4 (1 parallel + 3 sequential)
- Agents: 3-6 based on frameworks
- Features:
- Multi-framework: GDPR, SOC2, HIPAA, PCI-DSS, ISO 27001, CCPA
- Data flow mapping (PII/PHI tracking)
- Technical control validation (encryption, access controls, logging)
- Third-party processor assessment
- Auditor-ready reports (65+ pages)
- Output: Compliance reports, gap analysis, remediation roadmap
- Use Case: Pre-audit preparation, compliance certification, regulatory validation
/profile - Performance Profiling
- Duration: 15 minutes - 2 hours
- Phases: 3 (1 parallel + 2 sequential)
- Agents: 3-5 based on layers
- Features:
- Multi-layer profiling (frontend, backend, database)
- Core Web Vitals (LCP, FID, CLS)
- Database query optimization (EXPLAIN ANALYZE)
- Bundle size analysis
- Root cause analysis for bottlenecks
- Quick wins prioritization (impact × ease)
- Before/after metrics predictions
- Output: Bottleneck analysis, optimization roadmap, performance baseline
- Use Case: Find performance issues, optimize slow endpoints, reduce page load time
/benchmark - Load Testing
- Duration: 5-30 minutes
- Phases: 3 (scenario generation + execution + analysis)
- Agents: 2-4 based on pattern
- Features:
- Intelligent scenario generation (auto-detects API endpoints)
- Multiple test patterns (baseline, stress, spike, soak, scalability)
- Multi-tool support (Locust, Artillery, k6, JMeter)
- Breaking point detection
- Capacity planning with cost-benefit analysis
- Output: Load test results, breaking point, capacity recommendations
- Use Case: Validate optimizations, capacity planning, Black Friday preparation
/deploy-validate - Pre-Deployment Validation
- Duration: 10-20 minutes
- Phases: 3 (1 parallel + 2 sequential)
- Agents: 3-4 intelligently selected
- Features:
- Complete test suite execution (unit, integration, E2E)
- Configuration safety review (prevent config-related outages)
- Security pre-deployment scan
- Environment readiness validation
- Database migration validation
- Risk assessment scoring
- Go/No-Go decision with rationale
- Rollback plan verification
- Output: Deployment approval/block, risk report, monitoring checklist
- Use Case: Before every production deployment, hotfix validation
/health-check - System Health Verification
- Duration: 5-15 minutes
- Phases: 3 (1 parallel + 2 optional)
- Agents: 3-4 based on comprehensive mode
- Features:
- Multi-layer health checks (application, database, infrastructure)
- Anomaly detection (compare current vs historical metrics)
- Business metrics validation
- External dependency verification
- Alert generation (PagerDuty, Slack integration)
- Trend analysis
- Output: Health status, anomalies, alerts, recommendations
- Use Case: Post-deployment verification, continuous monitoring, incident detection
/incident-response - Production Incident Coordination
- Duration: 30 minutes - 2 hours
- Phases: 4 (triage + parallel investigation + RCA + postmortem)
- Agents: 3-5 based on severity
- Features:
- Emergency triage (5-10 min immediate response)
- Parallel specialist investigation (backend, database, infrastructure)
- Comprehensive RCA with detailed timeline
- Blameless postmortem generation
- Action item tracking
- Communication templates
- Output: Triage report, investigation results, RCA, postmortem, action items
- Use Case: Production outages, performance incidents, security breaches
/code-health - Codebase Health Assessment
- Duration: 20-40 minutes
- Phases: 3 (1 parallel + 2 sequential)
- Agents: 3-4 intelligently selected
- Features:
- Code quality metrics (complexity, duplication, code smells)
- Test coverage analysis (unit, integration, E2E)
- Documentation assessment (comments, API docs, README)
- Maintainability scoring (0-10 health rating)
- Best practices compliance
- Output: Health score, quality breakdown, improvement roadmap
- Use Case: Quarterly quality reviews, before major refactors, track quality trends
/debt-analysis - Technical Debt Identification
- Duration: 30-60 minutes
- Phases: 3 (1 parallel + 2 sequential)
- Agents: 3-4 based on categories
- Features:
- Multi-category debt (architecture, code, test, documentation)
- Cost quantification (time wasted per debt item in hours/month)
- Risk assessment (probability × impact)
- Effort estimation (hours to fix)
- ROI-based prioritization (cost saved ÷ effort)
- Strategic refactoring roadmap
- Output: Debt inventory, cost analysis, prioritized roadmap
- Use Case: Plan refactoring, prioritize technical debt, justify refactoring investment
Rebranded from TÂCHES:
- Removed all TÂCHES references, replaced with Tresor Workflow Framework
- Updated 9 files with new branding
- Maintained clean git history
Command Renames (Clean Names):
/create-prompt→/prompt-create/run-prompt→/prompt-run/add-to-todos→/todo-add/check-todos→/todo-check/whats-next→/handoff-create
Complete Integration: All 10 orchestration commands automatically integrate with:
/todo-add- Auto-capture all findings as structured todos/prompt-create- Generate expert prompts for complex fixes/handoff-create- Enable multi-session orchestrations/todo-check- Systematic remediation with agent suggestions
Primary Location: /subagents/ (133 total agents)
- 8 core agents in
/subagents/core/ - 125 specialized agents across 9 team categories
- Color-coded organization
- Comprehensive AGENT-INDEX.md
Backward Compatibility: /agents/ directory
- Maintained with symlinks to
/subagents/core/ - All existing agent invocations work identically
- Deprecation timeline: Removal in v3.0.0 (Q2 2026)
Migration:
- See MIGRATION.md for upgrade guide
- No action required (symlinks ensure compatibility)
- Recommended: Update references to
/subagents/core/for future-proofing
New Comprehensive Guides:
NAVIGATION.md (282 lines)
- Complete repository navigation
- Where to find agents, commands, skills, prompts
- Quick reference by task type, domain, language
- Repository structure overview
MIGRATION.md (404 lines)
- Upgrade guides for v2.6, v2.5, v2.4, v2.0-2.3
- Step-by-step migration instructions
- Breaking changes documentation (from previous versions)
- Deprecation timeline
- Troubleshooting guide
WORKFLOW-GUIDE.md (715 lines)
- Complete Tresor Workflow Framework guide
- Detailed command documentation
- 5 workflow patterns with examples
- Best practices and performance tips
- Tresor ecosystem integration
CHANGELOG.md
- Complete version history
- Semantic versioning compliance
- Migration guides
- Deprecation notices
Industry-First: Auto-select from 141 specialized agents based on tech stack
How it works:
- Scans codebase for languages, frameworks, databases, infrastructure
- Ranks 141 agents by confidence score
- Selects top N agents for each phase (max 3 parallel)
Example:
Detected: React + Express + PostgreSQL + AWS
Selected:
- Phase 1: @security-auditor, @react-security-specialist, @dependency-auditor
- Phase 2: @cloud-architect
- Phase 3: @penetration-tester
Industry-First: Conflict detection for safe parallel agent execution
Verification Checks:
- ✅ No file write conflicts (2 agents writing same file)
- ✅ No data dependencies (Agent B needs Agent A's output)
- ✅ No read-write conflicts (Agent A writes what Agent B reads)
Auto-Fallback: If conflicts detected → Prompts user to run sequentially for safety
Parallel + Sequential Execution:
Typical Pattern:
- Phase 1: Parallel (3 agents investigate simultaneously)
- Phase 2: Sequential (1 agent with Phase 1 context)
- Phase 3: Sequential (1 agent with full context)
- Phase 4: Conditional (only if needed based on findings)
Context Handoff:
- Each phase creates handoff document for next phase
- Agents receive complete context from prior phases
- Enables multi-session orchestrations (pause/resume)
Auto-Integration with 4 Workflow Commands:
/todo-add Integration:
// Every critical/high finding → auto-created todo
for (const finding of criticalFindings) {
await SlashCommand({ command: `/todo-add "${finding}"` });
}
/prompt-create Integration:
// Complex architectural fixes → expert prompts
if (complexIssue) {
await SlashCommand({ command: `/prompt-create "${issue}"` });
}
/handoff-create Integration:
// Multi-hour orchestrations → session handoff
if (duration > 2hours) {
suggestHandoff(); // User can resume in next session
}
/todo-check Integration:
// After orchestration → systematic remediation
// System suggests optimal agents for each todo
# Clone repository
git clone https://github.com/alirezarezvani/claude-code-tresor.git
cd claude-code-tresor
# Full installation (includes 10 orchestration commands)
./scripts/install.sh
# Or install only orchestration commands
./scripts/install.sh --orchestration
# Navigate to repository
cd claude-code-tresor
# Pull latest changes
git pull origin main
# Reinstall
./scripts/install.sh
No breaking changes - All existing workflows continue to work.
See MIGRATION.md for detailed upgrade instructions.
# Quarterly comprehensive security audit
/audit
# Weekly vulnerability scanning
/vulnerability-scan --depth deep
# Auto-fix safe vulnerabilities
/vulnerability-scan --auto-fix
# GDPR compliance validation
/compliance-check --frameworks gdpr
# After findings, systematic remediation:
/todo-check
# → Select todo
# → System suggests optimal agent
# → Fix issue
# Find bottlenecks
/profile --layers frontend,backend,database
# Review findings
cat .tresor/profile-*/final-performance-report.md
# → Found: Missing database index, large bundle, no caching
# Fix bottlenecks (implement quick wins)
/todo-check
# → Add database index (15 min) → -705ms
# → Enable compression (30 min) → -1.6s
# Validate improvements with load testing
/benchmark --duration 5m --rps 100
# → Before: P95 = 680ms
# → After: P95 = 200ms (-70% improvement) ✓
# Find new capacity limits
/benchmark --pattern stress
# → Breaking point: 150 RPS → 800 RPS (5.3x improvement)
# Before deploying to production
/deploy-validate --env production
# Result: GO WITH CAUTION (risk: 35/100)
# - All tests passed ✓
# - 2 config warnings (non-blocking)
# - Post-deployment todos created
# Deploy to production
kubectl apply -f k8s/production/
# Verify deployment health
/health-check --comprehensive
# Result: HEALTHY ✓
# - All services responding
# - No anomalies detected
# - P95 latency within normal range
# If incident occurs
/incident-response --severity p0
# Emergency triage → Investigation → RCA → Postmortem
# Blameless postmortem generated with action items
# Assess codebase health
/code-health
# Result: 7.3/10 (GOOD)
# - Code quality: 7.5/10
# - Test coverage: 8.2/10
# - Documentation: 6.5/10
# - Maintainability: 7.2/10
# Deep-dive into technical debt
/debt-analysis --prioritize roi
# Result: 47 debt items, 450 hours total cost
# Top ROI:
# 1. Add caching (16h effort, 60h/month saved, ROI: 3.75)
# 2. Refactor god classes (40h effort, 15h/month saved, ROI: 0.375)
# Plan refactoring based on ROI
/todo-check
# → Implement high-ROI debt fixes first
# After refactoring, re-assess
/code-health
# → Improved: 7.3 → 8.5 (+1.2 points)
Tech Stack Detection:
Analyzing codebase...
Detected:
- Languages: JavaScript, TypeScript, Python
- Frameworks: React, Express, Django
- Databases: PostgreSQL, Redis
- Infrastructure: Kubernetes, AWS
- Authentication: JWT
Based on detection, selected optimal agents:
- @react-security-specialist (React vulnerabilities)
- @backend-performance-tuner (Express optimization)
- @database-optimizer (PostgreSQL query optimization)
- @kubernetes-sre (K8s health checks)
No Manual Configuration Required!
Example: /audit Execution
Phase 1 (Parallel - 25 minutes):
✓ @security-auditor → 4 findings
✓ @react-security-specialist → 3 findings
✓ @dependency-auditor → 5 findings
Phase 2 (Sequential - 30 minutes):
→ @cloud-architect (received Phase 1 context)
→ 5 infrastructure findings
Phase 3 (Sequential - 50 minutes):
→ @penetration-tester (received Phase 1-2 context)
→ 3 exploitable vulnerabilities confirmed
Phase 4 (Sequential - 40 minutes):
→ @root-cause-analyzer (comprehensive RCA)
→ Root causes identified, preventive measures recommended
Total: 2h 25m, 20 findings, 18 todos, 2 expert prompts
Before Parallel Execution:
Verifying Phase 1 agents can run in parallel...
✓ File write conflicts: None
- @security-auditor writes to phase-1-security.md
- @react-security-specialist writes to phase-1-react.md
- @dependency-auditor writes to phase-1-dependencies.md
- No conflicts ✓
✓ Data dependencies: None
- All agents analyze independently
- No Agent B needs Agent A's output ✓
✓ Read-write conflicts: None
- All agents read source code (read-only)
- No agent writes what another reads ✓
Result: SAFE for parallel execution
If Conflicts Detected:
⚠️ Dependency conflicts detected:
- Agent A and Agent B both write to config.json
- Agent C reads config.json (conflict with A and B)
Options:
1. Run sequentially (safe but slower)
2. Review conflicts manually
3. Cancel orchestration
[User selects sequential] → Agents run one by one
Every orchestration command auto-creates todos:
# During /audit execution:
/todo-add "Fix SQL injection in src/api/users.ts:45-67"
/todo-add "Upgrade lodash@4.17.15 to fix CVE-2024-12345"
/todo-add "Implement GDPR data portability API"
# Result: 18 todos created with:
# - File locations and line numbers
# - Severity ratings
# - Fix estimates
# - Root causes
Complex fixes trigger prompt generation:
# During /compliance-check, complex architectural issue found:
/prompt-create "Design zero-trust microservices architecture for GDPR compliance"
# Generated prompt includes:
# - Project standards from CLAUDE.md
# - Suggested agents: @systems-architect, @backend-architect, @security-auditor
# - Anti-overengineering principles
# - Maintainability constraints (300 line limit)
# Execute prompt:
/prompt-run 001
# → Sub-agent performs comprehensive design
Pause/Resume Long Orchestrations:
# Day 1: Start comprehensive audit (runs 2 hours)
/audit
# After Phase 2, need to pause:
/handoff-create
# → Creates comprehensive session handoff
# → Saves: completed phases, remaining work, full context
# Day 2: Resume audit
/audit --resume --report-id audit-2025-11-19
# → Loads complete context
# → Continues from Phase 3
# → Zero information loss
NAVIGATION.md - Find your way around
- Where to find agents, commands, skills, prompts
- Quick reference by task type and domain
- Repository structure overview
MIGRATION.md - Upgrade guide
- Step-by-step for v2.6, v2.5, v2.4, v2.0-2.3 users
- Breaking changes from previous versions
- Deprecation timeline
- Troubleshooting common issues
WORKFLOW-GUIDE.md - Complete framework guide
- Detailed command documentation
- 5 workflow patterns with examples
- Best practices and performance tips
- Integration with Tresor ecosystem
CHANGELOG.md - Version history
- Semantic versioning
- Complete feature history
- Migration guides
- Deprecation notices
Each README includes:
- Overview and key features
- Quick start examples
- Detailed how-it-works section
- Command options documentation
- Integration with Tresor Workflow
- 3-4 complete workflow examples
- FAQ section
- Troubleshooting guide
- Links to related commands/agents
Total: 6,814 lines of comprehensive command documentation
Before (v2.6.0):
commands/
├── development/scaffold/
├── workflow/
│ ├── review.md (inconsistent)
│ ├── create-prompt/
│ └── ...
├── testing/test-gen/
└── documentation/docs-gen/
After (v2.7.0):
commands/
├── development/scaffold/
├── workflow/
│ ├── review/review.md (consistent)
│ ├── prompt-create/prompt-create.md
│ └── ... (all follow same pattern)
├── testing/test-gen/
├── documentation/docs-gen/
├── security/ (NEW)
├── performance/ (NEW)
├── operations/ (NEW)
└── quality/ (NEW)
All commands now follow: /commands/[category]/[name]/[name].md
Before (v2.6.0):
/agents/- 8 core agents (README.md only, no agent.md)/subagents/- 133 agents (README.md + agent.md)- Duplication and confusion
After (v2.7.0):
/subagents/- PRIMARY (133 agents with agent.md files)/agents/- Symlinks to/subagents/core/(backward compatible)- Clear deprecation notice and migration path
Added Features:
--orchestrationflag for installing only orchestration commandsinstall_orchestration_commands()function- Updated help text with all options
- Enhanced summary showing orchestration commands
Usage:
./scripts/install.sh # Full installation (all 19 commands)
./scripts/install.sh --orchestration # Only 10 orchestration commands
./scripts/install.sh --commands # All 19 commands
./scripts/install.sh --agents # All 133 agents from /subagents/
None - This release is fully backward compatible.
Deprecations (Removal in v3.0.0):
/agents/directory (use/subagents/core/instead)- Maintained via symlinks until v3.0.0 (Q2 2026)
- Fixed inconsistent command directory structure (
review.mdplacement) - Updated outdated agent names in
/agents/README.md(v2.4 → v2.7 naming) - Corrected agent count documentation (141 total, not 8 + 133)
- Fixed TÂCHES references (replaced with Tresor Workflow Framework)
- New Code: 17,221 insertions
- Cleanup: 370 deletions
- Net Addition: 16,851 lines
- Files Changed: 47 files
- Commits: 2 clean commits
- Security: 4,466 lines (35%)
- Performance: 3,709 lines (29%)
- Operations: 5,229 lines (41%)
- Quality: 1,278 lines (10%)
- Command READMEs: 6,814 lines
- Guide Documents: 1,401 lines
- Planning Docs: 1,306 lines
- Total Documentation: 9,521 lines
- Claude Code Team - For creating an amazing platform
- Open Source Community - For inspiration and best practices
- Early Testers - For feedback and validation
- Users - For making this work meaningful
Need Help?
- 📋 GitHub Issues - Report bugs
- 💬 GitHub Discussions - Ask questions
- 📖 Documentation - Complete guides
- 🗺️ Navigation Guide - Find your way around
Upgrade Issues?
- See MIGRATION.md for step-by-step instructions
- See Troubleshooting for common issues
- Bug fixes from community feedback
- Minor documentation improvements
- Command examples and demos
- Enhanced orchestration features
- Additional specialized agents
- Improved CI/CD integration
- Deprecation warnings for v3.0.0 changes
- Breaking: Remove
/agents/directory - Simplified agent structure
- Performance optimizations
- New orchestration capabilities
This release is licensed under the MIT License.
If you find Claude Code Tresor valuable, please consider starring the repository!
v2.7.0 brings:
- 10 powerful orchestration commands
- Intelligent agent selection
- Multi-phase coordination
- Complete workflow integration
- Production-grade safety
Help others discover these tools by starring the repo! ⭐
Made with ❤️ by Alireza Rezvani
Empowering developers with world-class Claude Code utilities
Release: v2.7.0 Date: November 19, 2025 Branch: main Commits: 2 Download: Source code (zip)