@cobusgreyling/loop-init 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -0
- package/dist/cli.d.ts +2 -0
- package/dist/cli.js +296 -0
- package/package.json +45 -0
- package/starters/README.md +33 -0
- package/starters/changelog-drafter/.claude/agents/verifier.md +5 -0
- package/starters/changelog-drafter/.claude/skills/changelog-scan/SKILL.md +11 -0
- package/starters/changelog-drafter/.claude/skills/draft-release-notes/SKILL.md +11 -0
- package/starters/changelog-drafter/.codex/agents/verifier.toml +12 -0
- package/starters/changelog-drafter/.codex/skills/changelog-scan/SKILL.md +9 -0
- package/starters/changelog-drafter/.codex/skills/draft-release-notes/SKILL.md +9 -0
- package/starters/changelog-drafter/.grok/skills/changelog-scan/SKILL.md +53 -0
- package/starters/changelog-drafter/.grok/skills/draft-release-notes/SKILL.md +65 -0
- package/starters/changelog-drafter/.grok/skills/loop-verifier/SKILL.md +40 -0
- package/starters/changelog-drafter/LOOP.md +32 -0
- package/starters/changelog-drafter/README.md +48 -0
- package/starters/changelog-drafter/changelog-drafter-state.md.example +18 -0
- package/starters/ci-sweeper/.claude/agents/loop-verifier.md +35 -0
- package/starters/ci-sweeper/.claude/skills/ci-triage/SKILL.md +29 -0
- package/starters/ci-sweeper/.codex/agents/verifier.toml +15 -0
- package/starters/ci-sweeper/.codex/skills/ci-triage/SKILL.md +29 -0
- package/starters/ci-sweeper/.grok/skills/ci-triage/SKILL.md +29 -0
- package/starters/ci-sweeper/README.md +27 -0
- package/starters/ci-sweeper/ci-sweeper-state.md.example +12 -0
- package/starters/dependency-sweeper/.claude/agents/loop-verifier.md +35 -0
- package/starters/dependency-sweeper/.claude/skills/dependency-triage/SKILL.md +36 -0
- package/starters/dependency-sweeper/.codex/agents/verifier.toml +15 -0
- package/starters/dependency-sweeper/.codex/skills/dependency-triage/SKILL.md +36 -0
- package/starters/dependency-sweeper/.grok/skills/dependency-triage/SKILL.md +36 -0
- package/starters/dependency-sweeper/LOOP.md +30 -0
- package/starters/dependency-sweeper/README.md +46 -0
- package/starters/dependency-sweeper/dependency-sweeper-state.md.example +23 -0
- package/starters/minimal-loop/.grok/skills/loop-triage/SKILL.md +46 -0
- package/starters/minimal-loop/LOOP.md +22 -0
- package/starters/minimal-loop/README.md +41 -0
- package/starters/minimal-loop/STATE.md.example +12 -0
- package/starters/minimal-loop-claude/.claude/agents/loop-verifier.md +35 -0
- package/starters/minimal-loop-claude/.claude/skills/loop-triage/SKILL.md +46 -0
- package/starters/minimal-loop-claude/LOOP.md +32 -0
- package/starters/minimal-loop-claude/README.md +42 -0
- package/starters/minimal-loop-claude/STATE.md.example +12 -0
- package/starters/minimal-loop-codex/.codex/agents/verifier.toml +15 -0
- package/starters/minimal-loop-codex/.codex/skills/loop-triage/SKILL.md +46 -0
- package/starters/minimal-loop-codex/LOOP.md +32 -0
- package/starters/minimal-loop-codex/README.md +49 -0
- package/starters/minimal-loop-codex/STATE.md.example +12 -0
- package/starters/post-merge-cleanup/.claude/agents/loop-verifier.md +35 -0
- package/starters/post-merge-cleanup/.claude/skills/post-merge-scan/SKILL.md +34 -0
- package/starters/post-merge-cleanup/.codex/agents/verifier.toml +15 -0
- package/starters/post-merge-cleanup/.codex/skills/post-merge-scan/SKILL.md +34 -0
- package/starters/post-merge-cleanup/.grok/skills/post-merge-scan/SKILL.md +34 -0
- package/starters/post-merge-cleanup/LOOP.md +22 -0
- package/starters/post-merge-cleanup/README.md +34 -0
- package/starters/post-merge-cleanup/post-merge-state.md.example +22 -0
- package/starters/pr-babysitter/.claude/agents/loop-verifier.md +35 -0
- package/starters/pr-babysitter/.claude/skills/pr-review-triage/SKILL.md +29 -0
- package/starters/pr-babysitter/.codex/agents/verifier.toml +15 -0
- package/starters/pr-babysitter/.codex/skills/pr-review-triage/SKILL.md +29 -0
- package/starters/pr-babysitter/.grok/skills/pr-review-triage/SKILL.md +29 -0
- package/starters/pr-babysitter/LOOP.md +20 -0
- package/starters/pr-babysitter/README.md +36 -0
- package/starters/pr-babysitter/pr-babysitter-state.md.example +19 -0
- package/templates/SKILL.md.loop-triage +54 -0
- package/templates/SKILL.md.minimal-fix +45 -0
- package/templates/SKILL.md.verifier +48 -0
- package/templates/STATE.md.template +22 -0
- package/templates/loop-budget.md.template +22 -0
- package/templates/loop-run-log.md.template +22 -0
- package/templates/pattern-template.md +58 -0
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Loop Configuration — Changelog Drafter
|
|
2
|
+
|
|
3
|
+
## Active Loops
|
|
4
|
+
|
|
5
|
+
| Pattern | Cadence | Status | Command / Trigger |
|
|
6
|
+
|---------|---------|--------|-------------------|
|
|
7
|
+
| Changelog Drafter | 1d or on release prep | L1 (report + draft) first 1–2 weeks | See README |
|
|
8
|
+
|
|
9
|
+
## Human Gates (this project)
|
|
10
|
+
|
|
11
|
+
- Breaking changes → always human review + explicit callout in notes
|
|
12
|
+
- Security notes / CVEs → human must approve wording
|
|
13
|
+
- Major features or marketing-sensitive items → human curates placement / tone
|
|
14
|
+
- First 3 releases with this loop: human must approve the full draft before any automated PR or publish
|
|
15
|
+
|
|
16
|
+
## Budget & Cadence
|
|
17
|
+
|
|
18
|
+
- Max sub-agent spawns per run: 2 (one scanner + one drafter, or drafter + verifier)
|
|
19
|
+
- Prefer running after merges settle (evening or scheduled Action)
|
|
20
|
+
- On release week: switch to manual trigger or tighter window
|
|
21
|
+
|
|
22
|
+
## Output Convention
|
|
23
|
+
|
|
24
|
+
- Draft written to `RELEASE_NOTES_DRAFT.md` (or a section in a release tracking issue)
|
|
25
|
+
- Final approved notes incorporated into `CHANGELOG.md` (or GitHub Release body) by human or allowlisted automation
|
|
26
|
+
- State file updated on every run
|
|
27
|
+
|
|
28
|
+
## Links
|
|
29
|
+
|
|
30
|
+
- Pattern: [changelog-drafter](../../patterns/changelog-drafter.md)
|
|
31
|
+
- Starter: this directory
|
|
32
|
+
- Audit this starter: `npx @cobusgreyling/loop-audit . --suggest`
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# Changelog Drafter Starter
|
|
2
|
+
|
|
3
|
+
Scaffold for the [Changelog Drafter](../../patterns/changelog-drafter.md) loop (L1 report + draft → L2 assisted publish prep). Excellent low-risk second or third loop.
|
|
4
|
+
|
|
5
|
+
## Quick Start
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
# Recommended
|
|
9
|
+
npx @cobusgreyling/loop-init . --pattern changelog-drafter --tool grok
|
|
10
|
+
|
|
11
|
+
# Or manual copy (Grok)
|
|
12
|
+
cp -r starters/changelog-drafter/.grok/skills/changelog-scan .grok/skills/
|
|
13
|
+
cp -r starters/changelog-drafter/.grok/skills/draft-release-notes .grok/skills/
|
|
14
|
+
cp starters/changelog-drafter/changelog-drafter-state.md.example changelog-drafter-state.md
|
|
15
|
+
cp starters/changelog-drafter/LOOP.md .
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
Start (Grok example — report/draft only in week one):
|
|
19
|
+
|
|
20
|
+
```bash
|
|
21
|
+
/loop 1d Run changelog-scan on merges since last tag (or last 7 days). Produce a clean categorized draft in RELEASE_NOTES_DRAFT.md using draft-release-notes skill. Update changelog-drafter-state.md. Never publish or tag without explicit human approval.
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## Files
|
|
25
|
+
|
|
26
|
+
| File | Purpose |
|
|
27
|
+
|------|---------|
|
|
28
|
+
| `changelog-drafter-state.md.example` | Tracks last release, scanned window, pending drafts |
|
|
29
|
+
| `.grok/skills/changelog-scan/` | Discovery / triage of merges + signals |
|
|
30
|
+
| `.grok/skills/draft-release-notes/` | Turns structured list into polished user-facing notes |
|
|
31
|
+
| `LOOP.md` | Cadence, gates, and budget for your team |
|
|
32
|
+
|
|
33
|
+
## Also Bring In (recommended)
|
|
34
|
+
|
|
35
|
+
- `loop-verifier` (or use the human as verifier for L1)
|
|
36
|
+
- Your project's release voice / style guide (add a short section to AGENTS.md or a project skill)
|
|
37
|
+
|
|
38
|
+
## Safety
|
|
39
|
+
|
|
40
|
+
- This loop proposes drafts only. Publishing (updating CHANGELOG.md, creating GitHub releases, pushing tags) should require human review or a very tight allowlist + verifier.
|
|
41
|
+
- Always surface breaking changes and security items explicitly for human sign-off.
|
|
42
|
+
- See [safety.md](../../docs/safety.md) and the pattern doc for full guidance.
|
|
43
|
+
|
|
44
|
+
After copying, run:
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
npx @cobusgreyling/loop-audit . --suggest
|
|
48
|
+
```
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Changelog Drafter State — YOUR_PROJECT
|
|
2
|
+
|
|
3
|
+
Last run: 2026-06-09 18:30 UTC
|
|
4
|
+
Last release tag: v2.14.0 (2026-06-01)
|
|
5
|
+
|
|
6
|
+
## Pending Drafts
|
|
7
|
+
- v2.15.0 (unreleased window: 2026-06-01 → now)
|
|
8
|
+
Items found: 14 PRs + 3 direct commits
|
|
9
|
+
Draft file: RELEASE_NOTES_DRAFT.md
|
|
10
|
+
Status: draft ready — awaiting human review
|
|
11
|
+
Notable: 1 breaking, 2 security-related (see draft)
|
|
12
|
+
|
|
13
|
+
## Recently Published
|
|
14
|
+
- v2.14.0 — published 2026-06-01 (human reviewed draft)
|
|
15
|
+
|
|
16
|
+
## Scan Window Notes
|
|
17
|
+
- Ignore Dependabot / Renovate PRs (handled by dependency-sweeper)
|
|
18
|
+
- Direct commits on main are included if they have conventional type or linked issue
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: loop-verifier
|
|
3
|
+
description: Independent checker for loop-produced changes. Rejects unless tests pass and scope is minimal. Never implement fixes.
|
|
4
|
+
model: inherit
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
You are the **checker** in a maker/checker split. Your job is to **reject** unless evidence is strong.
|
|
8
|
+
|
|
9
|
+
## Checklist (all must pass for APPROVE)
|
|
10
|
+
|
|
11
|
+
1. **Scope**: Only relevant files changed; no denylist paths; no unrelated edits.
|
|
12
|
+
2. **Intent**: Change clearly addresses the stated target — not a different problem.
|
|
13
|
+
3. **Tests**: You ran tests (or equivalent) and report pass/fail with output snippet.
|
|
14
|
+
4. **No cheating**: No disabled tests, skipped assertions, or commented-out checks.
|
|
15
|
+
5. **Risk**: For medium+ risk, recommend human review even if tests pass.
|
|
16
|
+
|
|
17
|
+
## Output
|
|
18
|
+
|
|
19
|
+
```markdown
|
|
20
|
+
## Verdict: APPROVE | REJECT | ESCALATE_HUMAN
|
|
21
|
+
|
|
22
|
+
### Evidence
|
|
23
|
+
- Tests: (command + result)
|
|
24
|
+
- Scope check: (pass/fail + notes)
|
|
25
|
+
|
|
26
|
+
### If REJECT
|
|
27
|
+
- Reasons: (numbered, specific)
|
|
28
|
+
- Suggested next step for implementer
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
## Rules
|
|
32
|
+
|
|
33
|
+
- Default stance: REJECT until proven otherwise.
|
|
34
|
+
- Do not trust the implementer's claim that tests passed — run them.
|
|
35
|
+
- If you cannot run tests (env issue) → ESCALATE_HUMAN.
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ci-triage
|
|
3
|
+
description: >
|
|
4
|
+
Parse CI failures, identify failing job/step, classify as flake, regression,
|
|
5
|
+
env, or config. Use in CI sweeper loops before any fix attempt.
|
|
6
|
+
user_invocable: true
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# CI Triage Skill
|
|
10
|
+
|
|
11
|
+
## Output per failure
|
|
12
|
+
|
|
13
|
+
```markdown
|
|
14
|
+
### Failure — branch @ sha
|
|
15
|
+
- Job / step:
|
|
16
|
+
- Error (1-3 lines):
|
|
17
|
+
- Classification: flake | regression | env | config
|
|
18
|
+
- Actionable: yes | no
|
|
19
|
+
- Suggested loop action: minimal-fix | watch | escalate-human
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Classification Rules
|
|
23
|
+
|
|
24
|
+
- **flake**: intermittent, passed on retry, no code change
|
|
25
|
+
- **regression**: new failure correlated with recent commit
|
|
26
|
+
- **env**: runner, registry, secrets, quota
|
|
27
|
+
- **config**: workflow, dependency install, cache
|
|
28
|
+
|
|
29
|
+
Env failures → escalate-human. Do not "fix" with code changes.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
name = "verifier"
|
|
2
|
+
description = "Rejects loop fixes unless tests pass and scope is minimal. Never implements fixes."
|
|
3
|
+
instructions = """
|
|
4
|
+
You are the checker in a maker/checker split. Default stance: REJECT until proven otherwise.
|
|
5
|
+
|
|
6
|
+
Checklist (all must pass for APPROVE):
|
|
7
|
+
1. Scope — only relevant files; no denylist paths
|
|
8
|
+
2. Intent — addresses the stated target
|
|
9
|
+
3. Tests — you ran them and report pass/fail with output
|
|
10
|
+
4. No cheating — no disabled tests or skipped assertions
|
|
11
|
+
5. Risk — recommend human review for medium+ risk even if tests pass
|
|
12
|
+
|
|
13
|
+
Output verdict: APPROVE | REJECT | ESCALATE_HUMAN with evidence.
|
|
14
|
+
"""
|
|
15
|
+
reasoning_effort = "high"
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ci-triage
|
|
3
|
+
description: >
|
|
4
|
+
Parse CI failures, identify failing job/step, classify as flake, regression,
|
|
5
|
+
env, or config. Use in CI sweeper loops before any fix attempt.
|
|
6
|
+
user_invocable: true
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# CI Triage Skill
|
|
10
|
+
|
|
11
|
+
## Output per failure
|
|
12
|
+
|
|
13
|
+
```markdown
|
|
14
|
+
### Failure — branch @ sha
|
|
15
|
+
- Job / step:
|
|
16
|
+
- Error (1-3 lines):
|
|
17
|
+
- Classification: flake | regression | env | config
|
|
18
|
+
- Actionable: yes | no
|
|
19
|
+
- Suggested loop action: minimal-fix | watch | escalate-human
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Classification Rules
|
|
23
|
+
|
|
24
|
+
- **flake**: intermittent, passed on retry, no code change
|
|
25
|
+
- **regression**: new failure correlated with recent commit
|
|
26
|
+
- **env**: runner, registry, secrets, quota
|
|
27
|
+
- **config**: workflow, dependency install, cache
|
|
28
|
+
|
|
29
|
+
Env failures → escalate-human. Do not "fix" with code changes.
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ci-triage
|
|
3
|
+
description: >
|
|
4
|
+
Parse CI failures, identify failing job/step, classify as flake, regression,
|
|
5
|
+
env, or config. Use in CI sweeper loops before any fix attempt.
|
|
6
|
+
user_invocable: true
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# CI Triage Skill
|
|
10
|
+
|
|
11
|
+
## Output per failure
|
|
12
|
+
|
|
13
|
+
```markdown
|
|
14
|
+
### Failure — branch @ sha
|
|
15
|
+
- Job / step:
|
|
16
|
+
- Error (1-3 lines):
|
|
17
|
+
- Classification: flake | regression | env | config
|
|
18
|
+
- Actionable: yes | no
|
|
19
|
+
- Suggested loop action: minimal-fix | watch | escalate-human
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Classification Rules
|
|
23
|
+
|
|
24
|
+
- **flake**: intermittent, passed on retry, no code change
|
|
25
|
+
- **regression**: new failure correlated with recent commit
|
|
26
|
+
- **env**: runner, registry, secrets, quota
|
|
27
|
+
- **config**: workflow, dependency install, cache
|
|
28
|
+
|
|
29
|
+
Env failures → escalate-human. Do not "fix" with code changes.
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# CI Sweeper Starter
|
|
2
|
+
|
|
3
|
+
Scaffold for the [CI Sweeper](../../patterns/ci-sweeper.md) loop.
|
|
4
|
+
|
|
5
|
+
## Quick Start
|
|
6
|
+
|
|
7
|
+
1. Copy skills and state:
|
|
8
|
+
```bash
|
|
9
|
+
npx @cobusgreyling/loop-init . --pattern ci-sweeper --tool grok
|
|
10
|
+
# Or manual:
|
|
11
|
+
mkdir -p .grok/skills
|
|
12
|
+
cp -r starters/ci-sweeper/.grok/skills/ci-triage .grok/skills/
|
|
13
|
+
cp templates/SKILL.md.minimal-fix .grok/skills/minimal-fix/SKILL.md
|
|
14
|
+
cp templates/SKILL.md.verifier .grok/skills/loop-verifier/SKILL.md
|
|
15
|
+
cp starters/ci-sweeper/ci-sweeper-state.md.example ci-sweeper-state.md
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
2. Add GitHub Action (optional): `examples/github-actions/ci-sweeper.yml`
|
|
19
|
+
|
|
20
|
+
3. Start (Grok):
|
|
21
|
+
```bash
|
|
22
|
+
/loop 15m Check CI on main. Update ci-sweeper-state.md. Classify failures. For new actionable failures (not flakes): worktree + minimal-fix + loop-verifier. Escalate after 3 attempts.
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
## Flake Policy
|
|
26
|
+
|
|
27
|
+
If the same test failed and passed on retry without code change → Watch, do not auto-fix.
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: loop-verifier
|
|
3
|
+
description: Independent checker for loop-produced changes. Rejects unless tests pass and scope is minimal. Never implement fixes.
|
|
4
|
+
model: inherit
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
You are the **checker** in a maker/checker split. Your job is to **reject** unless evidence is strong.
|
|
8
|
+
|
|
9
|
+
## Checklist (all must pass for APPROVE)
|
|
10
|
+
|
|
11
|
+
1. **Scope**: Only relevant files changed; no denylist paths; no unrelated edits.
|
|
12
|
+
2. **Intent**: Change clearly addresses the stated target — not a different problem.
|
|
13
|
+
3. **Tests**: You ran tests (or equivalent) and report pass/fail with output snippet.
|
|
14
|
+
4. **No cheating**: No disabled tests, skipped assertions, or commented-out checks.
|
|
15
|
+
5. **Risk**: For medium+ risk, recommend human review even if tests pass.
|
|
16
|
+
|
|
17
|
+
## Output
|
|
18
|
+
|
|
19
|
+
```markdown
|
|
20
|
+
## Verdict: APPROVE | REJECT | ESCALATE_HUMAN
|
|
21
|
+
|
|
22
|
+
### Evidence
|
|
23
|
+
- Tests: (command + result)
|
|
24
|
+
- Scope check: (pass/fail + notes)
|
|
25
|
+
|
|
26
|
+
### If REJECT
|
|
27
|
+
- Reasons: (numbered, specific)
|
|
28
|
+
- Suggested next step for implementer
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
## Rules
|
|
32
|
+
|
|
33
|
+
- Default stance: REJECT until proven otherwise.
|
|
34
|
+
- Do not trust the implementer's claim that tests passed — run them.
|
|
35
|
+
- If you cannot run tests (env issue) → ESCALATE_HUMAN.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dependency-triage
|
|
3
|
+
description: >
|
|
4
|
+
Scan package manifests and lockfiles for outdated packages and known CVEs.
|
|
5
|
+
Groups updates by risk (patch, minor, major). Use in dependency sweeper loops.
|
|
6
|
+
user_invocable: true
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Dependency Triage Skill
|
|
10
|
+
|
|
11
|
+
## Output per package
|
|
12
|
+
|
|
13
|
+
```markdown
|
|
14
|
+
### package-name (ecosystem: npm|pip|go|etc.)
|
|
15
|
+
- Current: x.y.z
|
|
16
|
+
- Suggested: x.y.z
|
|
17
|
+
- Risk: patch | minor | major
|
|
18
|
+
- CVE: none | CVE-XXXX (severity)
|
|
19
|
+
- Actionable: yes | no (denylist / human gate)
|
|
20
|
+
- Suggested loop action: patch-in-worktree | escalate-human | skip
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
## Classification Rules
|
|
24
|
+
|
|
25
|
+
- **patch**: semver patch or lockfile-only security fix with no API change
|
|
26
|
+
- **minor**: semver minor — cautious, verifier required
|
|
27
|
+
- **major**: always escalate-human unless explicitly pre-approved in state
|
|
28
|
+
- **denylist**: packages in state denylist → escalate-human, no auto-touch
|
|
29
|
+
- **high-severity CVE**: escalate if fix requires major or breaking change
|
|
30
|
+
|
|
31
|
+
## Rules
|
|
32
|
+
|
|
33
|
+
- Prefer the smallest safe bump that resolves the advisory.
|
|
34
|
+
- Never bundle unrelated package updates in one change.
|
|
35
|
+
- Record human overrides from `dependency-sweeper-state.md` every run.
|
|
36
|
+
- If lockfile conflict or peer dependency warning → escalate-human.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
name = "verifier"
|
|
2
|
+
description = "Rejects loop fixes unless tests pass and scope is minimal. Never implements fixes."
|
|
3
|
+
instructions = """
|
|
4
|
+
You are the checker in a maker/checker split. Default stance: REJECT until proven otherwise.
|
|
5
|
+
|
|
6
|
+
Checklist (all must pass for APPROVE):
|
|
7
|
+
1. Scope — only relevant files; no denylist paths
|
|
8
|
+
2. Intent — addresses the stated target
|
|
9
|
+
3. Tests — you ran them and report pass/fail with output
|
|
10
|
+
4. No cheating — no disabled tests or skipped assertions
|
|
11
|
+
5. Risk — recommend human review for medium+ risk even if tests pass
|
|
12
|
+
|
|
13
|
+
Output verdict: APPROVE | REJECT | ESCALATE_HUMAN with evidence.
|
|
14
|
+
"""
|
|
15
|
+
reasoning_effort = "high"
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dependency-triage
|
|
3
|
+
description: >
|
|
4
|
+
Scan package manifests and lockfiles for outdated packages and known CVEs.
|
|
5
|
+
Groups updates by risk (patch, minor, major). Use in dependency sweeper loops.
|
|
6
|
+
user_invocable: true
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Dependency Triage Skill
|
|
10
|
+
|
|
11
|
+
## Output per package
|
|
12
|
+
|
|
13
|
+
```markdown
|
|
14
|
+
### package-name (ecosystem: npm|pip|go|etc.)
|
|
15
|
+
- Current: x.y.z
|
|
16
|
+
- Suggested: x.y.z
|
|
17
|
+
- Risk: patch | minor | major
|
|
18
|
+
- CVE: none | CVE-XXXX (severity)
|
|
19
|
+
- Actionable: yes | no (denylist / human gate)
|
|
20
|
+
- Suggested loop action: patch-in-worktree | escalate-human | skip
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
## Classification Rules
|
|
24
|
+
|
|
25
|
+
- **patch**: semver patch or lockfile-only security fix with no API change
|
|
26
|
+
- **minor**: semver minor — cautious, verifier required
|
|
27
|
+
- **major**: always escalate-human unless explicitly pre-approved in state
|
|
28
|
+
- **denylist**: packages in state denylist → escalate-human, no auto-touch
|
|
29
|
+
- **high-severity CVE**: escalate if fix requires major or breaking change
|
|
30
|
+
|
|
31
|
+
## Rules
|
|
32
|
+
|
|
33
|
+
- Prefer the smallest safe bump that resolves the advisory.
|
|
34
|
+
- Never bundle unrelated package updates in one change.
|
|
35
|
+
- Record human overrides from `dependency-sweeper-state.md` every run.
|
|
36
|
+
- If lockfile conflict or peer dependency warning → escalate-human.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dependency-triage
|
|
3
|
+
description: >
|
|
4
|
+
Scan package manifests and lockfiles for outdated packages and known CVEs.
|
|
5
|
+
Groups updates by risk (patch, minor, major). Use in dependency sweeper loops.
|
|
6
|
+
user_invocable: true
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Dependency Triage Skill
|
|
10
|
+
|
|
11
|
+
## Output per package
|
|
12
|
+
|
|
13
|
+
```markdown
|
|
14
|
+
### package-name (ecosystem: npm|pip|go|etc.)
|
|
15
|
+
- Current: x.y.z
|
|
16
|
+
- Suggested: x.y.z
|
|
17
|
+
- Risk: patch | minor | major
|
|
18
|
+
- CVE: none | CVE-XXXX (severity)
|
|
19
|
+
- Actionable: yes | no (denylist / human gate)
|
|
20
|
+
- Suggested loop action: patch-in-worktree | escalate-human | skip
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
## Classification Rules
|
|
24
|
+
|
|
25
|
+
- **patch**: semver patch or lockfile-only security fix with no API change
|
|
26
|
+
- **minor**: semver minor — cautious, verifier required
|
|
27
|
+
- **major**: always escalate-human unless explicitly pre-approved in state
|
|
28
|
+
- **denylist**: packages in state denylist → escalate-human, no auto-touch
|
|
29
|
+
- **high-severity CVE**: escalate if fix requires major or breaking change
|
|
30
|
+
|
|
31
|
+
## Rules
|
|
32
|
+
|
|
33
|
+
- Prefer the smallest safe bump that resolves the advisory.
|
|
34
|
+
- Never bundle unrelated package updates in one change.
|
|
35
|
+
- Record human overrides from `dependency-sweeper-state.md` every run.
|
|
36
|
+
- If lockfile conflict or peer dependency warning → escalate-human.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# Loop Configuration — Dependency Sweeper
|
|
2
|
+
|
|
3
|
+
## Active Loops
|
|
4
|
+
|
|
5
|
+
| Pattern | Cadence | Status | Command |
|
|
6
|
+
|---------|---------|--------|---------|
|
|
7
|
+
| Dependency Sweeper | 6h | L2 assisted (patch-only) | See README |
|
|
8
|
+
|
|
9
|
+
## Human Gates
|
|
10
|
+
|
|
11
|
+
- Major version bumps → human approval always
|
|
12
|
+
- High-severity CVE requiring breaking change → human
|
|
13
|
+
- Denylist packages (edit in state file) → never auto-touch
|
|
14
|
+
- No auto-merge without verifier pass + allowlist
|
|
15
|
+
|
|
16
|
+
## Worktrees
|
|
17
|
+
|
|
18
|
+
- One worktree per package update attempt
|
|
19
|
+
- Discard worktree on REJECT or after human escalation
|
|
20
|
+
|
|
21
|
+
## Budget
|
|
22
|
+
|
|
23
|
+
- Max sub-agent spawns per run: 3
|
|
24
|
+
- Max auto-PRs per day: 5
|
|
25
|
+
- Pause if token budget exceeded (see `templates/loop-budget.md.template`)
|
|
26
|
+
|
|
27
|
+
## Links
|
|
28
|
+
|
|
29
|
+
- Pattern: [dependency-sweeper](../../patterns/dependency-sweeper.md)
|
|
30
|
+
- Safety: [safety.md](../../docs/safety.md)
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# Dependency Sweeper Starter
|
|
2
|
+
|
|
3
|
+
Clone-and-run scaffold for the **Dependency Sweeper** pattern (L2 assisted, patch-only with strong verifier gates).
|
|
4
|
+
|
|
5
|
+
## Quick Start
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
npx @cobusgreyling/loop-init . --pattern dependency-sweeper --tool grok
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
Or manual copy:
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
cp -r starters/dependency-sweeper/.grok/skills/dependency-triage .grok/skills/
|
|
15
|
+
mkdir -p .grok/skills/loop-verifier .grok/skills/minimal-fix
|
|
16
|
+
cp templates/SKILL.md.verifier .grok/skills/loop-verifier/SKILL.md
|
|
17
|
+
cp templates/SKILL.md.minimal-fix .grok/skills/minimal-fix/SKILL.md
|
|
18
|
+
cp starters/dependency-sweeper/dependency-sweeper-state.md.example dependency-sweeper-state.md
|
|
19
|
+
cp starters/dependency-sweeper/LOOP.md .
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
Claude Code / Codex: use `--tool claude` or `--tool codex` with `loop-init`.
|
|
23
|
+
|
|
24
|
+
Start (Grok):
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
/loop 6h Run dependency-triage on package manifests and lockfiles. Patch-only auto-fix in worktree + verifier (npm ci && npm test). Escalate majors, high-sev CVEs, and denylist packages. Update dependency-sweeper-state.md.
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
## What's Included
|
|
31
|
+
|
|
32
|
+
| File | Purpose |
|
|
33
|
+
|------|---------|
|
|
34
|
+
| `dependency-sweeper-state.md.example` | State spine (in-flight updates, denylist) |
|
|
35
|
+
| `.grok/.claude/.codex/skills/dependency-triage/` | Triage skill (all tools) |
|
|
36
|
+
| `.claude/agents/loop-verifier.md` | Checker agent |
|
|
37
|
+
| `.codex/agents/verifier.toml` | Checker subagent |
|
|
38
|
+
| `LOOP.md` | Cadence, gates, budget |
|
|
39
|
+
|
|
40
|
+
## Next Steps
|
|
41
|
+
|
|
42
|
+
- [patterns/dependency-sweeper.md](../../patterns/dependency-sweeper.md)
|
|
43
|
+
- [docs/loop-design-checklist.md](../../docs/loop-design-checklist.md)
|
|
44
|
+
- [stories/dependency-sweeper-week-one.md](../../stories/dependency-sweeper-week-one.md)
|
|
45
|
+
|
|
46
|
+
**Safety**: Majors and high-severity breaking fixes stay behind explicit human gates.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Dependency Sweeper State — YOUR_PROJECT
|
|
2
|
+
|
|
3
|
+
Last run: 2025-06-09T08:30:00Z
|
|
4
|
+
Status: report-only (week 1)
|
|
5
|
+
|
|
6
|
+
## Watched manifests
|
|
7
|
+
- package.json + package-lock.json (root)
|
|
8
|
+
- (add frontend/, services/* etc. as you expand)
|
|
9
|
+
|
|
10
|
+
## In-flight / recent
|
|
11
|
+
|
|
12
|
+
<!-- Example entries the loop will maintain -->
|
|
13
|
+
- (none yet — first run will populate)
|
|
14
|
+
|
|
15
|
+
## Human decisions & denylist (edit these)
|
|
16
|
+
|
|
17
|
+
Denylist (do not auto-touch during this sprint):
|
|
18
|
+
- react
|
|
19
|
+
- next
|
|
20
|
+
- @company/core-auth
|
|
21
|
+
|
|
22
|
+
Human overrides:
|
|
23
|
+
- (none)
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: loop-triage
|
|
3
|
+
description: >
|
|
4
|
+
Triage recent changes, CI failures, issues, and conversations.
|
|
5
|
+
Produces a concise, actionable findings report suitable for a loop to consume.
|
|
6
|
+
Writes structured output to a state file or Linear board.
|
|
7
|
+
user_invocable: true
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Loop Triage Skill
|
|
11
|
+
|
|
12
|
+
You are an expert engineering triage agent. Your job is to produce a clean, prioritized list of things that a loop should consider acting on.
|
|
13
|
+
|
|
14
|
+
## Inputs (the loop will provide these)
|
|
15
|
+
- Recent CI / test failures (last 24h)
|
|
16
|
+
- Open issues / Linear tickets assigned to the team
|
|
17
|
+
- Recent commits on main (last 24–48h)
|
|
18
|
+
- Any Slack / chat threads the loop has visibility into
|
|
19
|
+
- The current state file (what the loop already knows about)
|
|
20
|
+
|
|
21
|
+
## Output Format
|
|
22
|
+
|
|
23
|
+
Produce a markdown report with these sections:
|
|
24
|
+
|
|
25
|
+
### 1. High-Priority Items (act on these)
|
|
26
|
+
- Clear, one-line description
|
|
27
|
+
- Why it matters (impact, risk, or customer pain)
|
|
28
|
+
- Suggested next action for the loop (e.g. "draft minimal fix in isolated worktree")
|
|
29
|
+
- Rough effort estimate
|
|
30
|
+
|
|
31
|
+
### 2. Watch Items (monitor, do not act yet)
|
|
32
|
+
- Same format but lower urgency
|
|
33
|
+
|
|
34
|
+
### 3. Noise / Ignore
|
|
35
|
+
- Brief list of things the loop looked at and decided were not worth action
|
|
36
|
+
|
|
37
|
+
### 4. State Updates
|
|
38
|
+
- Any facts the loop should remember for the next run (e.g. "PR #1234 now has 2 approvals")
|
|
39
|
+
|
|
40
|
+
## Rules
|
|
41
|
+
|
|
42
|
+
- Be brutally concise. The loop (and the human reading the state) will thank you.
|
|
43
|
+
- Only put something in "High-Priority" if a reasonable engineer would want to know about it today.
|
|
44
|
+
- When in doubt, put it in Watch or Noise rather than creating work.
|
|
45
|
+
- Never propose architectural overhauls during triage — this skill is for signal, not invention.
|
|
46
|
+
- Respect the project's existing skills and conventions (they will be provided in context).
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Loop Configuration — Minimal Triage
|
|
2
|
+
|
|
3
|
+
## Active Loops
|
|
4
|
+
|
|
5
|
+
| Pattern | Cadence | Status | Command |
|
|
6
|
+
|---------|---------|--------|---------|
|
|
7
|
+
| Daily Triage | 1d | L1 report-only | See README |
|
|
8
|
+
|
|
9
|
+
## Human Gates
|
|
10
|
+
|
|
11
|
+
- No auto-fix until L2 checklist complete
|
|
12
|
+
- All high-risk paths: human review required
|
|
13
|
+
|
|
14
|
+
## Budget
|
|
15
|
+
|
|
16
|
+
- Max sub-agent spawns per run: 0 (L1)
|
|
17
|
+
- Review STATE.md daily
|
|
18
|
+
|
|
19
|
+
## Links
|
|
20
|
+
|
|
21
|
+
- Pattern: [daily-triage](../../patterns/daily-triage.md)
|
|
22
|
+
- Checklist: [loop-design-checklist](../../docs/loop-design-checklist.md)
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Minimal Loop Starter
|
|
2
|
+
|
|
3
|
+
Clone this into your project root to run a **report-only daily triage loop** (L1 readiness).
|
|
4
|
+
|
|
5
|
+
## Quick Start
|
|
6
|
+
|
|
7
|
+
1. Copy files into your repo:
|
|
8
|
+
```bash
|
|
9
|
+
cp -r starters/minimal-loop/.grok/skills/loop-triage .grok/skills/ # Grok
|
|
10
|
+
cp starters/minimal-loop/STATE.md.example STATE.md
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
2. Customize `STATE.md` project name.
|
|
14
|
+
|
|
15
|
+
3. Start the loop (Grok):
|
|
16
|
+
```bash
|
|
17
|
+
/loop 1d Run the loop-triage skill. Read STATE.md first. Append high-priority and watch items. Update Last run timestamp. Do not auto-fix anything in week one.
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
4. Read `STATE.md` each morning for 1–2 weeks. Tune the triage skill.
|
|
21
|
+
|
|
22
|
+
5. When triage quality is good, add `minimal-fix` + `loop-verifier` from `templates/` and enable small auto-wins.
|
|
23
|
+
|
|
24
|
+
## What's Included
|
|
25
|
+
|
|
26
|
+
| File | Purpose |
|
|
27
|
+
|------|---------|
|
|
28
|
+
| `STATE.md.example` | State spine template |
|
|
29
|
+
| `.grok/skills/loop-triage/SKILL.md` | Triage skill |
|
|
30
|
+
| `LOOP.md` | Loop config doc for your team |
|
|
31
|
+
|
|
32
|
+
## Other tools
|
|
33
|
+
|
|
34
|
+
- Claude Code: [minimal-loop-claude](../minimal-loop-claude/)
|
|
35
|
+
- Codex: [minimal-loop-codex](../minimal-loop-codex/)
|
|
36
|
+
|
|
37
|
+
## Next Steps
|
|
38
|
+
|
|
39
|
+
- [Loop Design Checklist](../../docs/loop-design-checklist.md)
|
|
40
|
+
- [Daily Triage pattern](../../patterns/daily-triage.md)
|
|
41
|
+
- Run `npx @cobusgreyling/loop-audit .` for readiness score
|