@qball-inc/the-bulwark 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/.claude-plugin/plugin.json +50 -42
  2. package/CHANGELOG.md +102 -30
  3. package/CONTRIBUTING.md +52 -0
  4. package/README.md +97 -328
  5. package/hooks/hooks.json +100 -88
  6. package/package.json +46 -46
  7. package/scripts/hooks/bulwark-permission-hook.sh +306 -0
  8. package/skills/anthropic-validator/SKILL.md +6 -0
  9. package/skills/anthropic-validator/references/skills-checklist.md +2 -1
  10. package/skills/anthropic-validator/references/skills-validation.md +2 -1
  11. package/skills/assertion-patterns/SKILL.md +3 -0
  12. package/skills/bug-magnet-data/SKILL.md +3 -0
  13. package/skills/bulwark-brainstorm/SKILL.md +8 -0
  14. package/skills/bulwark-research/SKILL.md +8 -0
  15. package/skills/bulwark-scaffold/SKILL.md +75 -2
  16. package/skills/bulwark-statusline/SKILL.md +3 -1
  17. package/skills/bulwark-verify/SKILL.md +9 -0
  18. package/skills/code-review/SKILL.md +72 -89
  19. package/skills/code-review/references/diagnostic-schema.md +119 -0
  20. package/skills/component-patterns/SKILL.md +3 -0
  21. package/skills/continuous-feedback/SKILL.md +9 -0
  22. package/skills/create-skill/SKILL.md +9 -0
  23. package/skills/create-subagent/SKILL.md +7 -0
  24. package/skills/fix-bug/SKILL.md +4 -0
  25. package/skills/governance-protocol/SKILL.md +1 -0
  26. package/skills/init/SKILL.md +6 -0
  27. package/skills/issue-debugging/SKILL.md +3 -0
  28. package/skills/mock-detection/SKILL.md +5 -0
  29. package/skills/pipeline-templates/SKILL.md +3 -0
  30. package/skills/plan-creation/SKILL.md +10 -0
  31. package/skills/plan-to-tasks/SKILL.md +8 -0
  32. package/skills/product-ideation/SKILL.md +6 -0
  33. package/skills/session-handoff/SKILL.md +4 -0
  34. package/skills/setup-lsp/SKILL.md +6 -0
  35. package/skills/spec-drift-check/SKILL.md +8 -5
  36. package/skills/subagent-output-templating/SKILL.md +2 -0
  37. package/skills/subagent-prompting/SKILL.md +2 -0
  38. package/skills/test-audit/SKILL.md +10 -0
  39. package/skills/test-classification/SKILL.md +5 -0
  40. package/skills/test-fixture-creation/SKILL.md +6 -0
package/skills/pipeline-templates/SKILL.md CHANGED
@@ -3,6 +3,9 @@ name: pipeline-templates
3
3
  description: Pre-defined F# pipe workflows for multi-agent orchestration. Provides code review, fix validation, test audit, new feature, research & planning, and test execution pipelines. Triggered via PostToolUse hook after significant code changes.
4
4
  when_to_use: Loaded by the Stop hook (`suggest-pipeline-stop.sh`) when uncovered code/test/script changes accumulate this turn — provides the canonical F# pipe definitions the orchestrator follows when responding to the hook's `decision: block` reason text. Also loadable directly when the orchestrator needs to consult a pipeline definition (e.g., before running Code Review, Test Audit, Fix Validation, New Feature, or Research & Planning workflows).
5
5
  user-invocable: false
6
+ allowed-tools:
7
+ - Read
8
+ - Skill
6
9
  version: 1.0.2
7
10
  author: "Ashay Kubal @ Qball Inc."
8
11
  ---
package/skills/plan-creation/SKILL.md CHANGED
@@ -6,6 +6,16 @@ user-invocable: true
6
6
  argument-hint: "<topic, filepath, or directory> [--doc <path>] [--research <synthesis-file>]"
7
7
  skills:
8
8
  - subagent-prompting
9
+ allowed-tools:
10
+ - AskUserQuestion
11
+ - Bash
12
+ - Edit
13
+ - Glob
14
+ - Grep
15
+ - Read
16
+ - Skill
17
+ - Task
18
+ - Write
9
19
  version: 1.0.2
10
20
  author: "Ashay Kubal @ Qball Inc."
11
21
  ---
package/skills/plan-to-tasks/SKILL.md CHANGED
@@ -6,6 +6,14 @@ user-invocable: true
6
6
  argument-hint: "<path-to-plan_v{N}.md>"
7
7
  skills:
8
8
  - subagent-prompting
9
+ allowed-tools:
10
+ - AskUserQuestion
11
+ - Edit
12
+ - Glob
13
+ - Read
14
+ - Skill
15
+ - Task
16
+ - Write
9
17
  version: 1.0.0
10
18
  author: "Ashay Kubal @ Qball Inc."
11
19
  ---
package/skills/product-ideation/SKILL.md CHANGED
@@ -5,6 +5,12 @@ user-invocable: true
5
5
  argument-hint: "<idea-description> | --doc <path-to-idea-file>"
6
6
  skills:
7
7
  - subagent-prompting
8
+ allowed-tools:
9
+ - AskUserQuestion
10
+ - Read
11
+ - Skill
12
+ - Task
13
+ - Write
8
14
  version: 1.0.0
9
15
  author: "Ashay Kubal @ Qball Inc."
10
16
  ---
package/skills/session-handoff/SKILL.md CHANGED
@@ -2,6 +2,10 @@
2
2
  name: session-handoff
3
3
  description: Create consistent session handoff documents for context transfer between sessions. Use when closing a session, reaching 75% token consumption, or when user requests handoff. Ensures proper YAML headers for metrics collection, LF line endings, and complete documentation of progress, decisions, and next steps.
4
4
  user-invocable: true
5
+ allowed-tools:
6
+ - AskUserQuestion
7
+ - Read
8
+ - Write
5
9
  version: 1.0.0
6
10
  author: "Ashay Kubal @ Qball Inc."
7
11
  ---
package/skills/setup-lsp/SKILL.md CHANGED
@@ -3,6 +3,12 @@ name: setup-lsp
3
3
  description: Configures Language Server Protocol integration for Claude Code projects. Use when setting up LSP servers, verifying post-restart initialization, or troubleshooting broken LSP configurations.
4
4
  user-invocable: true
5
5
  argument-hint: "[--lang <languages>] [--verify | --troubleshoot]"
6
+ allowed-tools:
7
+ - AskUserQuestion
8
+ - Bash
9
+ - Edit
10
+ - Read
11
+ - Write
6
12
  version: 1.0.0
7
13
  author: "Ashay Kubal @ Qball Inc."
8
14
  ---
package/skills/spec-drift-check/SKILL.md CHANGED
@@ -6,12 +6,15 @@ argument-hint: "<spec-path> [<additional-context>]"
6
6
  arguments: spec_path
7
7
  user-invocable: true
8
8
  allowed-tools:
9
+ - AskUserQuestion
9
10
  - Bash
10
- - Read
11
- - Grep
12
11
  - Glob
12
+ - Grep
13
+ - Read
13
14
  - Write
14
- version: 1.0.0
15
+ disallowed-tools:
16
+ - Edit
17
+ version: 1.0.1
15
18
  author: "Ashay Kubal @ Qball Inc."
16
19
  ---
17
20
 
@@ -37,7 +40,7 @@ Audits a Work Package brief (or any spec document) for drift against the current
37
40
  - Test audit (use `test-audit`)
38
41
  - Debugging issues (use `issue-debugging`)
39
42
 
40
- **This skill is READ-ONLY with respect to the subject spec.** It does NOT modify the input brief or any code referenced by it. The skill DOES write its own outputs — verification log under `$PROJECT_DIR/logs/spec-verify-*.md` and diagnostic YAML under `$PROJECT_DIR/logs/diagnostics/` — those are not "modifications" of the subject. To FIX issues found in the subject spec, the user invokes a separate skill (manual edits, `fix-bug`, or an implementer agent). The skill's value is the audit + adjusted plan, not the fix. The frontmatter excludes `Edit` to prevent accidental subject-spec modification at the permission layer.
43
+ **This skill is READ-ONLY with respect to the subject spec.** It does NOT modify the input brief or any code referenced by it. The skill DOES write its own outputs — verification log under `$PROJECT_DIR/logs/spec-verify-*.md` and diagnostic YAML under `$PROJECT_DIR/logs/diagnostics/` — those are not "modifications" of the subject. To FIX issues found in the subject spec, the user invokes a separate skill (manual edits, `fix-bug`, or an implementer agent). The skill's value is the audit + adjusted plan, not the fix. The frontmatter lists `Edit` under `disallowed-tools`, which removes it from the available tool pool while the skill runs, preventing accidental subject-spec modification at the permission layer.
41
44
 
42
45
  This skill follows the **Reviewer** archetype with the `standalone`, `multi-source`, and `pipeline-stage` sub-patterns. It runs in **Main Context Orchestration** (no sub-agent fork) by deliberate design — the verifier needs to read across the full claimed scope and the orchestrator must absorb the verdict directly to make scope-expansion decisions.
43
46
 
@@ -90,7 +93,7 @@ This skill is a read-only Reviewer using Main Context Orchestration. The subject
90
93
  - [ ] **Stage 5 — Log**: Verification log written to `$PROJECT_DIR/logs/spec-verify-{session}-{topic}.md` (per references/step-5-log-template.md)
91
94
  - [ ] **Stage 6 — Decide**: Verdict emitted (PROCEED / PROCEED_ADJUSTED / STOP_USER_APPROVAL) per finding mix (references/step-6-decision-matrix.md)
92
95
  - [ ] **Stage 7 — Bind**: Verified plan SUPERSEDES original spec for rest of WP
93
- - [ ] **READ-ONLY enforced (subject spec)**: Subject spec MUST NOT be modified at any point during review. Skill outputs (verification log + diagnostic YAML) are NOT modifications of the subject — those are deliverables the skill writes to `$PROJECT_DIR/logs/`. `Edit` is intentionally excluded from `allowed-tools` to enforce subject-read-only at the permission layer
96
+ - [ ] **READ-ONLY enforced (subject spec)**: Subject spec MUST NOT be modified at any point during review. Skill outputs (verification log + diagnostic YAML) are NOT modifications of the subject — those are deliverables the skill writes to `$PROJECT_DIR/logs/`. `Edit` is listed under `disallowed-tools` (and absent from `allowed-tools`) to enforce subject-read-only at the permission layer
94
97
  - [ ] **Main Context Orchestration**: Do NOT spawn sub-agents for the verification work — verifier needs full claimed scope; orchestrator needs verdict directly
95
98
  - [ ] **Diagnostics**: Diagnostic YAML written to `$PROJECT_DIR/logs/diagnostics/spec-drift-check-{YYYYMMDD-HHMMSS}.yaml`
96
99
  - [ ] **Findings + verdict presented to user via AskUserQuestion if STOP_USER_APPROVAL**
package/skills/subagent-output-templating/SKILL.md CHANGED
@@ -2,6 +2,8 @@
2
2
  name: subagent-output-templating
3
3
  description: Template for structured sub-agent output including YAML log format, task completion reports (WHY/WHAT/TRADE-OFFS/RISKS), and summary constraints. Use when defining how sub-agents should report results.
4
4
  user-invocable: false
5
+ allowed-tools:
6
+ - Write
5
7
  version: 1.0.0
6
8
  author: "Ashay Kubal @ Qball Inc."
7
9
  ---
package/skills/subagent-prompting/SKILL.md CHANGED
@@ -2,6 +2,8 @@
2
2
  name: subagent-prompting
3
3
  description: Template for structured sub-agent invocation using 4-part prompting (GOAL/CONSTRAINTS/CONTEXT/OUTPUT) and F# pipeline notation. Use when orchestrating sub-agents or designing multi-agent workflows.
4
4
  user-invocable: false
5
+ allowed-tools:
6
+ - Write
5
7
  version: 1.0.0
6
8
  author: "Ashay Kubal @ Qball Inc."
7
9
  ---
package/skills/test-audit/SKILL.md CHANGED
@@ -9,6 +9,16 @@ skills:
9
9
  - assertion-patterns
10
10
  - component-patterns
11
11
  - bug-magnet-data
12
+ allowed-tools:
13
+ - AskUserQuestion
14
+ - Bash
15
+ - Edit
16
+ - Glob
17
+ - Grep
18
+ - Read
19
+ - Skill
20
+ - Task
21
+ - Write
12
22
  version: 1.1.0
13
23
  author: "Ashay Kubal @ Qball Inc."
14
24
  ---
package/skills/test-classification/SKILL.md CHANGED
@@ -2,6 +2,11 @@
2
2
  name: test-classification
3
3
  description: Prompt template for test classification stage in Test Audit pipeline
4
4
  user-invocable: false
5
+ allowed-tools:
6
+ - Glob
7
+ - Grep
8
+ - Read
9
+ - Write
5
10
  version: 1.0.1
6
11
  author: "Ashay Kubal @ Qball Inc."
7
12
  ---
package/skills/test-fixture-creation/SKILL.md CHANGED
@@ -2,6 +2,12 @@
2
2
  name: test-fixture-creation
3
3
  description: Guidelines for creating unbiased test fixtures that integrate with project infrastructure. Use when creating fixtures for manual testing, setting up E2E test scenarios, or building code samples with deliberate issues for LLM review. Ensures fixtures work with hook automation and pass Phase 1 checks.
4
4
  user-invocable: false
5
+ allowed-tools:
6
+ - Bash
7
+ - Edit
8
+ - Glob
9
+ - Read
10
+ - Write
5
11
  version: 1.0.0
6
12
  author: "Ashay Kubal @ Qball Inc."
7
13
  ---