@skilly-hand/skilly-hand 0.29.2 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -16,6 +16,37 @@ All notable changes to this project are documented in this file.
16
16
  ### Removed
17
17
  - _None._
18
18
 
19
+ ## [0.30.0] - 2026-06-20
20
+ [View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.30.0)
21
+
22
+ ### Added
23
+ - _None._
24
+
25
+ ### Changed
26
+ - Expanded `review-rangers` with an approval-gated Mender remediation loop, independent re-review, critical-stop rules, bounded termination, repository-native verification, and automatic `test-driven-development` installation.
27
+
28
+ ### Fixed
29
+ - _None._
30
+
31
+ ### Removed
32
+ - _None._
33
+
34
+ ## [0.29.3] - 2026-06-20
35
+ [View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.29.3)
36
+
37
+ ### Added
38
+ - _None._
39
+
40
+ ### Changed
41
+ - Reworked `spec-driven-development` around a portable lifecycle with repository-native capability discovery, evidence-backed task state, explicit change control, and archive invariants.
42
+ - Rebuilt `test-driven-development` guidance around evidence-based RED, GREEN, and REFACTOR cycles without fixed framework or test-runner assumptions.
43
+
44
+ ### Fixed
45
+ - _None._
46
+
47
+ ### Removed
48
+ - _None._
49
+
19
50
  ## [0.29.2] - 2026-06-20
20
51
  [View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.29.2)
21
52
 
package/README.md CHANGED
@@ -47,9 +47,9 @@ The full skill catalog is also discoverable through the [skills.sh](https://www.
47
47
  npx skills add Davecelot/skilly-hand --skill '*'
48
48
  ```
49
49
 
50
- Use `npx skills add Davecelot/skilly-hand --list` to inspect the available skills before installing. The `skills/` directory is a GitHub-facing overlay made of symlinks to `catalog/skills/`; it helps skills.sh discover the catalog without changing the regular `npx skilly-hand` npm package contents or CLI flow.
50
+ Use `npx skills add Davecelot/skilly-hand --list` to inspect the available skills before installing. The `skills/` directory is a generated GitHub-facing mirror of `catalog/skills/`, using real files because skills.sh discovers `SKILL.md` entries from GitHub's repository tree. Run `npm run skills:sync` after catalog changes; `npm run catalog:check` rejects mirror drift.
51
51
 
52
- Windows contributors who clone the repo locally should enable symlink support before checkout, for example with `git config --global core.symlinks true`, and may also need Developer Mode or elevated symlink privileges. If the repo was already checked out without symlinks, re-check out or reclone after enabling support.
52
+ skills.sh adds a repository to its public catalog after a skill is installed through the official CLI with telemetry enabled. The public page and automated security audits may take a few minutes to appear after the first installation.
53
53
 
54
54
  ---
55
55
 
package/catalog/README.md CHANGED
@@ -18,10 +18,10 @@ Published portable skills consumed by the `skilly-hand` CLI.
18
18
  | `project-teacher` | Scan the active project and teach any concept, code path, or decision using verified information, interactive questions, and simple explanations. Trigger: user asks to explain, understand, clarify, or learn about anything in the project or codebase. | core, workflow, education | all |
19
19
  | `prompt-engineering` | Guide users in writing, improving, evaluating, and tuning prompts for LLMs across factual, creative, structured, grounded, coding, safety-sensitive, and production scenarios. Trigger: writing, improving, evaluating, or tuning prompts for LLMs. | prompting, llm, workflow, quality | all |
20
20
  | `react-guidelines` | Guide React and Next.js code generation, review, and performance tuning using latest stable React verification and modern framework best practices. Trigger: generating, reviewing, refactoring, or optimizing React code artifacts in React projects. | react, frontend, workflow, best-practices | all |
21
- | `review-rangers` | Review code, decisions, and artifacts through a multi-perspective committee and a domain expert safety guard, then synthesize a structured verdict. | core, workflow, review, quality | all |
21
+ | `review-rangers` | Review code, decisions, and artifacts through an independent committee and safety guard, then optionally run bounded, approval-gated remediation. Trigger: reviewing risky artifacts or remediating structured review findings. | core, workflow, review, quality | all |
22
22
  | `roaster` | Challenge plans with constructive roast-style critique that exposes weak assumptions, missing angles, shallow sequencing, and unclear success criteria. Trigger: when the user proposes, requests, or evaluates a plan of any kind. | core, workflow, planning, quality | all |
23
- | `spec-driven-development` | Plan, execute, and verify multi-step work through versioned specs with small, testable tasks. | core, workflow, planning | all |
24
- | `test-driven-development` | Guide implementation using the RED GREEN REFACTOR TDD cycle: write a failing test first, write the minimum code to pass, then refactor while tests stay green. | testing, workflow, quality, core | all |
23
+ | `spec-driven-development` | Plan, execute, and verify multi-step work through versioned specs with small, testable tasks. Trigger: planning or executing feature work, bug fixes, and multi-phase implementation. | core, workflow, planning | all |
24
+ | `test-driven-development` | Guide implementation through evidence-based RED, GREEN, and REFACTOR cycles without assuming a language, framework, or test runner. Trigger: implementing testable behavior or reproducing a regression with tests first. | testing, workflow, quality, core | all |
25
25
  | `token-optimizer` | Classify task complexity and right-size reasoning depth, context gathering, and response detail to reduce wasted tokens. | core, workflow, efficiency | all |
26
26
  | `user-story-crafting` | Create and refine user stories with structured quality gates, splitting heuristics, and lightweight story mapping for release slicing. Trigger: writing, restructuring, splitting, or sequencing user stories for delivery-ready backlog work. | product, workflow, planning, quality | all |
27
27
 
@@ -1,13 +1,13 @@
1
1
  ---
2
2
  name: "review-rangers"
3
- description: "Review code, decisions, and artifacts through a multi-perspective committee and a domain expert safety guard, then synthesize a structured verdict."
3
+ description: "Review code, decisions, and artifacts through an independent committee and safety guard, then optionally run bounded, approval-gated remediation. Trigger: reviewing risky artifacts or remediating structured review findings."
4
4
  skillMetadata:
5
5
  author: "skilly-hand"
6
- last-edit: "2026-04-26"
6
+ last-edit: "2026-06-20"
7
7
  license: "Apache-2.0"
8
- version: "1.1.0"
9
- changelog: "Added DECISIONS.md registry ownership guidance; preserves durable review insights and anti-slop decisions across sessions; affects review-rangers workflow, install scaffolding, and project memory usage"
10
- auto-invoke: "Reviewing code, decisions, or artifacts where adversarial multi-perspective evaluation adds value"
8
+ version: "1.2.0"
9
+ changelog: "Added approval-gated Mender remediation with bounded independent re-review; prevents unauthorized writes and unbounded fix loops; affects review orchestration, installation dependencies, and prompt assets"
10
+ auto-invoke: "Reviewing risky code, decisions, or artifacts, or remediating structured review findings"
11
11
  allowed-tools:
12
12
  - "Read"
13
13
  - "Edit"
@@ -48,8 +48,13 @@ Do not use this skill for:
48
48
  7. Run the committee and safety guard in parallel.
49
49
  8. Collect all outputs.
50
50
  9. Synthesize a structured verdict following the Synthesis Rules.
51
- 10. Emit the final verdict with confidence tier, top findings, and recommended action.
52
- 11. Decide whether any insight qualifies for `.ai/DECISIONS.md`; if yes, update the registry and its changelog in the same edit.
51
+ 10. If the verdict is `HIGH`, emit the final report and stop. If it is `VETO` or any critical-stop condition applies, return control to a human without modifying the target.
52
+ 11. For `MEDIUM` or `LOW`, present the open findings and request explicit approval before the first mutation. Skip this checkpoint only when the caller explicitly requested unattended or autonomous remediation in the current task.
53
+ 12. After approval, invoke The Mender using `assets/mender-template.md`. Pass only the target context and open findings; do not pass intermediate reviewer discussion.
54
+ 13. Run repository-native verification, then send the changed target to a fresh independent committee and safety guard. Reviewers from every round remain read-only.
55
+ 14. Repeat only while progress is material and no termination rule applies. Allow at most three remediation rounds and stop when the same finding survives two consecutive rounds without material progress.
56
+ 15. Emit the final report with confidence tier, finding-to-fix evidence, unresolved items, stop reason when applicable, and recommended action.
57
+ 16. Evaluate durable `.ai/DECISIONS.md` updates after the final `HIGH` report or terminal escalation; if an insight qualifies, update the registry and its changelog in the same edit.
53
58
 
54
59
  ---
55
60
 
@@ -80,6 +85,7 @@ Never assign the same lens to two committee members. Each member evaluates indep
80
85
  - Spawn committee members in parallel.
81
86
  - Pass only the target artifact and the member's assigned lens as context.
82
87
  - Do not share intermediate findings between members before synthesis.
88
+ - Committee members and the safety guard are read-only in every round. They MUST NOT modify the target, assign work, or reuse another reviewer's conclusions.
83
89
 
84
90
  ---
85
91
 
@@ -108,6 +114,66 @@ The safety guard:
108
114
 
109
115
  ---
110
116
 
117
+ ## Remediation Protocol
118
+
119
+ ### Role Separation
120
+
121
+ The Mender is the only role allowed to modify the target during a Review Rangers remediation cycle.
122
+
123
+ - Committee members and the safety guard remain independent, read-only judges.
124
+ - The Mender receives the synthesized open findings and target context, not reviewer identities or hidden reasoning.
125
+ - The Mender MUST NOT assign, raise, lower, or otherwise edit confidence tiers.
126
+ - The orchestrator owns approval, round counting, critical-stop evaluation, re-review, and the final verdict.
127
+ - A Mender MUST NOT invoke Review Rangers recursively. Re-review returns to the orchestrator.
128
+
129
+ ### Approval Boundary
130
+
131
+ Interactive review MUST pause before the first file mutation and obtain explicit approval.
132
+
133
+ - A request to review, assess, audit, or invoke this skill is not write approval.
134
+ - Skill invocation alone is not write approval.
135
+ - The checkpoint may be skipped only when the caller explicitly asks for unattended or autonomous remediation in the current task.
136
+ - Approval covers only the presented open findings and target. New scope or a critical-stop condition returns control to the caller.
137
+
138
+ ### Critical Stops
139
+
140
+ Stop before another mutation or remediation round when any of these applies:
141
+
142
+ - The verdict is `VETO`.
143
+ - A security, privacy, accessibility, or data-integrity blocker requires human judgment.
144
+ - A fix would cause a breaking public API change.
145
+ - A fix would alter a broadly shared foundation, architecture, release policy, CI/CD policy, or security policy without explicit authority.
146
+ - Required repository-native verification is unavailable or failing for reasons the remediation cannot safely resolve.
147
+ - Product intent, ownership, migration policy, or another authoritative decision is required.
148
+ - Three remediation rounds have completed.
149
+ - The same finding survives two consecutive rounds without material progress.
150
+
151
+ For every stop, report the unresolved finding, available evidence, stop reason, and required human decision. Do not broaden scope to conceal a failed check or force a higher confidence tier.
152
+
153
+ ### Repository-Native Verification
154
+
155
+ The Mender MUST discover and run the narrowest relevant verification supported by the target repository.
156
+
157
+ 1. Read repository instructions and declared scripts or commands.
158
+ 2. Choose relevant lint, test, type-check, build, artifact, or deterministic document checks.
159
+ 3. When testable behavior changes, follow the installed `test-driven-development` guidance and record RED, GREEN, REFACTOR, and regression evidence.
160
+ 4. For non-code artifacts, use the narrowest deterministic structural or content check.
161
+ 5. Report exact commands, outcomes, failures, and checks that could not run.
162
+
163
+ Never assume npm, a particular test runner, or a fixed toolchain. A failed required check blocks `HIGH` unless a human explicitly accepts the residual risk.
164
+
165
+ ### Re-review and Termination
166
+
167
+ - Every remediation round receives a monotonically increasing round number from 1 through 3.
168
+ - After verification, use a fresh committee and safety guard with the same independence rules as the initial review.
169
+ - Compare findings by underlying issue, not wording alone.
170
+ - Material progress means a finding is resolved, reduced in severity with evidence, or narrowed by a verified constraint.
171
+ - `HIGH` ends the loop successfully.
172
+ - `MEDIUM` or `LOW` may enter another approved round only when progress is material and no stop applies.
173
+ - Any stop ends the loop with a terminal escalation report.
174
+
175
+ ---
176
+
111
177
  ## Synthesis Rules
112
178
 
113
179
  ### Confidence Tiers
@@ -194,6 +260,8 @@ Every change to `.ai/DECISIONS.md` must update `## Changelog` in the same edit.
194
260
 
195
261
  If the changelog section is missing, add it as the final section before making any other registry change.
196
262
 
263
+ Evaluate registry writes only after the final `HIGH` report or terminal escalation. Intermediate remediation rounds MUST NOT create duplicate or provisional decision entries.
264
+
197
265
  ---
198
266
 
199
267
  ## Decision Tree
@@ -215,6 +283,17 @@ Does any committee member flag a security or data-integrity risk?
215
283
  Does committee majority agree the target is sound?
216
284
  YES and safety guard passes -> HIGH or MEDIUM depending on split
217
285
  NO -> LOW
286
+
287
+ Is the verdict MEDIUM or LOW without a critical stop?
288
+ YES -> obtain explicit mutation approval unless unattended remediation was explicitly requested
289
+
290
+ Is remediation approved and within the termination bounds?
291
+ YES -> invoke The Mender, verify with repository-native checks, then run a fresh independent review
292
+ NO -> emit a terminal escalation report
293
+
294
+ Did the review reach HIGH, three rounds, or two stagnant rounds?
295
+ YES -> stop and emit the final report
296
+ NO -> continue only when material progress is evidenced
218
297
  ```
219
298
 
220
299
  ---
@@ -227,6 +306,9 @@ cat .skilly-hand/catalog/review-rangers/assets/committee-member-template.md
227
306
 
228
307
  # Reference safety guard template when constructing agent prompts
229
308
  cat .skilly-hand/catalog/review-rangers/assets/safety-guard-template.md
309
+
310
+ # Reference the only write-capable remediation template after approval
311
+ cat .skilly-hand/catalog/review-rangers/assets/mender-template.md
230
312
  ```
231
313
 
232
314
  ---
@@ -235,3 +317,5 @@ cat .skilly-hand/catalog/review-rangers/assets/safety-guard-template.md
235
317
 
236
318
  - Committee member prompt template: [assets/committee-member-template.md](assets/committee-member-template.md)
237
319
  - Safety guard prompt template: [assets/safety-guard-template.md](assets/safety-guard-template.md)
320
+ - Mender prompt template: [assets/mender-template.md](assets/mender-template.md)
321
+ - Test-driven remediation guidance: [../test-driven-development/SKILL.md](../test-driven-development/SKILL.md)
@@ -0,0 +1,70 @@
1
+ # The Mender: Remediation Round {{ROUND_NUMBER}}
2
+
3
+ ## Role
4
+
5
+ You are The Mender, the only write-capable role in this Review Rangers remediation cycle. You repair approved findings; you do not judge the target or choose the final verdict.
6
+
7
+ ## Target
8
+
9
+ {{TARGET_CONTEXT}}
10
+
11
+ ## Approved Open Findings
12
+
13
+ {{OPEN_FINDINGS}}
14
+
15
+ ## Repository Context
16
+
17
+ {{REPOSITORY_INSTRUCTIONS_AND_COMMANDS}}
18
+
19
+ ## Remediation Instructions
20
+
21
+ 1. Confirm every requested change maps to an approved open finding.
22
+ 2. Read repository instructions, conventions, scripts, and the affected files before editing.
23
+ 3. Stop and return control when a critical-stop condition, new scope, or required authority is discovered.
24
+ 4. Apply the smallest coherent fix for each finding. Preserve unrelated behavior and user changes.
25
+ 5. For testable behavior, follow the installed `test-driven-development` guidance and record RED, GREEN, REFACTOR, and regression evidence.
26
+ 6. For non-code changes, use the narrowest deterministic structural or content check.
27
+ 7. Run repository-native verification. Do not assume a package manager, test runner, language, or fixed command.
28
+ 8. Return a finding-to-fix map, files changed, exact verification outcomes, unresolved items, and any required human decision.
29
+
30
+ ## Critical Stops
31
+
32
+ Do not mutate further when remediation requires any of the following without explicit authority:
33
+
34
+ - Resolving a `VETO` or a security, privacy, accessibility, or data-integrity blocker that requires human judgment.
35
+ - Introducing a breaking public API change.
36
+ - Changing a broadly shared foundation, architecture, release policy, CI/CD policy, or security policy.
37
+ - Proceeding without required verification or concealing a failing check.
38
+ - Choosing product intent, migration policy, ownership, or another authoritative decision.
39
+
40
+ ## Output Format
41
+
42
+ ```text
43
+ ROUND: {{ROUND_NUMBER}}
44
+
45
+ FINDING-TO-FIX MAP:
46
+ 1. Finding: {stable finding summary}
47
+ Fix: {what changed and why it addresses the finding}
48
+ Files: {paths}
49
+ Status: {Resolved | Partially resolved | Unresolved | Stopped}
50
+
51
+ VERIFICATION:
52
+ 1. {exact command or deterministic check} -> {PASS | FAIL | NOT_RUN}
53
+ Evidence: {short factual result}
54
+
55
+ UNRESOLVED ITEMS:
56
+ 1. {finding or none}
57
+
58
+ STOP REASON:
59
+ {none | critical-stop condition and required human decision}
60
+ ```
61
+
62
+ ## Constraints
63
+
64
+ - MUST modify only the approved target and findings.
65
+ - MUST preserve unrelated user changes.
66
+ - MUST use repository-native verification and report failures honestly.
67
+ - MUST NOT change confidence, assign a confidence tier, or claim the review passed.
68
+ - MUST NOT invoke Review Rangers, committee members, or the safety guard recursively.
69
+ - MUST NOT edit `.ai/DECISIONS.md`; final registry timing belongs to the orchestrator.
70
+ - MUST NOT begin another remediation round.
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "id": "review-rangers",
3
3
  "title": "Review Rangers",
4
- "description": "Review code, decisions, and artifacts through a multi-perspective committee and a domain expert safety guard, then synthesize a structured verdict.",
4
+ "description": "Review code, decisions, and artifacts through an independent committee and safety guard, then optionally run bounded, approval-gated remediation. Trigger: reviewing risky artifacts or remediating structured review findings.",
5
5
  "portable": true,
6
6
  "tags": ["core", "workflow", "review", "quality"],
7
7
  "detectors": ["always"],
@@ -10,11 +10,11 @@
10
10
  "agentSupport": ["codex", "claude", "cursor", "gemini", "copilot", "antigravity", "windsurf", "trae"],
11
11
  "skillMetadata": {
12
12
  "author": "skilly-hand",
13
- "last-edit": "2026-04-26",
13
+ "last-edit": "2026-06-20",
14
14
  "license": "Apache-2.0",
15
- "version": "1.1.0",
16
- "changelog": "Added DECISIONS.md registry ownership guidance; preserves durable review insights and anti-slop decisions across sessions; affects review-rangers workflow, install scaffolding, and project memory usage",
17
- "auto-invoke": "Reviewing code, decisions, or artifacts where adversarial multi-perspective evaluation adds value",
15
+ "version": "1.2.0",
16
+ "changelog": "Added approval-gated Mender remediation with bounded independent re-review; prevents unauthorized writes and unbounded fix loops; affects review orchestration, installation dependencies, and prompt assets",
17
+ "auto-invoke": "Reviewing risky code, decisions, or artifacts, or remediating structured review findings",
18
18
  "allowed-tools": [
19
19
  "Read",
20
20
  "Edit",
@@ -29,7 +29,8 @@
29
29
  "files": [
30
30
  { "path": "SKILL.md", "kind": "instruction" },
31
31
  { "path": "assets/committee-member-template.md", "kind": "asset" },
32
- { "path": "assets/safety-guard-template.md", "kind": "asset" }
32
+ { "path": "assets/safety-guard-template.md", "kind": "asset" },
33
+ { "path": "assets/mender-template.md", "kind": "asset" }
33
34
  ],
34
- "dependencies": []
35
+ "dependencies": ["test-driven-development"]
35
36
  }
@@ -1,12 +1,12 @@
1
1
  ---
2
2
  name: "spec-driven-development"
3
- description: "Plan, execute, and verify multi-step work through versioned specs with small, testable tasks."
3
+ description: "Plan, execute, and verify multi-step work through versioned specs with small, testable tasks. Trigger: planning or executing feature work, bug fixes, and multi-phase implementation."
4
4
  skillMetadata:
5
5
  author: "skilly-hand"
6
- last-edit: "2026-04-03"
6
+ last-edit: "2026-06-20"
7
7
  license: "Apache-2.0"
8
- version: "1.0.3"
9
- changelog: "Added OpenSpec complementary support routing guidance to spec-driven-development instructions; improves planning continuity and review clarity when local SDD needs reinforcement; affects spec-driven-development SKILL guidance and manifest metadata"
8
+ version: "1.1.0"
9
+ changelog: "Added a portable SDD lifecycle with capability-based routing, task evidence, change control, and archive invariants; prevents fixed tool dependencies and duplicated task state; affects planning, apply, verify, orchestrate, and spec templates"
10
10
  auto-invoke: "Planning or executing feature work, bug fixes, and multi-phase implementation"
11
11
  allowed-tools:
12
12
  - "Read"
@@ -22,192 +22,143 @@ skillMetadata:
22
22
 
23
23
  ## When to Use
24
24
 
25
- Use this skill when:
25
+ Use this skill when work spans multiple steps, requirements need written boundaries, or progress must survive across contributors or sessions.
26
26
 
27
- - Work spans multiple commits or phases.
28
- - Requirements are easy to misinterpret without written constraints.
29
- - You need a repeatable plan that can be reviewed before coding.
30
- - Several contributors or sessions may touch the same feature.
27
+ Skip it for trivial edits, urgent recovery work, and tasks with no meaningful verification path.
31
28
 
32
- Do not use this skill for:
29
+ ## Portable Contract
33
30
 
34
- - Trivial one-file edits.
35
- - Emergency fixes where immediate response matters more than process.
36
- - Tasks with no meaningful verification path.
31
+ The workflow MUST remain executable with this skill alone.
37
32
 
38
- ---
39
-
40
- ## Core Workflow
41
-
42
- 1. Define the spec in `.sdd/active/<feature-name>/spec.md`.
43
- 2. Review and refine scope, constraints, and tasks.
44
- 3. Execute one small task at a time.
45
- 4. Verify each task and the end-to-end outcome, ending with a required `review-rangers` final gate.
46
- 5. Archive to `.sdd/archive/` when complete.
47
-
48
- Recommended task size:
49
-
50
- - Up to 3 files per task.
51
- - Around 30 minutes of implementation effort.
52
- - Clear, concrete verify step.
33
+ - Treat integrations as optional capabilities, never required product names.
34
+ - Discover available tools, commands, and repository conventions before selecting them.
35
+ - When a capability is unavailable, use a local structured fallback or record a blocker.
36
+ - Keep requirements, tasks, progress, evidence, and changes in `spec.md` as the single source of truth.
37
+ - Do not create a second task list that can drift from the spec.
53
38
 
54
- ---
55
-
56
- ## OpenSpec Complementary Support
39
+ ## Lifecycle
57
40
 
58
- Default execution SHOULD remain the local `.sdd` workflow.
41
+ ```text
42
+ DRAFT -> APPROVED -> IN_PROGRESS -> VERIFYING -> COMPLETE -> ARCHIVED
43
+ | | |
44
+ +----------> BLOCKED <------+
45
+ ```
59
46
 
60
- Recur to OpenSpec support when the task needs complementary structure for:
47
+ Rules:
61
48
 
62
- - Multi-session continuity where planning context must persist across chats.
63
- - Shareable planning artifacts for review before implementation.
64
- - Requirement-delta clarity that benefits from explicit change proposals.
49
+ 1. Planning creates or updates `.sdd/active/<work-name>/spec.md`.
50
+ 2. Implementation begins after the approval policy is satisfied.
51
+ 3. Only one task should normally be `IN_PROGRESS` at a time.
52
+ 4. A task becomes `DONE` only after its verify step passes and evidence is recorded.
53
+ 5. Changed requirements return affected tasks to planning before implementation continues.
54
+ 6. Archive only after feature validation passes and no task remains open or blocked.
65
55
 
66
- Routing rules:
56
+ Valid task states: `TODO`, `IN_PROGRESS`, `BLOCKED`, `DONE`.
67
57
 
68
- - Keep the local `.sdd/active/<feature-name>/spec.md` as the execution source of truth unless the team explicitly standardizes on OpenSpec paths.
69
- - If OpenSpec is unavailable, continue in `.sdd` and document assumptions directly in the active spec.
58
+ ## Approval Policy
70
59
 
71
- | Use local SDD only | Use OpenSpec support |
72
- | --- | --- |
73
- | Single-session or straightforward work with clear requirements | Work spans multiple sessions and needs persistent planning context |
74
- | Existing `.sdd` artifacts already provide enough review clarity | Team needs proposal/design/tasks artifacts for async review |
75
- | Requirement changes are small and easy to track in-place | Requirement deltas are complex and need explicit change framing |
60
+ Use an explicit human checkpoint when the user requests one, requirements remain ambiguous, risk is material, or the next action is difficult to reverse. Otherwise, a documented self-review may satisfy approval.
76
61
 
77
- Reference (informational): [https://openspec.dev/](https://openspec.dev/)
78
-
79
- ---
62
+ Record the chosen approval policy in the spec. Do not assume every environment supports interactive checkpoints.
80
63
 
81
64
  ## Spec Structure
82
65
 
83
- A practical spec includes:
84
-
85
- - `Why`: problem and urgency.
86
- - `What`: concrete deliverable.
87
- - `Constraints`: `MUST`, `MUST NOT`, out-of-scope boundaries.
88
- - `Current State`: relevant code context.
89
- - `Tasks`: small implementation units with verify steps.
90
- - `Validation`: full feature checks after all tasks.
91
-
92
- For existing features with behavior changes, use a delta format (`ADDED`, `MODIFIED`, `REMOVED`) instead of rewriting everything.
93
-
94
- ---
66
+ A practical spec contains:
95
67
 
96
- ## When to Use Delta vs Full Spec
68
+ - `Why`: problem and value.
69
+ - `What`: concrete, testable deliverable.
70
+ - `Constraints`: enforceable `MUST`, `SHOULD`, `MAY`, and `MUST NOT` statements.
71
+ - `Out of Scope`: explicit boundaries.
72
+ - `Current State`: verified context and integration points.
73
+ - `Approval Policy`: checkpoint or self-review rule.
74
+ - `Tasks`: small units with scenarios, capabilities, files, verify steps, and done definitions.
75
+ - `Progress`: task state and evidence.
76
+ - `Validation`: end-to-end checks.
77
+ - `Change Log`: requirement or scope changes that affect execution.
97
78
 
98
- | Use Full Spec | Use Delta Spec |
99
- | --- | --- |
100
- | New feature with no previous spec | Behavior change to an existing feature |
101
- | Greenfield implementation | Bug fix or requirement adjustment |
102
- | No requirement baseline exists | Existing requirements already exist |
79
+ ### Task Contract
103
80
 
104
- ## Archive Behavior
81
+ Each task MUST define:
105
82
 
106
- When archiving a delta spec, apply changes to the base specification:
83
+ ```markdown
84
+ ### T1: Title
107
85
 
108
- - `ADDED`: append new requirements.
109
- - `MODIFIED`: replace the previous requirement text.
110
- - `REMOVED`: delete the requirement and keep a short reason in commit history.
111
-
112
- Then move work from `.sdd/active/<feature-name>/` to `.sdd/archive/<feature-name>/`.
113
-
114
- ## Task Design Principles
115
-
116
- - Keep task scope small: if a task touches more than 3 files or needs more than about 30 minutes, split it.
117
- - Keep verification fast: each task should be verifiable in 2 minutes or less.
118
- - Keep completion explicit: each task must have a one-sentence definition of done.
86
+ **What:** Observable outcome.
87
+ **Required Capabilities:** Semantic needs, or `none`.
88
+ **Files:** Expected scope, or `discover` when not yet known.
89
+ **Scenario:** GIVEN / WHEN / THEN, when behavior is involved.
90
+ **Verify:** Project-discovered command or concrete manual check.
91
+ **Done:** One sentence describing completion.
92
+ ```
119
93
 
120
- ## Decision Tree: When to Break Tasks Smaller
94
+ Capabilities describe needs such as test design, accessibility review, or security analysis. They MUST NOT require a particular skill, agent, vendor, or service. Resolve them against what is actually available at execution time.
121
95
 
122
- ```text
123
- Does the task touch > 3 files?
124
- YES -> split it
96
+ ## Full vs Delta Spec
125
97
 
126
- Will the task take > 30 minutes?
127
- YES -> split it
98
+ Use a full spec for new work without an existing requirement baseline. Use a delta spec for changes to established behavior.
128
99
 
129
- Can the task be verified in <= 2 minutes?
130
- NO -> add a tighter verify step
100
+ - `ADDED`: new requirement and scenarios.
101
+ - `MODIFIED`: complete replacement requirement plus previous behavior reference.
102
+ - `REMOVED`: removed requirement plus reason.
131
103
 
132
- Can "done" be described in one sentence?
133
- NO -> task is too vague; split it
134
- ```
104
+ Before archiving a delta, reconcile it with the maintained requirement baseline when one exists. If no baseline exists, archive the delta as the historical record.
135
105
 
136
- ## Common Mistakes to Avoid
106
+ ## Task Sizing
137
107
 
138
- ### 1) Vague Constraints
108
+ Prefer tasks that:
139
109
 
140
- ```text
141
- WRONG:
142
- Must use best practices.
110
+ - Have one observable outcome.
111
+ - Touch a small, related file set.
112
+ - Can be completed without hidden dependencies.
113
+ - Have a fast, deterministic verify step.
114
+ - Have a one-sentence definition of done.
143
115
 
144
- RIGHT:
145
- MUST use existing auth middleware.
146
- MUST NOT add new runtime dependencies.
147
- ```
116
+ Split a task when its concerns, dependencies, or verification cannot be explained independently. File counts and time estimates are heuristics, not universal gates.
148
117
 
149
- ### 2) Oversized Tasks
118
+ ## Change Control
150
119
 
151
- ```text
152
- WRONG:
153
- T1: Build the whole authentication feature.
120
+ When requirements change during execution:
154
121
 
155
- RIGHT:
156
- T1: Add token verification middleware.
157
- T2: Add login endpoint behavior.
158
- T3: Add integration test for login flow.
159
- ```
122
+ 1. Stop the affected task at a stable point.
123
+ 2. Record the change and reason in `Change Log`.
124
+ 3. Update affected constraints, scenarios, tasks, and validation.
125
+ 4. Mark invalidated evidence as superseded.
126
+ 5. Reapply the approval policy before continuing.
160
127
 
161
- ### 3) Missing Verification
128
+ Do not silently stretch a task to absorb new behavior.
162
129
 
163
- ```text
164
- WRONG:
165
- Verify: It works.
130
+ ## Verification and Review
166
131
 
167
- RIGHT:
168
- Verify: npm test -- src/auth/login.test.ts
169
- ```
132
+ Verification checks behavior against the spec, not against implementation intent.
170
133
 
171
- ### 4) Mixed Concerns in One Task
134
+ - Run every task verify step using project-discovered commands.
135
+ - Check every `MUST` and `MUST NOT` constraint explicitly.
136
+ - Separate automated evidence, manual evidence, warnings, and blockers.
137
+ - Perform a final structured review using an available review capability or the fallback checklist in `agents/verify.md`.
138
+ - A missing optional integration is not a failure when the local fallback was completed.
172
139
 
173
- ```text
174
- WRONG:
175
- T1: Create component and migrate all pages to it.
140
+ ## Archive Invariants
176
141
 
177
- RIGHT:
178
- T1: Create component.
179
- T2: Migrate page A.
180
- T3: Migrate page B.
181
- ```
142
+ Archive to `.sdd/archive/<YYYY-MM-DD>-<work-name>/` only when:
182
143
 
183
- Use the full preflight and pre-archive checks in [assets/validation-checklist.md](assets/validation-checklist.md).
144
+ - All tasks are `DONE`.
145
+ - Validation passes or approved manual checks are recorded.
146
+ - No blocker is unresolved.
147
+ - Constraint and final-review evidence is present.
148
+ - Delta reconciliation is complete when applicable.
184
149
 
185
- ---
150
+ Generate the ISO date from the current environment; do not assume a particular shell command or VCS.
186
151
 
187
152
  ## Modes
188
153
 
189
- Use these mode guides for role-focused execution:
190
-
191
- - Planning mode: [agents/plan.md](agents/plan.md)
192
- - Implementation mode: [agents/apply.md](agents/apply.md)
193
- - Verification mode: [agents/verify.md](agents/verify.md)
194
- - Orchestrator mode: [agents/orchestrate.md](agents/orchestrate.md)
195
-
196
- ---
154
+ - Planning: [agents/plan.md](agents/plan.md)
155
+ - Implementation: [agents/apply.md](agents/apply.md)
156
+ - Verification: [agents/verify.md](agents/verify.md)
157
+ - Orchestration: [agents/orchestrate.md](agents/orchestrate.md)
197
158
 
198
159
  ## Templates
199
160
 
200
- - Feature spec: [assets/spec-template.md](assets/spec-template.md)
161
+ - Full spec: [assets/spec-template.md](assets/spec-template.md)
201
162
  - Delta spec: [assets/delta-spec-template.md](assets/delta-spec-template.md)
202
163
  - Design decisions: [assets/design-template.md](assets/design-template.md)
203
164
  - Validation checklist: [assets/validation-checklist.md](assets/validation-checklist.md)
204
-
205
- ---
206
-
207
- ## Commands
208
-
209
- ```bash
210
- mkdir -p .sdd/active/<feature-name>
211
- cp .skilly-hand/catalog/spec-driven-development/assets/spec-template.md .sdd/active/<feature-name>/spec.md
212
- cp .skilly-hand/catalog/spec-driven-development/assets/design-template.md .sdd/active/<feature-name>/design.md
213
- ```