@skilly-hand/skilly-hand 0.29.2 → 0.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +31 -0
- package/README.md +2 -2
- package/catalog/README.md +3 -3
- package/catalog/skills/review-rangers/SKILL.md +91 -7
- package/catalog/skills/review-rangers/assets/mender-template.md +70 -0
- package/catalog/skills/review-rangers/manifest.json +8 -7
- package/catalog/skills/spec-driven-development/SKILL.md +95 -144
- package/catalog/skills/spec-driven-development/agents/apply.md +30 -15
- package/catalog/skills/spec-driven-development/agents/orchestrate.md +23 -14
- package/catalog/skills/spec-driven-development/agents/plan.md +19 -17
- package/catalog/skills/spec-driven-development/agents/verify.md +40 -19
- package/catalog/skills/spec-driven-development/assets/delta-spec-template.md +50 -15
- package/catalog/skills/spec-driven-development/assets/design-template.md +20 -14
- package/catalog/skills/spec-driven-development/assets/spec-template.md +41 -20
- package/catalog/skills/spec-driven-development/assets/validation-checklist.md +28 -21
- package/catalog/skills/spec-driven-development/manifest.json +4 -4
- package/catalog/skills/test-driven-development/SKILL.md +92 -117
- package/catalog/skills/test-driven-development/assets/tdd-cycle.md +63 -447
- package/catalog/skills/test-driven-development/manifest.json +5 -5
- package/package.json +5 -3
- package/packages/catalog/package.json +1 -1
- package/packages/cli/package.json +1 -1
- package/packages/core/package.json +1 -1
- package/packages/detectors/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -16,6 +16,37 @@ All notable changes to this project are documented in this file.
|
|
|
16
16
|
### Removed
|
|
17
17
|
- _None._
|
|
18
18
|
|
|
19
|
+
## [0.30.0] - 2026-06-20
|
|
20
|
+
[View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.30.0)
|
|
21
|
+
|
|
22
|
+
### Added
|
|
23
|
+
- _None._
|
|
24
|
+
|
|
25
|
+
### Changed
|
|
26
|
+
- Expanded `review-rangers` with an approval-gated Mender remediation loop, independent re-review, critical-stop rules, bounded termination, repository-native verification, and automatic `test-driven-development` installation.
|
|
27
|
+
|
|
28
|
+
### Fixed
|
|
29
|
+
- _None._
|
|
30
|
+
|
|
31
|
+
### Removed
|
|
32
|
+
- _None._
|
|
33
|
+
|
|
34
|
+
## [0.29.3] - 2026-06-20
|
|
35
|
+
[View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.29.3)
|
|
36
|
+
|
|
37
|
+
### Added
|
|
38
|
+
- _None._
|
|
39
|
+
|
|
40
|
+
### Changed
|
|
41
|
+
- Reworked `spec-driven-development` around a portable lifecycle with repository-native capability discovery, evidence-backed task state, explicit change control, and archive invariants.
|
|
42
|
+
- Rebuilt `test-driven-development` guidance around evidence-based RED, GREEN, and REFACTOR cycles without fixed framework or test-runner assumptions.
|
|
43
|
+
|
|
44
|
+
### Fixed
|
|
45
|
+
- _None._
|
|
46
|
+
|
|
47
|
+
### Removed
|
|
48
|
+
- _None._
|
|
49
|
+
|
|
19
50
|
## [0.29.2] - 2026-06-20
|
|
20
51
|
[View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.29.2)
|
|
21
52
|
|
package/README.md
CHANGED
|
@@ -47,9 +47,9 @@ The full skill catalog is also discoverable through the [skills.sh](https://www.
|
|
|
47
47
|
npx skills add Davecelot/skilly-hand --skill '*'
|
|
48
48
|
```
|
|
49
49
|
|
|
50
|
-
Use `npx skills add Davecelot/skilly-hand --list` to inspect the available skills before installing. The `skills/` directory is a GitHub-facing
|
|
50
|
+
Use `npx skills add Davecelot/skilly-hand --list` to inspect the available skills before installing. The `skills/` directory is a generated GitHub-facing mirror of `catalog/skills/`, using real files because skills.sh discovers `SKILL.md` entries from GitHub's repository tree. Run `npm run skills:sync` after catalog changes; `npm run catalog:check` rejects mirror drift.
|
|
51
51
|
|
|
52
|
-
|
|
52
|
+
skills.sh adds a repository to its public catalog after a skill is installed through the official CLI with telemetry enabled. The public page and automated security audits may take a few minutes to appear after the first installation.
|
|
53
53
|
|
|
54
54
|
---
|
|
55
55
|
|
package/catalog/README.md
CHANGED
|
@@ -18,10 +18,10 @@ Published portable skills consumed by the `skilly-hand` CLI.
|
|
|
18
18
|
| `project-teacher` | Scan the active project and teach any concept, code path, or decision using verified information, interactive questions, and simple explanations. Trigger: user asks to explain, understand, clarify, or learn about anything in the project or codebase. | core, workflow, education | all |
|
|
19
19
|
| `prompt-engineering` | Guide users in writing, improving, evaluating, and tuning prompts for LLMs across factual, creative, structured, grounded, coding, safety-sensitive, and production scenarios. Trigger: writing, improving, evaluating, or tuning prompts for LLMs. | prompting, llm, workflow, quality | all |
|
|
20
20
|
| `react-guidelines` | Guide React and Next.js code generation, review, and performance tuning using latest stable React verification and modern framework best practices. Trigger: generating, reviewing, refactoring, or optimizing React code artifacts in React projects. | react, frontend, workflow, best-practices | all |
|
|
21
|
-
| `review-rangers` | Review code, decisions, and artifacts through
|
|
21
|
+
| `review-rangers` | Review code, decisions, and artifacts through an independent committee and safety guard, then optionally run bounded, approval-gated remediation. Trigger: reviewing risky artifacts or remediating structured review findings. | core, workflow, review, quality | all |
|
|
22
22
|
| `roaster` | Challenge plans with constructive roast-style critique that exposes weak assumptions, missing angles, shallow sequencing, and unclear success criteria. Trigger: when the user proposes, requests, or evaluates a plan of any kind. | core, workflow, planning, quality | all |
|
|
23
|
-
| `spec-driven-development` | Plan, execute, and verify multi-step work through versioned specs with small, testable tasks. | core, workflow, planning | all |
|
|
24
|
-
| `test-driven-development` | Guide implementation
|
|
23
|
+
| `spec-driven-development` | Plan, execute, and verify multi-step work through versioned specs with small, testable tasks. Trigger: planning or executing feature work, bug fixes, and multi-phase implementation. | core, workflow, planning | all |
|
|
24
|
+
| `test-driven-development` | Guide implementation through evidence-based RED, GREEN, and REFACTOR cycles without assuming a language, framework, or test runner. Trigger: implementing testable behavior or reproducing a regression with tests first. | testing, workflow, quality, core | all |
|
|
25
25
|
| `token-optimizer` | Classify task complexity and right-size reasoning depth, context gathering, and response detail to reduce wasted tokens. | core, workflow, efficiency | all |
|
|
26
26
|
| `user-story-crafting` | Create and refine user stories with structured quality gates, splitting heuristics, and lightweight story mapping for release slicing. Trigger: writing, restructuring, splitting, or sequencing user stories for delivery-ready backlog work. | product, workflow, planning, quality | all |
|
|
27
27
|
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: "review-rangers"
|
|
3
|
-
description: "Review code, decisions, and artifacts through
|
|
3
|
+
description: "Review code, decisions, and artifacts through an independent committee and safety guard, then optionally run bounded, approval-gated remediation. Trigger: reviewing risky artifacts or remediating structured review findings."
|
|
4
4
|
skillMetadata:
|
|
5
5
|
author: "skilly-hand"
|
|
6
|
-
last-edit: "2026-
|
|
6
|
+
last-edit: "2026-06-20"
|
|
7
7
|
license: "Apache-2.0"
|
|
8
|
-
version: "1.
|
|
9
|
-
changelog: "Added
|
|
10
|
-
auto-invoke: "Reviewing code, decisions, or artifacts
|
|
8
|
+
version: "1.2.0"
|
|
9
|
+
changelog: "Added approval-gated Mender remediation with bounded independent re-review; prevents unauthorized writes and unbounded fix loops; affects review orchestration, installation dependencies, and prompt assets"
|
|
10
|
+
auto-invoke: "Reviewing risky code, decisions, or artifacts, or remediating structured review findings"
|
|
11
11
|
allowed-tools:
|
|
12
12
|
- "Read"
|
|
13
13
|
- "Edit"
|
|
@@ -48,8 +48,13 @@ Do not use this skill for:
|
|
|
48
48
|
7. Run the committee and safety guard in parallel.
|
|
49
49
|
8. Collect all outputs.
|
|
50
50
|
9. Synthesize a structured verdict following the Synthesis Rules.
|
|
51
|
-
10.
|
|
52
|
-
11.
|
|
51
|
+
10. If the verdict is `HIGH`, emit the final report and stop. If it is `VETO` or any critical-stop condition applies, return control to a human without modifying the target.
|
|
52
|
+
11. For `MEDIUM` or `LOW`, present the open findings and request explicit approval before the first mutation. Skip this checkpoint only when the caller explicitly requested unattended or autonomous remediation in the current task.
|
|
53
|
+
12. After approval, invoke The Mender using `assets/mender-template.md`. Pass only the target context and open findings; do not pass intermediate reviewer discussion.
|
|
54
|
+
13. Run repository-native verification, then send the changed target to a fresh independent committee and safety guard. Reviewers from every round remain read-only.
|
|
55
|
+
14. Repeat only while progress is material and no termination rule applies. Allow at most three remediation rounds and stop when the same finding survives two consecutive rounds without material progress.
|
|
56
|
+
15. Emit the final report with confidence tier, finding-to-fix evidence, unresolved items, stop reason when applicable, and recommended action.
|
|
57
|
+
16. Evaluate durable `.ai/DECISIONS.md` updates after the final `HIGH` report or terminal escalation; if an insight qualifies, update the registry and its changelog in the same edit.
|
|
53
58
|
|
|
54
59
|
---
|
|
55
60
|
|
|
@@ -80,6 +85,7 @@ Never assign the same lens to two committee members. Each member evaluates indep
|
|
|
80
85
|
- Spawn committee members in parallel.
|
|
81
86
|
- Pass only the target artifact and the member's assigned lens as context.
|
|
82
87
|
- Do not share intermediate findings between members before synthesis.
|
|
88
|
+
- Committee members and the safety guard are read-only in every round. They MUST NOT modify the target, assign work, or reuse another reviewer's conclusions.
|
|
83
89
|
|
|
84
90
|
---
|
|
85
91
|
|
|
@@ -108,6 +114,66 @@ The safety guard:
|
|
|
108
114
|
|
|
109
115
|
---
|
|
110
116
|
|
|
117
|
+
## Remediation Protocol
|
|
118
|
+
|
|
119
|
+
### Role Separation
|
|
120
|
+
|
|
121
|
+
The Mender is the only role allowed to modify the target during a Review Rangers remediation cycle.
|
|
122
|
+
|
|
123
|
+
- Committee members and the safety guard remain independent, read-only judges.
|
|
124
|
+
- The Mender receives the synthesized open findings and target context, not reviewer identities or hidden reasoning.
|
|
125
|
+
- The Mender MUST NOT assign, raise, lower, or otherwise edit confidence tiers.
|
|
126
|
+
- The orchestrator owns approval, round counting, critical-stop evaluation, re-review, and the final verdict.
|
|
127
|
+
- A Mender MUST NOT invoke Review Rangers recursively. Re-review returns to the orchestrator.
|
|
128
|
+
|
|
129
|
+
### Approval Boundary
|
|
130
|
+
|
|
131
|
+
Interactive review MUST pause before the first file mutation and obtain explicit approval.
|
|
132
|
+
|
|
133
|
+
- A request to review, assess, audit, or invoke this skill is not write approval.
|
|
134
|
+
- Skill invocation alone is not write approval.
|
|
135
|
+
- The checkpoint may be skipped only when the caller explicitly asks for unattended or autonomous remediation in the current task.
|
|
136
|
+
- Approval covers only the presented open findings and target. New scope or a critical-stop condition returns control to the caller.
|
|
137
|
+
|
|
138
|
+
### Critical Stops
|
|
139
|
+
|
|
140
|
+
Stop before another mutation or remediation round when any of these applies:
|
|
141
|
+
|
|
142
|
+
- The verdict is `VETO`.
|
|
143
|
+
- A security, privacy, accessibility, or data-integrity blocker requires human judgment.
|
|
144
|
+
- A fix would cause a breaking public API change.
|
|
145
|
+
- A fix would alter a broadly shared foundation, architecture, release policy, CI/CD policy, or security policy without explicit authority.
|
|
146
|
+
- Required repository-native verification is unavailable or failing for reasons the remediation cannot safely resolve.
|
|
147
|
+
- Product intent, ownership, migration policy, or another authoritative decision is required.
|
|
148
|
+
- Three remediation rounds have completed.
|
|
149
|
+
- The same finding survives two consecutive rounds without material progress.
|
|
150
|
+
|
|
151
|
+
For every stop, report the unresolved finding, available evidence, stop reason, and required human decision. Do not broaden scope to conceal a failed check or force a higher confidence tier.
|
|
152
|
+
|
|
153
|
+
### Repository-Native Verification
|
|
154
|
+
|
|
155
|
+
The Mender MUST discover and run the narrowest relevant verification supported by the target repository.
|
|
156
|
+
|
|
157
|
+
1. Read repository instructions and declared scripts or commands.
|
|
158
|
+
2. Choose relevant lint, test, type-check, build, artifact, or deterministic document checks.
|
|
159
|
+
3. When testable behavior changes, follow the installed `test-driven-development` guidance and record RED, GREEN, REFACTOR, and regression evidence.
|
|
160
|
+
4. For non-code artifacts, use the narrowest deterministic structural or content check.
|
|
161
|
+
5. Report exact commands, outcomes, failures, and checks that could not run.
|
|
162
|
+
|
|
163
|
+
Never assume npm, a particular test runner, or a fixed toolchain. A failed required check blocks `HIGH` unless a human explicitly accepts the residual risk.
|
|
164
|
+
|
|
165
|
+
### Re-review and Termination
|
|
166
|
+
|
|
167
|
+
- Every remediation round receives a monotonically increasing round number from 1 through 3.
|
|
168
|
+
- After verification, use a fresh committee and safety guard with the same independence rules as the initial review.
|
|
169
|
+
- Compare findings by underlying issue, not wording alone.
|
|
170
|
+
- Material progress means a finding is resolved, reduced in severity with evidence, or narrowed by a verified constraint.
|
|
171
|
+
- `HIGH` ends the loop successfully.
|
|
172
|
+
- `MEDIUM` or `LOW` may enter another approved round only when progress is material and no stop applies.
|
|
173
|
+
- Any stop ends the loop with a terminal escalation report.
|
|
174
|
+
|
|
175
|
+
---
|
|
176
|
+
|
|
111
177
|
## Synthesis Rules
|
|
112
178
|
|
|
113
179
|
### Confidence Tiers
|
|
@@ -194,6 +260,8 @@ Every change to `.ai/DECISIONS.md` must update `## Changelog` in the same edit.
|
|
|
194
260
|
|
|
195
261
|
If the changelog section is missing, add it as the final section before making any other registry change.
|
|
196
262
|
|
|
263
|
+
Evaluate registry writes only after the final `HIGH` report or terminal escalation. Intermediate remediation rounds MUST NOT create duplicate or provisional decision entries.
|
|
264
|
+
|
|
197
265
|
---
|
|
198
266
|
|
|
199
267
|
## Decision Tree
|
|
@@ -215,6 +283,17 @@ Does any committee member flag a security or data-integrity risk?
|
|
|
215
283
|
Does committee majority agree the target is sound?
|
|
216
284
|
YES and safety guard passes -> HIGH or MEDIUM depending on split
|
|
217
285
|
NO -> LOW
|
|
286
|
+
|
|
287
|
+
Is the verdict MEDIUM or LOW without a critical stop?
|
|
288
|
+
YES -> obtain explicit mutation approval unless unattended remediation was explicitly requested
|
|
289
|
+
|
|
290
|
+
Is remediation approved and within the termination bounds?
|
|
291
|
+
YES -> invoke The Mender, verify with repository-native checks, then run a fresh independent review
|
|
292
|
+
NO -> emit a terminal escalation report
|
|
293
|
+
|
|
294
|
+
Did the review reach HIGH, three rounds, or two stagnant rounds?
|
|
295
|
+
YES -> stop and emit the final report
|
|
296
|
+
NO -> continue only when material progress is evidenced
|
|
218
297
|
```
|
|
219
298
|
|
|
220
299
|
---
|
|
@@ -227,6 +306,9 @@ cat .skilly-hand/catalog/review-rangers/assets/committee-member-template.md
|
|
|
227
306
|
|
|
228
307
|
# Reference safety guard template when constructing agent prompts
|
|
229
308
|
cat .skilly-hand/catalog/review-rangers/assets/safety-guard-template.md
|
|
309
|
+
|
|
310
|
+
# Reference the only write-capable remediation template after approval
|
|
311
|
+
cat .skilly-hand/catalog/review-rangers/assets/mender-template.md
|
|
230
312
|
```
|
|
231
313
|
|
|
232
314
|
---
|
|
@@ -235,3 +317,5 @@ cat .skilly-hand/catalog/review-rangers/assets/safety-guard-template.md
|
|
|
235
317
|
|
|
236
318
|
- Committee member prompt template: [assets/committee-member-template.md](assets/committee-member-template.md)
|
|
237
319
|
- Safety guard prompt template: [assets/safety-guard-template.md](assets/safety-guard-template.md)
|
|
320
|
+
- Mender prompt template: [assets/mender-template.md](assets/mender-template.md)
|
|
321
|
+
- Test-driven remediation guidance: [../test-driven-development/SKILL.md](../test-driven-development/SKILL.md)
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# The Mender: Remediation Round {{ROUND_NUMBER}}
|
|
2
|
+
|
|
3
|
+
## Role
|
|
4
|
+
|
|
5
|
+
You are The Mender, the only write-capable role in this Review Rangers remediation cycle. You repair approved findings; you do not judge the target or choose the final verdict.
|
|
6
|
+
|
|
7
|
+
## Target
|
|
8
|
+
|
|
9
|
+
{{TARGET_CONTEXT}}
|
|
10
|
+
|
|
11
|
+
## Approved Open Findings
|
|
12
|
+
|
|
13
|
+
{{OPEN_FINDINGS}}
|
|
14
|
+
|
|
15
|
+
## Repository Context
|
|
16
|
+
|
|
17
|
+
{{REPOSITORY_INSTRUCTIONS_AND_COMMANDS}}
|
|
18
|
+
|
|
19
|
+
## Remediation Instructions
|
|
20
|
+
|
|
21
|
+
1. Confirm every requested change maps to an approved open finding.
|
|
22
|
+
2. Read repository instructions, conventions, scripts, and the affected files before editing.
|
|
23
|
+
3. Stop and return control when a critical-stop condition, new scope, or required authority is discovered.
|
|
24
|
+
4. Apply the smallest coherent fix for each finding. Preserve unrelated behavior and user changes.
|
|
25
|
+
5. For testable behavior, follow the installed `test-driven-development` guidance and record RED, GREEN, REFACTOR, and regression evidence.
|
|
26
|
+
6. For non-code changes, use the narrowest deterministic structural or content check.
|
|
27
|
+
7. Run repository-native verification. Do not assume a package manager, test runner, language, or fixed command.
|
|
28
|
+
8. Return a finding-to-fix map, files changed, exact verification outcomes, unresolved items, and any required human decision.
|
|
29
|
+
|
|
30
|
+
## Critical Stops
|
|
31
|
+
|
|
32
|
+
Do not mutate further when remediation requires any of the following without explicit authority:
|
|
33
|
+
|
|
34
|
+
- Resolving a `VETO` or a security, privacy, accessibility, or data-integrity blocker that requires human judgment.
|
|
35
|
+
- Introducing a breaking public API change.
|
|
36
|
+
- Changing a broadly shared foundation, architecture, release policy, CI/CD policy, or security policy.
|
|
37
|
+
- Proceeding without required verification or concealing a failing check.
|
|
38
|
+
- Choosing product intent, migration policy, ownership, or another authoritative decision.
|
|
39
|
+
|
|
40
|
+
## Output Format
|
|
41
|
+
|
|
42
|
+
```text
|
|
43
|
+
ROUND: {{ROUND_NUMBER}}
|
|
44
|
+
|
|
45
|
+
FINDING-TO-FIX MAP:
|
|
46
|
+
1. Finding: {stable finding summary}
|
|
47
|
+
Fix: {what changed and why it addresses the finding}
|
|
48
|
+
Files: {paths}
|
|
49
|
+
Status: {Resolved | Partially resolved | Unresolved | Stopped}
|
|
50
|
+
|
|
51
|
+
VERIFICATION:
|
|
52
|
+
1. {exact command or deterministic check} -> {PASS | FAIL | NOT_RUN}
|
|
53
|
+
Evidence: {short factual result}
|
|
54
|
+
|
|
55
|
+
UNRESOLVED ITEMS:
|
|
56
|
+
1. {finding or none}
|
|
57
|
+
|
|
58
|
+
STOP REASON:
|
|
59
|
+
{none | critical-stop condition and required human decision}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
## Constraints
|
|
63
|
+
|
|
64
|
+
- MUST modify only the approved target and findings.
|
|
65
|
+
- MUST preserve unrelated user changes.
|
|
66
|
+
- MUST use repository-native verification and report failures honestly.
|
|
67
|
+
- MUST NOT change confidence, assign a confidence tier, or claim the review passed.
|
|
68
|
+
- MUST NOT invoke Review Rangers, committee members, or the safety guard recursively.
|
|
69
|
+
- MUST NOT edit `.ai/DECISIONS.md`; final registry timing belongs to the orchestrator.
|
|
70
|
+
- MUST NOT begin another remediation round.
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"id": "review-rangers",
|
|
3
3
|
"title": "Review Rangers",
|
|
4
|
-
"description": "Review code, decisions, and artifacts through
|
|
4
|
+
"description": "Review code, decisions, and artifacts through an independent committee and safety guard, then optionally run bounded, approval-gated remediation. Trigger: reviewing risky artifacts or remediating structured review findings.",
|
|
5
5
|
"portable": true,
|
|
6
6
|
"tags": ["core", "workflow", "review", "quality"],
|
|
7
7
|
"detectors": ["always"],
|
|
@@ -10,11 +10,11 @@
|
|
|
10
10
|
"agentSupport": ["codex", "claude", "cursor", "gemini", "copilot", "antigravity", "windsurf", "trae"],
|
|
11
11
|
"skillMetadata": {
|
|
12
12
|
"author": "skilly-hand",
|
|
13
|
-
"last-edit": "2026-
|
|
13
|
+
"last-edit": "2026-06-20",
|
|
14
14
|
"license": "Apache-2.0",
|
|
15
|
-
"version": "1.
|
|
16
|
-
"changelog": "Added
|
|
17
|
-
"auto-invoke": "Reviewing code, decisions, or artifacts
|
|
15
|
+
"version": "1.2.0",
|
|
16
|
+
"changelog": "Added approval-gated Mender remediation with bounded independent re-review; prevents unauthorized writes and unbounded fix loops; affects review orchestration, installation dependencies, and prompt assets",
|
|
17
|
+
"auto-invoke": "Reviewing risky code, decisions, or artifacts, or remediating structured review findings",
|
|
18
18
|
"allowed-tools": [
|
|
19
19
|
"Read",
|
|
20
20
|
"Edit",
|
|
@@ -29,7 +29,8 @@
|
|
|
29
29
|
"files": [
|
|
30
30
|
{ "path": "SKILL.md", "kind": "instruction" },
|
|
31
31
|
{ "path": "assets/committee-member-template.md", "kind": "asset" },
|
|
32
|
-
{ "path": "assets/safety-guard-template.md", "kind": "asset" }
|
|
32
|
+
{ "path": "assets/safety-guard-template.md", "kind": "asset" },
|
|
33
|
+
{ "path": "assets/mender-template.md", "kind": "asset" }
|
|
33
34
|
],
|
|
34
|
-
"dependencies": []
|
|
35
|
+
"dependencies": ["test-driven-development"]
|
|
35
36
|
}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: "spec-driven-development"
|
|
3
|
-
description: "Plan, execute, and verify multi-step work through versioned specs with small, testable tasks."
|
|
3
|
+
description: "Plan, execute, and verify multi-step work through versioned specs with small, testable tasks. Trigger: planning or executing feature work, bug fixes, and multi-phase implementation."
|
|
4
4
|
skillMetadata:
|
|
5
5
|
author: "skilly-hand"
|
|
6
|
-
last-edit: "2026-
|
|
6
|
+
last-edit: "2026-06-20"
|
|
7
7
|
license: "Apache-2.0"
|
|
8
|
-
version: "1.0
|
|
9
|
-
changelog: "Added
|
|
8
|
+
version: "1.1.0"
|
|
9
|
+
changelog: "Added a portable SDD lifecycle with capability-based routing, task evidence, change control, and archive invariants; prevents fixed tool dependencies and duplicated task state; affects planning, apply, verify, orchestrate, and spec templates"
|
|
10
10
|
auto-invoke: "Planning or executing feature work, bug fixes, and multi-phase implementation"
|
|
11
11
|
allowed-tools:
|
|
12
12
|
- "Read"
|
|
@@ -22,192 +22,143 @@ skillMetadata:
|
|
|
22
22
|
|
|
23
23
|
## When to Use
|
|
24
24
|
|
|
25
|
-
Use this skill when
|
|
25
|
+
Use this skill when work spans multiple steps, requirements need written boundaries, or progress must survive across contributors or sessions.
|
|
26
26
|
|
|
27
|
-
|
|
28
|
-
- Requirements are easy to misinterpret without written constraints.
|
|
29
|
-
- You need a repeatable plan that can be reviewed before coding.
|
|
30
|
-
- Several contributors or sessions may touch the same feature.
|
|
27
|
+
Skip it for trivial edits, urgent recovery work, and tasks with no meaningful verification path.
|
|
31
28
|
|
|
32
|
-
|
|
29
|
+
## Portable Contract
|
|
33
30
|
|
|
34
|
-
|
|
35
|
-
- Emergency fixes where immediate response matters more than process.
|
|
36
|
-
- Tasks with no meaningful verification path.
|
|
31
|
+
The workflow MUST remain executable with this skill alone.
|
|
37
32
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
2. Review and refine scope, constraints, and tasks.
|
|
44
|
-
3. Execute one small task at a time.
|
|
45
|
-
4. Verify each task and the end-to-end outcome, ending with a required `review-rangers` final gate.
|
|
46
|
-
5. Archive to `.sdd/archive/` when complete.
|
|
47
|
-
|
|
48
|
-
Recommended task size:
|
|
49
|
-
|
|
50
|
-
- Up to 3 files per task.
|
|
51
|
-
- Around 30 minutes of implementation effort.
|
|
52
|
-
- Clear, concrete verify step.
|
|
33
|
+
- Treat integrations as optional capabilities, never required product names.
|
|
34
|
+
- Discover available tools, commands, and repository conventions before selecting them.
|
|
35
|
+
- When a capability is unavailable, use a local structured fallback or record a blocker.
|
|
36
|
+
- Keep requirements, tasks, progress, evidence, and changes in `spec.md` as the single source of truth.
|
|
37
|
+
- Do not create a second task list that can drift from the spec.
|
|
53
38
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
## OpenSpec Complementary Support
|
|
39
|
+
## Lifecycle
|
|
57
40
|
|
|
58
|
-
|
|
41
|
+
```text
|
|
42
|
+
DRAFT -> APPROVED -> IN_PROGRESS -> VERIFYING -> COMPLETE -> ARCHIVED
|
|
43
|
+
| | |
|
|
44
|
+
+----------> BLOCKED <------+
|
|
45
|
+
```
|
|
59
46
|
|
|
60
|
-
|
|
47
|
+
Rules:
|
|
61
48
|
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
49
|
+
1. Planning creates or updates `.sdd/active/<work-name>/spec.md`.
|
|
50
|
+
2. Implementation begins after the approval policy is satisfied.
|
|
51
|
+
3. Only one task should normally be `IN_PROGRESS` at a time.
|
|
52
|
+
4. A task becomes `DONE` only after its verify step passes and evidence is recorded.
|
|
53
|
+
5. Changed requirements return affected tasks to planning before implementation continues.
|
|
54
|
+
6. Archive only after feature validation passes and no task remains open or blocked.
|
|
65
55
|
|
|
66
|
-
|
|
56
|
+
Valid task states: `TODO`, `IN_PROGRESS`, `BLOCKED`, `DONE`.
|
|
67
57
|
|
|
68
|
-
|
|
69
|
-
- If OpenSpec is unavailable, continue in `.sdd` and document assumptions directly in the active spec.
|
|
58
|
+
## Approval Policy
|
|
70
59
|
|
|
71
|
-
|
|
72
|
-
| --- | --- |
|
|
73
|
-
| Single-session or straightforward work with clear requirements | Work spans multiple sessions and needs persistent planning context |
|
|
74
|
-
| Existing `.sdd` artifacts already provide enough review clarity | Team needs proposal/design/tasks artifacts for async review |
|
|
75
|
-
| Requirement changes are small and easy to track in-place | Requirement deltas are complex and need explicit change framing |
|
|
60
|
+
Use an explicit human checkpoint when the user requests one, requirements remain ambiguous, risk is material, or the next action is difficult to reverse. Otherwise, a documented self-review may satisfy approval.
|
|
76
61
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
---
|
|
62
|
+
Record the chosen approval policy in the spec. Do not assume every environment supports interactive checkpoints.
|
|
80
63
|
|
|
81
64
|
## Spec Structure
|
|
82
65
|
|
|
83
|
-
A practical spec
|
|
84
|
-
|
|
85
|
-
- `Why`: problem and urgency.
|
|
86
|
-
- `What`: concrete deliverable.
|
|
87
|
-
- `Constraints`: `MUST`, `MUST NOT`, out-of-scope boundaries.
|
|
88
|
-
- `Current State`: relevant code context.
|
|
89
|
-
- `Tasks`: small implementation units with verify steps.
|
|
90
|
-
- `Validation`: full feature checks after all tasks.
|
|
91
|
-
|
|
92
|
-
For existing features with behavior changes, use a delta format (`ADDED`, `MODIFIED`, `REMOVED`) instead of rewriting everything.
|
|
93
|
-
|
|
94
|
-
---
|
|
66
|
+
A practical spec contains:
|
|
95
67
|
|
|
96
|
-
|
|
68
|
+
- `Why`: problem and value.
|
|
69
|
+
- `What`: concrete, testable deliverable.
|
|
70
|
+
- `Constraints`: enforceable `MUST`, `SHOULD`, `MAY`, and `MUST NOT` statements.
|
|
71
|
+
- `Out of Scope`: explicit boundaries.
|
|
72
|
+
- `Current State`: verified context and integration points.
|
|
73
|
+
- `Approval Policy`: checkpoint or self-review rule.
|
|
74
|
+
- `Tasks`: small units with scenarios, capabilities, files, verify steps, and done definitions.
|
|
75
|
+
- `Progress`: task state and evidence.
|
|
76
|
+
- `Validation`: end-to-end checks.
|
|
77
|
+
- `Change Log`: requirement or scope changes that affect execution.
|
|
97
78
|
|
|
98
|
-
|
|
99
|
-
| --- | --- |
|
|
100
|
-
| New feature with no previous spec | Behavior change to an existing feature |
|
|
101
|
-
| Greenfield implementation | Bug fix or requirement adjustment |
|
|
102
|
-
| No requirement baseline exists | Existing requirements already exist |
|
|
79
|
+
### Task Contract
|
|
103
80
|
|
|
104
|
-
|
|
81
|
+
Each task MUST define:
|
|
105
82
|
|
|
106
|
-
|
|
83
|
+
```markdown
|
|
84
|
+
### T1: Title
|
|
107
85
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
- Keep task scope small: if a task touches more than 3 files or needs more than about 30 minutes, split it.
|
|
117
|
-
- Keep verification fast: each task should be verifiable in 2 minutes or less.
|
|
118
|
-
- Keep completion explicit: each task must have a one-sentence definition of done.
|
|
86
|
+
**What:** Observable outcome.
|
|
87
|
+
**Required Capabilities:** Semantic needs, or `none`.
|
|
88
|
+
**Files:** Expected scope, or `discover` when not yet known.
|
|
89
|
+
**Scenario:** GIVEN / WHEN / THEN, when behavior is involved.
|
|
90
|
+
**Verify:** Project-discovered command or concrete manual check.
|
|
91
|
+
**Done:** One sentence describing completion.
|
|
92
|
+
```
|
|
119
93
|
|
|
120
|
-
|
|
94
|
+
Capabilities describe needs such as test design, accessibility review, or security analysis. They MUST NOT require a particular skill, agent, vendor, or service. Resolve them against what is actually available at execution time.
|
|
121
95
|
|
|
122
|
-
|
|
123
|
-
Does the task touch > 3 files?
|
|
124
|
-
YES -> split it
|
|
96
|
+
## Full vs Delta Spec
|
|
125
97
|
|
|
126
|
-
|
|
127
|
-
YES -> split it
|
|
98
|
+
Use a full spec for new work without an existing requirement baseline. Use a delta spec for changes to established behavior.
|
|
128
99
|
|
|
129
|
-
|
|
130
|
-
|
|
100
|
+
- `ADDED`: new requirement and scenarios.
|
|
101
|
+
- `MODIFIED`: complete replacement requirement plus previous behavior reference.
|
|
102
|
+
- `REMOVED`: removed requirement plus reason.
|
|
131
103
|
|
|
132
|
-
|
|
133
|
-
NO -> task is too vague; split it
|
|
134
|
-
```
|
|
104
|
+
Before archiving a delta, reconcile it with the maintained requirement baseline when one exists. If no baseline exists, archive the delta as the historical record.
|
|
135
105
|
|
|
136
|
-
##
|
|
106
|
+
## Task Sizing
|
|
137
107
|
|
|
138
|
-
|
|
108
|
+
Prefer tasks that:
|
|
139
109
|
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
110
|
+
- Have one observable outcome.
|
|
111
|
+
- Touch a small, related file set.
|
|
112
|
+
- Can be completed without hidden dependencies.
|
|
113
|
+
- Have a fast, deterministic verify step.
|
|
114
|
+
- Have a one-sentence definition of done.
|
|
143
115
|
|
|
144
|
-
|
|
145
|
-
MUST use existing auth middleware.
|
|
146
|
-
MUST NOT add new runtime dependencies.
|
|
147
|
-
```
|
|
116
|
+
Split a task when its concerns, dependencies, or verification cannot be explained independently. File counts and time estimates are heuristics, not universal gates.
|
|
148
117
|
|
|
149
|
-
|
|
118
|
+
## Change Control
|
|
150
119
|
|
|
151
|
-
|
|
152
|
-
WRONG:
|
|
153
|
-
T1: Build the whole authentication feature.
|
|
120
|
+
When requirements change during execution:
|
|
154
121
|
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
122
|
+
1. Stop the affected task at a stable point.
|
|
123
|
+
2. Record the change and reason in `Change Log`.
|
|
124
|
+
3. Update affected constraints, scenarios, tasks, and validation.
|
|
125
|
+
4. Mark invalidated evidence as superseded.
|
|
126
|
+
5. Reapply the approval policy before continuing.
|
|
160
127
|
|
|
161
|
-
|
|
128
|
+
Do not silently stretch a task to absorb new behavior.
|
|
162
129
|
|
|
163
|
-
|
|
164
|
-
WRONG:
|
|
165
|
-
Verify: It works.
|
|
130
|
+
## Verification and Review
|
|
166
131
|
|
|
167
|
-
|
|
168
|
-
Verify: npm test -- src/auth/login.test.ts
|
|
169
|
-
```
|
|
132
|
+
Verification checks behavior against the spec, not against implementation intent.
|
|
170
133
|
|
|
171
|
-
|
|
134
|
+
- Run every task verify step using project-discovered commands.
|
|
135
|
+
- Check every `MUST` and `MUST NOT` constraint explicitly.
|
|
136
|
+
- Separate automated evidence, manual evidence, warnings, and blockers.
|
|
137
|
+
- Perform a final structured review using an available review capability or the fallback checklist in `agents/verify.md`.
|
|
138
|
+
- A missing optional integration is not a failure when the local fallback was completed.
|
|
172
139
|
|
|
173
|
-
|
|
174
|
-
WRONG:
|
|
175
|
-
T1: Create component and migrate all pages to it.
|
|
140
|
+
## Archive Invariants
|
|
176
141
|
|
|
177
|
-
|
|
178
|
-
T1: Create component.
|
|
179
|
-
T2: Migrate page A.
|
|
180
|
-
T3: Migrate page B.
|
|
181
|
-
```
|
|
142
|
+
Archive to `.sdd/archive/<YYYY-MM-DD>-<work-name>/` only when:
|
|
182
143
|
|
|
183
|
-
|
|
144
|
+
- All tasks are `DONE`.
|
|
145
|
+
- Validation passes or approved manual checks are recorded.
|
|
146
|
+
- No blocker is unresolved.
|
|
147
|
+
- Constraint and final-review evidence is present.
|
|
148
|
+
- Delta reconciliation is complete when applicable.
|
|
184
149
|
|
|
185
|
-
|
|
150
|
+
Generate the ISO date from the current environment; do not assume a particular shell command or VCS.
|
|
186
151
|
|
|
187
152
|
## Modes
|
|
188
153
|
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
-
|
|
192
|
-
-
|
|
193
|
-
- Verification mode: [agents/verify.md](agents/verify.md)
|
|
194
|
-
- Orchestrator mode: [agents/orchestrate.md](agents/orchestrate.md)
|
|
195
|
-
|
|
196
|
-
---
|
|
154
|
+
- Planning: [agents/plan.md](agents/plan.md)
|
|
155
|
+
- Implementation: [agents/apply.md](agents/apply.md)
|
|
156
|
+
- Verification: [agents/verify.md](agents/verify.md)
|
|
157
|
+
- Orchestration: [agents/orchestrate.md](agents/orchestrate.md)
|
|
197
158
|
|
|
198
159
|
## Templates
|
|
199
160
|
|
|
200
|
-
-
|
|
161
|
+
- Full spec: [assets/spec-template.md](assets/spec-template.md)
|
|
201
162
|
- Delta spec: [assets/delta-spec-template.md](assets/delta-spec-template.md)
|
|
202
163
|
- Design decisions: [assets/design-template.md](assets/design-template.md)
|
|
203
164
|
- Validation checklist: [assets/validation-checklist.md](assets/validation-checklist.md)
|
|
204
|
-
|
|
205
|
-
---
|
|
206
|
-
|
|
207
|
-
## Commands
|
|
208
|
-
|
|
209
|
-
```bash
|
|
210
|
-
mkdir -p .sdd/active/<feature-name>
|
|
211
|
-
cp .skilly-hand/catalog/spec-driven-development/assets/spec-template.md .sdd/active/<feature-name>/spec.md
|
|
212
|
-
cp .skilly-hand/catalog/spec-driven-development/assets/design-template.md .sdd/active/<feature-name>/design.md
|
|
213
|
-
```
|