company-skill 4.2.0 → 4.4.0

package/README.md

@@ -75,15 +75,21 @@ Every employee gets their task, previous findings, and failed approaches from th
 <details>
 <summary><strong>VERIFY</strong> — Triple quality gate blocks premature completion</summary>
 
-**Internal Reviewer** checks each criterion in criteria.json against evidence. No evidence? Stays `false`.
+**Internal Reviewer** checks each criterion in criteria.json against evidence. No evidence? Stays `false`. Also scans all public-facing output for unverified claims about external projects — any number, percentage, or technical detail cited from memory gets blocked until verified from source.
 
-**Devil's Advocate** attacks anything marked as passing. "Is this actually complete or surface-level? What edge cases were missed?"
+**Devil's Advocate** attacks anything marked as passing. "Is this actually complete or surface-level? What edge cases were missed?" For any claim about external projects: "did you actually verify this from their repo/docs, or are you guessing?"
 
 **Elegance Enforcer** asks "Can this be simpler? Does every component justify its existence?"
 
 All three must accept before the loop exits.
 </details>
 
+## External Fact Verification
+
+Workers producing public-facing output (GitHub comments, PRs, blog posts) must verify every claim about external projects from their actual docs/source before publishing. No citing from memory. The reviewer blocks unverified external claims automatically.
+
+**One strike rule:** if corrected by someone, respond "my bad, you're right" and stop. Never attempt a second correction with more guessed details.
+
 ## Goal Enforcement
 
 The skill creates `criteria.json` with machine-checkable success criteria:
@@ -145,13 +151,20 @@ Override per employee: `- ML Scientist, experiments [opus]`
 
 ## Installed Skills
 
-Auto-installed on first run. When installed, employees MUST use them.
+Auto-installed on first run. Leads assign skills to workers by task type.
+
+| Task type | Skill | Pack |
+|-----------|-------|------|
+| Code review | /review | gstack |
+| Bug fix | /investigate | gstack |
+| QA testing | /qa | gstack |
+| Ship code | /ship | gstack |
+| Browse/test site | /browse | gstack |
+| Security audit | /secure-phase | trailofbits |
+| Debug with state | /gsd-debug | GSD |
+| Plan work | /gsd-plan-phase | GSD |
 
-| Pack | What employees get |
-|------|-------------------|
-| gstack | /review, /ship, /qa, /investigate, /browse |
-| GSD | /gsd-plan-phase, /gsd-execute-phase, /gsd-verify-work, /gsd-debug |
-| trailofbits | Security audit, vulnerability detection |
+If no skill matches the task, workers use raw tools.
 
 <details>
 <summary>Install more skill packs</summary>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "company-skill",
-  "version": "4.2.0",
+  "version": "4.4.0",
   "description": "Goal-driven multi-employee company for Claude Code. Give it a goal, it runs until done.",
   "bin": {
     "company-skill": "./bin/install.js"

package/skill/SKILL.md

@@ -88,6 +88,10 @@ If a lead realizes an idle employee is needed after all: add them to active rost
 
 Each worker gets: their task, their previous findings file, failed approaches from playbook.
 
+If a skill was assigned (see Skill Routing table), invoke it via the Skill tool FIRST before doing anything else.
+
+**EXTERNAL FACT RULE (highest priority):** Before writing ANY public-facing output (GitHub comments, PR descriptions, emails, blog posts) that states a specific fact about an external project (version numbers, API details, feature claims, architecture, block formats), the worker MUST verify it first using WebFetch or `gh api` to read the project's actual docs/source/README. If it cannot verify, it must say "not sure" instead of guessing. NEVER cite external numbers from memory. ONE STRIKE: if corrected, respond "my bad, you're right" and stop — never attempt a second correction with more guessed details.
+
 Every finding MUST have:
 ```
 FINDING: what
@@ -102,8 +106,9 @@ Novel ideas (new techniques, hypotheses, untested approaches) use "NOVEL - needs
 Internal Reviewer reads criteria.json + all findings. For each criterion:
 - Evidence exists with source? Set passes: true in criteria.json
 - No evidence or source missing? Keep passes: false
+- **External fact check:** Scan every outgoing comment/email/blog for claims about external projects (numbers, percentages, technical details, feature comparisons). If any claim wasn't verified from the actual source (repo, docs, README), BLOCK the output and send the worker back to verify. Memory-based claims about external projects = automatic rejection.
 
-Devil's Advocate attacks anything marked as passing.
+Devil's Advocate attacks anything marked as passing. **Specifically for external claims:** ask "did you actually verify this from their repo/docs, or are you guessing?" for every statement about a competitor or external project.
 
 Print as plain text (NOT Bash):
 
@@ -142,9 +147,22 @@ CEO updates COMPANY.md: tag `[inactive]` on zero-contribution roles, `[priority]
 CEO, CTO, Internal Reviewer, User Advocate, Devil's Advocate, Elegance Enforcer.
 Deduplicated if user defines them in COMPANY.md.
 
-## Skills
+## Skill Routing
+
+Leads MUST assign a skill when the task matches. Workers MUST invoke it via the Skill tool.
+
+| Task type | Skill | When |
+|-----------|-------|------|
+| Code review | /review | Any PR or diff needs review before merging |
+| Bug fix | /investigate | Root cause unknown, need systematic debugging |
+| QA testing | /qa | Test a web app, find and fix bugs |
+| Ship code | /ship | Create PR, run tests, push |
+| Security audit | /secure-phase | Check for vulnerabilities in code |
+| Debug with state | /gsd-debug | Complex bug needing persistent debug session |
+| Plan work | /gsd-plan-phase | Break complex task into steps |
+| Browse/test site | /browse | Navigate URLs, check page state, screenshots |
 
-When installed: MUST use /review for code review, /investigate for bugs, /qa for testing, /ship for PRs. Skills are installed in the Preamble.
+If no skill matches, workers use raw tools (Read, Write, Bash, etc.).
 
 ## Stop Hook