create-claude-cabinet 0.31.0 → 0.31.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/templates/cabinet/checkpoint-protocol.md +21 -0
  3. package/templates/workflows/execute-group.js +15 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-claude-cabinet",
3
- "version": "0.31.0",
3
+ "version": "0.31.1",
4
4
  "description": "Claude Cabinet — opinionated process scaffolding for Claude Code projects",
5
5
  "bin": {
6
6
  "create-claude-cabinet": "bin/create-claude-cabinet.js"
package/templates/cabinet/checkpoint-protocol.md CHANGED
@@ -72,6 +72,27 @@ Either way, each spawned agent receives:
72
72
  relevant git diff (`this file group`, `pre-commit`, aggregate)
73
73
  - An instruction to return the verdict object below
74
74
 
75
+ **Plan-first review discipline (critical for `pre-impl` scope):** at
76
+ `pre-impl` scope, the agent receives the plan's full notes. The plan IS
77
+ the primary input — it may already address common risks (auth, validation,
78
+ XSS, race conditions). The agent MUST:
79
+
80
+ 1. **Read the plan text first.** Understand what the plan says it will do
81
+ and what mitigations it already includes.
82
+ 2. **Only raise concerns the plan does NOT address.** If the plan says
83
+ "preview action lives in Admin::TargetsController with three-layered
84
+ auth," do not raise "needs admin auth" as a concern — the plan already
85
+ covers it. Explicitly acknowledge addressed concerns rather than
86
+ re-raising them.
87
+ 3. **Distinguish "the codebase has this risk" from "the plan doesn't
88
+ mitigate this risk."** A checkpoint is not a codebase audit. The
89
+ question is whether THIS PLAN is safe to start — not whether the
90
+ codebase has pre-existing issues outside the plan's scope.
91
+
92
+ Without this discipline, cabinet members pattern-match against codebase
93
+ state and raise false positives that the plan already handles, wasting
94
+ tokens on re-runs that produce the same concerns.
95
+
75
96
  ## Step 3 — Collect verdicts
76
97
 
77
98
  Each agent returns exactly this shape:
package/templates/workflows/execute-group.js CHANGED
@@ -110,7 +110,18 @@ function reviewScope({ members, scopeLabel, scopeInstruction, phaseTitle }) {
110
110
  `Checkpoint scope: ${scopeLabel}.`,
111
111
  scopeInstruction,
112
112
  ``,
113
- `You have Bash/Read/Grep/Glob inspect the actual code and diffs yourself.`,
113
+ `IMPORTANTplan-first review discipline:`,
114
+ `1. Read the plan text FIRST. The plan may already address common risks`,
115
+ ` (auth, validation, XSS, race conditions, etc.).`,
116
+ `2. Only raise concerns the plan does NOT address. If the plan explicitly`,
117
+ ` says how it handles a risk, do NOT re-raise it — acknowledge it and`,
118
+ ` move on. "The plan already covers X" is the right response.`,
119
+ `3. Distinguish "the codebase has this risk" from "the plan doesn't`,
120
+ ` mitigate this risk." A checkpoint reviews the PLAN, not the codebase.`,
121
+ ` Pre-existing codebase issues outside the plan's scope are not findings.`,
122
+ ``,
123
+ `You have Bash/Read/Grep/Glob — use them to verify claims in the plan`,
124
+ `against the actual code, but start from the plan, not from a codebase scan.`,
114
125
  `Return a verdict object: { verdict: continue|pause|stop, concerns: [...] }.`,
115
126
  ].filter(Boolean).join('\n'),
116
127
  { agentType: m.agentType || undefined, label: `${phaseTitle}:${m.key}`, phase: phaseTitle, schema: VERDICT_SCHEMA }
@@ -145,11 +156,11 @@ const cp1 = { group: null, perPlan: [] }
145
156
  if (members.length > 0) {
146
157
  // Group-level CP1 only meaningful for 2+ plans (combination concerns).
147
158
  if (isGroup) {
148
- const aggregateSurface = plans.map(p => `- ${p.fid} ${p.text}\n${p.surfaceArea || '(surface area in notes)'}`).join('\n')
159
+ const planSummaries = plans.map(p => `=== Plan ${p.fid}: ${p.text} ===\n${p.notes || p.surfaceArea || '(no notes)'}\n`).join('\n')
149
160
  const groupVerdicts = await reviewScope({
150
161
  members,
151
162
  scopeLabel: `group aggregate — these ${plans.length} plans will run in parallel`,
152
- scopeInstruction: `Review the COMBINATION. Any concern about these plans running together (shared assumptions, ordering, cross-plan interactions)?\n\nPlans:\n${aggregateSurface}`,
163
+ scopeInstruction: `Review the COMBINATION of these plans running in parallel. Read each plan's full notes — they describe what will be built and how risks are mitigated. Only raise concerns about the COMBINATION that the individual plans don't address (shared assumptions, ordering dependencies, cross-plan interactions, conflicting approaches).\n\n${planSummaries}`,
153
164
  phaseTitle: 'CP1',
154
165
  })
155
166
  const e = escalate(groupVerdicts)
@@ -164,7 +175,7 @@ if (members.length > 0) {
164
175
  reviewScope({
165
176
  members,
166
177
  scopeLabel: `pre-impl review of plan ${p.fid}`,
167
- scopeInstruction: `Is this plan safe to start? Review its approach and surface area.\n\nPlan ${p.fid}: ${p.text}\n\n${p.notes || p.surfaceArea || ''}`,
178
+ scopeInstruction: `Is this plan safe to start? Read the plan's full notes below — the plan may already address common risks. Only raise concerns it does NOT cover.\n\nPlan ${p.fid}: ${p.text}\n\n${p.notes || p.surfaceArea || ''}`,
168
179
  phaseTitle: 'CP1',
169
180
  }).then(verdicts => ({ fid: p.fid, escalation: escalate(verdicts), verdicts }))
170
181
  ))