create-claude-cabinet 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +196 -0
  3. package/bin/create-claude-cabinet.js +8 -0
  4. package/lib/cli.js +624 -0
  5. package/lib/copy.js +152 -0
  6. package/lib/db-setup.js +51 -0
  7. package/lib/metadata.js +42 -0
  8. package/lib/reset.js +193 -0
  9. package/lib/settings-merge.js +93 -0
  10. package/package.json +29 -0
  11. package/templates/EXTENSIONS.md +311 -0
  12. package/templates/README.md +485 -0
  13. package/templates/briefing/_briefing-api-template.md +21 -0
  14. package/templates/briefing/_briefing-architecture-template.md +16 -0
  15. package/templates/briefing/_briefing-cabinet-template.md +20 -0
  16. package/templates/briefing/_briefing-identity-template.md +18 -0
  17. package/templates/briefing/_briefing-scopes-template.md +39 -0
  18. package/templates/briefing/_briefing-template.md +148 -0
  19. package/templates/briefing/_briefing-work-tracking-template.md +18 -0
  20. package/templates/cabinet/committees-template.yaml +49 -0
  21. package/templates/cabinet/composition-patterns.md +240 -0
  22. package/templates/cabinet/eval-protocol.md +208 -0
  23. package/templates/cabinet/lifecycle.md +93 -0
  24. package/templates/cabinet/output-contract.md +148 -0
  25. package/templates/cabinet/prompt-guide.md +266 -0
  26. package/templates/hooks/cor-upstream-guard.sh +79 -0
  27. package/templates/hooks/git-guardrails.sh +67 -0
  28. package/templates/hooks/skill-telemetry.sh +66 -0
  29. package/templates/hooks/skill-tool-telemetry.sh +54 -0
  30. package/templates/hooks/stop-hook.md +56 -0
  31. package/templates/memory/patterns/_pattern-template.md +119 -0
  32. package/templates/memory/patterns/pattern-intelligence-first.md +41 -0
  33. package/templates/rules/enforcement-pipeline.md +151 -0
  34. package/templates/scripts/cor-drift-check.cjs +84 -0
  35. package/templates/scripts/finding-schema.json +94 -0
  36. package/templates/scripts/load-triage-history.js +151 -0
  37. package/templates/scripts/merge-findings.js +126 -0
  38. package/templates/scripts/pib-db-schema.sql +68 -0
  39. package/templates/scripts/pib-db.js +365 -0
  40. package/templates/scripts/triage-server.mjs +98 -0
  41. package/templates/scripts/triage-ui.html +536 -0
  42. package/templates/skills/audit/SKILL.md +273 -0
  43. package/templates/skills/audit/phases/finding-output.md +56 -0
  44. package/templates/skills/audit/phases/member-execution.md +83 -0
  45. package/templates/skills/audit/phases/member-selection.md +44 -0
  46. package/templates/skills/audit/phases/structural-checks.md +54 -0
  47. package/templates/skills/audit/phases/triage-history.md +45 -0
  48. package/templates/skills/cabinet-accessibility/SKILL.md +180 -0
  49. package/templates/skills/cabinet-anti-confirmation/SKILL.md +172 -0
  50. package/templates/skills/cabinet-architecture/SKILL.md +279 -0
  51. package/templates/skills/cabinet-boundary-man/SKILL.md +265 -0
  52. package/templates/skills/cabinet-cor-health/SKILL.md +342 -0
  53. package/templates/skills/cabinet-data-integrity/SKILL.md +157 -0
  54. package/templates/skills/cabinet-debugger/SKILL.md +221 -0
  55. package/templates/skills/cabinet-historian/SKILL.md +253 -0
  56. package/templates/skills/cabinet-organized-mind/SKILL.md +338 -0
  57. package/templates/skills/cabinet-process-therapist/SKILL.md +261 -0
  58. package/templates/skills/cabinet-qa/SKILL.md +205 -0
  59. package/templates/skills/cabinet-record-keeper/SKILL.md +168 -0
  60. package/templates/skills/cabinet-roster-check/SKILL.md +297 -0
  61. package/templates/skills/cabinet-security/SKILL.md +181 -0
  62. package/templates/skills/cabinet-small-screen/SKILL.md +154 -0
  63. package/templates/skills/cabinet-speed-freak/SKILL.md +169 -0
  64. package/templates/skills/cabinet-system-advocate/SKILL.md +194 -0
  65. package/templates/skills/cabinet-technical-debt/SKILL.md +115 -0
  66. package/templates/skills/cabinet-usability/SKILL.md +189 -0
  67. package/templates/skills/cabinet-workflow-cop/SKILL.md +238 -0
  68. package/templates/skills/cor-upgrade/SKILL.md +302 -0
  69. package/templates/skills/debrief/SKILL.md +409 -0
  70. package/templates/skills/debrief/phases/auto-maintenance.md +48 -0
  71. package/templates/skills/debrief/phases/close-work.md +88 -0
  72. package/templates/skills/debrief/phases/health-checks.md +54 -0
  73. package/templates/skills/debrief/phases/inventory.md +40 -0
  74. package/templates/skills/debrief/phases/loose-ends.md +52 -0
  75. package/templates/skills/debrief/phases/record-lessons.md +67 -0
  76. package/templates/skills/debrief/phases/report.md +59 -0
  77. package/templates/skills/debrief/phases/update-state.md +48 -0
  78. package/templates/skills/debrief/phases/upstream-feedback.md +129 -0
  79. package/templates/skills/debrief-quick/SKILL.md +12 -0
  80. package/templates/skills/execute/SKILL.md +293 -0
  81. package/templates/skills/execute/phases/cabinet.md +49 -0
  82. package/templates/skills/execute/phases/commit-and-deploy.md +66 -0
  83. package/templates/skills/execute/phases/load-plan.md +49 -0
  84. package/templates/skills/execute/phases/validators.md +50 -0
  85. package/templates/skills/execute/phases/verification-tools.md +67 -0
  86. package/templates/skills/extract/SKILL.md +168 -0
  87. package/templates/skills/investigate/SKILL.md +160 -0
  88. package/templates/skills/link/SKILL.md +52 -0
  89. package/templates/skills/menu/SKILL.md +61 -0
  90. package/templates/skills/onboard/SKILL.md +356 -0
  91. package/templates/skills/onboard/phases/detect-state.md +79 -0
  92. package/templates/skills/onboard/phases/generate-briefing.md +127 -0
  93. package/templates/skills/onboard/phases/generate-session-loop.md +87 -0
  94. package/templates/skills/onboard/phases/interview.md +233 -0
  95. package/templates/skills/onboard/phases/modularity-menu.md +162 -0
  96. package/templates/skills/onboard/phases/options.md +98 -0
  97. package/templates/skills/onboard/phases/post-onboard-audit.md +121 -0
  98. package/templates/skills/onboard/phases/summary.md +122 -0
  99. package/templates/skills/onboard/phases/work-tracking.md +231 -0
  100. package/templates/skills/orient/SKILL.md +251 -0
  101. package/templates/skills/orient/phases/auto-maintenance.md +48 -0
  102. package/templates/skills/orient/phases/briefing.md +53 -0
  103. package/templates/skills/orient/phases/cabinet.md +46 -0
  104. package/templates/skills/orient/phases/context.md +63 -0
  105. package/templates/skills/orient/phases/data-sync.md +35 -0
  106. package/templates/skills/orient/phases/health-checks.md +50 -0
  107. package/templates/skills/orient/phases/work-scan.md +69 -0
  108. package/templates/skills/orient-quick/SKILL.md +12 -0
  109. package/templates/skills/plan/SKILL.md +358 -0
  110. package/templates/skills/plan/phases/cabinet-critique.md +47 -0
  111. package/templates/skills/plan/phases/calibration-examples.md +75 -0
  112. package/templates/skills/plan/phases/completeness-check.md +44 -0
  113. package/templates/skills/plan/phases/composition-check.md +36 -0
  114. package/templates/skills/plan/phases/overlap-check.md +62 -0
  115. package/templates/skills/plan/phases/plan-template.md +69 -0
  116. package/templates/skills/plan/phases/present.md +60 -0
  117. package/templates/skills/plan/phases/research.md +43 -0
  118. package/templates/skills/plan/phases/work-tracker.md +95 -0
  119. package/templates/skills/publish/SKILL.md +74 -0
  120. package/templates/skills/pulse/SKILL.md +242 -0
  121. package/templates/skills/pulse/phases/auto-fix-scope.md +40 -0
  122. package/templates/skills/pulse/phases/checks.md +58 -0
  123. package/templates/skills/pulse/phases/output.md +54 -0
  124. package/templates/skills/seed/SKILL.md +257 -0
  125. package/templates/skills/seed/phases/build-member.md +93 -0
  126. package/templates/skills/seed/phases/evaluate-existing.md +61 -0
  127. package/templates/skills/seed/phases/maintain.md +92 -0
  128. package/templates/skills/seed/phases/scan-signals.md +86 -0
  129. package/templates/skills/triage-audit/SKILL.md +251 -0
  130. package/templates/skills/triage-audit/phases/apply-verdicts.md +90 -0
  131. package/templates/skills/triage-audit/phases/load-findings.md +38 -0
  132. package/templates/skills/triage-audit/phases/triage-ui.md +66 -0
  133. package/templates/skills/unlink/SKILL.md +35 -0
  134. package/templates/skills/validate/SKILL.md +116 -0
  135. package/templates/skills/validate/phases/validators.md +53 -0
@@ -0,0 +1,273 @@
1
+ ---
2
+ model: opus
3
+ name: audit
4
+ description: |
5
+ Convene the full cabinet for a quality review. Each cabinet member examines
6
+ the project from their domain — security, performance, accessibility, and
7
+ so on — and reports what they find. Like calling a cabinet meeting where
8
+ every advisor reviews the state of things and flags what needs attention.
9
+ Use when: "audit", "run an audit", "/audit", scheduled audit trigger,
10
+ or significant milestone.
11
+ related:
12
+ - type: file
13
+ path: .claude/skills/audit/phases/member-selection.md
14
+ role: "Project-specific: which cabinet members to run"
15
+ - type: file
16
+ path: .claude/skills/audit/phases/structural-checks.md
17
+ role: "Project-specific: fast structural checks before full audit"
18
+ - type: file
19
+ path: .claude/skills/audit/phases/triage-history.md
20
+ role: "Project-specific: how to load suppression lists"
21
+ - type: file
22
+ path: .claude/skills/audit/phases/member-execution.md
23
+ role: "Project-specific: how to run cabinet member agents"
24
+ - type: file
25
+ path: .claude/skills/audit/phases/finding-output.md
26
+ role: "Project-specific: how to persist and report findings"
27
+ - type: file
28
+ path: cabinet/output-contract.md
29
+ role: "How cabinet members report their findings"
30
+ - type: file
31
+ path: cabinet/_briefing.md
32
+ role: "Project identity and configuration"
33
+ - type: file
34
+ path: scripts/finding-schema.json
35
+ role: "JSON Schema for finding validation"
36
+ - type: file
37
+ path: scripts/merge-findings.js
38
+ role: "Merges per-member JSON into run-summary.json"
39
+ - type: file
40
+ path: scripts/load-triage-history.js
41
+ role: "Builds suppression lists from triage history"
42
+ - type: file
43
+ path: scripts/pib-db.js
44
+ role: "Reference data layer for finding persistence"
45
+ ---
46
+
47
+ # /audit — Convene the Cabinet
48
+
49
+ ## Purpose
50
+
51
+ Call a full cabinet meeting. Every cabinet member examines the project
52
+ from their domain and reports what they find — the way a board of
53
+ advisors would review the state of operations. Without this, the only
54
+ learning channel is friction the user notices during active work. But
55
+ some problems accumulate silently — a convention erodes across ten
56
+ commits, a subsystem degrades gradually, an architectural decision's
57
+ consequences only become visible at scale.
58
+ The audit catches what individual sessions miss.
59
+
60
+ This is a **skeleton skill** using the `phases/` directory pattern. The
61
+ orchestration (what to do and in what order) is generic. Your project
62
+ defines the specifics — which cabinet members to run, what fast checks to
63
+ apply, how to persist findings — in phase files under `phases/`.
64
+
65
+ ### Phase File Protocol
66
+
67
+ Phase files have three states:
68
+
69
+ | State | Meaning |
70
+ |-------|---------|
71
+ | Absent or empty | Use this skeleton's **default behavior** for the phase |
72
+ | Contains only `skip: true` | **Explicitly opted out** — skip this phase entirely |
73
+ | Contains content | **Custom behavior** — use the file's content instead |
74
+
75
+ The skeleton always does something reasonable when a phase file is absent.
76
+ Phase files customize, not enable. Use `skip: true` when you actively
77
+ don't want a phase to run — not even the default.
78
+
79
+ ## Identity
80
+
81
+ You are the auditor. You don't build — you observe, reason, and propose.
82
+ Your job is to surface what the system's daily operators can't see because
83
+ they're inside it. You approach the codebase as an outsider with fresh
84
+ eyes, checking whether what the system claims to be matches what it
85
+ actually is.
86
+
87
+ You are not a linter. You don't flag style violations or enforce
88
+ arbitrary standards. You use cabinet members — named lenses that
89
+ each bring domain knowledge and specific concerns. A cabinet member on
90
+ accessibility looks at the UI differently than a cabinet member on data
91
+ integrity looks at the persistence layer. The combination of
92
+ cabinet members produces a holistic picture that no single viewpoint
93
+ could achieve.
94
+
95
+ Your findings are suggestions. Every one goes through triage where the
96
+ user confirms, defers, or rejects it. A high rejection rate means your
97
+ calibration is off — you're flagging things that don't matter to this
98
+ project. Adjust.
99
+
100
+ ## When to Run
101
+
102
+ - On a schedule (weekly, after milestones, before releases)
103
+ - When the user asks for an audit
104
+ - After significant architectural changes
105
+ - When a new cabinet member is adopted (run it once to establish baseline)
106
+
107
+ ## Workflow
108
+
109
+ ### 1. Select Cabinet Members (core)
110
+
111
+ Read `phases/member-selection.md` for which cabinet members to run.
112
+
113
+ **Default (absent/empty):** Discover all cabinet members from
114
+ `skills/cabinet-*/SKILL.md`. If `cabinet/committees.yaml`
115
+ exists (copied from `committees-template.yaml`), present committees and let the
116
+ user choose which to run. If no committees file exists, run all discovered
117
+ cabinet members.
118
+
119
+ The selection determines what the audit looks at. A full audit runs
120
+ everything; a focused audit runs one committee or a specific set of
121
+ cabinet members.
122
+
123
+ ### 2. Fast Structural Checks (core)
124
+
125
+ Read `phases/structural-checks.md` for fast, deterministic checks to run before
126
+ the full cabinet member-based audit. These are things like linters, type
127
+ checkers, validation scripts — anything that gives immediate signal
128
+ without AI interpretation.
129
+
130
+ **Skip (absent/empty).** Most projects start without structural checks
131
+ and add them as they discover invariants worth verifying automatically.
132
+ Structural checks are an optimization, not a prerequisite.
133
+
134
+ ### 3. Load Triage Suppression (core)
135
+
136
+ Read `phases/triage-history.md` for how to build the suppression list
137
+ of previously-triaged findings.
138
+
139
+ **Default (absent/empty):** Run `scripts/load-triage-history.js` to
140
+ build suppression lists. This script tries the reference data layer
141
+ (pib-db) first, then falls back to scanning `reviews/*/triage.json`
142
+ files. The result is a JSON object with rejected and deferred finding
143
+ IDs and fingerprints.
144
+
145
+ Pass the suppression list to each cabinet member agent so they skip
146
+ findings that were already rejected or deferred. Without suppression,
147
+ every audit regenerates the same findings the user already dismissed,
148
+ and the triage queue becomes useless.
149
+
150
+ ### 4. Execute Cabinet Member Agents (core)
151
+
152
+ Read `phases/member-execution.md` for how to spawn and manage
153
+ cabinet member agents.
154
+
155
+ **Default (absent/empty):** For each selected cabinet member:
156
+ 1. Read the cabinet member's `SKILL.md` for domain knowledge and concerns
157
+ 2. Read `cabinet/_briefing.md` for project identity
158
+ 3. Read `cabinet/output-contract.md` for output format
159
+ 4. Pass the suppression list from step 3
160
+ 5. Spawn as an agent (parallel when possible)
161
+
162
+ Each cabinet member agent follows a two-phase protocol:
163
+ - **Phase A — Explore:** Read broadly, examine the codebase through this
164
+ cabinet member's lens. Take notes on everything observed.
165
+ - **Phase B — Rank and emit:** From everything observed, select the top
166
+ 5-8 findings that matter most. Apply the output contract. Emit JSON.
167
+
168
+ The two-phase protocol prevents premature commitment — the cabinet member
169
+ sees everything before deciding what to report. Without it, the first
170
+ interesting thing found dominates the output.
171
+
172
+ ### 5. Merge and Persist Findings (core)
173
+
174
+ Read `phases/finding-output.md` for how to persist and report the
175
+ audit results.
176
+
177
+ **Default (absent/empty):**
178
+ 1. Create a timestamped run directory: `reviews/YYYY-MM-DD/HH-MM-SS/`
179
+ 2. Write each cabinet member's JSON output to the run directory
180
+ 3. Run `scripts/merge-findings.js <run-dir>` to produce `run-summary.json`
181
+ 4. Run `scripts/merge-findings.js <run-dir> --db` to also ingest into
182
+ the reference data layer (if pib-db is initialized)
183
+ 5. Present findings summary: total count, breakdown by severity, by
184
+ cabinet member, and highlight any critical findings
185
+
186
+ After persisting, remind the user about triage: findings need human
187
+ judgment before they drive action. Use `/triage-audit` to review and
188
+ decide on findings.
189
+
190
+ ### 6. Discover Custom Phases
191
+
192
+ After running the core phases above, check for any additional phase
193
+ files in `phases/` that the skeleton doesn't define. These are project-
194
+ specific extensions. Each custom phase file declares its position in
195
+ the workflow. Execute them at their declared position.
196
+
197
+ ## Phase Summary
198
+
199
+ | Phase | Absent = | What it customizes |
200
+ |-------|----------|-------------------|
201
+ | `member-selection.md` | Default: discover all, present committees if available | Which cabinet members to run |
202
+ | `structural-checks.md` | Skip | Fast structural checks before full audit |
203
+ | `triage-history.md` | Default: run load-triage-history.js | How to load suppression lists |
204
+ | `member-execution.md` | Default: parallel agents with two-phase protocol | How to run cabinet member agents |
205
+ | `finding-output.md` | Default: timestamped dir + merge + pib-db ingest | How to persist and report findings |
206
+
207
+ ## How Audit Connects to Other Skills
208
+
209
+ **Orient** verifies operational state — is the system running, is data
210
+ fresh, are processes alive? **Audit** verifies quality and alignment —
211
+ does the system do what it claims, is it drifting, are conventions
212
+ holding? Orient runs every session; audit runs periodically or on
213
+ demand.
214
+
215
+ **Debrief** captures session-specific lessons — what was learned during
216
+ this work session. **Audit** captures systematic observations from
217
+ cabinet members — what would a specialist notice? Debrief lessons
218
+ come from doing; audit findings come from looking.
219
+
220
+ **Triage-audit** is the audit's partner. Audit generates findings;
221
+ triage presents them for human judgment. Without triage, findings
222
+ accumulate and are never acted on. Without audit, triage has nothing
223
+ to triage. They form a closed loop.
224
+
225
+ **Pulse** watches self-description accuracy — do counts match, do
226
+ documented states match reality? Audit watches quality through domain
227
+ cabinet member lenses. Pulse is fast and embedded; audit is thorough and
228
+ standalone.
229
+
230
+ ## Extending
231
+
232
+ To customize a phase: write content in the corresponding `phases/` file.
233
+ To skip a phase: write only `skip: true` in the file.
234
+ To add a phase the skeleton doesn't define: create a new file in
235
+ `phases/` with a description of when it runs relative to the core
236
+ phases. Claude reads whatever phase files exist at runtime.
237
+
238
+ Examples of phases mature projects add:
239
+ - Auto-fix execution (attempt fixes for autoFixable findings after triage)
240
+ - Trend analysis (compare this run to previous runs for improvement/regression)
241
+ - Notification (alert external systems when critical findings appear)
242
+ - Cabinet member evaluation (track which cabinet members consistently produce
243
+ useful findings vs noise)
244
+
245
+ ## Calibration
246
+
247
+ **Core failure this targets:** Quality drift that accumulates silently
248
+ between sessions because no one is systematically looking for it.
249
+
250
+ ### Without Skill (Bad)
251
+
252
+ The project grows over months. Conventions established early erode as
253
+ new code ignores them. A subsystem that worked at small scale starts
254
+ showing strain. An architectural decision's consequences become visible
255
+ only when the tenth module follows the same broken pattern. No one
256
+ notices because each session focuses on the task at hand, not on the
257
+ whole.
258
+
259
+ Six months later, a refactoring effort reveals a dozen intertwined
260
+ issues that could have been caught individually. The cost of fixing
261
+ them all at once is 10x what incremental fixes would have been.
262
+
263
+ ### With Skill (Good)
264
+
265
+ Every two weeks, the audit runs. Cabinet member agents examine the codebase
266
+ through different lenses — architecture, code quality, UX, security,
267
+ process adherence. Findings go through triage: the user fixes what
268
+ matters, defers what can wait, rejects what's noise. Each cabinet member
269
+ learns from rejections (calibration drift). Conventions stay enforced
270
+ because someone is checking. Drift is caught at one commit, not ten.
271
+
272
+ The system maintains quality not through heroic effort but through
273
+ regular, structured observation.
@@ -0,0 +1,56 @@
1
+ # Finding Output — Persisting and Reporting Results
2
+
3
+ Define how to persist audit findings and present the results. The /audit
4
+ skill reads this file after all cabinet member agents have completed.
5
+
6
+ When this file is absent or empty, the default behavior is: write JSON
7
+ to a timestamped run directory, merge with `scripts/merge-findings.js`,
8
+ ingest to pib-db, and present a summary. To explicitly skip output,
9
+ write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ Define your output strategy:
14
+ - **Storage** — where findings go (filesystem, database, API, all three)
15
+ - **Merge** — how per-cabinet-member outputs are combined
16
+ - **Reporting** — what to show the user and in what format
17
+ - **Next steps** — what to do after findings are persisted
18
+
19
+ ## Default Behavior
20
+
21
+ 1. **Create run directory:** `reviews/YYYY-MM-DD/HH-MM-SS/`
22
+ 2. **Write cabinet member JSON:** One file per cabinet member in the run directory
23
+ 3. **Merge findings:** Run `node scripts/merge-findings.js <run-dir>`
24
+ to produce `run-summary.json` with deduplicated findings and metadata
25
+ 4. **Ingest to database:** Run `node scripts/merge-findings.js <run-dir> --db`
26
+ to also store findings in the reference data layer (pib-db). If pib-db
27
+ is not initialized, findings are still saved as JSON files.
28
+ 5. **Present summary:**
29
+ - Total finding count and breakdown by severity
30
+ - Findings by cabinet member
31
+ - Any critical findings highlighted
32
+ - Positive findings (healthy subsystems)
33
+ 6. **Prompt for triage:** Remind the user that findings need human judgment.
34
+ Use `/triage-audit` to review, approve, defer, or reject findings.
35
+
36
+ ## Example Override
37
+
38
+ Uncomment and adapt if your project stores findings elsewhere:
39
+
40
+ <!--
41
+ ### External API Storage
42
+ ```bash
43
+ curl -X POST https://your-api.example.com/api/audit/findings \
44
+ -H "Content-Type: application/json" \
45
+ -H "Authorization: Bearer $API_TOKEN" \
46
+ -d @run-summary.json
47
+ ```
48
+ Post findings to an external API instead of (or in addition to)
49
+ local storage. Useful when audit results need to be visible in
50
+ a dashboard or shared with a team.
51
+
52
+ ### Custom Reporting
53
+ Instead of the default summary, generate a markdown report at
54
+ `reviews/YYYY-MM-DD/audit-report.md` with full finding details,
55
+ trend comparisons, and recommended priority order.
56
+ -->
@@ -0,0 +1,83 @@
1
+ # Member Execution — Running Cabinet Member Agents
2
+
3
+ Define how to spawn and manage cabinet member agents during the audit.
4
+ The /audit skill reads this file after loading triage suppression.
5
+
6
+ When this file is absent or empty, the default behavior is: spawn
7
+ each selected cabinet member as a parallel agent following the two-phase
8
+ protocol (explore broadly, then rank and emit top 5-8 findings).
9
+ To explicitly skip execution, write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ Define your execution strategy:
14
+ - **Agent spawning** — parallel vs sequential, timeout limits, resource caps
15
+ - **Context loading** — what each agent receives beyond its cabinet member SKILL.md
16
+ - **Protocol** — how agents should approach their audit (explore-then-rank
17
+ vs checklist vs other)
18
+ - **Error handling** — what to do when an agent fails or times out
19
+
20
+ ## Briefing Loading
21
+
22
+ Each cabinet member declares which briefing files it needs via a `briefing`
23
+ list in its SKILL.md frontmatter. The loading protocol:
24
+
25
+ 1. **Read the cabinet member's `briefing` frontmatter field** to get the list
26
+ of briefing files it needs (e.g., `_briefing-identity.md`,
27
+ `_briefing-architecture.md`).
28
+ 2. **Always load `_briefing-identity.md`** regardless of whether it's
29
+ declared — every cabinet member needs project identity.
30
+ 3. **Load each declared file** from `cabinet/`.
31
+ 4. **Fallback:** If declared files don't exist, or if the cabinet member has
32
+ no `briefing` field in its frontmatter, fall back to reading
33
+ `_briefing.md` directly. This works for both the hub format (which
34
+ indexes split files) and the old monolithic format (which contains
35
+ everything inline).
36
+
37
+ This means existing projects with a single monolithic `_briefing.md`
38
+ continue to work without changes.
39
+
40
+ ## Default Protocol
41
+
42
+ Each cabinet member agent receives:
43
+ 1. The cabinet member's `SKILL.md` — domain knowledge and specific concerns
44
+ 2. Briefing files — loaded per the briefing loading protocol above
45
+ 3. `cabinet/output-contract.md` — structured output format
46
+ 4. The suppression list — previously-triaged finding IDs and fingerprints
47
+
48
+ The agent follows a two-phase protocol:
49
+
50
+ **Phase A — Explore thoroughly.** Read broadly through the codebase with
51
+ this cabinet member's lens. Take notes on everything observed — patterns,
52
+ concerns, healthy subsystems, potential issues. Don't commit to findings
53
+ yet. The goal is to see the whole picture before deciding what matters.
54
+
55
+ **Phase B — Rank and emit.** From everything observed, select the top
56
+ 5-8 findings that matter most to this project right now. Apply the
57
+ output contract (assumption + evidence + question for each). Emit
58
+ structured JSON. Include 1-2 positive findings for healthy subsystems.
59
+
60
+ The two-phase protocol prevents premature commitment. Without it, the
61
+ first interesting thing found dominates the output, and deeper or more
62
+ important issues are missed.
63
+
64
+ ## Example Override
65
+
66
+ Uncomment and adapt for your project:
67
+
68
+ <!--
69
+ ### Sequential with Timeouts
70
+ Run cabinet members one at a time with a 3-minute timeout each.
71
+ Useful when running on constrained infrastructure.
72
+
73
+ ### Checklist Mode
74
+ Instead of explore-then-rank, give each cabinet member a specific
75
+ checklist of things to verify. Faster but less likely to discover
76
+ unexpected issues. Good for regression audits where you know what
77
+ to check.
78
+
79
+ ### Grouped Execution
80
+ Run cabinet members in their committees (from committees.yaml), presenting
81
+ results per committee before moving to the next. Allows the user to
82
+ skip remaining committees if early findings need immediate attention.
83
+ -->
@@ -0,0 +1,44 @@
1
+ # Member Selection — Which Cabinet Members to Run
2
+
3
+ Define how the audit selects which cabinet members to run. The /audit skill
4
+ reads this file before spawning cabinet member agents.
5
+
6
+ When this file is absent or empty, the default behavior is: discover all
7
+ cabinet members from `skills/cabinet-*/SKILL.md`, present committees if
8
+ `committees.yaml` exists, otherwise run all. To explicitly skip member
9
+ selection (and run no audit), write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ Define your selection strategy:
14
+ - **Discovery** — where to find available cabinet members
15
+ - **Grouping** — how cabinet members are organized (committees, tiers, categories)
16
+ - **Default set** — what runs when no specific request is made
17
+ - **Selection interface** — how the user chooses (menu, flags, auto)
18
+
19
+ ## Example Strategies
20
+
21
+ Uncomment and adapt for your project:
22
+
23
+ <!--
24
+ ### Run All (simplest)
25
+ Discover all cabinet members in `skills/cabinet-*/SKILL.md`.
26
+ Run every one. Good for small projects with few cabinet members.
27
+
28
+ ### Committee-Based Selection
29
+ Read `cabinet/committees.yaml` for committee definitions.
30
+ Present committees to the user:
31
+ 1. ux — accessibility, small-screen
32
+ 2. code — technical-debt, architecture
33
+ 3. health — security, data-integrity, speed-freak
34
+ 4. process — workflow-cop, record-keeper
35
+
36
+ Cross-portfolio cabinet members (marked in committees.yaml) always run
37
+ regardless of committee selection.
38
+
39
+ ### Targeted Audit
40
+ Accept a cabinet member name or committee as an argument:
41
+ /audit security — run only the security cabinet member
42
+ /audit --committee health — run the health committee
43
+ /audit --all — run everything
44
+ -->
@@ -0,0 +1,54 @@
1
+ # Structural Checks — Fast Deterministic Validation
2
+
3
+ Define fast, deterministic checks to run before the full cabinet member-based
4
+ audit. The /audit skill reads this file after cabinet member selection.
5
+
6
+ When this file is absent or empty, structural checks are skipped. Most
7
+ projects start without them and add checks as they discover invariants
8
+ worth verifying automatically. To explicitly skip, write only `skip: true`.
9
+
10
+ ## What to Include
11
+
12
+ For each check, provide:
13
+ - **What** — the command or script to run
14
+ - **Why** — what invariant it verifies
15
+ - **On failure** — how to surface the result (block audit, warn, or note)
16
+
17
+ Structural checks should be fast (seconds, not minutes) and deterministic
18
+ (same input always produces same output). They complement the AI-driven
19
+ cabinet member audit with mechanical verification.
20
+
21
+ ## Example Checks
22
+
23
+ Uncomment and adapt for your project:
24
+
25
+ <!--
26
+ ### Type Checking
27
+ ```bash
28
+ npx tsc --noEmit
29
+ ```
30
+ Catches type errors that cabinet members might miss or waste time on.
31
+ On failure: include type errors in the audit report as pre-findings.
32
+
33
+ ### Lint
34
+ ```bash
35
+ npx eslint src/ --format json
36
+ ```
37
+ Catches style violations so cabinet members can focus on deeper issues.
38
+ On failure: summarize violations, don't block audit.
39
+
40
+ ### Validation Scripts
41
+ ```bash
42
+ node scripts/validate-structure.sh
43
+ ```
44
+ Project-specific structural invariants (e.g., every module has tests,
45
+ every API endpoint has documentation, every entity type has a schema).
46
+ On failure: include as findings with source "structural-check".
47
+
48
+ ### Dependency Audit
49
+ ```bash
50
+ npm audit --json
51
+ ```
52
+ Known vulnerability scan before the security cabinet member runs.
53
+ On failure: include as pre-findings for the security cabinet member.
54
+ -->
@@ -0,0 +1,45 @@
1
+ # Triage History — Loading Suppression Lists
2
+
3
+ Define how to load previously-triaged findings so the audit doesn't
4
+ regenerate findings the user already dismissed. The /audit skill reads
5
+ this file before spawning cabinet member agents.
6
+
7
+ When this file is absent or empty, the default behavior is: run
8
+ `scripts/load-triage-history.js` which tries the reference data layer
9
+ (pib-db) first, then falls back to scanning `reviews/*/triage.json`
10
+ files. To explicitly skip suppression (regenerate all findings fresh),
11
+ write only `skip: true`.
12
+
13
+ ## What to Include
14
+
15
+ Define your suppression strategy:
16
+ - **Source** — where triage decisions are stored
17
+ - **Format** — what the suppression list looks like
18
+ - **Scope** — how far back to look (all time, last 30 days, etc.)
19
+
20
+ ## How Suppression Works
21
+
22
+ The suppression list contains:
23
+ - **Rejected IDs** — findings explicitly marked as not-a-problem
24
+ - **Rejected fingerprints** — cabinet member + title pairs for fuzzy matching
25
+ (catches regenerated findings with new IDs but same content)
26
+ - **Deferred IDs** — findings postponed for later review
27
+ - **Deferred fingerprints** — same fuzzy matching for deferred items
28
+
29
+ Each cabinet member agent receives the full suppression list and skips
30
+ findings that match. This prevents the triage queue from filling with
31
+ previously-dismissed items.
32
+
33
+ ## Example Override
34
+
35
+ Uncomment and adapt if your project stores triage decisions elsewhere:
36
+
37
+ <!--
38
+ ### External Triage API
39
+ ```bash
40
+ curl -s https://your-api.example.com/api/triage/suppression \
41
+ -H "Authorization: Bearer $API_TOKEN"
42
+ ```
43
+ Returns JSON in the same format as load-triage-history.js output:
44
+ { rejectedIds, rejectedFingerprints, deferredIds, deferredFingerprints }
45
+ -->