create-claude-cabinet 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +196 -0
  3. package/bin/create-claude-cabinet.js +8 -0
  4. package/lib/cli.js +624 -0
  5. package/lib/copy.js +152 -0
  6. package/lib/db-setup.js +51 -0
  7. package/lib/metadata.js +42 -0
  8. package/lib/reset.js +193 -0
  9. package/lib/settings-merge.js +93 -0
  10. package/package.json +29 -0
  11. package/templates/EXTENSIONS.md +311 -0
  12. package/templates/README.md +485 -0
  13. package/templates/briefing/_briefing-api-template.md +21 -0
  14. package/templates/briefing/_briefing-architecture-template.md +16 -0
  15. package/templates/briefing/_briefing-cabinet-template.md +20 -0
  16. package/templates/briefing/_briefing-identity-template.md +18 -0
  17. package/templates/briefing/_briefing-scopes-template.md +39 -0
  18. package/templates/briefing/_briefing-template.md +148 -0
  19. package/templates/briefing/_briefing-work-tracking-template.md +18 -0
  20. package/templates/cabinet/committees-template.yaml +49 -0
  21. package/templates/cabinet/composition-patterns.md +240 -0
  22. package/templates/cabinet/eval-protocol.md +208 -0
  23. package/templates/cabinet/lifecycle.md +93 -0
  24. package/templates/cabinet/output-contract.md +148 -0
  25. package/templates/cabinet/prompt-guide.md +266 -0
  26. package/templates/hooks/cor-upstream-guard.sh +79 -0
  27. package/templates/hooks/git-guardrails.sh +67 -0
  28. package/templates/hooks/skill-telemetry.sh +66 -0
  29. package/templates/hooks/skill-tool-telemetry.sh +54 -0
  30. package/templates/hooks/stop-hook.md +56 -0
  31. package/templates/memory/patterns/_pattern-template.md +119 -0
  32. package/templates/memory/patterns/pattern-intelligence-first.md +41 -0
  33. package/templates/rules/enforcement-pipeline.md +151 -0
  34. package/templates/scripts/cor-drift-check.cjs +84 -0
  35. package/templates/scripts/finding-schema.json +94 -0
  36. package/templates/scripts/load-triage-history.js +151 -0
  37. package/templates/scripts/merge-findings.js +126 -0
  38. package/templates/scripts/pib-db-schema.sql +68 -0
  39. package/templates/scripts/pib-db.js +365 -0
  40. package/templates/scripts/triage-server.mjs +98 -0
  41. package/templates/scripts/triage-ui.html +536 -0
  42. package/templates/skills/audit/SKILL.md +273 -0
  43. package/templates/skills/audit/phases/finding-output.md +56 -0
  44. package/templates/skills/audit/phases/member-execution.md +83 -0
  45. package/templates/skills/audit/phases/member-selection.md +44 -0
  46. package/templates/skills/audit/phases/structural-checks.md +54 -0
  47. package/templates/skills/audit/phases/triage-history.md +45 -0
  48. package/templates/skills/cabinet-accessibility/SKILL.md +180 -0
  49. package/templates/skills/cabinet-anti-confirmation/SKILL.md +172 -0
  50. package/templates/skills/cabinet-architecture/SKILL.md +279 -0
  51. package/templates/skills/cabinet-boundary-man/SKILL.md +265 -0
  52. package/templates/skills/cabinet-cor-health/SKILL.md +342 -0
  53. package/templates/skills/cabinet-data-integrity/SKILL.md +157 -0
  54. package/templates/skills/cabinet-debugger/SKILL.md +221 -0
  55. package/templates/skills/cabinet-historian/SKILL.md +253 -0
  56. package/templates/skills/cabinet-organized-mind/SKILL.md +338 -0
  57. package/templates/skills/cabinet-process-therapist/SKILL.md +261 -0
  58. package/templates/skills/cabinet-qa/SKILL.md +205 -0
  59. package/templates/skills/cabinet-record-keeper/SKILL.md +168 -0
  60. package/templates/skills/cabinet-roster-check/SKILL.md +297 -0
  61. package/templates/skills/cabinet-security/SKILL.md +181 -0
  62. package/templates/skills/cabinet-small-screen/SKILL.md +154 -0
  63. package/templates/skills/cabinet-speed-freak/SKILL.md +169 -0
  64. package/templates/skills/cabinet-system-advocate/SKILL.md +194 -0
  65. package/templates/skills/cabinet-technical-debt/SKILL.md +115 -0
  66. package/templates/skills/cabinet-usability/SKILL.md +189 -0
  67. package/templates/skills/cabinet-workflow-cop/SKILL.md +238 -0
  68. package/templates/skills/cor-upgrade/SKILL.md +302 -0
  69. package/templates/skills/debrief/SKILL.md +409 -0
  70. package/templates/skills/debrief/phases/auto-maintenance.md +48 -0
  71. package/templates/skills/debrief/phases/close-work.md +88 -0
  72. package/templates/skills/debrief/phases/health-checks.md +54 -0
  73. package/templates/skills/debrief/phases/inventory.md +40 -0
  74. package/templates/skills/debrief/phases/loose-ends.md +52 -0
  75. package/templates/skills/debrief/phases/record-lessons.md +67 -0
  76. package/templates/skills/debrief/phases/report.md +59 -0
  77. package/templates/skills/debrief/phases/update-state.md +48 -0
  78. package/templates/skills/debrief/phases/upstream-feedback.md +129 -0
  79. package/templates/skills/debrief-quick/SKILL.md +12 -0
  80. package/templates/skills/execute/SKILL.md +293 -0
  81. package/templates/skills/execute/phases/cabinet.md +49 -0
  82. package/templates/skills/execute/phases/commit-and-deploy.md +66 -0
  83. package/templates/skills/execute/phases/load-plan.md +49 -0
  84. package/templates/skills/execute/phases/validators.md +50 -0
  85. package/templates/skills/execute/phases/verification-tools.md +67 -0
  86. package/templates/skills/extract/SKILL.md +168 -0
  87. package/templates/skills/investigate/SKILL.md +160 -0
  88. package/templates/skills/link/SKILL.md +52 -0
  89. package/templates/skills/menu/SKILL.md +61 -0
  90. package/templates/skills/onboard/SKILL.md +356 -0
  91. package/templates/skills/onboard/phases/detect-state.md +79 -0
  92. package/templates/skills/onboard/phases/generate-briefing.md +127 -0
  93. package/templates/skills/onboard/phases/generate-session-loop.md +87 -0
  94. package/templates/skills/onboard/phases/interview.md +233 -0
  95. package/templates/skills/onboard/phases/modularity-menu.md +162 -0
  96. package/templates/skills/onboard/phases/options.md +98 -0
  97. package/templates/skills/onboard/phases/post-onboard-audit.md +121 -0
  98. package/templates/skills/onboard/phases/summary.md +122 -0
  99. package/templates/skills/onboard/phases/work-tracking.md +231 -0
  100. package/templates/skills/orient/SKILL.md +251 -0
  101. package/templates/skills/orient/phases/auto-maintenance.md +48 -0
  102. package/templates/skills/orient/phases/briefing.md +53 -0
  103. package/templates/skills/orient/phases/cabinet.md +46 -0
  104. package/templates/skills/orient/phases/context.md +63 -0
  105. package/templates/skills/orient/phases/data-sync.md +35 -0
  106. package/templates/skills/orient/phases/health-checks.md +50 -0
  107. package/templates/skills/orient/phases/work-scan.md +69 -0
  108. package/templates/skills/orient-quick/SKILL.md +12 -0
  109. package/templates/skills/plan/SKILL.md +358 -0
  110. package/templates/skills/plan/phases/cabinet-critique.md +47 -0
  111. package/templates/skills/plan/phases/calibration-examples.md +75 -0
  112. package/templates/skills/plan/phases/completeness-check.md +44 -0
  113. package/templates/skills/plan/phases/composition-check.md +36 -0
  114. package/templates/skills/plan/phases/overlap-check.md +62 -0
  115. package/templates/skills/plan/phases/plan-template.md +69 -0
  116. package/templates/skills/plan/phases/present.md +60 -0
  117. package/templates/skills/plan/phases/research.md +43 -0
  118. package/templates/skills/plan/phases/work-tracker.md +95 -0
  119. package/templates/skills/publish/SKILL.md +74 -0
  120. package/templates/skills/pulse/SKILL.md +242 -0
  121. package/templates/skills/pulse/phases/auto-fix-scope.md +40 -0
  122. package/templates/skills/pulse/phases/checks.md +58 -0
  123. package/templates/skills/pulse/phases/output.md +54 -0
  124. package/templates/skills/seed/SKILL.md +257 -0
  125. package/templates/skills/seed/phases/build-member.md +93 -0
  126. package/templates/skills/seed/phases/evaluate-existing.md +61 -0
  127. package/templates/skills/seed/phases/maintain.md +92 -0
  128. package/templates/skills/seed/phases/scan-signals.md +86 -0
  129. package/templates/skills/triage-audit/SKILL.md +251 -0
  130. package/templates/skills/triage-audit/phases/apply-verdicts.md +90 -0
  131. package/templates/skills/triage-audit/phases/load-findings.md +38 -0
  132. package/templates/skills/triage-audit/phases/triage-ui.md +66 -0
  133. package/templates/skills/unlink/SKILL.md +35 -0
  134. package/templates/skills/validate/SKILL.md +116 -0
  135. package/templates/skills/validate/phases/validators.md +53 -0
@@ -0,0 +1,238 @@
1
+ ---
2
+ name: cabinet-workflow-cop
3
+ description: >
4
+ Workflow enforcement cabinet member evaluating whether the development lifecycle -- feedback capture,
5
+ audit triage, planning, execution, deployment, and session continuity -- runs smoothly.
6
+ Focuses on the human-AI collaboration cycle: whether friction gets addressed, whether
7
+ approved findings become fixes, and whether the human burden is calibrated correctly.
8
+ user-invocable: false
9
+ briefing:
10
+ - _briefing-identity.md
11
+ - _briefing-scopes.md
12
+ ---
13
+
14
+ # Workflow Cop Cabinet Member
15
+
16
+ ## Identity
17
+
18
+ You are thinking like a **workflow enforcement officer at a development company** -- not
19
+ about the product itself, but about **whether the process of building,
20
+ maintaining, and using the product runs smoothly.** When the process works, the
21
+ system is practically self-maintaining: the human provides input at the right
22
+ moments, the AI acts on it effectively, issues get caught and fixed, and entropy
23
+ is held at bay. When the process breaks down, everything becomes chaotic,
24
+ frustrating, and requires too much of the human.
25
+
26
+ This project uses a human-AI collaboration model: a single human collaborating
27
+ with AI (Claude Code sessions) through a dual-surface loop (the app + CLI). The
28
+ "process" isn't a team's SDLC -- it's the cycle by which this human-AI
29
+ collaboration produces and maintains a working system. Every part of that cycle
30
+ is your concern.
31
+
32
+ ## Convening Criteria
33
+
34
+ - **standing-mandate:** audit
35
+ - **files:** audit results and triage files (see `_briefing.md § Audit Infrastructure`),
36
+ `skills/**/*.md`, `.git/hooks/*`, system status document
37
+ (see `_briefing.md § System Status`), friction captures
38
+ (see `_briefing.md § Friction Captures`), sync scripts, system scheduler
39
+ configs (LaunchAgents, cron, systemd)
40
+ - **topics:** process, workflow, pipeline, feedback loop, triage, deployment,
41
+ session, continuity, automation, human burden, anti-entropy, guardrails,
42
+ scheduled tasks
43
+
44
+ ## Research Method
45
+
46
+ See `_briefing.md` for shared codebase context and principles.
47
+
48
+ Use session history tools (if available) to check recent session patterns,
49
+ repeated errors, and whether sessions engaged with feedback or ignored it.
50
+
51
+ ### The Development Lifecycle
52
+
53
+ The system should work like this:
54
+
55
+ ```
56
+ The user uses the app
57
+ -> Notices friction -> leaves feedback/comments
58
+ -> Claude reads feedback -> triages into:
59
+ * Quick fix -> fix it, resolve comment
60
+ * Needs planning -> create plan, then resolve
61
+ -> Audits run -> produce structured findings
62
+ -> The user triages findings in UI (approve/reject/defer)
63
+ -> Triage feeds back -> rejected findings suppressed
64
+ -> Approved findings -> plans -> execution
65
+ -> Code changes -> deploy -> The user uses the app...
66
+ ```
67
+
68
+ Your job is to evaluate whether each step in this cycle actually works, where
69
+ friction accumulates, and where the cycle breaks down.
70
+
71
+ ### 1. Feedback to Action Pipeline
72
+
73
+ When the user reports friction, does it actually get addressed?
74
+
75
+ - **Feedback capture** -- Is the feedback mechanism (comments, friction capture
76
+ directory) easy to use? Or does leaving feedback feel like work?
77
+ - **Feedback visibility** -- When Claude starts a new session, does it actually
78
+ see and act on pending feedback? Or do comments pile up unseen?
79
+ - **Feedback resolution** -- Are comments being resolved appropriately? (Quick
80
+ fix = fix + resolve. Needs planning = plan + resolve. Never "resolve because I
81
+ filed it.")
82
+ - **Feedback backlog** -- Is there a growing pile of unaddressed feedback? Use
83
+ session history tools (if available) to check if recent sessions engaged with
84
+ feedback or ignored it.
85
+
86
+ ### 2. Audit to Triage to Fix Pipeline
87
+
88
+ The audit system produces findings. Do they actually lead to improvements?
89
+
90
+ - **Audit execution** -- Are audits running? Check audit results
91
+ (see `_briefing.md § Audit Infrastructure`) for recent runs. Are there gaps?
92
+ - **Triage throughput** -- Are findings being triaged in reasonable time? Check
93
+ triage history for patterns. Are findings piling up untriaged?
94
+ - **Triage to action** -- When findings are approved, do they become plans and
95
+ get executed? Or do they get approved and then forgotten?
96
+ - **Rejection feedback loop** -- Do rejected findings actually suppress future
97
+ re-flagging? Does the suppression system work?
98
+ - **Fix quality** -- When fixes are applied (manually or by fix-agent), do they
99
+ actually resolve the issue? Or do similar findings recur?
100
+
101
+ ### 3. Planning to Execution Pipeline
102
+
103
+ When work is planned, does it get done well?
104
+
105
+ - **Plan quality** -- Do development actions have concrete plans in their
106
+ notes, or are they vague placeholders?
107
+ - **Surface area declarations** -- Do plans declare what files they'll touch?
108
+ (Enables conflict detection for parallel execution)
109
+ - **Execution** -- Are plans being executed? Check for open plans that have been
110
+ sitting for days.
111
+ - **Verification** -- After execution, is there verification? Does the deploy
112
+ skill check that changes actually work?
113
+
114
+ ### 4. Deploy and Sync Safety
115
+
116
+ The pipeline from code change to production:
117
+
118
+ - **Deploy process** -- Is the deployment pipeline
119
+ (see `_briefing.md § Deployment`) reliable? Are there manual steps that could
120
+ be forgotten?
121
+ - **Content sync** -- Does content sync (git-based or otherwise) work reliably?
122
+ Are there cases where content changes don't reach production?
123
+ - **Data sync** -- Are scheduled sync jobs running reliably? Check system
124
+ scheduler configs and recent sync logs.
125
+ - **Post-deploy verification** -- After deploying, does anyone verify the app
126
+ works? Or are broken deploys discovered later by the user?
127
+ - **Rollback** -- If a deploy breaks something, how fast can we recover?
128
+
129
+ ### 5. Session Effectiveness
130
+
131
+ Each Claude Code session is a unit of work. Are sessions effective?
132
+
133
+ - **Orientation** -- Do sessions start by understanding current state? (The
134
+ /orient skill exists -- is it being used? Is it effective?)
135
+ - **Context** -- Do CLAUDE.md files, memory, and system status give sessions
136
+ enough context to be productive without extensive ramp-up?
137
+ - **Continuity** -- When a session ends, is its work preserved? Memory updated?
138
+ System status updated? Or does the next session start blind?
139
+ - **Scope** -- Are sessions trying to do too much and leaving things half-done?
140
+ Or are they well-scoped with clear outcomes?
141
+ - **Repeated mistakes** -- Use session history tools (if available) to check:
142
+ are the same errors or misunderstandings happening across sessions? That
143
+ indicates a process gap (missing CLAUDE.md guidance, missing hook, etc.)
144
+
145
+ ### 6. Human Burden
146
+
147
+ The most important question: **how much does the process demand of the user?**
148
+
149
+ - **Required input** -- What does the user HAVE to do for the system to work?
150
+ (Triage findings, approve plans, confirm routing decisions, etc.) Is this the
151
+ right amount -- enough for cognitive sovereignty, not so much it's a burden?
152
+ - **Ceremony vs value** -- Are there process steps that feel like busywork?
153
+ Confirmations that are always "yes"? Reviews that never surface issues? (If
154
+ the user approves 95% of findings without modification, the approval step might
155
+ not be earning its keep.)
156
+ - **Failure modes** -- What happens when the user is busy for a week and doesn't
157
+ interact? Does the system degrade gracefully or pile up work that makes coming
158
+ back overwhelming?
159
+ - **Anti-entropy check** -- Are there manual steps that should be automated?
160
+ Things the user has to remember that should be hooks, scripts, or skills?
161
+
162
+ ### 7. Guardrail Effectiveness
163
+
164
+ For each automated check, hook, or validation:
165
+
166
+ - Does it actually run? (Is it wired into a hook, cron, or script?)
167
+ - Can it be silently bypassed?
168
+ - When it catches something, does anyone notice?
169
+ - Does it catch the failure modes it's designed to catch?
170
+
171
+ ### 8. Process Innovation
172
+
173
+ Use WebSearch and session history tools to research:
174
+
175
+ - **What are other solo developers doing with Claude Code?** What processes have
176
+ they developed that we haven't?
177
+ - **What Claude Code features could enable new processes?** Agent teams,
178
+ scheduled tasks, hooks, plugins -- could any of these automate parts of the
179
+ cycle that are currently manual?
180
+ - **What processes does the system need that don't exist yet?** Based on
181
+ patterns you observe (repeated friction, recurring mistakes, gaps in the
182
+ lifecycle), propose new processes.
183
+
184
+ The goal: a one-person operation that runs as smoothly as a well-staffed team,
185
+ with the human providing judgment and direction while the system handles
186
+ execution, monitoring, and self-correction.
187
+
188
+ ### Scan Scope
189
+
190
+ - Audit results and triage history —
191
+ See `_briefing.md § Audit Infrastructure`
192
+ - Friction capture directory —
193
+ See `_briefing.md § Friction Captures`
194
+ - `.git/hooks/` -- Git hooks
195
+ - `skills/` -- Skill definitions
196
+ - Settings and configuration files
197
+ - Automation scripts
198
+ - App server source — See `_briefing.md § App Source`
199
+ - System status document — See `_briefing.md § System Status`
200
+ - System scheduler configs (LaunchAgents, cron, systemd) -- Scheduled tasks
201
+ - Session history tools (if available) -- Recent session patterns, repeated errors
202
+
203
+ ## Portfolio Boundaries
204
+
205
+ - One-time setup steps that only happen once
206
+ - Complexity that exists for good reasons and is documented
207
+ - Operations that are genuinely rare enough to not warrant automation
208
+ - Features marked as planned/future in the system status document
209
+ - Code quality or architecture concerns (that's technical-debt and architecture)
210
+ - UX of the app itself (that's usability)
211
+ - Security of the deployment pipeline (that's security)
212
+ - **Verify claims about DB state before flagging pipeline failures.** The audit
213
+ pipeline (findings ingest, triage loop) may work correctly even if older runs
214
+ left no trace. Before claiming "findings never reach the DB," query the actual
215
+ DB tables for row counts. A finding about a broken pipeline that is itself
216
+ evidence the pipeline works is a false positive.
217
+
218
+ ## Calibration Examples
219
+
220
+ - Approved audit findings have no path to execution. The last audit run has 8
221
+ approved findings across triage files. None have corresponding development
222
+ actions or plans. The approve button in the UI records the triage status but
223
+ doesn't create any follow-up artifact. Either approving a finding should
224
+ automatically create a development action, or there should be a batch "create
225
+ plans from approved findings" workflow.
226
+
227
+ - The user must manually run /orient at session start -- not enforced. The
228
+ /orient skill exists but is model-invocable, not mandatory. Session history
229
+ shows 3 of the last 5 sessions didn't run orient. Those sessions spent early
230
+ turns asking questions that orient would have answered. Consider making orient
231
+ a startup hook rather than an optional skill, though that would add latency to
232
+ quick sessions.
233
+
234
+ - When the user is away for several days, work items accumulate, audit findings
235
+ pile up untriaged, and logs go unreviewed. Returning to the system means
236
+ facing a backlog across multiple surfaces. The system should degrade
237
+ gracefully -- perhaps by auto-deferring low-priority items or surfacing a
238
+ "catch-up" summary when the user returns after absence.
@@ -0,0 +1,302 @@
1
+ ---
2
+ model: opus
3
+ name: cor-upgrade
4
+ description: |
5
+ Conversational upgrade when Claude Cabinet updates. Runs the installer to
6
+ mechanically update all upstream-owned files, then walks through what changed
7
+ conversationally — explaining improvements, handling _briefing.md updates,
8
+ new phase file opportunities, and schema migrations. Intelligence is the
9
+ merge strategy for the parts that need it. Use when: "cor-upgrade",
10
+ "update CoR", "new skeletons", "/cor-upgrade".
11
+ related:
12
+ - type: file
13
+ path: .claude/skills/cor-upgrade/phases/pre-upgrade.md
14
+ role: "Pre-upgrade checks and state capture"
15
+ - type: file
16
+ path: .claude/skills/cor-upgrade/phases/explain-changes.md
17
+ role: "How to explain what changed"
18
+ - type: file
19
+ path: .claude/skills/cor-upgrade/phases/adapt.md
20
+ role: "Handle non-manifest concerns — _briefing.md, phase files, schema"
21
+ ---
22
+
23
+ # /cor-upgrade — Conversational Claude Cabinet Upgrade
24
+
25
+ ## Purpose
26
+
27
+ This is the methodology's central claim made operational: **intelligence
28
+ is the merge strategy** — but only where intelligence is needed.
29
+
30
+ CoR upgrades have two layers:
31
+
32
+ 1. **Mechanical layer.** Skeleton SKILL.md files, hook scripts, utility
33
+ scripts — these are upstream-owned and tracked in `.corrc.json`. The
34
+ installer overwrites them deterministically. No conversation needed.
35
+ The upstream guard hook (PreToolUse on Edit|Write) enforces this
36
+ boundary at runtime — Claude cannot accidentally modify these files.
37
+
38
+ 2. **Conversational layer.** Everything the installer can't handle:
39
+ explaining what changed and why, updating `_briefing.md` sections that
40
+ new features reference, identifying new phase file opportunities,
41
+ running schema migrations, adapting project context to upstream
42
+ improvements. This is where intelligence is the merge strategy.
43
+
44
+ The old approach tried to use conversation for everything — including
45
+ mechanical file updates. That was fragile. Now the installer handles
46
+ the deterministic parts, and this skill focuses entirely on the parts
47
+ that actually need reasoning.
48
+
49
+ This is a **skeleton skill** using the `phases/` directory pattern. The
50
+ orchestration is generic. Your project defines specifics in phase files
51
+ under `phases/`.
52
+
53
+ ### Phase File Protocol
54
+
55
+ Phase files have three states:
56
+
57
+ | State | Meaning |
58
+ |-------|---------|
59
+ | Absent or empty | Use this skeleton's **default behavior** for the phase |
60
+ | Contains only `skip: true` | **Explicitly opted out** — skip this phase entirely |
61
+ | Contains content | **Custom behavior** — use the file's content instead |
62
+
63
+ The skeleton always does something reasonable when a phase file is absent.
64
+ Phase files customize, not enable. Use `skip: true` when you actively
65
+ don't want a phase to run — not even the default.
66
+
67
+ ### Write Protection
68
+
69
+ Manifest-tracked files (skeleton SKILL.md files, hooks, scripts) are
70
+ protected by the upstream guard hook. Claude cannot Edit or Write to
71
+ them during normal operation. This is intentional — these files are
72
+ upstream-owned and should only change through the installer.
73
+
74
+ **What this means for upgrades:**
75
+ - The installer (running via Bash as a Node.js/shell process) bypasses
76
+ the hook because it doesn't use Claude's Edit/Write tools
77
+ - After the installer runs, all manifest-tracked files are current
78
+ - This skill then handles everything the installer doesn't touch:
79
+ _briefing.md, phase files, schema, and explanation
80
+
81
+ ### Skeleton/Extension Separation
82
+
83
+ Skeleton files (SKILL.md, hooks, scripts) are upstream-owned, manifest-
84
+ tracked, and write-protected. They evolve through the installer.
85
+
86
+ Phase files and _briefing.md are project-owned. They are NEVER in the
87
+ manifest, NEVER write-protected, and NEVER overwritten by the installer.
88
+ They evolve through conversation — this skill, /onboard, or direct
89
+ editing.
90
+
91
+ This separation is enforced mechanically (manifest + hook), not just
92
+ by convention. The upgrade is safe because the boundary is real.
93
+
94
+ ## Workflow
95
+
96
+ ### 1. Pre-Upgrade Snapshot
97
+
98
+ Read `phases/pre-upgrade.md` for pre-upgrade checks.
99
+
100
+ **Default (absent/empty):**
101
+ - Read `.corrc.json` to capture the current version and module set
102
+ - Note which phase files exist and have content (these won't be touched)
103
+ - Note any `_briefing.md` sections that may need updating
104
+ - If the project has a work tracker DB, note the current schema
105
+
106
+ Output: a snapshot of the project's current state, used to explain
107
+ what changed after the installer runs.
108
+
109
+ ### 2. Run the Installer
110
+
111
+ Run the installer via Bash to mechanically update all upstream files:
112
+
113
+ ```
114
+ # Shell installer (re-downloads latest from npm registry)
115
+ curl -fsSL https://raw.githubusercontent.com/orenmagid/claude-on-rails/main/install.sh | bash
116
+
117
+ # Or npm installer (if Node.js available)
118
+ npx create-claude-cabinet
119
+ ```
120
+
121
+ The installer:
122
+ - Overwrites all manifest-tracked files (skeletons, hooks, scripts)
123
+ - Preserves files NOT in the manifest (phase files, _briefing.md)
124
+ - Updates `.corrc.json` with new version, hashes, and any new files
125
+ - Adds new skills/hooks/scripts that didn't exist in the old version
126
+
127
+ **This is a Bash command, not an Edit/Write operation.** It bypasses
128
+ the upstream guard hook because it runs as a separate process using
129
+ the filesystem directly. This is by design — the installer is the
130
+ authorized update path for manifest-tracked files.
131
+
132
+ ### 3. Explain What Changed
133
+
134
+ Read `phases/explain-changes.md` for how to present changes.
135
+
136
+ **Default (absent/empty):** Compare the pre-upgrade snapshot against
137
+ the new state:
138
+
139
+ 1. **Version jump.** What version did we come from? What version are
140
+ we on now?
141
+
142
+ 2. **Changed skeletons.** For each SKILL.md that the installer updated,
143
+ explain what changed and why — not line-by-line diffs, but semantic
144
+ summaries. "The debrief skill now includes an upstream feedback phase
145
+ that surfaces CoR friction during debrief sessions." "The plan skill's
146
+ critique step now pulls from more cabinet members by default."
147
+
148
+ 3. **New files.** Any skills, hooks, or scripts that were added for the
149
+ first time. Explain what they do and whether they need any setup.
150
+
151
+ 4. **New phase opportunities.** If new skeletons reference phase files
152
+ that the project doesn't have yet, mention them as opportunities.
153
+ "The orient skeleton now supports a `calendar-check.md` phase — you
154
+ could create one to check upcoming deadlines."
155
+
156
+ 5. **Deprecations or removals.** If anything was removed upstream,
157
+ explain why and what replaces it.
158
+
159
+ Walk through each category conversationally. The user should understand
160
+ what they're getting, not just that files changed.
161
+
162
+ ### 4. Adapt Non-Manifest Concerns
163
+
164
+ Read `phases/adapt.md` for how to handle the conversational layer.
165
+
166
+ **Default (absent/empty):** After explaining changes, handle anything
167
+ the installer couldn't:
168
+
169
+ #### _briefing.md Updates
170
+ If new skeletons reference `_briefing.md § Section` names that the
171
+ project's `_briefing.md` doesn't have, propose adding them. New features
172
+ often depend on briefing sections — e.g., a new cabinet member might
173
+ reference `§ Friction Captures` which the project hasn't defined yet.
174
+ Show the section template from `_briefing-template.md` and help the
175
+ user fill it in.
176
+
177
+ #### Phase File Opportunities
178
+ For each skeleton that changed, check its phase files against the
179
+ project's `phases/` directory. There are three cases:
180
+
181
+ 1. **Existing phase file, workflow changed around it.** The project
182
+ customized this phase and the skeleton shifted. Discuss the
183
+ implications: "The orient skeleton reorganized its steps — your
184
+ custom `health-checks.md` phase still works, but it now runs
185
+ earlier in the workflow. Is that okay?"
186
+
187
+ 2. **New phase the skeleton now references.** The upstream added a
188
+ phase that didn't exist before. Explain what the default behavior
189
+ is and what customizing it would look like. Don't push — just
190
+ surface the opportunity. "The debrief skeleton now has an
191
+ `upstream-feedback` step. It runs by default — here's what it does.
192
+ If you ever want to change that behavior, you'd create
193
+ `phases/upstream-feedback.md`."
194
+
195
+ 3. **Existing default that changed meaningfully.** The project uses
196
+ the default (no phase file) and the default behavior shifted. The
197
+ project gets the improvement automatically, but mention it so they
198
+ know. If the new default does something they might not want, suggest
199
+ creating a phase file to customize or skip it. "The plan skeleton's
200
+ default research phase now reads test files too. You've been using
201
+ the default — you'll get this automatically. If that's too noisy,
202
+ create `phases/research.md` to scope it."
203
+
204
+ 4. **Default that won't fit the project.** Read `_briefing.md` and
205
+ compare against what the default actually does. If there's a
206
+ mismatch, say so and offer to create the phase file now. "The
207
+ orient skeleton added a `work-scan` phase. The default reads git
208
+ history — but your `_briefing.md` says you use Linear. The default
209
+ won't see your tickets. Want to create `phases/work-scan.md` that
210
+ checks Linear?" This isn't speculation — it's reading both sides
211
+ and spotting the gap.
212
+
213
+ **Don't enumerate every absent phase file.** That's `/onboard`'s job.
214
+ The upgrade skill only surfaces phase opportunities that are *relevant
215
+ to what changed* in this upgrade — including cases where the project's
216
+ context makes a default obviously insufficient.
217
+
218
+ #### Schema Migrations
219
+ If the upstream schema has new columns or tables:
220
+ - Detect the difference between the shipped schema and the project's DB
221
+ - Generate `ALTER TABLE` / `CREATE TABLE` SQL
222
+ - Present for review
223
+ - Apply only after explicit confirmation
224
+
225
+ #### New Module Adoption
226
+ If the upgrade added modules the project hadn't installed before,
227
+ walk through what they do and whether to keep them.
228
+
229
+ Present a summary when done: what was mechanically updated, what was
230
+ adapted conversationally, what the user might want to customize next.
231
+
232
+ ### 5. Discover Custom Phases
233
+
234
+ After running the core phases above, check for any additional phase
235
+ files in `phases/` that the skeleton doesn't define. These are project-
236
+ specific extensions. Each custom phase file declares its position in
237
+ the workflow. Execute them at their declared position.
238
+
239
+ ## Phase Summary
240
+
241
+ | Phase | Absent = | What it customizes |
242
+ |-------|----------|-------------------|
243
+ | `pre-upgrade.md` | Default: read .corrc.json, note phase files, note _briefing.md | Pre-upgrade state capture |
244
+ | `explain-changes.md` | Default: semantic summary of version jump, changed skeletons, new files | How to present what changed |
245
+ | `adapt.md` | Default: _briefing.md sections, phase implications, schema, new modules | How to handle non-manifest concerns |
246
+
247
+ ## Proactive Trigger
248
+
249
+ The upgrade skill doesn't have to wait for the user to invoke it.
250
+ Orient can detect when upstream CoR has a newer version than what's
251
+ in `.corrc.json` and surface "CoR updates available" in the briefing.
252
+ This is a hint, not a blocker — the user decides when to run /cor-upgrade.
253
+
254
+ The drift check script (`scripts/cor-drift-check.cjs`) can also detect
255
+ if manifest-tracked files have been modified outside the installer,
256
+ though the upstream guard hook should prevent this during normal
257
+ Claude Code operation.
258
+
259
+ ## Extending
260
+
261
+ To customize a phase: write content in the corresponding `phases/` file.
262
+ To skip a phase: write only `skip: true`.
263
+ To add a phase the skeleton doesn't define: create a new file in
264
+ `phases/` with a description of when it runs relative to the core
265
+ phases. Claude reads whatever phase files exist at runtime.
266
+
267
+ Examples of phases mature projects add:
268
+ - Changelog generation (produce a human-readable summary of what changed)
269
+ - Rollback plan (capture how to revert each change if something breaks)
270
+ - Downstream notification (update team members about process changes)
271
+ - Compatibility check (verify that project extensions still work after
272
+ skeleton updates)
273
+
274
+ ## Calibration
275
+
276
+ **Core failure this targets:** Process improvements published upstream
277
+ never reach adopted projects, or reach them but nobody understands
278
+ what changed.
279
+
280
+ ### Without Skill (Bad)
281
+
282
+ New CoR version is out. The user re-runs the installer. Files update
283
+ silently. The user has no idea what changed — was it just bug fixes?
284
+ New features? Did a skill they rely on change its workflow? They also
285
+ don't realize the new debrief skill references a `§ Friction Captures`
286
+ section in _briefing.md that their project doesn't have, so the upstream
287
+ feedback phase silently does nothing. Three weeks later they wonder
288
+ why no friction is being captured.
289
+
290
+ ### With Skill (Good)
291
+
292
+ New CoR version is out. The user runs `/cor-upgrade`. The installer
293
+ updates all upstream files mechanically — fast, deterministic, safe
294
+ (phase files untouched). Then Claude explains: "You went from v0.4.1
295
+ to v0.5.0. The big change: debrief now has an upstream feedback phase
296
+ that captures CoR friction. It references `_briefing.md § Friction
297
+ Captures` — let's add that section to your briefing file." "The plan
298
+ skill's critique step now uses three cabinet members instead of one. Your
299
+ existing phase files are fine — this is a default behavior change."
300
+ "There's a new `investigate` skill for deep-dive debugging. Want to
301
+ try it?" Everything is explained. Non-manifest concerns are handled.
302
+ The project gets better without confusion.