create-claude-cabinet 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +196 -0
- package/bin/create-claude-cabinet.js +8 -0
- package/lib/cli.js +624 -0
- package/lib/copy.js +152 -0
- package/lib/db-setup.js +51 -0
- package/lib/metadata.js +42 -0
- package/lib/reset.js +193 -0
- package/lib/settings-merge.js +93 -0
- package/package.json +29 -0
- package/templates/EXTENSIONS.md +311 -0
- package/templates/README.md +485 -0
- package/templates/briefing/_briefing-api-template.md +21 -0
- package/templates/briefing/_briefing-architecture-template.md +16 -0
- package/templates/briefing/_briefing-cabinet-template.md +20 -0
- package/templates/briefing/_briefing-identity-template.md +18 -0
- package/templates/briefing/_briefing-scopes-template.md +39 -0
- package/templates/briefing/_briefing-template.md +148 -0
- package/templates/briefing/_briefing-work-tracking-template.md +18 -0
- package/templates/cabinet/committees-template.yaml +49 -0
- package/templates/cabinet/composition-patterns.md +240 -0
- package/templates/cabinet/eval-protocol.md +208 -0
- package/templates/cabinet/lifecycle.md +93 -0
- package/templates/cabinet/output-contract.md +148 -0
- package/templates/cabinet/prompt-guide.md +266 -0
- package/templates/hooks/cor-upstream-guard.sh +79 -0
- package/templates/hooks/git-guardrails.sh +67 -0
- package/templates/hooks/skill-telemetry.sh +66 -0
- package/templates/hooks/skill-tool-telemetry.sh +54 -0
- package/templates/hooks/stop-hook.md +56 -0
- package/templates/memory/patterns/_pattern-template.md +119 -0
- package/templates/memory/patterns/pattern-intelligence-first.md +41 -0
- package/templates/rules/enforcement-pipeline.md +151 -0
- package/templates/scripts/cor-drift-check.cjs +84 -0
- package/templates/scripts/finding-schema.json +94 -0
- package/templates/scripts/load-triage-history.js +151 -0
- package/templates/scripts/merge-findings.js +126 -0
- package/templates/scripts/pib-db-schema.sql +68 -0
- package/templates/scripts/pib-db.js +365 -0
- package/templates/scripts/triage-server.mjs +98 -0
- package/templates/scripts/triage-ui.html +536 -0
- package/templates/skills/audit/SKILL.md +273 -0
- package/templates/skills/audit/phases/finding-output.md +56 -0
- package/templates/skills/audit/phases/member-execution.md +83 -0
- package/templates/skills/audit/phases/member-selection.md +44 -0
- package/templates/skills/audit/phases/structural-checks.md +54 -0
- package/templates/skills/audit/phases/triage-history.md +45 -0
- package/templates/skills/cabinet-accessibility/SKILL.md +180 -0
- package/templates/skills/cabinet-anti-confirmation/SKILL.md +172 -0
- package/templates/skills/cabinet-architecture/SKILL.md +279 -0
- package/templates/skills/cabinet-boundary-man/SKILL.md +265 -0
- package/templates/skills/cabinet-cor-health/SKILL.md +342 -0
- package/templates/skills/cabinet-data-integrity/SKILL.md +157 -0
- package/templates/skills/cabinet-debugger/SKILL.md +221 -0
- package/templates/skills/cabinet-historian/SKILL.md +253 -0
- package/templates/skills/cabinet-organized-mind/SKILL.md +338 -0
- package/templates/skills/cabinet-process-therapist/SKILL.md +261 -0
- package/templates/skills/cabinet-qa/SKILL.md +205 -0
- package/templates/skills/cabinet-record-keeper/SKILL.md +168 -0
- package/templates/skills/cabinet-roster-check/SKILL.md +297 -0
- package/templates/skills/cabinet-security/SKILL.md +181 -0
- package/templates/skills/cabinet-small-screen/SKILL.md +154 -0
- package/templates/skills/cabinet-speed-freak/SKILL.md +169 -0
- package/templates/skills/cabinet-system-advocate/SKILL.md +194 -0
- package/templates/skills/cabinet-technical-debt/SKILL.md +115 -0
- package/templates/skills/cabinet-usability/SKILL.md +189 -0
- package/templates/skills/cabinet-workflow-cop/SKILL.md +238 -0
- package/templates/skills/cor-upgrade/SKILL.md +302 -0
- package/templates/skills/debrief/SKILL.md +409 -0
- package/templates/skills/debrief/phases/auto-maintenance.md +48 -0
- package/templates/skills/debrief/phases/close-work.md +88 -0
- package/templates/skills/debrief/phases/health-checks.md +54 -0
- package/templates/skills/debrief/phases/inventory.md +40 -0
- package/templates/skills/debrief/phases/loose-ends.md +52 -0
- package/templates/skills/debrief/phases/record-lessons.md +67 -0
- package/templates/skills/debrief/phases/report.md +59 -0
- package/templates/skills/debrief/phases/update-state.md +48 -0
- package/templates/skills/debrief/phases/upstream-feedback.md +129 -0
- package/templates/skills/debrief-quick/SKILL.md +12 -0
- package/templates/skills/execute/SKILL.md +293 -0
- package/templates/skills/execute/phases/cabinet.md +49 -0
- package/templates/skills/execute/phases/commit-and-deploy.md +66 -0
- package/templates/skills/execute/phases/load-plan.md +49 -0
- package/templates/skills/execute/phases/validators.md +50 -0
- package/templates/skills/execute/phases/verification-tools.md +67 -0
- package/templates/skills/extract/SKILL.md +168 -0
- package/templates/skills/investigate/SKILL.md +160 -0
- package/templates/skills/link/SKILL.md +52 -0
- package/templates/skills/menu/SKILL.md +61 -0
- package/templates/skills/onboard/SKILL.md +356 -0
- package/templates/skills/onboard/phases/detect-state.md +79 -0
- package/templates/skills/onboard/phases/generate-briefing.md +127 -0
- package/templates/skills/onboard/phases/generate-session-loop.md +87 -0
- package/templates/skills/onboard/phases/interview.md +233 -0
- package/templates/skills/onboard/phases/modularity-menu.md +162 -0
- package/templates/skills/onboard/phases/options.md +98 -0
- package/templates/skills/onboard/phases/post-onboard-audit.md +121 -0
- package/templates/skills/onboard/phases/summary.md +122 -0
- package/templates/skills/onboard/phases/work-tracking.md +231 -0
- package/templates/skills/orient/SKILL.md +251 -0
- package/templates/skills/orient/phases/auto-maintenance.md +48 -0
- package/templates/skills/orient/phases/briefing.md +53 -0
- package/templates/skills/orient/phases/cabinet.md +46 -0
- package/templates/skills/orient/phases/context.md +63 -0
- package/templates/skills/orient/phases/data-sync.md +35 -0
- package/templates/skills/orient/phases/health-checks.md +50 -0
- package/templates/skills/orient/phases/work-scan.md +69 -0
- package/templates/skills/orient-quick/SKILL.md +12 -0
- package/templates/skills/plan/SKILL.md +358 -0
- package/templates/skills/plan/phases/cabinet-critique.md +47 -0
- package/templates/skills/plan/phases/calibration-examples.md +75 -0
- package/templates/skills/plan/phases/completeness-check.md +44 -0
- package/templates/skills/plan/phases/composition-check.md +36 -0
- package/templates/skills/plan/phases/overlap-check.md +62 -0
- package/templates/skills/plan/phases/plan-template.md +69 -0
- package/templates/skills/plan/phases/present.md +60 -0
- package/templates/skills/plan/phases/research.md +43 -0
- package/templates/skills/plan/phases/work-tracker.md +95 -0
- package/templates/skills/publish/SKILL.md +74 -0
- package/templates/skills/pulse/SKILL.md +242 -0
- package/templates/skills/pulse/phases/auto-fix-scope.md +40 -0
- package/templates/skills/pulse/phases/checks.md +58 -0
- package/templates/skills/pulse/phases/output.md +54 -0
- package/templates/skills/seed/SKILL.md +257 -0
- package/templates/skills/seed/phases/build-member.md +93 -0
- package/templates/skills/seed/phases/evaluate-existing.md +61 -0
- package/templates/skills/seed/phases/maintain.md +92 -0
- package/templates/skills/seed/phases/scan-signals.md +86 -0
- package/templates/skills/triage-audit/SKILL.md +251 -0
- package/templates/skills/triage-audit/phases/apply-verdicts.md +90 -0
- package/templates/skills/triage-audit/phases/load-findings.md +38 -0
- package/templates/skills/triage-audit/phases/triage-ui.md +66 -0
- package/templates/skills/unlink/SKILL.md +35 -0
- package/templates/skills/validate/SKILL.md +116 -0
- package/templates/skills/validate/phases/validators.md +53 -0
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
# Build Cabinet Member — Collaborative Expertise Construction
|
|
2
|
+
|
|
3
|
+
For each new technology without a matching cabinet member, run a collaborative
|
|
4
|
+
conversation with the user to build project-specific expertise. The /seed
|
|
5
|
+
skill reads this file when there are gaps to fill.
|
|
6
|
+
|
|
7
|
+
When this file is absent or empty, the default behavior is: co-author
|
|
8
|
+
a cabinet member through structured conversation following the template
|
|
9
|
+
below. To explicitly skip building, write only `skip: true`.
|
|
10
|
+
|
|
11
|
+
## What to Include
|
|
12
|
+
|
|
13
|
+
Define your building strategy:
|
|
14
|
+
- **Research steps** — how to gather information about the technology
|
|
15
|
+
before asking the user
|
|
16
|
+
- **Conversation structure** — what questions to ask, in what order
|
|
17
|
+
- **Output format** — where to create the cabinet member file, what template
|
|
18
|
+
to follow
|
|
19
|
+
- **Wiring** — how to register the cabinet member in committees and make it
|
|
20
|
+
discoverable
|
|
21
|
+
|
|
22
|
+
## Default Build Process
|
|
23
|
+
|
|
24
|
+
For each gap the user wants to fill:
|
|
25
|
+
|
|
26
|
+
### Step 1: Research
|
|
27
|
+
|
|
28
|
+
Before asking the user anything, gather what you can:
|
|
29
|
+
- Read the technology's documentation (use available MCP tools, web search)
|
|
30
|
+
- Check how it's configured in this specific project (read config files,
|
|
31
|
+
look at usage patterns in the codebase)
|
|
32
|
+
- Identify common pitfalls and best practices for the technology
|
|
33
|
+
- Note what version is in use and any version-specific concerns
|
|
34
|
+
|
|
35
|
+
This research gives you informed questions to ask rather than generic ones.
|
|
36
|
+
|
|
37
|
+
### Step 2: Collaborative Conversation
|
|
38
|
+
|
|
39
|
+
Walk through these areas with the user:
|
|
40
|
+
|
|
41
|
+
**Identity.** "Who is this expert? What do they care about most?"
|
|
42
|
+
- Draft a one-paragraph identity statement based on your research
|
|
43
|
+
- Ask the user what's missing or wrong about it
|
|
44
|
+
- Refine until it captures the right concerns for this project
|
|
45
|
+
|
|
46
|
+
**Research Method.** "What should this cabinet member examine?"
|
|
47
|
+
- Propose a scan scope based on where the technology's files live
|
|
48
|
+
- Propose specific things to check (patterns, anti-patterns, config)
|
|
49
|
+
- Ask: "What has bitten you before with this technology?"
|
|
50
|
+
- Ask: "What do you worry about that you don't currently check?"
|
|
51
|
+
|
|
52
|
+
**Boundaries.** "What does this cabinet member NOT own?"
|
|
53
|
+
- Propose portfolio boundaries to prevent overlap with existing cabinet members
|
|
54
|
+
- Ask: "Is there anything here that another cabinet member already covers?"
|
|
55
|
+
|
|
56
|
+
**Calibration.** "What does a good finding look like?"
|
|
57
|
+
- Draft 2-3 example findings at different severities
|
|
58
|
+
- Ask the user to adjust the severity anchoring to their project's
|
|
59
|
+
actual risk profile
|
|
60
|
+
|
|
61
|
+
### Step 3: Create the Cabinet Member
|
|
62
|
+
|
|
63
|
+
Write the cabinet member's `SKILL.md` following `_lifecycle.md` guidance:
|
|
64
|
+
- Place in `.claude/skills/cabinet-{name}/SKILL.md`
|
|
65
|
+
- Include all sections: Identity, Convening Criteria, Research Method,
|
|
66
|
+
Boundaries, Calibration Examples
|
|
67
|
+
- Set `user-invocable: false` in frontmatter (cabinet members are invoked
|
|
68
|
+
by the audit system, not directly)
|
|
69
|
+
|
|
70
|
+
### Step 4: Wire It Up
|
|
71
|
+
|
|
72
|
+
- Add to `committees.yaml` under the appropriate committee (unless it's
|
|
73
|
+
cross-portfolio, in which case it activates via `standing-mandate` signals)
|
|
74
|
+
- Verify the cabinet member is discoverable by the audit skill
|
|
75
|
+
|
|
76
|
+
### Emphasis
|
|
77
|
+
|
|
78
|
+
This is co-authoring, not auto-generating. A generic cabinet member based
|
|
79
|
+
solely on technology documentation catches generic issues. A cabinet member
|
|
80
|
+
built with user input — their specific risks, their past incidents,
|
|
81
|
+
their project's actual patterns — catches what actually matters.
|
|
82
|
+
|
|
83
|
+
The user's time in this conversation is an investment. It pays off in
|
|
84
|
+
every subsequent audit cycle when the cabinet member catches something
|
|
85
|
+
specific to their project that a generic check would miss.
|
|
86
|
+
|
|
87
|
+
## Overriding This Phase
|
|
88
|
+
|
|
89
|
+
Projects override this file when they have a different conversation
|
|
90
|
+
structure, additional template requirements, or non-standard cabinet member
|
|
91
|
+
registration. For example, a project that requires cost-benefit analysis
|
|
92
|
+
before adopting a cabinet member, or one that requires approval from
|
|
93
|
+
multiple stakeholders.
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# Evaluate Existing — Compare Signals Against Cabinet
|
|
2
|
+
|
|
3
|
+
For each technology signal detected in the scan phase, check whether a
|
|
4
|
+
matching cabinet member already exists and whether it is current. The /seed
|
|
5
|
+
skill reads this file after scanning to determine what needs building
|
|
6
|
+
versus what needs updating.
|
|
7
|
+
|
|
8
|
+
When this file is absent or empty, the default behavior is: compare
|
|
9
|
+
each detected signal against `.claude/skills/cabinet-*/` and report
|
|
10
|
+
gaps and staleness. To explicitly skip evaluation, write only `skip: true`.
|
|
11
|
+
|
|
12
|
+
## What to Include
|
|
13
|
+
|
|
14
|
+
Define your evaluation strategy:
|
|
15
|
+
- **How to match** — what counts as a cabinet member "covering" a technology
|
|
16
|
+
(name match, scan scope overlap, domain description)
|
|
17
|
+
- **What "stale" means** — how to detect that a cabinet member exists but
|
|
18
|
+
hasn't kept up with the technology
|
|
19
|
+
- **What to present** — how to show the user the gap/staleness analysis
|
|
20
|
+
|
|
21
|
+
## Default Evaluation
|
|
22
|
+
|
|
23
|
+
For each detected technology signal:
|
|
24
|
+
|
|
25
|
+
1. **Search for matching cabinet member.** Check each cabinet member's SKILL.md
|
|
26
|
+
in `.claude/skills/cabinet-*/` for:
|
|
27
|
+
- Name or description mentioning the technology
|
|
28
|
+
- Scan scope covering directories where the technology's files live
|
|
29
|
+
- Domain coverage that would include the technology's concerns
|
|
30
|
+
|
|
31
|
+
2. **Assess coverage quality.** If a match exists:
|
|
32
|
+
- Does the cabinet member's scan scope include the right directories?
|
|
33
|
+
(e.g., a data-integrity cabinet member should cover wherever the DB
|
|
34
|
+
files and migration scripts live)
|
|
35
|
+
- Does the cabinet member reference the current technology version or
|
|
36
|
+
configuration? (e.g., if the project moved from CommonJS to ESM,
|
|
37
|
+
does the boundary-man cabinet member know?)
|
|
38
|
+
- Has the cabinet member produced findings in recent audits? (A
|
|
39
|
+
cabinet member that never fires may have a stale scope)
|
|
40
|
+
|
|
41
|
+
3. **Classify each signal:**
|
|
42
|
+
- **Covered** — matching cabinet member exists and is current
|
|
43
|
+
- **Gap** — no matching cabinet member covers this technology
|
|
44
|
+
- **Stale** — cabinet member exists but scope, version, or domain
|
|
45
|
+
description is outdated
|
|
46
|
+
- **Absorbed** — no dedicated cabinet member, but an existing broader
|
|
47
|
+
cabinet member covers the concern adequately
|
|
48
|
+
|
|
49
|
+
4. **Present the analysis** to the user as a table:
|
|
50
|
+
| Technology | Status | Cabinet Member | Notes |
|
|
51
|
+
|------------|--------|-------------|-------|
|
|
52
|
+
Show all four categories. Let the user decide which gaps to fill
|
|
53
|
+
and which staleness to address. Not every gap needs a cabinet member.
|
|
54
|
+
|
|
55
|
+
## Overriding This Phase
|
|
56
|
+
|
|
57
|
+
Projects override this file when they have non-standard cabinet member
|
|
58
|
+
storage, custom matching logic, or additional assessment criteria.
|
|
59
|
+
For example, a project that stores cabinet members in a different location,
|
|
60
|
+
or one that tracks cabinet member health metrics in a database rather
|
|
61
|
+
than relying on file-level inspection.
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
# Maintain — Cabinet Health Review
|
|
2
|
+
|
|
3
|
+
Review existing cabinet members for health: retirement candidates, update
|
|
4
|
+
needs, and coverage gaps. The /seed skill reads this file after building
|
|
5
|
+
new cabinet members (or when no new cabinet members are needed).
|
|
6
|
+
|
|
7
|
+
When this file is absent or empty, the default behavior is: review the
|
|
8
|
+
full cabinet using the criteria below. To explicitly skip
|
|
9
|
+
maintenance, write only `skip: true`.
|
|
10
|
+
|
|
11
|
+
## What to Include
|
|
12
|
+
|
|
13
|
+
Define your maintenance strategy:
|
|
14
|
+
- **Retirement criteria** — what signals that a cabinet member should be removed
|
|
15
|
+
- **Update criteria** — what signals that a cabinet member needs revision
|
|
16
|
+
- **Coverage analysis** — how to detect areas of the codebase that no
|
|
17
|
+
cabinet member watches
|
|
18
|
+
- **Presentation** — how to show recommendations to the user
|
|
19
|
+
|
|
20
|
+
## Default Maintenance Review
|
|
21
|
+
|
|
22
|
+
### Retirement Candidates
|
|
23
|
+
|
|
24
|
+
Check each cabinet member for retirement signals:
|
|
25
|
+
|
|
26
|
+
- **Technology removed.** The dependency, config file, or infrastructure
|
|
27
|
+
that the cabinet member watches is gone from the project. A cabinet member
|
|
28
|
+
for a framework you no longer use is dead weight.
|
|
29
|
+
|
|
30
|
+
- **High rejection rate.** If more than half of a cabinet member's audit
|
|
31
|
+
findings are rejected at triage, it's miscalibrated. Either refine it
|
|
32
|
+
(adjust scope, update calibration examples) or retire it if the domain
|
|
33
|
+
isn't worth the maintenance.
|
|
34
|
+
|
|
35
|
+
- **Stale scan scope.** The directories or files the cabinet member checks
|
|
36
|
+
no longer exist. The cabinet member runs but examines nothing.
|
|
37
|
+
|
|
38
|
+
- **Absorbed by another.** A broader cabinet member was created that covers
|
|
39
|
+
the same concerns. The narrow one is now redundant.
|
|
40
|
+
|
|
41
|
+
Apply `_lifecycle.md` criteria for formal assessment. Recommend
|
|
42
|
+
retirements as readily as adoptions — a lean cabinet is healthier than
|
|
43
|
+
a comprehensive one with dead weight.
|
|
44
|
+
|
|
45
|
+
### Update Candidates
|
|
46
|
+
|
|
47
|
+
Check each cabinet member for update signals:
|
|
48
|
+
|
|
49
|
+
- **Version drift.** The technology version changed significantly
|
|
50
|
+
(major version bump, breaking changes). The cabinet member's calibration
|
|
51
|
+
examples and research method may reference outdated patterns.
|
|
52
|
+
|
|
53
|
+
- **Scope expansion needed.** New directories were added that fall under
|
|
54
|
+
the cabinet member's domain but aren't in its scan scope. For example,
|
|
55
|
+
a security cabinet member that scans `routes/` but the project added an
|
|
56
|
+
`api/` directory with new endpoints.
|
|
57
|
+
|
|
58
|
+
- **New features.** The technology added capabilities that the project
|
|
59
|
+
now uses but the cabinet member doesn't check. For example, SQLite added
|
|
60
|
+
JSON functions that the project started using — the data-integrity
|
|
61
|
+
cabinet member should know about JSON type coercion.
|
|
62
|
+
|
|
63
|
+
### Coverage Gaps
|
|
64
|
+
|
|
65
|
+
Scan the codebase for areas no cabinet member watches:
|
|
66
|
+
|
|
67
|
+
- Directories with significant logic that aren't in any cabinet member's
|
|
68
|
+
scan scope
|
|
69
|
+
- File types that have grown in number but lack a corresponding
|
|
70
|
+
cabinet member (e.g., many migration files but no migration-safety
|
|
71
|
+
cabinet member)
|
|
72
|
+
- Patterns that recur across the codebase that no cabinet member checks
|
|
73
|
+
(e.g., error handling patterns, logging patterns)
|
|
74
|
+
|
|
75
|
+
### Presentation
|
|
76
|
+
|
|
77
|
+
Present maintenance recommendations as three lists:
|
|
78
|
+
|
|
79
|
+
1. **Retire** — cabinet members to remove, with reasoning
|
|
80
|
+
2. **Update** — cabinet members to revise, with specific changes needed
|
|
81
|
+
3. **Gap** — uncovered areas that might warrant new cabinet members
|
|
82
|
+
|
|
83
|
+
The user decides on each recommendation. Retirement is not failure —
|
|
84
|
+
it's the system staying lean.
|
|
85
|
+
|
|
86
|
+
## Overriding This Phase
|
|
87
|
+
|
|
88
|
+
Projects override this file when they have additional maintenance
|
|
89
|
+
criteria (e.g., cost tracking for cabinet members, team assignment
|
|
90
|
+
reviews), different retirement thresholds, or non-standard health
|
|
91
|
+
metrics. For example, a project that tracks cabinet member ROI based on
|
|
92
|
+
bugs caught per audit cycle.
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
# Scan Signals — Where to Look for Technology Adoption
|
|
2
|
+
|
|
3
|
+
Define what files and patterns to scan for technology signals, and what
|
|
4
|
+
expertise each signal implies. The /seed skill reads this file first to
|
|
5
|
+
build a picture of the project's technology landscape.
|
|
6
|
+
|
|
7
|
+
When this file is absent or empty, the default behavior is: scan standard
|
|
8
|
+
locations using the default signal-to-expertise mappings below. To
|
|
9
|
+
explicitly skip signal scanning, write only `skip: true`.
|
|
10
|
+
|
|
11
|
+
## What to Include
|
|
12
|
+
|
|
13
|
+
For each signal source, provide:
|
|
14
|
+
- **Where** — the file or glob pattern to check
|
|
15
|
+
- **What** — what to extract (dependency names, config keys, file presence)
|
|
16
|
+
- **Maps to** — what expertise the signal implies
|
|
17
|
+
|
|
18
|
+
## Default Signal Sources
|
|
19
|
+
|
|
20
|
+
### Package Manifests
|
|
21
|
+
- `package.json` — `dependencies` and `devDependencies` keys
|
|
22
|
+
- `requirements.txt` / `pyproject.toml` — Python dependencies
|
|
23
|
+
- `Cargo.toml` — Rust dependencies
|
|
24
|
+
- `go.mod` — Go modules
|
|
25
|
+
- `Gemfile` — Ruby dependencies
|
|
26
|
+
|
|
27
|
+
### Configuration Files
|
|
28
|
+
- `.eslintrc*`, `eslint.config.*` — linting configuration
|
|
29
|
+
- `tailwind.config.*` — utility CSS framework
|
|
30
|
+
- `tsconfig.json` — TypeScript
|
|
31
|
+
- `docker-compose.yml` — container orchestration
|
|
32
|
+
- `.prettierrc*` — code formatting
|
|
33
|
+
- `webpack.config.*`, `vite.config.*` — build tooling
|
|
34
|
+
- `jest.config.*`, `vitest.config.*` — test configuration
|
|
35
|
+
|
|
36
|
+
### Infrastructure
|
|
37
|
+
- `Dockerfile` — containerization
|
|
38
|
+
- `.github/workflows/` — CI/CD via GitHub Actions
|
|
39
|
+
- `railway.json` / `railway.toml` — Railway deployment
|
|
40
|
+
- `vercel.json` — Vercel deployment
|
|
41
|
+
- `fly.toml` — Fly.io deployment
|
|
42
|
+
- `netlify.toml` — Netlify deployment
|
|
43
|
+
|
|
44
|
+
### Database
|
|
45
|
+
- `*.db` files — SQLite databases
|
|
46
|
+
- `migrations/` directory — schema migration system
|
|
47
|
+
- `prisma/` directory — Prisma ORM
|
|
48
|
+
- `drizzle.config.*` — Drizzle ORM
|
|
49
|
+
- `knexfile.*` — Knex query builder
|
|
50
|
+
|
|
51
|
+
## Default Signal-to-Expertise Mappings
|
|
52
|
+
|
|
53
|
+
| Signal | Suggested Cabinet Member |
|
|
54
|
+
|--------|----------------------|
|
|
55
|
+
| React / Vue / Svelte in deps | usability, accessibility, small-screen |
|
|
56
|
+
| UI framework (Mantine, MUI, Chakra, etc.) | usability, framework-quality (project-specific) |
|
|
57
|
+
| SQLite / PostgreSQL / MySQL | data-integrity |
|
|
58
|
+
| Docker / Railway / Fly.io / Vercel | architecture, security |
|
|
59
|
+
| Express / Fastify / Hono | security, speed-freak |
|
|
60
|
+
| Test framework (jest, vitest, mocha) | qa |
|
|
61
|
+
| TypeScript | boundary-man |
|
|
62
|
+
| CI/CD configs (.github/workflows, etc.) | workflow-cop |
|
|
63
|
+
| Complex architecture (3+ services, monorepo) | architecture |
|
|
64
|
+
| Long-running project (6+ months of git history) | historian |
|
|
65
|
+
| Many skills (5+ in .claude/skills/) | roster-check |
|
|
66
|
+
| Features shipping regularly | system-advocate |
|
|
67
|
+
|
|
68
|
+
These mappings are starting points, not prescriptions. A project may
|
|
69
|
+
already cover a signal through an existing broader cabinet member (e.g.,
|
|
70
|
+
a "code-quality" cabinet member that subsumes boundary-man). The
|
|
71
|
+
evaluate-existing phase handles that deduplication.
|
|
72
|
+
|
|
73
|
+
## Overriding This Phase
|
|
74
|
+
|
|
75
|
+
Projects override this file to add domain-specific signals. Examples:
|
|
76
|
+
|
|
77
|
+
- A healthcare project adds: HIPAA-related libraries map to a
|
|
78
|
+
compliance cabinet member
|
|
79
|
+
- A financial project adds: payment processing libraries (Stripe,
|
|
80
|
+
Square) map to a financial-integrity cabinet member
|
|
81
|
+
- A data pipeline project adds: ETL tools (dbt, Airflow) map to a
|
|
82
|
+
data-quality cabinet member
|
|
83
|
+
|
|
84
|
+
Keep the default mappings and add project-specific ones below them.
|
|
85
|
+
The more signals the scan detects, the better the gap analysis in the
|
|
86
|
+
evaluate-existing phase.
|
|
@@ -0,0 +1,251 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: triage-audit
|
|
3
|
+
description: |
|
|
4
|
+
Audit finding triage. Loads findings, prepares commentary, presents for
|
|
5
|
+
human judgment via local web UI or CLI, then applies verdicts — updating
|
|
6
|
+
triage status, attempting auto-fixes, and creating actions for approved
|
|
7
|
+
findings. The loop-closer: without triage, audit findings accumulate and
|
|
8
|
+
are never acted on. Use when: "triage", "/triage-audit", after an audit
|
|
9
|
+
run, or when untriaged findings exist.
|
|
10
|
+
related:
|
|
11
|
+
- type: file
|
|
12
|
+
path: .claude/skills/triage-audit/phases/load-findings.md
|
|
13
|
+
role: "Project-specific: where to load findings from"
|
|
14
|
+
- type: file
|
|
15
|
+
path: .claude/skills/triage-audit/phases/triage-ui.md
|
|
16
|
+
role: "Project-specific: how to present findings for triage"
|
|
17
|
+
- type: file
|
|
18
|
+
path: .claude/skills/triage-audit/phases/apply-verdicts.md
|
|
19
|
+
role: "Project-specific: how to act on triage decisions"
|
|
20
|
+
- type: file
|
|
21
|
+
path: scripts/triage-server.mjs
|
|
22
|
+
role: "Local HTTP server for triage UI"
|
|
23
|
+
- type: file
|
|
24
|
+
path: scripts/triage-ui.html
|
|
25
|
+
role: "Browser-based triage interface"
|
|
26
|
+
- type: file
|
|
27
|
+
path: scripts/pib-db.js
|
|
28
|
+
role: "Reference data layer for finding persistence"
|
|
29
|
+
- type: file
|
|
30
|
+
path: cabinet/_briefing.md
|
|
31
|
+
role: "Project identity and configuration"
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
# /triage-audit — Audit Finding Triage
|
|
35
|
+
|
|
36
|
+
## Purpose
|
|
37
|
+
|
|
38
|
+
Close the audit loop. The audit generates findings; triage presents them
|
|
39
|
+
for human judgment. Without triage, findings accumulate in JSON files
|
|
40
|
+
and are never acted on — or worse, the same findings regenerate every
|
|
41
|
+
audit run because they were never explicitly dismissed.
|
|
42
|
+
|
|
43
|
+
Triage is where human judgment enters the system. Claude can observe
|
|
44
|
+
patterns and flag concerns, but only the user knows which concerns
|
|
45
|
+
matter for this project at this time. A finding that looks critical in
|
|
46
|
+
isolation might be irrelevant given the project's priorities. A finding
|
|
47
|
+
that looks minor might be the canary for a deeper issue the user
|
|
48
|
+
recognizes. Triage captures that judgment.
|
|
49
|
+
|
|
50
|
+
This is a **skeleton skill** using the `phases/` directory pattern. The
|
|
51
|
+
orchestration is generic. Your project defines the specifics — where to
|
|
52
|
+
load findings, how to present them, how to apply verdicts — in phase
|
|
53
|
+
files under `phases/`.
|
|
54
|
+
|
|
55
|
+
### Phase File Protocol
|
|
56
|
+
|
|
57
|
+
Phase files have three states:
|
|
58
|
+
|
|
59
|
+
| State | Meaning |
|
|
60
|
+
|-------|---------|
|
|
61
|
+
| Absent or empty | Use this skeleton's **default behavior** for the phase |
|
|
62
|
+
| Contains only `skip: true` | **Explicitly opted out** — skip this phase entirely |
|
|
63
|
+
| Contains content | **Custom behavior** — use the file's content instead |
|
|
64
|
+
|
|
65
|
+
## Identity
|
|
66
|
+
|
|
67
|
+
You are the facilitator. You don't make triage decisions — you prepare
|
|
68
|
+
the context so the user can make good ones quickly. For each finding,
|
|
69
|
+
you add commentary: what you think about it, what the fix might involve,
|
|
70
|
+
how it relates to other findings or to work already in progress. Your
|
|
71
|
+
commentary is a suggestion. The user's verdict is the decision.
|
|
72
|
+
|
|
73
|
+
Your job is to minimize triage friction. Every finding should be
|
|
74
|
+
presented with enough context that the user can decide in seconds, not
|
|
75
|
+
minutes. Group related findings. Highlight the ones that matter most.
|
|
76
|
+
Make the verdict buttons (Fix / Defer / Reject) the easiest thing to
|
|
77
|
+
click.
|
|
78
|
+
|
|
79
|
+
## Verdicts
|
|
80
|
+
|
|
81
|
+
Three verdicts, plus a question escape hatch:
|
|
82
|
+
|
|
83
|
+
| Verdict | Meaning | Effect |
|
|
84
|
+
|---------|---------|--------|
|
|
85
|
+
| **Fix** | This finding is real and should be addressed | Creates an action or triggers auto-fix |
|
|
86
|
+
| **Defer** | Real but not now — revisit later | Suppressed in future audits until explicitly resurfaced |
|
|
87
|
+
| **Reject** | Not a real problem for this project | Permanently suppressed in future audits |
|
|
88
|
+
| **?** (Question) | Need more information before deciding | Finding stays open, question is recorded |
|
|
89
|
+
|
|
90
|
+
**Fix** doesn't mean "fix right now." It means "this is approved for
|
|
91
|
+
action." The action goes into the work tracker; when it gets done is a
|
|
92
|
+
scheduling decision.
|
|
93
|
+
|
|
94
|
+
**Defer** needs a reason. "Not now" is acceptable if the user has a
|
|
95
|
+
clear sense of when. "Maybe someday" is a reject in disguise — push
|
|
96
|
+
back gently.
|
|
97
|
+
|
|
98
|
+
**Reject** means "this is noise for our project." A high rejection rate
|
|
99
|
+
for a cabinet member is signal that the cabinet member's calibration is off.
|
|
100
|
+
|
|
101
|
+
## Workflow
|
|
102
|
+
|
|
103
|
+
### 1. Load Findings (core)
|
|
104
|
+
|
|
105
|
+
Read `phases/load-findings.md` for where to get the findings to triage.
|
|
106
|
+
|
|
107
|
+
**Default (absent/empty):** Query the reference data layer (pib-db) for
|
|
108
|
+
findings with `triage_status = 'open'`. If pib-db is not initialized or
|
|
109
|
+
has no findings, fall back to reading the most recent
|
|
110
|
+
`reviews/*/run-summary.json` file.
|
|
111
|
+
|
|
112
|
+
Present a summary before triage: how many findings, breakdown by
|
|
113
|
+
severity and cabinet member, how many are new vs previously seen.
|
|
114
|
+
|
|
115
|
+
### 2. Present for Triage (core)
|
|
116
|
+
|
|
117
|
+
Read `phases/triage-ui.md` for how to present findings for human judgment.
|
|
118
|
+
|
|
119
|
+
**Default (absent/empty):**
|
|
120
|
+
1. Prepare commentary for each finding — your assessment of importance,
|
|
121
|
+
suggested approach, relationship to other findings or open work
|
|
122
|
+
2. Start the local triage server: `node scripts/triage-server.mjs`
|
|
123
|
+
3. POST findings with commentary to the server's API
|
|
124
|
+
4. Tell the user to open the triage UI in their browser
|
|
125
|
+
5. Wait for the user to complete triage (verdicts come back via the
|
|
126
|
+
server's API)
|
|
127
|
+
|
|
128
|
+
**IMPORTANT:** Never summarize away findings. Every finding must be
|
|
129
|
+
visible in the triage UI with its full context — title, description,
|
|
130
|
+
assumption, evidence, question, and your commentary. The user needs to
|
|
131
|
+
see everything to make good decisions.
|
|
132
|
+
|
|
133
|
+
**Fallback (no browser available):** Present findings in the conversation
|
|
134
|
+
grouped by cabinet member, severity-ordered within each group. Ask for
|
|
135
|
+
verdicts one group at a time to avoid overwhelming.
|
|
136
|
+
|
|
137
|
+
### 3. Apply Verdicts (core)
|
|
138
|
+
|
|
139
|
+
Read `phases/apply-verdicts.md` for how to act on the user's triage
|
|
140
|
+
decisions.
|
|
141
|
+
|
|
142
|
+
**Default (absent/empty):** For each verdict:
|
|
143
|
+
|
|
144
|
+
**Fix verdicts:**
|
|
145
|
+
1. Update finding's triage_status to 'approved' in pib-db
|
|
146
|
+
2. If the finding is marked `autoFixable: true`, attempt the fix
|
|
147
|
+
immediately. Verify the fix works before marking it done.
|
|
148
|
+
3. If not auto-fixable, create an action in pib-db with:
|
|
149
|
+
- Text: the finding title
|
|
150
|
+
- Notes: finding description, evidence, suggested fix
|
|
151
|
+
- Area: derived from cabinet member or finding metadata
|
|
152
|
+
|
|
153
|
+
**Defer verdicts:**
|
|
154
|
+
1. Update finding's triage_status to 'deferred' in pib-db
|
|
155
|
+
2. Record the user's reason in triage_notes
|
|
156
|
+
3. The finding will be suppressed in future audit runs
|
|
157
|
+
|
|
158
|
+
**Reject verdicts:**
|
|
159
|
+
1. Update finding's triage_status to 'rejected' in pib-db
|
|
160
|
+
2. Record the user's reason in triage_notes
|
|
161
|
+
3. The finding will be permanently suppressed in future audit runs
|
|
162
|
+
|
|
163
|
+
**Question verdicts:**
|
|
164
|
+
1. Finding stays open (triage_status remains 'open')
|
|
165
|
+
2. Record the question in triage_notes
|
|
166
|
+
3. The finding will appear again in the next triage
|
|
167
|
+
|
|
168
|
+
If pib-db is not initialized, write verdicts to
|
|
169
|
+
`reviews/<run-dir>/triage.json` as a fallback. The next audit's
|
|
170
|
+
`load-triage-history.js` will find them there.
|
|
171
|
+
|
|
172
|
+
After applying all verdicts, present a summary: how many fixed
|
|
173
|
+
(auto-fixed vs action created), deferred, rejected, questioned.
|
|
174
|
+
|
|
175
|
+
### 4. Discover Custom Phases
|
|
176
|
+
|
|
177
|
+
After running the core phases above, check for any additional phase
|
|
178
|
+
files in `phases/` that the skeleton doesn't define. Execute them at
|
|
179
|
+
their declared position.
|
|
180
|
+
|
|
181
|
+
## Phase Summary
|
|
182
|
+
|
|
183
|
+
| Phase | Absent = | What it customizes |
|
|
184
|
+
|-------|----------|-------------------|
|
|
185
|
+
| `load-findings.md` | Default: query pib-db, fall back to run-summary.json | Where findings come from |
|
|
186
|
+
| `triage-ui.md` | Default: local triage server + browser UI | How findings are presented |
|
|
187
|
+
| `apply-verdicts.md` | Default: update pib-db + auto-fix + create actions | How verdicts are applied |
|
|
188
|
+
|
|
189
|
+
## How Triage Connects to Other Skills
|
|
190
|
+
|
|
191
|
+
**Audit** generates findings; **triage** presents them for judgment and
|
|
192
|
+
applies the decisions. They form a closed loop: audit → triage → suppression
|
|
193
|
+
→ next audit skips triaged items.
|
|
194
|
+
|
|
195
|
+
**Fix verdicts create actions** that appear in orient's work scan and
|
|
196
|
+
debrief's close-work phase. The triage finding becomes a tracked work
|
|
197
|
+
item through the standard work lifecycle.
|
|
198
|
+
|
|
199
|
+
**Reject/defer verdicts feed back** into future audits via the triage
|
|
200
|
+
suppression list. Cabinet members learn what this project cares about by
|
|
201
|
+
seeing what gets rejected — persistent rejections from a cabinet member
|
|
202
|
+
signal calibration drift (see `cabinet/_lifecycle.md`).
|
|
203
|
+
|
|
204
|
+
**The enforcement pipeline** watches for recurring approved findings.
|
|
205
|
+
If the same type of finding keeps getting approved across multiple
|
|
206
|
+
audits, it's a candidate for promotion to a rule or hook — structural
|
|
207
|
+
prevention instead of repeated detection.
|
|
208
|
+
|
|
209
|
+
## Extending
|
|
210
|
+
|
|
211
|
+
To customize a phase: write content in the corresponding `phases/` file.
|
|
212
|
+
To skip a phase: write only `skip: true` in the file.
|
|
213
|
+
To add a phase: create a new file in `phases/`.
|
|
214
|
+
|
|
215
|
+
Examples of phases mature projects add:
|
|
216
|
+
- Batch auto-fix (attempt all auto-fixable findings before presenting
|
|
217
|
+
the rest for manual triage)
|
|
218
|
+
- Trend surfacing (show how this run compares to previous runs)
|
|
219
|
+
- Deferred resurfacing (periodically bring back deferred findings for
|
|
220
|
+
re-evaluation based on time or project changes)
|
|
221
|
+
- Team notification (alert team members about findings in their area)
|
|
222
|
+
|
|
223
|
+
## Calibration
|
|
224
|
+
|
|
225
|
+
**Core failure this targets:** Audit findings that are generated but
|
|
226
|
+
never acted on, creating a growing backlog of untriaged items that makes
|
|
227
|
+
the entire audit system feel useless.
|
|
228
|
+
|
|
229
|
+
### Without Skill (Bad)
|
|
230
|
+
|
|
231
|
+
An audit runs and produces 30 findings. They sit in a JSON file. The
|
|
232
|
+
next audit runs and produces 35 findings — including 25 of the same
|
|
233
|
+
ones. The user glances at the list, feels overwhelmed, and ignores it.
|
|
234
|
+
After three audit runs with no triage, the audit itself gets skipped
|
|
235
|
+
because "it just generates noise."
|
|
236
|
+
|
|
237
|
+
The system has a learning mechanism (audit) but no judgment mechanism
|
|
238
|
+
(triage). Without judgment, the learning is wasted.
|
|
239
|
+
|
|
240
|
+
### With Skill (Good)
|
|
241
|
+
|
|
242
|
+
An audit runs and produces 30 findings. Triage presents them in a
|
|
243
|
+
browser UI, grouped by cabinet member, with commentary on each. The user
|
|
244
|
+
works through them in 15 minutes: fixes 5 (2 auto-fixed, 3 become
|
|
245
|
+
actions), defers 8, rejects 17. The next audit produces 12 new
|
|
246
|
+
findings — the 17 rejected and 8 deferred are suppressed. The triage
|
|
247
|
+
queue stays manageable.
|
|
248
|
+
|
|
249
|
+
Over time, the system learns what matters to this project. Cabinet members
|
|
250
|
+
that consistently produce rejected findings get retired or recalibrated.
|
|
251
|
+
The audit becomes more precise with each cycle.
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
# Apply Verdicts — Acting on Triage Decisions
|
|
2
|
+
|
|
3
|
+
Define how triage verdicts are applied. The /triage-audit skill reads
|
|
4
|
+
this file after receiving the user's verdicts.
|
|
5
|
+
|
|
6
|
+
When this file is absent or empty, the default behavior is: update
|
|
7
|
+
pib-db triage status, attempt auto-fix for fixable findings, create
|
|
8
|
+
actions for approved non-fixable findings. Fallback: write verdicts
|
|
9
|
+
to `triage.json`. To explicitly skip, write only `skip: true`.
|
|
10
|
+
|
|
11
|
+
## What to Include
|
|
12
|
+
|
|
13
|
+
Define your verdict application strategy:
|
|
14
|
+
- **Persistence** — where triage decisions are stored
|
|
15
|
+
- **Fix workflow** — what happens when a finding is approved for fixing
|
|
16
|
+
- **Action creation** — how approved findings become tracked work items
|
|
17
|
+
- **Suppression** — how rejected/deferred findings are excluded from
|
|
18
|
+
future audits
|
|
19
|
+
|
|
20
|
+
## Default Behavior
|
|
21
|
+
|
|
22
|
+
### Fix Verdicts
|
|
23
|
+
1. Update `triage_status = 'approved'` in pib-db
|
|
24
|
+
2. If `autoFixable: true`:
|
|
25
|
+
- Attempt the fix based on the finding's `suggestedFix`
|
|
26
|
+
- Verify the fix (run relevant tests or checks)
|
|
27
|
+
- If successful, update `triage_status = 'fixed'`
|
|
28
|
+
- If failed, create an action instead
|
|
29
|
+
3. If not auto-fixable:
|
|
30
|
+
- Create an action via `node scripts/pib-db.js create-action`
|
|
31
|
+
- Include finding details in action notes
|
|
32
|
+
|
|
33
|
+
### Defer Verdicts
|
|
34
|
+
1. Update `triage_status = 'deferred'` in pib-db
|
|
35
|
+
2. Record reason in `triage_notes`
|
|
36
|
+
3. Finding suppressed in future audits via triage history
|
|
37
|
+
|
|
38
|
+
### Reject Verdicts
|
|
39
|
+
1. Update `triage_status = 'rejected'` in pib-db
|
|
40
|
+
2. Record reason in `triage_notes`
|
|
41
|
+
3. Finding permanently suppressed in future audits
|
|
42
|
+
|
|
43
|
+
### Question Verdicts
|
|
44
|
+
1. Finding stays `triage_status = 'open'`
|
|
45
|
+
2. Record question in `triage_notes`
|
|
46
|
+
3. Finding reappears in next triage
|
|
47
|
+
|
|
48
|
+
### Fallback (no pib-db)
|
|
49
|
+
Write verdicts to `reviews/<run-dir>/triage.json`:
|
|
50
|
+
```json
|
|
51
|
+
{
|
|
52
|
+
"verdicts": [
|
|
53
|
+
{
|
|
54
|
+
"id": "finding-id",
|
|
55
|
+
"cabinet_member": "...",
|
|
56
|
+
"title": "...",
|
|
57
|
+
"verdict": "fix|defer|reject",
|
|
58
|
+
"notes": "user's reason or question"
|
|
59
|
+
}
|
|
60
|
+
]
|
|
61
|
+
}
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
## Example Override
|
|
65
|
+
|
|
66
|
+
Uncomment and adapt for your project:
|
|
67
|
+
|
|
68
|
+
<!--
|
|
69
|
+
### External Work Tracker
|
|
70
|
+
Instead of creating actions in pib-db, create issues in your
|
|
71
|
+
project tracker:
|
|
72
|
+
```bash
|
|
73
|
+
gh issue create --title "Audit: ${finding.title}" \
|
|
74
|
+
--body "${finding.description}" \
|
|
75
|
+
--label "audit-finding"
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
### External Triage Storage
|
|
79
|
+
POST verdicts to an external API:
|
|
80
|
+
```bash
|
|
81
|
+
curl -X POST https://your-api.example.com/api/triage/verdicts \
|
|
82
|
+
-H "Content-Type: application/json" \
|
|
83
|
+
-H "Authorization: Bearer $API_TOKEN" \
|
|
84
|
+
-d @verdicts.json
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
### Custom Action Creation
|
|
88
|
+
Create actions with specific formatting, project assignment,
|
|
89
|
+
or area derivation logic based on your project's structure.
|
|
90
|
+
-->
|