create-claude-cabinet 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +196 -0
  3. package/bin/create-claude-cabinet.js +8 -0
  4. package/lib/cli.js +624 -0
  5. package/lib/copy.js +152 -0
  6. package/lib/db-setup.js +51 -0
  7. package/lib/metadata.js +42 -0
  8. package/lib/reset.js +193 -0
  9. package/lib/settings-merge.js +93 -0
  10. package/package.json +29 -0
  11. package/templates/EXTENSIONS.md +311 -0
  12. package/templates/README.md +485 -0
  13. package/templates/briefing/_briefing-api-template.md +21 -0
  14. package/templates/briefing/_briefing-architecture-template.md +16 -0
  15. package/templates/briefing/_briefing-cabinet-template.md +20 -0
  16. package/templates/briefing/_briefing-identity-template.md +18 -0
  17. package/templates/briefing/_briefing-scopes-template.md +39 -0
  18. package/templates/briefing/_briefing-template.md +148 -0
  19. package/templates/briefing/_briefing-work-tracking-template.md +18 -0
  20. package/templates/cabinet/committees-template.yaml +49 -0
  21. package/templates/cabinet/composition-patterns.md +240 -0
  22. package/templates/cabinet/eval-protocol.md +208 -0
  23. package/templates/cabinet/lifecycle.md +93 -0
  24. package/templates/cabinet/output-contract.md +148 -0
  25. package/templates/cabinet/prompt-guide.md +266 -0
  26. package/templates/hooks/cor-upstream-guard.sh +79 -0
  27. package/templates/hooks/git-guardrails.sh +67 -0
  28. package/templates/hooks/skill-telemetry.sh +66 -0
  29. package/templates/hooks/skill-tool-telemetry.sh +54 -0
  30. package/templates/hooks/stop-hook.md +56 -0
  31. package/templates/memory/patterns/_pattern-template.md +119 -0
  32. package/templates/memory/patterns/pattern-intelligence-first.md +41 -0
  33. package/templates/rules/enforcement-pipeline.md +151 -0
  34. package/templates/scripts/cor-drift-check.cjs +84 -0
  35. package/templates/scripts/finding-schema.json +94 -0
  36. package/templates/scripts/load-triage-history.js +151 -0
  37. package/templates/scripts/merge-findings.js +126 -0
  38. package/templates/scripts/pib-db-schema.sql +68 -0
  39. package/templates/scripts/pib-db.js +365 -0
  40. package/templates/scripts/triage-server.mjs +98 -0
  41. package/templates/scripts/triage-ui.html +536 -0
  42. package/templates/skills/audit/SKILL.md +273 -0
  43. package/templates/skills/audit/phases/finding-output.md +56 -0
  44. package/templates/skills/audit/phases/member-execution.md +83 -0
  45. package/templates/skills/audit/phases/member-selection.md +44 -0
  46. package/templates/skills/audit/phases/structural-checks.md +54 -0
  47. package/templates/skills/audit/phases/triage-history.md +45 -0
  48. package/templates/skills/cabinet-accessibility/SKILL.md +180 -0
  49. package/templates/skills/cabinet-anti-confirmation/SKILL.md +172 -0
  50. package/templates/skills/cabinet-architecture/SKILL.md +279 -0
  51. package/templates/skills/cabinet-boundary-man/SKILL.md +265 -0
  52. package/templates/skills/cabinet-cor-health/SKILL.md +342 -0
  53. package/templates/skills/cabinet-data-integrity/SKILL.md +157 -0
  54. package/templates/skills/cabinet-debugger/SKILL.md +221 -0
  55. package/templates/skills/cabinet-historian/SKILL.md +253 -0
  56. package/templates/skills/cabinet-organized-mind/SKILL.md +338 -0
  57. package/templates/skills/cabinet-process-therapist/SKILL.md +261 -0
  58. package/templates/skills/cabinet-qa/SKILL.md +205 -0
  59. package/templates/skills/cabinet-record-keeper/SKILL.md +168 -0
  60. package/templates/skills/cabinet-roster-check/SKILL.md +297 -0
  61. package/templates/skills/cabinet-security/SKILL.md +181 -0
  62. package/templates/skills/cabinet-small-screen/SKILL.md +154 -0
  63. package/templates/skills/cabinet-speed-freak/SKILL.md +169 -0
  64. package/templates/skills/cabinet-system-advocate/SKILL.md +194 -0
  65. package/templates/skills/cabinet-technical-debt/SKILL.md +115 -0
  66. package/templates/skills/cabinet-usability/SKILL.md +189 -0
  67. package/templates/skills/cabinet-workflow-cop/SKILL.md +238 -0
  68. package/templates/skills/cor-upgrade/SKILL.md +302 -0
  69. package/templates/skills/debrief/SKILL.md +409 -0
  70. package/templates/skills/debrief/phases/auto-maintenance.md +48 -0
  71. package/templates/skills/debrief/phases/close-work.md +88 -0
  72. package/templates/skills/debrief/phases/health-checks.md +54 -0
  73. package/templates/skills/debrief/phases/inventory.md +40 -0
  74. package/templates/skills/debrief/phases/loose-ends.md +52 -0
  75. package/templates/skills/debrief/phases/record-lessons.md +67 -0
  76. package/templates/skills/debrief/phases/report.md +59 -0
  77. package/templates/skills/debrief/phases/update-state.md +48 -0
  78. package/templates/skills/debrief/phases/upstream-feedback.md +129 -0
  79. package/templates/skills/debrief-quick/SKILL.md +12 -0
  80. package/templates/skills/execute/SKILL.md +293 -0
  81. package/templates/skills/execute/phases/cabinet.md +49 -0
  82. package/templates/skills/execute/phases/commit-and-deploy.md +66 -0
  83. package/templates/skills/execute/phases/load-plan.md +49 -0
  84. package/templates/skills/execute/phases/validators.md +50 -0
  85. package/templates/skills/execute/phases/verification-tools.md +67 -0
  86. package/templates/skills/extract/SKILL.md +168 -0
  87. package/templates/skills/investigate/SKILL.md +160 -0
  88. package/templates/skills/link/SKILL.md +52 -0
  89. package/templates/skills/menu/SKILL.md +61 -0
  90. package/templates/skills/onboard/SKILL.md +356 -0
  91. package/templates/skills/onboard/phases/detect-state.md +79 -0
  92. package/templates/skills/onboard/phases/generate-briefing.md +127 -0
  93. package/templates/skills/onboard/phases/generate-session-loop.md +87 -0
  94. package/templates/skills/onboard/phases/interview.md +233 -0
  95. package/templates/skills/onboard/phases/modularity-menu.md +162 -0
  96. package/templates/skills/onboard/phases/options.md +98 -0
  97. package/templates/skills/onboard/phases/post-onboard-audit.md +121 -0
  98. package/templates/skills/onboard/phases/summary.md +122 -0
  99. package/templates/skills/onboard/phases/work-tracking.md +231 -0
  100. package/templates/skills/orient/SKILL.md +251 -0
  101. package/templates/skills/orient/phases/auto-maintenance.md +48 -0
  102. package/templates/skills/orient/phases/briefing.md +53 -0
  103. package/templates/skills/orient/phases/cabinet.md +46 -0
  104. package/templates/skills/orient/phases/context.md +63 -0
  105. package/templates/skills/orient/phases/data-sync.md +35 -0
  106. package/templates/skills/orient/phases/health-checks.md +50 -0
  107. package/templates/skills/orient/phases/work-scan.md +69 -0
  108. package/templates/skills/orient-quick/SKILL.md +12 -0
  109. package/templates/skills/plan/SKILL.md +358 -0
  110. package/templates/skills/plan/phases/cabinet-critique.md +47 -0
  111. package/templates/skills/plan/phases/calibration-examples.md +75 -0
  112. package/templates/skills/plan/phases/completeness-check.md +44 -0
  113. package/templates/skills/plan/phases/composition-check.md +36 -0
  114. package/templates/skills/plan/phases/overlap-check.md +62 -0
  115. package/templates/skills/plan/phases/plan-template.md +69 -0
  116. package/templates/skills/plan/phases/present.md +60 -0
  117. package/templates/skills/plan/phases/research.md +43 -0
  118. package/templates/skills/plan/phases/work-tracker.md +95 -0
  119. package/templates/skills/publish/SKILL.md +74 -0
  120. package/templates/skills/pulse/SKILL.md +242 -0
  121. package/templates/skills/pulse/phases/auto-fix-scope.md +40 -0
  122. package/templates/skills/pulse/phases/checks.md +58 -0
  123. package/templates/skills/pulse/phases/output.md +54 -0
  124. package/templates/skills/seed/SKILL.md +257 -0
  125. package/templates/skills/seed/phases/build-member.md +93 -0
  126. package/templates/skills/seed/phases/evaluate-existing.md +61 -0
  127. package/templates/skills/seed/phases/maintain.md +92 -0
  128. package/templates/skills/seed/phases/scan-signals.md +86 -0
  129. package/templates/skills/triage-audit/SKILL.md +251 -0
  130. package/templates/skills/triage-audit/phases/apply-verdicts.md +90 -0
  131. package/templates/skills/triage-audit/phases/load-findings.md +38 -0
  132. package/templates/skills/triage-audit/phases/triage-ui.md +66 -0
  133. package/templates/skills/unlink/SKILL.md +35 -0
  134. package/templates/skills/validate/SKILL.md +116 -0
  135. package/templates/skills/validate/phases/validators.md +53 -0
@@ -0,0 +1,93 @@
1
+ # Build Cabinet Member — Collaborative Expertise Construction
2
+
3
+ For each new technology without a matching cabinet member, run a collaborative
4
+ conversation with the user to build project-specific expertise. The /seed
5
+ skill reads this file when there are gaps to fill.
6
+
7
+ When this file is absent or empty, the default behavior is: co-author
8
+ a cabinet member through structured conversation following the template
9
+ below. To explicitly skip building, write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ Define your building strategy:
14
+ - **Research steps** — how to gather information about the technology
15
+ before asking the user
16
+ - **Conversation structure** — what questions to ask, in what order
17
+ - **Output format** — where to create the cabinet member file, what template
18
+ to follow
19
+ - **Wiring** — how to register the cabinet member in committees and make it
20
+ discoverable
21
+
22
+ ## Default Build Process
23
+
24
+ For each gap the user wants to fill:
25
+
26
+ ### Step 1: Research
27
+
28
+ Before asking the user anything, gather what you can:
29
+ - Read the technology's documentation (use available MCP tools, web search)
30
+ - Check how it's configured in this specific project (read config files,
31
+ look at usage patterns in the codebase)
32
+ - Identify common pitfalls and best practices for the technology
33
+ - Note what version is in use and any version-specific concerns
34
+
35
+ This research gives you informed questions to ask rather than generic ones.
36
+
37
+ ### Step 2: Collaborative Conversation
38
+
39
+ Walk through these areas with the user:
40
+
41
+ **Identity.** "Who is this expert? What do they care about most?"
42
+ - Draft a one-paragraph identity statement based on your research
43
+ - Ask the user what's missing or wrong about it
44
+ - Refine until it captures the right concerns for this project
45
+
46
+ **Research Method.** "What should this cabinet member examine?"
47
+ - Propose a scan scope based on where the technology's files live
48
+ - Propose specific things to check (patterns, anti-patterns, config)
49
+ - Ask: "What has bitten you before with this technology?"
50
+ - Ask: "What do you worry about that you don't currently check?"
51
+
52
+ **Boundaries.** "What does this cabinet member NOT own?"
53
+ - Propose portfolio boundaries to prevent overlap with existing cabinet members
54
+ - Ask: "Is there anything here that another cabinet member already covers?"
55
+
56
+ **Calibration.** "What does a good finding look like?"
57
+ - Draft 2-3 example findings at different severities
58
+ - Ask the user to adjust the severity anchoring to their project's
59
+ actual risk profile
60
+
61
+ ### Step 3: Create the Cabinet Member
62
+
63
+ Write the cabinet member's `SKILL.md` following `_lifecycle.md` guidance:
64
+ - Place in `.claude/skills/cabinet-{name}/SKILL.md`
65
+ - Include all sections: Identity, Convening Criteria, Research Method,
66
+ Boundaries, Calibration Examples
67
+ - Set `user-invocable: false` in frontmatter (cabinet members are invoked
68
+ by the audit system, not directly)
69
+
70
+ ### Step 4: Wire It Up
71
+
72
+ - Add to `committees.yaml` under the appropriate committee (unless it's
73
+ cross-portfolio, in which case it activates via `standing-mandate` signals)
74
+ - Verify the cabinet member is discoverable by the audit skill
75
+
76
+ ### Emphasis
77
+
78
+ This is co-authoring, not auto-generating. A generic cabinet member based
79
+ solely on technology documentation catches generic issues. A cabinet member
80
+ built with user input — their specific risks, their past incidents,
81
+ their project's actual patterns — catches what actually matters.
82
+
83
+ The user's time in this conversation is an investment. It pays off in
84
+ every subsequent audit cycle when the cabinet member catches something
85
+ specific to their project that a generic check would miss.
86
+
87
+ ## Overriding This Phase
88
+
89
+ Projects override this file when they have a different conversation
90
+ structure, additional template requirements, or non-standard cabinet member
91
+ registration. For example, a project that requires cost-benefit analysis
92
+ before adopting a cabinet member, or one that requires approval from
93
+ multiple stakeholders.
@@ -0,0 +1,61 @@
1
+ # Evaluate Existing — Compare Signals Against Cabinet
2
+
3
+ For each technology signal detected in the scan phase, check whether a
4
+ matching cabinet member already exists and whether it is current. The /seed
5
+ skill reads this file after scanning to determine what needs building
6
+ versus what needs updating.
7
+
8
+ When this file is absent or empty, the default behavior is: compare
9
+ each detected signal against `.claude/skills/cabinet-*/` and report
10
+ gaps and staleness. To explicitly skip evaluation, write only `skip: true`.
11
+
12
+ ## What to Include
13
+
14
+ Define your evaluation strategy:
15
+ - **How to match** — what counts as a cabinet member "covering" a technology
16
+ (name match, scan scope overlap, domain description)
17
+ - **What "stale" means** — how to detect that a cabinet member exists but
18
+ hasn't kept up with the technology
19
+ - **What to present** — how to show the user the gap/staleness analysis
20
+
21
+ ## Default Evaluation
22
+
23
+ For each detected technology signal:
24
+
25
+ 1. **Search for matching cabinet member.** Check each cabinet member's SKILL.md
26
+ in `.claude/skills/cabinet-*/` for:
27
+ - Name or description mentioning the technology
28
+ - Scan scope covering directories where the technology's files live
29
+ - Domain coverage that would include the technology's concerns
30
+
31
+ 2. **Assess coverage quality.** If a match exists:
32
+ - Does the cabinet member's scan scope include the right directories?
33
+ (e.g., a data-integrity cabinet member should cover wherever the DB
34
+ files and migration scripts live)
35
+ - Does the cabinet member reference the current technology version or
36
+ configuration? (e.g., if the project moved from CommonJS to ESM,
37
+ does the boundary-man cabinet member know?)
38
+ - Has the cabinet member produced findings in recent audits? (A
39
+ cabinet member that never fires may have a stale scope)
40
+
41
+ 3. **Classify each signal:**
42
+ - **Covered** — matching cabinet member exists and is current
43
+ - **Gap** — no matching cabinet member covers this technology
44
+ - **Stale** — cabinet member exists but scope, version, or domain
45
+ description is outdated
46
+ - **Absorbed** — no dedicated cabinet member, but an existing broader
47
+ cabinet member covers the concern adequately
48
+
49
+ 4. **Present the analysis** to the user as a table:
50
+ | Technology | Status | Cabinet Member | Notes |
51
+ |------------|--------|-------------|-------|
52
+ Show all four categories. Let the user decide which gaps to fill
53
+ and which staleness to address. Not every gap needs a cabinet member.
54
+
55
+ ## Overriding This Phase
56
+
57
+ Projects override this file when they have non-standard cabinet member
58
+ storage, custom matching logic, or additional assessment criteria.
59
+ For example, a project that stores cabinet members in a different location,
60
+ or one that tracks cabinet member health metrics in a database rather
61
+ than relying on file-level inspection.
@@ -0,0 +1,92 @@
1
+ # Maintain — Cabinet Health Review
2
+
3
+ Review existing cabinet members for health: retirement candidates, update
4
+ needs, and coverage gaps. The /seed skill reads this file after building
5
+ new cabinet members (or when no new cabinet members are needed).
6
+
7
+ When this file is absent or empty, the default behavior is: review the
8
+ full cabinet using the criteria below. To explicitly skip
9
+ maintenance, write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ Define your maintenance strategy:
14
+ - **Retirement criteria** — what signals that a cabinet member should be removed
15
+ - **Update criteria** — what signals that a cabinet member needs revision
16
+ - **Coverage analysis** — how to detect areas of the codebase that no
17
+ cabinet member watches
18
+ - **Presentation** — how to show recommendations to the user
19
+
20
+ ## Default Maintenance Review
21
+
22
+ ### Retirement Candidates
23
+
24
+ Check each cabinet member for retirement signals:
25
+
26
+ - **Technology removed.** The dependency, config file, or infrastructure
27
+ that the cabinet member watches is gone from the project. A cabinet member
28
+ for a framework you no longer use is dead weight.
29
+
30
+ - **High rejection rate.** If more than half of a cabinet member's audit
31
+ findings are rejected at triage, it's miscalibrated. Either refine it
32
+ (adjust scope, update calibration examples) or retire it if the domain
33
+ isn't worth the maintenance.
34
+
35
+ - **Stale scan scope.** The directories or files the cabinet member checks
36
+ no longer exist. The cabinet member runs but examines nothing.
37
+
38
+ - **Absorbed by another.** A broader cabinet member was created that covers
39
+ the same concerns. The narrow one is now redundant.
40
+
41
+ Apply `_lifecycle.md` criteria for formal assessment. Recommend
42
+ retirements as readily as adoptions — a lean cabinet is healthier than
43
+ a comprehensive one with dead weight.
44
+
45
+ ### Update Candidates
46
+
47
+ Check each cabinet member for update signals:
48
+
49
+ - **Version drift.** The technology version changed significantly
50
+ (major version bump, breaking changes). The cabinet member's calibration
51
+ examples and research method may reference outdated patterns.
52
+
53
+ - **Scope expansion needed.** New directories were added that fall under
54
+ the cabinet member's domain but aren't in its scan scope. For example,
55
+ a security cabinet member that scans `routes/` but the project added an
56
+ `api/` directory with new endpoints.
57
+
58
+ - **New features.** The technology added capabilities that the project
59
+ now uses but the cabinet member doesn't check. For example, SQLite added
60
+ JSON functions that the project started using — the data-integrity
61
+ cabinet member should know about JSON type coercion.
62
+
63
+ ### Coverage Gaps
64
+
65
+ Scan the codebase for areas no cabinet member watches:
66
+
67
+ - Directories with significant logic that aren't in any cabinet member's
68
+ scan scope
69
+ - File types that have grown in number but lack a corresponding
70
+ cabinet member (e.g., many migration files but no migration-safety
71
+ cabinet member)
72
+ - Patterns that recur across the codebase that no cabinet member checks
73
+ (e.g., error handling patterns, logging patterns)
74
+
75
+ ### Presentation
76
+
77
+ Present maintenance recommendations as three lists:
78
+
79
+ 1. **Retire** — cabinet members to remove, with reasoning
80
+ 2. **Update** — cabinet members to revise, with specific changes needed
81
+ 3. **Gap** — uncovered areas that might warrant new cabinet members
82
+
83
+ The user decides on each recommendation. Retirement is not failure —
84
+ it's the system staying lean.
85
+
86
+ ## Overriding This Phase
87
+
88
+ Projects override this file when they have additional maintenance
89
+ criteria (e.g., cost tracking for cabinet members, team assignment
90
+ reviews), different retirement thresholds, or non-standard health
91
+ metrics. For example, a project that tracks cabinet member ROI based on
92
+ bugs caught per audit cycle.
@@ -0,0 +1,86 @@
1
+ # Scan Signals — Where to Look for Technology Adoption
2
+
3
+ Define what files and patterns to scan for technology signals, and what
4
+ expertise each signal implies. The /seed skill reads this file first to
5
+ build a picture of the project's technology landscape.
6
+
7
+ When this file is absent or empty, the default behavior is: scan standard
8
+ locations using the default signal-to-expertise mappings below. To
9
+ explicitly skip signal scanning, write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ For each signal source, provide:
14
+ - **Where** — the file or glob pattern to check
15
+ - **What** — what to extract (dependency names, config keys, file presence)
16
+ - **Maps to** — what expertise the signal implies
17
+
18
+ ## Default Signal Sources
19
+
20
+ ### Package Manifests
21
+ - `package.json` — `dependencies` and `devDependencies` keys
22
+ - `requirements.txt` / `pyproject.toml` — Python dependencies
23
+ - `Cargo.toml` — Rust dependencies
24
+ - `go.mod` — Go modules
25
+ - `Gemfile` — Ruby dependencies
26
+
27
+ ### Configuration Files
28
+ - `.eslintrc*`, `eslint.config.*` — linting configuration
29
+ - `tailwind.config.*` — utility CSS framework
30
+ - `tsconfig.json` — TypeScript
31
+ - `docker-compose.yml` — container orchestration
32
+ - `.prettierrc*` — code formatting
33
+ - `webpack.config.*`, `vite.config.*` — build tooling
34
+ - `jest.config.*`, `vitest.config.*` — test configuration
35
+
36
+ ### Infrastructure
37
+ - `Dockerfile` — containerization
38
+ - `.github/workflows/` — CI/CD via GitHub Actions
39
+ - `railway.json` / `railway.toml` — Railway deployment
40
+ - `vercel.json` — Vercel deployment
41
+ - `fly.toml` — Fly.io deployment
42
+ - `netlify.toml` — Netlify deployment
43
+
44
+ ### Database
45
+ - `*.db` files — SQLite databases
46
+ - `migrations/` directory — schema migration system
47
+ - `prisma/` directory — Prisma ORM
48
+ - `drizzle.config.*` — Drizzle ORM
49
+ - `knexfile.*` — Knex query builder
50
+
51
+ ## Default Signal-to-Expertise Mappings
52
+
53
+ | Signal | Suggested Cabinet Member |
54
+ |--------|----------------------|
55
+ | React / Vue / Svelte in deps | usability, accessibility, small-screen |
56
+ | UI framework (Mantine, MUI, Chakra, etc.) | usability, framework-quality (project-specific) |
57
+ | SQLite / PostgreSQL / MySQL | data-integrity |
58
+ | Docker / Railway / Fly.io / Vercel | architecture, security |
59
+ | Express / Fastify / Hono | security, speed-freak |
60
+ | Test framework (jest, vitest, mocha) | qa |
61
+ | TypeScript | boundary-man |
62
+ | CI/CD configs (.github/workflows, etc.) | workflow-cop |
63
+ | Complex architecture (3+ services, monorepo) | architecture |
64
+ | Long-running project (6+ months of git history) | historian |
65
+ | Many skills (5+ in .claude/skills/) | roster-check |
66
+ | Features shipping regularly | system-advocate |
67
+
68
+ These mappings are starting points, not prescriptions. A project may
69
+ already cover a signal through an existing broader cabinet member (e.g.,
70
+ a "code-quality" cabinet member that subsumes boundary-man). The
71
+ evaluate-existing phase handles that deduplication.
72
+
73
+ ## Overriding This Phase
74
+
75
+ Projects override this file to add domain-specific signals. Examples:
76
+
77
+ - A healthcare project adds: HIPAA-related libraries map to a
78
+ compliance cabinet member
79
+ - A financial project adds: payment processing libraries (Stripe,
80
+ Square) map to a financial-integrity cabinet member
81
+ - A data pipeline project adds: ETL tools (dbt, Airflow) map to a
82
+ data-quality cabinet member
83
+
84
+ Keep the default mappings and add project-specific ones below them.
85
+ The more signals the scan detects, the better the gap analysis in the
86
+ evaluate-existing phase.
@@ -0,0 +1,251 @@
1
+ ---
2
+ name: triage-audit
3
+ description: |
4
+ Audit finding triage. Loads findings, prepares commentary, presents for
5
+ human judgment via local web UI or CLI, then applies verdicts — updating
6
+ triage status, attempting auto-fixes, and creating actions for approved
7
+ findings. The loop-closer: without triage, audit findings accumulate and
8
+ are never acted on. Use when: "triage", "/triage-audit", after an audit
9
+ run, or when untriaged findings exist.
10
+ related:
11
+ - type: file
12
+ path: .claude/skills/triage-audit/phases/load-findings.md
13
+ role: "Project-specific: where to load findings from"
14
+ - type: file
15
+ path: .claude/skills/triage-audit/phases/triage-ui.md
16
+ role: "Project-specific: how to present findings for triage"
17
+ - type: file
18
+ path: .claude/skills/triage-audit/phases/apply-verdicts.md
19
+ role: "Project-specific: how to act on triage decisions"
20
+ - type: file
21
+ path: scripts/triage-server.mjs
22
+ role: "Local HTTP server for triage UI"
23
+ - type: file
24
+ path: scripts/triage-ui.html
25
+ role: "Browser-based triage interface"
26
+ - type: file
27
+ path: scripts/pib-db.js
28
+ role: "Reference data layer for finding persistence"
29
+ - type: file
30
+ path: cabinet/_briefing.md
31
+ role: "Project identity and configuration"
32
+ ---
33
+
34
+ # /triage-audit — Audit Finding Triage
35
+
36
+ ## Purpose
37
+
38
+ Close the audit loop. The audit generates findings; triage presents them
39
+ for human judgment. Without triage, findings accumulate in JSON files
40
+ and are never acted on — or worse, the same findings regenerate every
41
+ audit run because they were never explicitly dismissed.
42
+
43
+ Triage is where human judgment enters the system. Claude can observe
44
+ patterns and flag concerns, but only the user knows which concerns
45
+ matter for this project at this time. A finding that looks critical in
46
+ isolation might be irrelevant given the project's priorities. A finding
47
+ that looks minor might be the canary for a deeper issue the user
48
+ recognizes. Triage captures that judgment.
49
+
50
+ This is a **skeleton skill** using the `phases/` directory pattern. The
51
+ orchestration is generic. Your project defines the specifics — where to
52
+ load findings, how to present them, how to apply verdicts — in phase
53
+ files under `phases/`.
54
+
55
+ ### Phase File Protocol
56
+
57
+ Phase files have three states:
58
+
59
+ | State | Meaning |
60
+ |-------|---------|
61
+ | Absent or empty | Use this skeleton's **default behavior** for the phase |
62
+ | Contains only `skip: true` | **Explicitly opted out** — skip this phase entirely |
63
+ | Contains content | **Custom behavior** — use the file's content instead |
64
+
65
+ ## Identity
66
+
67
+ You are the facilitator. You don't make triage decisions — you prepare
68
+ the context so the user can make good ones quickly. For each finding,
69
+ you add commentary: what you think about it, what the fix might involve,
70
+ how it relates to other findings or to work already in progress. Your
71
+ commentary is a suggestion. The user's verdict is the decision.
72
+
73
+ Your job is to minimize triage friction. Every finding should be
74
+ presented with enough context that the user can decide in seconds, not
75
+ minutes. Group related findings. Highlight the ones that matter most.
76
+ Make the verdict buttons (Fix / Defer / Reject) the easiest thing to
77
+ click.
78
+
79
+ ## Verdicts
80
+
81
+ Three verdicts, plus a question escape hatch:
82
+
83
+ | Verdict | Meaning | Effect |
84
+ |---------|---------|--------|
85
+ | **Fix** | This finding is real and should be addressed | Creates an action or triggers auto-fix |
86
+ | **Defer** | Real but not now — revisit later | Suppressed in future audits until explicitly resurfaced |
87
+ | **Reject** | Not a real problem for this project | Permanently suppressed in future audits |
88
+ | **?** (Question) | Need more information before deciding | Finding stays open, question is recorded |
89
+
90
+ **Fix** doesn't mean "fix right now." It means "this is approved for
91
+ action." The action goes into the work tracker; when it gets done is a
92
+ scheduling decision.
93
+
94
+ **Defer** needs a reason. "Not now" is acceptable if the user has a
95
+ clear sense of when. "Maybe someday" is a reject in disguise — push
96
+ back gently.
97
+
98
+ **Reject** means "this is noise for our project." A high rejection rate
99
+ for a cabinet member is signal that the cabinet member's calibration is off.
100
+
101
+ ## Workflow
102
+
103
+ ### 1. Load Findings (core)
104
+
105
+ Read `phases/load-findings.md` for where to get the findings to triage.
106
+
107
+ **Default (absent/empty):** Query the reference data layer (pib-db) for
108
+ findings with `triage_status = 'open'`. If pib-db is not initialized or
109
+ has no findings, fall back to reading the most recent
110
+ `reviews/*/run-summary.json` file.
111
+
112
+ Present a summary before triage: how many findings, breakdown by
113
+ severity and cabinet member, how many are new vs previously seen.
114
+
115
+ ### 2. Present for Triage (core)
116
+
117
+ Read `phases/triage-ui.md` for how to present findings for human judgment.
118
+
119
+ **Default (absent/empty):**
120
+ 1. Prepare commentary for each finding — your assessment of importance,
121
+ suggested approach, relationship to other findings or open work
122
+ 2. Start the local triage server: `node scripts/triage-server.mjs`
123
+ 3. POST findings with commentary to the server's API
124
+ 4. Tell the user to open the triage UI in their browser
125
+ 5. Wait for the user to complete triage (verdicts come back via the
126
+ server's API)
127
+
128
+ **IMPORTANT:** Never summarize away findings. Every finding must be
129
+ visible in the triage UI with its full context — title, description,
130
+ assumption, evidence, question, and your commentary. The user needs to
131
+ see everything to make good decisions.
132
+
133
+ **Fallback (no browser available):** Present findings in the conversation
134
+ grouped by cabinet member, severity-ordered within each group. Ask for
135
+ verdicts one group at a time to avoid overwhelming.
136
+
137
+ ### 3. Apply Verdicts (core)
138
+
139
+ Read `phases/apply-verdicts.md` for how to act on the user's triage
140
+ decisions.
141
+
142
+ **Default (absent/empty):** For each verdict:
143
+
144
+ **Fix verdicts:**
145
+ 1. Update finding's triage_status to 'approved' in pib-db
146
+ 2. If the finding is marked `autoFixable: true`, attempt the fix
147
+ immediately. Verify the fix works before marking it done.
148
+ 3. If not auto-fixable, create an action in pib-db with:
149
+ - Text: the finding title
150
+ - Notes: finding description, evidence, suggested fix
151
+ - Area: derived from cabinet member or finding metadata
152
+
153
+ **Defer verdicts:**
154
+ 1. Update finding's triage_status to 'deferred' in pib-db
155
+ 2. Record the user's reason in triage_notes
156
+ 3. The finding will be suppressed in future audit runs
157
+
158
+ **Reject verdicts:**
159
+ 1. Update finding's triage_status to 'rejected' in pib-db
160
+ 2. Record the user's reason in triage_notes
161
+ 3. The finding will be permanently suppressed in future audit runs
162
+
163
+ **Question verdicts:**
164
+ 1. Finding stays open (triage_status remains 'open')
165
+ 2. Record the question in triage_notes
166
+ 3. The finding will appear again in the next triage
167
+
168
+ If pib-db is not initialized, write verdicts to
169
+ `reviews/<run-dir>/triage.json` as a fallback. The next audit's
170
+ `load-triage-history.js` will find them there.
171
+
172
+ After applying all verdicts, present a summary: how many fixed
173
+ (auto-fixed vs action created), deferred, rejected, questioned.
174
+
175
+ ### 4. Discover Custom Phases
176
+
177
+ After running the core phases above, check for any additional phase
178
+ files in `phases/` that the skeleton doesn't define. Execute them at
179
+ their declared position.
180
+
181
+ ## Phase Summary
182
+
183
+ | Phase | Absent = | What it customizes |
184
+ |-------|----------|-------------------|
185
+ | `load-findings.md` | Default: query pib-db, fall back to run-summary.json | Where findings come from |
186
+ | `triage-ui.md` | Default: local triage server + browser UI | How findings are presented |
187
+ | `apply-verdicts.md` | Default: update pib-db + auto-fix + create actions | How verdicts are applied |
188
+
189
+ ## How Triage Connects to Other Skills
190
+
191
+ **Audit** generates findings; **triage** presents them for judgment and
192
+ applies the decisions. They form a closed loop: audit → triage → suppression
193
+ → next audit skips triaged items.
194
+
195
+ **Fix verdicts create actions** that appear in orient's work scan and
196
+ debrief's close-work phase. The triage finding becomes a tracked work
197
+ item through the standard work lifecycle.
198
+
199
+ **Reject/defer verdicts feed back** into future audits via the triage
200
+ suppression list. Cabinet members learn what this project cares about by
201
+ seeing what gets rejected — persistent rejections from a cabinet member
202
+ signal calibration drift (see `cabinet/_lifecycle.md`).
203
+
204
+ **The enforcement pipeline** watches for recurring approved findings.
205
+ If the same type of finding keeps getting approved across multiple
206
+ audits, it's a candidate for promotion to a rule or hook — structural
207
+ prevention instead of repeated detection.
208
+
209
+ ## Extending
210
+
211
+ To customize a phase: write content in the corresponding `phases/` file.
212
+ To skip a phase: write only `skip: true` in the file.
213
+ To add a phase: create a new file in `phases/`.
214
+
215
+ Examples of phases mature projects add:
216
+ - Batch auto-fix (attempt all auto-fixable findings before presenting
217
+ the rest for manual triage)
218
+ - Trend surfacing (show how this run compares to previous runs)
219
+ - Deferred resurfacing (periodically bring back deferred findings for
220
+ re-evaluation based on time or project changes)
221
+ - Team notification (alert team members about findings in their area)
222
+
223
+ ## Calibration
224
+
225
+ **Core failure this targets:** Audit findings that are generated but
226
+ never acted on, creating a growing backlog of untriaged items that makes
227
+ the entire audit system feel useless.
228
+
229
+ ### Without Skill (Bad)
230
+
231
+ An audit runs and produces 30 findings. They sit in a JSON file. The
232
+ next audit runs and produces 35 findings — including 25 of the same
233
+ ones. The user glances at the list, feels overwhelmed, and ignores it.
234
+ After three audit runs with no triage, the audit itself gets skipped
235
+ because "it just generates noise."
236
+
237
+ The system has a learning mechanism (audit) but no judgment mechanism
238
+ (triage). Without judgment, the learning is wasted.
239
+
240
+ ### With Skill (Good)
241
+
242
+ An audit runs and produces 30 findings. Triage presents them in a
243
+ browser UI, grouped by cabinet member, with commentary on each. The user
244
+ works through them in 15 minutes: fixes 5 (2 auto-fixed, 3 become
245
+ actions), defers 8, rejects 17. The next audit produces 12 new
246
+ findings — the 17 rejected and 8 deferred are suppressed. The triage
247
+ queue stays manageable.
248
+
249
+ Over time, the system learns what matters to this project. Cabinet members
250
+ that consistently produce rejected findings get retired or recalibrated.
251
+ The audit becomes more precise with each cycle.
@@ -0,0 +1,90 @@
1
+ # Apply Verdicts — Acting on Triage Decisions
2
+
3
+ Define how triage verdicts are applied. The /triage-audit skill reads
4
+ this file after receiving the user's verdicts.
5
+
6
+ When this file is absent or empty, the default behavior is: update
7
+ pib-db triage status, attempt auto-fix for fixable findings, create
8
+ actions for approved non-fixable findings. Fallback: write verdicts
9
+ to `triage.json`. To explicitly skip, write only `skip: true`.
10
+
11
+ ## What to Include
12
+
13
+ Define your verdict application strategy:
14
+ - **Persistence** — where triage decisions are stored
15
+ - **Fix workflow** — what happens when a finding is approved for fixing
16
+ - **Action creation** — how approved findings become tracked work items
17
+ - **Suppression** — how rejected/deferred findings are excluded from
18
+ future audits
19
+
20
+ ## Default Behavior
21
+
22
+ ### Fix Verdicts
23
+ 1. Update `triage_status = 'approved'` in pib-db
24
+ 2. If `autoFixable: true`:
25
+ - Attempt the fix based on the finding's `suggestedFix`
26
+ - Verify the fix (run relevant tests or checks)
27
+ - If successful, update `triage_status = 'fixed'`
28
+ - If failed, create an action instead
29
+ 3. If not auto-fixable:
30
+ - Create an action via `node scripts/pib-db.js create-action`
31
+ - Include finding details in action notes
32
+
33
+ ### Defer Verdicts
34
+ 1. Update `triage_status = 'deferred'` in pib-db
35
+ 2. Record reason in `triage_notes`
36
+ 3. Finding suppressed in future audits via triage history
37
+
38
+ ### Reject Verdicts
39
+ 1. Update `triage_status = 'rejected'` in pib-db
40
+ 2. Record reason in `triage_notes`
41
+ 3. Finding permanently suppressed in future audits
42
+
43
+ ### Question Verdicts
44
+ 1. Finding stays `triage_status = 'open'`
45
+ 2. Record question in `triage_notes`
46
+ 3. Finding reappears in next triage
47
+
48
+ ### Fallback (no pib-db)
49
+ Write verdicts to `reviews/<run-dir>/triage.json`:
50
+ ```json
51
+ {
52
+ "verdicts": [
53
+ {
54
+ "id": "finding-id",
55
+ "cabinet_member": "...",
56
+ "title": "...",
57
+ "verdict": "fix|defer|reject",
58
+ "notes": "user's reason or question"
59
+ }
60
+ ]
61
+ }
62
+ ```
63
+
64
+ ## Example Override
65
+
66
+ Uncomment and adapt for your project:
67
+
68
+ <!--
69
+ ### External Work Tracker
70
+ Instead of creating actions in pib-db, create issues in your
71
+ project tracker:
72
+ ```bash
73
+ gh issue create --title "Audit: ${finding.title}" \
74
+ --body "${finding.description}" \
75
+ --label "audit-finding"
76
+ ```
77
+
78
+ ### External Triage Storage
79
+ POST verdicts to an external API:
80
+ ```bash
81
+ curl -X POST https://your-api.example.com/api/triage/verdicts \
82
+ -H "Content-Type: application/json" \
83
+ -H "Authorization: Bearer $API_TOKEN" \
84
+ -d @verdicts.json
85
+ ```
86
+
87
+ ### Custom Action Creation
88
+ Create actions with specific formatting, project assignment,
89
+ or area derivation logic based on your project's structure.
90
+ -->