create-claude-cabinet 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +196 -0
  3. package/bin/create-claude-cabinet.js +8 -0
  4. package/lib/cli.js +624 -0
  5. package/lib/copy.js +152 -0
  6. package/lib/db-setup.js +51 -0
  7. package/lib/metadata.js +42 -0
  8. package/lib/reset.js +193 -0
  9. package/lib/settings-merge.js +93 -0
  10. package/package.json +29 -0
  11. package/templates/EXTENSIONS.md +311 -0
  12. package/templates/README.md +485 -0
  13. package/templates/briefing/_briefing-api-template.md +21 -0
  14. package/templates/briefing/_briefing-architecture-template.md +16 -0
  15. package/templates/briefing/_briefing-cabinet-template.md +20 -0
  16. package/templates/briefing/_briefing-identity-template.md +18 -0
  17. package/templates/briefing/_briefing-scopes-template.md +39 -0
  18. package/templates/briefing/_briefing-template.md +148 -0
  19. package/templates/briefing/_briefing-work-tracking-template.md +18 -0
  20. package/templates/cabinet/committees-template.yaml +49 -0
  21. package/templates/cabinet/composition-patterns.md +240 -0
  22. package/templates/cabinet/eval-protocol.md +208 -0
  23. package/templates/cabinet/lifecycle.md +93 -0
  24. package/templates/cabinet/output-contract.md +148 -0
  25. package/templates/cabinet/prompt-guide.md +266 -0
  26. package/templates/hooks/cor-upstream-guard.sh +79 -0
  27. package/templates/hooks/git-guardrails.sh +67 -0
  28. package/templates/hooks/skill-telemetry.sh +66 -0
  29. package/templates/hooks/skill-tool-telemetry.sh +54 -0
  30. package/templates/hooks/stop-hook.md +56 -0
  31. package/templates/memory/patterns/_pattern-template.md +119 -0
  32. package/templates/memory/patterns/pattern-intelligence-first.md +41 -0
  33. package/templates/rules/enforcement-pipeline.md +151 -0
  34. package/templates/scripts/cor-drift-check.cjs +84 -0
  35. package/templates/scripts/finding-schema.json +94 -0
  36. package/templates/scripts/load-triage-history.js +151 -0
  37. package/templates/scripts/merge-findings.js +126 -0
  38. package/templates/scripts/pib-db-schema.sql +68 -0
  39. package/templates/scripts/pib-db.js +365 -0
  40. package/templates/scripts/triage-server.mjs +98 -0
  41. package/templates/scripts/triage-ui.html +536 -0
  42. package/templates/skills/audit/SKILL.md +273 -0
  43. package/templates/skills/audit/phases/finding-output.md +56 -0
  44. package/templates/skills/audit/phases/member-execution.md +83 -0
  45. package/templates/skills/audit/phases/member-selection.md +44 -0
  46. package/templates/skills/audit/phases/structural-checks.md +54 -0
  47. package/templates/skills/audit/phases/triage-history.md +45 -0
  48. package/templates/skills/cabinet-accessibility/SKILL.md +180 -0
  49. package/templates/skills/cabinet-anti-confirmation/SKILL.md +172 -0
  50. package/templates/skills/cabinet-architecture/SKILL.md +279 -0
  51. package/templates/skills/cabinet-boundary-man/SKILL.md +265 -0
  52. package/templates/skills/cabinet-cor-health/SKILL.md +342 -0
  53. package/templates/skills/cabinet-data-integrity/SKILL.md +157 -0
  54. package/templates/skills/cabinet-debugger/SKILL.md +221 -0
  55. package/templates/skills/cabinet-historian/SKILL.md +253 -0
  56. package/templates/skills/cabinet-organized-mind/SKILL.md +338 -0
  57. package/templates/skills/cabinet-process-therapist/SKILL.md +261 -0
  58. package/templates/skills/cabinet-qa/SKILL.md +205 -0
  59. package/templates/skills/cabinet-record-keeper/SKILL.md +168 -0
  60. package/templates/skills/cabinet-roster-check/SKILL.md +297 -0
  61. package/templates/skills/cabinet-security/SKILL.md +181 -0
  62. package/templates/skills/cabinet-small-screen/SKILL.md +154 -0
  63. package/templates/skills/cabinet-speed-freak/SKILL.md +169 -0
  64. package/templates/skills/cabinet-system-advocate/SKILL.md +194 -0
  65. package/templates/skills/cabinet-technical-debt/SKILL.md +115 -0
  66. package/templates/skills/cabinet-usability/SKILL.md +189 -0
  67. package/templates/skills/cabinet-workflow-cop/SKILL.md +238 -0
  68. package/templates/skills/cor-upgrade/SKILL.md +302 -0
  69. package/templates/skills/debrief/SKILL.md +409 -0
  70. package/templates/skills/debrief/phases/auto-maintenance.md +48 -0
  71. package/templates/skills/debrief/phases/close-work.md +88 -0
  72. package/templates/skills/debrief/phases/health-checks.md +54 -0
  73. package/templates/skills/debrief/phases/inventory.md +40 -0
  74. package/templates/skills/debrief/phases/loose-ends.md +52 -0
  75. package/templates/skills/debrief/phases/record-lessons.md +67 -0
  76. package/templates/skills/debrief/phases/report.md +59 -0
  77. package/templates/skills/debrief/phases/update-state.md +48 -0
  78. package/templates/skills/debrief/phases/upstream-feedback.md +129 -0
  79. package/templates/skills/debrief-quick/SKILL.md +12 -0
  80. package/templates/skills/execute/SKILL.md +293 -0
  81. package/templates/skills/execute/phases/cabinet.md +49 -0
  82. package/templates/skills/execute/phases/commit-and-deploy.md +66 -0
  83. package/templates/skills/execute/phases/load-plan.md +49 -0
  84. package/templates/skills/execute/phases/validators.md +50 -0
  85. package/templates/skills/execute/phases/verification-tools.md +67 -0
  86. package/templates/skills/extract/SKILL.md +168 -0
  87. package/templates/skills/investigate/SKILL.md +160 -0
  88. package/templates/skills/link/SKILL.md +52 -0
  89. package/templates/skills/menu/SKILL.md +61 -0
  90. package/templates/skills/onboard/SKILL.md +356 -0
  91. package/templates/skills/onboard/phases/detect-state.md +79 -0
  92. package/templates/skills/onboard/phases/generate-briefing.md +127 -0
  93. package/templates/skills/onboard/phases/generate-session-loop.md +87 -0
  94. package/templates/skills/onboard/phases/interview.md +233 -0
  95. package/templates/skills/onboard/phases/modularity-menu.md +162 -0
  96. package/templates/skills/onboard/phases/options.md +98 -0
  97. package/templates/skills/onboard/phases/post-onboard-audit.md +121 -0
  98. package/templates/skills/onboard/phases/summary.md +122 -0
  99. package/templates/skills/onboard/phases/work-tracking.md +231 -0
  100. package/templates/skills/orient/SKILL.md +251 -0
  101. package/templates/skills/orient/phases/auto-maintenance.md +48 -0
  102. package/templates/skills/orient/phases/briefing.md +53 -0
  103. package/templates/skills/orient/phases/cabinet.md +46 -0
  104. package/templates/skills/orient/phases/context.md +63 -0
  105. package/templates/skills/orient/phases/data-sync.md +35 -0
  106. package/templates/skills/orient/phases/health-checks.md +50 -0
  107. package/templates/skills/orient/phases/work-scan.md +69 -0
  108. package/templates/skills/orient-quick/SKILL.md +12 -0
  109. package/templates/skills/plan/SKILL.md +358 -0
  110. package/templates/skills/plan/phases/cabinet-critique.md +47 -0
  111. package/templates/skills/plan/phases/calibration-examples.md +75 -0
  112. package/templates/skills/plan/phases/completeness-check.md +44 -0
  113. package/templates/skills/plan/phases/composition-check.md +36 -0
  114. package/templates/skills/plan/phases/overlap-check.md +62 -0
  115. package/templates/skills/plan/phases/plan-template.md +69 -0
  116. package/templates/skills/plan/phases/present.md +60 -0
  117. package/templates/skills/plan/phases/research.md +43 -0
  118. package/templates/skills/plan/phases/work-tracker.md +95 -0
  119. package/templates/skills/publish/SKILL.md +74 -0
  120. package/templates/skills/pulse/SKILL.md +242 -0
  121. package/templates/skills/pulse/phases/auto-fix-scope.md +40 -0
  122. package/templates/skills/pulse/phases/checks.md +58 -0
  123. package/templates/skills/pulse/phases/output.md +54 -0
  124. package/templates/skills/seed/SKILL.md +257 -0
  125. package/templates/skills/seed/phases/build-member.md +93 -0
  126. package/templates/skills/seed/phases/evaluate-existing.md +61 -0
  127. package/templates/skills/seed/phases/maintain.md +92 -0
  128. package/templates/skills/seed/phases/scan-signals.md +86 -0
  129. package/templates/skills/triage-audit/SKILL.md +251 -0
  130. package/templates/skills/triage-audit/phases/apply-verdicts.md +90 -0
  131. package/templates/skills/triage-audit/phases/load-findings.md +38 -0
  132. package/templates/skills/triage-audit/phases/triage-ui.md +66 -0
  133. package/templates/skills/unlink/SKILL.md +35 -0
  134. package/templates/skills/validate/SKILL.md +116 -0
  135. package/templates/skills/validate/phases/validators.md +53 -0
@@ -0,0 +1,93 @@
1
+ # Cabinet Member Lifecycle
2
+
3
+ How cabinet members enter, evolve, and leave your project's expertise cabinet.
4
+ Adding a cabinet member is hiring an expert. Retiring one is letting someone
5
+ go when their expertise is no longer needed. Both decisions require judgment.
6
+
7
+ ## When to Adopt a Cabinet Member
8
+
9
+ **Technology signal.** Adopted React? Consider accessibility and
10
+ small-screen. Using SQLite? Consider data-integrity. Chose a
11
+ UI framework? Consider a framework-quality cabinet member. The technology
12
+ choice itself is the signal — you don't wait for an incident.
13
+
14
+ **Incident signal.** A security breach, a data loss, a deployment that
15
+ broke production — each reveals expertise the project lacked. Build a
16
+ cabinet member to carry that expertise forward so the system remembers
17
+ what the human might forget.
18
+
19
+ **Growth signal.** Working with a team? Consider workflow-cop and record-keeper.
20
+ Managing multiple areas? Consider organized-mind. Tracking complex state?
21
+ Consider data-integrity with broader scope.
22
+
23
+ **Audit gap signal.** During audit triage, you notice recurring friction
24
+ that no cabinet member covers. Before hiring a new cabinet member, check whether
25
+ an existing one could expand its scope. If not, that's a genuine gap.
26
+
27
+ ## When to Retire a Cabinet Member
28
+
29
+ **No signal, no findings.** If a cabinet member hasn't caught a real issue
30
+ (approved finding) in 3+ audit cycles, it may be dead weight. Check:
31
+ - Has the domain it covers changed? (Migrated off the framework, removed
32
+ the feature)
33
+ - Are its paths stale? (Files it checks no longer exist)
34
+ - Has another cabinet member absorbed its concerns?
35
+
36
+ **High rejection rate.** If >50% of a cabinet member's findings are rejected
37
+ at triage, it's miscalibrated. Either refine it (via `eval-protocol.md`)
38
+ or retire it if the domain isn't worth the maintenance.
39
+
40
+ **Domain no longer relevant.** Dropped the UI framework the cabinet member
41
+ checked. Moved to a managed database that handles integrity itself.
42
+ Retired the feature the cabinet member watched.
43
+
44
+ Retirement is healthy. A lean cabinet of active cabinet members is better
45
+ than a large one with dead weight. The system stays lean by actively
46
+ pruning, not just actively growing.
47
+
48
+ ## How to Assess
49
+
50
+ Use `eval-protocol.md` for structured assessment:
51
+
52
+ 1. Define 3-5 assertions about what the cabinet member should catch
53
+ 2. Sample recent audit runs for evidence
54
+ 3. Score: pass / partial / fail / untestable
55
+ 4. Track over time: declining pass rate = drift
56
+
57
+ **Key metric: triage acceptance rate.** What fraction of a cabinet member's
58
+ findings does the user approve vs reject? This is the strongest signal
59
+ of calibration quality.
60
+
61
+ ## Cross-Portfolio vs Committee-Assigned
62
+
63
+ Most cabinet members belong in exactly one committee (see `committees-template.yaml`).
64
+ They cover a specific domain and stay in their portfolio.
65
+
66
+ **Cross-portfolio cabinet members** intentionally span domains. Their expertise
67
+ (reasoning quality, cognitive load, test coverage) touches everything.
68
+ These activate via `standing-mandate` in their SKILL.md frontmatter,
69
+ not by committee membership. Examples: anti-confirmation, qa, debugger,
70
+ organized-mind.
71
+
72
+ Don't put a cross-portfolio cabinet member in a committee. It would run in committee
73
+ audits where it doesn't belong, and miss unassigned contexts where it does.
74
+
75
+ ## Creating a New Cabinet Member
76
+
77
+ A cabinet member is a skill with `user-invocable: false`. Create it in
78
+ `.claude/skills/cabinet-{name}/SKILL.md` with:
79
+
80
+ 1. **Identity** — who is this expert? What do they care about?
81
+ 2. **Convening Criteria** — `standing-mandate`, `files`, `topics`
82
+ 3. **Research Method** — what to examine, what tools to use, what to
83
+ reason about
84
+ 4. **Boundaries** — what this cabinet member does NOT own (prevents overlap)
85
+ 5. **Calibration Examples** — good findings, wrong-portfolio findings, severity
86
+ anchors
87
+
88
+ Add the cabinet member to your `committees.yaml` under the appropriate committee.
89
+ It's automatically discovered by the audit skill.
90
+
91
+ The best cabinet members emerge from real incidents and real audit findings.
92
+ Start rough, refine through use. A cabinet member that catches one real issue
93
+ is worth more than one that catches nothing precisely.
@@ -0,0 +1,148 @@
1
+ # Audit Output Contract
2
+
3
+ This file defines how cabinet members produce output when consumed by the
4
+ audit system. Cabinet members themselves are domain-neutral expert lenses;
5
+ this contract adds the audit-specific framing.
6
+
7
+ ## Your Role
8
+
9
+ You are a system auditor producing structured findings. You are NOT
10
+ fixing anything — you are observing, reasoning, and proposing. Every
11
+ finding is a suggestion that the user will confirm, modify, or reject.
12
+
13
+ ### Audit vs Review
14
+
15
+ An audit examines **the tool** — is it healthy, maintainable, delivering
16
+ on its promises? A review examines **the user's work** — what needs
17
+ attention, what's stalled, where is energy? You are doing an audit,
18
+ not a review.
19
+
20
+ You may observe usage patterns as evidence. But the finding must land
21
+ on the tool: "the routing workflow creates friction that discourages
22
+ processing" — not on the user: "the inbox hasn't been processed in
23
+ two weeks."
24
+
25
+ Every finding should answer: **what should the tool do differently?**
26
+
27
+ ## Finding Quality Standards
28
+
29
+ **Good finding:** States what was observed, what assumption was made
30
+ about intent, what the concern is, and asks a question the human can
31
+ answer.
32
+
33
+ **Bad finding:** "This code doesn't follow best practices" — whose
34
+ practices? Why do they matter here? What's the actual risk?
35
+
36
+ Every finding MUST include:
37
+ - `assumption`: What you think the code/system was trying to do
38
+ - `evidence`: What you actually observed
39
+ - `question`: What you're uncertain about (invites human judgment)
40
+
41
+ These three fields are what make a finding useful. Without them, the
42
+ finding is just an opinion.
43
+
44
+ ### Finding Hygiene
45
+
46
+ Group related issues into a single finding when they share a root cause
47
+ (e.g., "5 files duplicate the AREAS constant" is one finding, not five).
48
+
49
+ Trivial style issues, minor inconsistencies, and "technically correct
50
+ but contextually irrelevant" observations waste triage energy. Every
51
+ finding the user rejects is a tax on their trust in the audit system.
52
+ When in doubt about whether something is worth flagging, include it
53
+ but calibrate the severity honestly.
54
+
55
+ ### Severity Calibration
56
+
57
+ Calibrate severity to actual risk in your project's context, not to
58
+ generic compliance frameworks. Read `_briefing.md` for the project's
59
+ priorities and risk profile.
60
+
61
+ <!-- Customize these anchors for your project. The examples below
62
+ illustrate the calibration pattern — replace with your own. -->
63
+
64
+ - **critical** — Something is broken right now, or data loss /
65
+ corruption is actively possible. A broken API endpoint, a sync that
66
+ silently fails, a constraint violation. The user would want to know
67
+ immediately.
68
+ - **warn** — Degradation, drift, or a real risk that hasn't
69
+ materialized yet but will if the system grows. A pattern that becomes
70
+ a problem at 2x current scale. A convention violation that causes
71
+ confusion.
72
+ - **info** — A genuine improvement opportunity. The system works but
73
+ could work better. Consolidation of duplicated code, better component
74
+ usage, clearer documentation.
75
+ - **idea** — A strategic suggestion or opportunity. Not a problem at all.
76
+
77
+ ### Positive Findings (Health Confirmations)
78
+
79
+ Not everything an audit discovers is a problem. When a subsystem is
80
+ working well, confirming that health is valuable ongoing signal. Mark
81
+ these with `"type": "positive"`:
82
+
83
+ ```json
84
+ {
85
+ "id": "{cabinet-member}-p{NNNN}",
86
+ "type": "positive",
87
+ "perspective": "{cabinet-member-name}",
88
+ "severity": "info",
89
+ "title": "Healthy subsystem confirmation",
90
+ "description": "What was checked and found healthy",
91
+ "evidence": "Specific checks that passed",
92
+ "autoFixable": false
93
+ }
94
+ ```
95
+
96
+ **When to emit positive findings:**
97
+ - A subsystem you checked is healthy and functioning as intended
98
+ - A previously-flagged area has been fully resolved
99
+ - Infrastructure (sync, backups, pipelines) is operating normally
100
+
101
+ **Guidelines:**
102
+ - Keep positive findings concise — one per healthy subsystem
103
+ - Positive findings do NOT enter the triage queue (no approve/reject/defer)
104
+ - They are never suppressed by triage history (generated fresh each run)
105
+ - Use `severity: "info"` for positive findings
106
+
107
+ ### The `autoFixable` Field
108
+
109
+ Mark `autoFixable: true` ONLY when a fix agent could resolve the
110
+ finding in under 5 minutes with zero design decisions:
111
+
112
+ - **True:** Add an aria-label, fix a typo, add a missing column to
113
+ an INSERT, add .env to .gitignore, update a stale string.
114
+ - **False:** Extract a shared component, split a monolith file,
115
+ redesign a workflow, choose between architectural approaches,
116
+ anything requiring "should this be X or Y?"
117
+
118
+ When in doubt, mark false.
119
+
120
+ ## Output Format
121
+
122
+ Return valid JSON matching `scripts/finding-schema.json`.
123
+
124
+ ```json
125
+ {
126
+ "findings": [
127
+ {
128
+ "id": "{cabinet-member}-{NNNN}",
129
+ "type": "finding",
130
+ "perspective": "{cabinet-member-name}",
131
+ "severity": "critical|warn|info|idea",
132
+ "title": "Short description (max 120 chars)",
133
+ "description": "Full explanation",
134
+ "assumption": "What you think the intent was",
135
+ "evidence": "What you actually observed",
136
+ "question": "What you're uncertain about",
137
+ "autoFixable": false
138
+ }
139
+ ],
140
+ "meta": {
141
+ "perspective": "{cabinet-member-name}",
142
+ "timestamp": "ISO-8601"
143
+ }
144
+ }
145
+ ```
146
+
147
+ Your response must be ONLY the JSON object — no markdown fences, no
148
+ commentary outside the JSON.
@@ -0,0 +1,266 @@
1
+ # Cabinet Member Prompt Guide
2
+
3
+ What makes a good cabinet member prompt. This guide is craft knowledge for
4
+ writing and evaluating cabinet member prompts — the `SKILL.md` files in
5
+ `.claude/skills/cabinet-{name}/` that teach Claude how to think about a
6
+ dimension of quality. It's not generic prompt engineering advice. It's
7
+ patterns specific to this system.
8
+
9
+ ## Principles
10
+
11
+ ### 1. Teach Thinking, Not Checklists
12
+ A good prompt gives an analytical framework — *how to reason*
13
+ about a domain. A bad prompt gives a list of things to grep for.
14
+
15
+ **Good:** "Think about structural sustainability — whether the codebase
16
+ can absorb change without accumulating hidden costs. Use Fowler's debt
17
+ quadrant to classify what you find."
18
+
19
+ **Bad:** "Check for: unused imports, any types, missing interfaces,
20
+ TODO comments, console.log statements."
21
+
22
+ The checklist approach breaks when the codebase changes. The thinking
23
+ approach adapts because the agent understands *why* it's looking.
24
+
25
+ ### 2. Each Expert Owns a Domain
26
+ Every cabinet member must have a clear "Boundaries" section that
27
+ names which other cabinet members own adjacent concerns. This prevents
28
+ duplicate work and keeps each expert focused.
29
+
30
+ **Pattern:** "Mobile layout issues (that's small-screen)" /
31
+ "UI framework component choices (that's framework-quality)" / "Code quality
32
+ issues (that's technical-debt)"
33
+
34
+ When two cabinet members could plausibly flag the same thing, decide which
35
+ one owns it and update both prompts.
36
+
37
+ ### 3. Use Authoritative External Knowledge
38
+ Cabinet members should go to primary sources, not rely on baked-in
39
+ knowledge that goes stale:
40
+
41
+ - **MCP documentation servers** — your project's framework docs via
42
+ MCP tools like `list_doc_sources` and `fetch_docs`
43
+ - **llms.txt pattern** — fetch the docs index, then drill into specific
44
+ pages for detail
45
+ - **WebSearch** — verify current standards, check for ecosystem updates
46
+
47
+ **Anti-pattern:** Embedding a static list of framework components in
48
+ the prompt. It goes stale when the framework updates.
49
+
50
+ **Pattern:** Instruct the agent to fetch the framework's docs index at
51
+ start, then consult specific component pages as needed.
52
+
53
+ ### 4. Preview Tools for Runtime Evaluation
54
+ Cabinet members that evaluate the running app (usability, mobile,
55
+ accessibility, performance) should use preview tools to actually
56
+ interact with the app, not just read code and imagine.
57
+
58
+ Mark these cabinet members as `interactive-only: true` in frontmatter.
59
+
60
+ ### 5. Observations Land on the Tool
61
+ Findings are about what the *tool* should do differently, not about
62
+ what the *user* should do differently.
63
+
64
+ Usage patterns can be *evidence* ("inbox items pile up" → the routing
65
+ workflow has too much friction). But the observation is about the tool.
66
+
67
+ ### 6. Flag Divergence Without Presuming Direction
68
+ When documentation and code disagree, present both options:
69
+ - "Update the docs to match the code" OR
70
+ - "Update the code to match the documented convention"
71
+
72
+ The human decides reconciliation direction. The expert flags the gap.
73
+
74
+ ### 7. Discover, Don't Prescribe
75
+ Agents should discover the current state rather than follow hardcoded
76
+ lists that go stale.
77
+
78
+ ### 8. Acknowledge the Evolving System
79
+ Check `system-status.md` (or equivalent) and don't flag planned features
80
+ as missing. But *do* evaluate whether planned features are the right
81
+ priorities.
82
+
83
+ ### 9. Deep Over Wide
84
+ 3-5 well-researched observations with concrete evidence beat 15
85
+ shallow ones. Depth of research matters more than breadth.
86
+
87
+ ### 10. Know Your Cabinet
88
+ Each cabinet member should be aware of what the others cover. The
89
+ shared briefing (`_briefing.md`) lists the full cabinet with committees.
90
+ Individual prompts should reference specific neighbors in "Boundaries."
91
+
92
+ ## Cognitive Architecture Principles
93
+
94
+ These principles, derived from Daniel Levitin's *The Organized Mind*,
95
+ govern how the skill and cabinet member system itself is designed. They
96
+ apply to anyone creating or modifying skills, cabinet members, or the
97
+ consuming skills that invoke them. Consult the organized-mind cabinet member
98
+ for the full framework.
99
+
100
+ ### 11. Agent Isolation as Designated Places
101
+ Each cabinet member runs in its own agent context — a clean cognitive space
102
+ free from contamination by other cabinet members' findings. This is
103
+ Levitin's "designated place" principle: the hippocampus encodes fixed
104
+ locations reliably; nomadic items get lost. A cabinet member that runs in
105
+ a shared, cluttered context is a nomadic item. An agent is its
106
+ designated place.
107
+
108
+ Consuming skills (/plan, /execute, /audit) invoke cabinet members via the
109
+ Agent tool, spawning them in parallel. Each agent receives: shared
110
+ briefing + its SKILL.md + the relevant output contract + input data.
111
+ Results are collected and synthesized by the main session.
112
+
113
+ ### 12. Associative Access, Not Single-Path Retrieval
114
+ A skill or cabinet member should be findable via multiple routes — not just
115
+ its canonical name. This is why convening criteria exist: file patterns,
116
+ topic keywords, and standing-mandate declarations create multiple associative
117
+ pathways to the same expert lens. If the only way to find organized-mind
118
+ is to already know it's called "organized-mind," that's single-path
119
+ retrieval — the failure mode Levitin identifies.
120
+
121
+ When writing descriptions and convening criteria, optimize for
122
+ discoverability from multiple angles.
123
+
124
+ ### 13. Functional Grouping Over Taxonomic
125
+ The cabinet member committees (Code & Architecture, User Experience,
126
+ System Health...) are taxonomic — useful for humans reading the list.
127
+ But when a consuming skill selects cabinet members, it thinks functionally:
128
+ "which lenses are relevant to *this specific change*?" The convening
129
+ criteria are the functional index. Both indexes coexist; neither replaces
130
+ the other.
131
+
132
+ When organizing skills, ask: "Would someone looking for this by *what
133
+ it does* find it?" not just "Is it in the right category?"
134
+
135
+ ### 14. Respect the Working Memory Limit
136
+ Claude's context window is large but attention is finite. A checkpoint
137
+ that activates 7 cabinet members is viable because each runs in its own
138
+ agent. Within a single context, aim for 3-4 active concerns at a time.
139
+ Escalation logic (any block stops, 3+ conditional = block) respects
140
+ this by collapsing many verdicts into one decision.
141
+
142
+ ### 15. The Legitimate Junk Drawer
143
+ Not everything fits a category. Process-therapist doesn't cleanly belong to
144
+ any committee. Emerging cabinet members may not have clear boundaries yet.
145
+ Forcing premature classification degrades the taxonomy. The
146
+ "uncategorized" state is legitimate infrastructure, not technical debt.
147
+
148
+ ### 16. Affordances in Skill Templates
149
+ The template structure (Identity → Convening Criteria → Research Method
150
+ → Boundaries → Calibration Examples) is itself an affordance system.
151
+ Each section tells the agent *how to use the skill* without needing
152
+ external memory. If a new skill requires reading documentation outside
153
+ itself to be invoked correctly, the template has failed.
154
+
155
+ ### 17. Externalization Enables
156
+ The cabinet member cabinet isn't just a quality-checking mechanism — its
157
+ structure should reveal what dimensions of quality are covered and what
158
+ aren't. When you add a new feature area and no cabinet member covers it,
159
+ the cabinet's structure should make that gap visible. This is Levitin's
160
+ deepest claim: externalized structure doesn't just prevent errors, it
161
+ makes patterns visible that were invisible from the raw material.
162
+
163
+ ## Skill Sizing
164
+
165
+ Skills should stay under **500 lines** in their primary SKILL.md file.
166
+ This isn't arbitrary — LLMs have limited attention, and shorter skills
167
+ get followed more reliably. (Source: Anthropic's skill-creator docs.)
168
+
169
+ **When a skill approaches 500 lines:**
170
+ - Extract detailed reference material to a `REFERENCE.md` file in the
171
+ skill's directory. The SKILL.md stays lean (core workflow), the
172
+ reference file holds the detail (API specs, exhaustive examples).
173
+ - Extract extended examples to an `EXAMPLES.md` file.
174
+ - Claude Code automatically loads all `.md` files in a skill's directory,
175
+ so the extracted files remain accessible.
176
+
177
+ **When to keep a skill large (>300 lines):**
178
+ - The workflow is genuinely sequential and splitting would lose context
179
+ that earlier steps need
180
+ - The skill has multiple modes that share significant setup
181
+
182
+ **When to split:**
183
+ - A skill has 3+ independent workflows that rarely run together
184
+ - Different sections serve different consumers (e.g., a reference section
185
+ that only one skill needs should be in a separate file)
186
+
187
+ ## Behavioral Calibration Standard
188
+
189
+ Key skills should include **Without Skill (Bad) / With Skill (Good)**
190
+ calibration pairs — concrete scenarios showing what goes wrong without
191
+ the skill's guidance and how the guidance changes the outcome.
192
+
193
+ **Format:**
194
+ ```
195
+ ## Calibration
196
+
197
+ ### Without Skill (Bad)
198
+ [Concrete scenario showing what goes wrong]
199
+
200
+ ### With Skill (Good)
201
+ [Same scenario, showing how the skill's guidance changes the outcome]
202
+ ```
203
+
204
+ Calibration examples ground the skill's instructions in reality. They're
205
+ especially important for skills where "following the instructions" is
206
+ ambiguous — a /plan that produces "vague AC" vs. one that produces
207
+ "testable AC" is the difference between a session that executes cleanly
208
+ and one that stalls.
209
+
210
+ Not every skill needs these — simple utilities (/menu) don't benefit.
211
+ Focus calibration on skills where miscalibration has high cost: planning,
212
+ execution, session lifecycle, inbox processing.
213
+
214
+ ## Structural Template
215
+
216
+ Every cabinet member skill should have these sections:
217
+
218
+ ```
219
+ ---
220
+ name: cabinet-{name}
221
+ description: Rich 2-3 sentence description for ambient discovery
222
+ user-invocable: false
223
+ ---
224
+
225
+ # {Name}
226
+
227
+ ## Identity
228
+ What this expert thinks about. The analytical framework.
229
+ What makes this cabinet member unique.
230
+
231
+ ## Convening Criteria
232
+ Files: glob patterns that trigger this cabinet member
233
+ Topics: keywords that trigger this cabinet member
234
+ Standing-mandate: which skill types always activate this cabinet member
235
+
236
+ ## Research Method
237
+ Where to get information, how to investigate, what to examine.
238
+ Merged from Knowledge Base + What to Reason About + Paths.
239
+
240
+ ## Boundaries
241
+ What you do NOT examine. Which other cabinet members own it.
242
+
243
+ ## Calibration Examples
244
+ Plain-text observations (not JSON) showing the kind of things
245
+ this cabinet member notices.
246
+ ```
247
+
248
+ ## Common Failure Modes
249
+
250
+ 1. **Checklist prompt** — Lists things to grep for instead of teaching
251
+ how to think. Breaks when the codebase changes.
252
+ 2. **Stale references** — Mentions specific file paths, component names,
253
+ or conventions that no longer exist.
254
+ 3. **Boundary violation** — Produces observations that another cabinet member
255
+ owns. Creates duplicate work.
256
+ 4. **Static knowledge** — Embeds framework/library details that go stale.
257
+ Should point to live docs instead.
258
+ 5. **Vague observations** — "This could be improved" without specific
259
+ evidence or assumption. Not actionable.
260
+ 6. **Presumed direction** — "Fix this by doing X" when the right fix
261
+ might be updating the convention instead. Present options.
262
+ 7. **Passive conditional** — Uses "If this session modified X" as a gate
263
+ without a scan mechanism. Claude is expected to remember what it did,
264
+ which is exactly the kind of subjective recall that produces false
265
+ negatives. The fix: add a `git diff --name-only` + `git status` scan
266
+ before the conditional, and gate on the scan output.
@@ -0,0 +1,79 @@
1
+ #!/bin/bash
2
+ # CoR Upstream Guard — PreToolUse hook for Edit and Write tool calls
3
+ #
4
+ # Blocks modifications to files managed by Claude Cabinet. These files
5
+ # are upstream-owned: updates come through /cor-upgrade, not direct edits.
6
+ # Project-specific customization goes in briefing files and phase files.
7
+ #
8
+ # How it works:
9
+ # Reads .corrc.json manifest (list of CoR-installed files with hashes).
10
+ # If the target file_path is in the manifest, block the write.
11
+ #
12
+ # ROLLBACK: Comment out the PreToolUse entry for this hook in
13
+ # .claude/settings.json to disable it immediately.
14
+ #
15
+ # Hook contract:
16
+ # Input: $CLAUDE_TOOL_INPUT has the tool use JSON with "file_path" field
17
+ # Output: JSON on stdout with { "decision": "block"|"allow", "reason": "..." }
18
+
19
+ # Extract file_path from tool input
20
+ FILE_PATH=$(echo "$CLAUDE_TOOL_INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('file_path',''))" 2>/dev/null)
21
+
22
+ if [ -z "$FILE_PATH" ]; then
23
+ echo '{"decision":"allow"}'
24
+ exit 0
25
+ fi
26
+
27
+ # Find the project root (where .corrc.json lives)
28
+ # Walk up from current directory
29
+ find_project_root() {
30
+ local dir="$PWD"
31
+ while [ "$dir" != "/" ]; do
32
+ if [ -f "$dir/.corrc.json" ]; then
33
+ echo "$dir"
34
+ return 0
35
+ fi
36
+ dir=$(dirname "$dir")
37
+ done
38
+ return 1
39
+ }
40
+
41
+ PROJECT_ROOT=$(find_project_root)
42
+
43
+ if [ -z "$PROJECT_ROOT" ]; then
44
+ # No .corrc.json found — not a CoR project, allow everything
45
+ echo '{"decision":"allow"}'
46
+ exit 0
47
+ fi
48
+
49
+ # Resolve file_path to a relative path from project root
50
+ # Handle both absolute and relative paths
51
+ if [[ "$FILE_PATH" = /* ]]; then
52
+ # Absolute path — make relative to project root
53
+ REL_PATH="${FILE_PATH#$PROJECT_ROOT/}"
54
+ # If the path didn't change, the file is outside the project
55
+ if [ "$REL_PATH" = "$FILE_PATH" ]; then
56
+ echo '{"decision":"allow"}'
57
+ exit 0
58
+ fi
59
+ else
60
+ REL_PATH="$FILE_PATH"
61
+ fi
62
+
63
+ # Check if this relative path is in the manifest
64
+ IN_MANIFEST=$(python3 -c "
65
+ import json, sys
66
+ try:
67
+ with open('$PROJECT_ROOT/.corrc.json') as f:
68
+ data = json.load(f)
69
+ manifest = data.get('manifest', {})
70
+ print('yes' if '$REL_PATH' in manifest else 'no')
71
+ except:
72
+ print('no')
73
+ " 2>/dev/null)
74
+
75
+ if [ "$IN_MANIFEST" = "yes" ]; then
76
+ echo "{\"decision\":\"block\",\"reason\":\"Blocked: $REL_PATH is managed by Claude Cabinet. CoR-managed files are upstream-owned — edits come through /cor-upgrade, not direct modification. Put project-specific content in briefing files or phase files instead.\"}"
77
+ else
78
+ echo '{"decision":"allow"}'
79
+ fi
@@ -0,0 +1,67 @@
1
+ #!/bin/bash
2
+ # Git Guardrails — PreToolUse hook for Bash tool calls
3
+ #
4
+ # Blocks truly destructive git operations on main. Allows routine solo-dev ops.
5
+ # Single enforcement point (replaces any deny list entries in settings.json).
6
+ #
7
+ # ROLLBACK: If this hook causes problems, comment out the PreToolUse entry
8
+ # in .claude/settings.json to disable it immediately.
9
+ #
10
+ # Hook contract:
11
+ # Input: $CLAUDE_TOOL_INPUT has the tool use JSON with "command" field
12
+ # Output: JSON on stdout with { "decision": "block"|"allow", "reason": "..." }
13
+
14
+ # Read the command from the tool input
15
+ COMMAND=$(echo "$CLAUDE_TOOL_INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('command',''))" 2>/dev/null)
16
+
17
+ if [ -z "$COMMAND" ]; then
18
+ echo '{"decision":"allow"}'
19
+ exit 0
20
+ fi
21
+
22
+ # Check if command contains git operations worth blocking
23
+ # Returns the block JSON if blocked, empty string if allowed
24
+ check_command() {
25
+ local cmd="$1"
26
+
27
+ # BLOCK: force push to main/master
28
+ if echo "$cmd" | grep -qE 'git\s+push\s+.*--force(\s|$)' && echo "$cmd" | grep -qE '\b(main|master)\b'; then
29
+ echo '{"decision":"block","reason":"Blocked: force push to main/master. Use --force-with-lease for safer force push, or push to a feature branch."}'
30
+ return
31
+ fi
32
+
33
+ # BLOCK: bare force push (no explicit non-main branch)
34
+ if echo "$cmd" | grep -qE 'git\s+push\s+(-f|--force)(\s|$)' && ! echo "$cmd" | grep -qE '--force-with-lease'; then
35
+ # Allow if pushing to an explicitly named non-main branch
36
+ if echo "$cmd" | grep -qE 'git\s+push\s+(-f|--force)\s+\S+\s+\S+' && ! echo "$cmd" | grep -qE '\b(main|master)\b'; then
37
+ return # explicit remote + non-main branch is OK
38
+ fi
39
+ echo '{"decision":"block","reason":"Blocked: git push --force without specifying a non-main branch. Use --force-with-lease or specify the branch explicitly."}'
40
+ return
41
+ fi
42
+
43
+ # BLOCK: git reset --hard on main
44
+ if echo "$cmd" | grep -qE 'git\s+reset\s+--hard'; then
45
+ local current_branch
46
+ current_branch=$(git branch --show-current 2>/dev/null)
47
+ if [ "$current_branch" = "main" ] || [ "$current_branch" = "master" ]; then
48
+ echo "{\"decision\":\"block\",\"reason\":\"Blocked: git reset --hard on $current_branch. This permanently discards commits. Switch to a feature branch first, or use git reset --soft.\"}"
49
+ return
50
+ fi
51
+ fi
52
+
53
+ # BLOCK: git clean -f (deletes untracked files permanently)
54
+ if echo "$cmd" | grep -qE 'git\s+clean\s+-[a-zA-Z]*f'; then
55
+ echo '{"decision":"block","reason":"Blocked: git clean -f permanently deletes untracked files. Use git clean -n (dry run) first to see what would be deleted."}'
56
+ return
57
+ fi
58
+ }
59
+
60
+ # Check the full command (handles compound commands since grep matches substrings)
61
+ RESULT=$(check_command "$COMMAND")
62
+
63
+ if [ -n "$RESULT" ]; then
64
+ echo "$RESULT"
65
+ else
66
+ echo '{"decision":"allow"}'
67
+ fi