create-issflow 1.2.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/bin/cli.js +60 -5
- package/package.json +1 -1
- package/template/.claude/agents/e2e-runner.md +1 -0
- package/template/.claude/agents/planner.md +17 -2
- package/template/.claude/agents/synthesizer.md +3 -0
- package/template/.claude/agents/test-author.md +6 -2
- package/template/.claude/commands/change-request.md +4 -1
- package/template/.claude/commands/overview.md +34 -5
- package/template/.claude/commands/phase.md +17 -4
- package/template/.claude/commands/propose.md +13 -6
- package/template/.claude/commands/quick.md +1 -1
- package/template/.claude/commands/release.md +51 -0
- package/template/.claude/commands/replan.md +7 -2
- package/template/.claude/commands/runbook.md +38 -0
- package/template/.claude/commands/sprint.md +233 -0
- package/template/.claude/commands/uat.md +36 -0
- package/template/.claude/hooks/context-guard.js +101 -0
- package/template/.claude/hooks/lib/ctx.js +82 -0
- package/template/.claude/hooks/session-start.js +17 -0
- package/template/.claude/istartsoft-flow/METHODOLOGY.md +115 -21
- package/template/.claude/templates/proposal.html +87 -101
package/README.md
CHANGED
|
@@ -25,9 +25,9 @@ Flags:
|
|
|
25
25
|
The portable kit (every tool) in `<project>/.claude/`:
|
|
26
26
|
|
|
27
27
|
- `agents/` — planner · researcher · implementer · test-author · debugger · e2e-runner · synthesizer
|
|
28
|
-
- `commands/` — `/overview` `/propose` `/phase` `/ui-audit` `/qa-audit` `/security-audit` `/change-request` `/replan` `/quick` `/synthesize` `/store-wisdom` `/log-issue` `/log-decision` `/unstuck`
|
|
29
|
-
- `skills/` — caveman · grill-me · karpathy-guidelines · ux-design
|
|
30
|
-
- `hooks/` — session-start · pre-compact · subagent-stop
|
|
28
|
+
- `commands/` — `/overview` `/propose` `/phase` `/sprint` `/ui-audit` `/qa-audit` `/security-audit` `/release` `/uat` `/change-request` `/replan` `/quick` `/synthesize` `/runbook` `/store-wisdom` `/log-issue` `/log-decision` `/unstuck`
|
|
29
|
+
- `skills/` — caveman · grill-me · karpathy-guidelines · ux-design · security · code-standards
|
|
30
|
+
- `hooks/` — session-start · context-guard · pre-compact · subagent-stop
|
|
31
31
|
- `istartsoft-flow/METHODOLOGY.md` — the full methodology (single source of truth)
|
|
32
32
|
|
|
33
33
|
Plus a root `AGENTS.md` (the open standard) and the per-tool adapter:
|
package/bin/cli.js
CHANGED
|
@@ -107,8 +107,21 @@ function copyTemplateCommands(destDir) {
|
|
|
107
107
|
// ---- adapters (keep the methodology single-source — these POINT at it) ------
|
|
108
108
|
|
|
109
109
|
function adapterClaude() {
|
|
110
|
+
// Claude Code auto-loads CLAUDE.md only — NOT AGENTS.md. Without a CLAUDE.md
|
|
111
|
+
// the methodology never enters context on its own (the SessionStart hook still
|
|
112
|
+
// injects the per-session summary, but the full single-source doc would not
|
|
113
|
+
// load). A one-line `@AGENTS.md` import gives Claude Code the full baseline
|
|
114
|
+
// while keeping ONE source of truth — no rule is restated here (anti-drift).
|
|
115
|
+
const c0 = conflicts;
|
|
116
|
+
writeFile('CLAUDE.md', claudeMd());
|
|
117
|
+
if (conflicts > c0) warnings.push('claude: you already keep a CLAUDE.md — ours was written as CLAUDE.md.issflow-new. Add a line `@AGENTS.md` to your CLAUDE.md so the methodology auto-loads.');
|
|
118
|
+
// Context-budget watchdog config (consumed by .claude/hooks/context-guard.js).
|
|
119
|
+
// Shipped default window:0 = auto-detect; flow-config.json lives at .claude root,
|
|
120
|
+
// outside build.js's copied DIRS, so the installer writes it here.
|
|
121
|
+
writeFile('.claude/flow-config.json', flowConfig());
|
|
110
122
|
const HOOKS = {
|
|
111
123
|
SessionStart: [{ matcher: 'startup|clear|compact', hooks: [{ type: 'command', command: 'node .claude/hooks/session-start.js' }] }],
|
|
124
|
+
PreToolUse: [{ matcher: '*', hooks: [{ type: 'command', command: 'node .claude/hooks/context-guard.js' }] }],
|
|
112
125
|
PreCompact: [{ matcher: 'auto|manual', hooks: [{ type: 'command', command: 'node .claude/hooks/pre-compact.js' }] }],
|
|
113
126
|
SubagentStop: [{ hooks: [{ type: 'command', command: 'node .claude/hooks/subagent-stop.js' }] }],
|
|
114
127
|
};
|
|
@@ -176,7 +189,7 @@ function adapterAider() {
|
|
|
176
189
|
const ADAPTERS = { claude: adapterClaude, codex: adapterCodex, cursor: adapterCursor, gemini: adapterGemini, aider: adapterAider };
|
|
177
190
|
|
|
178
191
|
const NEXT_STEPS = {
|
|
179
|
-
claude: 'Open Claude Code — the SessionStart hook fires automatically. Run /overview to bootstrap.',
|
|
192
|
+
claude: 'Open Claude Code — CLAUDE.md (@AGENTS.md) loads the methodology and the SessionStart hook fires automatically. Run /overview to bootstrap.',
|
|
180
193
|
codex: 'Open Codex CLI — it reads AGENTS.md. Start by running the /overview procedure (.claude/commands/overview.md).',
|
|
181
194
|
cursor: 'Open Cursor — the rule applies automatically. Run the /overview command to bootstrap.',
|
|
182
195
|
gemini: 'Open Gemini CLI — it reads GEMINI.md. Run the SESSION-OPEN ritual, then the overview procedure.',
|
|
@@ -198,9 +211,9 @@ function agentsMd() {
|
|
|
198
211
|
'## Roles — `.claude/agents/`', '',
|
|
199
212
|
'planner · researcher · implementer · test-author · debugger · e2e-runner · synthesizer', '',
|
|
200
213
|
'## Procedures — `.claude/commands/` (run as `/name`)', '',
|
|
201
|
-
'/overview · /propose · /phase · /ui-audit · /qa-audit · /security-audit ·',
|
|
202
|
-
'/change-request · /replan · /quick · /synthesize · /
|
|
203
|
-
'/log-decision · /unstuck', '',
|
|
214
|
+
'/overview · /propose · /phase · /sprint · /ui-audit · /qa-audit · /security-audit · /release ·',
|
|
215
|
+
'/uat · /change-request · /replan · /quick · /synthesize · /runbook · /store-wisdom ·',
|
|
216
|
+
'/log-issue · /log-decision · /unstuck', '',
|
|
204
217
|
'## Skills — `.claude/skills/` (loaded on demand)', '',
|
|
205
218
|
'caveman · grill-me · karpathy-guidelines · ux-design · security (Secure SDLC) · code-standards', '',
|
|
206
219
|
'## Autonomy', '',
|
|
@@ -217,7 +230,8 @@ function agentsMd() {
|
|
|
217
230
|
'change · 9 UI conforms to the `ux-design` cookbook + wireframe frame · 10 no-rationalization ·',
|
|
218
231
|
'11 Secure SDLC: threat-model → secure coding → SAST/SCA/secrets each phase → pentest',
|
|
219
232
|
'gate + security review before deploy (`security` skill) · 12 code-standards gate:',
|
|
220
|
-
'lint/format clean + naming per language idiom + declared architecture (`code-standards`)
|
|
233
|
+
'lint/format clean + naming per language idiom + declared architecture (`code-standards`) ·',
|
|
234
|
+
'13 PLAN-APPROVAL gate: no phase/sprint starts until `docs/PLAN.md` is human-approved.', '',
|
|
221
235
|
'## Your stack', '',
|
|
222
236
|
'Declare your stack (language, framework, infra, auth, test + E2E runner,',
|
|
223
237
|
'planning source) once in `docs/OVERVIEW.md`. Every rule references *your declared',
|
|
@@ -225,6 +239,40 @@ function agentsMd() {
|
|
|
225
239
|
].join('\n');
|
|
226
240
|
}
|
|
227
241
|
|
|
242
|
+
function claudeMd() {
|
|
243
|
+
return [
|
|
244
|
+
'# CLAUDE.md — iStartSoftFlow (Claude Code entry)', '',
|
|
245
|
+
'@AGENTS.md', '',
|
|
246
|
+
'The import above is the single source of truth — it points to',
|
|
247
|
+
'`.claude/istartsoft-flow/METHODOLOGY.md` (read on demand). Do NOT restate any',
|
|
248
|
+
'rule here; this file only wires Claude-native mechanisms (anti-drift invariant).', '',
|
|
249
|
+
'## Claude-native wiring (automatic — see `.claude/settings.json`)', '',
|
|
250
|
+
'- **SessionStart** hook injects git state + `docs/STATE.md` + open `docs/ISSUES.md`',
|
|
251
|
+
' + the rule summary each session — read those first.',
|
|
252
|
+
'- **PreCompact** + **SubagentStop** hooks run their rituals automatically.',
|
|
253
|
+
'- Commands in `.claude/commands/` run as `/name`; agents in `.claude/agents/` are',
|
|
254
|
+
' native subagents.', '',
|
|
255
|
+
].join('\n');
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
function flowConfig() {
|
|
259
|
+
return JSON.stringify({
|
|
260
|
+
context: {
|
|
261
|
+
window: 0,
|
|
262
|
+
warnPct: 60,
|
|
263
|
+
gatePct: 78,
|
|
264
|
+
_note: 'Context-budget watchdog (.claude/hooks/context-guard.js, PreToolUse hook). '
|
|
265
|
+
+ 'window 0 = auto-detect from the model id (200000 for standard models). '
|
|
266
|
+
+ 'Some 1M-context models report their id WITHOUT a [1m] tag, so auto-detect '
|
|
267
|
+
+ 'assumes 200000 and may false-gate around 156k — if you run a 1M model, set '
|
|
268
|
+
+ 'window:1000000 here by hand. warnPct = soft non-blocking nudge; gatePct = hard '
|
|
269
|
+
+ 'block on NEW build work (Edit/Write-to-source/feature Task). Checkpoint paths '
|
|
270
|
+
+ '(docs/**, STATE/ISSUES/snapshots), the synthesizer subagent, and all Bash are '
|
|
271
|
+
+ 'never blocked.',
|
|
272
|
+
},
|
|
273
|
+
}, null, 2) + '\n';
|
|
274
|
+
}
|
|
275
|
+
|
|
228
276
|
// ---- main -------------------------------------------------------------------
|
|
229
277
|
|
|
230
278
|
function main() {
|
|
@@ -243,6 +291,13 @@ function main() {
|
|
|
243
291
|
writeFile(rel, fs.readFileSync(src, 'utf8'));
|
|
244
292
|
}
|
|
245
293
|
|
|
294
|
+
// 1b. integrity: confirm the methodology resolved on disk (load-bearing sentinel).
|
|
295
|
+
const methPath = path.join(CWD, '.claude', 'istartsoft-flow', 'METHODOLOGY.md');
|
|
296
|
+
const SENTINEL = 'ISTARTSOFTFLOW-AGENTS-SENTINEL-v2.0';
|
|
297
|
+
if (!DRY && (!fs.existsSync(methPath) || !fs.readFileSync(methPath, 'utf8').includes(SENTINEL))) {
|
|
298
|
+
warnings.push(`integrity: ${SENTINEL} not found in installed METHODOLOGY.md — the kit may be incomplete; re-run create-issflow (or npm run build from source).`);
|
|
299
|
+
}
|
|
300
|
+
|
|
246
301
|
// 2. AGENTS.md — the open-standard entry point.
|
|
247
302
|
writeFile('AGENTS.md', agentsMd());
|
|
248
303
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "create-issflow",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0",
|
|
4
4
|
"description": "Scaffold the iStartSoftFlow AI-coding workflow into a project. Stack-agnostic, tool-agnostic (Claude Code, Codex, Cursor, Gemini, Aider), non-destructive.",
|
|
5
5
|
"bin": {
|
|
6
6
|
"create-issflow": "bin/cli.js"
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: e2e-runner
|
|
3
|
+
description: Writes and runs functional browser E2E (your declared E2E runner, e.g. Playwright) BLIND — reads only the acceptance spec + docs/ENDPOINTS.md, never the implementation. Writes a trace to docs/research/e2e-<phase-slug>.md; returns a terse summary.
|
|
3
4
|
tools: Read, Grep, Glob, Write, Bash
|
|
4
5
|
model: opus
|
|
5
6
|
---
|
|
@@ -43,6 +43,12 @@ window. If a phase feels big, split it.
|
|
|
43
43
|
money, or PII), add a `security:` note: threat-model it (STRIDE) and fold abuse
|
|
44
44
|
cases into the acceptance criteria as negative cases; set the ASVS level (default
|
|
45
45
|
L2). This is the design stage of the Secure SDLC (`security` skill).
|
|
46
|
+
- SPRINT-READY (so the optional `/sprint` layer needs no rework): give every phase a
|
|
47
|
+
relative effort estimate `[N pts]` (Fibonacci 1/2/3/5/8) in its header, and group
|
|
48
|
+
consecutive phases under `## Sprint <n>: <name> [goal: <one-line increment>]`
|
|
49
|
+
headers — each sprint a coherent, demoable theme of a few phases. If you cannot
|
|
50
|
+
size a sprint yet, still tag the points; `/sprint plan` will do the grouping from
|
|
51
|
+
the points + capacity. A phase that feels `>8 pts` is too big — split it.
|
|
46
52
|
|
|
47
53
|
LAST PHASE RULE — the final code phase (the highest-numbered phase you write)
|
|
48
54
|
MUST contain a deployment task block:
|
|
@@ -61,11 +67,19 @@ docs/PLAN.md format:
|
|
|
61
67
|
|
|
62
68
|
# Plan: <project>
|
|
63
69
|
<!-- infra: managed (Phase 0 N/A) | self-managed (Phase 0 below) -->
|
|
70
|
+
> Approval: PENDING (hard rule 13 — PLAN-APPROVAL gate; no phase/sprint runs until a human signs this off via the `/overview` gate)
|
|
71
|
+
|
|
72
|
+
Keep the header VALUE a single leading token — `PENDING` here, later
|
|
73
|
+
`approved <date> v<n>` — so the gate readers (`/phase`, `/sprint`) match the first
|
|
74
|
+
token unambiguously. Do not put prose containing the word `approved` after a
|
|
75
|
+
`PENDING` value, or a substring check could false-pass the gate.
|
|
64
76
|
|
|
65
77
|
## Phase 0: infra setup [status: pending] ← omit entirely if infra is managed
|
|
66
78
|
|
|
67
79
|
|
|
68
|
-
##
|
|
80
|
+
## Sprint 1: <name> [goal: <one-line user-visible increment>] ← sprint headers optional; group a few phases
|
|
81
|
+
|
|
82
|
+
## Phase 1: <name> [5 pts] [status: pending]
|
|
69
83
|
|
|
70
84
|
- slice: <what works end-to-end after this phase>
|
|
71
85
|
- rationale: <why this slice, why now — the user / business value (from the PRD)>
|
|
@@ -90,4 +104,5 @@ docs/PLAN.md format:
|
|
|
90
104
|
|
|
91
105
|
```
|
|
92
106
|
Order phases by dependency. Phase 0 first IF infra is self-managed; otherwise
|
|
93
|
-
start at Phase 1.
|
|
107
|
+
start at Phase 1. Always write the `> Approval: PENDING` header — the plan is unapproved
|
|
108
|
+
until the `/overview` PLAN-APPROVAL gate stamps it (hard rule 13). Stop. Do not implement.
|
|
@@ -21,6 +21,9 @@ Do NOT touch docs/ENDPOINTS.md — owned by implementer.
|
|
|
21
21
|
- what was just completed (1-3 bullets)
|
|
22
22
|
- the immediate next action
|
|
23
23
|
- any open blocker
|
|
24
|
+
PRESERVE verbatim (never blank on rewrite): the `plan:` line (the PLAN-APPROVAL
|
|
25
|
+
sign-off record, hard rule 13) and the `sprint:` line (active-sprint marker) if
|
|
26
|
+
present — load-bearing gate/standup state, not transient progress.
|
|
24
27
|
Target: under 25 lines.
|
|
25
28
|
|
|
26
29
|
2. ISSUES.md — dedup + compress:
|
|
@@ -31,8 +31,12 @@ peek at, your blindness is STRUCTURAL, not honor-system.
|
|
|
31
31
|
|
|
32
32
|
## TWO SUITES — write BOTH
|
|
33
33
|
|
|
34
|
-
1. MOCK suite — fast, no external dependency. Mocks ONLY the external boundary
|
|
35
|
-
|
|
34
|
+
1. MOCK suite — fast, no external dependency. Mocks ONLY the external boundary
|
|
35
|
+
(the network / 3rd-party seam). Code/API-level — not browser E2E.
|
|
36
|
+
2. REAL API suite — the SAME tests with no mocks, hitting the real external
|
|
37
|
+
boundary. The phase gate runs against THIS suite (rules 5–6); a green mock
|
|
38
|
+
suite alone can never close a phase. Mock vs real is a fixture/env FLAG on the
|
|
39
|
+
same test (see Test placement), not a duplicated file.
|
|
36
40
|
|
|
37
41
|
## Test placement (regression layout)
|
|
38
42
|
|
|
@@ -44,7 +44,10 @@ gate — always interactive).
|
|
|
44
44
|
- **Approved** -> set CR status `approved`; bump PROPOSAL.md to a new version (vN+1)
|
|
45
45
|
with the delta folded in; re-render `docs/proposal.html` from it (same template +
|
|
46
46
|
language); then dispatch `/replan` to apply the phase changes to PLAN.md (done
|
|
47
|
-
phases stay frozen). Update STATE.md.
|
|
47
|
+
phases stay frozen). Update STATE.md. NOTE: `/replan` reverts PLAN.md to
|
|
48
|
+
`> Approval: PENDING` and re-runs the PLAN-APPROVAL gate (hard rule 13) — the
|
|
49
|
+
commercial CR sign-off is SEPARATE from the plan sign-off, so `/phase` and
|
|
50
|
+
`/sprint` stay blocked until you also re-approve the revised plan.
|
|
48
51
|
- **Rejected** -> set CR status `rejected`; PLAN + PROPOSAL unchanged.
|
|
49
52
|
|
|
50
53
|
## STEP 6 — RECORD
|
|
@@ -75,6 +75,20 @@ Store the round-1 answers as working context — do NOT write OVERVIEW.md yet.
|
|
|
75
75
|
|
|
76
76
|
---
|
|
77
77
|
|
|
78
|
+
### Foundations sign-off (confirm BEFORE planning)
|
|
79
|
+
|
|
80
|
+
5b. Before the `planner` runs, present the FOUNDATIONS for explicit human confirmation
|
|
81
|
+
— the whole plan is built on these, so lock them first. Show a concise summary and
|
|
82
|
+
STOP for sign-off (planning always asks, both modes):
|
|
83
|
+
- **Tech stack** — language · framework · infra · auth · datastore · test + E2E runner
|
|
84
|
+
- **Architecture** — the pattern (Feature-Based by default) + the folder layout
|
|
85
|
+
- **UX direction** — design system / tokens + the wireframe baseline (the frame)
|
|
86
|
+
- **Data & integrations** — core data model + external services + their limits
|
|
87
|
+
- **Conventions** — naming idiom (`code-standards`) + autonomy mode (AUTO / GUIDED)
|
|
88
|
+
- **Estimation config** — unit · rate card · currency · contingency (if quoting)
|
|
89
|
+
On any "change X" → revise OVERVIEW.md and re-confirm. Only a signed-off foundation
|
|
90
|
+
proceeds to the planner. (This is the planning confirmation gate.)
|
|
91
|
+
|
|
78
92
|
### Plan
|
|
79
93
|
|
|
80
94
|
6. Hand OVERVIEW.md + design-research findings to the `planner` subagent.
|
|
@@ -89,6 +103,7 @@ Store the round-1 answers as working context — do NOT write OVERVIEW.md yet.
|
|
|
89
103
|
# STATE
|
|
90
104
|
|
|
91
105
|
phase: 0 (pending)
|
|
106
|
+
plan: PENDING
|
|
92
107
|
completed: project bootstrapped — design research done, double grill done
|
|
93
108
|
blocker: none
|
|
94
109
|
|
|
@@ -97,17 +112,31 @@ blocker: none
|
|
|
97
112
|
|
|
98
113
|
9. Create empty docs/HISTORY.md.
|
|
99
114
|
|
|
100
|
-
|
|
101
|
-
11. Create docs/ENDPOINTS.md:
|
|
115
|
+
10. Create docs/ENDPOINTS.md:
|
|
102
116
|
```
|
|
103
117
|
# Endpoints — <project name>
|
|
104
118
|
> Maintained by implementer. Updated each phase.
|
|
105
119
|
> Base URL: (populated after deployment phase)
|
|
106
120
|
```
|
|
107
121
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
122
|
+
---
|
|
123
|
+
|
|
124
|
+
### PLAN-APPROVAL gate (hard rule 13 — always interactive, both modes)
|
|
125
|
+
|
|
126
|
+
11. The plan is the contract the whole AUTO dev loop builds against, so it ends with a
|
|
127
|
+
human sign-off — the planning twin of the `/propose` commercial gate.
|
|
128
|
+
|
|
129
|
+
- SHOW me PLAN.md (and note any open risks the planner flagged). **STOP for approval.**
|
|
130
|
+
- On **approval**: record the sign-off in three places —
|
|
131
|
+
1. stamp the PLAN.md header `> Approval: approved <YYYY-MM-DD> v1`;
|
|
132
|
+
2. set `plan: approved <YYYY-MM-DD>` in docs/STATE.md;
|
|
133
|
+
3. append `<YYYY-MM-DD> plan v1 approved` to docs/HISTORY.md (date-first, to
|
|
134
|
+
match the other HISTORY lines).
|
|
135
|
+
Only now may `/phase` / `/sprint` run.
|
|
136
|
+
- On **rejection / change**: revise (re-run the `planner`, or `/replan`), bump the
|
|
137
|
+
version, and re-show. The header stays `PENDING` until I approve.
|
|
138
|
+
|
|
139
|
+
AUTO governs the development loop that runs AFTER this gate, never the gate itself.
|
|
111
140
|
|
|
112
141
|
Optional next step (client / quoted work only): run `/propose` to turn this
|
|
113
142
|
OVERVIEW + PLAN into a proposal + estimate for sign-off before building. Internal or
|
|
@@ -14,12 +14,17 @@ Target phase: $ARGUMENTS (default: the phase marked pending in docs/PLAN.md)
|
|
|
14
14
|
|
|
15
15
|
## 0. PRE-FLIGHT
|
|
16
16
|
|
|
17
|
-
a.
|
|
17
|
+
a. PLAN-APPROVAL CHECK (hard rule 13): Read the docs/PLAN.md `> Approval:` header.
|
|
18
|
+
Still `PENDING` (or no header) -> STOP. The plan is not signed off; no phase may
|
|
19
|
+
start. Route me to the `/overview` PLAN-APPROVAL gate (or `/replan` then re-approve).
|
|
20
|
+
Approved -> continue.
|
|
21
|
+
|
|
22
|
+
b. INFRA CHECK (phases > 0): Read the declared infra in docs/OVERVIEW.md.
|
|
18
23
|
- Managed infra -> confirm it is reachable; no provisioning step is needed.
|
|
19
24
|
- Self-managed infra -> confirm Phase 0 (infra) ran and is healthy.
|
|
20
25
|
Surface infra + auth status before any work. Blocked infra -> STOP.
|
|
21
26
|
|
|
22
|
-
|
|
27
|
+
c. PHASE STATE CHECK: Read docs/STATE.md and docs/PLAN.md.
|
|
23
28
|
- No phase in progress, requested is next pending -> START at step 1.
|
|
24
29
|
- Same phase in-progress -> RESUME from STATE.md "next action".
|
|
25
30
|
- Different phase in-progress -> STOP. Tell me which phase is open.
|
|
@@ -27,7 +32,7 @@ b. PHASE STATE CHECK: Read docs/STATE.md and docs/PLAN.md.
|
|
|
27
32
|
phase in PLAN order. GUIDED: STOP, warn, proceed only if I confirm.
|
|
28
33
|
- Phase not in PLAN.md -> STOP. Suggest /overview or /replan.
|
|
29
34
|
|
|
30
|
-
|
|
35
|
+
d. FINAL PHASE CHECK: Read docs/PLAN.md. Is this the last phase (no further
|
|
31
36
|
pending phases after this one)? Record this as IS_FINAL_PHASE=true/false.
|
|
32
37
|
|
|
33
38
|
|
|
@@ -181,6 +186,12 @@ SECURITY GATE (rule 11 — Secure SDLC build stage):
|
|
|
181
186
|
|
|
182
187
|
Mark phase `done` in docs/PLAN.md.
|
|
183
188
|
|
|
189
|
+
SPRINT STANDUP (if a sprint is active — STATE.md shows `sprint: <n> (active)`):
|
|
190
|
+
fire the `/sprint standup` tick — append the one-line standup to
|
|
191
|
+
docs/sprints/sprint-<n>.md and update the burndown (rule: SPRINT-STANDUP ritual).
|
|
192
|
+
If all the sprint's committed phases are now done/blocked, recommend `/sprint review`
|
|
193
|
+
(or, under `/sprint run`, the driver proceeds to review automatically).
|
|
194
|
+
|
|
184
195
|
ARCHITECTURE SELF-CHECK: did this phase add/remove/rename an agent, hook, or
|
|
185
196
|
command, or change a workflow rule? YES -> run `/log-decision`. NO -> state why not.
|
|
186
197
|
|
|
@@ -221,10 +232,12 @@ After each step, update docs/STATE.md:
|
|
|
221
232
|
```
|
|
222
233
|
|
|
223
234
|
phase: <n> (in progress)
|
|
235
|
+
plan: approved <date> ← carry forward; never drop the rule-13 sign-off record
|
|
224
236
|
tdd: <true|false>
|
|
225
237
|
completed: <steps done so far>
|
|
226
238
|
next: <exact next step>
|
|
227
239
|
blocker: <none or open issue>
|
|
228
240
|
|
|
229
241
|
```
|
|
230
|
-
Keep STATE.md small — overwrite, do not append.
|
|
242
|
+
Keep STATE.md small — overwrite, do not append. Preserve the `plan:` line on every
|
|
243
|
+
overwrite (the PLAN-APPROVAL record, hard rule 13); do not blank it.
|
|
@@ -13,6 +13,12 @@ A proposal is a commercial gate: always interactive (both AUTO and GUIDED).
|
|
|
13
13
|
Read `docs/OVERVIEW.md` (scope, stack, success criteria) and `docs/PRD.md` if
|
|
14
14
|
present (else the PRD in your BMAD/iSSM). No OVERVIEW -> run `/overview` first.
|
|
15
15
|
|
|
16
|
+
PLAN-APPROVAL CHECK (hard rule 13): the proposal prices the *approved* phases, so
|
|
17
|
+
the plan is signed off first (lifecycle: plan → proposal). If `docs/PLAN.md` exists
|
|
18
|
+
and its `> Approval:` header still reads `PENDING` (or is missing), STOP and route me
|
|
19
|
+
to the `/overview` PLAN-APPROVAL gate before quoting — pricing an unapproved plan
|
|
20
|
+
re-prices on every revision.
|
|
21
|
+
|
|
16
22
|
## STEP 1 — SCOPE
|
|
17
23
|
List the deliverables (features / epics) from OVERVIEW / PRD. Mark each
|
|
18
24
|
**in-scope** or **out-of-scope** explicitly — naming out-of-scope items now is what
|
|
@@ -57,12 +63,13 @@ change-orders re-price against.
|
|
|
57
63
|
## Sign-off — approved by: ___ date: ___ version: v1
|
|
58
64
|
```
|
|
59
65
|
2. RENDER a client-facing `docs/proposal.html` from `.claude/templates/proposal.html`:
|
|
60
|
-
copy it, replace every `{{PLACEHOLDER}}`, and
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
+
copy it, replace every `{{PLACEHOLDER}}`, and fill the CONTENT in the declared
|
|
67
|
+
language (the section labels are already bilingual TH / EN). It must fit ONE A4
|
|
68
|
+
page — be terse (≈ 3–6 phase rows, ≈ 4 assumptions, short scope items); trim before
|
|
69
|
+
it spills to a second page. Fill `{{COMPANY}}` / `{{COMPANY_TAGLINE}}` / `{{LOGO}}`
|
|
70
|
+
from the ISSUING company's brand declared in OVERVIEW (or ask once) — white-label,
|
|
71
|
+
never hardcode the kit's name. Print-ready (Ctrl/Cmd-P → A4 → Save as PDF). Keep
|
|
72
|
+
PROPOSAL.md (source) and proposal.html (deliverable) in sync.
|
|
66
73
|
|
|
67
74
|
## STEP 6 — SIGN-OFF GATE
|
|
68
75
|
Show me the proposal. **STOP for approval** (commercial gate — always interactive).
|
|
@@ -14,7 +14,7 @@ Use `/quick` when ALL hold:
|
|
|
14
14
|
- not mid-phase
|
|
15
15
|
|
|
16
16
|
If any fail -> STOP, tell me, recommend `/phase`.
|
|
17
|
-
(Hard rule
|
|
17
|
+
(Hard rule 10: never route phase-worthy work through `/quick` to dodge the RED gate.)
|
|
18
18
|
|
|
19
19
|
Steps:
|
|
20
20
|
1. grep docs/ISSUES.md for anything related.
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Pre-production release pipeline — after all build phases, run the full automated gauntlet (full regression: functional / integration / e2e · all audits: UI / QA / security / code · smoke test), then hand off to manual UAT, drive the defect loop to green, produce a sign-off document, and promote to production. The automated SDLC backbone; production deploy is a human-signed hard-stop.
|
|
3
|
+
argument-hint: [optional: target env]
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
Caveman ULTRA mode. You are the ORCHESTRATOR.
|
|
7
|
+
|
|
8
|
+
Run this AFTER every build `/phase` is done (the candidate is on staging/preview).
|
|
9
|
+
AUTO runs all AUTOMATED stages without stopping; it STOPS only at the human gates —
|
|
10
|
+
UAT execution, sign-off, and the production promote (security/irreversible hard-stops).
|
|
11
|
+
Record progress in STATE.md so a resumed session continues mid-pipeline.
|
|
12
|
+
|
|
13
|
+
## STAGE 1 — FULL REGRESSION (auto)
|
|
14
|
+
Run the whole REAL corpus end-to-end: **functional + integration + e2e**
|
|
15
|
+
(`scripts/regression.sh --real`, then the declared E2E runner via `e2e-runner`).
|
|
16
|
+
Any red → `debugger` (cap 3) → fix → re-run. Must be 100% green to proceed.
|
|
17
|
+
|
|
18
|
+
## STAGE 2 — AUTO AUDITS (auto)
|
|
19
|
+
Run every whole-product audit and fold results together:
|
|
20
|
+
- `/ui-audit` · `/qa-audit` · `/security-audit`
|
|
21
|
+
- **code cleaning**: lint + format (the language's standard tool) must be clean
|
|
22
|
+
- **code optimization**: a pass for dead code, obvious N+1 / perf, bundle bloat
|
|
23
|
+
Collect every BLOCKER / HIGH / CRITICAL. Open blocker → fix → re-audit. (Security
|
|
24
|
+
fixes surface for sign-off — security is an autonomy hard-stop.)
|
|
25
|
+
|
|
26
|
+
## STAGE 3 — SMOKE TEST (auto)
|
|
27
|
+
Deploy the candidate to staging/preview; run the **smoke suite**: app boots, health
|
|
28
|
+
endpoint 200, the critical happy paths load, no console/server errors. Fail → STOP, fix.
|
|
29
|
+
|
|
30
|
+
## STAGE 4 — UAT HANDOFF (human)
|
|
31
|
+
Dispatch `/uat`: generate the all-case scenario document, hand it to the testers, and
|
|
32
|
+
WAIT. Capture their pasted results into `docs/UAT-<date>.md`. (UAT is a human gate.)
|
|
33
|
+
|
|
34
|
+
## STAGE 5 — UAT DEFECT LOOP
|
|
35
|
+
For each issue/bug reported: log to `docs/ISSUES.md` (repro from the scenario), fix
|
|
36
|
+
(`implementer`/`debugger`), re-run STAGE 1–3 for the touched area, then resubmit ONLY
|
|
37
|
+
the failed scenarios via `/uat`. Loop until ALL scenarios PASS.
|
|
38
|
+
|
|
39
|
+
## STAGE 6 — SIGN-OFF (human)
|
|
40
|
+
Produce `docs/SIGNOFF-<date>.md`: scope delivered · test + audit results summary · UAT
|
|
41
|
+
pass confirmation · known limitations · the approver/date line. **STOP for human
|
|
42
|
+
sign-off** — a release gate, always interactive in both modes.
|
|
43
|
+
|
|
44
|
+
## STAGE 7 — PROMOTE TO PRODUCTION (hard-stop)
|
|
45
|
+
On a SIGNED sign-off only: deploy to production, smoke-test prod (health 200), update
|
|
46
|
+
`docs/ENDPOINTS.md` base URL, tag the release. HISTORY line: `released v<n> (<date>)`.
|
|
47
|
+
|
|
48
|
+
## STAGE 8 — GO-LIVE & SUPPORT
|
|
49
|
+
Enter after-go-live support (hypercare): watch for incidents, keep the issue log live.
|
|
50
|
+
New scope → `/change-request` (impact + re-price + sign-off). The project is live; the
|
|
51
|
+
loop continues through change requests.
|
|
@@ -58,8 +58,13 @@ commercial impact (split/merge/reorder, a discovered technical re-slice).
|
|
|
58
58
|
reconciled corpus still passes against live services. A failure -> surface it
|
|
59
59
|
and stop before approval.
|
|
60
60
|
|
|
61
|
-
6.
|
|
62
|
-
|
|
61
|
+
6. PLAN-APPROVAL gate (hard rule 13). A re-plan reshapes UNBUILT scope, so it reverts
|
|
62
|
+
the plan to unapproved: set the PLAN.md `> Approval:` header back to `PENDING`, SHOW
|
|
63
|
+
ME the revised phase list + the regression-corpus changes, and STOP for approval.
|
|
64
|
+
On approval: re-stamp the header `approved <date> v<n+1>`, update STATE.md `plan:`,
|
|
65
|
+
and append `<date> plan v<n+1> approved (replan)` to docs/HISTORY.md (date-first,
|
|
66
|
+
matching the other HISTORY lines). `/phase` and `/sprint` stay blocked until this
|
|
67
|
+
re-stamp.
|
|
63
68
|
|
|
64
69
|
7. ARCHITECTURE SELF-CHECK: re-planning is not normally a kit-architecture
|
|
65
70
|
change. Only run /log-decision if the workflow itself changed (rare).
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Capture an operational/incident scenario in docs/RUNBOOK.md — one grep-able markdown so prod-debug knowledge isn't re-derived under pressure.
|
|
3
|
+
argument-hint: [scenario, or "from the incident we just solved"]
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
Caveman ULTRA mode.
|
|
7
|
+
|
|
8
|
+
Distill an operational scenario into docs/RUNBOOK.md. Scenario: $ARGUMENTS
|
|
9
|
+
|
|
10
|
+
This is the runbook pattern Anthropic's Security + Data-Infra teams converged on
|
|
11
|
+
independently: consolidate stack traces, dashboard signals, and the exact
|
|
12
|
+
remediation commands into ONE searchable file so the next incident is a lookup,
|
|
13
|
+
not a re-investigation.
|
|
14
|
+
|
|
15
|
+
If $ARGUMENTS says "from the incident we just solved" (or similar), distill the
|
|
16
|
+
debugging session in context — symptom, the REAL root cause, the commands that
|
|
17
|
+
fixed it — instead of asking the user to re-type it.
|
|
18
|
+
|
|
19
|
+
Append an entry to docs/RUNBOOK.md (create the file if missing). Canonical format:
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
### <scenario title — searchable, literal symptom keywords>
|
|
23
|
+
|
|
24
|
+
- trigger: <what you observe first — alert, error string, dashboard signal>
|
|
25
|
+
- diagnose: <steps/commands to confirm the real root cause>
|
|
26
|
+
- remediate: <the exact commands/actions that fix it>
|
|
27
|
+
- verify: <how to confirm recovery — what "healthy" looks like>
|
|
28
|
+
- refs: <dashboard URLs, docs, related docs/ISSUES.md titles>
|
|
29
|
+
|
|
30
|
+
```
|
|
31
|
+
Rules:
|
|
32
|
+
- title carries literal symptom keywords -> grep finds it mid-incident.
|
|
33
|
+
- remediate must be runnable as-is; no "investigate further".
|
|
34
|
+
- mark any step that is irreversible / PROD-writing with ⚠ so it's never run blind.
|
|
35
|
+
- cross-link the matching docs/ISSUES.md entry instead of duplicating root-cause prose.
|
|
36
|
+
- newest scenario at the TOP.
|
|
37
|
+
|
|
38
|
+
Confirm the entry back in 2 lines.
|