create-issflow 1.2.1 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -25,9 +25,9 @@ Flags:
25
25
  The portable kit (every tool) in `<project>/.claude/`:
26
26
 
27
27
  - `agents/` — planner · researcher · implementer · test-author · debugger · e2e-runner · synthesizer
28
- - `commands/` — `/overview` `/propose` `/phase` `/ui-audit` `/qa-audit` `/security-audit` `/change-request` `/replan` `/quick` `/synthesize` `/store-wisdom` `/log-issue` `/log-decision` `/unstuck`
29
- - `skills/` — caveman · grill-me · karpathy-guidelines · ux-design
30
- - `hooks/` — session-start · pre-compact · subagent-stop
28
+ - `commands/` — `/overview` `/propose` `/phase` `/sprint` `/ui-audit` `/qa-audit` `/security-audit` `/release` `/uat` `/change-request` `/replan` `/quick` `/synthesize` `/runbook` `/store-wisdom` `/log-issue` `/log-decision` `/unstuck`
29
+ - `skills/` — caveman · grill-me · karpathy-guidelines · ux-design · security · code-standards
30
+ - `hooks/` — session-start · context-guard · pre-compact · subagent-stop
31
31
  - `istartsoft-flow/METHODOLOGY.md` — the full methodology (single source of truth)
32
32
 
33
33
  Plus a root `AGENTS.md` (the open standard) and the per-tool adapter:
package/bin/cli.js CHANGED
@@ -211,9 +211,9 @@ function agentsMd() {
211
211
  '## Roles — `.claude/agents/`', '',
212
212
  'planner · researcher · implementer · test-author · debugger · e2e-runner · synthesizer', '',
213
213
  '## Procedures — `.claude/commands/` (run as `/name`)', '',
214
- '/overview · /propose · /phase · /ui-audit · /qa-audit · /security-audit ·',
215
- '/change-request · /replan · /quick · /synthesize · /runbook · /store-wisdom · /log-issue ·',
216
- '/log-decision · /unstuck', '',
214
+ '/overview · /propose · /phase · /sprint · /ui-audit · /qa-audit · /security-audit · /release ·',
215
+ '/uat · /change-request · /replan · /quick · /synthesize · /runbook · /store-wisdom ·',
216
+ '/log-issue · /log-decision · /unstuck', '',
217
217
  '## Skills — `.claude/skills/` (loaded on demand)', '',
218
218
  'caveman · grill-me · karpathy-guidelines · ux-design · security (Secure SDLC) · code-standards', '',
219
219
  '## Autonomy', '',
@@ -230,7 +230,8 @@ function agentsMd() {
230
230
  'change · 9 UI conforms to the `ux-design` cookbook + wireframe frame · 10 no-rationalization ·',
231
231
  '11 Secure SDLC: threat-model → secure coding → SAST/SCA/secrets each phase → pentest',
232
232
  'gate + security review before deploy (`security` skill) · 12 code-standards gate:',
233
- 'lint/format clean + naming per language idiom + declared architecture (`code-standards`).', '',
233
+ 'lint/format clean + naming per language idiom + declared architecture (`code-standards`) ·',
234
+ '13 PLAN-APPROVAL gate: no phase/sprint starts until `docs/PLAN.md` is human-approved.', '',
234
235
  '## Your stack', '',
235
236
  'Declare your stack (language, framework, infra, auth, test + E2E runner,',
236
237
  'planning source) once in `docs/OVERVIEW.md`. Every rule references *your declared',
@@ -265,9 +266,15 @@ function flowConfig() {
265
266
  + 'Some 1M-context models report their id WITHOUT a [1m] tag, so auto-detect '
266
267
  + 'assumes 200000 and may false-gate around 156k — if you run a 1M model, set '
267
268
  + 'window:1000000 here by hand. warnPct = soft non-blocking nudge; gatePct = hard '
268
- + 'block on NEW build work (Edit/Write-to-source/feature Task). Checkpoint paths '
269
- + '(docs/**, STATE/ISSUES/snapshots), the synthesizer subagent, and all Bash are '
270
- + 'never blocked.',
269
+ + 'block on NEW build work (Edit/Write to SOURCE files). Checkpoint paths '
270
+ + '(docs/**, STATE/ISSUES/snapshots) and all Bash are never blocked; Task '
271
+ + 'delegation is never gated (a subagent isolates noise and shrinks context).',
272
+ },
273
+ sprint: {
274
+ defaultCapacity: 8,
275
+ _note: 'Sprint layer (/sprint). defaultCapacity = points committed to the FIRST '
276
+ + 'sprint before any velocity history exists; later sprints size to the rolling '
277
+ + 'completed-velocity average. Optional — /sprint falls back to 8 if absent.',
271
278
  },
272
279
  }, null, 2) + '\n';
273
280
  }
@@ -290,6 +297,13 @@ function main() {
290
297
  writeFile(rel, fs.readFileSync(src, 'utf8'));
291
298
  }
292
299
 
300
+ // 1b. integrity: confirm the methodology resolved on disk (load-bearing sentinel).
301
+ const methPath = path.join(CWD, '.claude', 'istartsoft-flow', 'METHODOLOGY.md');
302
+ const SENTINEL = 'ISTARTSOFTFLOW-AGENTS-SENTINEL-v2.0';
303
+ if (!DRY && (!fs.existsSync(methPath) || !fs.readFileSync(methPath, 'utf8').includes(SENTINEL))) {
304
+ warnings.push(`integrity: ${SENTINEL} not found in installed METHODOLOGY.md — the kit may be incomplete; re-run create-issflow (or npm run build from source).`);
305
+ }
306
+
293
307
  // 2. AGENTS.md — the open-standard entry point.
294
308
  writeFile('AGENTS.md', agentsMd());
295
309
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-issflow",
3
- "version": "1.2.1",
3
+ "version": "1.5.0",
4
4
  "description": "Scaffold the iStartSoftFlow AI-coding workflow into a project. Stack-agnostic, tool-agnostic (Claude Code, Codex, Cursor, Gemini, Aider), non-destructive.",
5
5
  "bin": {
6
6
  "create-issflow": "bin/cli.js"
@@ -1,5 +1,6 @@
1
1
  ---
2
2
  name: e2e-runner
3
+ description: Writes and runs functional browser E2E (your declared E2E runner, e.g. Playwright) BLIND — reads the acceptance spec, OVERVIEW (stack), docs/ENDPOINTS.md, and the E2E runner config, never the implementation. Writes a trace to docs/research/e2e-<phase-slug>.md; returns a terse summary.
3
4
  tools: Read, Grep, Glob, Write, Bash
4
5
  model: opus
5
6
  ---
@@ -43,6 +43,12 @@ window. If a phase feels big, split it.
43
43
  money, or PII), add a `security:` note: threat-model it (STRIDE) and fold abuse
44
44
  cases into the acceptance criteria as negative cases; set the ASVS level (default
45
45
  L2). This is the design stage of the Secure SDLC (`security` skill).
46
+ - SPRINT-READY (so the optional `/sprint` layer needs no rework): give every phase a
47
+ relative effort estimate `[N pts]` (Fibonacci 1/2/3/5/8) in its header, and group
48
+ consecutive phases under `## Sprint <n>: <name> [goal: <one-line increment>]`
49
+ headers — each sprint a coherent, demoable theme of a few phases. If you cannot
50
+ size a sprint yet, still tag the points; `/sprint plan` will do the grouping from
51
+ the points + capacity. A phase that feels `>8 pts` is too big — split it.
46
52
 
47
53
  LAST PHASE RULE — the final code phase (the highest-numbered phase you write)
48
54
  MUST contain a deployment task block:
@@ -61,11 +67,19 @@ docs/PLAN.md format:
61
67
 
62
68
  # Plan: <project>
63
69
  <!-- infra: managed (Phase 0 N/A) | self-managed (Phase 0 below) -->
70
+ > Approval: PENDING (hard rule 13 — PLAN-APPROVAL gate; no phase/sprint runs until a human signs this off via the `/overview` gate)
71
+
72
+ Keep the header VALUE a single leading token — `PENDING` here, later
73
+ `approved <date> v<n>` — so the gate readers (`/phase`, `/sprint`) match the first
74
+ token unambiguously. Do not put prose containing the word `approved` after a
75
+ `PENDING` value, or a substring check could false-pass the gate.
64
76
 
65
77
  ## Phase 0: infra setup [status: pending] ← omit entirely if infra is managed
66
78
 
67
79
 
68
- ## Phase 1: <name> [status: pending]
80
+ ## Sprint 1: <name> [goal: <one-line user-visible increment>] ← sprint headers optional; group a few phases
81
+
82
+ ## Phase 1: <name> [5 pts] [status: pending]
69
83
 
70
84
  - slice: <what works end-to-end after this phase>
71
85
  - rationale: <why this slice, why now — the user / business value (from the PRD)>
@@ -90,4 +104,5 @@ docs/PLAN.md format:
90
104
 
91
105
  ```
92
106
  Order phases by dependency. Phase 0 first IF infra is self-managed; otherwise
93
- start at Phase 1. Stop. Do not implement.
107
+ start at Phase 1. Always write the `> Approval: PENDING` header — the plan is unapproved
108
+ until the `/overview` PLAN-APPROVAL gate stamps it (hard rule 13). Stop. Do not implement.
@@ -21,6 +21,9 @@ Do NOT touch docs/ENDPOINTS.md — owned by implementer.
21
21
  - what was just completed (1-3 bullets)
22
22
  - the immediate next action
23
23
  - any open blocker
24
+ PRESERVE verbatim (never blank on rewrite): the `plan:` line (the PLAN-APPROVAL
25
+ sign-off record, hard rule 13) and the `sprint:` line (active-sprint marker) if
26
+ present — load-bearing gate/standup state, not transient progress.
24
27
  Target: under 25 lines.
25
28
 
26
29
  2. ISSUES.md — dedup + compress:
@@ -31,8 +31,12 @@ peek at, your blindness is STRUCTURAL, not honor-system.
31
31
 
32
32
  ## TWO SUITES — write BOTH
33
33
 
34
- 1. MOCK suite — fast, no external dependency. Mocks ONLY the external boundary.
35
- No mocks on the external boundary. Code/API-level — not browser E2E.
34
+ 1. MOCK suite — fast, no external dependency. Mocks ONLY the external boundary
35
+ (the network / 3rd-party seam). Code/API-level — not browser E2E.
36
+ 2. REAL API suite — the SAME tests with no mocks, hitting the real external
37
+ boundary. The phase gate runs against THIS suite (rules 5–6); a green mock
38
+ suite alone can never close a phase. Mock vs real is a fixture/env FLAG on the
39
+ same test (see Test placement), not a duplicated file.
36
40
 
37
41
  ## Test placement (regression layout)
38
42
 
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Handle a mid-project requirement change — assess impact, re-estimate effort + cost, log the change order, then update the plan + proposal. Run whenever scope changes after the proposal is approved.
3
- argument-hint: [the requested change]
3
+ argument-hint: [the requested change · "dry-run" to preview impact without logging]
4
4
  ---
5
5
 
6
6
  Caveman ULTRA mode. You are the ORCHESTRATOR.
@@ -8,6 +8,11 @@ Caveman ULTRA mode. You are the ORCHESTRATOR.
8
8
  A change request is a COMMERCIAL event, not just a re-plan: changing scope changes
9
9
  cost and timeline. Handle it transparently and fairly. Change: $ARGUMENTS
10
10
 
11
+ DRY-RUN: if `$ARGUMENTS` contains `dry-run`/`--dry-run`, do the impact analysis +
12
+ re-estimate but EXECUTE NOTHING — print the ACTION PLAN (cost/scope/timeline delta,
13
+ files you'd touch) and STOP. No change order is logged, no plan/proposal is edited.
14
+ (METHODOLOGY → Dry-run.)
15
+
11
16
  ## PRE-FLIGHT
12
17
  Read `docs/PROPOSAL.md` (the approved baseline), `docs/PLAN.md`, `docs/STATE.md`,
13
18
  and `docs/CHANGES.md` (create if missing). No approved proposal yet -> you're still
@@ -44,7 +49,10 @@ gate — always interactive).
44
49
  - **Approved** -> set CR status `approved`; bump PROPOSAL.md to a new version (vN+1)
45
50
  with the delta folded in; re-render `docs/proposal.html` from it (same template +
46
51
  language); then dispatch `/replan` to apply the phase changes to PLAN.md (done
47
- phases stay frozen). Update STATE.md.
52
+ phases stay frozen). Update STATE.md. NOTE: `/replan` reverts PLAN.md to
53
+ `> Approval: PENDING` and re-runs the PLAN-APPROVAL gate (hard rule 13) — the
54
+ commercial CR sign-off is SEPARATE from the plan sign-off, so `/phase` and
55
+ `/sprint` stay blocked until you also re-approve the revised plan.
48
56
  - **Rejected** -> set CR status `rejected`; PLAN + PROPOSAL unchanged.
49
57
 
50
58
  ## STEP 6 — RECORD
@@ -12,7 +12,7 @@ Canonical format:
12
12
 
13
13
  ### <short error title — searchable, literal error keywords>
14
14
 
15
- - [x] open (or “- [x] resolved”)
15
+ - [ ] open (or “- [x] resolved” once fixed)
16
16
  - symptom: <what was observed>
17
17
  - root cause: <the REAL underlying cause>
18
18
  - solution: <exact fix, or “pending”>
@@ -23,6 +23,8 @@ Rules:
23
23
  - title must contain literal error keywords -> grep finds it.
24
24
  - root cause is the real cause, not "the line threw an error".
25
25
  - always fill "failed attempts" — stops repeated dead ends.
26
+ - open issues use the empty box `- [ ]`; resolved are checked `- [x] resolved`
27
+ (the SessionStart hook surfaces every `- [ ]` as open — keep the box empty until fixed).
26
28
  - open issues go at the TOP; resolved below; archived oldest at bottom.
27
29
 
28
30
  Confirm the entry back in 2 lines.
@@ -75,6 +75,20 @@ Store the round-1 answers as working context — do NOT write OVERVIEW.md yet.
75
75
 
76
76
  ---
77
77
 
78
+ ### Foundations sign-off (confirm BEFORE planning)
79
+
80
+ 5b. Before the `planner` runs, present the FOUNDATIONS for explicit human confirmation
81
+ — the whole plan is built on these, so lock them first. Show a concise summary and
82
+ STOP for sign-off (planning always asks, both modes):
83
+ - **Tech stack** — language · framework · infra · auth · datastore · test + E2E runner
84
+ - **Architecture** — the pattern (Feature-Based by default) + the folder layout
85
+ - **UX direction** — design system / tokens + the wireframe baseline (the frame)
86
+ - **Data & integrations** — core data model + external services + their limits
87
+ - **Conventions** — naming idiom (`code-standards`) + autonomy mode (AUTO / GUIDED)
88
+ - **Estimation config** — unit · rate card · currency · contingency (if quoting)
89
+ On any "change X" → revise OVERVIEW.md and re-confirm. Only a signed-off foundation
90
+ proceeds to the planner. (This is the planning confirmation gate.)
91
+
78
92
  ### Plan
79
93
 
80
94
  6. Hand OVERVIEW.md + design-research findings to the `planner` subagent.
@@ -89,6 +103,7 @@ Store the round-1 answers as working context — do NOT write OVERVIEW.md yet.
89
103
  # STATE
90
104
 
91
105
  phase: 0 (pending)
106
+ plan: PENDING
92
107
  completed: project bootstrapped — design research done, double grill done
93
108
  blocker: none
94
109
 
@@ -97,17 +112,31 @@ blocker: none
97
112
 
98
113
  9. Create empty docs/HISTORY.md.
99
114
 
100
-
101
- 11. Create docs/ENDPOINTS.md:
115
+ 10. Create docs/ENDPOINTS.md:
102
116
  ```
103
117
  # Endpoints — <project name>
104
118
  > Maintained by implementer. Updated each phase.
105
119
  > Base URL: (populated after deployment phase)
106
120
  ```
107
121
 
108
- Then stop and show me PLAN.md for approval before any phase starts. Planning ends
109
- with a human sign-off in both modes; AUTO only governs the development loop that
110
- runs AFTER the plan is approved.
122
+ ---
123
+
124
+ ### PLAN-APPROVAL gate (hard rule 13 — always interactive, both modes)
125
+
126
+ 11. The plan is the contract the whole AUTO dev loop builds against, so it ends with a
127
+ human sign-off — the planning twin of the `/propose` commercial gate.
128
+
129
+ - SHOW me PLAN.md (and note any open risks the planner flagged). **STOP for approval.**
130
+ - On **approval**: record the sign-off in three places —
131
+ 1. stamp the PLAN.md header `> Approval: approved <YYYY-MM-DD> v1`;
132
+ 2. set `plan: approved <YYYY-MM-DD>` in docs/STATE.md;
133
+ 3. append `<YYYY-MM-DD> plan v1 approved` to docs/HISTORY.md (date-first, to
134
+ match the other HISTORY lines).
135
+ Only now may `/phase` / `/sprint` run.
136
+ - On **rejection / change**: revise (re-run the `planner`, or `/replan`), bump the
137
+ version, and re-show. The header stays `PENDING` until I approve.
138
+
139
+ AUTO governs the development loop that runs AFTER this gate, never the gate itself.
111
140
 
112
141
  Optional next step (client / quoted work only): run `/propose` to turn this
113
142
  OVERVIEW + PLAN into a proposal + estimate for sign-off before building. Internal or
@@ -1,8 +1,9 @@
1
1
  ---
2
2
  description: Run one phase end-to-end. TDD phases run SCAFFOLD -> RED -> GREEN; non-TDD phases run IMPLEMENT -> TEST. Both with the debug circuit breaker and the regression guard at CLOSE.
3
- argument-hint: [phase number]
3
+ argument-hint: [phase number · "dry-run" to preview what the phase would do]
4
4
  ---
5
5
 
6
+
6
7
  Caveman ULTRA mode. You are the ORCHESTRATOR. Route work to subagents —
7
8
  you do NOT implement or debug yourself.
8
9
 
@@ -12,14 +13,28 @@ Target phase: $ARGUMENTS (default: the phase marked pending in docs/PLAN.md)
12
13
 
13
14
  ---
14
15
 
16
+ ## DRY-RUN CHECK (first — before PRE-FLIGHT)
17
+
18
+ If `$ARGUMENTS` contains `dry-run` or `--dry-run`: do the full analysis but EXECUTE
19
+ NOTHING. Print the ACTION PLAN — files you'd create/change · agents you'd dispatch ·
20
+ tests/gates you'd run · deploy target · cost/scope/risk impact — then STOP. Write,
21
+ run, commit, deploy nothing. (METHODOLOGY → Dry-run.)
22
+
23
+ ---
24
+
15
25
  ## 0. PRE-FLIGHT
16
26
 
17
- a. INFRA CHECK (phases > 0): Read the declared infra in docs/OVERVIEW.md.
27
+ a. PLAN-APPROVAL CHECK (hard rule 13): Read the docs/PLAN.md `> Approval:` header.
28
+ Still `PENDING` (or no header) -> STOP. The plan is not signed off; no phase may
29
+ start. Route me to the `/overview` PLAN-APPROVAL gate (or `/replan` then re-approve).
30
+ Approved -> continue.
31
+
32
+ b. INFRA CHECK (phases > 0): Read the declared infra in docs/OVERVIEW.md.
18
33
  - Managed infra -> confirm it is reachable; no provisioning step is needed.
19
34
  - Self-managed infra -> confirm Phase 0 (infra) ran and is healthy.
20
35
  Surface infra + auth status before any work. Blocked infra -> STOP.
21
36
 
22
- b. PHASE STATE CHECK: Read docs/STATE.md and docs/PLAN.md.
37
+ c. PHASE STATE CHECK: Read docs/STATE.md and docs/PLAN.md.
23
38
  - No phase in progress, requested is next pending -> START at step 1.
24
39
  - Same phase in-progress -> RESUME from STATE.md "next action".
25
40
  - Different phase in-progress -> STOP. Tell me which phase is open.
@@ -27,7 +42,7 @@ b. PHASE STATE CHECK: Read docs/STATE.md and docs/PLAN.md.
27
42
  phase in PLAN order. GUIDED: STOP, warn, proceed only if I confirm.
28
43
  - Phase not in PLAN.md -> STOP. Suggest /overview or /replan.
29
44
 
30
- c. FINAL PHASE CHECK: Read docs/PLAN.md. Is this the last phase (no further
45
+ d. FINAL PHASE CHECK: Read docs/PLAN.md. Is this the last phase (no further
31
46
  pending phases after this one)? Record this as IS_FINAL_PHASE=true/false.
32
47
 
33
48
 
@@ -181,6 +196,12 @@ SECURITY GATE (rule 11 — Secure SDLC build stage):
181
196
 
182
197
  Mark phase `done` in docs/PLAN.md.
183
198
 
199
+ SPRINT STANDUP (if a sprint is active — STATE.md shows `sprint: <n> (active)`):
200
+ fire the `/sprint standup` tick — append the one-line standup to
201
+ docs/sprints/sprint-<n>.md and update the burndown (rule: SPRINT-STANDUP ritual).
202
+ If all the sprint's committed phases are now done/blocked, recommend `/sprint review`
203
+ (or, under `/sprint run`, the driver proceeds to review automatically).
204
+
184
205
  ARCHITECTURE SELF-CHECK: did this phase add/remove/rename an agent, hook, or
185
206
  command, or change a workflow rule? YES -> run `/log-decision`. NO -> state why not.
186
207
 
@@ -221,10 +242,12 @@ After each step, update docs/STATE.md:
221
242
  ```
222
243
 
223
244
  phase: <n> (in progress)
245
+ plan: approved <date> ← carry forward; never drop the rule-13 sign-off record
224
246
  tdd: <true|false>
225
247
  completed: <steps done so far>
226
248
  next: <exact next step>
227
249
  blocker: <none or open issue>
228
250
 
229
251
  ```
230
- Keep STATE.md small — overwrite, do not append.
252
+ Keep STATE.md small — overwrite, do not append. Preserve the `plan:` line on every
253
+ overwrite (the PLAN-APPROVAL record, hard rule 13); do not blank it.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Turn approved requirements + tech stack into a client proposal — scope, phase breakdown, effort + cost estimate, timeline, assumptions, and a sign-off gate. Run after /overview, before building.
3
- argument-hint: [optional: rate / budget / constraints]
3
+ argument-hint: [optional: rate / budget / constraints · "dry-run" to preview]
4
4
  ---
5
5
 
6
6
  Caveman ULTRA mode. You are the ORCHESTRATOR.
@@ -9,10 +9,20 @@ Purpose: produce `docs/PROPOSAL.md` — WHAT we build, in what phases, how long,
9
9
  much, and on what assumptions — for the client to approve BEFORE any build starts.
10
10
  A proposal is a commercial gate: always interactive (both AUTO and GUIDED).
11
11
 
12
+ DRY-RUN: if `$ARGUMENTS` contains `dry-run`/`--dry-run`, do the full analysis but
13
+ EXECUTE NOTHING — print the ACTION PLAN (scope, phase breakdown, rough estimate)
14
+ and STOP. No PROPOSAL.md / proposal.html is written. (METHODOLOGY → Dry-run.)
15
+
12
16
  ## PRE-FLIGHT
13
17
  Read `docs/OVERVIEW.md` (scope, stack, success criteria) and `docs/PRD.md` if
14
18
  present (else the PRD in your BMAD/iSSM). No OVERVIEW -> run `/overview` first.
15
19
 
20
+ PLAN-APPROVAL CHECK (hard rule 13): the proposal prices the *approved* phases, so
21
+ the plan is signed off first (lifecycle: plan → proposal). If `docs/PLAN.md` exists
22
+ and its `> Approval:` header still reads `PENDING` (or is missing), STOP and route me
23
+ to the `/overview` PLAN-APPROVAL gate before quoting — pricing an unapproved plan
24
+ re-prices on every revision.
25
+
16
26
  ## STEP 1 — SCOPE
17
27
  List the deliverables (features / epics) from OVERVIEW / PRD. Mark each
18
28
  **in-scope** or **out-of-scope** explicitly — naming out-of-scope items now is what
@@ -57,12 +67,13 @@ change-orders re-price against.
57
67
  ## Sign-off — approved by: ___ date: ___ version: v1
58
68
  ```
59
69
  2. RENDER a client-facing `docs/proposal.html` from `.claude/templates/proposal.html`:
60
- copy it, replace every `{{PLACEHOLDER}}`, and LOCALISE all labels + content to the
61
- declared language (natural Thai for Thai projects; keep tech terms in English).
62
- Fill `{{COMPANY}}` / `{{LOGO}}` from the ISSUING company's brand declared in
63
- OVERVIEW (or ask once) the template is white-label, never hardcode the kit's
64
- name. It is print-ready (Save as PDF). Keep PROPOSAL.md and proposal.html in sync —
65
- the markdown is the source, the HTML is the deliverable you send the client.
70
+ copy it, replace every `{{PLACEHOLDER}}`, and fill the CONTENT in the declared
71
+ language (the section labels are already bilingual TH / EN). It must fit ONE A4
72
+ page be terse (≈ 3–6 phase rows, 4 assumptions, short scope items); trim before
73
+ it spills to a second page. Fill `{{COMPANY}}` / `{{COMPANY_TAGLINE}}` / `{{LOGO}}`
74
+ from the ISSUING company's brand declared in OVERVIEW (or ask once) white-label,
75
+ never hardcode the kit's name. Print-ready (Ctrl/Cmd-P A4 Save as PDF). Keep
76
+ PROPOSAL.md (source) and proposal.html (deliverable) in sync.
66
77
 
67
78
  ## STEP 6 — SIGN-OFF GATE
68
79
  Show me the proposal. **STOP for approval** (commercial gate — always interactive).
@@ -1,12 +1,16 @@
1
1
  ---
2
2
  description: Make a small, obvious change directly — no agent chain, no phase overhead.
3
- argument-hint: [what to change]
3
+ argument-hint: [what to change · "dry-run" to preview the edit]
4
4
  ---
5
5
 
6
6
  Caveman ULTRA mode. Apply `karpathy-guidelines` skill.
7
7
 
8
8
  Purpose: skip the orchestration tax for a 5-line fix.
9
9
 
10
+ DRY-RUN: if `$ARGUMENTS` contains `dry-run`/`--dry-run`, describe the exact edit
11
+ you'd make (file · lines · the change) and the regression you'd run, then STOP —
12
+ change nothing. (METHODOLOGY → Dry-run.)
13
+
10
14
  Use `/quick` when ALL hold:
11
15
  - change is small (under 30 lines) and obvious
12
16
  - no new vertical slice
@@ -14,7 +18,7 @@ Use `/quick` when ALL hold:
14
18
  - not mid-phase
15
19
 
16
20
  If any fail -> STOP, tell me, recommend `/phase`.
17
- (Hard rule 11: never route phase-worthy work through `/quick` to dodge the RED gate.)
21
+ (Hard rule 10: never route phase-worthy work through `/quick` to dodge the RED gate.)
18
22
 
19
23
  Steps:
20
24
  1. grep docs/ISSUES.md for anything related.
@@ -0,0 +1,55 @@
1
+ ---
2
+ description: Pre-production release pipeline — after all build phases, run the full automated gauntlet (full regression: functional / integration / e2e · all audits: UI / QA / security / code · smoke test), then hand off to manual UAT, drive the defect loop to green, produce a sign-off document, and promote to production. The automated SDLC backbone; production deploy is a human-signed hard-stop.
3
+ argument-hint: [optional: target env · "dry-run" to preview the pipeline without running it]
4
+ ---
5
+
6
+ Caveman ULTRA mode. You are the ORCHESTRATOR.
7
+
8
+ Run this AFTER every build `/phase` is done (the candidate is on staging/preview).
9
+ AUTO runs all AUTOMATED stages without stopping; it STOPS only at the human gates —
10
+ UAT execution, sign-off, and the production promote (security/irreversible hard-stops).
11
+ Record progress in STATE.md so a resumed session continues mid-pipeline.
12
+
13
+ DRY-RUN: if `$ARGUMENTS` contains `dry-run`/`--dry-run`, do the full analysis but
14
+ EXECUTE NOTHING — print the ACTION PLAN (stages, audits, deploy target, risk impact)
15
+ and STOP. Nothing is run, signed, or promoted. (METHODOLOGY → Dry-run.)
16
+
17
+ ## STAGE 1 — FULL REGRESSION (auto)
18
+ Run the whole REAL corpus end-to-end: **functional + integration + e2e**
19
+ (`scripts/regression.sh --real`, then the declared E2E runner via `e2e-runner`).
20
+ Any red → `debugger` (cap 3) → fix → re-run. Must be 100% green to proceed.
21
+
22
+ ## STAGE 2 — AUTO AUDITS (auto)
23
+ Run every whole-product audit and fold results together:
24
+ - `/ui-audit` · `/qa-audit` · `/security-audit`
25
+ - **code cleaning**: lint + format (the language's standard tool) must be clean
26
+ - **code optimization**: a pass for dead code, obvious N+1 / perf, bundle bloat
27
+ Collect every BLOCKER / HIGH / CRITICAL. Open blocker → fix → re-audit. (Security
28
+ fixes surface for sign-off — security is an autonomy hard-stop.)
29
+
30
+ ## STAGE 3 — SMOKE TEST (auto)
31
+ Deploy the candidate to staging/preview; run the **smoke suite**: app boots, health
32
+ endpoint 200, the critical happy paths load, no console/server errors. Fail → STOP, fix.
33
+
34
+ ## STAGE 4 — UAT HANDOFF (human)
35
+ Dispatch `/uat`: generate the all-case scenario document, hand it to the testers, and
36
+ WAIT. Capture their pasted results into `docs/UAT-<date>.md`. (UAT is a human gate.)
37
+
38
+ ## STAGE 5 — UAT DEFECT LOOP
39
+ For each issue/bug reported: log to `docs/ISSUES.md` (repro from the scenario), fix
40
+ (`implementer`/`debugger`), re-run STAGE 1–3 for the touched area, then resubmit ONLY
41
+ the failed scenarios via `/uat`. Loop until ALL scenarios PASS.
42
+
43
+ ## STAGE 6 — SIGN-OFF (human)
44
+ Produce `docs/SIGNOFF-<date>.md`: scope delivered · test + audit results summary · UAT
45
+ pass confirmation · known limitations · the approver/date line. **STOP for human
46
+ sign-off** — a release gate, always interactive in both modes.
47
+
48
+ ## STAGE 7 — PROMOTE TO PRODUCTION (hard-stop)
49
+ On a SIGNED sign-off only: deploy to production, smoke-test prod (health 200), update
50
+ `docs/ENDPOINTS.md` base URL, tag the release. HISTORY line: `released v<n> (<date>)`.
51
+
52
+ ## STAGE 8 — GO-LIVE & SUPPORT
53
+ Enter after-go-live support (hypercare): watch for incidents, keep the issue log live.
54
+ New scope → `/change-request` (impact + re-price + sign-off). The project is live; the
55
+ loop continues through change requests.
@@ -54,12 +54,18 @@ commercial impact (split/merge/reorder, a discovered technical re-slice).
54
54
  - A MERGE -> consolidate the merged phases' regression tests.
55
55
  - A REORDER -> keep the tests as-is (contracts are phase-independent).
56
56
  Do NOT touch phase-local `tests/phase-<n>/` here beyond renumbering dirs.
57
- After reconciling, run `scripts/regression.sh --real` to confirm the
58
- reconciled corpus still passes against live services. A failure -> surface it
59
- and stop before approval.
60
-
61
- 6. SHOW ME the revised phase list + the regression-corpus changes, and STOP for
62
- approval.
57
+ After reconciling, re-run the regression corpus to confirm it still passes:
58
+ `--real` ONLY if at least one phase is done (live services exist); on a pre-build
59
+ replan (no done phase, managed infra not yet wired) run the mock corpus instead,
60
+ or skip with a noted reason. A failure -> surface it and stop before approval.
61
+
62
+ 6. PLAN-APPROVAL gate (hard rule 13). A re-plan reshapes UNBUILT scope, so it reverts
63
+ the plan to unapproved: set the PLAN.md `> Approval:` header back to `PENDING`, SHOW
64
+ ME the revised phase list + the regression-corpus changes, and STOP for approval.
65
+ On approval: re-stamp the header `approved <date> v<n+1>`, update STATE.md `plan:`,
66
+ and append `<date> plan v<n+1> approved (replan)` to docs/HISTORY.md (date-first,
67
+ matching the other HISTORY lines). `/phase` and `/sprint` stay blocked until this
68
+ re-stamp.
63
69
 
64
70
  7. ARCHITECTURE SELF-CHECK: re-planning is not normally a kit-architecture
65
71
  change. Only run /log-decision if the workflow itself changed (rare).