create-issflow 1.6.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -31,7 +31,7 @@ Flags:
31
31
  The portable kit (every tool) in `<project>/.claude/`:
32
32
 
33
33
  - `agents/` — planner · researcher · implementer · test-author · debugger · e2e-runner · synthesizer
34
- - `commands/` — `/overview` `/feature` `/propose` `/phase` `/sprint` `/ui-audit` `/qa-audit` `/security-audit` `/release` `/uat` `/change-request` `/replan` `/quick` `/synthesize` `/runbook` `/store-wisdom` `/log-issue` `/log-decision` `/unstuck`
34
+ - `commands/` — `/overview` `/feature` `/goal` `/propose` `/phase` `/sprint` `/ui-audit` `/qa-audit` `/security-audit` `/release` `/uat` `/change-request` `/replan` `/quick` `/synthesize` `/runbook` `/store-wisdom` `/log-issue` `/log-decision` `/unstuck`
35
35
  - `skills/` — caveman · grill-me · karpathy-guidelines · ux-design · security · code-standards
36
36
  - `hooks/` — session-start · context-guard · plan-gate (rule-13 enforcement) · pre-compact · subagent-stop · feature-gate (Stop gate for `/feature`, artifact-verified)
37
37
  - `istartsoft-flow/METHODOLOGY.md` — the full methodology (single source of truth)
package/bin/cli.js CHANGED
@@ -217,9 +217,9 @@ function agentsMd() {
217
217
  '## Roles — `.claude/agents/`', '',
218
218
  'planner · researcher · implementer · test-author · debugger · e2e-runner · synthesizer', '',
219
219
  '## Procedures — `.claude/commands/` (run as `/name`)', '',
220
- '/overview · /feature · /propose · /phase · /sprint · /ui-audit · /qa-audit · /security-audit ·',
221
- '/release · /uat · /change-request · /replan · /quick · /synthesize · /runbook · /store-wisdom ·',
222
- '/log-issue · /log-decision · /unstuck', '',
220
+ '/overview · /feature · /goal · /propose · /phase · /sprint · /ui-audit · /qa-audit ·',
221
+ '/security-audit · /release · /uat · /change-request · /replan · /quick · /synthesize ·',
222
+ '/runbook · /store-wisdom · /log-issue · /log-decision · /unstuck', '',
223
223
  '## Skills — `.claude/skills/` (loaded on demand)', '',
224
224
  'caveman · grill-me · karpathy-guidelines · ux-design · security (Secure SDLC) · code-standards', '',
225
225
  '## Autonomy', '',
@@ -237,7 +237,9 @@ function agentsMd() {
237
237
  '11 Secure SDLC: threat-model → secure coding → SAST/SCA/secrets each phase → pentest',
238
238
  'gate + security review before deploy (`security` skill) · 12 code-standards gate:',
239
239
  'lint/format clean + naming per language idiom + declared architecture (`code-standards`) ·',
240
- '13 PLAN-APPROVAL gate: no phase/sprint starts until `docs/PLAN.md` is human-approved.', '',
240
+ '13 PLAN-APPROVAL gate: no phase/sprint starts until `docs/PLAN.md` is human-approved ·',
241
+ '14 UNDERSTAND-FIRST gate: brief back any new free-text task and wait for confirm',
242
+ 'before executing (an approved PLAN/FEATURE/CR/goal is the recorded confirmation).', '',
241
243
  '## Your stack', '',
242
244
  'Declare your stack (language, framework, infra, auth, test + E2E runner,',
243
245
  'planning source) once in `docs/OVERVIEW.md`. Every rule references *your declared',
@@ -318,7 +320,10 @@ function main() {
318
320
 
319
321
  // 3b. headless feature lane (opt-in): materialize the automation templates.
320
322
  const autoDir = path.join(TPL, '.claude', 'templates', 'automation');
321
- if (CI) writeFile(path.join('.github', 'workflows', 'issflow-feature.yml'), fs.readFileSync(path.join(autoDir, 'issflow-feature.yml'), 'utf8'));
323
+ if (CI) {
324
+ writeFile(path.join('.github', 'workflows', 'issflow-feature.yml'), fs.readFileSync(path.join(autoDir, 'issflow-feature.yml'), 'utf8'));
325
+ writeFile(path.join('.github', 'workflows', 'issflow-goal.yml'), fs.readFileSync(path.join(autoDir, 'issflow-goal.yml'), 'utf8'));
326
+ }
322
327
  if (DOCKER) {
323
328
  writeFile('Dockerfile.issflow', fs.readFileSync(path.join(autoDir, 'Dockerfile'), 'utf8'));
324
329
  writeFile(path.join('scripts', 'feature-docker.js'), fs.readFileSync(path.join(autoDir, 'feature-docker.js'), 'utf8'), { exec: true });
@@ -341,6 +346,7 @@ function main() {
341
346
  for (const w of warnings) log(` ! ${w}`);
342
347
  log(NEXT_STEPS[TOOL] || NEXT_STEPS.claude);
343
348
  if (!CI && !DOCKER) log('Headless feature lane: re-run with --ci (GitHub Action) and/or --docker (container runner).');
349
+ log('New to the kit? Plain-language guide (EN/TH): https://iamstarter.github.io/istartsoftflow/how-to-use.html');
344
350
  }
345
351
 
346
352
  main();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-issflow",
3
- "version": "1.6.0",
3
+ "version": "1.7.0",
4
4
  "description": "Scaffold the iStartSoftFlow AI-coding workflow into a project. Stack-agnostic, tool-agnostic (Claude Code, Codex, Cursor, Gemini, Aider), non-destructive.",
5
5
  "bin": {
6
6
  "create-issflow": "bin/cli.js"
@@ -2,7 +2,7 @@
2
2
  name: debugger
3
3
  description: Diagnoses one specific failing test or bug in an ISOLATED context. Keeps debug noise out of the main session.
4
4
  tools: Read, Grep, Glob, Edit, Bash, Write
5
- model: opus
5
+ model: inherit
6
6
  ---
7
7
 
8
8
  You are the DEBUGGER. Caveman ULTRA mode.
@@ -2,7 +2,7 @@
2
2
  name: e2e-runner
3
3
  description: Writes and runs functional browser E2E (your declared E2E runner, e.g. Playwright) BLIND — reads the acceptance spec, OVERVIEW (stack), docs/ENDPOINTS.md, and the E2E runner config, never the implementation. Writes a trace to docs/research/e2e-<phase-slug>.md; returns a terse summary.
4
4
  tools: Read, Grep, Glob, Write, Bash
5
- model: opus
5
+ model: sonnet
6
6
  ---
7
7
 
8
8
  You are the E2E-RUNNER. Caveman ULTRA mode.
@@ -2,7 +2,7 @@
2
2
  name: implementer
3
3
  description: Implements exactly one phase from docs/PLAN.md. Writes code only — no tests. On TDD phases runs in SCAFFOLD or FILL mode. Maintains docs/ENDPOINTS.md after each phase.
4
4
  tools: Read, Grep, Glob, Edit, Write, Bash
5
- model: opus
5
+ model: inherit
6
6
  ---
7
7
 
8
8
  You are the IMPLEMENTER. Caveman ULTRA mode. Apply karpathy-guidelines skill.
@@ -2,7 +2,7 @@
2
2
  name: planner
3
3
  description: Turns research findings and OVERVIEW into a vertical-slice phase plan. Phase 0 (infra) leads only when infra is self-managed; with managed infra it is N/A. Last code phase always includes deployment. Writes docs/PLAN.md.
4
4
  tools: Read, Grep, Glob, Write
5
- model: opus
5
+ model: inherit
6
6
  ---
7
7
 
8
8
  You are the PLANNER. Caveman ULTRA mode.
@@ -2,7 +2,7 @@
2
2
  name: researcher
3
3
  description: Two-mode fact gathering. DESIGN mode: domain/constraint research before planning — discovers service limits, API contracts, architectural constraints. IMPL mode: codebase + service investigation during a phase. Always checks KB snapshot first. Always writes findings to docs/research/, returns only terse summary + path.
4
4
  tools: Read, Grep, Glob, Write, WebSearch, WebFetch
5
- model: haiku
5
+ model: sonnet
6
6
  ---
7
7
 
8
8
  You are the RESEARCHER. Caveman ULTRA mode.
@@ -2,7 +2,7 @@
2
2
  name: test-author
3
3
  description: Writes tests for a phase WITHOUT reading the implementation logic. On TDD phases, writes the suite BEFORE logic exists (RED-first). Tests behavior from the plan's acceptance spec only.
4
4
  tools: Read, Grep, Glob, Write, Bash
5
- model: opus
5
+ model: inherit
6
6
  ---
7
7
 
8
8
  You are the TEST-AUTHOR. Caveman ULTRA mode. You write UNBIASED tests.
@@ -146,6 +146,12 @@ All slices done + full feature suite green -> check gate `build-green`.
146
146
  - Self-review: reread the diff against FEATURE.md acceptance criteria — every
147
147
  criterion maps to a test; every assumption still holds.
148
148
  - Run the regression corpus (`scripts/regression.sh`) + the full real suite.
149
+ No regression corpus in this repo (fresh brownfield install)? -> run the
150
+ project's OWN full test suite (the test command declared in OVERVIEW.md, or
151
+ the repo's obvious one — package.json test script, make test, pytest, …) and
152
+ note "corpus: n/a (brownfield)" in the summary. NOTHING runnable at all ->
153
+ that is a hard-stop: a feature cannot be verified green on a repo with no
154
+ tests; say so instead of pretending.
149
155
  Green -> check gates `review-harden` + `regression-green`.
150
156
 
151
157
  ## 7. MANUAL TEST PLAN
@@ -0,0 +1,77 @@
1
+ ---
2
+ description: Goal layer — declare an OUTCOME, then let the kit drive lanes toward it until done, blocked, or budget spent. Goal-driven (stops on the outcome), not just time-driven like an interval loop.
3
+ argument-hint: [set "<outcome>" · run [id] · status · done <id> · drop <id> · "dry-run"]
4
+ ---
5
+
6
+ Caveman ULTRA mode. You are the ORCHESTRATOR. Goals live in `docs/GOALS.md`.
7
+
8
+ A GOAL is bigger than one task: "clear the approved feature queue", "get the
9
+ release candidate green", "close every open HIGH issue". The goal layer picks
10
+ the next actionable unit, routes it through the RIGHT lane (METHODOLOGY → Lane
11
+ routing), and repeats — with the same gates every lane already enforces.
12
+
13
+ DRY-RUN: with `dry-run`, `/goal run` prints the pick-order + lanes it would fire
14
+ and STOPS. `/goal set` always stops at the confirmation gate anyway.
15
+
16
+ ---
17
+
18
+ ## /goal set "<outcome>"
19
+
20
+ 1. UNDERSTAND-FIRST gate (hard rule 14) — BRIEF-BACK before writing anything:
21
+ - the outcome as YOU understand it, restated in one paragraph
22
+ - **Done when** — a measurable finish line (else the loop never terminates)
23
+ - scope / out-of-scope · assumptions · which lanes will likely fire
24
+ - **Budget** — max units per run (features/phases/quick fixes) so a runaway
25
+ goal cannot burn the wallet
26
+ STOP for explicit confirmation. Correction -> re-brief. Never skip this.
27
+ 2. On confirm, append to `docs/GOALS.md`:
28
+ ```
29
+ ## G<n> — <outcome> [active]
30
+ > Done when: <measurable condition>
31
+ > Budget: <max units per run / other caps>
32
+ > Approved: <name> <date>
33
+ ```
34
+ The `Approved:` line is what arms HEADLESS goal runs (same doctrine as the
35
+ feature lane: recorded consent, scoped to this goal).
36
+
37
+ ## /goal run [id] (default: the single active goal)
38
+
39
+ LOOP — repeat until a stop condition:
40
+ 1. PICK the next actionable unit, in this order:
41
+ a. an in-progress unit in STATE (finish what is started)
42
+ b. an APPROVED, pending `docs/features/*/FEATURE.md` that advances the goal
43
+ c. the next pending PLAN phase that advances the goal (plan must be approved — rule 13)
44
+ d. an open ISSUES.md item inside the goal's scope (route `/quick` or `/feature`)
45
+ Nothing actionable -> report + stop.
46
+ 2. ROUTE it through the lane-routing table (`/feature` · `/phase` · `/quick`).
47
+ The lane runs with ALL its own gates — the goal layer never bypasses one.
48
+ 3. TICK: append one line under the goal (`- [x] <unit> — <lane> — <result>`),
49
+ decrement budget, update STATE (`goal: G<n> (active — <units left>)`).
50
+ 4. CHECK "Done when". Met -> mark `[done]`, STATE `goal: G<n> (done)`, final
51
+ report (units shipped · parked blockers · budget used). Not met -> loop.
52
+
53
+ STOP conditions (whichever first): Done-when met · budget spent · a lane
54
+ hard-stop (surface it; headless: `BLOCKED.md` + clean exit) · nothing actionable.
55
+ Every stop produces ONE consolidated report — never a silent end.
56
+
57
+ ## /goal status · /goal done <id> · /goal drop <id>
58
+
59
+ Show goals + progress ticks · force-close (human says it's done) · abandon
60
+ (log why). Both edits keep the history lines — GOALS.md is append-style memory.
61
+
62
+ ---
63
+
64
+ ## Recurrence (running a goal on a schedule)
65
+
66
+ `/goal run` is one pass: it works until done/blocked/budget. To keep pressure on
67
+ a long goal, re-fire the pass on a schedule — host-level, not kit-level:
68
+ - **Claude Code web/desktop**: `/loop 30m /goal run` — the host's interval loop
69
+ re-invokes the pass; the goal layer supplies the state + finish line that a
70
+ bare interval loop lacks (it stops itself when Done-when is met).
71
+ - **CI (headless)**: `create-issflow --ci` also installs
72
+ `.github/workflows/issflow-goal.yml` — a cron-ready workflow that runs
73
+ `/goal run` with `ISSFLOW_HEADLESS=1` (schedule commented out by default;
74
+ uncomment to arm). The `Approved:` line in GOALS.md is the recorded consent.
75
+ - **Docker**: `node scripts/feature-docker.js` per feature stays the unit
76
+ runner; a goal pass inside a container is `claude -p "/goal run"` on the
77
+ same image (cron it with the scheduler you already have).
@@ -21,11 +21,16 @@ If any fail -> STOP, tell me, recommend `/phase`.
21
21
  (Hard rule 10: never route phase-worthy work through `/quick` to dodge the RED gate.)
22
22
 
23
23
  Steps:
24
+ 0. UNDERSTAND-FIRST (hard rule 14): brief back in 2–3 lines — the change as you
25
+ understand it · file(s) you'll touch · blast radius — and WAIT for my confirm.
26
+ One cheap turn beats redoing a misunderstood edit. (Already confirmed in this
27
+ conversation? say so and proceed — don't re-ask the same understanding.)
24
28
  1. grep docs/ISSUES.md for anything related.
25
29
  2. Make the change. Smallest diff that works.
26
30
  3. Run it — lint/typecheck/smoke. Show me result.
27
- 4. REGRESSION GUARD: run `scripts/regression.sh` (mock corpus). A break BLOCKS the
28
- `/quick` surface it to me and stop. No agent chain is added.
31
+ 4. REGRESSION GUARD: run `scripts/regression.sh` (mock corpus). No corpus in this
32
+ repo? run the project's own test suite instead (or the touched area's tests).
33
+ A break BLOCKS the `/quick` — surface it to me and stop. No agent chain is added.
29
34
  5. Error you cannot fix in 2 tries -> STOP. Recommend `/phase`.
30
35
  6. Change revealed a bug -> `/log-issue`.
31
36
  7. ARCHITECTURE SELF-CHECK: touched an agent, hook, command, or workflow rule?
@@ -139,6 +139,8 @@ emit(' Hard-stops only: security / irreversible-or-outbound actions / contradic
139
139
  emit('- caveman ULTRA mode is active.');
140
140
  emit('- PLAN-APPROVAL gate (rule 13): no /phase or /sprint while STATE `plan:` reads');
141
141
  emit(' PENDING — the plan needs a human sign-off via /overview first.');
142
+ emit('- UNDERSTAND-FIRST (rule 14): new free-text task -> brief back your understanding');
143
+ emit(' (goal · scope · assumptions · blast radius) and WAIT for confirm before executing.');
142
144
  emit('- before debugging ANY error: grep ISSUES.md AND research/INDEX.md first.');
143
145
  emit('- debug attempts: WARN at 2; cap 3. AUTO: log + park the slice + continue (batched');
144
146
  emit(' report at the phase boundary). GUIDED: stop and ask you.');
@@ -258,6 +258,20 @@ can. Escalation is at most two hops.
258
258
 
259
259
  The orchestrator ROUTES. It does not implement or debug.
260
260
 
261
+ **Model routing (per-role tiers).** Each role's `.claude/agents/<role>.md` pins a
262
+ `model:` tier suited to its work, so the RIGHT model runs each task by default:
263
+
264
+ | Role | `model:` | Why |
265
+ |------|----------|-----|
266
+ | planner · debugger · implementer · test-author | `inherit` | hardest reasoning — follows the session model the OWNER picked (`/model` / `--model`), so one choice cascades |
267
+ | researcher · e2e-runner | `sonnet` | judgment-heavy but mid-tier is the sweet spot |
268
+ | synthesizer | `haiku` | mechanical compression — cheapest tier |
269
+
270
+ Owner wants a SPECIFIC model? Edit the role's `model:` line — values `haiku` ·
271
+ `sonnet` · `opus` · `inherit` · or a full model id. The installer is
272
+ non-destructive, so your pins survive kit updates. Hosts without per-agent model
273
+ support run everything on the session model (graceful degrade).
274
+
261
275
  -----
262
276
 
263
277
  ## Procedures (the slash-command set)
@@ -272,6 +286,7 @@ Named procedures, each with a canonical body in `.claude/commands/<name>.md`.
272
286
  | New FEATURE on an existing product | `/feature` (scaffold the doc with `/feature new`) |
273
287
  | Small, obvious, non-phase change (a fix, a rename, a copy tweak) | `/quick` |
274
288
  | Scope change to already-approved work | `/change-request` |
289
+ | An OUTCOME spanning several units ("clear the feature queue") | `/goal` (drives the lanes above) |
275
290
  | Whole-product quality sweep / pre-release | `/ui-audit` · `/qa-audit` · `/security-audit` · `/release` |
276
291
 
277
292
  On ambiguity between `/quick` and `/feature`: does it add or change a public
@@ -287,6 +302,12 @@ surface or need its own acceptance criteria? -> `/feature`. Otherwise `/quick`.
287
302
  story into a PENDING doc (approval stays human). Gate checklist in
288
303
  `docs/features/<slug>/GATES.md`, enforced by the `Stop` hook with artifact
289
304
  verification. Headless-capable (CI / Docker, `ISSFLOW_HEADLESS=1`). See "Feature lane".
305
+ - **goal [set|run|status|done|drop]** — the goal layer: declare an OUTCOME with a
306
+ measurable Done-when + budget (`set`, behind the rule-14 brief-back), then
307
+ `run` loops pick-next-unit → route lane → tick until done / budget / hard-stop.
308
+ Goal-driven, not time-driven: it stops itself on the finish line. Recurrence is
309
+ host-level (interval loop or the cron-ready `issflow-goal.yml`). `docs/GOALS.md`
310
+ holds state; its `Approved:` line arms headless passes.
290
311
  - **propose** — turn approved requirements + stack into `PROPOSAL.md` (scope, phase
291
312
  breakdown, effort + cost estimate, assumptions) with a client sign-off gate.
292
313
  - **change-request** — a mid-project scope change: impact analysis + re-estimate +
@@ -441,7 +462,7 @@ Mirrors the installer's `--dry-run`. (In a dry-run, even AUTO never acts — it
441
462
 
442
463
  -----
443
464
 
444
- ## Hard rules (1–13)
465
+ ## Hard rules (1–14)
445
466
 
446
467
  1. Before debugging ANY error: grep `docs/ISSUES.md` AND `docs/research/INDEX.md`.
447
468
  The SESSION-OPEN ritual surfaces ISSUES.md — there is no excuse to miss it.
@@ -505,6 +526,16 @@ Mirrors the installer's `--dry-run`. (In a dry-run, even AUTO never acts — it
505
526
  the planning twin of the commercial sign-off gate (`/propose`). A `/replan` that
506
527
  adds or reshapes UNBUILT scope reverts the affected plan to `PENDING` and
507
528
  re-surfaces it for confirmation before those phases run.
529
+ 14. **UNDERSTAND-FIRST gate (brief-back).** No new task starts executing on an
530
+ unconfirmed understanding. Any command that takes free-text work (`/quick`,
531
+ `/change-request`, `/goal set`, the `/overview` grill) BRIEFS BACK first:
532
+ restate the task — goal · scope · out-of-scope · assumptions · plan sketch ·
533
+ blast radius — then WAIT for explicit confirmation before touching anything.
534
+ A recorded approval artifact IS the confirmation for its lane (approved
535
+ PLAN → phases · APPROVED FEATURE doc → the feature lane · approved CR → the
536
+ change · `Approved:` goal → goal runs) — that is exactly what arms headless.
537
+ Rationale: a wrong understanding burns tokens and context at 100× the cost
538
+ of one confirm turn. AUTO governs execution AFTER intake, never instead of it.
508
539
 
509
540
  -----
510
541
 
@@ -561,10 +592,13 @@ the KB. The kit works normally without a KB.
561
592
  `BLOCKED.md` (headless blocker reports).
562
593
  - `docs/WISDOM-QUEUE.md` — auto-appended wisdom candidates from feature runs;
563
594
  `/store-wisdom` reads it before pushing to the shared KB (push stays human).
564
- - `.claude/templates/automation/` — headless-runner sources (GitHub Action ·
595
+ - `.claude/templates/automation/` — headless-runner sources (GitHub Actions ·
565
596
  Dockerfile · docker wrapper), materialized by `create-issflow --ci` /
566
- `--docker` as `.github/workflows/issflow-feature.yml` · `Dockerfile.issflow` ·
567
- `scripts/feature-docker.js`.
597
+ `--docker` as `.github/workflows/issflow-feature.yml` +
598
+ `.github/workflows/issflow-goal.yml` (cron-ready, disarmed by default) ·
599
+ `Dockerfile.issflow` · `scripts/feature-docker.js`.
600
+ - `docs/GOALS.md` — the goal layer's state: one `## G<n>` block per goal
601
+ (Done-when · Budget · `Approved:` line · progress ticks). Maintained by `/goal`.
568
602
  - `.claude/templates/FEATURE-template.md` — the Feature-doc form `/feature new`
569
603
  scaffolds (Approval/Automation headers + spec sections).
570
604
  - `docs/STATE.md` — current position. Small. Rewritten, not appended.
@@ -28,6 +28,10 @@ RUN useradd --create-home --shell /bin/sh runner
28
28
  USER runner
29
29
  WORKDIR /work
30
30
 
31
+ # the mounted repo is owned by the HOST uid, not `runner` — without this every
32
+ # git command fails with "detected dubious ownership in repository".
33
+ RUN git config --global --add safe.directory '*'
34
+
31
35
  # headless marker — /feature degrades every hard-stop to a BLOCKED report + clean exit.
32
36
  ENV ISSFLOW_HEADLESS=1
33
37
 
@@ -82,16 +82,17 @@ if (useWorktree) {
82
82
  console.log(`feature-docker: parallel lane — this run is isolated in ${wt}; your checkout stays untouched.`);
83
83
  }
84
84
 
85
- console.log(`feature-docker: running /feature ${doc} in ${IMAGE} (repo mounted at /work)`);
86
- const args = [
87
- 'run', '--rm',
88
- '--entrypoint', 'claude',
89
- '-v', `${mountDir}:/work`, '-w', '/work',
90
- ];
91
- // a worktree's .git is a FILE pointing at the main repo's .git by absolute host
92
- // path — mount the main repo at that same path so git resolves inside the
93
- // container. (Path-identical mounts: Linux/macOS; on Windows use the default mode.)
94
- if (useWorktree) args.push('-v', `${repo}:${repo}`);
85
+ console.log(`feature-docker: running /feature ${doc} in ${IMAGE}`);
86
+ const args = ['run', '--rm', '--entrypoint', 'claude'];
87
+ if (useWorktree) {
88
+ // a worktree's git metadata references BOTH trees by absolute HOST path
89
+ // (.git file -> main .git/worktrees/<n>; gitdir file -> back to the worktree).
90
+ // Mount both at their host paths so every pointer resolves in-container.
91
+ // (Path-identical mounts: Linux/macOS; on Windows use the default mode.)
92
+ args.push('-v', `${repo}:${repo}`, '-v', `${mountDir}:${mountDir}`, '-w', mountDir);
93
+ } else {
94
+ args.push('-v', `${mountDir}:/work`, '-w', '/work');
95
+ }
95
96
  args.push(
96
97
  '-e', 'ANTHROPIC_API_KEY',
97
98
  '-e', 'ISSFLOW_HEADLESS=1'
@@ -66,9 +66,10 @@ jobs:
66
66
  anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
67
67
  github_token: ${{ secrets.GITHUB_TOKEN }}
68
68
  prompt: "/feature ${{ env.FEATURE_DOC }}"
69
- # Ephemeral runner = the sandbox; the Stop hook (feature-gate.js) still
70
- # enforces the gate checklist inside the run.
71
- claude_args: "--dangerously-skip-permissions"
69
+ # Broad allowlist via the documented --allowedTools flag (the ephemeral
70
+ # runner is the sandbox). The Stop hook (feature-gate.js) still enforces
71
+ # the gate checklist inside the run.
72
+ claude_args: "--allowedTools Bash,Edit,Write,Read,Glob,Grep,Task,WebFetch,WebSearch,TodoWrite"
72
73
 
73
74
  # The lane's own delivery step (git push / PR) runs inside Claude per the
74
75
  # doc's `> Automation:` header. This job only reports.
@@ -0,0 +1,48 @@
1
+ # iStartSoftFlow — scheduled goal pass (GitHub Actions).
2
+ # Installed by `npx create-issflow --ci` as .github/workflows/issflow-goal.yml.
3
+ #
4
+ # Runs ONE `/goal run` pass headless: pick next actionable unit -> route lane ->
5
+ # tick -> repeat until Done-when / budget / hard-stop. The goal's `> Approved:`
6
+ # line in docs/GOALS.md is the recorded consent that arms the run; a lane
7
+ # hard-stop writes BLOCKED.md and exits cleanly. It never merges, never deploys.
8
+ #
9
+ # DISARMED BY DEFAULT: uncomment `schedule:` to run on cron. Manual dispatch
10
+ # always works. Setup: secret ANTHROPIC_API_KEY + Actions write permissions
11
+ # (same as issflow-feature.yml).
12
+
13
+ name: issflow-goal
14
+
15
+ on:
16
+ workflow_dispatch:
17
+ inputs:
18
+ goal_id:
19
+ description: Goal id to run (blank = the single active goal)
20
+ required: false
21
+ type: string
22
+ # schedule:
23
+ # - cron: '0 1 * * 1-5' # 01:00 UTC weekdays — one pass per night
24
+
25
+ permissions:
26
+ contents: write
27
+ pull-requests: write
28
+ issues: write
29
+
30
+ jobs:
31
+ goal:
32
+ runs-on: ubuntu-latest
33
+ timeout-minutes: 120
34
+ steps:
35
+ - uses: actions/checkout@v4
36
+ with:
37
+ fetch-depth: 0
38
+
39
+ - name: Run one goal pass
40
+ uses: anthropics/claude-code-action@v1
41
+ env:
42
+ ISSFLOW_HEADLESS: "1"
43
+ with:
44
+ anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
45
+ github_token: ${{ secrets.GITHUB_TOKEN }}
46
+ prompt: "/goal run ${{ inputs.goal_id }}"
47
+ # Documented --allowedTools flag; the ephemeral runner is the sandbox.
48
+ claude_args: "--allowedTools Bash,Edit,Write,Read,Glob,Grep,Task,WebFetch,WebSearch,TodoWrite"