learnship 2.3.5 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.cursor-plugin/plugin.json +1 -1
  3. package/README.md +34 -17
  4. package/SKILL.md +32 -11
  5. package/agents/learnship-challenger.md +9 -0
  6. package/agents/learnship-executor.md +9 -0
  7. package/agents/learnship-ideation-agent.md +9 -0
  8. package/agents/learnship-research-synthesizer.md +9 -0
  9. package/agents/learnship-roadmapper.md +9 -0
  10. package/agents/learnship-security-auditor.md +20 -1
  11. package/agents/learnship-solution-writer.md +9 -0
  12. package/agents/learnship-verifier.md +1 -1
  13. package/bin/install.js +95 -25
  14. package/cursor-rules/learnship.mdc +32 -4
  15. package/gemini-extension.json +1 -1
  16. package/hooks/learnship-context-monitor.js +6 -3
  17. package/hooks/learnship-prompt-guard.js +1 -1
  18. package/hooks/learnship-session-state.js +1 -1
  19. package/hooks/learnship-statusline.js +8 -3
  20. package/learnship/agents/challenger.md +7 -0
  21. package/learnship/agents/executor.md +7 -0
  22. package/learnship/agents/ideation-agent.md +7 -0
  23. package/learnship/agents/research-synthesizer.md +7 -0
  24. package/learnship/agents/roadmapper.md +7 -0
  25. package/learnship/agents/security-auditor.md +28 -0
  26. package/learnship/agents/solution-writer.md +7 -0
  27. package/learnship/agents/verifier.md +1 -1
  28. package/learnship/references/git-integration.md +4 -4
  29. package/learnship/references/model-profiles.md +20 -13
  30. package/learnship/references/questioning.md +1 -1
  31. package/learnship/references/verification-patterns.md +1 -1
  32. package/learnship/templates/context.md +3 -3
  33. package/learnship/templates/discussion-log.md +2 -2
  34. package/learnship/workflows/discuss-phase.md +3 -3
  35. package/learnship/workflows/execute-phase.md +4 -3
  36. package/learnship/workflows/health.md +32 -4
  37. package/learnship/workflows/new-project.md +36 -4
  38. package/learnship/workflows/quick.md +1 -1
  39. package/learnship/workflows/review.md +106 -10
  40. package/learnship/workflows/secure-phase.md +2 -0
  41. package/learnship/workflows/ship.md +43 -0
  42. package/learnship/workflows/verify-work.md +33 -0
  43. package/package.json +1 -1
@@ -69,8 +69,8 @@ Suggest the appropriate workflow slash command when relevant:
69
69
  | `/discuss-milestone` | Capture milestone-level goals before `/new-milestone` |
70
70
  | `/plan-phase [N]` | After discussing a phase — create executable plans |
71
71
  | `/execute-phase [N]` | Plans exist and are ready to run |
72
- | `/verify-work [N]` | Phase execution complete — user acceptance testing |
73
- | `/review` | Code ready for review — multi-persona quality check |
72
+ | `/verify-work [N]` | Phase execution complete — user acceptance testing (+ live UI smoke test on any MCP-enabled platform when @playwright/mcp is configured) |
73
+ | `/review` | Code ready for review — spec compliance pass then 6-persona quality review |
74
74
  | `/ship` | Tests pass, code reviewed — ship it (test → lint → commit → push → PR) |
75
75
  | `/complete-milestone` | All phases in the current milestone are done |
76
76
  | `/ls` | User asks "where are we?", "what's next?", or starts a new session |
@@ -82,14 +82,14 @@ Suggest the appropriate workflow slash command when relevant:
82
82
  | `/ideate` | Codebase-grounded idea generation (`--explore` for Socratic mode) |
83
83
  | `/challenge` | Stress-test a proposal with product + engineering forcing questions |
84
84
  | `/settings` | Change project configuration after setup |
85
- | `/health` | Project health check — stale files, uncommitted changes, config drift |
85
+ | `/health` | Project health check — stale files, uncommitted changes, config drift, numeric score 0–100 |
86
86
  | `/compound` | Just solved a problem or learned a pattern — capture it while fresh |
87
87
  | `/pause-work` | User is stopping mid-phase |
88
88
  | `/resume-work` | User is returning to an in-progress project |
89
89
  | `/guard` | Working on sensitive files — enable safety mode |
90
90
  | `/note [text]` | Quick idea capture — zero friction, no questions |
91
91
  | `/session-report` | End of session — generate summary for stakeholders |
92
- | `/secure-phase [N]` | After execution — per-phase STRIDE security verification |
92
+ | `/secure-phase [N]` | After execution — per-phase STRIDE + OWASP Top 10 security verification |
93
93
  | `/validate-phase [N]` | Retroactive test coverage audit for a completed phase |
94
94
  | `/diagnose-issues` | Batch-diagnose multiple UAT issues after `/verify-work` |
95
95
  | `/docs-update` | Generate or update project documentation |
@@ -101,6 +101,34 @@ Suggest the appropriate workflow slash command when relevant:
101
101
  | `/knowledge-base` | Aggregate learnings across sessions into searchable KNOWLEDGE.md |
102
102
  | `/transition` | Hand off project context to a new session or collaborator |
103
103
 
104
+ ## Secondary Workflows
105
+
106
+ The 20 less-frequently-used workflows below are also available on Cursor. Suggest them in the matching situation; the user can also discover them via `/help`.
107
+
108
+ | Workflow | When to suggest |
109
+ |----------|----------------|
110
+ | `/help` | User asks "what commands exist?" or wants the full reference |
111
+ | `/add-phase [description]` | Append a new phase to the end of the roadmap |
112
+ | `/insert-phase [N] [description]` | Insert urgent work between existing phases |
113
+ | `/remove-phase [N]` | Remove a future phase and renumber |
114
+ | `/research-phase [N]` | Deep phase research only — no plans yet |
115
+ | `/list-phase-assumptions [N]` | Preview intended approach before planning the phase |
116
+ | `/discovery-phase [N]` | Map an unfamiliar code area — files, deps, risks — before planning |
117
+ | `/audit-milestone` | Pre-release audit — requirement coverage + stub detection |
118
+ | `/plan-milestone-gaps` | Create fix phases from audit findings |
119
+ | `/milestone-retrospective` | 5-question retrospective after `/complete-milestone` |
120
+ | `/decision-log [description]` | Capture a decision with context, alternatives, rationale |
121
+ | `/execute-plan [N] [id]` | Re-run a single PLAN.md in isolation (e.g., after a failure) |
122
+ | `/validate-phase [N]` | (Listed in Core — also reachable here) retroactive coverage audit |
123
+ | `/add-todo [description]` | Capture an idea without interrupting flow |
124
+ | `/check-todos` | Review and act on captured todos |
125
+ | `/add-tests [N]` | Generate unit + E2E tests for a completed phase |
126
+ | `/cleanup` | Archive completed milestone phase directories |
127
+ | `/set-profile [quality\|balanced\|budget]` | One-step model-profile switch |
128
+ | `/update` | Update the learnship platform itself to the latest version |
129
+ | `/reapply-patches` | Restore local edits after an `/update` |
130
+ | `/release` | Cut a release after `/complete-milestone` (tagging, npm publish, etc.) |
131
+
104
132
  ## Planning Artifacts
105
133
 
106
134
  All project state lives in `.planning/`. Key files:
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "learnship",
3
- "version": "2.3.5",
3
+ "version": "2.4.0",
4
4
  "description": "Agentic engineering done right — 57 structured workflows, 17 specialist agent personas, persistent memory across sessions, integrated learning partner, and impeccable UI design system.",
5
5
  "author": "Favio Vazquez",
6
6
  "homepage": "https://faviovazquez.github.io/learnship/",
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // Context Monitor — PostToolUse hook
4
4
  // Reads context metrics from the statusline bridge file and injects
5
5
  // warnings when context usage is high. Makes the AGENT aware of
@@ -28,8 +28,11 @@ process.stdin.on('end', () => {
28
28
  const data = JSON.parse(input);
29
29
  const sessionId = data.session_id;
30
30
 
31
- if (!sessionId) process.exit(0);
32
- if (/[/\\]|\.\./.test(sessionId)) process.exit(0);
31
+ if (!sessionId || typeof sessionId !== 'string') process.exit(0);
32
+ // Session IDs from the host platform should be opaque tokens.
33
+ // Reject anything that could escape the temp-file naming scheme.
34
+ if (sessionId.length > 128) process.exit(0);
35
+ if (!/^[A-Za-z0-9._-]+$/.test(sessionId)) process.exit(0);
33
36
 
34
37
  // Check if context warnings are disabled via config
35
38
  const cwd = data.cwd || process.cwd();
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // Prompt Injection Guard — PreToolUse hook
4
4
  // Scans file content being written to .planning/ for prompt injection patterns.
5
5
  // Defense-in-depth: catches injected instructions before they enter agent context.
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // Session State — SessionStart hook
4
4
  // Injects project state reminder on every session start for orientation.
5
5
  // Also checks for learnship updates in the background.
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // learnship Statusline — shows model, project state, directory, and context usage
4
4
  // Installed by learnship for Claude Code and Gemini CLI.
5
5
 
@@ -101,8 +101,13 @@ function runStatusline() {
101
101
  const usableRemaining = Math.max(0, ((remaining - AUTO_COMPACT_BUFFER_PCT) / (100 - AUTO_COMPACT_BUFFER_PCT)) * 100);
102
102
  const used = Math.max(0, Math.min(100, Math.round(100 - usableRemaining)));
103
103
 
104
- // Write bridge file for context-monitor hook
105
- const sessionSafe = session && !/[/\\]|\.\./.test(session);
104
+ // Write bridge file for context-monitor hook.
105
+ // Session IDs from the host platform should be opaque tokens — refuse
106
+ // anything that could escape the temp-file naming scheme.
107
+ const sessionSafe = typeof session === 'string'
108
+ && session.length > 0
109
+ && session.length <= 128
110
+ && /^[A-Za-z0-9._-]+$/.test(session);
106
111
  if (sessionSafe) {
107
112
  try {
108
113
  const bridgePath = path.join(os.tmpdir(), `learnship-ctx-${session}.json`);
@@ -14,6 +14,13 @@ You are not here to block progress — you are here to make sure the team builds
14
14
 
15
15
  **Evidence over intuition** — ground challenges in DECISIONS.md, KNOWLEDGE.md, solutions/, and codebase docs when available.
16
16
 
17
+ ## Boundaries — what this persona does NOT do
18
+
19
+ - **Do NOT make the decision.** Your output is a verdict (proceed / rethink / reduce-scope) plus rationale. The user owns the choice.
20
+ - **Do NOT veto.** A challenger that says "no, don't build this" without offering a sharpened alternative is just an obstacle.
21
+ - **Do NOT modify code, plans, or docs.** You analyze and recommend. Other personas write.
22
+ - **Do NOT pad with general advice.** Each forcing question must be answerable with a concrete fact about *this* proposal — generic questions get dropped.
23
+
17
24
  ## Product Lens
18
25
 
19
26
  Ask 3-5 of these forcing questions:
@@ -19,6 +19,13 @@ You implement exactly what the plan specifies. You do not improve, extend, or re
19
19
 
20
20
  **Verify before committing** — use the `<verify>` field of each task to confirm it worked before the commit.
21
21
 
22
+ ## Boundaries — what this persona does NOT do
23
+
24
+ - **Do NOT improve the plan.** If the plan is wrong, surface the obstacle in SUMMARY.md and propose a deviation — do not silently "fix" the plan as you go.
25
+ - **Do NOT batch commits.** Every task gets its own commit, even if two tasks touch the same file.
26
+ - **Do NOT refactor adjacent code.** If you see a smell, note it for the next planning cycle. Touching unrelated code makes the diff impossible to review.
27
+ - **Do NOT skip the verify step.** A task without verification is a task that might not be done. If `<verify>` is absent in the plan, write a minimal verification (a node -e, a grep, a test command) before committing.
28
+
22
29
  ## Before Executing
23
30
 
24
31
  Load project context:
@@ -14,6 +14,13 @@ You generate ideas, not plans. Your output feeds into ranking and filtering —
14
14
 
15
15
  **Cross-frame is good** — if an idea spans multiple thinking frames, that's a signal of strength, not a problem.
16
16
 
17
+ ## Boundaries — what this persona does NOT do
18
+
19
+ - **Do NOT write plans.** Ideas go to the adversarial filter; plans come from the planner. If an idea wins the filter, the user runs `/plan-phase` — not you.
20
+ - **Do NOT execute or modify code.** Ideation is read-only research. You may grep, glob, and read files. You do not edit them.
21
+ - **Do NOT critique or rank.** That's the filtering step's job. Generate broadly; let the filter cut.
22
+ - **Do NOT skip the codebase grounding.** An idea with no file/pattern citation is not an idea — it is product advice. Cite specifics or drop it.
23
+
17
24
  ## Thinking Frames
18
25
 
19
26
  You'll be assigned ONE of these as your starting bias (not a constraint — follow promising threads):
@@ -26,6 +26,13 @@ Your SUMMARY.md is consumed by the roadmapper (or the planning step) which uses
26
26
 
27
27
  **Be opinionated.** The roadmapper needs clear recommendations, not wishy-washy summaries.
28
28
 
29
+ ## Boundaries — what this persona does NOT do
30
+
31
+ - **Do NOT run new research.** Your job is to synthesize what's already in `.planning/research/`. If a gap exists, flag it for follow-up — don't try to fill it yourself with web searches.
32
+ - **Do NOT modify the 4 source research files.** They are inputs. Edit only SUMMARY.md.
33
+ - **Do NOT make roadmap decisions.** Surface implications and gaps for the roadmapper; let the roadmapper structure phases.
34
+ - **Do NOT concatenate.** If SUMMARY.md reads like a TOC of the 4 input files, you haven't synthesized — you've copied. Find the cross-cutting threads.
35
+
29
36
  ## Execution Flow
30
37
 
31
38
  ### Step 1: Read Research Files
@@ -22,6 +22,13 @@ You are invoked by `/new-project` (after research + requirements) or `/new-miles
22
22
 
23
23
  **Right-sized phases:** Too small = overhead. Too large = risk. Aim for phases that take 1-3 planning sessions to complete.
24
24
 
25
+ ## Boundaries — what this persona does NOT do
26
+
27
+ - **Do NOT write PLAN.md files.** The roadmap is a map of phases, not their implementation. PLAN.md is the planner's job, one phase at a time, on demand.
28
+ - **Do NOT invent requirements.** If a requirement isn't in REQUIREMENTS.md or PROJECT.md, flag it for the user — don't silently extend scope.
29
+ - **Do NOT modify research or requirements.** They are inputs. Write ROADMAP.md only.
30
+ - **Do NOT skip success criteria.** Every phase needs observable, testable success criteria. If you can't name them, the phase is the wrong shape.
31
+
25
32
  ## Phase Structure
26
33
 
27
34
  Each phase in the roadmap must include:
@@ -26,6 +26,15 @@ Before auditing, load project context:
26
26
  3. Read `.planning/config.json` for security enforcement settings
27
27
  </project_context>
28
28
 
29
+ <boundaries>
30
+ ## Boundaries — what this persona does NOT do
31
+
32
+ - **Do NOT modify source code.** You are read-only on the codebase. The only file you write is `SECURITY.md` (or an equivalent report).
33
+ - **Do NOT fix vulnerabilities you find.** Document them with severity, mitigation suggestions, and verification steps — let the executor or debugger fix.
34
+ - **Do NOT skip threats listed in PLAN.md.** If the plan declared a threat (S/T/R/I/D/E), you must explicitly classify whether it is mitigated, partially mitigated, or unaddressed.
35
+ - **Do NOT block on uncertainty.** When a mitigation is ambiguous, mark it `needs-human-review` rather than refusing to produce SECURITY.md.
36
+ </boundaries>
37
+
29
38
  <audit_methodology>
30
39
 
31
40
  ## STRIDE Categories
@@ -50,6 +59,25 @@ For each file modified in this phase:
50
59
  5. **Error handling** — Do errors leak implementation details?
51
60
  6. **Dependencies** — Are there known vulnerabilities in new dependencies?
52
61
 
62
+ ## OWASP Top 10 (2021) Cross-Reference
63
+
64
+ For every audit, cross-map STRIDE findings against the OWASP Top 10. For each category, mark as **Relevant** (check it), **N/A** (not applicable to this phase's changes), or **Found** (issue exists).
65
+
66
+ | # | OWASP Category | STRIDE | What to look for |
67
+ |---|---------------|--------|-----------------|
68
+ | A01 | Broken Access Control | E | Missing authz checks, IDOR, path traversal, CORS misconfiguration |
69
+ | A02 | Cryptographic Failures | I | Plaintext secrets, weak ciphers, no TLS, sensitive data in logs/URLs |
70
+ | A03 | Injection | T | SQL, command, LDAP, XPath, template injection; unsanitized user input |
71
+ | A04 | Insecure Design | S/T/E | No rate limiting, unsafe business logic, missing threat model |
72
+ | A05 | Security Misconfiguration | S/I/E | Debug mode on, default credentials, verbose errors, open cloud storage |
73
+ | A06 | Vulnerable Components | T/I/E | Outdated dependencies, known CVEs, unmaintained packages |
74
+ | A07 | Auth Failures | S | Weak/missing passwords, broken session management, no account lockout |
75
+ | A08 | Software/Data Integrity | T | Unsigned updates, unsafe deserialization, CI without integrity checks |
76
+ | A09 | Logging/Monitoring Failures | R | No audit trail, sensitive data in logs, missing alerting on auth failures |
77
+ | A10 | SSRF | T/I | User-controlled URLs fetched server-side, internal service enumeration |
78
+
79
+ Include an OWASP coverage table in SECURITY.md. For irrelevant categories, a single "N/A — [reason]" is sufficient. Never skip a category entirely — the coverage table proves exhaustiveness.
80
+
53
81
  ## Threat Classification
54
82
 
55
83
  For each identified concern:
@@ -21,6 +21,13 @@ Load context:
21
21
  2. Read conversation history for the problem and solution
22
22
  3. Search `.planning/solutions/` for existing related docs
23
23
 
24
+ ## Boundaries — what this persona does NOT do
25
+
26
+ - **Do NOT modify source code.** Solutions are documentation of what already happened. The fix lives in git history; the solution file lives in `.planning/solutions/`.
27
+ - **Do NOT invent details.** Every field (problem, root cause, solution, prevention) must come from the conversation or repo evidence — never fabricated for completeness.
28
+ - **Do NOT duplicate.** Search `.planning/solutions/` first. If a near-duplicate exists, append/update it rather than creating a parallel doc.
29
+ - **Do NOT skip frontmatter.** YAML frontmatter is what makes solutions searchable by future planning. A solution without it is invisible.
30
+
24
31
  ## Classification
25
32
 
26
33
  Determine the **track** from the problem_type:
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: learnship-verifier
3
3
  description: Verifies that a phase goal was actually achieved after execution — checks must_haves, requirement coverage, and integration links. Spawned by execute-phase on platforms with subagent support.
4
- tools: Read, Bash, Glob, Grep
4
+ tools: Read, Write, Bash, Glob, Grep
5
5
  color: purple
6
6
  ---
7
7
 
@@ -226,14 +226,14 @@ Each plan produces 2-4 commits (tasks + metadata). Clear, granular, bisectable.
226
226
  ## Why Per-Task Commits?
227
227
 
228
228
  **Context engineering for AI:**
229
- - Git history becomes primary context source for future Claude sessions
229
+ - Git history becomes primary context source for future agent sessions
230
230
  - `git log --grep="{phase}-{plan}"` shows all work for a plan
231
231
  - `git diff <hash>^..<hash>` shows exact changes per task
232
232
  - Less reliance on parsing SUMMARY.md = more context for actual work
233
233
 
234
234
  **Failure recovery:**
235
235
  - Task 1 committed ✅, Task 2 failed ❌
236
- - Claude in next session: sees task 1 complete, can retry task 2
236
+ - Agent in next session: sees task 1 complete, can retry task 2
237
237
  - Can `git reset --hard` to last successful task
238
238
 
239
239
  **Debugging:**
@@ -242,8 +242,8 @@ Each plan produces 2-4 commits (tasks + metadata). Clear, granular, bisectable.
242
242
  - Each commit is independently revertable
243
243
 
244
244
  **Observability:**
245
- - Solo developer + Claude workflow benefits from granular attribution
245
+ - Solo developer + agent workflow benefits from granular attribution
246
246
  - Atomic commits are git best practice
247
- - "Commit noise" irrelevant when consumer is Claude, not humans
247
+ - "Commit noise" irrelevant when consumer is the agent, not humans
248
248
 
249
249
  </commit_strategy_rationale>
@@ -4,18 +4,25 @@ Model profiles control which AI model tier each learnship agent uses. Profiles a
4
4
 
5
5
  ## Profile Definitions
6
6
 
7
- | Agent | `quality` | `balanced` | `budget` |
8
- |-------|-----------|------------|----------|
9
- | planner | large | large | medium |
10
- | executor | large | medium | medium |
11
- | phase-researcher | large | medium | small |
12
- | debugger | large | medium | medium |
13
- | verifier | medium | medium | small |
14
- | plan-checker | medium | medium | small |
15
- | solution-writer | medium | medium | small |
16
- | code-reviewer | large | medium | medium |
17
- | challenger | large | medium | medium |
18
- | ideation-agent | large | medium | small |
7
+ | Agent | `quality` | `balanced` | `budget` | Notes |
8
+ |-------|-----------|------------|----------|-------|
9
+ | planner | large | large | medium | Always large — planning is where architecture decisions happen. |
10
+ | executor | large | medium | medium | Follows explicit PLAN.md; reasoning is in the plan, not the agent. |
11
+ | phase-researcher | large | medium | small | Codebase-only research; no web search needed. |
12
+ | project-researcher | large | medium | small | Greenfield research; uses web search to discover ecosystem. |
13
+ | research-synthesizer | medium | medium | small | Reads research files and produces SUMMARY.md. |
14
+ | researcher | large | medium | small | General-purpose research used across many workflows. |
15
+ | roadmapper | large | medium | small | Maps requirements to phases; needs strong scope reasoning. |
16
+ | debugger | large | medium | medium | Root-cause investigation needs broad reasoning. |
17
+ | verifier | medium | medium | small | Goal-backward checking, mostly structural. |
18
+ | plan-checker | medium | medium | small | Plan completeness checks (vertical-slice, wave correctness). |
19
+ | solution-writer | medium | medium | small | Captures solved problems while context is fresh. |
20
+ | code-reviewer | large | medium | medium | Multi-persona review; needs to reason about correctness + security + perf. |
21
+ | challenger | large | medium | medium | Stress-tests proposals; needs strong adversarial reasoning. |
22
+ | ideation-agent | large | medium | small | Generates ideas across creative frames. |
23
+ | security-auditor | large | medium | medium | STRIDE threat modeling; rigorous reasoning required. |
24
+ | doc-writer | medium | medium | small | Writes/updates docs from live code; structural task. |
25
+ | doc-verifier | medium | medium | small | Checks docs match code; pattern matching. |
19
26
 
20
27
  ## Platform Model Resolution
21
28
 
@@ -23,7 +30,7 @@ Each tier resolves to the best available model on your platform:
23
30
 
24
31
  | Tier | Anthropic (Claude Code) | Google (Gemini CLI) | OpenAI (Codex CLI) | Windsurf / Cursor / OpenCode |
25
32
  |------|------------------------|--------------------|--------------------|-----------------------------|
26
- | `large` | Claude Opus 4.6 | Gemini 3.1 Pro | GPT-5.4 | Uses platform default (best available) |
33
+ | `large` | Claude Opus 4.7 | Gemini 3.1 Pro | GPT-5.4 | Uses platform default (best available) |
27
34
  | `medium` | Claude Sonnet 4.6 | Gemini 3.1 Flash | GPT-5.4-mini | Uses platform default |
28
35
  | `small` | Claude Haiku 4.5 | Gemini 3.1 Flash-Lite | GPT-5.4-nano | Uses platform default |
29
36
 
@@ -155,7 +155,7 @@ Loop until "Create PROJECT.md" selected.
155
155
  - **Rushing** — Minimizing questions to get to "the work"
156
156
  - **Shallow acceptance** — Taking vague answers without probing
157
157
  - **Premature constraints** — Asking about tech stack before understanding the idea
158
- - **User skills** — NEVER ask about user's technical experience. Claude builds.
158
+ - **User skills** — NEVER ask about user's technical experience. The agent builds.
159
159
 
160
160
  </anti_patterns>
161
161
 
@@ -599,7 +599,7 @@ Some things can't be verified programmatically. Flag these for human testing:
599
599
  ## Pre-Checkpoint Automation
600
600
 
601
601
  Key principles for automation-first verification:
602
- - Claude sets up verification environment BEFORE presenting checkpoints
602
+ - The agent sets up verification environment BEFORE presenting checkpoints
603
603
  - Users never run CLI commands (visit URLs only)
604
604
  - Server lifecycle: start before checkpoint, handle port conflicts, keep running for duration
605
605
  - CLI installation: auto-install where safe, checkpoint for user choice otherwise
@@ -28,7 +28,7 @@ Implementation decisions captured during `discuss-phase [N]`. This file is the p
28
28
  ### [Area 3 that was discussed]
29
29
  - **D-04:** [Specific decision made]
30
30
 
31
- ### Claude's Discretion
31
+ ### Agent's Discretion
32
32
  [Areas where user explicitly said "you decide" — the agent has flexibility here during planning/implementation]
33
33
 
34
34
  </decisions>
@@ -122,7 +122,7 @@ Display posts from followed users in a scrollable feed. Users can view posts and
122
122
  - Friendly illustration + "Follow people to see posts here"
123
123
  - Suggest 3-5 accounts to follow based on interests
124
124
 
125
- ### Claude's Discretion
125
+ ### Agent's Discretion
126
126
  - Loading skeleton design
127
127
  - Exact spacing and typography
128
128
  - Error state handling
@@ -185,7 +185,7 @@ CLI command to backup database to local file or S3. Supports full and incrementa
185
185
  - --no-retry flag to fail fast
186
186
  - Partial backups are deleted on failure (no corrupt files)
187
187
 
188
- ### Claude's Discretion
188
+ ### Agent's Discretion
189
189
  - Exact progress bar implementation
190
190
  - Compression algorithm choice
191
191
  - Temp file handling
@@ -35,9 +35,9 @@ created: [date]
35
35
 
36
36
  ---
37
37
 
38
- ## Claude's Discretion
38
+ ## Agent's Discretion
39
39
 
40
- [Areas delegated to Claude's judgment — list what was deferred and why]
40
+ [Areas delegated to agent's judgment — list what was deferred and why]
41
41
 
42
42
  ## Deferred Ideas
43
43
 
@@ -20,7 +20,7 @@ Extract implementation decisions that downstream planning needs. Analyze the pha
20
20
 
21
21
  2. **Planner** — Reads CONTEXT.md to know WHAT decisions are locked
22
22
  - "Pull-to-refresh on mobile" → planner includes that in task specs
23
- - "Claude's Discretion: loading skeleton" → planner can decide approach
23
+ - "Agent's Discretion: loading skeleton" → planner can decide approach
24
24
 
25
25
  **Your job:** Capture decisions clearly enough that downstream agents can act on them without asking the user again.
26
26
 
@@ -305,7 +305,7 @@ Write `.planning/phases/[padded_phase]-[phase_slug]/[padded_phase]-CONTEXT.md`:
305
305
  ### [Category discussed]
306
306
  - [Decision captured]
307
307
 
308
- ### Claude's Discretion
308
+ ### Agent's Discretion
309
309
  [Areas where user said "you decide"]
310
310
 
311
311
  </decisions>
@@ -365,7 +365,7 @@ Also write a discussion log for audit purposes using `@./templates/discussion-lo
365
365
  Write `.planning/phases/[padded_phase]-[phase_slug]/[padded_phase]-DISCUSSION-LOG.md` with:
366
366
  - All options considered for each area (not just the selected one)
367
367
  - The user's verbatim choice and rationale
368
- - Areas delegated to Claude's discretion
368
+ - Areas delegated to agent's discretion
369
369
  - Deferred ideas
370
370
 
371
371
  This file is for human audit trails only — it is NOT referenced by downstream agents.
@@ -10,13 +10,14 @@ Execute all plans in a phase. Plans run in waves — ordered by dependencies. On
10
10
 
11
11
  **Core principle:** Orchestrate, don't implement directly. Describe each plan's objective clearly, execute each plan in sequence (or in parallel via subagents), collect results.
12
12
 
13
- > **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`. Set `"parallelization": { "enabled": true }` to enable parallel agent spawning on supported platforms. Defaults to `false` (sequential always safe). The legacy flat `"parallelization": true` is also honored for backward compatibility.
13
+ > **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`. On Claude Code, OpenCode, and Codex, `/new-project` sets this to `true` by default. To disable: `"parallelization": { "enabled": false }`. The legacy flat `"parallelization": true` is also honored for backward compatibility.
14
14
 
15
15
  <runtime_compatibility>
16
16
  **Subagent spawning is runtime-specific:**
17
17
  - **Claude Code:** Uses `Task(subagent_type=..., ...)` — blocks until complete, returns result
18
18
  - **OpenCode / Codex:** Subagent spawning supported with platform-native dispatch
19
- - **Windsurf / Cursor:** No subagent spawning — always use sequential inline execution
19
+ - **Windsurf:** No subagent spawning — always use sequential inline execution
20
+ - **Cursor:** Cursor 2.4+ has native parallel agents, but learnship dispatches sequentially via the `.mdc` rule context (no `Task()` API available in that execution model)
20
21
  - **Gemini CLI:** Subagents exist but parallel execution limited — default to sequential
21
22
 
22
23
  **Fallback rule:** If a spawned agent completes its work (commits visible, SUMMARY.md exists) but the orchestrator never receives the completion signal, treat it as successful based on spot-checks and continue to the next wave/plan. Never block indefinitely.
@@ -194,7 +195,7 @@ Task(
194
195
 
195
196
  Spawn all plans in the wave before waiting. Wait for all agents to complete, then proceed to spot-checks.
196
197
 
197
- **If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference):**
198
+ **If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference on any platform):**
198
199
 
199
200
  <persona_context>
200
201
  You are now the **learnship executor**. Implement code from plans, one task at a time.
@@ -109,14 +109,42 @@ try{
109
109
  "
110
110
  ```
111
111
 
112
- ## Step 4: Format Output
112
+ ## Step 4: Compute Health Score
113
+
114
+ Based on all findings from Step 3, compute a numeric score (0–100):
115
+
116
+ **Start at 100. Apply deductions:**
117
+
118
+ | Code | Issue | Deduction |
119
+ |------|-------|-----------|
120
+ | E002 | PROJECT.md missing | −25 |
121
+ | E003 | ROADMAP.md missing | −20 |
122
+ | E004 | STATE.md missing | −10 |
123
+ | E005 | config.json parse error | −15 |
124
+ | W003 | config.json missing | −10 |
125
+ | W002 | state/roadmap phase mismatch | −5 |
126
+ | W004 | missing config fields | −2 per missing field, max −10 |
127
+ | W006 | phase in roadmap but no directory | −4 per phase, max −12 |
128
+ | W007 | orphaned phase directory | −2 per dir, max −6 |
129
+ | I001 | PLAN.md without SUMMARY.md | −1 per plan, max −5 |
130
+ | (uncommitted) | .planning/ has unstaged changes | −5 |
131
+
132
+ `Score = max(0, 100 − total_deductions)`
133
+
134
+ **Status bands:**
135
+ - 90–100 → **HEALTHY** ✓
136
+ - 70–89 → **DEGRADED** ⚠
137
+ - 0–69 → **BROKEN** ✗
138
+
139
+ ## Step 5: Format Output
113
140
 
114
141
  ```
115
142
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
116
143
  learnship ► HEALTH CHECK
117
144
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
118
145
 
119
- Status: HEALTHY | DEGRADED | BROKEN
146
+ Score: [N]/100
147
+ Status: HEALTHY ✓ | DEGRADED ⚠ | BROKEN ✗
120
148
  Errors: [N] Warnings: [N] Info: [N]
121
149
  ```
122
150
 
@@ -155,10 +183,10 @@ Consider: git add .planning/ && git commit -m "docs: update planning artifacts"
155
183
 
156
184
  **Footer if repairable issues and --repair not used:**
157
185
  ```
158
- [N] issue(s) can be auto-repaired. Run: health --repair
186
+ [N] issue(s) can be auto-repaired (+[N] points). Run: health --repair
159
187
  ```
160
188
 
161
- ## Step 5: Repair (if --repair flag)
189
+ ## Step 6: Repair (if --repair flag)
162
190
 
163
191
  Run repairs for each repairable issue found:
164
192
 
@@ -121,8 +121,34 @@ Note the tech stack, key directories, and any README content internally. Use thi
121
121
 
122
122
  ## Step 2: Configuration
123
123
 
124
- > **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each round as a blocking question using `AskUserQuestion` (or your platform's equivalent: `ask_user_question` on Windsurf, `ask_user` on Gemini, `request_user_input` on Codex). Each round is a SEPARATE blocking call. Do NOT combine all rounds into one. Do NOT render questions as plain text or markdown lists — you MUST use the interactive question tool so the user clicks options. Wait for the user's reply after EACH round before showing the next round.**
125
- >
124
+ > **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each question as a blocking call using `AskUserQuestion` (or your platform's equivalent: `ask_user_question` on Windsurf, `ask_user` on Gemini, `request_user_input` on Codex). Do NOT render questions as plain text or markdown lists — you MUST use the interactive question tool so the user clicks options. Wait for the user's reply before continuing.**
125
+
126
+ ### Step 2a — Setup Mode (1 question)
127
+
128
+ > Ask this single blocking question first. Many users just want sensible defaults — this question lets them skip the 15-question customization wizard entirely.
129
+
130
+ ```
131
+ AskUserQuestion([
132
+ {
133
+ header: "Setup Mode",
134
+ question: "How do you want to configure this project?",
135
+ multiSelect: false,
136
+ options: [
137
+ { label: "Quick — use recommended defaults (Recommended)", description: "Skip the 15 customization questions. Uses: auto mode, coarse phases, balanced models, all workflow agents on, ship pipeline + conventional commits + PR template, auto-commit planning docs, parallelization off (you can flip it later in .planning/config.json). Best for: most projects." },
138
+ { label: "Customize — walk through every setting", description: "Answer ~15 questions across 4 rounds to tune working style, granularity, model profile, workflow agents, pipeline, git, and (on supported platforms) parallel subagents. Best for: teams with specific conventions or unusual project shapes." }
139
+ ]
140
+ }
141
+ ])
142
+ ```
143
+
144
+ > 🛑 STOP. Wait for the user's reply. Record as `SETUP_MODE = quick | custom`.
145
+
146
+ **If `SETUP_MODE = quick`:** Skip Step 2b entirely. Jump directly to **Step 2c — Write Config** below, using the recommended defaults documented there. Do NOT ask any of the Round 1–4 questions.
147
+
148
+ **If `SETUP_MODE = custom`:** Proceed through Step 2b (Rounds 1–4 below). All questions must be answered before writing config.
149
+
150
+ ### Step 2b — Customize Configuration (only if `SETUP_MODE = custom`)
151
+
126
152
  > **🛑 FORBIDDEN:** Do NOT present all questions at once as a text wall. Do NOT skip any question. Do NOT invent answers. Do NOT proceed to the config.json write step until ALL 4 rounds have been answered by the user.
127
153
 
128
154
  **Round 1 — Core settings (6 questions):**
@@ -299,9 +325,15 @@ AskUserQuestion([
299
325
 
300
326
  <!-- LEARNSHIP_PARALLEL_BLOCK -->
301
327
 
302
- > 🛑 STOP. Wait for the user's Round 4 reply (parallelization) before continuing.
328
+ > 🛑 STOP. **Only if the parallel block above actually asks a question:** wait for the user's Round 4 reply before continuing. If the parallel block is informational (parallelization auto-set to `false` for the platform), no answer is needed — proceed directly to Step 2c.
329
+
330
+ ### Step 2c — Write Config
331
+
332
+ > This step runs in **both modes**:
333
+ > - If `SETUP_MODE = quick`: use the **recommended defaults** for every field (the values labeled "(Recommended)" in the Step 2b questions, and `parallelization.enabled = false`).
334
+ > - If `SETUP_MODE = custom`: use the user's answers from Rounds 1–4.
303
335
 
304
- **Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
336
+ **Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers (or recommended defaults) to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
305
337
 
306
338
  **Key mapping from questions to config:**
307
339
  - Working Style → `"mode"`: `"auto"` or `"interactive"`
@@ -118,7 +118,7 @@ Write `CONTEXT.md` to the task directory:
118
118
  ### [Area discussed]
119
119
  - [Decision captured]
120
120
 
121
- ### Claude's Discretion
121
+ ### Agent's Discretion
122
122
  [Areas not discussed or "you decide" answers]
123
123
 
124
124
  </decisions>