learnship 2.3.5 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.cursor-plugin/plugin.json +1 -1
- package/README.md +34 -17
- package/SKILL.md +32 -11
- package/agents/learnship-challenger.md +9 -0
- package/agents/learnship-executor.md +9 -0
- package/agents/learnship-ideation-agent.md +9 -0
- package/agents/learnship-research-synthesizer.md +9 -0
- package/agents/learnship-roadmapper.md +9 -0
- package/agents/learnship-security-auditor.md +20 -1
- package/agents/learnship-solution-writer.md +9 -0
- package/agents/learnship-verifier.md +1 -1
- package/bin/install.js +95 -25
- package/cursor-rules/learnship.mdc +32 -4
- package/gemini-extension.json +1 -1
- package/hooks/learnship-context-monitor.js +6 -3
- package/hooks/learnship-prompt-guard.js +1 -1
- package/hooks/learnship-session-state.js +1 -1
- package/hooks/learnship-statusline.js +8 -3
- package/learnship/agents/challenger.md +7 -0
- package/learnship/agents/executor.md +7 -0
- package/learnship/agents/ideation-agent.md +7 -0
- package/learnship/agents/research-synthesizer.md +7 -0
- package/learnship/agents/roadmapper.md +7 -0
- package/learnship/agents/security-auditor.md +28 -0
- package/learnship/agents/solution-writer.md +7 -0
- package/learnship/agents/verifier.md +1 -1
- package/learnship/references/git-integration.md +4 -4
- package/learnship/references/model-profiles.md +20 -13
- package/learnship/references/questioning.md +1 -1
- package/learnship/references/verification-patterns.md +1 -1
- package/learnship/templates/context.md +3 -3
- package/learnship/templates/discussion-log.md +2 -2
- package/learnship/workflows/discuss-phase.md +3 -3
- package/learnship/workflows/execute-phase.md +4 -3
- package/learnship/workflows/health.md +32 -4
- package/learnship/workflows/new-project.md +36 -4
- package/learnship/workflows/quick.md +1 -1
- package/learnship/workflows/review.md +106 -10
- package/learnship/workflows/secure-phase.md +2 -0
- package/learnship/workflows/ship.md +43 -0
- package/learnship/workflows/verify-work.md +33 -0
- package/package.json +1 -1
|
@@ -69,8 +69,8 @@ Suggest the appropriate workflow slash command when relevant:
|
|
|
69
69
|
| `/discuss-milestone` | Capture milestone-level goals before `/new-milestone` |
|
|
70
70
|
| `/plan-phase [N]` | After discussing a phase — create executable plans |
|
|
71
71
|
| `/execute-phase [N]` | Plans exist and are ready to run |
|
|
72
|
-
| `/verify-work [N]` | Phase execution complete — user acceptance testing |
|
|
73
|
-
| `/review` | Code ready for review —
|
|
72
|
+
| `/verify-work [N]` | Phase execution complete — user acceptance testing (+ live UI smoke test on any MCP-enabled platform when @playwright/mcp is configured) |
|
|
73
|
+
| `/review` | Code ready for review — spec compliance pass then 6-persona quality review |
|
|
74
74
|
| `/ship` | Tests pass, code reviewed — ship it (test → lint → commit → push → PR) |
|
|
75
75
|
| `/complete-milestone` | All phases in the current milestone are done |
|
|
76
76
|
| `/ls` | User asks "where are we?", "what's next?", or starts a new session |
|
|
@@ -82,14 +82,14 @@ Suggest the appropriate workflow slash command when relevant:
|
|
|
82
82
|
| `/ideate` | Codebase-grounded idea generation (`--explore` for Socratic mode) |
|
|
83
83
|
| `/challenge` | Stress-test a proposal with product + engineering forcing questions |
|
|
84
84
|
| `/settings` | Change project configuration after setup |
|
|
85
|
-
| `/health` | Project health check — stale files, uncommitted changes, config drift |
|
|
85
|
+
| `/health` | Project health check — stale files, uncommitted changes, config drift, numeric score 0–100 |
|
|
86
86
|
| `/compound` | Just solved a problem or learned a pattern — capture it while fresh |
|
|
87
87
|
| `/pause-work` | User is stopping mid-phase |
|
|
88
88
|
| `/resume-work` | User is returning to an in-progress project |
|
|
89
89
|
| `/guard` | Working on sensitive files — enable safety mode |
|
|
90
90
|
| `/note [text]` | Quick idea capture — zero friction, no questions |
|
|
91
91
|
| `/session-report` | End of session — generate summary for stakeholders |
|
|
92
|
-
| `/secure-phase [N]` | After execution — per-phase STRIDE security verification |
|
|
92
|
+
| `/secure-phase [N]` | After execution — per-phase STRIDE + OWASP Top 10 security verification |
|
|
93
93
|
| `/validate-phase [N]` | Retroactive test coverage audit for a completed phase |
|
|
94
94
|
| `/diagnose-issues` | Batch-diagnose multiple UAT issues after `/verify-work` |
|
|
95
95
|
| `/docs-update` | Generate or update project documentation |
|
|
@@ -101,6 +101,34 @@ Suggest the appropriate workflow slash command when relevant:
|
|
|
101
101
|
| `/knowledge-base` | Aggregate learnings across sessions into searchable KNOWLEDGE.md |
|
|
102
102
|
| `/transition` | Hand off project context to a new session or collaborator |
|
|
103
103
|
|
|
104
|
+
## Secondary Workflows
|
|
105
|
+
|
|
106
|
+
The 20 less-frequently-used workflows below are also available on Cursor. Suggest them in the matching situation; the user can also discover them via `/help`.
|
|
107
|
+
|
|
108
|
+
| Workflow | When to suggest |
|
|
109
|
+
|----------|----------------|
|
|
110
|
+
| `/help` | User asks "what commands exist?" or wants the full reference |
|
|
111
|
+
| `/add-phase [description]` | Append a new phase to the end of the roadmap |
|
|
112
|
+
| `/insert-phase [N] [description]` | Insert urgent work between existing phases |
|
|
113
|
+
| `/remove-phase [N]` | Remove a future phase and renumber |
|
|
114
|
+
| `/research-phase [N]` | Deep phase research only — no plans yet |
|
|
115
|
+
| `/list-phase-assumptions [N]` | Preview intended approach before planning the phase |
|
|
116
|
+
| `/discovery-phase [N]` | Map an unfamiliar code area — files, deps, risks — before planning |
|
|
117
|
+
| `/audit-milestone` | Pre-release audit — requirement coverage + stub detection |
|
|
118
|
+
| `/plan-milestone-gaps` | Create fix phases from audit findings |
|
|
119
|
+
| `/milestone-retrospective` | 5-question retrospective after `/complete-milestone` |
|
|
120
|
+
| `/decision-log [description]` | Capture a decision with context, alternatives, rationale |
|
|
121
|
+
| `/execute-plan [N] [id]` | Re-run a single PLAN.md in isolation (e.g., after a failure) |
|
|
122
|
+
| `/validate-phase [N]` | (Listed in Core — also reachable here) retroactive coverage audit |
|
|
123
|
+
| `/add-todo [description]` | Capture an idea without interrupting flow |
|
|
124
|
+
| `/check-todos` | Review and act on captured todos |
|
|
125
|
+
| `/add-tests [N]` | Generate unit + E2E tests for a completed phase |
|
|
126
|
+
| `/cleanup` | Archive completed milestone phase directories |
|
|
127
|
+
| `/set-profile [quality\|balanced\|budget]` | One-step model-profile switch |
|
|
128
|
+
| `/update` | Update the learnship platform itself to the latest version |
|
|
129
|
+
| `/reapply-patches` | Restore local edits after an `/update` |
|
|
130
|
+
| `/release` | Cut a release after `/complete-milestone` (tagging, npm publish, etc.) |
|
|
131
|
+
|
|
104
132
|
## Planning Artifacts
|
|
105
133
|
|
|
106
134
|
All project state lives in `.planning/`. Key files:
|
package/gemini-extension.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "learnship",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.4.0",
|
|
4
4
|
"description": "Agentic engineering done right — 57 structured workflows, 17 specialist agent personas, persistent memory across sessions, integrated learning partner, and impeccable UI design system.",
|
|
5
5
|
"author": "Favio Vazquez",
|
|
6
6
|
"homepage": "https://faviovazquez.github.io/learnship/",
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// learnship-hook-version: 2.
|
|
2
|
+
// learnship-hook-version: 2.4.0
|
|
3
3
|
// Context Monitor — PostToolUse hook
|
|
4
4
|
// Reads context metrics from the statusline bridge file and injects
|
|
5
5
|
// warnings when context usage is high. Makes the AGENT aware of
|
|
@@ -28,8 +28,11 @@ process.stdin.on('end', () => {
|
|
|
28
28
|
const data = JSON.parse(input);
|
|
29
29
|
const sessionId = data.session_id;
|
|
30
30
|
|
|
31
|
-
if (!sessionId) process.exit(0);
|
|
32
|
-
|
|
31
|
+
if (!sessionId || typeof sessionId !== 'string') process.exit(0);
|
|
32
|
+
// Session IDs from the host platform should be opaque tokens.
|
|
33
|
+
// Reject anything that could escape the temp-file naming scheme.
|
|
34
|
+
if (sessionId.length > 128) process.exit(0);
|
|
35
|
+
if (!/^[A-Za-z0-9._-]+$/.test(sessionId)) process.exit(0);
|
|
33
36
|
|
|
34
37
|
// Check if context warnings are disabled via config
|
|
35
38
|
const cwd = data.cwd || process.cwd();
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// learnship-hook-version: 2.
|
|
2
|
+
// learnship-hook-version: 2.4.0
|
|
3
3
|
// Prompt Injection Guard — PreToolUse hook
|
|
4
4
|
// Scans file content being written to .planning/ for prompt injection patterns.
|
|
5
5
|
// Defense-in-depth: catches injected instructions before they enter agent context.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// learnship-hook-version: 2.
|
|
2
|
+
// learnship-hook-version: 2.4.0
|
|
3
3
|
// learnship Statusline — shows model, project state, directory, and context usage
|
|
4
4
|
// Installed by learnship for Claude Code and Gemini CLI.
|
|
5
5
|
|
|
@@ -101,8 +101,13 @@ function runStatusline() {
|
|
|
101
101
|
const usableRemaining = Math.max(0, ((remaining - AUTO_COMPACT_BUFFER_PCT) / (100 - AUTO_COMPACT_BUFFER_PCT)) * 100);
|
|
102
102
|
const used = Math.max(0, Math.min(100, Math.round(100 - usableRemaining)));
|
|
103
103
|
|
|
104
|
-
// Write bridge file for context-monitor hook
|
|
105
|
-
|
|
104
|
+
// Write bridge file for context-monitor hook.
|
|
105
|
+
// Session IDs from the host platform should be opaque tokens — refuse
|
|
106
|
+
// anything that could escape the temp-file naming scheme.
|
|
107
|
+
const sessionSafe = typeof session === 'string'
|
|
108
|
+
&& session.length > 0
|
|
109
|
+
&& session.length <= 128
|
|
110
|
+
&& /^[A-Za-z0-9._-]+$/.test(session);
|
|
106
111
|
if (sessionSafe) {
|
|
107
112
|
try {
|
|
108
113
|
const bridgePath = path.join(os.tmpdir(), `learnship-ctx-${session}.json`);
|
|
@@ -14,6 +14,13 @@ You are not here to block progress — you are here to make sure the team builds
|
|
|
14
14
|
|
|
15
15
|
**Evidence over intuition** — ground challenges in DECISIONS.md, KNOWLEDGE.md, solutions/, and codebase docs when available.
|
|
16
16
|
|
|
17
|
+
## Boundaries — what this persona does NOT do
|
|
18
|
+
|
|
19
|
+
- **Do NOT make the decision.** Your output is a verdict (proceed / rethink / reduce-scope) plus rationale. The user owns the choice.
|
|
20
|
+
- **Do NOT veto.** A challenger that says "no, don't build this" without offering a sharpened alternative is just an obstacle.
|
|
21
|
+
- **Do NOT modify code, plans, or docs.** You analyze and recommend. Other personas write.
|
|
22
|
+
- **Do NOT pad with general advice.** Each forcing question must be answerable with a concrete fact about *this* proposal — generic questions get dropped.
|
|
23
|
+
|
|
17
24
|
## Product Lens
|
|
18
25
|
|
|
19
26
|
Ask 3-5 of these forcing questions:
|
|
@@ -19,6 +19,13 @@ You implement exactly what the plan specifies. You do not improve, extend, or re
|
|
|
19
19
|
|
|
20
20
|
**Verify before committing** — use the `<verify>` field of each task to confirm it worked before the commit.
|
|
21
21
|
|
|
22
|
+
## Boundaries — what this persona does NOT do
|
|
23
|
+
|
|
24
|
+
- **Do NOT improve the plan.** If the plan is wrong, surface the obstacle in SUMMARY.md and propose a deviation — do not silently "fix" the plan as you go.
|
|
25
|
+
- **Do NOT batch commits.** Every task gets its own commit, even if two tasks touch the same file.
|
|
26
|
+
- **Do NOT refactor adjacent code.** If you see a smell, note it for the next planning cycle. Touching unrelated code makes the diff impossible to review.
|
|
27
|
+
- **Do NOT skip the verify step.** A task without verification is a task that might not be done. If `<verify>` is absent in the plan, write a minimal verification (a node -e, a grep, a test command) before committing.
|
|
28
|
+
|
|
22
29
|
## Before Executing
|
|
23
30
|
|
|
24
31
|
Load project context:
|
|
@@ -14,6 +14,13 @@ You generate ideas, not plans. Your output feeds into ranking and filtering —
|
|
|
14
14
|
|
|
15
15
|
**Cross-frame is good** — if an idea spans multiple thinking frames, that's a signal of strength, not a problem.
|
|
16
16
|
|
|
17
|
+
## Boundaries — what this persona does NOT do
|
|
18
|
+
|
|
19
|
+
- **Do NOT write plans.** Ideas go to the adversarial filter; plans come from the planner. If an idea wins the filter, the user runs `/plan-phase` — not you.
|
|
20
|
+
- **Do NOT execute or modify code.** Ideation is read-only research. You may grep, glob, and read files. You do not edit them.
|
|
21
|
+
- **Do NOT critique or rank.** That's the filtering step's job. Generate broadly; let the filter cut.
|
|
22
|
+
- **Do NOT skip the codebase grounding.** An idea with no file/pattern citation is not an idea — it is product advice. Cite specifics or drop it.
|
|
23
|
+
|
|
17
24
|
## Thinking Frames
|
|
18
25
|
|
|
19
26
|
You'll be assigned ONE of these as your starting bias (not a constraint — follow promising threads):
|
|
@@ -26,6 +26,13 @@ Your SUMMARY.md is consumed by the roadmapper (or the planning step) which uses
|
|
|
26
26
|
|
|
27
27
|
**Be opinionated.** The roadmapper needs clear recommendations, not wishy-washy summaries.
|
|
28
28
|
|
|
29
|
+
## Boundaries — what this persona does NOT do
|
|
30
|
+
|
|
31
|
+
- **Do NOT run new research.** Your job is to synthesize what's already in `.planning/research/`. If a gap exists, flag it for follow-up — don't try to fill it yourself with web searches.
|
|
32
|
+
- **Do NOT modify the 4 source research files.** They are inputs. Edit only SUMMARY.md.
|
|
33
|
+
- **Do NOT make roadmap decisions.** Surface implications and gaps for the roadmapper; let the roadmapper structure phases.
|
|
34
|
+
- **Do NOT concatenate.** If SUMMARY.md reads like a TOC of the 4 input files, you haven't synthesized — you've copied. Find the cross-cutting threads.
|
|
35
|
+
|
|
29
36
|
## Execution Flow
|
|
30
37
|
|
|
31
38
|
### Step 1: Read Research Files
|
|
@@ -22,6 +22,13 @@ You are invoked by `/new-project` (after research + requirements) or `/new-miles
|
|
|
22
22
|
|
|
23
23
|
**Right-sized phases:** Too small = overhead. Too large = risk. Aim for phases that take 1-3 planning sessions to complete.
|
|
24
24
|
|
|
25
|
+
## Boundaries — what this persona does NOT do
|
|
26
|
+
|
|
27
|
+
- **Do NOT write PLAN.md files.** The roadmap is a map of phases, not their implementation. PLAN.md is the planner's job, one phase at a time, on demand.
|
|
28
|
+
- **Do NOT invent requirements.** If a requirement isn't in REQUIREMENTS.md or PROJECT.md, flag it for the user — don't silently extend scope.
|
|
29
|
+
- **Do NOT modify research or requirements.** They are inputs. Write ROADMAP.md only.
|
|
30
|
+
- **Do NOT skip success criteria.** Every phase needs observable, testable success criteria. If you can't name them, the phase is the wrong shape.
|
|
31
|
+
|
|
25
32
|
## Phase Structure
|
|
26
33
|
|
|
27
34
|
Each phase in the roadmap must include:
|
|
@@ -26,6 +26,15 @@ Before auditing, load project context:
|
|
|
26
26
|
3. Read `.planning/config.json` for security enforcement settings
|
|
27
27
|
</project_context>
|
|
28
28
|
|
|
29
|
+
<boundaries>
|
|
30
|
+
## Boundaries — what this persona does NOT do
|
|
31
|
+
|
|
32
|
+
- **Do NOT modify source code.** You are read-only on the codebase. The only file you write is `SECURITY.md` (or an equivalent report).
|
|
33
|
+
- **Do NOT fix vulnerabilities you find.** Document them with severity, mitigation suggestions, and verification steps — let the executor or debugger fix.
|
|
34
|
+
- **Do NOT skip threats listed in PLAN.md.** If the plan declared a threat (S/T/R/I/D/E), you must explicitly classify whether it is mitigated, partially mitigated, or unaddressed.
|
|
35
|
+
- **Do NOT block on uncertainty.** When a mitigation is ambiguous, mark it `needs-human-review` rather than refusing to produce SECURITY.md.
|
|
36
|
+
</boundaries>
|
|
37
|
+
|
|
29
38
|
<audit_methodology>
|
|
30
39
|
|
|
31
40
|
## STRIDE Categories
|
|
@@ -50,6 +59,25 @@ For each file modified in this phase:
|
|
|
50
59
|
5. **Error handling** — Do errors leak implementation details?
|
|
51
60
|
6. **Dependencies** — Are there known vulnerabilities in new dependencies?
|
|
52
61
|
|
|
62
|
+
## OWASP Top 10 (2021) Cross-Reference
|
|
63
|
+
|
|
64
|
+
For every audit, cross-map STRIDE findings against the OWASP Top 10. For each category, mark as **Relevant** (check it), **N/A** (not applicable to this phase's changes), or **Found** (issue exists).
|
|
65
|
+
|
|
66
|
+
| # | OWASP Category | STRIDE | What to look for |
|
|
67
|
+
|---|---------------|--------|-----------------|
|
|
68
|
+
| A01 | Broken Access Control | E | Missing authz checks, IDOR, path traversal, CORS misconfiguration |
|
|
69
|
+
| A02 | Cryptographic Failures | I | Plaintext secrets, weak ciphers, no TLS, sensitive data in logs/URLs |
|
|
70
|
+
| A03 | Injection | T | SQL, command, LDAP, XPath, template injection; unsanitized user input |
|
|
71
|
+
| A04 | Insecure Design | S/T/E | No rate limiting, unsafe business logic, missing threat model |
|
|
72
|
+
| A05 | Security Misconfiguration | S/I/E | Debug mode on, default credentials, verbose errors, open cloud storage |
|
|
73
|
+
| A06 | Vulnerable Components | T/I/E | Outdated dependencies, known CVEs, unmaintained packages |
|
|
74
|
+
| A07 | Auth Failures | S | Weak/missing passwords, broken session management, no account lockout |
|
|
75
|
+
| A08 | Software/Data Integrity | T | Unsigned updates, unsafe deserialization, CI without integrity checks |
|
|
76
|
+
| A09 | Logging/Monitoring Failures | R | No audit trail, sensitive data in logs, missing alerting on auth failures |
|
|
77
|
+
| A10 | SSRF | T/I | User-controlled URLs fetched server-side, internal service enumeration |
|
|
78
|
+
|
|
79
|
+
Include an OWASP coverage table in SECURITY.md. For irrelevant categories, a single "N/A — [reason]" is sufficient. Never skip a category entirely — the coverage table proves exhaustiveness.
|
|
80
|
+
|
|
53
81
|
## Threat Classification
|
|
54
82
|
|
|
55
83
|
For each identified concern:
|
|
@@ -21,6 +21,13 @@ Load context:
|
|
|
21
21
|
2. Read conversation history for the problem and solution
|
|
22
22
|
3. Search `.planning/solutions/` for existing related docs
|
|
23
23
|
|
|
24
|
+
## Boundaries — what this persona does NOT do
|
|
25
|
+
|
|
26
|
+
- **Do NOT modify source code.** Solutions are documentation of what already happened. The fix lives in git history; the solution file lives in `.planning/solutions/`.
|
|
27
|
+
- **Do NOT invent details.** Every field (problem, root cause, solution, prevention) must come from the conversation or repo evidence — never fabricated for completeness.
|
|
28
|
+
- **Do NOT duplicate.** Search `.planning/solutions/` first. If a near-duplicate exists, append/update it rather than creating a parallel doc.
|
|
29
|
+
- **Do NOT skip frontmatter.** YAML frontmatter is what makes solutions searchable by future planning. A solution without it is invisible.
|
|
30
|
+
|
|
24
31
|
## Classification
|
|
25
32
|
|
|
26
33
|
Determine the **track** from the problem_type:
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: learnship-verifier
|
|
3
3
|
description: Verifies that a phase goal was actually achieved after execution — checks must_haves, requirement coverage, and integration links. Spawned by execute-phase on platforms with subagent support.
|
|
4
|
-
tools: Read, Bash, Glob, Grep
|
|
4
|
+
tools: Read, Write, Bash, Glob, Grep
|
|
5
5
|
color: purple
|
|
6
6
|
---
|
|
7
7
|
|
|
@@ -226,14 +226,14 @@ Each plan produces 2-4 commits (tasks + metadata). Clear, granular, bisectable.
|
|
|
226
226
|
## Why Per-Task Commits?
|
|
227
227
|
|
|
228
228
|
**Context engineering for AI:**
|
|
229
|
-
- Git history becomes primary context source for future
|
|
229
|
+
- Git history becomes primary context source for future agent sessions
|
|
230
230
|
- `git log --grep="{phase}-{plan}"` shows all work for a plan
|
|
231
231
|
- `git diff <hash>^..<hash>` shows exact changes per task
|
|
232
232
|
- Less reliance on parsing SUMMARY.md = more context for actual work
|
|
233
233
|
|
|
234
234
|
**Failure recovery:**
|
|
235
235
|
- Task 1 committed ✅, Task 2 failed ❌
|
|
236
|
-
-
|
|
236
|
+
- Agent in next session: sees task 1 complete, can retry task 2
|
|
237
237
|
- Can `git reset --hard` to last successful task
|
|
238
238
|
|
|
239
239
|
**Debugging:**
|
|
@@ -242,8 +242,8 @@ Each plan produces 2-4 commits (tasks + metadata). Clear, granular, bisectable.
|
|
|
242
242
|
- Each commit is independently revertable
|
|
243
243
|
|
|
244
244
|
**Observability:**
|
|
245
|
-
- Solo developer +
|
|
245
|
+
- Solo developer + agent workflow benefits from granular attribution
|
|
246
246
|
- Atomic commits are git best practice
|
|
247
|
-
- "Commit noise" irrelevant when consumer is
|
|
247
|
+
- "Commit noise" irrelevant when consumer is the agent, not humans
|
|
248
248
|
|
|
249
249
|
</commit_strategy_rationale>
|
|
@@ -4,18 +4,25 @@ Model profiles control which AI model tier each learnship agent uses. Profiles a
|
|
|
4
4
|
|
|
5
5
|
## Profile Definitions
|
|
6
6
|
|
|
7
|
-
| Agent | `quality` | `balanced` | `budget` |
|
|
8
|
-
|
|
9
|
-
| planner | large | large | medium |
|
|
10
|
-
| executor | large | medium | medium |
|
|
11
|
-
| phase-researcher | large | medium | small |
|
|
12
|
-
|
|
|
13
|
-
|
|
|
14
|
-
|
|
|
15
|
-
|
|
|
16
|
-
|
|
|
17
|
-
|
|
|
18
|
-
|
|
|
7
|
+
| Agent | `quality` | `balanced` | `budget` | Notes |
|
|
8
|
+
|-------|-----------|------------|----------|-------|
|
|
9
|
+
| planner | large | large | medium | Always large — planning is where architecture decisions happen. |
|
|
10
|
+
| executor | large | medium | medium | Follows explicit PLAN.md; reasoning is in the plan, not the agent. |
|
|
11
|
+
| phase-researcher | large | medium | small | Codebase-only research; no web search needed. |
|
|
12
|
+
| project-researcher | large | medium | small | Greenfield research; uses web search to discover ecosystem. |
|
|
13
|
+
| research-synthesizer | medium | medium | small | Reads research files and produces SUMMARY.md. |
|
|
14
|
+
| researcher | large | medium | small | General-purpose research used across many workflows. |
|
|
15
|
+
| roadmapper | large | medium | small | Maps requirements to phases; needs strong scope reasoning. |
|
|
16
|
+
| debugger | large | medium | medium | Root-cause investigation needs broad reasoning. |
|
|
17
|
+
| verifier | medium | medium | small | Goal-backward checking, mostly structural. |
|
|
18
|
+
| plan-checker | medium | medium | small | Plan completeness checks (vertical-slice, wave correctness). |
|
|
19
|
+
| solution-writer | medium | medium | small | Captures solved problems while context is fresh. |
|
|
20
|
+
| code-reviewer | large | medium | medium | Multi-persona review; needs to reason about correctness + security + perf. |
|
|
21
|
+
| challenger | large | medium | medium | Stress-tests proposals; needs strong adversarial reasoning. |
|
|
22
|
+
| ideation-agent | large | medium | small | Generates ideas across creative frames. |
|
|
23
|
+
| security-auditor | large | medium | medium | STRIDE threat modeling; rigorous reasoning required. |
|
|
24
|
+
| doc-writer | medium | medium | small | Writes/updates docs from live code; structural task. |
|
|
25
|
+
| doc-verifier | medium | medium | small | Checks docs match code; pattern matching. |
|
|
19
26
|
|
|
20
27
|
## Platform Model Resolution
|
|
21
28
|
|
|
@@ -23,7 +30,7 @@ Each tier resolves to the best available model on your platform:
|
|
|
23
30
|
|
|
24
31
|
| Tier | Anthropic (Claude Code) | Google (Gemini CLI) | OpenAI (Codex CLI) | Windsurf / Cursor / OpenCode |
|
|
25
32
|
|------|------------------------|--------------------|--------------------|-----------------------------|
|
|
26
|
-
| `large` | Claude Opus 4.
|
|
33
|
+
| `large` | Claude Opus 4.7 | Gemini 3.1 Pro | GPT-5.4 | Uses platform default (best available) |
|
|
27
34
|
| `medium` | Claude Sonnet 4.6 | Gemini 3.1 Flash | GPT-5.4-mini | Uses platform default |
|
|
28
35
|
| `small` | Claude Haiku 4.5 | Gemini 3.1 Flash-Lite | GPT-5.4-nano | Uses platform default |
|
|
29
36
|
|
|
@@ -155,7 +155,7 @@ Loop until "Create PROJECT.md" selected.
|
|
|
155
155
|
- **Rushing** — Minimizing questions to get to "the work"
|
|
156
156
|
- **Shallow acceptance** — Taking vague answers without probing
|
|
157
157
|
- **Premature constraints** — Asking about tech stack before understanding the idea
|
|
158
|
-
- **User skills** — NEVER ask about user's technical experience.
|
|
158
|
+
- **User skills** — NEVER ask about user's technical experience. The agent builds.
|
|
159
159
|
|
|
160
160
|
</anti_patterns>
|
|
161
161
|
|
|
@@ -599,7 +599,7 @@ Some things can't be verified programmatically. Flag these for human testing:
|
|
|
599
599
|
## Pre-Checkpoint Automation
|
|
600
600
|
|
|
601
601
|
Key principles for automation-first verification:
|
|
602
|
-
-
|
|
602
|
+
- The agent sets up verification environment BEFORE presenting checkpoints
|
|
603
603
|
- Users never run CLI commands (visit URLs only)
|
|
604
604
|
- Server lifecycle: start before checkpoint, handle port conflicts, keep running for duration
|
|
605
605
|
- CLI installation: auto-install where safe, checkpoint for user choice otherwise
|
|
@@ -28,7 +28,7 @@ Implementation decisions captured during `discuss-phase [N]`. This file is the p
|
|
|
28
28
|
### [Area 3 that was discussed]
|
|
29
29
|
- **D-04:** [Specific decision made]
|
|
30
30
|
|
|
31
|
-
###
|
|
31
|
+
### Agent's Discretion
|
|
32
32
|
[Areas where user explicitly said "you decide" — the agent has flexibility here during planning/implementation]
|
|
33
33
|
|
|
34
34
|
</decisions>
|
|
@@ -122,7 +122,7 @@ Display posts from followed users in a scrollable feed. Users can view posts and
|
|
|
122
122
|
- Friendly illustration + "Follow people to see posts here"
|
|
123
123
|
- Suggest 3-5 accounts to follow based on interests
|
|
124
124
|
|
|
125
|
-
###
|
|
125
|
+
### Agent's Discretion
|
|
126
126
|
- Loading skeleton design
|
|
127
127
|
- Exact spacing and typography
|
|
128
128
|
- Error state handling
|
|
@@ -185,7 +185,7 @@ CLI command to backup database to local file or S3. Supports full and incrementa
|
|
|
185
185
|
- --no-retry flag to fail fast
|
|
186
186
|
- Partial backups are deleted on failure (no corrupt files)
|
|
187
187
|
|
|
188
|
-
###
|
|
188
|
+
### Agent's Discretion
|
|
189
189
|
- Exact progress bar implementation
|
|
190
190
|
- Compression algorithm choice
|
|
191
191
|
- Temp file handling
|
|
@@ -35,9 +35,9 @@ created: [date]
|
|
|
35
35
|
|
|
36
36
|
---
|
|
37
37
|
|
|
38
|
-
##
|
|
38
|
+
## Agent's Discretion
|
|
39
39
|
|
|
40
|
-
[Areas delegated to
|
|
40
|
+
[Areas delegated to agent's judgment — list what was deferred and why]
|
|
41
41
|
|
|
42
42
|
## Deferred Ideas
|
|
43
43
|
|
|
@@ -20,7 +20,7 @@ Extract implementation decisions that downstream planning needs. Analyze the pha
|
|
|
20
20
|
|
|
21
21
|
2. **Planner** — Reads CONTEXT.md to know WHAT decisions are locked
|
|
22
22
|
- "Pull-to-refresh on mobile" → planner includes that in task specs
|
|
23
|
-
- "
|
|
23
|
+
- "Agent's Discretion: loading skeleton" → planner can decide approach
|
|
24
24
|
|
|
25
25
|
**Your job:** Capture decisions clearly enough that downstream agents can act on them without asking the user again.
|
|
26
26
|
|
|
@@ -305,7 +305,7 @@ Write `.planning/phases/[padded_phase]-[phase_slug]/[padded_phase]-CONTEXT.md`:
|
|
|
305
305
|
### [Category discussed]
|
|
306
306
|
- [Decision captured]
|
|
307
307
|
|
|
308
|
-
###
|
|
308
|
+
### Agent's Discretion
|
|
309
309
|
[Areas where user said "you decide"]
|
|
310
310
|
|
|
311
311
|
</decisions>
|
|
@@ -365,7 +365,7 @@ Also write a discussion log for audit purposes using `@./templates/discussion-lo
|
|
|
365
365
|
Write `.planning/phases/[padded_phase]-[phase_slug]/[padded_phase]-DISCUSSION-LOG.md` with:
|
|
366
366
|
- All options considered for each area (not just the selected one)
|
|
367
367
|
- The user's verbatim choice and rationale
|
|
368
|
-
- Areas delegated to
|
|
368
|
+
- Areas delegated to agent's discretion
|
|
369
369
|
- Deferred ideas
|
|
370
370
|
|
|
371
371
|
This file is for human audit trails only — it is NOT referenced by downstream agents.
|
|
@@ -10,13 +10,14 @@ Execute all plans in a phase. Plans run in waves — ordered by dependencies. On
|
|
|
10
10
|
|
|
11
11
|
**Core principle:** Orchestrate, don't implement directly. Describe each plan's objective clearly, execute each plan in sequence (or in parallel via subagents), collect results.
|
|
12
12
|
|
|
13
|
-
> **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`.
|
|
13
|
+
> **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`. On Claude Code, OpenCode, and Codex, `/new-project` sets this to `true` by default. To disable: `"parallelization": { "enabled": false }`. The legacy flat `"parallelization": true` is also honored for backward compatibility.
|
|
14
14
|
|
|
15
15
|
<runtime_compatibility>
|
|
16
16
|
**Subagent spawning is runtime-specific:**
|
|
17
17
|
- **Claude Code:** Uses `Task(subagent_type=..., ...)` — blocks until complete, returns result
|
|
18
18
|
- **OpenCode / Codex:** Subagent spawning supported with platform-native dispatch
|
|
19
|
-
- **Windsurf
|
|
19
|
+
- **Windsurf:** No subagent spawning — always use sequential inline execution
|
|
20
|
+
- **Cursor:** Cursor 2.4+ has native parallel agents, but learnship dispatches sequentially via the `.mdc` rule context (no `Task()` API available in that execution model)
|
|
20
21
|
- **Gemini CLI:** Subagents exist but parallel execution limited — default to sequential
|
|
21
22
|
|
|
22
23
|
**Fallback rule:** If a spawned agent completes its work (commits visible, SUMMARY.md exists) but the orchestrator never receives the completion signal, treat it as successful based on spot-checks and continue to the next wave/plan. Never block indefinitely.
|
|
@@ -194,7 +195,7 @@ Task(
|
|
|
194
195
|
|
|
195
196
|
Spawn all plans in the wave before waiting. Wait for all agents to complete, then proceed to spot-checks.
|
|
196
197
|
|
|
197
|
-
**If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference):**
|
|
198
|
+
**If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference on any platform):**
|
|
198
199
|
|
|
199
200
|
<persona_context>
|
|
200
201
|
You are now the **learnship executor**. Implement code from plans, one task at a time.
|
|
@@ -109,14 +109,42 @@ try{
|
|
|
109
109
|
"
|
|
110
110
|
```
|
|
111
111
|
|
|
112
|
-
## Step 4:
|
|
112
|
+
## Step 4: Compute Health Score
|
|
113
|
+
|
|
114
|
+
Based on all findings from Step 3, compute a numeric score (0–100):
|
|
115
|
+
|
|
116
|
+
**Start at 100. Apply deductions:**
|
|
117
|
+
|
|
118
|
+
| Code | Issue | Deduction |
|
|
119
|
+
|------|-------|-----------|
|
|
120
|
+
| E002 | PROJECT.md missing | −25 |
|
|
121
|
+
| E003 | ROADMAP.md missing | −20 |
|
|
122
|
+
| E004 | STATE.md missing | −10 |
|
|
123
|
+
| E005 | config.json parse error | −15 |
|
|
124
|
+
| W003 | config.json missing | −10 |
|
|
125
|
+
| W002 | state/roadmap phase mismatch | −5 |
|
|
126
|
+
| W004 | missing config fields | −2 per missing field, max −10 |
|
|
127
|
+
| W006 | phase in roadmap but no directory | −4 per phase, max −12 |
|
|
128
|
+
| W007 | orphaned phase directory | −2 per dir, max −6 |
|
|
129
|
+
| I001 | PLAN.md without SUMMARY.md | −1 per plan, max −5 |
|
|
130
|
+
| (uncommitted) | .planning/ has unstaged changes | −5 |
|
|
131
|
+
|
|
132
|
+
`Score = max(0, 100 − total_deductions)`
|
|
133
|
+
|
|
134
|
+
**Status bands:**
|
|
135
|
+
- 90–100 → **HEALTHY** ✓
|
|
136
|
+
- 70–89 → **DEGRADED** ⚠
|
|
137
|
+
- 0–69 → **BROKEN** ✗
|
|
138
|
+
|
|
139
|
+
## Step 5: Format Output
|
|
113
140
|
|
|
114
141
|
```
|
|
115
142
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
116
143
|
learnship ► HEALTH CHECK
|
|
117
144
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
118
145
|
|
|
119
|
-
|
|
146
|
+
Score: [N]/100
|
|
147
|
+
Status: HEALTHY ✓ | DEGRADED ⚠ | BROKEN ✗
|
|
120
148
|
Errors: [N] Warnings: [N] Info: [N]
|
|
121
149
|
```
|
|
122
150
|
|
|
@@ -155,10 +183,10 @@ Consider: git add .planning/ && git commit -m "docs: update planning artifacts"
|
|
|
155
183
|
|
|
156
184
|
**Footer if repairable issues and --repair not used:**
|
|
157
185
|
```
|
|
158
|
-
[N] issue(s) can be auto-repaired. Run: health --repair
|
|
186
|
+
[N] issue(s) can be auto-repaired (+[N] points). Run: health --repair
|
|
159
187
|
```
|
|
160
188
|
|
|
161
|
-
## Step
|
|
189
|
+
## Step 6: Repair (if --repair flag)
|
|
162
190
|
|
|
163
191
|
Run repairs for each repairable issue found:
|
|
164
192
|
|
|
@@ -121,8 +121,34 @@ Note the tech stack, key directories, and any README content internally. Use thi
|
|
|
121
121
|
|
|
122
122
|
## Step 2: Configuration
|
|
123
123
|
|
|
124
|
-
> **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each
|
|
125
|
-
|
|
124
|
+
> **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each question as a blocking call using `AskUserQuestion` (or your platform's equivalent: `ask_user_question` on Windsurf, `ask_user` on Gemini, `request_user_input` on Codex). Do NOT render questions as plain text or markdown lists — you MUST use the interactive question tool so the user clicks options. Wait for the user's reply before continuing.**
|
|
125
|
+
|
|
126
|
+
### Step 2a — Setup Mode (1 question)
|
|
127
|
+
|
|
128
|
+
> Ask this single blocking question first. Many users just want sensible defaults — this question lets them skip the 15-question customization wizard entirely.
|
|
129
|
+
|
|
130
|
+
```
|
|
131
|
+
AskUserQuestion([
|
|
132
|
+
{
|
|
133
|
+
header: "Setup Mode",
|
|
134
|
+
question: "How do you want to configure this project?",
|
|
135
|
+
multiSelect: false,
|
|
136
|
+
options: [
|
|
137
|
+
{ label: "Quick — use recommended defaults (Recommended)", description: "Skip the 15 customization questions. Uses: auto mode, coarse phases, balanced models, all workflow agents on, ship pipeline + conventional commits + PR template, auto-commit planning docs, parallelization off (you can flip it later in .planning/config.json). Best for: most projects." },
|
|
138
|
+
{ label: "Customize — walk through every setting", description: "Answer ~15 questions across 4 rounds to tune working style, granularity, model profile, workflow agents, pipeline, git, and (on supported platforms) parallel subagents. Best for: teams with specific conventions or unusual project shapes." }
|
|
139
|
+
]
|
|
140
|
+
}
|
|
141
|
+
])
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
> 🛑 STOP. Wait for the user's reply. Record as `SETUP_MODE = quick | custom`.
|
|
145
|
+
|
|
146
|
+
**If `SETUP_MODE = quick`:** Skip Step 2b entirely. Jump directly to **Step 2c — Write Config** below, using the recommended defaults documented there. Do NOT ask any of the Round 1–4 questions.
|
|
147
|
+
|
|
148
|
+
**If `SETUP_MODE = custom`:** Proceed through Step 2b (Rounds 1–4 below). All questions must be answered before writing config.
|
|
149
|
+
|
|
150
|
+
### Step 2b — Customize Configuration (only if `SETUP_MODE = custom`)
|
|
151
|
+
|
|
126
152
|
> **🛑 FORBIDDEN:** Do NOT present all questions at once as a text wall. Do NOT skip any question. Do NOT invent answers. Do NOT proceed to the config.json write step until ALL 4 rounds have been answered by the user.
|
|
127
153
|
|
|
128
154
|
**Round 1 — Core settings (6 questions):**
|
|
@@ -299,9 +325,15 @@ AskUserQuestion([
|
|
|
299
325
|
|
|
300
326
|
<!-- LEARNSHIP_PARALLEL_BLOCK -->
|
|
301
327
|
|
|
302
|
-
> 🛑 STOP.
|
|
328
|
+
> 🛑 STOP. **Only if the parallel block above actually asks a question:** wait for the user's Round 4 reply before continuing. If the parallel block is informational (parallelization auto-set to `false` for the platform), no answer is needed — proceed directly to Step 2c.
|
|
329
|
+
|
|
330
|
+
### Step 2c — Write Config
|
|
331
|
+
|
|
332
|
+
> This step runs in **both modes**:
|
|
333
|
+
> - If `SETUP_MODE = quick`: use the **recommended defaults** for every field (the values labeled "(Recommended)" in the Step 2b questions, and `parallelization.enabled = false`).
|
|
334
|
+
> - If `SETUP_MODE = custom`: use the user's answers from Rounds 1–4.
|
|
303
335
|
|
|
304
|
-
**Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
|
|
336
|
+
**Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers (or recommended defaults) to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
|
|
305
337
|
|
|
306
338
|
**Key mapping from questions to config:**
|
|
307
339
|
- Working Style → `"mode"`: `"auto"` or `"interactive"`
|