learnship 2.3.5 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.cursor-plugin/plugin.json +1 -1
- package/README.md +34 -17
- package/SKILL.md +32 -11
- package/agents/learnship-challenger.md +9 -0
- package/agents/learnship-executor.md +9 -0
- package/agents/learnship-ideation-agent.md +9 -0
- package/agents/learnship-research-synthesizer.md +9 -0
- package/agents/learnship-roadmapper.md +9 -0
- package/agents/learnship-security-auditor.md +20 -1
- package/agents/learnship-solution-writer.md +9 -0
- package/agents/learnship-verifier.md +1 -1
- package/bin/install.js +95 -25
- package/cursor-rules/learnship.mdc +32 -4
- package/gemini-extension.json +1 -1
- package/hooks/learnship-context-monitor.js +6 -3
- package/hooks/learnship-prompt-guard.js +1 -1
- package/hooks/learnship-session-state.js +1 -1
- package/hooks/learnship-statusline.js +8 -3
- package/learnship/agents/challenger.md +7 -0
- package/learnship/agents/executor.md +7 -0
- package/learnship/agents/ideation-agent.md +7 -0
- package/learnship/agents/research-synthesizer.md +7 -0
- package/learnship/agents/roadmapper.md +7 -0
- package/learnship/agents/security-auditor.md +28 -0
- package/learnship/agents/solution-writer.md +7 -0
- package/learnship/agents/verifier.md +1 -1
- package/learnship/references/git-integration.md +4 -4
- package/learnship/references/model-profiles.md +20 -13
- package/learnship/references/questioning.md +1 -1
- package/learnship/references/verification-patterns.md +1 -1
- package/learnship/templates/context.md +3 -3
- package/learnship/templates/discussion-log.md +2 -2
- package/learnship/workflows/discuss-phase.md +3 -3
- package/learnship/workflows/execute-phase.md +4 -3
- package/learnship/workflows/health.md +32 -4
- package/learnship/workflows/new-project.md +36 -4
- package/learnship/workflows/quick.md +1 -1
- package/learnship/workflows/review.md +106 -10
- package/learnship/workflows/secure-phase.md +2 -0
- package/learnship/workflows/ship.md +43 -0
- package/learnship/workflows/verify-work.md +33 -0
- package/package.json +1 -1
|
@@ -1,15 +1,16 @@
|
|
|
1
1
|
---
|
|
2
|
-
description:
|
|
2
|
+
description: Two-pass code review — spec compliance then multi-persona quality review
|
|
3
3
|
---
|
|
4
4
|
|
|
5
5
|
# Review
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
Two-pass code review. **Pass 1** confirms the change matches its spec (planned deliverables). **Pass 2** examines quality through six lenses: correctness, testing, security, performance, maintainability, and adversarial. Produces a severity-ranked findings report with confidence scores.
|
|
8
8
|
|
|
9
9
|
**Usage:** `review` — review current branch changes
|
|
10
10
|
**Usage:** `review [mode]` — modes: `interactive` (default), `report-only`, `autofix`
|
|
11
|
+
**Usage:** `review --quality-only` — skip spec compliance pass, run quality review only
|
|
11
12
|
|
|
12
|
-
**Sequencing:** Run after `verify-work` (
|
|
13
|
+
**Sequencing:** Run after `verify-work` (acceptance testing) and before `/ship` (deploy pipeline).
|
|
13
14
|
|
|
14
15
|
## Step 1: Determine Scope
|
|
15
16
|
|
|
@@ -48,9 +49,89 @@ Combined with conversation context and any SUMMARY.md files from the current pha
|
|
|
48
49
|
Intent: [what the changes are trying to accomplish]
|
|
49
50
|
```
|
|
50
51
|
|
|
51
|
-
## Step 3:
|
|
52
|
+
## Step 3: Pass 1 — Spec Compliance
|
|
52
53
|
|
|
53
|
-
|
|
54
|
+
> Skip this pass entirely if `--quality-only` flag was given.
|
|
55
|
+
|
|
56
|
+
Check whether the diff actually delivers what was planned. This is the "did we build the right thing?" gate — it runs before quality review because a spec failure is more important than any quality finding.
|
|
57
|
+
|
|
58
|
+
### 3a. Load the Spec
|
|
59
|
+
|
|
60
|
+
Try to find the spec in order of precedence:
|
|
61
|
+
|
|
62
|
+
```bash
|
|
63
|
+
# 1. Current phase PLAN.md files
|
|
64
|
+
find .planning/phases -name "*-PLAN.md" -newer .git/refs/heads/$(git rev-parse --abbrev-ref HEAD 2>/dev/null) 2>/dev/null | head -5
|
|
65
|
+
|
|
66
|
+
# 2. Most recently modified phase
|
|
67
|
+
ls -t .planning/phases/ 2>/dev/null | head -3
|
|
68
|
+
|
|
69
|
+
# 3. Commit messages as fallback spec
|
|
70
|
+
git log --oneline ${BASE}..HEAD
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
If PLAN.md files found: read their `must_haves` frontmatter fields — these are the spec.
|
|
74
|
+
If no PLAN.md: use commit message summaries as a lightweight spec.
|
|
75
|
+
If no commits at all: spec compliance is N/A — skip to Pass 2.
|
|
76
|
+
|
|
77
|
+
### 3b. Check Spec Coverage
|
|
78
|
+
|
|
79
|
+
For each must-have deliverable or commit-described feature:
|
|
80
|
+
|
|
81
|
+
1. Does the diff contain files that plausibly implement it?
|
|
82
|
+
2. Are there test files covering it?
|
|
83
|
+
3. Is it mentioned in any SUMMARY.md for the current phase?
|
|
84
|
+
|
|
85
|
+
Classify each item as:
|
|
86
|
+
- **COVERED** — evidence in diff matches the deliverable
|
|
87
|
+
- **PARTIAL** — diff touches the right area but coverage seems incomplete
|
|
88
|
+
- **MISSING** — no evidence in diff that this was implemented
|
|
89
|
+
|
|
90
|
+
### 3c. Report Spec Compliance
|
|
91
|
+
|
|
92
|
+
```
|
|
93
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
94
|
+
learnship ► PASS 1: SPEC COMPLIANCE
|
|
95
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
96
|
+
|
|
97
|
+
Spec source: [PLAN.md path | commit messages]
|
|
98
|
+
|
|
99
|
+
| Deliverable | Status | Evidence |
|
|
100
|
+
|-------------|--------|----------|
|
|
101
|
+
| [item 1] | COVERED | [file/lines] |
|
|
102
|
+
| [item 2] | PARTIAL | [what's missing] |
|
|
103
|
+
| [item 3] | MISSING | — |
|
|
104
|
+
|
|
105
|
+
Result: PASS | PARTIAL | FAIL
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
**If FAIL or PARTIAL:**
|
|
109
|
+
```
|
|
110
|
+
AskUserQuestion([
|
|
111
|
+
{
|
|
112
|
+
header: "Spec Gap",
|
|
113
|
+
question: "[N] planned deliverable(s) not found in this diff. Continue to quality review anyway?",
|
|
114
|
+
multiSelect: false,
|
|
115
|
+
options: [
|
|
116
|
+
{ label: "Continue anyway", description: "Run quality review on what exists — spec gaps noted in report" },
|
|
117
|
+
{ label: "Stop — fix spec gaps first", description: "Come back and re-run /review after completing missing deliverables" }
|
|
118
|
+
]
|
|
119
|
+
}
|
|
120
|
+
])
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
> 🛑 STOP. Wait for reply before continuing.
|
|
124
|
+
|
|
125
|
+
If "Stop": output the missing items as a task list and stop.
|
|
126
|
+
If "Continue": add spec gap findings to the final report as P1 items.
|
|
127
|
+
|
|
128
|
+
**If PASS:** continue directly to Pass 2.
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
|
|
132
|
+
## Step 4: Pass 2 — Select Quality Personas
|
|
133
|
+
|
|
134
|
+
Read the diff and file list. Select which quality review personas to activate:
|
|
54
135
|
|
|
55
136
|
**Always-on (every review):**
|
|
56
137
|
|
|
@@ -81,7 +162,7 @@ Review team:
|
|
|
81
162
|
- adversarial — [justification if selected]
|
|
82
163
|
```
|
|
83
164
|
|
|
84
|
-
## Step
|
|
165
|
+
## Step 5: Run Quality Review
|
|
85
166
|
|
|
86
167
|
Read `parallelization` from `.planning/config.json` (defaults to `false`).
|
|
87
168
|
|
|
@@ -138,7 +219,7 @@ Read `@./agents/code-reviewer.md` for the full persona definition. Run each sele
|
|
|
138
219
|
2. Read the diff through that lens
|
|
139
220
|
3. Record findings with severity and confidence
|
|
140
221
|
|
|
141
|
-
## Step
|
|
222
|
+
## Step 6: Merge & Deduplicate Findings
|
|
142
223
|
|
|
143
224
|
Combine findings from all personas:
|
|
144
225
|
|
|
@@ -147,7 +228,7 @@ Combine findings from all personas:
|
|
|
147
228
|
3. **Cross-persona agreement** — when 2+ personas flag the same issue, boost confidence by 0.10 (capped at 1.0).
|
|
148
229
|
4. **Sort** — order by severity (P0 first) → confidence (descending) → file path → line number.
|
|
149
230
|
|
|
150
|
-
## Step
|
|
231
|
+
## Step 7: Present Report
|
|
151
232
|
|
|
152
233
|
### Severity Scale
|
|
153
234
|
|
|
@@ -165,6 +246,7 @@ Display:
|
|
|
165
246
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
166
247
|
|
|
167
248
|
Intent: [intent summary]
|
|
249
|
+
Spec compliance: PASS | PARTIAL ([N] gaps carried as P1) | SKIPPED (--quality-only)
|
|
168
250
|
Reviewers: [list]
|
|
169
251
|
Mode: [interactive | report-only | autofix]
|
|
170
252
|
|
|
@@ -195,7 +277,7 @@ Mode: [interactive | report-only | autofix]
|
|
|
195
277
|
Total: [N] findings ([P0 count] critical, [P1 count] high, [P2 count] moderate, [P3 count] low)
|
|
196
278
|
```
|
|
197
279
|
|
|
198
|
-
## Step
|
|
280
|
+
## Step 8: Handle Mode
|
|
199
281
|
|
|
200
282
|
**Interactive (default):**
|
|
201
283
|
For each P0/P1 finding, ask: "Fix this now, or defer?"
|
|
@@ -212,7 +294,7 @@ git add [files]
|
|
|
212
294
|
git commit -m "fix([scope]): [description from finding]"
|
|
213
295
|
```
|
|
214
296
|
|
|
215
|
-
## Step
|
|
297
|
+
## Step 9: Suggest Next Steps
|
|
216
298
|
|
|
217
299
|
```
|
|
218
300
|
▶ Next steps:
|
|
@@ -230,6 +312,20 @@ git commit -m "fix([scope]): [description from finding]"
|
|
|
230
312
|
|
|
231
313
|
---
|
|
232
314
|
|
|
315
|
+
## Design Quality Gate (UI changes only)
|
|
316
|
+
|
|
317
|
+
If the review touched any user-facing UI files (frontend components, templates, stylesheets, public HTML), suggest running a design pass as a final lens — code correctness does not catch design regressions:
|
|
318
|
+
|
|
319
|
+
> 🎨 **Design pass:** This review touched UI files. Run one of these `impeccable` actions on the changed views to catch issues code review misses (visual hierarchy, accessibility, motion, copy):
|
|
320
|
+
>
|
|
321
|
+
> - `@impeccable critique [component or view]` — Multi-frame critique (typography, color, spatial, motion, copy)
|
|
322
|
+
> - `@impeccable polish [component or view]` — Apply small refinements before shipping
|
|
323
|
+
> - `@impeccable audit [view]` — Scan for accessibility, contrast, and layout issues
|
|
324
|
+
>
|
|
325
|
+
> Skip if no UI files changed.
|
|
326
|
+
|
|
327
|
+
---
|
|
328
|
+
|
|
233
329
|
## Learning Checkpoint
|
|
234
330
|
|
|
235
331
|
Read `learning_mode` from `.planning/config.json`.
|
|
@@ -55,6 +55,8 @@ For each file, check for:
|
|
|
55
55
|
- Hardcoded credentials
|
|
56
56
|
- Insecure defaults
|
|
57
57
|
|
|
58
|
+
**OWASP Top 10 surface scan:** As part of codebase analysis, note which OWASP categories are relevant to this phase's changes (see security-auditor agent for the full checklist). The SECURITY.md output must include an OWASP coverage table — marking each category as Relevant/N/A/Found. This makes the audit exhaustive and audit-trail-friendly.
|
|
59
|
+
|
|
58
60
|
## Step 3: Build Threat Register
|
|
59
61
|
|
|
60
62
|
For each identified concern, create a threat entry:
|
|
@@ -208,6 +208,49 @@ or patterns while context is fresh.
|
|
|
208
208
|
|
|
209
209
|
---
|
|
210
210
|
|
|
211
|
+
## Pre-Ship Design Pass (UI changes only)
|
|
212
|
+
|
|
213
|
+
Before opening the PR, if the staged changes touch any user-facing UI files, run a final design pass — this catches issues that tests and code review don't:
|
|
214
|
+
|
|
215
|
+
```bash
|
|
216
|
+
git diff --name-only --cached | grep -E '\.(tsx?|jsx?|vue|svelte|html|css|scss|less)$' | head -5
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
If UI files appear in the diff, suggest:
|
|
220
|
+
|
|
221
|
+
> 🎨 **Design pass before ship:** Staged changes include UI files. Run one of these to catch design regressions before opening the PR:
|
|
222
|
+
>
|
|
223
|
+
> - `@impeccable polish [view]` — Quick refinement pass: typography, spacing, color, copy
|
|
224
|
+
> - `@impeccable audit [view]` — Accessibility + contrast + layout scan
|
|
225
|
+
> - `@impeccable harden [view]` — Edge-case resilience (small viewport, RTL, screen reader)
|
|
226
|
+
>
|
|
227
|
+
> Skip on non-UI changes.
|
|
228
|
+
|
|
229
|
+
---
|
|
230
|
+
|
|
231
|
+
## Live Smoke Test Before PR (when Playwright MCP is available)
|
|
232
|
+
|
|
233
|
+
**Supported on:** Any platform with MCP support configured (Claude Code, OpenCode, Cursor, Windsurf, Codex CLI, Gemini CLI).
|
|
234
|
+
|
|
235
|
+
If `mcp__playwright__*` tools are available and the staged changes touch a web UI, run a quick smoke test before creating the PR — catches rendering failures that tests don't:
|
|
236
|
+
|
|
237
|
+
```bash
|
|
238
|
+
# Check server is running
|
|
239
|
+
curl -s -o /dev/null -w "%{http_code}" http://localhost:3000 2>/dev/null || echo "not-running"
|
|
240
|
+
```
|
|
241
|
+
|
|
242
|
+
If the server is running and Playwright is available:
|
|
243
|
+
1. Navigate to the primary page
|
|
244
|
+
2. Walk the changed flow once (the golden path for this change)
|
|
245
|
+
3. Take a screenshot — verify it matches expectations
|
|
246
|
+
4. Check the browser console — zero JS errors required
|
|
247
|
+
|
|
248
|
+
**If smoke test fails:** Stop the ship pipeline. Fix before pushing.
|
|
249
|
+
|
|
250
|
+
If Playwright is not configured or the server is not running: skip this step and note it in the PR description. To configure: see the `verify-work` workflow for Playwright MCP setup instructions per platform.
|
|
251
|
+
|
|
252
|
+
---
|
|
253
|
+
|
|
211
254
|
## Learning Checkpoint
|
|
212
255
|
|
|
213
256
|
Read `learning_mode` from `.planning/config.json`.
|
|
@@ -351,6 +351,39 @@ Present when ready:
|
|
|
351
351
|
|
|
352
352
|
---
|
|
353
353
|
|
|
354
|
+
## Live UI Smoke Test (when Playwright MCP is available)
|
|
355
|
+
|
|
356
|
+
**Supported on:** Any platform with MCP support configured (Claude Code, OpenCode, Cursor, Windsurf, Codex CLI, Gemini CLI). Optional enhancement layer — the conversational UAT above is the primary mechanism on all platforms.
|
|
357
|
+
|
|
358
|
+
After UAT passes, if the tested deliverables include any user-facing UI **and** your tool list includes `mcp__playwright__*` tools (or equivalents), run a quick live smoke test before committing the UAT as complete:
|
|
359
|
+
|
|
360
|
+
**1. Find the entry point:**
|
|
361
|
+
```bash
|
|
362
|
+
# Check common dev server patterns
|
|
363
|
+
grep -E '"(dev|start|serve)"' package.json 2>/dev/null | head -3
|
|
364
|
+
cat README.md 2>/dev/null | grep -i "http://localhost" | head -3
|
|
365
|
+
```
|
|
366
|
+
|
|
367
|
+
**2. Verify the server is running:**
|
|
368
|
+
```bash
|
|
369
|
+
curl -s -o /dev/null -w "%{http_code}" http://localhost:3000 2>/dev/null || \
|
|
370
|
+
curl -s -o /dev/null -w "%{http_code}" http://localhost:8080 2>/dev/null || \
|
|
371
|
+
echo "not-running"
|
|
372
|
+
```
|
|
373
|
+
|
|
374
|
+
**3. Walk the golden path via Playwright:**
|
|
375
|
+
- Navigate to the primary entry point
|
|
376
|
+
- Walk through each UI deliverable from the UAT list once
|
|
377
|
+
- Take a screenshot at each key step
|
|
378
|
+
- Check the browser console for JS errors
|
|
379
|
+
|
|
380
|
+
**4. Record the result:**
|
|
381
|
+
If any Playwright step fails (HTTP error, JS exception, visual regression), treat it as a UAT issue with severity `blocker` and add it to the Gaps section.
|
|
382
|
+
|
|
383
|
+
> **Platform note:** Playwright MCP is supported wherever MCP is available — Claude Code, OpenCode, Cursor, Windsurf, Codex CLI, and Gemini CLI all support MCP servers. To enable it: install `@playwright/mcp` and add it to your platform's MCP config. On Claude Code: `claude mcp add playwright npx @playwright/mcp`. On Cursor/Windsurf: add `@playwright/mcp` as an MCP server in your IDE settings. Once configured, learnship workflows detect and use it automatically.
|
|
384
|
+
|
|
385
|
+
---
|
|
386
|
+
|
|
354
387
|
## Learning Checkpoint
|
|
355
388
|
|
|
356
389
|
Read `learning_mode` from `.planning/config.json`.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "learnship",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.4.0",
|
|
4
4
|
"description": "Learn as you build. Build with intent. — A multi-platform agentic engineering system for Windsurf, Claude Code, Cursor, OpenCode, Gemini CLI, and Codex: 57 spec-driven workflows, 17 specialist agent personas, integrated learning, and production-grade design.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"agentic",
|