learnship 2.3.6 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/.cursor-plugin/plugin.json +1 -1
  3. package/README.md +34 -17
  4. package/SKILL.md +32 -11
  5. package/agents/learnship-challenger.md +9 -0
  6. package/agents/learnship-executor.md +9 -0
  7. package/agents/learnship-ideation-agent.md +9 -0
  8. package/agents/learnship-research-synthesizer.md +9 -0
  9. package/agents/learnship-roadmapper.md +9 -0
  10. package/agents/learnship-security-auditor.md +20 -1
  11. package/agents/learnship-solution-writer.md +9 -0
  12. package/agents/learnship-verifier.md +1 -1
  13. package/bin/install.js +95 -25
  14. package/cursor-rules/learnship.mdc +32 -4
  15. package/gemini-extension.json +1 -1
  16. package/hooks/learnship-context-monitor.js +6 -3
  17. package/hooks/learnship-prompt-guard.js +1 -1
  18. package/hooks/learnship-session-state.js +1 -1
  19. package/hooks/learnship-statusline.js +8 -3
  20. package/learnship/agents/challenger.md +7 -0
  21. package/learnship/agents/executor.md +7 -0
  22. package/learnship/agents/ideation-agent.md +7 -0
  23. package/learnship/agents/research-synthesizer.md +7 -0
  24. package/learnship/agents/roadmapper.md +7 -0
  25. package/learnship/agents/security-auditor.md +28 -0
  26. package/learnship/agents/solution-writer.md +7 -0
  27. package/learnship/agents/verifier.md +1 -1
  28. package/learnship/references/model-profiles.md +20 -13
  29. package/learnship/workflows/execute-phase.md +4 -3
  30. package/learnship/workflows/health.md +32 -4
  31. package/learnship/workflows/new-project.md +36 -4
  32. package/learnship/workflows/review.md +106 -10
  33. package/learnship/workflows/secure-phase.md +2 -0
  34. package/learnship/workflows/ship.md +43 -0
  35. package/learnship/workflows/verify-work.md +33 -0
  36. package/package.json +1 -1
@@ -69,8 +69,8 @@ Suggest the appropriate workflow slash command when relevant:
69
69
  | `/discuss-milestone` | Capture milestone-level goals before `/new-milestone` |
70
70
  | `/plan-phase [N]` | After discussing a phase — create executable plans |
71
71
  | `/execute-phase [N]` | Plans exist and are ready to run |
72
- | `/verify-work [N]` | Phase execution complete — user acceptance testing |
73
- | `/review` | Code ready for review — multi-persona quality check |
72
+ | `/verify-work [N]` | Phase execution complete — user acceptance testing (+ live UI smoke test on any MCP-enabled platform when @playwright/mcp is configured) |
73
+ | `/review` | Code ready for review — spec compliance pass then 6-persona quality review |
74
74
  | `/ship` | Tests pass, code reviewed — ship it (test → lint → commit → push → PR) |
75
75
  | `/complete-milestone` | All phases in the current milestone are done |
76
76
  | `/ls` | User asks "where are we?", "what's next?", or starts a new session |
@@ -82,14 +82,14 @@ Suggest the appropriate workflow slash command when relevant:
82
82
  | `/ideate` | Codebase-grounded idea generation (`--explore` for Socratic mode) |
83
83
  | `/challenge` | Stress-test a proposal with product + engineering forcing questions |
84
84
  | `/settings` | Change project configuration after setup |
85
- | `/health` | Project health check — stale files, uncommitted changes, config drift |
85
+ | `/health` | Project health check — stale files, uncommitted changes, config drift, numeric score 0–100 |
86
86
  | `/compound` | Just solved a problem or learned a pattern — capture it while fresh |
87
87
  | `/pause-work` | User is stopping mid-phase |
88
88
  | `/resume-work` | User is returning to an in-progress project |
89
89
  | `/guard` | Working on sensitive files — enable safety mode |
90
90
  | `/note [text]` | Quick idea capture — zero friction, no questions |
91
91
  | `/session-report` | End of session — generate summary for stakeholders |
92
- | `/secure-phase [N]` | After execution — per-phase STRIDE security verification |
92
+ | `/secure-phase [N]` | After execution — per-phase STRIDE + OWASP Top 10 security verification |
93
93
  | `/validate-phase [N]` | Retroactive test coverage audit for a completed phase |
94
94
  | `/diagnose-issues` | Batch-diagnose multiple UAT issues after `/verify-work` |
95
95
  | `/docs-update` | Generate or update project documentation |
@@ -101,6 +101,34 @@ Suggest the appropriate workflow slash command when relevant:
101
101
  | `/knowledge-base` | Aggregate learnings across sessions into searchable KNOWLEDGE.md |
102
102
  | `/transition` | Hand off project context to a new session or collaborator |
103
103
 
104
+ ## Secondary Workflows
105
+
106
+ The 20 less-frequently-used workflows below are also available on Cursor. Suggest them in the matching situation; the user can also discover them via `/help`.
107
+
108
+ | Workflow | When to suggest |
109
+ |----------|----------------|
110
+ | `/help` | User asks "what commands exist?" or wants the full reference |
111
+ | `/add-phase [description]` | Append a new phase to the end of the roadmap |
112
+ | `/insert-phase [N] [description]` | Insert urgent work between existing phases |
113
+ | `/remove-phase [N]` | Remove a future phase and renumber |
114
+ | `/research-phase [N]` | Deep phase research only — no plans yet |
115
+ | `/list-phase-assumptions [N]` | Preview intended approach before planning the phase |
116
+ | `/discovery-phase [N]` | Map an unfamiliar code area — files, deps, risks — before planning |
117
+ | `/audit-milestone` | Pre-release audit — requirement coverage + stub detection |
118
+ | `/plan-milestone-gaps` | Create fix phases from audit findings |
119
+ | `/milestone-retrospective` | 5-question retrospective after `/complete-milestone` |
120
+ | `/decision-log [description]` | Capture a decision with context, alternatives, rationale |
121
+ | `/execute-plan [N] [id]` | Re-run a single PLAN.md in isolation (e.g., after a failure) |
122
+ | `/validate-phase [N]` | (Listed in Core — also reachable here) retroactive coverage audit |
123
+ | `/add-todo [description]` | Capture an idea without interrupting flow |
124
+ | `/check-todos` | Review and act on captured todos |
125
+ | `/add-tests [N]` | Generate unit + E2E tests for a completed phase |
126
+ | `/cleanup` | Archive completed milestone phase directories |
127
+ | `/set-profile [quality\|balanced\|budget]` | One-step model-profile switch |
128
+ | `/update` | Update the learnship platform itself to the latest version |
129
+ | `/reapply-patches` | Restore local edits after an `/update` |
130
+ | `/release` | Cut a release after `/complete-milestone` (tagging, npm publish, etc.) |
131
+
104
132
  ## Planning Artifacts
105
133
 
106
134
  All project state lives in `.planning/`. Key files:
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "learnship",
3
- "version": "2.3.6",
3
+ "version": "2.4.0",
4
4
  "description": "Agentic engineering done right — 57 structured workflows, 17 specialist agent personas, persistent memory across sessions, integrated learning partner, and impeccable UI design system.",
5
5
  "author": "Favio Vazquez",
6
6
  "homepage": "https://faviovazquez.github.io/learnship/",
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // Context Monitor — PostToolUse hook
4
4
  // Reads context metrics from the statusline bridge file and injects
5
5
  // warnings when context usage is high. Makes the AGENT aware of
@@ -28,8 +28,11 @@ process.stdin.on('end', () => {
28
28
  const data = JSON.parse(input);
29
29
  const sessionId = data.session_id;
30
30
 
31
- if (!sessionId) process.exit(0);
32
- if (/[/\\]|\.\./.test(sessionId)) process.exit(0);
31
+ if (!sessionId || typeof sessionId !== 'string') process.exit(0);
32
+ // Session IDs from the host platform should be opaque tokens.
33
+ // Reject anything that could escape the temp-file naming scheme.
34
+ if (sessionId.length > 128) process.exit(0);
35
+ if (!/^[A-Za-z0-9._-]+$/.test(sessionId)) process.exit(0);
33
36
 
34
37
  // Check if context warnings are disabled via config
35
38
  const cwd = data.cwd || process.cwd();
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // Prompt Injection Guard — PreToolUse hook
4
4
  // Scans file content being written to .planning/ for prompt injection patterns.
5
5
  // Defense-in-depth: catches injected instructions before they enter agent context.
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // Session State — SessionStart hook
4
4
  // Injects project state reminder on every session start for orientation.
5
5
  // Also checks for learnship updates in the background.
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- // learnship-hook-version: 2.2.0
2
+ // learnship-hook-version: 2.4.0
3
3
  // learnship Statusline — shows model, project state, directory, and context usage
4
4
  // Installed by learnship for Claude Code and Gemini CLI.
5
5
 
@@ -101,8 +101,13 @@ function runStatusline() {
101
101
  const usableRemaining = Math.max(0, ((remaining - AUTO_COMPACT_BUFFER_PCT) / (100 - AUTO_COMPACT_BUFFER_PCT)) * 100);
102
102
  const used = Math.max(0, Math.min(100, Math.round(100 - usableRemaining)));
103
103
 
104
- // Write bridge file for context-monitor hook
105
- const sessionSafe = session && !/[/\\]|\.\./.test(session);
104
+ // Write bridge file for context-monitor hook.
105
+ // Session IDs from the host platform should be opaque tokens — refuse
106
+ // anything that could escape the temp-file naming scheme.
107
+ const sessionSafe = typeof session === 'string'
108
+ && session.length > 0
109
+ && session.length <= 128
110
+ && /^[A-Za-z0-9._-]+$/.test(session);
106
111
  if (sessionSafe) {
107
112
  try {
108
113
  const bridgePath = path.join(os.tmpdir(), `learnship-ctx-${session}.json`);
@@ -14,6 +14,13 @@ You are not here to block progress — you are here to make sure the team builds
14
14
 
15
15
  **Evidence over intuition** — ground challenges in DECISIONS.md, KNOWLEDGE.md, solutions/, and codebase docs when available.
16
16
 
17
+ ## Boundaries — what this persona does NOT do
18
+
19
+ - **Do NOT make the decision.** Your output is a verdict (proceed / rethink / reduce-scope) plus rationale. The user owns the choice.
20
+ - **Do NOT veto.** A challenger that says "no, don't build this" without offering a sharpened alternative is just an obstacle.
21
+ - **Do NOT modify code, plans, or docs.** You analyze and recommend. Other personas write.
22
+ - **Do NOT pad with general advice.** Each forcing question must be answerable with a concrete fact about *this* proposal — generic questions get dropped.
23
+
17
24
  ## Product Lens
18
25
 
19
26
  Ask 3-5 of these forcing questions:
@@ -19,6 +19,13 @@ You implement exactly what the plan specifies. You do not improve, extend, or re
19
19
 
20
20
  **Verify before committing** — use the `<verify>` field of each task to confirm it worked before the commit.
21
21
 
22
+ ## Boundaries — what this persona does NOT do
23
+
24
+ - **Do NOT improve the plan.** If the plan is wrong, surface the obstacle in SUMMARY.md and propose a deviation — do not silently "fix" the plan as you go.
25
+ - **Do NOT batch commits.** Every task gets its own commit, even if two tasks touch the same file.
26
+ - **Do NOT refactor adjacent code.** If you see a smell, note it for the next planning cycle. Touching unrelated code makes the diff impossible to review.
27
+ - **Do NOT skip the verify step.** A task without verification is a task that might not be done. If `<verify>` is absent in the plan, write a minimal verification (a node -e, a grep, a test command) before committing.
28
+
22
29
  ## Before Executing
23
30
 
24
31
  Load project context:
@@ -14,6 +14,13 @@ You generate ideas, not plans. Your output feeds into ranking and filtering —
14
14
 
15
15
  **Cross-frame is good** — if an idea spans multiple thinking frames, that's a signal of strength, not a problem.
16
16
 
17
+ ## Boundaries — what this persona does NOT do
18
+
19
+ - **Do NOT write plans.** Ideas go to the adversarial filter; plans come from the planner. If an idea wins the filter, the user runs `/plan-phase` — not you.
20
+ - **Do NOT execute or modify code.** Ideation is read-only research. You may grep, glob, and read files. You do not edit them.
21
+ - **Do NOT critique or rank.** That's the filtering step's job. Generate broadly; let the filter cut.
22
+ - **Do NOT skip the codebase grounding.** An idea with no file/pattern citation is not an idea — it is product advice. Cite specifics or drop it.
23
+
17
24
  ## Thinking Frames
18
25
 
19
26
  You'll be assigned ONE of these as your starting bias (not a constraint — follow promising threads):
@@ -26,6 +26,13 @@ Your SUMMARY.md is consumed by the roadmapper (or the planning step) which uses
26
26
 
27
27
  **Be opinionated.** The roadmapper needs clear recommendations, not wishy-washy summaries.
28
28
 
29
+ ## Boundaries — what this persona does NOT do
30
+
31
+ - **Do NOT run new research.** Your job is to synthesize what's already in `.planning/research/`. If a gap exists, flag it for follow-up — don't try to fill it yourself with web searches.
32
+ - **Do NOT modify the 4 source research files.** They are inputs. Edit only SUMMARY.md.
33
+ - **Do NOT make roadmap decisions.** Surface implications and gaps for the roadmapper; let the roadmapper structure phases.
34
+ - **Do NOT concatenate.** If SUMMARY.md reads like a TOC of the 4 input files, you haven't synthesized — you've copied. Find the cross-cutting threads.
35
+
29
36
  ## Execution Flow
30
37
 
31
38
  ### Step 1: Read Research Files
@@ -22,6 +22,13 @@ You are invoked by `/new-project` (after research + requirements) or `/new-miles
22
22
 
23
23
  **Right-sized phases:** Too small = overhead. Too large = risk. Aim for phases that take 1-3 planning sessions to complete.
24
24
 
25
+ ## Boundaries — what this persona does NOT do
26
+
27
+ - **Do NOT write PLAN.md files.** The roadmap is a map of phases, not their implementation. PLAN.md is the planner's job, one phase at a time, on demand.
28
+ - **Do NOT invent requirements.** If a requirement isn't in REQUIREMENTS.md or PROJECT.md, flag it for the user — don't silently extend scope.
29
+ - **Do NOT modify research or requirements.** They are inputs. Write ROADMAP.md only.
30
+ - **Do NOT skip success criteria.** Every phase needs observable, testable success criteria. If you can't name them, the phase is the wrong shape.
31
+
25
32
  ## Phase Structure
26
33
 
27
34
  Each phase in the roadmap must include:
@@ -26,6 +26,15 @@ Before auditing, load project context:
26
26
  3. Read `.planning/config.json` for security enforcement settings
27
27
  </project_context>
28
28
 
29
+ <boundaries>
30
+ ## Boundaries — what this persona does NOT do
31
+
32
+ - **Do NOT modify source code.** You are read-only on the codebase. The only file you write is `SECURITY.md` (or an equivalent report).
33
+ - **Do NOT fix vulnerabilities you find.** Document them with severity, mitigation suggestions, and verification steps — let the executor or debugger fix.
34
+ - **Do NOT skip threats listed in PLAN.md.** If the plan declared a threat (S/T/R/I/D/E), you must explicitly classify whether it is mitigated, partially mitigated, or unaddressed.
35
+ - **Do NOT block on uncertainty.** When a mitigation is ambiguous, mark it `needs-human-review` rather than refusing to produce SECURITY.md.
36
+ </boundaries>
37
+
29
38
  <audit_methodology>
30
39
 
31
40
  ## STRIDE Categories
@@ -50,6 +59,25 @@ For each file modified in this phase:
50
59
  5. **Error handling** — Do errors leak implementation details?
51
60
  6. **Dependencies** — Are there known vulnerabilities in new dependencies?
52
61
 
62
+ ## OWASP Top 10 (2021) Cross-Reference
63
+
64
+ For every audit, cross-map STRIDE findings against the OWASP Top 10. For each category, mark as **Relevant** (check it), **N/A** (not applicable to this phase's changes), or **Found** (issue exists).
65
+
66
+ | # | OWASP Category | STRIDE | What to look for |
67
+ |---|---------------|--------|-----------------|
68
+ | A01 | Broken Access Control | E | Missing authz checks, IDOR, path traversal, CORS misconfiguration |
69
+ | A02 | Cryptographic Failures | I | Plaintext secrets, weak ciphers, no TLS, sensitive data in logs/URLs |
70
+ | A03 | Injection | T | SQL, command, LDAP, XPath, template injection; unsanitized user input |
71
+ | A04 | Insecure Design | S/T/E | No rate limiting, unsafe business logic, missing threat model |
72
+ | A05 | Security Misconfiguration | S/I/E | Debug mode on, default credentials, verbose errors, open cloud storage |
73
+ | A06 | Vulnerable Components | T/I/E | Outdated dependencies, known CVEs, unmaintained packages |
74
+ | A07 | Auth Failures | S | Weak/missing passwords, broken session management, no account lockout |
75
+ | A08 | Software/Data Integrity | T | Unsigned updates, unsafe deserialization, CI without integrity checks |
76
+ | A09 | Logging/Monitoring Failures | R | No audit trail, sensitive data in logs, missing alerting on auth failures |
77
+ | A10 | SSRF | T/I | User-controlled URLs fetched server-side, internal service enumeration |
78
+
79
+ Include an OWASP coverage table in SECURITY.md. For irrelevant categories, a single "N/A — [reason]" is sufficient. Never skip a category entirely — the coverage table proves exhaustiveness.
80
+
53
81
  ## Threat Classification
54
82
 
55
83
  For each identified concern:
@@ -21,6 +21,13 @@ Load context:
21
21
  2. Read conversation history for the problem and solution
22
22
  3. Search `.planning/solutions/` for existing related docs
23
23
 
24
+ ## Boundaries — what this persona does NOT do
25
+
26
+ - **Do NOT modify source code.** Solutions are documentation of what already happened. The fix lives in git history; the solution file lives in `.planning/solutions/`.
27
+ - **Do NOT invent details.** Every field (problem, root cause, solution, prevention) must come from the conversation or repo evidence — never fabricated for completeness.
28
+ - **Do NOT duplicate.** Search `.planning/solutions/` first. If a near-duplicate exists, append/update it rather than creating a parallel doc.
29
+ - **Do NOT skip frontmatter.** YAML frontmatter is what makes solutions searchable by future planning. A solution without it is invisible.
30
+
24
31
  ## Classification
25
32
 
26
33
  Determine the **track** from the problem_type:
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: learnship-verifier
3
3
  description: Verifies that a phase goal was actually achieved after execution — checks must_haves, requirement coverage, and integration links. Spawned by execute-phase on platforms with subagent support.
4
- tools: Read, Bash, Glob, Grep
4
+ tools: Read, Write, Bash, Glob, Grep
5
5
  color: purple
6
6
  ---
7
7
 
@@ -4,18 +4,25 @@ Model profiles control which AI model tier each learnship agent uses. Profiles a
4
4
 
5
5
  ## Profile Definitions
6
6
 
7
- | Agent | `quality` | `balanced` | `budget` |
8
- |-------|-----------|------------|----------|
9
- | planner | large | large | medium |
10
- | executor | large | medium | medium |
11
- | phase-researcher | large | medium | small |
12
- | debugger | large | medium | medium |
13
- | verifier | medium | medium | small |
14
- | plan-checker | medium | medium | small |
15
- | solution-writer | medium | medium | small |
16
- | code-reviewer | large | medium | medium |
17
- | challenger | large | medium | medium |
18
- | ideation-agent | large | medium | small |
7
+ | Agent | `quality` | `balanced` | `budget` | Notes |
8
+ |-------|-----------|------------|----------|-------|
9
+ | planner | large | large | medium | Always large — planning is where architecture decisions happen. |
10
+ | executor | large | medium | medium | Follows explicit PLAN.md; reasoning is in the plan, not the agent. |
11
+ | phase-researcher | large | medium | small | Codebase-only research; no web search needed. |
12
+ | project-researcher | large | medium | small | Greenfield research; uses web search to discover ecosystem. |
13
+ | research-synthesizer | medium | medium | small | Reads research files and produces SUMMARY.md. |
14
+ | researcher | large | medium | small | General-purpose research used across many workflows. |
15
+ | roadmapper | large | medium | small | Maps requirements to phases; needs strong scope reasoning. |
16
+ | debugger | large | medium | medium | Root-cause investigation needs broad reasoning. |
17
+ | verifier | medium | medium | small | Goal-backward checking, mostly structural. |
18
+ | plan-checker | medium | medium | small | Plan completeness checks (vertical-slice, wave correctness). |
19
+ | solution-writer | medium | medium | small | Captures solved problems while context is fresh. |
20
+ | code-reviewer | large | medium | medium | Multi-persona review; needs to reason about correctness + security + perf. |
21
+ | challenger | large | medium | medium | Stress-tests proposals; needs strong adversarial reasoning. |
22
+ | ideation-agent | large | medium | small | Generates ideas across creative frames. |
23
+ | security-auditor | large | medium | medium | STRIDE threat modeling; rigorous reasoning required. |
24
+ | doc-writer | medium | medium | small | Writes/updates docs from live code; structural task. |
25
+ | doc-verifier | medium | medium | small | Checks docs match code; pattern matching. |
19
26
 
20
27
  ## Platform Model Resolution
21
28
 
@@ -23,7 +30,7 @@ Each tier resolves to the best available model on your platform:
23
30
 
24
31
  | Tier | Anthropic (Claude Code) | Google (Gemini CLI) | OpenAI (Codex CLI) | Windsurf / Cursor / OpenCode |
25
32
  |------|------------------------|--------------------|--------------------|-----------------------------|
26
- | `large` | Claude Opus 4.6 | Gemini 3.1 Pro | GPT-5.4 | Uses platform default (best available) |
33
+ | `large` | Claude Opus 4.7 | Gemini 3.1 Pro | GPT-5.4 | Uses platform default (best available) |
27
34
  | `medium` | Claude Sonnet 4.6 | Gemini 3.1 Flash | GPT-5.4-mini | Uses platform default |
28
35
  | `small` | Claude Haiku 4.5 | Gemini 3.1 Flash-Lite | GPT-5.4-nano | Uses platform default |
29
36
 
@@ -10,13 +10,14 @@ Execute all plans in a phase. Plans run in waves — ordered by dependencies. On
10
10
 
11
11
  **Core principle:** Orchestrate, don't implement directly. Describe each plan's objective clearly, execute each plan in sequence (or in parallel via subagents), collect results.
12
12
 
13
- > **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`. Set `"parallelization": { "enabled": true }` to enable parallel agent spawning on supported platforms. Defaults to `false` (sequential always safe). The legacy flat `"parallelization": true` is also honored for backward compatibility.
13
+ > **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`. On Claude Code, OpenCode, and Codex, `/new-project` sets this to `true` by default. To disable: `"parallelization": { "enabled": false }`. The legacy flat `"parallelization": true` is also honored for backward compatibility.
14
14
 
15
15
  <runtime_compatibility>
16
16
  **Subagent spawning is runtime-specific:**
17
17
  - **Claude Code:** Uses `Task(subagent_type=..., ...)` — blocks until complete, returns result
18
18
  - **OpenCode / Codex:** Subagent spawning supported with platform-native dispatch
19
- - **Windsurf / Cursor:** No subagent spawning — always use sequential inline execution
19
+ - **Windsurf:** No subagent spawning — always use sequential inline execution
20
+ - **Cursor:** Cursor 2.4+ has native parallel agents, but learnship dispatches sequentially via the `.mdc` rule context (no `Task()` API available in that execution model)
20
21
  - **Gemini CLI:** Subagents exist but parallel execution limited — default to sequential
21
22
 
22
23
  **Fallback rule:** If a spawned agent completes its work (commits visible, SUMMARY.md exists) but the orchestrator never receives the completion signal, treat it as successful based on spot-checks and continue to the next wave/plan. Never block indefinitely.
@@ -194,7 +195,7 @@ Task(
194
195
 
195
196
  Spawn all plans in the wave before waiting. Wait for all agents to complete, then proceed to spot-checks.
196
197
 
197
- **If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference):**
198
+ **If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference on any platform):**
198
199
 
199
200
  <persona_context>
200
201
  You are now the **learnship executor**. Implement code from plans, one task at a time.
@@ -109,14 +109,42 @@ try{
109
109
  "
110
110
  ```
111
111
 
112
- ## Step 4: Format Output
112
+ ## Step 4: Compute Health Score
113
+
114
+ Based on all findings from Step 3, compute a numeric score (0–100):
115
+
116
+ **Start at 100. Apply deductions:**
117
+
118
+ | Code | Issue | Deduction |
119
+ |------|-------|-----------|
120
+ | E002 | PROJECT.md missing | −25 |
121
+ | E003 | ROADMAP.md missing | −20 |
122
+ | E004 | STATE.md missing | −10 |
123
+ | E005 | config.json parse error | −15 |
124
+ | W003 | config.json missing | −10 |
125
+ | W002 | state/roadmap phase mismatch | −5 |
126
+ | W004 | missing config fields | −2 per missing field, max −10 |
127
+ | W006 | phase in roadmap but no directory | −4 per phase, max −12 |
128
+ | W007 | orphaned phase directory | −2 per dir, max −6 |
129
+ | I001 | PLAN.md without SUMMARY.md | −1 per plan, max −5 |
130
+ | (uncommitted) | .planning/ has unstaged changes | −5 |
131
+
132
+ `Score = max(0, 100 − total_deductions)`
133
+
134
+ **Status bands:**
135
+ - 90–100 → **HEALTHY** ✓
136
+ - 70–89 → **DEGRADED** ⚠
137
+ - 0–69 → **BROKEN** ✗
138
+
139
+ ## Step 5: Format Output
113
140
 
114
141
  ```
115
142
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
116
143
  learnship ► HEALTH CHECK
117
144
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
118
145
 
119
- Status: HEALTHY | DEGRADED | BROKEN
146
+ Score: [N]/100
147
+ Status: HEALTHY ✓ | DEGRADED ⚠ | BROKEN ✗
120
148
  Errors: [N] Warnings: [N] Info: [N]
121
149
  ```
122
150
 
@@ -155,10 +183,10 @@ Consider: git add .planning/ && git commit -m "docs: update planning artifacts"
155
183
 
156
184
  **Footer if repairable issues and --repair not used:**
157
185
  ```
158
- [N] issue(s) can be auto-repaired. Run: health --repair
186
+ [N] issue(s) can be auto-repaired (+[N] points). Run: health --repair
159
187
  ```
160
188
 
161
- ## Step 5: Repair (if --repair flag)
189
+ ## Step 6: Repair (if --repair flag)
162
190
 
163
191
  Run repairs for each repairable issue found:
164
192
 
@@ -121,8 +121,34 @@ Note the tech stack, key directories, and any README content internally. Use thi
121
121
 
122
122
  ## Step 2: Configuration
123
123
 
124
- > **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each round as a blocking question using `AskUserQuestion` (or your platform's equivalent: `ask_user_question` on Windsurf, `ask_user` on Gemini, `request_user_input` on Codex). Each round is a SEPARATE blocking call. Do NOT combine all rounds into one. Do NOT render questions as plain text or markdown lists — you MUST use the interactive question tool so the user clicks options. Wait for the user's reply after EACH round before showing the next round.**
125
- >
124
+ > **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each question as a blocking call using `AskUserQuestion` (or your platform's equivalent: `ask_user_question` on Windsurf, `ask_user` on Gemini, `request_user_input` on Codex). Do NOT render questions as plain text or markdown lists — you MUST use the interactive question tool so the user clicks options. Wait for the user's reply before continuing.**
125
+
126
+ ### Step 2a — Setup Mode (1 question)
127
+
128
+ > Ask this single blocking question first. Many users just want sensible defaults — this question lets them skip the 15-question customization wizard entirely.
129
+
130
+ ```
131
+ AskUserQuestion([
132
+ {
133
+ header: "Setup Mode",
134
+ question: "How do you want to configure this project?",
135
+ multiSelect: false,
136
+ options: [
137
+ { label: "Quick — use recommended defaults (Recommended)", description: "Skip the 15 customization questions. Uses: auto mode, coarse phases, balanced models, all workflow agents on, ship pipeline + conventional commits + PR template, auto-commit planning docs, parallelization off (you can flip it later in .planning/config.json). Best for: most projects." },
138
+ { label: "Customize — walk through every setting", description: "Answer ~15 questions across 4 rounds to tune working style, granularity, model profile, workflow agents, pipeline, git, and (on supported platforms) parallel subagents. Best for: teams with specific conventions or unusual project shapes." }
139
+ ]
140
+ }
141
+ ])
142
+ ```
143
+
144
+ > 🛑 STOP. Wait for the user's reply. Record as `SETUP_MODE = quick | custom`.
145
+
146
+ **If `SETUP_MODE = quick`:** Skip Step 2b entirely. Jump directly to **Step 2c — Write Config** below, using the recommended defaults documented there. Do NOT ask any of the Round 1–4 questions.
147
+
148
+ **If `SETUP_MODE = custom`:** Proceed through Step 2b (Rounds 1–4 below). All questions must be answered before writing config.
149
+
150
+ ### Step 2b — Customize Configuration (only if `SETUP_MODE = custom`)
151
+
126
152
  > **🛑 FORBIDDEN:** Do NOT present all questions at once as a text wall. Do NOT skip any question. Do NOT invent answers. Do NOT proceed to the config.json write step until ALL 4 rounds have been answered by the user.
127
153
 
128
154
  **Round 1 — Core settings (6 questions):**
@@ -299,9 +325,15 @@ AskUserQuestion([
299
325
 
300
326
  <!-- LEARNSHIP_PARALLEL_BLOCK -->
301
327
 
302
- > 🛑 STOP. Wait for the user's Round 4 reply (parallelization) before continuing.
328
+ > 🛑 STOP. **Only if the parallel block above actually asks a question:** wait for the user's Round 4 reply before continuing. If the parallel block is informational (parallelization auto-set to `false` for the platform), no answer is needed — proceed directly to Step 2c.
329
+
330
+ ### Step 2c — Write Config
331
+
332
+ > This step runs in **both modes**:
333
+ > - If `SETUP_MODE = quick`: use the **recommended defaults** for every field (the values labeled "(Recommended)" in the Step 2b questions, and `parallelization.enabled = false`).
334
+ > - If `SETUP_MODE = custom`: use the user's answers from Rounds 1–4.
303
335
 
304
- **Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
336
+ **Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers (or recommended defaults) to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
305
337
 
306
338
  **Key mapping from questions to config:**
307
339
  - Working Style → `"mode"`: `"auto"` or `"interactive"`