learnship 2.3.6 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.cursor-plugin/plugin.json +1 -1
- package/README.md +34 -17
- package/SKILL.md +32 -11
- package/agents/learnship-challenger.md +9 -0
- package/agents/learnship-executor.md +9 -0
- package/agents/learnship-ideation-agent.md +9 -0
- package/agents/learnship-research-synthesizer.md +9 -0
- package/agents/learnship-roadmapper.md +9 -0
- package/agents/learnship-security-auditor.md +20 -1
- package/agents/learnship-solution-writer.md +9 -0
- package/agents/learnship-verifier.md +1 -1
- package/bin/install.js +95 -25
- package/cursor-rules/learnship.mdc +32 -4
- package/gemini-extension.json +1 -1
- package/hooks/learnship-context-monitor.js +6 -3
- package/hooks/learnship-prompt-guard.js +1 -1
- package/hooks/learnship-session-state.js +1 -1
- package/hooks/learnship-statusline.js +8 -3
- package/learnship/agents/challenger.md +7 -0
- package/learnship/agents/executor.md +7 -0
- package/learnship/agents/ideation-agent.md +7 -0
- package/learnship/agents/research-synthesizer.md +7 -0
- package/learnship/agents/roadmapper.md +7 -0
- package/learnship/agents/security-auditor.md +28 -0
- package/learnship/agents/solution-writer.md +7 -0
- package/learnship/agents/verifier.md +1 -1
- package/learnship/references/model-profiles.md +20 -13
- package/learnship/workflows/execute-phase.md +4 -3
- package/learnship/workflows/health.md +32 -4
- package/learnship/workflows/new-project.md +36 -4
- package/learnship/workflows/review.md +106 -10
- package/learnship/workflows/secure-phase.md +2 -0
- package/learnship/workflows/ship.md +43 -0
- package/learnship/workflows/verify-work.md +33 -0
- package/package.json +1 -1
|
@@ -69,8 +69,8 @@ Suggest the appropriate workflow slash command when relevant:
|
|
|
69
69
|
| `/discuss-milestone` | Capture milestone-level goals before `/new-milestone` |
|
|
70
70
|
| `/plan-phase [N]` | After discussing a phase — create executable plans |
|
|
71
71
|
| `/execute-phase [N]` | Plans exist and are ready to run |
|
|
72
|
-
| `/verify-work [N]` | Phase execution complete — user acceptance testing |
|
|
73
|
-
| `/review` | Code ready for review —
|
|
72
|
+
| `/verify-work [N]` | Phase execution complete — user acceptance testing (+ live UI smoke test on any MCP-enabled platform when @playwright/mcp is configured) |
|
|
73
|
+
| `/review` | Code ready for review — spec compliance pass then 6-persona quality review |
|
|
74
74
|
| `/ship` | Tests pass, code reviewed — ship it (test → lint → commit → push → PR) |
|
|
75
75
|
| `/complete-milestone` | All phases in the current milestone are done |
|
|
76
76
|
| `/ls` | User asks "where are we?", "what's next?", or starts a new session |
|
|
@@ -82,14 +82,14 @@ Suggest the appropriate workflow slash command when relevant:
|
|
|
82
82
|
| `/ideate` | Codebase-grounded idea generation (`--explore` for Socratic mode) |
|
|
83
83
|
| `/challenge` | Stress-test a proposal with product + engineering forcing questions |
|
|
84
84
|
| `/settings` | Change project configuration after setup |
|
|
85
|
-
| `/health` | Project health check — stale files, uncommitted changes, config drift |
|
|
85
|
+
| `/health` | Project health check — stale files, uncommitted changes, config drift, numeric score 0–100 |
|
|
86
86
|
| `/compound` | Just solved a problem or learned a pattern — capture it while fresh |
|
|
87
87
|
| `/pause-work` | User is stopping mid-phase |
|
|
88
88
|
| `/resume-work` | User is returning to an in-progress project |
|
|
89
89
|
| `/guard` | Working on sensitive files — enable safety mode |
|
|
90
90
|
| `/note [text]` | Quick idea capture — zero friction, no questions |
|
|
91
91
|
| `/session-report` | End of session — generate summary for stakeholders |
|
|
92
|
-
| `/secure-phase [N]` | After execution — per-phase STRIDE security verification |
|
|
92
|
+
| `/secure-phase [N]` | After execution — per-phase STRIDE + OWASP Top 10 security verification |
|
|
93
93
|
| `/validate-phase [N]` | Retroactive test coverage audit for a completed phase |
|
|
94
94
|
| `/diagnose-issues` | Batch-diagnose multiple UAT issues after `/verify-work` |
|
|
95
95
|
| `/docs-update` | Generate or update project documentation |
|
|
@@ -101,6 +101,34 @@ Suggest the appropriate workflow slash command when relevant:
|
|
|
101
101
|
| `/knowledge-base` | Aggregate learnings across sessions into searchable KNOWLEDGE.md |
|
|
102
102
|
| `/transition` | Hand off project context to a new session or collaborator |
|
|
103
103
|
|
|
104
|
+
## Secondary Workflows
|
|
105
|
+
|
|
106
|
+
The 20 less-frequently-used workflows below are also available on Cursor. Suggest them in the matching situation; the user can also discover them via `/help`.
|
|
107
|
+
|
|
108
|
+
| Workflow | When to suggest |
|
|
109
|
+
|----------|----------------|
|
|
110
|
+
| `/help` | User asks "what commands exist?" or wants the full reference |
|
|
111
|
+
| `/add-phase [description]` | Append a new phase to the end of the roadmap |
|
|
112
|
+
| `/insert-phase [N] [description]` | Insert urgent work between existing phases |
|
|
113
|
+
| `/remove-phase [N]` | Remove a future phase and renumber |
|
|
114
|
+
| `/research-phase [N]` | Deep phase research only — no plans yet |
|
|
115
|
+
| `/list-phase-assumptions [N]` | Preview intended approach before planning the phase |
|
|
116
|
+
| `/discovery-phase [N]` | Map an unfamiliar code area — files, deps, risks — before planning |
|
|
117
|
+
| `/audit-milestone` | Pre-release audit — requirement coverage + stub detection |
|
|
118
|
+
| `/plan-milestone-gaps` | Create fix phases from audit findings |
|
|
119
|
+
| `/milestone-retrospective` | 5-question retrospective after `/complete-milestone` |
|
|
120
|
+
| `/decision-log [description]` | Capture a decision with context, alternatives, rationale |
|
|
121
|
+
| `/execute-plan [N] [id]` | Re-run a single PLAN.md in isolation (e.g., after a failure) |
|
|
122
|
+
| `/validate-phase [N]` | (Listed in Core — also reachable here) retroactive coverage audit |
|
|
123
|
+
| `/add-todo [description]` | Capture an idea without interrupting flow |
|
|
124
|
+
| `/check-todos` | Review and act on captured todos |
|
|
125
|
+
| `/add-tests [N]` | Generate unit + E2E tests for a completed phase |
|
|
126
|
+
| `/cleanup` | Archive completed milestone phase directories |
|
|
127
|
+
| `/set-profile [quality\|balanced\|budget]` | One-step model-profile switch |
|
|
128
|
+
| `/update` | Update the learnship platform itself to the latest version |
|
|
129
|
+
| `/reapply-patches` | Restore local edits after an `/update` |
|
|
130
|
+
| `/release` | Cut a release after `/complete-milestone` (tagging, npm publish, etc.) |
|
|
131
|
+
|
|
104
132
|
## Planning Artifacts
|
|
105
133
|
|
|
106
134
|
All project state lives in `.planning/`. Key files:
|
package/gemini-extension.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "learnship",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.4.0",
|
|
4
4
|
"description": "Agentic engineering done right — 57 structured workflows, 17 specialist agent personas, persistent memory across sessions, integrated learning partner, and impeccable UI design system.",
|
|
5
5
|
"author": "Favio Vazquez",
|
|
6
6
|
"homepage": "https://faviovazquez.github.io/learnship/",
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// learnship-hook-version: 2.
|
|
2
|
+
// learnship-hook-version: 2.4.0
|
|
3
3
|
// Context Monitor — PostToolUse hook
|
|
4
4
|
// Reads context metrics from the statusline bridge file and injects
|
|
5
5
|
// warnings when context usage is high. Makes the AGENT aware of
|
|
@@ -28,8 +28,11 @@ process.stdin.on('end', () => {
|
|
|
28
28
|
const data = JSON.parse(input);
|
|
29
29
|
const sessionId = data.session_id;
|
|
30
30
|
|
|
31
|
-
if (!sessionId) process.exit(0);
|
|
32
|
-
|
|
31
|
+
if (!sessionId || typeof sessionId !== 'string') process.exit(0);
|
|
32
|
+
// Session IDs from the host platform should be opaque tokens.
|
|
33
|
+
// Reject anything that could escape the temp-file naming scheme.
|
|
34
|
+
if (sessionId.length > 128) process.exit(0);
|
|
35
|
+
if (!/^[A-Za-z0-9._-]+$/.test(sessionId)) process.exit(0);
|
|
33
36
|
|
|
34
37
|
// Check if context warnings are disabled via config
|
|
35
38
|
const cwd = data.cwd || process.cwd();
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// learnship-hook-version: 2.
|
|
2
|
+
// learnship-hook-version: 2.4.0
|
|
3
3
|
// Prompt Injection Guard — PreToolUse hook
|
|
4
4
|
// Scans file content being written to .planning/ for prompt injection patterns.
|
|
5
5
|
// Defense-in-depth: catches injected instructions before they enter agent context.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// learnship-hook-version: 2.
|
|
2
|
+
// learnship-hook-version: 2.4.0
|
|
3
3
|
// learnship Statusline — shows model, project state, directory, and context usage
|
|
4
4
|
// Installed by learnship for Claude Code and Gemini CLI.
|
|
5
5
|
|
|
@@ -101,8 +101,13 @@ function runStatusline() {
|
|
|
101
101
|
const usableRemaining = Math.max(0, ((remaining - AUTO_COMPACT_BUFFER_PCT) / (100 - AUTO_COMPACT_BUFFER_PCT)) * 100);
|
|
102
102
|
const used = Math.max(0, Math.min(100, Math.round(100 - usableRemaining)));
|
|
103
103
|
|
|
104
|
-
// Write bridge file for context-monitor hook
|
|
105
|
-
|
|
104
|
+
// Write bridge file for context-monitor hook.
|
|
105
|
+
// Session IDs from the host platform should be opaque tokens — refuse
|
|
106
|
+
// anything that could escape the temp-file naming scheme.
|
|
107
|
+
const sessionSafe = typeof session === 'string'
|
|
108
|
+
&& session.length > 0
|
|
109
|
+
&& session.length <= 128
|
|
110
|
+
&& /^[A-Za-z0-9._-]+$/.test(session);
|
|
106
111
|
if (sessionSafe) {
|
|
107
112
|
try {
|
|
108
113
|
const bridgePath = path.join(os.tmpdir(), `learnship-ctx-${session}.json`);
|
|
@@ -14,6 +14,13 @@ You are not here to block progress — you are here to make sure the team builds
|
|
|
14
14
|
|
|
15
15
|
**Evidence over intuition** — ground challenges in DECISIONS.md, KNOWLEDGE.md, solutions/, and codebase docs when available.
|
|
16
16
|
|
|
17
|
+
## Boundaries — what this persona does NOT do
|
|
18
|
+
|
|
19
|
+
- **Do NOT make the decision.** Your output is a verdict (proceed / rethink / reduce-scope) plus rationale. The user owns the choice.
|
|
20
|
+
- **Do NOT veto.** A challenger that says "no, don't build this" without offering a sharpened alternative is just an obstacle.
|
|
21
|
+
- **Do NOT modify code, plans, or docs.** You analyze and recommend. Other personas write.
|
|
22
|
+
- **Do NOT pad with general advice.** Each forcing question must be answerable with a concrete fact about *this* proposal — generic questions get dropped.
|
|
23
|
+
|
|
17
24
|
## Product Lens
|
|
18
25
|
|
|
19
26
|
Ask 3-5 of these forcing questions:
|
|
@@ -19,6 +19,13 @@ You implement exactly what the plan specifies. You do not improve, extend, or re
|
|
|
19
19
|
|
|
20
20
|
**Verify before committing** — use the `<verify>` field of each task to confirm it worked before the commit.
|
|
21
21
|
|
|
22
|
+
## Boundaries — what this persona does NOT do
|
|
23
|
+
|
|
24
|
+
- **Do NOT improve the plan.** If the plan is wrong, surface the obstacle in SUMMARY.md and propose a deviation — do not silently "fix" the plan as you go.
|
|
25
|
+
- **Do NOT batch commits.** Every task gets its own commit, even if two tasks touch the same file.
|
|
26
|
+
- **Do NOT refactor adjacent code.** If you see a smell, note it for the next planning cycle. Touching unrelated code makes the diff impossible to review.
|
|
27
|
+
- **Do NOT skip the verify step.** A task without verification is a task that might not be done. If `<verify>` is absent in the plan, write a minimal verification (a node -e, a grep, a test command) before committing.
|
|
28
|
+
|
|
22
29
|
## Before Executing
|
|
23
30
|
|
|
24
31
|
Load project context:
|
|
@@ -14,6 +14,13 @@ You generate ideas, not plans. Your output feeds into ranking and filtering —
|
|
|
14
14
|
|
|
15
15
|
**Cross-frame is good** — if an idea spans multiple thinking frames, that's a signal of strength, not a problem.
|
|
16
16
|
|
|
17
|
+
## Boundaries — what this persona does NOT do
|
|
18
|
+
|
|
19
|
+
- **Do NOT write plans.** Ideas go to the adversarial filter; plans come from the planner. If an idea wins the filter, the user runs `/plan-phase` — not you.
|
|
20
|
+
- **Do NOT execute or modify code.** Ideation is read-only research. You may grep, glob, and read files. You do not edit them.
|
|
21
|
+
- **Do NOT critique or rank.** That's the filtering step's job. Generate broadly; let the filter cut.
|
|
22
|
+
- **Do NOT skip the codebase grounding.** An idea with no file/pattern citation is not an idea — it is product advice. Cite specifics or drop it.
|
|
23
|
+
|
|
17
24
|
## Thinking Frames
|
|
18
25
|
|
|
19
26
|
You'll be assigned ONE of these as your starting bias (not a constraint — follow promising threads):
|
|
@@ -26,6 +26,13 @@ Your SUMMARY.md is consumed by the roadmapper (or the planning step) which uses
|
|
|
26
26
|
|
|
27
27
|
**Be opinionated.** The roadmapper needs clear recommendations, not wishy-washy summaries.
|
|
28
28
|
|
|
29
|
+
## Boundaries — what this persona does NOT do
|
|
30
|
+
|
|
31
|
+
- **Do NOT run new research.** Your job is to synthesize what's already in `.planning/research/`. If a gap exists, flag it for follow-up — don't try to fill it yourself with web searches.
|
|
32
|
+
- **Do NOT modify the 4 source research files.** They are inputs. Edit only SUMMARY.md.
|
|
33
|
+
- **Do NOT make roadmap decisions.** Surface implications and gaps for the roadmapper; let the roadmapper structure phases.
|
|
34
|
+
- **Do NOT concatenate.** If SUMMARY.md reads like a TOC of the 4 input files, you haven't synthesized — you've copied. Find the cross-cutting threads.
|
|
35
|
+
|
|
29
36
|
## Execution Flow
|
|
30
37
|
|
|
31
38
|
### Step 1: Read Research Files
|
|
@@ -22,6 +22,13 @@ You are invoked by `/new-project` (after research + requirements) or `/new-miles
|
|
|
22
22
|
|
|
23
23
|
**Right-sized phases:** Too small = overhead. Too large = risk. Aim for phases that take 1-3 planning sessions to complete.
|
|
24
24
|
|
|
25
|
+
## Boundaries — what this persona does NOT do
|
|
26
|
+
|
|
27
|
+
- **Do NOT write PLAN.md files.** The roadmap is a map of phases, not their implementation. PLAN.md is the planner's job, one phase at a time, on demand.
|
|
28
|
+
- **Do NOT invent requirements.** If a requirement isn't in REQUIREMENTS.md or PROJECT.md, flag it for the user — don't silently extend scope.
|
|
29
|
+
- **Do NOT modify research or requirements.** They are inputs. Write ROADMAP.md only.
|
|
30
|
+
- **Do NOT skip success criteria.** Every phase needs observable, testable success criteria. If you can't name them, the phase is the wrong shape.
|
|
31
|
+
|
|
25
32
|
## Phase Structure
|
|
26
33
|
|
|
27
34
|
Each phase in the roadmap must include:
|
|
@@ -26,6 +26,15 @@ Before auditing, load project context:
|
|
|
26
26
|
3. Read `.planning/config.json` for security enforcement settings
|
|
27
27
|
</project_context>
|
|
28
28
|
|
|
29
|
+
<boundaries>
|
|
30
|
+
## Boundaries — what this persona does NOT do
|
|
31
|
+
|
|
32
|
+
- **Do NOT modify source code.** You are read-only on the codebase. The only file you write is `SECURITY.md` (or an equivalent report).
|
|
33
|
+
- **Do NOT fix vulnerabilities you find.** Document them with severity, mitigation suggestions, and verification steps — let the executor or debugger fix.
|
|
34
|
+
- **Do NOT skip threats listed in PLAN.md.** If the plan declared a threat (S/T/R/I/D/E), you must explicitly classify whether it is mitigated, partially mitigated, or unaddressed.
|
|
35
|
+
- **Do NOT block on uncertainty.** When a mitigation is ambiguous, mark it `needs-human-review` rather than refusing to produce SECURITY.md.
|
|
36
|
+
</boundaries>
|
|
37
|
+
|
|
29
38
|
<audit_methodology>
|
|
30
39
|
|
|
31
40
|
## STRIDE Categories
|
|
@@ -50,6 +59,25 @@ For each file modified in this phase:
|
|
|
50
59
|
5. **Error handling** — Do errors leak implementation details?
|
|
51
60
|
6. **Dependencies** — Are there known vulnerabilities in new dependencies?
|
|
52
61
|
|
|
62
|
+
## OWASP Top 10 (2021) Cross-Reference
|
|
63
|
+
|
|
64
|
+
For every audit, cross-map STRIDE findings against the OWASP Top 10. For each category, mark as **Relevant** (check it), **N/A** (not applicable to this phase's changes), or **Found** (issue exists).
|
|
65
|
+
|
|
66
|
+
| # | OWASP Category | STRIDE | What to look for |
|
|
67
|
+
|---|---------------|--------|-----------------|
|
|
68
|
+
| A01 | Broken Access Control | E | Missing authz checks, IDOR, path traversal, CORS misconfiguration |
|
|
69
|
+
| A02 | Cryptographic Failures | I | Plaintext secrets, weak ciphers, no TLS, sensitive data in logs/URLs |
|
|
70
|
+
| A03 | Injection | T | SQL, command, LDAP, XPath, template injection; unsanitized user input |
|
|
71
|
+
| A04 | Insecure Design | S/T/E | No rate limiting, unsafe business logic, missing threat model |
|
|
72
|
+
| A05 | Security Misconfiguration | S/I/E | Debug mode on, default credentials, verbose errors, open cloud storage |
|
|
73
|
+
| A06 | Vulnerable Components | T/I/E | Outdated dependencies, known CVEs, unmaintained packages |
|
|
74
|
+
| A07 | Auth Failures | S | Weak/missing passwords, broken session management, no account lockout |
|
|
75
|
+
| A08 | Software/Data Integrity | T | Unsigned updates, unsafe deserialization, CI without integrity checks |
|
|
76
|
+
| A09 | Logging/Monitoring Failures | R | No audit trail, sensitive data in logs, missing alerting on auth failures |
|
|
77
|
+
| A10 | SSRF | T/I | User-controlled URLs fetched server-side, internal service enumeration |
|
|
78
|
+
|
|
79
|
+
Include an OWASP coverage table in SECURITY.md. For irrelevant categories, a single "N/A — [reason]" is sufficient. Never skip a category entirely — the coverage table proves exhaustiveness.
|
|
80
|
+
|
|
53
81
|
## Threat Classification
|
|
54
82
|
|
|
55
83
|
For each identified concern:
|
|
@@ -21,6 +21,13 @@ Load context:
|
|
|
21
21
|
2. Read conversation history for the problem and solution
|
|
22
22
|
3. Search `.planning/solutions/` for existing related docs
|
|
23
23
|
|
|
24
|
+
## Boundaries — what this persona does NOT do
|
|
25
|
+
|
|
26
|
+
- **Do NOT modify source code.** Solutions are documentation of what already happened. The fix lives in git history; the solution file lives in `.planning/solutions/`.
|
|
27
|
+
- **Do NOT invent details.** Every field (problem, root cause, solution, prevention) must come from the conversation or repo evidence — never fabricated for completeness.
|
|
28
|
+
- **Do NOT duplicate.** Search `.planning/solutions/` first. If a near-duplicate exists, append/update it rather than creating a parallel doc.
|
|
29
|
+
- **Do NOT skip frontmatter.** YAML frontmatter is what makes solutions searchable by future planning. A solution without it is invisible.
|
|
30
|
+
|
|
24
31
|
## Classification
|
|
25
32
|
|
|
26
33
|
Determine the **track** from the problem_type:
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: learnship-verifier
|
|
3
3
|
description: Verifies that a phase goal was actually achieved after execution — checks must_haves, requirement coverage, and integration links. Spawned by execute-phase on platforms with subagent support.
|
|
4
|
-
tools: Read, Bash, Glob, Grep
|
|
4
|
+
tools: Read, Write, Bash, Glob, Grep
|
|
5
5
|
color: purple
|
|
6
6
|
---
|
|
7
7
|
|
|
@@ -4,18 +4,25 @@ Model profiles control which AI model tier each learnship agent uses. Profiles a
|
|
|
4
4
|
|
|
5
5
|
## Profile Definitions
|
|
6
6
|
|
|
7
|
-
| Agent | `quality` | `balanced` | `budget` |
|
|
8
|
-
|
|
9
|
-
| planner | large | large | medium |
|
|
10
|
-
| executor | large | medium | medium |
|
|
11
|
-
| phase-researcher | large | medium | small |
|
|
12
|
-
|
|
|
13
|
-
|
|
|
14
|
-
|
|
|
15
|
-
|
|
|
16
|
-
|
|
|
17
|
-
|
|
|
18
|
-
|
|
|
7
|
+
| Agent | `quality` | `balanced` | `budget` | Notes |
|
|
8
|
+
|-------|-----------|------------|----------|-------|
|
|
9
|
+
| planner | large | large | medium | Always large — planning is where architecture decisions happen. |
|
|
10
|
+
| executor | large | medium | medium | Follows explicit PLAN.md; reasoning is in the plan, not the agent. |
|
|
11
|
+
| phase-researcher | large | medium | small | Codebase-only research; no web search needed. |
|
|
12
|
+
| project-researcher | large | medium | small | Greenfield research; uses web search to discover ecosystem. |
|
|
13
|
+
| research-synthesizer | medium | medium | small | Reads research files and produces SUMMARY.md. |
|
|
14
|
+
| researcher | large | medium | small | General-purpose research used across many workflows. |
|
|
15
|
+
| roadmapper | large | medium | small | Maps requirements to phases; needs strong scope reasoning. |
|
|
16
|
+
| debugger | large | medium | medium | Root-cause investigation needs broad reasoning. |
|
|
17
|
+
| verifier | medium | medium | small | Goal-backward checking, mostly structural. |
|
|
18
|
+
| plan-checker | medium | medium | small | Plan completeness checks (vertical-slice, wave correctness). |
|
|
19
|
+
| solution-writer | medium | medium | small | Captures solved problems while context is fresh. |
|
|
20
|
+
| code-reviewer | large | medium | medium | Multi-persona review; needs to reason about correctness + security + perf. |
|
|
21
|
+
| challenger | large | medium | medium | Stress-tests proposals; needs strong adversarial reasoning. |
|
|
22
|
+
| ideation-agent | large | medium | small | Generates ideas across creative frames. |
|
|
23
|
+
| security-auditor | large | medium | medium | STRIDE threat modeling; rigorous reasoning required. |
|
|
24
|
+
| doc-writer | medium | medium | small | Writes/updates docs from live code; structural task. |
|
|
25
|
+
| doc-verifier | medium | medium | small | Checks docs match code; pattern matching. |
|
|
19
26
|
|
|
20
27
|
## Platform Model Resolution
|
|
21
28
|
|
|
@@ -23,7 +30,7 @@ Each tier resolves to the best available model on your platform:
|
|
|
23
30
|
|
|
24
31
|
| Tier | Anthropic (Claude Code) | Google (Gemini CLI) | OpenAI (Codex CLI) | Windsurf / Cursor / OpenCode |
|
|
25
32
|
|------|------------------------|--------------------|--------------------|-----------------------------|
|
|
26
|
-
| `large` | Claude Opus 4.
|
|
33
|
+
| `large` | Claude Opus 4.7 | Gemini 3.1 Pro | GPT-5.4 | Uses platform default (best available) |
|
|
27
34
|
| `medium` | Claude Sonnet 4.6 | Gemini 3.1 Flash | GPT-5.4-mini | Uses platform default |
|
|
28
35
|
| `small` | Claude Haiku 4.5 | Gemini 3.1 Flash-Lite | GPT-5.4-nano | Uses platform default |
|
|
29
36
|
|
|
@@ -10,13 +10,14 @@ Execute all plans in a phase. Plans run in waves — ordered by dependencies. On
|
|
|
10
10
|
|
|
11
11
|
**Core principle:** Orchestrate, don't implement directly. Describe each plan's objective clearly, execute each plan in sequence (or in parallel via subagents), collect results.
|
|
12
12
|
|
|
13
|
-
> **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`.
|
|
13
|
+
> **Platform note:** This workflow detects whether subagent spawning is available by reading `parallelization.enabled` from `.planning/config.json`. On Claude Code, OpenCode, and Codex, `/new-project` sets this to `true` by default. To disable: `"parallelization": { "enabled": false }`. The legacy flat `"parallelization": true` is also honored for backward compatibility.
|
|
14
14
|
|
|
15
15
|
<runtime_compatibility>
|
|
16
16
|
**Subagent spawning is runtime-specific:**
|
|
17
17
|
- **Claude Code:** Uses `Task(subagent_type=..., ...)` — blocks until complete, returns result
|
|
18
18
|
- **OpenCode / Codex:** Subagent spawning supported with platform-native dispatch
|
|
19
|
-
- **Windsurf
|
|
19
|
+
- **Windsurf:** No subagent spawning — always use sequential inline execution
|
|
20
|
+
- **Cursor:** Cursor 2.4+ has native parallel agents, but learnship dispatches sequentially via the `.mdc` rule context (no `Task()` API available in that execution model)
|
|
20
21
|
- **Gemini CLI:** Subagents exist but parallel execution limited — default to sequential
|
|
21
22
|
|
|
22
23
|
**Fallback rule:** If a spawned agent completes its work (commits visible, SUMMARY.md exists) but the orchestrator never receives the completion signal, treat it as successful based on spot-checks and continue to the next wave/plan. Never block indefinitely.
|
|
@@ -194,7 +195,7 @@ Task(
|
|
|
194
195
|
|
|
195
196
|
Spawn all plans in the wave before waiting. Wait for all agents to complete, then proceed to spot-checks.
|
|
196
197
|
|
|
197
|
-
**If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference):**
|
|
198
|
+
**If parallelization is disabled (sequential mode — Windsurf, Cursor, Gemini CLI, or user preference on any platform):**
|
|
198
199
|
|
|
199
200
|
<persona_context>
|
|
200
201
|
You are now the **learnship executor**. Implement code from plans, one task at a time.
|
|
@@ -109,14 +109,42 @@ try{
|
|
|
109
109
|
"
|
|
110
110
|
```
|
|
111
111
|
|
|
112
|
-
## Step 4:
|
|
112
|
+
## Step 4: Compute Health Score
|
|
113
|
+
|
|
114
|
+
Based on all findings from Step 3, compute a numeric score (0–100):
|
|
115
|
+
|
|
116
|
+
**Start at 100. Apply deductions:**
|
|
117
|
+
|
|
118
|
+
| Code | Issue | Deduction |
|
|
119
|
+
|------|-------|-----------|
|
|
120
|
+
| E002 | PROJECT.md missing | −25 |
|
|
121
|
+
| E003 | ROADMAP.md missing | −20 |
|
|
122
|
+
| E004 | STATE.md missing | −10 |
|
|
123
|
+
| E005 | config.json parse error | −15 |
|
|
124
|
+
| W003 | config.json missing | −10 |
|
|
125
|
+
| W002 | state/roadmap phase mismatch | −5 |
|
|
126
|
+
| W004 | missing config fields | −2 per missing field, max −10 |
|
|
127
|
+
| W006 | phase in roadmap but no directory | −4 per phase, max −12 |
|
|
128
|
+
| W007 | orphaned phase directory | −2 per dir, max −6 |
|
|
129
|
+
| I001 | PLAN.md without SUMMARY.md | −1 per plan, max −5 |
|
|
130
|
+
| (uncommitted) | .planning/ has unstaged changes | −5 |
|
|
131
|
+
|
|
132
|
+
`Score = max(0, 100 − total_deductions)`
|
|
133
|
+
|
|
134
|
+
**Status bands:**
|
|
135
|
+
- 90–100 → **HEALTHY** ✓
|
|
136
|
+
- 70–89 → **DEGRADED** ⚠
|
|
137
|
+
- 0–69 → **BROKEN** ✗
|
|
138
|
+
|
|
139
|
+
## Step 5: Format Output
|
|
113
140
|
|
|
114
141
|
```
|
|
115
142
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
116
143
|
learnship ► HEALTH CHECK
|
|
117
144
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
118
145
|
|
|
119
|
-
|
|
146
|
+
Score: [N]/100
|
|
147
|
+
Status: HEALTHY ✓ | DEGRADED ⚠ | BROKEN ✗
|
|
120
148
|
Errors: [N] Warnings: [N] Info: [N]
|
|
121
149
|
```
|
|
122
150
|
|
|
@@ -155,10 +183,10 @@ Consider: git add .planning/ && git commit -m "docs: update planning artifacts"
|
|
|
155
183
|
|
|
156
184
|
**Footer if repairable issues and --repair not used:**
|
|
157
185
|
```
|
|
158
|
-
[N] issue(s) can be auto-repaired. Run: health --repair
|
|
186
|
+
[N] issue(s) can be auto-repaired (+[N] points). Run: health --repair
|
|
159
187
|
```
|
|
160
188
|
|
|
161
|
-
## Step
|
|
189
|
+
## Step 6: Repair (if --repair flag)
|
|
162
190
|
|
|
163
191
|
Run repairs for each repairable issue found:
|
|
164
192
|
|
|
@@ -121,8 +121,34 @@ Note the tech stack, key directories, and any README content internally. Use thi
|
|
|
121
121
|
|
|
122
122
|
## Step 2: Configuration
|
|
123
123
|
|
|
124
|
-
> **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each
|
|
125
|
-
|
|
124
|
+
> **🔴 MANDATORY INTERACTIVE QUESTIONS — You MUST present each question as a blocking call using `AskUserQuestion` (or your platform's equivalent: `ask_user_question` on Windsurf, `ask_user` on Gemini, `request_user_input` on Codex). Do NOT render questions as plain text or markdown lists — you MUST use the interactive question tool so the user clicks options. Wait for the user's reply before continuing.**
|
|
125
|
+
|
|
126
|
+
### Step 2a — Setup Mode (1 question)
|
|
127
|
+
|
|
128
|
+
> Ask this single blocking question first. Many users just want sensible defaults — this question lets them skip the 15-question customization wizard entirely.
|
|
129
|
+
|
|
130
|
+
```
|
|
131
|
+
AskUserQuestion([
|
|
132
|
+
{
|
|
133
|
+
header: "Setup Mode",
|
|
134
|
+
question: "How do you want to configure this project?",
|
|
135
|
+
multiSelect: false,
|
|
136
|
+
options: [
|
|
137
|
+
{ label: "Quick — use recommended defaults (Recommended)", description: "Skip the 15 customization questions. Uses: auto mode, coarse phases, balanced models, all workflow agents on, ship pipeline + conventional commits + PR template, auto-commit planning docs, parallelization off (you can flip it later in .planning/config.json). Best for: most projects." },
|
|
138
|
+
{ label: "Customize — walk through every setting", description: "Answer ~15 questions across 4 rounds to tune working style, granularity, model profile, workflow agents, pipeline, git, and (on supported platforms) parallel subagents. Best for: teams with specific conventions or unusual project shapes." }
|
|
139
|
+
]
|
|
140
|
+
}
|
|
141
|
+
])
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
> 🛑 STOP. Wait for the user's reply. Record as `SETUP_MODE = quick | custom`.
|
|
145
|
+
|
|
146
|
+
**If `SETUP_MODE = quick`:** Skip Step 2b entirely. Jump directly to **Step 2c — Write Config** below, using the recommended defaults documented there. Do NOT ask any of the Round 1–4 questions.
|
|
147
|
+
|
|
148
|
+
**If `SETUP_MODE = custom`:** Proceed through Step 2b (Rounds 1–4 below). All questions must be answered before writing config.
|
|
149
|
+
|
|
150
|
+
### Step 2b — Customize Configuration (only if `SETUP_MODE = custom`)
|
|
151
|
+
|
|
126
152
|
> **🛑 FORBIDDEN:** Do NOT present all questions at once as a text wall. Do NOT skip any question. Do NOT invent answers. Do NOT proceed to the config.json write step until ALL 4 rounds have been answered by the user.
|
|
127
153
|
|
|
128
154
|
**Round 1 — Core settings (6 questions):**
|
|
@@ -299,9 +325,15 @@ AskUserQuestion([
|
|
|
299
325
|
|
|
300
326
|
<!-- LEARNSHIP_PARALLEL_BLOCK -->
|
|
301
327
|
|
|
302
|
-
> 🛑 STOP.
|
|
328
|
+
> 🛑 STOP. **Only if the parallel block above actually asks a question:** wait for the user's Round 4 reply before continuing. If the parallel block is informational (parallelization auto-set to `false` for the platform), no answer is needed — proceed directly to Step 2c.
|
|
329
|
+
|
|
330
|
+
### Step 2c — Write Config
|
|
331
|
+
|
|
332
|
+
> This step runs in **both modes**:
|
|
333
|
+
> - If `SETUP_MODE = quick`: use the **recommended defaults** for every field (the values labeled "(Recommended)" in the Step 2b questions, and `parallelization.enabled = false`).
|
|
334
|
+
> - If `SETUP_MODE = custom`: use the user's answers from Rounds 1–4.
|
|
303
335
|
|
|
304
|
-
**Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
|
|
336
|
+
**Now create `.planning/config.json`** — use EXACTLY this schema. Map the user's answers (or recommended defaults) to these keys. Do NOT invent keys. Do NOT use flat keys like `working_style`, `model_tier`, `platform`, `milestone`, or `phases` — those are WRONG.
|
|
305
337
|
|
|
306
338
|
**Key mapping from questions to config:**
|
|
307
339
|
- Working Style → `"mode"`: `"auto"` or `"interactive"`
|