litclaude-ai 0.3.7 → 0.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,48 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.3.8 - 2026-06-16 — sibling-parity skill depth + goal/workflow feasibility reflection
4
+
5
+ - **Deepen eight skills to sibling parity.** A cross-sibling audit found several skill prompts were
6
+ materially thinner than their counterparts. Re-authored brand-clean, in LitClaude's own Claude Code
7
+ idiom (no foreign naming):
8
+ - `refactor` (73 → ~437 lines) — a phased behavior-preserving playbook: intent gate → codebase
9
+ analysis (LSP + read-only subagents) → codemap/impact zones → coverage-gated strategy
10
+ (run/add-characterization/PAUSE/BLOCK) → per-step execute-verify-revert with a Failure Recovery
11
+ Protocol → final regression sweep.
12
+ - `remove-ai-slops` (52 → ~347) — a 10-category slop taxonomy with KEEP/REMOVE rules, a **test-first
13
+ behavior-lock** safety invariant (pin behavior green *before* removing), a 5-gate quality table,
14
+ risk-ordered cleanup, and a "when in doubt, SKIP" rule.
15
+ - `programming` (106 → ~437) — a language gate that routes to the already-shipped per-language
16
+ `references/`, a cross-language iron-list table, canonical-library/toolchain tables, a TDD pyramid
17
+ + Given/When/Then + mock ladder, the 250-LOC ceiling with measurement, and a post-write self-review
18
+ loop into `refactor` / `remove-ai-slops`.
19
+ - `debugging` (70 → ~207) — now **activates the previously-orphaned `references/` library** (~1,500
20
+ lines of runtime/tool/methodology depth) via routing tables, a phase loop with a ≥3-hypothesis
21
+ floor + oracle-triple escalation, safety invariants, and a `.debug-journal.md` revert discipline.
22
+ - `litresearch` (148 → ~228) — durable on-disk session journaling (wave digests + expansion-log +
23
+ `SYNTHESIS.md`) for recovery-after-compaction, a search-craft operator playbook (≥10-query floor,
24
+ English-first-then-local), and a richer worker roster.
25
+ - `lit-plan` (125 → ~291) — task-tier classification, explore-first grounding, interview-the-unknowns,
26
+ an approval gate, a templated success-criteria block, and a pre-finalize two-pass review.
27
+ - `start-work` (131 → ~252) — LIGHT/HEAVY tiering, a per-checkbox A–E gate loop with a 9-class
28
+ adversarial-QA taxonomy, a baseline-characterization gate, and an independent-verifier completion
29
+ contract.
30
+ - `review-work` (331 → ~519) — a Phase-0 context-gathering preamble, ready-to-paste per-lane launch
31
+ prompts with fixed output schemas, the QA brainstorm-before-execute scenario method, and an
32
+ expanded 10-category security checklist.
33
+ - **Add a LIGHT/HEAVY effort tier to `lit-loop`** — classify the task once at bootstrap and size the
34
+ process to match (ratchet up only; when uncertain, treat as HEAVY). This closes the one litwork-tier
35
+ gap relative to siblings without adding a duplicate skill.
36
+ - **Reflect the goal / dynamic-workflow feasibility finding.** Investigation confirmed: entering Claude
37
+ Code's native `/goal` state from a plugin is **functionally impossible** (the host exposes no
38
+ model-facing goal tools and a hook cannot type a slash command) — the litgoal **autoloop** remains the
39
+ correct plugin-owned equivalent and is verified working. The Dynamic workflow path, by contrast, was
40
+ **partially implemented**: the guidance told the model to call `Workflow` unconditionally, but the
41
+ tool requires explicit user opt-in. The hook context, the `lit-loop` skill, the `dynamic-workflow` /
42
+ `lit-loop` commands, and the README now **propose a Dynamic workflow and call `Workflow` only once the
43
+ user opts in** — clarifying that this opt-in gate (not a host limitation) is why a Dynamic workflow
44
+ starts only after the proposal.
45
+
3
46
  ## 0.3.7 - 2026-06-14 — litresearch skill + LITBURN ignition banner
4
47
 
5
48
  - Add the **`litresearch`** skill (`plugins/litclaude/skills/litresearch/`) + command
package/README.md CHANGED
@@ -9,7 +9,7 @@
9
9
  </p>
10
10
  <p align="center">
11
11
  <img src="https://img.shields.io/badge/npm-litclaude--ai-cb3837" />
12
- <img src="https://img.shields.io/badge/version-0.3.7-2ea44f" />
12
+ <img src="https://img.shields.io/badge/version-0.3.8-2ea44f" />
13
13
  <img src="https://img.shields.io/badge/Claude%20Code-plugin-blueviolet" />
14
14
  <img src="https://img.shields.io/badge/license-MIT-blue" />
15
15
  </p>
@@ -22,10 +22,10 @@
22
22
  > `litclaude@litclaude-ai`, so normal `claude` launches can load the
23
23
  > LitClaude skills and hooks without a long `--plugin-dir` command.
24
24
 
25
- This checkout is prepared as `litclaude-ai@0.3.7` for personal install
25
+ This checkout is prepared as `litclaude-ai@0.3.8` for personal install
26
26
  convenience. The repo can remain quiet; preparing npm package metadata here does
27
27
  not imply public repo promotion, marketplace publication, or advertisement.
28
- Future package releases still require explicit user approval. The v0.3.7
28
+ Future package releases still require explicit user approval. The v0.3.8
29
29
  release materials preserve the v0.2.2 Dynamic workflow hardening work, add the
30
30
  lit-family vocab rename and neon HUD on top of v0.2.2, describe LitClaude in
31
31
  its own terms, and do not claim that npm publication has completed.
@@ -93,7 +93,7 @@ directory, the normal install command works:
93
93
 
94
94
  ```bash
95
95
  cd /tmp
96
- npx --yes litclaude-ai@0.3.7 install
96
+ npx --yes litclaude-ai@0.3.8 install
97
97
  ```
98
98
 
99
99
  Validate the installed plugin:
@@ -106,7 +106,7 @@ The installer also sets Claude Code's `statusLine` command to the packaged
106
106
  LitClaude HUD. A typical no-color render starts like:
107
107
 
108
108
  ```text
109
- [🔥LITCLAUDE v0.3.7] | O4.8 │ ctx [▎░░] 9%/1000k │ 5h [▏░] 4% ↻2h15m │ 1w [▊░] 35% ↻3d6h │ git main +3 ✓
109
+ [🔥LITCLAUDE v0.3.8] | O4.8 │ ctx [▎░░] 9%/1000k │ 5h [▏░] 4% ↻2h15m │ 1w [▊░] 35% ↻3d6h │ git main +3 ✓
110
110
  ```
111
111
 
112
112
  The `↻` suffix is a compact rate-limit reset countdown. It is separated from
@@ -208,8 +208,12 @@ LitClaude keeps the local evidence ledger authoritative and may suggest an
208
208
  exact `/goal <completion condition>` before long execution without repeatedly
209
209
  printing fallback chatter.
210
210
  For large independent work, LitClaude applies the same principle to Claude
211
- Code's available orchestration surfaces: when `Workflow` is exposed, call the
212
- `Workflow` tool; when isolated edits need a model-facing worktree lane, use
211
+ Code's available orchestration surfaces: when `Workflow` is exposed and the task
212
+ is broad, risky, parallel, or long-running, LitClaude **proposes a Dynamic
213
+ workflow and calls the `Workflow` tool once you opt in**. The tool can fan out
214
+ many subagents and spend a large token budget, so it asks first — this opt-in
215
+ gate (not a host limitation) is why a Dynamic workflow only starts after the
216
+ proposal. When isolated edits need a model-facing worktree lane, use
213
217
  `EnterWorktree`. If only the CLI surface is available for a fresh isolated lane,
214
218
  use `claude --worktree <short-name> --tmux`.
215
219
 
package/README_ko-KR.md CHANGED
@@ -9,7 +9,7 @@
9
9
  </p>
10
10
  <p align="center">
11
11
  <img src="https://img.shields.io/badge/npm-litclaude--ai-cb3837" />
12
- <img src="https://img.shields.io/badge/version-0.3.7-2ea44f" />
12
+ <img src="https://img.shields.io/badge/version-0.3.8-2ea44f" />
13
13
  <img src="https://img.shields.io/badge/Claude%20Code-plugin-blueviolet" />
14
14
  <img src="https://img.shields.io/badge/license-MIT-blue" />
15
15
  </p>
@@ -26,11 +26,11 @@
26
26
  > 설치되므로, 매번 긴 `--plugin-dir` 없이 일반 `claude` 실행에서
27
27
  > LitClaude skill과 hook을 불러올 수 있습니다.
28
28
 
29
- 현재 checkout은 `litclaude-ai@0.3.7` 배포 준비용으로 정리되어 있습니다. 목적은
29
+ 현재 checkout은 `litclaude-ai@0.3.8` 배포 준비용으로 정리되어 있습니다. 목적은
30
30
  다른 PC에서도 빠르게 설치하기 위한 개인용 package metadata를 갖추는 것입니다.
31
31
  npm package metadata를 준비했다고 해서 홍보, 공개 저장소 운영, Claude
32
32
  marketplace 등록을 의미하지는 않습니다. 새 버전 배포는 항상 별도의 명시적
33
- 승인 후에 진행합니다. v0.3.7 release material은 v0.2.2 Dynamic workflow
33
+ 승인 후에 진행합니다. v0.3.8 release material은 v0.2.2 Dynamic workflow
34
34
  hardening을 보존하고, lit-family vocab rename과 neon HUD를 추가하며,
35
35
  LitClaude 자체의 표현으로 정리되어 있습니다. npm publish가 완료됐다고
36
36
  주장하지 않습니다.
@@ -98,7 +98,7 @@ checkout을 먼저 해석해서 `sh: litclaude-ai: command not found`로 실패
98
98
 
99
99
  ```bash
100
100
  cd /tmp
101
- npx --yes litclaude-ai@0.3.7 install
101
+ npx --yes litclaude-ai@0.3.8 install
102
102
  ```
103
103
 
104
104
  설치 상태를 확인합니다.
@@ -111,7 +111,7 @@ installer는 Claude Code의 `statusLine` command도 packaged LitClaude HUD로
111
111
  설정합니다. 색상을 제거한 예시는 다음처럼 시작합니다.
112
112
 
113
113
  ```text
114
- [🔥LITCLAUDE v0.3.7] | O4.8 │ ctx [▎░░] 9%/1000k │ 5h [▏░] 4% ↻2h15m │ 1w [▊░] 35% ↻3d6h │ git main +3 ✓
114
+ [🔥LITCLAUDE v0.3.8] | O4.8 │ ctx [▎░░] 9%/1000k │ 5h [▏░] 4% ↻2h15m │ 1w [▊░] 35% ↻3d6h │ git main +3 ✓
115
115
  ```
116
116
 
117
117
  `↻` 표시는 rate-limit reset까지 남은 시간을 짧게 보여주는 countdown입니다.
@@ -1,11 +1,15 @@
1
1
  # LitClaude Release Checklist
2
2
 
3
- Status: `litclaude-ai@0.3.7` is the current release candidate — adds the **`litresearch`** skill +
4
- command (Claude-native maximum-saturation research orchestrator over the Workflow tool + `litclaude:`
5
- subagents + `/deep-research`) and a **`🔥 LITBURN IGNITED 🔥`** activation banner shouted on every
6
- litwork ignition.
7
- `package.json` is aligned to `0.3.7`, and
8
- `plugins/litclaude/.claude-plugin/plugin.json` is aligned to `0.3.7`.
3
+ Status: `litclaude-ai@0.3.8` is the current release candidate — a sibling-parity
4
+ depth pass. It substantially deepens eight skills (`refactor`, `remove-ai-slops`,
5
+ `programming`, `debugging`, `litresearch`, `lit-plan`, `start-work`, `review-work`)
6
+ to match the structured workflows their siblings carry; adds a LIGHT/HEAVY effort
7
+ tier to `lit-loop`; and reflects the goal/dynamic-workflow feasibility finding —
8
+ native `/goal` is a user-typed surface a plugin cannot invoke (the litgoal
9
+ autoloop is the equivalent), and the Dynamic workflow guidance now gates the
10
+ `Workflow` call on explicit user opt-in.
11
+ `package.json` is aligned to `0.3.8`, and
12
+ `plugins/litclaude/.claude-plugin/plugin.json` is aligned to `0.3.8`.
9
13
 
10
14
  This release carries the v0.2.2 Dynamic workflow hardening surfaces:
11
15
  `/dynamic-workflow`, `workflow-check --json`, native `/goal` fallback guidance,
@@ -54,8 +58,8 @@ No npm publication is required for this track.
54
58
  Before requesting publication approval, confirm these artifacts from the current
55
59
  checkout:
56
60
 
57
- - `package.json` version is `0.3.7`.
58
- - `plugins/litclaude/.claude-plugin/plugin.json` version is `0.3.7`.
61
+ - `package.json` version is `0.3.8`.
62
+ - `plugins/litclaude/.claude-plugin/plugin.json` version is `0.3.8`.
59
63
  - `plugins/litclaude/commands/dynamic-workflow.md` documents subagent delegation.
60
64
  - `node bin/litclaude-ai.js workflow-check --json` reports `status: pass`.
61
65
  - `node bin/litclaude-ai.js workflow-check --json` reports
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "litclaude-ai",
3
- "version": "0.3.7",
3
+ "version": "0.3.8",
4
4
  "description": "Claude Code-native workflow distribution.",
5
5
  "type": "module",
6
6
  "bin": {
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "litclaude",
3
3
  "description": "Claude Code-native workflow plugin.",
4
- "version": "0.3.7",
4
+ "version": "0.3.8",
5
5
  "author": {
6
6
  "name": "LitClaude contributors"
7
7
  },
@@ -71,7 +71,7 @@ const litworkContext = ({ command, skill, discipline, softConfirm }) => [
71
71
  "Native goal binding (read this first): Claude Code's /goal (v2.1.139+) is a USER-TYPED slash command that sets an autonomous completion condition — a hook or skill CANNOT invoke it, and Claude Code currently exposes NO model-facing goal tools. So the real path is: when a goal is worth binding, propose a concrete, ready-to-paste /goal <completion condition> for the user, and keep driving the LitClaude evidence ledger meanwhile.",
72
72
  "Forward-compat goal tools: if a future Claude Code build does expose model-facing goal tools, prefer them — first inspect get_goal, call create_goal with an objective-only payload when no matching goal is active, and reserve update_goal for verified completion or a genuine blocker. These are unavailable / not exposed today, so the /goal proposal above is the actual mechanism.",
73
73
  "Do not auto-type or inject the user's slash commands; LitClaude does not auto-type /goal — treat /goal as Claude Code's native user surface, not as prompt text for this hook to send.",
74
- "Dynamic workflow integration: when Claude Code exposes the Workflow tool and the task is broad, risky, parallel, or long-running, call the Workflow tool before serial execution and bind each lane to explicit criteria, artifacts, and cleanup receipts.",
74
+ "Dynamic workflow integration: when Claude Code exposes the Workflow tool and the task is broad, risky, parallel, or long-running, briefly propose a Dynamic workflow and call the Workflow tool once the user opts in (or when the session already permits orchestration) before serial execution, binding each lane to explicit criteria, artifacts, and cleanup receipts. The Workflow tool can fan out many subagents and spend a large token budget, so it requires explicit user opt-in — surface the proposal, do not launch it silently. This opt-in gate (not a host limitation) is why a Dynamic workflow only starts after you offer it.",
75
75
  "Dynamic worktree integration: when Claude Code exposes EnterWorktree and isolated edits are needed, use EnterWorktree for the selected lane; otherwise use or recommend claude --worktree <short-name> --tmux. Never mutate unrelated user state.",
76
76
  "Subagent delegation: route planning to litclaude:prometheus-planner, implementation to litclaude:boulder-executor, verification to litclaude:oracle-verifier, hands-on QA to litclaude:qa-runner, code/security review to litclaude:quality-reviewer, and local-first research to litclaude:librarian-researcher when Claude Code subagents or Dynamic workflow lanes are available. LitClaude subagents are exposed under the litclaude: namespace, so pass the exact namespaced id (e.g. litclaude:boulder-executor) as the Agent/Task tool subagent_type, not the bare name.",
77
77
  "Subagent reliability: each child assignment starts with TASK: and includes DELIVERABLE, SCOPE, and VERIFY; use short wait cycles, treat timeouts as no-update signals, and fallback only after a missing deliverable, acknowledgement-only reply, or BLOCKED: report.",
@@ -14,9 +14,12 @@ Dynamic-workflow bootstrap first.
14
14
  2. Run `litclaude-ai workflow-check --json` when the package CLI is available.
15
15
  Treat a failing check as BLOCKED until the missing route, command, or
16
16
  subagent delegation surface is fixed.
17
- 3. For broad, risky, parallel, or long-running work, call the `Workflow` tool
18
- when Claude Code exposes it. Bind each lane to success criteria, evidence
19
- artifacts, and cleanup receipts.
17
+ 3. For broad, risky, parallel, or long-running work, briefly propose a Dynamic
18
+ workflow and call the `Workflow` tool once the user opts in (or when the
19
+ session already permits orchestration). The tool can fan out many subagents
20
+ and spend a large token budget, so it needs explicit user opt-in — surface
21
+ the proposal, do not launch it silently. Bind each lane to success criteria,
22
+ evidence artifacts, and cleanup receipts.
20
23
  4. Use subagent delegation where available:
21
24
  - `litclaude:prometheus-planner` for read-only planning and dependency ordering.
22
25
  - `litclaude:boulder-executor` for implementation against a checked plan.
@@ -13,8 +13,10 @@ Before implementation, bootstrap Claude Code-native workflow state:
13
13
  2. If goal tools are unavailable, state that plainly and ask the user to bind
14
14
  the native Claude Code goal with this exact surface before long execution:
15
15
  `/goal <completion condition for the current objective>`.
16
- 3. For broad, risky, parallel, or long-running work, call the `Workflow` tool
17
- when Claude Code exposes it. Bind every lane to explicit criteria, evidence
16
+ 3. For broad, risky, parallel, or long-running work, propose a Dynamic workflow
17
+ and call the `Workflow` tool once the user opts in (the tool fans out many
18
+ subagents and spends a large token budget, so it needs explicit opt-in — do
19
+ not launch it silently). Bind every lane to explicit criteria, evidence
18
20
  artifacts, and cleanup receipts.
19
21
  4. When isolated edits are needed, use `EnterWorktree` when Claude Code exposes
20
22
  it. If only the CLI surface is available, tell the user the concrete launch
@@ -1,25 +1,121 @@
1
1
  ---
2
2
  name: debugging
3
- description: "Systematic Claude Code debugging workflow adapted for LitClaude: reproduce, localize, explain root cause, patch minimally, and verify the real failing surface."
3
+ description: "Systematic Claude Code debugging workflow adapted for LitClaude: reproduce, localize, explain root cause, patch minimally, and verify the real failing surface. Runs a hypothesis-driven loop — form ≥3 hypotheses, investigate, escalate to an oracle triple after 2 failed rounds, confirm root cause, lock with a failing test, fix minimally, QA the real surface, scrub artifacts. The actual HOW lives in `references/` — open them. Triggers: 'debug this', 'why is X not working', 'hanging', 'attach a debugger', 'reverse engineer', 'pwndbg', 'gdb', 'lldb', 'node inspect', 'pdb', 'dlv', 'rust-gdb', 'set a breakpoint', 'trace this bug', 'reproduce and fix', 'silent failure', 'HTTP 200 but empty', 'inspect the binary', 'playwright'."
4
4
  ---
5
5
 
6
6
  # Debugging
7
7
 
8
8
  Use this skill when behavior is broken, surprising, flaky, or contradicted by
9
- evidence. Do not patch from vibes. First make the failure reproducible.
9
+ evidence. Do not patch from vibes. Two disciplines apply regardless of language,
10
+ runtime, or whether you have source:
10
11
 
11
- ## Debugging Loop
12
+ 1. **Runtime truth beats code reading.** Every claim about why the bug happens
13
+ must come from observed state, never from a plausible story spun from reading
14
+ code.
15
+ 2. **Leave no trace.** Debugging creates artifacts. Every artifact is journaled
16
+ and removed before the task is called done.
12
17
 
13
- 1. Reproduce the failure with the smallest command or scenario.
14
- 2. Capture exact output, exit code, log, or transcript.
15
- 3. State expected vs actual behavior.
16
- 4. Localize the failing boundary.
17
- 5. Patch minimally.
18
- 6. Re-run the original reproduction.
19
- 7. Add or update a regression test.
20
- 8. Run one real-surface QA scenario.
18
+ This file is a map. **The knowledge is in `references/`.** It cannot teach you
19
+ how to debug it tells you which reference will, for your exact situation.
21
20
 
22
- ## Reproduction Standards
21
+ ---
22
+
23
+ ## Read the references — this is not optional
24
+
25
+ This skill is intentionally small. Most of what you need lives in `references/`.
26
+ If you skim this file and start working without opening the references, you will
27
+ reattach a debugger the wrong way, miss a silent-failure pattern, waste an hour
28
+ on a source-map gotcha, or reinvent a worse version of a tool that already
29
+ solves your problem.
30
+
31
+ **The gate rule:** before you run a command from a given reference's domain, you
32
+ must have read that reference in this session. Re-reading across sessions is
33
+ cheap. Guessing is expensive.
34
+
35
+ ---
36
+
37
+ ## Runtime setup — mandatory reading before attaching
38
+
39
+ The methodology is language-agnostic. The commands to launch, attach,
40
+ breakpoint, and inspect are not. **Open the matching reference before Phase 0.
41
+ Not during. Not after.**
42
+
43
+ | Your runtime is… | Open this before attaching anything | Non-negotiable because… |
44
+ |---|---|---|
45
+ | Python (CPython, pytest, asyncio, Django, FastAPI) | 📖 [references/runtimes/python.md](references/runtimes/python.md) | pdb vs ipdb vs debugpy vs pytest --pdb have different attach semantics. Async code needs special breakpoint handling. Wrappers like `poetry run` swallow flags. |
46
+ | Node.js / tsx / ts-node / Bun / Deno (running source) | 📖 [references/runtimes/node.md](references/runtimes/node.md) | `tsx` + `node inspect` has a silent source-map failure — breakpoints by line number do not fire. You will not notice unless you read this first. |
47
+ | Rust (cargo, tokio, panics) | 📖 [references/runtimes/rust.md](references/runtimes/rust.md) | Release builds strip symbols. Tokio tasks need `tokio-console`. The borrow checker makes `dbg!` the faster tool most of the time. |
48
+ | Go (goroutines, dlv, pprof, race) | 📖 [references/runtimes/go.md](references/runtimes/go.md) | Goroutine leaks and recovered panics are silent by default. `dlv` has a specific port convention. `go test -race` is the first thing to run, not the last. |
49
+ | Native binary / stripped C/C++ / no source | 📖 [references/runtimes/native-binary.md](references/runtimes/native-binary.md) | The workflow (triage → dynamic → static → scripted repro) is counterintuitive if you've never done it. `strings -n 8` silently drops short interpolations. macOS adds SIP / Mach-O / lldb specifics that don't apply on Linux. |
50
+ | Bundled-app binary (Bun SEA, Node SEA, Deno compile, pkg, nexe, Electron, Tauri, PyInstaller) | 📖 [references/runtimes/bundled-js-binary.md](references/runtimes/bundled-js-binary.md) | These look like Mach-O / ELF but their high-level source is recoverable with the right per-bundler tool — a full decompiler is overkill. Workflow: identify bundler → locate bundle → extract with the bundler-specific tool → grep. |
51
+
52
+ **If you cannot honestly say you just opened the reference for your runtime,
53
+ open it now.**
54
+
55
+ > 🚨 **Native binary vs bundled binary — check before committing.** `file ./target`
56
+ > calls them both Mach-O / ELF. The 30-second discriminator is `du -h ./target`
57
+ > (50 MB+ suspect bundled) plus
58
+ > `strings -n 12 ./target | rg -iE 'bun|node_modules|webpack|esbuild|deno|pkg/lib|electron|pyinstaller|nexe|NODE_SEA_FUSE|tauri'`.
59
+ > If hits → bundled-js-binary.md. If clean → native-binary.md.
60
+
61
+ ---
62
+
63
+ ## Specialist tools — actively use when the scenario fits
64
+
65
+ These are not optional extras. They are the correct tool in their domain, and
66
+ anything else is slower and less reliable. **If the bug fits the domain, you
67
+ must use the tool. Read the reference first to know how.**
68
+
69
+ | Tool | Use when | Reference |
70
+ |---|---|---|
71
+ | Browser debugger (Playwright CLI) | Any browser-served web UI bug. Any flow that requires clicking/typing/navigating. Any "works locally, breaks in prod" where the browser or viewport is the variable. For Phase 8 QA of any browser product, drive a real browser — not curl, not imagination. | 📖 [references/tools/playwright-cli.md](references/tools/playwright-cli.md) |
72
+ | Disassembler / decompiler (Ghidra) | Any binary without trustworthy source — third-party closed libs, vendored binaries whose behavior contradicts docs, CTF, firmware. Use the decompiler before `strings`/`objdump` guessing. | 📖 [references/tools/ghidra.md](references/tools/ghidra.md) |
73
+ | Enhanced GDB (pwndbg) | Any native binary debugging session. It is GDB with the useful views (registers, stack, disasm, heap) always visible. If you'd reach for plain `gdb`, reach for `pwndbg` instead — it is strictly a superset. | 📖 [references/tools/pwndbg.md](references/tools/pwndbg.md) |
74
+ | Binary interaction harness (pwntools) | Any time you need a reproducible interaction with a binary or network service — crafted payloads, exploit automation, fuzz harness, CTF scripting. | 📖 [references/tools/pwntools.md](references/tools/pwntools.md) |
75
+
76
+ **Failing to use these tools in their domain is a process failure, not a
77
+ stylistic choice.** If the bug is in a browser and you did Phase 8 without a real
78
+ browser, you are doing it wrong. If the bug is in a stripped binary and you read
79
+ hex by hand, you are doing it wrong.
80
+
81
+ ---
82
+
83
+ ## The phase loop — read the reference for the phase you are entering
84
+
85
+ Each phase has exactly one reference. Read it as you enter the phase, not in
86
+ advance and not from memory. The references are self-contained and short.
87
+
88
+ | # | Phase | 📖 Open this when entering |
89
+ |---|---|---|
90
+ | 0 | **Environment assessment** — know the runtime, ports, symbols, env vars, watchers before attaching | [references/methodology/00-setup.md](references/methodology/00-setup.md) |
91
+ | 1 | **Journal setup** — a single `.debug-journal.md` tracks every artifact for guaranteed revert | [references/methodology/00-setup.md](references/methodology/00-setup.md) |
92
+ | 2 | **Reproduce** — smallest command or scenario that fails deterministically | [references/methodology/02-investigate.md](references/methodology/02-investigate.md) |
93
+ | 3 | **Hypothesis formation** — minimum three, across orthogonal axes, each with distinguishing evidence | [references/methodology/02-investigate.md](references/methodology/02-investigate.md) |
94
+ | 4 | **Oracle Triple** — after 2 consecutive failed rounds, spawn three oracles with orthogonal framings and synthesize | [references/methodology/04-oracle-triple.md](references/methodology/04-oracle-triple.md) |
95
+ | 5 | **User decision escalation** — only when evidence is exhausted and the call has policy implications | [references/methodology/05-escalate.md](references/methodology/05-escalate.md) |
96
+ | 6 | **Root cause confirmation** — confirmed only when toggling the suspected cause toggles the bug | [references/methodology/06-fix.md](references/methodology/06-fix.md) |
97
+ | 7 | **TDD fix** — red test first, minimal green, no scope expansion | [references/methodology/06-fix.md](references/methodology/06-fix.md) |
98
+ | 8 | **Manual QA** — actually use the system (tmux for CLI, a real browser for UI, real curl for API, real repro for binary) | [references/methodology/08-qa.md](references/methodology/08-qa.md) |
99
+ | 9 | **Cleanup** — walk the journal, revert every artifact, verify `git diff` shows only fix + test | [references/methodology/09-cleanup.md](references/methodology/09-cleanup.md) |
100
+
101
+ The phase loop has a **≥3-hypothesis floor**: Phase 3 is not complete with fewer
102
+ than three orthogonal hypotheses, each with evidence that would distinguish it.
103
+ After **two consecutive failed investigation rounds**, stop guessing and escalate
104
+ to the Oracle Triple in
105
+ [references/methodology/04-oracle-triple.md](references/methodology/04-oracle-triple.md).
106
+
107
+ ### Cross-cutting methodology references
108
+
109
+ Not phases — read them when the situation calls for them:
110
+
111
+ | Situation | Reference |
112
+ |---|---|
113
+ | You cannot run the actual operation (paid API, blocked network, missing hardware) but still need runtime evidence | 📖 [references/methodology/partial-runtime-evidence.md](references/methodology/partial-runtime-evidence.md) |
114
+ | You're about to declare an extraction / audit / reverse-engineering task done and want a skeptical pass | 📖 [references/methodology/partial-runtime-evidence.md](references/methodology/partial-runtime-evidence.md) |
115
+
116
+ ---
117
+
118
+ ## Reproduction standards
23
119
 
24
120
  A good reproduction is:
25
121
 
@@ -35,13 +131,13 @@ For LitClaude examples:
35
131
  - `CLAUDE_CONFIG_DIR=$(mktemp -d) node bin/litclaude-ai.js install`
36
132
  - `node --test test/hooks.test.mjs --test-name-pattern litwork`
37
133
 
38
- ## Root Cause Discipline
134
+ ## Root cause discipline
39
135
 
40
136
  Explain the mechanism, not just the symptom. "The test failed" is not a root
41
137
  cause. "The command markdown mentions `$ARGUMENTS`, which Claude renders empty
42
138
  and tests reject as a broken placeholder" is a root cause.
43
139
 
44
- ## Common LitClaude Failure Classes
140
+ ## Common LitClaude failure classes
45
141
 
46
142
  - npm same-name source checkout causes `npx litclaude-ai` resolution confusion.
47
143
  - `npm publish` requires OTP and fails with `EOTP`.
@@ -51,7 +147,7 @@ and tests reject as a broken placeholder" is a root cause.
51
147
  - Hook JSON parsing fails with stack traces instead of controlled errors.
52
148
  - Package `files` omit a new skill or command.
53
149
 
54
- ## Patch Rules
150
+ ## Patch rules
55
151
 
56
152
  - Patch the failing boundary, not an unrelated symptom.
57
153
  - Keep compatibility aliases unless a breaking change is intentional.
@@ -59,6 +155,32 @@ and tests reject as a broken placeholder" is a root cause.
59
155
  - Do not broaden catch blocks without asserting the new error path.
60
156
  - Do not call network or publish in tests.
61
157
 
158
+ ---
159
+
160
+ ## Non-negotiable safety invariants
161
+
162
+ <safety>
163
+ 1. **Runtime state is the only source of truth.** A hypothesis without an
164
+ observed value is a guess. Do not fix guesses.
165
+ 2. **Every debug artifact is journaled before it is created.** Journal-then-modify,
166
+ not modify-then-remember-maybe. The `.debug-journal.md` is the single record
167
+ that makes a clean revert possible.
168
+ 3. **Never ship a fix without a failing-first test.** Red→green transition
169
+ required, or the fix is unverified.
170
+ 4. **Never declare done on type-check/compile alone.** Types catch declaration
171
+ bugs. Only running the actual user scenario catches the actual user bug.
172
+ 5. **Never ask the user a question that runtime evidence can already answer.**
173
+ Escalation is for genuine ambiguity.
174
+ 6. **Never silently swallow errors while debugging.** If the system swallows
175
+ errors, that is often the bug itself. Make them loud temporarily; restore at
176
+ cleanup.
177
+ 7. **Never `git commit` from inside this skill.** Commits belong after the user
178
+ confirms the fix.
179
+ 8. **Never attach without having read the runtime reference.** The gate rule.
180
+ </safety>
181
+
182
+ ---
183
+
62
184
  ## Evidence
63
185
 
64
186
  Record:
@@ -68,3 +190,18 @@ Record:
68
190
  - regression test
69
191
  - passing command and output
70
192
  - manual QA artifact and cleanup
193
+
194
+ ---
195
+
196
+ ## What to do right now
197
+
198
+ 1. Read the user's bug description.
199
+ 2. Identify the runtime.
200
+ 3. **Open `references/runtimes/<runtime>.md`.** Read it.
201
+ 4. Identify which specialist tools apply. **Open each matching
202
+ `references/tools/*.md`.** Read them.
203
+ 5. Open [references/methodology/00-setup.md](references/methodology/00-setup.md)
204
+ and start Phase 0.
205
+ 6. Follow the phase loop. Read each methodology reference as you enter the phase.
206
+
207
+ **The references are the skill. This file is an index.**
@@ -37,6 +37,22 @@ Before implementation:
37
37
  7. Reread stale state before action: plans, handoffs, package metadata,
38
38
  registry facts, test output, and resumed ledgers can drift between turns.
39
39
 
40
+ ## Tier the Effort (LIGHT vs HEAVY)
41
+
42
+ Classify the task once at bootstrap, then size the process to match. Ratchet
43
+ **up** only — never downgrade a HEAVY task mid-flight to save effort.
44
+
45
+ - **LIGHT** — isolated, additive, low-blast-radius (a new pure helper, a typo,
46
+ a docs line, a single local test). One success criterion and one Manual-QA
47
+ channel are enough; skip the heavier waves.
48
+ - **HEAVY** — trigger on any of: changes to existing behavior, security- or
49
+ auth-sensitive surfaces, release-facing or published artifacts, multi-file or
50
+ multi-subsystem edits, concurrency/locking, data migrations, or anything you
51
+ cannot fully revert. Run the full criteria set, the adversarial classes, the
52
+ reviewer gate, and (when broad/parallel) Dynamic workflow delegation.
53
+
54
+ When uncertain, treat the task as HEAVY.
55
+
40
56
  ## Native Goal + Dynamic Workflow
41
57
 
42
58
  Claude Code's `/goal` (v2.1.139+) is a **user-typed slash command** that sets an autonomous
@@ -52,9 +68,13 @@ model-facing goal tools today. Bind goals like this:
52
68
  - While model-facing goal tools are not exposed (the case today), the local litgoal ledger is the
53
69
  durable record; surface the `/goal` proposal for long-running goals and don't spam fallback status.
54
70
 
55
- Dynamic workflow orchestration is mandatory for broad, risky, parallel, or
56
- long-running work: call `Workflow` when exposed instead of merely mentioning it.
57
- Dynamic worktree isolation is mandatory for risky edit lanes: call
71
+ Dynamic workflow orchestration is the right tool for broad, risky, parallel, or
72
+ long-running work: briefly **propose a Dynamic workflow and call `Workflow`
73
+ once the user opts in** (or when the session already permits orchestration)
74
+ instead of merely mentioning it. The `Workflow` tool can fan out many subagents
75
+ and spend a large token budget, so it needs explicit user opt-in — this opt-in
76
+ gate, not a host limitation, is why a Dynamic workflow only starts after you
77
+ offer it. Dynamic worktree isolation is mandatory for risky edit lanes: call
58
78
  `EnterWorktree` when exposed. If only the CLI surface is available, use or
59
79
  recommend `claude --worktree <short-name> --tmux`.
60
80