litclaude-ai 0.3.7 → 0.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/CHANGELOG.md +60 -0
  2. package/README.md +50 -22
  3. package/README_ko-KR.md +45 -21
  4. package/RELEASE_CHECKLIST.md +12 -8
  5. package/bin/litclaude-ai.js +103 -3
  6. package/docs/agents.md +6 -0
  7. package/docs/hooks.md +18 -26
  8. package/package.json +1 -1
  9. package/plugins/litclaude/.claude-plugin/plugin.json +4 -4
  10. package/plugins/litclaude/agents/boulder-executor.md +5 -2
  11. package/plugins/litclaude/agents/prometheus-planner.md +3 -1
  12. package/plugins/litclaude/bin/litclaude-hook.js +117 -13
  13. package/plugins/litclaude/commands/dynamic-workflow.md +6 -3
  14. package/plugins/litclaude/commands/lit-loop.md +4 -2
  15. package/plugins/litclaude/commands/lit-plan.md +5 -0
  16. package/plugins/litclaude/commands/litgoal.md +4 -0
  17. package/plugins/litclaude/commands/litresearch.md +3 -0
  18. package/plugins/litclaude/commands/review-work.md +1 -1
  19. package/plugins/litclaude/commands/start-work.md +5 -0
  20. package/plugins/litclaude/skills/debugging/SKILL.md +152 -15
  21. package/plugins/litclaude/skills/lit-loop/SKILL.md +27 -3
  22. package/plugins/litclaude/skills/lit-plan/SKILL.md +174 -1
  23. package/plugins/litclaude/skills/litgoal/SKILL.md +4 -0
  24. package/plugins/litclaude/skills/litresearch/SKILL.md +105 -21
  25. package/plugins/litclaude/skills/programming/SKILL.md +382 -51
  26. package/plugins/litclaude/skills/refactor/SKILL.md +390 -26
  27. package/plugins/litclaude/skills/remove-ai-slops/SKILL.md +328 -33
  28. package/plugins/litclaude/skills/review-work/SKILL.md +221 -29
  29. package/plugins/litclaude/skills/rules/SKILL.md +6 -4
  30. package/plugins/litclaude/skills/start-work/SKILL.md +144 -18
  31. package/scripts/validate-plugin.mjs +2 -2
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "litclaude",
3
3
  "description": "Claude Code-native workflow plugin.",
4
- "version": "0.3.7",
4
+ "version": "0.3.9",
5
5
  "author": {
6
6
  "name": "LitClaude contributors"
7
7
  },
@@ -11,12 +11,12 @@
11
11
  "keywords": ["claude-code", "hooks", "skills", "agents", "lsp", "workflow"],
12
12
  "skills": "./skills",
13
13
  "agents": [
14
+ "./agents/prometheus-planner.md",
14
15
  "./agents/boulder-executor.md",
15
- "./agents/librarian-researcher.md",
16
16
  "./agents/oracle-verifier.md",
17
- "./agents/prometheus-planner.md",
18
17
  "./agents/qa-runner.md",
19
- "./agents/quality-reviewer.md"
18
+ "./agents/quality-reviewer.md",
19
+ "./agents/librarian-researcher.md"
20
20
  ],
21
21
  "mcpServers": "./.mcp.json",
22
22
  "lspServers": "./.lsp.json",
@@ -8,5 +8,8 @@ skills:
8
8
  - programming
9
9
  ---
10
10
 
11
- Execute only the assigned plan checkbox. Write the failing test first, make the
12
- smallest change, run verification, capture evidence, and report cleanup.
11
+ Execute only the assigned approved plan checkbox. Do not redesign, rescope, or
12
+ replace the approved plan unless evidence proves a blocker or stale state. Write
13
+ the failing test first, make the smallest change, run verification, capture
14
+ real-surface evidence, and report cleanup. Your DoneClaim must name changed
15
+ files, exact tests, real-surface evidence, risks, and cleanup receipt.
@@ -10,4 +10,6 @@ skills:
10
10
 
11
11
  You are Prometheus, the planning agent. Explore first, ask only preference
12
12
  questions, and write plans with concrete acceptance criteria and QA scenarios.
13
- Do not implement product changes.
13
+ This is a planning-only role: must not implement product changes, do not run
14
+ mutating commands, and do not start execution. After approval, hand off through
15
+ `/start-work` or `/litclaude:start-work`.
@@ -43,35 +43,139 @@ const writeContext = (additionalContext, systemMessage) => {
43
43
  );
44
44
  };
45
45
 
46
- const workflowTriggers = [
47
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)deep-interview(?=$|[^\w-])/u, command: "/litclaude:deep-interview", skill: "Skill(deep-interview)", discipline: "deep-interview" },
48
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)dynamic-workflow(?=$|[^\w-])/u, command: "/litclaude:dynamic-workflow", skill: "Skill(lit-loop)", discipline: "dynamic-workflow" },
49
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)lit-plan(?=$|[^\w-])/u, command: "/litclaude:lit-plan", skill: "Skill(lit-plan)", discipline: "lit-plan" },
50
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)lit-loop(?=$|[^\w-])/u, command: "/litclaude:lit-loop", skill: "Skill(lit-loop)", discipline: "lit-loop" },
51
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)start-work(?=$|[^\w-])/u, command: "/litclaude:start-work", skill: "Skill(start-work)", discipline: "start-work" },
52
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)review-work(?=$|[^\w-])/u, command: "/litclaude:review-work", skill: "Skill(review-work)", discipline: "review-work" },
53
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)litgoal(?=$|[^\w-])/u, command: "/litclaude:litgoal", skill: "Skill(litgoal)", discipline: "litgoal" },
54
- { pattern: /(?:^|\s)(?:\$|\/(?:litclaude:)?)litresearch(?=$|[^\w-])/u, command: "/litclaude:litresearch", skill: "Skill(litresearch)", discipline: "litresearch" },
55
- { pattern: /(?:^|\s)(?:litwork|lit)(?=$|[^\w-])/u, command: "/litclaude:lit-loop", skill: "Skill(lit-loop)", discipline: "lit-loop", softConfirm: true },
46
+ const plainWordBoundary = /^[A-Za-z0-9]$/u;
47
+ const compoundWordBoundary = /^[A-Za-z0-9_-]$/u;
48
+
49
+ const triggerByToken = {
50
+ "deep-interview": { command: "/litclaude:deep-interview", skill: "Skill(deep-interview)", discipline: "deep-interview" },
51
+ "dynamic-workflow": { command: "/litclaude:dynamic-workflow", skill: "Skill(lit-loop)", discipline: "dynamic-workflow" },
52
+ "lit-plan": { command: "/litclaude:lit-plan", skill: "Skill(lit-plan)", discipline: "lit-plan" },
53
+ "lit-loop": { command: "/litclaude:lit-loop", skill: "Skill(lit-loop)", discipline: "lit-loop" },
54
+ "start-work": { command: "/litclaude:start-work", skill: "Skill(start-work)", discipline: "start-work" },
55
+ "review-work": { command: "/litclaude:review-work", skill: "Skill(review-work)", discipline: "review-work" },
56
+ litgoal: { command: "/litclaude:litgoal", skill: "Skill(litgoal)", discipline: "litgoal" },
57
+ litresearch: { command: "/litclaude:litresearch", skill: "Skill(litresearch)", discipline: "litresearch" },
58
+ };
59
+
60
+ const modeContracts = {
61
+ "lit-loop": "Mode contract: lit-loop is a durable, evidence-driven execution loop. Define checkable success criteria before coding, use RED->GREEN tests, pair tests with real-surface evidence, checkpoint progress, and stop only when verified done or BLOCKED.",
62
+ "lit-plan": "Mode contract: lit-plan is planning-only. Do not edit files, run mutating commands, call start-work tooling, or implement. Explore read-only, produce an approval-gated plan, then tell the user to run `/start-work` or `/litclaude:start-work` for execution.",
63
+ "start-work": "Mode contract: start-work is execution-only for an approved plan. Natural-language activation cannot switch Claude Code agents, so this hook must hand off safely instead of pretending execution started.",
64
+ "review-work": "Mode contract: review-work runs a five-lane review: goal/constraints, real-surface QA, code quality, security, and docs/package/context readiness. PASS requires evidence from every applicable lane.",
65
+ litresearch: "Mode contract: litresearch uses sourced evidence, separates verified facts from hypotheses, cites the search/runtime surface used, and reports residual uncertainty.",
66
+ litgoal: "Mode contract: litgoal binds one outcome-shaped objective plus checkable criteria, each with scenario, real surface, and observable evidence.",
67
+ "deep-interview": "Mode contract: deep-interview clarifies vague requirements before planning or implementation, without inventing acceptance criteria.",
68
+ "dynamic-workflow": "Mode contract: dynamic-workflow is opt-in orchestration for broad, risky, parallel, or long-running work; propose it first and only call Workflow after user opt-in or existing session permission.",
69
+ };
70
+
71
+ const withoutCode = (text) => text.replace(/```[\s\S]*?```/gu, " ").replace(/`[^`]*`/gu, " ");
72
+ const rawTriggerText = (text) => withoutCode(text).toLowerCase();
73
+ const normalizedTriggerText = (text) => rawTriggerText(text).replace(/[_-]+/gu, " ");
74
+
75
+ const isPlainWordBoundary = (value) => value === undefined || !plainWordBoundary.test(value);
76
+ const isCompoundWordBoundary = (value) => value === undefined || !compoundWordBoundary.test(value);
77
+
78
+ const containsPlainWord = (text, word) => {
79
+ for (let index = 0; index < text.length; index += 1) {
80
+ if (!text.startsWith(word, index)) continue;
81
+ const previous = index === 0 ? undefined : text[index - 1];
82
+ const next = text[index + word.length];
83
+ if (isPlainWordBoundary(previous) && isPlainWordBoundary(next)) return true;
84
+ }
85
+ return false;
86
+ };
87
+
88
+ const containsCompoundBoundedWord = (text, word) => {
89
+ for (let index = 0; index < text.length; index += 1) {
90
+ if (!text.startsWith(word, index)) continue;
91
+ const previous = index === 0 ? undefined : text[index - 1];
92
+ const next = text[index + word.length];
93
+ if (isCompoundWordBoundary(previous) && isCompoundWordBoundary(next)) return true;
94
+ }
95
+ return false;
96
+ };
97
+
98
+ const slashCommandMentions = [
99
+ "/deep-interview",
100
+ "/dynamic-workflow",
101
+ "/goal",
102
+ "/lit-loop",
103
+ "/lit-plan",
104
+ "/litclaude:deep-interview",
105
+ "/litclaude:dynamic-workflow",
106
+ "/litclaude:lit-loop",
107
+ "/litclaude:lit-plan",
108
+ "/litclaude:litgoal",
109
+ "/litclaude:litresearch",
110
+ "/litclaude:review-work",
111
+ "/litclaude:start-work",
112
+ "/litgoal",
113
+ "/litresearch",
114
+ "/review-work",
115
+ "/start-work",
56
116
  ];
57
117
 
58
- const findWorkflowTrigger = (prompt) => workflowTriggers.find((trigger) => trigger.pattern.test(prompt));
118
+ const escapeRegExp = (value) => value.replace(/[.*+?^${}()|[\]\\]/gu, "\\$&");
119
+
120
+ const slashCommandMentionPattern = new RegExp(
121
+ `(^|\\s)(?:${slashCommandMentions.map(escapeRegExp).join("|")})(?=$|[\\s.,;:!?)}\\]])`,
122
+ "u",
123
+ );
124
+
125
+ const containsSlashCommandMention = (text) => slashCommandMentionPattern.test(text);
126
+
127
+ const findDollarCommandTrigger = (raw) => {
128
+ const match = /(?:^|\s)\$(deep-interview|dynamic-workflow|lit-plan|lit-loop|start-work|review-work|litgoal|litresearch)(?=$|[^\w-])/u.exec(raw);
129
+ if (!match) return undefined;
130
+ return { ...triggerByToken[match[1]], source: "dollar-command" };
131
+ };
132
+
133
+ const hasLitTrigger = (raw) => containsCompoundBoundedWord(raw, "lit") || containsCompoundBoundedWord(raw, "litwork");
134
+
135
+ const findNaturalLitTrigger = (prompt) => {
136
+ const raw = rawTriggerText(prompt);
137
+ if (containsSlashCommandMention(raw)) return undefined;
138
+ if (!hasLitTrigger(raw)) return undefined;
139
+
140
+ const normalized = normalizedTriggerText(prompt);
141
+ if (containsPlainWord(normalized, "review")) return { ...triggerByToken["review-work"], source: "natural-language" };
142
+ if (containsPlainWord(normalized, "start") && containsPlainWord(normalized, "work")) {
143
+ return { ...triggerByToken["start-work"], source: "natural-language", safetyBlock: true };
144
+ }
145
+ if (containsPlainWord(normalized, "research")) return { ...triggerByToken.litresearch, source: "natural-language" };
146
+ if (containsPlainWord(normalized, "goal")) return { ...triggerByToken.litgoal, source: "natural-language" };
147
+ if (containsPlainWord(normalized, "plan")) return { ...triggerByToken["lit-plan"], source: "natural-language" };
148
+ return { ...triggerByToken["lit-loop"], source: "natural-language", softConfirm: true };
149
+ };
150
+
151
+ const findWorkflowTrigger = (prompt) => {
152
+ const raw = rawTriggerText(prompt);
153
+ const dollarTrigger = findDollarCommandTrigger(raw);
154
+ if (dollarTrigger) return dollarTrigger;
155
+ if (containsSlashCommandMention(raw)) return undefined;
156
+ return findNaturalLitTrigger(prompt);
157
+ };
59
158
 
60
159
  const isDiagnosticLiteralPrompt = (prompt) =>
61
160
  /\bdiagnostic\b/iu.test(prompt)
62
161
  && /do not inspect or modify files/iu.test(prompt)
63
162
  && /reply with exactly one line/iu.test(prompt);
64
163
 
65
- const litworkContext = ({ command, skill, discipline, softConfirm }) => [
164
+ const litworkContext = ({ command, skill, discipline, softConfirm, safetyBlock, source }) => [
165
+ ...(safetyBlock
166
+ ? ["BLOCKED: Natural-language start-work activation cannot switch the active Claude Code agent. Run `/start-work` (or `/litclaude:start-work`) with the approved plan so Claude Code can use the correct execution surface; do not continue implementation from this prompt hook."]
167
+ : []),
66
168
  discipline === "deep-interview"
67
169
  ? "DEEP INTERVIEW MODE ENABLED."
68
170
  : "LITWORK MODE ENABLED. Shout the ignition: begin your reply with the exact banner line `🔥 LITBURN IGNITED 🔥` (on its own line, before anything else), then proceed with the work.",
69
171
  `Treat this prompt as an explicit request to use LitClaude ${discipline} discipline now; load or follow ${command} / ${skill} semantics before ordinary task execution.`,
172
+ modeContracts[discipline],
173
+ `Activation source: ${source ?? "legacy"}. Slash commands and slash-command mentions are handled by Claude Code's native command surface and do not activate this prompt hook. Code spans, code fences, substrings, and compound tokens are ignored. Secret-bearing prompt material is never persisted raw; record only redacted summaries and evidence paths in durable state.`,
70
174
  "Use evidence-bound planning, tests, manual QA, and cleanup receipts.",
71
175
  "Native goal binding (read this first): Claude Code's /goal (v2.1.139+) is a USER-TYPED slash command that sets an autonomous completion condition — a hook or skill CANNOT invoke it, and Claude Code currently exposes NO model-facing goal tools. So the real path is: when a goal is worth binding, propose a concrete, ready-to-paste /goal <completion condition> for the user, and keep driving the LitClaude evidence ledger meanwhile.",
72
176
  "Forward-compat goal tools: if a future Claude Code build does expose model-facing goal tools, prefer them — first inspect get_goal, call create_goal with an objective-only payload when no matching goal is active, and reserve update_goal for verified completion or a genuine blocker. These are unavailable / not exposed today, so the /goal proposal above is the actual mechanism.",
73
177
  "Do not auto-type or inject the user's slash commands; LitClaude does not auto-type /goal — treat /goal as Claude Code's native user surface, not as prompt text for this hook to send.",
74
- "Dynamic workflow integration: when Claude Code exposes the Workflow tool and the task is broad, risky, parallel, or long-running, call the Workflow tool before serial execution and bind each lane to explicit criteria, artifacts, and cleanup receipts.",
178
+ "Dynamic workflow integration: when Claude Code exposes the Workflow tool and the task is broad, risky, parallel, or long-running, briefly propose a Dynamic workflow and call the Workflow tool once the user opts in (or when the session already permits orchestration) before serial execution, binding each lane to explicit criteria, artifacts, and cleanup receipts. The Workflow tool can fan out many subagents and spend a large token budget, so it requires explicit user opt-in — surface the proposal, do not launch it silently. This opt-in gate (not a host limitation) is why a Dynamic workflow only starts after you offer it.",
75
179
  "Dynamic worktree integration: when Claude Code exposes EnterWorktree and isolated edits are needed, use EnterWorktree for the selected lane; otherwise use or recommend claude --worktree <short-name> --tmux. Never mutate unrelated user state.",
76
180
  "Subagent delegation: route planning to litclaude:prometheus-planner, implementation to litclaude:boulder-executor, verification to litclaude:oracle-verifier, hands-on QA to litclaude:qa-runner, code/security review to litclaude:quality-reviewer, and local-first research to litclaude:librarian-researcher when Claude Code subagents or Dynamic workflow lanes are available. LitClaude subagents are exposed under the litclaude: namespace, so pass the exact namespaced id (e.g. litclaude:boulder-executor) as the Agent/Task tool subagent_type, not the bare name.",
77
181
  "Subagent reliability: each child assignment starts with TASK: and includes DELIVERABLE, SCOPE, and VERIFY; use short wait cycles, treat timeouts as no-update signals, and fallback only after a missing deliverable, acknowledgement-only reply, or BLOCKED: report.",
@@ -14,9 +14,12 @@ Dynamic-workflow bootstrap first.
14
14
  2. Run `litclaude-ai workflow-check --json` when the package CLI is available.
15
15
  Treat a failing check as BLOCKED until the missing route, command, or
16
16
  subagent delegation surface is fixed.
17
- 3. For broad, risky, parallel, or long-running work, call the `Workflow` tool
18
- when Claude Code exposes it. Bind each lane to success criteria, evidence
19
- artifacts, and cleanup receipts.
17
+ 3. For broad, risky, parallel, or long-running work, briefly propose a Dynamic
18
+ workflow and call the `Workflow` tool once the user opts in (or when the
19
+ session already permits orchestration). The tool can fan out many subagents
20
+ and spend a large token budget, so it needs explicit user opt-in — surface
21
+ the proposal, do not launch it silently. Bind each lane to success criteria,
22
+ evidence artifacts, and cleanup receipts.
20
23
  4. Use subagent delegation where available:
21
24
  - `litclaude:prometheus-planner` for read-only planning and dependency ordering.
22
25
  - `litclaude:boulder-executor` for implementation against a checked plan.
@@ -13,8 +13,10 @@ Before implementation, bootstrap Claude Code-native workflow state:
13
13
  2. If goal tools are unavailable, state that plainly and ask the user to bind
14
14
  the native Claude Code goal with this exact surface before long execution:
15
15
  `/goal <completion condition for the current objective>`.
16
- 3. For broad, risky, parallel, or long-running work, call the `Workflow` tool
17
- when Claude Code exposes it. Bind every lane to explicit criteria, evidence
16
+ 3. For broad, risky, parallel, or long-running work, propose a Dynamic workflow
17
+ and call the `Workflow` tool once the user opts in (the tool fans out many
18
+ subagents and spends a large token budget, so it needs explicit opt-in — do
19
+ not launch it silently). Bind every lane to explicit criteria, evidence
18
20
  artifacts, and cleanup receipts.
19
21
  4. When isolated edits are needed, use `EnterWorktree` when Claude Code exposes
20
22
  it. If only the CLI surface is available, tell the user the concrete launch
@@ -6,6 +6,11 @@ argument-hint: '<planning brief>'
6
6
  Use the `lit-plan` skill for the user's current planning brief or command
7
7
  arguments.
8
8
 
9
+ This command is planning-only. Do not implement, edit files for product
10
+ changes, run mutating commands, or call start-work tooling from the planning
11
+ surface. End with an approval gate and instruct the user to run `/start-work` or
12
+ `/litclaude:start-work` after approval.
13
+
9
14
  The plan must include Claude Code-native bootstrap steps:
10
15
 
11
16
  - If model-facing goal tools are exposed, use `get_goal`, `create_goal`, and
@@ -6,6 +6,10 @@ argument-hint: '<goal operation>'
6
6
  Use the `litgoal` skill for the user's current goal operation or command
7
7
  arguments.
8
8
 
9
+ Shape the goal as one outcome-focused objective plus checkable criteria. Each
10
+ criterion needs a scenario, a real surface, and observable evidence before it is
11
+ complete.
12
+
9
13
  Prefer the package CLI for durable local state:
10
14
  `litclaude-ai litgoal create-goals`, `status`, `criteria`,
11
15
  `record-evidence`, `checkpoint`, `steer`, and `record-review-blockers`.
@@ -6,6 +6,9 @@ argument-hint: '<research question>'
6
6
  Use the `litresearch` skill for the user's research demand or command arguments.
7
7
  Confirm the demand justifies saturation first: if a single read or one
8
8
  `WebSearch` would answer it, do that directly and do not fan out.
9
+ Separate sourced evidence from hypotheses, verify contested claims before
10
+ synthesis, and report residual uncertainty rather than collapsing unknowns into
11
+ facts.
9
12
 
10
13
  Before fanning out, bootstrap Claude Code-native research state:
11
14
 
@@ -7,7 +7,7 @@ Use the `review-work` skill for the user's current scope or command arguments.
7
7
 
8
8
  Run the 5-lane review contract: goal and constraint verification
9
9
  (goal/constraint), hands-on QA execution, code quality review, security review,
10
- and local-first context mining.
10
+ and docs/package/context readiness through local-first context mining.
11
11
  Aggregate findings into a PASS, FAIL, or NEEDS-CONTEXT verdict, and cite the
12
12
  evidence used for every lane.
13
13
  Manual-QA channels must leave artifacts, cleanup receipt paths, and bounded
@@ -6,6 +6,11 @@ argument-hint: '<plan-file>'
6
6
  Use the `start-work` skill for the user's current plan file or command
7
7
  arguments.
8
8
 
9
+ This command is the Claude Code-native execution transition for an approved
10
+ plan. If a user reached start-work through natural language (`lit start work`),
11
+ do not pretend the hook switched modes; require this slash command or the
12
+ namespaced `/litclaude:start-work` equivalent before execution.
13
+
9
14
  Before the first checkbox, bootstrap Claude Code-native workflow state:
10
15
 
11
16
  - Use `get_goal` and `create_goal` only if model-facing goal tools are exposed.
@@ -1,25 +1,121 @@
1
1
  ---
2
2
  name: debugging
3
- description: "Systematic Claude Code debugging workflow adapted for LitClaude: reproduce, localize, explain root cause, patch minimally, and verify the real failing surface."
3
+ description: "Systematic Claude Code debugging workflow adapted for LitClaude: reproduce, localize, explain root cause, patch minimally, and verify the real failing surface. Runs a hypothesis-driven loop — form ≥3 hypotheses, investigate, escalate to an oracle triple after 2 failed rounds, confirm root cause, lock with a failing test, fix minimally, QA the real surface, scrub artifacts. The actual HOW lives in `references/` — open them. Triggers: 'debug this', 'why is X not working', 'hanging', 'attach a debugger', 'reverse engineer', 'pwndbg', 'gdb', 'lldb', 'node inspect', 'pdb', 'dlv', 'rust-gdb', 'set a breakpoint', 'trace this bug', 'reproduce and fix', 'silent failure', 'HTTP 200 but empty', 'inspect the binary', 'playwright'."
4
4
  ---
5
5
 
6
6
  # Debugging
7
7
 
8
8
  Use this skill when behavior is broken, surprising, flaky, or contradicted by
9
- evidence. Do not patch from vibes. First make the failure reproducible.
9
+ evidence. Do not patch from vibes. Two disciplines apply regardless of language,
10
+ runtime, or whether you have source:
10
11
 
11
- ## Debugging Loop
12
+ 1. **Runtime truth beats code reading.** Every claim about why the bug happens
13
+ must come from observed state, never from a plausible story spun from reading
14
+ code.
15
+ 2. **Leave no trace.** Debugging creates artifacts. Every artifact is journaled
16
+ and removed before the task is called done.
12
17
 
13
- 1. Reproduce the failure with the smallest command or scenario.
14
- 2. Capture exact output, exit code, log, or transcript.
15
- 3. State expected vs actual behavior.
16
- 4. Localize the failing boundary.
17
- 5. Patch minimally.
18
- 6. Re-run the original reproduction.
19
- 7. Add or update a regression test.
20
- 8. Run one real-surface QA scenario.
18
+ This file is a map. **The knowledge is in `references/`.** It cannot teach you
19
+ how to debug it tells you which reference will, for your exact situation.
21
20
 
22
- ## Reproduction Standards
21
+ ---
22
+
23
+ ## Read the references — this is not optional
24
+
25
+ This skill is intentionally small. Most of what you need lives in `references/`.
26
+ If you skim this file and start working without opening the references, you will
27
+ reattach a debugger the wrong way, miss a silent-failure pattern, waste an hour
28
+ on a source-map gotcha, or reinvent a worse version of a tool that already
29
+ solves your problem.
30
+
31
+ **The gate rule:** before you run a command from a given reference's domain, you
32
+ must have read that reference in this session. Re-reading across sessions is
33
+ cheap. Guessing is expensive.
34
+
35
+ ---
36
+
37
+ ## Runtime setup — mandatory reading before attaching
38
+
39
+ The methodology is language-agnostic. The commands to launch, attach,
40
+ breakpoint, and inspect are not. **Open the matching reference before Phase 0.
41
+ Not during. Not after.**
42
+
43
+ | Your runtime is… | Open this before attaching anything | Non-negotiable because… |
44
+ |---|---|---|
45
+ | Python (CPython, pytest, asyncio, Django, FastAPI) | 📖 [references/runtimes/python.md](references/runtimes/python.md) | pdb vs ipdb vs debugpy vs pytest --pdb have different attach semantics. Async code needs special breakpoint handling. Wrappers like `poetry run` swallow flags. |
46
+ | Node.js / tsx / ts-node / Bun / Deno (running source) | 📖 [references/runtimes/node.md](references/runtimes/node.md) | `tsx` + `node inspect` has a silent source-map failure — breakpoints by line number do not fire. You will not notice unless you read this first. |
47
+ | Rust (cargo, tokio, panics) | 📖 [references/runtimes/rust.md](references/runtimes/rust.md) | Release builds strip symbols. Tokio tasks need `tokio-console`. The borrow checker makes `dbg!` the faster tool most of the time. |
48
+ | Go (goroutines, dlv, pprof, race) | 📖 [references/runtimes/go.md](references/runtimes/go.md) | Goroutine leaks and recovered panics are silent by default. `dlv` has a specific port convention. `go test -race` is the first thing to run, not the last. |
49
+ | Native binary / stripped C/C++ / no source | 📖 [references/runtimes/native-binary.md](references/runtimes/native-binary.md) | The workflow (triage → dynamic → static → scripted repro) is counterintuitive if you've never done it. `strings -n 8` silently drops short interpolations. macOS adds SIP / Mach-O / lldb specifics that don't apply on Linux. |
50
+ | Bundled-app binary (Bun SEA, Node SEA, Deno compile, pkg, nexe, Electron, Tauri, PyInstaller) | 📖 [references/runtimes/bundled-js-binary.md](references/runtimes/bundled-js-binary.md) | These look like Mach-O / ELF but their high-level source is recoverable with the right per-bundler tool — a full decompiler is overkill. Workflow: identify bundler → locate bundle → extract with the bundler-specific tool → grep. |
51
+
52
+ **If you cannot honestly say you just opened the reference for your runtime,
53
+ open it now.**
54
+
55
+ > 🚨 **Native binary vs bundled binary — check before committing.** `file ./target`
56
+ > calls them both Mach-O / ELF. The 30-second discriminator is `du -h ./target`
57
+ > (50 MB+ suspect bundled) plus
58
+ > `strings -n 12 ./target | rg -iE 'bun|node_modules|webpack|esbuild|deno|pkg/lib|electron|pyinstaller|nexe|NODE_SEA_FUSE|tauri'`.
59
+ > If hits → bundled-js-binary.md. If clean → native-binary.md.
60
+
61
+ ---
62
+
63
+ ## Specialist tools — actively use when the scenario fits
64
+
65
+ These are not optional extras. They are the correct tool in their domain, and
66
+ anything else is slower and less reliable. **If the bug fits the domain, you
67
+ must use the tool. Read the reference first to know how.**
68
+
69
+ | Tool | Use when | Reference |
70
+ |---|---|---|
71
+ | Browser debugger (Playwright CLI) | Any browser-served web UI bug. Any flow that requires clicking/typing/navigating. Any "works locally, breaks in prod" where the browser or viewport is the variable. For Phase 8 QA of any browser product, drive a real browser — not curl, not imagination. | 📖 [references/tools/playwright-cli.md](references/tools/playwright-cli.md) |
72
+ | Disassembler / decompiler (Ghidra) | Any binary without trustworthy source — third-party closed libs, vendored binaries whose behavior contradicts docs, CTF, firmware. Use the decompiler before `strings`/`objdump` guessing. | 📖 [references/tools/ghidra.md](references/tools/ghidra.md) |
73
+ | Enhanced GDB (pwndbg) | Any native binary debugging session. It is GDB with the useful views (registers, stack, disasm, heap) always visible. If you'd reach for plain `gdb`, reach for `pwndbg` instead — it is strictly a superset. | 📖 [references/tools/pwndbg.md](references/tools/pwndbg.md) |
74
+ | Binary interaction harness (pwntools) | Any time you need a reproducible interaction with a binary or network service — crafted payloads, exploit automation, fuzz harness, CTF scripting. | 📖 [references/tools/pwntools.md](references/tools/pwntools.md) |
75
+
76
+ **Failing to use these tools in their domain is a process failure, not a
77
+ stylistic choice.** If the bug is in a browser and you did Phase 8 without a real
78
+ browser, you are doing it wrong. If the bug is in a stripped binary and you read
79
+ hex by hand, you are doing it wrong.
80
+
81
+ ---
82
+
83
+ ## The phase loop — read the reference for the phase you are entering
84
+
85
+ Each phase has exactly one reference. Read it as you enter the phase, not in
86
+ advance and not from memory. The references are self-contained and short.
87
+
88
+ | # | Phase | 📖 Open this when entering |
89
+ |---|---|---|
90
+ | 0 | **Environment assessment** — know the runtime, ports, symbols, env vars, watchers before attaching | [references/methodology/00-setup.md](references/methodology/00-setup.md) |
91
+ | 1 | **Journal setup** — a single `.debug-journal.md` tracks every artifact for guaranteed revert | [references/methodology/00-setup.md](references/methodology/00-setup.md) |
92
+ | 2 | **Reproduce** — smallest command or scenario that fails deterministically | [references/methodology/02-investigate.md](references/methodology/02-investigate.md) |
93
+ | 3 | **Hypothesis formation** — minimum three, across orthogonal axes, each with distinguishing evidence | [references/methodology/02-investigate.md](references/methodology/02-investigate.md) |
94
+ | 4 | **Oracle Triple** — after 2 consecutive failed rounds, spawn three oracles with orthogonal framings and synthesize | [references/methodology/04-oracle-triple.md](references/methodology/04-oracle-triple.md) |
95
+ | 5 | **User decision escalation** — only when evidence is exhausted and the call has policy implications | [references/methodology/05-escalate.md](references/methodology/05-escalate.md) |
96
+ | 6 | **Root cause confirmation** — confirmed only when toggling the suspected cause toggles the bug | [references/methodology/06-fix.md](references/methodology/06-fix.md) |
97
+ | 7 | **TDD fix** — red test first, minimal green, no scope expansion | [references/methodology/06-fix.md](references/methodology/06-fix.md) |
98
+ | 8 | **Manual QA** — actually use the system (tmux for CLI, a real browser for UI, real curl for API, real repro for binary) | [references/methodology/08-qa.md](references/methodology/08-qa.md) |
99
+ | 9 | **Cleanup** — walk the journal, revert every artifact, verify `git diff` shows only fix + test | [references/methodology/09-cleanup.md](references/methodology/09-cleanup.md) |
100
+
101
+ The phase loop has a **≥3-hypothesis floor**: Phase 3 is not complete with fewer
102
+ than three orthogonal hypotheses, each with evidence that would distinguish it.
103
+ After **two consecutive failed investigation rounds**, stop guessing and escalate
104
+ to the Oracle Triple in
105
+ [references/methodology/04-oracle-triple.md](references/methodology/04-oracle-triple.md).
106
+
107
+ ### Cross-cutting methodology references
108
+
109
+ Not phases — read them when the situation calls for them:
110
+
111
+ | Situation | Reference |
112
+ |---|---|
113
+ | You cannot run the actual operation (paid API, blocked network, missing hardware) but still need runtime evidence | 📖 [references/methodology/partial-runtime-evidence.md](references/methodology/partial-runtime-evidence.md) |
114
+ | You're about to declare an extraction / audit / reverse-engineering task done and want a skeptical pass | 📖 [references/methodology/partial-runtime-evidence.md](references/methodology/partial-runtime-evidence.md) |
115
+
116
+ ---
117
+
118
+ ## Reproduction standards
23
119
 
24
120
  A good reproduction is:
25
121
 
@@ -35,13 +131,13 @@ For LitClaude examples:
35
131
  - `CLAUDE_CONFIG_DIR=$(mktemp -d) node bin/litclaude-ai.js install`
36
132
  - `node --test test/hooks.test.mjs --test-name-pattern litwork`
37
133
 
38
- ## Root Cause Discipline
134
+ ## Root cause discipline
39
135
 
40
136
  Explain the mechanism, not just the symptom. "The test failed" is not a root
41
137
  cause. "The command markdown mentions `$ARGUMENTS`, which Claude renders empty
42
138
  and tests reject as a broken placeholder" is a root cause.
43
139
 
44
- ## Common LitClaude Failure Classes
140
+ ## Common LitClaude failure classes
45
141
 
46
142
  - npm same-name source checkout causes `npx litclaude-ai` resolution confusion.
47
143
  - `npm publish` requires OTP and fails with `EOTP`.
@@ -51,7 +147,7 @@ and tests reject as a broken placeholder" is a root cause.
51
147
  - Hook JSON parsing fails with stack traces instead of controlled errors.
52
148
  - Package `files` omit a new skill or command.
53
149
 
54
- ## Patch Rules
150
+ ## Patch rules
55
151
 
56
152
  - Patch the failing boundary, not an unrelated symptom.
57
153
  - Keep compatibility aliases unless a breaking change is intentional.
@@ -59,6 +155,32 @@ and tests reject as a broken placeholder" is a root cause.
59
155
  - Do not broaden catch blocks without asserting the new error path.
60
156
  - Do not call network or publish in tests.
61
157
 
158
+ ---
159
+
160
+ ## Non-negotiable safety invariants
161
+
162
+ <safety>
163
+ 1. **Runtime state is the only source of truth.** A hypothesis without an
164
+ observed value is a guess. Do not fix guesses.
165
+ 2. **Every debug artifact is journaled before it is created.** Journal-then-modify,
166
+ not modify-then-remember-maybe. The `.debug-journal.md` is the single record
167
+ that makes a clean revert possible.
168
+ 3. **Never ship a fix without a failing-first test.** Red→green transition
169
+ required, or the fix is unverified.
170
+ 4. **Never declare done on type-check/compile alone.** Types catch declaration
171
+ bugs. Only running the actual user scenario catches the actual user bug.
172
+ 5. **Never ask the user a question that runtime evidence can already answer.**
173
+ Escalation is for genuine ambiguity.
174
+ 6. **Never silently swallow errors while debugging.** If the system swallows
175
+ errors, that is often the bug itself. Make them loud temporarily; restore at
176
+ cleanup.
177
+ 7. **Never `git commit` from inside this skill.** Commits belong after the user
178
+ confirms the fix.
179
+ 8. **Never attach without having read the runtime reference.** The gate rule.
180
+ </safety>
181
+
182
+ ---
183
+
62
184
  ## Evidence
63
185
 
64
186
  Record:
@@ -68,3 +190,18 @@ Record:
68
190
  - regression test
69
191
  - passing command and output
70
192
  - manual QA artifact and cleanup
193
+
194
+ ---
195
+
196
+ ## What to do right now
197
+
198
+ 1. Read the user's bug description.
199
+ 2. Identify the runtime.
200
+ 3. **Open `references/runtimes/<runtime>.md`.** Read it.
201
+ 4. Identify which specialist tools apply. **Open each matching
202
+ `references/tools/*.md`.** Read them.
203
+ 5. Open [references/methodology/00-setup.md](references/methodology/00-setup.md)
204
+ and start Phase 0.
205
+ 6. Follow the phase loop. Read each methodology reference as you enter the phase.
206
+
207
+ **The references are the skill. This file is an index.**
@@ -21,6 +21,10 @@ success criteria before editing. Keep decisions, evidence, cleanup receipts,
21
21
  and remaining work in a durable notepad, plan, or ledger when the task spans
22
22
  multiple steps.
23
23
 
24
+ This is a durable, evidence-driven execution loop. tests are necessary but not
25
+ sufficient: every done claim needs the matching real Claude Code/package/user
26
+ surface artifact, not just a green suite.
27
+
24
28
  ## Bootstrap
25
29
 
26
30
  Before implementation:
@@ -37,6 +41,22 @@ Before implementation:
37
41
  7. Reread stale state before action: plans, handoffs, package metadata,
38
42
  registry facts, test output, and resumed ledgers can drift between turns.
39
43
 
44
+ ## Tier the Effort (LIGHT vs HEAVY)
45
+
46
+ Classify the task once at bootstrap, then size the process to match. Ratchet
47
+ **up** only — never downgrade a HEAVY task mid-flight to save effort.
48
+
49
+ - **LIGHT** — isolated, additive, low-blast-radius (a new pure helper, a typo,
50
+ a docs line, a single local test). One success criterion and one Manual-QA
51
+ channel are enough; skip the heavier waves.
52
+ - **HEAVY** — trigger on any of: changes to existing behavior, security- or
53
+ auth-sensitive surfaces, release-facing or published artifacts, multi-file or
54
+ multi-subsystem edits, concurrency/locking, data migrations, or anything you
55
+ cannot fully revert. Run the full criteria set, the adversarial classes, the
56
+ reviewer gate, and (when broad/parallel) Dynamic workflow delegation.
57
+
58
+ When uncertain, treat the task as HEAVY.
59
+
40
60
  ## Native Goal + Dynamic Workflow
41
61
 
42
62
  Claude Code's `/goal` (v2.1.139+) is a **user-typed slash command** that sets an autonomous
@@ -52,9 +72,13 @@ model-facing goal tools today. Bind goals like this:
52
72
  - While model-facing goal tools are not exposed (the case today), the local litgoal ledger is the
53
73
  durable record; surface the `/goal` proposal for long-running goals and don't spam fallback status.
54
74
 
55
- Dynamic workflow orchestration is mandatory for broad, risky, parallel, or
56
- long-running work: call `Workflow` when exposed instead of merely mentioning it.
57
- Dynamic worktree isolation is mandatory for risky edit lanes: call
75
+ Dynamic workflow orchestration is the right tool for broad, risky, parallel, or
76
+ long-running work: briefly **propose a Dynamic workflow and call `Workflow`
77
+ once the user opts in** (or when the session already permits orchestration)
78
+ instead of merely mentioning it. The `Workflow` tool can fan out many subagents
79
+ and spend a large token budget, so it needs explicit user opt-in — this opt-in
80
+ gate, not a host limitation, is why a Dynamic workflow only starts after you
81
+ offer it. Dynamic worktree isolation is mandatory for risky edit lanes: call
58
82
  `EnterWorktree` when exposed. If only the CLI surface is available, use or
59
83
  recommend `claude --worktree <short-name> --tmux`.
60
84