pmp-gywd 3.3.0

package/get-your-work-done/references/git-integration.md

@@ -0,0 +1,254 @@
+<overview>
+Git integration for GYWD framework.
+</overview>
+
+<core_principle>
+
+**Commit outcomes, not process.**
+
+The git log should read like a changelog of what shipped, not a diary of planning activity.
+</core_principle>
+
+<commit_points>
+
+| Event                   | Commit? | Why                                              |
+| ----------------------- | ------- | ------------------------------------------------ |
+| BRIEF + ROADMAP created | YES     | Project initialization                           |
+| PLAN.md created         | NO      | Intermediate - commit with plan completion       |
+| RESEARCH.md created     | NO      | Intermediate                                     |
+| DISCOVERY.md created    | NO      | Intermediate                                     |
+| **Task completed**      | YES     | Atomic unit of work (1 commit per task)         |
+| **Plan completed**      | YES     | Metadata commit (SUMMARY + STATE + ROADMAP)     |
+| Handoff created         | YES     | WIP state preserved                              |
+
+</commit_points>
+
+<git_check>
+
+```bash
+[ -d .git ] && echo "GIT_EXISTS" || echo "NO_GIT"
+```
+
+If NO_GIT: Run `git init` silently. GYWD projects always get their own repo.
+</git_check>
+
+<commit_formats>
+
+<format name="initialization">
+## Project Initialization (brief + roadmap together)
+
+```
+docs: initialize [project-name] ([N] phases)
+
+[One-liner from PROJECT.md]
+
+Phases:
+1. [phase-name]: [goal]
+2. [phase-name]: [goal]
+3. [phase-name]: [goal]
+```
+
+What to commit:
+
+```bash
+git add .planning/
+git commit
+```
+
+</format>
+
+<format name="task-completion">
+## Task Completion (During Plan Execution)
+
+Each task gets its own commit immediately after completion.
+
+```
+{type}({phase}-{plan}): {task-name}
+
+- [Key change 1]
+- [Key change 2]
+- [Key change 3]
+```
+
+**Commit types:**
+- `feat` - New feature/functionality
+- `fix` - Bug fix
+- `test` - Test-only (TDD RED phase)
+- `refactor` - Code cleanup (TDD REFACTOR phase)
+- `perf` - Performance improvement
+- `chore` - Dependencies, config, tooling
+
+**Examples:**
+
+```bash
+# Standard task
+git add src/api/auth.ts src/types/user.ts
+git commit -m "feat(08-02): create user registration endpoint
+
+- POST /auth/register validates email and password
+- Checks for duplicate users
+- Returns JWT token on success
+"
+
+# TDD task - RED phase
+git add src/__tests__/jwt.test.ts
+git commit -m "test(07-02): add failing test for JWT generation
+
+- Tests token contains user ID claim
+- Tests token expires in 1 hour
+- Tests signature verification
+"
+
+# TDD task - GREEN phase
+git add src/utils/jwt.ts
+git commit -m "feat(07-02): implement JWT generation
+
+- Uses jose library for signing
+- Includes user ID and expiry claims
+- Signs with HS256 algorithm
+"
+```
+
+</format>
+
+<format name="plan-completion">
+## Plan Completion (After All Tasks Done)
+
+After all tasks committed, one final metadata commit captures plan completion.
+
+```
+docs({phase}-{plan}): complete [plan-name] plan
+
+Tasks completed: [N]/[N]
+- [Task 1 name]
+- [Task 2 name]
+- [Task 3 name]
+
+SUMMARY: .planning/phases/XX-name/{phase}-{plan}-SUMMARY.md
+```
+
+What to commit:
+
+```bash
+git add .planning/phases/XX-name/{phase}-{plan}-PLAN.md
+git add .planning/phases/XX-name/{phase}-{plan}-SUMMARY.md
+git add .planning/STATE.md
+git add .planning/ROADMAP.md
+git commit
+```
+
+**Note:** Code files NOT included - already committed per-task.
+
+</format>
+
+<format name="handoff">
+## Handoff (WIP)
+
+```
+wip: [phase-name] paused at task [X]/[Y]
+
+Current: [task name]
+[If blocked:] Blocked: [reason]
+```
+
+What to commit:
+
+```bash
+git add .planning/
+git commit
+```
+
+</format>
+</commit_formats>
+
+<example_log>
+
+**Old approach (per-plan commits):**
+```
+a7f2d1 feat(checkout): Stripe payments with webhook verification
+3e9c4b feat(products): catalog with search, filters, and pagination
+8a1b2c feat(auth): JWT with refresh rotation using jose
+5c3d7e feat(foundation): Next.js 15 + Prisma + Tailwind scaffold
+2f4a8d docs: initialize ecommerce-app (5 phases)
+```
+
+**New approach (per-task commits):**
+```
+# Phase 04 - Checkout
+1a2b3c docs(04-01): complete checkout flow plan
+4d5e6f feat(04-01): add webhook signature verification
+7g8h9i feat(04-01): implement payment session creation
+0j1k2l feat(04-01): create checkout page component
+
+# Phase 03 - Products
+3m4n5o docs(03-02): complete product listing plan
+6p7q8r feat(03-02): add pagination controls
+9s0t1u feat(03-02): implement search and filters
+2v3w4x feat(03-01): create product catalog schema
+
+# Phase 02 - Auth
+5y6z7a docs(02-02): complete token refresh plan
+8b9c0d feat(02-02): implement refresh token rotation
+1e2f3g test(02-02): add failing test for token refresh
+4h5i6j docs(02-01): complete JWT setup plan
+7k8l9m feat(02-01): add JWT generation and validation
+0n1o2p chore(02-01): install jose library
+
+# Phase 01 - Foundation
+3q4r5s docs(01-01): complete scaffold plan
+6t7u8v feat(01-01): configure Tailwind and globals
+9w0x1y feat(01-01): set up Prisma with database
+2z3a4b feat(01-01): create Next.js 15 project
+
+# Initialization
+5c6d7e docs: initialize ecommerce-app (5 phases)
+```
+
+Each plan produces 2-4 commits (tasks + metadata). Clear, granular, bisectable.
+
+</example_log>
+
+<anti_patterns>
+
+**Still don't commit (intermediate artifacts):**
+- PLAN.md creation (commit with plan completion)
+- RESEARCH.md (intermediate)
+- DISCOVERY.md (intermediate)
+- Minor planning tweaks
+- "Fixed typo in roadmap"
+
+**Do commit (outcomes):**
+- Each task completion (feat/fix/test/refactor)
+- Plan completion metadata (docs)
+- Project initialization (docs)
+
+**Key principle:** Commit working code and shipped outcomes, not planning process.
+
+</anti_patterns>
+
+<commit_strategy_rationale>
+
+## Why Per-Task Commits?
+
+**Context engineering for AI:**
+- Git history becomes primary context source for future Claude sessions
+- `git log --grep="{phase}-{plan}"` shows all work for a plan
+- `git diff <hash>^..<hash>` shows exact changes per task
+- Less reliance on parsing SUMMARY.md = more context for actual work
+
+**Failure recovery:**
+- Task 1 committed ✅, Task 2 failed ❌
+- Claude in next session: sees task 1 complete, can retry task 2
+- Can `git reset --hard` to last successful task
+
+**Debugging:**
+- `git bisect` finds exact failing task, not just failing plan
+- `git blame` traces line to specific task context
+- Each commit is independently revertable
+
+**Observability:**
+- Solo developer + Claude workflow benefits from granular attribution
+- Atomic commits are git best practice
+- "Commit noise" irrelevant when consumer is Claude, not humans
+
+</commit_strategy_rationale>

package/get-your-work-done/references/plan-format.md

@@ -0,0 +1,428 @@
+<overview>
+Claude-executable plans have a specific format that enables Claude to implement without interpretation. This reference defines what makes a plan executable vs. vague.
+
+**Key insight:** PLAN.md IS the executable prompt. It contains everything Claude needs to execute the phase, including objective, context references, tasks, verification, success criteria, and output specification.
+</overview>
+
+<core_principle>
+A plan is Claude-executable when Claude can read the PLAN.md and immediately start implementing without asking clarifying questions.
+
+If Claude has to guess, interpret, or make assumptions - the task is too vague.
+</core_principle>
+
+<prompt_structure>
+Every PLAN.md follows this XML structure:
+
+```markdown
+---
+phase: XX-name
+type: execute
+domain: [optional]
+---
+
+<objective>
+[What and why]
+Purpose: [...]
+Output: [...]
+</objective>
+
+<context>
+@.planning/PROJECT.md
+@.planning/ROADMAP.md
+@relevant/source/files.ts
+</context>
+
+<tasks>
+<task type="auto">
+  <name>Task N: [Name]</name>
+  <files>[paths]</files>
+  <action>[what to do, what to avoid and WHY]</action>
+  <verify>[command/check]</verify>
+  <done>[criteria]</done>
+</task>
+
+<task type="checkpoint:human-verify" gate="blocking">
+  <what-built>[what Claude automated]</what-built>
+  <how-to-verify>[numbered verification steps]</how-to-verify>
+  <resume-signal>[how to continue - "approved" or describe issues]</resume-signal>
+</task>
+
+<task type="checkpoint:decision" gate="blocking">
+  <decision>[what needs deciding]</decision>
+  <context>[why this matters]</context>
+  <options>
+    <option id="option-a"><name>[Name]</name><pros>[pros]</pros><cons>[cons]</cons></option>
+    <option id="option-b"><name>[Name]</name><pros>[pros]</pros><cons>[cons]</cons></option>
+  </options>
+  <resume-signal>[how to indicate choice]</resume-signal>
+</task>
+</tasks>
+
+<verification>
+[Overall phase checks]
+</verification>
+
+<success_criteria>
+[Measurable completion]
+</success_criteria>
+
+<output>
+[SUMMARY.md specification]
+</output>
+```
+
+</prompt_structure>
+
+<task_anatomy>
+Every task has four required fields:
+
+<field name="files">
+**What it is**: Exact file paths that will be created or modified.
+
+**Good**: `src/app/api/auth/login/route.ts`, `prisma/schema.prisma`
+**Bad**: "the auth files", "relevant components"
+
+Be specific. If you don't know the file path, figure it out first.
+</field>
+
+<field name="action">
+**What it is**: Specific implementation instructions, including what to avoid and WHY.
+
+**Good**: "Create POST endpoint that accepts {email, password}, validates using bcrypt against User table, returns JWT in httpOnly cookie with 15-min expiry. Use jose library (not jsonwebtoken - CommonJS issues with Next.js Edge runtime)."
+
+**Bad**: "Add authentication", "Make login work"
+
+Include: technology choices, data structures, behavior details, pitfalls to avoid.
+</field>
+
+<field name="verify">
+**What it is**: How to prove the task is complete.
+
+**Good**:
+
+- `npm test` passes
+- `curl -X POST /api/auth/login` returns 200 with Set-Cookie header
+- Build completes without errors
+
+**Bad**: "It works", "Looks good", "User can log in"
+
+Must be executable - a command, a test, an observable behavior.
+</field>
+
+<field name="done">
+**What it is**: Acceptance criteria - the measurable state of completion.
+
+**Good**: "Valid credentials return 200 + JWT cookie, invalid credentials return 401"
+
+**Bad**: "Authentication is complete"
+
+Should be testable without subjective judgment.
+</field>
+</task_anatomy>
+
+<task_types>
+Tasks have a `type` attribute that determines how they execute:
+
+<type name="auto">
+**Default task type** - Claude executes autonomously.
+
+**Structure:**
+
+```xml
+<task type="auto">
+  <name>Task 3: Create login endpoint with JWT</name>
+  <files>src/app/api/auth/login/route.ts</files>
+  <action>POST endpoint accepting {email, password}. Query User by email, compare password with bcrypt. On match, create JWT with jose library, set as httpOnly cookie (15-min expiry). Return 200. On mismatch, return 401.</action>
+  <verify>curl -X POST localhost:3000/api/auth/login returns 200 with Set-Cookie header</verify>
+  <done>Valid credentials → 200 + cookie. Invalid → 401.</done>
+</task>
+```
+
+Use for: Everything Claude can do independently (code, tests, builds, file operations).
+</type>
+
+<type name="checkpoint:human-action">
+**RARELY USED** - Only for actions with NO CLI/API. Claude automates everything possible first.
+
+**Structure:**
+
+```xml
+<task type="checkpoint:human-action" gate="blocking">
+  <action>[Unavoidable manual step - email link, 2FA code]</action>
+  <instructions>
+    [What Claude already automated]
+    [The ONE thing requiring human action]
+  </instructions>
+  <verification>[What Claude can check afterward]</verification>
+  <resume-signal>[How to continue]</resume-signal>
+</task>
+```
+
+Use ONLY for: Email verification links, SMS 2FA codes, manual approvals with no API, 3D Secure payment flows.
+
+Do NOT use for: Anything with a CLI (Vercel, Stripe, Upstash, Railway, GitHub), builds, tests, file creation, deployments.
+
+**Execution:** Claude automates everything with CLI/API, stops only for truly unavoidable manual steps.
+</type>
+
+<type name="checkpoint:human-verify">
+**Human must verify Claude's work** - Visual checks, UX testing.
+
+**Structure:**
+
+```xml
+<task type="checkpoint:human-verify" gate="blocking">
+  <what-built>Responsive dashboard layout</what-built>
+  <how-to-verify>
+    1. Run: npm run dev
+    2. Visit: http://localhost:3000/dashboard
+    3. Desktop (>1024px): Verify sidebar left, content right
+    4. Tablet (768px): Verify sidebar collapses to hamburger
+    5. Mobile (375px): Verify single column, bottom nav
+    6. Check: No layout shift, no horizontal scroll
+  </how-to-verify>
+  <resume-signal>Type "approved" or describe issues</resume-signal>
+</task>
+```
+
+Use for: UI/UX verification, visual design checks, animation smoothness, accessibility testing.
+
+**Execution:** Claude builds the feature, stops, provides testing instructions, waits for approval/feedback.
+</type>
+
+<type name="checkpoint:decision">
+**Human must make implementation choice** - Direction-setting decisions.
+
+**Structure:**
+
+```xml
+<task type="checkpoint:decision" gate="blocking">
+  <decision>Select authentication provider</decision>
+  <context>We need user authentication. Three approaches with different tradeoffs:</context>
+  <options>
+    <option id="supabase">
+      <name>Supabase Auth</name>
+      <pros>Built-in with Supabase, generous free tier</pros>
+      <cons>Less customizable UI, tied to ecosystem</cons>
+    </option>
+    <option id="clerk">
+      <name>Clerk</name>
+      <pros>Beautiful pre-built UI, best DX</pros>
+      <cons>Paid after 10k MAU</cons>
+    </option>
+    <option id="nextauth">
+      <name>NextAuth.js</name>
+      <pros>Free, self-hosted, maximum control</pros>
+      <cons>More setup, you manage security</cons>
+    </option>
+  </options>
+  <resume-signal>Select: supabase, clerk, or nextauth</resume-signal>
+</task>
+```
+
+Use for: Technology selection, architecture decisions, design choices, feature prioritization.
+
+**Execution:** Claude presents options with balanced pros/cons, waits for decision, proceeds with chosen direction.
+</type>
+
+**When to use checkpoints:**
+
+- Visual/UX verification (after Claude builds) → `checkpoint:human-verify`
+- Implementation direction choice → `checkpoint:decision`
+- Truly unavoidable manual actions (email links, 2FA) → `checkpoint:human-action` (rare)
+
+**When NOT to use checkpoints:**
+
+- Anything with CLI/API (Claude automates it) → `type="auto"`
+- Deployments (Vercel, Railway, Fly) → `type="auto"` with CLI
+- Creating resources (Upstash, Stripe, GitHub) → `type="auto"` with CLI/API
+- File operations, tests, builds → `type="auto"`
+
+**Golden rule:** If Claude CAN automate it, Claude MUST automate it.
+
+See `./checkpoints.md` for comprehensive checkpoint guidance.
+</task_types>
+
+<tdd_plans>
+**TDD work uses dedicated plans.**
+
+TDD features require 2-3 execution cycles (RED → GREEN → REFACTOR), each with file reads, test runs, and potential debugging. This is fundamentally heavier than standard tasks and would consume 50-60% of context if embedded in a multi-task plan.
+
+**When to create a TDD plan:**
+- Business logic with defined inputs/outputs
+- API endpoints with request/response contracts
+- Data transformations and parsing
+- Validation rules
+- Algorithms with testable behavior
+
+**When to use standard plans (skip TDD):**
+- UI layout and styling
+- Configuration changes
+- Glue code connecting existing components
+- One-off scripts
+
+**Heuristic:** Can you write `expect(fn(input)).toBe(output)` before writing `fn`?
+→ Yes: Create a TDD plan (one feature per plan)
+→ No: Use standard plan, add tests after if needed
+
+See `./tdd.md` for TDD plan structure and execution guidance.
+</tdd_plans>
+
+<context_references>
+Use @file references to load context for the prompt:
+
+```markdown
+<context>
+@.planning/PROJECT.md           # Project vision
+@.planning/ROADMAP.md         # Phase structure
+@.planning/phases/02-auth/DISCOVERY.md  # Discovery results
+@src/lib/db.ts                # Existing database setup
+@src/types/user.ts            # Existing type definitions
+</context>
+```
+
+Reference files that Claude needs to understand before implementing.
+</context_references>
+
+<verification_section>
+Overall phase verification (beyond individual task verification):
+
+```markdown
+<verification>
+Before declaring phase complete:
+- [ ] `npm run build` succeeds without errors
+- [ ] `npm test` passes all tests
+- [ ] No TypeScript errors
+- [ ] Feature works end-to-end manually
+</verification>
+```
+
+</verification_section>
+
+<success_criteria_section>
+Measurable criteria for phase completion:
+
+```markdown
+<success_criteria>
+
+- All tasks completed
+- All verification checks pass
+- No errors or warnings introduced
+- JWT auth flow works end-to-end
+- Protected routes redirect unauthenticated users
+  </success_criteria>
+```
+
+</success_criteria_section>
+
+<output_section>
+Specify the SUMMARY.md structure:
+
+```markdown
+<output>
+After completion, create `.planning/phases/XX-name/SUMMARY.md`:
+
+# Phase X: Name Summary
+
+**[Substantive one-liner]**
+
+## Accomplishments
+
+## Files Created/Modified
+
+## Decisions Made
+
+## Issues Encountered
+
+## Next Phase Readiness
+
+</output>
+```
+
+</output_section>
+
+<specificity_levels>
+<too_vague>
+
+```xml
+<task type="auto">
+  <name>Task 1: Add authentication</name>
+  <files>???</files>
+  <action>Implement auth</action>
+  <verify>???</verify>
+  <done>Users can authenticate</done>
+</task>
+```
+
+Claude: "How? What type? What library? Where?"
+</too_vague>
+
+<just_right>
+
+```xml
+<task type="auto">
+  <name>Task 1: Create login endpoint with JWT</name>
+  <files>src/app/api/auth/login/route.ts</files>
+  <action>POST endpoint accepting {email, password}. Query User by email, compare password with bcrypt. On match, create JWT with jose library, set as httpOnly cookie (15-min expiry). Return 200. On mismatch, return 401. Use jose instead of jsonwebtoken (CommonJS issues with Edge).</action>
+  <verify>curl -X POST localhost:3000/api/auth/login -H "Content-Type: application/json" -d '{"email":"test@test.com","password":"test123"}' returns 200 with Set-Cookie header containing JWT</verify>
+  <done>Valid credentials → 200 + cookie. Invalid → 401. Missing fields → 400.</done>
+</task>
+```
+
+Claude can implement this immediately.
+</just_right>
+
+<note_on_tdd>
+**TDD candidates get dedicated plans.**
+
+If email validation warrants TDD, create a TDD plan for it. See `./tdd.md` for TDD plan structure.
+</note_on_tdd>
+
+<too_detailed>
+Writing the actual code in the plan. Trust Claude to implement from clear instructions.
+</too_detailed>
+</specificity_levels>
+
+<anti_patterns>
+<vague_actions>
+
+- "Set up the infrastructure"
+- "Handle edge cases"
+- "Make it production-ready"
+- "Add proper error handling"
+
+These require Claude to decide WHAT to do. Specify it.
+</vague_actions>
+
+<unverifiable_completion>
+
+- "It works correctly"
+- "User experience is good"
+- "Code is clean"
+- "Tests pass" (which tests? do they exist?)
+
+These require subjective judgment. Make it objective.
+</unverifiable_completion>
+
+<missing_context>
+
+- "Use the standard approach"
+- "Follow best practices"
+- "Like the other endpoints"
+
+Claude doesn't know your standards. Be explicit.
+</missing_context>
+</anti_patterns>
+
+<sizing_tasks>
+Good task size: 15-60 minutes of Claude work.
+
+**Too small**: "Add import statement for bcrypt" (combine with related task)
+**Just right**: "Create login endpoint with JWT validation" (focused, specific)
+**Too big**: "Implement full authentication system" (split into multiple plans)
+
+If a task takes multiple sessions, break it down.
+If a task is trivial, combine with related tasks.
+
+**Note on scope:** If a phase has >3 tasks or spans multiple subsystems, split into multiple plans using the naming convention `{phase}-{plan}-PLAN.md`. See `./scope-estimation.md` for guidance.
+</sizing_tasks>