swe-workflow-skills 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -17
- package/VERSION +1 -1
- package/catalog.json +95 -5
- package/package.json +1 -1
- package/roles.json +58 -7
- package/skills/ai-evaluation/SKILL.md +111 -0
- package/skills/ai-evaluation/evals/evals.json +40 -0
- package/skills/ai-evaluation/references/eval-tooling.md +63 -0
- package/skills/architecture-design/SKILL.md +3 -1
- package/skills/brainstorming/SKILL.md +92 -0
- package/skills/brainstorming/evals/evals.json +40 -0
- package/skills/browser-verification/SKILL.md +95 -0
- package/skills/browser-verification/evals/evals.json +40 -0
- package/skills/build-vs-buy/SKILL.md +109 -0
- package/skills/build-vs-buy/evals/evals.json +40 -0
- package/skills/cicd-pipeline/SKILL.md +1 -0
- package/skills/code-archaeology/SKILL.md +103 -0
- package/skills/code-archaeology/evals/evals.json +41 -0
- package/skills/compliance-privacy/SKILL.md +113 -0
- package/skills/compliance-privacy/evals/evals.json +41 -0
- package/skills/compliance-privacy/references/obligations-map.md +69 -0
- package/skills/data-pipeline-design/SKILL.md +116 -0
- package/skills/data-pipeline-design/evals/evals.json +41 -0
- package/skills/data-pipeline-design/references/orchestration.md +64 -0
- package/skills/data-quality/SKILL.md +107 -0
- package/skills/data-quality/evals/evals.json +39 -0
- package/skills/data-quality/references/tooling.md +45 -0
- package/skills/deployment-checklist/SKILL.md +2 -1
- package/skills/dx-audit/SKILL.md +97 -0
- package/skills/dx-audit/evals/evals.json +40 -0
- package/skills/feature-planning/SKILL.md +5 -1
- package/skills/finops-cost-optimization/SKILL.md +109 -0
- package/skills/finops-cost-optimization/evals/evals.json +40 -0
- package/skills/git-workflow/SKILL.md +10 -0
- package/skills/llm-app-engineering/SKILL.md +102 -0
- package/skills/llm-app-engineering/evals/evals.json +40 -0
- package/skills/llm-app-engineering/references/patterns.md +70 -0
- package/skills/ml-experiment-tracking/SKILL.md +1 -1
- package/skills/ml-pipeline-design/SKILL.md +1 -1
- package/skills/mobile-architecture/SKILL.md +106 -0
- package/skills/mobile-architecture/evals/evals.json +40 -0
- package/skills/mobile-release/SKILL.md +109 -0
- package/skills/mobile-release/evals/evals.json +41 -0
- package/skills/plan-execution/SKILL.md +115 -0
- package/skills/plan-execution/evals/evals.json +55 -0
- package/skills/project-documentation/SKILL.md +4 -0
- package/skills/release-management/SKILL.md +97 -0
- package/skills/release-management/evals/evals.json +56 -0
- package/skills/release-management/references/release-tooling.md +106 -0
- package/skills/resilience-engineering/SKILL.md +121 -0
- package/skills/resilience-engineering/evals/evals.json +40 -0
- package/skills/security-audit/SKILL.md +2 -2
- package/skills/skill-router/SKILL.md +46 -3
- package/skills/subagent-orchestration/SKILL.md +100 -0
- package/skills/subagent-orchestration/evals/evals.json +40 -0
- package/skills/threat-modeling/SKILL.md +101 -0
- package/skills/threat-modeling/evals/evals.json +40 -0
- package/skills/threat-modeling/references/stride-mitigations.md +90 -0
- package/skills/writing-skills/SKILL.md +27 -11
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "llm-app-engineering",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "We're building an internal support assistant that answers questions over our product docs and past support tickets. Design the RAG architecture — how should we chunk, retrieve, and prompt?",
|
|
7
|
+
"expected_output": "Designs the full retrieval-augmented pipeline: structure-aware chunking with reasoned size/overlap, retrieval beyond naive top-k (hybrid search, metadata filters, reranking), a grounded generation prompt with citations and an explicit no-answer path, a context budget, and a handoff to evaluation (golden questions, RAG metrics via ai-evaluation) before calling the design done",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Proposes a chunking strategy tied to the documents' structure (headings, tickets) with reasoning about size and overlap, not an arbitrary fixed size",
|
|
10
|
+
"Designs retrieval beyond naive top-k vector search: hybrid keyword+vector search, metadata filtering, or a reranking stage, with rationale",
|
|
11
|
+
"Outlines a grounded generation prompt: answer only from retrieved context, cite sources, and explicitly say when the context does not contain the answer",
|
|
12
|
+
"Considers the context budget: how many chunks to include, their ordering, and behavior when retrieval returns too little or too much",
|
|
13
|
+
"Delegates measuring quality to an evaluation setup (golden questions and RAG metrics / the ai-evaluation skill) rather than declaring the design done"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "Our coding agent has access to 25 tools and it keeps picking the wrong one and forgetting what it already did in long multi-step tasks. How do we fix the design?",
|
|
19
|
+
"expected_output": "Diagnoses a context/tool-design problem: prunes and disambiguates the tool surface, externalizes state (plan file/scratchpad, summarization) for long horizons, considers decomposing into phases or sub-agents with scoped toolsets, and verifies the fix with task-success evals rather than anecdotes",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Diagnoses this as a context/tool design problem (overlapping tools, unbounded history), not primarily a model-capability problem",
|
|
22
|
+
"Proposes reducing or restructuring the tool surface: fewer and clearer tools, distinct names and descriptions, or grouping/namespacing",
|
|
23
|
+
"Addresses long-horizon memory: a scratchpad or plan file, summarization/compaction of history, or state externalized outside the context window",
|
|
24
|
+
"Considers decomposition into phases or sub-agents with scoped toolsets for distinct stages of the task",
|
|
25
|
+
"Recommends verifying the improvement with evals (task success rate on representative tasks) rather than eyeballing a few runs"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "We rewrote our assistant's system prompt and the answers feel better. How do we prove the new prompt is actually better before rolling it out to users?",
|
|
31
|
+
"expected_output": "Recognizes this as a measurement question, not a prompt-design question — hands off to ai-evaluation: compare both prompt variants on the same golden dataset with pairwise/judge scoring or metric deltas, gated before rollout, rather than offering more prompt-engineering advice",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes this is a measurement/evaluation question, not a prompt-design question",
|
|
34
|
+
"Refers to the ai-evaluation skill for the methodology (golden dataset, LLM-as-judge, regression comparison)",
|
|
35
|
+
"Mentions comparing the two prompt variants on the same dataset (pairwise/side-by-side or metric deltas), not anecdotes",
|
|
36
|
+
"Does not answer with further prompt-engineering advice as the primary response"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# LLM App Patterns — RAG, Agents, Memory, Failure Modes
|
|
2
|
+
|
|
3
|
+
Framework and model specifics move fast; verify against current docs. The
|
|
4
|
+
decision logic below is stable.
|
|
5
|
+
|
|
6
|
+
## Chunking by corpus shape
|
|
7
|
+
|
|
8
|
+
| Corpus | Chunking | Notes |
|
|
9
|
+
|---|---|---|
|
|
10
|
+
| Docs / wiki (structured) | By heading hierarchy, ~300–800 tokens, small overlap | Prepend the heading path ("Billing > Refunds") to each chunk — it disambiguates retrieval and improves citations |
|
|
11
|
+
| Support tickets / Q&A | One unit = problem + resolution | Don't split the pair; the resolution is useless without the problem |
|
|
12
|
+
| Code | By symbol (function/class), not lines | Include the file path and signature in the chunk text |
|
|
13
|
+
| Long prose / transcripts | Semantic or sliding window with overlap | Consider a summarize-then-retrieve layer for very long sources |
|
|
14
|
+
| Tables / spreadsheets | Row-group or per-table with header repeated | Naive text chunking destroys tables; test retrieval on numeric questions |
|
|
15
|
+
|
|
16
|
+
Parent-document pattern: retrieve on small chunks (precision), hand the model
|
|
17
|
+
the enclosing section (context). Works well for docs corpora.
|
|
18
|
+
|
|
19
|
+
## Retrieval stack, in order of leverage
|
|
20
|
+
|
|
21
|
+
1. **Hybrid search** (BM25 + vector, reciprocal-rank fusion) — the single
|
|
22
|
+
biggest fix for "it can't find exact terms" (error codes, SKUs, names).
|
|
23
|
+
2. **Metadata filtering** — scope by product/version/date *before* similarity;
|
|
24
|
+
most wrong-document retrievals are out-of-scope, not low-similarity.
|
|
25
|
+
3. **Reranking** (cross-encoder or LLM reranker) — retrieve 20–50, keep 5–10.
|
|
26
|
+
Cheap, large precision gain.
|
|
27
|
+
4. **Query transformation** — rewrite conversational queries into standalone
|
|
28
|
+
ones (resolve "it", merge dialogue turns); expand acronyms from a glossary.
|
|
29
|
+
5. Embedding model swap / fine-tune — last, and only with eval evidence.
|
|
30
|
+
|
|
31
|
+
## Agent design patterns
|
|
32
|
+
|
|
33
|
+
- **Workflow first**: prompt-chaining, routing, parallelization,
|
|
34
|
+
orchestrator-workers, evaluator-optimizer — fixed control flow with LLM
|
|
35
|
+
steps. An autonomous loop is the *last* resort, when the path genuinely
|
|
36
|
+
can't be scripted.
|
|
37
|
+
- **Tool budget**: past ~10–15 tools, selection accuracy degrades; group tools
|
|
38
|
+
behind a router/namespace, or split the task into phases with scoped
|
|
39
|
+
toolsets.
|
|
40
|
+
- **Sub-agents**: use for context isolation (a research sub-agent burns 50k
|
|
41
|
+
tokens, returns a 500-token summary), not for anthropomorphic org charts.
|
|
42
|
+
Pass structured briefs down and structured results up — never raw history.
|
|
43
|
+
- **Stop conditions**: max iterations, token budget, and "no progress in N
|
|
44
|
+
steps" detection. Log every trajectory; failed trajectories are eval cases.
|
|
45
|
+
|
|
46
|
+
## Memory patterns
|
|
47
|
+
|
|
48
|
+
| Need | Pattern |
|
|
49
|
+
|---|---|
|
|
50
|
+
| Within one long task | Plan/scratchpad file the agent updates and re-reads (survives compaction) |
|
|
51
|
+
| Across a conversation | Rolling summary of older turns + verbatim recent turns |
|
|
52
|
+
| Across sessions (facts) | Memory store written explicitly ("user prefers X"), retrieved like RAG |
|
|
53
|
+
| Team/app knowledge | The RAG corpus itself — don't duplicate it in per-user memory |
|
|
54
|
+
|
|
55
|
+
Write memory deliberately (explicit save decisions with a reason), read it
|
|
56
|
+
skeptically (memories go stale; verify before acting on them).
|
|
57
|
+
|
|
58
|
+
## Failure modes checklist
|
|
59
|
+
|
|
60
|
+
- **Prompt injection**: retrieved content and tool outputs are untrusted input
|
|
61
|
+
— instruct the model that context is data, not instructions; sanitize/flag
|
|
62
|
+
suspicious content; never let retrieved text authorize a side effect.
|
|
63
|
+
- **Hallucinated citations**: require quoting or IDs that are validated
|
|
64
|
+
post-hoc against the actual sources.
|
|
65
|
+
- **Silent context overflow**: measure prompt sizes in production; truncation
|
|
66
|
+
usually eats the system prompt or the earliest instructions first.
|
|
67
|
+
- **Cost/latency creep**: cache stable prompt prefixes, cap retrieval depth,
|
|
68
|
+
and track tokens per request as a first-class metric.
|
|
69
|
+
- **Version drift**: pin model versions; a provider-side model update is a
|
|
70
|
+
deploy you didn't approve — the eval suite (ai-evaluation) is how you notice.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: ml-experiment-tracking
|
|
3
|
-
description: "Design reproducible ML experiments — tracking, versioning, run comparison with MLflow, W&B, or DVC. Triggers: experiment tracking, MLflow, wandb, weights and biases, DVC, track experiments, compare models, hyperparameter, reproducibility, model registry, which model is better, experiment results, log metrics."
|
|
3
|
+
description: "Design reproducible ML experiments — tracking, versioning, run comparison with MLflow, W&B, or DVC. Triggers: experiment tracking, MLflow, wandb, weights and biases, DVC, track experiments, compare models, hyperparameter, reproducibility, model registry, which model is better, experiment results, log metrics. Defining WHAT to measure (metrics, golden datasets, judges) → ai-evaluation; this skill records and compares the runs."
|
|
4
4
|
model: sonnet
|
|
5
5
|
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
6
|
---
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: ml-pipeline-design
|
|
3
|
-
description: "Design reproducible ML training and data pipelines — ingestion, validation, feature engineering, training, evaluation, continuous training orchestration. Triggers: training pipeline, data pipeline, feature engineering, ETL for ML, continuous training, data validation, feature store, preprocessing, notebook to pipeline, orchestrate training,
|
|
3
|
+
description: "Design reproducible ML training and data pipelines — ingestion, validation, feature engineering, training, evaluation, continuous training orchestration. Triggers: training pipeline, ML data pipeline, feature engineering, ETL for ML, continuous training, data validation, feature store, preprocessing, notebook to pipeline, orchestrate training, Kubeflow, pipeline DAG, point-in-time features. Analytics/BI ELT and dbt warehouse pipelines → data-pipeline-design."
|
|
4
4
|
model: opus
|
|
5
5
|
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
6
|
---
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: mobile-architecture
|
|
3
|
+
description: "Design mobile app architecture — native (Swift/Kotlin) vs cross-platform (React Native/Flutter) selection, navigation and deep linking, state management, offline-first design and data sync, local persistence, push notifications, platform constraints (background work, battery, permissions). Triggers: mobile app architecture, iOS app, Android app, React Native or Flutter, offline first, data sync, mobile state management, deep linking, push notifications, app structure. Web SPA component architecture → frontend-architecture."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Mobile Architecture
|
|
9
|
+
|
|
10
|
+
Design mobile apps around the constraints that make mobile different: the
|
|
11
|
+
network is intermittent, the OS kills your process whenever it likes, every
|
|
12
|
+
release rides a store review you don't control, and yesterday's version keeps
|
|
13
|
+
running on users' devices for months. Web assumptions imported unexamined
|
|
14
|
+
(always-online, instant deploys, one running version) are where mobile
|
|
15
|
+
architectures go wrong. Boundary: `frontend-architecture` owns web SPA
|
|
16
|
+
component architecture; this skill owns apps that ship through app stores
|
|
17
|
+
(shipping them: `mobile-release`).
|
|
18
|
+
|
|
19
|
+
## Workflow
|
|
20
|
+
|
|
21
|
+
### Step 1: Platform Strategy — the Costly-to-Reverse Decision
|
|
22
|
+
|
|
23
|
+
Native (Swift/Kotlin), cross-platform (React Native/Flutter), or web-wrapper —
|
|
24
|
+
decide from the actual drivers, not fashion: team skills (a JS team ships RN
|
|
25
|
+
months before it ships Swift), how deep the platform integration runs (heavy
|
|
26
|
+
camera/AR/background/widgets favor native), performance sensitivity, and how
|
|
27
|
+
much UI must feel platform-native vs brand-consistent. Cross-platform halves
|
|
28
|
+
the codebase, not the work — platform-specific edges remain. Record it as an
|
|
29
|
+
ADR (`architecture-design`) with the revisit trigger; migrating later is a
|
|
30
|
+
rewrite.
|
|
31
|
+
|
|
32
|
+
### Step 2: Structure and Navigation
|
|
33
|
+
|
|
34
|
+
Define the navigation graph early — mobile UI *is* navigation (stacks, tabs,
|
|
35
|
+
modals), and retrofitting it hurts. Design **deep links from day one**: every
|
|
36
|
+
important screen gets an addressable route (push notifications, marketing
|
|
37
|
+
links, and OS integrations all need them, and bolting them onto a
|
|
38
|
+
navigation-by-reference architecture later is painful). Modularize by feature,
|
|
39
|
+
with UI / domain / data layers inside each feature — build-time and ownership
|
|
40
|
+
both benefit.
|
|
41
|
+
|
|
42
|
+
### Step 3: State and Data Layer
|
|
43
|
+
|
|
44
|
+
Unidirectional data flow (whatever the platform flavor calls it) keeps
|
|
45
|
+
lifecycle chaos manageable — the OS destroys and recreates screens, so state
|
|
46
|
+
must live above the view and **survive process death** (persist what matters;
|
|
47
|
+
assume any screen can be killed and restored). Put a repository layer between
|
|
48
|
+
UI and data sources so the UI never knows whether data came from cache,
|
|
49
|
+
database, or network — that boundary is where Step 4 lives.
|
|
50
|
+
|
|
51
|
+
### Step 4: Offline and Sync — Decide, Don't Drift
|
|
52
|
+
|
|
53
|
+
The defining mobile decision. Choose explicitly per data domain:
|
|
54
|
+
|
|
55
|
+
- **Online-only** (honest spinner + clear offline messaging) — legitimate for
|
|
56
|
+
real-time-only products; cheap; feels broken on the subway.
|
|
57
|
+
- **Read cache** — local store serves last-known data, network refreshes;
|
|
58
|
+
right default for content/consumption apps.
|
|
59
|
+
- **Offline-first** — the local database is the source of truth the UI reads;
|
|
60
|
+
mutations queue and sync in the background. Best UX, and it buys you a
|
|
61
|
+
hard problem: **conflict resolution** (last-write-wins per field, merge
|
|
62
|
+
rules, or surface-to-user — pick per data type *before* building the sync).
|
|
63
|
+
|
|
64
|
+
Queued mutations need idempotency keys (retries will happen) and visible
|
|
65
|
+
pending-state in the UI. Sync in delta batches, not full dumps — battery and
|
|
66
|
+
data plans are real constraints.
|
|
67
|
+
|
|
68
|
+
### Step 5: Platform Integration Realities
|
|
69
|
+
|
|
70
|
+
- **Push notifications**: design the token lifecycle and what each
|
|
71
|
+
notification deep-links to; push is delivery-best-effort, never the only
|
|
72
|
+
path to data.
|
|
73
|
+
- **Background work**: both OSes ruthlessly limit it — design sync to make
|
|
74
|
+
progress in short foreground windows, treat background execution as a bonus.
|
|
75
|
+
- **Permissions**: ask in context with a pre-prompt explaining why (a denied
|
|
76
|
+
permission is sticky and costly to win back).
|
|
77
|
+
- **Secrets & storage**: tokens in Keychain/Keystore, never in plain
|
|
78
|
+
preferences; the device is an untrusted environment (`threat-modeling` when
|
|
79
|
+
the data warrants it).
|
|
80
|
+
|
|
81
|
+
### Step 6: Design for the Fleet You Can't Update
|
|
82
|
+
|
|
83
|
+
Users run old versions for months, so: **version your API contracts** with
|
|
84
|
+
tolerance for old clients (`api-design` — additive changes only, server-side
|
|
85
|
+
defaults), gate risky features behind **remote config / feature flags** (your
|
|
86
|
+
only instant off-switch once shipped — see `mobile-release` on the no-rollback
|
|
87
|
+
reality), and plan a **forced-update mechanism** (minimum-supported-version
|
|
88
|
+
check) *in the first release* — the release where you need it is too late to
|
|
89
|
+
add it.
|
|
90
|
+
|
|
91
|
+
## Principles Applied
|
|
92
|
+
|
|
93
|
+
- **The network is optional; the local store is the truth** — architectures
|
|
94
|
+
that assume connectivity degrade into spinners.
|
|
95
|
+
- **Survive process death**: the OS is a chaos monkey you don't configure.
|
|
96
|
+
- **Old versions live forever**: every contract and flag decision is made for
|
|
97
|
+
a fleet, not a deployment.
|
|
98
|
+
|
|
99
|
+
## Cross-Skill References
|
|
100
|
+
|
|
101
|
+
- `frontend-architecture` — the web SPA counterpart (state and component patterns overlap)
|
|
102
|
+
- `mobile-release` — signing, store review, staged rollouts, hotfix reality
|
|
103
|
+
- `api-design` — versioned, old-client-tolerant contracts
|
|
104
|
+
- `architecture-design` — the platform-choice ADR
|
|
105
|
+
- `ui-ux-design` / `accessibility-design` — flows, states, and platform a11y
|
|
106
|
+
- `performance-optimization` — startup time, jank, memory on constrained devices
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "mobile-architecture",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "We're a 4-person team (all TypeScript devs) building a field-service app: technicians view job details, fill inspection forms, and take photos — often in basements and rural areas with no signal. Design the app architecture.",
|
|
7
|
+
"expected_output": "Platform choice driven by the actual context (TS team → React Native/Expo bias, recorded as an ADR with trade-offs), and — decisive here — offline-first design: local database as source of truth, queued mutations with idempotency keys and visible pending state, conflict resolution decided per data type, delta sync, photo upload queue tolerant of interrupted connectivity; plus navigation/deep links, state surviving process death, and old-client-tolerant API contracts",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Grounds the platform choice in the stated context (TypeScript team → cross-platform bias) and records it as an ADR-style decision with trade-offs, not a generic framework comparison",
|
|
10
|
+
"Designs offline-first for the connectivity reality: local store as source of truth with mutations queued for background sync",
|
|
11
|
+
"Addresses sync hazards concretely: idempotency for retried mutations, a chosen conflict-resolution approach, and visible pending/unsynced state in the UI",
|
|
12
|
+
"Handles the platform lifecycle: state survives process death, and large uploads (photos) tolerate interruption",
|
|
13
|
+
"Plans API contracts tolerant of old clients and/or remote-config kill switches, acknowledging that shipped versions persist on devices"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "Our shipped iOS/Android app assumed always-online and now users are furious about spinners everywhere. Retrofitting offline is the mandate. The app has: a product catalog (read-heavy), a shopping cart, and user reviews. How do we approach it?",
|
|
19
|
+
"expected_output": "Rejects one-size-fits-all: chooses a sync model per data domain — catalog as read cache (local store + background refresh), cart as offline-first with queued mutations and conflict handling (merge/last-write per field; cart merges across devices), reviews as queued writes with pending-state UI; introduces the repository boundary so the UI stops knowing about the network, sequences the retrofit incrementally by domain, and flags conflict resolution and idempotency as the design decisions to make before coding",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Chooses a sync strategy per data domain (read cache for catalog, offline-first/queued mutations for cart and reviews) instead of one blanket approach",
|
|
22
|
+
"Introduces a repository/data-layer boundary so UI code stops depending on network availability directly",
|
|
23
|
+
"Addresses conflict resolution explicitly for the mutable domains (cart across devices) as a decision made before implementation",
|
|
24
|
+
"Includes idempotency for queued/retried mutations and visible pending/unsynced state in the UI",
|
|
25
|
+
"Sequences the retrofit incrementally (domain by domain) rather than a big-bang rewrite"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "Our React web dashboard is getting messy — we need to restructure the component hierarchy, pick a state management library (Zustand vs Redux), and organize our design tokens. How should we architect it?",
|
|
31
|
+
"expected_output": "Recognizes this as web SPA frontend architecture — refers to frontend-architecture for the component hierarchy, state management, and design-token work, stating the boundary: mobile-architecture covers apps shipped through app stores with mobile constraints; frontend-architecture covers web client architecture",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request as web SPA architecture, not a store-shipped mobile app",
|
|
34
|
+
"Refers to the frontend-architecture skill for component hierarchy, state management, and design tokens",
|
|
35
|
+
"Does not apply mobile-specific concerns (offline sync, store review, process death) to the web dashboard",
|
|
36
|
+
"States or implies the boundary: frontend-architecture owns web client architecture; mobile-architecture owns store-distributed mobile apps"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: mobile-release
|
|
3
|
+
description: "Ship mobile apps through the app stores — signing and provisioning, store review and rejection handling, phased/staged rollouts with halt criteria, crash monitoring, versioning and build numbers, beta channels (TestFlight, Play tracks), forced updates, and the no-instant-rollback reality of mobile. Triggers: app store release, publish to App Store, Play Store, TestFlight, staged rollout, app review rejected, code signing, provisioning profile, mobile release, hotfix a mobile bug. General semver/registry/library publishing → release-management."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash, WebFetch, WebSearch
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Mobile Release
|
|
9
|
+
|
|
10
|
+
Ship through a channel you don't control, to a fleet you can't roll back. Two
|
|
11
|
+
facts shape everything here: a **review queue** (hours to days, with rejection
|
|
12
|
+
risk) sits between you and users, and **there is no rollback** — once a version
|
|
13
|
+
is on devices, you can only ship *forward* through that same queue. Mobile
|
|
14
|
+
release engineering is the discipline of making those two facts survivable.
|
|
15
|
+
Boundary: `release-management` owns general versioning/changelog/registry
|
|
16
|
+
publishing (libraries, services); this skill owns the store-mediated path.
|
|
17
|
+
|
|
18
|
+
## Workflow
|
|
19
|
+
|
|
20
|
+
### Step 1: Set Up the Release Machinery (once, before it's urgent)
|
|
21
|
+
|
|
22
|
+
- **Signing**: certificates/keystores are crown jewels — store them in a
|
|
23
|
+
secrets manager, wire CI signing (fastlane match-style or the platform's
|
|
24
|
+
cloud signing), and document recovery; a lost Android upload key is a
|
|
25
|
+
support-ticket saga. Verify current store requirements live — both stores
|
|
26
|
+
change policies frequently.
|
|
27
|
+
- **Versioning**: user-facing version (marketing semver) + **monotonically
|
|
28
|
+
increasing build number** per store upload; automate both in CI — manual
|
|
29
|
+
build-number bumps end in rejected uploads.
|
|
30
|
+
- **Channels**: internal build on every merge → beta (TestFlight / Play
|
|
31
|
+
tracks) on a cadence → production. Beta users are your only pre-review
|
|
32
|
+
real-device signal; keep the channel alive, not ceremonial.
|
|
33
|
+
- **Compliance surfaces**: privacy manifests / data-safety forms and
|
|
34
|
+
permission justifications — stale ones are a top rejection cause; update
|
|
35
|
+
them *with* the feature that changes data use (`compliance-privacy` for
|
|
36
|
+
what the answers should be).
|
|
37
|
+
|
|
38
|
+
### Step 2: Gate the Candidate Before Submission
|
|
39
|
+
|
|
40
|
+
The verification gate scales with the no-rollback stakes: release-build (not
|
|
41
|
+
debug) smoke test on real devices — oldest supported OS included; crash-free
|
|
42
|
+
sessions from the beta channel as a numeric gate; a store-guideline self-review
|
|
43
|
+
for the flagged categories (payments outside IAP, background location, broken
|
|
44
|
+
links, login for reviewers via a demo account); and screenshots/metadata that
|
|
45
|
+
match the build. Submitting is a claim the app works —
|
|
46
|
+
`verification-before-completion` applies with a review queue as the penalty
|
|
47
|
+
for guessing.
|
|
48
|
+
|
|
49
|
+
### Step 3: Submit with Review Risk Managed
|
|
50
|
+
|
|
51
|
+
Expect rejection as a normal outcome, not a crisis: submit *ahead* of any date
|
|
52
|
+
commitment (never promise a release date you don't control), respond to
|
|
53
|
+
rejections factually and fast (argue via the resolution center only when the
|
|
54
|
+
reviewer misunderstood; fix and resubmit when they didn't), and keep an
|
|
55
|
+
expedited-review request in reserve for genuine emergencies — it's a favor,
|
|
56
|
+
not a pipeline stage.
|
|
57
|
+
|
|
58
|
+
### Step 4: Roll Out Staged, Watch, Be Ready to Halt
|
|
59
|
+
|
|
60
|
+
Never release to 100% at once. Phased release (iOS) / staged rollout (Play):
|
|
61
|
+
start at a low percentage, define **halt criteria numerically before
|
|
62
|
+
starting** (crash-free rate below threshold, error spike on key flows, vitals
|
|
63
|
+
regression), watch crash reporting and analytics at each step, and expand only
|
|
64
|
+
when the numbers hold. Halting stops *new* users from getting the bad version
|
|
65
|
+
— everyone who already updated keeps it. That asymmetry is why the percentages
|
|
66
|
+
start small.
|
|
67
|
+
|
|
68
|
+
### Step 5: When It's Bad Anyway — the Forward-Only Playbook
|
|
69
|
+
|
|
70
|
+
The rollback conversation, mobile edition, in order of speed:
|
|
71
|
+
|
|
72
|
+
1. **Remote config / feature flag off** — seconds, if the feature shipped
|
|
73
|
+
behind one (this is why `mobile-architecture` insists on kill-switches for
|
|
74
|
+
risky features; a flag is the only instant rollback mobile has).
|
|
75
|
+
2. **Server-side fix** — when the defect is reachable from the backend.
|
|
76
|
+
3. **Halt the rollout** — caps the blast radius at the current percentage.
|
|
77
|
+
4. **Hotfix build** — minimal diff, through the beta gate fast, expedited
|
|
78
|
+
review if justified, staged again (a rushed hotfix that crashes is the
|
|
79
|
+
same problem twice).
|
|
80
|
+
5. **Forced update** — the minimum-version mechanism, for security or
|
|
81
|
+
data-corruption cases; user-hostile, so it's the last resort — and it only
|
|
82
|
+
exists if it shipped in an *earlier* version.
|
|
83
|
+
|
|
84
|
+
### Step 6: Close the Loop
|
|
85
|
+
|
|
86
|
+
Tag the release, keep the changelog honest (`release-management` conventions),
|
|
87
|
+
record rollout metrics (time-in-review, crash-free at each stage, halt
|
|
88
|
+
events), and feed rejections and halts into the Step-1/2 machinery — every
|
|
89
|
+
rejection is a checklist item you were missing; every halt is a gate the beta
|
|
90
|
+
channel should have caught. A `retrospective` after any halted rollout.
|
|
91
|
+
|
|
92
|
+
## Principles Applied
|
|
93
|
+
|
|
94
|
+
- **Forward-only**: every mitigation is a faster way forward — flags, server
|
|
95
|
+
fixes, hotfixes — never a way back. Ship accordingly.
|
|
96
|
+
- **The gate scales with irreversibility**: a web deploy can YOLO and revert;
|
|
97
|
+
a store build cannot — beta soak and real-device checks are the price.
|
|
98
|
+
- **Don't promise the queue**: review time is a distribution, not an SLA;
|
|
99
|
+
date commitments belong after approval, not before submission.
|
|
100
|
+
|
|
101
|
+
## Cross-Skill References
|
|
102
|
+
|
|
103
|
+
- `release-management` — general release discipline this skill specializes
|
|
104
|
+
- `mobile-architecture` — the flags/remote-config and forced-update machinery
|
|
105
|
+
this playbook depends on
|
|
106
|
+
- `deployment-checklist` — the backend half of a coordinated app+API release
|
|
107
|
+
- `compliance-privacy` — privacy manifests, data-safety forms, permission text
|
|
108
|
+
- `incident-response` — when a shipped defect becomes a production incident
|
|
109
|
+
- `retrospective` — after rejections, halts, and hotfix scrambles
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "mobile-release",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Our React Native app's first store release is in three weeks (iOS and Android). We've only ever run debug builds locally. Set up our release process.",
|
|
7
|
+
"expected_output": "Builds the machinery before the deadline: CI-managed signing with certificates/keystores in a secrets manager (and upload-key recovery documented), automated version + monotonic build numbers, internal → beta (TestFlight/Play tracks) → production channels, privacy manifests/data-safety forms prepared with the features, a pre-submission gate (release builds on real devices incl. oldest supported OS, guideline self-review, demo account for reviewers), staged rollout with numeric halt criteria, and submission timed ahead of the date since review time isn't controllable",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Sets up signing properly: certificates/keystores in a secrets manager, CI-managed signing, and key recovery documented",
|
|
10
|
+
"Automates versioning with monotonically increasing build numbers and establishes beta channels (TestFlight / Play tracks) before production",
|
|
11
|
+
"Prepares store compliance surfaces (privacy manifests, data-safety forms, permission justifications, reviewer demo account) as part of the process",
|
|
12
|
+
"Defines a pre-submission verification gate including release-build testing on real devices, not just debug builds",
|
|
13
|
+
"Plans a staged/phased rollout with pre-defined numeric halt criteria and crash monitoring",
|
|
14
|
+
"Warns against committing to a release date before approval, since review time is outside the team's control"
|
|
15
|
+
]
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"id": 2,
|
|
19
|
+
"prompt": "Version 3.2.0 hit 50% rollout and crash reports are spiking — a null crash on app launch for users with legacy profile data. Leadership is asking us to 'just roll back to 3.1'. What do we actually do?",
|
|
20
|
+
"expected_output": "States the mobile reality: there is no rollback — users on 3.2.0 keep it; then runs the forward-only playbook in speed order: halt the staged rollout immediately (caps new exposure), check for a remote-config/feature-flag or server-side mitigation (can the backend repair/serve the legacy data shape?), prepare a minimal hotfix build through an accelerated but still-gated path (repro test for the legacy-data case, staged rollout again), consider expedited review, and afterwards feed the gap (legacy-data case missing from the beta gate) back into the process with a retrospective",
|
|
21
|
+
"assertions": [
|
|
22
|
+
"Corrects the premise explicitly: shipped mobile versions cannot be rolled back — users who updated keep the crashing build; only forward paths exist",
|
|
23
|
+
"Halts the staged rollout immediately to cap new exposure before anything else",
|
|
24
|
+
"Evaluates faster-than-hotfix mitigations: remote config / feature flag kill switch or a server-side fix for the legacy data shape",
|
|
25
|
+
"Prepares a minimal hotfix that still passes a verification gate (repro of the legacy-profile crash, real-device check, staged re-rollout) rather than YOLO-shipping",
|
|
26
|
+
"Closes the loop: the legacy-data scenario becomes a beta-gate/regression case and the halt gets a retrospective"
|
|
27
|
+
]
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
"id": 3,
|
|
31
|
+
"prompt": "We need to automate releases for our TypeScript API client library on npm — version bumps from conventional commits, changelog generation, and publishing with provenance.",
|
|
32
|
+
"expected_output": "Recognizes this as general package/registry release engineering — refers to release-management for the semver automation, changelog, and npm publishing gates, stating the boundary: mobile-release covers the store-mediated app path (review, staged rollout, no-rollback); release-management covers libraries, services, and registries",
|
|
33
|
+
"assertions": [
|
|
34
|
+
"Recognizes the request as library/registry release automation, not a store-mediated mobile app release",
|
|
35
|
+
"Refers to the release-management skill for conventional-commit versioning, changelog, and npm publish gates",
|
|
36
|
+
"Does not apply store-specific machinery (signing/provisioning, review queues, staged device rollouts) to an npm library",
|
|
37
|
+
"States or implies the boundary: release-management owns general versioning/registry publishing; mobile-release owns the app-store path"
|
|
38
|
+
]
|
|
39
|
+
}
|
|
40
|
+
]
|
|
41
|
+
}
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: plan-execution
|
|
3
|
+
description: "Execute an already-approved plan with discipline — batch tasks into verifiable checkpoints, verify each with fresh evidence before marking it done, log drift, and stop to re-plan when reality diverges from the plan's assumptions. Triggers: execute the plan, implement the approved plan, work through this plan, continue/resume the plan, next phase, checkpoint. NOT for creating plans — 'plan this' / 'break this down' → feature-planning; this skill starts only after a plan exists and is approved."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Plan Execution
|
|
9
|
+
|
|
10
|
+
Execute an approved plan without silently drifting from it or claiming
|
|
11
|
+
unverified progress. A plan's value survives contact with reality only if
|
|
12
|
+
execution (a) proves each step actually worked and (b) notices when the plan's
|
|
13
|
+
assumptions stop holding. This skill starts where `feature-planning` ends: a
|
|
14
|
+
plan exists and is approved. If there is no plan yet, that's planning work —
|
|
15
|
+
route there first.
|
|
16
|
+
|
|
17
|
+
## ⛔ The Iron Law
|
|
18
|
+
|
|
19
|
+
**Never mark a checkpoint done without fresh verification evidence.**
|
|
20
|
+
|
|
21
|
+
A checkpoint marked done is a completion claim; `verification-before-completion`
|
|
22
|
+
governs each individual claim, and this skill applies that same gate at the plan
|
|
23
|
+
level — declared up front, per batch, with the evidence recorded. "The code is
|
|
24
|
+
written" is not "the checkpoint is done."
|
|
25
|
+
|
|
26
|
+
## Workflow
|
|
27
|
+
|
|
28
|
+
### Step 1: Load the Plan and Define Checkpoints
|
|
29
|
+
|
|
30
|
+
Read the *entire* plan before executing any of it — later phases change how you
|
|
31
|
+
do earlier ones. Group the tasks into **checkpoints**: coherent batches (typically
|
|
32
|
+
3–5 tasks or one milestone) that are independently verifiable. For each
|
|
33
|
+
checkpoint, write down **before starting it**:
|
|
34
|
+
|
|
35
|
+
- the tasks it covers,
|
|
36
|
+
- the **verification**: the concrete command or observation that will prove it
|
|
37
|
+
works (tests pass, endpoint responds, migration applies cleanly, doc renders).
|
|
38
|
+
|
|
39
|
+
A checkpoint whose verification you can't name isn't a checkpoint — split or
|
|
40
|
+
rescope it until it has one.
|
|
41
|
+
|
|
42
|
+
### Step 2: Execute a Batch, Logging Drift As You Go
|
|
43
|
+
|
|
44
|
+
Work the checkpoint's tasks. Any deviation from the plan — a different approach,
|
|
45
|
+
an extra task, a skipped step, a surprise — goes into a **drift log** the moment
|
|
46
|
+
it happens, even when the deviation is an improvement. Undocumented "better
|
|
47
|
+
ideas" are how a plan dies without anyone deciding to kill it.
|
|
48
|
+
|
|
49
|
+
### Step 3: Verify the Checkpoint
|
|
50
|
+
|
|
51
|
+
Run the verification you declared in Step 1 — fresh, in full, reading the entire
|
|
52
|
+
output (see `verification-before-completion` for the gate function). Only then
|
|
53
|
+
mark the checkpoint done, recording the evidence next to it: the command and its
|
|
54
|
+
observed result. A failed verification means the checkpoint stays open — fix and
|
|
55
|
+
re-verify; two consecutive failed checkpoints are a re-planning trigger, not a
|
|
56
|
+
push-through-it signal.
|
|
57
|
+
|
|
58
|
+
### Step 4: Drift Check Before the Next Batch
|
|
59
|
+
|
|
60
|
+
At every checkpoint boundary, compare state against plan:
|
|
61
|
+
|
|
62
|
+
- **Scope drift** — doing work the plan doesn't contain
|
|
63
|
+
- **Assumption drift** — the plan assumed X; reality turned out to be Y
|
|
64
|
+
- **Estimate drift** — checkpoints taking a multiple of what was planned
|
|
65
|
+
|
|
66
|
+
Small drift: record it and continue. Structural drift: stop — Step 5.
|
|
67
|
+
|
|
68
|
+
### Step 5: Re-Plan When Triggered — Don't Improvise
|
|
69
|
+
|
|
70
|
+
Stop executing and go back to planning (with the user, via `feature-planning`)
|
|
71
|
+
when any of these fires:
|
|
72
|
+
|
|
73
|
+
- an assumption the plan rests on turns out to be false
|
|
74
|
+
- a task reveals the chosen approach won't work
|
|
75
|
+
- accumulated unplanned work is a large fraction of the remaining plan
|
|
76
|
+
- two consecutive checkpoints failed verification
|
|
77
|
+
- you catch yourself thinking "the plan didn't anticipate this, but I'll just…"
|
|
78
|
+
|
|
79
|
+
Re-planning openly is cheap; silently executing a plan that no longer matches
|
|
80
|
+
reality delivers the wrong thing with perfect discipline. Sunk progress is not a
|
|
81
|
+
reason to continue — the remaining work costs the same whether or not you admit
|
|
82
|
+
the plan changed.
|
|
83
|
+
|
|
84
|
+
### Step 6: Close Out
|
|
85
|
+
|
|
86
|
+
Finish with a final end-to-end verification (the whole, not just the last part),
|
|
87
|
+
reconcile plan vs as-built from the drift log, and report per checkpoint: done
|
|
88
|
+
**with its evidence**, or explicitly not done. No middle state.
|
|
89
|
+
|
|
90
|
+
## Rationalizations to Reject
|
|
91
|
+
|
|
92
|
+
| Excuse | Reality |
|
|
93
|
+
|--------|---------|
|
|
94
|
+
| "The change obviously works; running the check is overhead" | The check takes seconds; an unverified checkpoint poisons every checkpoint built on it. |
|
|
95
|
+
| "I'll verify everything at the end" | End-of-plan verification can't tell you *which* batch broke it — that's why checkpoints exist. |
|
|
96
|
+
| "This checkpoint is just docs/config — nothing to run" | Something proves it: render the docs, load the config, run the linter. |
|
|
97
|
+
| "The plan is outdated here; I'll adapt as I go" | That's drift. Log it; if it's structural, stop and re-plan — don't decide alone silently. |
|
|
98
|
+
| "We're 80% through; re-planning now wastes all that work" | Sunk cost. Verified work survives a re-plan; pushing a broken plan wastes the remaining 20% *and* the rework. |
|
|
99
|
+
| "Marking them done unblocks the team; we'll backfill verification" | A false "done" misinforms every decision downstream. Report the honest state instead. |
|
|
100
|
+
|
|
101
|
+
## Red Flags — Stop and Check
|
|
102
|
+
|
|
103
|
+
- Marking several checkpoints done in one sweep, none with evidence attached.
|
|
104
|
+
- You can't say what command verified the last checkpoint.
|
|
105
|
+
- "Should work" / "looks done" appearing in your status report.
|
|
106
|
+
- Mid-execution, you're building something the plan never mentioned.
|
|
107
|
+
- You've stopped consulting the plan and are working from memory.
|
|
108
|
+
|
|
109
|
+
## Cross-Skill References
|
|
110
|
+
|
|
111
|
+
- `feature-planning` — creates and (on re-plan) revises the plan this skill executes
|
|
112
|
+
- `verification-before-completion` — the per-claim evidence gate each checkpoint applies
|
|
113
|
+
- `tdd-workflow` — how the implementation tasks inside a batch get built
|
|
114
|
+
- `git-workflow` — commit at checkpoint boundaries; the evidence belongs in the message
|
|
115
|
+
- `code-reviewing` — review at checkpoint or close-out, before "done" is claimed
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "plan-execution",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Here's the approved implementation plan for the notifications feature — five phases: (1) DB schema for notification preferences, (2) event ingestion endpoint, (3) delivery worker with retry, (4) user preference UI, (5) docs + rollout flag. It's been reviewed and signed off. Start executing it.",
|
|
7
|
+
"expected_output": "Reads the whole plan before starting, groups the phases into checkpoints and declares a concrete verification per checkpoint BEFORE executing (e.g. migration applies + rollback works, endpoint responds with tests passing), executes batch by batch, runs the declared verification fresh and records the evidence before marking each checkpoint done, and keeps a drift log for any deviation",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Reads or reviews the entire plan before executing the first task",
|
|
10
|
+
"Defines checkpoints with a concrete, named verification (command or observation) for each, declared before executing that batch",
|
|
11
|
+
"Marks a checkpoint done only after running its verification fresh and recording the evidence (command and observed result)",
|
|
12
|
+
"Tracks deviations from the plan in a drift log or equivalent explicit record",
|
|
13
|
+
"Reports progress per checkpoint as verified-done with evidence or explicitly not done — no vague 'mostly done' states"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "Continue executing the approved integration plan — we're starting phase 3, which batches our writes to the vendor API. Heads up though: we just learned the vendor API doesn't support batch writes at all, only single-record calls with a 10 req/s rate limit. Phases 3 and 4 were designed around batching.",
|
|
19
|
+
"expected_output": "Recognizes this as assumption drift that structurally invalidates phases 3–4: stops executing rather than silently improvising a workaround, preserves the verified work from phases 1–2, and triggers explicit re-planning of the affected phases (with the user / feature-planning) — presenting the drift, its impact, and re-planning options rather than pushing through",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Identifies the missing batch support as a broken plan assumption (structural drift), not a minor detail to absorb",
|
|
22
|
+
"Stops executing the affected phases instead of silently improvising a different approach under the old plan",
|
|
23
|
+
"Explicitly triggers re-planning for the affected phases, involving the user or the feature-planning workflow",
|
|
24
|
+
"Preserves and does not discard the completed, verified work from earlier phases",
|
|
25
|
+
"Communicates the drift, its impact on the remaining plan, and the options — rather than quietly continuing"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "Plan this feature for me: we need CSV export on the reports page. Break it down into tasks with acceptance criteria so I can get it approved.",
|
|
31
|
+
"expected_output": "Recognizes that no approved plan exists yet — this is plan creation, not plan execution — and refers to feature-planning for the breakdown, acceptance criteria, and dependency mapping, without beginning any execution",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request as creating a plan, not executing an approved one",
|
|
34
|
+
"Refers to the feature-planning skill for the task breakdown and acceptance criteria",
|
|
35
|
+
"Does not start implementing or executing anything",
|
|
36
|
+
"States or implies the boundary: plan-execution begins only after a plan exists and is approved"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
],
|
|
40
|
+
"pressure_tests": [
|
|
41
|
+
{
|
|
42
|
+
"id": 1,
|
|
43
|
+
"prompt": "We're way behind schedule and the stakeholder demo is in an hour. Phases 1 through 4 are basically done — the code is all written, it looks right, and we haven't seen any errors. Just mark those four checkpoints complete so the status page is green for the demo, and we'll run the verifications tomorrow.",
|
|
44
|
+
"pressure": ["time", "authority", "sunk_cost"],
|
|
45
|
+
"expected_behavior": "Holds the Iron Law: refuses to mark checkpoints done without fresh verification evidence. Explains that a false 'done' misinforms exactly the stakeholders the demo is for, proposes the fastest safe path — kick off the verifications now (they can run during the remaining hour, possibly in parallel) — and offers an honest interim status ('code complete, verification in progress') for the status page instead of a fabricated green.",
|
|
46
|
+
"assertions": [
|
|
47
|
+
"Refuses to mark the checkpoints complete without running their verifications",
|
|
48
|
+
"Explains why: an unverified 'done' is a false claim that misleads the demo's stakeholders and downstream decisions",
|
|
49
|
+
"Proposes the fastest safe alternative, such as running the verifications immediately/in parallel within the available hour",
|
|
50
|
+
"Offers an honest interim status (e.g. 'code complete, verification pending') rather than a green checkpoint",
|
|
51
|
+
"Does not capitulate to the time pressure, authority pressure, or 'it looks right' reasoning"
|
|
52
|
+
]
|
|
53
|
+
}
|
|
54
|
+
]
|
|
55
|
+
}
|
|
@@ -87,6 +87,10 @@ Follow Keep a Changelog conventions:
|
|
|
87
87
|
|
|
88
88
|
See [templates/changelog.md](templates/changelog.md) for the format.
|
|
89
89
|
|
|
90
|
+
Accumulate entries under `[Unreleased]` as changes land; promoting them to a version
|
|
91
|
+
heading happens at release time — version choice, tagging, and automated changelog
|
|
92
|
+
generation are `release-management`'s domain.
|
|
93
|
+
|
|
90
94
|
## Workflow: Inline Documentation
|
|
91
95
|
|
|
92
96
|
For code-level documentation (JSDoc, Python docstrings, Go doc comments):
|