CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-06 21:46:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: wire learnings into all insight-producing skills

Browse Source 
Adds LEARNINGS_SEARCH and/or LEARNINGS_LOG to 10 skill templates that
produce reusable insights but were previously disconnected from the
learning system:

- office-hours, plan-ceo-review, plan-eng-review: add LOG (had SEARCH)
- plan-design-review: add both SEARCH + LOG (had neither)
- design-review, design-consultation, cso, qa, qa-only: add both
- retro: add SEARCH (had LOG)

13 skills now fully participate in the learning loop (read + write).
Every review, QA, investigation, and design session both consults prior
learnings and contributes new ones.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-29 21:06:36 -07:00
parent cade276c20
commit d6530583a8
20 changed files with 523 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cso/SKILL.md
+63
View File
@@ -420,6 +420,44 @@ grep -q "laravel" composer.json 2>/dev/null && echo "FRAMEWORK: Laravel"
This is NOT a checklist — it's a reasoning phase. The output is understanding, not findings.
## Prior Learnings
Search for relevant learnings from previous sessions:
```bash
_CROSS_PROJ=$(~/.claude/skills/gstack/bin/gstack-config get cross_project_learnings 2>/dev/null || echo "unset")
echo "CROSS_PROJECT: $_CROSS_PROJ"
if [ "$_CROSS_PROJ" = "true" ]; then
~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 --cross-project 2>/dev/null || true
else
~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 2>/dev/null || true
fi
```
If `CROSS_PROJECT` is `unset` (first time): Use AskUserQuestion:
> gstack can search learnings from your other projects on this machine to find
> patterns that might apply here. This stays local (no data leaves your machine).
> Recommended for solo developers. Skip if you work on multiple client codebases
> where cross-contamination would be a concern.
Options:
- A) Enable cross-project learnings (recommended)
- B) Keep learnings project-scoped only
If A: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings true`
If B: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings false`
Then re-run the search with the appropriate flag.
If learnings are found, incorporate them into your analysis. When a review finding
matches a past learning, display:
**"Prior learning applied: [key] (confidence N/10, from [date])"**
This makes the compounding visible. The user should see that gstack is getting
smarter on their codebase over time.
### Phase 1: Attack Surface Census
Map what an attacker sees — both code surface and infrastructure surface.
@@ -939,6 +977,31 @@ Write findings to `.gstack/security-reports/{date}-{HHMMSS}.json` using this sch
If `.gstack/` is not in `.gitignore`, note it in findings — security reports should stay local.
## Capture Learnings
If you discovered a non-obvious pattern, pitfall, or architectural insight during
this session, log it for future sessions:
```bash
~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"cso","type":"TYPE","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"SOURCE","files":["path/to/relevant/file"]}'
```
**Types:** `pattern` (reusable approach), `pitfall` (what NOT to do), `preference`
(user stated), `architecture` (structural decision), `tool` (library/framework insight),
`operational` (project environment/CLI/workflow knowledge).
**Sources:** `observed` (you found this in the code), `user-stated` (user told you),
`inferred` (AI deduction), `cross-model` (both Claude and Codex agree).
**Confidence:** 1-10. Be honest. An observed pattern you verified in the code is 8-9.
An inference you're not sure about is 4-5. A user preference they explicitly stated is 10.
**files:** Include the specific file paths this learning references. This enables
staleness detection: if those files are later deleted, the learning can be flagged.
**Only log genuine discoveries.** Don't log obvious things. Don't log things the user
already knows. A good test: would this insight save time in a future session? If yes, log it.
## Important Rules
- **Think like an attacker, report like a defender.** Show the exploit path, then the fix.
cso/SKILL.md.tmpl
+4
View File
@@ -102,6 +102,8 @@ grep -q "laravel" composer.json 2>/dev/null && echo "FRAMEWORK: Laravel"
This is NOT a checklist — it's a reasoning phase. The output is understanding, not findings.
{{LEARNINGS_SEARCH}}
### Phase 1: Attack Surface Census
Map what an attacker sees — both code surface and infrastructure surface.
@@ -598,6 +600,8 @@ Write findings to `.gstack/security-reports/{date}-{HHMMSS}.json` using this sch
If `.gstack/` is not in `.gitignore`, note it in findings — security reports should stay local.
{{LEARNINGS_LOG}}
## Important Rules
- **Think like an attacker, report like a defender.** Show the exploit path, then the fix.