forked from molecule-ai/molecule-core
f3b0b9e572
PR #63 just merged 12 new modular plugins (split from a single guardrails bundle) and the audit pipeline (Security/UIUX/QA crons) is now producing PRs continuously. Time to wire the new plugins into the molecule-dev template so every workspace + every cron tick benefits. ## Defaults — universal additions (was 3, now 9) - molecule-careful-bash — refuse rm -rf, push --force main, DROP TABLE - molecule-prompt-watchdog — warn on destructive user prompts - molecule-audit-trail — append every Edit/Write to .claude/audit.jsonl - molecule-session-context — auto-load cron learnings + PR/issue counts on SessionStart - molecule-skill-cron-learnings — per-tick learning JSONL format (pairs with session-context) - molecule-skill-update-docs — keep architecture/README/edit-history aligned Kept: ecc, molecule-dev, superpowers. ## Per-role overrides - PM: defaults + molecule-workflow-triage + molecule-workflow-retro (the /triage and /retro slash commands match PM's coordination role) - Security Auditor: defaults + molecule-skill-code-review + molecule-skill-cross-vendor-review + molecule-skill-llm-judge (security PRs benefit from multi-criteria review, adversarial cross-vendor second opinion, and an LLM-judge gate that catches "agent shipped the wrong thing") - Research Lead + 3 researchers + UIUX Designer: defaults + browser-automation (existing override; just synced to the new default set) Other 5 dev roles (Dev Lead, BE, FE, DevOps, QA) inherit defaults — the new universal set is rich enough for them; code-review skill is a runtime opt-in if Dev Lead decides per-PR. ## REPLACE-semantics verbosity `platform/internal/handlers/org.go:~345` treats per-workspace plugins as REPLACE not UNION. Every override has to re-list the 9 defaults to add 1 extra. Tracked as #68 with a union-proposal; once that lands the per-role lists shrink to just the additions. ## Test plan - [x] YAML valid (`python -c "import yaml; yaml.safe_load(...)"`) - [x] defaults.plugins count = 9 - [ ] After merge + re-import: every workspace's /configs/plugins/ contains the full set; PM has /triage and /retro commands; Security Auditor can invoke cross-vendor-review on its findings. |
||
|---|---|---|
| .. | ||
| backend-engineer | ||
| competitive-intelligence | ||
| dev-lead | ||
| devops-engineer | ||
| frontend-engineer | ||
| market-analyst | ||
| pm | ||
| qa-engineer | ||
| research-lead | ||
| security-auditor | ||
| technical-researcher | ||
| uiux-designer | ||
| .env.example | ||
| org.yaml | ||