molecule-ai/molecule-core
36
0
Fork 2
Code Issues 15 Pull Requests 21 Actions 1.2k Packages Projects Releases Wiki Activity
564f377d1b
molecule-core/plugins/molecule-workflow-triage/commands/triage.md
Hongming Wang 119b02c544 feat(plugins): split guardrails into 12 modular plugins 
Replaces the proposed monolithic molecule-guardrails plugin with 12
single-purpose plugins users can install à la carte. Powered by a
small extension to the AgentskillsAdaptor base class so any plugin can
ship hooks/, commands/, and a settings-fragment.json without writing a
custom adapter.

## Base adapter changes

workspace-template/plugins_registry/builtins.py + sdk/python/molecule_plugin/builtins.py
(both copies — drift-tested):
- New _install_claude_layer() helper called at the end of install()
- Conditionally copies hooks/ → /configs/.claude/hooks/ (preserving exec bit)
- Conditionally copies commands/*.md → /configs/.claude/commands/
- Conditionally merges settings-fragment.json into /configs/.claude/settings.json
  with ${CLAUDE_DIR} placeholder rewritten to the workspace's absolute install
  path. Existing user hooks are preserved (deep-merge by event name).
- All steps no-op when the plugin doesn't ship the corresponding files,
  so existing skill+rule plugins (molecule-dev, superpowers, ecc,
  browser-automation) are unchanged.

Drift test (tests/test_plugins_builtins_drift.py) still passes.

## 12 new plugins

Hook plugins (ambient enforcement):
- molecule-careful-bash       — refuses destructive bash; ships careful-mode skill
- molecule-freeze-scope       — locks edits via .claude/freeze
- molecule-audit-trail        — appends every Edit/Write to audit.jsonl
- molecule-session-context    — auto-loads cron-learnings at session start
- molecule-prompt-watchdog    — injects warnings on destructive prompt keywords

Skill plugins (on-demand):
- molecule-skill-code-review        — 16-criteria multi-axis review
- molecule-skill-cross-vendor-review — adversarial second-model review
- molecule-skill-llm-judge          — deliverable-vs-request scoring
- molecule-skill-update-docs        — post-merge doc sync
- molecule-skill-cron-learnings     — operational-memory JSONL format

Workflow plugins (slash commands):
- molecule-workflow-triage  — /triage full PR-triage cycle
- molecule-workflow-retro   — /retro + cron-retro skill, weekly retrospective

Each ships only what it needs — most have just plugin.yaml + skills/ or
hooks/ + adapter (one-line stub: `from plugins_registry.builtins import
AgentskillsAdaptor as Adaptor`). Total ~120 files but each plugin is
small and self-contained.

## Verification

- python3 -m molecule_plugin validate plugins/molecule-* → all 13 valid
  (12 new + pre-existing molecule-dev)
- End-to-end install smoke test on representative samples: hook plugin
  (molecule-careful-bash), skill-only plugin (molecule-skill-code-review),
  workflow plugin (molecule-workflow-triage). All produce expected
  /configs/ tree, settings.json paths rewritten, exec bits preserved,
  zero warnings.
- workspace-template pytest tests/test_plugins_builtins_drift.py → passes
  (SDK + runtime stay in sync).

## CLAUDE.md repo-doc updated

Lists all 12 new plugins under the existing Plugins section, organized
by category (hook / skill / workflow). Each entry one line, recommend-
together hints where dependencies make sense.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 12:20:04 -07:00

2.0 KiB
Raw Blame History

name description
triage Run a full PR-triage cycle (gates 1-7 + code-review + merge if green). Equivalent to one cron tick, on demand.

/triage

Manual invocation of the hourly PR-triage flow. Use when:

  • You want to clear backlog faster than the hourly cadence
  • You're testing a change to the triage prompt itself
  • A scheduled cron has died and the queue is backing up

Steps

Step 0 — Activate guards + replay learnings

  1. Skill careful-mode — load REFUSE/WARN/ALLOW lists.
  2. Read last 20 lines of cron-learnings JSONL (workspace memory dir).

Step 1 — List

gh pr list --state open --json number,title,author,isDraft,mergeable,statusCheckRollup
gh issue list --state open --json number,title,assignees,labels

Step 2 — 7-gate verification per PR

  • Gate 1 CI · Gate 2 build · Gate 3 tests · Gate 4 security · Gate 5 design · Gate 6 line review · Gate 7 Playwright if UI
  • Supplement A: Skill code-review
  • Supplement B: Skill cross-vendor-review on noteworthy PRs (auth/billing/data-deletion/migration/large-blast-radius)

Step 2a — Mechanical fixes only

Fix on-branch + commit fix(gate-N): ... + push + poll CI. NEVER fix logic / design / auth issues.

Step 2b — Merge

All gates pass + 0 🔴 from code-review + cross-vendor agreement → gh pr merge N --merge --delete-branch. Merge-commit only.

Step 3 — Docs sync after any merge

Skill update-docs — measure test counts, don't guess.

Step 4 — Issue pickup (cap 2)

For each candidate: gates I-1..I-6, self-assign, branch, implement, draft PR, run Skill llm-judge against issue body + PR diff. Mark ready only if score >= 4.

Step 5 — Status report + cron-learnings

Report includes every subsection ("none" if empty). Then append 1-3 lines to cron-learnings JSONL.

Standing rules (inviolable)

  • Never push to main · Merge-commits only
  • careful-mode REFUSE list ALWAYS blocks
  • code-review 🔴 ALWAYS blocks merge
  • cross-vendor disagreement on noteworthy PR escalates to user
  • llm-judge ≤ 2 blocks marking a draft PR ready