Stats
Actions
Tags
From spwf
Phase 2 — Approve plan. Reviews the task list from spec for quality (atomicity, testability, clarity), then applies four adversarial lenses (Skeptic, Architect, Minimalist, Security) as advisory input for the human reviewer. Quality issues are blocking; adversarial findings are advisory. Security lens identifies tasks touching auth, billing, user input, or secrets so the builder has explicit awareness before writing those tasks. Presents everything for explicit human go/no-go before building starts.
How this skill is triggered — by the user, by Claude, or both
Slash command
/spwf:approve-planThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Review the task list that `spec` generated. The plan was created by `spec` — this step does not create or rewrite tasks. It assesses them.
Review the task list that spec generated. The plan was created by spec — this step does not create or rewrite tasks. It assesses them.
Two layers of review, in order:
The human makes the final call. challenge has already challenged the underlying idea — this step reviews the plan, not the idea.
If $ARGUMENTS contains a change-id, use it. Otherwise:
openspec list --json
If multiple active changes exist, list them and ask which to review.
Read:
openspec/changes/{change-id}/tasks.mdopenspec/changes/{change-id}/proposal.md — the intent and success criteriaIf tasks.md does not exist, halt:
No tasks.md found for change: {change-id}
Run /spwf:spec first.
For each task, check:
| Dimension | Good | Flag |
|---|---|---|
| Atomic | One outcome per task | Task contains "and" implying two things |
| Independently testable | Verifiable without running the full system | Completion only visible when several tasks are done |
| Unambiguous | Clear deliverable, no interpretation | Vague verbs: "handle", "update", "improve" with no object |
| Appropriately sized | Completable in one focused session | Multiple phases compressed into one task |
| Well-ordered | No uncompleted dependency above it | Implicit dependency not reflected in ordering |
Mark each issue ⚠ with a specific suggested fix. These are the only findings that warrant holding up approval.
Apply three lenses to the plan as a whole. Findings from this step are advisory — the human decides whether to act on them. Do not re-litigate the spec or ideation file; challenge has already done that work. Focus on the task list structure and coverage.
proposal.md?Identify any task that touches a security-sensitive surface. Flag it as ⚠ Security with the specific surface. This is not a blocker — it is advance notice so the builder agent and human reviewer know which tasks warrant closer attention.
Security-sensitive surfaces:
Mark each finding ⚠ Security: {surface}. No suggested fix — the note is a heads-up, not a prescription. A task with no security surfaces needs no entry.
If any security-sensitive tasks are identified, add a reminder at the bottom of the security section:
Before merging, consider running /trailofbits:semgrep for a thorough SAST review
against curated Trail of Bits rulesets (SARIF output, Important-only filtering).
Mark each finding ℹ with the lens name for Skeptic/Architect/Minimalist. No suggested fix required — these are prompts for the human reviewer, not prescriptions.
## Approve plan: {change-id}
{X} tasks across {Y} phases
### Phase 1 — {name}
[ ] 1.1 {task}
[ ] 1.2 {task} ⚠ vague — "update" with no specified target
[ ] 1.3 {task}
### Phase 2 — {name}
[ ] 2.1 {task}
[ ] 2.2 {task}
---
### Quality issues (resolve before building)
- 1.2: {specific issue and suggested fix}
### Adversarial findings (advisory)
- ℹ Skeptic: {finding}
- ℹ Architect: {finding}
- ℹ Minimalist: {finding}
### Security-sensitive tasks (heads-up for builder)
- ⚠ Security: 2.1 — user input enters SQL query (injection surface)
- ⚠ Security: 3.2 — adds environment variable for external API key
---
Approve? → /spwf:build
Revise tasks → edit openspec/changes/{change-id}/tasks.md, re-run /spwf:approve-plan
If no quality issues and no adversarial findings worth surfacing and no security-sensitive tasks:
## Approve plan: {change-id}
{X} tasks — quality checks passed, no adversarial concerns, no security-sensitive surfaces.
✓ Ready to build.
Run: /spwf:build
Stop after presenting. The human decides: approve, revise, or return to spec.
Once the human approves (with or without revisions), run git status to show what changed (typically tasks.md if revised, nothing if approved as-is), then propose a commit:
chore: approve plan — {change-id}
{if tasks were revised: Revised N tasks: {brief list of what changed and why}}
{if approved as-is: Plan approved without revision}
{any notable concern raised by adversarial review that was accepted or dismissed, e.g.
"Skeptic flagged missing error-state task — accepted, covered by existing error middleware"}
{any security-sensitive tasks flagged: heads-up for build phase on tasks N.N, N.N}
Ask: "Ready to commit? Confirm with 'yes' or edit the message first."
After confirming:
git add openspec/changes/{change-id}/tasks.md
git commit -m "{confirmed message}"
If there is nothing to commit (no file changes), skip the commit and note: "Nothing to commit — plan approved with no file changes."
npx claudepluginhub simon-potter/spwf --plugin spwfGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.