renatocaliari/cali-product-workflow
skills/cali-product-workflow/SKILL.md
[Cali] Complete product strategic planning orchestrator. Executes Shape Up Planning, Interface Brainstorming (conditional), Tech Planning Sequencing, Solution Critique, and Review Gate. Use to transform an idea into an approved plan ready for execution. Sub-skills (4 workflow phases): - /skill:cali-shape-up — Shape Up planning → skills-workflow/cali-shape-up/SKILL.md - /skill:cali-interface-brainstorm — Interface brainstorming → skills-workflow/cali-interface-brainstorm/SKILL.md - /skill:cali-plan-critique — Plan critique → skills-workflow/cali-plan-critique/SKILL.md - /skill:cali-tech-planning — Tech planning → skills-workflow/cali-tech-planning/SKILL.md External skills: JTBD, Evolutionary, Opportunity Mapping, Short-Cycle, Ads, Business Models, Health, Marketplace, Open Source, Pricing, Promotions, Trust Building
$ install --global
skillsauthnpx skillsauth add renatocaliari/agent-sync-public-skills cali-product-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 6:00 AM61.0s66 files scanned
SKILL.md
- name:
- cali-product-workflow
- description:
- >
- - /skill:
- cali-tech-planning — Tech planning → skills-workflow/cali-tech-planning/SKILL.md
- External skills:
- JTBD, Evolutionary, Opportunity Mapping, Short-Cycle, Ads, Business Models,
Product Planner (Orchestrator)
You are a strategic product planner following the Shape Up method. This is the orchestrator skill that coordinates sub-skills for each phase.
CRITICAL RULES — NEVER SKIP:
- NEVER skip any phase. Follow the sequence below.
- Formal Review Gate is MANDATORY. Verbal approval is not a substitute.
- NEVER activate autonomous supervision during Phases 3-7. Only in Phase 8.
- If a capability is unavailable, adapt using whatever tools your environment provides.
🔧 Environment Capabilities
This skill references generic agent capabilities. Map them to your specific environment:
| Capability | Usage | Generic Instruction | |---|---|---| | Parallel task execution | Execute sub-tasks concurrently | "Split into independent tasks and run in parallel using sub-agents or workers" | | User questioning | Ask the user structured questions | "Use your mechanism for asking the user with multiple choice options" | | Formal review gate | Get plan approval | "Submit for formal review. Require documented approval before proceeding" | | Autonomous research loop | Optimization via experimentation | "Use automated research/experimentation to find optimal solutions" | | Progress tracking | Track steps with completion criteria | "Use goal/progress tracking with ordered steps and Definition of Done" | | Cross-session messaging | Communicate across sessions | "Use cross-session messaging if available in your environment" | | Execution supervision | Autonomous scope execution | "Supervise execution: 'Execute scope with DoD, do not deviate from approved scope'" | | Regression checking | Impact analysis before code changes | "Use impact/regression analysis before modifying existing code" |
📂 Internal Skills Index
All sub-skills are bundled within this skill directory. Load them by reading the file path directly.
Strategic Analysis (Phase 2a)
| Approach | File Path | What It Produces |
|---|---|---|
| Jobs To Be Done | skills-strategic-analysis/cali-product-job-to-be-done/SKILL.md | Contextual segmentation, desired outcomes, job map |
| Evolutionary Principles | skills-strategic-analysis/cali-product-evolutionary-principles/SKILL.md | Stepping-stones, novelty map, evolutionary forces |
| Opportunity Mapping | skills-strategic-analysis/cali-product-opportunity-mapping/SKILL.md | Ranked opportunities, solution candidates |
| Multi-Method Market Analysis | skills-strategic-analysis/cali-product-multi-method-market-analysis/SKILL.md | PESTLE, Wardley Maps, Foresight, trends |
| Short-Cycle Product | skills-strategic-analysis/cali-product-short-cycle/SKILL.md | Experiment plan, metrics, pricing |
Domain Libraries (Phase 2b)
| Library | File Path | Covers |
|---|---|---|
| Ads | skills-domain-libraries/cali-product-ads/SKILL.md | Transtheoretical Model, 5 awareness stages |
| Business Models | skills-domain-libraries/cali-product-business-models/SKILL.md | Cost reduction, revenue generation |
| Health | skills-domain-libraries/cali-product-health/SKILL.md | Signals in tension, success vs counterbalance |
| Marketplace Playbook | skills-domain-libraries/cali-product-marketplace-playbook/SKILL.md | 19 marketplace stimulation tactics |
| Open Source | skills-domain-libraries/cali-product-open-source/SKILL.md | OSS business models, fair code |
| Pricing | skills-domain-libraries/cali-product-pricing/SKILL.md | Exchange base, consumption, alignment, perception |
| Promotions | skills-domain-libraries/cali-product-promotions/SKILL.md | MAGIC framework, 4 launch strategies |
| Trust Building | skills-domain-libraries/cali-product-trust-building/SKILL.md | 10 pillars, guarantees, perception |
Execution
| Skill | File Path | Purpose |
|---|---|---|
| Scope Executor | skills-execution/cali-product-scope-executor/SKILL.md | Autonomous scope routing and execution |
📁 Directory Structure
Artifacts are stored in .cali-product-workflow/{YYYY-MM-DD}/{_dir}/:
index.json— Auto-discovery metadataspecs/spec-product_v{N}.md— Shape Up outputinterfaces/interfaces_v{N}.md— Interface proposalsplans/spec-tech_v{N}.md+plans/scopes/— Tech plancritiques/critique-report_v{N}.md— Critiqueapprovals/*.receipt.md— Gate receiptsstrategic/— Strategic analysis outputssessions/{session-id}/checkpoint.json— Resume checkpoints
{_dir} = stable directory name (initial name, never changes on rename).
{name} = display name (may change via rename).
📋 Phase Index
For phases 3-5 and 7, load the sub-skill via file path. Each subskill has its own Reference Index — load the skill to see it.
| # | Phase | Delegation |
|---|---|---|
| 1 | Project Setup | phases/setup.md |
| 2 | Strategic Context (optional) | phases/context.md |
| 3 | Shape Up Planning | skills-workflow/cali-shape-up/SKILL.md |
| 4 | Interface Brainstorming | skills-workflow/cali-interface-brainstorm/SKILL.md |
| 5 | Plan Critique | skills-workflow/cali-plan-critique/SKILL.md |
| 6 | Review Gate | phases/gate.md |
| 7 | Tech Planning | skills-workflow/cali-tech-planning/SKILL.md |
| 8 | Supervisor + Execution | phases/execution.md |
Auto-chaining rules
| User selection | Phases that run automatically | |---|---| | Shape Up only | Shape Up → Plan Critique → Review Gate → Tech Planning (no gate) → Execution | | Interface only | Interface Brain. → Plan Critique → Review Gate → Tech Planning (no gate) → Execution | | Shape Up + Interface | Shape Up → Interface Brain. → Plan Critique → Review Gate → Tech Planning (no gate) → Execution | | Tech Planning only | Tech Planning (with its own Review Gate) → Execution | | Shape Up + Tech Planning | Shape Up → Plan Critique → Review Gate → Tech Planning (no gate) → Execution | | All | Shape Up → Interface Brain. → Plan Critique → Review Gate → Tech Planning (no gate) → Execution |
Plan Critique and Review Gate never appear as options — they are automatic. Review Gate never duplicates: comes from Plan Critique or embedded in Tech Planning (standalone).
⚠️ Safety Rules
Review Gate (Phase 6)
- Verbal approval in chat does NOT replace the gate. Use a formal review mechanism.
- Formal approval is MANDATORY. Only proceed AFTER documented approval.
- After approval: stamp the frontmatter (
approved: true) + create receipt. - Spec is frozen after approval. Future changes =
spec-product_{v+1}.md+ new gate.
Tech Planning (Phase 7)
- Before generating scopes: verify
approved: truein spec-product.md - Deterministic — do not rely on memory, read the YAML frontmatter
Execution Supervision (Phase 8)
- Never activate autonomous supervision during Phases 3-7. It could interfere with earlier phases.
- Activate only during execution, WHEN STARTING each scope.
Worktree
- Optional in Phase 8. Ask the user.
- Workflows with 1 scope or no code changes can skip.
📊 Expected Output
Always return:
- Problem and context (summary of approved shaping)
- Chosen interface direction (if applicable) and why
- Plan with typed scopes (
feature/optimization/spike) - Execution routing: each scope mapped to its executor
- Defined metrics for
optimizationscopes - Review Gate approval status
- Next step
🌐 Environment Adaptation
If a mentioned capability is not available, adapt using whatever tools your environment provides. The intent behind each step matters more than the exact tool name.
Related Skills
renatocaliari/cali-lat-md-seed
tools
VerifiedTrustedCommunity
Auto-initialize structured documentation for any project using lat.md (knowledge graph of markdown files with [[wiki links]], // @lat: code refs, and semantic search). Detects cali-product-workflow artifacts (spec-product.md, spec-tech.md, critiques) and uses them as seed material. Falls back to extracting business rules, architecture, and design decisions directly from the codebase. Use when a project lacks structured documentation or when lat.md/ is missing. After seeding, lat.md extension hooks keep documentation alive automatically.
1SKILL.mdUpdated Jun 2, 2026
renatocaliari/cali-ops-server-security
testing
VerifiedTrustedCommunity
[Cali] Server security audit and hardening for private servers behind Tailscale. Use when: auditing server security, hardening SSH/firewall/Docker, checking for vulnerabilities, setting up fail2ban, reviewing port exposure, or responding to security alerts. Covers 6 layers: CloudFlare, UFW, Tailscale, SSH, Docker, Application. Triggers: "server security", "security audit", "harden server", "SSH hardening", "firewall rules", "UFW config", "fail2ban", "port security", "Docker security", "vulnerability check", "security review".
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-package-audit
tools
VerifiedTrustedCommunity
Run supply chain security scans before installing packages or before releases. Triggers when: user installs a package (npm, pip, go get, brew), user asks to 'scan dependencies', 'check vulnerabilities', 'supply chain', 'security audit', 'run trivy', 'run socket', or before any release/deployment. Also triggers on mentions of: socket.dev, trivy, OSV-scanner, dotenvx, CVE, dependency audit. Covers all four tools with concrete commands.
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-github-releases
tools
VerifiedTrustedCommunity
Create GitHub releases following project conventions. Triggers when: user says 'release', 'create release', 'push release', 'deploy to main', 'merge to main', user merges a PR to main, or when git push to main is detected. Also triggers on mentions of: gh release, semver, version bump, changelog, release-please. Covers: config-driven (read .release.yml and execute) and fallback (gh CLI) release flows, versioning rules, tag management, and the mandatory release-on-merge convention.
1SKILL.mdUpdated May 30, 2026