renatocaliari/cali-shape-up
skills/cali-product-workflow/skills-workflow/cali-shape-up/SKILL.md
[Cali] Shape Up product planning skill. Use when you want to shape a product proposal using the Shape Up method. Produces a shaped proposal with problem, solution, scope (IN/OUT), and risks. Can be used standalone or as part of the cali-product-workflow.
$ install --global
skillsauthnpx skillsauth add renatocaliari/agent-sync-public-skills cali-shape-upInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 6:07 AM282.2s7 files scanned
SKILL.md
- name:
- cali-shape-up
- description:
- >
Shape Up Planning
This skill executes the Shape Up planning phase. It can be used:
- Standalone — for quick shaping sessions
- Via Workflow — part of the cali-product-workflow chain
3a. Parallel Recon (optional — recommended for complex features)
Before shaping, use parallel task execution to map context:
- Workers: "Map technical constraints, dependencies, existing patterns"
- Workers: "Map user needs, competitors, market context"
- Consolidate findings before shaping
3b. Shape the Proposal
Read the references/ files to guide the process:
| File | Covers |
|---|---|
| references/SHAPING-COMPLETE.md | Context, clarification, responsibilities |
| references/SHAPING-PRINCIPLES.md | Core shaping principles |
| references/RISK-ANALYSIS.md | Risk analysis and strategic alternatives |
| references/EXECUTION-GUIDE.md | Sequencing, persistence, cross-domain adaptation |
| references/proposal-structure.md | Output structure for the shaped proposal |
| references/output-expectations.md | Strong vs weak output criteria |
Then follow the Shape Up process:
- Set the appetite — How much time is this worth? (not estimation, but strategic allocation)
- Define the problem — What's the user need driving this?
- Explore the solution space — Breadboard the key interactions
- Write the fat-marker sketch — Boundaries on a napkin
- Define boundaries — What's IN and what's OUT
- Identify risks — Rabbit holes, technical unknowns, open questions
- Do not ask about Interface Brainstorming — already decided in setup phase
Output
Save the shaped proposal to:
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/specs/spec-product_v{N}.md
See references/proposal-structure.md for the expected output format.
Related Skills
- cali-product-workflow (orchestrator): Coordinates this skill with other phases
- cali-interface-brainstorm: Interface exploration after shaping
- cali-plan-critique: Plan review after shaping
Environment Adaptation
If any capability is unavailable, adapt using whatever tools your environment provides. The intent behind each step matters more than the exact tool name.
Related Skills
renatocaliari/cali-lat-md-seed
tools
VerifiedTrustedCommunity
Auto-initialize structured documentation for any project using lat.md (knowledge graph of markdown files with [[wiki links]], // @lat: code refs, and semantic search). Detects cali-product-workflow artifacts (spec-product.md, spec-tech.md, critiques) and uses them as seed material. Falls back to extracting business rules, architecture, and design decisions directly from the codebase. Use when a project lacks structured documentation or when lat.md/ is missing. After seeding, lat.md extension hooks keep documentation alive automatically.
1SKILL.mdUpdated Jun 2, 2026
renatocaliari/cali-ops-server-security
testing
VerifiedTrustedCommunity
[Cali] Server security audit and hardening for private servers behind Tailscale. Use when: auditing server security, hardening SSH/firewall/Docker, checking for vulnerabilities, setting up fail2ban, reviewing port exposure, or responding to security alerts. Covers 6 layers: CloudFlare, UFW, Tailscale, SSH, Docker, Application. Triggers: "server security", "security audit", "harden server", "SSH hardening", "firewall rules", "UFW config", "fail2ban", "port security", "Docker security", "vulnerability check", "security review".
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-package-audit
tools
VerifiedTrustedCommunity
Run supply chain security scans before installing packages or before releases. Triggers when: user installs a package (npm, pip, go get, brew), user asks to 'scan dependencies', 'check vulnerabilities', 'supply chain', 'security audit', 'run trivy', 'run socket', or before any release/deployment. Also triggers on mentions of: socket.dev, trivy, OSV-scanner, dotenvx, CVE, dependency audit. Covers all four tools with concrete commands.
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-github-releases
tools
VerifiedTrustedCommunity
Create GitHub releases following project conventions. Triggers when: user says 'release', 'create release', 'push release', 'deploy to main', 'merge to main', user merges a PR to main, or when git push to main is detected. Also triggers on mentions of: gh release, semver, version bump, changelog, release-please. Covers: config-driven (read .release.yml and execute) and fallback (gh CLI) release flows, versioning rules, tag management, and the mandatory release-on-merge convention.
1SKILL.mdUpdated May 30, 2026