renatocaliari/cali-tech-planning
skills/renatocaliari/pi-product-workflow/cali-product-workflow/skills-workflow/cali-tech-planning/SKILL.md
[Cali] Technical planning and scope sequencing skill. Generates typed scopes (feature/optimization/spike + test-*), sequences them, and creates goals (see references/cli-tools/goals.md). For software products, also generates testing-strategy.md via cali-testing-ai-code. Part of cali-product-workflow but can be used standalone.
$ install --global
skillsauthnpx skillsauth add renatocaliari/agent-sync-public-skills cali-tech-planningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 4:21 AM176.8s6 files scanned
SKILL.md
- name:
- cali-tech-planning
- description:
- >
Tech Planning Sequencing
Tools: See
references/cli-tools/subagents.mdfor subagent patterns,references/cli-tools/goals.mdfor goal commands.
This skill executes the Tech Planning phase.
How to Load
This skill is bundled with cali-product-workflow — there is no standalone /skill: command.
Via Orchestrator (recommended)
The orchestrator reads this file directly when needed.
Standalone
To run standalone, read skills-workflow/cali-tech-planning/SKILL.md and follow the instructions inline.
Prerequisites
Security check: Read the YAML frontmatter of spec-product.md:
head -10 spec-product_{v}.md | grep "approved:"
- ✅
approved: true→ proceed - ❌ No
approved: true→ GO BACK to Phase 6. Do not proceed.
This check is deterministic — does not depend on memory.
AI-Aware Testing Check
For software products, also check product_type:
head -10 spec-product_{v}.md | grep "product_type:"
- ✅
product_type: softwareorproduct_type: hybrid→ activate cali-testing-ai-code - ❌
product_type: service→ skip testing strategy
References Index
Read the references/ files to guide the process:
| File | Covers | When to read |
|---|---|---|
| references/tech-context.md | Tech planning context, prerequisites, workflow position | Before starting — sets planning context |
| references/scopes-and-sequencing.md | Scope types (feature/optimization/spike + test-*), executor routing, sequencing principles | During generation — defines scope structure |
| references/tech-output.md | Tech plan output format, frontmatter, receipts | After generation — formats output |
| references/generation-principles.md | Generation principles, constraints, quality standards | During generation — guides implementation |
Process
7a. Scope Generation
Use the references above to generate technical scopes:
subagent({
agent: "planner",
task: `Generate tech scopes for the approved spec-product.md using references/.
1. Check strategic stability (Step 0)
2. Codebase awareness check (Step 1)
3. Technical risk analysis (Step 2)
4. Identify spikes (Step 3)
5. Define typed scopes: feature | optimization | spike (Step 4)
6. Sequence (riskiest-first or ui-first) (Step 5)
7. Detail each scope with DoD + acceptance criteria (Step 6)
8. Format per output-format.md (Step 7)
Output: .cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-tech_{v}.md
Input: .cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-product_{v}.md`,
output: ".cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-tech_{v}.md"
})
Output: .cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-tech_{v}.md
Input: .cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-product_{v}.md
7b. AI-Aware Testing Strategy (Software Products Only)
If product_type: software or product_type: hybrid:
- Generate testing-strategy.md:
subagent({
agent: "cali-testing-ai-code",
task: `Generate testing strategy for software product.
Input: spec-product.md (frontmatter with product_type: software)
Output: .cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/testing-strategy.md
Include:
- Mutation score targets (70/50/30%)
- Tech stack detection
- CI/CD gates (hard blocks)
- Anti-patterns (over-mocking, 100% coverage)`,
output: ".cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/testing-strategy.md"
})
- Add test- scopes to spec-tech.md:*
Based on testing-strategy.md, add scopes for:
test-unit: Unit tests for critical business logic (TDD recommended)test-integration: Integration tests for DB, APIs, external servicestest-security: Security scanning gatestest-mutation: Mutation testing validation
Note on TDD: Research shows TDD alone is insufficient for AI-generated code.
- Use TDD for critical business logic (isolated, deterministic)
- Use Test-After + Mutation for standard paths
- Never use same AI for both code AND test generation
5b. Tech Planning Review Gate
⚠️ MANDATORY — NEVER SKIP unless spec-tech was already approved.
Run Plannotator gate for the tech plan BEFORE generating goals:
[use the Plannotator gate command — see `references/cli-tools/plannotator.md`]
See references/cli-tools/plannotator.md for command format, after-approval workflow, and frozen file rules.
| Scenario | Action | |---------|--------| | Standalone Tech Planning | ALWAYS run gate — visual review of all scopes | | Post Shape-Up + Interface | Gate already ran → SKIP this step | | Post Shape-Up, no Interface | Gate already ran → SKIP this step |
If approved:
- Stamp
approved: true, approved_at: ...in spec-tech.yaml frontmatter - Create receipt in
approvals/directory - Proceed to Goal Generation
If user requests changes:
- Adjust the tech plan
- Re-submit via the Plannotator gate command (see
references/cli-tools/plannotator.md) - Repeat until approved
5c. Goal Generation (Step 9)
After tech plan approval, convert each scope into a goal (see references/cli-tools/goals.md) with DoD as completion criteria:
For each scope in the approved spec-tech.md:
[goal command — see `references/cli-tools/goals.md`]
Steps:
1. {step 1}
Done: {criterion}
2. {step 2}
Done: {criterion}
...
DoD: {scope DoD}
AC: {acceptance criteria}
Deps: {scope dependencies}
Optimization/spike scopes with metrics → **experiment-loop** (see references/cli-tools/autoresearch.md)
(they become experiment loops, not goals)
Rules:
- Scopes with dependencies: create goal AFTER the dependency is complete
- Use the goal pause command (see
references/cli-tools/goals.md) if a scope gets blocked - Use the goal tweak command (see
references/cli-tools/goals.md) for scope adjustments during execution
Output
Tech plan is saved to:
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-tech_{v}.md
After Tech Planning — EXECUTE AUTOMATICALLY
DO NOT ask user what to do next. Execution is automatic.
After Plannotator approval on spec-tech_v{N}.md:
- Run
readskills-execution/cali-product-scope-executor/SKILL.md`` for scope routing - Execute scopes based on type:
feature→ goal (seereferences/cli-tools/goals.md) + supervise (seereferences/cli-tools/supervise.md)optimization→**experiment-loop** (seereferences/cli-tools/autoresearch.md)test-unit,test-integration,test-security,test-behavior→ goal (seereferences/cli-tools/goals.md) with testing gates
See phases/execution.md for full execution flow.
Testing Gates (test-* scopes)
For test-* scopes, the execution includes hard blocks:
- test-mutation: mutation_score >= target → BLOCK if below
- test-security: security_findings == 0 on critical paths → BLOCK if found
- test-integration: flaky_rate < 5% → WARN if above
See skills-execution/cali-testing-ai-code/SKILL.md
Related Skills
- cali-shape-up: Produces the shaped proposal
- cali-plan-critique: Reviews the proposal before tech planning
- cali-product-workflow (orchestrator): Coordinates this skill with execution
Environment Adaptation
If a tool is unavailable, check:
../../../cali-product-workflow/references/cli-tools/
Related Skills
renatocaliari/cali-lat-md-seed
tools
VerifiedTrustedCommunity
Auto-initialize structured documentation for any project using lat.md (knowledge graph of markdown files with [[wiki links]], // @lat: code refs, and semantic search). Detects cali-product-workflow artifacts (spec-product.md, spec-tech.md, critiques) and uses them as seed material. Falls back to extracting business rules, architecture, and design decisions directly from the codebase. Use when a project lacks structured documentation or when lat.md/ is missing. After seeding, lat.md extension hooks keep documentation alive automatically.
1SKILL.mdUpdated Jun 2, 2026
renatocaliari/cali-ops-server-security
testing
VerifiedTrustedCommunity
[Cali] Server security audit and hardening for private servers behind Tailscale. Use when: auditing server security, hardening SSH/firewall/Docker, checking for vulnerabilities, setting up fail2ban, reviewing port exposure, or responding to security alerts. Covers 6 layers: CloudFlare, UFW, Tailscale, SSH, Docker, Application. Triggers: "server security", "security audit", "harden server", "SSH hardening", "firewall rules", "UFW config", "fail2ban", "port security", "Docker security", "vulnerability check", "security review".
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-package-audit
tools
VerifiedTrustedCommunity
Run supply chain security scans before installing packages or before releases. Triggers when: user installs a package (npm, pip, go get, brew), user asks to 'scan dependencies', 'check vulnerabilities', 'supply chain', 'security audit', 'run trivy', 'run socket', or before any release/deployment. Also triggers on mentions of: socket.dev, trivy, OSV-scanner, dotenvx, CVE, dependency audit. Covers all four tools with concrete commands.
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-github-releases
tools
VerifiedTrustedCommunity
Create GitHub releases following project conventions. Triggers when: user says 'release', 'create release', 'push release', 'deploy to main', 'merge to main', user merges a PR to main, or when git push to main is detected. Also triggers on mentions of: gh release, semver, version bump, changelog, release-please. Covers: config-driven (read .release.yml and execute) and fallback (gh CLI) release flows, versioning rules, tag management, and the mandatory release-on-merge convention.
1SKILL.mdUpdated May 30, 2026