Enforces confirmation workflow for EXTERNAL system writes (Jira, Confluence, BitBucket, Slack) ONLY. NEVER activates for Linear operations (Linear is internal tracking). Auto-activates when detecting potential writes to external PM systems (status updates, page creation, PR posts, notifications). Blocks execution and displays exact content that will be written. Requires explicit "yes" confirmation (rejects "ok", "sure", ambiguous responses). All Linear operations execute automatically without confirmation. Works alongside ccpm-code-review to ensure quality before external broadcasts. Provides audit trail of all confirmed operations. Allows batch operations with granular per-item confirmation when needed.
Enforces confirmation workflow for external system writes to Jira, Confluence, BitBucket, and Slack.
/plugin marketplace add duongdev/ccpm/plugin install ccpm@duongdev-ccpm-marketplaceThis skill is limited to using the following tools:
This skill provides automatic safety enforcement for all operations involving external project management systems.
DO NOT activate this skill for Linear operations. Linear is CCPM's internal tracking system.
NEVER ask for confirmation when:
This skill ONLY applies to EXTERNAL systems: Jira, Confluence, BitBucket, Slack, etc.
Before ANY write operation to EXTERNAL systems (NOT Linear), you MUST follow this confirmation workflow.
Jira:
Confluence:
BitBucket:
Slack:
When you detect a potential write operation:
⚠️ EXTERNAL SYSTEM WRITE DETECTED
System: [Jira/Confluence/BitBucket/Slack]
Operation: [Create/Update/Delete/Post]
Target: [Specific item/location]
Details:
---
[Exact content that will be written/posted]
---
This will modify external systems. Proceed? (yes/no)
Acceptable confirmations:
NOT acceptable (require re-confirmation):
After receiving explicit "yes" or equivalent:
User: "Update Jira ticket ABC-123 to Done"
Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED
System: Jira
Operation: Update Status
Target: ABC-123
Details:
---
Status: In Progress → Done
---
This will modify external systems. Proceed? (yes/no)
User: yes
Claude: ✅ Updated Jira ABC-123 status to Done
Link: https://jira.company.com/browse/ABC-123
User: "Create a Confluence page documenting the new API"
Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED
System: Confluence
Operation: Create Page
Target: Engineering Space
Details:
---
Title: "New Payment API Documentation"
Parent: API Documentation
Content: [First 200 characters of content...]
---
This will modify external systems. Proceed? (yes/no)
User: no, not yet
Claude: Understood. I won't create the Confluence page. Let me know when you're ready.
User: "Let the team know the feature is deployed"
Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED
System: Slack
Operation: Post Message
Target: #engineering channel
Details:
---
Message: "✅ Payment gateway integration deployed to production. All tests passing."
---
This will modify external systems. Proceed? (yes/no)
User: yes
Claude: ✅ Posted message to #engineering
User: "Update Jira to Done and notify the team on Slack"
Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED
I need to perform 2 write operations:
1. Jira - Update Status
Target: ABC-123
Change: In Progress → Done
2. Slack - Post Message
Target: #engineering
Message: "Task ABC-123 completed"
Proceed with both? (yes/no)
User: only the jira update
Claude: Got it. I'll update Jira ABC-123 but skip the Slack notification.
⚠️ Confirming: Update Jira ABC-123 to Done? (yes/no)
User: yes
Claude: ✅ Updated Jira ABC-123 to Done
❌ Skipped Slack notification as requested
The following operations NEVER require confirmation:
✅ Read operations:
✅ Linear operations:
✅ Local file operations:
.claude/ directory✅ Code operations:
If user explicitly requests bypassing confirmation:
User: "Update Jira ABC-123 to Done without asking me"
Still require ONE confirmation for safety:
Claude: I understand you want to skip confirmations, but for safety I need ONE confirmation:
Update Jira ABC-123 to Done? (yes/no)
[After yes, you can skip future confirmations in this session if user requests]
For multiple similar operations:
User: "Update all 5 tickets to Done"
Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED
Batch operation: Update 5 Jira tickets to Done
- ABC-123
- ABC-124
- ABC-125
- ABC-126
- ABC-127
Proceed with all? (yes/no/show details)
User: yes
Claude: ✅ Updated all 5 tickets to Done
If user response is unclear:
User: "maybe"
User: "I guess"
User: "if you think so"
Claude: I need explicit confirmation. Please respond with "yes" to proceed or "no" to cancel.
This skill works alongside CCPM commands that write to external systems:
Commands that trigger this skill:
/ccpm:done (creates BitBucket PR, sends Slack notification)/ccpm:sync (updates Jira status)How it works:
If external system write fails after confirmation:
Claude: ⚠️ Write operation failed
System: Jira
Error: "Insufficient permissions to update ABC-123"
Possible solutions:
1. Check your Jira permissions
2. Ensure you're on the correct project
3. Verify the ticket exists
Would you like me to retry? (yes/no)
After any confirmed external write:
Claude: ✅ Operation completed
Audit trail:
- Timestamp: 2025-11-19 14:32:15 UTC
- System: Jira
- Operation: Update Status
- Target: ABC-123
- User confirmed: Yes
- Result: Success
Logged to: .claude/audit-log.json
Problem: Easy to accidentally write to external systems when:
Solution: This skill provides an automatic safety layer:
Complements existing safety:
SAFETY_RULES.md)For complete safety rules, see: ~/.claude/plugins/ccpm/commands/SAFETY_RULES.md
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.