From govctl
Writes well-structured Verification Guards as TOML files defining shell commands, timeouts, and output patterns for project checks like tests, lints, or FIXME detection. Use for creating/editing guards or verification mentions.
npx claudepluginhub govctl-org/govctl --plugin govctlThis skill is limited to using the following tools:
Write Verification Guards — reusable executable completion checks per [[RFC-0000:C-GUARD-DEF]].
Reviews project guardrails for approval as repository governance baselines after creation or updates. Checks trigger judgments, generation modes, facts, standards, workflow hooks, and rule executability.
Creates structured quality gates for workflow boundaries like pre-merge checklists, deployments, and phase transitions with pass/fail criteria, exact commands, and escalation procedures.
Guides creation of markdown-based Hookify rules to block dangerous bash commands, warn on risky file edits, and enforce behavioral guardrails in Claude Code.
Share bugs, ideas, or general feedback.
Write Verification Guards — reusable executable completion checks per [[RFC-0000:C-GUARD-DEF]].
This helper skill may be used standalone or by /gov or /spec.
It is responsible for guard definition and validation, not for deciding which workflow should execute the guard in day-to-day implementation.
govctl guard new "<title>"
govctl guard list
govctl guard show GUARD-ID
govctl guard set GUARD-ID command "new command"
govctl guard set GUARD-ID timeout_secs 600
govctl guard set GUARD-ID pattern "regex pattern"
govctl guard add GUARD-ID refs RFC-NNNN
govctl guard delete GUARD-ID
Every guard is a TOML file under gov/guard/ with two sections:
[govctl] — Metadata| Field | Required | Description |
|---|---|---|
id | yes | Unique ID, format GUARD-UPPER-CASE |
title | yes | Human-readable description |
refs | no | Array of artifact references |
[check] — Execution| Field | Required | Description |
|---|---|---|
command | yes | Shell command, runs from project root |
timeout_secs | no | Max seconds before failure (default: 300) |
pattern | no | Regex matched case-insensitively against output |
#:schema ../schema/guard.schema.json
[govctl]
id = "GUARD-CARGO-TEST"
title = "cargo test passes"
refs = ["RFC-0000", "RFC-0001"]
[check]
command = "cargo test"
timeout_secs = 300
#:schema ../schema/guard.schema.json
[govctl]
id = "GUARD-NO-FIXME"
title = "No FIXME comments in source"
[check]
command = "! grep -r FIXME src/"
pattern = "^$"
#:schema ../schema/guard.schema.json
[govctl]
id = "GUARD-CLIPPY"
title = "clippy passes with no warnings"
refs = ["RFC-0000"]
[check]
command = "cargo clippy --all-targets -- -D warnings"
timeout_secs = 300
GUARD- prefix followed by uppercase alphanumeric with hyphensbash -c '...' for pipelinespattern sparingly: Only when exit code alone is insufficientrefs: Link guards to the RFCs/ADRs they verifyGuards can be required by work items and by project-level config:
# In gov/config.toml — applies to all work items
[verification]
enabled = true
default_guards = ["GUARD-GOVCTL-CHECK", "GUARD-CARGO-TEST"]
# In a work item — additional guards for that item
[verification]
required_guards = ["GUARD-CLIPPY"]
Work items can waive guards with a reason:
[[verification.waivers]]
guard = "GUARD-CARGO-TEST"
reason = "Documentation-only change, no code modified"
After creating or editing a guard, validate:
govctl check
This verifies:
If the guard should be committed, hand off to /commit.