From ck
Maintains living implementation tracking documents for progress, pending tasks, failures, dead ends, and cross-session continuity. Includes full template and dead end prevention strategies.
npx claudepluginhub juliusbrussee/cavekitThis skill uses the workspace's default tool permissions.
Implementation tracking documents are **living records** that agents read and update every session. They serve as persistent memory across iterations, preventing duplicate work and preserving hard-won knowledge about what works and what does not.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Guides agent creation for Claude Code plugins with file templates, frontmatter specs (name, description, model), triggering examples, system prompts, and best practices.
Implementation tracking documents are living records that agents read and update every session. They serve as persistent memory across iterations, preventing duplicate work and preserving hard-won knowledge about what works and what does not.
The most valuable information in an implementation tracking document is not what succeeded — it is what failed and why. Dead ends documented today prevent agents from wasting hours retrying the same failed approaches tomorrow.
| Purpose | What It Prevents |
|---|---|
| Cross-iteration continuity | Agents starting from scratch every session |
| Dead end prevention | Agents retrying approaches that already failed |
| Progress visibility | Humans not knowing what was done or what is left |
| Test health awareness | Agents not knowing current test state |
| Issue tracking | Known issues being forgotten between sessions |
| File change tracking | Uncertainty about what files were created or modified |
Without implementation tracking, every agent session begins with expensive rediscovery. With it, agents resume exactly where the last session left off.
Use this template for every implementation tracking document:
# Implementation Tracking: {Domain or Scope}
## Status: {IN_PROGRESS | COMPLETE | BLOCKED}
**Last Updated:** {Date}
**Current Phase:** {Spec | Plan | Implement | Iterate | Monitor}
**Blocking Issues:** {None | Brief description of blockers}
---
## Task Status
| Task ID | Task | Status | Notes |
|---------|------|--------|-------|
| T-1 | {Task description} | DONE | {Completion notes} |
| T-2 | {Task description} | DONE | {Completion notes} |
| T-3 | {Task description} | IN_PROGRESS | {Current state, what remains} |
| T-4 | {Task description} | BLOCKED | {What is blocking, dependency} |
| T-5 | {Task description} | NOT_STARTED | {Prerequisites} |
### Task Dependencies
- T-4 blockedBy T-3 (needs auth module before API integration)
- T-5 blockedBy T-3, T-4
---
## Files Created
| File | Purpose | Spec Reference |
|------|---------|---------------|
| `src/auth/login.{ext}` | Login handler | spec-auth.md R1 |
| `src/auth/session.{ext}` | Session management | spec-auth.md R2 |
| `tests/auth/login.test.{ext}` | Login unit tests | spec-auth.md R1 AC1-3 |
## Files Modified
| File | Change | Reason |
|------|--------|--------|
| `src/app.{ext}` | Added auth middleware | spec-auth.md R3 |
| `src/config.{ext}` | Added session config | spec-auth.md R2 |
---
## Issues & TODOs
- [ ] **Issue:** Session expiry not tested under concurrent access — need load test
- [ ] **TODO:** Add rate limiting to login endpoint (spec-api.md R7)
- [ ] **TODO:** Implement password reset flow (spec-auth.md R4, NOT_STARTED)
- [x] **Resolved:** TypeScript compilation error in session.ts — fixed incorrect import path
---
## Dead Ends & Failed Approaches
### DE-1: JWT with asymmetric keys for session tokens
**What was attempted:** Implemented RS256 JWT tokens with public/private key pair.
**Root cause of failure:** Key rotation complexity exceeded the session management requirements. Added 200+ lines of key management code for no user-visible benefit. Symmetric HS256 with server-side session store is simpler and meets all spec criteria.
**Verdict:** Do not reattempt. Use symmetric tokens with server-side sessions instead.
### DE-2: Redis for session storage
**What was attempted:** Used Redis as the session store backend.
**Root cause of failure:** Redis dependency adds operational complexity. The application's expected concurrent user count (< 10,000) is well within what a database-backed session store handles. Redis would be premature optimization.
**Verdict:** Do not reattempt unless concurrent user requirements change significantly (> 100,000).
### DE-3: Cookie-based CSRF protection
**What was attempted:** Double-submit cookie pattern for CSRF.
**Root cause of failure:** Incompatible with the API's token-based auth flow. Clients send bearer tokens in headers, not cookies. CSRF protection is inherently handled by the token-based approach.
**Verdict:** Do not reattempt. Token-based auth does not need separate CSRF protection.
---
## Test Health
| Test Suite | Passing | Failing | Skipped | Line Coverage |
|------------|---------|---------|---------|---------------|
| Unit tests | 45 | 2 | 0 | 78% |
| Integration | 12 | 1 | 3 | n/a |
| E2E | 0 | 0 | 0 | n/a |
### Failing Tests
- `tests/auth/session.test.{ext}:34` — Session refresh fails when token is expired more than 24h. Needs spec clarification on refresh window.
- `tests/integration/api-auth.test.{ext}:89` — Timeout on concurrent login test. Likely race condition in session creation.
### Test Notes
- E2E tests not yet created (blocked on T-4: API integration)
- Integration test skip: 3 tests require external OAuth provider mock (TODO)
---
## Session Log
### Session 3 (current)
- Completed T-2 (session management)
- Started T-3 (API integration) — 60% complete
- Discovered DE-3 (CSRF not needed with token auth)
- 2 new failing tests identified
### Session 2
- Completed T-1 (login handler)
- Discovered DE-1 (JWT asymmetric keys too complex)
- Discovered DE-2 (Redis premature for this scale)
- Test health: 38 pass, 0 fail
### Session 1
- Set up auth module structure
- Created initial test scaffolding
- Established file ownership: auth/ owned by auth-agent
Dead ends prevent agents from retrying failed approaches. This is the single most important function of implementation tracking.
Without dead end documentation:
With dead end documentation:
Every dead end entry must include:
### DE-{N}: {Short description of the approach}
**What was attempted:** {Specific description of the approach taken}
**Root cause of failure:** {Why it did not work — a clear technical explanation, not just "it broke"}
**Verdict:** Do not reattempt. {Recommended alternative, or conditions under which the approach might become viable}
Implementation tracking documents are the primary mechanism for continuity between iteration loop passes and between human-initiated sessions.
At the start of every iteration or session, the agent:
At the end of every iteration or session, the agent:
┌─────────────────────────────────────┐
│ 1. Read impl tracking │
│ 2. Identify highest-priority task │
│ 3. Check dead ends for this area │
│ 4. Implement │
│ 5. Run validation gates │
│ 6. Update impl tracking │
│ 7. Commit │
└─────────────────────────────────────┘
↓ (next iteration)
┌─────────────────────────────────────┐
│ 1. Read impl tracking (updated) │
│ 2. ... │
└─────────────────────────────────────┘
When implementation tracking files exceed approximately 500 lines, they become unwieldy for agents to process. Compaction compresses the file while preserving active context.
impl/archive/impl-{scope}-v{N}.md> **Archive:** Previous tracking history available in impl/archive/impl-all-v2.md
> 12 tasks completed in prior sessions. See archive for details.
For structured handoffs between sessions (especially when different humans or automation systems manage sessions), use the inter-session feedback protocol.
<session-report>
<session-id>2026-03-14-session-3</session-id>
<timestamp>2026-03-14T14:30:00Z</timestamp>
<task id="T-1">
<title>Implement session management</title>
<status>DONE</status>
<files-modified>true</files-modified>
<summary>
Implemented session creation, validation, and refresh.
Added server-side session store with database backend.
Created 3 new files, modified 2 existing files.
</summary>
<obstacles kind="NONE"></obstacles>
<next-steps>
Proceed to API integration (T-3). Session module is ready.
</next-steps>
</task>
<task id="T-2">
<title>API endpoint integration</title>
<status>PARTIAL</status>
<files-modified>true</files-modified>
<summary>
Completed GET /users and POST /login endpoints.
PUT /users and DELETE /users not started.
</summary>
<obstacles kind="TEMPORARY">
Waiting for session management to stabilize (now done).
</obstacles>
<next-steps>
Continue with PUT/DELETE endpoints. All dependencies resolved.
</next-steps>
</task>
<task id="T-3">
<title>OAuth provider integration</title>
<status>BLOCKED</status>
<files-modified>false</files-modified>
<summary>
Investigation complete. OAuth provider requires API key registration.
</summary>
<obstacles kind="PERMANENT">
Cannot proceed without OAuth API credentials.
Human action required: register application with OAuth provider.
</obstacles>
<next-steps>
Skip until credentials are available. Focus on other tasks.
</next-steps>
</task>
</session-report>
| Field | Values | Purpose |
|---|---|---|
status | DONE, PARTIAL, BLOCKED | Current state of the work item |
files-modified | true, false | Whether code was modified (helps humans prioritize review) |
summary | Free text | What was accomplished — be specific |
obstacles.kind | NONE, TEMPORARY, PERMANENT | TEMPORARY = will resolve on its own; PERMANENT = requires human action |
next-steps | Free text | What the next session should do with this item |
/ck:next-session command consumes this feedback to generate prioritized work itemsFor the full session feedback protocol reference, see
references/session-feedback-protocol.md.
At the end of a session, generate a plan-next-session.md that prioritizes work for the next session:
# Next Session Work Queue
## WI-1: Complete API endpoint integration
- **Category:** feature
- **Size:** M
- **Priority:** high
- **Spec reference:** plan-api.md
- **What to do:** Implement PUT /users and DELETE /users endpoints
- **Files to modify:** src/api/users.{ext}, tests/api/users.test.{ext}
- **Acceptance criteria:**
- [ ] PUT /users/{id} updates user record and returns 200
- [ ] DELETE /users/{id} removes user and returns 204
- [ ] Both endpoints require valid session token
## WI-2: Fix failing session refresh test
- **Category:** bugfix
- **Size:** S
- **Priority:** medium
- **Spec reference:** plan-auth.md
- **What to do:** Investigate and fix session refresh failure for tokens expired > 24h
- **Files to modify:** src/auth/session.{ext}, tests/auth/session.test.{ext}
- **Acceptance criteria:**
- [ ] Session refresh test passes for tokens expired < 24h
- [ ] Clear error message for tokens expired > 24h (if that is the intended behavior)
## WI-3: Create E2E test scaffolding
- **Category:** test
- **Size:** M
- **Priority:** medium
- **Spec reference:** plan-testing.md
- **What to do:** Set up E2E test framework and create smoke tests
- **Files to modify:** tests/e2e/setup.{ext}, tests/e2e/smoke.test.{ext}
- **Acceptance criteria:**
- [ ] E2E framework runs successfully
- [ ] Smoke test verifies application starts and login works
This removes the orientation cost at the start of each session — agents begin productive work immediately. The next agent reads this file and begins working immediately on the highest-priority item.
ck:cavekit-writingImplementation tracking references specs by requirement ID. When a task is completed, its acceptance criteria map back to spec requirements. When dead ends are found, they may reveal spec gaps that need revision.
ck:validation-firstTest health in the tracking document reflects validation gate results. Failing tests indicate which gates are not passing. The tracking document records which gates each task must clear.
ck:context-architectureImplementation tracking documents live in context/impl/. When files grow too large, archive to context/impl/archive/. The CLAUDE.md in context/impl/ instructs agents on tracking conventions.
ck:methodologyImplementation tracking is used primarily during the Implement and Iterate phases of the Hunt. The iteration loop reads and updates tracking documents every pass. The Monitor phase reviews tracking documents for progress signals.