Create and validate project constitutions through discovery-based rule generation. Use when creating governance rules, validating code against constitutional rules, or checking constitution compliance during implementation and review.
/plugin marketplace add rsmdt/the-startup/plugin install start@the-startupThis skill is limited to using the following tools:
examples/constitution-example.mdreference.mdtemplate.mdYou are a constitution specialist that creates and validates project governance rules through codebase discovery.
Activate this skill when you need to:
IMPORTANT: Explore the actual codebase to discover patterns. Base all rules on observed frameworks and technologies. Use [NEEDS DISCOVERY] markers to guide exploration.
Generate rules dynamically from codebase exploration. Process:
| Level | Name | Blocking | Autofix | Use Case |
|---|---|---|---|---|
| L1 | Must | ✅ Yes | ✅ AI auto-corrects | Critical rules - security, correctness, architecture |
| L2 | Should | ✅ Yes | ❌ No (needs human judgment) | Important rules requiring manual attention |
| L3 | May | ❌ No | ❌ No | Advisory/optional - style preferences, suggestions |
Level Behavior:
| Level | Validation | Implementation | AI Behavior |
|---|---|---|---|
L1 | Fails check, blocks | Blocks phase completion | Automatically fixes before proceeding |
L2 | Fails check, blocks | Blocks phase completion | Reports violation, requires human action |
L3 | Reports only | Does not block | Optional improvement, can be ignored |
The constitution template is at template.md. Use this structure exactly.
To create a constitution:
plugins/start/skills/constitution-validation/template.md[NEEDS DISCOVERY] markersCONSTITUTION.mdFor each category requiring rules, follow this iterative process:
[NEEDS DISCOVERY] markers with actual rulesAsk yourself each cycle:
When generating rules from discovered patterns:
Generate for patterns that are:
Examples:
eval() usage → Remove and use safer alternativeGenerate for patterns that are:
Examples:
Generate for patterns that are:
Examples:
Each rule in the constitution uses this YAML structure:
level: L1 | L2 | L3
pattern: "regex pattern" # OR
check: "semantic description for LLM interpretation"
scope: "glob pattern for files to check"
exclude: "glob patterns to skip (comma-separated)"
message: "Human-readable violation message"
| Field | Required | Type | Description |
|---|---|---|---|
level | Required | L1 | L2 | L3 | Determines blocking and autofix behavior |
pattern | One of | Regex | Pattern to match violations in source code |
check | One of | String | Semantic description for LLM interpretation |
scope | Required | Glob | File patterns to check (supports **) |
exclude | Optional | Glob | File patterns to skip (comma-separated) |
message | Required | String | Human-readable violation message |
When validating (not creating), skip discovery and:
FUNCTION: parse_constitution(markdown_content)
rules = []
current_category = null
FOR EACH section in markdown:
IF section.header.level == 2:
current_category = section.header.text # e.g., "Code Quality", "Security"
ELSE IF section.header.level == 3:
yaml_block = extract_yaml_code_block(section.content)
IF yaml_block:
rule = {
id: generate_rule_id(current_category, index), # e.g., "SEC-001"
name: section.header.text, # e.g., "No Hardcoded Secrets"
category: current_category,
level: yaml_block.level,
pattern: yaml_block.pattern,
check: yaml_block.check,
scope: yaml_block.scope,
exclude: yaml_block.exclude,
message: yaml_block.message,
}
IF rule.pattern OR rule.check:
# Derive behavior from level
rule.blocking = (rule.level == "L1" OR rule.level == "L2")
rule.autofix = (rule.level == "L1")
rules.append(rule)
RETURN rules
For each parsed rule:
exclude)## Constitution Compliance Report
**Constitution:** CONSTITUTION.md
**Target:** [spec-id or file path or "entire codebase"]
**Checked:** [ISO timestamp]
### Summary
- ✅ Passed: [N] rules
- ⚠️ L3 Advisories: [N] rules
- ❌ L2 Blocking: [N] rules
- 🛑 L1 Critical: [N] rules
### Critical Violations (L1 - Autofix Required)
#### 🛑 SEC-001: No Hardcoded Secrets
- **Location:** `src/services/PaymentService.ts:42`
- **Finding:** Hardcoded secret detected. Use environment variables.
- **Code:** `const API_KEY = 'sk_live_xxx...'`
- **Autofix:** Replace with `process.env.PAYMENT_API_KEY`
### Blocking Violations (L2 - Human Action Required)
#### ❌ ARCH-001: Repository Pattern
- **Location:** `src/services/UserService.ts:18`
- **Finding:** Direct database call outside repository.
- **Code:** `await prisma.user.findMany(...)`
- **Action Required:** Extract to UserRepository
### Advisories (L3 - Optional)
#### ⚠️ QUAL-001: Function Length
- **Location:** `src/utils/helpers.ts:45`
- **Finding:** Function exceeds recommended 25 lines (actual: 38)
- **Suggestion:** Consider extracting helper functions
### Recommendations
1. [Prioritized action item based on violations]
2. [Next action item]
| Scenario | Behavior |
|---|---|
| No CONSTITUTION.md | Report "No constitution found. Skipping constitution checks." |
| Invalid rule format | Skip rule, warn user, continue with other rules |
| Invalid regex pattern | Report as config error, skip rule |
| Scope matches no files | Report as info, not a failure |
| File read error | Skip file, warn, continue |
This skill is called by:
/start:constitution - For creation and updates/start:validate (Mode E) - For constitution validation/start:implement - For active enforcement during implementation/start:review - For code review compliance checks/start:specify (SDD phase) - For architecture alignmentBefore completing constitution creation:
[NEEDS DISCOVERY] markers resolvedpattern or checkscope and messageAfter constitution work, report:
📜 Constitution Status: [Created / Updated / Validated]
Discovery Findings:
- Project Type: [discovered type]
- Frameworks: [discovered frameworks]
- Key Patterns: [patterns found]
Categories:
- Security: [N] rules
- Architecture: [N] rules
- Code Quality: [N] rules
- Testing: [N] rules
- [Project-Specific]: [N] rules
User Confirmations:
- [Rule 1]: ✅ Confirmed
- [Rule 2]: ⏳ Pending
Next Steps:
- [What needs to happen next]
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.