From glm-hammer
Executes a plan via worker-validator-critic loop, then runs security/QA review gates. Use when a plan exists and implementation should run.
How this skill is triggered — by the user, by Claude, or both
Slash command
/glm-hammer:hammerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Strikes until the metal holds. Every task runs a **worker → validator → implementation-critic** cycle; the whole run ends with an E2E gate and a **security + QA review panel**. Any FAIL at any layer sends the work back — the Stop hook will not let the turn end while the loop is open.
Strikes until the metal holds. Every task runs a worker → validator → implementation-critic cycle; the whole run ends with an E2E gate and a security + QA review panel. Any FAIL at any layer sends the work back — the Stop hook will not let the turn end while the loop is open.
The main agent orchestrates; it never implements or judges inline. Workers build, validators judge the contract, critics hunt fakery, reviewers attack the result. Each role is a separate subagent with only the information its role requires.
All judges answer fixed binary checklists (YES/NO per question, verdict = AND) — never holistic impressions. If the runtime does not expose implementation-critic / security-reviewer / qa-reviewer as named agent types, read the definition from this plugin's agents/<name>.md and dispatch a general-purpose subagent with that file's body as its instructions.
forge/blueprint.CHECKS: and its verdict. The Stop hook grants credit only after a matching journaled CORE_DISPATCH_COMPLETED; self-written, legacy, stale, or projection-only evidence earns none.
.glm-hammer/evidence/tasks/task-<i>/validator.md, role validator, TASK_ID: <i>, VERDICT: PASS.glm-hammer/evidence/tasks/task-<i>/critic.md, role implementation-critic, TASK_ID: <i>, VERDICT: APPROVE.glm-hammer/evidence/e2e.md (not a judge receipt and not F11 attestation).glm-hammer/evidence/reviews/security.md / .glm-hammer/evidence/reviews/qa.md, roles security-reviewer / qa-reviewer, REVIEW_KIND: security / qa, VERDICT: PASS.glm-hammer/state.json is only a disposable projection. Request legal transitions through registered core hooks; never manufacture task totals, awaiting-user, review PASS, or done by editing it.Every judge writes these lines in this exact order before CHECKS::
RECEIPT_VERSION: 1
RUN_ID: <uuid>
ROLE: <validator|implementation-critic|security-reviewer|qa-reviewer>
EVIDENCE_PATH: <exact repository-relative receipt path>
PLAN_SHA256: <64 lowercase hex>
GENERATION: <canonical nonnegative decimal>
<TASK_ID: positive integer | REVIEW_KIND: security|qa>
DISPATCH_ID: <preallocated uuid>
SOURCE_SNAPSHOT_SHA256: <64 lowercase hex; security/qa only>
Task receipts omit the source-snapshot line. Review receipts require it. Unknown runtime identity, missing Agent observation, legacy core receipts, and tuple mismatches are fail-closed and never earn PASS.
{
"phase": "hammer",
"status": "executing | review | awaiting-user | done",
"plan": "docs/glm-hammer/plans/YYYY-MM-DD-<feature>.md",
"tasks": { "total": 0, "completed": 0, "current": "" },
"reviews": { "security": "pending", "qa": "pending" },
"stopBlocks": 0
}
tasks.completed only after both task dispatches are journaled with matching metadata-v1 receipts. Obligations and task count come from strict parsing of the sealed whole plan, not from projection counters.glm-hammer override-unverified RUNID GENERATION may atomically end that run as UNVERIFIED; it never records verified fields or PASS. Without structural proof there is no override.status: "done" only after journal authority records every derived task obligation, a current source snapshot, both snapshot-bound reviews, and run completion.Read the sealed whole plan (including any ## Plan Amendment Log). Require strict contiguous task grammar, derive the task count and dependency DAG from it, and evaluate declared paths against the generation's sealed baseline plus virtual task order. Never trust state.tasks.total or later live path existence. Missing, malformed, raced, or mismatched seal/baseline data blocks.
For each task (parallel groups dispatched concurrently):
1a. Compliance check — predecessor outputs exist, no in-flight task shares files. Mismatch → resolve before dispatching.
1b. Worker (subagent). Prompt = the task verbatim from the plan. The worker follows steps, adapts minimally when a step contradicts reality (stale anchor, renamed symbol), runs each step's verification, and reports deviations. It stops and reports instead of adapting when a fix would change an interface another task consumes, touch files outside its list, or alter a criterion.
1c. Validator (subagent, information-isolated). Use this fixed template, filling fields verbatim from the plan — never paraphrase, never mention what the worker did:
You are an independent validator with no knowledge of how this task was
implemented. Judge whether the codebase currently meets the goal below by
reading files and running tests yourself.
## Task Goal
{TASK_GOAL — verbatim from plan}
## Acceptance Criteria
{CRITERIA — verbatim from plan}
## Files To Inspect
{FILES — verbatim from plan}
## Test Commands
{COMMANDS — verbatim from plan}
Treat each criterion as an ISOLATED yes/no question: "is this criterion
met right now?" — answer PASS or FAIL per criterion from what you read
and ran, never a holistic impression. Verdict = AND of all criteria. No
partial credit. If FAIL, state exactly which criteria failed, with file
paths — describe, don't fix.
Write your full report to {EVIDENCE_PATH} (create parent directories), beginning with the exact metadata-v1 header populated from the approved dispatch:
RECEIPT_VERSION, RUN_ID, ROLE (`validator`), EVIDENCE_PATH, PLAN_SHA256,
GENERATION, TASK_ID (`<i>`), DISPATCH_ID. Follow it with a `CHECKS:`
block listing every criterion with PASS|FAIL and one-line evidence, then
`VERDICT: PASS` or `VERDICT: FAIL`. End your final message with:
EVIDENCE_RECORDED: {EVIDENCE_PATH}
Fill {EVIDENCE_PATH} with .glm-hammer/evidence/tasks/task-<i>/validator.md. Preallocate DISPATCH_ID before invocation and include the complete metadata tuple in approved tool input and this prompt.
1d. Implementation critic (subagent). After the validator passes, preallocate a new dispatch ID and dispatch implementation-critic with the task's Goal, Files, and Criteria verbatim plus runId, generation, role implementation-critic, evidence path .glm-hammer/evidence/tasks/task-<i>/critic.md, planSha256, positive taskId: <i>, and dispatchId. Do not include worker output. Its metadata-v1 receipt must match the dispatch and end in APPROVE or REJECT.
1e. Verdict handling:
## Plan Amendment Log. A criterion may be corrected only if factually stale and only to verify the SAME outcome. Then fresh worker.After all tasks, run the plan's Verification Strategy command, then the full test suite. Save the raw output to .glm-hammer/evidence/e2e.md. Failure loops through targeted worker repair and a fresh run; two failed fix attempts escalate through structural question proof. This raw receipt does not prove that Bash was observed and does not close F11.
After E2E passes, record a canonical source-review snapshot for the current run and generation. Preallocate one dispatch ID per reviewer only after SOURCE_REVIEW_SNAPSHOT_RECORDED. Each approved tool input and prompt receives only the plan path, diff scope, evidence path, and exact metadata tuple: runId, generation, reviewer role, evidencePath, planSha256, reviewKind (security or qa), dispatchId, sourceSnapshotSha256, and invocationMs. The invocation time must not predate the snapshot event.
Dispatch in parallel:
| Agent | Attack surface |
|---|---|
security-reviewer | Injection, authz/authn gaps, secrets, unsafe deserialization, path traversal, dependency risk in the changed code |
qa-reviewer | Behavior vs plan's success criteria, edge cases, error paths, regression risk, test adequacy |
Each receipt repeats the same snapshot hash in the required SOURCE_SNAPSHOT_SHA256 header. Missing binding, mismatch, or pre-snapshot invocation blocks. Both matching PASS receipts are only provisional until completion recomputes the source snapshot and proves byte equality.
| Anti-Pattern | Why It Fails |
|---|---|
| Main agent writing code or judging inline | Confirmation bias; defeats independent verification |
| Passing worker output/diff to validator or critic | Anchors the judge on the builder's framing |
| Paraphrasing plan content into the validator prompt | Leaks post-worker understanding; verbatim only |
| Weakening a criterion so a failing implementation passes | Reward hacking — the binary verdict exists to catch this |
| Retrying a worker against a plan defect | Burns strikes on an impossible task; triage first |
| Validator running the full suite per task | N redundant runs; regressions belong to the E2E gate, once |
| Re-running only the failed reviewer after fixes | A security fix can break behavior and vice versa; full panel |
Marking done in state while a review is fail | Falsified state; the hooks cross-check and the loop reopens |
| Advancing state on a verdict with no evidence receipt | A PASS you cannot show a receipt for did not happen; the Stop hook blocks it |
| Writing a judge's receipt file yourself | The receipt proves the judge ran; forging it defeats the audit trail |
Stopping mid-loop without awaiting-user escalation | The Stop hook bounces you back; escalate properly instead |
npx claudepluginhub tmdgusya/glm-hammer --plugin glm-hammerLoads a written implementation plan, reviews it critically, and executes tasks in dependency order with separate worker and validator subagents. Use when a plan document exists and you're ready to implement.
Executes implementation plans by dispatching tasks to implementer and reviewer subagents. Tracks progress per-task and coordinates sequential phases.
Executes implementation plans from plan.md files via Superpower Loop phases: task creation, batch execution with verification, git commits. Use after plan ready or on 'execute the plan'.