Skip to content

llm: showcase optional Allium behavioral-spec callouts across five plugins#154

Draft
withinfocus wants to merge 1 commit into
mainfrom
showcase/allium-spec-integration
Draft

llm: showcase optional Allium behavioral-spec callouts across five plugins#154
withinfocus wants to merge 1 commit into
mainfrom
showcase/allium-spec-integration

Conversation

@withinfocus

@withinfocus withinfocus commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

🎟️ Tracking

Initial exploration given some discussions. No associated Jira ticket — this is a self-directed showcase of an integration idea, opened for discussion.

📔 Objective

Adds an optional, conditional callout to five plugins pointing at JUXT's Allium — a third-party, MIT-licensed behavioral-specification language (.allium files in when / requires / ensures form, with a Rust CLI + LSP). This is a draft to showcase the idea, not a commitment to adopt Allium.

Why. Allium emits nothing in this meta-repo — but our engineers run these skills in product repos, which is exactly where a .allium spec and its CLI would live. The behavioral-spec lifecycle maps onto skills we already ship: elicit/distill at requirements & breakdown time, propagate/weed at implementation, weed again at review. These callouts plant tier-1 "consider Allium here" pointers at those seams without reimplementing anything or taking on a hard dependency.

Plugin Skill / file Verbs surfaced
bitwarden-product-analyst requirements-elicitation /elicit, /distill
bitwarden-delivery-tools developing-breakdown-spec seed .allium from the breakdown WHAT
bitwarden-tech-lead architecting-solutions /weed (narrower fit, scoped as such)
bitwarden-software-engineer AGENT.md /distill, /propagate, /weed, /tend
bitwarden-code-review performing-multi-agent-code-review /weed as an optional pre-Step-2 input

Scope & honest caveats

  • Value is contingent on a product repo actually adopting Allium (CLI + LSP installed, .allium file present). Absent that, every callout is a no-op by design.
  • Allium is new (2026, v2) and third-party. Nothing here depends on it at runtime — the callouts degrade to silence.
  • I did not touch the code-review numbered pipeline. The /weed pass is an optional input feeding Step 2's architecture agent; deeper wiring is deliberately deferred pending a real pilot on a Bitwarden repo.
  • Per repo policy: MINOR version bumps + changelog entries for all five plugins.

Validation. pnpm run lint, validate-plugin-structure.sh, and validate-marketplace.sh all pass for the five plugins.

Open questions for the team

  1. Is the callout pattern the right vehicle, or should this be a single shared "when to reach for a behavioral spec" reference that plugins link to?
  2. Which of these five genuinely want it vs. which dilute their focus? (The tech-lead fit is the weakest and is scoped accordingly.)
  3. Worth a tier-1 pilot — install Allium, run /distill + /elicit against a real Bitwarden repo — before merging any of this?

…lugins

Add an optional, conditional callout to five plugins pointing at JUXT's
Allium (https://github.com/juxt/allium) — a third-party, MIT-licensed
behavioral-specification language. Draft to showcase the idea, not a
commitment to adopt Allium.

The behavioral-spec lifecycle maps onto skills these plugins already ship:
- product-analyst/requirements-elicitation: extracted reqs + P01–P06 -> .allium rules (/elicit, /distill)
- delivery-tools/developing-breakdown-spec: seed a .allium spec from the breakdown WHAT
- tech-lead/architecting-solutions: persistent invariants for complex contracts (narrower fit, scoped as such)
- software-engineer/AGENT.md: /distill, /propagate, /weed, /tend during implementation
- code-review/performing-multi-agent-code-review: optional /weed drift pass feeding Step 2 (outside the numbered pipeline)

Every callout is conditional ("only when the repo carries a .allium file")
and states Allium is external, not a Bitwarden plugin. No runtime dependency;
callouts degrade to silence when absent. MINOR bumps + changelog entries for
all five plugins per repo policy.
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

Plugin Validation Summary — PR #154

Result: ✅ PASS — All structural, skill-quality, and security checks pass. No errors (must-fix) found. A small number of minor warnings (should-fix / housekeeping) are noted below; none block merge.

This PR is additive documentation only: each of five plugins gains an optional "Allium" behavioral-spec callout in a skill or agent file, plus a semantic version bump and a changelog entry. No executable code, hooks, settings, or MCP configuration changed.

Plugin New version marketplace.json AGENT.md version: Changelog (2026-06-29)
bitwarden-code-review 1.14.0 ✅ 1.14.0 ✅ 1.14.0 [1.14.0]
bitwarden-delivery-tools 2.1.0 ✅ 2.1.0 — (no agent) [2.1.0]
bitwarden-product-analyst 0.2.0 ✅ 0.2.0 — (no agent) [0.2.0]
bitwarden-software-engineer 1.1.0 ✅ 1.1.0 n/a (no version: field) [1.1.0]
bitwarden-tech-lead 2.4.0 ✅ 2.4.0 — (no agent) [2.4.0]

1. Plugin Structure (plugin-validator) — ✅ PASS

  • Manifests: All five plugin.json files have required fields (name, version, description, author); names are valid kebab-case; versions match the table above.
  • Version consistency: plugin.json ↔ root .claude-plugin/marketplace.jsonAGENT.md frontmatter all agree.
    • plugins/bitwarden-code-review/agents/bitwarden-code-reviewer/AGENT.md:3version: 1.14.0 (bumped from 1.13.0). ✅
    • plugins/bitwarden-software-engineer/agents/AGENT.md carries no version: field by existing convention, so the bump correctly did not touch it.
  • Changelogs: Every plugin has a top entry in Keep a Changelog format under ### Added, dated 2026-06-29, matching its version.
  • Agent frontmatter: Both changed AGENT.md files valid — names lowercase-hyphen within 3–50 chars, model: opus, substantial system-prompt bodies. bitwarden-software-engineer has 4 well-formed <example>/<commentary> blocks and color: blue.
  • Secret scan: No API keys, tokens, private keys, or hardcoded passwords in any changed file.

Minor (informational, no action required):

  • plugins/bitwarden-code-review/agents/bitwarden-code-reviewer/AGENT.md — no optional color: field (pre-existing; agent uses default).
  • plugins/bitwarden-software-engineer/agents/AGENT.md — no version: field (pre-existing convention). Add version: 1.1.0 only if uniform agent-level version traceability is desired.

2. Skill Review (skill-reviewer) — ✅ PASS

Four SKILL.md files received small additive "Optional … (Allium)" sections (2–9 lines each). No frontmatter changed, so triggering behavior is unaffected. All frontmatter valid (name + description present). All referenced references/ and examples/ files exist on disk. Word counts after additions: code-review ~2,900 (body), delivery-tools ~1,111, product-analyst ~856, tech-lead ~1,478 — all within/below the 1,000–3,000 target. Progressive disclosure respected: each addition is a short conditional pointer that defers mechanics to external commands rather than inlining detail; none warrants a new references/ file. The tech-lead addition is exemplary — it actively narrows applicability to avoid over-triggering.

Minor (should-fix / polish — non-blocking):

  • plugins/bitwarden-code-review/skills/performing-multi-agent-code-review/SKILL.md:63 — added section uses second-person permissive voice ("you may invoke") vs. the file's imperative house style; consider "Optionally invoke…".
  • plugins/bitwarden-code-review/skills/performing-multi-agent-code-review/SKILL.md:63 — "the numbered pipeline below" is distant from the actual numbered steps (appear ~L129+); consider "the numbered Code Review Process steps."
  • plugins/bitwarden-code-review/skills/performing-multi-agent-code-review/SKILL.md — body (~2,900 words) is at the upper edge of the 3,000 target. Pre-existing; route future additions to references/.
  • plugins/bitwarden-product-analyst/skills/requirements-elicitation/SKILL.md:3 — pre-existing double space in the description string (cosmetic; not introduced by this PR).
  • Cross-cutting consistency — the four callouts use three heading styles (## Optional: Behavioral-Spec Drift (Allium), inline **Optional — seed a behavioral spec.**, ## Optional: Capture a Behavioral Specification (Allium), ## Optional: Behavioral Specifications (Allium)). Per-context tailoring is fine; align the ## headings if uniformity is wanted.

3. Security Validation (reviewing-claude-config) — ✅ PASS

Check Result
Committed settings.local.json / settings files ✅ PASS — none in diff
Hardcoded secrets / API keys / tokens / passwords ✅ PASS — none
Permission scoping / broad Bash:* / Read://* ✅ PASS — no settings/permission files changed
Dangerous command auto-approvals ✅ PASS — no hooks/commands added
Hooks / executable code ✅ PASS — none added

The external-tool slash commands (/weed, /elicit, /distill, /propagate, /tend) are documentation references, not auto-approved shell commands, and are correctly gated — every occurrence conditions use on the team having adopted Allium and a .allium file actually being present, with explicit "optional / skip otherwise" guards.

Minor (should-verify before merge — non-blocking):

  • External repository link (unverified) — five Bitwarden-maintained configs now point engineers/reviewers at the third-party repo https://github.com/juxt/allium and assert it is MIT-licensed, at:

    • plugins/bitwarden-code-review/skills/performing-multi-agent-code-review/SKILL.md:63
    • plugins/bitwarden-delivery-tools/skills/developing-breakdown-spec/SKILL.md:79
    • plugins/bitwarden-product-analyst/skills/requirements-elicitation/SKILL.md:77
    • plugins/bitwarden-software-engineer/agents/AGENT.md:77
    • plugins/bitwarden-tech-lead/skills/architecting-solutions/SKILL.md:79

    The repo's existence/ownership/license could not be verified in this environment (network fetch not permitted). Since these are trusted persona configs, a human reviewer should confirm juxt/allium exists, is the intended owner, and is genuinely MIT-licensed before merge — or soften the license claim to "per the upstream repo; verify before adopting." Soft supply-chain/prompt-injection surface only; no code-level fix needed.

  • Prompt-injection hygieneplugins/bitwarden-code-review/skills/performing-multi-agent-code-review/SKILL.md:63 feeds Allium /weed drift output into the architecture agent "as additional context." .allium files and their output are untrusted repo content; the skill already routes the result as context / a finding (data, not instructions), which is correct. Keep it framed that way if this section is expanded later.


Verdict

Approve. The PR is structurally sound, version/changelog compliant, and introduces no secrets, permission changes, or executable code. All flagged items are minor polish or a recommended pre-merge sanity-check on the external juxt/allium link — none are blocking.

Note: the repository's validate-plugin-structure.sh / validate-marketplace.sh scripts could not be executed in this environment (interactive approval unavailable); the equivalent checks were performed via the plugin-validator agent and direct file inspection.

@withinfocus withinfocus added the ai-review Request a Claude code review label Jun 29, 2026
@withinfocus withinfocus changed the title feat: showcase optional Allium behavioral-spec callouts across five plugins llm: showcase optional Allium behavioral-spec callouts across five plugins Jun 29, 2026
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

Reviewed the five-plugin showcase adding optional, conditional Allium behavioral-spec callouts to requirements-elicitation, developing-breakdown-spec, architecting-solutions, the software-engineer AGENT.md, and performing-multi-agent-code-review. All changes are additive markdown plus MINOR version bumps and changelog entries. The callouts are consistently framed as external, third-party, and no-ops absent a .allium file, and the code-review change correctly stays outside the numbered pipeline. No security, correctness, or breaking-change concerns in the prose itself.

Code Review Details
  • ♻️ : Agent frontmatter version left stale at 0.1.5 while the plugin was bumped to 0.2.0. Before this PR both read 0.1.5, so the drift is introduced here. scripts/bump-plugin-version.sh only rewrites files named AGENT.md, and this agent file is product-analyst.md, so the script skips it; no validation script checks agent frontmatter versions, so CI does not catch it. Update line 3 to version: 0.2.0.
    • plugins/bitwarden-product-analyst/agents/product-analyst.md:3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-review Request a Claude code review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant