Skills specdd-do
📦

specdd-do

Safe ⚙️ External commands

Implement Changes Under SpecDD Authority

SpecDD projects need clear governance for AI agents making code and task changes. This skill establishes bootstrap resolution, spec chain navigation, and implementation rules so agents work correctly within project authority boundaries.

Supports: Claude Codex Code(CC)
🥉 74 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "specdd-do". Fix the null pointer exception in src/services/auth.js. This is a SpecDD project.

Expected outcome:

  • Resolved bootstrap chain: .specdd/bootstrap.md -> .specdd/bootstrap.project.md
  • Resolved spec chain: .specdd/specs/auth.md
  • Confirmed write authority: spec at .specdd/specs/auth.md section 3 grants write permission
  • Implementation: Added null check at line 142 of src/services/auth.js
  • Verification: All existing tests pass, one new test added for null input
  • Specs used: bootstrap.md, bootstrap.project.md, specs/auth.md
  • Files changed: src/services/auth.js, tests/auth.test.js
  • Uncertainty: None identified

Using "specdd-do". Can I add a new utility function to the shared library? Show me the governance check first.

Expected outcome:

  • Governance Check:
  • Bootstrap: .specdd/bootstrap.md (version 2.1) - grants implementation authority
  • Spec chain for lib/utils: bootstrap.md -> specs/shared.md -> specs/utils.md
  • Write authority: specs/utils.md section 2.1 - 'Contributors may add new utility functions'
  • Constraints: specs/shared.md section 5 - 'New utilities must not introduce external dependencies'
  • Verdict: Change is authorized under current governance, with the constraint that no new external dependencies are added

Security Audit

Safe
v1 • 6/12/2026

All 11 static analysis findings are false positives. The 9 backtick detections are Markdown inline code formatting for file paths and keywords, not Ruby shell execution. The 2 weak cryptographic algorithm detections correspond to an Apache-2.0 license identifier and the word 'security' in a plain sentence, not actual crypto code. The skill is a SpecDD workflow instruction set with no executable code, network access, or file system manipulation.

1
Files scanned
61
Lines analyzed
3
findings
1
Total audits
Low Risk Issues (2)
SKILL.md:13SKILL.md:15SKILL.md:21SKILL.md:22SKILL.md:23SKILL.md:37SKILL.md:59
Markdown backticks incorrectly flagged as shell execution
Static analyzer flagged Markdown inline code formatting as Ruby or shell backtick execution. All 9 occurrences are legitimate Markdown syntax used to reference file paths, spec names, and keywords. No actual command execution is present.
SKILL.md:3SKILL.md:60
License identifier and text word flagged as weak crypto
Static analyzer flagged Apache-2.0 license identifier and the word 'security' as weak cryptographic algorithm references. Neither value represents a cryptographic algorithm or function.

Risk Factors

⚙️ External commands (9)
SKILL.md:13 SKILL.md:15 SKILL.md:15 SKILL.md:21 SKILL.md:22 SKILL.md:23 SKILL.md:37 SKILL.md:59 SKILL.md:59
Audited by: claude

Quality Score

38
Architecture
100
Maintainability
87
Content
50
Community
100
Security
91
Spec Compliance

What You Can Build

Feature Implementation in SpecDD Projects

A developer working in a SpecDD-governed project needs an AI agent to implement a new feature while respecting all bootstrap rules, spec chains, and authority boundaries.

Automated Code Changes Under Governance

An AI agent making routine code changes needs clear rules about which specs to read, when to verify authority, and how to report results without violating project contracts.

Consistent Change Management Across Teams

A team lead wants all AI-assisted changes to follow the same governance rules, ensuring consistent spec resolution and authority checking across multiple contributors.

Try These Prompts

Simple Task Under Existing Authority 
I need to fix a bug in src/parser.js. The project is already a SpecDD project with bootstrap files. Resolve the spec chain, confirm I have write authority, and make the smallest correct change.
Task With Multiple Spec Files 
I need to add a new endpoint to the API. Read the bootstrap chain for this project. Then resolve the spec chain for the routes directory. Check both the project-level and local specs for write authority before planning.
Change In Complex Governance Structure 
We need to refactor the authentication module. Walk the full spec chain from the project root to the auth module directory. Identify all governing constraints. Verify that write authority is granted at the nearest local spec. Do not proceed if any spec contains a Forbids rule for this change.
Full Workflow With Validation And Reporting 
Implement the database migration for the new user preferences feature. Follow the SpecDD workflow: resolve bootstrap and spec chain, verify write authority, make the smallest correct change, run relevant tests and validation, then provide a report of specs used, files changed, verification results, and any remaining uncertainty.

Best Practices

  • Read bootstrap files only when the active project root changes or exact text is needed for a decision. Do not reread unnecessarily.
  • Make the smallest correct change inside your write authority. Avoid scope creep or opportunistic unrelated modifications.
  • Verify write authority from the nearest governing spec before every edit. Never infer authority from similar filenames or conventions.

Avoid

  • Editing files without first resolving the spec chain and confirming write authority from the governing spec.
  • Rereading the entire spec chain when only the narrowest relevant spec is needed for the current decision.
  • Completing unrelated tasks opportunistically while implementing a specified change under authority.

Frequently Asked Questions

What is a bootstrap file in SpecDD?
A bootstrap file is a root configuration file that establishes the rules, authority model, and spec resolution process for a SpecDD project. It is always located at .specdd/bootstrap.md.
When should I reread bootstrap files during a session?
Reread bootstrap files only when the active project root changes, a bootstrap file may have changed, or you need the exact bootstrap text for a decision, quote, comparison, or report.
What does write authority mean in this skill?
Write authority means explicit permission granted by a governing spec to make changes to a specific target. It is identified by reading the nearest local spec and must be confirmed before any edit.
Can I modify project specification files?
No. You must not override, loosen, or ignore target project specs. Write authority applies to implementing code changes, not modifying the governance specifications themselves.
What happens if the bootstrap.md file is missing?
If .specdd/bootstrap.md is missing, do not continue with this skill. The project is not a SpecDD project. Use specdd-adopt only if the operator explicitly asks to add SpecDD to a new project.
How does specdd-do differ from specdd-adopt?
specdd-do is for implementing changes under existing SpecDD authority. specdd-adopt is for setting up SpecDD in a project that does not yet have it. They have separate requirements and should not be used interchangeably.

Developer Details

Author

specdd

License

Apache-2.0

Repository

https://github.com/specdd/agentskills/tree/main/specdd-do

Ref

main

File structure

📄 SKILL.md