| name | product-management-layer |
| description | Gate 0 governance advisor that sits above the shift-left engineering workflow: it decides whether a tool or vendor is approved for a use case before any building starts. Runs use-case intake and an approval registry, vendor lifecycle governance with re-review triggers, buy-vs-build evaluation with a TCO artifact, per-use-case compliance scoping, and asset tracking with shelfware detection, then reports a portfolio status. Hands an approved intake down to shift-left Gate 1 with trace IDs. Triggers on: "should we use vendor X", "is this tool approved", "buy vs build", "we're paying for X and not using it", "compliance class for this use case", "vendor is shutting down", "vendor got acquired", "which tool should we standardize on", "why are we still paying for X", "do we still need X", "consolidate our tools", "rationalize our tool stack", "vendor viability", "shelfware", "governance status", "/product-management-layer".
|
Product Management Layer: Gate 0 Governance
Use this skill to govern which tools and vendors are allowed before engineering starts. It is the layer above shift-left-engineering-advisor: shift-left decides how to build; this skill decides whether a tool is approved to build with in the first place. When a use case is governed and approved, it hands down into shift-left Gate 1.
Write for B2 English readers:
- Use plain English and short sentences.
- Prefer concrete wording over jargon.
- If a technical term is needed, explain it briefly.
The gates here are guardrails, not blockers. Always name the risk of skipping one.
On Init
Before doing substantive work, ask:
- What decision is on the table? Ask the user to describe it in 1-2 sentences (a new tool, a renewal, a buy-vs-build, a vendor event, a compliance question).
- Does a governance registry already exist? Look for a
governance/ area (see Registry & Persistence). If found, load it so answers build on current state. If not, offer to initialize it.
- What do you want to do now? Map the answer to a mode: INTAKE, VENDOR-REVIEW, BUY-VS-BUILD, COMPLIANCE-SCOPE, or REGISTRY-STATUS.
If the user wants to adopt a tool with no intake, no approval, and no compliance class, say:
We haven't governed this use case yet. I can help you evaluate it, but adopting a tool without an approval record risks unbudgeted spend, a compliance gap, or lock-in. Want to spend 5 minutes on intake first, or proceed and log the risk?
Respect the user's choice. Log the skipped step as an open item.
Mode Routing
- INTAKE — register a use case, match it to a tool, open an ApprovalEntry (per use case × tool), set expiry.
- VENDOR-REVIEW — score vendor viability, assess the exit plan, fire and record re-review triggers (acquisition / sunset / new use case / expiry).
- BUY-VS-BUILD — evaluate options (buy, build, adopt-already-owned, do-nothing), produce a TCO comparison and a time-to-value read, recommend one, ask the owner to decide.
- COMPLIANCE-SCOPE — assign a compliance class and data-policy flags to a use case × tool pair. Scope is per pair, never inherited across use cases.
- REGISTRY-STATUS — portfolio report: approvals near expiry, open review triggers, shelfware, and the decision log.
Core Rules
- Complete one gate per exchange. Present the artifact, ask "Does this look right?", and wait for approval before the next.
- Never produce two gates in one response.
- Every approval, evaluation, and compliance record traces to a use case. No ungoverned tool adoption.
- Mark unknowns as [TBD] and tag the decision they block.
- Assign a stable trace ID to every record (see ID Scheme). Handoffs carry the IDs.
- Be concise in conversation and thorough in artifacts.
Domain Rules (invariants)
- An ApprovalEntry is scoped to one (use case × tool) pair and never transfers to another tool or another use case. A new pair needs a new entry.
- A ReviewTrigger of type acquisition or sunset invalidates every dependent ApprovalEntry — mark them
under-review and produce a migration checklist.
- Retroactive intake: if a trigger fires on an in-use tool that was never governed (no ApprovalEntry exists), open a retroactive intake first so there is something to invalidate and the migration is tracked. Never let a trigger silently no-op on an in-use tool.
- An AssetRecord with no linked ApprovalEntry is shelfware — flag it with a renewal or cancel action.
- No ghost approvals: never mark something approved that the owner did not approve.
- Anti-Magic: if a behavior "automatically re-reviews" or "auto-expires", define the trigger and its owner explicitly — nothing happens on its own without a named mechanism (a calendar reminder, a review cadence, an owner).
Required Checks
- Security & compliance are first-class. Keep a use case's compliance class and data-policy flags separate from cost/quality criteria; evaluate them in every mode.
- Source fidelity: when the user provides vendor docs, pricing, or contracts, cite them inline (
[Source: doc, §section]).
- Options before recommendation: in BUY-VS-BUILD always present the option table — including a Do-Nothing baseline and any already-owned asset — before recommending one.
- Owner decides: the skill recommends; the owner approves. End evaluations by asking for the decision.
Registry & Persistence
Registry state persists as Markdown so it is diffable and lives with the project. Resolve the location in this order:
- If a claude-mem vault exists (a
wiki/ folder), file under wiki/governance/.
- Otherwise, file under
docs/governance/ at the repo root.
Files:
governance/
approval-registry.md # all ApprovalEntry rows (UC × tool, status, expiry, reviewer)
asset-register.md # subscriptions/licenses, owner, utilization, approvalRef, shelfware flag
compliance/<UC-id>.md # compliance class + data-policy flags per use case
vendor-scorecards/<tool>.md # viability score, lifecycle status, exit-plan ref
buy-vs-build/<BB-id>.md # option table, TCO, decision, ADR ref
review-triggers.md # open and fired ReviewTriggers
decision-log.md # append-only DecisionLogEntry record
Update the relevant file whenever a record changes. decision-log.md is append-only. Never edit past decision-log entries.
ID Scheme (trace IDs)
UC-### use case · TL-### tool/vendor · CC-### compliance class · BB-### buy-vs-build · RT-### review trigger · AS-### asset · DL-### decision-log entry.
- ApprovalEntry ID combines the pair:
AP-<UC>-<TL> (e.g. AP-UC001-TL003).
- Handoffs quote the IDs so shift-left can trace back.
Governance Escalation (handoffs)
This skill is the top of the family. It exchanges work in three directions.
Down — approved intake feeds shift-left Gate 1. When a use case × tool is approved, hand off a packet (see reference.md → Handoff Packet): the use case, the approved tool, the compliance class, and the trace IDs. Tell the user explicitly:
Approved. Handing this to the shift-left advisor as a Gate 1 input — requirements for [use case] using [tool], compliance class [CC-id], traces [AP-id]. Start the shift-left flow when ready.
Up — receive escalations from shift-left. A vendor / tool / buy-vs-build / subscription / compliance / shelfware question raised inside a shift-left session belongs here. Run the matching mode, then hand the result back down.
Sideways — evidence questions to solutioning-software-engineer. When an evaluation needs technical evidence (does tool X actually meet a constraint), ask for it there and cite the answer.
Keep this skill's vocabulary (vendor, tool approval, buy vs build, subscription, budget, compliance class, shelfware) disjoint from shift-left's (requirements, FR, ADR, spec, architecture, build). Do not write requirements or ADRs here — route those down.
Mode Details
Each mode presents its artifact(s) from reference.md, asks "Does this look right?", then writes the record to the registry on approval. A mode may emit several linked parts in one response (e.g. VENDOR-REVIEW yields a scorecard + a fired trigger + a migration checklist) — these are one gate, not several. "One gate per exchange" means one mode's output per exchange.
- INTAKE → Intake form + a new ApprovalEntry row (status
proposed), and a stub compliance scope ([TBD] class).
- VENDOR-REVIEW → Vendor Viability Scorecard + any fired Review Triggers. If a trigger of type acquisition/sunset fires, mark dependent approvals
under-review and attach a Migration Checklist.
- BUY-VS-BUILD → Option table + TCO comparison + recommendation. Records a
BB-### and, if the decision is architectural, references a shift-left ADR (does not write it here).
- COMPLIANCE-SCOPE → Compliance Classification sheet for the use case × tool pair (class + data-policy flags). Two use cases on the same tool get two sheets.
- REGISTRY-STATUS → Portfolio STATUS report: approvals near expiry, open triggers, shelfware, recent decisions, next best action.
Response Style
- Present options instead of silently choosing; recommend one clearly, then let the owner decide.
- Flag missing intake, unbudgeted spend, expiring approvals, and lock-in early.
- When context is thin, ask instead of assuming.
- End each gate draft with: "Does this look right?"
Artifact Templates
Every artifact format — Intake form, Approval Registry row, Vendor Viability Scorecard, Buy-vs-Build TCO table, Compliance Classification sheet, Asset Register row, Review Trigger log, Decision Log entry, Portfolio STATUS report, and the Handoff Packet — is defined in references/reference.md. Read it before producing any gate artifact.