一键导入
do-issue-solo
Work on a GitHub issue end-to-end autonomously, only pausing when blocked or when clarification is needed.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Work on a GitHub issue end-to-end autonomously, only pausing when blocked or when clarification is needed.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Scan a project for missing best-practice areas and implement the top recommendation for each gap (linting, unit testing) — installs tools, writes configs, verifies, and commits. Pass 'recommend' to stop after writing recommendations without implementing (replaces the old do-recommend skill).
Implement a focused code change. Use this skill as the wrapper for any implementation work so the Maverick workflow report captures what was done and so the agent applies the project's coding standards before editing. Intended to be invoked once per task from inside a do-issue-* or do-epic phase, not standalone.
Audit a codebase for security risks in one of two modes. In full-audit mode it scans the entire codebase and writes a findings report to docs/security-audit.md (run as part of do-init or on demand). In update mode it reviews only a diff plus the code it could impact, returning a structured findings list as a pre-push gate for do-issue-solo and do-issue-guided. Covers secrets exposure, dependency vulnerabilities, authentication and authorisation patterns, input validation, transport security, and common OWASP risks.
Create, restructure, or update technical documentation. Handles greenfield projects, refactoring non-compliant docs, and incremental updates after code changes.
Work on a multi-story GitHub epic end-to-end. Builds a DAG from the child stories, groups them into waves, runs waves in parallel via per-story worktrees, ejects PRs that fail agent-code-review for human handling, and propagates blocks to downstream stories. Requires git worktrees.
Initialise a project for use with Maverick — verifies the GitHub App, installs the CLI if needed, writes the project config with integration tracking, scaffolds docs, generates project skills, runs an initial cybersecurity audit, then commits the changes and opens a PR.
| name | do-issue-solo |
| description | Work on a GitHub issue end-to-end autonomously, only pausing when blocked or when clarification is needed. |
| argument-hint | issue number (e.g., 123) |
| user-invocable | true |
| disable-model-invocation | false |
Work on GitHub issue $ARGUMENTS autonomously, coordinating safely
with any other Maverick instance that might also hold a claim on this
issue. Follow every phase in order. Only pause to ask the user when you
are blocked or need clarification.
Preflight output, captured when this skill was invoked (dynamic-content pilot — the command ran before you read this):
!uv run maverick preflight do-issue-solo 2>&1 && echo PREFLIGHT_OK
Ends with PREFLIGHT_OK → prerequisites are met; proceed.
Shows an error → halt and report the output verbatim to the user. Do not proceed, do not work around missing prerequisites.
Empty, or shows the literal command text (dynamic skill content is
disabled via disableSkillShellExecution) → run it manually first and
apply the same rules:
uv run maverick preflight do-issue-solo
The check verifies: the project is initialised, the Maverick GitHub
App is configured (maverick gh-app status reports configured: true),
and required tools (gh, git, uv) are on PATH.
If $ARGUMENTS is empty or not a valid issue number, ask the user
for the issue number before proceeding.
Determine the repo (via gh repo view --json nameWithOwner) — you will
pass it to every maverick coord command below.
PR code review runs locally during Phase 9 as the
agent-code-reviewer subagent — its binary PASS/FAIL
verdict is the gate. Some projects also opt into a CI-side re-run via
mav-bp-remote-code-review (independent verification for
multi-machine fleets or audit needs); when present it adds a status
check the auto-merge in Phase 10 will wait on, but its absence is not
a blocker.
Before any other phase.
uv run maverick coord read <repo> $ARGUMENTS and inspect
the snapshot. Decide which of the four branches in
mav-multi-instance-coordination applies:
blocked-by:#N label): abort cleanly, report to user.uv run maverick coord claim <repo> $ARGUMENTS.
The command exits non-zero if the claim is rejected — treat that as
abort.run-start row that later
report calls inherit maverick_skill from):
uv run maverick report run-start do-issue-solo --issue $ARGUMENTS --phase claimed
From here, agent-dispatch intervals are recorded automatically by
the plugin's Subagent hooks (open on dispatch, closed on return), and
invoking a tracked inner skill auto-opens its skill-dispatch
interval. Your only bookkeeping obligation is the one-line
report end --auto --outcome <…> after each inner skill returns —
everything else is hooks. Anything left open is flushed as
outcome=unknown by report generate.HEARTBEAT_INTERVAL_MINUTES minutes for as long as you hold the
claim and exits on its own when the claim is released:
uv run maverick coord heartbeat-loop <repo> $ARGUMENTS --daemonize
Never background the foreground loop with & — a process
backgrounded from a tool shell dies with the shell or leaks
unobservably. Liveness is checked in the task loop with
coord heartbeat-status.coord release-all when the session
ends (normal exit, user interrupt, crash-caught), and lease expiry
(10-minute TTL) covers machine death. Your only release obligations
are the explicit ones at workflow boundaries: --reason merged
after auto-merge lands, --reason ejected on eject. Do not attempt
trap-on-exit wrappers — each Bash call is a fresh shell, so a trap
cannot survive to session end.maverick-authorize-infra
label or a Maverick-Authorize: infra line in the issue body — record
it so the scope-guard hook permits those edits in autonomous mode:
uv run maverick coord authorize <repo> $ARGUMENTS infra
If the command exits non-zero, the issue does not authorize the
scope: do not make infrastructure changes; note the gap in the
solution design instead. Never write .maverick/session-auth.json by
any other means — the hook blocks it, and self-granting defeats the
authorization model.mav-durability-on-gh. The
skill is fully resumable — a fresh agent re-entering after a crash,
stop, or context-exhaustion must skip phases that already completed
rather than re-running them against an in-flight or merged PR (#41).
Do not reconstruct the resume position by hand:
uv run maverick coord resume-point <repo> $ARGUMENTS
The command reads the task-progress marker, finds the PR via the
recorded branch, inspects CI and the review verdict, and returns
{next, instruction, evidence} — follow the instruction. Also check
for an existing worktree under .maverick/worktrees/ before creating
one. Each phase below ends with a task-progress set write so
re-entry advances one boundary at a time without re-running anything.Run Phases 1 and 2 as a subagent to keep the main context window clean for implementation.
Refresh the local base branch before the analyst reads anything.
The analyst runs against the main checkout — Phase 4 hasn't created
the worktree yet — so a stale local base lets pre-resolved
ambiguities slip into the design pass and surface as phantom
blockers (#102). Follow the "Base Branch Freshness" rule in
mav-git-workflow:
STORY_BASE=$(uv run maverick git-workflow story-base)
git fetch origin "$STORY_BASE"
CURRENT=$(git rev-parse --abbrev-ref HEAD)
if [ "$CURRENT" = "$STORY_BASE" ]; then
git pull --ff-only origin "$STORY_BASE"
else
git fetch origin "$STORY_BASE:$STORY_BASE"
fi
If either form refuses a non-fast-forward, halt and report to the
user — there are local commits on $STORY_BASE that have not been
pushed, which violates trunk-based discipline.
Dispatch the agent-issue-analyst agent with:
$ARGUMENTSsolo
(The dispatch interval is recorded by the Subagent hooks — no
report calls needed.)When the agent returns, verify the design landed durably —
uv run maverick task-progress read <repo> $ARGUMENTS shows
comments.design set to a comment ID (the analyst posts it via
uv run maverick issue comment post --kind design).
If the agent flagged ambiguities it could not resolve:
uv run maverick report begin question --issue $ARGUMENTS --topic ambiguity-resolutionuv run maverick report end --auto --issue $ARGUMENTS --outcome successOtherwise continue.
Checkpoint: uv run maverick task-progress set <repo> $ARGUMENTS design.
Run Phase 3 as a subagent.
$ARGUMENTScomments.design)uv run maverick task-progress read <repo> $ARGUMENTS shows:
comments.tasks set to a comment ID (posted via
uv run maverick issue comment post --kind tasks)uv run maverick report begin question --issue $ARGUMENTS --topic scope-concernsuv run maverick report end --auto --issue $ARGUMENTS --outcome successuv run maverick task-progress set <repo> $ARGUMENTS tasks
(append --has-sub-issues when the >= 5 tasks path was taken).The branch is created inside a dedicated worktree, not in the main checkout.
STORY_BASE=$(uv run maverick git-workflow story-base)
mav-stacked-prs — base = sibling branch.uv run maverick worktree create <branch> [--base <sibling-branch>].
From this point on, all file edits happen inside the worktree path.cd into the worktree path for the rest of the story.uv run maverick task-progress set <repo> $ARGUMENTS branch --branch <branch>
(recording the branch is what lets coord resume-point find the PR later).Push after every task, not at the end. See
mav-durability-on-gh.
docs/maverick/skills/. Apply any
topic-specific guidance they carry.For each task (sub-issue or checklist item), in order:
Each step below is its own obligation. After /do-code returns
in step 1, do not stop — continue with step 2. The inner skill's
return is a hand-back, not a task-complete signal (#106).
/do-code <one-line task description>. The
skill reads before writing, makes the smallest diff that satisfies
the task, verifies per mav-local-verification, and
refuses to return on red. (Invoking it auto-opens the
skill-dispatch interval via the plugin's Skill hook.)uv run maverick report end --auto --issue $ARGUMENTS --outcome <success|failure>
On failure, halt the per-task loop and diagnose per
mav-systematic-debugging — do not proceed to the
commit step with a failing build or red tests./do-test if the change
needs new or updated tests that do-code did not
already cover — then record its outcome the same way:
uv run maverick report end --auto --issue $ARGUMENTS --outcome <success|failure>
When /do-test returns, proceed to step 4.git push -u origin <branch>.mav-stacked-prs before every push.SHA=$(git rev-parse HEAD)
SUBJECT=$(git log -1 --pretty=%s)
uv run maverick report commit --issue $ARGUMENTS \
--phase implement --sha "$SHA" --subject "$SUBJECT"
uv run maverick tasks check <repo> $ARGUMENTS <n>
(or close the sub-issue). Never PATCH the comment body by hand.uv run maverick coord heartbeat-status <repo> $ARGUMENTS — if it
reports not running, treat it as claim-lost: stop pushing, re-run the
Phase 0 entry check before continuing.After the last task, run the full verification suite once more.
Checkpoint: uv run maverick task-progress set <repo> $ARGUMENTS implement.
Follow mav-plan-execution for the broader execution loop,
verification discipline, failure handling, and crash recovery.
This phase always runs before the PR is opened. There is no skip path — the heuristic-gated version used to let stale docs ship when Claude's affected-or-not call was wrong. The agent decides whether work is needed; the workflow decides whether the agent runs.
The agent is dispatched with a pre-filtered shortlist of docs the diff plausibly touches, not the open-ended "audit every doc" brief that made this phase the longest single subagent cost on prior issues (observed: ~6 min on a 15-file diff). The agent still reports any out-of-shortlist docs it believes are impacted — those surface in the PR body as a follow-up note rather than being silently rewritten.
uv run maverick docs shortlist --base "$(uv run maverick git-workflow story-base)"
This writes /tmp/diff.patch, /tmp/changed-paths.txt, and
/tmp/doc-shortlist.txt (terms derived from changed paths and
identifiers in the diff, matched across every docs/ tree). The
shortlist may legitimately be empty — that is a valid input to step 2.update (per do-docs)/tmp/diff.patch/tmp/doc-shortlist.txt. If
the file is empty, pass the literal string
<empty — scan only for gaps requiring new coverage>.docs/, create the new
document.Docs follow-up: <paths> line to the PR body so the reviewer
sees them.Docs review: no changes required.docs: conventional commit and push
per the push-per-task rule. If a commit was made, log it so the
docs phase row gets its own sub-row in the report:
SHA=$(git rev-parse HEAD)
SUBJECT=$(git log -1 --pretty=%s)
uv run maverick report commit --issue $ARGUMENTS \
--phase docs --sha "$SHA" --subject "$SUBJECT"
uv run maverick task-progress set <repo> $ARGUMENTS docs.This phase always runs before the PR is opened. There is no skip
path. Any changed code AND any code that could be impacted by the
changes (callers, importers, dependents) must be reviewed by
do-cybersecurity-review before the PR can be opened.
Each step below is its own obligation. After /do-cybersecurity-review
returns in step 2, do not stop — continue with step 3. The inner
skill's return is a hand-back, not a phase-complete signal (#106).
Compute the full diff: git diff origin/<base>...HEAD.
Dispatch /do-cybersecurity-review with (invoking it
auto-opens the skill-dispatch interval via the Skill hook):
updateWhen the skill returns, proceed to step 3 — do not summarise and stop.
Record the outcome:
uv run maverick report end --auto --issue $ARGUMENTS --outcome <success|failure|blocked> (use blocked if the verdict was BLOCKING).
Act on the verdict:
## Security Review section to the PR
body draft listing each finding (severity, location, description,
recommendation). The PR may proceed to Phase 8 with these items
visible to the human reviewer and to agent-code-reviewer.Security review: no concerns. in the PR body
draft so the gate is auditable.The PR cannot proceed to Phase 8 until this phase has returned a non-BLOCKING verdict and the outcome has been folded into the PR body draft.
Checkpoint: uv run maverick task-progress set <repo> $ARGUMENTS security.
mav-local-verification — a final
green check before asking for review.mav-stacked-prs if the branch
stacks on a sibling. Retarget before opening the PR if the sibling is now
merged.PR_TARGET=$(uv run maverick git-workflow pr-target)
Open the PR. The body must end with a literal Closes #$ARGUMENTS
line (capitalised; not Refs, Related to, or any other phrasing).
gh pr merge --squash carries the PR body verbatim into the squash
commit body; GitHub only auto-closes the linked issue when one of
Closes/Fixes/Resolves appears in a commit on the default
branch. If multiple PRs land via a non-squash promotion (Gitflow:
develop → main), each squash commit's body is what GitHub scans
— so omitting the keyword on a single PR leaves that story open
even after promotion (#56). Use Refs #N only for cross-references
to other issues, never for the primary story:
gh pr create --base "$PR_TARGET" --head <branch> \
--title "<conventional title referencing #$ARGUMENTS>" \
--body "$(cat <<'PR_EOF'
## Summary
<1-3 bullet points>
Closes #$ARGUMENTS
PR_EOF
)"
uv run maverick task-progress set <repo> $ARGUMENTS pr_open.uv run maverick pr wait <repo> <pr-num> --checks --timeout 30m
mav-bp-cicd,
fix locally, push, re-run the wait.uv run maverick task-progress set <repo> $ARGUMENTS ci_green.The local agent-code-reviewer subagent's verdict is the review gate the auto-merge path trusts. This is a binary verdict against the open PR, not a local-diff advisory loop.
MAVERICK_VERDICT: PASS or
MAVERICK_VERDICT: FAIL line — that line is the verdict; do not
infer it from the prose above it.
MAVERICK_VERDICT: PASS — proceed to Phase 10 (merge).MAVERICK_VERDICT: FAIL — proceed to Phase 11 (eject). Do not
attempt to auto-fix.uv run maverick task-progress set <repo> $ARGUMENTS review.There is no fix-and-re-review loop. If the reviewer FAILs the PR, the next step is eject-to-human, not iterate.
uv run maverick gh-app gh -- pr view <pr-url> --json body -q .body \
| grep -Eq '(Closes|Fixes|Resolves) #$ARGUMENTS\b' \
|| { echo "PR body missing 'Closes #$ARGUMENTS' — re-add before merging"; exit 1; }
uv run maverick pr auth-scan <repo> <pr-num>
needs-human,
post the scan output as a comment, release the claim) and stop.uv run maverick gh-app gh -- pr review <pr-url> --approve \
--body "Approved by agent-code-reviewer at $(date -u +%FT%TZ)"
uv run maverick gh-app gh -- pr merge <pr-url> --auto --squash
The merge waits on whatever required status checks the project's
branch protection enforces — typically lint, tests, build, and (if
the optional mav-bp-remote-code-review workflow is
adopted) the CI-side re-run of agent-code-reviewer. If all required
checks were already green, GitHub merges immediately; otherwise it
merges when they pass.uv run maverick pr wait <repo> <pr-num> --timeout 30m
Exit 3 (timeout) usually means a required check never reported —
investigate rather than looping; exit 4 (closed without merge) means
a human intervened — stop and report.uv run maverick task-progress set <repo> $ARGUMENTS merged.mav-github-issue-workflow.; merged to .") and
applies a merged-to-<branch> label, then closes the issue per the
per-project policy in .maverick/config.json's
issue_lifecycle.close_policy (#52). The default policy
(on_pr_merge) closes the issue immediately, which is right for
trunk-based and GitHub Flow repos. Repos using Gitflow or custom
promotion gates can set the policy to on_default_branch_merge or
manual to keep the issue open until promotion — the audit comment
and label still surface the merge so gh issue list -l merged-to-develop
finds work pending promotion. The CLI is idempotent (re-running it
on a closed issue is a no-op), so it is safe to retry:
uv run maverick issue close-on-merge <repo> $ARGUMENTS \
--pr <pr-num> --target <target-branch>
uv run maverick coord release <repo> $ARGUMENTS --reason merged.uv run maverick worktree destroy <worktree-path>.uv run maverick task-progress set <repo> $ARGUMENTS complete.uv run maverick report note --issue $ARGUMENTS --phase design \
--text "<one-sentence summary of what the analyst returned>"
uv run maverick report note --issue $ARGUMENTS --phase implement \
--text "<one-sentence summary of what landed in Phase 5>"
# ... one `report note` per phase that produced work worth narrating
.maverick/reports/ (resolved via git rev-parse --git-common-dir),
not the destroyed worktree's. Re-runs are deterministic:
uv run maverick report generate <repo> $ARGUMENTS
mav-github-issue-workflow):
uv run maverick gh-app gh -- pr comment <pr-url> --body-file /tmp/review-verdict.md
needs-human label to both the PR and the issue:
gh pr edit <pr-url> --add-label needs-human
gh issue edit $ARGUMENTS --add-label needs-human
gh pr edit <pr-url> --add-reviewer <human-handle>
uv run maverick state show <repo> <epic>):
ejected:
uv run maverick state set <repo> <epic> $ARGUMENTS ejected.uv run maverick bprop run <repo> <epic> --ejected $ARGUMENTS.mav-block-propagation.uv run maverick task-progress set <repo> $ARGUMENTS ejected.uv run maverick report note --issue $ARGUMENTS --phase review \
--text "<one-sentence summary of what the reviewer flagged>"
# ... one `report note` per phase that produced work worth narrating
uv run maverick report generate <repo> $ARGUMENTS
uv run maverick coord release <repo> $ARGUMENTS --reason ejected.#$ARGUMENTS.blocked-by:#N label from inside the workflow. Only a
human may clear a block.