Skill-first rule now has two halves: route the request to a doing-skill, then gate the result with the matching check-skill before 'done' -- inferred from the request, not user-named. Adds .claude/SKILL_ROUTING.md (on-demand request->doing-skill->check-skill map). Enforcement tier A+B (CORE rule + map; Stop-hook backstop deferred). Calibrate to stakes, Ollama Tier-0 for cheap passes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
21 lines
3.4 KiB
Markdown
21 lines
3.4 KiB
Markdown
---
|
|
name: feedback_skill_first_routing
|
|
description: If an installed skill/command covers a request, INVOKE THE SKILL — never hand-roll the API from memory. Syncro billing/invoicing ALWAYS goes through /syncro (or /syncro-emergency-billing). Knowing the API is not a license to bypass the skill.
|
|
metadata:
|
|
type: feedback
|
|
---
|
|
|
|
When a request maps to an installed skill or slash-command, **invoke that skill** rather than improvising raw `curl`/API calls. This is a hard rule, now in CORE `CLAUDE.md` ("Skill-first"). The canonical offender is **Syncro billing**: every invoice/line-item/ticket-billing request goes through the `/syncro` skill (or `/syncro-emergency-billing` for after-hours) — NOT ad-hoc API calls.
|
|
|
|
**Two halves (CORE "Definition of Done"):** (1) route the REQUEST to a *doing-skill*, then (2) GATE the result with the matching *check-skill* BEFORE calling work done — automatically, inferred from the request + expected end result, WITHOUT the user naming skill A/B/C. Standing gates: code edits → `/code-review` + `/simplify` (+ `/security-review` if it touches auth/creds/security); outbound/client-facing → `impeccable`/`stop-slop`; Syncro/vendor → the skill's own preview+confirm gate; wiki/memory → `wiki-lint`/`memory-dream`. **Calibrate to stakes** (skip heavy review on a typo) and push cheap classify/prose passes to **Ollama Tier-0** to stay low-token. Full request→doing-skill→check-skill table: **`.claude/SKILL_ROUTING.md`** (read on demand). Decided with Mike 2026-06-26: enforcement tier "A+B" (CORE rule + on-demand map; deterministic Stop-hook backstop intentionally deferred until proven, to avoid friction).
|
|
|
|
**Why:** I default to "act directly" and, because I "know" the Syncro REST API, I reach for a hand-rolled `add_line_item` curl from memory. Free-handing the payload gets the structure wrong (attribution/`?api_key=` owner, `taxable:false`, line-item shape, priority/type format, blank contact, the preview gate), producing malformed tickets — and **Winter has to fix them** (already flagged on #32193/#32194 and others). The skill encodes all of that correctly and enforces the preview/confirm gate. The detailed billing rules in [[feedback_syncro_billing]] describe what the SKILL does when it bills; they are NOT a license to bypass the skill and do it by hand.
|
|
|
|
**How to apply:**
|
|
- Billing/invoicing/ticketing/scheduling in Syncro -> `/syncro` (after-hours/emergency -> `/syncro-emergency-billing`). No exceptions, even for a "quick" one-line charge.
|
|
- More generally: before reaching for raw API, ask "is there a skill for this?" Credentials -> `vault`; RMM actions -> `/rmm` (find the host with `rmm-search`); M365 investigation/remediation -> `remediation-tool`; the per-vendor skills (bitdefender, datto-edr, packetdial, b2, mailprotector, screenconnect...) own their APIs.
|
|
- Use raw API ONLY when no skill fits, or the skill genuinely cannot do the thing — and SAY SO explicitly when you do, so the user can sanity-check.
|
|
- When the user corrects a bypass, log it: `bash .claude/scripts/log-skill-error.sh "<skill>" "hand-rolled API instead of using the skill" --correction`.
|
|
|
|
Related: [[feedback_psa_default_syncro]] (Syncro is the default PSA), [[feedback_syncro_preview_mandatory]] (preview gate the skill enforces), [[feedback_syncro_priority_type_format]] (a malformed-ticket case Winter flagged), [[feedback_syncro_billing]], [[feedback_syncro_workflow]].
|