Skill: Kaiza MCP Operations
Purpose
Ensure all code modifications are made within approved plans, tracked via Kaiza MCP, and auditable via KAIZA-AUDIT blocks.
When to Use This Skill
- •Starting any coding task (feature, bug fix, refactoring, release)
- •When Kaiza MCP is available in the environment
- •Before reading or writing files
Steps
1) Kaiza preflight
- •Call Kaiza
read_promptto loadWINDSURF_CANONICAL(authoritative config) - •Call Kaiza
list_plansto see approved plans for this workspace - •Select a plan that matches the scope of your task
If no matching plan exists:
- •Stop and propose a plan
- •Do not proceed until the plan is approved
2) Understand plan boundaries
Each plan has:
- •scope: What files/modules it covers
- •authority: Which rules govern it
- •risk level: How much change is permitted
- •verification: What checks must pass
Example plan:
code
Plan: "implement-feature-x" Scope: src/features/x, tests/features/x, docs/features/x Authority: AGENTS.md, GLOBAL_RULES.md, @no-placeholders-production-code Risk: moderate (new code, within isolated feature) Verification: all tests pass, lint clean, coverage >80%
3) Read files using Kaiza
Use Kaiza read_file for all reads (not standard file operations).
This ensures:
- •Reads are tracked for audit
- •Permissions are checked against the plan
- •Context is loaded into the MCP session
4) Write files with provenance metadata
For every file write using Kaiza write_file, include:
- •plan: Name of the approved plan (e.g., "implement-feature-x")
- •role: executable | boundary | library | infra | test | docs
- •purpose: What does this file exist to do?
- •usedBy: What imports/invokes it?
- •connectedVia: How it integrates (routes, DI, CLI, job scheduler)
- •executedVia: How it runs (node, python, docker, CI)
- •failureModes: Known failure patterns
- •authority: Which rules govern this file
Example write metadata:
code
plan: "implement-feature-x" role: "boundary" purpose: "HTTP handler for feature X endpoints" usedBy: "app.js (main router), tests/features/x.test.js" connectedVia: "Express route registration in /features route group" executedVia: "Node.js, runs on every HTTP request" failureModes: "Invalid input → 400, Database down → 500, Timeout → 504" authority: "AGENTS.md (route patterns), @secure-by-default (input validation)"
5) Run verification gates after every change
After each write:
bash
npm test npm run lint npm run typecheck python scripts/ci/forbidden_markers_scan.py --root .
If any gate fails, stop and fix before continuing.
6) Produce KAIZA-AUDIT block
After all changes are complete, produce a machine-checkable audit block:
code
KAIZA-AUDIT Plan: implement-feature-x Scope: src/features/x/handler.js, src/features/x/model.js, tests/features/x.test.js Intent: Add HTTP API for feature X with structured logging and input validation Key Decisions: - Used Express middleware for input validation (familiar, proven) - Stored feature X in new module to avoid tight coupling - Added correlation ID propagation for observability Verification: - npm test: PASS (all tests pass, +3 new test cases) - npm run lint: PASS - npm run typecheck: PASS - forbidden_markers_scan.py: PASS - Coverage: 92% for feature X module (target: >80%) Results: All gates pass. Code is ready for review. Risk Notes: Feature X depends on external service Y; timeouts configured to 5s Rollback: Revert commits or feature-flag can disable feature X via ENV var KAIZA-AUDIT-END
7) Embed KAIZA-AUDIT in PR description
If using GitHub/GitLab:
- •Paste the KAIZA-AUDIT block into the PR description
- •CI will validate it has all required fields
- •Reviewers use it to understand the scope and safety checks
Quality Checklist
- • Approved plan selected (or proposed)
- • All reads use Kaiza
read_file - • All writes use Kaiza
write_filewith provenance metadata - • All verification gates pass after each change
- • KAIZA-AUDIT block is produced with all required fields
- • Plan scope is respected (no out-of-scope changes)
- • Risk level is appropriate for the change
- • Authority rules are referenced in KAIZA-AUDIT
Verification Commands
bash
# Check that Kaiza tools are available which kaiza || echo "Kaiza not available" # Check that plans can be listed kaiza list_plans # Verify KAIZA-AUDIT format (locally) grep -A 8 "^KAIZA-AUDIT$" PR_DESCRIPTION.md | grep -E "Plan:|Scope:|Intent:|Key Decisions:|Verification:|Results:|Risk Notes:|Rollback:"
How to Recover if Plan Boundary is Breached
If you realize you've made changes outside the plan scope:
- •Revert the out-of-scope changes
- •Propose a new or amended plan
- •Wait for approval
- •Resume the task with the updated plan
If a verification gate fails:
- •Stop and fix the issue
- •Re-run the gate
- •Continue only after gate passes
KAIZA-AUDIT Compliance
Every task using this skill must produce a KAIZA-AUDIT block with:
- •Plan: Approved plan name
- •Scope: Files/modules touched
- •Intent: What outcome is delivered
- •Key Decisions: Why these choices
- •Verification: Exact commands executed and results
- •Results: Pass/fail with artifacts
- •Risk Notes: Remaining risks + mitigations
- •Rollback: How to revert safely