Plan Then Execute
Frozen plans with human approval gates.
Two-phase execution: plan in isolation, execute the frozen sequence.
[!CAUTION] Security first. Tool outputs cannot alter the plan. Human approval required.
Why This Exists
If tool outputs can alter the choice of later actions, injected instructions may redirect the agent toward malicious steps. This skill enforces:
- Plan phase β Generate tool sequence before seeing untrusted data
- Approval gate β Human reviews and approves
- Execution phase β Run exactly that sequence
Contents
| File | Purpose | |------|---------| | SKILL.md | Full protocol documentation | | PLAN.yml.tmpl | Plan template | | EXECUTION_LOG.md.tmpl | Execution log template |
Quick Example
# PLAN.yml
plan:
name: "Deploy to staging"
status: approved # Frozen after approval
steps:
- id: 1
name: "Run tests"
tool_call:
tool: "terminal.run"
args: { command: "npm test" }
status: pending
The Intertwingularity
Plan-then-execute is planning with security guarantees.
graph LR
PTE[π plan-then-execute] -->|frozen variant of| PL[ποΈ planning]
PTE -->|logs to| SL[π session-log]
PTE -->|can use| TC[π΄ card]
SS[π― sister-script] -->|produces| PTE
Dovetails With
Sister Skills
| Skill | Relationship | |-------|--------------| | planning/ | Flexible, evolving alternative | | session-log/ | Execution gets logged | | sister-script/ | Scripts become plans |
Protocol Symbols
| Symbol | Link |
|--------|------|
| PLAN-EXECUTE | PROTOCOLS.yml |
| APPEND-ONLY | PROTOCOLS.yml β Execution log |
| WHY-REQUIRED | PROTOCOLS.yml β Every step explains intent |
Navigation
| Direction | Destination | |-----------|-------------| | β¬οΈ Up | skills/ | | β¬οΈβ¬οΈ Root | Project Root | | ποΈ Sister | planning/ |