Loobster — docs

What is Loobster?

Loobster (loop + lobster 🦞) is a loop harness for AI-assisted development (Claude Code and Codex) that turns it into a repeatable, reviewable, secure loop — the RePPITS methodology: Research → Propose → Plan → Implement → Test → Secure. It right-sizes each task, can run autonomously between gates, and proves its work instead of trusting itself.

It's markdown-and-conventions — no servers, no lock-in. Healthcare compliance is one aspect (HIPAA/HITRUST), alongside ISO 27001 and SOC 2 — enable only what your repo needs.

Why loop engineering

AI development is moving from one-shot prompts to durable, autonomous loops — the loop, not the prompt, is the unit of work. But an unsupervised loop is only as trustworthy as its guardrails: left alone it will rubber-stamp its own output, drift from scope, or burn the context window.

Loobster is the harness that makes a loop safe to let run — risk-tiered gates, a bounded convergence loop (cap 3, then escalate to a human), independent verification (never self-verify), a shared signals channel, and compliance + token discipline so long loops stay affordable.

Foundations: RePPIT (Mihail Eric) gives the phase structure a loop iterates over; headroom (Tejas Chopra) gives the token economics that make long loops viable. Loobster wires both into the agent's control loop.

For teams — how a team benefits

Loobster is built for multiple people (and their agents) working on one codebase. The hard part of team AI-dev isn't writing code — it's coordination and trust. Loobster makes both first-class.

📡

A shared signals hub

Every loop, agent, or teammate drops observations (frictions / opportunities / facts) into one committed signals/ store. Anyone's loop reads the relevant ones.

Benefit: an insight one person's support loop finds (“5 users can't find export”) automatically reaches another person's product loop — without a meeting.

author attributionfile-per-signal = merge-safelive dashboard

🔬

Never self-verify

Every Test / Secure / frontend / loop check runs in a separate verifier agent that did not write the code. The implementer never grades its own work.

Benefit: reviews you can trust at scale — an unattended loop can't rubber-stamp itself, so the team can let it run.

📊

Team status board

bin/signals-build.py renders signals/ into a dynamic dashboard (by status / author / loop / type). Publish it to a shared URL via GitHub Pages — no other accounts.

Benefit: one glance shows what every loop and teammate is seeing across the codebase.

🖼️

Verifiable frontend on every PR

Touch the UI and Loobster captures Playwright screenshots and attaches them to the PR (GitHub Actions artifacts + a native comment — no Imgur/S3).

Benefit: reviewers see the change rendered, not just “tests pass” — faster, safer approvals.

🎯

Self-healing goal-loops

/loop pursues a standing goal by working a RICE-scored backlog cycle after cycle. It's self-driving (arms its own re-entry and prints the schedule), crash-safe (a dead turn is reclaimed and resumed, not lost), and runs to a real exit — never pausing at a milestone. A single-runner lease keeps concurrent re-entries from colliding on a shared worktree. Ask /loop status to see the schedule, backlog, and runner.

Benefit: a goal like “fix all P0/P1 in the epic as PRs to staging” keeps progressing across crashes, sessions, and hand-offs — without rubber-stamping itself.

🛡️

Compliance your team chooses

Per-repo .claude/loobster-frameworks.json enables any of HIPAA · HITRUST · ISO 27001 · SOC 2. Sensitive changes never auto-advance; Secure always runs.

Benefit: the same workflow fits a healthcare repo and a general SaaS repo — no separate tooling.

A typical team rhythm

Each person runs loops (support, SEO, product, …) that emit signals to the shared hub.
A goal-loop consumes the highest-value signals → spawns scored backlog tasks → ships PRs.
Every change is independently verified (Test/Secure by a separate agent; UI by Playwright on the PR).
The dashboard (local or on Pages) keeps everyone aligned on what's happening.

How it works

Layer	What it does
RePPITS (`/run`)	The gated workflow. Phase 0 right-sizes the task; sensitive changes keep every gate; Secure always runs.
Autonomous mode	At the plan gate, “run autonomously” drives Implement→Test→Secure itself (bounded loop, cap 3, escalates) — stops only at the final commit/push.
Goal-loop (`/loop`)	Outer loop over a prioritized backlog toward a standing goal; consumes + emits signals each cycle.
Signals (`/signals`)	The shared team hub. Non-PHI summaries only (the rule that lets it be committed + shared).
Verify (`/verify-frontend`, Test, Secure)	Independent verification — a separate agent, never the author. Frontend proven with screenshots.
Token discipline	Subagent isolation + artifact compaction keep context lean; optional headroom compression for heavy loops.

Commands

Command	Does
`/run <topic>`	Full Research→Propose→Plan→Implement→Test→Secure, gated
`/loop <goal>`	Continuous goal-loop over a RICE-scored backlog
`/signals`	Shared team hub: emit / consume observations
`/verify-frontend`	Playwright screenshots attached to the PR
`/secure`	Run your enabled compliance frameworks against the diff
`/resume`	Rebuild + continue a crashed workflow from Tasks
…plus /research-codebase, /make-proposals, /make-plan, /implement, /review-code

Quickstart

In Claude Code (or any plugin-spec client):

/plugin marketplace add NilsWidal/loobster
/plugin install loobster@nilswidal-loobster

Then, in any repo:

# build one thing, gated
/loobster:run Add a patient intake form

# pursue a standing goal autonomously
/loobster:loop fix all P0/P1 in the epic as PRs to staging

# pick your compliance frameworks (.claude/loobster-frameworks.json)
{ "frameworks": ["soc2", "iso27001"] }

Or with Codex — it reads AGENTS.md + .agents/skills/ from the repo:

codex            # then:  $run <task>   ·   $loop <goal>   ·   $secure

See the full README for every feature.