π‘ Summary
Lisa is a governance framework that ensures Claude generates high-quality, consistent code through automated enforcement and guidance.
π― Target Audience
π€ AI Roast: βPowerful, but the setup might scare off the impatient.β
Risk: Medium. Review: shell/CLI command execution; outbound network access (SSRF, data egress); API keys/tokens handling and storage; filesystem read/write scope and path traversal; dependency pinning and supply-chain risk. Run with least privilege and audit before enabling in production.
Lisa
Lisa is a Claude Code governance framework that ensures Claude produces high-quality, consistent code through multiple layers of guardrails, guidance, and automated enforcement.
New to Lisa? Start with the Architecture Overview for a visual guide to how Lisa works, including the developer workflow diagram and multi-layer governance architecture.
Why Lisa Exists
Claude Code is powerful, but without guardrails it can:
- Produce inconsistent code styles across sessions
- Skip tests or quality checks when not reminded
- Over-engineer solutions or create unnecessary abstractions
- Mutate data instead of using immutable patterns
- Leave deprecated code instead of cleanly deleting it
Lisa solves this by applying a comprehensive governance system that guides Claude's behavior at every step.
The key insight: Not every developer needs to be an AI expert. Platform teams with deep AI knowledge can encode best practices into Lisa, and implementation teams get the benefits automatically through simple commands.
How It Works
Lisa applies multiple layers of quality control to your project:
| Layer | Purpose | Examples |
|-------|---------|----------|
| CLAUDE.md | Direct behavioral rules | "Never skip tests", "Always use immutable patterns" |
| Skills | Teach patterns & philosophy | Immutability, TDD, YAGNI/SOLID/DRY/KISS |
| Hooks | Auto-enforcement on every edit | Format and lint after Write/Edit operations |
| Slash Commands | Guided workflows | /project:implement, /project:review, /git:commit |
| Custom ESLint Plugins | Enforce code structure | Statement ordering, component structure |
| Thresholds | Configurable limits | Max complexity, max file length |
| Git Hooks | Pre-commit quality gates | Husky + lint-staged + commitlint |
| Agents | Specialized sub-agents | Codebase analysis, pattern finding |
These layers work together. When Claude writes code:
- CLAUDE.md tells it what patterns to follow
- Skills teach it the philosophy behind those patterns
- Hooks automatically format and lint the code
- ESLint plugins catch structural violations
- Git hooks prevent commits that fail quality checks
Team & Organization Usage
Lisa is designed for a two-tier organizational model that separates AI expertise from day-to-day development:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PLATFORM TEAM β
β β
β β’ Deep AI/LLM expertise (prompting, context engineering) β
β β’ Domain knowledge of coding standards & best practices β
β β’ Maintains and iterates on Lisa configurations β
β β’ Writes skills, hooks, ESLint rules, slash commands β
β β’ Tests guardrails against real-world edge cases β
β β
β β β
β βΌ β
β Lisa Repository β
β β β
β βΌ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β IMPLEMENTATION TEAMS β
β β
β β’ Focus on building end-user software β
β β’ Run `npx @codyswann/lisa` to bootstrap projects β
β β’ Use simple commands like `/project:implement` β
β β’ Don't need deep AI expertise β
β β’ Automatically get guardrails & quality enforcement β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Why This Model Works
For Platform Teams:
- Centralize AI governance expertise in one place
- Iterate on prompts, skills, and guardrails based on real feedback
- A/B test different approaches across the organization
- Push improvements to all teams instantly via Lisa updates
For Implementation Teams:
- No need to learn prompt engineering or context engineering
- Simple commands produce high-quality, consistent code
- Guardrails prevent common mistakes automatically
- Focus on business logic, not AI wrangling
How Implementation Teams Work
Once Lisa is applied to a project, developers have two paths:
Path 1: Just Type a Prompt
Even if a developer just types a vague request, Lisa's built-in prompt-complexity-scorer skill automatically evaluates it:
Developer: "Make the app faster"
Claude: This request scores 8/10 on complexity. I suggest writing it
as a spec to plan it out properly.
Would you like me to create `specs/performance-optimization.md`?
Complex or vague prompts (score 5+) are automatically routed to the spec workflow. Simple, well-defined requests (score 1-4) proceed immediately. Developers don't need to know which path to takeβLisa routes them automatically.
Path 2: The Full Workflow
For planned work, the workflow is two commands:
# 1. Create a spec file describing what you want # (or let Claude create it from your prompt) echo "Add user authentication with OAuth" > specs/add-auth.md # 2. Bootstrap: research, analyze, identify gaps /project:bootstrap @specs/add-auth.md # 3. Execute: plan tasks, implement with TDD, verify completion /project:execute @projects/add-auth
That's it. Behind the scenes, Lisa ensures:
- Comprehensive codebase and web research
- Knowledge gap detection (stops if questions need answering)
- Task breakdown and TDD implementation
- Verification that all tasks completed
- New patterns captured in
.claude/rules/PROJECT_RULES.md
Platform Team Iteration Example
- Platform Team discovers Claude sometimes creates overly complex functions
- Platform Team adds a
cognitiveComplexity: 10threshold to ESLint config - Platform Team writes a skill teaching Claude to decompose complex logic
- Platform Team pushes update to Lisa repository
- Implementation Teams run
lisaon their projects (or it happens via CI) - Implementation Teams now automatically get simpler, more maintainable code
Upstreaming Improvements
When implementation teams make improvements to Lisa-managed files (better CI configs, new hooks, etc.), the /lisa:review-implementation command helps upstream those changes back to Lisa:
# Start Claude Code with access to both your project and Lisa claude --add-dir ~/lisa # Run the review command /lisa:review-implementation
This command:
- Compares your project's Lisa-managed files against Lisa's source templates
- Generates a diff report showing what has changed
- Offers to copy improvements back to Lisa for all teams to benefit
Forking for Your Organization
# Fork Lisa for your organization gh repo fork CodySwannGT/lisa --org your-org --clone # Customize configurations cd lisa # Edit skills, hooks, CLAUDE.md, ESLint rules, etc. # Push to your org's fork git push origin main
Implementation teams then install from your organization's fork:
# Install globally from your fork npm install -g github:your-org/lisa # Or use npx with your fork npx github:your-org/lisa /path/to/project
Installation
Install Lisa globally via npm:
npm install -g @codyswann/lisa
Or use npx to run without installing:
npx @codyswann/lisa /path/to/project
Requirements
- Node.js 18+ (workflows default to 22.x)
- npm, bun, or pnpm
Optional Tools
These tools enhance Lisa's capabilities but are not required:
-
CodeRabbit CLI - AI-powered code review tool used by
/project:reviewInstallation (choose one):
# Recommended curl -fsSL https://cli.coderabbit.ai/install.sh | sh coderabbit --version # Verify installation # Homebrew (macOS/Linux) brew install coderabbit # NPX (no install needed) npx coderabbitai-mcp@latestIf not installed, the CodeRabbit review step in
/project:reviewwill be skipped silently.
Usage
Run Lisa against any project directory:
lisa /path/to/your-project # Or from within your project lisa . # Or with npx (no install required) npx @codyswann/lisa .
Options
| Option | Description |
|--------|-------------|
| -n, --dry-run | Show what would be done without making changes |
| -y, --yes | Non-interactive mode (auto-accept defaults, overwrite on conflict) |
| -v, --validate | Validate project compatibility without applying changes |
| -u, --uninstall | Remove Lisa-managed files from the project |
| -h, --help | Show help message |
Dry Run
Preview changes before applying them:
lisa --dry-run /path/to/your-project
CI/CD Usage
For automated pipelines, use non-interactive mode:
lisa --yes /path/to/project # Or with npx npx @codyswann/lisa --yes /path/to/project
Validate Mode
Check project compatibility without making changes:
lisa --validate /path/to/project
Uninstall
Remove Lisa-managed files from a project:
lisa --uninstall /path/to/project # Preview what would be removed lisa --dry-run --uninstall /path/to/project
Note: Files applied with copy-contents or merge strategies require manual cleanup as they modify existing content.
GitHub Rulesets
Lisa can also apply GitHub repository rulesets via a separate script. This enforces branch protection rules like requiring PRs, status checks, and preventing force pushes.
# Apply rulesets to a project's GitHub repo ~/lisa/lisa-github-rulesets.sh /path/to/project # Preview what would be applied ~/lisa/lisa-github-rulesets.sh --dry-run /path/to/project # Non-interactive mode ~/
Pros
- Automates code quality enforcement
- Guides developers without AI expertise
- Supports multiple layers of governance
- Facilitates collaboration between teams
Cons
- Requires initial setup and configuration
- May have a learning curve for new users
- Dependency on external tools for full functionality
- Complexity may deter some developers
Related Skills
pytorch
SβIt's the Swiss Army knife of deep learning, but good luck figuring out which of the 47 installation methods is the one that won't break your system.β
agno
SβIt promises to be the Kubernetes for agents, but let's see if developers have the patience to learn yet another orchestration layer.β
nuxt-skills
SβIt's essentially a well-organized cheat sheet that turns your AI assistant into a Nuxt framework parrot.β
Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.
Copyright belongs to the original author CodySwannGT.
