Sharing Posture Worksheet

Module 7, Lesson 7.5 · one decision per authored extension · revisit every hygiene ritual

Scope: This worksheet is for authored extensions — your custom skill, your custom plugin, any additional skills or plugins you build. Installed third-party extensions are someone else's sharing decision, not yours.

Default: Posture A (do not share). You should have to earn your way to Posture B, and earn it twice over to reach Posture C.

First-year authors almost always belong in Posture A.

A plugin that has never been through a hygiene ritual without a refactor is not ready to share. Shipping too early creates a support obligation you did not plan for — and a security surface you cannot audit after it leaves your machine.

Header

Extension name:

Type: ☐ skill ☐ plugin

Version at decision:

Hygiene cycles survived:

Decision date:

The three postures

Default · Recommended

A — Do not share

Extension stays on your machine. Audience = only you.

When: anything authored in your first year. Anything that has not survived at least one full hygiene ritual without a refactor. Anything where sharing would feel like performance, not utility.

Minimum documentation:

Register row with audit complete
SECURITY.md (if plugin)
Nothing else required.

Earned · Narrow audience

B — Private named audience

Shared with a named, small audience: a family member, a co-op classmate, a peer. Not a marketplace.

When: extension has survived 2+ hygiene rituals without a significant refactor, its work is stable, and the named audience has been asked and wants the tool.

Minimum documentation:

Everything in Posture A, plus:
README.md naming the intended audience explicitly
Commitment to notify them manually on updates
Full SECURITY.md (even for skills)

Earned twice · Public

C — Public share

Marketplace listing, open repo, unknown audience. The bar is much higher and the commitment is ongoing.

When: extension has survived a full quarter of your own use without refactor and you are ready to treat maintenance as a recurring commitment. Module 9 supply-chain discipline applies.

Minimum documentation:

Everything in Posture B, plus:
Maintained CHANGELOG.md with permission-delta callouts
Commitment to respond to permission-expansion questions
Module 9 supply-chain and secrets review completed

Part 1 — Pick a posture

Declaration

Circle the posture you are declaring for this extension as of today. You can revise it at a future hygiene ritual; the posture is not permanent.

○ Posture A — do not share ○ Posture B — private named audience ○ Posture C — public share

One-sentence reason for the posture:

Part 2 — Readiness test

Answer each question for the posture you declared in Part 1. All rows for your posture must be yes, or your posture is stepping down one letter.

Applies to	Readiness question	Yes / No (write the evidence)
A, B, C	Is this extension actually used by me — invoked in the last 30–60 days with a real task?
A, B, C	Has the register row's audit been run and SECURITY.md (plugins) or manifest block (skills) filled honestly?
B, C	Has the extension survived at least two hygiene rituals without a significant refactor (description or permission surface)?
B, C	Has a named audience (B) or a defined public audience (C) actually asked for this tool — or is the sharing motivated by performance rather than utility?
B, C	Am I willing to notify the audience when I ship an update (B: manually; C: via changelog)?
C	Has the extension survived a full quarter of my own use without refactor?
C	Am I ready to treat maintenance as a recurring commitment (respond to permission questions, ship updates, retire when appropriate)?
C	Has Module 9 supply-chain review been completed (secrets, update signing, installer trust model)?

Honest downgrade

If any row applicable to your declared posture is a no, downgrade the posture one letter. (C → B. B → A.) Note the downgrade below and revisit next hygiene ritual.

☐ No downgrade needed ☐ Downgraded from ____ to ____

If downgraded, which row was the blocker?

Part 3 — Minimum documentation for the declared posture

Check the items required for your final posture (after any downgrade in Part 2). Every box must be checked before you share at that posture.

Posture A (default)

Register row filled in extension-register-v1.md with audit complete.
(Plugins) SECURITY.md with S1–S7 answered at the plugin root.

Posture B (private named audience)

Everything from Posture A.
README.md names the intended audience explicitly (e.g., "For use by <named person> on their homeschool setup; not intended for general distribution").
Full SECURITY.md — even if this is a loose skill, answer the questionnaire before handoff.
Commitment to notify the audience manually on updates. How:
Install instructions the audience can follow without you present.

Posture C (public)

Everything from Posture B.
Maintained CHANGELOG.md with explicit permission-delta callouts on every release.
Commitment to respond to permission-expansion questions within a named window. Window:
Module 9 supply-chain review completed (secrets hygiene, update trust model, installer signal).
Public contact surface for support or deprecation notice. Link:
Retirement plan: how will the public audience know if and when this extension is retired?

Part 4 — Next revisit

Sharing posture gets revisited at every hygiene ritual. Rows that graduate from A to B or B to C do so at a ritual, after one or more cycles of clean use. Rows can also move down — a C plugin you can no longer maintain is a B or A plugin, honestly.

Next ritual date:

Trigger for re-evaluation (e.g., "next clean ritual after a co-op request," or "after Module 9 is complete"):

Posture A is not a consolation prize.

Keeping an extension private is the disciplined default; most good tools never need to leave the author's machine. Shipping is a commitment, not an accomplishment.

This worksheet accompanies Lesson 7.5 of AI Architect Academy. Posture definitions, readiness tests, and documentation minimums are concept. Tool-specific sharing mechanics (marketplace listing flows, repo publishing) live in the Recipe Book.