Skip to content

Safety & Data

oh-my-sdd is intentionally narrow in what it touches. Before installing, here's exactly what it does — and doesn't — do.

What the installer touches

  • ~/.claude/skills/oh-my-sdd*/ — the 6 skill folders it installs, plus ~/.claude/skills/.oh-my-sdd-manifest.json (an integrity manifest). Nothing else in ~/.claude/skills/ is modified.
  • That's it. The installer never touches your global ~/.claude/CLAUDE.md, your project's CLAUDE.md, or any other Claude Code configuration.

What the skills touch, once you run a task

While working through the SDD flow inside a project, the skills only read/write:

  • .oh-my-sdd/constitution.md — one per project, generated by analyzing your existing code and config.
  • .oh-my-sdd/specs/<slug>/{spec.md,plan.md,tasks.md} — one folder per feature.
  • Your actual source files — but only during the oh-my-sdd-implement phase, and only after you've explicitly confirmed the plan and task list at checkpoint #2.

No skill ever regenerates or overwrites a validated constitution.md or an already-validated spec/plan/tasks without explicitly telling you first and asking for confirmation.

The two human checkpoints

  1. After spec.md is generatedoh-my-sdd-specify will not proceed to planning until you explicitly validate the specification.
  2. After plan.md and tasks.md are generatedoh-my-sdd-tasks will not proceed to implementation until you explicitly approve both, together.

No implementation code is written before checkpoint #2 is confirmed.

Everything is reversible

npx oh-my-sdd uninstall

removes every file the installer created. Nothing is left behind outside the 6 skill folders and the manifest.

Because specs and the constitution live inside your project under .oh-my-sdd/, they're plain files under your own version control — delete the folder, or git revert, and you're back to where you started.