@boyingliu01/xp-gate 0.14.6 → 0.14.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/adapters/plugins/whalecloud-java/scripts/install-maven-whalecloud.sh +4 -2
  2. package/bin/xp-gate.js +8 -0
  3. package/lib/__tests__/next-sprint.test.js +231 -0
  4. package/lib/__tests__/sprint-status.test.ts +9 -18
  5. package/lib/next-sprint.js +129 -0
  6. package/lib/sprint-status.js +3 -4
  7. package/mock-policy/AGENTS.md +3 -3
  8. package/mock-policy/__tests__/gate-m3.test.ts +384 -0
  9. package/mock-policy/__tests__/schema.test.ts +239 -0
  10. package/mutation/AGENTS.md +3 -3
  11. package/package.json +1 -1
  12. package/plugins/claude-code/.claude-plugin/plugin.json +1 -1
  13. package/plugins/claude-code/skills/delphi-review/AGENTS.md +3 -3
  14. package/plugins/claude-code/skills/delphi-review/SKILL.md +62 -3
  15. package/plugins/claude-code/skills/delphi-review/hooks.md +19 -0
  16. package/plugins/claude-code/skills/delphi-review/scripts/verify-consensus.sh +43 -0
  17. package/plugins/claude-code/skills/delphi-review/tools.md +29 -0
  18. package/plugins/claude-code/skills/sprint-flow/AGENTS.md +3 -3
  19. package/plugins/claude-code/skills/sprint-flow/hooks.md +18 -0
  20. package/plugins/claude-code/skills/sprint-flow/scripts/verify-sprint-state.sh +38 -0
  21. package/plugins/claude-code/skills/sprint-flow/tools.md +29 -0
  22. package/plugins/claude-code/skills/test-specification-alignment/AGENTS.md +3 -3
  23. package/plugins/opencode/README.md +14 -0
  24. package/plugins/opencode/index.ts +72 -0
  25. package/plugins/opencode/package.json +1 -1
  26. package/plugins/opencode/skills/delphi-review/AGENTS.md +3 -3
  27. package/plugins/opencode/skills/delphi-review/SKILL.md +62 -3
  28. package/plugins/opencode/skills/delphi-review/hooks.md +19 -0
  29. package/plugins/opencode/skills/delphi-review/scripts/verify-consensus.sh +43 -0
  30. package/plugins/opencode/skills/delphi-review/tools.md +29 -0
  31. package/plugins/opencode/skills/sprint-flow/AGENTS.md +3 -3
  32. package/plugins/opencode/skills/sprint-flow/hooks.md +18 -0
  33. package/plugins/opencode/skills/sprint-flow/scripts/verify-sprint-state.sh +38 -0
  34. package/plugins/opencode/skills/sprint-flow/tools.md +29 -0
  35. package/plugins/opencode/skills/test-specification-alignment/AGENTS.md +3 -3
  36. package/plugins/qoder/plugin.json +1 -1
  37. package/plugins/qoder/skills/delphi-review/AGENTS.md +3 -3
  38. package/plugins/qoder/skills/sprint-flow/AGENTS.md +3 -3
  39. package/plugins/qoder/skills/test-specification-alignment/AGENTS.md +3 -3
  40. package/principles/AGENTS.md +3 -3
  41. package/skills/delphi-review/AGENTS.md +3 -3
  42. package/skills/delphi-review/SKILL.md +62 -3
  43. package/skills/delphi-review/hooks.md +19 -0
  44. package/skills/delphi-review/scripts/verify-consensus.sh +43 -0
  45. package/skills/delphi-review/tools.md +29 -0
  46. package/skills/sprint-flow/AGENTS.md +3 -3
  47. package/skills/sprint-flow/hooks.md +18 -0
  48. package/skills/sprint-flow/scripts/verify-sprint-state.sh +38 -0
  49. package/skills/sprint-flow/tools.md +29 -0
  50. package/skills/test-specification-alignment/AGENTS.md +3 -3
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **6-phase** development pipeline (v2.0 compact redesign, Issue #290): PREP → DESIGN → BUILD → VERIFY → SHIP → CLOSE. Phase 3/6 BUILD default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE between DESIGN (2/6) and BUILD (3/6): design must pass Delphi review (≥90% consensus) before any coding.
@@ -0,0 +1,18 @@
1
+ # Hooks — Sprint Flow
2
+
3
+ Sprint Flow integrates with safety and operational hooks to protect the development environment.
4
+
5
+ ## Security Hooks
6
+
7
+ | Hook | Purpose | Activation |
8
+ |------|---------|------------|
9
+ | `/careful` | Safety guardrails for destructive commands | Activate before any `rm`, `force-push`, or `git reset` |
10
+ | `/freeze` | Restrict edits to sprint worktree directory | Prevent accidental changes outside sprint scope |
11
+ | `/guard` | Full safety mode (careful + freeze) | Maximum protection for high-risk operations |
12
+
13
+ ## Operational Hooks
14
+
15
+ | Hook | Purpose | Activation |
16
+ |------|---------|------------|
17
+ | `/context-save` | Save sprint context before pause or handoff | Before pausing sprint or switching tasks |
18
+ | `/context-restore` | Restore sprint context on resume | When resuming from pause or handoff |
@@ -0,0 +1,38 @@
1
+ #!/usr/bin/env bash
2
+ # sprint-flow: Verify sprint state integrity
3
+ # Checks that sprint-state.json is valid JSON and all expected keys exist.
4
+ #
5
+ # Usage: bash verify-sprint-state.sh [sprint-state-dir]
6
+
7
+ set -euo pipefail
8
+
9
+ STATE_DIR="${1:-.sprint-state}"
10
+ STATE_FILE="$STATE_DIR/sprint-state.json"
11
+
12
+ if [ ! -f "$STATE_FILE" ]; then
13
+ echo "SKIP: No sprint-state.json found at $STATE_FILE"
14
+ exit 0
15
+ fi
16
+
17
+ # Validate JSON
18
+ if ! command -v node &>/dev/null; then
19
+ echo "WARN: node not available, skipping JSON validation"
20
+ exit 0
21
+ fi
22
+
23
+ node -e "
24
+ const fs = require('fs');
25
+ try {
26
+ const data = JSON.parse(fs.readFileSync('$STATE_FILE', 'utf8'));
27
+ const requiredKeys = ['sprint_id', 'status', 'current_phase', 'phases'];
28
+ const missing = requiredKeys.filter(k => !(k in data));
29
+ if (missing.length > 0) {
30
+ console.error('ERROR: Missing required keys in sprint-state.json:', missing.join(', '));
31
+ process.exit(1);
32
+ }
33
+ console.log('OK: sprint-state.json is valid with all required keys');
34
+ } catch (e) {
35
+ console.error('ERROR: sprint-state.json is not valid JSON:', e.message);
36
+ process.exit(1);
37
+ }
38
+ "
@@ -0,0 +1,29 @@
1
+ # Tools Whitelist — Sprint Flow
2
+
3
+ Sprint Flow is an **orchestration skill** that coordinates subagents and system commands.
4
+ It does NOT implement code directly — it delegates implementation to subagents.
5
+
6
+ ## Allowed Tools
7
+
8
+ | Tool | Usage | Rationale |
9
+ |------|-------|-----------|
10
+ | `Bash(git, gh, npm, node)` | git worktree/branch/commit, gh PR/release, npm/node CLI | Required for sprint infrastructure management |
11
+ | `Read` | Read project files, configs, docs | Required for context gathering |
12
+ | `Write` | Write sprint-state, specification.yaml, phase summaries | Required for sprint state persistence |
13
+ | `Edit` | Edit sprint-state, CHANGELOG, VERSION | Required for version management |
14
+ | `Glob` | Find project files by pattern | Required for project discovery |
15
+ | `Grep` | Search file contents | Required for codebase understanding |
16
+ | `Task` | Delegate to subagents (quick, deep, unspecified-high) | Core orchestration mechanism |
17
+ | `Skill` | Invoke integrated skills (brainstorming, autoplan, delphi-review, etc.) | Required for skill chain execution |
18
+ | `TodoWrite` | Track sprint progress | Required for progress visibility |
19
+ | `Question` | Ask user at decision gates | Required for user decision points |
20
+
21
+ ## Denied Tools
22
+
23
+ | Tool | Rationale |
24
+ |------|-----------|
25
+ | `rm -rf (any recursive force remove)` | Destructive — sprint flow only cleans up via `git worktree remove` |
26
+ | `git push --force` | Destructive — never force push during sprint |
27
+ | `DROP TABLE or destructive DB operations` | Destructive — sprint flow orchestrates, does not manage databases |
28
+ | `Write(source code)` | Sprint flow NEVER writes implementation code directly — delegates to subagents via `Task` |
29
+ | `Edit(source code)` | Sprint flow NEVER edits implementation code — delegates to subagents via `Task` |
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "xp-gate",
3
- "version": "0.14.6",
3
+ "version": "0.14.8",
4
4
  "displayName": "XP-Gate",
5
5
  "description": "Extreme Programming quality gates + AI workflow skills for Qoder. Includes 10 quality gates (Gate 0-9), Sprint Flow (11 phases), and Delphi multi-expert review (>=90% consensus).",
6
6
  "author": {
@@ -1,9 +1,9 @@
1
1
  # SKILLS/DELPHI-REVIEW KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Delphi Consensus Review — multi-round anonymous expert review (≥90% threshold, 3 experts from ≥2 providers, domestic models only). Supports design + code-walkthrough modes.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **6-phase** development pipeline (v2.0 compact redesign, Issue #290): PREP → DESIGN → BUILD → VERIFY → SHIP → CLOSE. Phase 3/6 BUILD default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE between DESIGN (2/6) and BUILD (3/6): design must pass Delphi review (≥90% consensus) before any coding.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.
@@ -1,9 +1,9 @@
1
1
  # PRINCIPLES CHECKER MODULE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Clean Code & SOLID principles checker — **Gate 4** of pre-commit. 14 rules × 9 language adapters, SARIF 2.1.0 output. Houses the **Boy Scout Rule** enforcement engine (Gate 6) and warning-baseline storage.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/DELPHI-REVIEW KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Delphi Consensus Review — multi-round anonymous expert review (≥90% threshold, 3 experts from ≥2 providers, domestic models only). Supports design + code-walkthrough modes.
@@ -13,14 +13,19 @@ description: >
13
13
  before push, architecture evaluation, or "/delphi-review".
14
14
  NOT WHEN: Asking HOW to review something (educational), mentioning "review" in passing without intent,
15
15
  requesting a simple code check or lint, asking about the Delphi process itself, or mentioning
16
- "review" as part of a different workflow (e.g., "code review" without multi-expert intent).
16
+ "review" as part of a different workflow (e.g., "code review" without multi-expert intent),
17
+ asking for review guidelines/checklists/formats, individual peer review, or casual review requests.
17
18
 
18
19
  TRIGGERS: "/delphi-review", "review this design", "评审这个需求", "评审这个设计", "design review",
19
20
  "多专家评审", "consensus review", "code walkthrough", "push review", "architecture review",
20
- "delphi review", "run delphi", "start delphi".
21
+ "delphi review", "run delphi", "start delphi", "评审这个架构", "review this architecture",
22
+ "评审PR", "review this PR with delphi", "delphi评审", "delphi 评审", "run delphi review",
23
+ "执行delphi", "启动delphi评审".
21
24
  NEGATIVE TRIGGERS: "how does delphi work", "what is delphi review", "code review checklist",
22
25
  "review my code quickly", "can you review this", "peer review", "I need a review",
23
- "explain the review process", "review guidelines".
26
+ "explain the review process", "review guidelines", "how to review a design",
27
+ "code review template", "review format", "PR review", "帮我review一下",
28
+ "just review this", "quick review", "review steps".
24
29
  maturity: beta
25
30
  auto_continue: true
26
31
  triggers:
@@ -37,6 +42,15 @@ triggers:
37
42
  - "delphi review"
38
43
  - "run delphi"
39
44
  - "start delphi"
45
+ - "评审这个架构"
46
+ - "review this architecture"
47
+ - "评审PR"
48
+ - "review this PR with delphi"
49
+ - "delphi评审"
50
+ - "delphi 评审"
51
+ - "run delphi review"
52
+ - "执行delphi"
53
+ - "启动delphi评审"
40
54
  triggers_negative_examples:
41
55
  - "how does delphi work" # educational question about the process
42
56
  - "what is delphi review" # asking for explanation, not execution
@@ -49,6 +63,15 @@ triggers_negative_examples:
49
63
  - "review guidelines" # asking about guidelines, not executing
50
64
  - "how to review a design" # educational
51
65
  - "PR review" # single-reviewer PR check, not multi-expert Delphi
66
+ - "review my PR" # informal PR review request, not Delphi
67
+ - "帮我review一下" # casual Chinese review request, no multi-expert intent
68
+ - "just review this" # casual, single-pass review request
69
+ - "quick review" # explicitly contradicts multi-round Delphi process
70
+ - "review steps" # asking for review instructions, not running review
71
+ - "code review template" # asking for a template, not executing review
72
+ - "review format" # asking about format, not executing
73
+ - "show me how to review" # educational request about reviewing
74
+ - "review checklist example" # asking for examples, not running review
52
75
  triggers_negative_test_cases:
53
76
  - input: "how does delphi work"
54
77
  expect: "NOT triggered"
@@ -86,6 +109,24 @@ triggers_negative_test_cases:
86
109
  expect: "triggered"
87
110
  - input: "delphi review"
88
111
  expect: "triggered"
112
+ - input: "评审这个架构"
113
+ expect: "triggered"
114
+ - input: "delphi 评审"
115
+ expect: "triggered"
116
+ - input: "run delphi review"
117
+ expect: "triggered"
118
+ - input: "review my PR"
119
+ expect: "NOT triggered"
120
+ - input: "帮我review一下"
121
+ expect: "NOT triggered"
122
+ - input: "just review this"
123
+ expect: "NOT triggered"
124
+ - input: "quick review"
125
+ expect: "NOT triggered"
126
+ - input: "review steps"
127
+ expect: "NOT triggered"
128
+ - input: "code review template"
129
+ expect: "NOT triggered"
89
130
  - input: "run delphi"
90
131
  expect: "triggered"
91
132
  workflow_steps:
@@ -153,6 +194,15 @@ tools_denied:
153
194
  - delphi review
154
195
  - run delphi
155
196
  - start delphi
197
+ - 评审这个架构
198
+ - review this architecture
199
+ - 评审PR
200
+ - review this PR with delphi
201
+ - delphi评审
202
+ - delphi 评审
203
+ - run delphi review
204
+ - 执行delphi
205
+ - 启动delphi评审
156
206
 
157
207
  **NOT triggered by:**
158
208
  - "how does delphi work" (educational)
@@ -163,6 +213,15 @@ tools_denied:
163
213
  - "I need a review" (too vague)
164
214
  - "explain the review process" (educational)
165
215
  - "review guidelines" (asking about guidelines)
216
+ - "PR review" (single-reviewer PR check)
217
+ - "review my PR" (informal PR review)
218
+ - "帮我review一下" (casual Chinese request)
219
+ - "just review this" (casual single-pass)
220
+ - "quick review" (contradicts multi-round process)
221
+ - "review steps" (asking for instructions)
222
+ - "code review template" (asking for template)
223
+ - "review format" (asking about format)
224
+ - "show me how to review" (educational)
166
225
 
167
226
  ## Workflow
168
227
 
@@ -0,0 +1,19 @@
1
+ # Hooks — Delphi Review
2
+
3
+ Delphi Review integrates with safety and operational hooks to ensure review integrity
4
+ and context preservation.
5
+
6
+ ## Security Hooks
7
+
8
+ | Hook | Purpose | Activation |
9
+ |------|---------|------------|
10
+ | `/careful` | Safety guardrails for destructive commands | Ensure review is read-only — block any destructive operations |
11
+ | `/freeze` | Restrict edits to review scope | Prevent accidental changes during review |
12
+ | `/guard` | Full safety mode (careful + freeze) | Maximum protection — read-only review with no accidental edits |
13
+
14
+ ## Operational Hooks
15
+
16
+ | Hook | Purpose | Activation |
17
+ |------|---------|------------|
18
+ | `/context-save` | Save review context before pause or handoff | Before pausing review or switching tasks |
19
+ | `/context-restore` | Restore review context on resume | When resuming review from pause or handoff |
@@ -0,0 +1,43 @@
1
+ #!/usr/bin/env bash
2
+ # delphi-review: Verify consensus report integrity
3
+ # Checks that delphi-reviewed.json is valid JSON and contains expected verdict field.
4
+ #
5
+ # Usage: bash verify-consensus.sh [state-dir]
6
+
7
+ set -euo pipefail
8
+
9
+ STATE_DIR="${1:-.sprint-state}"
10
+ STATE_FILE="$STATE_DIR/delphi-reviewed.json"
11
+
12
+ if [ ! -f "$STATE_FILE" ]; then
13
+ echo "SKIP: No delphi-reviewed.json found at $STATE_FILE"
14
+ exit 0
15
+ fi
16
+
17
+ # Validate JSON
18
+ if ! command -v node &>/dev/null; then
19
+ echo "WARN: node not available, skipping JSON validation"
20
+ exit 0
21
+ fi
22
+
23
+ node -e "
24
+ const fs = require('fs');
25
+ try {
26
+ const data = JSON.parse(fs.readFileSync('$STATE_FILE', 'utf8'));
27
+ const requiredKeys = ['mode', 'timestamp', 'verdict', 'consensus_ratio'];
28
+ const missing = requiredKeys.filter(k => !(k in data));
29
+ if (missing.length > 0) {
30
+ console.error('ERROR: Missing required keys in delphi-reviewed.json:', missing.join(', '));
31
+ process.exit(1);
32
+ }
33
+ const validVerdicts = ['APPROVED', 'PASS_WITH_CAVEATS', 'REQUEST_CHANGES', 'BLOCKED'];
34
+ if (!validVerdicts.includes(data.verdict)) {
35
+ console.error('ERROR: Invalid verdict:', data.verdict, '(expected one of:', validVerdicts.join(', '), ')');
36
+ process.exit(1);
37
+ }
38
+ console.log('OK: delphi-reviewed.json is valid with verdict:', data.verdict);
39
+ } catch (e) {
40
+ console.error('ERROR: delphi-reviewed.json is not valid JSON:', e.message);
41
+ process.exit(1);
42
+ }
43
+ "
@@ -0,0 +1,29 @@
1
+ # Tools Whitelist — Delphi Review
2
+
3
+ Delphi Review is a **read-only review skill** that dispatches expert subagents
4
+ and synthesizes their verdicts. It does NOT implement code changes.
5
+
6
+ ## Allowed Tools
7
+
8
+ | Tool | Usage | Rationale |
9
+ |------|-------|-----------|
10
+ | `Read` | Read design docs, code, configs, specification.yaml | Required for review input analysis |
11
+ | `Glob` | Find files by pattern | Required for context discovery |
12
+ | `Grep` | Search code content | Required for codebase understanding |
13
+ | `Bash` | Read-only: git diff, git log, file stats | Required for change analysis |
14
+ | `Task(subagent_type=oracle)` | Dispatch oracle for deep analysis | Required for complex review questions |
15
+ | `Task(subagent_type=delphi-reviewer-architecture)` | Dispatch architecture expert | Core Delphi expert dispatch |
16
+ | `Task(subagent_type=delphi-reviewer-technical)` | Dispatch technical expert | Core Delphi expert dispatch |
17
+ | `Task(subagent_type=delphi-reviewer-feasibility)` | Dispatch feasibility expert | Core Delphi expert dispatch |
18
+ | `Write(specification.yaml, .code-walkthrough-result.json, delphi-reviewed.json)` | Write output artifacts only | Required for review output persistence |
19
+ | `Skill` | Invoke related skills for context | Required for cross-skill integration |
20
+ | `Question` | Ask user at decision points | Required for user interaction |
21
+
22
+ ## Denied Tools
23
+
24
+ | Tool | Rationale |
25
+ |------|-----------|
26
+ | `Edit(source code)` | Delphi review NEVER edits implementation code during review |
27
+ | `Write(source code)` | Delphi review NEVER writes implementation code |
28
+ | `Bash(git commit, git push)` | Delphi review NEVER commits or pushes during review |
29
+ | `Task(category=*, subagent_type=build)` | Delphi review NEVER delegates build/implementation tasks |
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **6-phase** development pipeline (v2.0 compact redesign, Issue #290): PREP → DESIGN → BUILD → VERIFY → SHIP → CLOSE. Phase 3/6 BUILD default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE between DESIGN (2/6) and BUILD (3/6): design must pass Delphi review (≥90% consensus) before any coding.
@@ -0,0 +1,18 @@
1
+ # Hooks — Sprint Flow
2
+
3
+ Sprint Flow integrates with safety and operational hooks to protect the development environment.
4
+
5
+ ## Security Hooks
6
+
7
+ | Hook | Purpose | Activation |
8
+ |------|---------|------------|
9
+ | `/careful` | Safety guardrails for destructive commands | Activate before any `rm`, `force-push`, or `git reset` |
10
+ | `/freeze` | Restrict edits to sprint worktree directory | Prevent accidental changes outside sprint scope |
11
+ | `/guard` | Full safety mode (careful + freeze) | Maximum protection for high-risk operations |
12
+
13
+ ## Operational Hooks
14
+
15
+ | Hook | Purpose | Activation |
16
+ |------|---------|------------|
17
+ | `/context-save` | Save sprint context before pause or handoff | Before pausing sprint or switching tasks |
18
+ | `/context-restore` | Restore sprint context on resume | When resuming from pause or handoff |
@@ -0,0 +1,38 @@
1
+ #!/usr/bin/env bash
2
+ # sprint-flow: Verify sprint state integrity
3
+ # Checks that sprint-state.json is valid JSON and all expected keys exist.
4
+ #
5
+ # Usage: bash verify-sprint-state.sh [sprint-state-dir]
6
+
7
+ set -euo pipefail
8
+
9
+ STATE_DIR="${1:-.sprint-state}"
10
+ STATE_FILE="$STATE_DIR/sprint-state.json"
11
+
12
+ if [ ! -f "$STATE_FILE" ]; then
13
+ echo "SKIP: No sprint-state.json found at $STATE_FILE"
14
+ exit 0
15
+ fi
16
+
17
+ # Validate JSON
18
+ if ! command -v node &>/dev/null; then
19
+ echo "WARN: node not available, skipping JSON validation"
20
+ exit 0
21
+ fi
22
+
23
+ node -e "
24
+ const fs = require('fs');
25
+ try {
26
+ const data = JSON.parse(fs.readFileSync('$STATE_FILE', 'utf8'));
27
+ const requiredKeys = ['sprint_id', 'status', 'current_phase', 'phases'];
28
+ const missing = requiredKeys.filter(k => !(k in data));
29
+ if (missing.length > 0) {
30
+ console.error('ERROR: Missing required keys in sprint-state.json:', missing.join(', '));
31
+ process.exit(1);
32
+ }
33
+ console.log('OK: sprint-state.json is valid with all required keys');
34
+ } catch (e) {
35
+ console.error('ERROR: sprint-state.json is not valid JSON:', e.message);
36
+ process.exit(1);
37
+ }
38
+ "
@@ -0,0 +1,29 @@
1
+ # Tools Whitelist — Sprint Flow
2
+
3
+ Sprint Flow is an **orchestration skill** that coordinates subagents and system commands.
4
+ It does NOT implement code directly — it delegates implementation to subagents.
5
+
6
+ ## Allowed Tools
7
+
8
+ | Tool | Usage | Rationale |
9
+ |------|-------|-----------|
10
+ | `Bash(git, gh, npm, node)` | git worktree/branch/commit, gh PR/release, npm/node CLI | Required for sprint infrastructure management |
11
+ | `Read` | Read project files, configs, docs | Required for context gathering |
12
+ | `Write` | Write sprint-state, specification.yaml, phase summaries | Required for sprint state persistence |
13
+ | `Edit` | Edit sprint-state, CHANGELOG, VERSION | Required for version management |
14
+ | `Glob` | Find project files by pattern | Required for project discovery |
15
+ | `Grep` | Search file contents | Required for codebase understanding |
16
+ | `Task` | Delegate to subagents (quick, deep, unspecified-high) | Core orchestration mechanism |
17
+ | `Skill` | Invoke integrated skills (brainstorming, autoplan, delphi-review, etc.) | Required for skill chain execution |
18
+ | `TodoWrite` | Track sprint progress | Required for progress visibility |
19
+ | `Question` | Ask user at decision gates | Required for user decision points |
20
+
21
+ ## Denied Tools
22
+
23
+ | Tool | Rationale |
24
+ |------|-----------|
25
+ | `rm -rf (any recursive force remove)` | Destructive — sprint flow only cleans up via `git worktree remove` |
26
+ | `git push --force` | Destructive — never force push during sprint |
27
+ | `DROP TABLE or destructive DB operations` | Destructive — sprint flow orchestrates, does not manage databases |
28
+ | `Write(source code)` | Sprint flow NEVER writes implementation code directly — delegates to subagents via `Task` |
29
+ | `Edit(source code)` | Sprint flow NEVER edits implementation code — delegates to subagents via `Task` |
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
- **Generated:** 2026-07-09
4
- **Commit:** df2023f
3
+ **Generated:** 2026-07-13
4
+ **Commit:** d83bb96
5
5
  **Branch:** main
6
- **Version:** 0.14.6.0
6
+ **Version:** 0.14.8.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.