@captain_z/zsk 1.8.2 → 1.8.3

package/dist/core/stage-quality.js

@@ -1,14 +1,27 @@
-import { mkdir, readFile, readdir, writeFile } from "node:fs/promises";
+import { randomUUID } from "node:crypto";
+import { mkdir, readFile, readdir, stat, writeFile } from "node:fs/promises";
 import { existsSync } from "node:fs";
-import { dirname, join, resolve } from "node:path";
+import { basename, dirname, extname, join, relative, resolve } from "node:path";
 import { getWorkspacePath } from "./workspace-layout.js";
 const DEFAULT_THRESHOLD = 9;
-const MODULE_STAGES = new Set(["proposal", "spec", "design", "task", "coding", "smoke", "review", "ready", "verify", "acceptance", "archive"]);
+const MODULE_STAGES = new Set(["proposal", "spec", "design", "task", "coding", "fix", "smoke", "review", "ready", "verify", "acceptance", "archive"]);
+const SPLITTABLE_MODULE_STAGES = new Set(["proposal", "spec", "design", "tasks"]);
+const SKIPPED_REVIEW_TARGET_DIRS = new Set([
+    ".auth",
+    ".cache",
+    ".git",
+    ".next",
+    ".turbo",
+    "coverage",
+    "dist",
+    "node_modules",
+]);
 const STAGE_INPUTS = {
     prepare: [
         { key: "project-config", path: (config) => getWorkspacePath(config, "projectConfig") },
         { key: "system-spec", path: (config) => getWorkspacePath(config, "systemSpec") },
     ],
+    preproposal: [],
     proposal: [
         { key: "project-config", path: (config) => getWorkspacePath(config, "projectConfig") },
         { key: "system-spec", path: (config) => getWorkspacePath(config, "systemSpec") },
@@ -34,6 +47,7 @@ const STAGE_INPUTS = {
     coding: [
         { key: "tasks", moduleStage: "tasks" },
     ],
+    fix: [],
     smoke: [
         { key: "tasks", moduleStage: "tasks" },
     ],
@@ -72,7 +86,7 @@ const COMMON_CRITERIA = [
         weight: 1,
         required: true,
         test: (ctx) => {
-            if (["coding", "smoke", "review", "ready", "verify", "acceptance", "archive"].includes(ctx.stage))
+            if (["preproposal", "coding", "fix", "smoke", "review", "ready", "verify", "acceptance", "archive"].includes(ctx.stage))
                 return true;
             return hasContent(ctx, "project-config") && hasContent(ctx, "system-spec");
         },
@@ -110,6 +124,7 @@ const COMMON_CRITERIA = [
         label: "Claims trace to source, requirement, acceptance, design, task, issue, or evidence identifiers.",
         weight: 1,
         test: (ctx) => combinedContent(ctx).match(/\b(FR|NFR|AC|SPEC|DES|TASK|ISSUE|EVIDENCE|ADR|REQ)-?\d+\b/i) !== null ||
+            (ctx.stage === "preproposal" && ctx.artifacts.length === 0) ||
             /traceability|source|evidence|acceptance|scenario/i.test(combinedContent(ctx)),
         evidence: (ctx) => [`trace terms found: ${/traceability|source|evidence|acceptance|scenario/i.test(combinedContent(ctx)) ? "yes" : "no"}`],
         gap: "Traceability is weak; the next stage may rely on chat memory instead of source-backed IDs or evidence.",
@@ -118,7 +133,8 @@ const COMMON_CRITERIA = [
         id: "GATE-UNCERTAINTY-01",
         label: "Open questions, assumptions, risks, or blockers are explicit instead of silently resolved.",
         weight: 1,
-        test: (ctx) => /open questions?|assumptions?|risks?|blockers?|constraints?|unknowns?|n\/a|none/i.test(combinedContent(ctx)),
+        test: (ctx) => (ctx.stage === "preproposal" && ctx.artifacts.length === 0) ||
+            /open questions?|assumptions?|risks?|blockers?|constraints?|unknowns?|n\/a|none/i.test(combinedContent(ctx)),
         evidence: (ctx) => [`uncertainty section marker found: ${/open questions?|assumptions?|risks?|blockers?|constraints?|unknowns?/i.test(combinedContent(ctx)) ? "yes" : "n/a or none marker required"}`],
         gap: "Uncertainty handling is not explicit enough for a downstream stage to decide whether to continue or ask.",
     },
@@ -153,6 +169,16 @@ const STAGE_CRITERIA = {
             evidence: () => ["spec NFR/quality marker required"],
             gap: "Spec does not expose quality attributes enough for design tradeoffs.",
         },
+        {
+            id: "DESIGN-ENTRY-CONTROL-01",
+            label: "Permission/auth/privacy/data-access behavior has a behavior-level control matrix before design starts.",
+            weight: 2,
+            required: true,
+            artifactKeys: ["spec"],
+            test: (ctx) => !touchesControlConcern(ctx, ["spec"]) || hasControlMatrix(ctx, ["spec"]),
+            evidence: (ctx) => [`control concern: ${touchesControlConcern(ctx, ["spec"]) ? "triggered" : "not triggered"}`],
+            gap: "Spec touches a control concern but lacks a behavior-level control matrix.",
+        },
     ],
     task: [
         {
@@ -166,12 +192,23 @@ const STAGE_CRITERIA = {
         },
         {
             id: "TASK-ENTRY-DES-02",
-            label: "Design records decisions, tradeoffs, alternatives, or ADR references.",
+            label: "Design records ADR/decision-record entries for task planning.",
             weight: 1,
+            required: true,
             artifactKeys: ["design"],
-            test: (ctx) => hasPattern(ctx, ["design"], /trade-?offs?|alternatives?|ADR|decision|rationale|consequences|权衡|替代/is),
-            evidence: () => ["design decision/tradeoff marker required"],
-            gap: "Design lacks decision rationale for task planning.",
+            test: (ctx) => hasPattern(ctx, ["design"], /ADR-?\d+|Architecture Decision Record|Decision Record|ADR\s*\/|##\s*ADR|决策记录/is),
+            evidence: () => ["design ADR/decision-record marker required"],
+            gap: "Design lacks ADR/decision-record entries required for task planning.",
+        },
+        {
+            id: "TASK-ENTRY-CONTROL-01",
+            label: "Triggered permission/auth/privacy/data-access behavior has a design control traceability matrix.",
+            weight: 2,
+            required: true,
+            artifactKeys: ["spec", "design"],
+            test: (ctx) => !touchesControlConcern(ctx, ["spec", "design"]) || hasControlMatrix(ctx, ["design"]),
+            evidence: (ctx) => [`control concern: ${touchesControlConcern(ctx, ["spec", "design"]) ? "triggered" : "not triggered"}`],
+            gap: "Spec or design touches a control concern but design lacks a control traceability matrix.",
         },
     ],
     coding: [
@@ -196,6 +233,18 @@ const STAGE_CRITERIA = {
             gap: "Tasks do not define how each slice proves completion.",
         },
     ],
+    fix: [
+        {
+            id: "FIX-ENTRY-ISSUE-01",
+            label: "Issue anchor exposes expected behavior, actual behavior, and evidence.",
+            weight: 2,
+            required: true,
+            artifactKeys: ["issue-record"],
+            test: (ctx) => hasPattern(ctx, ["issue-record"], /expected|actual|evidence|repro|steps|root cause|fix route|预期|实际|证据|复现/is),
+            evidence: () => ["issue record must expose expected/actual/evidence markers"],
+            gap: "Fix should not start without an issue anchor that records expected/actual behavior and evidence.",
+        },
+    ],
     smoke: [
         {
             id: "SMOKE-ENTRY-TEST-01",
@@ -209,16 +258,39 @@ const STAGE_CRITERIA = {
         },
     ],
     review: [
+        {
+            id: "REVIEW-TARGET-01",
+            label: "Explicit review target exists and is treated as the review contract when supplied.",
+            weight: 2,
+            required: true,
+            artifactKeys: ["review-target"],
+            test: (ctx) => !ctx.reviewTarget || hasContent(ctx, "review-target"),
+            evidence: (ctx) => [
+                `review target: ${ctx.reviewTarget ?? "module implementation review"}`,
+                `review mode: ${ctx.reviewMode ?? "implementation"}`,
+            ],
+            gap: "The explicit review target is missing or has no reviewable content.",
+        },
         {
             id: "REVIEW-ENTRY-TEST-01",
             label: "Smoke evidence distinguishes passed, failed, skipped, and unrun checks.",
             weight: 1,
             required: true,
             artifactKeys: ["smoke"],
-            test: (ctx) => hasPattern(ctx, ["smoke"], /passed|failed|skipped|unrun|exit status|command|evidence|通过|失败|跳过/is),
-            evidence: () => ["smoke pass/fail/skipped/unrun markers required"],
+            test: (ctx) => ctx.reviewMode !== "implementation" || hasPattern(ctx, ["smoke"], /passed|failed|skipped|unrun|exit status|command|evidence|通过|失败|跳过/is),
+            evidence: (ctx) => [ctx.reviewMode === "implementation" ? "smoke pass/fail/skipped/unrun markers required" : "explicit target review does not require module smoke input"],
             gap: "Review needs precise test result status, not only a generic all-passed claim.",
         },
+        {
+            id: "REVIEW-PREPROPOSAL-01",
+            label: "Preproposal/raw-source reviews check product, roadmap, UX, assumptions, or readiness evidence instead of module spec artifacts.",
+            weight: 1,
+            artifactKeys: ["review-target"],
+            test: (ctx) => !["preproposal", "raw-source"].includes(ctx.reviewMode ?? "implementation") ||
+                hasPattern(ctx, ["review-target"], /product|problem|user|persona|journey|roadmap|mvp|phase|ux|flow|assumption|risk|blocker|source|evidence|产品|用户|路线图|阶段|流程|假设|风险|证据/is),
+            evidence: (ctx) => [`target-aware raw review: ${["preproposal", "raw-source"].includes(ctx.reviewMode ?? "implementation") ? "required" : "n/a"}`],
+            gap: "Raw/preproposal review target lacks product, roadmap, UX, assumption, risk, source, or evidence markers.",
+        },
     ],
 };
 function unknownStageCriterion(stage) {
@@ -254,15 +326,17 @@ export async function buildGateAssessment(target, config, opts) {
     const stage = safeSlug(opts.stage || "design");
     const threshold = normalizeThreshold(opts.threshold);
     const moduleId = await resolveModuleId(target, config, stage, opts.module);
+    const reviewTarget = normalizeReviewTarget(target, opts.reviewTarget);
+    const reviewMode = reviewModeFor(reviewTarget);
     const runId = createGateRunId();
-    const artifacts = await readGateArtifacts(target, config, stage, moduleId);
+    const artifacts = await readGateArtifacts(target, config, stage, moduleId, opts.issue, reviewTarget);
     const contentByKey = new Map();
     for (const artifact of artifacts) {
         if (!artifact.exists)
             continue;
-        contentByKey.set(artifact.key, await readFile(resolve(target, artifact.path), "utf8"));
+        contentByKey.set(artifact.key, await readGateArtifactContent(target, artifact));
     }
-    const ctx = { stage, artifacts, contentByKey };
+    const ctx = { stage, ...(reviewTarget ? { reviewTarget, reviewMode } : {}), artifacts, contentByKey };
     const specs = [
         ...(!STAGE_INPUTS[stage] ? [unknownStageCriterion(stage)] : []),
         ...COMMON_CRITERIA,
@@ -307,6 +381,7 @@ export async function buildGateAssessment(target, config, opts) {
         runId,
         stage,
         ...(moduleId ? { module: moduleId } : {}),
+        ...(reviewTarget ? { reviewTarget, reviewMode } : {}),
         threshold,
         score,
         status,
@@ -350,13 +425,19 @@ async function resolveModuleId(target, config, stage, requested) {
     }
     return undefined;
 }
-async function readGateArtifacts(target, config, stage, moduleId) {
+async function readGateArtifacts(target, config, stage, moduleId, issue, reviewTarget) {
+    if (stage === "fix")
+        return readFixGateArtifacts(target, config, moduleId, issue);
+    if (stage === "review" && reviewTarget)
+        return [await readPathArtifact(target, "review-target", reviewTarget)];
     const specs = STAGE_INPUTS[stage] ?? [];
     const artifacts = [];
     for (const spec of specs) {
-        const path = spec.moduleStage
-            ? moduleStagePath(config, spec.moduleStage, moduleId)
-            : spec.path?.(config, moduleId);
+        if (spec.moduleStage) {
+            artifacts.push(await readModuleStageArtifact(target, config, spec.key, spec.moduleStage, moduleId));
+            continue;
+        }
+        const path = spec.path?.(config, moduleId);
         if (!path) {
             artifacts.push({ key: spec.key, path: "<module-required>", exists: false, bytes: 0 });
             continue;
@@ -372,11 +453,282 @@ async function readGateArtifacts(target, config, stage, moduleId) {
     }
     return artifacts;
 }
+async function readPathArtifact(target, key, path) {
+    const boundary = resolve(target);
+    const abs = resolve(boundary, path);
+    if (!isInsidePath(boundary, abs))
+        throw new Error(`review target must stay under project root: ${path}`);
+    try {
+        const info = await stat(abs);
+        if (info.isFile()) {
+            return { key, path, exists: true, bytes: Buffer.byteLength(await readFile(abs, "utf8")) };
+        }
+        if (info.isDirectory()) {
+            const content = await readReviewTargetDirectoryContent(abs);
+            return { key, path, exists: true, bytes: Buffer.byteLength(content) };
+        }
+    }
+    catch {
+        // Missing paths are reported as missing artifacts by the assessment.
+    }
+    return { key, path, exists: false, bytes: 0 };
+}
+async function readModuleStageArtifact(target, config, key, stage, moduleId) {
+    const path = moduleStagePath(config, stage, moduleId);
+    if (!path)
+        return { key, path: "<module-required>", exists: false, bytes: 0 };
+    const abs = resolve(target, path);
+    try {
+        const info = await stat(abs);
+        if (info.isFile()) {
+            return { key, path, exists: true, bytes: Buffer.byteLength(await readFile(abs, "utf8")) };
+        }
+    }
+    catch {
+        // Fall through to stage-directory lookup for splittable artifacts.
+    }
+    if (!SPLITTABLE_MODULE_STAGES.has(stage)) {
+        return { key, path, exists: false, bytes: 0 };
+    }
+    const indexPath = moduleStageIndexPath(config, stage, moduleId);
+    if (!indexPath)
+        return { key, path, exists: false, bytes: 0 };
+    const indexAbs = resolve(target, indexPath);
+    try {
+        const info = await stat(indexAbs);
+        if (!info.isFile())
+            return { key, path: indexPath, exists: false, bytes: 0 };
+        const content = await readStageDirectoryContent(indexAbs);
+        return { key, path: indexPath, exists: true, bytes: Buffer.byteLength(content) };
+    }
+    catch {
+        return { key, path, exists: false, bytes: 0 };
+    }
+}
+async function readFixGateArtifacts(target, config, moduleId, issue) {
+    const path = await resolveIssueArtifactPath(target, config, moduleId, issue);
+    if (!path)
+        return [{ key: "issue-record", path: "<issue-required>", exists: false, bytes: 0 }];
+    const abs = resolve(target, path);
+    const exists = existsSync(abs);
+    return [{
+            key: "issue-record",
+            path,
+            exists,
+            bytes: exists ? Buffer.byteLength(await readFile(abs, "utf8")) : 0,
+        }];
+}
+async function resolveIssueArtifactPath(target, config, moduleId, issue) {
+    const value = issue?.trim();
+    if (!value)
+        return undefined;
+    if (looksLikeIssuePath(value))
+        return normalizeIssuePath(target, value);
+    const candidates = await collectIssueRecordCandidates(target, config, moduleId);
+    return candidates.find((candidate) => issueKey(candidate) === value) ??
+        candidates.find((candidate) => issueKey(candidate).startsWith(`${value}-`));
+}
+async function normalizeIssuePath(target, value) {
+    const abs = resolve(target, value);
+    try {
+        const info = await stat(abs);
+        if (info.isDirectory())
+            return toProjectPath(target, join(abs, "issue.md"));
+    }
+    catch {
+        // Missing issue paths are returned as-is so the gate can report the missing artifact.
+    }
+    if (!extname(value))
+        return toProjectPath(target, join(abs, "issue.md"));
+    return toProjectPath(target, abs);
+}
+async function collectIssueRecordCandidates(target, config, moduleId) {
+    const roots = [
+        ...(moduleId ? [resolve(target, getWorkspacePath(config, "moduleIssues", { module: moduleId }))] : []),
+        resolve(target, getWorkspacePath(config, "issuesRoot")),
+        resolve(target, getWorkspacePath(config, "issuesRoot"), "global"),
+        resolve(target, getWorkspacePath(config, "issuesRoot"), "shared"),
+        resolve(target, getWorkspacePath(config, "issuesRoot"), "public"),
+    ];
+    const files = [];
+    for (const root of roots)
+        files.push(...(await collectIssueFiles(root)));
+    return [...new Set(files.map((file) => toProjectPath(target, file)))].sort();
+}
+async function collectIssueFiles(root) {
+    try {
+        const entries = await readdir(root, { withFileTypes: true });
+        const files = [];
+        for (const entry of entries) {
+            const path = join(root, entry.name);
+            if (entry.isDirectory())
+                files.push(...(await collectIssueFiles(path)));
+            if (entry.isFile() && entry.name !== "index.md" && entry.name.endsWith(".md"))
+                files.push(path);
+        }
+        return files;
+    }
+    catch {
+        return [];
+    }
+}
+function looksLikeIssuePath(value) {
+    return value.includes("/") || value.endsWith(".md") || value.startsWith(".");
+}
+function issueKey(path) {
+    const name = basename(path);
+    return name === "issue.md" ? basename(dirname(path)) : name.replace(/\.md$/i, "");
+}
+function toProjectPath(target, path) {
+    return relative(target, path).split("\\").join("/");
+}
 function moduleStagePath(config, stage, moduleId) {
     if (!moduleId)
         return undefined;
     return join(getWorkspacePath(config, "modulesRoot"), moduleId, `${stage}.md`);
 }
+function moduleStageIndexPath(config, stage, moduleId) {
+    if (!moduleId)
+        return undefined;
+    return join(getWorkspacePath(config, "modulesRoot"), moduleId, stage, "index.md");
+}
+async function readGateArtifactContent(target, artifact) {
+    const boundary = resolve(target);
+    const abs = resolve(boundary, artifact.path);
+    if (!isInsidePath(boundary, abs))
+        throw new Error(`gate artifact must stay under project root: ${artifact.path}`);
+    if (basename(abs) === "index.md" && SPLITTABLE_MODULE_STAGES.has(basename(dirname(abs)))) {
+        return readStageDirectoryContent(abs);
+    }
+    try {
+        const info = await stat(abs);
+        if (info.isDirectory())
+            return readReviewTargetDirectoryContent(abs);
+    }
+    catch {
+        // The caller only asks for content after the artifact exists; fall through
+        // to the file read so the original error remains visible if the path races.
+    }
+    return readFile(abs, "utf8");
+}
+async function readReviewTargetDirectoryContent(dir) {
+    const files = await collectReviewableFiles(dir, dir);
+    const contents = [];
+    for (const file of files) {
+        try {
+            contents.push(await readFile(file, "utf8"));
+        }
+        catch {
+            // Ignore unreadable children; the target can still be reviewed from the
+            // accessible files and the missing child remains a review finding.
+        }
+    }
+    return contents.join("\n\n");
+}
+async function collectReviewableFiles(root, boundary) {
+    try {
+        const entries = await readdir(root, { withFileTypes: true });
+        const files = [];
+        for (const entry of entries) {
+            if (shouldSkipReviewTargetEntry(entry.name))
+                continue;
+            const path = join(root, entry.name);
+            if (!isInsidePath(boundary, path))
+                continue;
+            if (entry.isDirectory()) {
+                files.push(...(await collectReviewableFiles(path, boundary)));
+                continue;
+            }
+            if (entry.isFile() && /\.(md|mdx|ya?ml|json|txt)$/i.test(entry.name))
+                files.push(path);
+        }
+        return files.sort();
+    }
+    catch {
+        return [];
+    }
+}
+function normalizeReviewTarget(target, value) {
+    return normalizeReviewTargetPath(target, value);
+}
+export function normalizeReviewTargetPath(target, value) {
+    const trimmed = value?.trim();
+    if (!trimmed)
+        return undefined;
+    const boundary = resolve(target);
+    const abs = resolve(boundary, trimmed);
+    if (isInsidePath(boundary, abs))
+        return toProjectPath(boundary, abs) || ".";
+    throw new Error(`review target must stay under project root: ${trimmed}`);
+}
+function reviewModeFor(reviewTarget) {
+    return reviewModeForReviewTarget(reviewTarget);
+}
+export function reviewModeForReviewTarget(reviewTarget) {
+    if (!reviewTarget)
+        return undefined;
+    const path = reviewTarget.replace(/\\/g, "/");
+    if (path === ".zsk" || path.startsWith(".zsk/")) {
+        if (path.startsWith(".zsk/raws/prepare/product") ||
+            path.startsWith(".zsk/raws/prepare/roadmap") ||
+            path.startsWith(".zsk/raws/prepare/ux") ||
+            path.startsWith(".zsk/raws/prepare/design") ||
+            path.startsWith(".zsk/evidence/preproposal"))
+            return "preproposal";
+        if (path.startsWith(".zsk/raws/design/") || path.startsWith(".zsk/raws/visual/") || path.includes("/design-source"))
+            return "design-source";
+        if (path.startsWith(".zsk/raws/"))
+            return "raw-source";
+        if (/^\.zsk\/modules\/[^/]+\/(?:proposal|spec|design|tasks?)(?:\.md|\/|$)/.test(path))
+            return "stage-doc";
+        return "zsk-workspace";
+    }
+    if (/\.(?:cjs|cts|js|jsx|mjs|mts|ts|tsx|vue|svelte|css|scss|go|rs|java|kt|swift|py|rb|php|cs|cpp|c|h|hpp)$/i.test(path))
+        return "code-target";
+    if (/(?:design|figma|prototype|wireframe|mockup|screen|asset)/i.test(path))
+        return "design-source";
+    return "target-path";
+}
+function shouldSkipReviewTargetEntry(name) {
+    if (SKIPPED_REVIEW_TARGET_DIRS.has(name))
+        return true;
+    return /(?:storage-state|storagestate|cookies?|tokens?|secrets?|credentials?)\.(?:json|ya?ml|txt)$/i.test(name);
+}
+async function readStageDirectoryContent(indexPath) {
+    const indexContent = await readFile(indexPath, "utf8");
+    const dir = dirname(indexPath);
+    const linkedChildren = linkedMarkdownChildren(indexContent, dir);
+    const childContents = [];
+    for (const child of linkedChildren) {
+        try {
+            const info = await stat(child);
+            if (info.isFile())
+                childContents.push(await readFile(child, "utf8"));
+        }
+        catch {
+            // Missing linked children are handled by zsk check; gate content still
+            // relies on the index so the artifact cannot pass from hidden files.
+        }
+    }
+    return [indexContent, ...childContents].join("\n\n");
+}
+function linkedMarkdownChildren(content, dir) {
+    const files = new Set();
+    for (const match of content.matchAll(/\[[^\]]+\]\(([^)]+?\.md)(?:#[^)]+)?\)/gi)) {
+        const raw = match[1]?.trim();
+        if (!raw || /^[a-z][a-z0-9+.-]*:/i.test(raw) || raw.startsWith("/"))
+            continue;
+        const resolved = resolve(dir, raw);
+        if (!isInsidePath(dir, resolved) || resolved === resolve(dir, "index.md"))
+            continue;
+        files.add(resolved);
+    }
+    return [...files].sort();
+}
+function isInsidePath(parent, child) {
+    const rel = relative(parent, child);
+    return rel === "" || (!rel.startsWith("..") && !rel.startsWith("/") && !rel.includes("..\\"));
+}
 function hasContent(ctx, key) {
     return (ctx.contentByKey.get(key)?.trim().length ?? 0) > 0;
 }
@@ -398,6 +750,12 @@ function combinedContent(ctx) {
 function hasPattern(ctx, keys, pattern) {
     return keys.some((key) => pattern.test(ctx.contentByKey.get(key) ?? ""));
 }
+function touchesControlConcern(ctx, keys) {
+    return hasPattern(ctx, keys, /auth(?:entication|orization)?|permission|access control|role|tenant|privacy|data access|compliance|audit|credential|PII|RBAC|ABAC|权限|认证|授权|角色|租户|隐私|审计|合规|凭证/is);
+}
+function hasControlMatrix(ctx, keys) {
+    return hasPattern(ctx, keys, /control (?:traceability )?matrix|control matrix|permission matrix|access control matrix|权限(?:追踪|控制)?矩阵|Source Rule|Subject \/ Actor|Action \/ Capability|Resource \/ Data|Enforcement Point/is);
+}
 function wordCount(content) {
     return content.split(/\s+/).filter(Boolean).length;
 }
@@ -424,6 +782,8 @@ function renderGateAssessmentMarkdown(assessment) {
         "",
         `- Stage: \`${assessment.stage}\``,
         ...(assessment.module ? [`- Module: \`${assessment.module}\``] : []),
+        ...(assessment.reviewTarget ? [`- Review target: \`${assessment.reviewTarget}\``] : []),
+        ...(assessment.reviewMode ? [`- Review mode: \`${assessment.reviewMode}\``] : []),
         `- Score: ${assessment.score}/10`,
         `- Threshold: ${assessment.threshold}/10`,
         `- Status: \`${assessment.status}\``,
@@ -478,8 +838,8 @@ function renderWaiverMarkdown(assessment) {
         "",
     ].join("\n");
 }
-function createGateRunId(now = new Date()) {
-    return now.toISOString().replace(/[:.]/g, "-");
+export function createGateRunId(now = new Date()) {
+    return `${now.toISOString().replace(/[:.]/g, "-")}-${randomUUID().slice(0, 12)}`;
 }
 function safeSlug(value) {
     return value.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");