npm - @chenguangyao/devflow-kit - Versions diffs - 0.1.43 - Mend

@chenguangyao/devflow-kit 0.1.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (198) hide show

package/CHANGELOG.md +232 -0
package/LICENSE +21 -0
package/README.md +539 -0
package/bin/devflow.js +9 -0
package/docs/RFC-001-devflow-kit.md +617 -0
package/docs/RFC-002-workflow-kernel.md +134 -0
package/docs/enterprise-integration-supplement.md +274 -0
package/docs/internal-gitlab-setup.md +426 -0
package/docs/marketplace-skills.md +231 -0
package/docs/migration-from-arb.md +232 -0
package/docs/tooling-overview.md +774 -0
package/docs/workflow-orchestration.md +695 -0
package/docs/workflow-ui-prototype.html +271 -0
package/package.json +52 -0
package/schemas/config.schema.json +51 -0
package/schemas/delta.schema.json +22 -0
package/schemas/state.schema.json +130 -0
package/schemas/status-surface.schema.json +197 -0
package/schemas/workflow-confirmation-surface.schema.json +70 -0
package/schemas/workflow-picker.schema.json +94 -0
package/scripts/postinstall.js +101 -0
package/scripts/render-workflow-ui-prototype.js +271 -0
package/skills/apply/SKILL.md +313 -0
package/skills/apply/references/discipline-checklist.md +145 -0
package/skills/apply/references/subagent-implementer-prompt.md +113 -0
package/skills/apply/references/subagent-orchestration.md +150 -0
package/skills/apply/references/subagent-reviewer-prompt.md +180 -0
package/skills/apply/references/tdd-loop.md +287 -0
package/skills/apply/references/when-plan-is-wrong.md +279 -0
package/skills/apply/references/worktree-swarm.md +292 -0
package/skills/archive/SKILL.md +229 -0
package/skills/archive/references/conflict-resolution.md +336 -0
package/skills/archive/references/knowledge-deposit.md +381 -0
package/skills/archive/references/spec-merge.md +365 -0
package/skills/brainstorm/SKILL.md +123 -0
package/skills/brainstorm/references/proposal-template.md +244 -0
package/skills/brainstorm/references/question-catalog.md +168 -0
package/skills/brainstorm/references/session-template.md +184 -0
package/skills/ci-fix/SKILL.md +63 -0
package/skills/ci-fix/references/loop.md +25 -0
package/skills/code-review/SKILL.md +279 -0
package/skills/code-review/references/escalation-playbook.md +192 -0
package/skills/code-review/references/language-cheatsheets/go.md +175 -0
package/skills/code-review/references/language-cheatsheets/java-spring-mybatis.md +246 -0
package/skills/code-review/references/language-cheatsheets/python.md +170 -0
package/skills/code-review/references/language-cheatsheets/vue.md +199 -0
package/skills/code-review/references/output-template.md +275 -0
package/skills/code-review/references/review-checklist.md +251 -0
package/skills/complexity-grading/SKILL.md +259 -0
package/skills/deliver/SKILL.md +271 -0
package/skills/deliver/references/delivery-modes.md +299 -0
package/skills/deliver/references/notify.md +359 -0
package/skills/deliver/references/pr-description.md +319 -0
package/skills/dependency-upgrade/SKILL.md +57 -0
package/skills/dependency-upgrade/references/risk-matrix.md +38 -0
package/skills/df-orchestrator/SKILL.md +407 -0
package/skills/df-orchestrator/references/complexity-grading.md +177 -0
package/skills/df-orchestrator/references/escalation-matrix.md +191 -0
package/skills/df-orchestrator/references/routing-rules.md +290 -0
package/skills/df-orchestrator/references/workflow-state-machine.md +208 -0
package/skills/frontend-quality/SKILL.md +61 -0
package/skills/frontend-quality/references/checklist.md +35 -0
package/skills/handoff-resume/SKILL.md +59 -0
package/skills/handoff-resume/references/handoff-template.md +54 -0
package/skills/plan/SKILL.md +166 -0
package/skills/plan/references/task-breakdown.md +207 -0
package/skills/plan/references/task-sequencing.md +143 -0
package/skills/plan/references/task-template.md +248 -0
package/skills/requirement-analysis/SKILL.md +499 -0
package/skills/requirement-analysis/references/acceptance-criteria.md +183 -0
package/skills/requirement-analysis/references/code-recon.md +151 -0
package/skills/requirement-analysis/references/edge-case-catalog.md +164 -0
package/skills/requirement-analysis/references/requirement-template.md +339 -0
package/skills/requirement-analysis/references/scope-negotiation.md +162 -0
package/skills/security-hardening/SKILL.md +60 -0
package/skills/security-hardening/references/checklist.md +42 -0
package/skills/tech-spec/SKILL.md +388 -0
package/skills/tech-spec/references/api-contract-design.md +172 -0
package/skills/tech-spec/references/decision-records.md +110 -0
package/skills/tech-spec/references/design-template.md +301 -0
package/skills/tech-spec/references/rollout-and-rollback.md +203 -0
package/skills/tech-spec/references/spec-delta-conventions.md +250 -0
package/skills/tech-spec/references/transaction-patterns.md +212 -0
package/skills/test-spec/SKILL.md +219 -0
package/skills/test-spec/references/coverage-strategy.md +218 -0
package/skills/test-spec/references/edge-case-to-test.md +143 -0
package/skills/test-spec/references/test-case-template.md +276 -0
package/skills/verify/SKILL.md +232 -0
package/skills/verify/references/nfr-verification.md +292 -0
package/skills/verify/references/report-templates.md +510 -0
package/skills/verify/references/self-test-guide.md +240 -0
package/skills/verify/references/verify-rollback-map.md +247 -0
package/src/cli/commands/_helpers.js +108 -0
package/src/cli/commands/_submit.js +718 -0
package/src/cli/commands/apply.js +198 -0
package/src/cli/commands/archive.js +180 -0
package/src/cli/commands/checkpoint.js +113 -0
package/src/cli/commands/deliver.js +377 -0
package/src/cli/commands/deploy.js +504 -0
package/src/cli/commands/design.js +158 -0
package/src/cli/commands/disable.js +21 -0
package/src/cli/commands/doctor.js +178 -0
package/src/cli/commands/enable.js +21 -0
package/src/cli/commands/flow.js +645 -0
package/src/cli/commands/help.js +93 -0
package/src/cli/commands/ingest.js +602 -0
package/src/cli/commands/init.js +341 -0
package/src/cli/commands/knowledge.js +523 -0
package/src/cli/commands/logs.js +43 -0
package/src/cli/commands/new.js +202 -0
package/src/cli/commands/plan.js +49 -0
package/src/cli/commands/propose.js +27 -0
package/src/cli/commands/provider.js +698 -0
package/src/cli/commands/report.js +143 -0
package/src/cli/commands/requirement.js +227 -0
package/src/cli/commands/review.js +301 -0
package/src/cli/commands/skills.js +457 -0
package/src/cli/commands/status.js +925 -0
package/src/cli/commands/switch.js +27 -0
package/src/cli/commands/sync.js +47 -0
package/src/cli/commands/test.js +366 -0
package/src/cli/commands/uninstall.js +32 -0
package/src/cli/commands/update.js +74 -0
package/src/cli/commands/verify.js +354 -0
package/src/cli/commands/worktree.js +78 -0
package/src/cli/index.js +72 -0
package/src/cli/parse-args.js +102 -0
package/src/core/autodetect.js +271 -0
package/src/core/change.js +208 -0
package/src/core/checkpoint.js +217 -0
package/src/core/config.js +60 -0
package/src/core/delta.js +290 -0
package/src/core/markers.js +59 -0
package/src/core/paths.js +173 -0
package/src/core/plan-tasks.js +36 -0
package/src/core/project-routing.js +285 -0
package/src/core/projects.js +200 -0
package/src/core/state.js +200 -0
package/src/core/workflow-check.js +177 -0
package/src/core/workflow-init.js +34 -0
package/src/core/workflow-picker.js +154 -0
package/src/core/workflow-policy.js +119 -0
package/src/core/workflow-suggest.js +181 -0
package/src/core/workflow-verify.js +88 -0
package/src/core/workflow.js +433 -0
package/src/core/worktree.js +241 -0
package/src/knowledge/categories.js +107 -0
package/src/knowledge/classify.js +125 -0
package/src/knowledge/deposit.js +414 -0
package/src/knowledge/migrate.js +149 -0
package/src/knowledge/mr.js +219 -0
package/src/knowledge/query.js +131 -0
package/src/knowledge/registry.js +151 -0
package/src/knowledge/sync.js +179 -0
package/src/providers/base.js +74 -0
package/src/providers/drivers/api-yapi.js +78 -0
package/src/providers/drivers/ci-jenkins.js +109 -0
package/src/providers/drivers/intake-confluence.js +544 -0
package/src/providers/drivers/kb-git.js +549 -0
package/src/providers/drivers/kb-weknora.js +472 -0
package/src/providers/drivers/notify-smtp.js +515 -0
package/src/providers/drivers/observability-oss.js +43 -0
package/src/providers/drivers/observability-sls.js +50 -0
package/src/providers/lifecycle.js +135 -0
package/src/providers/loader.js +132 -0
package/src/providers/local.js +190 -0
package/src/providers/userconfig.js +283 -0
package/src/reports/aggregate.js +185 -0
package/src/reports/coverage.js +163 -0
package/src/reports/detect.js +143 -0
package/src/reports/parse.js +236 -0
package/src/templates/files/ci/github.yml +38 -0
package/src/templates/files/ci/gitlab.yml +27 -0
package/src/templates/files/design.md +63 -0
package/src/templates/files/ide/devflow-workflow.md +58 -0
package/src/templates/files/ide/project-overview-reference.md +1 -0
package/src/templates/files/ide/project-overview.md +27 -0
package/src/templates/files/knowledge-index.json +17 -0
package/src/templates/files/knowledge.md +28 -0
package/src/templates/files/meta.json +8 -0
package/src/templates/files/plan.md +38 -0
package/src/templates/files/proposal.md +33 -0
package/src/templates/files/reports/contract-test.md +40 -0
package/src/templates/files/reports/e2e-test.md +30 -0
package/src/templates/files/reports/integration-test.md +36 -0
package/src/templates/files/reports/joint-test.md +58 -0
package/src/templates/files/reports/perf.md +24 -0
package/src/templates/files/reports/regression.md +20 -0
package/src/templates/files/reports/remote-test.md +55 -0
package/src/templates/files/reports/self-test.md +43 -0
package/src/templates/files/reports/smoke-test.md +22 -0
package/src/templates/files/reports/unit-test.md +36 -0
package/src/templates/files/requirement.md +51 -0
package/src/templates/files/review.md +38 -0
package/src/templates/files/tests.md +36 -0
package/src/templates/files/verify.md +32 -0
package/src/templates/index.js +21 -0
package/src/utils/log.js +37 -0

package/src/core/workflow-verify.js ADDED Viewed

@@ -0,0 +1,88 @@
+'use strict';
+const DEFAULT_REQUIRED_BY_LEVEL = {
+  L0: ['unit-test.md'],
+  L1: ['unit-test.md', 'smoke-test.md'],
+  L2: ['unit-test.md', 'integration-test.md', 'smoke-test.md', 'self-test.md'],
+  L3: ['unit-test.md', 'integration-test.md', 'e2e-test.md', 'smoke-test.md', 'self-test.md'],
+};
+const REPORT_ALIASES = {
+  unit: 'unit-test.md',
+  'unit-test': 'unit-test.md',
+  integration: 'integration-test.md',
+  'integration-test': 'integration-test.md',
+  e2e: 'e2e-test.md',
+  'e2e-test': 'e2e-test.md',
+  smoke: 'smoke-test.md',
+  'smoke-test': 'smoke-test.md',
+  self: 'self-test.md',
+  'self-test': 'self-test.md',
+  self_test: 'self-test.md',
+  regression: 'regression-test.md',
+  'regression-test': 'regression-test.md',
+  perf: 'perf-test.md',
+  'perf-test': 'perf-test.md',
+  contract: 'contract-test.md',
+  'contract-test': 'contract-test.md',
+  joint: 'joint-test.md',
+  'joint-test': 'joint-test.md',
+};
+function normalizeReportList(input) {
+  const parts = Array.isArray(input)
+    ? input
+    : String(input || '').split(',');
+  const out = [];
+  const seen = new Set();
+  for (const raw of parts) {
+    const normalized = normalizeReportName(raw);
+    if (!seen.has(normalized)) {
+      out.push(normalized);
+      seen.add(normalized);
+    }
+  }
+  if (!out.length) throw new Error('at least one verify report is required');
+  return out;
+}
+function normalizeReportName(raw) {
+  const value = String(raw || '').trim();
+  if (!value) throw new Error('empty verify report name');
+  const key = value.replace(/^reports\//, '').replace(/^test-report\.md#/, '').toLowerCase();
+  if (REPORT_ALIASES[key]) return REPORT_ALIASES[key];
+  if (/^[a-z0-9][a-z0-9-]*\.md$/.test(key)) return key;
+  throw new Error(`unknown verify report: ${value}`);
+}
+function defaultRequiredReports(level) {
+  return (DEFAULT_REQUIRED_BY_LEVEL[level] || DEFAULT_REQUIRED_BY_LEVEL.L2).slice();
+}
+function requiredReportsForState(st) {
+  const override = st && st.workflow && st.workflow.verify && st.workflow.verify.requiredReports;
+  if (Array.isArray(override) && override.length) return normalizeReportList(override);
+  return defaultRequiredReports(st && st.level);
+}
+function missingDefaultReports(level, reports) {
+  const selected = new Set(normalizeReportList(reports));
+  return defaultRequiredReports(level).filter((name) => !selected.has(name));
+}
+function reportKindFromName(name) {
+  const normalized = normalizeReportName(name);
+  if (normalized === 'self-test.md') return 'self-test';
+  return normalized.replace(/-test\.md$/, '').replace(/\.md$/, '');
+}
+module.exports = {
+  DEFAULT_REQUIRED_BY_LEVEL,
+  REPORT_ALIASES,
+  normalizeReportList,
+  normalizeReportName,
+  defaultRequiredReports,
+  requiredReportsForState,
+  missingDefaultReports,
+  reportKindFromName,
+};

package/src/core/workflow.js ADDED Viewed

@@ -0,0 +1,433 @@
+'use strict';
+const fsSync = require('fs');
+const path = require('path');
+const PROTECTED_GATES = ['review', 'verify', 'deliver'];
+const BUILTIN_RECIPES = {
+  micro: {
+    label: '极简改动',
+    steps: [
+      { id: 'plan', skill: 'plan' },
+      { id: 'apply', skill: 'apply' },
+      gate('review', 'code-review'),
+      gate('verify', 'verify'),
+      gate('deliver', 'deliver'),
+    ],
+  },
+  standard: {
+    label: '标准研发',
+    steps: [
+      { id: 'requirement', skill: 'requirement-analysis' },
+      { id: 'design', skill: 'tech-spec' },
+      { id: 'plan', skill: 'plan' },
+      { id: 'apply', skill: 'apply' },
+      gate('review', 'code-review'),
+      gate('verify', 'verify'),
+      gate('deliver', 'deliver'),
+      { id: 'archive', skill: 'archive', optional: true },
+    ],
+  },
+  'dependency-upgrade': {
+    label: '依赖升级',
+    steps: [
+      { id: 'dependency-upgrade', skill: 'dependency-upgrade' },
+      { id: 'plan', skill: 'plan' },
+      { id: 'apply', skill: 'apply' },
+      gate('review', 'code-review'),
+      gate('verify', 'verify'),
+      gate('deliver', 'deliver'),
+    ],
+  },
+  'ci-fix': {
+    label: 'CI 修复',
+    steps: [
+      { id: 'ci-fix', skill: 'ci-fix' },
+      { id: 'apply', skill: 'apply' },
+      gate('review', 'code-review'),
+      gate('verify', 'verify'),
+      gate('deliver', 'deliver'),
+    ],
+  },
+  'frontend-quality': {
+    label: '前端改动',
+    extends: 'standard',
+    insertAfter: {
+      apply: [{ id: 'frontend-quality', skill: 'frontend-quality', optional: true }],
+    },
+  },
+  'security-hardening': {
+    label: '安全敏感改动',
+    extends: 'standard',
+    insertAfter: {
+      apply: [{ id: 'security-hardening', skill: 'security-hardening', optional: true }],
+    },
+  },
+  refactor: {
+    label: '技术重构',
+    steps: [
+      { id: 'requirement', skill: 'requirement-analysis', optional: true },
+      { id: 'design', skill: 'tech-spec' },
+      { id: 'plan', skill: 'plan' },
+      { id: 'apply', skill: 'apply' },
+      gate('review', 'code-review'),
+      gate('verify', 'verify'),
+      gate('deliver', 'deliver'),
+    ],
+  },
+};
+function gate(id, skill) {
+  return { id, skill, required: true, protected: true };
+}
+function recommendRecipe(state, cfg = {}) {
+  if (state.mode === 'micro' || state.level === 'L0') {
+    return { id: 'micro', reason: 'change is L0/micro' };
+  }
+  const risks = new Set((state.riskSignals || []).filter((r) => (r.status || 'open') === 'open').map((r) => r.type));
+  if (risks.has('dependency_change')) return { id: 'dependency-upgrade', reason: 'open dependency_change risk signal' };
+  if (risks.has('ci_failure')) return { id: 'ci-fix', reason: 'open ci_failure risk signal' };
+  if (risks.has('frontend_change')) return { id: 'frontend-quality', reason: 'open frontend_change risk signal' };
+  if (risks.has('security_sensitive')) return { id: 'security-hardening', reason: 'open security_sensitive risk signal' };
+  const configured = cfg.defaults && cfg.defaults.workflow;
+  if (configured) return { id: configured, reason: 'project default workflow' };
+  return { id: 'standard', reason: 'default workflow' };
+}
+function expandRecipe(id, cfg = {}) {
+  const recipes = (cfg.workflows && cfg.workflows.recipes) || {};
+  const recipe = recipes[id] || BUILTIN_RECIPES[id];
+  if (!recipe) throw new Error(`unknown workflow recipe: ${id}`);
+  const source = recipes[id] ? 'project' : 'builtin';
+  let steps;
+  if (recipe.steps) {
+    steps = clone(recipe.steps).map((s) => normalizeStep(s, source));
+  } else if (recipe.extends) {
+    steps = expandRecipe(recipe.extends, cfg).steps.map((s) => ({ ...s }));
+  } else {
+    throw new Error(`workflow recipe has no steps or extends: ${id}`);
+  }
+  steps = applyOverrides(steps, recipe, source);
+  validateSteps(steps, { recipeId: id });
+  return {
+    id,
+    label: recipe.label || id,
+    description: recipe.description || '',
+    source,
+    steps,
+  };
+}
+function applyOverrides(steps, recipe, source) {
+  let out = steps.slice();
+  if (recipe.replaceStep) {
+    for (const [id, replacement] of Object.entries(recipe.replaceStep)) {
+      const idx = findStepIndex(out, id);
+      out[idx] = normalizeStep({ ...replacement, id: replacement.id || id }, source);
+    }
+  }
+  if (recipe.disableStep) {
+    for (const id of asList(recipe.disableStep)) {
+      const idx = findStepIndex(out, id);
+      if (isProtected(out[idx])) throw new Error(`cannot disable protected workflow gate: ${id}`);
+      out[idx] = { ...out[idx], status: 'disabled' };
+    }
+  }
+  out = insertAll(out, recipe.insertBefore, source, 'before');
+  out = insertAll(out, recipe.insertAfter, source, 'after');
+  return out;
+}
+function insertAll(steps, spec, source, mode) {
+  let out = steps.slice();
+  for (const [anchor, inserts] of Object.entries(spec || {})) {
+    let anchorIdx = findStepIndex(out, anchor);
+    const normalized = asList(inserts).map((s) => normalizeStep(s, source));
+    const at = mode === 'before' ? anchorIdx : anchorIdx + 1;
+    out.splice(at, 0, ...normalized);
+  }
+  return out;
+}
+function validateSteps(steps, { recipeId = 'workflow' } = {}) {
+  const seen = new Set();
+  for (const step of steps) {
+    if (!step.id) throw new Error(`${recipeId}: workflow step id is required`);
+    if (seen.has(step.id)) throw new Error(`${recipeId}: duplicate workflow step id: ${step.id}`);
+    seen.add(step.id);
+  }
+  for (const gateId of PROTECTED_GATES) {
+    const step = steps.find((s) => s.id === gateId);
+    if (!step) throw new Error(`${recipeId}: missing protected workflow gate: ${gateId}`);
+    if (!isProtected(step)) throw new Error(`${recipeId}: protected workflow gate must be required: ${gateId}`);
+  }
+  const order = steps.map((s) => s.id);
+  if (order.indexOf('review') > order.indexOf('verify')) throw new Error(`${recipeId}: verify must stay after review`);
+  if (order.indexOf('verify') > order.indexOf('deliver')) throw new Error(`${recipeId}: deliver must stay after verify`);
+  return true;
+}
+function createDraft({ recipe, state, reason = '' }) {
+  const now = new Date().toISOString();
+  return {
+    status: 'draft',
+    baseRecipe: {
+      id: recipe.id,
+      label: recipe.label,
+      source: recipe.source,
+      reason,
+    },
+    overrides: [],
+    baseSteps: clone(recipe.steps),
+    steps: clone(recipe.steps),
+    currentStep: firstRunnableStep(recipe.steps),
+    audit: [{ ts: now, event: 'draft.create', recipe: recipe.id, reason }],
+    draftedAt: now,
+  };
+}
+function addStep(workflow, { skill, id, after, before }) {
+  ensureWorkflow(workflow);
+  if (!skill) throw new Error('skill is required');
+  const step = normalizeStep({ id: id || skill, skill, optional: true, source: 'change' }, 'change');
+  if (workflow.steps.some((s) => s.id === step.id)) throw new Error(`workflow step already exists: ${step.id}`);
+  const anchor = after || before;
+  if (!anchor) throw new Error('add-step requires --after=<step> or --before=<step>');
+  const idx = findStepIndex(workflow.steps, anchor);
+  const at = before ? idx : idx + 1;
+  workflow.steps.splice(at, 0, step);
+  pushOverride(workflow, { type: 'add-step', step: step.id, skill, after: after || null, before: before || null });
+  audit(workflow, 'step.add', { step: step.id, skill, after: after || null, before: before || null });
+  return step;
+}
+function disableStep(workflow, { stepId, reason, allowRequired = false }) {
+  ensureWorkflow(workflow);
+  const step = findStep(workflow.steps, stepId);
+  if ((isProtected(step) || step.required) && !allowRequired) {
+    const e = new Error(`cannot disable required workflow step without checkpoint: ${stepId}`);
+    e.code = 'WORKFLOW_POLICY';
+    throw e;
+  }
+  if (!reason) throw new Error('disable-step requires --reason="..."');
+  step.status = 'disabled';
+  step.disabledReason = reason;
+  pushOverride(workflow, { type: 'disable-step', step: stepId, reason });
+  audit(workflow, 'step.disable', { step: stepId, reason });
+  return step;
+}
+function moveStep(workflow, { stepId, after, before }) {
+  ensureWorkflow(workflow);
+  const anchor = after || before;
+  if (!anchor) throw new Error('move-step requires --after=<step> or --before=<step>');
+  const step = findStep(workflow.steps, stepId);
+  if (isProtected(step)) {
+    const reviewIdx = findStepIndex(workflow.steps, 'review');
+    const anchorIdx = findStepIndex(workflow.steps, anchor);
+    const targetIdx = before ? anchorIdx : anchorIdx + 1;
+    if (step.id !== 'review' && targetIdx <= reviewIdx) {
+      const e = new Error(`cannot move protected workflow gate before review: ${stepId}`);
+      e.code = 'WORKFLOW_POLICY';
+      throw e;
+    }
+  }
+  const from = findStepIndex(workflow.steps, stepId);
+  const [removed] = workflow.steps.splice(from, 1);
+  let anchorIdx = findStepIndex(workflow.steps, anchor);
+  const at = before ? anchorIdx : anchorIdx + 1;
+  workflow.steps.splice(at, 0, removed);
+  validateSteps(workflow.steps, { recipeId: 'change workflow' });
+  pushOverride(workflow, { type: 'move-step', step: stepId, after: after || null, before: before || null });
+  audit(workflow, 'step.move', { step: stepId, after: after || null, before: before || null });
+  return removed;
+}
+function setVerifyReports(workflow, { requiredReports, reason }) {
+  ensureWorkflow(workflow);
+  workflow.verify = workflow.verify || {};
+  workflow.verify.requiredReports = requiredReports.slice();
+  if (reason) workflow.verify.reason = reason;
+  pushOverride(workflow, { type: 'set-verify', requiredReports: requiredReports.slice(), reason: reason || null });
+  audit(workflow, 'verify.set-reports', { requiredReports: requiredReports.slice(), reason: reason || null });
+  return workflow.verify;
+}
+function confirmWorkflow(workflow) {
+  ensureWorkflow(workflow);
+  workflow.status = 'confirmed';
+  workflow.confirmedAt = new Date().toISOString();
+  workflow.currentStep = firstRunnableStep(workflow.steps);
+  audit(workflow, 'workflow.confirm', { currentStep: workflow.currentStep });
+  return workflow;
+}
+function assertStepAllowed(workflow, stepId) {
+  if (!workflow) return true;
+  ensureWorkflow(workflow);
+  if (workflow.status !== 'confirmed') {
+    const e = new Error('workflow draft is not confirmed');
+    e.code = 'WORKFLOW_NOT_CONFIRMED';
+    e.currentStep = workflow.currentStep || firstRunnableStep(workflow.steps);
+    throw e;
+  }
+  const current = currentRunnableStep(workflow);
+  if (!current) return true;
+  if (current.id !== stepId) {
+    const e = new Error(`workflow current step is ${current.id}, not ${stepId}`);
+    e.code = 'WORKFLOW_STEP_BLOCKED';
+    e.currentStep = current.id;
+    e.requestedStep = stepId;
+    throw e;
+  }
+  return true;
+}
+function completeStep(workflow, stepId) {
+  if (!workflow || workflow.status !== 'confirmed') return false;
+  ensureWorkflow(workflow);
+  const idx = findStepIndex(workflow.steps, stepId);
+  const step = workflow.steps[idx];
+  if (step.status === 'disabled') return false;
+  step.status = 'completed';
+  step.completedAt = new Date().toISOString();
+  const next = nextRunnableStep(workflow.steps, idx + 1);
+  workflow.currentStep = next ? next.id : null;
+  audit(workflow, 'step.complete', { step: stepId, nextStep: workflow.currentStep });
+  return true;
+}
+function diffWorkflow(workflow) {
+  ensureWorkflow(workflow);
+  const base = new Set((workflow.baseSteps || []).map((s) => s.id));
+  const added = [];
+  const disabled = [];
+  const moved = [];
+  for (const step of workflow.steps || []) {
+    if (!base.has(step.id)) added.push(step.id);
+    if (step.status === 'disabled') disabled.push(step.id);
+  }
+  for (const item of workflow.overrides || []) {
+    if (item.type === 'move-step' && !moved.includes(item.step)) {
+      moved.push(item.step);
+    }
+  }
+  const verifyReports = workflow.verify && Array.isArray(workflow.verify.requiredReports)
+    ? workflow.verify.requiredReports.slice()
+    : [];
+  return { added, disabled, moved, verifyReports };
+}
+function installedSkillExists(root, skill) {
+  if (BUILTIN_STEP_SKILLS.has(skill)) return true;
+  return fsSync.existsSync(path.join(root, 'skills', skill, 'SKILL.md'))
+    || fsSync.existsSync(path.join(__dirname, '..', '..', 'skills', skill, 'SKILL.md'));
+}
+const BUILTIN_STEP_SKILLS = new Set([
+  'apply',
+  'archive',
+  'code-review',
+  'deliver',
+  'plan',
+  'requirement-analysis',
+  'review',
+  'tech-spec',
+  'verify',
+]);
+function normalizeStep(input, source) {
+  const id = input.id || input.skill;
+  return {
+    id,
+    skill: input.skill || id,
+    label: input.label || id,
+    required: input.required === true || PROTECTED_GATES.includes(id),
+    optional: input.optional === true,
+    protected: input.protected === true || PROTECTED_GATES.includes(id),
+    source: input.source || source,
+    status: input.status || 'pending',
+  };
+}
+function firstRunnableStep(steps) {
+  const step = (steps || []).find((s) => s.status !== 'disabled');
+  return step ? step.id : null;
+}
+function currentRunnableStep(workflow) {
+  const steps = workflow.steps || [];
+  const current = workflow.currentStep ? steps.find((s) => s.id === workflow.currentStep) : null;
+  if (current && current.status !== 'disabled' && current.status !== 'completed') return current;
+  const start = current ? steps.indexOf(current) + 1 : 0;
+  return nextRunnableStep(steps, start);
+}
+function nextRunnableStep(steps, start = 0) {
+  for (let i = start; i < (steps || []).length; i += 1) {
+    const step = steps[i];
+    if (step.status !== 'disabled' && step.status !== 'completed') return step;
+  }
+  return null;
+}
+function isProtected(step) {
+  return !!(step && (step.protected || PROTECTED_GATES.includes(step.id)));
+}
+function ensureWorkflow(workflow) {
+  if (!workflow || !Array.isArray(workflow.steps)) throw new Error('workflow draft not found. run devflow flow draft first.');
+}
+function findStep(steps, id) {
+  const step = steps.find((s) => s.id === id);
+  if (!step) throw new Error(`workflow step not found: ${id}`);
+  return step;
+}
+function findStepIndex(steps, id) {
+  const idx = steps.findIndex((s) => s.id === id);
+  if (idx === -1) throw new Error(`workflow step not found: ${id}`);
+  return idx;
+}
+function pushOverride(workflow, entry) {
+  workflow.overrides = workflow.overrides || [];
+  workflow.overrides.push({ ts: new Date().toISOString(), ...entry });
+}
+function audit(workflow, event, extra) {
+  workflow.audit = workflow.audit || [];
+  workflow.audit.push({ ts: new Date().toISOString(), event, ...(extra || {}) });
+}
+function asList(value) {
+  if (!value) return [];
+  return Array.isArray(value) ? value : [value];
+}
+function clone(value) {
+  return JSON.parse(JSON.stringify(value));
+}
+module.exports = {
+  PROTECTED_GATES,
+  BUILTIN_RECIPES,
+  recommendRecipe,
+  expandRecipe,
+  validateSteps,
+  createDraft,
+  addStep,
+  disableStep,
+  moveStep,
+  setVerifyReports,
+  confirmWorkflow,
+  assertStepAllowed,
+  completeStep,
+  diffWorkflow,
+  installedSkillExists,
+};