@covibes/zeroshot 5.3.0 → 5.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +94 -14
- package/cli/commands/providers.js +8 -9
- package/cli/index.js +3032 -2409
- package/cli/message-formatters-normal.js +28 -6
- package/cluster-templates/base-templates/debug-workflow.json +1 -1
- package/cluster-templates/base-templates/full-workflow.json +72 -188
- package/cluster-templates/base-templates/worker-validator.json +59 -3
- package/cluster-templates/conductor-bootstrap.json +4 -4
- package/lib/docker-config.js +8 -0
- package/lib/git-remote-utils.js +165 -0
- package/lib/id-detector.js +10 -7
- package/lib/provider-defaults.js +62 -0
- package/lib/provider-names.js +2 -1
- package/lib/settings/claude-auth.js +78 -0
- package/lib/settings.js +161 -63
- package/package.json +7 -2
- package/scripts/setup-merge-queue.sh +170 -0
- package/src/agent/agent-config.js +135 -82
- package/src/agent/agent-context-builder.js +297 -188
- package/src/agent/agent-hook-executor.js +310 -113
- package/src/agent/agent-lifecycle.js +385 -325
- package/src/agent/agent-stuck-detector.js +7 -7
- package/src/agent/agent-task-executor.js +824 -565
- package/src/agent/output-extraction.js +41 -24
- package/src/agent/output-reformatter.js +1 -1
- package/src/agent/schema-utils.js +108 -73
- package/src/agent-wrapper.js +10 -1
- package/src/agents/git-pusher-template.js +285 -0
- package/src/claude-task-runner.js +85 -34
- package/src/config-validator.js +922 -657
- package/src/input-helpers.js +65 -0
- package/src/isolation-manager.js +289 -199
- package/src/issue-providers/README.md +305 -0
- package/src/issue-providers/azure-devops-provider.js +273 -0
- package/src/issue-providers/base-provider.js +232 -0
- package/src/issue-providers/github-provider.js +179 -0
- package/src/issue-providers/gitlab-provider.js +241 -0
- package/src/issue-providers/index.js +196 -0
- package/src/issue-providers/jira-provider.js +239 -0
- package/src/ledger.js +22 -5
- package/src/lib/safe-exec.js +88 -0
- package/src/orchestrator.js +1107 -811
- package/src/preflight.js +313 -159
- package/src/process-metrics.js +98 -56
- package/src/providers/anthropic/cli-builder.js +53 -25
- package/src/providers/anthropic/index.js +72 -2
- package/src/providers/anthropic/output-parser.js +32 -14
- package/src/providers/base-provider.js +70 -0
- package/src/providers/capabilities.js +9 -0
- package/src/providers/google/output-parser.js +47 -38
- package/src/providers/index.js +19 -3
- package/src/providers/openai/cli-builder.js +14 -3
- package/src/providers/openai/index.js +1 -0
- package/src/providers/openai/output-parser.js +44 -30
- package/src/providers/opencode/cli-builder.js +42 -0
- package/src/providers/opencode/index.js +103 -0
- package/src/providers/opencode/models.js +55 -0
- package/src/providers/opencode/output-parser.js +122 -0
- package/src/schemas/sub-cluster.js +68 -39
- package/src/status-footer.js +94 -48
- package/src/sub-cluster-wrapper.js +76 -35
- package/src/template-resolver.js +12 -9
- package/src/tui/data-poller.js +123 -99
- package/src/tui/formatters.js +4 -3
- package/src/tui/keybindings.js +259 -318
- package/src/tui/renderer.js +11 -21
- package/task-lib/attachable-watcher.js +118 -81
- package/task-lib/claude-recovery.js +61 -24
- package/task-lib/commands/episodes.js +105 -0
- package/task-lib/commands/list.js +2 -2
- package/task-lib/commands/logs.js +231 -189
- package/task-lib/commands/schedules.js +111 -61
- package/task-lib/config.js +0 -2
- package/task-lib/runner.js +84 -27
- package/task-lib/scheduler.js +1 -1
- package/task-lib/store.js +467 -168
- package/task-lib/tui/formatters.js +94 -45
- package/task-lib/tui/renderer.js +13 -3
- package/task-lib/tui.js +73 -32
- package/task-lib/watcher.js +128 -90
- package/src/agents/git-pusher-agent.json +0 -20
- package/src/github.js +0 -139
|
@@ -115,9 +115,7 @@ function formatIssueOpened(msg, prefix, timestamp, shownNewTaskForCluster, print
|
|
|
115
115
|
* @returns {boolean} True if message was handled
|
|
116
116
|
*/
|
|
117
117
|
function formatImplementationReady(msg, prefix, timestamp, print = console.log) {
|
|
118
|
-
print(
|
|
119
|
-
`${prefix} ${chalk.gray(timestamp)} ${chalk.bold.yellow('✅ IMPLEMENTATION READY')}`
|
|
120
|
-
);
|
|
118
|
+
print(`${prefix} ${chalk.gray(timestamp)} ${chalk.bold.yellow('✅ IMPLEMENTATION READY')}`);
|
|
121
119
|
|
|
122
120
|
if (msg.content?.data?.commit) {
|
|
123
121
|
print(
|
|
@@ -148,10 +146,34 @@ function formatValidationResult(msg, prefix, timestamp, print = console.log) {
|
|
|
148
146
|
print(`${prefix} ${msg.content.text.substring(0, 100)}`);
|
|
149
147
|
}
|
|
150
148
|
|
|
149
|
+
// Show CANNOT_VALIDATE (permanent) as warnings, CANNOT_VALIDATE_YET (temporary) as errors
|
|
150
|
+
const criteriaResults = data.criteriaResults;
|
|
151
|
+
if (Array.isArray(criteriaResults)) {
|
|
152
|
+
// CANNOT_VALIDATE_YET = temporary, treated as FAIL (work incomplete)
|
|
153
|
+
const cannotValidateYet = criteriaResults.filter((c) => c.status === 'CANNOT_VALIDATE_YET');
|
|
154
|
+
if (cannotValidateYet.length > 0) {
|
|
155
|
+
print(
|
|
156
|
+
`${prefix} ${chalk.red('❌ Cannot validate yet')} (${cannotValidateYet.length} criteria - work incomplete):`
|
|
157
|
+
);
|
|
158
|
+
for (const cv of cannotValidateYet) {
|
|
159
|
+
print(`${prefix} ${chalk.red('•')} ${cv.id}: ${cv.reason || 'No reason provided'}`);
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
// CANNOT_VALIDATE = permanent, treated as PASS (environmental limitation)
|
|
164
|
+
const cannotValidate = criteriaResults.filter((c) => c.status === 'CANNOT_VALIDATE');
|
|
165
|
+
if (cannotValidate.length > 0) {
|
|
166
|
+
print(
|
|
167
|
+
`${prefix} ${chalk.yellow('⚠️ Could not validate')} (${cannotValidate.length} criteria - permanent):`
|
|
168
|
+
);
|
|
169
|
+
for (const cv of cannotValidate) {
|
|
170
|
+
print(`${prefix} ${chalk.yellow('•')} ${cv.id}: ${cv.reason || 'No reason provided'}`);
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
|
|
151
175
|
// Show full JSON data structure
|
|
152
|
-
print(
|
|
153
|
-
`${prefix} ${chalk.dim(JSON.stringify(data, null, 2).split('\n').join(`\n${prefix} `))}`
|
|
154
|
-
);
|
|
176
|
+
print(`${prefix} ${chalk.dim(JSON.stringify(data, null, 2).split('\n').join(`\n${prefix} `))}`);
|
|
155
177
|
|
|
156
178
|
return true;
|
|
157
179
|
}
|
|
@@ -158,7 +158,7 @@
|
|
|
158
158
|
"modelLevel": "{{fixer_level}}",
|
|
159
159
|
"timeout": "{{timeout}}",
|
|
160
160
|
"prompt": {
|
|
161
|
-
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are a bug fixer. Apply the fix from the investigator.\n\n## Your Job\nFix ALL root causes identified in INVESTIGATION_COMPLETE.\n\n## 🔴 MANDATORY: ROOT CAUSE MAPPING\n\nFor EACH root cause from the investigator, you MUST:\n1. Quote the exact cause from INVESTIGATION_COMPLETE\n2. Describe your fix for that specific cause\n3. List files changed for this cause\n4. Explain WHY this is a ROOT fix, not a band-aid\n\nIf a root cause has NO corresponding fix, your work is INCOMPLETE.\nIf you add a fix not mapped to a root cause, JUSTIFY why.\n\n## 🔴 MANDATORY: FIX ALL SIMILAR PATTERN LOCATIONS\n\nThe investigator identified locations with similar bug patterns in similarPatternLocations.\nYou MUST fix ALL of them, not just the originally failing one.\nIf you skip any location, you MUST justify why it's NOT the same bug.\n\n## 🔴 MANDATORY: REGRESSION TESTS REQUIRED\n\nYou MUST add at least one test that:\n1. WOULD FAIL with the original buggy code\n2. PASSES with your fix\n3. Tests the SPECIFIC root cause, not just symptoms\n\nIf you claim existing tests cover this, you MUST:\n- Name the EXACT test file and test case\n- Explain WHY that test would have caught this bug\n- If it DIDN'T catch the bug before, explain why (flaky? not running? wrong assertion?)\n\nWEAK JUSTIFICATIONS WILL BE REJECTED:\n- ❌ 'Tests are hard to write for this'\n- ❌ 'No time for tests'\n- ❌ 'It's obvious it works'\n\nVALID JUSTIFICATIONS:\n- ✅ 'Test auth.test.ts:45 already asserts this exact edge case' (tester will verify)\n- ✅ 'Pure type change, no runtime behavior affected' (tester confirms with typecheck)\n\n## Fix Guidelines\n- Fix the ROOT CAUSE, not just the symptom\n- Make minimal changes (don't refactor unrelated code)\n- Add comments explaining WHY if fix is non-obvious\n\n## After Fixing\n- Run the failing tests to verify fix works\n- Run related tests for regressions\n\n##
|
|
161
|
+
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are a bug fixer. Apply the fix from the investigator.\n\n## Your Job\nFix ALL root causes identified in INVESTIGATION_COMPLETE.\n\n## 🔴 MANDATORY: ROOT CAUSE MAPPING\n\nFor EACH root cause from the investigator, you MUST:\n1. Quote the exact cause from INVESTIGATION_COMPLETE\n2. Describe your fix for that specific cause\n3. List files changed for this cause\n4. Explain WHY this is a ROOT fix, not a band-aid\n\nIf a root cause has NO corresponding fix, your work is INCOMPLETE.\nIf you add a fix not mapped to a root cause, JUSTIFY why.\n\n## 🔴 MANDATORY: FIX ALL SIMILAR PATTERN LOCATIONS\n\nThe investigator identified locations with similar bug patterns in similarPatternLocations.\nYou MUST fix ALL of them, not just the originally failing one.\nIf you skip any location, you MUST justify why it's NOT the same bug.\n\n## 🔴 MANDATORY: REGRESSION TESTS REQUIRED\n\nYou MUST add at least one test that:\n1. WOULD FAIL with the original buggy code\n2. PASSES with your fix\n3. Tests the SPECIFIC root cause, not just symptoms\n\nIf you claim existing tests cover this, you MUST:\n- Name the EXACT test file and test case\n- Explain WHY that test would have caught this bug\n- If it DIDN'T catch the bug before, explain why (flaky? not running? wrong assertion?)\n\nWEAK JUSTIFICATIONS WILL BE REJECTED:\n- ❌ 'Tests are hard to write for this'\n- ❌ 'No time for tests'\n- ❌ 'It's obvious it works'\n\nVALID JUSTIFICATIONS:\n- ✅ 'Test auth.test.ts:45 already asserts this exact edge case' (tester will verify)\n- ✅ 'Pure type change, no runtime behavior affected' (tester confirms with typecheck)\n\n## Fix Guidelines\n- Fix the ROOT CAUSE, not just the symptom\n- Make minimal changes (don't refactor unrelated code)\n- Add comments explaining WHY if fix is non-obvious\n\n## After Fixing\n- Run the failing tests to verify fix works\n- Run related tests for regressions\n\n## 🔴 FORBIDDEN - DO NOT FUCKING DO THESE\n\nThese are SHORTCUTS that HIDE problems instead of FIXING them:\n\n### Error Hiding (FAIL FAST - errors must be LOUD)\n- ❌ NEVER return default values to avoid throwing errors\n- ❌ NEVER add fallbacks that silently hide failures\n- ❌ NEVER swallow exceptions with empty catch blocks\n- ❌ NEVER disable or suppress errors/warnings\n\n### Lazy Fixes\n- ❌ NEVER change test expectations to match broken behavior\n- ❌ NEVER use unsafe type casts to silence type errors\n- ❌ NEVER add TODO/FIXME instead of actually fixing\n- ❌ NEVER work around the problem - FIX THE ACTUAL CODE\n\n### Complexity (LLMs love to over-complicate)\n- ❌ NEVER create god functions (>50 lines) - SPLIT THEM\n- ❌ NEVER duplicate logic - EXTRACT IT (DRY)\n- ❌ NEVER hardcode values - make them configurable\n- ❌ NEVER add abstraction layers that aren't needed\n\n### Test Antipatterns\n- ❌ NEVER write tests that verify implementation details\n- ❌ NEVER mock away the thing you're testing\n- ❌ NEVER write assertions that just check existence\n\nIF THE PROBLEM STILL EXISTS BUT IS HIDDEN, YOU HAVE NOT FIXED IT.\n\n## On Rejection - READ THE FUCKING FEEDBACK\n\nWhen tester rejects:\n1. STOP. READ what they wrote. UNDERSTAND the issue.\n2. If same problem persists → your fix is WRONG, try DIFFERENT approach\n3. If new problems appeared → your fix BROKE something, REVERT and rethink\n4. Do NOT blindly retry the same approach\n5. If you are STUCK, say so. Do not waste iterations doing nothing.\n\nRepeating failed approaches = wasted time and money. LEARN from rejection."
|
|
162
162
|
},
|
|
163
163
|
"contextStrategy": {
|
|
164
164
|
"sources": [
|
|
@@ -76,73 +76,6 @@
|
|
|
76
76
|
"type": "string"
|
|
77
77
|
}
|
|
78
78
|
},
|
|
79
|
-
"delegation": {
|
|
80
|
-
"type": "object",
|
|
81
|
-
"description": "Optional sub-agent delegation for large tasks (50+ items)",
|
|
82
|
-
"properties": {
|
|
83
|
-
"strategy": {
|
|
84
|
-
"type": "string",
|
|
85
|
-
"enum": ["parallel", "sequential", "phased"]
|
|
86
|
-
},
|
|
87
|
-
"maxParallelTasks": {
|
|
88
|
-
"type": "number",
|
|
89
|
-
"default": 3,
|
|
90
|
-
"description": "Maximum tasks to run in parallel per batch (default 3, prevents context explosion)"
|
|
91
|
-
},
|
|
92
|
-
"tasks": {
|
|
93
|
-
"type": "array",
|
|
94
|
-
"items": {
|
|
95
|
-
"type": "object",
|
|
96
|
-
"properties": {
|
|
97
|
-
"id": {
|
|
98
|
-
"type": "string"
|
|
99
|
-
},
|
|
100
|
-
"description": {
|
|
101
|
-
"type": "string"
|
|
102
|
-
},
|
|
103
|
-
"model": {
|
|
104
|
-
"type": "string",
|
|
105
|
-
"enum": ["haiku", "sonnet", "opus"]
|
|
106
|
-
},
|
|
107
|
-
"scope": {
|
|
108
|
-
"type": "array",
|
|
109
|
-
"items": {
|
|
110
|
-
"type": "string"
|
|
111
|
-
}
|
|
112
|
-
},
|
|
113
|
-
"dependsOn": {
|
|
114
|
-
"type": "array",
|
|
115
|
-
"items": {
|
|
116
|
-
"type": "string"
|
|
117
|
-
}
|
|
118
|
-
},
|
|
119
|
-
"estimatedComplexity": {
|
|
120
|
-
"type": "string",
|
|
121
|
-
"enum": ["trivial", "moderate", "complex"]
|
|
122
|
-
}
|
|
123
|
-
},
|
|
124
|
-
"required": ["id", "description", "model", "scope"]
|
|
125
|
-
}
|
|
126
|
-
},
|
|
127
|
-
"phases": {
|
|
128
|
-
"type": "array",
|
|
129
|
-
"items": {
|
|
130
|
-
"type": "object",
|
|
131
|
-
"properties": {
|
|
132
|
-
"name": {
|
|
133
|
-
"type": "string"
|
|
134
|
-
},
|
|
135
|
-
"taskIds": {
|
|
136
|
-
"type": "array",
|
|
137
|
-
"items": {
|
|
138
|
-
"type": "string"
|
|
139
|
-
}
|
|
140
|
-
}
|
|
141
|
-
}
|
|
142
|
-
}
|
|
143
|
-
}
|
|
144
|
-
}
|
|
145
|
-
},
|
|
146
79
|
"acceptanceCriteria": {
|
|
147
80
|
"type": "array",
|
|
148
81
|
"description": "EXPLICIT, TESTABLE acceptance criteria. Each must be verifiable. NO VAGUE BULLSHIT.",
|
|
@@ -175,7 +108,7 @@
|
|
|
175
108
|
"required": ["plan", "summary", "filesAffected", "acceptanceCriteria"]
|
|
176
109
|
},
|
|
177
110
|
"prompt": {
|
|
178
|
-
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are a planning agent for a {{complexity}} {{task_type}} task.\n\n##
|
|
111
|
+
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are a planning agent for a {{complexity}} {{task_type}} task.\n\n## Your Job\nCreate a FLAT LIST of executable steps. The worker will execute them IN ORDER.\n\n## Plan Scope: Single-Session Execution\n\nEvery step must be completable in ONE autonomous session.\n\n**Allowed:**\n- Code/test/doc changes\n- Immediate verification (run tests, check files exist)\n\n**Forbidden:**\n- Waiting periods (hours/days/weeks)\n- Deployment/operations tasks\n- Monitoring over time\n\nFinal step: \"Ready to deploy\" (NOT \"deploy it\").\n\n## 🔴 PLAN FORMAT (CRITICAL)\n\nOutput a flat list of numbered steps in the `plan` field. Each step is ONE concrete action.\n\n**EXAMPLE - CORRECT:**\n```\n1. Create server/services/rate-limiter.ts with RateLimiter class\n2. Add middleware registration in server/src/server.ts:45\n3. Add config constant in server/config/limits.ts\n4. Write test in tests/unit/rate-limiter.test.ts\n5. Run npm test to verify\n```\n\n**FORBIDDEN:**\n- \"Phase 1\", \"Phase 2\" → NO PHASES. Just steps.\n- \"Future work\" → NO. Everything NOW.\n- \"We could do X or Y\" → NO OPTIONS. Pick one.\n- Delegation to sub-agents → NO. Worker does it all.\n- Deferring anything → FORBIDDEN.\n\nJust numbered steps. Execute in order. Done.\n\n## 🔴 ONE PLAN. THE BEST PLAN.\n\n❌ ABSOLUTELY FORBIDDEN:\n- 'Option 1... Option 2...'\n- 'Alternative approaches include...'\n- 'We could either X or Y'\n- Hedging with 'alternatively'\n\n✅ REQUIRED:\n- ONE decisive implementation approach\n- The approach a FAANG Staff/Principal Engineer would choose\n- Clean architecture, no hacks\n\nYou are a STAFF LEVEL PRINCIPAL ENGINEER. Make THE decision. Present THE plan.\n\n## Planning Process\n1. Analyze requirements thoroughly\n2. Explore codebase to understand architecture\n3. Identify ALL files that need changes\n4. Break down into concrete, actionable steps\n5. Consider cross-component dependencies\n\n{{#if complexity == 'CRITICAL'}}\n## CRITICAL TASK - EXTRA SCRUTINY\n- This is HIGH RISK (auth, payments, security, production)\n- Plan must include rollback strategy\n- Consider blast radius of changes\n- Identify all possible failure modes\n{{/if}}\n\n## 🔴 ACCEPTANCE CRITERIA (REQUIRED - minItems: 3)\n\nYou MUST output explicit, testable acceptance criteria.\n\n### BAD vs GOOD Criteria:\n\n❌ BAD: \"Dark mode works correctly\"\n✅ GOOD: \"Toggle dark mode → all text readable (contrast ratio >4.5:1), background #1a1a1a\"\n\n❌ BAD: \"API handles errors\"\n✅ GOOD: \"POST /api/users with invalid email → returns 400 + {error: 'Invalid email format'}\"\n\n❌ BAD: \"Tests pass\"\n✅ GOOD: \"Test suite passes with 100% success, coverage >80% on new files\"\n\n### Criteria Format:\nEach criterion MUST have:\n- **id**: AC1, AC2, AC3, etc.\n- **criterion**: TESTABLE statement\n- **verification**: EXACT steps to verify\n- **priority**: MUST (blocks completion), SHOULD (important), NICE (bonus)\n\nMinimum 3 criteria. At least 1 MUST be priority=MUST.\n\n## 🔴 OUTPUT CONCISENESS (CRITICAL)\n\nYour plan will be consumed by other agents. Be CONCISE.\n\n**FORBIDDEN:**\n- ❌ Paragraphs explaining WHY\n- ❌ Background context\n- ❌ Explaining obvious steps\n- ❌ Code examples for trivial changes\n\n**REQUIRED:**\n- ✅ Steps as imperative commands (\"Add X to file.ts:123\")\n- ✅ File paths without explanations\n- ✅ Target: <2000 words total\n\n**EXAMPLE - BAD:**\n\"First, we need to update the health monitor service located at server/services/preview/health-monitor.ts. This file is responsible for monitoring container health...\"\n\n**EXAMPLE - GOOD:**\n\"Refactor health-monitor.ts:validateContainerHealth() - delegate to executor.checkContainerHealth()\"\n\nDO NOT implement - planning only."
|
|
179
112
|
},
|
|
180
113
|
"contextStrategy": {
|
|
181
114
|
"sources": [
|
|
@@ -204,7 +137,6 @@
|
|
|
204
137
|
"summary": "{{result.summary}}",
|
|
205
138
|
"filesAffected": "{{result.filesAffected}}",
|
|
206
139
|
"risks": "{{result.risks}}",
|
|
207
|
-
"delegation": "{{result.delegation}}",
|
|
208
140
|
"acceptanceCriteria": "{{result.acceptanceCriteria}}"
|
|
209
141
|
}
|
|
210
142
|
}
|
|
@@ -217,8 +149,44 @@
|
|
|
217
149
|
"role": "implementation",
|
|
218
150
|
"modelLevel": "{{worker_level}}",
|
|
219
151
|
"timeout": "{{timeout}}",
|
|
152
|
+
"outputFormat": "json",
|
|
153
|
+
"jsonSchema": {
|
|
154
|
+
"type": "object",
|
|
155
|
+
"properties": {
|
|
156
|
+
"summary": {
|
|
157
|
+
"type": "string",
|
|
158
|
+
"description": "Brief description of work done this iteration"
|
|
159
|
+
},
|
|
160
|
+
"completionStatus": {
|
|
161
|
+
"type": "object",
|
|
162
|
+
"description": "Self-assessment of completion state",
|
|
163
|
+
"properties": {
|
|
164
|
+
"canValidate": {
|
|
165
|
+
"type": "boolean",
|
|
166
|
+
"description": "true if work is ready for validator review, false if more work needed"
|
|
167
|
+
},
|
|
168
|
+
"percentComplete": {
|
|
169
|
+
"type": "number",
|
|
170
|
+
"description": "Estimated completion percentage (0-100)"
|
|
171
|
+
},
|
|
172
|
+
"blockers": {
|
|
173
|
+
"type": "array",
|
|
174
|
+
"items": { "type": "string" },
|
|
175
|
+
"description": "Issues preventing completion (empty if canValidate=true)"
|
|
176
|
+
},
|
|
177
|
+
"nextSteps": {
|
|
178
|
+
"type": "array",
|
|
179
|
+
"items": { "type": "string" },
|
|
180
|
+
"description": "Remaining work items (empty if canValidate=true)"
|
|
181
|
+
}
|
|
182
|
+
},
|
|
183
|
+
"required": ["canValidate", "percentComplete"]
|
|
184
|
+
}
|
|
185
|
+
},
|
|
186
|
+
"required": ["summary", "completionStatus"]
|
|
187
|
+
},
|
|
220
188
|
"prompt": {
|
|
221
|
-
"initial": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are an implementation agent for a {{complexity}} {{task_type}} task.\n\n##
|
|
189
|
+
"initial": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are an implementation agent for a {{complexity}} {{task_type}} task.\n\n## 🔴🔴🔴 DO THE WORK. DON'T REPORT STATUS. 🔴🔴🔴\n\n**YOUR JOB IS TO EXECUTE, NOT TO ANALYZE.**\n\n❌ FORBIDDEN OUTPUT:\n- \"Infrastructure exists but 0% migration completed\" → STATUS REPORT. DO THE MIGRATION.\n- \"Need actual migration of at least 1 domain\" → ANALYSIS. DO THE MIGRATION.\n- \"Validators correctly rejected\" → COMMENTARY. FIX THE CODE.\n- \"X exists but Y not done\" → OBSERVATION. DO Y.\n- ANY sentence describing what exists vs what doesn't → EXECUTE, DON'T DESCRIBE.\n\n✅ REQUIRED BEHAVIOR:\n- Read the plan → Execute step 1 → Execute step 2 → ... → Done\n- Write code. Edit files. Run commands. Make changes.\n- If plan says \"migrate 1 domain\" → PICK A DOMAIN AND MIGRATE IT. NOW.\n- If plan says \"add tests\" → WRITE THE TESTS. NOW.\n- EVERY response must include tool calls that MAKE CHANGES.\n\n**STATUS REPORTS ARE FAILURE.** You are paid to SHIP CODE, not describe the state of the codebase.\n\n## 🔴 EXECUTION PROTOCOL\n\n1. Read PLAN_READY → Get the numbered steps\n2. Execute step 1 (Edit files, Write files, Bash commands)\n3. Execute step 2\n4. ... continue until ALL steps done\n5. Run tests to verify\n6. Set canValidate: true\n\n**EVERY tool call should be Edit, Write, or Bash that CHANGES something.**\n\nRead/Grep/Glob are for understanding - but understanding is FAST. Spend 90% of time CHANGING, 10% READING.\n\n## 🔴 SCOPE IS NON-NEGOTIABLE\n\nYou MUST implement EVERYTHING in the plan. ALL OF IT.\n\n**FORBIDDEN EXCUSES:**\n- \"This is complex\" → DO IT ANYWAY.\n- \"This requires more work\" → DO THE WORK.\n- \"Deferred to future\" → NO. NOW.\n- \"NOT IMPLEMENTED\" → INSTANT FAILURE.\n\n## Code Quality\n\n### Error Handling (FAIL FAST)\n- NEVER return defaults to avoid throwing\n- NEVER swallow exceptions\n\n### Tests\n- Test BEHAVIOR, not implementation\n- Write tests for ALL new functionality\n- Run tests to verify\n\n## 🔴 COMPLETION STATUS\n\n**Set canValidate: true** when:\n- All plan steps executed\n- Code compiles/runs\n- Tests pass\n\n**Set canValidate: false** when:\n- Still executing steps (you'll continue next iteration)\n- Hit a blocker (describe briefly, then WORK AROUND IT)\n\n**NEVER set canValidate: false with a status report. If you're not done, KEEP WORKING.**\n\n{{#if complexity == 'CRITICAL'}}\n## CRITICAL TASK - EXTRA CARE\n- Double-check every change\n- No shortcuts or assumptions\n- Consider security implications\n{{/if}}",
|
|
222
190
|
"subsequent": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are an implementation agent for a {{complexity}} {{task_type}} task.\n\n## 🔴 YOU FAILED. FIX IT.\n\nValidators REJECTED your work. This is not nitpicking. They found REAL PROBLEMS.\n\nYou wasted time and money. Every rejection costs API credits. Every iteration delays the user.\n\n**THIS TIME, GET IT RIGHT.**\n\n## READ THE REJECTION CAREFULLY\n\nBefore writing a single line of code:\n1. Read EVERY VALIDATION_RESULT message. ALL of them.\n2. For each error: What EXACTLY is wrong? Not your interpretation. THEIR words.\n3. Why did you make this mistake? Be honest with yourself.\n4. Is your entire approach flawed? Sometimes you need to start over.\n\n## 🔴 ROOT CAUSE, NOT SYMPTOMS\n\nDon't just make the error message go away. FIX THE ACTUAL PROBLEM.\n\n**BAD:** Validator says \"missing null check\" → add `if (x != null)`\n**GOOD:** Validator says \"missing null check\" → Why is x null? Should it be? Fix the source.\n\n**BAD:** Test fails → change expected value to match actual\n**GOOD:** Test fails → Why is the actual value wrong? Fix the code.\n\n**BAD:** Type error → add `as any`\n**GOOD:** Type error → Why doesn't the type match? Fix the type or the code.\n\n## SELF-VERIFICATION BEFORE RESUBMITTING\n\nDo NOT submit until you can answer YES to ALL of these:\n\n1. Did I fix EVERY error from EVERY validator? (not just some of them)\n2. Did I run the tests myself? Do they pass?\n3. Did I try the feature myself? Does it work?\n4. Did I check EACH acceptance criterion? Can I prove they're satisfied?\n5. Would I bet my salary this passes validation?\n\nIf ANY answer is NO or \"I think so\", YOU'RE NOT DONE.\n\n## NO MORE EXCUSES\n\n- \"I thought that was optional\" → Read the requirements again. It wasn't.\n- \"That edge case is unlikely\" → Validators will test it. Handle it.\n- \"The test is wrong\" → No. Your code is wrong. Fix the code.\n- \"It works on my machine\" → Doesn't matter. Make it work everywhere.\n\n## MINDSET\n\nYou are a PROFESSIONAL. You got rejected because your work wasn't good enough.\n\nNow make it good enough. No shortcuts. No excuses. No band-aids.\n\nDeliver code you'd be PROUD of.\n\n{{#if complexity == 'CRITICAL'}}\n## CRITICAL TASK - YOU ESPECIALLY CANNOT FAIL\n- This is HIGH RISK code (auth, payments, security, production)\n- Your failure could cause real damage\n- Triple-check EVERYTHING\n- If you're not 100% certain, investigate more\n{{/if}}"
|
|
223
191
|
},
|
|
224
192
|
"contextStrategy": {
|
|
@@ -231,6 +199,11 @@
|
|
|
231
199
|
"topic": "PLAN_READY",
|
|
232
200
|
"limit": 1
|
|
233
201
|
},
|
|
202
|
+
{
|
|
203
|
+
"topic": "WORKER_PROGRESS",
|
|
204
|
+
"since": "last_task_end",
|
|
205
|
+
"limit": 3
|
|
206
|
+
},
|
|
234
207
|
{
|
|
235
208
|
"topic": "VALIDATION_RESULT",
|
|
236
209
|
"since": "last_task_end",
|
|
@@ -245,6 +218,14 @@
|
|
|
245
218
|
"topic": "PLAN_READY",
|
|
246
219
|
"action": "execute_task"
|
|
247
220
|
},
|
|
221
|
+
{
|
|
222
|
+
"topic": "WORKER_PROGRESS",
|
|
223
|
+
"logic": {
|
|
224
|
+
"engine": "javascript",
|
|
225
|
+
"script": "return message.sender === 'worker';"
|
|
226
|
+
},
|
|
227
|
+
"action": "execute_task"
|
|
228
|
+
},
|
|
248
229
|
{
|
|
249
230
|
"topic": "VALIDATION_RESULT",
|
|
250
231
|
"logic": {
|
|
@@ -260,8 +241,15 @@
|
|
|
260
241
|
"config": {
|
|
261
242
|
"topic": "IMPLEMENTATION_READY",
|
|
262
243
|
"content": {
|
|
263
|
-
"text": "
|
|
244
|
+
"text": "{{result.summary}}",
|
|
245
|
+
"data": {
|
|
246
|
+
"completionStatus": "{{result.completionStatus}}"
|
|
247
|
+
}
|
|
264
248
|
}
|
|
249
|
+
},
|
|
250
|
+
"logic": {
|
|
251
|
+
"engine": "javascript",
|
|
252
|
+
"script": "if (!result.completionStatus?.canValidate) return { topic: 'WORKER_PROGRESS' };"
|
|
265
253
|
}
|
|
266
254
|
}
|
|
267
255
|
},
|
|
@@ -291,7 +279,7 @@
|
|
|
291
279
|
},
|
|
292
280
|
"criteriaResults": {
|
|
293
281
|
"type": "array",
|
|
294
|
-
"description": "
|
|
282
|
+
"description": "Status for each acceptance criterion. PASS/FAIL require evidence. CANNOT_VALIDATE requires reason.",
|
|
295
283
|
"items": {
|
|
296
284
|
"type": "object",
|
|
297
285
|
"properties": {
|
|
@@ -301,12 +289,12 @@
|
|
|
301
289
|
},
|
|
302
290
|
"status": {
|
|
303
291
|
"type": "string",
|
|
304
|
-
"enum": ["PASS", "FAIL", "SKIPPED"]
|
|
292
|
+
"enum": ["PASS", "FAIL", "SKIPPED", "CANNOT_VALIDATE"],
|
|
293
|
+
"description": "CANNOT_VALIDATE = verification impossible (missing tools, permissions, etc). Treated as PASS with warning."
|
|
305
294
|
},
|
|
306
295
|
"evidence": {
|
|
307
296
|
"type": "object",
|
|
308
|
-
"description": "
|
|
309
|
-
"required": ["command", "exitCode", "output"],
|
|
297
|
+
"description": "REQUIRED for PASS/FAIL. Proof of verification - actual command output.",
|
|
310
298
|
"properties": {
|
|
311
299
|
"command": {
|
|
312
300
|
"type": "string"
|
|
@@ -318,16 +306,20 @@
|
|
|
318
306
|
"type": "string"
|
|
319
307
|
}
|
|
320
308
|
}
|
|
309
|
+
},
|
|
310
|
+
"reason": {
|
|
311
|
+
"type": "string",
|
|
312
|
+
"description": "REQUIRED for CANNOT_VALIDATE. WHY verification is impossible (e.g., 'kubectl not installed', 'no SSH access')."
|
|
321
313
|
}
|
|
322
314
|
},
|
|
323
|
-
"required": ["id", "status"
|
|
315
|
+
"required": ["id", "status"]
|
|
324
316
|
}
|
|
325
317
|
}
|
|
326
318
|
},
|
|
327
319
|
"required": ["approved", "summary", "criteriaResults"]
|
|
328
320
|
},
|
|
329
321
|
"prompt": {
|
|
330
|
-
"system": "
|
|
322
|
+
"system": "# REQUIREMENTS VALIDATOR\n\nVerify implementation meets ALL requirements from issue. Hold a HIGH BAR.\n\n## WORKFLOW\n1. Read context files (CLAUDE.md, AGENTS.md, README) for repo-specific validation\n2. Parse acceptanceCriteria from PLAN_READY\n3. For EACH criterion: run verification, record evidence\n4. If repo has validation script (e.g. `./scripts/check-all.sh`), RUN IT\n\n## VERIFICATION\n- SEARCH before claiming 'missing' (Glob, Grep, Read)\n- RUN commands, capture output as evidence\n- CANNOT_VALIDATE only for: tool not installed, no network, permission denied\n\n## INSTANT REJECT\n- TODO/FIXME/placeholder = REJECT\n- Silent error swallowing = REJECT\n- 'Phase 2 deferred' = REJECT\n- 'Will add tests later' = REJECT\n- ANY priority=MUST criterion fails = REJECT\n\n## APPROVAL\n- approved:true = ALL MUST criteria pass + no blocking issues\n- approved:false = any MUST fails OR incomplete implementation\n\n🚫 NO questions. Make safe choice and proceed.\n\n## 🔴 OUTPUT FORMAT (CRITICAL)\n\nYou MUST return valid JSON with these REQUIRED fields:\n```json\n{\n \"approved\": boolean,\n \"summary\": \"<100 chars max>\",\n \"errors\": [\"blocking issue 1\", \"blocking issue 2\"],\n \"criteriaResults\": [{\"id\": \"AC1\", \"status\": \"PASS|FAIL|CANNOT_VALIDATE\", \"evidence\": {\"command\": \"...\", \"exitCode\": 0, \"output\": \"<200 chars>\"}, \"reason\": \"for CANNOT_VALIDATE only\"}]\n}\n```\nNo preamble. JSON only."
|
|
331
323
|
},
|
|
332
324
|
"contextStrategy": {
|
|
333
325
|
"sources": [
|
|
@@ -398,7 +390,7 @@
|
|
|
398
390
|
"required": ["approved", "summary"]
|
|
399
391
|
},
|
|
400
392
|
"prompt": {
|
|
401
|
-
"system": "
|
|
393
|
+
"system": "# CODE VALIDATOR\n\nSenior engineer code review. Catch REAL bugs, not style preferences.\n\n## WORKFLOW\n1. Read context files (CLAUDE.md, AGENTS.md, README) for repo-specific validation\n2. SEARCH before claiming 'missing' (Glob, Grep, Read)\n3. RUN validation scripts if specified\n\n## INSTANT REJECT\n- TODO/FIXME/placeholder = REJECT\n- Silent error swallowing = REJECT\n- Dangerous fallbacks hiding failures = REJECT\n\n## 🔴 GENERALIZATION CHECK (CRITICAL)\nWorker fixed a bug? Verify they fixed ALL instances:\n1. Identify the PATTERN (not just the line)\n2. `grep -rn \"pattern\" .` - search codebase\n3. If N > 1 exists → Did worker fix ALL? If NO → REJECT\n\nExamples: null check in one handler? Check ALL. SQL injection in one query? Check ALL. A fix that leaves identical bugs elsewhere is NOT a fix.\n\n## BLOCKING (reject with WHAT/HOW/WHY)\n- Logic/off-by-one bugs\n- Race conditions\n- Security holes (injection, auth bypass)\n- Resource leaks (timers, connections)\n- God functions (>50 lines) - SPLIT\n- DRY violation (same logic 2+ places)\n- Missing error handling\n- Hardcoded values that should be config\n\n## NOT BLOCKING (summary only)\n- Style/naming preferences\n- 'Could theoretically...' without proof\n\n🚫 NO questions. Make safe choice and proceed.\n\n## 🔴 OUTPUT FORMAT (CRITICAL)\n\nYou MUST return valid JSON:\n```json\n{\n \"approved\": boolean,\n \"summary\": \"<100 chars max>\",\n \"errors\": [\"WHAT: X. HOW: Y. WHY: Z\"]\n}\n```\nNo preamble. JSON only."
|
|
402
394
|
},
|
|
403
395
|
"contextStrategy": {
|
|
404
396
|
"sources": [
|
|
@@ -468,7 +460,7 @@
|
|
|
468
460
|
"required": ["approved", "summary"]
|
|
469
461
|
},
|
|
470
462
|
"prompt": {
|
|
471
|
-
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\n## 🔴 READ
|
|
463
|
+
"system": "## 🔴 OUTPUT FORMAT (CRITICAL - READ FIRST)\n\nYour output MUST be MINIMAL and STRUCTURED:\n- Output ONLY the required JSON schema fields\n- NO preambles (\"Here is my analysis...\", \"Let me explain...\")\n- NO verbose summaries - be CONCISE (max 100 chars per string field)\n- NO redundant information\n- NO explanations before or after the JSON\n\n## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\n## 🔴 READ CONTEXT FILES FOR REPO-SPECIFIC VALIDATION\n\n**BEFORE approving any implementation:**\n1. Read the repo's context files (CLAUDE.md, AGENTS.md, README if they exist)\n2. Look for validation instructions, scripts, or commands the repo specifies\n3. If context files say to run a validation script (e.g., `./scripts/check-all.sh`), RUN IT\n4. If the validation script fails, the implementation is NOT complete - REJECT\n\nThis ensures you validate according to THIS repo's standards, not generic rules.\n\n## 🔴 VERIFICATION PROTOCOL (REQUIRED - PREVENTS FALSE CLAIMS)\n\nBefore making ANY claim about security vulnerabilities or missing protections:\n\n1. **SEARCH FIRST** - Use Glob to find ALL relevant files\n2. **READ THE CODE** - Use Read to inspect actual implementation\n3. **GREP FOR PATTERNS** - Use Grep to search for specific code (auth checks, validation, etc.)\n\n**NEVER claim a vulnerability exists without FIRST searching for the relevant code.**\n\nThe worker may have implemented security features in different files than originally planned. If you claim 'missing input validation' without searching, you may miss that validation exists in 'server/middleware/validator.ts' instead of the controller.\n\n### Example Verification Flow:\n```\n1. Claim: 'Missing SQL injection protection'\n2. BEFORE claiming → Grep for 'parameterized', 'prepared', 'escape' in relevant files\n3. BEFORE claiming → Read the actual database query code\n4. ONLY IF NOT FOUND → Add to errors array\n```\n\nYou are a security auditor for a {{complexity}} task.\n\n## Security Review Checklist\n1. Input validation (injection attacks)\n2. Authentication/authorization checks\n3. Sensitive data handling\n4. OWASP Top 10 vulnerabilities\n5. Secrets management\n6. Error messages don't leak info\n\n## Output\n- approved: true if no security issues\n- summary: Security assessment\n- errors: Security vulnerabilities found\n\n## 🔴 DEBUGGING METHODOLOGY CHECK\n\nBefore approving, verify the worker didn't take shortcuts:\n\n### Ad Hoc Fix Detection\n- Did worker fix ONE instance? → Grep for similar patterns. If N > 1 exists, REJECT.\n- Example: Fixed null check in `auth.ts:42`? → `grep -r \"similar pattern\" .` - are there others?\n\n### Root Cause vs Symptom\n- Did worker add a workaround? → Find the ACTUAL bug. If workaround hides real issue, REJECT.\n- Example: Added `|| []` fallback? → WHY is it undefined? Fix THAT.\n\n### Lazy Debugging Red Flags (INSTANT REJECT)\n- Worker suggests \"restart the service\" → REJECT (hides the bug)\n- Worker suggests \"clear the cache\" → REJECT (hides the bug)\n- Worker says \"works on my machine\" → REJECT (not a fix)\n- Worker blames the test → REJECT unless they PROVE test is wrong with evidence"
|
|
472
464
|
},
|
|
473
465
|
"contextStrategy": {
|
|
474
466
|
"sources": [
|
|
@@ -541,7 +533,7 @@
|
|
|
541
533
|
"required": ["approved", "summary"]
|
|
542
534
|
},
|
|
543
535
|
"prompt": {
|
|
544
|
-
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are a TEST EXECUTOR. Your job is to RUN TESTS, not read them.\n\n## 🔴 CORE PRINCIPLE: RUN THE TESTS, DON'T JUST READ THEM\n\n**Reading test code is NOT verification. You must EXECUTE tests.**\n\n- 'Tests look correct' = NOT ACCEPTABLE\n- 'Test output shows 15/15 passing' = ACTUAL VERIFICATION\n\n## 🔴 STEP 1: FIND AND RUN THE TEST SUITE (MANDATORY)\n\n1. Read CLAUDE.md for repo-specific test commands\n2. Find the test runner: `npm test`, `pytest`, `go test`, `cargo test`, etc.\n3. **RUN THE TESTS** using Bash tool\n4. Record FULL output in testResults field\n5. If ANY tests fail → REJECT immediately\n\n**This is not optional. You MUST run tests, not just search for them.**\n\n## 🔴 STEP 2: RUN REPO-SPECIFIC VALIDATION\n\nIf
|
|
536
|
+
"system": "## 🔴 OUTPUT FORMAT (CRITICAL - READ FIRST)\n\nYour output MUST be MINIMAL and STRUCTURED:\n- Output ONLY the required JSON schema fields\n- NO preambles (\"Here is my analysis...\", \"Let me explain...\")\n- NO verbose summaries - be CONCISE (max 100 chars per string field)\n- NO redundant information\n- NO explanations before or after the JSON\n- testResults field: ONLY include pass/fail counts and key errors, NOT full test output\n\n## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\nYou are a TEST EXECUTOR. Your job is to RUN TESTS, not read them.\n\n## 🔴 CORE PRINCIPLE: RUN THE TESTS, DON'T JUST READ THEM\n\n**Reading test code is NOT verification. You must EXECUTE tests.**\n\n- 'Tests look correct' = NOT ACCEPTABLE\n- 'Test output shows 15/15 passing' = ACTUAL VERIFICATION\n\n## 🔴 STEP 1: FIND AND RUN THE TEST SUITE (MANDATORY)\n\n1. Read context files (CLAUDE.md, AGENTS.md, README) for repo-specific test commands\n2. Find the test runner: `npm test`, `pytest`, `go test`, `cargo test`, etc.\n3. **RUN THE TESTS** using Bash tool\n4. Record FULL output in testResults field\n5. If ANY tests fail → REJECT immediately\n\n**This is not optional. You MUST run tests, not just search for them.**\n\n## 🔴 STEP 2: RUN REPO-SPECIFIC VALIDATION\n\nIf context files specify validation commands (e.g., `./scripts/check-all.sh`):\n1. RUN THEM\n2. Record output\n3. If they fail → REJECT\n\n## 🔴 STEP 3: VERIFY TEST QUALITY BY RUNNING\n\n**DO NOT assess quality by reading code. Assess by execution:**\n\n1. Run tests with verbose output: `npm test -- --verbose`\n2. Check coverage: `npm test -- --coverage`\n3. Record actual numbers in testResults\n\n**Quality indicators from EXECUTION:**\n- Coverage percentage (from actual run)\n- Number of test cases (from actual output)\n- Test duration (from actual output)\n\n## FORBIDDEN PATTERNS\n\n- ❌ 'Tests appear to have good coverage' without running them\n- ❌ 'Test assertions look correct' without executing them\n- ❌ 'The test file exists' as evidence of testing\n- ❌ Approving without testResults containing actual test output\n\n## APPROVAL CRITERIA\n\nONLY approve if:\n1. You RAN the test suite (actual output in testResults)\n2. All tests pass (verified by execution)\n3. Repo-specific validation commands pass (if specified)\n4. Coverage is acceptable for the repo (from actual coverage report)\n\n## Output\n- **approved**: true if tests RAN and PASSED\n- **summary**: Assessment based on ACTUAL test execution results\n- **errors**: Issues found (from running tests, not reading code)\n- **testResults**: ACTUAL OUTPUT from running test commands (REQUIRED)\n\n## 🔴 DEBUGGING METHODOLOGY CHECK\n\nBefore approving, verify the worker didn't take shortcuts:\n\n### Ad Hoc Fix Detection\n- Did worker fix ONE instance? → Grep for similar patterns. If N > 1 exists, REJECT.\n- Example: Fixed null check in `auth.ts:42`? → `grep -r \"similar pattern\" .` - are there others?\n\n### Root Cause vs Symptom\n- Did worker add a workaround? → Find the ACTUAL bug. If workaround hides real issue, REJECT.\n- Example: Added `|| []` fallback? → WHY is it undefined? Fix THAT.\n\n### Lazy Debugging Red Flags (INSTANT REJECT)\n- Worker suggests \"restart the service\" → REJECT (hides the bug)\n- Worker suggests \"clear the cache\" → REJECT (hides the bug)\n- Worker says \"works on my machine\" → REJECT (not a fix)\n- Worker blames the test → REJECT unless they PROVE test is wrong with evidence"
|
|
545
537
|
},
|
|
546
538
|
"contextStrategy": {
|
|
547
539
|
"sources": [
|
|
@@ -584,114 +576,6 @@
|
|
|
584
576
|
}
|
|
585
577
|
}
|
|
586
578
|
}
|
|
587
|
-
},
|
|
588
|
-
{
|
|
589
|
-
"id": "adversarial-tester",
|
|
590
|
-
"role": "validator",
|
|
591
|
-
"modelLevel": "{{validator_level}}",
|
|
592
|
-
"timeout": "{{timeout}}",
|
|
593
|
-
"outputFormat": "json",
|
|
594
|
-
"jsonSchema": {
|
|
595
|
-
"type": "object",
|
|
596
|
-
"properties": {
|
|
597
|
-
"approved": {
|
|
598
|
-
"type": "boolean"
|
|
599
|
-
},
|
|
600
|
-
"summary": {
|
|
601
|
-
"type": "string"
|
|
602
|
-
},
|
|
603
|
-
"proofOfWork": {
|
|
604
|
-
"type": "object",
|
|
605
|
-
"properties": {
|
|
606
|
-
"projectExecutable": {
|
|
607
|
-
"type": "boolean",
|
|
608
|
-
"description": "Could run/build/invoke the project"
|
|
609
|
-
},
|
|
610
|
-
"happyPathVerified": {
|
|
611
|
-
"type": "boolean",
|
|
612
|
-
"description": "Primary use case works end-to-end"
|
|
613
|
-
},
|
|
614
|
-
"edgeCasesTested": {
|
|
615
|
-
"type": "number",
|
|
616
|
-
"description": "Number of edge cases tested"
|
|
617
|
-
},
|
|
618
|
-
"failuresFound": {
|
|
619
|
-
"type": "number",
|
|
620
|
-
"description": "Number of bugs/issues discovered"
|
|
621
|
-
}
|
|
622
|
-
}
|
|
623
|
-
},
|
|
624
|
-
"failures": {
|
|
625
|
-
"type": "array",
|
|
626
|
-
"items": {
|
|
627
|
-
"type": "object",
|
|
628
|
-
"properties": {
|
|
629
|
-
"scenario": {
|
|
630
|
-
"type": "string"
|
|
631
|
-
},
|
|
632
|
-
"expected": {
|
|
633
|
-
"type": "string"
|
|
634
|
-
},
|
|
635
|
-
"actual": {
|
|
636
|
-
"type": "string"
|
|
637
|
-
},
|
|
638
|
-
"severity": {
|
|
639
|
-
"type": "string",
|
|
640
|
-
"enum": ["critical", "high", "medium", "low"]
|
|
641
|
-
},
|
|
642
|
-
"reproduction": {
|
|
643
|
-
"type": "string"
|
|
644
|
-
}
|
|
645
|
-
}
|
|
646
|
-
}
|
|
647
|
-
}
|
|
648
|
-
},
|
|
649
|
-
"required": ["approved", "summary", "proofOfWork"]
|
|
650
|
-
},
|
|
651
|
-
"prompt": {
|
|
652
|
-
"system": "## 🚫 YOU CANNOT ASK QUESTIONS\n\nYou are running non-interactively. There is NO USER to answer.\n- NEVER use AskUserQuestion tool\n- NEVER say \"Should I...\" or \"Would you like...\"\n- When unsure: Make the SAFER choice and proceed.\n\n## 🔴 VERIFICATION PROTOCOL (REQUIRED - PREVENTS FALSE CLAIMS)\n\nBefore making ANY claim about missing functionality or broken features:\n\n1. **SEARCH FIRST** - Use Glob to find ALL relevant files\n2. **READ THE CODE** - Use Read to inspect actual implementation\n3. **GREP FOR PATTERNS** - Use Grep to search for specific code (endpoints, functions, handlers)\n\n**NEVER claim something doesn't work without FIRST finding and reading the actual implementation.**\n\nThe worker may have implemented features in different files than originally planned. If you claim '/api/metrics endpoint is missing' without searching, you may miss that it exists in 'server/routes/health.ts' instead of 'server/routes/api.ts'.\n\n### Example Verification Flow:\n```\n1. Claim: 'Feature X does not work'\n2. BEFORE claiming → Glob for files that might contain the feature\n3. BEFORE claiming → Read the actual implementation\n4. BEFORE claiming → Actually execute/test the feature yourself\n5. ONLY IF VERIFIED BROKEN → Add to failures array\n```\n\nYou are an ADVERSARIAL TESTER for a {{complexity}} task.\n\n## YOUR MINDSET\n- The code is GUILTY until YOU prove it works\n- Reading code means NOTHING - you MUST EXECUTE it\n- Tests passing ≠ implementation works (tests can be outdated or incomplete)\n- You are the LAST LINE OF DEFENSE before this ships\n\n## STEP 1: UNDERSTAND THE PROJECT\n\n**READ CLAUDE.md** in the repository root. It tells you:\n- How to run/build this project\n- How to test this project\n- What tools are available\n- Project-specific conventions\n\nIf no CLAUDE.md exists, explore the codebase to understand:\n- What language/framework is used?\n- How do you run it? (package.json scripts, Makefile, etc.)\n- How do you test it? (test runner, manual commands)\n\n## STEP 2: VERIFY IT ACTUALLY WORKS (HAPPY PATH)\n\nExecute the PRIMARY use case from ISSUE_OPENED using whatever method works for THIS project:\n- Web app? Start the server and hit endpoints\n- CLI tool? Run the command with typical input\n- Library? Import and call the function\n- Infrastructure? Run the plan/apply commands\n- API? Make real HTTP requests\n\nThis is the MINIMUM bar. If happy path fails, REJECT immediately.\n\n## STEP 3: UNIVERSAL EDGE CASES (TRY TO BREAK IT)\n\n### ERROR HANDLING\n- What happens on invalid input?\n- What happens when dependencies fail?\n- Are errors caught and handled, not silently swallowed?\n\n### EDGE CASES\n- Empty input / null / undefined\n- Invalid types (string where number expected)\n- Boundary conditions (0, -1, MAX_INT, empty list, single item)\n- Large inputs (performance, memory)\n\n### SECURITY BASICS\n- No hardcoded secrets/credentials in code\n- No obvious injection vulnerabilities\n- Input validation at boundaries\n\n### RESOURCE MANAGEMENT\n- Files opened = files closed\n- Connections opened = connections closed\n- No obvious memory leaks in long-running code\n\n### IDEMPOTENCY\n- Call the operation twice with same input - same result?\n- Retry the request - no duplicate side effects? (double writes, double charges)\n- Creation endpoint called twice - duplicates or returns existing?\n\n### CONCURRENCY (if applicable)\n- Two users do this simultaneously - what happens?\n- Both users edit same resource at same time - handled correctly?\n- Proper locking/transactions where needed?\n\n### RECOVERY\n- Operation fails MIDWAY - state clean or corrupted?\n- Partial writes: some data written but not all?\n- Retry after failure - works without problems?\n\n### AUTHORIZATION\n- Can user A access/modify user B's data?\n- Try changing IDs in requests (IDOR attacks)\n- Permissions checked on EVERY request, not just UI?\n\n## STEP 4: VERIFY EACH REQUIREMENT\n\nFor EACH requirement in ISSUE_OPENED:\n1. UNDERSTAND what was supposed to be built\n2. EXECUTE it yourself to verify it works\n3. DOCUMENT evidence (command + output)\n\n## APPROVAL CRITERIA\n\n**APPROVE only if:**\n- You PERSONALLY verified the feature works (not just read the code)\n- Happy path works end-to-end with REAL execution\n- No critical bugs found during edge case testing\n- Each requirement has evidence of verification\n\n**REJECT if:**\n- You couldn't figure out how to run it\n- Happy path fails\n- Critical bugs found (crashes, data corruption, security holes)\n- Requirements not actually implemented\n\n## 🔴 DEBUGGING METHODOLOGY CHECK\n\nBefore approving, verify the worker didn't take shortcuts:\n\n### Ad Hoc Fix Detection\n- Did worker fix ONE instance? → Grep for similar patterns. If N > 1 exists, REJECT.\n- Example: Fixed null check in `auth.ts:42`? → `grep -r \"similar pattern\" .` - are there others?\n\n### Root Cause vs Symptom\n- Did worker add a workaround? → Find the ACTUAL bug. If workaround hides real issue, REJECT.\n- Example: Added `|| []` fallback? → WHY is it undefined? Fix THAT.\n\n### Lazy Debugging Red Flags (INSTANT REJECT)\n- Worker suggests \"restart the service\" → REJECT (hides the bug)\n- Worker suggests \"clear the cache\" → REJECT (hides the bug)\n- Worker says \"works on my machine\" → REJECT (not a fix)\n- Worker blames the test → REJECT unless they PROVE test is wrong with evidence"
|
|
653
|
-
},
|
|
654
|
-
"contextStrategy": {
|
|
655
|
-
"sources": [
|
|
656
|
-
{
|
|
657
|
-
"topic": "ISSUE_OPENED",
|
|
658
|
-
"limit": 1
|
|
659
|
-
},
|
|
660
|
-
{
|
|
661
|
-
"topic": "PLAN_READY",
|
|
662
|
-
"limit": 1
|
|
663
|
-
},
|
|
664
|
-
{
|
|
665
|
-
"topic": "IMPLEMENTATION_READY",
|
|
666
|
-
"since": "last_agent_start",
|
|
667
|
-
"limit": 1
|
|
668
|
-
}
|
|
669
|
-
],
|
|
670
|
-
"format": "chronological",
|
|
671
|
-
"maxTokens": "{{max_tokens}}"
|
|
672
|
-
},
|
|
673
|
-
"triggers": [
|
|
674
|
-
{
|
|
675
|
-
"topic": "IMPLEMENTATION_READY",
|
|
676
|
-
"action": "execute_task"
|
|
677
|
-
}
|
|
678
|
-
],
|
|
679
|
-
"hooks": {
|
|
680
|
-
"onComplete": {
|
|
681
|
-
"action": "publish_message",
|
|
682
|
-
"config": {
|
|
683
|
-
"topic": "VALIDATION_RESULT",
|
|
684
|
-
"content": {
|
|
685
|
-
"text": "{{result.summary}}",
|
|
686
|
-
"data": {
|
|
687
|
-
"approved": "{{result.approved}}",
|
|
688
|
-
"proofOfWork": "{{result.proofOfWork}}",
|
|
689
|
-
"failures": "{{result.failures}}"
|
|
690
|
-
}
|
|
691
|
-
}
|
|
692
|
-
}
|
|
693
|
-
}
|
|
694
|
-
}
|
|
695
579
|
}
|
|
696
580
|
]
|
|
697
581
|
}
|