@deftai/directive-content 0.55.1 → 0.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/.githooks/pre-commit +143 -0
  2. package/.githooks/pre-push +121 -0
  3. package/QUICK-START.md +13 -3
  4. package/Taskfile.yml +934 -0
  5. package/UPGRADING.md +82 -11
  6. package/events/README.md +3 -3
  7. package/package.json +5 -4
  8. package/packs/skills/skills-pack-0.1.json +22 -22
  9. package/scripts/_agents_md.py +494 -0
  10. package/scripts/_cache_fetch.py +635 -0
  11. package/scripts/_cache_quota.py +529 -0
  12. package/scripts/_cache_refresh.py +163 -0
  13. package/scripts/_cache_validate.py +209 -0
  14. package/scripts/_content_root.py +42 -0
  15. package/scripts/_doctor_state.py +277 -0
  16. package/scripts/_event_detect.py +305 -0
  17. package/scripts/_events.py +514 -0
  18. package/scripts/_lifecycle_hygiene.py +568 -0
  19. package/scripts/_pathspec.py +91 -0
  20. package/scripts/_policy_show_cli.py +266 -0
  21. package/scripts/_precutover.py +92 -0
  22. package/scripts/_project_context.py +224 -0
  23. package/scripts/_project_definition_io.py +164 -0
  24. package/scripts/_relocate_snapshot.py +209 -0
  25. package/scripts/_relocate_states.py +343 -0
  26. package/scripts/_resolve_preflight_path.py +152 -0
  27. package/scripts/_safe_subprocess.py +167 -0
  28. package/scripts/_session_start_hook.py +205 -0
  29. package/scripts/_sor_gate_diff.py +365 -0
  30. package/scripts/_stdio_utf8.py +59 -0
  31. package/scripts/_triage_bootstrap_gitignore.py +904 -0
  32. package/scripts/_triage_classify_cli.py +122 -0
  33. package/scripts/_triage_queue_cli.py +625 -0
  34. package/scripts/_triage_scope_cli.py +343 -0
  35. package/scripts/_triage_scope_drift_cli.py +121 -0
  36. package/scripts/_triage_scope_ignores.py +286 -0
  37. package/scripts/_triage_scope_milestone.py +432 -0
  38. package/scripts/_triage_scope_mutations.py +337 -0
  39. package/scripts/_triage_scope_renderers.py +207 -0
  40. package/scripts/_triage_smoketest_stages.py +674 -0
  41. package/scripts/_triage_subscribe_cli.py +140 -0
  42. package/scripts/_triage_welcome_cli.py +421 -0
  43. package/scripts/_vbrief_build.py +239 -0
  44. package/scripts/_vbrief_fidelity.py +479 -0
  45. package/scripts/_vbrief_legacy.py +589 -0
  46. package/scripts/_vbrief_reconciliation.py +883 -0
  47. package/scripts/_vbrief_routing.py +277 -0
  48. package/scripts/_vbrief_safety.py +778 -0
  49. package/scripts/_vbrief_sources.py +312 -0
  50. package/scripts/_vbrief_speckit.py +262 -0
  51. package/scripts/_vbrief_story_quality.py +353 -0
  52. package/scripts/_vbrief_validation.py +299 -0
  53. package/scripts/build_dist.py +412 -0
  54. package/scripts/cache.py +1078 -0
  55. package/scripts/cache_scanner.py +745 -0
  56. package/scripts/candidates_log.py +432 -0
  57. package/scripts/capacity_backfill.py +680 -0
  58. package/scripts/capacity_show.py +653 -0
  59. package/scripts/ci_local.py +689 -0
  60. package/scripts/code_structure_validate.py +765 -0
  61. package/scripts/codebase_default_extractor.py +495 -0
  62. package/scripts/codebase_map.py +304 -0
  63. package/scripts/codebase_map_fresh.py +104 -0
  64. package/scripts/codebase_projection_registry.py +94 -0
  65. package/scripts/codebase_provider.py +582 -0
  66. package/scripts/doctor.py +2257 -0
  67. package/scripts/framework_commands.py +505 -0
  68. package/scripts/gh_rest.py +882 -0
  69. package/scripts/github_auth_modes.py +437 -0
  70. package/scripts/github_body.py +292 -0
  71. package/scripts/ip_risk.py +531 -0
  72. package/scripts/issue_emit.py +670 -0
  73. package/scripts/issue_ingest.py +1064 -0
  74. package/scripts/migrate_preflight.py +418 -0
  75. package/scripts/migrate_vbrief.py +2677 -0
  76. package/scripts/monitor_pr.py +401 -0
  77. package/scripts/pack_migrate_lessons.py +336 -0
  78. package/scripts/pack_migrate_patterns.py +254 -0
  79. package/scripts/pack_migrate_rules.py +350 -0
  80. package/scripts/pack_migrate_skills.py +423 -0
  81. package/scripts/pack_migrate_strategies.py +311 -0
  82. package/scripts/pack_migrate_swarm_spec.py +250 -0
  83. package/scripts/pack_render.py +434 -0
  84. package/scripts/packs_slice.py +712 -0
  85. package/scripts/platform_capabilities.py +336 -0
  86. package/scripts/policy.py +2826 -0
  87. package/scripts/policy_set.py +324 -0
  88. package/scripts/pr_check_closing_keywords.py +524 -0
  89. package/scripts/pr_check_protected_issues.py +267 -0
  90. package/scripts/pr_merge_readiness.py +1004 -0
  91. package/scripts/pr_wait_mergeable.py +669 -0
  92. package/scripts/prd_render.py +159 -0
  93. package/scripts/preflight_architecture_sor.py +974 -0
  94. package/scripts/preflight_branch.py +289 -0
  95. package/scripts/preflight_cache.py +974 -0
  96. package/scripts/preflight_gh.py +721 -0
  97. package/scripts/preflight_implementation.py +272 -0
  98. package/scripts/preflight_story_start.py +838 -0
  99. package/scripts/preflight_wip_cap.py +149 -0
  100. package/scripts/probe_session.py +545 -0
  101. package/scripts/project_render.py +293 -0
  102. package/scripts/quarantine_ext.py +237 -0
  103. package/scripts/reconcile_issues.py +1442 -0
  104. package/scripts/refresh-path.ps1 +107 -0
  105. package/scripts/release.py +2030 -0
  106. package/scripts/release_e2e.py +1011 -0
  107. package/scripts/release_publish.py +486 -0
  108. package/scripts/release_rollback.py +980 -0
  109. package/scripts/relocate.py +1034 -0
  110. package/scripts/resolve_changelog_unreleased.py +667 -0
  111. package/scripts/resolve_version.py +490 -0
  112. package/scripts/resume_conditions.py +706 -0
  113. package/scripts/ritual_sentinel.py +609 -0
  114. package/scripts/roadmap_render.py +635 -0
  115. package/scripts/rule_ownership_lint.py +325 -0
  116. package/scripts/scm.py +591 -0
  117. package/scripts/scope_audit_log.py +387 -0
  118. package/scripts/scope_decompose.py +654 -0
  119. package/scripts/scope_demote.py +509 -0
  120. package/scripts/scope_lifecycle.py +1126 -0
  121. package/scripts/scope_undo.py +772 -0
  122. package/scripts/session_start.py +406 -0
  123. package/scripts/setup_ghx.py +339 -0
  124. package/scripts/setup_windows.ps1 +220 -0
  125. package/scripts/slice_audit.py +585 -0
  126. package/scripts/slice_record.py +530 -0
  127. package/scripts/slice_record_existing.py +692 -0
  128. package/scripts/slug_normalize.py +178 -0
  129. package/scripts/spec_render.py +477 -0
  130. package/scripts/spec_validate.py +238 -0
  131. package/scripts/subagent_monitor.py +658 -0
  132. package/scripts/swarm_complete_cohort.py +644 -0
  133. package/scripts/swarm_launch.py +1206 -0
  134. package/scripts/swarm_readiness.py +554 -0
  135. package/scripts/swarm_verify_review_clean.py +438 -0
  136. package/scripts/swarm_worktrees.py +497 -0
  137. package/scripts/toolchain-check.py +52 -0
  138. package/scripts/triage_actions.py +871 -0
  139. package/scripts/triage_bootstrap.py +1153 -0
  140. package/scripts/triage_bulk.py +630 -0
  141. package/scripts/triage_classify.py +932 -0
  142. package/scripts/triage_help.py +1685 -0
  143. package/scripts/triage_queue.py +1944 -0
  144. package/scripts/triage_reconcile.py +581 -0
  145. package/scripts/triage_refresh.py +643 -0
  146. package/scripts/triage_scope.py +999 -0
  147. package/scripts/triage_scope_drift.py +575 -0
  148. package/scripts/triage_smoketest.py +396 -0
  149. package/scripts/triage_subscribe.py +399 -0
  150. package/scripts/triage_summary.py +1011 -0
  151. package/scripts/triage_welcome.py +1178 -0
  152. package/scripts/ts_check_lane.py +86 -0
  153. package/scripts/validate-links.py +64 -0
  154. package/scripts/validate_strategy_output.py +212 -0
  155. package/scripts/vbrief_activate.py +228 -0
  156. package/scripts/vbrief_migrate_conformance.py +368 -0
  157. package/scripts/vbrief_reconcile_graph.py +306 -0
  158. package/scripts/vbrief_reconcile_labels.py +460 -0
  159. package/scripts/vbrief_reconcile_umbrellas.py +741 -0
  160. package/scripts/vbrief_validate.py +1195 -0
  161. package/scripts/verify-stubs.py +61 -0
  162. package/scripts/verify_capacity.py +160 -0
  163. package/scripts/verify_encoding.py +699 -0
  164. package/scripts/verify_hooks_installed.py +206 -0
  165. package/scripts/verify_investigation.py +360 -0
  166. package/scripts/verify_judgment_gates.py +827 -0
  167. package/scripts/verify_no_task_runtime.py +171 -0
  168. package/scripts/verify_scm_boundary.py +509 -0
  169. package/scripts/verify_session_ritual.py +389 -0
  170. package/scripts/verify_tools.py +426 -0
  171. package/scripts/verify_vbrief_conformance.py +478 -0
  172. package/skills/deft-directive-swarm/SKILL.md +7 -26
  173. package/skills/deft-directive-sync/SKILL.md +1 -1
  174. package/tasks/architecture.yml +13 -0
  175. package/tasks/cache.yml +69 -0
  176. package/tasks/capacity.yml +38 -0
  177. package/tasks/change.yml +46 -0
  178. package/tasks/changelog.yml +24 -0
  179. package/tasks/ci.yml +49 -0
  180. package/tasks/codebase.yml +47 -0
  181. package/tasks/commit.yml +30 -0
  182. package/tasks/core.yml +126 -0
  183. package/tasks/deployments.yml +54 -0
  184. package/tasks/framework.yml +74 -0
  185. package/tasks/install.yml +60 -0
  186. package/tasks/issue.yml +50 -0
  187. package/tasks/migrate.yml +73 -0
  188. package/tasks/packs.yml +92 -0
  189. package/tasks/policy.yml +75 -0
  190. package/tasks/pr.yml +89 -0
  191. package/tasks/prd.yml +39 -0
  192. package/tasks/project.yml +27 -0
  193. package/tasks/reconcile.yml +32 -0
  194. package/tasks/relocate.yml +56 -0
  195. package/tasks/roadmap.yml +28 -0
  196. package/tasks/scm.yml +126 -0
  197. package/tasks/scope-undo.yml +36 -0
  198. package/tasks/scope.yml +141 -0
  199. package/tasks/session.yml +19 -0
  200. package/tasks/setup.yml +37 -0
  201. package/tasks/slice.yml +69 -0
  202. package/tasks/spec.yml +41 -0
  203. package/tasks/swarm.yml +85 -0
  204. package/tasks/toolchain.yml +13 -0
  205. package/tasks/triage-actions.yml +94 -0
  206. package/tasks/triage-bootstrap.yml +43 -0
  207. package/tasks/triage-bulk.yml +75 -0
  208. package/tasks/triage-classify.yml +30 -0
  209. package/tasks/triage-queue.yml +50 -0
  210. package/tasks/triage-reconcile.yml +29 -0
  211. package/tasks/triage-scope-drift.yml +29 -0
  212. package/tasks/triage-scope.yml +31 -0
  213. package/tasks/triage-smoketest.yml +33 -0
  214. package/tasks/triage-subscribe.yml +36 -0
  215. package/tasks/triage-summary.yml +29 -0
  216. package/tasks/triage-welcome.yml +32 -0
  217. package/tasks/ts.yml +328 -0
  218. package/tasks/vbrief.yml +206 -0
  219. package/tasks/verify.yml +292 -0
  220. package/templates/agents-entry.md +2 -2
@@ -0,0 +1,478 @@
1
+ #!/usr/bin/env python3
2
+ """verify_vbrief_conformance.py -- deterministic vBRIEF 0.6 conformance gate (#1620).
3
+
4
+ directive is the vBRIEF reference implementation, so its own corpus must stay
5
+ conformant to the standard it anchors: every key at document, plan, and item
6
+ level MUST be either (a) a known 0.6 spec-core field, (b) prefixed
7
+ ``x-directive/`` (a directive extension), or (c) prefixed ``x-vbrief/`` (a
8
+ vBRIEF extension). A bare key outside those three classes masquerades as
9
+ candidate-core and is exactly what produced the statusreport #34 false-RED.
10
+
11
+ This gate fails ``task check`` + the pre-commit hook when any tracked
12
+ ``vbrief/**/*.vbrief.json`` carries such a bare key. It mirrors the structure
13
+ and UX of ``scripts/verify_encoding.py`` (#798): three-state exit, ``--all`` /
14
+ ``--staged`` modes, and an ``--allow-list <path>`` file-glob override.
15
+
16
+ Core key sets
17
+ -------------
18
+ Built from the canonical vBRIEF 0.6 spec (``deftai/vBRIEF``
19
+ ``docs/vbrief-spec-0.6.md`` + ``libvbrief/models.py``) and the in-repo mirror
20
+ ``vbrief/schemas/vbrief-core.schema.json``. ``metadata`` is an arbitrary bag
21
+ per 0.6 (Design Goal #5) so the gate does NOT descend into it; likewise it does
22
+ not descend into ``vBRIEFInfo`` or narrative bodies -- only structural keys at
23
+ the document, plan, and item levels are checked.
24
+
25
+ Temporary Category B allow-list
26
+ -------------------------------
27
+ ``plan.policy`` and ``plan.completedNote`` are genuine directive extensions
28
+ that SHOULD live under ``x-directive/`` but cannot be moved until upstream
29
+ vBRIEF #12 ratifies the ``x-<consumer>/`` namespace with round-trip
30
+ preservation. They are carved out via :data:`ALLOW_LIST` (a KEY allow-set,
31
+ distinct from the ``--allow-list`` file-glob override) and tracked by the
32
+ Category B follow-up issue cited below.
33
+
34
+ Plan-level ``planRef`` is handled specially (value-aware, see
35
+ :func:`_plan_planref_finding`): a PATH-style value is the load-bearing D4
36
+ epic<->story child->parent linkage and is allowed as a TEMPORARY carve-out
37
+ (its references[]-reconciliation + D4 rework is deferred to the same Category B
38
+ follow-up); a ``#``-prefixed value is the misused issue-pointer pattern behind
39
+ the statusreport #34 false-RED and IS flagged.
40
+
41
+ Exit codes (three-state, mirrors ``scripts/verify_encoding.py``)
42
+ ----------------------------------------------------------------
43
+ - ``0`` -- clean: no bare keys detected.
44
+ - ``1`` -- violations: prints per-hit ``path [level] key`` diagnostics.
45
+ - ``2`` -- config error: no ``vbrief/`` directory, ``--allow-list`` path
46
+ unreadable, ``--staged`` outside a git repo, or unrecognised CLI shape.
47
+ """
48
+
49
+ from __future__ import annotations
50
+
51
+ import argparse
52
+ import fnmatch
53
+ import json
54
+ import sys
55
+ from collections.abc import Iterable
56
+ from pathlib import Path
57
+
58
+ # Route subprocess capture through the #1366 UTF-8-safe helper. The script
59
+ # lives in scripts/ alongside _safe_subprocess.py; add that dir to sys.path so
60
+ # the import resolves whether the module is run directly or loaded via
61
+ # importlib.spec_from_file_location in tests.
62
+ sys.path.insert(0, str(Path(__file__).resolve().parent))
63
+ from _safe_subprocess import run_text # noqa: E402
64
+
65
+ #: Document-level (root) spec-core keys.
66
+ DOC_CORE: frozenset[str] = frozenset({"vBRIEFInfo", "plan"})
67
+
68
+ #: Plan-level spec-core keys (0.6). ``policy`` is DELIBERATELY EXCLUDED -- it is
69
+ #: a Category B directive extension carved out via :data:`ALLOW_LIST` so the
70
+ #: future ``plan.policy`` -> ``x-directive/policy`` migration stays enforceable
71
+ #: once the allow-list is removed.
72
+ PLAN_CORE: frozenset[str] = frozenset(
73
+ {
74
+ "id",
75
+ "uid",
76
+ "title",
77
+ "status",
78
+ "items",
79
+ "narratives",
80
+ "architecture",
81
+ "edges",
82
+ "tags",
83
+ "metadata",
84
+ "created",
85
+ "updated",
86
+ "author",
87
+ "reviewers",
88
+ "uris",
89
+ "references",
90
+ "timezone",
91
+ "agent",
92
+ "lastModifiedBy",
93
+ "changeLog",
94
+ "sequence",
95
+ "fork",
96
+ }
97
+ )
98
+
99
+ #: Item-level (PlanItem) spec-core keys (0.6). ``planRef`` IS core here (it is a
100
+ #: legitimate item field for referencing plans); only the plan-LEVEL ``planRef``
101
+ #: misuse is non-conformant.
102
+ ITEM_CORE: frozenset[str] = frozenset(
103
+ {
104
+ "id",
105
+ "uid",
106
+ "title",
107
+ "status",
108
+ "narrative",
109
+ "subItems",
110
+ "planRef",
111
+ "tags",
112
+ "metadata",
113
+ "created",
114
+ "updated",
115
+ "completed",
116
+ "priority",
117
+ "dueDate",
118
+ "startDate",
119
+ "endDate",
120
+ "percentComplete",
121
+ "participants",
122
+ "location",
123
+ "uris",
124
+ "recurrence",
125
+ "reminders",
126
+ "classification",
127
+ "relatedComments",
128
+ "timezone",
129
+ "sequence",
130
+ "lastModifiedBy",
131
+ "lockedBy",
132
+ "items",
133
+ }
134
+ )
135
+
136
+ #: Accepted extension-namespace prefixes. A key carrying either prefix is
137
+ #: conformant at any level (it is an explicitly-namespaced extension, not a
138
+ #: bare candidate-core key).
139
+ EXTENSION_PREFIXES: tuple[str, ...] = ("x-directive/", "x-vbrief/")
140
+
141
+ #: TEMPORARY Category B carve-outs (KEY allow-set, ``"<level>.<key>"`` form).
142
+ #: These are genuine directive extensions awaiting the ``x-<consumer>/``
143
+ #: namespace ratified by upstream vBRIEF #12; the migration that moves them to
144
+ #: ``x-directive/*`` and REMOVES this allow-list is tracked by directive #1650
145
+ #: (Category B follow-up to #1620).
146
+ ALLOW_LIST: frozenset[str] = frozenset({"plan.policy", "plan.completedNote"})
147
+
148
+
149
+ class Finding:
150
+ """One bare-key conformance violation record."""
151
+
152
+ __slots__ = ("path", "level", "key", "location")
153
+
154
+ def __init__(self, path: str, level: str, key: str, location: str) -> None:
155
+ self.path = path
156
+ self.level = level
157
+ self.key = key
158
+ self.location = location
159
+
160
+ def render(self) -> str:
161
+ return f" {self.path} [{self.level}] bare key {self.key!r} at {self.location}"
162
+
163
+
164
+ def _is_conformant(level: str, key: str, core: frozenset[str]) -> bool:
165
+ """Return True when ``key`` is core, namespaced, or allow-listed at level."""
166
+ if key in core:
167
+ return True
168
+ if key.startswith(EXTENSION_PREFIXES):
169
+ return True
170
+ return f"{level}.{key}" in ALLOW_LIST
171
+
172
+
173
+ def _plan_planref_finding(rel_path: str, value: object) -> Finding | None:
174
+ """Value-aware check for the plan-LEVEL ``planRef`` key.
175
+
176
+ Plan-level ``planRef`` is NOT 0.6 spec-core (``planRef`` is core only at the
177
+ item level). directive carries two distinct shapes here:
178
+
179
+ - A PATH-style value (``"completed/...vbrief.json"``) is the epic<->story
180
+ child->parent linkage that ``scripts/vbrief_validate.py`` D4 validates
181
+ bidirectionally. It is load-bearing and cannot move to ``references[]``
182
+ without reworking D4, so it is a TEMPORARY carve-out tracked by the
183
+ Category B follow-up (#1650) -- allowed (not flagged) here.
184
+ - A ``#``-prefixed value (``"#1348"`` issue ref, or a stale ``#slug``) is
185
+ the misused-as-issue-pointer pattern that produced the statusreport #34
186
+ false-RED. It is FLAGGED so ``scripts/vbrief_migrate_conformance.py``
187
+ (which routes it to ``references[]`` or deletes the junk) stays enforced.
188
+ """
189
+ if isinstance(value, str) and value.strip().startswith("#"):
190
+ return Finding(
191
+ rel_path, "plan", "planRef", "plan (issue-style -- migrate to references[])"
192
+ )
193
+ return None
194
+
195
+
196
+ def _scan_item(rel_path: str, item: dict, location: str) -> list[Finding]:
197
+ """Scan one PlanItem dict (and its nested items / subItems) for bare keys."""
198
+ findings: list[Finding] = []
199
+ for key in item:
200
+ if not _is_conformant("item", key, ITEM_CORE):
201
+ findings.append(Finding(rel_path, "item", key, location))
202
+ for nested_key in ("items", "subItems"):
203
+ nested = item.get(nested_key)
204
+ if isinstance(nested, list):
205
+ for index, child in enumerate(nested):
206
+ if isinstance(child, dict):
207
+ findings.extend(
208
+ _scan_item(
209
+ rel_path, child, f"{location}.{nested_key}[{index}]"
210
+ )
211
+ )
212
+ return findings
213
+
214
+
215
+ def scan_vbrief(rel_path: str, data: object) -> list[Finding]:
216
+ """Scan a parsed vBRIEF document for bare keys at doc / plan / item level.
217
+
218
+ ``metadata`` (arbitrary bag), ``vBRIEFInfo``, and narrative bodies are NOT
219
+ descended into -- only structural keys at the three checked levels.
220
+ """
221
+ findings: list[Finding] = []
222
+ if not isinstance(data, dict):
223
+ return findings
224
+
225
+ for key in data:
226
+ if not _is_conformant("document", key, DOC_CORE):
227
+ findings.append(Finding(rel_path, "document", key, "<root>"))
228
+
229
+ plan = data.get("plan")
230
+ if not isinstance(plan, dict):
231
+ return findings
232
+
233
+ for key in plan:
234
+ if key == "planRef":
235
+ hit = _plan_planref_finding(rel_path, plan.get("planRef"))
236
+ if hit is not None:
237
+ findings.append(hit)
238
+ continue
239
+ if not _is_conformant("plan", key, PLAN_CORE):
240
+ findings.append(Finding(rel_path, "plan", key, "plan"))
241
+
242
+ items = plan.get("items")
243
+ if isinstance(items, list):
244
+ for index, item in enumerate(items):
245
+ if isinstance(item, dict):
246
+ findings.extend(
247
+ _scan_item(rel_path, item, f"plan.items[{index}]")
248
+ )
249
+ return findings
250
+
251
+
252
+ def _load_allow_list(path: Path | None) -> list[str]:
253
+ """Read newline-separated file-glob patterns; ignore comments / blanks."""
254
+ if path is None:
255
+ return []
256
+ raw = path.read_text(encoding="utf-8", errors="replace")
257
+ out: list[str] = []
258
+ for line in raw.splitlines():
259
+ stripped = line.strip()
260
+ if not stripped or stripped.startswith("#"):
261
+ continue
262
+ out.append(stripped)
263
+ return out
264
+
265
+
266
+ def _is_allow_listed(rel_path: str, patterns: Iterable[str]) -> bool:
267
+ return any(fnmatch.fnmatchcase(rel_path, pat) for pat in patterns)
268
+
269
+
270
+ def _git_files(project_root: Path, *, staged: bool) -> list[str]:
271
+ """Return tracked (or staged) POSIX-form rel paths via git."""
272
+ if staged:
273
+ cmd = ["git", "diff", "--cached", "--name-only", "--diff-filter=ACMR"]
274
+ else:
275
+ cmd = ["git", "ls-files"]
276
+ proc = run_text(cmd, cwd=str(project_root))
277
+ if proc.returncode != 0:
278
+ raise RuntimeError(
279
+ f"{' '.join(cmd)} failed (rc={proc.returncode}): {proc.stderr.strip()}"
280
+ )
281
+ return [line for line in proc.stdout.splitlines() if line.strip()]
282
+
283
+
284
+ def _is_vbrief_path(posix: str) -> bool:
285
+ """Return True for the project's root ``vbrief/**/*.vbrief.json`` corpus.
286
+
287
+ Anchored at the project-root ``vbrief/`` directory (matching the scan scope
288
+ of ``scripts/vbrief_migrate_conformance.py``) so the gate and the migration
289
+ reason about exactly the same file set. This deliberately excludes
290
+ ``.vbrief.json`` files nested under other directories -- most importantly
291
+ intentionally-stale migration fixtures under ``tests/fixtures/**`` -- which
292
+ are test artifacts, not the canonical corpus.
293
+ """
294
+ return posix.startswith("vbrief/") and posix.endswith(".vbrief.json")
295
+
296
+
297
+ def evaluate(
298
+ project_root: Path,
299
+ *,
300
+ mode: str = "all",
301
+ allow_list_path: Path | None = None,
302
+ ) -> tuple[int, list[Finding], str]:
303
+ """Pure driver returning ``(exit_code, findings, human_message)``."""
304
+ if mode not in {"all", "staged"}:
305
+ return (
306
+ 2,
307
+ [],
308
+ f"\u274c verify_vbrief_conformance: unrecognised mode {mode!r} "
309
+ "(expected 'all' or 'staged').",
310
+ )
311
+
312
+ if not (project_root / "vbrief").is_dir():
313
+ return (
314
+ 2,
315
+ [],
316
+ (
317
+ "\u274c verify_vbrief_conformance: no vbrief/ directory under "
318
+ f"{project_root}.\n"
319
+ " Recovery: run from a project root that contains vbrief/."
320
+ ),
321
+ )
322
+
323
+ try:
324
+ custom_globs = _load_allow_list(allow_list_path)
325
+ except FileNotFoundError as exc:
326
+ return (
327
+ 2,
328
+ [],
329
+ (
330
+ f"\u274c verify_vbrief_conformance: --allow-list file not found: {exc}\n"
331
+ " Recovery: pass an existing path or omit the flag."
332
+ ),
333
+ )
334
+ except OSError as exc:
335
+ return (
336
+ 2,
337
+ [],
338
+ f"\u274c verify_vbrief_conformance: --allow-list unreadable: {exc}",
339
+ )
340
+
341
+ try:
342
+ rel_paths = _git_files(project_root, staged=(mode == "staged"))
343
+ except FileNotFoundError:
344
+ return (
345
+ 2,
346
+ [],
347
+ "\u274c verify_vbrief_conformance: 'git' executable not found on PATH.",
348
+ )
349
+ except RuntimeError as exc:
350
+ return (
351
+ 2,
352
+ [],
353
+ (
354
+ f"\u274c verify_vbrief_conformance: git failed -- {exc}\n"
355
+ " Recovery: ensure --project-root points at a git working tree."
356
+ ),
357
+ )
358
+
359
+ candidates = [
360
+ posix
361
+ for posix in (p.replace("\\", "/") for p in rel_paths)
362
+ if _is_vbrief_path(posix) and not _is_allow_listed(posix, custom_globs)
363
+ ]
364
+
365
+ findings: list[Finding] = []
366
+ for posix in candidates:
367
+ full = project_root / posix
368
+ try:
369
+ text = full.read_text(encoding="utf-8")
370
+ except OSError:
371
+ continue
372
+ try:
373
+ data = json.loads(text)
374
+ except json.JSONDecodeError:
375
+ # Malformed JSON is owned by vbrief:validate / verify:encoding; the
376
+ # conformance gate only reasons about parseable documents.
377
+ continue
378
+ findings.extend(scan_vbrief(posix, data))
379
+
380
+ if findings:
381
+ header = (
382
+ f"\u274c verify_vbrief_conformance: detected {len(findings)} bare "
383
+ f"key(s) across {len({f.path for f in findings})} file(s) (#1620).\n"
384
+ " Every vBRIEF key MUST be 0.6 spec-core, x-directive/-namespaced, "
385
+ "or x-vbrief/-namespaced -- never bare.\n"
386
+ " Fix: migrate misused/misspelled core fields to their core home "
387
+ "(see scripts/vbrief_migrate_conformance.py), or namespace a genuine\n"
388
+ " extension under x-directive/. Allow-list a documented file "
389
+ "exception via --allow-list <path> (newline-separated globs)."
390
+ )
391
+ body = "\n".join(f.render() for f in findings[:50])
392
+ if len(findings) > 50:
393
+ body += f"\n ... and {len(findings) - 50} more"
394
+ return 1, findings, f"{header}\n{body}"
395
+
396
+ msg = (
397
+ f"\u2713 verify_vbrief_conformance: {len(candidates)} vBRIEF file(s) "
398
+ "clean -- no bare keys (#1620)."
399
+ )
400
+ return 0, findings, msg
401
+
402
+
403
+ def _build_parser() -> argparse.ArgumentParser:
404
+ parser = argparse.ArgumentParser(
405
+ prog="verify_vbrief_conformance.py",
406
+ description=(
407
+ "Deterministic vBRIEF 0.6 conformance gate (#1620). Flags any key "
408
+ "at document/plan/item level that is not 0.6 spec-core, "
409
+ "x-directive/-namespaced, or x-vbrief/-namespaced."
410
+ ),
411
+ )
412
+ mode = parser.add_mutually_exclusive_group()
413
+ mode.add_argument(
414
+ "--all",
415
+ dest="mode",
416
+ action="store_const",
417
+ const="all",
418
+ help="Scan all tracked files via 'git ls-files' (default).",
419
+ )
420
+ mode.add_argument(
421
+ "--staged",
422
+ dest="mode",
423
+ action="store_const",
424
+ const="staged",
425
+ help=(
426
+ "Scan only staged files via 'git diff --cached --name-only' "
427
+ "(used by .githooks/pre-commit)."
428
+ ),
429
+ )
430
+ parser.set_defaults(mode="all")
431
+ parser.add_argument(
432
+ "--project-root",
433
+ default=".",
434
+ help="Project root path (default: current working directory).",
435
+ )
436
+ parser.add_argument(
437
+ "--allow-list",
438
+ default=None,
439
+ help=(
440
+ "Path to a file with newline-separated glob patterns of "
441
+ "documented file exceptions. Lines starting with # are comments."
442
+ ),
443
+ )
444
+ parser.add_argument(
445
+ "--quiet",
446
+ action="store_true",
447
+ help="Suppress the OK message (errors still print).",
448
+ )
449
+ return parser
450
+
451
+
452
+ def main(argv: list[str] | None = None) -> int:
453
+ # Force UTF-8 stdout/stderr at hook-script entry (mirrors #814).
454
+ if hasattr(sys.stdout, "reconfigure"):
455
+ sys.stdout.reconfigure(encoding="utf-8", errors="replace")
456
+ if hasattr(sys.stderr, "reconfigure"):
457
+ sys.stderr.reconfigure(encoding="utf-8", errors="replace")
458
+
459
+ parser = _build_parser()
460
+ args = parser.parse_args(argv)
461
+ project_root = Path(args.project_root).resolve()
462
+ allow_list_path = Path(args.allow_list).resolve() if args.allow_list else None
463
+
464
+ code, _findings, msg = evaluate(
465
+ project_root,
466
+ mode=args.mode,
467
+ allow_list_path=allow_list_path,
468
+ )
469
+ if code == 0:
470
+ if not args.quiet:
471
+ print(msg)
472
+ else:
473
+ print(msg, file=sys.stderr)
474
+ return code
475
+
476
+
477
+ if __name__ == "__main__":
478
+ sys.exit(main())
@@ -140,34 +140,15 @@ Loop body, per candidate (top-of-queue first):
140
140
 
141
141
  #### Phase 0d -- Cohort dispatch
142
142
 
143
- - ! After the promote-fill loop exits (cap reached, queue empty, or operator `stop`), `vbrief/pending/` now holds the cohort. On the interactive path, Phase 0e below captures the intended sub-agent backend before Step 0.5 hardens lifecycle state. Then the existing Step 0.5 (Lifecycle Bridge -- Promote and Activate Proposed Scope vBRIEFs, #1025) moves the cohort `pending/ -> active/`, and Steps 1-5 (readiness report, blockers, allocation, present, approval) proceed against the activated set. Existing swarm Phase 1+ (Select, Setup, Launch, Monitor, Review, Close) proceeds unchanged.
143
+ - ! After the promote-fill loop exits (cap reached, queue empty, or operator `stop`), `vbrief/pending/` now holds the cohort. Phase 0e below is now deprecated (#1891) -- per-role operator model routing (`task swarm:routing-set`, #1739) supersedes the sub-agent backend enum; `task verify:routing -- --advise` is the session-start disclosure surface. The existing Step 0.5 (Lifecycle Bridge -- Promote and Activate Proposed Scope vBRIEFs, #1025) moves the cohort `pending/ -> active/`, and Steps 1-5 (readiness report, blockers, allocation, present, approval) proceed against the activated set. Existing swarm Phase 1+ (Select, Setup, Launch, Monitor, Review, Close) proceeds unchanged.
144
144
 
145
- #### Phase 0e -- Interactive sub-agent backend selection (#1568)
145
+ #### Phase 0e -- Interactive sub-agent backend selection (DEPRECATED -- #1568 / superseded by #1739)
146
146
 
147
- ! On the **interactive** swarm path, before Step 0.5 hardens lifecycle state and before any `task swarm:launch` / headless launch-manifest handoff is attempted, run `task policy:subagent-backends` and inspect `plan.policy.swarmSubagentBackend`.
147
+ > **This phase is superseded.** Per-role operator model routing (`.deft/routing.local.json`, #1739) is the current mechanism for recording which model each worker role uses. Run `task verify:routing -- --advise` at session start and `task swarm:routing-set` to configure routing decisions. The `plan.policy.swarmSubagentBackend` enum and `task policy:subagent-backend(s)` surface are still present but deprecated (#1891); do not consult them for new work.
148
148
 
149
- ! If `plan.policy.swarmSubagentBackend` is unset, ask the operator which subagent backend they intend to use. This question captures operator preference; probe availability is supporting evidence only. Display all stable backend choices with their probed status, but do NOT rank the menu by availability and do NOT imply `cursor-cloud` is the default just because it is probe-available.
149
+ ~ If `plan.policy.swarmSubagentBackend` is already set in the project policy and no `.deft/routing.local.json` is present, surface a one-line nudge asking the operator to run `task swarm:routing-set` to migrate to the routing surface before dispatch.
150
150
 
151
- Render the backend-selection prompt as a deterministic numbered menu in chat (or via a host UI that visibly preserves the same numeric option labels and exact displayed option text) with `Discuss` and `Back` final per [`../../contracts/deterministic-questions.md`](../../contracts/deterministic-questions.md):
152
-
153
- 1. Local Composer/Cursor subagents (`composer`) -- intended local Composer-class coding agents; probe status: `<available|unavailable|unknown>`.
154
- 2. Cursor cloud agents (`cursor-cloud`) -- intended remote/cloud agents; probe status: `<available|unavailable|unknown>`.
155
- 3. Grok Build subagents (`grok-build`) -- intended `spawn_subagent` workers; probe status: `<available|unavailable|unknown>`.
156
- 4. Discuss
157
- 5. Back
158
-
159
- ! After the operator selects a backend, ask whether to persist it to project policy with `task policy:subagent-backend -- <id>` or record it as a per-run launch-context choice for this swarm only. Render the persistence/per-run follow-up as a deterministic numbered menu with `Discuss` and `Back` as the final two options:
160
-
161
- 1. Persist backend to project policy with `task policy:subagent-backend -- <id>` -- use this backend for future swarms.
162
- 2. Record backend as a per-run launch-context choice for this swarm only -- do not change project policy.
163
- 3. Discuss
164
- 4. Back
165
-
166
- ! If the operator chooses a backend whose probe status is unavailable or unknown, surface the remediation or uncertainty for that backend (for example, switch runtime, enable `spawn_subagent`, inject cloud credentials, or rerun the probe in the target environment) and stop before launch planning unless the operator explicitly records a per-run launch-context choice for a later environment where that backend will be available or verifiable.
167
-
168
- ⊗ Treat probe availability as operator intent. A single probe-available backend is not a recommendation, default, or consent token; the operator must choose the intended backend in the interactive path when policy is unset.
169
-
170
- ⊗ Add an interactive prompt to the headless / autonomous `task swarm:launch` path. Autonomous/headless launch remains fail-closed when neither `plan.policy.swarmSubagentBackend` nor an explicit launch-context backend choice is present; `scripts/swarm_launch.py` is the guardrail, not a prompt surface.
151
+ Prompt the operator to select or persist a `swarmSubagentBackend` enum value for new work -- the routing surface (#1739) supersedes the enum; using the enum steers agents into a dead configuration path.
171
152
 
172
153
  #### Phase 0f -- Greenfield swarm-ready bootstrap (#1053)
173
154
 
@@ -429,9 +410,9 @@ Cross-references: `scripts/platform_capabilities.py` (#1557a), `scripts/github_a
429
410
 
430
411
  ! **Supported backend examples (none mandatory):** Composer-class coding agents, Grok Build `spawn_subagent` workers, Cursor/cloud agents, and future adapters are all first-class examples. No single backend is required — Grok Build is one implementation of provider-neutral routing, not the only target.
431
412
 
432
- ~ **Policy surface (#1531a):** `plan.policy.swarmSubagentBackend` (set via `task policy:subagent-backend`) records the operator's preferred coding sub-agent provider for leaf workers; `task policy:subagent-backends` probes stable provider IDs and role capabilities. The policy complements does not replace per-dispatch provider selection at launch time.
413
+ ! **Operator model routing (#1739):** the concrete per-role model lives in the gitignored, per-machine `.deft/routing.local.json`, keyed by `(dispatch_provider, worker_role)`. Record a decision with `task swarm:routing-set -- --role <role> (--model <slug> | --harness-default)`. `task swarm:launch` resolves the active provider's route and stamps `resolved_model` + `model_source` into each C2 manifest record. When `resolved_model` is non-null, the monitor MUST pass it as the **model argument of the actual dispatch primitive** (e.g. the Task tool's `model` field for a Cursor sub-agent) stamping the manifest is prep; a recorded model that never reaches the spawn call is the bug #1739 closes. Run `task verify:routing` before dispatching a cohort (pre-dispatch hard gate; fails when a dispatched role is undecided) and `task verify:routing -- --advise` at session start (non-blocking disclosure). For harness-bound providers (e.g. `grok`) only `--harness-default` is recordable and `resolved_model` stays null.
433
414
 
434
- ! **Operator model routing (#1739, supersedes the swarmSubagentBackend enum):** the concrete per-role model lives in the gitignored, per-machine `.deft/routing.local.json`, keyed by `(dispatch_provider, worker_role)`. Record a decision with `task swarm:routing-set -- --role <role> (--model <slug> | --harness-default)`. `task swarm:launch` resolves the active provider's route and stamps `resolved_model` + `model_source` into each C2 manifest record. When `resolved_model` is non-null, the monitor MUST pass it as the **model argument of the actual dispatch primitive** (e.g. the Task tool's `model` field for a Cursor sub-agent) stamping the manifest is prep; a recorded model that never reaches the spawn call is the bug #1739 closes. Run `task verify:routing` before dispatching a cohort (pre-dispatch hard gate; fails when a dispatched role is undecided) and `task verify:routing -- --advise` at session start (non-blocking disclosure). For harness-bound providers (e.g. `grok`) only `--harness-default` is recordable and `resolved_model` stays null.
415
+ ~ **DEPRECATED Policy surface (#1531a / #1891):** `plan.policy.swarmSubagentBackend` (set via `task policy:subagent-backend`) was the previous mechanism for recording the operator's preferred coding sub-agent provider. It is superseded by per-role operator model routing above (#1739). The enum and associated `task policy:subagent-backend(s)` tasks remain functional but deprecated; hard deletion is tracked by #1860. Use `task swarm:routing-set` instead.
435
416
 
436
417
  ! **Role boundaries for cheaper leaf agents:** Cheaper, high-context leaf agents are appropriate for **leaf implementation** work in isolated worktrees when vBRIEF scope is tight and gates (`task check`, Greptile review cycle) hold. The following roles MUST remain on strong, review-capable agents regardless of backend availability:
437
418
 
@@ -20,7 +20,7 @@ triggers:
20
20
 
21
21
  Session-start framework sync -- pull latest deft submodule updates, validate vBRIEF lifecycle structure, and detect stale origins.
22
22
 
23
- > **Canonical bootstrap / update path (post #1334 Epic, #1409):** Use the published Go installer binary (`deft-install` / platform-specific `install-*` from releases) to (re)bootstrap or update the framework payload. The canonical headless one-command refresh for an existing install is `deft-install --yes --upgrade --repo-root . --json` (drop `--json` for human-readable output) -- it actually replaces the framework payload in `.deft/core/` plus the manifest and AGENTS.md. After install the canonical `scripts/doctor.py --session --json` (or `task doctor`) runs automatically and, when the manifest sha shows the payload is stale, recommends that exact command. Legacy `run upgrade` / `task upgrade` are metadata-only acknowledgment (they do NOT replace the payload); git-submodule / `task framework:doctor` paths are back-compat only. See UPGRADING.md and the installer-doctor handoff in #1339/#1340.
23
+ > **Canonical bootstrap / update path (#761 npm cutover):** Install and upgrade via npm: `npm i -g @deftai/directive` (install) or `npm i -g @deftai/directive@latest` (upgrade); Node >= 20 is required. For machines without Node, the frozen legacy Go installer (`deft-install` / platform-specific `install-*` from GitHub Releases) is a no-Node bootstrap bridge (#1912) -- migrate to npm once Node is available. After a session start the canonical `scripts/doctor.py --session --json` (`deft doctor` / `task doctor`) reports install + payload state and, when the manifest sha shows the payload is stale, recommends `npm i -g @deftai/directive@latest`. Legacy `run upgrade` / `task upgrade` are metadata-only acknowledgment (they do NOT replace the payload), and git-submodule / `task framework:doctor` paths are back-compat only -- the submodule sync in Phases 1-2 below is the legacy update flow, de-emphasized in UPGRADING.md / README. See UPGRADING.md and #761 / #1912.
24
24
 
25
25
  Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
26
26
 
@@ -0,0 +1,13 @@
1
+ version: '3'
2
+
3
+ vars:
4
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
5
+
6
+ tasks:
7
+ sor-preflight:
8
+ desc: "System-of-record architecture preflight. Run before stateful implementation: task architecture:sor-preflight -- --story-path <path>"
9
+ dir: '{{.USER_WORKING_DIR}}'
10
+ # Per conventions/task-caching.md: no sources/generates because this target
11
+ # forwards user-supplied story paths and flags via CLI_ARGS.
12
+ cmds:
13
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" architecture-preflight-sor {{.CLI_ARGS}}
@@ -0,0 +1,69 @@
1
+ version: '3'
2
+
3
+ # ---------------------------------------------------------------------------
4
+ # cache.yml -- unified content cache + quarantine layer (#883 Story 2).
5
+ #
6
+ # Five-command surface (per the v1_scope.cache_commands list in
7
+ # vbrief/active/2026-05-05-883-deft-cache-quarantine-v1.vbrief.json):
8
+ #
9
+ # - cache:put (cache one (source, key) entry from a raw JSON file)
10
+ # - cache:get (print content.md path + meta.json contents)
11
+ # - cache:invalidate (delete the entry directory + append audit)
12
+ # - cache:fetch-all (orchestrate scm:* to bulk-populate a repo)
13
+ # - cache:prune (drop entries older than the threshold)
14
+ #
15
+ # Storage layout: .deft-cache/<source>/<key>/{raw.json, content.md, meta.json}
16
+ # plus the global .deft-cache/quarantine-audit.jsonl audit log. v1 ships
17
+ # the github-issue source only; 5 additional sources (github-pr,
18
+ # github-review, url, email, file) are deferred to v2 per the epic
19
+ # deferred_to_v2 list.
20
+ #
21
+ # Per `conventions/task-caching.md` (#574): every task here forwards
22
+ # `{{.CLI_ARGS}}` to a Python script, so NONE may declare `sources:` /
23
+ # `generates:` -- a go-task short-circuit would silently drop user-facing
24
+ # recovery flags (--force, --dry-run, --no-stale, etc.).
25
+ # ---------------------------------------------------------------------------
26
+
27
+ vars:
28
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
29
+
30
+ tasks:
31
+ put:
32
+ desc: "Cache an entry -- task cache:put -- <source> <key> --raw-file PATH [--ttl-seconds N]"
33
+ dir: '{{.USER_WORKING_DIR}}'
34
+ deps:
35
+ - task: :ts:build
36
+ cmds:
37
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache put {{.CLI_ARGS}}
38
+
39
+ get:
40
+ desc: "Read an entry -- task cache:get -- <source> <key> [--allow-stale | --no-stale]"
41
+ dir: '{{.USER_WORKING_DIR}}'
42
+ deps:
43
+ - task: :ts:build
44
+ cmds:
45
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache get {{.CLI_ARGS}}
46
+
47
+ invalidate:
48
+ desc: "Drop an entry -- task cache:invalidate -- <source> <key> [--reason TEXT]"
49
+ dir: '{{.USER_WORKING_DIR}}'
50
+ deps:
51
+ - task: :ts:build
52
+ cmds:
53
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache invalidate {{.CLI_ARGS}}
54
+
55
+ fetch-all:
56
+ desc: "Bulk populate -- task cache:fetch-all -- --source github-issue --repo OWNER/NAME [--batch-size N] [--delay-ms N] [--ttl-seconds N] [--no-refresh-closed to skip open→closed reconcile]"
57
+ dir: '{{.USER_WORKING_DIR}}'
58
+ deps:
59
+ - task: :ts:build
60
+ cmds:
61
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache fetch-all {{.CLI_ARGS}}
62
+
63
+ prune:
64
+ desc: "Drop expired or LRU-evict -- task cache:prune -- [--older-than-days 30] [--source github-issue] [--dry-run] [--to-cap]"
65
+ dir: '{{.USER_WORKING_DIR}}'
66
+ deps:
67
+ - task: :ts:build
68
+ cmds:
69
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache prune {{.CLI_ARGS}}