@deftai/directive-content 0.55.2 → 0.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (217) hide show
  1. package/.githooks/pre-commit +143 -0
  2. package/.githooks/pre-push +121 -0
  3. package/QUICK-START.md +2 -2
  4. package/Taskfile.yml +934 -0
  5. package/UPGRADING.md +47 -1
  6. package/events/README.md +3 -3
  7. package/package.json +5 -4
  8. package/scripts/_agents_md.py +494 -0
  9. package/scripts/_cache_fetch.py +635 -0
  10. package/scripts/_cache_quota.py +529 -0
  11. package/scripts/_cache_refresh.py +163 -0
  12. package/scripts/_cache_validate.py +209 -0
  13. package/scripts/_content_root.py +42 -0
  14. package/scripts/_doctor_state.py +277 -0
  15. package/scripts/_event_detect.py +305 -0
  16. package/scripts/_events.py +514 -0
  17. package/scripts/_lifecycle_hygiene.py +568 -0
  18. package/scripts/_pathspec.py +91 -0
  19. package/scripts/_policy_show_cli.py +266 -0
  20. package/scripts/_precutover.py +92 -0
  21. package/scripts/_project_context.py +224 -0
  22. package/scripts/_project_definition_io.py +164 -0
  23. package/scripts/_relocate_snapshot.py +209 -0
  24. package/scripts/_relocate_states.py +343 -0
  25. package/scripts/_resolve_preflight_path.py +152 -0
  26. package/scripts/_safe_subprocess.py +167 -0
  27. package/scripts/_session_start_hook.py +205 -0
  28. package/scripts/_sor_gate_diff.py +365 -0
  29. package/scripts/_stdio_utf8.py +59 -0
  30. package/scripts/_triage_bootstrap_gitignore.py +904 -0
  31. package/scripts/_triage_classify_cli.py +122 -0
  32. package/scripts/_triage_queue_cli.py +625 -0
  33. package/scripts/_triage_scope_cli.py +343 -0
  34. package/scripts/_triage_scope_drift_cli.py +121 -0
  35. package/scripts/_triage_scope_ignores.py +286 -0
  36. package/scripts/_triage_scope_milestone.py +432 -0
  37. package/scripts/_triage_scope_mutations.py +337 -0
  38. package/scripts/_triage_scope_renderers.py +207 -0
  39. package/scripts/_triage_smoketest_stages.py +674 -0
  40. package/scripts/_triage_subscribe_cli.py +140 -0
  41. package/scripts/_triage_welcome_cli.py +421 -0
  42. package/scripts/_vbrief_build.py +239 -0
  43. package/scripts/_vbrief_fidelity.py +479 -0
  44. package/scripts/_vbrief_legacy.py +589 -0
  45. package/scripts/_vbrief_reconciliation.py +883 -0
  46. package/scripts/_vbrief_routing.py +277 -0
  47. package/scripts/_vbrief_safety.py +778 -0
  48. package/scripts/_vbrief_sources.py +312 -0
  49. package/scripts/_vbrief_speckit.py +262 -0
  50. package/scripts/_vbrief_story_quality.py +353 -0
  51. package/scripts/_vbrief_validation.py +299 -0
  52. package/scripts/build_dist.py +412 -0
  53. package/scripts/cache.py +1078 -0
  54. package/scripts/cache_scanner.py +745 -0
  55. package/scripts/candidates_log.py +432 -0
  56. package/scripts/capacity_backfill.py +680 -0
  57. package/scripts/capacity_show.py +653 -0
  58. package/scripts/ci_local.py +689 -0
  59. package/scripts/code_structure_validate.py +765 -0
  60. package/scripts/codebase_default_extractor.py +495 -0
  61. package/scripts/codebase_map.py +304 -0
  62. package/scripts/codebase_map_fresh.py +104 -0
  63. package/scripts/codebase_projection_registry.py +94 -0
  64. package/scripts/codebase_provider.py +582 -0
  65. package/scripts/doctor.py +2257 -0
  66. package/scripts/framework_commands.py +505 -0
  67. package/scripts/gh_rest.py +882 -0
  68. package/scripts/github_auth_modes.py +437 -0
  69. package/scripts/github_body.py +292 -0
  70. package/scripts/ip_risk.py +531 -0
  71. package/scripts/issue_emit.py +670 -0
  72. package/scripts/issue_ingest.py +1064 -0
  73. package/scripts/migrate_preflight.py +418 -0
  74. package/scripts/migrate_vbrief.py +2677 -0
  75. package/scripts/monitor_pr.py +401 -0
  76. package/scripts/pack_migrate_lessons.py +336 -0
  77. package/scripts/pack_migrate_patterns.py +254 -0
  78. package/scripts/pack_migrate_rules.py +350 -0
  79. package/scripts/pack_migrate_skills.py +423 -0
  80. package/scripts/pack_migrate_strategies.py +311 -0
  81. package/scripts/pack_migrate_swarm_spec.py +250 -0
  82. package/scripts/pack_render.py +434 -0
  83. package/scripts/packs_slice.py +712 -0
  84. package/scripts/platform_capabilities.py +336 -0
  85. package/scripts/policy.py +2826 -0
  86. package/scripts/policy_set.py +324 -0
  87. package/scripts/pr_check_closing_keywords.py +524 -0
  88. package/scripts/pr_check_protected_issues.py +267 -0
  89. package/scripts/pr_merge_readiness.py +1004 -0
  90. package/scripts/pr_wait_mergeable.py +669 -0
  91. package/scripts/prd_render.py +159 -0
  92. package/scripts/preflight_architecture_sor.py +974 -0
  93. package/scripts/preflight_branch.py +289 -0
  94. package/scripts/preflight_cache.py +974 -0
  95. package/scripts/preflight_gh.py +721 -0
  96. package/scripts/preflight_implementation.py +272 -0
  97. package/scripts/preflight_story_start.py +838 -0
  98. package/scripts/preflight_wip_cap.py +149 -0
  99. package/scripts/probe_session.py +545 -0
  100. package/scripts/project_render.py +293 -0
  101. package/scripts/quarantine_ext.py +237 -0
  102. package/scripts/reconcile_issues.py +1442 -0
  103. package/scripts/refresh-path.ps1 +107 -0
  104. package/scripts/release.py +2030 -0
  105. package/scripts/release_e2e.py +1011 -0
  106. package/scripts/release_publish.py +486 -0
  107. package/scripts/release_rollback.py +980 -0
  108. package/scripts/relocate.py +1034 -0
  109. package/scripts/resolve_changelog_unreleased.py +667 -0
  110. package/scripts/resolve_version.py +490 -0
  111. package/scripts/resume_conditions.py +706 -0
  112. package/scripts/ritual_sentinel.py +609 -0
  113. package/scripts/roadmap_render.py +635 -0
  114. package/scripts/rule_ownership_lint.py +325 -0
  115. package/scripts/scm.py +591 -0
  116. package/scripts/scope_audit_log.py +387 -0
  117. package/scripts/scope_decompose.py +654 -0
  118. package/scripts/scope_demote.py +509 -0
  119. package/scripts/scope_lifecycle.py +1126 -0
  120. package/scripts/scope_undo.py +772 -0
  121. package/scripts/session_start.py +406 -0
  122. package/scripts/setup_ghx.py +339 -0
  123. package/scripts/setup_windows.ps1 +220 -0
  124. package/scripts/slice_audit.py +585 -0
  125. package/scripts/slice_record.py +530 -0
  126. package/scripts/slice_record_existing.py +692 -0
  127. package/scripts/slug_normalize.py +178 -0
  128. package/scripts/spec_render.py +477 -0
  129. package/scripts/spec_validate.py +238 -0
  130. package/scripts/subagent_monitor.py +658 -0
  131. package/scripts/swarm_complete_cohort.py +644 -0
  132. package/scripts/swarm_launch.py +1206 -0
  133. package/scripts/swarm_readiness.py +554 -0
  134. package/scripts/swarm_verify_review_clean.py +438 -0
  135. package/scripts/swarm_worktrees.py +497 -0
  136. package/scripts/toolchain-check.py +52 -0
  137. package/scripts/triage_actions.py +871 -0
  138. package/scripts/triage_bootstrap.py +1153 -0
  139. package/scripts/triage_bulk.py +630 -0
  140. package/scripts/triage_classify.py +932 -0
  141. package/scripts/triage_help.py +1685 -0
  142. package/scripts/triage_queue.py +1944 -0
  143. package/scripts/triage_reconcile.py +581 -0
  144. package/scripts/triage_refresh.py +643 -0
  145. package/scripts/triage_scope.py +999 -0
  146. package/scripts/triage_scope_drift.py +575 -0
  147. package/scripts/triage_smoketest.py +396 -0
  148. package/scripts/triage_subscribe.py +399 -0
  149. package/scripts/triage_summary.py +1011 -0
  150. package/scripts/triage_welcome.py +1178 -0
  151. package/scripts/ts_check_lane.py +86 -0
  152. package/scripts/validate-links.py +64 -0
  153. package/scripts/validate_strategy_output.py +212 -0
  154. package/scripts/vbrief_activate.py +228 -0
  155. package/scripts/vbrief_migrate_conformance.py +368 -0
  156. package/scripts/vbrief_reconcile_graph.py +306 -0
  157. package/scripts/vbrief_reconcile_labels.py +460 -0
  158. package/scripts/vbrief_reconcile_umbrellas.py +741 -0
  159. package/scripts/vbrief_validate.py +1195 -0
  160. package/scripts/verify-stubs.py +61 -0
  161. package/scripts/verify_capacity.py +160 -0
  162. package/scripts/verify_encoding.py +699 -0
  163. package/scripts/verify_hooks_installed.py +206 -0
  164. package/scripts/verify_investigation.py +360 -0
  165. package/scripts/verify_judgment_gates.py +827 -0
  166. package/scripts/verify_no_task_runtime.py +171 -0
  167. package/scripts/verify_scm_boundary.py +509 -0
  168. package/scripts/verify_session_ritual.py +389 -0
  169. package/scripts/verify_tools.py +426 -0
  170. package/scripts/verify_vbrief_conformance.py +478 -0
  171. package/tasks/architecture.yml +13 -0
  172. package/tasks/cache.yml +69 -0
  173. package/tasks/capacity.yml +38 -0
  174. package/tasks/change.yml +46 -0
  175. package/tasks/changelog.yml +24 -0
  176. package/tasks/ci.yml +49 -0
  177. package/tasks/codebase.yml +47 -0
  178. package/tasks/commit.yml +30 -0
  179. package/tasks/core.yml +126 -0
  180. package/tasks/deployments.yml +54 -0
  181. package/tasks/framework.yml +74 -0
  182. package/tasks/install.yml +60 -0
  183. package/tasks/issue.yml +50 -0
  184. package/tasks/migrate.yml +73 -0
  185. package/tasks/packs.yml +92 -0
  186. package/tasks/policy.yml +75 -0
  187. package/tasks/pr.yml +89 -0
  188. package/tasks/prd.yml +39 -0
  189. package/tasks/project.yml +27 -0
  190. package/tasks/reconcile.yml +32 -0
  191. package/tasks/relocate.yml +56 -0
  192. package/tasks/roadmap.yml +28 -0
  193. package/tasks/scm.yml +126 -0
  194. package/tasks/scope-undo.yml +36 -0
  195. package/tasks/scope.yml +141 -0
  196. package/tasks/session.yml +19 -0
  197. package/tasks/setup.yml +37 -0
  198. package/tasks/slice.yml +69 -0
  199. package/tasks/spec.yml +41 -0
  200. package/tasks/swarm.yml +85 -0
  201. package/tasks/toolchain.yml +13 -0
  202. package/tasks/triage-actions.yml +94 -0
  203. package/tasks/triage-bootstrap.yml +43 -0
  204. package/tasks/triage-bulk.yml +75 -0
  205. package/tasks/triage-classify.yml +30 -0
  206. package/tasks/triage-queue.yml +50 -0
  207. package/tasks/triage-reconcile.yml +29 -0
  208. package/tasks/triage-scope-drift.yml +29 -0
  209. package/tasks/triage-scope.yml +31 -0
  210. package/tasks/triage-smoketest.yml +33 -0
  211. package/tasks/triage-subscribe.yml +36 -0
  212. package/tasks/triage-summary.yml +29 -0
  213. package/tasks/triage-welcome.yml +32 -0
  214. package/tasks/ts.yml +328 -0
  215. package/tasks/vbrief.yml +206 -0
  216. package/tasks/verify.yml +292 -0
  217. package/templates/agents-entry.md +1 -1
@@ -0,0 +1,478 @@
1
+ #!/usr/bin/env python3
2
+ """verify_vbrief_conformance.py -- deterministic vBRIEF 0.6 conformance gate (#1620).
3
+
4
+ directive is the vBRIEF reference implementation, so its own corpus must stay
5
+ conformant to the standard it anchors: every key at document, plan, and item
6
+ level MUST be either (a) a known 0.6 spec-core field, (b) prefixed
7
+ ``x-directive/`` (a directive extension), or (c) prefixed ``x-vbrief/`` (a
8
+ vBRIEF extension). A bare key outside those three classes masquerades as
9
+ candidate-core and is exactly what produced the statusreport #34 false-RED.
10
+
11
+ This gate fails ``task check`` + the pre-commit hook when any tracked
12
+ ``vbrief/**/*.vbrief.json`` carries such a bare key. It mirrors the structure
13
+ and UX of ``scripts/verify_encoding.py`` (#798): three-state exit, ``--all`` /
14
+ ``--staged`` modes, and an ``--allow-list <path>`` file-glob override.
15
+
16
+ Core key sets
17
+ -------------
18
+ Built from the canonical vBRIEF 0.6 spec (``deftai/vBRIEF``
19
+ ``docs/vbrief-spec-0.6.md`` + ``libvbrief/models.py``) and the in-repo mirror
20
+ ``vbrief/schemas/vbrief-core.schema.json``. ``metadata`` is an arbitrary bag
21
+ per 0.6 (Design Goal #5) so the gate does NOT descend into it; likewise it does
22
+ not descend into ``vBRIEFInfo`` or narrative bodies -- only structural keys at
23
+ the document, plan, and item levels are checked.
24
+
25
+ Temporary Category B allow-list
26
+ -------------------------------
27
+ ``plan.policy`` and ``plan.completedNote`` are genuine directive extensions
28
+ that SHOULD live under ``x-directive/`` but cannot be moved until upstream
29
+ vBRIEF #12 ratifies the ``x-<consumer>/`` namespace with round-trip
30
+ preservation. They are carved out via :data:`ALLOW_LIST` (a KEY allow-set,
31
+ distinct from the ``--allow-list`` file-glob override) and tracked by the
32
+ Category B follow-up issue cited below.
33
+
34
+ Plan-level ``planRef`` is handled specially (value-aware, see
35
+ :func:`_plan_planref_finding`): a PATH-style value is the load-bearing D4
36
+ epic<->story child->parent linkage and is allowed as a TEMPORARY carve-out
37
+ (its references[]-reconciliation + D4 rework is deferred to the same Category B
38
+ follow-up); a ``#``-prefixed value is the misused issue-pointer pattern behind
39
+ the statusreport #34 false-RED and IS flagged.
40
+
41
+ Exit codes (three-state, mirrors ``scripts/verify_encoding.py``)
42
+ ----------------------------------------------------------------
43
+ - ``0`` -- clean: no bare keys detected.
44
+ - ``1`` -- violations: prints per-hit ``path [level] key`` diagnostics.
45
+ - ``2`` -- config error: no ``vbrief/`` directory, ``--allow-list`` path
46
+ unreadable, ``--staged`` outside a git repo, or unrecognised CLI shape.
47
+ """
48
+
49
+ from __future__ import annotations
50
+
51
+ import argparse
52
+ import fnmatch
53
+ import json
54
+ import sys
55
+ from collections.abc import Iterable
56
+ from pathlib import Path
57
+
58
+ # Route subprocess capture through the #1366 UTF-8-safe helper. The script
59
+ # lives in scripts/ alongside _safe_subprocess.py; add that dir to sys.path so
60
+ # the import resolves whether the module is run directly or loaded via
61
+ # importlib.spec_from_file_location in tests.
62
+ sys.path.insert(0, str(Path(__file__).resolve().parent))
63
+ from _safe_subprocess import run_text # noqa: E402
64
+
65
+ #: Document-level (root) spec-core keys.
66
+ DOC_CORE: frozenset[str] = frozenset({"vBRIEFInfo", "plan"})
67
+
68
+ #: Plan-level spec-core keys (0.6). ``policy`` is DELIBERATELY EXCLUDED -- it is
69
+ #: a Category B directive extension carved out via :data:`ALLOW_LIST` so the
70
+ #: future ``plan.policy`` -> ``x-directive/policy`` migration stays enforceable
71
+ #: once the allow-list is removed.
72
+ PLAN_CORE: frozenset[str] = frozenset(
73
+ {
74
+ "id",
75
+ "uid",
76
+ "title",
77
+ "status",
78
+ "items",
79
+ "narratives",
80
+ "architecture",
81
+ "edges",
82
+ "tags",
83
+ "metadata",
84
+ "created",
85
+ "updated",
86
+ "author",
87
+ "reviewers",
88
+ "uris",
89
+ "references",
90
+ "timezone",
91
+ "agent",
92
+ "lastModifiedBy",
93
+ "changeLog",
94
+ "sequence",
95
+ "fork",
96
+ }
97
+ )
98
+
99
+ #: Item-level (PlanItem) spec-core keys (0.6). ``planRef`` IS core here (it is a
100
+ #: legitimate item field for referencing plans); only the plan-LEVEL ``planRef``
101
+ #: misuse is non-conformant.
102
+ ITEM_CORE: frozenset[str] = frozenset(
103
+ {
104
+ "id",
105
+ "uid",
106
+ "title",
107
+ "status",
108
+ "narrative",
109
+ "subItems",
110
+ "planRef",
111
+ "tags",
112
+ "metadata",
113
+ "created",
114
+ "updated",
115
+ "completed",
116
+ "priority",
117
+ "dueDate",
118
+ "startDate",
119
+ "endDate",
120
+ "percentComplete",
121
+ "participants",
122
+ "location",
123
+ "uris",
124
+ "recurrence",
125
+ "reminders",
126
+ "classification",
127
+ "relatedComments",
128
+ "timezone",
129
+ "sequence",
130
+ "lastModifiedBy",
131
+ "lockedBy",
132
+ "items",
133
+ }
134
+ )
135
+
136
+ #: Accepted extension-namespace prefixes. A key carrying either prefix is
137
+ #: conformant at any level (it is an explicitly-namespaced extension, not a
138
+ #: bare candidate-core key).
139
+ EXTENSION_PREFIXES: tuple[str, ...] = ("x-directive/", "x-vbrief/")
140
+
141
+ #: TEMPORARY Category B carve-outs (KEY allow-set, ``"<level>.<key>"`` form).
142
+ #: These are genuine directive extensions awaiting the ``x-<consumer>/``
143
+ #: namespace ratified by upstream vBRIEF #12; the migration that moves them to
144
+ #: ``x-directive/*`` and REMOVES this allow-list is tracked by directive #1650
145
+ #: (Category B follow-up to #1620).
146
+ ALLOW_LIST: frozenset[str] = frozenset({"plan.policy", "plan.completedNote"})
147
+
148
+
149
+ class Finding:
150
+ """One bare-key conformance violation record."""
151
+
152
+ __slots__ = ("path", "level", "key", "location")
153
+
154
+ def __init__(self, path: str, level: str, key: str, location: str) -> None:
155
+ self.path = path
156
+ self.level = level
157
+ self.key = key
158
+ self.location = location
159
+
160
+ def render(self) -> str:
161
+ return f" {self.path} [{self.level}] bare key {self.key!r} at {self.location}"
162
+
163
+
164
+ def _is_conformant(level: str, key: str, core: frozenset[str]) -> bool:
165
+ """Return True when ``key`` is core, namespaced, or allow-listed at level."""
166
+ if key in core:
167
+ return True
168
+ if key.startswith(EXTENSION_PREFIXES):
169
+ return True
170
+ return f"{level}.{key}" in ALLOW_LIST
171
+
172
+
173
+ def _plan_planref_finding(rel_path: str, value: object) -> Finding | None:
174
+ """Value-aware check for the plan-LEVEL ``planRef`` key.
175
+
176
+ Plan-level ``planRef`` is NOT 0.6 spec-core (``planRef`` is core only at the
177
+ item level). directive carries two distinct shapes here:
178
+
179
+ - A PATH-style value (``"completed/...vbrief.json"``) is the epic<->story
180
+ child->parent linkage that ``scripts/vbrief_validate.py`` D4 validates
181
+ bidirectionally. It is load-bearing and cannot move to ``references[]``
182
+ without reworking D4, so it is a TEMPORARY carve-out tracked by the
183
+ Category B follow-up (#1650) -- allowed (not flagged) here.
184
+ - A ``#``-prefixed value (``"#1348"`` issue ref, or a stale ``#slug``) is
185
+ the misused-as-issue-pointer pattern that produced the statusreport #34
186
+ false-RED. It is FLAGGED so ``scripts/vbrief_migrate_conformance.py``
187
+ (which routes it to ``references[]`` or deletes the junk) stays enforced.
188
+ """
189
+ if isinstance(value, str) and value.strip().startswith("#"):
190
+ return Finding(
191
+ rel_path, "plan", "planRef", "plan (issue-style -- migrate to references[])"
192
+ )
193
+ return None
194
+
195
+
196
+ def _scan_item(rel_path: str, item: dict, location: str) -> list[Finding]:
197
+ """Scan one PlanItem dict (and its nested items / subItems) for bare keys."""
198
+ findings: list[Finding] = []
199
+ for key in item:
200
+ if not _is_conformant("item", key, ITEM_CORE):
201
+ findings.append(Finding(rel_path, "item", key, location))
202
+ for nested_key in ("items", "subItems"):
203
+ nested = item.get(nested_key)
204
+ if isinstance(nested, list):
205
+ for index, child in enumerate(nested):
206
+ if isinstance(child, dict):
207
+ findings.extend(
208
+ _scan_item(
209
+ rel_path, child, f"{location}.{nested_key}[{index}]"
210
+ )
211
+ )
212
+ return findings
213
+
214
+
215
+ def scan_vbrief(rel_path: str, data: object) -> list[Finding]:
216
+ """Scan a parsed vBRIEF document for bare keys at doc / plan / item level.
217
+
218
+ ``metadata`` (arbitrary bag), ``vBRIEFInfo``, and narrative bodies are NOT
219
+ descended into -- only structural keys at the three checked levels.
220
+ """
221
+ findings: list[Finding] = []
222
+ if not isinstance(data, dict):
223
+ return findings
224
+
225
+ for key in data:
226
+ if not _is_conformant("document", key, DOC_CORE):
227
+ findings.append(Finding(rel_path, "document", key, "<root>"))
228
+
229
+ plan = data.get("plan")
230
+ if not isinstance(plan, dict):
231
+ return findings
232
+
233
+ for key in plan:
234
+ if key == "planRef":
235
+ hit = _plan_planref_finding(rel_path, plan.get("planRef"))
236
+ if hit is not None:
237
+ findings.append(hit)
238
+ continue
239
+ if not _is_conformant("plan", key, PLAN_CORE):
240
+ findings.append(Finding(rel_path, "plan", key, "plan"))
241
+
242
+ items = plan.get("items")
243
+ if isinstance(items, list):
244
+ for index, item in enumerate(items):
245
+ if isinstance(item, dict):
246
+ findings.extend(
247
+ _scan_item(rel_path, item, f"plan.items[{index}]")
248
+ )
249
+ return findings
250
+
251
+
252
+ def _load_allow_list(path: Path | None) -> list[str]:
253
+ """Read newline-separated file-glob patterns; ignore comments / blanks."""
254
+ if path is None:
255
+ return []
256
+ raw = path.read_text(encoding="utf-8", errors="replace")
257
+ out: list[str] = []
258
+ for line in raw.splitlines():
259
+ stripped = line.strip()
260
+ if not stripped or stripped.startswith("#"):
261
+ continue
262
+ out.append(stripped)
263
+ return out
264
+
265
+
266
+ def _is_allow_listed(rel_path: str, patterns: Iterable[str]) -> bool:
267
+ return any(fnmatch.fnmatchcase(rel_path, pat) for pat in patterns)
268
+
269
+
270
+ def _git_files(project_root: Path, *, staged: bool) -> list[str]:
271
+ """Return tracked (or staged) POSIX-form rel paths via git."""
272
+ if staged:
273
+ cmd = ["git", "diff", "--cached", "--name-only", "--diff-filter=ACMR"]
274
+ else:
275
+ cmd = ["git", "ls-files"]
276
+ proc = run_text(cmd, cwd=str(project_root))
277
+ if proc.returncode != 0:
278
+ raise RuntimeError(
279
+ f"{' '.join(cmd)} failed (rc={proc.returncode}): {proc.stderr.strip()}"
280
+ )
281
+ return [line for line in proc.stdout.splitlines() if line.strip()]
282
+
283
+
284
+ def _is_vbrief_path(posix: str) -> bool:
285
+ """Return True for the project's root ``vbrief/**/*.vbrief.json`` corpus.
286
+
287
+ Anchored at the project-root ``vbrief/`` directory (matching the scan scope
288
+ of ``scripts/vbrief_migrate_conformance.py``) so the gate and the migration
289
+ reason about exactly the same file set. This deliberately excludes
290
+ ``.vbrief.json`` files nested under other directories -- most importantly
291
+ intentionally-stale migration fixtures under ``tests/fixtures/**`` -- which
292
+ are test artifacts, not the canonical corpus.
293
+ """
294
+ return posix.startswith("vbrief/") and posix.endswith(".vbrief.json")
295
+
296
+
297
+ def evaluate(
298
+ project_root: Path,
299
+ *,
300
+ mode: str = "all",
301
+ allow_list_path: Path | None = None,
302
+ ) -> tuple[int, list[Finding], str]:
303
+ """Pure driver returning ``(exit_code, findings, human_message)``."""
304
+ if mode not in {"all", "staged"}:
305
+ return (
306
+ 2,
307
+ [],
308
+ f"\u274c verify_vbrief_conformance: unrecognised mode {mode!r} "
309
+ "(expected 'all' or 'staged').",
310
+ )
311
+
312
+ if not (project_root / "vbrief").is_dir():
313
+ return (
314
+ 2,
315
+ [],
316
+ (
317
+ "\u274c verify_vbrief_conformance: no vbrief/ directory under "
318
+ f"{project_root}.\n"
319
+ " Recovery: run from a project root that contains vbrief/."
320
+ ),
321
+ )
322
+
323
+ try:
324
+ custom_globs = _load_allow_list(allow_list_path)
325
+ except FileNotFoundError as exc:
326
+ return (
327
+ 2,
328
+ [],
329
+ (
330
+ f"\u274c verify_vbrief_conformance: --allow-list file not found: {exc}\n"
331
+ " Recovery: pass an existing path or omit the flag."
332
+ ),
333
+ )
334
+ except OSError as exc:
335
+ return (
336
+ 2,
337
+ [],
338
+ f"\u274c verify_vbrief_conformance: --allow-list unreadable: {exc}",
339
+ )
340
+
341
+ try:
342
+ rel_paths = _git_files(project_root, staged=(mode == "staged"))
343
+ except FileNotFoundError:
344
+ return (
345
+ 2,
346
+ [],
347
+ "\u274c verify_vbrief_conformance: 'git' executable not found on PATH.",
348
+ )
349
+ except RuntimeError as exc:
350
+ return (
351
+ 2,
352
+ [],
353
+ (
354
+ f"\u274c verify_vbrief_conformance: git failed -- {exc}\n"
355
+ " Recovery: ensure --project-root points at a git working tree."
356
+ ),
357
+ )
358
+
359
+ candidates = [
360
+ posix
361
+ for posix in (p.replace("\\", "/") for p in rel_paths)
362
+ if _is_vbrief_path(posix) and not _is_allow_listed(posix, custom_globs)
363
+ ]
364
+
365
+ findings: list[Finding] = []
366
+ for posix in candidates:
367
+ full = project_root / posix
368
+ try:
369
+ text = full.read_text(encoding="utf-8")
370
+ except OSError:
371
+ continue
372
+ try:
373
+ data = json.loads(text)
374
+ except json.JSONDecodeError:
375
+ # Malformed JSON is owned by vbrief:validate / verify:encoding; the
376
+ # conformance gate only reasons about parseable documents.
377
+ continue
378
+ findings.extend(scan_vbrief(posix, data))
379
+
380
+ if findings:
381
+ header = (
382
+ f"\u274c verify_vbrief_conformance: detected {len(findings)} bare "
383
+ f"key(s) across {len({f.path for f in findings})} file(s) (#1620).\n"
384
+ " Every vBRIEF key MUST be 0.6 spec-core, x-directive/-namespaced, "
385
+ "or x-vbrief/-namespaced -- never bare.\n"
386
+ " Fix: migrate misused/misspelled core fields to their core home "
387
+ "(see scripts/vbrief_migrate_conformance.py), or namespace a genuine\n"
388
+ " extension under x-directive/. Allow-list a documented file "
389
+ "exception via --allow-list <path> (newline-separated globs)."
390
+ )
391
+ body = "\n".join(f.render() for f in findings[:50])
392
+ if len(findings) > 50:
393
+ body += f"\n ... and {len(findings) - 50} more"
394
+ return 1, findings, f"{header}\n{body}"
395
+
396
+ msg = (
397
+ f"\u2713 verify_vbrief_conformance: {len(candidates)} vBRIEF file(s) "
398
+ "clean -- no bare keys (#1620)."
399
+ )
400
+ return 0, findings, msg
401
+
402
+
403
+ def _build_parser() -> argparse.ArgumentParser:
404
+ parser = argparse.ArgumentParser(
405
+ prog="verify_vbrief_conformance.py",
406
+ description=(
407
+ "Deterministic vBRIEF 0.6 conformance gate (#1620). Flags any key "
408
+ "at document/plan/item level that is not 0.6 spec-core, "
409
+ "x-directive/-namespaced, or x-vbrief/-namespaced."
410
+ ),
411
+ )
412
+ mode = parser.add_mutually_exclusive_group()
413
+ mode.add_argument(
414
+ "--all",
415
+ dest="mode",
416
+ action="store_const",
417
+ const="all",
418
+ help="Scan all tracked files via 'git ls-files' (default).",
419
+ )
420
+ mode.add_argument(
421
+ "--staged",
422
+ dest="mode",
423
+ action="store_const",
424
+ const="staged",
425
+ help=(
426
+ "Scan only staged files via 'git diff --cached --name-only' "
427
+ "(used by .githooks/pre-commit)."
428
+ ),
429
+ )
430
+ parser.set_defaults(mode="all")
431
+ parser.add_argument(
432
+ "--project-root",
433
+ default=".",
434
+ help="Project root path (default: current working directory).",
435
+ )
436
+ parser.add_argument(
437
+ "--allow-list",
438
+ default=None,
439
+ help=(
440
+ "Path to a file with newline-separated glob patterns of "
441
+ "documented file exceptions. Lines starting with # are comments."
442
+ ),
443
+ )
444
+ parser.add_argument(
445
+ "--quiet",
446
+ action="store_true",
447
+ help="Suppress the OK message (errors still print).",
448
+ )
449
+ return parser
450
+
451
+
452
+ def main(argv: list[str] | None = None) -> int:
453
+ # Force UTF-8 stdout/stderr at hook-script entry (mirrors #814).
454
+ if hasattr(sys.stdout, "reconfigure"):
455
+ sys.stdout.reconfigure(encoding="utf-8", errors="replace")
456
+ if hasattr(sys.stderr, "reconfigure"):
457
+ sys.stderr.reconfigure(encoding="utf-8", errors="replace")
458
+
459
+ parser = _build_parser()
460
+ args = parser.parse_args(argv)
461
+ project_root = Path(args.project_root).resolve()
462
+ allow_list_path = Path(args.allow_list).resolve() if args.allow_list else None
463
+
464
+ code, _findings, msg = evaluate(
465
+ project_root,
466
+ mode=args.mode,
467
+ allow_list_path=allow_list_path,
468
+ )
469
+ if code == 0:
470
+ if not args.quiet:
471
+ print(msg)
472
+ else:
473
+ print(msg, file=sys.stderr)
474
+ return code
475
+
476
+
477
+ if __name__ == "__main__":
478
+ sys.exit(main())
@@ -0,0 +1,13 @@
1
+ version: '3'
2
+
3
+ vars:
4
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
5
+
6
+ tasks:
7
+ sor-preflight:
8
+ desc: "System-of-record architecture preflight. Run before stateful implementation: task architecture:sor-preflight -- --story-path <path>"
9
+ dir: '{{.USER_WORKING_DIR}}'
10
+ # Per conventions/task-caching.md: no sources/generates because this target
11
+ # forwards user-supplied story paths and flags via CLI_ARGS.
12
+ cmds:
13
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" architecture-preflight-sor {{.CLI_ARGS}}
@@ -0,0 +1,69 @@
1
+ version: '3'
2
+
3
+ # ---------------------------------------------------------------------------
4
+ # cache.yml -- unified content cache + quarantine layer (#883 Story 2).
5
+ #
6
+ # Five-command surface (per the v1_scope.cache_commands list in
7
+ # vbrief/active/2026-05-05-883-deft-cache-quarantine-v1.vbrief.json):
8
+ #
9
+ # - cache:put (cache one (source, key) entry from a raw JSON file)
10
+ # - cache:get (print content.md path + meta.json contents)
11
+ # - cache:invalidate (delete the entry directory + append audit)
12
+ # - cache:fetch-all (orchestrate scm:* to bulk-populate a repo)
13
+ # - cache:prune (drop entries older than the threshold)
14
+ #
15
+ # Storage layout: .deft-cache/<source>/<key>/{raw.json, content.md, meta.json}
16
+ # plus the global .deft-cache/quarantine-audit.jsonl audit log. v1 ships
17
+ # the github-issue source only; 5 additional sources (github-pr,
18
+ # github-review, url, email, file) are deferred to v2 per the epic
19
+ # deferred_to_v2 list.
20
+ #
21
+ # Per `conventions/task-caching.md` (#574): every task here forwards
22
+ # `{{.CLI_ARGS}}` to a Python script, so NONE may declare `sources:` /
23
+ # `generates:` -- a go-task short-circuit would silently drop user-facing
24
+ # recovery flags (--force, --dry-run, --no-stale, etc.).
25
+ # ---------------------------------------------------------------------------
26
+
27
+ vars:
28
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
29
+
30
+ tasks:
31
+ put:
32
+ desc: "Cache an entry -- task cache:put -- <source> <key> --raw-file PATH [--ttl-seconds N]"
33
+ dir: '{{.USER_WORKING_DIR}}'
34
+ deps:
35
+ - task: :ts:build
36
+ cmds:
37
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache put {{.CLI_ARGS}}
38
+
39
+ get:
40
+ desc: "Read an entry -- task cache:get -- <source> <key> [--allow-stale | --no-stale]"
41
+ dir: '{{.USER_WORKING_DIR}}'
42
+ deps:
43
+ - task: :ts:build
44
+ cmds:
45
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache get {{.CLI_ARGS}}
46
+
47
+ invalidate:
48
+ desc: "Drop an entry -- task cache:invalidate -- <source> <key> [--reason TEXT]"
49
+ dir: '{{.USER_WORKING_DIR}}'
50
+ deps:
51
+ - task: :ts:build
52
+ cmds:
53
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache invalidate {{.CLI_ARGS}}
54
+
55
+ fetch-all:
56
+ desc: "Bulk populate -- task cache:fetch-all -- --source github-issue --repo OWNER/NAME [--batch-size N] [--delay-ms N] [--ttl-seconds N] [--no-refresh-closed to skip open→closed reconcile]"
57
+ dir: '{{.USER_WORKING_DIR}}'
58
+ deps:
59
+ - task: :ts:build
60
+ cmds:
61
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache fetch-all {{.CLI_ARGS}}
62
+
63
+ prune:
64
+ desc: "Drop expired or LRU-evict -- task cache:prune -- [--older-than-days 30] [--source github-issue] [--dry-run] [--to-cap]"
65
+ dir: '{{.USER_WORKING_DIR}}'
66
+ deps:
67
+ - task: :ts:build
68
+ cmds:
69
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" cache prune {{.CLI_ARGS}}
@@ -0,0 +1,38 @@
1
+ version: '3'
2
+
3
+ vars:
4
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
5
+
6
+ # Capacity allocation accounting surface (#1419 Delivery Slice 4).
7
+ #
8
+ # `task capacity:show` derives per-bucket target-vs-actual mix from the vBRIEF
9
+ # lifecycle folders (filesystem-truth, offline) with outcome (rework) and cost
10
+ # overlays, and renders advisory mode when classified completions are below
11
+ # minSampleSize. It is a DISPLAY surface and always exits 0 on a valid project
12
+ # root (the companion `task verify:capacity` in tasks/verify.yml is the
13
+ # three-state advisory gate).
14
+ #
15
+ # Conventions (mirroring tasks/scope.yml / tasks/verify.yml):
16
+ # * `dir: '{{.USER_WORKING_DIR}}'` so the script's CWD is the consumer project
17
+ # root, not deft/.
18
+ # * `DEFT_ROOT` defined locally via joinPath so the script path resolves on
19
+ # Windows (#566).
20
+ # * `{{.CLI_ARGS}}` forwarded bare (no double quotes, #577) and NO `sources:` /
21
+ # `generates:` so go-task does not swallow flags (#574 / conventions/
22
+ # task-caching.md).
23
+ tasks:
24
+ show:
25
+ desc: "Capacity allocation target-vs-actual mix (advisory, offline). task capacity:show [-- --project-root <path>]"
26
+ dir: '{{.USER_WORKING_DIR}}'
27
+ deps:
28
+ - task: :ts:build
29
+ cmds:
30
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" capacity-show --project-root "{{.USER_WORKING_DIR}}" {{.CLI_ARGS}}
31
+
32
+ backfill:
33
+ desc: "One-time capacity-bucket backfill for completed vBRIEFs (#1606): infer capacityBucket from origin-issue labels + stamp completedAt from git. Dry-run by default; idempotent; never touches cost. -- task capacity:backfill [-- --apply] [--window-only] [--cache-dir <path>] [--json]"
34
+ dir: '{{.USER_WORKING_DIR}}'
35
+ deps:
36
+ - task: :ts:build
37
+ cmds:
38
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" capacity-backfill --project-root "{{.USER_WORKING_DIR}}" {{.CLI_ARGS}}
@@ -0,0 +1,46 @@
1
+ version: '3'
2
+
3
+ vars:
4
+ # Per ../Taskfile.yml header: joinPath is evaluated eagerly by go-task
5
+ # templating and yields a native-separator absolute path so {{.DEFT_ROOT}}
6
+ # resolves correctly under uv on Windows (#566). Used here to pin
7
+ # `uv --project` against ancestor pyproject.toml leakage (#1011).
8
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
9
+
10
+ tasks:
11
+ changelog:check:
12
+ desc: Verify CHANGELOG.md has an [Unreleased] section with at least one entry
13
+ env:
14
+ PYTHONUTF8: "1"
15
+ cmds:
16
+ - cmd: >-
17
+ uv --project "{{.DEFT_ROOT}}" run python -c
18
+ "import sys, pathlib, re;
19
+ p = pathlib.Path('CHANGELOG.md');
20
+ (not p.exists()) and (print('FAIL: CHANGELOG.md not found'), sys.exit(1));
21
+ text = p.read_text('utf-8');
22
+ m = re.search(r'## \[Unreleased\][ \t]*\n(.*?)(?=\n## \[|$)', text, re.DOTALL);
23
+ (m is None) and (print('FAIL: No [Unreleased] section found in CHANGELOG.md'), sys.exit(1));
24
+ body = m.group(1);
25
+ entries = [l for l in body.splitlines() if l.strip().startswith('- ')];
26
+ (len(entries) == 0) and (print('FAIL: [Unreleased] section has no entries (no lines starting with \"- \")'), sys.exit(1));
27
+ print(f'OK: CHANGELOG.md [Unreleased] section has {len(entries)} entries')"
28
+
29
+ change:init:
30
+ desc: Create a new change proposal directory structure in history/changes/<name>/
31
+ cmds:
32
+ - cmd: >-
33
+ uv --project "{{.DEFT_ROOT}}" run python -c
34
+ "import sys, pathlib, json, re;
35
+ name = '{{.CLI_ARGS}}'.strip();
36
+ (not name) and (print('FAIL: Usage: task change:init -- <name>'), sys.exit(1));
37
+ (not re.match(r'^[\w][\w-]*$', name)) and (print('FAIL: Name must contain only alphanumeric characters, underscores, and hyphens'), sys.exit(1));
38
+ base = pathlib.Path('history/changes') / name;
39
+ base.exists() and (print(f'FAIL: {base} already exists'), sys.exit(1));
40
+ (base / 'specs').mkdir(parents=True, exist_ok=True);
41
+ proposal = {'vBRIEFInfo': {'version': '0.5'}, 'plan': {'title': name, 'status': 'draft', 'narratives': {'Problem': 'What is wrong or missing.', 'Change': 'What this proposal does about it.', 'Scope': 'In scope: ... Out of scope: ...', 'Impact': 'What existing code/specs are affected.', 'Risks': 'What could go wrong.', 'Approach': 'How to implement the change.', 'Alternatives': 'What else was considered and why not.', 'Dependencies': 'What must exist before this works.'}}};
42
+ (base / 'proposal.vbrief.json').write_text(json.dumps(proposal, indent=2) + chr(10), encoding='utf-8');
43
+ tasks = {'vBRIEFInfo': {'version': '0.5'}, 'plan': {'title': name, 'status': 'draft', 'items': [], 'edges': []}};
44
+ (base / 'tasks.vbrief.json').write_text(json.dumps(tasks, indent=2) + chr(10), encoding='utf-8');
45
+ print(f'OK: Created change proposal at {base}/');
46
+ [print(f' - {f}') for f in ['proposal.vbrief.json', 'tasks.vbrief.json', 'specs/']]"
@@ -0,0 +1,24 @@
1
+ version: '3'
2
+
3
+ vars:
4
+ DEFT_ROOT: '{{joinPath .TASKFILE_DIR ".."}}'
5
+
6
+ # Surface for the CHANGELOG.md union-merge helper (#911).
7
+ #
8
+ # Wraps scripts/resolve_changelog_unreleased.py, the canonical swarm-cascade
9
+ # Phase 6 Step 1 helper that replaces the older HEAD-take-and-discard pattern
10
+ # silently dropping rebasing-branch CHANGELOG entries on every cascade rebase.
11
+ # See skills/deft-directive-swarm/SKILL.md Phase 6 Step 1 for the manual-
12
+ # fallback contract -- this task is the canonical-path alternative.
13
+ #
14
+ # Per `conventions/task-caching.md` (#574): no `sources:` / `generates:`
15
+ # because the task forwards user-facing flags via {{.CLI_ARGS}} (notably
16
+ # --changelog-path / --dry-run / --quiet). The cached `cmds:` skip would
17
+ # silently discard a recovery flag, and the helper is fast enough that a
18
+ # real-time invocation does not need incremental-build caching.
19
+ tasks:
20
+ resolve-unreleased:
21
+ desc: "Union-merge CHANGELOG.md [Unreleased] conflicts (#911) -- task changelog:resolve-unreleased [-- --changelog-path PATH] [--dry-run]"
22
+ dir: '{{.USER_WORKING_DIR}}'
23
+ cmds:
24
+ - node "{{.DEFT_ROOT}}/packages/cli/dist/bin.js" changelog-resolve-unreleased {{.CLI_ARGS}}