@fitlab-ai/agent-infra 0.7.4 → 0.7.6

package/templates/.agents/skills/close-dependabot/SKILL.en.md

@@ -11,6 +11,16 @@ Dismiss the specified Dependabot security alert and record a justified reason.
 
 > If `{task-id}` matches `^[#]?[0-9]+$` (bare numeric or `#`-prefixed), follow the "SKILL parameter resolver" section of `.agents/rules/task-short-id.md`; treat `{task-id}` as the resolved full `TASK-YYYYMMDD-HHMMSS` form for every downstream command.
 
+## Step Start: Write the started Marker
+
+After prerequisites pass and before this step's first artifact action, append a started marker to task.md `## Activity Log` (same base action as this step's done entry plus a ` [started]` suffix, note `started`):
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Close Dependabot [started]** by {agent} — started
+```
+
+`ai task log` pairs it with the done entry written on completion onto one row (in progress → done). See the "Activity Log started / done dual-marker convention" in `.agents/rules/task-management.md`.
+
 ## Execution Flow
 
 ### 1. Retrieve Alert Information

package/templates/.agents/skills/close-dependabot/SKILL.zh-CN.md

@@ -11,6 +11,16 @@ description: "关闭 Dependabot 安全告警并记录理由"
 
 > 如果 `{task-id}` 入参匹配 `^[#]?[0-9]+$`（裸数字或带 `#` 前缀），先读取 `.agents/rules/task-short-id.md` 的「SKILL 入参解析」段执行解析；后续命令视 `{task-id}` 为解析后的全长 `TASK-YYYYMMDD-HHMMSS` 形式。
 
+## 步骤开始：写入 started 标记
+
+确认前置条件后、本步骤第一个产出动作之前，向 task.md `## 活动日志` 追加一条 started 标记（与本步骤 done 条目同基名 + ` [started]` 后缀，note 用 `started`）：
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Close Dependabot [started]** by {agent} — started
+```
+
+`ai task log` 会把它与完成时写入的 done 条目配对成一行（进行中 → 已完成）。约定见 `.agents/rules/task-management.md` 的「Activity Log started / done 双标记约定」。
+
 ## 执行流程
 
 ### 1. 获取告警信息

package/templates/.agents/skills/code-task/SKILL.en.md

@@ -11,6 +11,7 @@ Implement the approved plan and produce `code.md` or `code-r{N}.md`. This skill
 
 - Follow the latest plan artifact: `plan.md` or `plan-r{N}.md`
 - Fix mode verifies each finding of the latest `review-code` one by one: fix it if it holds, or rebut it and record it under unresolved if it is unfounded/hallucinated; do not expand to issues the review did not list; env-blocked items are out of scope
+- If implementation encounters a key design decision not covered by the plan, record `[needs-human-decision]` / `HD-` rows according to `.agents/rules/no-mid-flow-questions.md` instead of asking mid-flow or expanding scope silently
 - Never auto-run `git add` or `git commit`
 - Create a new code artifact for each round and never overwrite an older one
 - After executing this skill, you **must** immediately update task.md
@@ -33,6 +34,16 @@ tail .agents/workspace/active/{task-id}/task.md
 
 > If `{task-id}` matches `^[#]?[0-9]+$` (bare numeric or `#`-prefixed), follow the "SKILL parameter resolver" section of `.agents/rules/task-short-id.md`; treat `{task-id}` as the resolved full `TASK-YYYYMMDD-HHMMSS` form for every downstream command.
 
+## Step Start: Write the started Marker
+
+After prerequisites (step 1) and mode/round (step 4) are confirmed and before this round's first artifact action, append a started marker to task.md `## Activity Log` (same base action as this round's done entry plus a ` [started]` suffix, note `started`):
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Code Task (Round {N}) [started]** by {agent} — started
+```
+
+In fix mode the base must match this round's done entry, i.e. `Code Task (Round {N}, fix for {review-artifact}) [started]`. `ai task log` pairs it with the done entry written on completion (step 10) onto one row (in progress → done). Format and pairing rules: see the "Activity Log started / done dual-marker convention" in `.agents/rules/task-management.md`.
+
 ## Steps
 
 ### 1. Verify Prerequisites

package/templates/.agents/skills/code-task/SKILL.zh-CN.md

@@ -11,6 +11,7 @@ description: "根据技术方案编码任务并输出报告"
 
 - 严格遵循最新方案产物：`plan.md` 或 `plan-r{N}.md`
 - 修复模式逐条核实最新 `review-code` 的发现：成立则修复，判定为不成立/幻觉则在报告中反驳并记入 unresolved；不擅自扩大到审查未列出的问题；env-blocked 项不在修复范围
+- 实现中遇到方案未覆盖的关键设计决策时，按 `.agents/rules/no-mid-flow-questions.md` 判据记录 `[needs-human-decision]` / `HD-` 行，不中途提问或擅自扩范围
 - 绝不自动执行 `git add` 或 `git commit`
 - 每轮实现都创建新的实现产物，不覆盖旧文件
 - 执行本技能后，你**必须**立即更新 task.md
@@ -47,6 +48,16 @@ tail .agents/workspace/active/{task-id}/task.md
 
 > 如果 `{task-id}` 入参匹配 `^[#]?[0-9]+$`（裸数字或带 `#` 前缀），先读取 `.agents/rules/task-short-id.md` 的「SKILL 入参解析」段执行解析；后续命令视 `{task-id}` 为解析后的全长 `TASK-YYYYMMDD-HHMMSS` 形式。
 
+## 步骤开始：写入 started 标记
+
+确认前置条件（步骤 1）与模式/轮次（步骤 4）后、本轮第一个产出动作之前，向 task.md `## 活动日志` 追加一条 started 标记（与本轮 done 条目同基名 + ` [started]` 后缀，note 用 `started`）：
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Code Task (Round {N}) [started]** by {agent} — started
+```
+
+修复模式的基名须与本轮 done 一致，即 `Code Task (Round {N}, fix for {review-artifact}) [started]`。`ai task log` 会把它与步骤完成时（步骤 10）写入的 done 条目配对成一行（进行中 → 已完成）。格式与配对规则见 `.agents/rules/task-management.md` 的「Activity Log started / done 双标记约定」。
+
 ## 执行步骤
 ### 1. 验证前置条件
 

package/templates/.agents/skills/code-task/config/verify.en.json

@@ -35,6 +35,9 @@
       "expected_action_pattern": "(Code Task|Code) \\(Round \\d+(?:, fix for review-code(?:-r\\d+)?\\.md)?\\)",
       "freshness_minutes": 30
     },
+    "review-ledger": {
+      "stage_scope": ["analysis", "plan"]
+    },
     "platform-sync": {
       "when": "issue_number_exists",
       "expected_status_label": "status: in-progress",

package/templates/.agents/skills/code-task/config/verify.zh-CN.json

@@ -35,6 +35,9 @@
       "expected_action_pattern": "(Code Task|Code) \\(Round \\d+(?:, fix for review-code(?:-r\\d+)?\\.md)?\\)",
       "freshness_minutes": 30
     },
+    "review-ledger": {
+      "stage_scope": ["analysis", "plan"]
+    },
     "platform-sync": {
       "when": "issue_number_exists",
       "expected_status_label": "status: in-progress",

package/templates/.agents/skills/code-task/reference/fix-mode.en.md

@@ -4,9 +4,11 @@ Read this file before changing code during fix mode.
 
 ## Plan the Fixes
 
-**Verify each finding first (mandatory before editing)**: for every finding in `{review-artifact}`, Read/Grep the cited `file:line` and the corresponding `git diff` to confirm the issue is real:
-- Holds → include it in the classification and fixes below
-- Unfounded / based on a wrong `file:line` / hallucinated → do not change code; give a counter-argument in the report's `## Per-Finding Verification` section and record it under unresolved issues
+**Verify each finding first (mandatory before editing)**: for every finding in `{review-artifact}`, Read/Grep the cited `file:line` and the corresponding `git diff` to confirm the issue is real, then dispose of it with one of the four states in `.agents/rules/review-handshake.md`, and write the disposition + commensurate evidence back to the matching row in the task.md disagreement ledger (stage=code, round +1; symmetric evidence — every state needs evidence, "accept" is not a zero-cost default):
+- `accepted` → include it in the classification and fixes below; evidence cites the fix `file:line`
+- `adjusted` → use an alternative fix, with rationale; awaits review-code confirmation
+- `refuted` → verification judged it unfounded / a wrong `file:line` / hallucinated → do not change code; give a counter-argument in the report's `## Per-Finding Verification` section; awaits review-code confirmation
+- `cannot-judge` → insufficient evidence to decide; hand to reviewer/human
 - Do not expand fixes to issues the review did not list
 
 Classify and prioritize work:

package/templates/.agents/skills/code-task/reference/fix-mode.zh-CN.md

@@ -4,9 +4,11 @@
 
 ## 规划修复
 
-**先逐条核实（动手前必做）**：对 `{review-artifact}` 的每一条发现，先 Read/Grep 其引用的 `file:line` 与对应 `git diff`，确认问题真实存在：
-- 成立 → 纳入下方分类与修复
-- 不成立 / 基于错误 `file:line` / 幻觉 → 不改代码，在报告 `## 对审查发现的逐条核实` 给出反证，并记入 unresolved issues
+**先逐条核实（动手前必做）**：对 `{review-artifact}` 的每一条发现，先 Read/Grep 其引用的 `file:line` 与对应 `git diff`，确认问题真实存在，再按 `.agents/rules/review-handshake.md` 的四态处置，并把处置 + 相称证据回写 task.md `## 审查分歧账本` 对应行（stage=code，round +1；对称证据：每态都要附证据，"接受"不是零成本默认）：
+- `accepted` → 纳入下方分类与修复，证据指向修复点 `file:line`
+- `adjusted` → 采用替代修法，附理由，待 review-code 复核确认
+- `refuted` → 核实判定不成立 / 基于错误 `file:line` / 幻觉 → 不改代码，在报告 `## 对审查发现的逐条核实` 给出反证，待 review-code 复核确认
+- `cannot-judge` → 证据不足无法判断，交检视方/人工
 - 不擅自把修复扩大到审查未列出的问题
 
 按以下顺序分类并确定优先级：

package/templates/.agents/skills/code-task/reference/report-template.en.md

@@ -64,11 +64,11 @@ $ {command}
 
 ## Per-Finding Verification
 
-> Fix mode only; for an initial implementation write "(initial implementation this round, no review findings)". Read/Grep-verify each finding of the previous `review-code` before acting on it.
+> Fix mode only; for an initial implementation write "(initial implementation this round, no review findings)". Read/Grep-verify each finding of the previous `review-code`, then dispose of it with one of the four states in `.agents/rules/review-handshake.md`; write the disposition and **commensurate evidence** back to the matching row in the task.md disagreement ledger (stage=code, round +1). Symmetric evidence: accepted/adjusted cite the fix `file:line`; refuted/cannot-judge cite counter-evidence `file:line` or raw command output.
 
-| Finding | Reproduced? | Disposition (fix / rebut) |
-|------|----------|----------------------|
-| {finding} | {yes/no, with file:line or command} | {fix note, or counter-argument + recorded under unresolved} |
+| Finding | Disposition | Commensurate evidence |
+|------|----------|----------|
+| {finding} | {accepted / adjusted / refuted / cannot-judge} | {fix file:line, or counter-evidence file:line / raw command output} |
 
 ## Items for Review
 

package/templates/.agents/skills/code-task/reference/report-template.zh-CN.md

@@ -64,11 +64,11 @@ $ {command}
 
 ## 对审查发现的逐条核实
 
-> 仅修复模式填写；初次实现写「（本轮为初次实现，无审查发现）」。对上一轮 `review-code` 的每条发现先 Read/Grep 核实再处置。
+> 仅修复模式填写；初次实现写「（本轮为初次实现，无审查发现）」。对上一轮 `review-code` 的每条发现先 Read/Grep 核实，再按 `.agents/rules/review-handshake.md` 的四态处置；并把处置与**相称证据**回写 task.md `## 审查分歧账本` 对应行（stage=code，round +1）。对称证据：accepted/adjusted 附修复点 file:line，refuted/cannot-judge 附反证 file:line 或命令原文。
 
-| 发现 | 是否复现 | 处置（修复 / 反驳） |
-|------|----------|----------------------|
-| {finding} | {是/否，附 file:line 或命令} | {修复说明，或反证 + 记入 unresolved} |
+| 发现 | 处置状态 | 相称证据 |
+|------|----------|----------|
+| {finding} | {accepted / adjusted / refuted / cannot-judge} | {修复点 file:line，或反证 file:line / 命令原文} |
 
 ## 供审查关注的内容
 

package/templates/.agents/skills/code-task/scripts/detect-mode.js

@@ -2,6 +2,8 @@ import fs from "node:fs";
 import path from "node:path";
 import process from "node:process";
 
+import { artifactName, maxRound, parseVerdict } from "../../../scripts/lib/review-artifacts.js";
+
 function main() {
   const taskDir = process.argv[2];
   if (!taskDir) {
@@ -170,26 +172,6 @@ function main() {
   }
 }
 
-function maxRound(entries, stem) {
-  let max = 0;
-  for (const entry of entries) {
-    if (entry === `${stem}.md`) {
-      max = Math.max(max, 1);
-      continue;
-    }
-
-    const match = entry.match(new RegExp(`^${escapeRegExp(stem)}-r(\\d+)\\.md$`));
-    if (match) {
-      max = Math.max(max, Number(match[1]));
-    }
-  }
-  return max;
-}
-
-function artifactName(stem, round) {
-  return round === 1 ? `${stem}.md` : `${stem}-r${round}.md`;
-}
-
 function checkPlanAheadOfCode({ resolvedTaskDir, codeMax, planMax, reviewPlanMax }) {
   if (planMax === 0 || reviewPlanMax === 0) {
     return { replan: false };
@@ -275,96 +257,9 @@ function safeStat(filePath) {
   }
 }
 
-function parseVerdict(reviewPath) {
-  if (!fs.existsSync(reviewPath)) {
-    return { ok: false, verdict: null, message: `Review artifact not found: ${path.basename(reviewPath)}` };
-  }
-
-  const content = fs.readFileSync(reviewPath, "utf8");
-  const summary = extractSection(content, ["审查摘要", "Review Summary"]);
-  const fileName = path.basename(reviewPath);
-  if (!summary) {
-    return { ok: false, verdict: null, message: `cannot locate review summary section in ${fileName}` };
-  }
-
-  const verdictMatch = summary.match(/^[-*]?\s*\*\*(?:总体结论|Overall Verdict)\*\*[:：]\s*(.+?)\s*$/im);
-  if (!verdictMatch) {
-    return { ok: false, verdict: null, message: `cannot parse verdict in ${fileName}` };
-  }
-
-  const verdict = normalizeVerdict(verdictMatch[1]);
-  if (!verdict) {
-    return {
-      ok: false,
-      verdict: null,
-      message: `unrecognized verdict '${verdictMatch[1].trim()}' in ${fileName}`
-    };
-  }
-
-  if (verdict !== "Approved") {
-    return { ok: true, verdict };
-  }
-
-  const findingsMatch = summary.match(/^[-*]?\s*\*\*(?:发现（AI 可处理）|Findings \(AI-actionable\))\*\*[:：]\s*(.+?)\s*$/im);
-  if (!findingsMatch) {
-    return { ok: false, verdict, message: `cannot parse findings count in ${fileName}` };
-  }
-
-  const counts = findingsMatch[1].match(/(\d+)\s*(?:阻塞项|blockers?).*?(\d+)\s*(?:主要|majors?).*?(\d+)\s*(?:次要|minors?)/i);
-  if (!counts) {
-    return { ok: false, verdict, message: `cannot parse findings count in ${fileName}` };
-  }
-
-  const [, blockers, majors, minors] = counts.map(Number);
-  return {
-    ok: true,
-    verdict: blockers === 0 && majors === 0 && minors === 0 ? "Approved" : "Approved-with-issues"
-  };
-}
-
-function normalizeVerdict(raw) {
-  const value = String(raw).trim().toLowerCase();
-  if (value === "通过" || value === "approved") {
-    return "Approved";
-  }
-  if (value === "需要修改" || value === "changes requested") {
-    return "Changes Requested";
-  }
-  if (value === "拒绝" || value === "rejected") {
-    return "Rejected";
-  }
-  return "";
-}
-
-function extractSection(content, names) {
-  const lines = content.split(/\r?\n/);
-  const nameSet = new Set(names);
-  const start = lines.findIndex((line) => {
-    const match = line.trim().match(/^##\s+(.+?)\s*$/);
-    return match ? nameSet.has(match[1]) : false;
-  });
-
-  if (start === -1) {
-    return "";
-  }
-
-  const sectionLines = [];
-  for (let index = start + 1; index < lines.length; index += 1) {
-    if (/^##\s+/.test(lines[index])) {
-      break;
-    }
-    sectionLines.push(lines[index]);
-  }
-  return sectionLines.join("\n");
-}
-
 function writeResult(result, code) {
   process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
   process.exitCode = code;
 }
 
-function escapeRegExp(value) {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-
 main();

package/templates/.agents/skills/commit/SKILL.en.md

@@ -21,6 +21,16 @@ When updating related `task.md` frontmatter, read `.agents/rules/version-stamp.m
 
 > If `{task-id}` matches `^[#]?[0-9]+$` (bare numeric or `#`-prefixed), follow the "SKILL parameter resolver" section of `.agents/rules/task-short-id.md`; treat `{task-id}` as the resolved full `TASK-YYYYMMDD-HHMMSS` form for every downstream command.
 
+## Step Start: Write the started Marker
+
+Before checking local modifications, append a started marker to task.md `## Activity Log` (same base action as this step's done entry plus a ` [started]` suffix, note `started`):
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Commit [started]** by {agent} — started
+```
+
+`ai task log` pairs it with the done entry written when the commit completes onto one row (in progress → done). Format and pairing rules: see the "Activity Log started / done dual-marker convention" in `.agents/rules/task-management.md`. Only write it when this task has a task.md (a bare commit with no task context may skip it).
+
 ## 1. Check Local Modifications (CRITICAL)
 
 Before any edit, inspect:
@@ -48,6 +58,12 @@ Review status, diff, and recent history, then prepare a Conventional Commit with
 
 Stage specific files only and run `git commit` with the prepared message.
 
+If this commit is associated with a task and a `review-code` artifact exists, read the highest-round `review-code` artifact before committing:
+- If that artifact's `Overall Verdict` / `总体结论` is Approved, parse `Review Baseline Commit` / `审查基线提交` as `R`, and `Reviewed Diff Fingerprint` / `审查差异指纹` as `F`
+- After staging the explicit files, run `node .agents/scripts/review-diff-fingerprint.js staged <R>` to get `S`, and record `pre_head=$(git rev-parse HEAD)`
+- After committing, write `last_reviewed_commit: <new_head>` to task.md frontmatter only when `pre_head == R` and `S == F`; otherwise do not advance that field
+- Do not scan backward to earlier Approved artifacts; the highest-round `review-code` artifact is the only authoritative source
+
 ## 5. Update Task Status When Applicable
 
 Get the current time:

package/templates/.agents/skills/commit/SKILL.zh-CN.md

@@ -21,6 +21,16 @@ description: "提交当前变更到 Git"
 
 > 如果 `{task-id}` 入参匹配 `^[#]?[0-9]+$`（裸数字或带 `#` 前缀），先读取 `.agents/rules/task-short-id.md` 的「SKILL 入参解析」段执行解析；后续命令视 `{task-id}` 为解析后的全长 `TASK-YYYYMMDD-HHMMSS` 形式。
 
+## 步骤开始：写入 started 标记
+
+开始检查本地修改之前，向 task.md `## 活动日志` 追加一条 started 标记（与本步骤 done 条目同基名 + ` [started]` 后缀，note 用 `started`）：
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Commit [started]** by {agent} — started
+```
+
+`ai task log` 会把它与提交完成时写入的 done 条目配对成一行（进行中 → 已完成）。格式与配对规则见 `.agents/rules/task-management.md` 的「Activity Log started / done 双标记约定」。仅当本任务存在 task.md 时写入（无任务上下文的纯提交可跳过）。
+
 ## 1. 检查本地修改（关键）
 
 在任何编辑前先检查：
@@ -48,6 +58,12 @@ git diff
 
 只暂存明确列出的文件，然后执行 `git commit`。
 
+如果本次提交关联任务且存在 `review-code` 产物，在提交前读取最高轮 `review-code` 产物：
+- 若该产物 `总体结论` / `Overall Verdict` 为 Approved，解析 `审查基线提交` / `Review Baseline Commit` 为 `R`，解析 `审查差异指纹` / `Reviewed Diff Fingerprint` 为 `F`
+- 暂存明确文件后运行 `node .agents/scripts/review-diff-fingerprint.js staged <R>` 得到 `S`，并记录 `pre_head=$(git rev-parse HEAD)`
+- 提交后仅当 `pre_head == R` 且 `S == F` 时，在 task.md frontmatter 写入 `last_reviewed_commit: <new_head>`；否则不推进该字段
+- 不向后扫描更早的 Approved 产物；最高轮 `review-code` 产物是唯一权威来源
+
 ## 5. 按需更新任务状态
 
 获取当前时间：

package/templates/.agents/skills/commit/reference/task-status-update.en.md

@@ -18,6 +18,14 @@ For every task-related commit, append this Activity Log entry in `task.md`:
 - {YYYY-MM-DD HH:mm:ss±HH:MM} — **Commit** by {agent} — {commit hash short} {commit subject}
 ```
 
+If the commit stage confirmed that the highest-round `review-code` artifact is Approved, `pre_head` equals its review baseline commit `R`, and the staged diff fingerprint `S` equals its reviewed diff fingerprint `F`, also write or refresh:
+
+```yaml
+last_reviewed_commit: {new_head}
+```
+
+This field is the preferred baseline for the `complete-task` `post-review-commit` gate. When any condition is not met, do not write or advance it.
+
 Before selecting the next step, verify:
 - `current_step` and the latest workflow progress in `task.md`
 - whether the latest `review-code.md` / `review-code-r{N}.md` passed without findings

package/templates/.agents/skills/commit/reference/task-status-update.zh-CN.md

@@ -18,6 +18,14 @@ date "+%Y-%m-%d %H:%M:%S%:z"
 - {YYYY-MM-DD HH:mm:ss±HH:MM} — **Commit** by {agent} — {commit hash short} {commit subject}
 ```
 
+如果提交阶段已确认最高轮 `review-code` 产物 Approved、`pre_head` 等于其审查基线提交 `R`、且 staged 差异指纹 `S` 等于其审查差异指纹 `F`，同时写入或刷新：
+
+```yaml
+last_reviewed_commit: {new_head}
+```
+
+该字段是 `complete-task` 的 `post-review-commit` gate 优先 baseline。条件不满足时不要写入或推进该字段。
+
 在决定下一步之前，先确认：
 - `task.md` 中的 `current_step` 和最新工作流进度
 - 最新的 `review-code.md` / `review-code-r{N}.md` 是否无问题通过

package/templates/.agents/skills/complete-task/SKILL.en.md

@@ -30,6 +30,16 @@ Before the state check is complete, do not make external-state assertions such a
 
 > If `{task-id}` matches `^[#]?[0-9]+$` (bare numeric or `#`-prefixed), follow the "SKILL parameter resolver" section of `.agents/rules/task-short-id.md`; treat `{task-id}` as the resolved full `TASK-YYYYMMDD-HHMMSS` form for every downstream command.
 
+## Step Start: Write the started Marker
+
+After confirming the task exists and before this round's first artifact action, append a started marker to task.md `## Activity Log` (same base action as this round's done entry plus a ` [started]` suffix, note `started`):
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Complete Task [started]** by {agent} — started
+```
+
+`ai task log` pairs it with the done entry written on completion onto one row (in progress → done). Format and pairing rules: see the "Activity Log started / done dual-marker convention" in `.agents/rules/task-management.md`.
+
 ## Steps
 
 ### 1. Verify Task Exists
@@ -77,6 +87,16 @@ Before marking complete, verify ALL of these:
 - [ ] Code has been reviewed (`review-code.md` or `review-code-r{N}.md` exists, and the latest review verdict is Approved; or review was done externally)
 - [ ] Code has been committed (no uncommitted changes related to this task)
 - [ ] Tests are passing
+- [ ] The disagreement ledger has no unclosed disagreements and there are no un-re-reviewed post-review commits (mechanically checked by the "Pre-completion hard gate" below)
+
+**Pre-completion hard gate (run BEFORE moving the directory or releasing the short id)**: the Step 7 `gate complete-task` runs only after the directory has been `mv`-ed to `completed/` and the short id released; to avoid a gate failure occurring after those irreversible operations, run the two new completion gates on the **active directory** first:
+
+```bash
+node .agents/scripts/validate-artifact.js check review-ledger .agents/workspace/active/{task-id} --skill complete-task --format text
+node .agents/scripts/validate-artifact.js check post-review-commit .agents/workspace/active/{task-id} --skill complete-task --format text
+```
+
+A non-zero exit from either (fail/blocked) -> treat as an unmet prerequisite and **stop**, do not run Steps 3-7. `--force` does **NOT** lift this hard gate: unclosed disagreements must first be closed in the ledger (`confirmed`/`closed`/`human-decided`), and un-re-reviewed post-review commits must be re-reviewed via `review-code` or covered by a `post-review-commit` / `human-decided` exemption row in the ledger.
 
 > **⚠️ Prerequisite Branch Check — you must decide whether to continue or stop before proceeding:**
 >

package/templates/.agents/skills/complete-task/SKILL.zh-CN.md

@@ -30,6 +30,16 @@ tail .agents/workspace/active/{task-id}/task.md
 
 > 如果 `{task-id}` 入参匹配 `^[#]?[0-9]+$`（裸数字或带 `#` 前缀），先读取 `.agents/rules/task-short-id.md` 的「SKILL 入参解析」段执行解析；后续命令视 `{task-id}` 为解析后的全长 `TASK-YYYYMMDD-HHMMSS` 形式。
 
+## 步骤开始：写入 started 标记
+
+确认任务存在后、本轮第一个产出动作之前，向 task.md `## 活动日志` 追加一条 started 标记（与本轮 done 条目同基名 + ` [started]` 后缀，note 用 `started`）：
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Complete Task [started]** by {agent} — started
+```
+
+`ai task log` 会把它与完成时写入的 done 条目配对成一行（进行中 → 已完成）。格式与配对规则见 `.agents/rules/task-management.md` 的「Activity Log started / done 双标记约定」。
+
 ## 执行步骤
 ### 1. 验证任务存在
 
@@ -76,6 +86,16 @@ tail .agents/workspace/active/{task-id}/task.md
 - [ ] 代码已审查（`review-code.md` 或 `review-code-r{N}.md` 存在，且最新审查结论为 Approved；或已在外部完成审查）
 - [ ] 代码已提交（没有与此任务相关的未提交变更）
 - [ ] 测试通过
+- [ ] 审查分歧账本无未关闭分歧，且无未复审的 post-review 提交（由下方「预完成硬门禁」机械校验）
+
+**预完成硬门禁（在移动目录、释放短号之前运行）**：步骤 7 的 `gate complete-task` 在目录已 `mv` 到 `completed/`、短号已释放之后才运行；为避免门禁失败发生在不可逆操作之后，必须在 **active 目录**上预先运行新增的两项完成门禁：
+
+```bash
+node .agents/scripts/validate-artifact.js check review-ledger .agents/workspace/active/{task-id} --skill complete-task --format text
+node .agents/scripts/validate-artifact.js check post-review-commit .agents/workspace/active/{task-id} --skill complete-task --format text
+```
+
+任一退出码非 0（fail/blocked）→ 按前置条件未满足处理，**停止**，不执行步骤 3-7。`--force` **不解除**本硬门禁：未关闭分歧必须先在账本闭合（`confirmed`/`closed`/`human-decided`），未复审 post-review 提交必须重新 `review-code` 或在账本追加 `post-review-commit` / `human-decided` 豁免行。
 
 > **⚠️ 前置条件分支判断 — 你必须先判断“继续”还是“停止”：**
 >

package/templates/.agents/skills/complete-task/config/verify.en.json

@@ -24,6 +24,8 @@
     "completion-checklist": {
       "require_all_checked": true
     },
+    "review-ledger": {},
+    "post-review-commit": {},
     "platform-sync": {
       "when": "issue_number_exists",
       "expected_comment_marker": "<!-- sync-issue:{task-id}:summary -->",

package/templates/.agents/skills/complete-task/config/verify.zh-CN.json

@@ -24,6 +24,8 @@
     "completion-checklist": {
       "require_all_checked": true
     },
+    "review-ledger": {},
+    "post-review-commit": {},
     "platform-sync": {
       "when": "issue_number_exists",
       "expected_comment_marker": "<!-- sync-issue:{task-id}:summary -->",

package/templates/.agents/skills/create-pr/SKILL.en.md

@@ -15,6 +15,16 @@ Version stamp rule: when creating or updating `task.md` frontmatter, read `.agen
 
 > If `{task-id}` matches `^[#]?[0-9]+$` (bare numeric or `#`-prefixed), follow the "SKILL parameter resolver" section of `.agents/rules/task-short-id.md`; treat `{task-id}` as the resolved full `TASK-YYYYMMDD-HHMMSS` form for every downstream command.
 
+## Step Start: Write the started Marker
+
+After the pre-flight gate and prerequisites pass and before this step's first artifact action, append a started marker to task.md `## Activity Log` (same base action as this step's done entry plus a ` [started]` suffix, note `started`). Only write it when an associated `{task-id}` / task.md exists:
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Create PR [started]** by {agent} — started
+```
+
+`ai task log` pairs it with the done entry written on completion onto one row (in progress → done). See the "Activity Log started / done dual-marker convention" in `.agents/rules/task-management.md`.
+
 ## Execution Flow
 
 ### Pre-gate: Project-level PR Flow Check
@@ -128,7 +138,16 @@ Next step - Watch PR checks (auto self-heal until required checks are green):
   - Codex CLI: $watch-pr {task-ref}
 ```
 
-Once green, `watch-pr` then guides toward `complete-task {task-ref}`.
+Alternatively, to skip CI monitoring and archive the task right away, use `complete-task` instead:
+
+```
+Next step (alternative) - Skip monitoring and archive the task directly:
+  - Claude Code / OpenCode: /complete-task {task-ref}
+  - Gemini CLI: /agent-infra:complete-task {task-ref}
+  - Codex CLI: $complete-task {task-ref}
+```
+
+`watch-pr` is the primary path; once checks are green it guides you toward `complete-task {task-ref}`. Run the `complete-task` block above directly only when you intend to skip monitoring — the two are not equivalent.
 
 ## Notes
 

package/templates/.agents/skills/create-pr/SKILL.zh-CN.md

@@ -15,6 +15,16 @@ description: "创建 Pull Request 到目标分支"
 
 > 如果 `{task-id}` 入参匹配 `^[#]?[0-9]+$`（裸数字或带 `#` 前缀），先读取 `.agents/rules/task-short-id.md` 的「SKILL 入参解析」段执行解析；后续命令视 `{task-id}` 为解析后的全长 `TASK-YYYYMMDD-HHMMSS` 形式。
 
+## 步骤开始：写入 started 标记
+
+通过前置门控、确认前置条件后、本步骤第一个产出动作之前，向 task.md `## 活动日志` 追加一条 started 标记（与本步骤 done 条目同基名 + ` [started]` 后缀，note 用 `started`）。仅当存在关联 `{task-id}` / task.md 时写入：
+
+```
+- {YYYY-MM-DD HH:mm:ss±HH:MM} — **Create PR [started]** by {agent} — started
+```
+
+`ai task log` 会把它与完成时写入的 done 条目配对成一行（进行中 → 已完成）。约定见 `.agents/rules/task-management.md` 的「Activity Log started / done 双标记约定」。
+
 ## 执行流程
 
 ### 前置门控：项目级 PR 流程检查
@@ -128,7 +138,16 @@ node .agents/scripts/validate-artifact.js gate create-pr .agents/workspace/activ
   - Codex CLI：$watch-pr {task-ref}
 ```
 
-`watch-pr` 全绿后会再引导 `complete-task {task-ref}`。
+或者，若想跳过 CI 监控、直接归档任务，改用 `complete-task`：
+
+```
+下一步（备选）- 跳过监控、直接归档任务：
+  - Claude Code / OpenCode：/complete-task {task-ref}
+  - Gemini CLI：/agent-infra:complete-task {task-ref}
+  - Codex CLI：$complete-task {task-ref}
+```
+
+`watch-pr` 为主路径，全绿后会再引导 `complete-task {task-ref}`；上面的 `complete-task` 备选块仅用于跳过 CI 监控、直接归档——两者并不等价。
 
 ## 注意事项
 

package/templates/.agents/skills/create-pr/reference/comment-publish.en.md

@@ -9,7 +9,7 @@ Read this file before creating or updating the single reviewer-facing PR summary
 - Generate or update the `<!-- sync-pr:{task-id}:summary -->` comment with the canonical template from `.agents/rules/pr-sync.md`
 - When a matching summary comment already exists, PATCH only when the body changed; otherwise skip the write
 - In this skill, summary sync failures follow the existing `create-pr` error handling and must not roll back an already-created PR
-- Populate the "Manual Verification Required" section per the aggregation rules in `.agents/rules/pr-sync.md` (sources: plan assumptions/open questions, review-code "Environment-Blocked Findings"/"Self-Doubt"); write the explicit placeholder when there are none
+- Populate `{manual-verify-section}` per the aggregation rules in `.agents/rules/pr-sync.md`: include only post-code-stage checks that the AI cannot close on its own and that require a human to execute or judge; sources are `review-code*` "Environment-Blocked Findings" plus `code*` items that satisfy the admission boundary; each item must state "what to verify + location + why only a human can verify it". Render in two branches: **with retained items** → `### ⚠️ Manual Verification Required` heading + item list; **with none** → `### ✅ No Manual Verification Needed` heading + a single line (no ⚠️, no old list placeholder)
 
 ## Result Reporting
 

package/templates/.agents/skills/create-pr/reference/comment-publish.zh-CN.md

@@ -9,7 +9,7 @@
 - 按 `.agents/rules/pr-sync.md` 中的唯一权威模板生成或更新 `<!-- sync-pr:{task-id}:summary -->` 评论
 - PR 已存在同标记评论时，只在正文变化时 PATCH；否则跳过写入
 - 本 skill 中，摘要同步失败沿用 `create-pr` 的现有错误处理，不回滚已经创建的 PR
-- 按 `.agents/rules/pr-sync.md` 的聚合规则填充「需人工校验」段落（来源：plan 假设/未决问题、review-code 环境性遗留/自我质疑）；无事项时写显式占位
+- 按 `.agents/rules/pr-sync.md` 的聚合规则填充 `{manual-verify-section}`：只收进入 code 阶段后 AI 无法自行关闭、需要人实际执行或判断的校验点；来源为 `review-code*` 的「环境性遗留」以及 `code*` 中满足准入边界的校验点；每条写明「校验什么 + 定位 + 为什么只能由人校验」。按两分支渲染：**有保留项** → `### ⚠️ 需人工校验` 标题 + 条目列表；**无保留项** → `### ✅ 无需人工校验` 标题 + 单行说明（不带 ⚠️、不写旧的列表占位）
 
 ## 结果回传
 

package/templates/.agents/skills/create-release-note/SKILL.en.md

@@ -160,7 +160,21 @@ Ask:
 
 ### 9. Publish the Release Notes (If Confirmed)
 
-Write the notes by following the "Publish the Release Notes" command in `.agents/rules/release-commands.md` (it updates the Release already created and published by the release workflow, falling back to creating it if missing).
+9.1 Write the generated notes to a temp file **outside the working tree** so no uncommitted artifact is left behind in the repo (do not write into `.agents/workspace/` or any version-controlled directory):
+
+```bash
+NOTES_FILE="$(mktemp "${TMPDIR:-/tmp}/agent-infra-release-notes.XXXXXX")"
+```
+
+Write the notes content to `$NOTES_FILE`.
+
+9.2 Publish by following the "Publish the Release Notes" command in `.agents/rules/release-commands.md` (use `$NOTES_FILE` for `{notes-file}`; it updates the Release already created and published by the release workflow, falling back to creating it if missing).
+
+9.3 Remove the temp file whether publishing succeeds or fails:
+
+```bash
+rm -f "$NOTES_FILE"
+```
 
 Output:
 ```
@@ -179,6 +193,7 @@ The notes have been written to the Release. Edit further at the URL above if nee
 2. **Tags must exist**: Run the release skill first to create tags
 3. **Release auto-published**: the `v{version}` Release is created and published by the release workflow (the upload target for Homebrew bottles); this skill writes/refreshes the notes on that Release
 4. **Classification accuracy**: Auto-classification is based on title/scope/files; complex PRs may need manual adjustment
+5. **No leftover artifacts**: Always write notes to a temp file outside the working tree (`mktemp`) and delete it after publishing; never write into the repo directory
 
 ## Error Handling