@harness-engineering/cli 1.25.4 → 1.25.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/dist/agents/skills/claude-code/enforce-architecture/SKILL.md +12 -0
  2. package/dist/agents/skills/claude-code/harness-api-design/SKILL.md +12 -0
  3. package/dist/agents/skills/claude-code/harness-architecture-advisor/SKILL.md +12 -0
  4. package/dist/agents/skills/claude-code/harness-auth/SKILL.md +12 -0
  5. package/dist/agents/skills/claude-code/harness-code-review/SKILL.md +30 -6
  6. package/dist/agents/skills/claude-code/harness-database/SKILL.md +12 -0
  7. package/dist/agents/skills/claude-code/harness-debugging/SKILL.md +38 -6
  8. package/dist/agents/skills/claude-code/harness-deployment/SKILL.md +12 -0
  9. package/dist/agents/skills/claude-code/harness-execution/SKILL.md +30 -6
  10. package/dist/agents/skills/claude-code/harness-planning/SKILL.md +20 -9
  11. package/dist/agents/skills/claude-code/harness-pre-commit-review/SKILL.md +59 -6
  12. package/dist/agents/skills/claude-code/harness-refactoring/SKILL.md +28 -7
  13. package/dist/agents/skills/claude-code/harness-security-scan/SKILL.md +12 -0
  14. package/dist/agents/skills/claude-code/harness-skill-authoring/SKILL.md +43 -8
  15. package/dist/agents/skills/claude-code/harness-soundness-review/SKILL.md +59 -7
  16. package/dist/agents/skills/claude-code/harness-tdd/SKILL.md +21 -0
  17. package/dist/agents/skills/claude-code/harness-verification/SKILL.md +31 -6
  18. package/dist/agents/skills/codex/enforce-architecture/SKILL.md +12 -0
  19. package/dist/agents/skills/codex/harness-api-design/SKILL.md +12 -0
  20. package/dist/agents/skills/codex/harness-architecture-advisor/SKILL.md +12 -0
  21. package/dist/agents/skills/codex/harness-auth/SKILL.md +12 -0
  22. package/dist/agents/skills/codex/harness-code-review/SKILL.md +30 -6
  23. package/dist/agents/skills/codex/harness-database/SKILL.md +12 -0
  24. package/dist/agents/skills/codex/harness-debugging/SKILL.md +38 -6
  25. package/dist/agents/skills/codex/harness-deployment/SKILL.md +12 -0
  26. package/dist/agents/skills/codex/harness-execution/SKILL.md +30 -6
  27. package/dist/agents/skills/codex/harness-planning/SKILL.md +20 -9
  28. package/dist/agents/skills/codex/harness-pre-commit-review/SKILL.md +59 -6
  29. package/dist/agents/skills/codex/harness-refactoring/SKILL.md +28 -7
  30. package/dist/agents/skills/codex/harness-security-scan/SKILL.md +12 -0
  31. package/dist/agents/skills/codex/harness-skill-authoring/SKILL.md +43 -8
  32. package/dist/agents/skills/codex/harness-soundness-review/SKILL.md +59 -7
  33. package/dist/agents/skills/codex/harness-tdd/SKILL.md +21 -0
  34. package/dist/agents/skills/codex/harness-verification/SKILL.md +31 -6
  35. package/dist/agents/skills/cursor/enforce-architecture/SKILL.md +12 -0
  36. package/dist/agents/skills/cursor/harness-api-design/SKILL.md +12 -0
  37. package/dist/agents/skills/cursor/harness-architecture-advisor/SKILL.md +12 -0
  38. package/dist/agents/skills/cursor/harness-auth/SKILL.md +12 -0
  39. package/dist/agents/skills/cursor/harness-code-review/SKILL.md +30 -6
  40. package/dist/agents/skills/cursor/harness-database/SKILL.md +12 -0
  41. package/dist/agents/skills/cursor/harness-debugging/SKILL.md +38 -6
  42. package/dist/agents/skills/cursor/harness-deployment/SKILL.md +12 -0
  43. package/dist/agents/skills/cursor/harness-execution/SKILL.md +30 -6
  44. package/dist/agents/skills/cursor/harness-planning/SKILL.md +20 -9
  45. package/dist/agents/skills/cursor/harness-pre-commit-review/SKILL.md +59 -6
  46. package/dist/agents/skills/cursor/harness-refactoring/SKILL.md +28 -7
  47. package/dist/agents/skills/cursor/harness-security-scan/SKILL.md +12 -0
  48. package/dist/agents/skills/cursor/harness-skill-authoring/SKILL.md +43 -8
  49. package/dist/agents/skills/cursor/harness-soundness-review/SKILL.md +59 -7
  50. package/dist/agents/skills/cursor/harness-tdd/SKILL.md +21 -0
  51. package/dist/agents/skills/cursor/harness-verification/SKILL.md +31 -6
  52. package/dist/agents/skills/gemini-cli/enforce-architecture/SKILL.md +12 -0
  53. package/dist/agents/skills/gemini-cli/harness-api-design/SKILL.md +12 -0
  54. package/dist/agents/skills/gemini-cli/harness-architecture-advisor/SKILL.md +12 -0
  55. package/dist/agents/skills/gemini-cli/harness-auth/SKILL.md +12 -0
  56. package/dist/agents/skills/gemini-cli/harness-code-review/SKILL.md +30 -6
  57. package/dist/agents/skills/gemini-cli/harness-database/SKILL.md +12 -0
  58. package/dist/agents/skills/gemini-cli/harness-debugging/SKILL.md +38 -6
  59. package/dist/agents/skills/gemini-cli/harness-deployment/SKILL.md +12 -0
  60. package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +30 -6
  61. package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +20 -9
  62. package/dist/agents/skills/gemini-cli/harness-pre-commit-review/SKILL.md +59 -6
  63. package/dist/agents/skills/gemini-cli/harness-refactoring/SKILL.md +28 -7
  64. package/dist/agents/skills/gemini-cli/harness-security-scan/SKILL.md +12 -0
  65. package/dist/agents/skills/gemini-cli/harness-skill-authoring/SKILL.md +43 -8
  66. package/dist/agents/skills/gemini-cli/harness-soundness-review/SKILL.md +59 -7
  67. package/dist/agents/skills/gemini-cli/harness-tdd/SKILL.md +21 -0
  68. package/dist/agents/skills/gemini-cli/harness-verification/SKILL.md +31 -6
  69. package/dist/{agents-md-MCUM4SIZ.js → agents-md-2PYJM2MK.js} +3 -3
  70. package/dist/{architecture-HNIO6AUX.js → architecture-VCLB7A23.js} +4 -4
  71. package/dist/{assess-project-6MV5TNY3.js → assess-project-64C6LIKN.js} +1 -1
  72. package/dist/bin/harness-mcp.js +16 -15
  73. package/dist/bin/harness.js +27 -115
  74. package/dist/business-knowledge-6RHYJOB3.js +7 -0
  75. package/dist/{check-phase-gate-VCBQHQAC.js → check-phase-gate-RT6PGEHY.js} +4 -4
  76. package/dist/{chunk-MI6MA6OP.js → chunk-42ZZLMYD.js} +169 -118
  77. package/dist/{chunk-BUYW3SA2.js → chunk-43VBX44J.js} +219 -107
  78. package/dist/{chunk-UV3BZMGT.js → chunk-4YEBV2FT.js} +2 -2
  79. package/dist/{chunk-5BQ5BOJL.js → chunk-7BAGSY5Q.js} +1 -1
  80. package/dist/{chunk-FSNPBT74.js → chunk-BUJOMC3O.js} +1 -1
  81. package/dist/{chunk-M55DGGF3.js → chunk-CBZECDCW.js} +5 -5
  82. package/dist/{chunk-XTITAVUR.js → chunk-EY6F2QXW.js} +1 -1
  83. package/dist/{chunk-6VZQJ5CX.js → chunk-FL6A72LV.js} +1 -1
  84. package/dist/{chunk-CXJTVICF.js → chunk-JQCS75DY.js} +4 -4
  85. package/dist/{chunk-WIQA4BSH.js → chunk-JUXFYB2K.js} +1 -1
  86. package/dist/{chunk-FES2YEQU.js → chunk-KJC4SE7C.js} +9 -9
  87. package/dist/{chunk-4NK7Z3BP.js → chunk-R2BI5UPK.js} +1 -1
  88. package/dist/{chunk-2KZAXESR.js → chunk-R7P2FMJT.js} +360 -183
  89. package/dist/chunk-RC5ZY3EV.js +82 -0
  90. package/dist/{chunk-K2SON7TI.js → chunk-RDQGCHKD.js} +252 -57
  91. package/dist/{chunk-EHRZMOQ2.js → chunk-RKZW3FDF.js} +1 -1
  92. package/dist/{chunk-BOQRTARD.js → chunk-SMY35HJM.js} +1 -1
  93. package/dist/{chunk-UQZBZINS.js → chunk-SZZ5UQL7.js} +6 -6
  94. package/dist/{chunk-AT74HEQM.js → chunk-U2OMWI7Z.js} +1 -1
  95. package/dist/{chunk-P7PANON5.js → chunk-VELT5VAG.js} +1 -1
  96. package/dist/{chunk-YTP2UDPV.js → chunk-WEOGCL7B.js} +3 -3
  97. package/dist/{chunk-TYV4EUAD.js → chunk-X2JJ3CPG.js} +8 -8
  98. package/dist/{chunk-GEEYCQDS.js → chunk-XLO4AXXM.js} +9 -9
  99. package/dist/{chunk-47N6R2F4.js → chunk-XMEEYMGE.js} +1 -1
  100. package/dist/{chunk-FIQL2HND.js → chunk-Y5JA4J2M.js} +2 -2
  101. package/dist/{chunk-F23H3U5U.js → chunk-ZAKUCM7O.js} +2 -2
  102. package/dist/{ci-workflow-RTM7VVTD.js → ci-workflow-SZL3KVUK.js} +3 -3
  103. package/dist/{dist-RADHOOXG.js → dist-GRW3X2ZQ.js} +3 -1
  104. package/dist/{dist-WCSJHQPK.js → dist-T3DGV5UN.js} +16 -2
  105. package/dist/{docs-UBOGGHTY.js → docs-WDLJORLK.js} +4 -4
  106. package/dist/{engine-MJJAP5CH.js → engine-2YWYRCKK.js} +3 -3
  107. package/dist/{entropy-EMSXF2PX.js → entropy-PJGTOORX.js} +3 -3
  108. package/dist/{feedback-ZLUX72HD.js → feedback-M5KCJKL2.js} +1 -1
  109. package/dist/{generate-agent-definitions-AWLPJ27C.js → generate-agent-definitions-MFDW6LZT.js} +4 -4
  110. package/dist/{graph-loader-JHQVQRUS.js → graph-loader-QMKXT454.js} +1 -1
  111. package/dist/hooks/telemetry-reporter.js +22 -1
  112. package/dist/index.d.ts +5 -5
  113. package/dist/index.js +26 -25
  114. package/dist/{loader-JVSJZSWZ.js → loader-6O52FYHE.js} +3 -3
  115. package/dist/{mcp-JZ7YB7TD.js → mcp-GGNFWKVC.js} +16 -15
  116. package/dist/{performance-7AGWJUY4.js → performance-337U5URQ.js} +4 -4
  117. package/dist/{review-pipeline-ZWVQJTJX.js → review-pipeline-DB5RD4SN.js} +3 -3
  118. package/dist/{runtime-D6YUQPP2.js → runtime-B74EN2WD.js} +3 -3
  119. package/dist/{scan-MPJ6JHUY.js → scan-DXQUHGTT.js} +1 -1
  120. package/dist/{security-JLZUAQYT.js → security-3AYN6FVU.js} +1 -1
  121. package/dist/{validate-TIIHRPMA.js → validate-35CD7VWN.js} +4 -4
  122. package/dist/{validate-cross-check-ZOWFA3DB.js → validate-cross-check-LJKXBQYH.js} +3 -3
  123. package/package.json +5 -5
@@ -973,15 +973,67 @@ All checks work from document analysis and codebase reads alone. Graph adds prec
973
973
  7. `harness validate` passes after all files are written
974
974
  8. The skill test suite passes (structure, schema, platform-parity, references)
975
975
 
976
+ ## Red Flags
977
+
978
+ | Flag | Corrective Action |
979
+ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
980
+ | "The spec looks internally consistent at a high level" | STOP. S1 requires checking each decision against Technical Design line by line. "High level" consistency misses contradictions in the details. |
981
+ | "This assumption is obvious and doesn't need to be stated" | STOP. S3 exists because unstated assumptions cause the most damage when wrong. If it's obvious, writing it down costs nothing. Skipping it costs debugging time later. |
982
+ | "The finding is minor so I'll auto-fix it without surfacing to the user" | STOP. Only inferrable fixes are auto-fixed. If the fix involves a design choice — even one you think is obvious — surface it. You are not the designer. |
983
+ | `// TODO: add traceability` or `// spec gap — fill later` in spec/plan files | STOP. TODOs in specs are unfinished review. The spec is not converged. Fix the gap or surface it as a finding — do not defer it. |
984
+
985
+ **Review-never-fixes:** Soundness review identifies structural issues in specs and plans. It applies inferrable fixes (formatting, missing links, obvious gaps) but NEVER makes design decisions. If a finding requires judgment, surface it to the user — even if the "right" answer seems obvious. A reviewer who makes design decisions has stopped reviewing and started designing without the authority to do so.
986
+
987
+ ## Uncertainty Surfacing
988
+
989
+ When a check produces ambiguous results, classify the ambiguity immediately:
990
+
991
+ - **Blocking:** Cannot determine severity without user input (e.g., S1 finds a potential contradiction that might be intentional). Surface as a finding with `autoFixable: false`.
992
+ - **Assumption:** Can classify if assumption is stated (e.g., "the spec uses 'fast' to mean sub-second, not sub-minute"). Apply the assumption, log it, and continue. If wrong, the convergence loop will catch it.
993
+ - **Deferrable:** Ambiguity does not affect sign-off (e.g., unclear whether a non-goal is worth stating). Note as a suggestion-severity finding.
994
+
995
+ Do not auto-fix ambiguous findings. Ambiguity means you lack context — applying a "fix" without context is guessing.
996
+
997
+ ## Rubric Compression
998
+
999
+ Soundness check rubrics used internally MUST use compressed single-line format. Each check is one line with pipe-delimited fields:
1000
+
1001
+ ```
1002
+ mode|check-id|severity|criterion
1003
+ ```
1004
+
1005
+ **Example (Spec Mode rubric):**
1006
+
1007
+ ```
1008
+ spec|S1|error|No contradictions between decisions, technical design, and success criteria
1009
+ spec|S2|warning|Every goal has at least one success criterion; no orphan criteria
1010
+ spec|S3|warning|All implicit assumptions documented in Assumptions section
1011
+ spec|S4|warning|Error/edge cases covered; EARS unwanted-behavior gaps filled
1012
+ spec|S5|error|No references to nonexistent codebase capabilities or incompatible patterns
1013
+ spec|S6|error|No speculative features without requirement traceability
1014
+ spec|S7|warning|All success criteria are observable and measurable with concrete thresholds
1015
+ ```
1016
+
1017
+ **Why:** Verbose check descriptions inflate review context without improving check accuracy. Dense single-line rubrics give the same signal in fewer tokens, leaving more budget for actual document analysis.
1018
+
1019
+ **Rules:**
1020
+
1021
+ - Mode prefix must be `spec` or `plan`
1022
+ - Check ID must match the defined check IDs (S1-S7, P1-P7)
1023
+ - Severity must be `error` or `warning`
1024
+ - Maximum 80 characters per criterion text
1025
+
976
1026
  ## Rationalizations to Reject
977
1027
 
978
- | Rationalization | Reality |
979
- | -------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
980
- | "The spec looks coherent to me, so I can skip running the S1 internal coherence check" | Every check in the mode must run. S1 detects contradictions that human review frequently misses. |
981
- | "This unstated assumption is obvious, so documenting it would be pedantic" | S3 exists because "obvious" assumptions cause the most damage when wrong. Cheapest to document, most expensive to miss. |
982
- | "The success criterion is somewhat vague but the team will know what it means" | S7 flags vague criteria like "should be fast" because they are untestable. Vague criteria survive brainstorming only to fail at verification. |
983
- | "This auto-fixable finding is minor, so I will just note it rather than applying the fix" | Auto-fixable findings should be applied silently — that is the design intent. Skipping them ships known inferrable gaps. |
984
- | "The feasibility check found a signature mismatch but the code can probably be adapted during execution" | S5 red flags are always severity "error" and always surfaced. A spec referencing nonexistent modules produces a broken plan. |
1028
+ | Rationalization | Reality |
1029
+ | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
1030
+ | "The spec looks coherent to me, so I can skip running the S1 internal coherence check" | Every check in the mode must run. S1 detects contradictions that human review frequently misses. |
1031
+ | "This unstated assumption is obvious, so documenting it would be pedantic" | S3 exists because "obvious" assumptions cause the most damage when wrong. Cheapest to document, most expensive to miss. |
1032
+ | "The success criterion is somewhat vague but the team will know what it means" | S7 flags vague criteria like "should be fast" because they are untestable. Vague criteria survive brainstorming only to fail at verification. |
1033
+ | "This auto-fixable finding is minor, so I will just note it rather than applying the fix" | Auto-fixable findings should be applied silently — that is the design intent. Skipping them ships known inferrable gaps. |
1034
+ | "The feasibility check found a signature mismatch but the code can probably be adapted during execution" | S5 red flags are always severity "error" and always surfaced. A spec referencing nonexistent modules produces a broken plan. |
1035
+ | "The convergence loop is taking too long, so I will skip the re-check and declare converged" | Convergence requires the issue count to stop decreasing. Declaring convergence without a re-check is falsifying the exit condition. |
1036
+ | "This spec is well-written enough that a soundness review would not find anything" | Every spec gets a soundness review. Well-written specs still have unstated assumptions (S3) and vague criteria (S7). The review is not optional. |
985
1037
 
986
1038
  ## Examples
987
1039
 
@@ -85,6 +85,16 @@ harness scan [path]
85
85
 
86
86
  Skipping this step means subsequent graph queries (impact analysis, dependency health, test advisor) may return stale results.
87
87
 
88
+ ### Uncertainty Surfacing
89
+
90
+ When you encounter an unknown during a RED-GREEN-REFACTOR cycle, classify it immediately:
91
+
92
+ - **Blocking:** Cannot write a meaningful test without resolving this (e.g., unclear expected behavior). STOP and surface to human with options.
93
+ - **Assumption:** Can write the test if assumption is stated explicitly (e.g., "input is always non-null"). Document the assumption in a test comment and continue. If the assumption proves wrong, the test must be revised.
94
+ - **Deferrable:** Does not affect the current cycle (e.g., performance characteristics). Record for a future cycle.
95
+
96
+ Do not bury unknowns in test code. An unstated assumption in a test is a test that passes for the wrong reason.
97
+
88
98
  ### Cycle Rhythm
89
99
 
90
100
  Repeat the 4 phases for each new behavior. A typical feature requires 3-10 cycles. Each cycle should take 2-15 minutes. If a cycle takes longer than 15 minutes, the step is too large — break it down.
@@ -122,6 +132,8 @@ Repeat the 4 phases for each new behavior. A typical feature requires 3-10 cycle
122
132
  | "The test passed on the first run, so TDD is working" | If the test passed without implementing the production code, either the behavior already exists or the test is wrong. You must watch the test FAIL for the right reason before proceeding to GREEN. |
123
133
  | "I will test multiple behaviors in this one test to be efficient" | One test, one assertion, one behavior. Multi-behavior tests make it impossible to pinpoint which behavior broke when the test fails. |
124
134
  | "Harness validate can wait until the end of the feature since it slows down the cycle" | No skipping VALIDATE. Every cycle must end with harness check-deps and harness validate. A passing test with a failing validation means the implementation violated a project constraint. |
135
+ | "This edge case is unlikely, so I will skip writing a test for it" | If the edge case can happen, it needs a test. Unlikely is not impossible. The test is cheap; the production bug is expensive. |
136
+ | "The existing tests cover this behavior implicitly, so no new test is needed" | Implicit coverage is not TDD. If you cannot point to a specific test that asserts the specific behavior, write one. Implicit coverage breaks silently when the implying test changes. |
125
137
 
126
138
  ## Examples
127
139
 
@@ -166,6 +178,15 @@ git commit -m "feat(cart): calculate total from item price and quantity"
166
178
 
167
179
  **Next cycle (RED):** Write a test for empty array input. Watch it fail (or pass — if it passes, the behavior is already handled). Continue.
168
180
 
181
+ ## Red Flags
182
+
183
+ | Flag | Corrective Action |
184
+ | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
185
+ | "I'll write the test after since I know what the code should do" | STOP. Test-after is not TDD. Delete the production code, write the test, watch it fail. |
186
+ | "The test is trivial/obvious so I don't need to watch it fail" | STOP. Observing failure proves the test catches the defect. A test you haven't seen fail might pass for the wrong reason. |
187
+ | "I'll batch these small tests together to save time" | STOP. Each RED-GREEN-REFACTOR cycle is atomic. Batching obscures which behavior broke when a test fails. |
188
+ | `// removed old validation` or `// TODO: re-add error handling` replacing functional code | STOP. Code-to-comment replacement is deletion with a fig leaf. Either keep the code or delete it cleanly with a test proving it is unnecessary. |
189
+
169
190
  ## Gates
170
191
 
171
192
  These are hard stops. Violating any gate means the process has broken down.
@@ -43,6 +43,20 @@ When no arguments are provided (standalone invocation), session slug is unknown
43
43
 
44
44
  ---
45
45
 
46
+ ### Uncertainty Surfacing
47
+
48
+ When you encounter an unknown during verification, classify it immediately:
49
+
50
+ - **Blocking:** Cannot determine pass/fail without resolving this (e.g., spec does not define expected behavior for a scenario, cannot run tests due to missing dependency). STOP and escalate.
51
+ - **Assumption:** Can verify if assumption is stated (e.g., "this module is internal-only so WIRED check against external consumers is not applicable"). Document the assumption in the report. If wrong, verification must be re-run.
52
+ - **Deferrable:** Does not affect current verification (e.g., whether additional test coverage would be beneficial). Note in report as an observation.
53
+
54
+ Do not mark PASS with unstated assumptions. An assumption-laden PASS is a false positive.
55
+
56
+ **Review-never-fixes:** Verification identifies gaps. Verification never fills them. If you find a stub, missing test, or unwired artifact, record it as a FAIL with evidence. Do not implement the fix — that is the executor's job. A verifier who fixes is no longer verifying independently.
57
+
58
+ ---
59
+
46
60
  ### Context Loading
47
61
 
48
62
  Before running verification levels, load session context:
@@ -284,6 +298,15 @@ L2|real-logic|Functions contain meaningful logic, not just hardcoded returns
284
298
  - Maximum 80 characters per criterion text
285
299
  - Rubric entries are guidance — the verification levels define the authoritative checks
286
300
 
301
+ ## Red Flags
302
+
303
+ | Flag | Corrective Action |
304
+ | ---------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
305
+ | "Tests passed earlier, so I just need to check the files exist" | STOP. Iron Law: fresh evidence in THIS session. "Earlier" is cached — run the checks now. |
306
+ | "The implementation looks substantive at a glance" | STOP. Level 2 requires thorough reading, not glancing. Stubs designed to look real (e.g., functions with only a log statement) are the whole reason L2 exists. |
307
+ | "The artifact is exported so it must be wired" | STOP. Export without import is dead code. Trace the actual usage chain: import, call, test, pass. "Must be" is not evidence. |
308
+ | `// stubbed for now` or `// implementation pending` in production code | STOP. These are Level 2 failures. Do not proceed to Level 3. Do not fix them yourself — record as FAIL and report. |
309
+
287
310
  ## Non-Determinism Tolerance
288
311
 
289
312
  Mechanical checks (tests, lint, types) are binary pass/fail. No tolerance.
@@ -292,12 +315,14 @@ For behavioral verification (convention adherence, style guides), accept thresho
292
315
 
293
316
  ## Rationalizations to Reject
294
317
 
295
- | Rationalization | Reality |
296
- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
297
- | "Tests passed earlier, no need to re-run" | Iron Law forbids cached results. All evidence must be fresh in THIS session. |
298
- | "File exists and has code, skip thorough read for Level 2" | Level 2 requires thorough reading. Scanning for TODO, throw Error, empty functions catches stubs that look real. |
299
- | "Artifact is imported by a test file, so passes Level 3" | Import is necessary but not sufficient. Test must assert on behavior and not be skipped. |
300
- | "Verification report probably looks fine from memory" | "Should", "probably", "seems to", "I believe" are forbidden. Replace with "verified: [evidence]" or "not verified: [missing]." |
318
+ | Rationalization | Reality |
319
+ | ----------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
320
+ | "Tests passed earlier, no need to re-run" | Iron Law forbids cached results. All evidence must be fresh in THIS session. |
321
+ | "File exists and has code, skip thorough read for Level 2" | Level 2 requires thorough reading. Scanning for TODO, throw Error, empty functions catches stubs that look real. |
322
+ | "Artifact is imported by a test file, so passes Level 3" | Import is necessary but not sufficient. Test must assert on behavior and not be skipped. |
323
+ | "Verification report probably looks fine from memory" | "Should", "probably", "seems to", "I believe" are forbidden. Replace with "verified: [evidence]" or "not verified: [missing]." |
324
+ | "I found a stub so I'll quickly implement it to make verification pass" | Verification identifies gaps — verification never fills them. Record the stub as a FAIL. The executor fixes it. A verifier who implements is no longer independent. |
325
+ | "The spec only mentions 3 behaviors but I'll verify 5 to be thorough" | Verify what the spec requires, not what you think it should require. Extra verification against unstated requirements conflates verification with spec review. |
301
326
 
302
327
  ## Examples
303
328
 
@@ -272,6 +272,18 @@ These apply to ALL skills. If you catch yourself doing any of these, STOP.
272
272
 
273
273
  ## Rationalizations to Reject
274
274
 
275
+ ### Universal
276
+
277
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
278
+
279
+ - **"It's probably fine"** — "Probably" is not evidence. Verify before asserting.
280
+ - **"This is best practice"** — Best practice in what context? Cite the source and
281
+ confirm it applies to this codebase.
282
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
283
+ with a concrete follow-up plan.
284
+
285
+ ### Domain-Specific
286
+
275
287
  | Rationalization | Reality |
276
288
  | ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
277
289
  | "The violation is minor — just one import" | One violation sets a precedent. Enforce the constraint or document an explicit exception with rationale. |
@@ -332,6 +332,18 @@ These apply to ALL skills. If you catch yourself doing any of these, STOP.
332
332
 
333
333
  ## Rationalizations to Reject
334
334
 
335
+ ### Universal
336
+
337
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
338
+
339
+ - **"It's probably fine"** — "Probably" is not evidence. Verify before asserting.
340
+ - **"This is best practice"** — Best practice in what context? Cite the source and
341
+ confirm it applies to this codebase.
342
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
343
+ with a concrete follow-up plan.
344
+
345
+ ### Domain-Specific
346
+
335
347
  | Rationalization | Reality |
336
348
  | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
337
349
  | "It's an internal API, breaking changes are fine" | Internal consumers break too. Version the change or coordinate the migration explicitly. |
@@ -312,6 +312,18 @@ These apply to ALL skills. If you catch yourself doing any of these, STOP.
312
312
 
313
313
  ## Rationalizations to Reject
314
314
 
315
+ ### Universal
316
+
317
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
318
+
319
+ - **"It's probably fine"** — "Probably" is not evidence. Verify before asserting.
320
+ - **"This is best practice"** — Best practice in what context? Cite the source and
321
+ confirm it applies to this codebase.
322
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
323
+ with a concrete follow-up plan.
324
+
325
+ ### Domain-Specific
326
+
315
327
  | Rationalization | Reality |
316
328
  | ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
317
329
  | "This will be easier to maintain" | Easier for whom, and compared to what? Cite the maintenance burden with evidence from the codebase. |
@@ -307,6 +307,18 @@ These apply to ALL skills. If you catch yourself doing any of these, STOP.
307
307
 
308
308
  ## Rationalizations to Reject
309
309
 
310
+ ### Universal
311
+
312
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
313
+
314
+ - **"It's probably fine"** — "Probably" is not evidence. Verify before asserting.
315
+ - **"This is best practice"** — Best practice in what context? Cite the source and
316
+ confirm it applies to this codebase.
317
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
318
+ with a concrete follow-up plan.
319
+
320
+ ### Domain-Specific
321
+
310
322
  | Rationalization | Reality |
311
323
  | -------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
312
324
  | "No one would guess this token format" | Security by obscurity. Tokens must be cryptographically secure regardless of format predictability. |
@@ -603,6 +603,16 @@ compliance|naming|suggestion|Names follow project conventions (check AGENTS.md o
603
603
  - **`filterByRelevance`** — Phase 3 learnings scoring. Threshold 0.7, budget 1000 tokens.
604
604
  - **Session directory** — `.harness/sessions/<slug>/` contains `handoff.json`, `state.json`, `artifacts.json` (spec/plan paths, reviewed file list). Write handoff to session scope when slug is known. Global `.harness/handoff.json` is deprecated for session-aware invocations.
605
605
 
606
+ ## Uncertainty Surfacing
607
+
608
+ When a review subagent encounters ambiguity during analysis, classify it immediately:
609
+
610
+ - **Blocking:** Cannot determine severity without more context (e.g., unclear whether a pattern is intentional or accidental). Surface as a finding with severity `suggestion` and rationale explaining the ambiguity. Do not guess.
611
+ - **Assumption:** Can classify if assumption is stated (e.g., "assuming this endpoint is internal-only, the missing auth check is acceptable"). State the assumption in the finding. If wrong, the finding severity changes.
612
+ - **Deferrable:** Ambiguity does not affect the review (e.g., whether a naming choice will cause confusion in the future). Omit from findings — it is noise.
613
+
614
+ Do not suppress ambiguous findings. An ambiguous finding surfaced as a question is more valuable than a confident finding built on a wrong assumption.
615
+
606
616
  ## Success Criteria
607
617
 
608
618
  - Pipeline runs all 7 phases in order (skipping GATE without `--ci`)
@@ -696,12 +706,26 @@ compliance|naming|suggestion|Names follow project conventions (check AGENTS.md o
696
706
 
697
707
  ## Rationalizations to Reject
698
708
 
699
- | Rationalization | Reality |
700
- | --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
701
- | "The tests pass, so the logic must be correct" | Tests can be incomplete. Review the logic independently of test results. |
702
- | "This is how it was done elsewhere in the codebase" | Existing patterns can be wrong. Evaluate the pattern on its merits, not just its precedent. |
703
- | "It's just a refactor, low risk" | Refactors change behavior surfaces. Review them with the same rigor as feature changes. |
704
- | "The fix is trivial, I'll just apply it inline" | Trivial fixes still skip review when applied by the reviewer. Suggest the fix; let the author apply and re-review. Iron Law. |
709
+ ### Universal
710
+
711
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
712
+
713
+ - **"It's probably fine"** "Probably" is not evidence. Verify before asserting.
714
+ - **"This is best practice"** Best practice in what context? Cite the source and
715
+ confirm it applies to this codebase.
716
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
717
+ with a concrete follow-up plan.
718
+
719
+ ### Domain-Specific
720
+
721
+ | Rationalization | Reality |
722
+ | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
723
+ | "The tests pass, so the logic must be correct" | Tests can be incomplete. Review the logic independently of test results. |
724
+ | "This is how it was done elsewhere in the codebase" | Existing patterns can be wrong. Evaluate the pattern on its merits, not just its precedent. |
725
+ | "It's just a refactor, low risk" | Refactors change behavior surfaces. Review them with the same rigor as feature changes. |
726
+ | "The fix is trivial, I'll just apply it inline" | Trivial fixes still skip review when applied by the reviewer. Suggest the fix; let the author apply and re-review. Iron Law. |
727
+ | "The diff is small so I can approve without reading every file" | Small diffs can contain critical bugs. Read every changed file completely — size does not correlate with risk. A one-line auth bypass is a small diff. |
728
+ | "The author is experienced, so I can be less thorough" | Review rigor is based on the code, not the author. Experienced authors make mistakes too. Apply the same checklist regardless of who wrote it. |
705
729
 
706
730
  ## Escalation
707
731
 
@@ -286,6 +286,18 @@ These apply to ALL skills. If you catch yourself doing any of these, STOP.
286
286
 
287
287
  ## Rationalizations to Reject
288
288
 
289
+ ### Universal
290
+
291
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
292
+
293
+ - **"It's probably fine"** — "Probably" is not evidence. Verify before asserting.
294
+ - **"This is best practice"** — Best practice in what context? Cite the source and
295
+ confirm it applies to this codebase.
296
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
297
+ with a concrete follow-up plan.
298
+
299
+ ### Domain-Specific
300
+
289
301
  | Rationalization | Reality |
290
302
  | -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
291
303
  | "The table is small, we don't need an index" | Tables grow. Plan for the steady state, not the current row count. |
@@ -15,6 +15,14 @@
15
15
 
16
16
  ## Process
17
17
 
18
+ ### Iron Law
19
+
20
+ **Phase 1 INVESTIGATE before ANY fix. No exceptions.**
21
+
22
+ If you find yourself writing fix code before completing investigation, STOP. Delete the fix. You are guessing, not debugging. A fix without investigation is a coin flip that creates the illusion of progress.
23
+
24
+ ---
25
+
18
26
  ### Prerequisite: Start a Debug Session
19
27
 
20
28
  Before beginning, create a persistent debug session. This survives context resets and tracks state across multiple attempts.
@@ -53,6 +61,8 @@ Error: <the error message or symptom>
53
61
 
54
62
  **You must complete Phase 1 before writing ANY fix code. No exceptions.**
55
63
 
64
+ **Read-only constraint:** Phase 1 is investigation only. You may read files, run commands, add log statements, and record observations. You may NOT write production code fixes, modify business logic, or commit changes during investigation. If you find yourself writing a fix, you have jumped to Phase 4.
65
+
56
66
  #### Step 1: Run Entropy Analysis
57
67
 
58
68
  ```bash
@@ -115,6 +125,16 @@ Update the session status to `investigating`.
115
125
 
116
126
  ---
117
127
 
128
+ ### Uncertainty Surfacing
129
+
130
+ When you encounter an unknown during investigation or analysis, classify it immediately:
131
+
132
+ - **Blocking:** Cannot form a testable hypothesis without resolving this (e.g., cannot reproduce the bug, unclear what "correct" behavior is). STOP and escalate to human.
133
+ - **Assumption:** Can proceed with a stated assumption (e.g., "the database schema has not changed since last deployment"). Document in the session log. If wrong, hypotheses built on it are invalid.
134
+ - **Deferrable:** Does not affect the current investigation (e.g., whether other code paths have similar issues). Note in session log for follow-up.
135
+
136
+ Do not bury unknowns. An unstated assumption in your investigation leads to fixes that address the wrong root cause.
137
+
118
138
  ### Phase 2: ANALYZE — Find the Pattern
119
139
 
120
140
  #### Step 1: Find Working Examples
@@ -298,14 +318,25 @@ Update the session status to `resolved`.
298
318
  - Debug session file is complete with investigation log, hypotheses, and resolution
299
319
  - Learnings were captured for future reference
300
320
 
321
+ ## Red Flags
322
+
323
+ | Flag | Corrective Action |
324
+ | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
325
+ | "It's probably X, let me just fix that" | STOP. "Probably" is a guess, not a diagnosis. Complete Phase 1 INVESTIGATE before writing any fix code. |
326
+ | "I'll change a few things and see if the bug goes away" | STOP. One variable at a time. Multiple simultaneous changes mean you cannot determine which one had the effect — or whether you introduced a new bug. |
327
+ | "One more fix attempt before I escalate" after 2 failed attempts | STOP. Three failed attempts means your mental model is wrong. Step back, re-read the investigation log, and question your assumptions about how the system works. |
328
+ | `// temporary workaround` or `// TODO: real fix later` replacing root-cause fix | STOP. Workarounds are symptom suppression. The root cause remains. Fix it properly or escalate — do not commit workarounds disguised as fixes. |
329
+
301
330
  ## Rationalizations to Reject
302
331
 
303
- | Rationalization | Reality |
304
- | --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
305
- | "I have a strong hunch about what is wrong, so I will jump straight to fixing it" | Phase 1 INVESTIGATE must be completed before ANY fix code is written. You are guessing, not debugging. |
306
- | "I changed two things and the bug is gone, so the fix must be correct" | One variable at a time is a gate. Changing multiple things simultaneously means you do not know which change fixed it. |
307
- | "This is my third attempt but I feel close, so one more try before escalating" | After 3 failed fix attempts, the gate requires you to question the architecture. The problem is likely not where you think it is. |
308
- | "A try-catch that swallows the error prevents the crash, so the bug is fixed" | Symptom suppression is explicitly listed as a bad fix. Wrapping the failure in a try-catch addresses what the bug did, not why it happened. |
332
+ | Rationalization | Reality |
333
+ | --------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
334
+ | "I have a strong hunch about what is wrong, so I will jump straight to fixing it" | Phase 1 INVESTIGATE must be completed before ANY fix code is written. You are guessing, not debugging. |
335
+ | "I changed two things and the bug is gone, so the fix must be correct" | One variable at a time is a gate. Changing multiple things simultaneously means you do not know which change fixed it. |
336
+ | "This is my third attempt but I feel close, so one more try before escalating" | After 3 failed fix attempts, the gate requires you to question the architecture. The problem is likely not where you think it is. |
337
+ | "A try-catch that swallows the error prevents the crash, so the bug is fixed" | Symptom suppression is explicitly listed as a bad fix. Wrapping the failure in a try-catch addresses what the bug did, not why it happened. |
338
+ | "The bug only happens in edge cases, so a partial fix is acceptable" | A partial fix means the bug still exists. Either fix the root cause completely or document the remaining scenarios as known issues with tracked tickets. |
339
+ | "I can skip the regression test since I understand the root cause well" | Understanding the root cause and proving the fix catches it are different things. The revert-and-fail test is mandatory — it is the only proof the test actually guards against the bug. |
309
340
 
310
341
  ## Examples
311
342
 
@@ -359,6 +390,7 @@ Revert test: Commenting out the validation check causes the test to fail with 50
359
390
 
360
391
  ## Gates
361
392
 
393
+ - **Investigation phases are read-only.** Phase 1 and Phase 2 produce understanding, not code. Reading files, running commands, and adding diagnostic log statements are allowed. Writing production code fixes is not. If you find yourself writing a fix during investigation, you have skipped ahead.
362
394
  - **Phase 1 before ANY fix.** You must complete investigation before writing fix code. Skipping investigation leads to symptom-chasing, which leads to more bugs.
363
395
  - **One variable at a time.** Changing multiple things simultaneously is forbidden. If you changed two things and the bug is fixed, you do not know which change fixed it (or if the other change introduced a new bug).
364
396
  - **After 3 failed fix attempts, question the architecture.** If three consecutive hypotheses were wrong or three fixes did not resolve the issue, the problem is likely not where you think it is. Step back. Re-read the investigation log. Consider that the bug might be in a different layer entirely.
@@ -283,6 +283,18 @@ These apply to ALL skills. If you catch yourself doing any of these, STOP.
283
283
 
284
284
  ## Rationalizations to Reject
285
285
 
286
+ ### Universal
287
+
288
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
289
+
290
+ - **"It's probably fine"** — "Probably" is not evidence. Verify before asserting.
291
+ - **"This is best practice"** — Best practice in what context? Cite the source and
292
+ confirm it applies to this codebase.
293
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now
294
+ with a concrete follow-up plan.
295
+
296
+ ### Domain-Specific
297
+
286
298
  | Rationalization | Reality |
287
299
  | ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
288
300
  | "It's just a config change, not a code change" | Config changes cause outages at the same rate as code changes. Deploy them with the same rigor and rollback strategy. |
@@ -76,6 +76,18 @@ Fall back to file-based commands if no graph is available.
76
76
 
77
77
  ---
78
78
 
79
+ ### Uncertainty Surfacing
80
+
81
+ When you encounter an unknown during task execution, classify it immediately:
82
+
83
+ - **Blocking:** Cannot complete the task as written without resolving this (e.g., referenced file doesn't exist, spec behavior undefined for this scenario). STOP. Record as a blocker and report.
84
+ - **Assumption:** Can proceed if assumption is stated (e.g., "the API returns JSON, not XML"). Document the assumption in the commit message. If wrong, the task must be revisited.
85
+ - **Deferrable:** Does not affect the current task (e.g., whether a later task will need a different approach). Note in learnings for future tasks.
86
+
87
+ Do not improvise past unknowns. An assumption that turns out wrong is cheaper than an improvised solution that hides the unknown.
88
+
89
+ **Read-only constraint for Phase 1:** Phase 1 PREPARE is research and state loading. Do not write production code, create files, or make commits during PREPARE. If prerequisites fail, report the failure — do not attempt to fix prerequisites yourself.
90
+
79
91
  ### Phase 2: EXECUTE — Implement Tasks Atomically
80
92
 
81
93
  Report progress with: `**[Phase N/M]** Task N — <description>`
@@ -329,14 +341,25 @@ Claims about task completion, test results, or code behavior MUST cite evidence:
329
341
  - No improvisation: tasks executed as written, or stopped with blocker reported
330
342
  - All stopping conditions respected
331
343
 
344
+ ## Red Flags
345
+
346
+ | Flag | Corrective Action |
347
+ | ---------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
348
+ | "The plan says X but Y would be cleaner — I'll improvise" | STOP. Iron Law: execute the plan as written. If the plan is wrong, stop and fix the plan. Improvising introduces untested assumptions. |
349
+ | "I'll skip the test for this task since it's just configuration" | STOP. The TDD rhythm is not optional. Configuration changes need tests too — they prove the config does what the task requires. |
350
+ | "I'll handle this edge case the plan didn't mention" | STOP. Unplanned work is scope creep. If the edge case matters, it's a plan deficiency — record it as a blocker. |
351
+ | `// TODO: come back to this` or `// skipped for now` in committed code | STOP. Every commit must be atomic and complete for its task. TODOs in committed code are incomplete tasks disguised as progress. |
352
+
332
353
  ## Rationalizations to Reject
333
354
 
334
- | Rationalization | Reality |
335
- | -------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
336
- | "The plan says to do X, but doing Y would be cleaner -- I will improvise" | The Iron Law states: execute the plan as written. If the plan is wrong, stop and fix the plan. Improvising mid-execution introduces untested assumptions. |
337
- | "This task depends on Task 3 which I know is done, so I can skip verifying prerequisites" | Prerequisites must be verified mechanically, not from memory. Check that dependency tasks are marked complete in state and that referenced files exist. |
338
- | "The checkpoint is just a confirmation step and the output looks correct, so I will auto-continue" | Checkpoints are non-negotiable pause points. If a task has a checkpoint marker, execution must pause. |
339
- | "Harness validate passed on the previous task and nothing changed structurally, so I can skip it for this one" | Validation runs after every task with no exceptions. Each task may introduce subtle architectural drift that only harness validate catches. |
355
+ | Rationalization | Reality |
356
+ | -------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
357
+ | "The plan says to do X, but doing Y would be cleaner -- I will improvise" | The Iron Law states: execute the plan as written. If the plan is wrong, stop and fix the plan. Improvising mid-execution introduces untested assumptions. |
358
+ | "This task depends on Task 3 which I know is done, so I can skip verifying prerequisites" | Prerequisites must be verified mechanically, not from memory. Check that dependency tasks are marked complete in state and that referenced files exist. |
359
+ | "The checkpoint is just a confirmation step and the output looks correct, so I will auto-continue" | Checkpoints are non-negotiable pause points. If a task has a checkpoint marker, execution must pause. |
360
+ | "Harness validate passed on the previous task and nothing changed structurally, so I can skip it for this one" | Validation runs after every task with no exceptions. Each task may introduce subtle architectural drift that only harness validate catches. |
361
+ | "The task failed but I can see the fix — I'll apply it and move on without recording a blocker" | A failed task is a blocker. Record it, report it, and stop. Applying unplanned fixes mid-execution makes progress untraceable and may cascade into later tasks. |
362
+ | "Phase 1 prerequisites are missing but I can create them as part of this task" | PREPARE is read-only. Missing prerequisites mean a prior task or the plan is deficient. Report the gap — do not fix prerequisites during execution setup. |
340
363
 
341
364
  ## Examples
342
365
 
@@ -398,6 +421,7 @@ harness validate — passes. Resume Task 4.
398
421
 
399
422
  Hard stops. Violating any gate means the process has broken down.
400
423
 
424
+ - **Phase 1 PREPARE is read-only.** Do not write production code, create files, or commit during preparation. If prerequisites are missing, report the gap — do not fix it yourself.
401
425
  - **No execution without a plan.** If no plan exists, do not start. Use harness-planning.
402
426
  - **No improvisation.** Execute as written. Do not add "improvements" not in the plan.
403
427
  - **No skipping tasks.** Tasks are dependency-ordered. Execute in order.
@@ -342,17 +342,28 @@ Only apply when modifying existing documented behavior. When `docs/changes/` exi
342
342
  - Human has reviewed and approved the plan
343
343
  - Rigor level rules followed: fast skips skeleton; thorough always skeletons with approval; standard skeletons at >= 8 tasks
344
344
 
345
+ ## Red Flags
346
+
347
+ | Flag | Corrective Action |
348
+ | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
349
+ | "I know the implementation well enough to skip reading the spec" | STOP. Phase 1 SCOPE starts by reading the spec. Assumptions about spec content lead to plans that implement the wrong thing. |
350
+ | "This task is self-explanatory, no need for exact file paths and commands" | STOP. Iron Law: every task must contain exact file paths, exact commands, and complete code snippets. "Implement the service" is a wish, not a task. |
351
+ | "I'll plan the happy path now and add error handling tasks later" | STOP. Error handling is not optional. The spec's success criteria include error scenarios. Plan them alongside the happy path. |
352
+ | `// detailed steps TBD` or `// expand during execution` in task descriptions | STOP. A task that defers detail to execution is a vague task. If you cannot write the exact steps now, you do not understand the task well enough to plan it. |
353
+
345
354
  ## Rationalizations to Reject
346
355
 
347
- | Rationalization | Reality |
348
- | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
349
- | "The task is conceptually clear so I do not need to include exact code in the plan" | Every task must have exact file paths, exact code, and exact commands. If you cannot write the code in the plan, you do not understand the task well enough to plan it. |
350
- | "This task touches 5 files but it is logically one unit of work, so splitting it would add overhead" | Tasks touching more than 3 files must be split. The overhead of splitting is far less than the cost of a failed oversized task. |
351
- | "Tests for this task can be added in a follow-up task since the implementation is straightforward" | No skipping TDD in tasks. Every code-producing task must start with writing a test. "Add tests later" is explicitly forbidden. |
352
- | "The spec does not cover this edge case, but I can fill in the gap during planning" | When the spec is missing information, do not fill in the gaps yourself. Escalate. Filling gaps silently creates undocumented design decisions that no one reviewed. |
353
- | "I discovered we need an additional file during decomposition, but updating the file map is just bookkeeping" | The file map must be complete. Every file that will be created or modified must appear in the file map before task decomposition. |
354
- | "There are no real uncertainties — the spec is clear enough" | Every plan has unknowns. If you listed zero uncertainties, you skipped the step. Re-read the spec and list what is assumed but not stated. |
355
- | "I already know how to structure this, no need to finish scoping" | Premature decomposition anchors on the first approach found. Complete SCOPE (observable truths + uncertainties) before proposing any task structure. |
356
+ | Rationalization | Reality |
357
+ | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
358
+ | "The task is conceptually clear so I do not need to include exact code in the plan" | Every task must have exact file paths, exact code, and exact commands. If you cannot write the code in the plan, you do not understand the task well enough to plan it. |
359
+ | "This task touches 5 files but it is logically one unit of work, so splitting it would add overhead" | Tasks touching more than 3 files must be split. The overhead of splitting is far less than the cost of a failed oversized task. |
360
+ | "Tests for this task can be added in a follow-up task since the implementation is straightforward" | No skipping TDD in tasks. Every code-producing task must start with writing a test. "Add tests later" is explicitly forbidden. |
361
+ | "The spec does not cover this edge case, but I can fill in the gap during planning" | When the spec is missing information, do not fill in the gaps yourself. Escalate. Filling gaps silently creates undocumented design decisions that no one reviewed. |
362
+ | "I discovered we need an additional file during decomposition, but updating the file map is just bookkeeping" | The file map must be complete. Every file that will be created or modified must appear in the file map before task decomposition. |
363
+ | "There are no real uncertainties — the spec is clear enough" | Every plan has unknowns. If you listed zero uncertainties, you skipped the step. Re-read the spec and list what is assumed but not stated. |
364
+ | "I already know how to structure this, no need to finish scoping" | Premature decomposition anchors on the first approach found. Complete SCOPE (observable truths + uncertainties) before proposing any task structure. |
365
+ | "The skeleton pass adds overhead for a plan this size — I will go straight to full tasks" | Rigor level rules are not optional. In thorough mode, the skeleton is always required. In standard mode, 8+ tasks require a skeleton. Skipping it risks task-level misalignment with the goal. |
366
+ | "I will write implementation code in the plan to make the tasks more concrete" | Planning produces a plan document, not code. Writing code during planning violates the phase boundary — code belongs in execution. Exact snippets in task descriptions are plan content, not executed code. |
356
367
 
357
368
  ## Examples
358
369