@hegemonart/get-design-done 1.34.4 → 1.35.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,14 +5,14 @@
5
5
  },
6
6
  "metadata": {
7
7
  "description": "Get Design Done — 5-stage agent-orchestrated design pipeline with 9 connections, handoff-first workflow, bidirectional Figma write-back, 22+ specialized agents, queryable knowledge layer (intel store, dependency analysis, learnings extraction), and a self-improvement loop (reflector, frontmatter + budget feedback, global-skills layer). v1.20.0 ships the SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream, and resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) for rate-limit + 429 + context-overflow recovery. Full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows) and release automation (auto-tag + GitHub Release + release-time smoke test).",
8
- "version": "1.34.4"
8
+ "version": "1.35.1"
9
9
  },
10
10
  "plugins": [
11
11
  {
12
12
  "name": "get-design-done",
13
13
  "source": "./",
14
14
  "description": "Agent-orchestrated 5-stage design pipeline: Brief → Explore → Plan → Design → Verify. 22+ specialized agents, 9 connections (Figma, Refero, Preview, Storybook, Chromatic, Figma Writer, Graphify, Pinterest, Claude Design), Claude Design handoff, bidirectional Figma write-back, and a queryable intel store (.design/intel/) for dependency and learnings queries. Standalone commands: style, darkmode, compare, figma-write, graphify, handoff, analyze-dependencies, skill-manifest, extract-learnings. Embeds NNG heuristics, WCAG thresholds, typographic systems, motion framework, and anti-pattern catalog. Ships with a full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows) and release automation. Optimization layer (v1.0.4.1, retroactive): gdd-router + gdd-cache-manager skills, PreToolUse budget-enforcer hook, tier-aware agent frontmatter, lazy checker gates, streaming synthesizer, /gdd:warm-cache + /gdd:optimize commands, and cost telemetry at .design/telemetry/costs.jsonl — targeting 50-70% per-task token-cost reduction with no quality-floor regression. v1.20.0 SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream at .design/telemetry/events.jsonl, resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) with rate-limit + 429 + context-overflow recovery, and TypeScript toolchain.",
15
- "version": "1.34.4",
15
+ "version": "1.35.1",
16
16
  "author": {
17
17
  "name": "hegemonart"
18
18
  },
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "get-design-done",
3
3
  "short_name": "gdd",
4
- "version": "1.34.4",
4
+ "version": "1.35.1",
5
5
  "description": "Agent-orchestrated 5-stage design pipeline: Brief → Explore → Plan → Design → Verify. 22+ specialized agents, 9 connections (Figma, Refero, Preview, Storybook, Chromatic, Figma Writer, Graphify, Pinterest, Claude Design), handoff-first workflow via Claude Design bundles, bidirectional Figma write-back (annotations, Code Connect), queryable intel store (`.design/intel/`) for O(1) design surface lookups, and self-improvement loop (reflector agent, frontmatter + budget feedback, global-skills layer at `~/.claude/gdd/global-skills/`). Standalone commands: style, darkmode, compare, figma-write, graphify, handoff, analyze-dependencies, skill-manifest, extract-learnings, reflect, apply-reflections. Embeds NNG heuristics, WCAG thresholds, typographic systems, motion framework, and anti-pattern catalog. Ships with a full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows, lint + schema + frontmatter + stale-ref + shellcheck + gitleaks + injection-scan + blocking size-budget) and release automation (auto-tag + GitHub Release + release-time smoke test). Optimization layer (v1.0.4.1, retroactive): gdd-router + gdd-cache-manager skills, PreToolUse budget-enforcer hook, tier-aware agent frontmatter, lazy checker gates, streaming synthesizer, /gdd:warm-cache + /gdd:optimize commands, and cost telemetry at .design/telemetry/costs.jsonl — targeting 50-70% per-task token-cost reduction with no quality-floor regression. v1.20.0 SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream at .design/telemetry/events.jsonl, resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) with rate-limit + 429 + context-overflow recovery, and TypeScript toolchain. v1.27.7 ships gdd-mcp (Phase 27.7): 12 read-only MCP tools for sub-3s priming. v1.28.0 (Phase 28): Foundational References Tier 2 — 5 new reference files (color-theory, composition, proportion-systems, i18n, contrast-advanced), 2 verifier i18n probes + 1 explore i18n-readiness probe, 12 additive cross-link insertions across 10 existing references, 2 orthogonal audit-scoring lens-tags (composition_alignment + i18n_readiness).",
6
6
  "author": {
7
7
  "name": "hegemonart",
package/CHANGELOG.md CHANGED
@@ -4,6 +4,27 @@ All notable changes to get-design-done are documented here. Versions follow [sem
4
4
 
5
5
  ---
6
6
 
7
+ ## [1.35.1] - 2026-06-01
8
+
9
+ ### Phase 35.1 — Team Surfaces: PR Inline Integration
10
+
11
+ First sub-phase of the split **Phase 35 (Team Surfaces Layer)**. Makes GDD's verify/audit output visible **inline on the pull request** — the surface a non-GDD-running teammate actually watches. After `/gdd:ship` creates the PR, the new `pr-commenter` agent posts inline review comments on changed lines, attaches Preview/Chromatic before-after screenshot pairs, and registers a `gdd/design-review` status check (audit pillar scores + verify pass/fail + a11y). **No new runtime dependency** — `gh` is the outbound channel (the `/gdd:ship` + `/gdd:report-issue` precedent); every outbound body is redacted; a `GDD_DISABLE_PR_COMMENTER` kill-switch + degrade-to-noop guarantee the agent never fails the ship. Opens the v1.35.x arc (CHANGELOG-only decimal). The parent Phase 35 stays open (35.2 Notification Backplane + 35.3 Ticket Sync remain).
12
+
13
+ ### Added
14
+
15
+ - **`agents/pr-commenter.md` (inline PR review + status check, D-02/D-03).** A single-shot post-ship agent: posts inline review comments via `gh api .../pulls/{n}/comments` (selector-specific WCAG/verify findings on changed lines), attaches Preview (Phase 8) / Chromatic (Phase 25) before-after screenshot pairs when present, and registers the `gdd/design-review` check-run via `gh api .../check-runs` carrying audit pillar scores + verify pass/fail + a11y result. `size_budget: M`, `## Record`.
16
+ - **`reference/pr-review-integration.md` (the gh contract, registered).** The authoritative `gh`-CLI shapes the agent posts against — inline-comment payload, summary review, the `gdd/design-review` check-run, screenshot-pair attachment, mandatory `redact.cjs`, the kill-switch, and the consent-driven branch-protection setup (`scripts/apply-branch-protection.sh`; GDD registers the check, never force-edits protection). Registered in `reference/registry.json`.
17
+ - **`/gdd:ship` wiring (D-06).** `skills/ship/SKILL.md` Step 6.5 spawns `pr-commenter` (via `Task`) after `gh pr create` — degrade-to-noop, never blocks the ship success path.
18
+ - **Regression baseline.** `test/fixtures/baselines/phase-35-1/` + `test/suite/phase-35-1-baseline.test.cjs` (version-agnostic); plus structural + ship-wiring tests (`pr-commenter-static`, `ship-pr-commenter-wiring`).
19
+
20
+ ### Notes
21
+
22
+ - **No new runtime dependency** — `gh` only (no `@octokit`/GitHub SDK); every outbound body routes through `scripts/lib/redact.cjs`; per-surface kill-switch `GDD_DISABLE_PR_COMMENTER` mirrors Phase 30.
23
+ - The 31.5 tarball golden was regenerated as a reviewed delta: **+2** (`agents/pr-commenter.md`, `reference/pr-review-integration.md`), zero removals.
24
+ - 6-manifest lockstep at **v1.35.1**. Version-sync hygiene upfront (D-09): `OFF_CADENCE_VERSIONS.add('1.35.1')` + the 19 live-pinned `manifests-version.txt` baselines forward-propagated 1.34.4 → 1.35.1.
25
+
26
+ ---
27
+
7
28
  ## [1.34.4] - 2026-06-01
8
29
 
9
30
  ### Phase 34.4 — Lazyweb + Mobbin Research Connections (recovered)
package/README.md CHANGED
@@ -134,6 +134,10 @@ The constraints live in [`reference/print-design.md`](reference/print-design.md)
134
134
 
135
135
  The **discover** stage grounds design in real product references, resolving sources **cost-aware — the free source is tried before any paid one**. [`Lazyweb`](connections/lazyweb.md) (free MCP, 250k+ app screens — pricing pages, onboarding, redesign comparisons) is **Tier 1, always first**; [`Mobbin`](connections/mobbin.md) (paid MCP, 600k+ screens / 130k+ flows — mobile + flow-level) and [`Refero`](connections/refero.md) are **Tier 2** (use whichever you subscribe to), then Pinterest → local archetypes → WebFetch. Both are optional user-installed MCPs (**no new runtime dependency**), onboardable via `/gdd:connections`.
136
136
 
137
+ ### Team surfaces — PR inline review (v1.35.1)
138
+
139
+ After `/gdd:ship` opens the PR, the [`pr-commenter`](agents/pr-commenter.md) agent posts GDD's verify/audit output **inline** on it: selector-specific findings as inline review comments on changed lines, Preview/Chromatic before-after screenshot pairs, and a `gdd/design-review` status check (audit pillar scores + verify pass/fail + a11y) that a teammate's branch protection can require. Outbound bodies are redacted; `GDD_DISABLE_PR_COMMENTER` (or `.design/config.json`) is the kill-switch; it degrades to a noop (prints bodies for manual paste) and **never fails the ship**. Uses `gh` only — **no new runtime dependency**. First sub-phase of the Team Surfaces layer (Slack/Discord notifications + Linear/Jira ticket-sync follow). Contract: [`reference/pr-review-integration.md`](reference/pr-review-integration.md).
140
+
137
141
  ### Previous releases
138
142
 
139
143
  - **v1.26.0** — Headless Model Resolver (per-runtime tier→model map, `resolved_models` router field, per-runtime price tables, `reasoning-class` runtime-neutral alias).
@@ -0,0 +1,132 @@
1
+ ---
2
+ name: pr-commenter
3
+ description: Posts GDD verify/audit output inline on a pull request — selector-specific findings as inline review comments via gh api, Preview/Chromatic before-after screenshot pairs, and a gdd/design-review check-run carrying audit/verify/a11y results. Outbound bodies redacted; degrades to noop when gh is absent or disabled. Spawned by /gdd:ship after PR creation.
4
+ tools: Read, Bash, Grep, Glob
5
+ color: cyan
6
+ default-tier: sonnet
7
+ tier-rationale: "Maps already-computed verify/audit findings onto PR surfaces via gh; no design judgment — a sonnet-tier mechanical post, not an Opus plan."
8
+ size_budget: M
9
+ size_budget_rationale: "Honest tier sized to the ~180-line body (M cap 300). The agent states the posting contract — inline comments, the gdd/design-review check-run, screenshot-pair attach, redact, kill-switch, degrade-to-noop — and DELEGATES the verbatim gh-api JSON shapes (pulls/comments payload, check-runs payload, branch-protection setup) to reference/pr-review-integration.md (the email-executor→email-design.md precedent). Raise to LARGE only if those API shapes are ever inlined here."
10
+ parallel-safe: false
11
+ typical-duration-seconds: 45
12
+ reads-only: false
13
+ writes:
14
+ - ".design/intel/insights.jsonl"
15
+ ---
16
+
17
+ @reference/shared-preamble.md
18
+
19
+ # pr-commenter
20
+
21
+ ## Role
22
+
23
+ You make GDD's verify/audit output **visible inline on the pull request** — the surface a non-GDD-running teammate actually watches. After `/gdd:ship` has created the PR, you post **inline review comments** on changed lines, attach **before-after screenshot pairs** when present, and register a **`gdd/design-review` check-run**. You are a **single-shot, post-ship** agent: receive the PR number + repo, read the verify/audit artifacts, post via `gh`, emit the record, done. You do not re-plan, gate the pipeline, spawn other agents, or ask clarifying questions.
24
+
25
+ You are an **agent-prompt**, not a service: GDD posts to the PR when an LLM (you) invokes this prompt and runs `gh`. You require **no GitHub SDK** (`@octokit` etc.) and **no network library** — `gh` is the sanctioned outbound channel (the `/gdd:ship` + `/gdd:report-issue` precedent). When `gh` is unavailable, you **degrade to noop** (print the bodies for manual paste) — you never fail the ship.
26
+
27
+ ---
28
+
29
+ ## Required Reading
30
+
31
+ Read every file the caller lists in its `<required_reading>` block before acting. At minimum:
32
+
33
+ - `.design/STATE.md` — pipeline state, `<connections>` (Preview/Chromatic availability), cycle/stage for the record.
34
+ - `.design/DESIGN-VERIFICATION.md` — per-task pass/fail + selector-specific observations (the inline-comment source).
35
+ - `.design/DESIGN-AUDIT.md` (if present) — pillar scores (the check-run summary source).
36
+ - **`reference/pr-review-integration.md`** — the **authoritative** posting contract: the `gh api .../pulls/{n}/comments` inline-comment JSON shape, the `gh api .../check-runs` `gdd/design-review` payload, screenshot-pair attachment, the redact requirement, the kill-switch, and the branch-protection setup. You **post against this contract** — you do not re-derive the API shapes here.
37
+
38
+ **Invariant:** read the listed files FIRST. Resolve the target PR + repo from the caller's context (PR number/URL from `/gdd:ship`, repo from `gh repo view --json nameWithOwner`).
39
+
40
+ ---
41
+
42
+ ## Kill-switch + degrade (check FIRST, before any gh call)
43
+
44
+ 1. **Kill-switch.** If `GDD_DISABLE_PR_COMMENTER=1` in env OR `.design/config.json` has `pr_commenter.enabled === false` → **noop**: print "pr-commenter disabled" and emit the record. Do nothing else.
45
+ 2. **gh availability.** `command -v gh` and `gh auth status`. If gh is absent or unauthenticated → **degrade to noop**: print the assembled comment + check bodies so the user can paste them manually; do **not** error.
46
+ 3. **PR presence.** If no PR number was supplied (ship ran `--draft`-less manual path, or PR creation failed) → noop with a one-line note.
47
+
48
+ Never let a `gh` hiccup fail the `/gdd:ship` success path — every failure mode here is a degraded noop, not an error.
49
+
50
+ ---
51
+
52
+ ## Redact every outbound body (mandatory, D-05)
53
+
54
+ Before any `gh` call, pass each comment/summary string through the secret-redactor:
55
+
56
+ ```js
57
+ const { redact } = require('scripts/lib/redact.cjs');
58
+ const safeBody = redact(commentBody);
59
+ ```
60
+
61
+ `redact` (Phase 22, 11 patterns) strips API keys/tokens/secrets. **Every** string you send to `gh` — inline comment bodies, the check-run summary, the PR-timeline screenshot note — is redacted first. Never post a raw artifact excerpt without redacting it.
62
+
63
+ ---
64
+
65
+ ## What you post (against `reference/pr-review-integration.md`)
66
+
67
+ 1. **Inline review comments** — for each verify/audit finding that maps to a changed file+line, post an inline comment via `gh api repos/{owner}/{repo}/pulls/{n}/comments` (path + line + redacted body: the finding, the rule/pillar, and a one-line suggested fix). Findings with no changed-line locus go into a single summary review comment, not scattered.
68
+ 2. **Screenshot pairs (degrade, D-04)** — when `.design/STATE.md` `<connections>` shows `preview: available` or `chromatic: available` AND a before-after pair exists for a changed surface, attach the image refs in the comment/PR timeline. When absent → text-only; never a precondition.
69
+ 3. **`gdd/design-review` check-run (D-03)** — `gh api repos/{owner}/{repo}/check-runs` with `name: "gdd/design-review"`, a `conclusion` (`success` if verify passed + no blocker pillars, `failure` if verify failed or a11y-gate failed, else `neutral`), and an `output.summary` carrying the audit pillar scores + verify pass/fail + a11y result. This is the gate a teammate's branch-protection rule can require — see the reference for the required-check setup (`scripts/apply-branch-protection.sh`); you **register** the check, you never edit branch protection.
70
+
71
+ ---
72
+
73
+ ## Execution Principles
74
+
75
+ 1. **Post-ship surface, not a gate.** You run after the PR exists; you never block ship or the pipeline. Every failure → degraded noop.
76
+ 2. **Redact everything outbound (D-05).** No raw artifact excerpt reaches `gh` un-redacted.
77
+ 3. **Observable outcomes only.** Report what you posted (N inline comments, check-run conclusion, screenshots attached y/n) — not intentions.
78
+ 4. **`reference/pr-review-integration.md` is authoritative** for the gh-api shapes; apply it, do not re-derive.
79
+ 5. **Decision authority:** in-context → proceed; out-of-context (architectural, contradicts a locked D-XX, a new external API) → Rule 4: STOP, note it, emit the marker.
80
+ 6. **Single-task scope.** Touch no repo files; your only local write is the record line.
81
+
82
+ ---
83
+
84
+ ## Deviation Rules
85
+
86
+ Apply automatically; track each in a `## Deviations` section.
87
+
88
+ - **Rule 1 — Bug:** a malformed `gh api` payload, an un-redacted body, a wrong PR/line locus → fix inline.
89
+ - **Rule 2 — Missing Critical:** a finding with a changed-line locus not posted, the check-run not registered, redact not applied → add it.
90
+ - **Rule 3 — Blocking:** `gh` absent/unauth, no PR, kill-switch on → **degrade to noop** (not an error); print bodies for manual paste; note it.
91
+ - **Rule 4 — Architectural:** switching off `gh` to a GitHub SDK, adding a network dependency, editing branch protection without consent → STOP, note it, still emit the marker.
92
+
93
+ **Fix attempt limit:** stop after 3 attempts on one `gh` call; degrade to printing that body and continue.
94
+
95
+ ---
96
+
97
+ ## Output
98
+
99
+ In your final response, state: the PR posted to, the number of inline comments posted, the `gdd/design-review` check-run conclusion, whether screenshot pairs were attached (and the connection that sourced them), and any degraded-noop reason. Do not modify repo files.
100
+
101
+ Terminate with exactly this line, on its own line:
102
+
103
+ ```
104
+ ## EXECUTION COMPLETE
105
+ ```
106
+
107
+ ---
108
+
109
+ ## Constraints
110
+
111
+ This agent MUST NOT:
112
+
113
+ - Run `git clean` (any flags) — absolute prohibition.
114
+ - Fail the `/gdd:ship` success path — every failure mode degrades to a noop.
115
+ - Add a GitHub SDK (`@octokit`/etc.) or any network dependency — `gh` is the channel (D-02).
116
+ - Post any outbound body without passing it through `scripts/lib/redact.cjs` (D-05).
117
+ - Edit branch-protection rules — register the `gdd/design-review` check only; required-check setup is the user's repo-settings step (D-03).
118
+ - Modify the plan, context, connection index, or any repo file; re-plan; spawn other agents; ask clarifying questions; or `git add .`/`-A`.
119
+
120
+ ---
121
+
122
+ ## Record
123
+
124
+ At run-end, append one JSONL line to `.design/intel/insights.jsonl`:
125
+
126
+ ```json
127
+ {"ts":"<ISO-8601>","agent":"pr-commenter","cycle":"<cycle from STATE.md>","stage":"<stage from STATE.md>","one_line_insight":"<PR #N: M inline comments + gdd/design-review=<conclusion> + screenshots=<y/n/degraded>>","artifacts_written":[]}
128
+ ```
129
+
130
+ Schema: `reference/schemas/insight-line.schema.json`.
131
+
132
+ ## EXECUTION COMPLETE
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hegemonart/get-design-done",
3
- "version": "1.34.4",
3
+ "version": "1.35.1",
4
4
  "description": "A design-quality pipeline for AI coding agents: brief, plan, implement, and verify UI work against your design system.",
5
5
  "author": "Hegemon",
6
6
  "homepage": "https://github.com/hegemonart/get-design-done",
@@ -0,0 +1,96 @@
1
+ # PR Review Integration — the gh-based contract for `agents/pr-commenter.md`
2
+
3
+ How GDD surfaces verify/audit output **inline on a pull request** and as a **status check**, using the `gh` CLI only (no GitHub SDK, no network library). `agents/pr-commenter.md` posts against this contract after `/gdd:ship` creates the PR. Every outbound string is redacted first; every failure mode degrades to a noop (never fails the ship).
4
+
5
+ ---
6
+
7
+ ## Resolve target
8
+
9
+ ```bash
10
+ gh repo view --json nameWithOwner -q .nameWithOwner # owner/repo
11
+ # PR number: supplied by /gdd:ship; or: gh pr view --json number,headRefOid -q '.number, .headRefOid'
12
+ ```
13
+
14
+ `head_sha` (the PR head commit) is required for the check-run; get it from `gh pr view --json headRefOid`.
15
+
16
+ ## Inline review comments (changed-line findings)
17
+
18
+ For a finding that maps to a changed `path` + `line`, post an inline comment:
19
+
20
+ ```bash
21
+ gh api repos/{owner}/{repo}/pulls/{number}/comments \
22
+ -f body="$SAFE_BODY" -f commit_id="$HEAD_SHA" -f path="src/Button.tsx" \
23
+ -F line=42 -f side=RIGHT
24
+ ```
25
+
26
+ - `body` — **redacted** finding text: the rule/pillar (`WCAG 1.4.3` / `audit:color`), the observation, a one-line suggested fix.
27
+ - `path` + `line` + `side=RIGHT` — the changed line locus (RIGHT = the new version).
28
+ - One comment per located finding. Findings with **no** changed-line locus go into a single summary review (below), not scattered.
29
+
30
+ ## Summary review (findings without a line locus)
31
+
32
+ ```bash
33
+ gh api repos/{owner}/{repo}/pulls/{number}/reviews \
34
+ -f body="$SAFE_SUMMARY" -f event=COMMENT
35
+ ```
36
+
37
+ `event=COMMENT` (never `REQUEST_CHANGES`/`APPROVE` — GDD does not gate human approval). The summary lists verify pass/fail counts + the unlocated findings.
38
+
39
+ ## The `gdd/design-review` check-run (the team gate)
40
+
41
+ ```bash
42
+ gh api repos/{owner}/{repo}/check-runs \
43
+ -f name="gdd/design-review" -f head_sha="$HEAD_SHA" -f status=completed \
44
+ -f conclusion="$CONCLUSION" \
45
+ -f output[title]="GDD design review" -f output[summary]="$SAFE_SUMMARY"
46
+ ```
47
+
48
+ - `conclusion`: **`success`** = verify passed AND no blocker-level pillar AND a11y-gate not failed; **`failure`** = verify failed OR a11y-gate failed; **`neutral`** = verify incomplete / degraded.
49
+ - `output.summary` (redacted) carries: per-pillar audit scores (from `.design/DESIGN-AUDIT.md`), verify pass/fail (from `.design/DESIGN-VERIFICATION.md`), and the a11y-gate result.
50
+
51
+ **Making it a required check (the team step — GDD never force-edits branch protection):** a maintainer enables `gdd/design-review` as a required status check via repo Settings → Branches, or via the bundled helper:
52
+
53
+ ```bash
54
+ scripts/apply-branch-protection.sh --require-check "gdd/design-review"
55
+ ```
56
+
57
+ GDD only **registers** the check-run; requiring it is an explicit, consent-driven repo-settings action.
58
+
59
+ ## Screenshot-pair attachment (degrade)
60
+
61
+ When `.design/STATE.md` `<connections>` shows `preview: available` or `chromatic: available` AND a before-after image pair exists for a changed surface, embed the image refs in the inline/summary comment body (Markdown image syntax pointing at the uploaded/hosted artifact URLs the connection produced). When **absent** → text-only comment. Never a precondition; never block on a missing screenshot.
62
+
63
+ ## Redaction (mandatory)
64
+
65
+ Every `$SAFE_*` body above is produced by `scripts/lib/redact.cjs`:
66
+
67
+ ```js
68
+ const { redact } = require('scripts/lib/redact.cjs');
69
+ const SAFE_BODY = redact(rawBody); // strips API keys / tokens / secrets (11 patterns, Phase 22 + 33.5)
70
+ ```
71
+
72
+ No raw artifact excerpt reaches `gh` un-redacted.
73
+
74
+ ## Kill-switch
75
+
76
+ `pr-commenter` is a noop when **either**:
77
+
78
+ - env `GDD_DISABLE_PR_COMMENTER=1`, or
79
+ - `.design/config.json` has `"pr_commenter": { "enabled": false }`.
80
+
81
+ `gsd-health` surfaces the enabled/disabled state (mirrors the Phase 30 issue-reporter kill-switch).
82
+
83
+ ## Degrade-to-noop matrix
84
+
85
+ | Condition | Behavior |
86
+ |---|---|
87
+ | kill-switch on | noop + "pr-commenter disabled" note |
88
+ | `gh` absent / unauthenticated | print assembled bodies for manual paste; no error |
89
+ | no PR number (manual/failed creation) | noop + one-line note |
90
+ | a single `gh api` call fails (≤3 attempts) | print that body; continue with the rest |
91
+
92
+ In all cases pr-commenter exits cleanly — it **never** fails the `/gdd:ship` success path.
93
+
94
+ ## Out of scope (per Phase 35 split)
95
+
96
+ Slack/Discord notifications (Phase 35.2); Linear/Jira ticket-sync (Phase 35.3); `pseudonymize.cjs` (Phase 30 — wired for third-party channels); video walkthroughs (still images only); a GDD-side approver list (branch protection owns approvals).
@@ -909,6 +909,13 @@
909
909
  "type": "heuristic",
910
910
  "phase": 34.3,
911
911
  "description": "Phase 34.3 print-constraint catalogue — @page size/margin/marks (the print box model), bleed box + crop/registration marks, CMYK color-space awareness (subtractive, not screen RGB), font embedding/outlining (print RIPs have no web fonts), and 300dpi raster-fallback guidance; the authority the pdf-executor generates against and the design-verifier print branch audits against, and the rule-id source for scripts/lib/print/validate-print-css.cjs."
912
+ },
913
+ {
914
+ "name": "pr-review-integration",
915
+ "path": "reference/pr-review-integration.md",
916
+ "type": "heuristic",
917
+ "phase": 35.1,
918
+ "description": "Phase 35.1 PR-inline contract — the gh-CLI shapes agents/pr-commenter.md posts against: inline review comments (gh api pulls/{n}/comments with path+line), the summary review (event=COMMENT), the gdd/design-review check-run (gh api check-runs with name/head_sha/conclusion/output.summary carrying audit pillar scores + verify pass/fail + a11y result), Preview/Chromatic screenshot-pair attachment (degrade-to-text), mandatory scripts/lib/redact.cjs on every outbound body, the GDD_DISABLE_PR_COMMENTER kill-switch, and the consent-driven branch-protection setup (scripts/apply-branch-protection.sh; GDD registers the check, never force-edits protection)."
912
919
  }
913
920
  ]
914
921
  }
@@ -29,6 +29,12 @@ Closes the verify → merge gap: runs `/gdd:pr-branch` for a clean branch, assem
29
29
  - Do not include `.design/` or `.planning/` files in the PR branch — that is `/gdd:pr-branch`'s job.
30
30
  - Do not skip the verify pre-flight silently — always surface a failure and ask.
31
31
 
32
+ ## Step 6.5 — PR inline review surface (pr-commenter)
33
+
34
+ ONLY on the success path — after the PR has been created (Step 5) and its URL printed (Step 6) — spawn `agents/pr-commenter.md` via the `Task` tool to post GDD's verify/audit output **inline** on the new PR: inline review comments on changed lines, Preview/Chromatic before-after screenshot pairs, and the `gdd/design-review` check-run (audit pillar scores + verify pass/fail + a11y). Pass the PR number + `owner/repo` in the Task context.
35
+
36
+ This is a **degrade-to-noop** surface and MUST NOT fail the ship: if `gh` is unavailable, the `GDD_DISABLE_PR_COMMENTER` kill-switch (env or `.design/config.json`) is set, or the agent errors, the ship still succeeds (pr-commenter prints the bodies for manual paste). Skip this step entirely if PR creation failed in Step 5. The posting contract (gh-api shapes, check-run payload, redaction, branch-protection setup) lives in `reference/pr-review-integration.md`.
37
+
32
38
  ## Step 7 — Update notice (post-closeout surface)
33
39
 
34
40
  ONLY on the success path — after the PR has been created and the URL has been printed — emit the plugin-update banner. If PR creation failed earlier, skip this step (do not suggest upgrades in the middle of a PR-creation failure).