@hegemonart/get-design-done 1.34.4 → 1.35.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,14 +5,14 @@
5
5
  },
6
6
  "metadata": {
7
7
  "description": "Get Design Done — 5-stage agent-orchestrated design pipeline with 9 connections, handoff-first workflow, bidirectional Figma write-back, 22+ specialized agents, queryable knowledge layer (intel store, dependency analysis, learnings extraction), and a self-improvement loop (reflector, frontmatter + budget feedback, global-skills layer). v1.20.0 ships the SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream, and resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) for rate-limit + 429 + context-overflow recovery. Full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows) and release automation (auto-tag + GitHub Release + release-time smoke test).",
8
- "version": "1.34.4"
8
+ "version": "1.35.2"
9
9
  },
10
10
  "plugins": [
11
11
  {
12
12
  "name": "get-design-done",
13
13
  "source": "./",
14
14
  "description": "Agent-orchestrated 5-stage design pipeline: Brief → Explore → Plan → Design → Verify. 22+ specialized agents, 9 connections (Figma, Refero, Preview, Storybook, Chromatic, Figma Writer, Graphify, Pinterest, Claude Design), Claude Design handoff, bidirectional Figma write-back, and a queryable intel store (.design/intel/) for dependency and learnings queries. Standalone commands: style, darkmode, compare, figma-write, graphify, handoff, analyze-dependencies, skill-manifest, extract-learnings. Embeds NNG heuristics, WCAG thresholds, typographic systems, motion framework, and anti-pattern catalog. Ships with a full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows) and release automation. Optimization layer (v1.0.4.1, retroactive): gdd-router + gdd-cache-manager skills, PreToolUse budget-enforcer hook, tier-aware agent frontmatter, lazy checker gates, streaming synthesizer, /gdd:warm-cache + /gdd:optimize commands, and cost telemetry at .design/telemetry/costs.jsonl — targeting 50-70% per-task token-cost reduction with no quality-floor regression. v1.20.0 SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream at .design/telemetry/events.jsonl, resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) with rate-limit + 429 + context-overflow recovery, and TypeScript toolchain.",
15
- "version": "1.34.4",
15
+ "version": "1.35.2",
16
16
  "author": {
17
17
  "name": "hegemonart"
18
18
  },
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "get-design-done",
3
3
  "short_name": "gdd",
4
- "version": "1.34.4",
4
+ "version": "1.35.2",
5
5
  "description": "Agent-orchestrated 5-stage design pipeline: Brief → Explore → Plan → Design → Verify. 22+ specialized agents, 9 connections (Figma, Refero, Preview, Storybook, Chromatic, Figma Writer, Graphify, Pinterest, Claude Design), handoff-first workflow via Claude Design bundles, bidirectional Figma write-back (annotations, Code Connect), queryable intel store (`.design/intel/`) for O(1) design surface lookups, and self-improvement loop (reflector agent, frontmatter + budget feedback, global-skills layer at `~/.claude/gdd/global-skills/`). Standalone commands: style, darkmode, compare, figma-write, graphify, handoff, analyze-dependencies, skill-manifest, extract-learnings, reflect, apply-reflections. Embeds NNG heuristics, WCAG thresholds, typographic systems, motion framework, and anti-pattern catalog. Ships with a full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows, lint + schema + frontmatter + stale-ref + shellcheck + gitleaks + injection-scan + blocking size-budget) and release automation (auto-tag + GitHub Release + release-time smoke test). Optimization layer (v1.0.4.1, retroactive): gdd-router + gdd-cache-manager skills, PreToolUse budget-enforcer hook, tier-aware agent frontmatter, lazy checker gates, streaming synthesizer, /gdd:warm-cache + /gdd:optimize commands, and cost telemetry at .design/telemetry/costs.jsonl — targeting 50-70% per-task token-cost reduction with no quality-floor regression. v1.20.0 SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream at .design/telemetry/events.jsonl, resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) with rate-limit + 429 + context-overflow recovery, and TypeScript toolchain. v1.27.7 ships gdd-mcp (Phase 27.7): 12 read-only MCP tools for sub-3s priming. v1.28.0 (Phase 28): Foundational References Tier 2 — 5 new reference files (color-theory, composition, proportion-systems, i18n, contrast-advanced), 2 verifier i18n probes + 1 explore i18n-readiness probe, 12 additive cross-link insertions across 10 existing references, 2 orthogonal audit-scoring lens-tags (composition_alignment + i18n_readiness).",
6
6
  "author": {
7
7
  "name": "hegemonart",
package/CHANGELOG.md CHANGED
@@ -4,6 +4,49 @@ All notable changes to get-design-done are documented here. Versions follow [sem
4
4
 
5
5
  ---
6
6
 
7
+ ## [1.35.2] - 2026-06-01
8
+
9
+ ### Phase 35.2 — Team Surfaces: Notification Backplane (Slack + Discord)
10
+
11
+ Second sub-phase of the split **Phase 35**. Routes GDD pipeline events (verify-fail, audit-pass, ship) to **Slack + Discord** via incoming webhooks, so a non-GDD-running teammate is alerted in the channel they watch. **No new runtime dependency** — the dispatcher POSTs via an injectable `fetchImpl` (default global `fetch`; no `@slack/*` / `discord.js` SDK). Every outbound body is **redacted** at a single chokepoint; per-channel kill-switches + degrade-to-noop guarantee notification delivery never blocks the pipeline. A decimal on the v1.35.x arc. The parent Phase 35 stays open (35.3 Ticket Sync remains).
12
+
13
+ ### Added
14
+
15
+ - **`connections/slack.md` + `connections/discord.md`** — incoming-webhook notification specs (`SLACK_WEBHOOK_URL` / `DISCORD_WEBHOOK_URL` env; env-presence probe; redact + kill-switch + degrade-to-noop).
16
+ - **`scripts/lib/notify/dispatch.cjs`** — `dispatch(event, {fetchImpl, config, env})`: resolves event→channel routing, builds the **redacted** payload (single chokepoint), honors per-channel kill-switches, POSTs via an **injectable fetchImpl** (no Slack/Discord SDK), and **degrades-to-noop** (missing URL / disabled / error never throws). Allowlisted under the Phase-33.5 outbound gate (`scripts/lib/notify/**`); `scan:outbound` 0 findings.
17
+ - **`reference/notification-routing.md`** — event→channel routing contract + the redact chokepoint + kill-switches; registered in `reference/registry.json`.
18
+ - **`connections/connections.md`** — a **notify** capability-matrix column + Slack/Discord rows + env-based probes; onboarded 14 → 16.
19
+ - **Privacy guard** — `test/suite/notify-privacy-guard.test.cjs` asserts no `scripts/lib/notify/*.cjs` builds an outbound body without `redact` (SC#5).
20
+
21
+ ### Notes
22
+
23
+ - **No new runtime dependency** (injectable `fetch`); per-channel kill-switch `GDD_DISABLE_SLACK` / `GDD_DISABLE_DISCORD` mirrors Phase 30 / 35.1.
24
+ - 6-manifest lockstep at **v1.35.2** + `OFF_CADENCE_VERSIONS.add('1.35.2')` + the 20 live-pinned `manifests-version.txt` baselines forward-propagated 1.35.1 → 1.35.2.
25
+ - The 31.5 tarball golden was regenerated as a reviewed delta: **+4** (`connections/slack.md`, `connections/discord.md`, `scripts/lib/notify/dispatch.cjs`, `reference/notification-routing.md`), zero removals.
26
+
27
+ ---
28
+
29
+ ## [1.35.1] - 2026-06-01
30
+
31
+ ### Phase 35.1 — Team Surfaces: PR Inline Integration
32
+
33
+ First sub-phase of the split **Phase 35 (Team Surfaces Layer)**. Makes GDD's verify/audit output visible **inline on the pull request** — the surface a non-GDD-running teammate actually watches. After `/gdd:ship` creates the PR, the new `pr-commenter` agent posts inline review comments on changed lines, attaches Preview/Chromatic before-after screenshot pairs, and registers a `gdd/design-review` status check (audit pillar scores + verify pass/fail + a11y). **No new runtime dependency** — `gh` is the outbound channel (the `/gdd:ship` + `/gdd:report-issue` precedent); every outbound body is redacted; a `GDD_DISABLE_PR_COMMENTER` kill-switch + degrade-to-noop guarantee the agent never fails the ship. Opens the v1.35.x arc (CHANGELOG-only decimal). The parent Phase 35 stays open (35.2 Notification Backplane + 35.3 Ticket Sync remain).
34
+
35
+ ### Added
36
+
37
+ - **`agents/pr-commenter.md` (inline PR review + status check, D-02/D-03).** A single-shot post-ship agent: posts inline review comments via `gh api .../pulls/{n}/comments` (selector-specific WCAG/verify findings on changed lines), attaches Preview (Phase 8) / Chromatic (Phase 25) before-after screenshot pairs when present, and registers the `gdd/design-review` check-run via `gh api .../check-runs` carrying audit pillar scores + verify pass/fail + a11y result. `size_budget: M`, `## Record`.
38
+ - **`reference/pr-review-integration.md` (the gh contract, registered).** The authoritative `gh`-CLI shapes the agent posts against — inline-comment payload, summary review, the `gdd/design-review` check-run, screenshot-pair attachment, mandatory `redact.cjs`, the kill-switch, and the consent-driven branch-protection setup (`scripts/apply-branch-protection.sh`; GDD registers the check, never force-edits protection). Registered in `reference/registry.json`.
39
+ - **`/gdd:ship` wiring (D-06).** `skills/ship/SKILL.md` Step 6.5 spawns `pr-commenter` (via `Task`) after `gh pr create` — degrade-to-noop, never blocks the ship success path.
40
+ - **Regression baseline.** `test/fixtures/baselines/phase-35-1/` + `test/suite/phase-35-1-baseline.test.cjs` (version-agnostic); plus structural + ship-wiring tests (`pr-commenter-static`, `ship-pr-commenter-wiring`).
41
+
42
+ ### Notes
43
+
44
+ - **No new runtime dependency** — `gh` only (no `@octokit`/GitHub SDK); every outbound body routes through `scripts/lib/redact.cjs`; per-surface kill-switch `GDD_DISABLE_PR_COMMENTER` mirrors Phase 30.
45
+ - The 31.5 tarball golden was regenerated as a reviewed delta: **+2** (`agents/pr-commenter.md`, `reference/pr-review-integration.md`), zero removals.
46
+ - 6-manifest lockstep at **v1.35.1**. Version-sync hygiene upfront (D-09): `OFF_CADENCE_VERSIONS.add('1.35.1')` + the 19 live-pinned `manifests-version.txt` baselines forward-propagated 1.34.4 → 1.35.1.
47
+
48
+ ---
49
+
7
50
  ## [1.34.4] - 2026-06-01
8
51
 
9
52
  ### Phase 34.4 — Lazyweb + Mobbin Research Connections (recovered)
package/README.md CHANGED
@@ -134,6 +134,14 @@ The constraints live in [`reference/print-design.md`](reference/print-design.md)
134
134
 
135
135
  The **discover** stage grounds design in real product references, resolving sources **cost-aware — the free source is tried before any paid one**. [`Lazyweb`](connections/lazyweb.md) (free MCP, 250k+ app screens — pricing pages, onboarding, redesign comparisons) is **Tier 1, always first**; [`Mobbin`](connections/mobbin.md) (paid MCP, 600k+ screens / 130k+ flows — mobile + flow-level) and [`Refero`](connections/refero.md) are **Tier 2** (use whichever you subscribe to), then Pinterest → local archetypes → WebFetch. Both are optional user-installed MCPs (**no new runtime dependency**), onboardable via `/gdd:connections`.
136
136
 
137
+ ### Team surfaces — PR inline review (v1.35.1)
138
+
139
+ After `/gdd:ship` opens the PR, the [`pr-commenter`](agents/pr-commenter.md) agent posts GDD's verify/audit output **inline** on it: selector-specific findings as inline review comments on changed lines, Preview/Chromatic before-after screenshot pairs, and a `gdd/design-review` status check (audit pillar scores + verify pass/fail + a11y) that a teammate's branch protection can require. Outbound bodies are redacted; `GDD_DISABLE_PR_COMMENTER` (or `.design/config.json`) is the kill-switch; it degrades to a noop (prints bodies for manual paste) and **never fails the ship**. Uses `gh` only — **no new runtime dependency**. First sub-phase of the Team Surfaces layer (Slack/Discord notifications + Linear/Jira ticket-sync follow). Contract: [`reference/pr-review-integration.md`](reference/pr-review-integration.md).
140
+
141
+ ### Team surfaces — Notification backplane (v1.35.2)
142
+
143
+ Routes pipeline events (verify-fail / audit-pass / ship) to **Slack** + **Discord** via incoming webhooks ([`connections/slack.md`](connections/slack.md) / [`connections/discord.md`](connections/discord.md)). The dispatcher ([`scripts/lib/notify/dispatch.cjs`](scripts/lib/notify/dispatch.cjs)) redacts every body at a single chokepoint, honors per-channel kill-switches (`GDD_DISABLE_SLACK` / `GDD_DISABLE_DISCORD`), and degrades to a noop when a webhook URL is unset — notification never blocks the pipeline. **No new runtime dependency** (injectable `fetch`, no Slack/Discord SDK). Routing: [`reference/notification-routing.md`](reference/notification-routing.md).
144
+
137
145
  ### Previous releases
138
146
 
139
147
  - **v1.26.0** — Headless Model Resolver (per-runtime tier→model map, `resolved_models` router field, per-runtime price tables, `reasoning-class` runtime-neutral alias).
@@ -0,0 +1,132 @@
1
+ ---
2
+ name: pr-commenter
3
+ description: Posts GDD verify/audit output inline on a pull request — selector-specific findings as inline review comments via gh api, Preview/Chromatic before-after screenshot pairs, and a gdd/design-review check-run carrying audit/verify/a11y results. Outbound bodies redacted; degrades to noop when gh is absent or disabled. Spawned by /gdd:ship after PR creation.
4
+ tools: Read, Bash, Grep, Glob
5
+ color: cyan
6
+ default-tier: sonnet
7
+ tier-rationale: "Maps already-computed verify/audit findings onto PR surfaces via gh; no design judgment — a sonnet-tier mechanical post, not an Opus plan."
8
+ size_budget: M
9
+ size_budget_rationale: "Honest tier sized to the ~180-line body (M cap 300). The agent states the posting contract — inline comments, the gdd/design-review check-run, screenshot-pair attach, redact, kill-switch, degrade-to-noop — and DELEGATES the verbatim gh-api JSON shapes (pulls/comments payload, check-runs payload, branch-protection setup) to reference/pr-review-integration.md (the email-executor→email-design.md precedent). Raise to LARGE only if those API shapes are ever inlined here."
10
+ parallel-safe: false
11
+ typical-duration-seconds: 45
12
+ reads-only: false
13
+ writes:
14
+ - ".design/intel/insights.jsonl"
15
+ ---
16
+
17
+ @reference/shared-preamble.md
18
+
19
+ # pr-commenter
20
+
21
+ ## Role
22
+
23
+ You make GDD's verify/audit output **visible inline on the pull request** — the surface a non-GDD-running teammate actually watches. After `/gdd:ship` has created the PR, you post **inline review comments** on changed lines, attach **before-after screenshot pairs** when present, and register a **`gdd/design-review` check-run**. You are a **single-shot, post-ship** agent: receive the PR number + repo, read the verify/audit artifacts, post via `gh`, emit the record, done. You do not re-plan, gate the pipeline, spawn other agents, or ask clarifying questions.
24
+
25
+ You are an **agent-prompt**, not a service: GDD posts to the PR when an LLM (you) invokes this prompt and runs `gh`. You require **no GitHub SDK** (`@octokit` etc.) and **no network library** — `gh` is the sanctioned outbound channel (the `/gdd:ship` + `/gdd:report-issue` precedent). When `gh` is unavailable, you **degrade to noop** (print the bodies for manual paste) — you never fail the ship.
26
+
27
+ ---
28
+
29
+ ## Required Reading
30
+
31
+ Read every file the caller lists in its `<required_reading>` block before acting. At minimum:
32
+
33
+ - `.design/STATE.md` — pipeline state, `<connections>` (Preview/Chromatic availability), cycle/stage for the record.
34
+ - `.design/DESIGN-VERIFICATION.md` — per-task pass/fail + selector-specific observations (the inline-comment source).
35
+ - `.design/DESIGN-AUDIT.md` (if present) — pillar scores (the check-run summary source).
36
+ - **`reference/pr-review-integration.md`** — the **authoritative** posting contract: the `gh api .../pulls/{n}/comments` inline-comment JSON shape, the `gh api .../check-runs` `gdd/design-review` payload, screenshot-pair attachment, the redact requirement, the kill-switch, and the branch-protection setup. You **post against this contract** — you do not re-derive the API shapes here.
37
+
38
+ **Invariant:** read the listed files FIRST. Resolve the target PR + repo from the caller's context (PR number/URL from `/gdd:ship`, repo from `gh repo view --json nameWithOwner`).
39
+
40
+ ---
41
+
42
+ ## Kill-switch + degrade (check FIRST, before any gh call)
43
+
44
+ 1. **Kill-switch.** If `GDD_DISABLE_PR_COMMENTER=1` in env OR `.design/config.json` has `pr_commenter.enabled === false` → **noop**: print "pr-commenter disabled" and emit the record. Do nothing else.
45
+ 2. **gh availability.** `command -v gh` and `gh auth status`. If gh is absent or unauthenticated → **degrade to noop**: print the assembled comment + check bodies so the user can paste them manually; do **not** error.
46
+ 3. **PR presence.** If no PR number was supplied (ship ran `--draft`-less manual path, or PR creation failed) → noop with a one-line note.
47
+
48
+ Never let a `gh` hiccup fail the `/gdd:ship` success path — every failure mode here is a degraded noop, not an error.
49
+
50
+ ---
51
+
52
+ ## Redact every outbound body (mandatory, D-05)
53
+
54
+ Before any `gh` call, pass each comment/summary string through the secret-redactor:
55
+
56
+ ```js
57
+ const { redact } = require('scripts/lib/redact.cjs');
58
+ const safeBody = redact(commentBody);
59
+ ```
60
+
61
+ `redact` (Phase 22, 11 patterns) strips API keys/tokens/secrets. **Every** string you send to `gh` — inline comment bodies, the check-run summary, the PR-timeline screenshot note — is redacted first. Never post a raw artifact excerpt without redacting it.
62
+
63
+ ---
64
+
65
+ ## What you post (against `reference/pr-review-integration.md`)
66
+
67
+ 1. **Inline review comments** — for each verify/audit finding that maps to a changed file+line, post an inline comment via `gh api repos/{owner}/{repo}/pulls/{n}/comments` (path + line + redacted body: the finding, the rule/pillar, and a one-line suggested fix). Findings with no changed-line locus go into a single summary review comment, not scattered.
68
+ 2. **Screenshot pairs (degrade, D-04)** — when `.design/STATE.md` `<connections>` shows `preview: available` or `chromatic: available` AND a before-after pair exists for a changed surface, attach the image refs in the comment/PR timeline. When absent → text-only; never a precondition.
69
+ 3. **`gdd/design-review` check-run (D-03)** — `gh api repos/{owner}/{repo}/check-runs` with `name: "gdd/design-review"`, a `conclusion` (`success` if verify passed + no blocker pillars, `failure` if verify failed or a11y-gate failed, else `neutral`), and an `output.summary` carrying the audit pillar scores + verify pass/fail + a11y result. This is the gate a teammate's branch-protection rule can require — see the reference for the required-check setup (`scripts/apply-branch-protection.sh`); you **register** the check, you never edit branch protection.
70
+
71
+ ---
72
+
73
+ ## Execution Principles
74
+
75
+ 1. **Post-ship surface, not a gate.** You run after the PR exists; you never block ship or the pipeline. Every failure → degraded noop.
76
+ 2. **Redact everything outbound (D-05).** No raw artifact excerpt reaches `gh` un-redacted.
77
+ 3. **Observable outcomes only.** Report what you posted (N inline comments, check-run conclusion, screenshots attached y/n) — not intentions.
78
+ 4. **`reference/pr-review-integration.md` is authoritative** for the gh-api shapes; apply it, do not re-derive.
79
+ 5. **Decision authority:** in-context → proceed; out-of-context (architectural, contradicts a locked D-XX, a new external API) → Rule 4: STOP, note it, emit the marker.
80
+ 6. **Single-task scope.** Touch no repo files; your only local write is the record line.
81
+
82
+ ---
83
+
84
+ ## Deviation Rules
85
+
86
+ Apply automatically; track each in a `## Deviations` section.
87
+
88
+ - **Rule 1 — Bug:** a malformed `gh api` payload, an un-redacted body, a wrong PR/line locus → fix inline.
89
+ - **Rule 2 — Missing Critical:** a finding with a changed-line locus not posted, the check-run not registered, redact not applied → add it.
90
+ - **Rule 3 — Blocking:** `gh` absent/unauth, no PR, kill-switch on → **degrade to noop** (not an error); print bodies for manual paste; note it.
91
+ - **Rule 4 — Architectural:** switching off `gh` to a GitHub SDK, adding a network dependency, editing branch protection without consent → STOP, note it, still emit the marker.
92
+
93
+ **Fix attempt limit:** stop after 3 attempts on one `gh` call; degrade to printing that body and continue.
94
+
95
+ ---
96
+
97
+ ## Output
98
+
99
+ In your final response, state: the PR posted to, the number of inline comments posted, the `gdd/design-review` check-run conclusion, whether screenshot pairs were attached (and the connection that sourced them), and any degraded-noop reason. Do not modify repo files.
100
+
101
+ Terminate with exactly this line, on its own line:
102
+
103
+ ```
104
+ ## EXECUTION COMPLETE
105
+ ```
106
+
107
+ ---
108
+
109
+ ## Constraints
110
+
111
+ This agent MUST NOT:
112
+
113
+ - Run `git clean` (any flags) — absolute prohibition.
114
+ - Fail the `/gdd:ship` success path — every failure mode degrades to a noop.
115
+ - Add a GitHub SDK (`@octokit`/etc.) or any network dependency — `gh` is the channel (D-02).
116
+ - Post any outbound body without passing it through `scripts/lib/redact.cjs` (D-05).
117
+ - Edit branch-protection rules — register the `gdd/design-review` check only; required-check setup is the user's repo-settings step (D-03).
118
+ - Modify the plan, context, connection index, or any repo file; re-plan; spawn other agents; ask clarifying questions; or `git add .`/`-A`.
119
+
120
+ ---
121
+
122
+ ## Record
123
+
124
+ At run-end, append one JSONL line to `.design/intel/insights.jsonl`:
125
+
126
+ ```json
127
+ {"ts":"<ISO-8601>","agent":"pr-commenter","cycle":"<cycle from STATE.md>","stage":"<stage from STATE.md>","one_line_insight":"<PR #N: M inline comments + gdd/design-review=<conclusion> + screenshots=<y/n/degraded>>","artifacts_written":[]}
128
+ ```
129
+
130
+ Schema: `reference/schemas/insight-line.schema.json`.
131
+
132
+ ## EXECUTION COMPLETE
@@ -2,7 +2,7 @@
2
2
 
3
3
  This directory contains connection specifications for external tools and MCPs that the get-design-done pipeline integrates with. Each connection has its own spec file. This file is the index.
4
4
 
5
- **Getting started:** run `/gdd:connections` for the interactive onboarding wizard — it probes all 14 connections, recommends setup based on your project type, and walks you through installing each one (auto-run for reversible MCP adds, copy-command for everything else). You can also run `/gdd:connections list` for a read-only status check or `/gdd:connections <name>` to jump to a single connection's setup.
5
+ **Getting started:** run `/gdd:connections` for the interactive onboarding wizard — it probes all 16 connections, recommends setup based on your project type, and walks you through installing each one (auto-run for reversible MCP adds, copy-command for everything else). You can also run `/gdd:connections list` for a read-only status check or `/gdd:connections <name>` to jump to a single connection's setup.
6
6
 
7
7
  ---
8
8
 
@@ -30,6 +30,8 @@ This directory contains connection specifications for external tools and MCPs th
30
30
  | Print-Renderer | Active | [`connections/print-renderer.md`](connections/print-renderer.md) | **Optional** print render-test (Paged.js/headless-Chrome or PDFKit); rendered PDF/page proof for verify; degrade-to-static-validator (validate-print-css.cjs) / code-only when absent (D-03) |
31
31
  | Lazyweb | Active | [`connections/lazyweb.md`](connections/lazyweb.md) | **Free** bearer-token MCP `lazyweb_search` / `lazyweb_health` (ToolSearch-only probe; copy-command setup, no auto-run); discover **Tier 1** — tried first (D-01) |
32
32
  | Mobbin | Active | [`connections/mobbin.md`](connections/mobbin.md) | **Paid** HTTP MCP `claude mcp add mobbin --transport http https://api.mobbin.com/mcp` (ToolSearch-only probe; auto-run-safe, OAuth); discover **Tier 2** — mobile/flow-level (D-01) |
33
+ | Slack | Active | [`connections/slack.md`](connections/slack.md) | **Notify** (Team Surfaces) — `SLACK_WEBHOOK_URL` incoming webhook; routed+redacted pipeline events; `GDD_DISABLE_SLACK` kill-switch; degrade-to-noop |
34
+ | Discord | Active | [`connections/discord.md`](connections/discord.md) | **Notify** (Team Surfaces) — `DISCORD_WEBHOOK_URL` channel webhook; parity with Slack; `GDD_DISABLE_DISCORD` kill-switch; degrade-to-noop |
33
35
 
34
36
  ---
35
37
 
@@ -37,28 +39,30 @@ This directory contains connection specifications for external tools and MCPs th
37
39
 
38
40
  Each cell describes what the connection contributes at that pipeline stage, or `—` if it is not used.
39
41
 
40
- | Connection | scan | discover | plan | design | verify | canvas | generator |
41
- |-----------|------|----------|------|--------|--------|--------|-----------|
42
- | gdd-state | STATE mutation (init position, probe_connections, add_decision) | STATE mutation (add_decision, add_must_have, transition gate) | STATE mutation (locked decisions, must_haves, transition gate) | STATE mutation (update_progress, resolve_blocker, transition gate) | STATE mutation (must_have pass/fail, add_blocker, set_status) | — | — |
43
- | Figma | token augmentation via `get_variable_defs` (CONN-03) | decisions pre-populate via `get_variable_defs` (CONN-04) | — | write tokens/annotations/Code Connect via `use_figma` (FWR-01..04) | — | — | — |
44
- | Refero | — | reference search via `mcp__refero__search`; fallback → awesome-design-md (CONN-05) | — | — | — | — | — |
45
- | Preview | — | — | — | — | screenshots for `? VISUAL` checks (VIS-02) | — | — |
46
- | Storybook | — | component inventory (STB-01) | change-risk via story count (STB-02) | `.stories.tsx` stub (STB-03) | a11y per story (STB-02) | — | — |
47
- | Chromatic | — | — | change-risk scoping (CHR-02) | — | visual delta narration (CHR-01) | — | — |
48
- | Graphify | — | — | dependency scoping (GRF-03) | — | orphan detection (GRF-04) | — | — |
49
- | Pinterest | probe only | visual reference search via `pinterest_search`; fallback → Refero → awesome-design-md | — | — | — | — | — |
50
- | Claude Design | bundle probe → `claude_design: available` | synthesizer handoff mode — parses bundle → D-XX decisions; discussant `--from-handoff` confirms | — (skipped in handoff) | — (skipped in handoff) | Handoff Faithfulness section; bidirectional write-back via figma-writer `implementation-status` mode | — | — |
51
- | paper.design | — | canvas read: `get_selection`, `get_jsx`, `get_computed_styles` | — | paper-writer: annotate/tokenize/roundtrip | `get_screenshot` for `? VISUAL` | ✓ | — |
52
- | pencil.dev | `.pen` discovery | `.pen` as canonical design source | — | pencil-writer: annotate/roundtrip | spec-vs-impl diff | ✓ | — |
53
- | 21st.dev | — | prior-art gate: marketplace search before greenfield build | — | component-generator (21st impl) | — | — | ✓ |
54
- | Magic Patterns | — | — | — | component-generator (magic-patterns impl) | preview_url → `? VISUAL` check | — | ✓ |
55
- | OpenRouter | — | — | — | — | — | — | ✓ (model-router: tier→model resolution, all stages) |
56
- | Xcode Simulator | — | — | — | native iOS code-gen target (swift-executor / emitSwift) | rendered SwiftUI snapshot when simulator available, else degrade to code-only structural audit (D-03) | — | — |
57
- | Android Emulator | — | — | — | native Android code-gen target (compose-executor / emitCompose) | rendered Compose screenshot when emulator available, else degrade to code-only structural audit (D-03) | — | — |
58
- | Litmus | — | — | — | email render-test target (email-executor) | cross-client rendered evidence when Litmus available, else degrade to the static email-HTML validator / code-only (D-03) | — | — |
59
- | Print-Renderer | — | — | — | print render-test target (pdf-executor) | rendered PDF/page evidence when the print-render is available, else degrade to the static print-CSS validator / code-only (D-03) | — | — |
60
- | Lazyweb | — | reference search via `lazyweb_search` (**Tier 1 — free, tried first**; D-01); complements refero/pinterest | — | — | — | — | — |
61
- | Mobbin | — | reference search via mobbin tools (**Tier 2 — paid, mobile/flow-level**; D-01); complements refero/lazyweb | — | — | — | — | — |
42
+ | Connection | scan | discover | plan | design | verify | canvas | generator | notify |
43
+ |-----------|------|----------|------|--------|--------|--------|-----------|--------|
44
+ | gdd-state | STATE mutation (init position, probe_connections, add_decision) | STATE mutation (add_decision, add_must_have, transition gate) | STATE mutation (locked decisions, must_haves, transition gate) | STATE mutation (update_progress, resolve_blocker, transition gate) | STATE mutation (must_have pass/fail, add_blocker, set_status) | — | — | — |
45
+ | Figma | token augmentation via `get_variable_defs` (CONN-03) | decisions pre-populate via `get_variable_defs` (CONN-04) | — | write tokens/annotations/Code Connect via `use_figma` (FWR-01..04) | — | — | — | — |
46
+ | Refero | — | reference search via `mcp__refero__search`; fallback → awesome-design-md (CONN-05) | — | — | — | — | — | — |
47
+ | Preview | — | — | — | — | screenshots for `? VISUAL` checks (VIS-02) | — | — | — |
48
+ | Storybook | — | component inventory (STB-01) | change-risk via story count (STB-02) | `.stories.tsx` stub (STB-03) | a11y per story (STB-02) | — | — | — |
49
+ | Chromatic | — | — | change-risk scoping (CHR-02) | — | visual delta narration (CHR-01) | — | — | — |
50
+ | Graphify | — | — | dependency scoping (GRF-03) | — | orphan detection (GRF-04) | — | — | — |
51
+ | Pinterest | probe only | visual reference search via `pinterest_search`; fallback → Refero → awesome-design-md | — | — | — | — | — | — |
52
+ | Claude Design | bundle probe → `claude_design: available` | synthesizer handoff mode — parses bundle → D-XX decisions; discussant `--from-handoff` confirms | — (skipped in handoff) | — (skipped in handoff) | Handoff Faithfulness section; bidirectional write-back via figma-writer `implementation-status` mode | — | — | — |
53
+ | paper.design | — | canvas read: `get_selection`, `get_jsx`, `get_computed_styles` | — | paper-writer: annotate/tokenize/roundtrip | `get_screenshot` for `? VISUAL` | ✓ | — | — |
54
+ | pencil.dev | `.pen` discovery | `.pen` as canonical design source | — | pencil-writer: annotate/roundtrip | spec-vs-impl diff | ✓ | — | — |
55
+ | 21st.dev | — | prior-art gate: marketplace search before greenfield build | — | component-generator (21st impl) | — | — | ✓ | — |
56
+ | Magic Patterns | — | — | — | component-generator (magic-patterns impl) | preview_url → `? VISUAL` check | — | ✓ | — |
57
+ | OpenRouter | — | — | — | — | — | — | ✓ (model-router: tier→model resolution, all stages) | — |
58
+ | Xcode Simulator | — | — | — | native iOS code-gen target (swift-executor / emitSwift) | rendered SwiftUI snapshot when simulator available, else degrade to code-only structural audit (D-03) | — | — | — |
59
+ | Android Emulator | — | — | — | native Android code-gen target (compose-executor / emitCompose) | rendered Compose screenshot when emulator available, else degrade to code-only structural audit (D-03) | — | — | — |
60
+ | Litmus | — | — | — | email render-test target (email-executor) | cross-client rendered evidence when Litmus available, else degrade to the static email-HTML validator / code-only (D-03) | — | — | — |
61
+ | Print-Renderer | — | — | — | print render-test target (pdf-executor) | rendered PDF/page evidence when the print-render is available, else degrade to the static print-CSS validator / code-only (D-03) | — | — | — |
62
+ | Lazyweb | — | reference search via `lazyweb_search` (**Tier 1 — free, tried first**; D-01); complements refero/pinterest | — | — | — | — | — | — |
63
+ | Mobbin | — | reference search via mobbin tools (**Tier 2 — paid, mobile/flow-level**; D-01); complements refero/lazyweb | — | — | — | — | — | — |
64
+ | Slack | — | — | — | — | — | — | — | verify-fail/audit-pass/ship → Slack webhook (routed, redacted, degrade-to-noop; D-04/D-05) |
65
+ | Discord | — | — | — | — | — | — | — | parity with Slack — events → Discord webhook (routed, redacted, degrade-to-noop) |
62
66
 
63
67
  **Column definitions:**
64
68
 
@@ -164,6 +168,22 @@ Step E1 — ToolSearch check:
164
168
  Write mobbin status to STATE.md <connections>.
165
169
  ```
166
170
 
171
+ **Slack probe (env-based, no MCP):**
172
+
173
+ ```
174
+ Step F1 — Bash: test -n "$SLACK_WEBHOOK_URL"
175
+ → empty / GDD_DISABLE_SLACK=1 → slack: not_configured
176
+ → non-empty → slack: available
177
+ ```
178
+
179
+ **Discord probe (env-based, no MCP):**
180
+
181
+ ```
182
+ Step G1 — Bash: test -n "$DISCORD_WEBHOOK_URL"
183
+ → empty / GDD_DISABLE_DISCORD=1 → discord: not_configured
184
+ → non-empty → discord: available
185
+ ```
186
+
167
187
  Note: Lazyweb + Mobbin probes are ToolSearch-only (no live call). The discover stage resolves reference sources **cost-aware (D-01): Lazyweb (free) → Mobbin / Refero (paid, whichever is bound + subscribed) → Pinterest → awesome-design-md → WebFetch.**
168
188
 
169
189
  ---
@@ -0,0 +1,77 @@
1
+ # Discord — Connection Specification
2
+
3
+ This file is the connection specification for Discord within the get-design-done pipeline. It lives in `connections/` alongside other connection specs. See `connections/connections.md` for the full connection index and capability matrix (the discord row is added at the 35.2 closeout).
4
+
5
+ ---
6
+
7
+ Discord is a **notification surface** for the Team Surfaces layer — the parity of `connections/slack.md`. GDD routes pipeline events (verify-fail, audit-pass, ship) to a Discord channel via a **channel Webhook**. Outbound only; every body is redacted; delivery degrades to a noop when unconfigured or disabled. The contract is identical to Slack — only the webhook host and the payload field (`content` vs Slack's `text`) differ.
8
+
9
+ ---
10
+
11
+ ## Setup
12
+
13
+ **Prerequisites:** a Discord **channel Webhook** URL (Channel → Edit → Integrations → Webhooks → New Webhook → Copy Webhook URL → `https://discord.com/api/webhooks/...`).
14
+
15
+ **Token (env, never committed):**
16
+
17
+ ```bash
18
+ export DISCORD_WEBHOOK_URL="https://discord.com/api/webhooks/XXX/YYY"
19
+ ```
20
+
21
+ The webhook URL is a credential — never commit it, never log it, rotate if exposed. GDD reads it from env only.
22
+
23
+ **Verification:**
24
+
25
+ ```bash
26
+ test -n "${DISCORD_WEBHOOK_URL}" && echo "discord webhook present" || echo "discord webhook absent"
27
+ ```
28
+
29
+ ---
30
+
31
+ ## What GDD sends
32
+
33
+ The notify dispatcher (`scripts/lib/notify/dispatch.cjs`) posts a routed, **redacted** message for pipeline events, using the same routing as Slack (`reference/notification-routing.md`, overridable in `.design/config.json#notifications`): `verify_fail` → critical, `audit_pass`/`ship` → digest.
34
+
35
+ Discord payload shape: `{ "content": "<redacted summary>" }` (Discord's field is `content`, not Slack's `text`). No embeds in v1.
36
+
37
+ ## Redaction (mandatory)
38
+
39
+ Every body passes through `scripts/lib/redact.cjs` before the POST (the single egress chokepoint; asserted by `test/suite/notify-privacy-guard.test.cjs`).
40
+
41
+ ## Kill-switch
42
+
43
+ Noop when **either** `GDD_DISABLE_DISCORD=1` (env) **or** `.design/config.json` `"notifications": { "discord": { "enabled": false } }`. `gsd-health` surfaces it.
44
+
45
+ ## Availability probe (env-based, no MCP)
46
+
47
+ ```bash
48
+ test -n "${DISCORD_WEBHOOK_URL}"
49
+ ```
50
+
51
+ - Non-empty AND not disabled → `discord: available`
52
+ - Empty → `discord: not_configured`
53
+ - Present but a POST errored → `discord: unavailable`
54
+
55
+ Write `discord` status to `.design/STATE.md` `<connections>`.
56
+
57
+ ## Degrade-to-noop
58
+
59
+ Missing `DISCORD_WEBHOOK_URL`, kill-switch on, or a POST failure → skipped (no error); the pipeline never blocks (D-03). The dispatcher returns `{ channel: "discord", status: "skipped"|"sent"|"error" }` and never throws.
60
+
61
+ ## STATE.md integration
62
+
63
+ ```xml
64
+ <connections>
65
+ discord: not_configured
66
+ </connections>
67
+ ```
68
+
69
+ | Value | Meaning |
70
+ |---|---|
71
+ | `available` | `DISCORD_WEBHOOK_URL` set AND not disabled |
72
+ | `unavailable` | URL present but a send errored |
73
+ | `not_configured` | no `DISCORD_WEBHOOK_URL` |
74
+
75
+ ## Outbound + dispatcher
76
+
77
+ The POST is `scripts/lib/notify/dispatch.cjs` (injectable `fetchImpl` default global `fetch`; **no `discord.js` dependency**), allowlisted under the Phase-33.5 outbound gate (`scripts/lib/notify/**`). Slack is the sibling surface (`connections/slack.md`) with the identical contract.
@@ -0,0 +1,83 @@
1
+ # Slack — Connection Specification
2
+
3
+ This file is the connection specification for Slack within the get-design-done pipeline. It lives in `connections/` alongside other connection specs. See `connections/connections.md` for the full connection index and capability matrix (the slack row is added at the 35.2 closeout).
4
+
5
+ ---
6
+
7
+ Slack is a **notification surface** for the Team Surfaces layer. GDD routes pipeline events (verify-fail, audit-pass, ship) to a Slack channel via an **Incoming Webhook**, so a non-GDD-running teammate gets alerted where they already watch. Outbound only; every message body is redacted; delivery degrades to a noop when unconfigured or disabled.
8
+
9
+ ---
10
+
11
+ ## Setup
12
+
13
+ **Prerequisites:** a Slack **Incoming Webhook** URL (Slack app → Incoming Webhooks → Add New Webhook to Workspace → pick a channel → copy the `https://hooks.slack.com/services/...` URL).
14
+
15
+ **Token (env, never committed):**
16
+
17
+ ```bash
18
+ export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/XXX/YYY/ZZZ"
19
+ ```
20
+
21
+ The webhook URL is a credential (anyone with it can post to your channel) — never commit it (not in source, not in `.env`, not in config), never log it, rotate if exposed. GDD reads it from env only.
22
+
23
+ **Verification:**
24
+
25
+ ```bash
26
+ test -n "${SLACK_WEBHOOK_URL}" && echo "slack webhook present" || echo "slack webhook absent"
27
+ ```
28
+
29
+ ---
30
+
31
+ ## What GDD sends
32
+
33
+ The notify dispatcher (`scripts/lib/notify/dispatch.cjs`) posts a routed, **redacted** message for pipeline events. Default routing (`reference/notification-routing.md`, overridable in `.design/config.json#notifications`):
34
+
35
+ | Event | Default behavior |
36
+ |---|---|
37
+ | `verify_fail` | post to the critical channel (the configured Slack webhook) |
38
+ | `audit_pass` | post to the digest channel |
39
+ | `ship` | post to the digest channel (PR URL + top-line audit) |
40
+
41
+ Slack payload shape: `{ "text": "<redacted summary>" }`. No blocks/attachments in v1.
42
+
43
+ ## Redaction (mandatory)
44
+
45
+ Every message body passes through `scripts/lib/redact.cjs` before the POST — secrets/API keys/tokens are stripped (11 patterns). The dispatcher is the single egress chokepoint; no notify path bypasses redact (asserted by `test/suite/notify-privacy-guard.test.cjs`).
46
+
47
+ ## Kill-switch
48
+
49
+ Slack delivery is a noop when **either** `GDD_DISABLE_SLACK=1` (env) **or** `.design/config.json` has `"notifications": { "slack": { "enabled": false } }`. `gsd-health` surfaces the state (mirrors Phase 30 / 35.1).
50
+
51
+ ## Availability probe (env-based, no MCP)
52
+
53
+ ```bash
54
+ test -n "${SLACK_WEBHOOK_URL}"
55
+ ```
56
+
57
+ - Non-empty AND not disabled → `slack: available`
58
+ - Empty → `slack: not_configured`
59
+ - Present but a POST errored at send time → `slack: unavailable`
60
+
61
+ Write `slack` status to `.design/STATE.md` `<connections>` after probing.
62
+
63
+ ## Degrade-to-noop
64
+
65
+ Missing `SLACK_WEBHOOK_URL`, kill-switch on, or a POST failure → that channel is skipped (no error); the pipeline never blocks on notification delivery (D-03). The dispatcher returns `{ channel: "slack", status: "skipped"|"sent"|"error" }` and never throws.
66
+
67
+ ## STATE.md integration
68
+
69
+ ```xml
70
+ <connections>
71
+ slack: not_configured
72
+ </connections>
73
+ ```
74
+
75
+ | Value | Meaning |
76
+ |---|---|
77
+ | `available` | `SLACK_WEBHOOK_URL` set AND not disabled |
78
+ | `unavailable` | URL present but a send errored |
79
+ | `not_configured` | no `SLACK_WEBHOOK_URL` |
80
+
81
+ ## Outbound + dispatcher
82
+
83
+ The actual POST is `scripts/lib/notify/dispatch.cjs` (POSTs via an injectable `fetchImpl`, defaulting to global `fetch`; **no `@slack/*` dependency**). It is allowlisted under the Phase-33.5 outbound gate (`scripts/security/outbound-allowlist.json` → `scripts/lib/notify/**`). Discord is the parity surface (`connections/discord.md`); the contract is identical, only the payload field differs (`text` vs `content`).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hegemonart/get-design-done",
3
- "version": "1.34.4",
3
+ "version": "1.35.2",
4
4
  "description": "A design-quality pipeline for AI coding agents: brief, plan, implement, and verify UI work against your design system.",
5
5
  "author": "Hegemon",
6
6
  "homepage": "https://github.com/hegemonart/get-design-done",
@@ -0,0 +1,54 @@
1
+ # Notification Routing — the event→channel contract for `scripts/lib/notify/dispatch.cjs`
2
+
3
+ How GDD routes pipeline events to the Team-Surfaces notification channels (Slack + Discord), redacts every outbound body, and degrades to a noop when a channel is unconfigured or disabled. Consumed by `scripts/lib/notify/dispatch.cjs`; the channel specs are `connections/slack.md` + `connections/discord.md`.
4
+
5
+ ---
6
+
7
+ ## Default routing
8
+
9
+ Event type → channels (overridable via `.design/config.json#notifications.routing`):
10
+
11
+ | Event | Meaning | Default channels |
12
+ |---|---|---|
13
+ | `verify_fail` | a verify must-have failed | slack + discord (the "critical" surface) |
14
+ | `audit_pass` | an audit cleared the quality floor | slack + discord (the "digest" surface) |
15
+ | `ship` | a PR was created (`/gdd:ship`) | slack + discord (digest — PR URL + top-line audit) |
16
+
17
+ A user narrows or splits this in `.design/config.json`:
18
+
19
+ ```json
20
+ {
21
+ "notifications": {
22
+ "routing": { "verify_fail": ["slack"], "audit_pass": ["discord"], "ship": ["slack", "discord"] },
23
+ "slack": { "enabled": true },
24
+ "discord": { "enabled": false }
25
+ }
26
+ }
27
+ ```
28
+
29
+ Unlisted event types route to nothing (no notification). Unknown channels are skipped.
30
+
31
+ ## Redaction (mandatory — the single chokepoint)
32
+
33
+ `dispatch(event)` builds the outbound body as `redact(summary + "\n" + details)` using `scripts/lib/redact.cjs` (11 secret/token patterns, Phase 22 + 33.5) **before** any POST. There is exactly one egress chokepoint; no notify path constructs an un-redacted outbound body. The static test `test/suite/notify-privacy-guard.test.cjs` asserts every `scripts/lib/notify/*.cjs` references `redact`.
34
+
35
+ ## Kill-switches (per channel)
36
+
37
+ A channel is a noop when **either**:
38
+
39
+ - env `GDD_DISABLE_SLACK=1` / `GDD_DISABLE_DISCORD=1`, or
40
+ - `.design/config.json` `notifications.<channel>.enabled === false`.
41
+
42
+ `gsd-health` surfaces each channel's enabled/disabled state (mirrors the Phase 30 + 35.1 kill-switch pattern).
43
+
44
+ ## Outbound transport (no SDK, injectable, allowlisted)
45
+
46
+ `dispatch(event, { fetchImpl, config, env })` POSTs `{ <field>: body }` to the channel's webhook URL (Slack `text`, Discord `content`) via an **injectable `fetchImpl`** (defaults to global `fetch`) — **no `@slack/*` / `discord.js` dependency** (D-02). Tests inject a stub fetchImpl (no live network — D-08). The module is allowlisted under the Phase-33.5 outbound gate (`scripts/security/outbound-allowlist.json` → `scripts/lib/notify/**`) with a threat-model egress entry.
47
+
48
+ ## Degrade-to-noop (never blocks the pipeline)
49
+
50
+ For each routed channel, a missing webhook URL → `skipped (not_configured)`; kill-switch on → `skipped (disabled)`; a POST failure → `error` (logged, not thrown). `dispatch` returns `Array<{ channel, status, reason? }>` and **never throws** — notification delivery is a best-effort side surface, never a pipeline gate (D-03).
51
+
52
+ ## Out of scope (per Phase 35 split)
53
+
54
+ Linear/Jira ticket-sync (Phase 35.3); PR-inline (35.1); `pseudonymize.cjs` identity-masking (Phase 30 — wired when available; redact for secrets is the must here); Microsoft Teams; rich blocks/embeds (plain text in v1); scheduled digests (event-driven only).
@@ -0,0 +1,96 @@
1
+ # PR Review Integration — the gh-based contract for `agents/pr-commenter.md`
2
+
3
+ How GDD surfaces verify/audit output **inline on a pull request** and as a **status check**, using the `gh` CLI only (no GitHub SDK, no network library). `agents/pr-commenter.md` posts against this contract after `/gdd:ship` creates the PR. Every outbound string is redacted first; every failure mode degrades to a noop (never fails the ship).
4
+
5
+ ---
6
+
7
+ ## Resolve target
8
+
9
+ ```bash
10
+ gh repo view --json nameWithOwner -q .nameWithOwner # owner/repo
11
+ # PR number: supplied by /gdd:ship; or: gh pr view --json number,headRefOid -q '.number, .headRefOid'
12
+ ```
13
+
14
+ `head_sha` (the PR head commit) is required for the check-run; get it from `gh pr view --json headRefOid`.
15
+
16
+ ## Inline review comments (changed-line findings)
17
+
18
+ For a finding that maps to a changed `path` + `line`, post an inline comment:
19
+
20
+ ```bash
21
+ gh api repos/{owner}/{repo}/pulls/{number}/comments \
22
+ -f body="$SAFE_BODY" -f commit_id="$HEAD_SHA" -f path="src/Button.tsx" \
23
+ -F line=42 -f side=RIGHT
24
+ ```
25
+
26
+ - `body` — **redacted** finding text: the rule/pillar (`WCAG 1.4.3` / `audit:color`), the observation, a one-line suggested fix.
27
+ - `path` + `line` + `side=RIGHT` — the changed line locus (RIGHT = the new version).
28
+ - One comment per located finding. Findings with **no** changed-line locus go into a single summary review (below), not scattered.
29
+
30
+ ## Summary review (findings without a line locus)
31
+
32
+ ```bash
33
+ gh api repos/{owner}/{repo}/pulls/{number}/reviews \
34
+ -f body="$SAFE_SUMMARY" -f event=COMMENT
35
+ ```
36
+
37
+ `event=COMMENT` (never `REQUEST_CHANGES`/`APPROVE` — GDD does not gate human approval). The summary lists verify pass/fail counts + the unlocated findings.
38
+
39
+ ## The `gdd/design-review` check-run (the team gate)
40
+
41
+ ```bash
42
+ gh api repos/{owner}/{repo}/check-runs \
43
+ -f name="gdd/design-review" -f head_sha="$HEAD_SHA" -f status=completed \
44
+ -f conclusion="$CONCLUSION" \
45
+ -f output[title]="GDD design review" -f output[summary]="$SAFE_SUMMARY"
46
+ ```
47
+
48
+ - `conclusion`: **`success`** = verify passed AND no blocker-level pillar AND a11y-gate not failed; **`failure`** = verify failed OR a11y-gate failed; **`neutral`** = verify incomplete / degraded.
49
+ - `output.summary` (redacted) carries: per-pillar audit scores (from `.design/DESIGN-AUDIT.md`), verify pass/fail (from `.design/DESIGN-VERIFICATION.md`), and the a11y-gate result.
50
+
51
+ **Making it a required check (the team step — GDD never force-edits branch protection):** a maintainer enables `gdd/design-review` as a required status check via repo Settings → Branches, or via the bundled helper:
52
+
53
+ ```bash
54
+ scripts/apply-branch-protection.sh --require-check "gdd/design-review"
55
+ ```
56
+
57
+ GDD only **registers** the check-run; requiring it is an explicit, consent-driven repo-settings action.
58
+
59
+ ## Screenshot-pair attachment (degrade)
60
+
61
+ When `.design/STATE.md` `<connections>` shows `preview: available` or `chromatic: available` AND a before-after image pair exists for a changed surface, embed the image refs in the inline/summary comment body (Markdown image syntax pointing at the uploaded/hosted artifact URLs the connection produced). When **absent** → text-only comment. Never a precondition; never block on a missing screenshot.
62
+
63
+ ## Redaction (mandatory)
64
+
65
+ Every `$SAFE_*` body above is produced by `scripts/lib/redact.cjs`:
66
+
67
+ ```js
68
+ const { redact } = require('scripts/lib/redact.cjs');
69
+ const SAFE_BODY = redact(rawBody); // strips API keys / tokens / secrets (11 patterns, Phase 22 + 33.5)
70
+ ```
71
+
72
+ No raw artifact excerpt reaches `gh` un-redacted.
73
+
74
+ ## Kill-switch
75
+
76
+ `pr-commenter` is a noop when **either**:
77
+
78
+ - env `GDD_DISABLE_PR_COMMENTER=1`, or
79
+ - `.design/config.json` has `"pr_commenter": { "enabled": false }`.
80
+
81
+ `gsd-health` surfaces the enabled/disabled state (mirrors the Phase 30 issue-reporter kill-switch).
82
+
83
+ ## Degrade-to-noop matrix
84
+
85
+ | Condition | Behavior |
86
+ |---|---|
87
+ | kill-switch on | noop + "pr-commenter disabled" note |
88
+ | `gh` absent / unauthenticated | print assembled bodies for manual paste; no error |
89
+ | no PR number (manual/failed creation) | noop + one-line note |
90
+ | a single `gh api` call fails (≤3 attempts) | print that body; continue with the rest |
91
+
92
+ In all cases pr-commenter exits cleanly — it **never** fails the `/gdd:ship` success path.
93
+
94
+ ## Out of scope (per Phase 35 split)
95
+
96
+ Slack/Discord notifications (Phase 35.2); Linear/Jira ticket-sync (Phase 35.3); `pseudonymize.cjs` (Phase 30 — wired for third-party channels); video walkthroughs (still images only); a GDD-side approver list (branch protection owns approvals).
@@ -909,6 +909,20 @@
909
909
  "type": "heuristic",
910
910
  "phase": 34.3,
911
911
  "description": "Phase 34.3 print-constraint catalogue — @page size/margin/marks (the print box model), bleed box + crop/registration marks, CMYK color-space awareness (subtractive, not screen RGB), font embedding/outlining (print RIPs have no web fonts), and 300dpi raster-fallback guidance; the authority the pdf-executor generates against and the design-verifier print branch audits against, and the rule-id source for scripts/lib/print/validate-print-css.cjs."
912
+ },
913
+ {
914
+ "name": "pr-review-integration",
915
+ "path": "reference/pr-review-integration.md",
916
+ "type": "heuristic",
917
+ "phase": 35.1,
918
+ "description": "Phase 35.1 PR-inline contract — the gh-CLI shapes agents/pr-commenter.md posts against: inline review comments (gh api pulls/{n}/comments with path+line), the summary review (event=COMMENT), the gdd/design-review check-run (gh api check-runs with name/head_sha/conclusion/output.summary carrying audit pillar scores + verify pass/fail + a11y result), Preview/Chromatic screenshot-pair attachment (degrade-to-text), mandatory scripts/lib/redact.cjs on every outbound body, the GDD_DISABLE_PR_COMMENTER kill-switch, and the consent-driven branch-protection setup (scripts/apply-branch-protection.sh; GDD registers the check, never force-edits protection)."
919
+ },
920
+ {
921
+ "name": "notification-routing",
922
+ "path": "reference/notification-routing.md",
923
+ "type": "heuristic",
924
+ "phase": 35.2,
925
+ "description": "Phase 35.2 notification-backplane routing contract — event→channel routing (verify_fail/audit_pass/ship → slack/discord, overridable via .design/config.json#notifications.routing), the mandatory scripts/lib/redact.cjs chokepoint on every outbound body, per-channel kill-switches (GDD_DISABLE_SLACK/GDD_DISABLE_DISCORD), and the injectable-fetchImpl + degrade-to-noop transport consumed by scripts/lib/notify/dispatch.cjs (allowlisted under the 33.5 outbound gate)."
912
926
  }
913
927
  ]
914
928
  }
@@ -0,0 +1,80 @@
1
+ 'use strict';
2
+ /**
3
+ * scripts/lib/notify/dispatch.cjs — Phase 35.2 notification backplane dispatcher.
4
+ *
5
+ * Routes a GDD pipeline event to Slack/Discord incoming webhooks. Every outbound body
6
+ * is REDACTED (scripts/lib/redact.cjs) — the single egress chokepoint. Delivery is
7
+ * degrade-to-noop: a missing webhook URL, a per-channel kill-switch, or a POST failure
8
+ * skips that channel and NEVER throws into the pipeline (D-03/D-04).
9
+ *
10
+ * Outbound is via an INJECTABLE fetchImpl (defaults to global fetch) — no @slack/discord
11
+ * SDK dependency (D-02); tests pass a stub fetchImpl (no live network — D-08). Allowlisted
12
+ * under the Phase-33.5 outbound gate (scripts/security/outbound-allowlist.json).
13
+ */
14
+
15
+ const { redact } = require('../redact.cjs');
16
+
17
+ // Default event → channel routing (overridable via .design/config.json#notifications.routing).
18
+ const DEFAULT_ROUTING = {
19
+ verify_fail: ['slack', 'discord'], // critical
20
+ audit_pass: ['slack', 'discord'], // digest
21
+ ship: ['slack', 'discord'], // digest
22
+ };
23
+
24
+ const CHANNELS = {
25
+ slack: { urlEnv: 'SLACK_WEBHOOK_URL', disableEnv: 'GDD_DISABLE_SLACK', field: 'text' },
26
+ discord: { urlEnv: 'DISCORD_WEBHOOK_URL', disableEnv: 'GDD_DISABLE_DISCORD', field: 'content' },
27
+ };
28
+
29
+ function isDisabled(channel, config, env) {
30
+ if (env[CHANNELS[channel].disableEnv] === '1') return true;
31
+ const c = config && config.notifications && config.notifications[channel];
32
+ return !!(c && c.enabled === false);
33
+ }
34
+
35
+ function channelsFor(eventType, config) {
36
+ const routing = (config && config.notifications && config.notifications.routing) || DEFAULT_ROUTING;
37
+ return routing[eventType] || [];
38
+ }
39
+
40
+ /**
41
+ * dispatch(event, opts) → Promise<Array<{channel, status, reason?}>>
42
+ * event: { type: 'verify_fail'|'audit_pass'|'ship'|string, summary: string, details?: string }
43
+ * opts: { fetchImpl?, config?, env? } (all injectable for hermetic tests)
44
+ * Never throws — every failure mode becomes a {status:'skipped'|'error'} entry.
45
+ */
46
+ async function dispatch(event, opts = {}) {
47
+ const env = opts.env || process.env;
48
+ const config = opts.config || {};
49
+ const fetchImpl = opts.fetchImpl || (typeof fetch === 'function' ? fetch : null);
50
+ const results = [];
51
+ if (!event || !event.type) return results;
52
+
53
+ // Single redaction chokepoint: the outbound body is always redacted.
54
+ const raw = [event.summary, event.details].filter(Boolean).join('\n');
55
+ const body = redact(String(raw));
56
+
57
+ for (const channel of channelsFor(event.type, config)) {
58
+ const meta = CHANNELS[channel];
59
+ if (!meta) { results.push({ channel, status: 'skipped', reason: 'unknown-channel' }); continue; }
60
+ if (isDisabled(channel, config, env)) { results.push({ channel, status: 'skipped', reason: 'disabled' }); continue; }
61
+ const url = env[meta.urlEnv];
62
+ if (!url) { results.push({ channel, status: 'skipped', reason: 'not_configured' }); continue; }
63
+ if (!fetchImpl) { results.push({ channel, status: 'skipped', reason: 'no-fetch' }); continue; }
64
+ try {
65
+ const res = await fetchImpl(url, {
66
+ method: 'POST',
67
+ headers: { 'content-type': 'application/json' },
68
+ body: JSON.stringify({ [meta.field]: body }),
69
+ });
70
+ const ok = res && (res.ok === true || (typeof res.status === 'number' && res.status >= 200 && res.status < 300));
71
+ results.push({ channel, status: ok ? 'sent' : 'error', reason: ok ? undefined : `http-${res && res.status}` });
72
+ } catch (err) {
73
+ // Degrade-to-noop: a delivery failure never propagates into the pipeline.
74
+ results.push({ channel, status: 'error', reason: (err && err.message) || 'fetch-failed' });
75
+ }
76
+ }
77
+ return results;
78
+ }
79
+
80
+ module.exports = { dispatch, DEFAULT_ROUTING, CHANNELS };
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: gdd-connections
3
- description: "Interactive onboarding wizard for the 14 external integrations the pipeline supports — probes all (`figma`, `refero`, `preview`, `storybook`, `chromatic`, `graphify`, `pinterest`, `claude-design`, `paper-design`, `pencil-dev`, `21st-dev`, `magic-patterns`, `lazyweb`, `mobbin`), recommends based on project type, walks the user through setup (auto-run MCP install or copy-command fallback), writes results to `STATE.md <connections>`. Use after `/gdd:new-project` or whenever the user wants to add, inspect, or skip a connection. Re-runnable anytime."
3
+ description: "Interactive onboarding wizard for the 16 external integrations the pipeline supports — probes all (`figma`, `refero`, `preview`, `storybook`, `chromatic`, `graphify`, `pinterest`, `claude-design`, `paper-design`, `pencil-dev`, `21st-dev`, `magic-patterns`, `lazyweb`, `mobbin`, `slack`, `discord`), recommends based on project type, walks the user through setup (auto-run MCP install or copy-command fallback), writes results to `STATE.md <connections>`. Use after `/gdd:new-project` or whenever the user wants to add, inspect, or skip a connection. Re-runnable anytime."
4
4
  argument-hint: "[list | <connection-name> | --auto]"
5
5
  user-invocable: true
6
6
  tools: Read, Write, Bash, Glob, Grep, AskUserQuestion, ToolSearch
@@ -8,11 +8,11 @@ tools: Read, Write, Bash, Glob, Grep, AskUserQuestion, ToolSearch
8
8
 
9
9
  # /gdd:connections
10
10
 
11
- Interactive onboarding for the 14 external integrations the pipeline supports. Replaces "probe silently at scan entry and hope the user noticed" with an explicit "here is what can plug in, here is how."
11
+ Interactive onboarding for the 16 external integrations the pipeline supports. Replaces "probe silently at scan entry and hope the user noticed" with an explicit "here is what can plug in, here is how."
12
12
 
13
13
  Canonical per-connection specs live in `../../connections/<name>.md` (one file per integration). The capability matrix + probe-pattern spec live in `../../connections/connections.md`. This skill is the **user-facing front end** for those specs.
14
14
 
15
- For the 14 probe scripts (MCP + HTTP + CLI + file probes), bucket categorization, per-connection setup screen, auto-run eligibility matrix, value-prop one-liners, and STATE.md / config.json write contracts, see `./connections-onboarding.md`. For the cross-skill probe pattern + connection-handshake summary, see `../../reference/shared-preamble.md#connection-handshake-summary`. For the cross-skill output discipline, see `../../reference/shared-preamble.md#output-contract-reminders`.
15
+ For the 16 probe scripts (MCP + HTTP + CLI + file probes), bucket categorization, per-connection setup screen, auto-run eligibility matrix, value-prop one-liners, and STATE.md / config.json write contracts, see `./connections-onboarding.md`. For the cross-skill probe pattern + connection-handshake summary, see `../../reference/shared-preamble.md#connection-handshake-summary`. For the cross-skill output discipline, see `../../reference/shared-preamble.md#output-contract-reminders`.
16
16
 
17
17
  ---
18
18
 
@@ -38,7 +38,7 @@ For the 14 probe scripts (MCP + HTTP + CLI + file probes), bucket categorization
38
38
 
39
39
  ## Workflow
40
40
 
41
- 1. **Probe all 14 connections** — run every probe script per `./connections-onboarding.md#step-1--probe-all-14-connections`. MCP probes use `ToolSearch` first; HTTP / CLI / file probes follow non-MCP patterns. Merge results into `STATE.md <connections>` with the three-value schema (`available | unavailable | not_configured`) — never add new values.
41
+ 1. **Probe all 16 connections** — run every probe script per `./connections-onboarding.md#step-1--probe-all-16-connections`. MCP probes use `ToolSearch` first; HTTP / CLI / file probes follow non-MCP patterns. Merge results into `STATE.md <connections>` with the three-value schema (`available | unavailable | not_configured`) — never add new values.
42
42
  2. **Categorize + build summary** — bucket each probe result (available / recommended / optional / skipped / unavailable) using project-hint detection. Detail + recommendation mapping: `./connections-onboarding.md#step-2--bucket-categorization`.
43
43
  3. **Print summary table** — show buckets + value-prop one-liners (verbatim from `./connections-onboarding.md#step-3--summary-table`).
44
44
  4. **Route by mode** — `list` / `--auto` exits after summary; `<name>` jumps straight to Step 5; default mode opens an AskUserQuestion (configure recommended / pick one by one / configure all optional / re-check specific / exit). Routing detail: `./connections-onboarding.md#step-4--route-by-mode`.
@@ -9,7 +9,7 @@ last_updated: 2026-05-18
9
9
 
10
10
  Source: extracted from `skills/connections/SKILL.md` (Phase 28.5 rework — D-10 extract-then-link).
11
11
  The skill's load-bearing routing + invocation-mode dispatch stays in `../skills/connections/SKILL.md`;
12
- this file holds the 14 probe scripts, bucket categorization, per-connection setup screen,
12
+ this file holds the 16 probe scripts, bucket categorization, per-connection setup screen,
13
13
  auto-run eligibility matrix, value-prop one-liners, and STATE.md / config.json write contracts.
14
14
 
15
15
  # Connections Onboarding Procedure
@@ -27,7 +27,7 @@ this file does NOT duplicate them; it points at them by name.
27
27
 
28
28
  ---
29
29
 
30
- ## Step 1 — Probe all 14 connections
30
+ ## Step 1 — Probe all 16 connections
31
31
 
32
32
  Run every probe below in order. MCP probes call `ToolSearch` first (deferred tools fail silently without it). Write every result to `STATE.md <connections>` when done.
33
33
 
@@ -100,6 +100,20 @@ ToolSearch({ query: "mobbin", max_results: 5 })
100
100
  → Non-empty → mobbin: available
101
101
  ```
102
102
 
103
+ **slack:** (notify — Team Surfaces, env-based)
104
+ ```
105
+ Bash: test -n "$SLACK_WEBHOOK_URL" (and GDD_DISABLE_SLACK != 1)
106
+ → empty / disabled → slack: not_configured
107
+ → non-empty → slack: available
108
+ ```
109
+
110
+ **discord:** (notify — parity, env-based)
111
+ ```
112
+ Bash: test -n "$DISCORD_WEBHOOK_URL" (and GDD_DISABLE_DISCORD != 1)
113
+ → empty / disabled → discord: not_configured
114
+ → non-empty → discord: available
115
+ ```
116
+
103
117
  ### Non-MCP probes
104
118
 
105
119
  **storybook** (HTTP):
@@ -145,7 +159,7 @@ Bash: ls .design/handoff/ 2>/dev/null || find . -maxdepth 3 \
145
159
  → Non-empty → claude_design: available
146
160
  ```
147
161
 
148
- After all 14 probes complete, merge results into `STATE.md <connections>`. Preserve the three-value schema verbatim (`available | unavailable | not_configured`). Do not add new values.
162
+ After all 16 probes complete, merge results into `STATE.md <connections>`. Preserve the three-value schema verbatim (`available | unavailable | not_configured`). Do not add new values.
149
163
 
150
164
  ---
151
165
 
@@ -228,6 +242,8 @@ One-line value props (use verbatim):
228
242
  | magic-patterns | AI component generator (DS-aware) |
229
243
  | lazyweb | free design reference search (pricing/onboarding/redesign) — discover Tier 1 |
230
244
  | mobbin | curated mobile + flow-level references (paid) — discover Tier 2 |
245
+ | slack | notify — route verify-fail/audit-pass/ship to a Slack channel (redacted) |
246
+ | discord | notify — route pipeline events to a Discord channel (redacted) |
231
247
 
232
248
  ---
233
249
 
@@ -255,7 +271,7 @@ options:
255
271
  - "Exit" → emit ## CONNECTIONS COMPLETE, exit
256
272
  ```
257
273
 
258
- If recommended bucket is empty, swap that option for "Show all 14 and pick."
274
+ If recommended bucket is empty, swap that option for "Show all 16 and pick."
259
275
 
260
276
  ---
261
277
 
@@ -314,6 +330,8 @@ options:
314
330
  | claude-design | handoff bundle drop | ✗ no | User-driven file drop — force manual |
315
331
  | mobbin | `claude mcp add mobbin --transport http https://api.mobbin.com/mcp` | ✓ yes | Reversible MCP add; no credential filesystem-write (OAuth on first call) |
316
332
  | lazyweb | `claude plugin install lazyweb@lazyweb` (after token write to `~/.lazyweb/`) | ✗ no | Writes a bearer token to disk — force manual (user-consent step) |
333
+ | slack | set `SLACK_WEBHOOK_URL` env (Slack Incoming Webhook URL) | ✗ no | Env credential — user sets it; no install command (degrade-to-noop when unset) |
334
+ | discord | set `DISCORD_WEBHOOK_URL` env (Discord channel Webhook URL) | ✗ no | Env credential — user sets it; no install command (degrade-to-noop when unset) |
317
335
 
318
336
  For non-auto-run connections, hide the "Run install command now" option entirely in 5.3.
319
337
 
@@ -29,6 +29,12 @@ Closes the verify → merge gap: runs `/gdd:pr-branch` for a clean branch, assem
29
29
  - Do not include `.design/` or `.planning/` files in the PR branch — that is `/gdd:pr-branch`'s job.
30
30
  - Do not skip the verify pre-flight silently — always surface a failure and ask.
31
31
 
32
+ ## Step 6.5 — PR inline review surface (pr-commenter)
33
+
34
+ ONLY on the success path — after the PR has been created (Step 5) and its URL printed (Step 6) — spawn `agents/pr-commenter.md` via the `Task` tool to post GDD's verify/audit output **inline** on the new PR: inline review comments on changed lines, Preview/Chromatic before-after screenshot pairs, and the `gdd/design-review` check-run (audit pillar scores + verify pass/fail + a11y). Pass the PR number + `owner/repo` in the Task context.
35
+
36
+ This is a **degrade-to-noop** surface and MUST NOT fail the ship: if `gh` is unavailable, the `GDD_DISABLE_PR_COMMENTER` kill-switch (env or `.design/config.json`) is set, or the agent errors, the ship still succeeds (pr-commenter prints the bodies for manual paste). Skip this step entirely if PR creation failed in Step 5. The posting contract (gh-api shapes, check-run payload, redaction, branch-protection setup) lives in `reference/pr-review-integration.md`.
37
+
32
38
  ## Step 7 — Update notice (post-closeout surface)
33
39
 
34
40
  ONLY on the success path — after the PR has been created and the URL has been printed — emit the plugin-update banner. If PR creation failed earlier, skip this step (do not suggest upgrades in the middle of a PR-creation failure).