npm - @kodevibe/harness - Versions diffs - 0.11.2 → 0.11.3 - Mend

@kodevibe/harness 0.11.2 → 0.11.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +3 -2
package/harness/agents/lead.md +12 -4
package/harness/agents/pm.md +20 -12
package/harness/agents/reviewer.md +26 -29
package/harness/project-state.md +11 -0
package/harness/skills/breakdown.md +2 -1
package/harness/skills/pr-review.md +16 -0
package/harness/skills/setup.md +1 -0
package/harness/skills/state-check.md +55 -0
package/harness/skills/wrap-up.md +32 -25
package/package.json +1 -1
package/src/guard.js +300 -0

package/README.md CHANGED Viewed

@@ -389,7 +389,7 @@ It adds a Project Docs Hub Index to `project-brief.md` with each local source, r
 ## Roadmap
-kode:harness is at **v0.11.2** — adds deterministic source-repo guardrails and a manifest-sealed R10 model benchmark workflow on top of the v0.11 proof-first and uninstall safety foundation.
+kode:harness is at **v0.11.3** — adds R15 experiment hardening for section integrity, Wave Scope drift, and filter coverage honesty on top of the v0.11 proof-first and deterministic release guard foundation.
 | Phase | Version | Status | Focus |
 |---|---|---|---|
@@ -405,7 +405,8 @@ kode:harness is at **v0.11.2** — adds deterministic source-repo guardrails and
 | **Confidence Loop** | v0.10.0 | ✅ Done | Goal Card, Quiet Navigator, Evidence-Gated Progress Board, Proof Ledger, QA/content regression tests |
 | **Proof-First Enforcement** | v0.11.0 | ✅ Complete | Mandatory Proof Plan, lead proof blockers, reviewer proof blockers, state-check Proof Ledger coverage |
 | **Uninstall Safety** | v0.11.1 | ✅ Complete | Manifest-based uninstall, default state preservation, shared owner restore, purge cleanup |
-| **Deterministic Release Guard** | v0.11.2 | ✅ Current | R1-R10 guard scripts, package-boundary scan, dependency-map scan, R10 manifest-sealed bench workflow |
+| **Deterministic Release Guard** | v0.11.2 | ✅ Complete | R1-R10 guard scripts, package-boundary scan, dependency-map scan, R10 manifest-sealed bench workflow |
+| **Experiment Hardening** | v0.11.3 | ✅ Current | R15 Recent Changes integrity, Wave Scope boundary drift checks, enum/filter coverage honesty, R15 bench scenarios |
 | **Docs Bridge** | v0.11.1 | 🧪 Experimental | Project Docs Hub Index, docs-bridge skill, local docs hub index with visibility boundaries |
 | **Safety & Branding** | v0.9.6 | ✅ Done | init overwrite backups, shipped pm naming cleanup, LICENSE branding cleanup |
 | **Validation** | v1.0 | 🔜 Next | Real-world project adoption, user feedback collection |

package/harness/agents/lead.md CHANGED Viewed

@@ -104,15 +104,18 @@ After every status check, recommend the next action based on current context:
 **Request: "story done" / "S{N}-{M} done"**
 1. Read the Story's Proof Plan and current Evidence-Gated Progress Board row.
-2. Require proof before marking done:
+2. Read `## Story Contracts` rows for the Story. Every row must be proven before Done.
+3. Require proof before marking done:
    - Passing proof → set state to `Proven`, update Story status to `✅ done`, append Proof Ledger / Evidence Summary row.
    - Missing proof → keep state `Proof Pending`, output `[BLOCKER: PROOF_MISSING]`, and do not advance to the next Story.
    - Failing proof → keep state `Implementing`, output `[BLOCKER: PROOF_FAILING]`, and fix within current Story.
-3. Add completion record to "Recent Changes" section only after passing proof.
-4. **Commit/Push check**: If changes are uncommitted, remind:
+   - Unproven contract → keep state `Proof Pending`, output `[BLOCKER: CONTRACT_NOT_PROVEN]`, and update the contract Evidence target.
+4. If proof passes, update Story Contract Proof Status to `✅ pass` / `proven` with evidence. Never leave `needs-user-confirmation` on a done Story.
+5. Add completion record to "Recent Changes" section only after passing proof.
+6. **Commit/Push check**: If changes are uncommitted, remind:
    - "⚠️ S{N}-{M} 완료 — 커밋하셨나요? `git add <files> && git commit -m \"S{N}-{M}: {description}\"`"
    - Team mode: Also remind to push — "팀원에게 공유하려면 `git push origin {branch}` 실행"
-5. Guide to next Story only after proof passes.
+7. Guide to next Story only after proof passes.
 **Request: "new story" / "next task"**
 1. Find next `todo` Story in docs/project-state.md
@@ -147,7 +150,12 @@ When invoked after pm approval, verify that pm wrote state files correctly:
 When a Story contains multiple Tasks/Waves (from breakdown):
 - Guide implementation **one Wave at a time** (not one file at a time, not all at once)
+- For every Wave, print a compact **Wave Scope** before implementation:
+  `Wave {N} Scope: allowed files = <files>; expected proof = <command/manual observation>`
 - After each Wave is implemented, **run tests or smoke proof** to verify the Wave is clean before proceeding
+- After each Wave, compare changed files against the Wave Scope:
+  - Only allowed files changed → continue.
+  - Extra files changed → output `[SCOPE-DRIFT: WAVE_BOUNDARY]`, record the extra files, and ask whether the Wave should be collapsed/approved before proceeding.
 - Record a mini Proof Ledger row inline: Evidence, Result, Command / Observation
 - Only after verification passes, prompt: "Wave {N} 완료 (tests pass). Wave {N+1}로 넘어갈까요?"
 - If tests fail → output `[BLOCKER: WAVE_PROOF_FAILING]`, fix within the current Wave, and do NOT advance.

package/harness/agents/pm.md CHANGED Viewed

@@ -70,7 +70,7 @@ Apply these insights when creating the implementation plan. If the memory file i
 <!-- CREW_MODE_END -->
 1. `docs/project-brief.md`의 Goals + `docs/dependency-map.md`의 현재 모듈 구조를 읽는다
-2. Feature Roadmap **초안** 생성:
+2. Roadmap 초안 생성:
    ```
    ## Feature Roadmap
    ### Phase 1 — Core (Goal 달성 필수)
@@ -78,9 +78,8 @@ Apply these insights when creating the implementation plan. If the memory file i
    ### Phase 2 — Enhancement (사용성/완성도)
    - [ ] F-002: ...
    ```
-3. 사용자에게 초안 제시: **"이 Feature Roadmap을 검토하고, 추가/삭제/순서 변경을 알려주세요."**
-4. 사용자 교정을 반영한 최종 Roadmap을 `docs/project-brief.md`에 `## Feature Roadmap` 섹션으로 기록한다
-5. Feature Roadmap이 확정되면 아래 "For New Feature" 절차로 진행한다
+3. 교정 후 `docs/project-brief.md`에 기록한다
+4. 확정되면 "For New Feature"로 진행한다
 ### For New Feature
@@ -132,10 +131,11 @@ Apply these insights when creating the implementation plan. If the memory file i
 10. Run **check-impact** skill for each existing module being modified (pm calls both skills independently — breakdown does NOT invoke check-impact internally. Ordering: breakdown first → register modules → check-impact second.)
 11. Check `docs/failure-patterns.md` for relevant past mistakes
 12. Produce a **Goal Card** (6 lines max) and implementation plan.
-13. Produce a **Proof Plan** per Story: exact test/smoke command or checklist; never TBD. No path → add Story 0: set up test/smoke proof. Any `TBD`/blank → `[ERROR: PROOF_PLAN_UNDEFINED]` and STOP before state writes.
-14. **Wait for Plan Confirmation** (see Plan Confirmation Gate below) — do NOT write state files yet
-15. **After user approves** → Update `docs/project-state.md` with the new Story
-16. **After user approves** → Update `docs/features.md` with the new feature entry
+13. Produce a **Proof Plan** per Story: exact test/smoke/manual proof; never TBD. No path → add Story 0: set up test/smoke proof. Blank → `[ERROR: PROOF_PLAN_UNDEFINED]` and STOP.
+14. Produce **Story Contracts**: Done-blocking field/API/UI/ARB assertions.
+15. **Wait for Plan Confirmation** (see Plan Confirmation Gate below) — do NOT write state files yet
+16. **After user approves** → Update `docs/project-state.md` with the new Story and Story Contract rows
+17. **After user approves** → Update `docs/features.md` with the new feature entry
 State writes (Steps 15-16) execute ONLY after user approval. Rejected plans never touch state.
@@ -185,8 +185,10 @@ After user approves the plan, perform all writes before 🧭:
    - If no Sprint exists, create Sprint 1 with theme
    - Add Story rows to the Story Status table (status = `⬜ todo`)
    - Each Story: ID (S{N}-{M}), Title, Status, Scope (files/modules), Proof Plan
+   - Add `## Story Contracts` rows. Initial status: `⬜ not proven` or `needs-user-confirmation`.
 <!-- CREW_MODE_START -->
    - If crew-driven, include FR reference
+   - Convert FR/ARB criteria naming fields, API contracts, invariants, proof gates, or UI requirements.
 <!-- CREW_MODE_END -->
    - Update Quick Summary section
@@ -201,10 +203,11 @@ After user approves the plan, perform all writes before 🧭:
    - ARB Fail Resolution: fill Story column with mapped Story IDs
 <!-- CREW_MODE_END -->
-**Completion Check**: Verify:
-- [ ] features.md has new feature row(s)
-- [ ] project-state.md has Story rows with `⬜ todo` status
-- [ ] dependency-map.md has new module rows (if plan introduces new modules)
+**Completion Check**:
+- [ ] features.md new row(s)
+- [ ] project-state.md Story rows with `⬜ todo`
+- [ ] project-state.md Story Contract rows or "none identified"
+- [ ] dependency-map.md new module rows (if any)
 <!-- CREW_MODE_START -->
 - [ ] project-brief.md Validation Tracker updated (if 🟣 pipeline)
 <!-- CREW_MODE_END -->
@@ -247,6 +250,11 @@ After the Post-Approval state writes complete, run the `state-check` skill:
 | S{N}-0 | Proof setup, if needed | `npm test` / `npm run smoke` / manual checklist |
 | S{N}-{M} | Tests / smoke / manual | exact command/checklist; never TBD |
+### Story Contract Plan
+| Story | Contract | Required Assertion | Initial Proof Status | Evidence Target |
+|-------|----------|--------------------|----------------------|-----------------|
+| S{N}-{M} | Field/API/domain/UI contract | assertion to prove before Done | ⬜ not proven | unit/API/smoke/manual |
 ### Implementation Plan
 [Output from breakdown skill]

package/harness/agents/reviewer.md CHANGED Viewed

@@ -57,6 +57,7 @@ Changed file list (user-provided or from `git diff --name-only`)
 **Step 1: Identify Change Scope**
 - Run `git diff --cached --stat` or `git diff --stat` to see changed files
 - Compare against current Story scope in docs/project-state.md
+- If lead/pm named a Wave Scope, changed files outside that Wave are `[SCOPE-DRIFT: WAVE_BOUNDARY]`. Do not revert automatically; require user approval or a state note explaining the collapsed wave.
 **Step 2: Architecture Rule Check**
 - [ ] No imports from infrastructure in domain layer
@@ -64,6 +65,15 @@ Changed file list (user-provided or from `git diff --name-only`)
 - [ ] Constructor parameters match actual source (FP-002)
 - [ ] **Common First (Iron Law #9)**: No crew-specific logic outside crew marker blocks. All features must work without crew artifacts.
+**Step 2.2: Acceptance Contract Gate**
+If `docs/project-state.md` has `## Story Contracts` rows for the Story:
+1. Review each row before code-quality review.
+2. Compare assertion vs code, tests, API/UI output, and proof.
+3. Output **Story Contract Review**: `Contract | Status | Evidence`.
+4. `FAIL`, `NOT_PROVEN`, blank Proof Status, or `needs-user-confirmation` blocks `DONE` and commit guidance.
+5. Wrong-contract tests fail.
 <!-- CREW_MODE_START -->
 **Step 2.5: CI Standards Compliance (🟣 Pipeline only)**
@@ -79,11 +89,11 @@ Changed file list (user-provided or from `git diff --name-only`)
 1. Check if `docs/project-brief.md` has a `## CI Artifact Index` section (or `.harness/ci-index.md` exists). If neither → skip this step.
 2. Read the project's primary language/build tool from `docs/project-brief.md` Key Technical Decisions.
 3. Match the language/build tool to a row in the CI Artifact Index → get the reference URL and Key Constraints.
-4. Surface the reference in review output under a `### CI Standards Compliance` section:
+4. Surface the reference under `### CI Standards Compliance`:
    - Reference URL (the indexed guide)
-   - Key Constraints listed in the index (echoed back so the user does not need to re-read the guide)
-   - `[CI-STANDARD]` flag if any obvious mismatch is detected against a listed constraint (best-effort LLM judgment based only on the changed files)
-5. **Warning only — do NOT block commit**. The user (or a human reviewer) decides whether the changes meet company standards. The reviewer agent never asserts compliance; it only points to the authoritative guide.
+   - Key Constraints from the index
+   - `[CI-STANDARD]` if changed files obviously mismatch a listed constraint
+5. **Warning only — do NOT block commit**. Point to the guide; do not assert compliance.
 If neither `## CI Artifact Index` nor `.harness/ci-index.md` is present → skip this step entirely (also true for 🟢/🔵/🔴 pipelines).
 <!-- CREW_MODE_END -->
@@ -92,10 +102,12 @@ If neither `## CI Artifact Index` nor `.harness/ci-index.md` is present → skip
 - [ ] Interface changes have synchronized mocks (FP-001)
 - [ ] New features have tests
 - [ ] Existing tests pass
+- [ ] **Enum/filter coverage**: If the Story adds finite values (e.g. `normal/watch/breached`), tests must cover every value at the claimed boundary (domain/API/UI) or mark untested boundaries as partial. Claiming full API coverage while HTTP tests exercise one value → `[ACCEPTANCE-GAP: FILTER_COVERAGE]`.
-**Verification is a gate, not a suggestion.** Before continuing to Step 4, the reviewer must include concrete working proof:
-- Run the project's test/verification command when available (for example `npm test`, `pnpm test`, `pytest`, `go test ./...`, or the command recorded in docs/project-brief.md / package scripts).
-- If the change is user-facing and tests do not exercise the behavior, include a minimal smoke proof (command, URL, screenshot/manual action, or observed output).
+**Verification is a gate.** Before Step 4, include concrete working proof:
+- Run the project test/verification command (`npm test`, `pytest`, `go test ./...`, or recorded proof command).
+- If user-facing behavior is untested, include smoke proof (command, URL, screenshot/manual action, or observed output).
+- UI/manual proof needs artifact/checklist or URL + exact counts/elements.
 - If any existing test fails → output `[BLOCKER: TESTS_FAILING]`. STOP before Step 4.
 - If a Proof Plan command cannot run → output `[BLOCKER: PROOF_COMMAND_INVALID]` with the command. STOP.
 - If test files exist but no test command exists → output `[BLOCKER: NO_TEST_COMMAND]`. STOP.
@@ -114,6 +126,7 @@ If state files are in scope, write/request Proof Ledger / Evidence Summary immed
 - [ ] No credentials, .env, or temp files in staging (FP-004)
 - [ ] No hardcoded API keys or passwords
 - [ ] No injection vulnerabilities (SQL, XSS)
+- [ ] Evaluator artifacts require approval (`harness-owner: evaluator` → `harness-edit-approved`)
 **Step 5: Failure Pattern Cross-Check**
 - Compare current changes against all FP-NNN items in docs/failure-patterns.md
@@ -124,28 +137,9 @@ If state files are in scope, write/request Proof Ledger / Evidence Summary immed
 If `docs/project-brief.md` contains a `## Crew Artifact Index` table with entries:
-1. **ARB Fail Item Check**:
-   - Read Validation Tracker → ARB Fail Resolution section
-   - If the current Story addresses a Fail item (has `[ARB-FAIL]` prefix):
-     - Read the relevant section in the ARB checklist (path from Artifact Index)
-     - Verify implementation matches the recommended action
-     - If not → flag as `[ARB-COMPLIANCE]` in output
-   - **Indirect resolution check**: Even if the Story does NOT have `[ARB-FAIL]` prefix, scan the changed files against ARB Fail items. If a change resolves or partially addresses a Fail item (e.g., fixing a security vulnerability flagged by ARB), flag as `[ARB-INDIRECT]` in output with a recommendation to update the Validation Tracker.
-2. **NFR Spot Check** (lightweight — check only NFRs relevant to changed files):
-   - Read PRD's non-functional requirements section (path from Artifact Index)
-   - Check ONLY the NFRs related to changed code:
-     - Performance-related change? → Check performance NFRs
-     - Security-related change? → Check security NFRs
-     - API change? → Check scalability/reliability NFRs
-   - Flag violations as `[NFR-GAP]` in output
-   - Note: This is a best-effort check by the LLM, not a guarantee of 100% detection
-3. **FR Acceptance Criteria Check**:
-   - If the current Story has `[FR-NNN]` reference:
-     - Read the corresponding FR acceptance criteria from PRD (path from Artifact Index)
-     - Verify tests cover the acceptance criteria
-     - If missing → flag as `[ACCEPTANCE-GAP]` in output
+1. **ARB Fail Item Check**: If the Story has `[ARB-FAIL]`, verify the related ARB checklist recommendation. If changed files indirectly resolve a Fail item, flag `[ARB-INDIRECT]` and recommend Tracker update.
+2. **NFR Spot Check**: Read only NFRs relevant to changed files (security/performance/API/reliability). Violations → `[NFR-GAP]`.
+3. **FR Acceptance Criteria Check**: If the Story references `FR-NNN`, verify tests/proof cover the PRD acceptance criteria. Missing coverage → `[ACCEPTANCE-GAP]`.
 All flags (`[ARB-COMPLIANCE]`, `[ARB-INDIRECT]`, `[NFR-GAP]`, `[ACCEPTANCE-GAP]`) are warnings, not blockers. Include them in the review output under a new "### Crew Artifact Compliance" section.
@@ -171,6 +165,7 @@ Verify that state file updates actually happened. **Run the `state-check` skill
 After running state-check, also verify:
 - [ ] **docs/project-state.md**: If stories were worked on, is Quick Summary current? Are story statuses updated?
+- [ ] **docs/project-state.md section integrity**: `## Recent Changes` must not contain proof/evidence headings or UI checklist bullets. If it does, flag `[STATE-AUDIT: SECTION_CORRUPTION]` and fix before DONE.
 - [ ] **docs/features.md**: If new features were added, are they registered? If features were completed, is status updated?
 - [ ] **Cross-check features ↔ stories**: If a feature status is `✅ done` in features.md, verify all related stories in project-state.md are also `done`. If stories are `done` but their feature is still `🔄 in-progress`, flag as `[STATE-AUDIT]`.
 - [ ] **FR Coverage validation**: For the Story being reviewed, check if it implements a feature (FR-NNN reference in Story name, or changes to files listed in features.md Key Files):
@@ -223,6 +218,7 @@ If review is BLOCKED → do NOT suggest commit. Fix first.
 ### Passed Items
 - Architecture rules: ✅
+- Story Contract Review: ✅ / ❌ / ⚠️ (include table when contracts exist)
 - Test integrity: ✅ / ⚠️ (detail)
 - Working proof: command/evidence + PASS result
 - Proof Ledger: compact table with evidence, result, and command/observation
@@ -276,6 +272,7 @@ After review completes, always append a 🧭 block based on the outcome:
 | All checks pass, more stories remain | Commit → `lead` — "커밋 후 다음 Story는?" |
 | All checks pass, all stories done | Commit → `wrap-up` — "커밋 후 세션을 마무리해줘" |
 | STATE-AUDIT flags found | Two valid paths: (1) `wrap-up` now → "지금 state 파일을 정리해줘" or (2) `lead` → continue coding, resolve at session end |
+| FILTER_COVERAGE or SECTION_CORRUPTION found | [Fix] — "테스트/상태 구조 지적사항을 수정하세요. 완료 후 다시 reviewer 호출" |
 | Security/architecture issues blocking | [Fix] — "리뷰 지적사항을 수정하세요. 완료 후 **새 프롬프트**에서 다시 `@reviewer` 호출" |
 Example 🧭 block for passing review:

package/harness/project-state.md CHANGED Viewed

@@ -61,6 +61,17 @@
    | S1-1 | First usable result | Proof Pending | npm test | - | tests not run |
 -->
+## Story Contracts
+<!-- Semantic acceptance contracts for active Stories.
+   Keep rows short and testable. Every row for a ✅ done Story must be proven.
+   Use this to prevent semantic drift such as implementing `risk` when the contract requires `slaRisk`.
+   | Story | Contract | Required Assertion | Proof Status | Evidence |
+   |-------|----------|--------------------|--------------|----------|
+   | S1-1 | Field contract | Public response exposes `expectedField`, not `wrongField` | ⬜ not proven | unit/API/UI assertion |
+-->
 ## Proof Ledger
 <!-- One line per completed proof. Do not paste long logs.

package/harness/skills/breakdown.md CHANGED Viewed

@@ -78,6 +78,7 @@ Ensures bottom-up implementation: foundations first, then layers that depend on
 - Each task should be completable in one session
 - Every task must include its test files
 - Implementation and tests belong in the same Wave whenever possible. Do not defer tests to a later Wave unless the proof harness itself is the earlier Wave.
+- Each Story/Wave must preserve the Story Contracts defined by pm. If a task changes a public field, API response, domain invariant, UI label, persistence behavior, or ARB control, name the affected contract and the assertion that will prove it.
 - New modules MUST be registered in docs/dependency-map.md (Iron Law #6) — the breakdown OUTPUT section lists these registrations, and pm (or the user, if invoked directly) is responsible for executing the actual state file writes
 - If a task exceeds Story scope, stop and report to user
@@ -87,7 +88,7 @@ After completing the breakdown, update these files in the same session:
 - [ ] **docs/dependency-map.md**: Register all NEW_MODULE entries. Update "Depends On" / "Depended By" for INTERFACE_CHANGE entries.
 - [ ] **docs/features.md**: Add a new row for the feature with Status `🔧 active`, Key Files from Wave tasks, and Test Files.
-- [ ] **docs/project-state.md**: Add Stories to the Story Status table for each Wave.
+- [ ] **docs/project-state.md**: Add Stories to the Story Status table for each Wave and add/update `## Story Contracts` rows for semantic assertions that must be proven before Done.
 ### 🧭 Navigation — After Feature Breakdown

package/harness/skills/pr-review.md CHANGED Viewed

@@ -40,6 +40,17 @@ Unlike the `reviewer` agent (which reviews your own changes pre-commit with full
 ### Step 4: Code Quality
+Before ordinary code-quality comments, run the **Acceptance Contract Gate**:
+1. Read `docs/project-state.md` → `## Story Contracts`.
+2. If the PR's Story has contract rows, verify each required assertion against the diff, tests, and proof evidence.
+3. Produce:
+   | Contract | Status | Evidence |
+   |----------|--------|----------|
+   | Field/API/domain/UI contract | PASS / FAIL / NOT_PROVEN | exact file/test/proof evidence |
+4. Any `FAIL`, `NOT_PROVEN`, blank Proof Status, or `needs-user-confirmation` → `REQUEST_CHANGES`.
+5. Green tests are insufficient if they assert the wrong semantic contract.
 Run through these checks for each changed file:
 - [ ] Architecture rules respected (no layer violations — check docs/dependency-map.md)
@@ -50,6 +61,7 @@ Run through these checks for each changed file:
 - [ ] No duplicated logic that should be extracted to a shared module
 - [ ] No circular imports (verify against docs/dependency-map.md)
 - [ ] Naming conventions follow project standards (per project-brief.md → Key Technical Decisions)
+- [ ] Evaluator/run-card/scorecard artifacts are not rewritten unless explicitly user-approved
 ### Step 5: Test Coverage
@@ -57,6 +69,7 @@ Run through these checks for each changed file:
 - [ ] Modified code has updated tests
 - [ ] No `.only` or `.skip` left in test files
 - [ ] Interface changes have synchronized mocks (Iron Law #1)
+- [ ] UI/manual proof is durable: artifact/checklist, or URL plus exact observed UI counts/elements
 ### Step 6: State File Compliance
@@ -85,6 +98,9 @@ Run through these checks for each changed file:
 - [issue 1]
 - [issue 2]
+### Story Contract Review
+- PASS / FAIL / NOT_PROVEN rows, when `## Story Contracts` exists
 ### Test Coverage: ✅ Sufficient / ⚠️ Gaps found
 [list of gaps if any]

package/harness/skills/setup.md CHANGED Viewed

@@ -189,6 +189,7 @@ Using data from Phase 1 + Phase 2, fill the following files:
 - Quick Summary: filled with current project state
 - Sprint 1 stories: based on what setup discovered
 - Module Registry: summary from docs/dependency-map.md
+- Story Contracts: keep the section. Add compact `⬜ not proven` rows for explicit field/API/invariant/UI/ARB contracts; if unsure, write `needs-user-confirmation`.
 **docs/failure-patterns.md**:
 - Keep FP-001 through FP-004 as templates (Frequency: 0)

package/harness/skills/state-check.md CHANGED Viewed

@@ -131,6 +131,49 @@ Outcomes:
 - Missing local path, blank required column, invalid vocabulary, local machine path leakage, or restricted row with external target → WARN
 - No `Project Docs Hub Index` section or no real rows → skip; this project may not use docs-bridge
+### Check 9: Story Contract Coverage
+1. Read `docs/project-state.md` (or `.harness/project-state.md` in Team mode).
+2. If any Story is marked `✅ done`, inspect `## Story Contracts`.
+3. Outcomes:
+   - Done Story has no `## Story Contracts` section → WARN: `[WARN] Story {S-N-M} done but no Story Contracts section — add semantic contract rows for new work`
+   - Done Story has no rows in `## Story Contracts` → WARN: `[WARN] Story {S-N-M} done but has no Story Contract rows`
+   - Story Contracts table is missing required columns `Story`, `Contract`, or `Proof Status` → FAIL
+   - Done Story has any contract row with blank / `⬜ not proven` / `NOT_PROVEN` / `FAIL` / `needs-user-confirmation` → FAIL
+   - Done Story has all rows `✅ pass`, `proven`, `verified`, or equivalent → PASS
+   - In-progress Story has unproven contracts → PASS; proof pending is normal
+This is the semantic acceptance gate. It exists to catch drift such as "contract requires `slaRisk`, implementation/tests/UI use `risk`" before DONE.
+### Check 10: Durable Smoke Evidence
+For each `✅ done` Story, any passing Proof Ledger row whose Evidence says `UI`, `browser`, `smoke`, or `manual` must include durable proof:
+- screenshot/trace/video/Playwright/Cypress artifact, or
+- checklist row, or
+- URL plus exact observed UI counts/elements.
+Vague rows like `UI manual | pass | checked browser` → FAIL.
+### Check 11: Evaluator Artifact Protection
+If changed files include `experiment/kode-harness-scorecard.md`, `experiment/run-card.md`, `experiment/evaluator-*.md`, or `docs/evaluator-*.md`, WARN unless explicitly requested by the user. If the file has `<!-- harness-owner: evaluator -->`, FAIL unless it also has `<!-- harness-edit-approved: <reason> -->`.
+### Check 12: Scope Split Approval
+If `docs/project-brief.md` maps one FR/KPI/ARB row to multiple Story IDs, require `Scope split approved: <reason>` or `<!-- harness-scope-split-approved: ... -->`. Without approval → FAIL.
+### Check 13: Recent Changes Section Integrity
+`docs/project-state.md` must keep session changelog entries separate from proof/evidence sections.
+1. Read `## Recent Changes`.
+2. FAIL if the section contains nested headings such as `### Scenario`, `### Color Coding`, or `### Conclusion`.
+3. FAIL if the section contains UI/proof checklist bullets such as dropdown/column/color-coding/evidence details.
+4. Valid Recent Changes entries should be compact changelog rows, preferably:
+   `- YYYY-MM-DD S{N}-{M}: {what changed} (STATUS: DONE)`
+This catches wrap-up corruption where `## Recent Changes` is inserted in the middle of `FR-008 Durable UI Evidence` and steals the remaining proof content.
 ## Output Format
 ```
@@ -158,6 +201,18 @@ Outcomes:
 ### Check 8: Project Docs Hub Index
 - {N} rows checked / {M} missing paths / {K} visibility warnings / skipped if unused
+### Check 9: Story Contract Coverage
+- {N} done Stories checked / {M} missing contract rows / {K} unproven contracts
+### Check 10: Durable Smoke Evidence
+- {N} UI/manual proof rows checked / {M} vague rows
+### Check 12: Scope Split Approval
+- {N} split tracker rows checked / {M} missing approval
+### Check 13: Recent Changes Section Integrity
+- Recent Changes contains only changelog entries / {M} misplaced evidence lines
 <!-- CREW_MODE_START -->
 ### Check 6: Validation Tracker (🟣)
 - {N} FR references checked / {M} drifted

package/harness/skills/wrap-up.md CHANGED Viewed

@@ -20,7 +20,7 @@ This is kode:harness's memory mechanism — without it, the same mistakes repeat
 - After a review revealed a repeated mistake
 - When the user explicitly asks to record a lesson
-> **Timing**: Invoke this skill **once at session end**, not after each individual skill. It aggregates the entire session's work into state files.
+> **Timing**: Invoke once at session end; aggregate the whole session into state files.
 ## Procedure
@@ -35,7 +35,7 @@ If `git diff --stat` shows no changes and `git log` shows no new commits this se
 - Report: "📝 Quiet session — status checks only, no code changes."
 - Skip Step 3 (Failure Pattern Detection) — no code changes means no new failure patterns
 - Skip Step 5 (features.md update) and Step 5.5 (dependency-map.md verify) — nothing changed
-- Still execute Step 4 (Quick Summary update) and Step 6 (Agent Memory) if an agent was used
+- Still execute Step 4 and Step 6 if an agent was used
 - Still execute Step 2 (Direction Drift Check) — discussion-only drift is possible
 ### Step 2: Direction Drift Check
@@ -49,14 +49,14 @@ Before recording failures, verify that the session's work stayed aligned with pr
    - Did the user explicitly change direction during this session? → Note for pivot recommendation
 3. **If drift detected**:
    - Add a warning to the Step 7 Report: `⚠️ Direction drift: [description of misalignment]`
-   - Recommend: "Consider running `pivot` skill to formally update project direction. You can run it AFTER this wrap-up session completes."
+   - Recommend `pivot` after wrap-up
    - Do NOT block — the wrap-up skill always completes
 4. **If no drift**: Proceed silently (no output for this step)
 <!-- CREW_MODE_START -->
 #### Step 2.5: Validation Tracker Update (🟣 Pipeline only) ⚠️ MANDATORY
-> **⛔ Completion Gate**: Step 2.5를 완료해야 Step 3 이후를 진행할 수 있습니다. Validation Tracker가 존재하면 반드시 갱신 후 다음 단계로 진행하세요.
+> **⛔ Completion Gate**: Validation Tracker가 있으면 갱신 후 Step 3으로 진행하세요.
 If `docs/project-brief.md` contains a `## Validation Tracker` section with data:
@@ -70,9 +70,9 @@ If `docs/project-brief.md` contains a `## Validation Tracker` section with data:
    - Did this session produce Stories/code that don't map to any FR or KPI? → warn
    - Are there KPIs/FRs with no Stories after 2+ sprints? → warn as "⚠️ Unplanned KPI/FR risk"
    - Include warnings in Step 7 Report
-5. **Self-check**: Validation Tracker의 KPI/FR/ARB 상태가 이 세션의 완료 Story를 정확히 반영하는지 확인. 미갱신 항목이 있으면 즉시 갱신 후 다음 단계로 진행.
+5. **Self-check**: KPI/FR/ARB 상태가 완료 Story와 일치해야 합니다. 누락 시 즉시 갱신.
-> ⛔ Validation Tracker 갱신 없이 Step 3으로 진행하지 마세요. 이 단계를 건너뛰면 FR/KPI Coverage가 실제 진행 상황과 불일치합니다.
+> ⛔ Tracker 갱신 없이 Step 3으로 진행하지 마세요.
 If no Validation Tracker → skip this step entirely.
 <!-- CREW_MODE_END -->
@@ -83,7 +83,7 @@ For each issue/error that occurred in this session:
 1. Read `docs/failure-patterns.md`
 2. Check if this matches an existing pattern (FP-NNN):
-   - **If match found AND already incremented by `debug` in this session**: Skip — do not double-count. Check `docs/project-state.md` Recent Changes for debug entries from this session to determine if a pattern was already recorded.
+   - **If match found AND already incremented by `debug` in this session**: Skip. Check Recent Changes to avoid double-count.
    - **If match found AND NOT already incremented this session**: Increment the Frequency counter, add the Sprint/Story to "Occurred"
    - **If new pattern**: Assign next FP-NNN number, create a new entry using this format:
@@ -100,7 +100,7 @@ For each issue/error that occurred in this session:
 3. If the failure relates to a specific skill or agent, note it for that skill's checklist
-> **Self-check**: Step 3 완료 시 `docs/failure-patterns.md`에 최소 하나의 FP 항목이 있어야 합니다 (이 세션에서 실패가 없었으면 기존 항목 확인만).
+> **Self-check**: `docs/failure-patterns.md` has at least one FP entry; if no new failure, existing entries are enough.
 ### Step 4: Update docs/project-state.md ⚠️ MANDATORY
@@ -116,6 +116,9 @@ For each issue/error that occurred in this session:
    ```
    - [YYYY-MM-DD] S{N}-{M}: {what was done} (STATUS: DONE)
    ```
+   - Append compact changelog rows only. If creating the section, place it before `## Session Handoff Protocol` or EOF.
+   - Never insert it inside proof/evidence sections (`Proof Ledger`, durable UI evidence, smoke/manual proof).
+   - Self-check: no nested headings or UI/proof checklist bullets under `## Recent Changes`.
 ### Step 5: Update docs/features.md (if applicable)
@@ -136,7 +139,7 @@ For each issue/error that occurred in this session:
    - WARN → include warnings in the final wrap-up report, then proceed
    - FAIL → fix the listed drift (update affected state files), then re-run state-check until PASS or WARN
-> **Self-check**: `docs/dependency-map.md`에 이 세션에서 새로 추가한 모듈이 모두 등록되었는지 확인. 누락 시 즉시 추가. state-check가 PASS 또는 WARN을 반환해야 다음 단계로 진행합니다.
+> **Self-check**: New modules are registered in `docs/dependency-map.md`; state-check is PASS/WARN.
 ### Step 5.55: Refresh Project Docs Hub Index (if applicable)
@@ -145,7 +148,7 @@ Run only if user used/requested `docs-bridge`, or Project Docs Hub Index has rea
 1. For changed docs (`README*`, `docs/`, ADR/design/runbook/API specs), refresh indexed review/status.
 2. For new docs, add `proposed` rows or recommend `docs-bridge`.
 3. Never write external hubs, invent targets, change visibility, or convert `local-only` / `pending` without explicit request.
-4. Keep filesystem paths, vault names, page IDs, and resolver details out of tracked state; use `.harness/docs-bridge.local.*`.
+4. Keep private paths/IDs/resolvers out of tracked state; use `.harness/docs-bridge.local.*`.
 ### Step 5.6: Resolve STATE-AUDIT Flags (if applicable)
@@ -160,8 +163,12 @@ Before session end, record the working proof that justified completion:
 1. Read reviewer output or recent terminal evidence for passing tests/smoke proof.
 2. Add one compact row to `docs/project-state.md` → `## Proof Ledger` for each completed Story.
 3. Cross-check completed Stories against `## Evidence Summary` / `## Proof Ledger`.
-4. If no proof exists, write `[PROOF-GAP] Proof missing` in the wrap-up report and recommend returning to `reviewer`; do not claim the Story is complete.
-5. If `[PROOF-GAP]` exists, STOP before Step 5.65. Do not auto-commit state files that mark a Story done/reviewed without passing proof. Revert the Story to Proof Pending or return to `reviewer`.
+4. Check `## Story Contracts`: completed Story rows must be `✅ pass`/`proven`; otherwise `[CONTRACT-GAP]`.
+5. UI/manual/smoke proof needs artifact/checklist or URL + exact counts/elements.
+6. Keep durable UI evidence in its own section, never under `## Recent Changes`.
+7. Split FR/KPI/ARB mappings need `Scope split approved: <reason>`.
+8. If proof is missing, write `[PROOF-GAP]` and return to `reviewer`.
+9. If `[PROOF-GAP]` or `[CONTRACT-GAP]` exists, STOP before Step 5.65.
 Proof rows must stay short: Date, Story, Evidence, Result, Command / Observation. Do not paste long logs.
@@ -171,7 +178,7 @@ State file 변경사항을 커밋합니다. Learn 실행 결과가 커밋되지
 1. Stage state files: `git add docs/project-state.md docs/failure-patterns.md docs/features.md docs/dependency-map.md docs/agent-memory/`
 2. Commit: `git commit -m "wrap-up: session lessons captured"`
-3. If commit fails (nothing to commit), skip — state files were already committed
+3. If nothing to commit, skip.
 > **Self-check**: `git status`에 docs/ 아래 unstaged 파일이 없어야 합니다.
@@ -179,16 +186,16 @@ State file 변경사항을 커밋합니다. Learn 실행 결과가 커밋되지
 Before ending the session, check for unpushed commits:
-1. Run `git log --oneline @{u}..HEAD 2>/dev/null || echo "no upstream"` to find unpushed commits
+1. Run `git log --oneline @{u}..HEAD 2>/dev/null || echo "no upstream"`
 2. **If unpushed commits exist**:
    - List the commits: `git log --oneline @{u}..HEAD`
    - Solo mode: Recommend push — `git push origin {branch}`
-   - Team mode: **Strongly recommend** push — unpushed work is invisible to teammates
+   - Team mode: **Strongly recommend** push
    - Warn: "⚠️ {N}개의 커밋이 push되지 않았습니다. 작업물을 원격에 백업하세요."
 3. **If no upstream configured** (`no upstream`):
    - Check if remote exists: `git remote -v`
    - If remote exists: Suggest `git push -u origin {branch}` (first push)
-   - If no remote: Note "원격 저장소가 설정되지 않았습니다. 팀 협업 시 remote 설정이 필요합니다."
+   - If no remote: Note "원격 저장소가 설정되지 않았습니다."
 4. **If all commits are pushed**: Skip (no output)
 ### Step 6: Update Agent Memory (if applicable)
@@ -199,15 +206,15 @@ If an agent (reviewer, pm, lead, architect) was used in this session, update its
 2. **Auto-initialize if needed**: If the file only contains `<!-- Example entries` placeholder comments and no real data:
    - Replace the placeholder block with actual entries from this session
    - Initialize statistics counters with real values
-   - If real entries already exist alongside placeholders, APPEND new entries and remove only the placeholder comments. Do not overwrite existing real data.
-   - **When does initialization happen?**: On the FIRST session where the agent is used AND wrap-up is invoked. If an agent is never used, its memory stays as a placeholder indefinitely — this is expected.
+   - If real entries exist, APPEND and remove only placeholder comments.
+   - Initialize on the first wrap-up session where the agent was used.
    - Example transformation:
      ```
      Before: <!-- Example entries (replace with real findings after first review):
      After:  - [S1-1] Mock sync missed for UserService interface change
      ```
 3. **Append session learnings** to the appropriate section:
-   - **reviewer.md**: Add review patterns found, update statistics (total reviews +1, auto-fixes, escalations)
+   - **reviewer.md**: Add review patterns and update statistics
    - **pm.md**: Record estimation accuracy (planned vs actual), note architecture discoveries
    - **lead.md**: Update velocity (stories done/planned), record any scope drift incidents
    - **architect.md**: Record design decisions made, module boundary insights, anti-patterns observed
@@ -275,11 +282,11 @@ If crew artifacts were used this session (🟣 pipeline), also append:
 - Keep failure pattern descriptions concise (1-2 sentences for Cause and Prevention)
 - If no failures occurred, skip Step 2 and just update state files
 - Do not modify source code — this skill only updates state files
-- Quick Summary must be exactly 3 lines — concise enough for the next session to scan instantly
+- Quick Summary must be exactly 3 lines
 ## Enforced Rules
-- **Session Handoff**: Before ending a session, docs/project-state.md Quick Summary MUST be updated. Never leave the project in an undocumented state.
+- **Session Handoff**: Before ending, update docs/project-state.md Quick Summary.
 - **State File Size Limits**: Keep state files compact for LLM context windows:
   - docs/project-brief.md: Max 200 lines
   - docs/project-state.md: Max 300 lines (archive completed sprints)
@@ -302,7 +309,7 @@ If crew artifacts were used this session (🟣 pipeline), also append:
 ## Team Mode: Session Wrap-up
 ### Pre-Pull (mandatory before any shared file edit)
-1. Run `git pull` on the default branch before updating docs/features.md or docs/dependency-map.md (per project-brief.md → Key Technical Decisions; default: main)
+1. Run `git pull` on the default branch before updating docs/features.md or docs/dependency-map.md (default: main)
 2. If merge conflicts occur, follow the **Merge Conflict SOP** below
 ### Merge Conflict SOP
@@ -319,7 +326,7 @@ When `git pull` causes merge conflicts in shared state files:
    | `docs/failure-patterns.md` | Keep BOTH entries, deduplicate by FP-NNN number |
 3. **After resolving**: `git add <resolved-files> && git commit`
 4. **Verify**: Re-read the resolved file and confirm no data was lost
-5. **If unsure**: Do NOT force-resolve. Ask the designated authority (per project-brief.md; default: team lead) or the Owner of the conflicting rows.
+5. **If unsure**: Do NOT force-resolve. Ask the designated authority or row Owner.
 ### Owner-Scoped Updates
 - **docs/features.md**: only update rows where Owner = you
@@ -327,7 +334,7 @@ When `git pull` causes merge conflicts in shared state files:
 - **Personal files** (.harness/project-state.md, .harness/failure-patterns.md, .harness/agent-memory/): update freely — no coordination needed
 ### Failure Pattern Promotion
-If a personal failure pattern (FP-NNN in .harness/failure-patterns.md) is likely to affect other developers:
+If a personal FP in `.harness/failure-patterns.md` may affect others:
 1. Discuss with the team (Slack, PR comment, etc.)
-2. If agreed, add it to a shared location (team wiki, PR description) so others can add it to their personal .harness/failure-patterns.md
+2. If agreed, add it to a shared location so others can copy it.
 <!-- TEAM_MODE_END -->

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kodevibe/harness",
-  "version": "0.11.2",
+  "version": "0.11.3",
   "description": "kode:harness — harness engineering for keeping every developer's AI aligned on one project direction.",
   "keywords": [
     "llm",

package/src/guard.js CHANGED Viewed

@@ -16,6 +16,11 @@
 //   R8  checkPublicBoundary — public package surface does not leak internal refs
 //   R9  checkEnvSeal       — proof records include reproducible environment seal
 //   R10 checkInstructionBudget — instruction files fit model-tier budgets
+//   R11 checkStoryContracts — done Stories must prove their semantic contracts
+//   R12 checkEvaluatorArtifact — evaluator-owned artifacts are not rewritten silently
+//   R13 checkSmokeEvidence — browser/manual proof must leave durable evidence
+//   R14 checkScopeSplitApproval — FR/KPI/ARB split mappings need approval
+//   R15 checkRecentChangesIntegrity — wrap-up must not corrupt state sections
 //
 // Severity: 'error' blocks the commit (exit 1). 'warn' is informational.
@@ -153,6 +158,12 @@ function parseMarkdownTable(section) {
     });
 }
+function markdownTableHeaders(section) {
+  const lines = section.split('\n').map((l) => l.trim()).filter((l) => l.startsWith('|'));
+  if (lines.length < 2) return [];
+  return lines[0].replace(/^\|/, '').replace(/\|$/, '').split('|').map((c) => c.trim());
+}
 function storyIdFromRow(row) {
   return row.ID || row.Id || row.Story || row['Story ID'] || row['Story'] || '';
 }
@@ -161,6 +172,56 @@ function rowStatus(row) {
   return row.Status || row.status || '';
 }
+function storyContractStatus(row) {
+  return row['Proof Status'] || row.Status || row.status || row.Result || row.result || '';
+}
+const RECENT_CHANGES_EVIDENCE_TERMS = /\b(?:scenario|expected|result|observer|url|screenshot|playwright|dropdown|column|color coding|ui elements?)\b|시나리오|기대|결과|관찰|드롭다운|컬럼|색상|스크린샷/i;
+/**
+ * Recent Changes is the session changelog. A recurring wrap-up failure is
+ * inserting it in the middle of an evidence/proof section, which silently moves
+ * the rest of that section under "Recent Changes". Catch obvious structure
+ * corruption deterministically.
+ *
+ * @param {string} content project-state.md
+ * @returns {Array}
+ */
+function checkRecentChangesIntegrity(content) {
+  const violations = [];
+  const visible = stripHtmlComments(content);
+  const recent = getSection(visible, 'Recent Changes');
+  if (recent === null) return violations;
+  const lines = recent.split('\n');
+  const nestedHeading = lines.find((line) => /^#{3,}\s+/.test(line.trim()));
+  if (nestedHeading) {
+    violations.push({
+      check: 'state-structure',
+      severity: 'error',
+      line: 0,
+      message: `Recent Changes contains nested heading "${nestedHeading.trim()}". It was likely inserted inside an evidence/proof section; move Recent Changes after the completed evidence block (R15).`,
+    });
+  }
+  const misplacedEvidence = lines.find((line) => {
+    const trimmed = line.trim();
+    if (!/^[-*]\s+/.test(trimmed)) return false;
+    if (/\d{4}-\d{2}-\d{2}|\bS\d+-\d+\b|session|wrap-up|recent/i.test(trimmed)) return false;
+    return RECENT_CHANGES_EVIDENCE_TERMS.test(trimmed);
+  });
+  if (misplacedEvidence) {
+    violations.push({
+      check: 'state-structure',
+      severity: 'error',
+      line: 0,
+      message: `Recent Changes contains evidence/checklist content (${misplacedEvidence.trim()}). Do not place proof details under Recent Changes; keep durable evidence in its own section (R15).`,
+    });
+  }
+  return violations;
+}
 /**
  * Validate docs/project-state.md content for handoff + proof-first integrity.
  * @param {string} content
@@ -215,6 +276,96 @@ function checkStateFile(content) {
     }
   }
+  violations.push(...checkRecentChangesIntegrity(content));
+  return violations;
+}
+// ─── Story Contract Gate (R11 / semantic acceptance) ────────────────
+const STORY_CONTRACT_PASS = /✅|pass(?:ed)?|proven|verified|reviewed|done|ok/i;
+const STORY_CONTRACT_NOT_PROVEN = /❌|fail(?:ed)?|not[_ -]?proven|not[_ -]?verified|pending|todo|tbd|blank|needs[_ -]?user[_ -]?confirmation|needs[_ -]?confirmation|⬜|🚫|blocked/i;
+/**
+ * Semantic Story Contract gate. This is intentionally project-agnostic:
+ * the harness does not parse the app domain itself; it requires the agent to
+ * write a compact Story Contract table and prove every row before Done.
+ *
+ * Backward compatibility: existing projects with done Stories but no contract
+ * rows receive WARN, not FAIL. Once a contract row exists, an unproven row is
+ * blocking.
+ *
+ * @param {{projectState?: string}|string} input project-state.md content or object
+ * @returns {Array}
+ */
+function checkStoryContracts(input = {}) {
+  const projectState = typeof input === 'string' ? input : (input.projectState || '');
+  const violations = [];
+  const visible = stripHtmlComments(projectState);
+  const doneStories = parseMarkdownTable(getSection(visible, 'Story Status') || '')
+    .filter((row) => /✅\s*done/i.test(rowStatus(row)));
+  if (doneStories.length === 0) return violations;
+  const section = getSection(visible, 'Story Contracts');
+  if (section === null) {
+    for (const story of doneStories) {
+      const id = storyIdFromRow(story);
+      violations.push({
+        check: 'story-contract',
+        severity: 'warn',
+        line: 0,
+        message: `Story ${id || '(unknown)'} is done but project-state.md has no Story Contracts section (R11). Add semantic contract rows for new work.`,
+      });
+    }
+    return violations;
+  }
+  const headers = markdownTableHeaders(section);
+  const requiredHeaders = ['Story', 'Contract', 'Proof Status'];
+  const hasContractTable = headers.length > 0;
+  const hasRequiredHeaders = requiredHeaders.every((name) => headers.includes(name));
+  if (!hasContractTable || !hasRequiredHeaders) {
+    violations.push({
+      check: 'story-contract',
+      severity: 'error',
+      line: 0,
+      message: 'Story Contracts table is malformed. Required columns: Story, Contract, Proof Status (R11).',
+    });
+    return violations;
+  }
+  const rows = parseMarkdownTable(section);
+  for (const story of doneStories) {
+    const id = storyIdFromRow(story);
+    const contracts = rows.filter((row) => {
+      const cell = String(row.Story || row['Story ID'] || '');
+      return id && cell.includes(id);
+    });
+    if (contracts.length === 0) {
+      violations.push({
+        check: 'story-contract',
+        severity: 'warn',
+        line: 0,
+        message: `Story ${id || '(unknown)'} is done but has no Story Contract rows (R11). Add semantic acceptance contracts for new work.`,
+      });
+      continue;
+    }
+    for (const row of contracts) {
+      const status = storyContractStatus(row);
+      const contract = row.Contract || row['Required Assertion'] || '(unnamed contract)';
+      if (!status || STORY_CONTRACT_NOT_PROVEN.test(status) || !STORY_CONTRACT_PASS.test(status)) {
+        violations.push({
+          check: 'story-contract',
+          severity: 'error',
+          line: 0,
+          message: `Story ${id} is done but Story Contract "${contract}" is not proven (status: ${status || 'blank'}). Prove every contract row before Done (R11).`,
+        });
+      }
+    }
+  }
   return violations;
 }
@@ -385,6 +536,44 @@ function checkStateSync({ projectState = '', features = '', dependencyMap = '' }
   return violations;
 }
+// ─── Scope Split Approval Gate (R14) ────────────────────────────────
+const STORY_ID_RE = /\bS\d+-\d+\b/g;
+const TRACKER_ROW_RE = /\b(?:FR|KPI|ARB|ARB-FAIL)[-_]?\d+\b/i;
+const SCOPE_SPLIT_APPROVAL_RE = /\bScope split approved\b|범위\s*분할\s*승인|<!--\s*harness-scope-split-approved:/i;
+/**
+ * When a Validation Tracker maps a single FR/KPI/ARB item to multiple Stories,
+ * the split is a product decision. Require an explicit approval marker so a
+ * model cannot silently shrink or repartition scope.
+ *
+ * @param {{projectBrief?: string}|string} input project-brief.md content or object
+ * @returns {Array}
+ */
+function checkScopeSplitApproval(input = {}) {
+  const projectBrief = typeof input === 'string' ? input : (input.projectBrief || '');
+  const visible = stripHtmlComments(projectBrief);
+  if (!/Validation Tracker|FR Coverage|KPI Coverage|ARB Fail Resolution/i.test(visible)) return [];
+  if (SCOPE_SPLIT_APPROVAL_RE.test(projectBrief)) return [];
+  const violations = [];
+  const lines = visible.split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (!TRACKER_ROW_RE.test(line)) continue;
+    const storyIds = [...new Set(line.match(STORY_ID_RE) || [])];
+    if (storyIds.length > 1) {
+      violations.push({
+        check: 'scope-split',
+        severity: 'error',
+        line: i + 1,
+        message: `Validation Tracker maps one item to multiple Stories (${storyIds.join(', ')}) without Scope split approved marker (R14). Add "Scope split approved: <reason>" before Done.`,
+      });
+    }
+  }
+  return violations;
+}
 // ─── Integration / Persistence DoD (R4) ──────────────────────────────
 // Evidence terms that prove only in-memory/unit behaviour (insufficient alone).
@@ -392,6 +581,11 @@ const UNIT_ONLY_TERMS = /\bunit\b|단위\s*테스트/i;
 // Evidence terms that prove integration / persistence reached real boundaries.
 const INTEGRATION_TERMS = /\bintegration\b|통합|\bpersist|영속|\brow count|적재|\bcontext test|\be2e\b|database|\bdb\b|repository|commit boundary/i;
+const SMOKE_EVIDENCE_TERMS = /\b(?:ui|browser|smoke|manual)\b|브라우저|수동|화면/i;
+const DURABLE_SMOKE_ARTIFACT_TERMS = /\b(?:screenshot|playwright|cypress|selenium|trace|video|manual checklist|checklist)\b|\.(?:png|jpe?g|webp|mp4)\b/i;
+const SMOKE_URL_TERMS = /https?:\/\/|localhost(?::\d+)?|127\.0\.0\.1(?::\d+)?/i;
+const SMOKE_OBSERVATION_TERMS = /\b(?:observed|rows?|counts?|items?|open|closed|breached|at-risk|normal|columns?|filters?)\b|렌더|확인|컬럼|필터|개\s*open|\d+/i;
 /**
  * Integration/Persistence DoD: a Story marked "✅ done" must have at least one
  * Proof Ledger row whose evidence indicates integration/persistence — not only
@@ -429,6 +623,52 @@ function checkIntegrationDoD(content) {
   return violations;
 }
+/**
+ * Browser/manual/smoke proof is too easy to fake as prose. If a done Story has
+ * a passing UI/manual/smoke Proof Ledger row, require a durable artifact or a
+ * URL plus concrete observed UI data.
+ *
+ * @param {string} content project-state.md
+ * @returns {Array}
+ */
+function checkSmokeEvidence(content) {
+  const violations = [];
+  const visible = stripHtmlComments(content);
+  const doneIds = parseMarkdownTable(getSection(visible, 'Story Status') || '')
+    .filter((row) => /✅\s*done/i.test(rowStatus(row)))
+    .map((row) => storyIdFromRow(row))
+    .filter(Boolean);
+  if (doneIds.length === 0) return violations;
+  const ledgerRows = parseMarkdownTable(getSection(visible, 'Proof Ledger') || '');
+  for (const row of ledgerRows) {
+    const values = Object.values(row).filter((v) => typeof v === 'string');
+    const raw = values.join(' ');
+    const story = row.Story || row['Story ID'] || '';
+    const result = row.Result || row.result || raw;
+    if (!/(✅|pass)/i.test(result)) continue;
+    if (story && !doneIds.some((id) => story.includes(id))) continue;
+    if (!SMOKE_EVIDENCE_TERMS.test(raw)) continue;
+    const artifact = row.Artifact || row.artifact || '';
+    const command = row['Command / Observation'] || row.Command || row.Observation || '';
+    const hasDurableArtifact = artifact.trim() && !/^[-—n/a]*$/i.test(artifact.trim());
+    const hasToolProof = DURABLE_SMOKE_ARTIFACT_TERMS.test(raw);
+    const hasConcreteManualProof = SMOKE_URL_TERMS.test(command || raw) && SMOKE_OBSERVATION_TERMS.test(command || raw);
+    if (!(hasDurableArtifact || hasToolProof || hasConcreteManualProof)) {
+      violations.push({
+        check: 'smoke-evidence',
+        severity: 'error',
+        line: 0,
+        message: `Passing UI/manual/smoke proof for Story ${story || '(unknown)'} is not durable. Add screenshot/Playwright artifact, checklist row, or URL plus exact observed UI counts/elements (R13).`,
+      });
+    }
+  }
+  return violations;
+}
 // ─── Environment Seal Gate (R9) ──────────────────────────────────────
 /**
@@ -501,6 +741,51 @@ function checkPublicBoundary(content, filename = '') {
   return violations;
 }
+// ─── Evaluator Artifact Protection (R12) ────────────────────────────
+const EVALUATOR_ARTIFACT_PATHS = [
+  /^experiment\/(?:kode-harness-scorecard|run-card|evaluator-).*\.md$/i,
+  /^docs\/experiment\/(?:kode-harness-scorecard|run-card|evaluator-).*\.md$/i,
+  /^docs\/evaluator-.*\.md$/i,
+];
+const EVALUATOR_OWNER_MARKER = /<!--\s*harness-owner:\s*evaluator\s*-->/i;
+const EVALUATOR_APPROVAL_MARKER = /<!--\s*harness-edit-approved:\s*[^>]+-->/i;
+function isEvaluatorArtifact(file = '') {
+  const normalized = file.replace(/\\/g, '/');
+  return EVALUATOR_ARTIFACT_PATHS.some((re) => re.test(normalized));
+}
+/**
+ * Protect evaluator/run-card/scorecard artifacts from model-under-test rewrites.
+ * Ordinary evaluator-looking paths warn. Files explicitly marked
+ * `harness-owner: evaluator` fail unless a human approval marker is present.
+ *
+ * @param {string} content
+ * @param {string} [filename]
+ * @returns {Array}
+ */
+function checkEvaluatorArtifact(content, filename = '') {
+  if (!isEvaluatorArtifact(filename)) return [];
+  const owned = EVALUATOR_OWNER_MARKER.test(content);
+  const approved = EVALUATOR_APPROVAL_MARKER.test(content);
+  if (owned && !approved) {
+    return [{
+      check: 'evaluator-artifact',
+      severity: 'error',
+      line: 0,
+      message: `${filename}: evaluator-owned artifact changed without explicit approval marker (R12). Add <!-- harness-edit-approved: <reason> --> only when the user explicitly requested this edit.`,
+    }];
+  }
+  if (owned && approved) return [];
+  return [{
+    check: 'evaluator-artifact',
+    severity: 'warn',
+    line: 0,
+    message: `${filename}: evaluator/run-card artifact changed. Confirm the user explicitly requested this edit (R12).`,
+  }];
+}
 // ─── Markdown lint (R6 / L3-8) ───────────────────────────────────────
 /**
@@ -640,6 +925,10 @@ function isStateMarkdownFile(file) {
   return /(?:^|\/)(?:docs|\.harness)\/(?:project-state|features|dependency-map|project-brief|failure-patterns)\.md$/.test(file);
 }
+function isProjectBriefFile(file) {
+  return /(?:^|\/)(?:docs|\.harness)\/project-brief\.md$/.test(file);
+}
 function isScannableForSecrets(file) {
   return /\.(js|ts|jsx|tsx|json|jsonc|ya?ml|env|sh|py|java|md|properties|toml)$/i.test(file)
     && !/\.lock$/.test(file);
@@ -672,6 +961,7 @@ function runGuard({ files, cwd = process.cwd() }) {
     if (isPublicPackageFile(rel)) {
       all.push(...checkPublicBoundary(content, rel));
     }
+    all.push(...checkEvaluatorArtifact(content, rel));
     if (file.endsWith('.md') && isStateMarkdownFile(file)) {
       all.push(...lintMarkdownTables(content, rel));
     }
@@ -682,12 +972,17 @@ function runGuard({ files, cwd = process.cwd() }) {
       const base = path.basename(file);
       all.push(...checkStateFile(content));
       all.push(...checkReviewerHandoff(content));
+      all.push(...checkStoryContracts({ projectState: content }));
       all.push(...checkIntegrationDoD(content));
+      all.push(...checkSmokeEvidence(content));
       all.push(...checkEnvSeal(content));
       if (STATE_LINE_LIMITS[base]) {
         all.push(...lintLineLimit(content, STATE_LINE_LIMITS[base], rel));
       }
     }
+    if (isProjectBriefFile(file)) {
+      all.push(...checkScopeSplitApproval({ projectBrief: content }));
+    }
   }
   const errorCount = all.filter((v) => v.severity === 'error').length;
@@ -699,11 +994,16 @@ module.exports = {
   scanSecrets,
   checkStateFile,
   checkReviewerHandoff,
+  checkStoryContracts,
   checkLearnCompletion,
   checkStateSync,
+  checkScopeSplitApproval,
+  checkRecentChangesIntegrity,
   checkIntegrationDoD,
+  checkSmokeEvidence,
   checkEnvSeal,
   checkPublicBoundary,
+  checkEvaluatorArtifact,
   lintMarkdownTables,
   lintLineLimit,
   checkInstructionBudget,