npm - @ktpartners/dgs-platform - Versions diffs - 3.0.4 → 3.3.0 - Mend

@ktpartners/dgs-platform 3.0.4 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/commands/dgs/diff-report.md ADDED Viewed

@@ -0,0 +1,124 @@
+---
+name: dgs:diff-report
+description: Generate a diff report (REVIEW.md) on demand for any milestone or quick task
+argument-hint: "[version|--quick slug] [--detailed]"
+allowed-tools:
+  - Read
+  - Bash
+---
+# /dgs:diff-report -- On-Demand Diff Report
+Generate a REVIEW.md on demand without requiring audit-milestone or complete-quick.
+## Usage
+```
+/dgs:diff-report              -- Auto-detect: active quick task or current milestone
+/dgs:diff-report v21.0        -- Generate for a specific milestone version
+/dgs:diff-report --quick slug -- Generate for a specific quick task
+/dgs:diff-report --detailed   -- Use LLM-powered detailed analysis mode
+```
+## Steps
+<step name="parse_arguments">
+Parse $ARGUMENTS for:
+- A version string (e.g., `v21.0`, `v22.0`) — milestone target
+- `--quick <slug>` — quick task target with explicit slug
+- `--detailed` — pass through to underlying CLI command
+- No arguments — auto-detect mode
+Store as `TARGET_TYPE` (one of: `milestone`, `quick`, `auto`), `TARGET_VALUE` (version or slug, may be empty), and `DETAILED` (boolean).
+</step>
+<step name="detect_context">
+**If TARGET_TYPE is `auto`** (no version or --quick specified):
+Check for an active quick task first:
+```bash
+ACTIVE_QUICK=$(node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" quick generate-review --raw 2>&1)
+QUICK_EXIT=$?
+```
+If `QUICK_EXIT` is 0 and the output contains `"generated": true` or `"fastForward": true`:
+- Set `TARGET_TYPE = quick` (auto-detected)
+- The command already ran and produced the review
+If `QUICK_EXIT` is non-zero (no active quick task):
+- Set `TARGET_TYPE = milestone` (fall back to current milestone)
+**If TARGET_TYPE is `milestone`:**
+Use the version argument if provided. Otherwise auto-detection happens inside the CLI command.
+**If TARGET_TYPE is `quick`:**
+Use the slug argument if provided. Otherwise auto-detection happens inside the CLI command.
+</step>
+<step name="show_context">
+Display what will be generated before proceeding:
+**If auto-detected quick task:**
+```
+Generating review for quick task...
+```
+**If milestone (with version):**
+```
+Generating review for milestone {version}...
+```
+**If milestone (auto-detect):**
+```
+Generating review for current milestone...
+```
+**If explicit quick task:**
+```
+Generating review for quick task {slug}...
+```
+</step>
+<step name="generate">
+Run the appropriate CLI command:
+**For milestone reports:**
+```bash
+RESULT=$(node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" jobs generate-review ${TARGET_VALUE} ${DETAILED_FLAG} 2>&1)
+EXIT_CODE=$?
+```
+Where `${TARGET_VALUE}` is the version (e.g., `v21.0`) or empty for auto-detect, and `${DETAILED_FLAG}` is `--detailed` if requested or empty.
+**For quick task reports:**
+```bash
+RESULT=$(node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" quick generate-review ${TARGET_VALUE} ${DETAILED_FLAG} 2>&1)
+EXIT_CODE=$?
+```
+Where `${TARGET_VALUE}` is the slug or empty for auto-detect.
+Note: If auto-detect already ran the quick command in step 2 and succeeded, skip re-running — use the result from step 2.
+</step>
+<step name="report">
+**If EXIT_CODE is 0:**
+Display the result from the CLI command (it includes file path and stats).
+**If EXIT_CODE is non-zero:**
+Display the error from the CLI command. The underlying commands already produce actionable error messages:
+- `No version specified and no active job found` — no milestone to generate for
+- `No active quick task found` — no quick task to generate for
+- `No job file found for [version]` — missing job file, need to run a milestone job first
+- `No code changes detected` — fast-forwarded quick task (informational, not an error)
+</step>
+## Success Criteria
+- [ ] Auto-detects quick task vs milestone context
+- [ ] Delegates to existing CLI commands (no code duplication)
+- [ ] --detailed flag passed through to underlying command
+- [ ] Shows context line before generating
+- [ ] Error messages are actionable (from underlying CLI commands)

package/commands/dgs/new-project.md CHANGED Viewed

@@ -1,42 +1,29 @@
 ---
 name: dgs:new-project
-description: Initialize a new project with deep context gathering and PROJECT.md
-argument-hint: "[--auto]"
+description: Initialize a new project as a thin skeleton (name + one-liner).
+argument-hint: "[<name>]"
 allowed-tools:
   - Read
   - Bash
   - Write
-  - Task
-  - AskUserQuestion
 ---
-<context>
-**Flags:**
-- `--auto` — Automatic mode. After config questions, runs research → requirements → roadmap without further interaction. Expects idea document via @ reference.
-</context>
 <objective>
-Initialize a new project through unified flow: questioning → research (optional) → requirements → roadmap.
+Initialize a new project as a thin skeleton. Projects are holders — specs and
+milestones carry the real work.
 **Creates:**
-- `${project_path}` — project context
-- `config.json` — workflow preferences
-- `${project_root}/research/` — domain research (optional)
-- `${project_root}/REQUIREMENTS.md` — scoped requirements
-- `${roadmap_path}` — phase structure
-- `${state_path}` — project memory
+- `${project_path}` — thin PROJECT.md (title + one-line placeholder)
-**After this command:** Run `/dgs:plan-phase 1` to start execution.
+**After this command:** Run `/dgs:write-spec` to capture what you're building,
+then `/dgs:new-milestone --auto <spec-id>` to start the first milestone.
 </objective>
 <execution_context>
 @~/.claude/deliver-great-systems/workflows/new-project.md
-@~/.claude/deliver-great-systems/references/questioning.md
 @~/.claude/deliver-great-systems/references/ui-brand.md
 @~/.claude/deliver-great-systems/templates/project.md
-@~/.claude/deliver-great-systems/templates/requirements.md
 </execution_context>
 <process>
-Execute the new-project workflow from @~/.claude/deliver-great-systems/workflows/new-project.md end-to-end.
-Preserve all workflow gates (validation, approvals, commits, routing).
+Execute the new-project workflow end-to-end. Preserve gates (--auto error, commit).
 </process>

package/commands/dgs/package-scan.md ADDED Viewed

@@ -0,0 +1,43 @@
+---
+name: dgs:package-scan
+description: Scan all repos for dependency vulnerabilities and licence compliance
+argument-hint: "[--threshold <sev>] [--repo <name>]"
+allowed-tools:
+  - Read
+  - Bash
+  - Edit
+  - Write
+  - Glob
+  - Grep
+---
+<objective>
+Scan all registered repos and the product root for dependency vulnerabilities via a tool cascade (Snyk → OSV-Scanner → ecosystem-native). Produces a markdown report with YAML frontmatter (programmatic consumption) and a human-readable body, committed atomically to the active phase directory / active milestone / project root depending on lifecycle context.
+Purpose: Surface known CVEs and licence compliance issues across every language ecosystem in the project within seconds, with no configuration beyond REPOS.md.
+Output: `{phase-dir}/{phase}-PACKAGE-SCAN.md` (when run during a phase), or `milestones/v{X}.{Y}-PACKAGE-SCAN.md` (during a milestone), or `PACKAGE-SCAN-{YYYY-MM-DD-HHmm}.md` at project root (standalone). The report is atomically committed via `dgs-tools commit --files`.
+</objective>
+<execution_context>
+@~/.claude/deliver-great-systems/workflows/package-scan.md
+</execution_context>
+<context>
+Arguments: $ARGUMENTS
+**Flags** (Phase 153 will wire these; the command accepts them silently now):
+- `--threshold <sev>` — filter to findings at `<sev>` severity or higher (critical/high/medium/low)
+- `--repo <name>` — scan a single repo by name (must match REPOS.md entry)
+**Config keys** (see `deliver-great-systems/references/package-scan-config.md`):
+- `testing.packages.tool` — `auto` (default), `snyk`, `osv`, or `native`
+- `testing.packages.severity_threshold` — minimum severity to include
+- `testing.packages.include_dev_dependencies` — boolean, default `true`
+- `testing.packages.timeout_seconds` — integer, default 300
+- `testing.packages.snyk_token` — local-only (use `dgs-tools config-local-set`)
+</context>
+<process>
+Execute the package-scan workflow from @~/.claude/deliver-great-systems/workflows/package-scan.md end-to-end.
+Preserve all workflow gates (init, scan invocation, report-write-and-commit composition).
+</process>

package/commands/dgs/research-idea.md CHANGED Viewed

@@ -10,6 +10,7 @@ allowed-tools:
   - Grep
   - WebSearch
   - WebFetch
+  - Task
 ---
 <objective>

package/commands/dgs/switch-project.md CHANGED Viewed

@@ -55,4 +55,17 @@ Progress: {status.progress}%
 **If error:**
 Display the error message from the response. Suggest `/dgs:list-projects` to see available projects.
+## 4. Commit PROJECTS.md if modified
+The `projects list` call in step 2 regenerates PROJECTS.md. Commit it if changed:
+```bash
+git -C "$(node -e "const{getPlanningRoot}=require('$HOME/.claude/deliver-great-systems/bin/lib/core.cjs');process.stdout.write(getPlanningRoot(process.cwd()))")" diff --quiet PROJECTS.md 2>/dev/null
+```
+If the above exits non-zero (file has changes):
+```bash
+node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" commit "chore(project): regenerate PROJECTS.md on switch" --push
+```
 </process>

package/deliver-great-systems/bin/dgs-tools.cjs CHANGED Viewed

@@ -30,6 +30,7 @@
  *   summary-extract <path> [--fields]  Extract structured data from SUMMARY.md
  *   state-snapshot                     Structured parse of STATE.md
  *   phase-plan-index <phase>           Index plans with waves and status
+ *   package-scan [--raw]               Scan all repos for dependency vulnerabilities; writes committed report
  *   websearch <query>                  Search web via Brave API (if configured)
  *     [--limit N] [--freshness day|week|month]
  *
@@ -790,6 +791,88 @@ async function main() {
       break;
     }
+    case 'final-commit-precondition': {
+      // REL-08 (Phase 157): pre-commit precondition gate. Aborts with
+      // `summary-frontmatter-mismatch` label when PLAN.md `requirements:` is
+      // non-empty AND SUMMARY.md `requirements_completed:` is empty. Read-only —
+      // never writes to the working tree.
+      const planIdx = args.indexOf('--plan');
+      const summaryIdx = args.indexOf('--summary');
+      const opts = {
+        plan: planIdx !== -1 ? args[planIdx + 1] : undefined,
+        summary: summaryIdx !== -1 ? args[summaryIdx + 1] : undefined,
+      };
+      return commands.cmdFinalCommitPrecondition(cwd, opts);
+    }
+    case 'commit-verify-plan': {
+      // REL-01 (Phase 156): orchestrator-side commit + verification helper
+      // for /dgs:plan-phase. Commits a planner-emitted createdFiles list and
+      // verifies every reported path appears in HEAD; on mismatch, returns
+      // plan-commit-incomplete with working tree unchanged.
+      gateIdentity();
+      const message = args[1];
+      // --files <paths...> (collect args after --files until next --flag)
+      const filesIndex = args.indexOf('--files');
+      const createdFiles = filesIndex !== -1
+        ? args.slice(filesIndex + 1).filter(a => !a.startsWith('--'))
+        : [];
+      // --extra-files <paths...> (e.g. ROADMAP.md)
+      const extraIdx = args.indexOf('--extra-files');
+      const extraFiles = extraIdx !== -1
+        ? args.slice(extraIdx + 1).filter(a => !a.startsWith('--'))
+        : [];
+      // --repo-cwd <path>
+      const repoCwdIdxV = args.indexOf('--repo-cwd');
+      const repoCwdV = repoCwdIdxV !== -1 ? args[repoCwdIdxV + 1] : undefined;
+      const pushV = args.includes('--push');
+      const result = commands.verifyPlanCommit(cwd, {
+        message,
+        createdFiles,
+        extraFiles,
+        repoCwd: repoCwdV,
+        push: pushV,
+      }, raw);
+      // verifyPlanCommit is a pure helper — emit output and exit non-zero
+      // on plan-commit-incomplete so the calling workflow can detect failure.
+      if (raw) {
+        process.stdout.write(JSON.stringify(result));
+      } else {
+        if (result.ok) {
+          process.stdout.write(result.hash || result.reason || 'ok');
+        } else {
+          process.stdout.write(`[${result.exitLabel}] ${result.reason}`);
+        }
+      }
+      process.exit(result.ok ? 0 : 1);
+    }
+    case 'compute-phase-sweep': {
+      // REL-02 (Phase 156): scope-bounded executor sweep helper.
+      // Returns the UNION of git-discovered phase-dir paths and the
+      // executor-reported modified_files list, scope-filtered to
+      // ${phasesDir}/${phaseDir}/ only.
+      const phasesDirIdx = args.indexOf('--phases-dir');
+      const phaseDirIdx = args.indexOf('--phase-dir');
+      const modifiedIdx = args.indexOf('--modified-files');
+      const phasesDirV = phasesDirIdx !== -1 ? args[phasesDirIdx + 1] : undefined;
+      const phaseDirV = phaseDirIdx !== -1 ? args[phaseDirIdx + 1] : undefined;
+      const modifiedFiles = modifiedIdx !== -1
+        ? args.slice(modifiedIdx + 1).filter(a => !a.startsWith('--'))
+        : [];
+      const result = commands.computePhaseSweep(cwd, {
+        phasesDir: phasesDirV,
+        phaseDir: phaseDirV,
+        modifiedFiles,
+      }, raw);
+      if (raw) {
+        process.stdout.write(JSON.stringify(result));
+      } else {
+        process.stdout.write(`Swept: ${result.swept.length} | Dropped: ${result.dropped.length}`);
+      }
+      process.exit(result.error ? 1 : 0);
+    }
     case 'verify-summary': {
       const summaryPath = args[1];
       const countIndex = args.indexOf('--check-count');
@@ -1123,6 +1206,7 @@ async function main() {
       if (subcommand === 'complete') {
         const nameIndex = args.indexOf('--name');
         const archivePhases = args.includes('--archive-phases');
+        const force = args.includes('--force');
         // Collect --name value (everything after --name until next flag or end)
         let milestoneName = null;
         if (nameIndex !== -1) {
@@ -1133,7 +1217,7 @@ async function main() {
           }
           milestoneName = nameArgs.join(' ') || null;
         }
-        milestone.cmdMilestoneComplete(cwd, args[2], { name: milestoneName, archivePhases }, raw);
+        milestone.cmdMilestoneComplete(cwd, args[2], { name: milestoneName, archivePhases, force }, raw);
       } else {
         error('Unknown milestone subcommand. Available: complete');
       }
@@ -1211,7 +1295,7 @@ async function main() {
           init.cmdInitPlanPhase(cwd, args[2], raw);
           break;
         case 'new-project':
-          init.cmdInitNewProject(cwd, raw);
+          init.cmdInitNewProject(cwd, args[2], raw);
           break;
         case 'new-milestone':
           init.cmdInitNewMilestone(cwd, raw);
@@ -1697,6 +1781,7 @@ async function main() {
         jobs.cmdJobsUpdateStep(cwd, args[2], args[3], args[4], { timestamp: timestampVal, error: errorVal }, raw);
       } else if (subcommand === 'move') {
         if (!args[2] || !args[3]) error('Usage: jobs move <file> <target-dir>');
+        process.stderr.write('[DGS] Deprecation: "jobs move" is deprecated. Use "jobs set-status <version> --status <status>" for state transitions.\n');
         jobs.cmdJobsMove(cwd, args[2], args[3], raw);
       } else if (subcommand === 'create-milestone') {
         const noCheckIdx = args.indexOf('--no-check');
@@ -1769,6 +1854,11 @@ async function main() {
       } else if (subcommand === 'rollback') {
         if (!args[2]) error('Usage: jobs rollback <version>');
         jobs.cmdJobsRollback(cwd, args[2], raw);
+      } else if (subcommand === 'generate-review') {
+        const review = require('./lib/review.cjs');
+        const detailed = args.includes('--detailed');
+        const versionArg = args.slice(2).filter(a => a !== '--detailed' && a !== '--raw')[0];
+        review.cmdJobsGenerateReview(cwd, versionArg, raw, detailed);
       } else if (subcommand === 'set-status') {
         const version = args[2];
         const statusIdx = args.indexOf('--status');
@@ -1785,7 +1875,7 @@ async function main() {
           error(err.message);
         }
       } else {
-        error('Unknown jobs subcommand: ' + (subcommand || '(none)') + '. Available: parse, update-step, move, find-job, update-header, insert-steps, insert-gap-fix-section, insert-phase-gap-fix, create-milestone, milestone-preview, list-jobs, cancel-job, health, dry-run, generate-summary, record-start-shas, rollback, set-status');
+        error('Unknown jobs subcommand: ' + (subcommand || '(none)') + '. Available: parse, update-step, move, find-job, update-header, insert-steps, insert-gap-fix-section, insert-phase-gap-fix, create-milestone, milestone-preview, list-jobs, cancel-job, health, dry-run, generate-summary, generate-review, record-start-shas, rollback, set-status');
       }
       break;
     }
@@ -1823,6 +1913,12 @@ async function main() {
       break;
     }
+    case 'package-scan': {
+      const packageScan = require('./lib/package-scan.cjs');
+      packageScan.cmdPackageScan(cwd, args, raw);
+      break;
+    }
     case 'phase-uat-status': {
       const autoTest = require('./lib/auto-test.cjs');
       autoTest.cmdPhaseUatStatus(cwd, args[1], raw);
@@ -1971,7 +2067,7 @@ async function main() {
     case 'complete-quick':
     case 'quick-complete': {
       const { cmdQuickComplete } = require('./lib/quick.cjs');
-      cmdQuickComplete(cwd);
+      cmdQuickComplete(cwd, args);
       break;
     }
@@ -1984,8 +2080,15 @@ async function main() {
     case 'quick': {
       const subcommand = args[1];
+      if (subcommand === 'generate-review') {
+        const review = require('./lib/review.cjs');
+        const detailed = args.includes('--detailed');
+        const slugArg = args.slice(2).filter(a => a !== '--detailed' && a !== '--raw')[0];
+        review.cmdQuickGenerateReview(cwd, slugArg, raw, detailed);
+        break;
+      }
       if (subcommand !== 'finalize') {
-        error('Usage: dgs-tools quick finalize <quick_id> [--description <desc>] --quick-dir <dir> [--state-path <path>] [--push] [--repo-cwd <path>] [--fast]');
+        error('Usage: dgs-tools quick <generate-review [slug]|finalize <quick_id> [options]>');
         return;
       }
       gateIdentity();
@@ -2033,6 +2136,18 @@ async function main() {
       break;
     }
+    case 'fast-route': {
+      // REL-05/06: fast-mode commit routing helper. Surveys planning root +
+      // registered sub-repos for dirty state, then computes a routing decision.
+      // Used by /dgs:fast workflow F0.5 (pre-edit dirt check, REL-06) and F4/F5
+      // (post-edit routing, REL-05). Exits 1 if action == 'fail'.
+      const { surveyDirty, decideRouting } = require('./lib/fast-routing.cjs');
+      const survey = surveyDirty(cwd);
+      const decision = decideRouting(survey);
+      process.stdout.write(JSON.stringify({ survey, decision }, null, 2));
+      process.exit(decision.action === 'fail' ? 1 : 0);
+    }
     default:
       error(`Unknown command: ${command}`);
   }

package/deliver-great-systems/bin/lib/audit-tolerance.cjs ADDED Viewed

@@ -0,0 +1,77 @@
+// deliver-great-systems/bin/lib/audit-tolerance.cjs
+// REL-10: cross-reference matrix for /dgs:audit-milestone status determination.
+// Extends the existing 5d matrix with soft-tolerance for empty requirements_completed
+// when VERIFICATION explicitly lists the ID and status: passed.
+//
+// Soft-warning channel: 'summary-frontmatter-empty-but-verified' — distinct from
+// real partials. Surfaces under audit JSON `soft_warnings.summary_frontmatter_empty_but_verified`,
+// NOT under `gaps.requirements`. Removal trigger: 3 consecutive milestones ship
+// with zero soft-warnings → drop the tolerance row, restore strict default.
+const SOFT_WARNING_EMPTY_BUT_VERIFIED = 'summary-frontmatter-empty-but-verified';
+function applyMatrix(input) {
+  const {
+    verificationStatus,
+    requirementsClaimed = [],
+    summaryRequirementsCompleted = [],
+    reqId,
+    strictAudit = false,
+  } = input;
+  if (!reqId) {
+    return { status: 'unsatisfied', softWarning: null };
+  }
+  // gaps_found short-circuits everything — VERIFICATION explicitly failed.
+  if (verificationStatus === 'gaps_found') {
+    return { status: 'unsatisfied', softWarning: null };
+  }
+  const summaryListsId = summaryRequirementsCompleted.includes(reqId);
+  const verificationListsId = requirementsClaimed.includes(reqId);
+  // Happy path: VERIFICATION passed AND SUMMARY explicitly populated.
+  if (verificationStatus === 'passed' && summaryListsId) {
+    return { status: 'satisfied', softWarning: null };
+  }
+  // Tolerance path: VERIFICATION passed AND lists ID, SUMMARY empty/missing, NOT strict.
+  if (
+    verificationStatus === 'passed' &&
+    !summaryListsId &&
+    verificationListsId &&
+    !strictAudit
+  ) {
+    return { status: 'satisfied', softWarning: SOFT_WARNING_EMPTY_BUT_VERIFIED };
+  }
+  // Strict path: same input as tolerance path but --strict-audit forces partial.
+  if (
+    verificationStatus === 'passed' &&
+    !summaryListsId &&
+    verificationListsId &&
+    strictAudit
+  ) {
+    return { status: 'partial', softWarning: null };
+  }
+  // VERIFICATION passed but does NOT list the ID, SUMMARY empty → real partial.
+  // (Tolerance must NOT mask this — the safety net per spec.)
+  if (verificationStatus === 'passed' && !summaryListsId && !verificationListsId) {
+    return { status: 'partial', softWarning: null };
+  }
+  // VERIFICATION missing → unsatisfied (orphan-style).
+  if (verificationStatus === 'missing') {
+    if (summaryListsId) {
+      return { status: 'partial', softWarning: null };
+    }
+    return { status: 'unsatisfied', softWarning: null };
+  }
+  // Default fallthrough.
+  return { status: 'unsatisfied', softWarning: null };
+}
+module.exports = { applyMatrix, SOFT_WARNING_EMPTY_BUT_VERIFIED };

package/deliver-great-systems/bin/lib/audit-tolerance.test.cjs ADDED Viewed

@@ -0,0 +1,101 @@
+// deliver-great-systems/bin/lib/audit-tolerance.test.cjs
+// REL-10 regression test scaffold — initially RED. Turns GREEN after plan 03
+// extends the audit cross-reference matrix with soft-tolerance + adds
+// --strict-audit flag handling.
+const test = require('node:test');
+const assert = require('node:assert');
+// REL-10 surfaces a function applyMatrix(input) -> { status, softWarning? }
+// in a new module bin/lib/audit-tolerance.cjs. Plan 03 implements it.
+// applyMatrix input shape:
+//   { verificationStatus: 'passed'|'gaps_found'|'missing',
+//     requirementsClaimed: string[],   // from VERIFICATION.md frontmatter
+//     summaryRequirementsCompleted: string[], // from SUMMARY.md frontmatter (canonical key)
+//     reqId: string,                   // requirement ID under evaluation
+//     strictAudit: boolean             // --strict-audit flag
+//   }
+// applyMatrix output:
+//   { status: 'satisfied'|'partial'|'unsatisfied',
+//     softWarning: 'summary-frontmatter-empty-but-verified' | null
+//   }
+function getApplyMatrix() {
+  try {
+    return require('./audit-tolerance.cjs').applyMatrix;
+  } catch (err) {
+    assert.fail('REL-10 audit-tolerance module not yet implemented: bin/lib/audit-tolerance.cjs (plan 03 task)');
+  }
+}
+test('REL-10: empty SUMMARY + VERIFICATION lists ID + status passed → satisfied + soft-warning', () => {
+  const applyMatrix = getApplyMatrix();
+  const result = applyMatrix({
+    verificationStatus: 'passed',
+    requirementsClaimed: ['TEST-01'],
+    summaryRequirementsCompleted: [],
+    reqId: 'TEST-01',
+    strictAudit: false,
+  });
+  assert.strictEqual(result.status, 'satisfied');
+  assert.strictEqual(result.softWarning, 'summary-frontmatter-empty-but-verified');
+});
+test('REL-10: --strict-audit preserves old strict behaviour (empty SUMMARY → partial)', () => {
+  const applyMatrix = getApplyMatrix();
+  const result = applyMatrix({
+    verificationStatus: 'passed',
+    requirementsClaimed: ['TEST-01'],
+    summaryRequirementsCompleted: [],
+    reqId: 'TEST-01',
+    strictAudit: true,
+  });
+  assert.strictEqual(result.status, 'partial');
+  // soft-warning may be null OR may still flag; spec is silent; canonical: null under strict
+  assert.strictEqual(result.softWarning || null, null);
+});
+test('REL-10: tolerance does NOT mask real partials (VERIFICATION not listing ID still partial)', () => {
+  const applyMatrix = getApplyMatrix();
+  const result = applyMatrix({
+    verificationStatus: 'passed',
+    requirementsClaimed: ['OTHER-01'], // does NOT list TEST-01
+    summaryRequirementsCompleted: [],
+    reqId: 'TEST-01',
+    strictAudit: false,
+  });
+  assert.strictEqual(result.status, 'partial');
+  assert.strictEqual(result.softWarning || null, null);
+});
+test('REL-10: gaps_found VERIFICATION → unsatisfied regardless of SUMMARY shape', () => {
+  const applyMatrix = getApplyMatrix();
+  const result = applyMatrix({
+    verificationStatus: 'gaps_found',
+    requirementsClaimed: ['TEST-01'],
+    summaryRequirementsCompleted: ['TEST-01'],
+    reqId: 'TEST-01',
+    strictAudit: false,
+  });
+  assert.strictEqual(result.status, 'unsatisfied');
+});
+test('REL-10: SUMMARY explicitly populated + VERIFICATION passed → satisfied (no soft-warning)', () => {
+  const applyMatrix = getApplyMatrix();
+  const result = applyMatrix({
+    verificationStatus: 'passed',
+    requirementsClaimed: ['TEST-01'],
+    summaryRequirementsCompleted: ['TEST-01'],
+    reqId: 'TEST-01',
+    strictAudit: false,
+  });
+  assert.strictEqual(result.status, 'satisfied');
+  assert.strictEqual(result.softWarning || null, null);
+});
+// REL-10 sentinel — flag this file as a Wave-0 RED scaffold for plan 03.