@momentiq/dark-factory-cli 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (159) hide show
  1. package/README.md +121 -40
  2. package/dist/adapters/codex-sdk.d.ts +66 -0
  3. package/dist/adapters/codex-sdk.d.ts.map +1 -1
  4. package/dist/adapters/codex-sdk.js +321 -4
  5. package/dist/adapters/codex-sdk.js.map +1 -1
  6. package/dist/adapters/critic-result-schema.d.ts +15 -10
  7. package/dist/adapters/critic-result-schema.d.ts.map +1 -1
  8. package/dist/adapters/critic-result-schema.js +10 -0
  9. package/dist/adapters/critic-result-schema.js.map +1 -1
  10. package/dist/adapters/cursor-cli.d.ts +19 -1
  11. package/dist/adapters/cursor-cli.d.ts.map +1 -1
  12. package/dist/adapters/cursor-cli.js +96 -14
  13. package/dist/adapters/cursor-cli.js.map +1 -1
  14. package/dist/adapters/index.d.ts +1 -0
  15. package/dist/adapters/index.d.ts.map +1 -1
  16. package/dist/adapters/index.js +7 -0
  17. package/dist/adapters/index.js.map +1 -1
  18. package/dist/adapters/static-schema-lint.d.ts +68 -0
  19. package/dist/adapters/static-schema-lint.d.ts.map +1 -0
  20. package/dist/adapters/static-schema-lint.js +813 -0
  21. package/dist/adapters/static-schema-lint.js.map +1 -0
  22. package/dist/branch-protection/spec-default.yaml +2 -2
  23. package/dist/cli.d.ts +17 -1
  24. package/dist/cli.d.ts.map +1 -1
  25. package/dist/cli.js +414 -113
  26. package/dist/cli.js.map +1 -1
  27. package/dist/commands/findings.d.ts +6 -0
  28. package/dist/commands/findings.d.ts.map +1 -0
  29. package/dist/commands/findings.js +196 -0
  30. package/dist/commands/findings.js.map +1 -0
  31. package/dist/commands/show.d.ts +11 -0
  32. package/dist/commands/show.d.ts.map +1 -0
  33. package/dist/commands/show.js +78 -0
  34. package/dist/commands/show.js.map +1 -0
  35. package/dist/commands/skills.d.ts +6 -0
  36. package/dist/commands/skills.d.ts.map +1 -0
  37. package/dist/commands/skills.js +248 -0
  38. package/dist/commands/skills.js.map +1 -0
  39. package/dist/commands/status.d.ts +6 -0
  40. package/dist/commands/status.d.ts.map +1 -0
  41. package/dist/commands/status.js +85 -0
  42. package/dist/commands/status.js.map +1 -0
  43. package/dist/compact/index.d.ts +2 -0
  44. package/dist/compact/index.d.ts.map +1 -0
  45. package/dist/compact/index.js +3 -0
  46. package/dist/compact/index.js.map +1 -0
  47. package/dist/compact/lockfile.d.ts +53 -0
  48. package/dist/compact/lockfile.d.ts.map +1 -0
  49. package/dist/compact/lockfile.js +626 -0
  50. package/dist/compact/lockfile.js.map +1 -0
  51. package/dist/cycle-doc-validator/validate_cycle_doc.py +39 -9
  52. package/dist/doctor.d.ts +51 -1
  53. package/dist/doctor.d.ts.map +1 -1
  54. package/dist/doctor.js +497 -1
  55. package/dist/doctor.js.map +1 -1
  56. package/dist/evidence/docker-build.d.ts +6 -0
  57. package/dist/evidence/docker-build.d.ts.map +1 -0
  58. package/dist/evidence/docker-build.js +199 -0
  59. package/dist/evidence/docker-build.js.map +1 -0
  60. package/dist/evidence/index.d.ts +1 -0
  61. package/dist/evidence/index.d.ts.map +1 -1
  62. package/dist/evidence/index.js +6 -0
  63. package/dist/evidence/index.js.map +1 -1
  64. package/dist/handoff/handoff-verb.d.ts.map +1 -1
  65. package/dist/handoff/handoff-verb.js +6 -3
  66. package/dist/handoff/handoff-verb.js.map +1 -1
  67. package/dist/handoff/ports.d.ts +8 -0
  68. package/dist/handoff/ports.d.ts.map +1 -1
  69. package/dist/handoff/real-clients.js +1 -1
  70. package/dist/handoff/real-clients.js.map +1 -1
  71. package/dist/index.d.ts +2 -0
  72. package/dist/index.d.ts.map +1 -1
  73. package/dist/index.js +8 -0
  74. package/dist/index.js.map +1 -1
  75. package/dist/lib/show-status-core.d.ts +63 -0
  76. package/dist/lib/show-status-core.d.ts.map +1 -0
  77. package/dist/lib/show-status-core.js +156 -0
  78. package/dist/lib/show-status-core.js.map +1 -0
  79. package/dist/mcp/prompts.d.ts.map +1 -1
  80. package/dist/mcp/prompts.js +113 -78
  81. package/dist/mcp/prompts.js.map +1 -1
  82. package/dist/mcp/resources.js +1 -1
  83. package/dist/mcp/resources.js.map +1 -1
  84. package/dist/mcp/server.d.ts.map +1 -1
  85. package/dist/mcp/server.js +2 -0
  86. package/dist/mcp/server.js.map +1 -1
  87. package/dist/mcp/tools/doctor.d.ts.map +1 -1
  88. package/dist/mcp/tools/doctor.js +5 -0
  89. package/dist/mcp/tools/doctor.js.map +1 -1
  90. package/dist/mcp/tools/findings.d.ts +0 -22
  91. package/dist/mcp/tools/findings.d.ts.map +1 -1
  92. package/dist/mcp/tools/findings.js +5 -73
  93. package/dist/mcp/tools/findings.js.map +1 -1
  94. package/dist/mcp/tools/handoff.d.ts.map +1 -1
  95. package/dist/mcp/tools/handoff.js +10 -17
  96. package/dist/mcp/tools/handoff.js.map +1 -1
  97. package/dist/mcp/tools/review-bypass.d.ts.map +1 -1
  98. package/dist/mcp/tools/review-bypass.js +22 -1
  99. package/dist/mcp/tools/review-bypass.js.map +1 -1
  100. package/dist/mcp/tools/skills-install.d.ts +6 -0
  101. package/dist/mcp/tools/skills-install.d.ts.map +1 -0
  102. package/dist/mcp/tools/skills-install.js +260 -0
  103. package/dist/mcp/tools/skills-install.js.map +1 -0
  104. package/dist/mcp/tools/stats-gate.d.ts.map +1 -1
  105. package/dist/mcp/tools/stats-gate.js +63 -15
  106. package/dist/mcp/tools/stats-gate.js.map +1 -1
  107. package/dist/policy/baseline.d.ts.map +1 -1
  108. package/dist/policy/baseline.js +11 -3
  109. package/dist/policy/baseline.js.map +1 -1
  110. package/dist/policy/gate.d.ts +1 -1
  111. package/dist/policy/gate.d.ts.map +1 -1
  112. package/dist/policy/gate.js +96 -12
  113. package/dist/policy/gate.js.map +1 -1
  114. package/dist/prompt.d.ts +1 -0
  115. package/dist/prompt.d.ts.map +1 -1
  116. package/dist/prompt.js +123 -4
  117. package/dist/prompt.js.map +1 -1
  118. package/dist/report.d.ts +130 -3
  119. package/dist/report.d.ts.map +1 -1
  120. package/dist/report.js +367 -10
  121. package/dist/report.js.map +1 -1
  122. package/dist/runner.d.ts +6 -0
  123. package/dist/runner.d.ts.map +1 -1
  124. package/dist/runner.js +213 -4
  125. package/dist/runner.js.map +1 -1
  126. package/dist/self-consistency.d.ts +144 -0
  127. package/dist/self-consistency.d.ts.map +1 -0
  128. package/dist/self-consistency.js +368 -0
  129. package/dist/self-consistency.js.map +1 -0
  130. package/dist/skills/config.d.ts +176 -0
  131. package/dist/skills/config.d.ts.map +1 -0
  132. package/dist/skills/config.js +251 -0
  133. package/dist/skills/config.js.map +1 -0
  134. package/dist/skills/index.d.ts +4 -0
  135. package/dist/skills/index.d.ts.map +1 -0
  136. package/dist/skills/index.js +8 -0
  137. package/dist/skills/index.js.map +1 -0
  138. package/dist/skills/install.d.ts +62 -0
  139. package/dist/skills/install.d.ts.map +1 -0
  140. package/dist/skills/install.js +315 -0
  141. package/dist/skills/install.js.map +1 -0
  142. package/dist/skills/template.d.ts +42 -0
  143. package/dist/skills/template.d.ts.map +1 -0
  144. package/dist/skills/template.js +95 -0
  145. package/dist/skills/template.js.map +1 -0
  146. package/dist/trusted-surface/rebind.d.ts.map +1 -1
  147. package/dist/trusted-surface/rebind.js +199 -2
  148. package/dist/trusted-surface/rebind.js.map +1 -1
  149. package/package.json +36 -2
  150. package/skills/README.md +89 -0
  151. package/skills/chief-engineer-blitz/SKILL.md.tmpl +443 -0
  152. package/skills/chief-engineer-blitz/skill.json +53 -0
  153. package/skills/chief-engineer-review/SKILL.md.tmpl +184 -0
  154. package/skills/chief-engineer-review/references/review-examples.md.tmpl +130 -0
  155. package/skills/chief-engineer-review/skill.json +67 -0
  156. package/skills/chief-engineer-review/templates/code-review-prompt.md.tmpl +111 -0
  157. package/skills/chief-engineer-review/templates/escalation-prompt.md.tmpl +56 -0
  158. package/skills/chief-engineer-review/templates/plan-review-prompt.md.tmpl +74 -0
  159. package/skills/skill-schema.json +73 -0
@@ -0,0 +1,443 @@
1
+ ---
2
+ name: chief-engineer-blitz
3
+ description: Use when the human asks to "ship X autonomously", "burn down the backlog", "blitz", "resolve all of these", or sets a big delivery objective decomposable into many small high-confidence chunks. Orchestrates a high-volume parallel subagent fleet against the objective, with up-front planning, two-phase (spec → implement) or one-phase (specs exist → implement) execution, critic-finding triage discipline, and end-of-blitz validation against real exit criteria (not green-check theatre).
4
+ ---
5
+
6
+ # Chief Engineer Blitz
7
+
8
+ A blitz is a planned, time-bounded burst of orchestrated subagent work against a
9
+ clear objective. Like a blitz in football or a blitzkrieg in war, it concentrates
10
+ parallelizable effort against the objective to compress wall-clock time, but
11
+ that compression only works **if the plan is good and the quality controls are
12
+ real.** Without them, a blitz is a fast way to ship a pile of broken PRs.
13
+
14
+ This skill encodes the doctrine — what to plan, how to decompose, how to fan
15
+ out, how to triage critic findings, how to validate completion *for real* —
16
+ distilled from running this exact pattern against real product backlogs.
17
+
18
+ **It is not** a generic "spawn lots of agents" pattern. It is a discipline:
19
+ plan first, decompose for high-confidence delivery, triage findings instead
20
+ of iterating blindly, validate at the end against the *actual exit criteria*.
21
+
22
+ ## When to invoke
23
+
24
+ Trigger phrases (the human says any of these, or close paraphrase):
25
+
26
+ - "ship X autonomously via subagents"
27
+ - "burn down the bug backlog"
28
+ - "resolve all of these"
29
+ - "blitz [the cycle / the issues / the PRs]"
30
+ - "you have admin permissions, execute everything as subagents"
31
+ - "let's get this fully resolved, no stopping"
32
+ - "ship a cycle with subcycles"
33
+
34
+ Also implicit triggers:
35
+
36
+ - A big delivery objective is set + the work decomposes into ≥5 small chunks
37
+ - The chunks can land in parallel (no sequential dependencies between most)
38
+ - The human has explicitly opted into autonomous execution
39
+
40
+ Do NOT invoke for:
41
+
42
+ - Single-PR work (just use the Agent tool directly)
43
+ - Work where the chunks have hard sequential dependencies (a blitz is parallel)
44
+ - Exploratory / design-mode work where decomposition isn't possible yet
45
+ (do brainstorming + cycle-doc-writing first; blitz the *implementation* once
46
+ specs exist)
47
+
48
+ ## The doctrine — six phases
49
+
50
+ A blitz always has six phases in order. Skipping any phase is a red flag.
51
+
52
+ 1. **Plan** — read everything, classify, identify dependencies + collisions, decide phases
53
+ 2. **Spec** (only if specs missing) — fan out spec-writing subagents; review + merge
54
+ 3. **Implement** — fan out implementation subagents in parallel worktrees
55
+ 4. **Triage** — for each PR's critic findings: FIX / OVERRIDE / ESCALATE
56
+ 5. **Validate** — confirm exit criteria are *actually met* against real state
57
+ 6. **Closure** — close issues with evidence; file follow-ups for un-shipped scope
58
+
59
+ The phases are deliberately distinct. Don't conflate "spawn implementation
60
+ agents" with "planning" (skipping plan loses up-front decomposition); don't
61
+ conflate "critic passed" with "validated" (passing critic ≠ meeting exit
62
+ criteria).
63
+
64
+ ## Phase 1 — Plan
65
+
66
+ The most-skipped phase, and the one that compounds the most when skipped.
67
+
68
+ **Read everything before doing anything.** For every issue/PR in scope:
69
+
70
+ - Pull the body, the labels, the linked PRs/cycles, and the **most recent comments**
71
+ (stale issues often have a "this was already fixed in PR #N" hint buried in the
72
+ last comment)
73
+ - Classify by **readiness**:
74
+ - **Ready** — clear scope, identified files, ready to implement
75
+ - **Mostly ready** — clear scope, one or two open contract questions
76
+ - **Needs scoping** — real problem, unclear approach, design decision required
77
+ - **Strategic / multi-week** — cycle-doc-level work, multiple phases
78
+ - **Stale / superseded** — already shipped or no longer relevant
79
+ - Classify by **dependency**:
80
+ - **Independent** — no other issue in the batch needs to land first
81
+ - **Depends on N** — a specific issue must land first
82
+ - **Collides with N** — same files / same numbering / same surface
83
+ - Classify by **repo**:
84
+ - **Local** — {{REPO_NAME}}
85
+ - **Cross-repo** — upstream `momentiq-ai/dark-factory`, sibling repos, etc.
86
+
87
+ The output of Plan is a **disposition table**: per-issue row with classification
88
+ + proposed action (ship / spec-then-ship / cycle-doc-only / close-stale / defer).
89
+ Show it to the human if the slate is large enough that they might want to
90
+ re-scope; otherwise commit and execute.
91
+
92
+ **Detect "already shipped" before spawning implementation work.** State-verify by
93
+ running `git log --oneline -- <files> | grep -i "fix #N"` or a quick query against
94
+ prod state. Many "open" issues have already been shipped and just left open by
95
+ keyword-tracking oversight. Always state-verify before launching implementation.
96
+
97
+ **Pick cycle numbers up front** if multiple cycle docs ship in the same blitz.
98
+ Multiple cycle-doc subagents in parallel **will** all pick the same next-number
99
+ ("highest + 1"); assign numbers explicitly in the Plan output. The cost of
100
+ renumber follow-up is small but real; avoid it by being explicit.
101
+
102
+ **For collisions:** decide *now* whether to serialize, segment by file, or
103
+ accept conflicts + resolve at merge. For multiple PRs touching the same file,
104
+ serialize them through the same worktree; for truly independent areas in the
105
+ same service, parallel worktrees are fine and rebases handle the small overlap.
106
+
107
+ ## Phase 2 — Spec (only when needed)
108
+
109
+ Skip this phase entirely if specs already exist (one-phase blitz).
110
+
111
+ If specs don't exist, fan out spec-writing subagents in parallel. Each agent's
112
+ deliverable is **one of**:
113
+
114
+ - **A cycle doc** — for strategic / multi-week work. New file in
115
+ `{{CYCLE_DOCS_DIR}}/cycleN-slug.md`. Land as a PR.
116
+ - **An issue-body spec section** — for ~1-2-PR work that doesn't warrant a cycle
117
+ doc. Appended via `gh issue edit` to the existing body. No PR.
118
+
119
+ Each spec-writing prompt must include:
120
+
121
+ - The decision authority. ("You have autonomous approval — make the calls. Flag
122
+ load-bearing decisions as 'Recommended, open for one round of review.'")
123
+ - The cycle-number assignment (if applicable) — explicit, not "next available"
124
+ - The depth bar ("ready-to-implement; the next session should not need to redo
125
+ design")
126
+ - The frontmatter / template per `CLAUDE.md` § "Cycle doc workflow"
127
+ - The deliverable's link target (PR for cycle docs; updated issue body for
128
+ inline specs)
129
+
130
+ After spec subagents return: review each, merge clean ones, iterate on any with
131
+ gaps. The spec-merge gate is the spec-merge gate; don't blur it with the
132
+ implementation gate.
133
+
134
+ ## Phase 3 — Implement
135
+
136
+ The biggest phase. Maximum parallelism.
137
+
138
+ **One subagent per PR.** Not one agent for multiple issues. Not one agent for
139
+ multiple phases of a cycle. Each agent ships exactly one PR.
140
+
141
+ **Pre-create the worktrees** before spawning agents. Pattern:
142
+
143
+ ```bash
144
+ for slug in fix-N1 fix-N2 fix-N3 ...; do
145
+ git worktree add "{{WORKTREE_ROOT}}/df+$slug" -b "df/$slug-auto" origin/main
146
+ done
147
+ ```
148
+
149
+ Don't make agents create their own worktrees — they'll race on the git common
150
+ dir.
151
+
152
+ **Each implementation prompt must include:**
153
+
154
+ - The issue number(s) the PR closes
155
+ - The exact worktree path + branch name
156
+ - Required reads: `CLAUDE.md`, the issue body, any referenced cycle docs
157
+ - The deliverable: a PR with "Closes #N" in the body, do-not-merge instruction
158
+ - The commit-identity convention (per consumer's CLAUDE.md — typically a
159
+ `claude-code+<handle>@{{AGENT_COMMITTER_ORG}}.ai` committer email + Co-Authored-By trailer)
160
+ - The push posture: if local gate fails for env reasons (sandbox can't OAuth
161
+ subscription critics), use the documented cloud-env bypass; NEVER bypass for
162
+ real findings
163
+ - The final-report format: under 300-400 words; PR URL, design choices, test
164
+ results, blockers
165
+
166
+ **For cross-repo work** (upstream issue belongs in `momentiq-ai/dark-factory`,
167
+ sibling repos, etc.):
168
+
169
+ - Have the agent `gh repo clone <owner>/<repo> /tmp/<repo>-agent-N/` and work
170
+ there
171
+ - After the upstream PR opens: post a comment on the consumer-side issue with
172
+ the upstream PR link, then **close the consumer-side issue as
173
+ "upstream-tracked"** (it stays closed until you bump the pin in a follow-up,
174
+ but the issue tracker reflects the correct disposition)
175
+ - Flag access failures clearly — if `gh repo view <owner>/<repo>` returns 404,
176
+ STOP and surface; don't fake the work
177
+
178
+ **For agents working in a fresh worktree:** the `npm ci --include=dev` step is
179
+ mandatory before the pre-push gate works. Skip it and the push will block with
180
+ "CLI not installed". Build this into the prompt explicitly.
181
+
182
+ ## Phase 4 — Triage critic findings
183
+
184
+ This is the phase that separates a real blitz from a PR-spam blitz.
185
+
186
+ Every PR's `dark-factory/critic` check completes with a verdict. For each PR
187
+ that's `action_required`:
188
+
189
+ **Pull the actual findings, not just the verdict count:**
190
+
191
+ ```bash
192
+ sha=$(gh pr view <N> --repo {{OWNER_REPO}} --json headRefOid --jq .headRefOid)
193
+ check_id=$(gh api "repos/{{OWNER_REPO}}/commits/$sha/check-runs" \
194
+ --jq '.check_runs[] | select(.name=="dark-factory/critic") | .id')
195
+ gh api "repos/{{OWNER_REPO}}/check-runs/$check_id/annotations" \
196
+ --jq '.[] | "[\(.annotation_level)] \(.path):\(.start_line) — \(.title)\n \(.message[:300])\n"'
197
+ ```
198
+
199
+ **Classify each finding.** The bypass posture must match CLAUDE.md exactly —
200
+ do NOT widen it. CLAUDE.md scopes `AGENT_REVIEW_BYPASS` / admin-merge to a
201
+ **closed list of cases**: PJ-approved emergency, pre-existing-main-branch
202
+ protocol, cloud-env exception, critic-unverifiable-check exception. Anything
203
+ outside that list is FIX (or ESCALATE for genuine design calls).
204
+
205
+ | Classification | Signal | Action |
206
+ |---|---|---|
207
+ | **Actionable** | Any vendor flagged `[high]` / `[blocker]`, OR ≥2 critics agree at any severity, OR production-impact language ("will throw", "breaks the build", "security regression"), specific file:line + concrete fix | FIX — spawn an iteration subagent (one new commit; never amend) |
208
+ | **Single-vendor nit** | One critic only, `[medium]` or `[note]`, style preference ("could be improved", "should consider"), doc-only contradiction | FIX (cheap small commit) — or, if genuinely no-fix-needed, leave a PR comment explaining + file a follow-up issue if pattern repeats. **Do NOT admin-merge silently** — that erodes the critic's signal-to-noise over time. |
209
+ | **Critic-infra failure** | Critic itself failed to run — sandbox-bwrap permission denied, EPIPE on background pipe close, 500 / timeout. Content not actually reviewed. | OVERRIDE — admin-merge with structured bypass citing the upstream infra issue. Per CLAUDE.md "Critic-unverifiable-check exception," only when there's deterministic out-of-band evidence the gate would have approved (tests pass, type-check pass, etc.). Reason string cites: (1) the infra failure verbatim, (2) the out-of-band evidence, (3) the upstream tracker issue. |
210
+ | **Recursion case** | The PR fixes the bug that's blocking its own critic from posting a verdict | OVERRIDE — admin-merge per CLAUDE.md "Recursion case (W3 worker break-glass)". Reason string: "W3 worker broken by the bug this PR fixes — see #<this PR's closes-issue>." |
211
+ | **`requiresHumanJudgment: true`** | Critic itself flagged the finding as subjective | **ESCALATE** — per CLAUDE.md "Thrash signals," this is a "do NOT iterate; bail to issue-and-bypass" signal. File a follow-up issue capturing the finding; if the underlying check can be satisfied by deterministic out-of-band evidence (per CLAUDE.md "Critic-unverifiable-check exception"), structured bypass with the three required citations. Otherwise pull the human in. **Not an automatic admin-merge.** |
212
+ | **Hallucination** | Finding contradicts measurable empirical reality (cited line doesn't exist; semantics demonstrably wrong against an empirical probe) | FIX the doc / comment / surface that confused the critic if there's a fix that disambiguates. If genuinely a vendor-quality issue with nothing to fix on our side, OVERRIDE with diagnostic comment + file at the critic-quality tracker. |
213
+ | **Genuine design call** | The finding is right but the fix is a real architectural decision the human should make | ESCALATE — pull the human in |
214
+
215
+ **Per-PR disposition table** — for every iteration round, classify the whole
216
+ PR's finding set into one of: FIX / OVERRIDE / ESCALATE. Default to FIX. Be
217
+ strict on production-code PRs; even on docs-only PRs prefer a small fix-commit
218
+ over an admin-merge through the noise. The bypass audit-trail
219
+ (`.git/agent-reviews/_runs.ndjson` + `make df-stats`) is read by humans —
220
+ flooding it with "single-vendor nit" entries erodes its signal.
221
+
222
+ **FIX iteration:** spawn a focused subagent for each PR-needing-fix. The agent's
223
+ deliverable is **one new commit on the existing branch** (never amend — the
224
+ critic artifact is bound to the original SHA, and amending desyncs the audit
225
+ trail). The agent re-pushes; the critic re-runs; the next-round verdict is
226
+ either GREEN (merge) or another iteration.
227
+
228
+ **Iteration budget:** cap at **3 rounds** per PR. After round 3, if findings
229
+ persist, escalate. Three rounds is enough for real bugs; persistent findings
230
+ past three rounds usually indicate either a genuine design call or a
231
+ critic-quality problem (open a tracker, override).
232
+
233
+ ## Phase 5 — Validate
234
+
235
+ **This is the phase that separates real delivery from theatre.**
236
+
237
+ Green checks ≠ delivery. Tests passing ≠ delivery. The validation gate is the
238
+ **actual exit criteria** of the work:
239
+
240
+ - For a **bug fix**: the production symptom is gone. Query the prod surface.
241
+ Examples — "14 stuck rows reclaimed in one atomic sweep at 04:17 UTC" is a SQL
242
+ query against prod, not "tests pass". "SIGTERM readiness" is a live
243
+ kubectl delete-pod + watch /ready transitions.
244
+ - For a **feature**: the feature actually works against real data. Spin up
245
+ the consumer surface (dashboard, CLI, API) and exercise the path end-to-end.
246
+ - For a **cycle doc / spec**: the doc is at the depth the implementer needs.
247
+ Sample the doc by simulating "next session reads this and starts coding —
248
+ do they need to redo design?"
249
+ - For **infra / IaC**: deploy-validate, then live-state-validate. `terraform
250
+ plan` clean is not the same as `terraform apply` clean is not the same as
251
+ "the live resources exist and are configured right".
252
+
253
+ **Build the prod-query into the blitz from the start.** Take a "before" snapshot
254
+ during Phase 1 (the symptom count, the broken state). After deploy, run the
255
+ "after" snapshot. Diff them — that's the evidence.
256
+
257
+ **For deployed Kubernetes services**, confirm the merge commit's image is
258
+ actually rolling before declaring "deployed". Pattern:
259
+
260
+ ```bash
261
+ kubectl get deployment <svc> -n <namespace> -o \
262
+ jsonpath='{.spec.template.spec.containers[0].image}'
263
+ ```
264
+
265
+ Image-updater can lag; ArgoCD can stall. The live `kubectl get` is the gate.
266
+
267
+ **Anti-patterns in validation:**
268
+
269
+ - **"All checks green"** — checks are inputs to validation, not validation
270
+ - **"Critic approved"** — critic is one signal; the actual exit criteria are
271
+ often broader (e.g. "users can see the new field on the dashboard")
272
+ - **"Tests pass"** — tests are unit-level; prod-level validation is the gate
273
+ - **"I declared success"** — success theatre. The user can read the diff;
274
+ they can also see the failed prod state if you faked it.
275
+
276
+ ## Phase 6 — Closure
277
+
278
+ For each issue in the blitz, the closure gate is **issue closed + evidence
279
+ attached**:
280
+
281
+ - For a code fix: close the issue with a comment containing the prod evidence
282
+ (the SQL output, the kubectl output, the dashboard screenshot — whatever
283
+ proves the symptom cleared).
284
+ - For a spec: close with a pointer to the cycle doc PR.
285
+ - For a cross-repo: close as "upstream-tracked" with the upstream PR/issue
286
+ link.
287
+ - For "already shipped": close with a context comment naming the PR that
288
+ shipped it, the commit SHA, and the verification.
289
+
290
+ **File follow-ups for un-shipped scope.** A blitz almost always surfaces work
291
+ that's worth doing but out-of-scope for the current blitz. File those as new
292
+ issues immediately, before the context evaporates.
293
+
294
+ **Cleanup the worktrees.** `git worktree remove {{WORKTREE_ROOT}}/<n> --force`
295
+ + `git branch -D <branch>` for each finished agent. Leave the repo state
296
+ clean.
297
+
298
+ ## Quality controls (the non-negotiables)
299
+
300
+ These are the doctrine commitments. Violating any is a sign the blitz has lost
301
+ discipline.
302
+
303
+ 1. **One PR per subagent, always.** Never one agent for multiple PRs;
304
+ audit trails get muddled, retries get hard, critic findings get
305
+ cross-confused.
306
+ 2. **Worktree isolation, always.** Each agent in its own worktree off `main`.
307
+ Race conditions on the git common dir are real.
308
+ 3. **CLAUDE.md commit identity, always.** The committer email convention
309
+ (`claude-code+<handle>@{{AGENT_COMMITTER_ORG}}.ai`) is the agentic-marker;
310
+ preserve author identity per-dev, mark committer per-policy.
311
+ 4. **Validation against real exit criteria, always.** Never declare done on
312
+ "checks green" alone. Query the prod surface.
313
+ 5. **Triage critic findings, never blind-iterate.** Decide per-finding using
314
+ the Phase 4 table. Default to FIX (even single-vendor nits — a small commit
315
+ is cheaper than diluting the bypass audit trail). Reserve `admin-merge` for
316
+ the closed list of cases CLAUDE.md sanctions (critic-infra failure,
317
+ recursion case, critic-unverifiable-check exception with deterministic
318
+ out-of-band evidence). `requiresHumanJudgment: true` is a thrash signal —
319
+ ESCALATE, don't auto-merge.
320
+ 6. **State-verify before implementing.** Many issues are already-shipped;
321
+ close with evidence instead of duplicating work.
322
+ 7. **Close issues with evidence.** A green PR + closed issue without a
323
+ verification comment is theatre. Attach the kubectl output, the SQL
324
+ output, the screenshot.
325
+ 8. **File follow-ups for un-shipped scope.** Don't lose surfaced work to
326
+ context evaporation.
327
+
328
+ ## Decision tree — when the rate-limit / context-budget bites
329
+
330
+ A long blitz consumes context. The orchestrator (you) is the bottleneck, not
331
+ the subagents. Two scenarios:
332
+
333
+ **Scenario A: rate-limit hit mid-blitz.** Subagent spawns fail with "session
334
+ limit reached." Wait for reset; pick up where you left off. The state on
335
+ disk (worktrees, branches, open PRs) is the canonical truth — re-launch
336
+ agents that didn't complete. Don't try to "remember" what was in flight; query
337
+ `gh pr list --state open` + `git worktree list`.
338
+
339
+ **Scenario B: context-budget exhaustion.** You feel the auto-compaction
340
+ kicking in. Two options:
341
+
342
+ 1. **Continue** — the auto-compaction summarizes prior turns; you can keep
343
+ going. Fine for routine work.
344
+ 2. **Hand off** — use the `handoff` skill to leave a comprehensive note for
345
+ a fresh session. Particularly right when the remaining work is a NEW
346
+ phase (e.g. you're done with implementations, need to start the cross-repo
347
+ PRs).
348
+
349
+ **Don't bail just because the blitz is long.** Bail if context is genuinely
350
+ gone or if the remaining work needs a fresh planning pass. Otherwise: push
351
+ through.
352
+
353
+ ## Common pitfalls
354
+
355
+ Catalogued from real misfires.
356
+
357
+ **1. Cycle-number collision.** Multiple subagents in parallel each pick "next
358
+ available cycle number" → they all pick the same number. Assign numbers up
359
+ front in the Plan output, or expect a renumber follow-up.
360
+
361
+ **2. Same-file merge conflicts.** Multiple PRs all touching the same source
362
+ file will conflict at merge. Either serialize them or accept the rebase
363
+ overhead.
364
+
365
+ **3. "Tests pass" → "ship it" trap.** Tests are unit-level. Prod validation
366
+ is the gate. Always do the post-deploy query.
367
+
368
+ **4. Recursion case (the PR fixes the bug blocking its own merge).** Most
369
+ common with critic-infrastructure issues. Recognize it; admin-merge with a
370
+ structured bypass; document the recursion in the merge commit body.
371
+
372
+ **5. Stale issue body.** The issue says "implement X" but X was already
373
+ shipped. Always state-verify before implementing. Check `git log --oneline
374
+ -- <files> | grep "#N"` and the most recent merged PRs.
375
+
376
+ **6. Agent stops mid-flight without pushing.** The agent's local commit
377
+ exists in the worktree but never made it to origin. Check `git log
378
+ <branch>..` and finish the push yourself if the work is sound — don't
379
+ re-spawn the whole agent.
380
+
381
+ **7. Critic finding asks for an over-defensive fix.** Default response: leave
382
+ a PR comment explaining the trade-off + file the pattern on the
383
+ critic-quality tracker. If the PR keeps getting CHANGES_REQUESTED on the same
384
+ paranoia-tier finding past iteration round 2, escalate — don't admin-merge
385
+ silently.
386
+
387
+ **8. Cross-repo agent can't access the repo.** Surface immediately; don't
388
+ fake the work. File the access-block on the consumer-side issue, escalate
389
+ to the human.
390
+
391
+ **9. Spec phase agents return "already covered by existing cycle doc N".**
392
+ This is GOOD — they correctly refused to duplicate work. Close the spec'd
393
+ issue as superseded with a context comment, don't force a duplicate doc.
394
+
395
+ **10. Cleanup-after-yourself.** Leave the repo state clean: remove worktrees,
396
+ delete merged branches, prune the local refs. Future you (or the next
397
+ session) will thank you.
398
+
399
+ ## Anti-patterns
400
+
401
+ - **Spawning a "review everything" mega-agent** — context bloat; better to
402
+ spawn many small focused agents.
403
+ - **Spawning agents without clear scope** ("just fix the bug") — they thrash.
404
+ Always include: files-to-touch, exit criteria, test plan, do-not-merge.
405
+ - **Skipping the Plan phase to "move fast"** — you'll pay double in
406
+ triage + collisions.
407
+ - **Iterating on critic findings without triage** — decide FIX / OVERRIDE /
408
+ ESCALATE per the Phase 4 table; blind iteration loses focus.
409
+ - **OVERRIDE-by-default on single-vendor nits** — dilutes the bypass audit
410
+ trail. Default to FIX (small commit) or PR-comment-and-defer; reserve
411
+ bypass for CLAUDE.md's sanctioned cases.
412
+ - **Declaring success on "all green" without prod validation** — theatre.
413
+ - **Forgetting to close the consumer-side issue when the upstream PR opens**
414
+ — the issue tracker drifts.
415
+ - **Spawning subagents from a worktree that's outside the worktree-first
416
+ policy** — fight the policy and it fights back.
417
+
418
+ ## Composition with other skills
419
+
420
+ - **`brainstorming`** — use this for the design phase BEFORE the blitz, when
421
+ scope isn't decomposable yet. A blitz against a not-yet-decomposed objective
422
+ is a blitz against vapor.
423
+ - **`handoff`** — use this if context-budget runs out mid-blitz, to leave a
424
+ comprehensive note for the next session.
425
+ - **`writing-plans`** — the Plan phase output is a plan; use this skill's
426
+ template if a structured plan format helps.
427
+ - **`subagent-driven-development`** — overlaps significantly; that skill is
428
+ about *single-cycle* multi-task implementation; this one is about *blitz-
429
+ scale* delivery. Both teach the "one agent per task" discipline.
430
+ - **`verification-before-completion`** — Phase 5 (Validate) embodies that
431
+ skill's discipline; defer to it for the validation checklist when
432
+ ambiguous.
433
+
434
+ ## Quality-gate commands (consumer-specific)
435
+
436
+ The validation pipeline for {{REPO_NAME}}:
437
+
438
+ ```bash
439
+ {{QUALITY_GATE_TARGETS}}
440
+ ```
441
+
442
+ These are the canonical Make-targets the blitz expects to be runnable in any
443
+ fresh worktree.
@@ -0,0 +1,53 @@
1
+ {
2
+ "$schema": "../skill-schema.json",
3
+ "name": "chief-engineer-blitz",
4
+ "version": "1.0.0",
5
+ "summary": "Doctrine for orchestrated multi-PR blitz delivery against a decomposable objective — six phases (Plan / Spec / Implement / Triage / Validate / Closure), strict critic-finding triage, real exit-criteria validation.",
6
+ "originatingRepo": "momentiq-ai/dark-factory-platform",
7
+ "files": [
8
+ { "template": "SKILL.md.tmpl", "target": "SKILL.md" }
9
+ ],
10
+ "variables": {
11
+ "REPO_NAME": {
12
+ "description": "Display name of the consumer repo (e.g. 'Dark Factory Platform').",
13
+ "source": "darkfactory.yaml: repo.displayName",
14
+ "default": "this repo"
15
+ },
16
+ "REPO_SLUG": {
17
+ "description": "Slug of the consumer repo.",
18
+ "source": "darkfactory.yaml: repo.slug, or git remote inference",
19
+ "default": ""
20
+ },
21
+ "OWNER_REPO": {
22
+ "description": "GitHub `<owner>/<repo>` reference for the consumer (used in gh commands).",
23
+ "source": "git remote get-url origin (inferred), or darkfactory.yaml: repo.ownerRepo",
24
+ "default": ""
25
+ },
26
+ "CYCLE_DOCS_DIR": {
27
+ "description": "Repo-relative path to the cycle-docs directory.",
28
+ "source": "darkfactory.yaml: docs.cycleDocsDir",
29
+ "default": "docs/roadmap/cycles"
30
+ },
31
+ "ADR_DIR": {
32
+ "description": "Repo-relative path to the ADR directory.",
33
+ "source": "darkfactory.yaml: docs.adrDir",
34
+ "default": "docs/ADR"
35
+ },
36
+ "WORKTREE_ROOT": {
37
+ "description": "Repo-relative path where parallel agent worktrees are created.",
38
+ "source": "darkfactory.yaml: worktreeRoot",
39
+ "default": ".claude/worktrees"
40
+ },
41
+ "QUALITY_GATE_TARGETS": {
42
+ "description": "Newline-separated Make-target commands for the consumer's quality gate (used in spec for implementation prompts).",
43
+ "source": "darkfactory.yaml: qualityGates (array)",
44
+ "default": "make quality-gates",
45
+ "kind": "list"
46
+ },
47
+ "AGENT_COMMITTER_ORG": {
48
+ "description": "Org used in the agentic-committer email convention (claude-code+<handle>@<org>.ai).",
49
+ "source": "darkfactory.yaml: agentCommitterOrg",
50
+ "default": "momentiq"
51
+ }
52
+ }
53
+ }
@@ -0,0 +1,184 @@
1
+ ---
2
+ name: chief-engineer-review
3
+ description: Use when reviewing PRs (plan or code), evaluating architectural alignment, or when a human Chief Engineer needs an AI second brain for review discussion — covers plan PRs, code PRs, cycle docs, RFCs, PRDs, and cross-squad escalation
4
+ ---
5
+
6
+ # Chief Engineer Review
7
+
8
+ AI-native architectural review system for {{REPO_NAME}}. Operates in two modes:
9
+ - **Autonomous**: Given a PR number, runs a four-pass review and posts structured findings.
10
+ - **Conversational**: Loads the CE judgment framework into the session for collaborative review with a human CE.
11
+
12
+ ## Mode Detection
13
+
14
+ Parse the skill invocation arguments:
15
+
16
+ 1. Extract PR number (digits, `#N`, or GitHub PR URL)
17
+ 2. Extract flags: `--discuss`, `--pod`
18
+ 3. Everything remaining after stripping the above is **additional directives** — freeform review emphasis passed to the CE agent
19
+
20
+ | Input | Mode | Example |
21
+ |-------|------|---------|
22
+ | PR number or URL | Autonomous → posts to PR | `#281`, `281`, GitHub PR URL |
23
+ | PR + `--discuss` | Conversational → discuss, post only if asked | `#281 --discuss` |
24
+ | No arguments | Conversational (open-ended) | (no args) |
25
+ | `--pod` flag | Pod-level review (either mode) | `#281 --pod` |
26
+ | Freeform text | Additional directives (either mode) | `#281 enforce DDD and TDD` |
27
+
28
+ Default review level is **squad**. Add `--pod` for pod-level cross-squad coherence review.
29
+
30
+ ## Autonomous Mode
31
+
32
+ When a PR number is provided without `--discuss`:
33
+
34
+ ### Step 1: Gather Context
35
+
36
+ ```
37
+ 1. Get PR metadata:
38
+ gh pr view <number> --json title,body,baseRefName,headRefName,files,labels,url
39
+
40
+ 2. Classify the PR:
41
+ - If changed files are ONLY in docs/ → Plan PR
42
+ - If changed files include code (backend/, web/, etc.) → Code PR
43
+ - If mixed → Code PR (but note the plan component)
44
+
45
+ 3. Get the diff:
46
+ gh pr diff <number>
47
+
48
+ 4. Identify linked artifacts:
49
+ - Search PR body for cycle doc references ({{CYCLE_DOCS_DIR}}/)
50
+ - Search PR body for RFC/PRD references ({{RFC_DIR}}/, {{PRD_DIR}}/)
51
+ - Search PR body for issue references (#N, Closes #N)
52
+ ```
53
+
54
+ ### Step 2: Create Review Worktree (Code PRs)
55
+
56
+ For code PRs, create an isolated worktree to build and test:
57
+
58
+ ```
59
+ 1. Get the PR branch name from step 1
60
+ 2. Create worktree: use EnterWorktree tool with the PR branch
61
+ 3. In the worktree, read:
62
+ - All changed files in full (not just diffs)
63
+ - The linked plan/cycle doc
64
+ - {{MANIFESTO_PATH}} (always)
65
+ - Relevant ADRs in {{ADR_DIR}}/
66
+ - Domain state (schemas, tools, workflows in the affected area)
67
+ ```
68
+
69
+ For plan PRs, worktree creation is lighter — just checkout the branch to read the docs.
70
+
71
+ ### Step 3: Validate (Code PRs Only)
72
+
73
+ Run the full validation pipeline in the worktree:
74
+
75
+ ```bash
76
+ {{QUALITY_GATE_TARGETS}}
77
+ ```
78
+
79
+ If UI files changed, use Playwright MCP to visually validate the running application:
80
+ - Navigate to the affected pages
81
+ - Take screenshots of key states
82
+ - Verify interactive behavior
83
+
84
+ Collect all results as validation evidence for the review.
85
+
86
+ ### Step 4: Dispatch Chief Engineer Agent
87
+
88
+ Assemble the review context and dispatch the `chief-engineer` agent:
89
+
90
+ For **plan PRs**, use the template at `templates/plan-review-prompt.md`:
91
+
92
+ - Fill in PR metadata, full document content, manifesto, ADRs
93
+ - Set review level (squad or pod)
94
+ - Fill `{ADDITIONAL_INSTRUCTIONS}` with any freeform directives from the invocation (or "None" if empty)
95
+ - Dispatch agent
96
+
97
+ For **code PRs**, use the template at `templates/code-review-prompt.md`:
98
+
99
+ - Fill in PR metadata, changed files, plan doc, manifesto, ADRs, domain state
100
+ - Include all validation evidence from Step 3
101
+ - Set review level (squad or pod)
102
+ - Fill `{ADDITIONAL_INSTRUCTIONS}` with any freeform directives from the invocation (or "None" if empty)
103
+ - Dispatch agent
104
+
105
+ For **pod-level reviews**, also include the squad CE's prior review if available.
106
+
107
+ ### Step 5: Deliver Review
108
+
109
+ After receiving the agent's structured review:
110
+
111
+ 1. **If APPROVED**: Post an approval comment to the PR:
112
+ ```bash
113
+ gh pr review <number> --approve --body "<review summary>"
114
+ ```
115
+
116
+ 2. **If CHANGES REQUIRED**: Post the full review as a PR comment:
117
+ ```bash
118
+ gh pr review <number> --request-changes --body "<full review>"
119
+ ```
120
+
121
+ 3. **If ESCALATE TO POD CE**: Generate escalation document using `templates/escalation-prompt.md` and present to the user for pod-level routing.
122
+
123
+ 4. **Cleanup**: ExitWorktree (auto-cleaned if no changes were made).
124
+
125
+ ## Conversational Mode
126
+
127
+ When no PR is provided, or `--discuss` flag is present:
128
+
129
+ ### Step 1: Orient
130
+
131
+ Load the CE's judgment framework into the session:
132
+
133
+ 1. Read {{MANIFESTO_PATH}} — internalize all principles.
134
+ 2. Read {{CE_AGENT_PATH}} — adopt the CE identity, voice, and judgment framework.
135
+ 3. If a PR was provided with `--discuss`:
136
+ - Gather full context (same as autonomous Step 1-3)
137
+ - Present a brief summary: "Here's what I see in this PR. Let me walk you through my analysis."
138
+ 4. If no PR:
139
+ - Ask: "What are we reviewing? A specific PR, an architectural direction, or something else?"
140
+ 5. If additional directives were provided, note them: "I'll pay special attention to: {directives}."
141
+ 6. Establish scope: "Are we evaluating a specific change or reasoning about an approach?"
142
+
143
+ ### Step 2: Analyze
144
+
145
+ Run the four-pass analysis with pauses for human input:
146
+
147
+ 1. **Pass 1 — Context**: Present what you understand about the change/topic.
148
+ > Pause: "Any areas you want me to dig deeper before I start the alignment analysis?"
149
+
150
+ 2. **Pass 2 — Validation** (if applicable): Present quality gate and test evidence.
151
+
152
+ 3. **Pass 3 — Alignment**: Walk through relevant manifesto principles. State your position on each.
153
+ > Pause: "Anything here you want to challenge or explore?"
154
+
155
+ 4. **Pass 4 — Judgment**: Present your holistic verdict.
156
+
157
+ ### Step 3: Discuss
158
+
159
+ The human CE can:
160
+ - **Challenge any finding** — you defend with evidence from the manifesto and codebase, or you update your assessment if they present valid counter-evidence.
161
+ - **Direct deeper exploration** — "Dig into the observability for the new workflow" or "Check if the canonical projections handle this edge case."
162
+ - **Ask for alternatives** — "What would you do differently?" — you propose concrete approaches grounded in manifesto principles.
163
+ - **Reason through an escalation** — you help evaluate whether an issue truly crosses domain boundaries.
164
+
165
+ **Behavioral rules in conversation:**
166
+ - State opinions directly: "I'd block on this" not "you might consider."
167
+ - Cite manifesto by section: "§5 requires observability to ship with the feature."
168
+ - Be persuadable only with evidence — name the trade-off if deviating.
169
+ - Never rubber-stamp — push back on "just approve it."
170
+ - Carry context — don't re-raise issues already resolved in the conversation.
171
+
172
+ ### Step 4: Conclude
173
+
174
+ When the human CE is satisfied:
175
+ 1. Summarize the joint assessment.
176
+ 2. Draft a review comment if requested (approval, changes required, or escalation).
177
+ 3. Human CE decides whether to post as-is or edit first.
178
+
179
+ ## Error Handling
180
+
181
+ - **PR not found**: "PR #N doesn't exist or you don't have access. Check the number and try again."
182
+ - **No manifesto found**: "Cannot find {{MANIFESTO_PATH}}. The CE review requires the manifesto as its source of truth. Create it first or update `darkfactory.yaml` → `docs.manifesto` and re-run `df skills install chief-engineer-review`."
183
+ - **Build fails in worktree**: Include the build failure in the Validation Evidence section. A build failure is itself a BLOCK finding.
184
+ - **No linked plan doc**: For code PRs, flag this as a potential BLOCK (two-phase development requires an approved plan).