@momentiq/dark-factory-cli 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/README.md +86 -2
  2. package/dist/adapters/critic-result-schema.d.ts +14 -14
  3. package/dist/adapters/index.d.ts +1 -0
  4. package/dist/adapters/index.d.ts.map +1 -1
  5. package/dist/adapters/index.js +7 -0
  6. package/dist/adapters/index.js.map +1 -1
  7. package/dist/adapters/static-schema-lint.d.ts +68 -0
  8. package/dist/adapters/static-schema-lint.d.ts.map +1 -0
  9. package/dist/adapters/static-schema-lint.js +813 -0
  10. package/dist/adapters/static-schema-lint.js.map +1 -0
  11. package/dist/cli.d.ts +17 -1
  12. package/dist/cli.d.ts.map +1 -1
  13. package/dist/cli.js +296 -41
  14. package/dist/cli.js.map +1 -1
  15. package/dist/commands/findings.d.ts +6 -0
  16. package/dist/commands/findings.d.ts.map +1 -0
  17. package/dist/commands/findings.js +196 -0
  18. package/dist/commands/findings.js.map +1 -0
  19. package/dist/commands/skills.d.ts +6 -0
  20. package/dist/commands/skills.d.ts.map +1 -0
  21. package/dist/commands/skills.js +248 -0
  22. package/dist/commands/skills.js.map +1 -0
  23. package/dist/doctor.d.ts +17 -0
  24. package/dist/doctor.d.ts.map +1 -1
  25. package/dist/doctor.js +107 -0
  26. package/dist/doctor.js.map +1 -1
  27. package/dist/evidence/docker-build.d.ts +6 -0
  28. package/dist/evidence/docker-build.d.ts.map +1 -0
  29. package/dist/evidence/docker-build.js +199 -0
  30. package/dist/evidence/docker-build.js.map +1 -0
  31. package/dist/evidence/index.d.ts +1 -0
  32. package/dist/evidence/index.d.ts.map +1 -1
  33. package/dist/evidence/index.js +6 -0
  34. package/dist/evidence/index.js.map +1 -1
  35. package/dist/index.d.ts +1 -0
  36. package/dist/index.d.ts.map +1 -1
  37. package/dist/index.js +4 -0
  38. package/dist/index.js.map +1 -1
  39. package/dist/mcp/server.d.ts.map +1 -1
  40. package/dist/mcp/server.js +2 -0
  41. package/dist/mcp/server.js.map +1 -1
  42. package/dist/mcp/tools/doctor.d.ts.map +1 -1
  43. package/dist/mcp/tools/doctor.js +5 -0
  44. package/dist/mcp/tools/doctor.js.map +1 -1
  45. package/dist/mcp/tools/review-bypass.d.ts.map +1 -1
  46. package/dist/mcp/tools/review-bypass.js +21 -0
  47. package/dist/mcp/tools/review-bypass.js.map +1 -1
  48. package/dist/mcp/tools/skills-install.d.ts +6 -0
  49. package/dist/mcp/tools/skills-install.d.ts.map +1 -0
  50. package/dist/mcp/tools/skills-install.js +260 -0
  51. package/dist/mcp/tools/skills-install.js.map +1 -0
  52. package/dist/mcp/tools/stats-gate.d.ts.map +1 -1
  53. package/dist/mcp/tools/stats-gate.js +63 -15
  54. package/dist/mcp/tools/stats-gate.js.map +1 -1
  55. package/dist/policy/gate.d.ts +1 -1
  56. package/dist/policy/gate.d.ts.map +1 -1
  57. package/dist/policy/gate.js +96 -12
  58. package/dist/policy/gate.js.map +1 -1
  59. package/dist/prompt.d.ts +1 -0
  60. package/dist/prompt.d.ts.map +1 -1
  61. package/dist/prompt.js +105 -1
  62. package/dist/prompt.js.map +1 -1
  63. package/dist/report.d.ts +106 -3
  64. package/dist/report.d.ts.map +1 -1
  65. package/dist/report.js +282 -10
  66. package/dist/report.js.map +1 -1
  67. package/dist/runner.d.ts +2 -0
  68. package/dist/runner.d.ts.map +1 -1
  69. package/dist/runner.js +86 -2
  70. package/dist/runner.js.map +1 -1
  71. package/dist/self-consistency.d.ts +144 -0
  72. package/dist/self-consistency.d.ts.map +1 -0
  73. package/dist/self-consistency.js +368 -0
  74. package/dist/self-consistency.js.map +1 -0
  75. package/dist/skills/config.d.ts +176 -0
  76. package/dist/skills/config.d.ts.map +1 -0
  77. package/dist/skills/config.js +251 -0
  78. package/dist/skills/config.js.map +1 -0
  79. package/dist/skills/index.d.ts +4 -0
  80. package/dist/skills/index.d.ts.map +1 -0
  81. package/dist/skills/index.js +8 -0
  82. package/dist/skills/index.js.map +1 -0
  83. package/dist/skills/install.d.ts +62 -0
  84. package/dist/skills/install.d.ts.map +1 -0
  85. package/dist/skills/install.js +315 -0
  86. package/dist/skills/install.js.map +1 -0
  87. package/dist/skills/template.d.ts +42 -0
  88. package/dist/skills/template.d.ts.map +1 -0
  89. package/dist/skills/template.js +95 -0
  90. package/dist/skills/template.js.map +1 -0
  91. package/dist/trusted-surface/rebind.d.ts.map +1 -1
  92. package/dist/trusted-surface/rebind.js +14 -1
  93. package/dist/trusted-surface/rebind.js.map +1 -1
  94. package/package.json +32 -2
  95. package/skills/README.md +89 -0
  96. package/skills/chief-engineer-blitz/SKILL.md.tmpl +443 -0
  97. package/skills/chief-engineer-blitz/skill.json +53 -0
  98. package/skills/chief-engineer-review/SKILL.md.tmpl +184 -0
  99. package/skills/chief-engineer-review/references/review-examples.md.tmpl +130 -0
  100. package/skills/chief-engineer-review/skill.json +67 -0
  101. package/skills/chief-engineer-review/templates/code-review-prompt.md.tmpl +111 -0
  102. package/skills/chief-engineer-review/templates/escalation-prompt.md.tmpl +56 -0
  103. package/skills/chief-engineer-review/templates/plan-review-prompt.md.tmpl +74 -0
  104. package/skills/skill-schema.json +73 -0
@@ -0,0 +1,89 @@
1
+ # Bundled skills (source of truth)
2
+
3
+ This directory is the source of truth for skills shipped by
4
+ `@momentiq/dark-factory-cli` and installable into any consumer repo via
5
+ `df skills install <name>`.
6
+
7
+ Each subdirectory is one skill:
8
+
9
+ ```
10
+ skills/
11
+ ├── skill-schema.json # JSON schema for skill.json files
12
+ ├── chief-engineer-review/
13
+ │ ├── skill.json # manifest (variables, file map)
14
+ │ ├── SKILL.md.tmpl # main skill body (Handlebars-style vars)
15
+ │ ├── templates/
16
+ │ │ ├── code-review-prompt.md.tmpl
17
+ │ │ ├── plan-review-prompt.md.tmpl
18
+ │ │ └── escalation-prompt.md.tmpl
19
+ │ └── references/
20
+ │ └── review-examples.md.tmpl
21
+ └── chief-engineer-blitz/
22
+ ├── skill.json
23
+ └── SKILL.md.tmpl
24
+ ```
25
+
26
+ ## Authoring rules
27
+
28
+ 1. **Every `{{VARIABLE}}` reference in any `.tmpl` file MUST be declared in
29
+ `skill.json#variables`.** The renderer fails closed if a referenced variable
30
+ is undeclared (catches typos and silent drift between template + manifest).
31
+ 2. **`{{X}}` is install-time substitution** (rendered by `df skills install`
32
+ from `darkfactory.yaml`). `{X}` (single-brace) is runtime substitution
33
+ (filled later by the agent at skill invocation; not touched by the renderer).
34
+ 3. **Header comment in every rendered file.** Every `.tmpl` should start (or
35
+ end its frontmatter with) a `GENERATED by df skills install …` comment so
36
+ consumers know not to hand-edit the rendered copy.
37
+ 4. **No consumer-specific literals.** If the skill mentions a Make-target,
38
+ an ADR directory, a manifesto path, or any other repo-shaped string, route
39
+ it through a `{{VAR}}` with a sensible default.
40
+
41
+ ## Install-time variable conventions
42
+
43
+ | Variable | Typical default | Source |
44
+ |---|---|---|
45
+ | `{{REPO_NAME}}` | `this repo` | `darkfactory.yaml: repo.displayName` |
46
+ | `{{REPO_SLUG}}` | (empty) | `repo.slug` > `<repo>` portion of git `origin` remote |
47
+ | `{{MANIFESTO_PATH}}` | `docs/PRINCIPLES.md` | `docs.manifesto` |
48
+ | `{{ADR_DIR}}` | `docs/ADR` | `docs.adrDir` |
49
+ | `{{CYCLE_DOCS_DIR}}` | `docs/roadmap/cycles` | `docs.cycleDocsDir` |
50
+ | `{{RFC_DIR}}` | `docs/rfcs` | `docs.rfcDir` |
51
+ | `{{PRD_DIR}}` | `docs/prds` | `docs.prdDir` |
52
+ | `{{CE_AGENT_PATH}}` | `.claude/agents/chief-engineer.md` | `agents.chiefEngineer` |
53
+ | `{{QUALITY_GATE_TARGETS}}` | `make quality-gates` | `qualityGates` (list) |
54
+ | `{{WORKTREE_ROOT}}` | `.claude/worktrees` | `worktreeRoot` |
55
+ | `{{OWNER_REPO}}` | (empty) | `repo.ownerRepo` > parsed from `git config --get remote.origin.url` |
56
+ | `{{AGENT_COMMITTER_ORG}}` | `momentiq` | `agentCommitterOrg` |
57
+
58
+ `OWNER_REPO` / `REPO_SLUG` precedence at install time: explicit
59
+ `darkfactory.yaml` value wins. When the yaml does not provide it, the
60
+ renderer falls back to parsing the consumer repo's `origin` git remote
61
+ (both SSH `git@github.com:owner/repo.git` and HTTPS
62
+ `https://github.com/owner/repo.git` forms are recognized). If neither
63
+ yields a value, the renderer uses the manifest default (empty by
64
+ convention — the consumer accepts that templated `gh` commands will
65
+ require an explicit `--repo` flag).
66
+
67
+ ## Adding a new skill
68
+
69
+ 1. Create `skills/<name>/`.
70
+ 2. Write `skill.json` declaring all variables your templates use.
71
+ 3. Write `SKILL.md.tmpl` (and any sibling templates/, references/).
72
+ 4. Add the skill name to `KNOWN_SKILLS` in `src/skills/install.ts`.
73
+ 5. Add a vitest case in `tests/skills/install.test.ts` that renders the skill
74
+ against the default config and snapshots the output.
75
+
76
+ ## How skills ship in the npm tarball
77
+
78
+ Bundled skills ship via the top-level `files: ["skills"]` array in
79
+ `packages/cli/package.json` — the whole `skills/` directory is copied
80
+ verbatim into the published tarball. There is **no** copy-assets step
81
+ for `.tmpl` / `skill.json` files; `scripts/copy-assets.mjs` only mirrors
82
+ non-TypeScript assets *inside* `src/` (e.g. Python scripts, YAML fixtures)
83
+ into `dist/`. The skills directory sits at the package root, parallel to
84
+ `dist/`, and `resolveSkillsRoot()` finds it relative to the compiled
85
+ module's URL.
86
+
87
+ If you need a new file extension under `skills/` (today: `.md.tmpl`,
88
+ `.json`), nothing in the build needs to change — the `files` array
89
+ already takes the directory as a whole.
@@ -0,0 +1,443 @@
1
+ ---
2
+ name: chief-engineer-blitz
3
+ description: Use when the human asks to "ship X autonomously", "burn down the backlog", "blitz", "resolve all of these", or sets a big delivery objective decomposable into many small high-confidence chunks. Orchestrates a high-volume parallel subagent fleet against the objective, with up-front planning, two-phase (spec → implement) or one-phase (specs exist → implement) execution, critic-finding triage discipline, and end-of-blitz validation against real exit criteria (not green-check theatre).
4
+ ---
5
+
6
+ # Chief Engineer Blitz
7
+
8
+ A blitz is a planned, time-bounded burst of orchestrated subagent work against a
9
+ clear objective. Like a blitz in football or a blitzkrieg in war, it concentrates
10
+ parallelizable effort against the objective to compress wall-clock time, but
11
+ that compression only works **if the plan is good and the quality controls are
12
+ real.** Without them, a blitz is a fast way to ship a pile of broken PRs.
13
+
14
+ This skill encodes the doctrine — what to plan, how to decompose, how to fan
15
+ out, how to triage critic findings, how to validate completion *for real* —
16
+ distilled from running this exact pattern against real product backlogs.
17
+
18
+ **It is not** a generic "spawn lots of agents" pattern. It is a discipline:
19
+ plan first, decompose for high-confidence delivery, triage findings instead
20
+ of iterating blindly, validate at the end against the *actual exit criteria*.
21
+
22
+ ## When to invoke
23
+
24
+ Trigger phrases (the human says any of these, or close paraphrase):
25
+
26
+ - "ship X autonomously via subagents"
27
+ - "burn down the bug backlog"
28
+ - "resolve all of these"
29
+ - "blitz [the cycle / the issues / the PRs]"
30
+ - "you have admin permissions, execute everything as subagents"
31
+ - "let's get this fully resolved, no stopping"
32
+ - "ship a cycle with subcycles"
33
+
34
+ Also implicit triggers:
35
+
36
+ - A big delivery objective is set + the work decomposes into ≥5 small chunks
37
+ - The chunks can land in parallel (no sequential dependencies between most)
38
+ - The human has explicitly opted into autonomous execution
39
+
40
+ Do NOT invoke for:
41
+
42
+ - Single-PR work (just use the Agent tool directly)
43
+ - Work where the chunks have hard sequential dependencies (a blitz is parallel)
44
+ - Exploratory / design-mode work where decomposition isn't possible yet
45
+ (do brainstorming + cycle-doc-writing first; blitz the *implementation* once
46
+ specs exist)
47
+
48
+ ## The doctrine — six phases
49
+
50
+ A blitz always has six phases in order. Skipping any phase is a red flag.
51
+
52
+ 1. **Plan** — read everything, classify, identify dependencies + collisions, decide phases
53
+ 2. **Spec** (only if specs missing) — fan out spec-writing subagents; review + merge
54
+ 3. **Implement** — fan out implementation subagents in parallel worktrees
55
+ 4. **Triage** — for each PR's critic findings: FIX / OVERRIDE / ESCALATE
56
+ 5. **Validate** — confirm exit criteria are *actually met* against real state
57
+ 6. **Closure** — close issues with evidence; file follow-ups for un-shipped scope
58
+
59
+ The phases are deliberately distinct. Don't conflate "spawn implementation
60
+ agents" with "planning" (skipping plan loses up-front decomposition); don't
61
+ conflate "critic passed" with "validated" (passing critic ≠ meeting exit
62
+ criteria).
63
+
64
+ ## Phase 1 — Plan
65
+
66
+ The most-skipped phase, and the one that compounds the most when skipped.
67
+
68
+ **Read everything before doing anything.** For every issue/PR in scope:
69
+
70
+ - Pull the body, the labels, the linked PRs/cycles, and the **most recent comments**
71
+ (stale issues often have a "this was already fixed in PR #N" hint buried in the
72
+ last comment)
73
+ - Classify by **readiness**:
74
+ - **Ready** — clear scope, identified files, ready to implement
75
+ - **Mostly ready** — clear scope, one or two open contract questions
76
+ - **Needs scoping** — real problem, unclear approach, design decision required
77
+ - **Strategic / multi-week** — cycle-doc-level work, multiple phases
78
+ - **Stale / superseded** — already shipped or no longer relevant
79
+ - Classify by **dependency**:
80
+ - **Independent** — no other issue in the batch needs to land first
81
+ - **Depends on N** — a specific issue must land first
82
+ - **Collides with N** — same files / same numbering / same surface
83
+ - Classify by **repo**:
84
+ - **Local** — {{REPO_NAME}}
85
+ - **Cross-repo** — upstream `momentiq-ai/dark-factory`, sibling repos, etc.
86
+
87
+ The output of Plan is a **disposition table**: per-issue row with classification
88
+ + proposed action (ship / spec-then-ship / cycle-doc-only / close-stale / defer).
89
+ Show it to the human if the slate is large enough that they might want to
90
+ re-scope; otherwise commit and execute.
91
+
92
+ **Detect "already shipped" before spawning implementation work.** State-verify by
93
+ running `git log --oneline -- <files> | grep -i "fix #N"` or a quick query against
94
+ prod state. Many "open" issues have already been shipped and just left open by
95
+ keyword-tracking oversight. Always state-verify before launching implementation.
96
+
97
+ **Pick cycle numbers up front** if multiple cycle docs ship in the same blitz.
98
+ Multiple cycle-doc subagents in parallel **will** all pick the same next-number
99
+ ("highest + 1"); assign numbers explicitly in the Plan output. The cost of
100
+ renumber follow-up is small but real; avoid it by being explicit.
101
+
102
+ **For collisions:** decide *now* whether to serialize, segment by file, or
103
+ accept conflicts + resolve at merge. For multiple PRs touching the same file,
104
+ serialize them through the same worktree; for truly independent areas in the
105
+ same service, parallel worktrees are fine and rebases handle the small overlap.
106
+
107
+ ## Phase 2 — Spec (only when needed)
108
+
109
+ Skip this phase entirely if specs already exist (one-phase blitz).
110
+
111
+ If specs don't exist, fan out spec-writing subagents in parallel. Each agent's
112
+ deliverable is **one of**:
113
+
114
+ - **A cycle doc** — for strategic / multi-week work. New file in
115
+ `{{CYCLE_DOCS_DIR}}/cycleN-slug.md`. Land as a PR.
116
+ - **An issue-body spec section** — for ~1-2-PR work that doesn't warrant a cycle
117
+ doc. Appended via `gh issue edit` to the existing body. No PR.
118
+
119
+ Each spec-writing prompt must include:
120
+
121
+ - The decision authority. ("You have autonomous approval — make the calls. Flag
122
+ load-bearing decisions as 'Recommended, open for one round of review.'")
123
+ - The cycle-number assignment (if applicable) — explicit, not "next available"
124
+ - The depth bar ("ready-to-implement; the next session should not need to redo
125
+ design")
126
+ - The frontmatter / template per `CLAUDE.md` § "Cycle doc workflow"
127
+ - The deliverable's link target (PR for cycle docs; updated issue body for
128
+ inline specs)
129
+
130
+ After spec subagents return: review each, merge clean ones, iterate on any with
131
+ gaps. The spec-merge gate is the spec-merge gate; don't blur it with the
132
+ implementation gate.
133
+
134
+ ## Phase 3 — Implement
135
+
136
+ The biggest phase. Maximum parallelism.
137
+
138
+ **One subagent per PR.** Not one agent for multiple issues. Not one agent for
139
+ multiple phases of a cycle. Each agent ships exactly one PR.
140
+
141
+ **Pre-create the worktrees** before spawning agents. Pattern:
142
+
143
+ ```bash
144
+ for slug in fix-N1 fix-N2 fix-N3 ...; do
145
+ git worktree add "{{WORKTREE_ROOT}}/df+$slug" -b "df/$slug-auto" origin/main
146
+ done
147
+ ```
148
+
149
+ Don't make agents create their own worktrees — they'll race on the git common
150
+ dir.
151
+
152
+ **Each implementation prompt must include:**
153
+
154
+ - The issue number(s) the PR closes
155
+ - The exact worktree path + branch name
156
+ - Required reads: `CLAUDE.md`, the issue body, any referenced cycle docs
157
+ - The deliverable: a PR with "Closes #N" in the body, do-not-merge instruction
158
+ - The commit-identity convention (per consumer's CLAUDE.md — typically a
159
+ `claude-code+<handle>@{{AGENT_COMMITTER_ORG}}.ai` committer email + Co-Authored-By trailer)
160
+ - The push posture: if local gate fails for env reasons (sandbox can't OAuth
161
+ subscription critics), use the documented cloud-env bypass; NEVER bypass for
162
+ real findings
163
+ - The final-report format: under 300-400 words; PR URL, design choices, test
164
+ results, blockers
165
+
166
+ **For cross-repo work** (upstream issue belongs in `momentiq-ai/dark-factory`,
167
+ sibling repos, etc.):
168
+
169
+ - Have the agent `gh repo clone <owner>/<repo> /tmp/<repo>-agent-N/` and work
170
+ there
171
+ - After the upstream PR opens: post a comment on the consumer-side issue with
172
+ the upstream PR link, then **close the consumer-side issue as
173
+ "upstream-tracked"** (it stays closed until you bump the pin in a follow-up,
174
+ but the issue tracker reflects the correct disposition)
175
+ - Flag access failures clearly — if `gh repo view <owner>/<repo>` returns 404,
176
+ STOP and surface; don't fake the work
177
+
178
+ **For agents working in a fresh worktree:** the `npm ci --include=dev` step is
179
+ mandatory before the pre-push gate works. Skip it and the push will block with
180
+ "CLI not installed". Build this into the prompt explicitly.
181
+
182
+ ## Phase 4 — Triage critic findings
183
+
184
+ This is the phase that separates a real blitz from a PR-spam blitz.
185
+
186
+ Every PR's `dark-factory/critic` check completes with a verdict. For each PR
187
+ that's `action_required`:
188
+
189
+ **Pull the actual findings, not just the verdict count:**
190
+
191
+ ```bash
192
+ sha=$(gh pr view <N> --repo {{OWNER_REPO}} --json headRefOid --jq .headRefOid)
193
+ check_id=$(gh api "repos/{{OWNER_REPO}}/commits/$sha/check-runs" \
194
+ --jq '.check_runs[] | select(.name=="dark-factory/critic") | .id')
195
+ gh api "repos/{{OWNER_REPO}}/check-runs/$check_id/annotations" \
196
+ --jq '.[] | "[\(.annotation_level)] \(.path):\(.start_line) — \(.title)\n \(.message[:300])\n"'
197
+ ```
198
+
199
+ **Classify each finding.** The bypass posture must match CLAUDE.md exactly —
200
+ do NOT widen it. CLAUDE.md scopes `AGENT_REVIEW_BYPASS` / admin-merge to a
201
+ **closed list of cases**: PJ-approved emergency, pre-existing-main-branch
202
+ protocol, cloud-env exception, critic-unverifiable-check exception. Anything
203
+ outside that list is FIX (or ESCALATE for genuine design calls).
204
+
205
+ | Classification | Signal | Action |
206
+ |---|---|---|
207
+ | **Actionable** | Any vendor flagged `[high]` / `[blocker]`, OR ≥2 critics agree at any severity, OR production-impact language ("will throw", "breaks the build", "security regression"), specific file:line + concrete fix | FIX — spawn an iteration subagent (one new commit; never amend) |
208
+ | **Single-vendor nit** | One critic only, `[medium]` or `[note]`, style preference ("could be improved", "should consider"), doc-only contradiction | FIX (cheap small commit) — or, if genuinely no-fix-needed, leave a PR comment explaining + file a follow-up issue if pattern repeats. **Do NOT admin-merge silently** — that erodes the critic's signal-to-noise over time. |
209
+ | **Critic-infra failure** | Critic itself failed to run — sandbox-bwrap permission denied, EPIPE on background pipe close, 500 / timeout. Content not actually reviewed. | OVERRIDE — admin-merge with structured bypass citing the upstream infra issue. Per CLAUDE.md "Critic-unverifiable-check exception," only when there's deterministic out-of-band evidence the gate would have approved (tests pass, type-check pass, etc.). Reason string cites: (1) the infra failure verbatim, (2) the out-of-band evidence, (3) the upstream tracker issue. |
210
+ | **Recursion case** | The PR fixes the bug that's blocking its own critic from posting a verdict | OVERRIDE — admin-merge per CLAUDE.md "Recursion case (W3 worker break-glass)". Reason string: "W3 worker broken by the bug this PR fixes — see #<this PR's closes-issue>." |
211
+ | **`requiresHumanJudgment: true`** | Critic itself flagged the finding as subjective | **ESCALATE** — per CLAUDE.md "Thrash signals," this is a "do NOT iterate; bail to issue-and-bypass" signal. File a follow-up issue capturing the finding; if the underlying check can be satisfied by deterministic out-of-band evidence (per CLAUDE.md "Critic-unverifiable-check exception"), structured bypass with the three required citations. Otherwise pull the human in. **Not an automatic admin-merge.** |
212
+ | **Hallucination** | Finding contradicts measurable empirical reality (cited line doesn't exist; semantics demonstrably wrong against an empirical probe) | FIX the doc / comment / surface that confused the critic if there's a fix that disambiguates. If genuinely a vendor-quality issue with nothing to fix on our side, OVERRIDE with diagnostic comment + file at the critic-quality tracker. |
213
+ | **Genuine design call** | The finding is right but the fix is a real architectural decision the human should make | ESCALATE — pull the human in |
214
+
215
+ **Per-PR disposition table** — for every iteration round, classify the whole
216
+ PR's finding set into one of: FIX / OVERRIDE / ESCALATE. Default to FIX. Be
217
+ strict on production-code PRs; even on docs-only PRs prefer a small fix-commit
218
+ over an admin-merge through the noise. The bypass audit-trail
219
+ (`.git/agent-reviews/_runs.ndjson` + `make df-stats`) is read by humans —
220
+ flooding it with "single-vendor nit" entries erodes its signal.
221
+
222
+ **FIX iteration:** spawn a focused subagent for each PR-needing-fix. The agent's
223
+ deliverable is **one new commit on the existing branch** (never amend — the
224
+ critic artifact is bound to the original SHA, and amending desyncs the audit
225
+ trail). The agent re-pushes; the critic re-runs; the next-round verdict is
226
+ either GREEN (merge) or another iteration.
227
+
228
+ **Iteration budget:** cap at **3 rounds** per PR. After round 3, if findings
229
+ persist, escalate. Three rounds is enough for real bugs; persistent findings
230
+ past three rounds usually indicate either a genuine design call or a
231
+ critic-quality problem (open a tracker, override).
232
+
233
+ ## Phase 5 — Validate
234
+
235
+ **This is the phase that separates real delivery from theatre.**
236
+
237
+ Green checks ≠ delivery. Tests passing ≠ delivery. The validation gate is the
238
+ **actual exit criteria** of the work:
239
+
240
+ - For a **bug fix**: the production symptom is gone. Query the prod surface.
241
+ Examples — "14 stuck rows reclaimed in one atomic sweep at 04:17 UTC" is a SQL
242
+ query against prod, not "tests pass". "SIGTERM readiness" is a live
243
+ kubectl delete-pod + watch /ready transitions.
244
+ - For a **feature**: the feature actually works against real data. Spin up
245
+ the consumer surface (dashboard, CLI, API) and exercise the path end-to-end.
246
+ - For a **cycle doc / spec**: the doc is at the depth the implementer needs.
247
+ Sample the doc by simulating "next session reads this and starts coding —
248
+ do they need to redo design?"
249
+ - For **infra / IaC**: deploy-validate, then live-state-validate. `terraform
250
+ plan` clean is not the same as `terraform apply` clean is not the same as
251
+ "the live resources exist and are configured right".
252
+
253
+ **Build the prod-query into the blitz from the start.** Take a "before" snapshot
254
+ during Phase 1 (the symptom count, the broken state). After deploy, run the
255
+ "after" snapshot. Diff them — that's the evidence.
256
+
257
+ **For deployed Kubernetes services**, confirm the merge commit's image is
258
+ actually rolling before declaring "deployed". Pattern:
259
+
260
+ ```bash
261
+ kubectl get deployment <svc> -n <namespace> -o \
262
+ jsonpath='{.spec.template.spec.containers[0].image}'
263
+ ```
264
+
265
+ Image-updater can lag; ArgoCD can stall. The live `kubectl get` is the gate.
266
+
267
+ **Anti-patterns in validation:**
268
+
269
+ - **"All checks green"** — checks are inputs to validation, not validation
270
+ - **"Critic approved"** — critic is one signal; the actual exit criteria are
271
+ often broader (e.g. "users can see the new field on the dashboard")
272
+ - **"Tests pass"** — tests are unit-level; prod-level validation is the gate
273
+ - **"I declared success"** — success theatre. The user can read the diff;
274
+ they can also see the failed prod state if you faked it.
275
+
276
+ ## Phase 6 — Closure
277
+
278
+ For each issue in the blitz, the closure gate is **issue closed + evidence
279
+ attached**:
280
+
281
+ - For a code fix: close the issue with a comment containing the prod evidence
282
+ (the SQL output, the kubectl output, the dashboard screenshot — whatever
283
+ proves the symptom cleared).
284
+ - For a spec: close with a pointer to the cycle doc PR.
285
+ - For a cross-repo: close as "upstream-tracked" with the upstream PR/issue
286
+ link.
287
+ - For "already shipped": close with a context comment naming the PR that
288
+ shipped it, the commit SHA, and the verification.
289
+
290
+ **File follow-ups for un-shipped scope.** A blitz almost always surfaces work
291
+ that's worth doing but out-of-scope for the current blitz. File those as new
292
+ issues immediately, before the context evaporates.
293
+
294
+ **Cleanup the worktrees.** `git worktree remove {{WORKTREE_ROOT}}/<n> --force`
295
+ + `git branch -D <branch>` for each finished agent. Leave the repo state
296
+ clean.
297
+
298
+ ## Quality controls (the non-negotiables)
299
+
300
+ These are the doctrine commitments. Violating any is a sign the blitz has lost
301
+ discipline.
302
+
303
+ 1. **One PR per subagent, always.** Never one agent for multiple PRs;
304
+ audit trails get muddled, retries get hard, critic findings get
305
+ cross-confused.
306
+ 2. **Worktree isolation, always.** Each agent in its own worktree off `main`.
307
+ Race conditions on the git common dir are real.
308
+ 3. **CLAUDE.md commit identity, always.** The committer email convention
309
+ (`claude-code+<handle>@{{AGENT_COMMITTER_ORG}}.ai`) is the agentic-marker;
310
+ preserve author identity per-dev, mark committer per-policy.
311
+ 4. **Validation against real exit criteria, always.** Never declare done on
312
+ "checks green" alone. Query the prod surface.
313
+ 5. **Triage critic findings, never blind-iterate.** Decide per-finding using
314
+ the Phase 4 table. Default to FIX (even single-vendor nits — a small commit
315
+ is cheaper than diluting the bypass audit trail). Reserve `admin-merge` for
316
+ the closed list of cases CLAUDE.md sanctions (critic-infra failure,
317
+ recursion case, critic-unverifiable-check exception with deterministic
318
+ out-of-band evidence). `requiresHumanJudgment: true` is a thrash signal —
319
+ ESCALATE, don't auto-merge.
320
+ 6. **State-verify before implementing.** Many issues are already-shipped;
321
+ close with evidence instead of duplicating work.
322
+ 7. **Close issues with evidence.** A green PR + closed issue without a
323
+ verification comment is theatre. Attach the kubectl output, the SQL
324
+ output, the screenshot.
325
+ 8. **File follow-ups for un-shipped scope.** Don't lose surfaced work to
326
+ context evaporation.
327
+
328
+ ## Decision tree — when the rate-limit / context-budget bites
329
+
330
+ A long blitz consumes context. The orchestrator (you) is the bottleneck, not
331
+ the subagents. Two scenarios:
332
+
333
+ **Scenario A: rate-limit hit mid-blitz.** Subagent spawns fail with "session
334
+ limit reached." Wait for reset; pick up where you left off. The state on
335
+ disk (worktrees, branches, open PRs) is the canonical truth — re-launch
336
+ agents that didn't complete. Don't try to "remember" what was in flight; query
337
+ `gh pr list --state open` + `git worktree list`.
338
+
339
+ **Scenario B: context-budget exhaustion.** You feel the auto-compaction
340
+ kicking in. Two options:
341
+
342
+ 1. **Continue** — the auto-compaction summarizes prior turns; you can keep
343
+ going. Fine for routine work.
344
+ 2. **Hand off** — use the `handoff` skill to leave a comprehensive note for
345
+ a fresh session. Particularly right when the remaining work is a NEW
346
+ phase (e.g. you're done with implementations, need to start the cross-repo
347
+ PRs).
348
+
349
+ **Don't bail just because the blitz is long.** Bail if context is genuinely
350
+ gone or if the remaining work needs a fresh planning pass. Otherwise: push
351
+ through.
352
+
353
+ ## Common pitfalls
354
+
355
+ Catalogued from real misfires.
356
+
357
+ **1. Cycle-number collision.** Multiple subagents in parallel each pick "next
358
+ available cycle number" → they all pick the same number. Assign numbers up
359
+ front in the Plan output, or expect a renumber follow-up.
360
+
361
+ **2. Same-file merge conflicts.** Multiple PRs all touching the same source
362
+ file will conflict at merge. Either serialize them or accept the rebase
363
+ overhead.
364
+
365
+ **3. "Tests pass" → "ship it" trap.** Tests are unit-level. Prod validation
366
+ is the gate. Always do the post-deploy query.
367
+
368
+ **4. Recursion case (the PR fixes the bug blocking its own merge).** Most
369
+ common with critic-infrastructure issues. Recognize it; admin-merge with a
370
+ structured bypass; document the recursion in the merge commit body.
371
+
372
+ **5. Stale issue body.** The issue says "implement X" but X was already
373
+ shipped. Always state-verify before implementing. Check `git log --oneline
374
+ -- <files> | grep "#N"` and the most recent merged PRs.
375
+
376
+ **6. Agent stops mid-flight without pushing.** The agent's local commit
377
+ exists in the worktree but never made it to origin. Check `git log
378
+ <branch>..` and finish the push yourself if the work is sound — don't
379
+ re-spawn the whole agent.
380
+
381
+ **7. Critic finding asks for an over-defensive fix.** Default response: leave
382
+ a PR comment explaining the trade-off + file the pattern on the
383
+ critic-quality tracker. If the PR keeps getting CHANGES_REQUESTED on the same
384
+ paranoia-tier finding past iteration round 2, escalate — don't admin-merge
385
+ silently.
386
+
387
+ **8. Cross-repo agent can't access the repo.** Surface immediately; don't
388
+ fake the work. File the access-block on the consumer-side issue, escalate
389
+ to the human.
390
+
391
+ **9. Spec phase agents return "already covered by existing cycle doc N".**
392
+ This is GOOD — they correctly refused to duplicate work. Close the spec'd
393
+ issue as superseded with a context comment, don't force a duplicate doc.
394
+
395
+ **10. Cleanup-after-yourself.** Leave the repo state clean: remove worktrees,
396
+ delete merged branches, prune the local refs. Future you (or the next
397
+ session) will thank you.
398
+
399
+ ## Anti-patterns
400
+
401
+ - **Spawning a "review everything" mega-agent** — context bloat; better to
402
+ spawn many small focused agents.
403
+ - **Spawning agents without clear scope** ("just fix the bug") — they thrash.
404
+ Always include: files-to-touch, exit criteria, test plan, do-not-merge.
405
+ - **Skipping the Plan phase to "move fast"** — you'll pay double in
406
+ triage + collisions.
407
+ - **Iterating on critic findings without triage** — decide FIX / OVERRIDE /
408
+ ESCALATE per the Phase 4 table; blind iteration loses focus.
409
+ - **OVERRIDE-by-default on single-vendor nits** — dilutes the bypass audit
410
+ trail. Default to FIX (small commit) or PR-comment-and-defer; reserve
411
+ bypass for CLAUDE.md's sanctioned cases.
412
+ - **Declaring success on "all green" without prod validation** — theatre.
413
+ - **Forgetting to close the consumer-side issue when the upstream PR opens**
414
+ — the issue tracker drifts.
415
+ - **Spawning subagents from a worktree that's outside the worktree-first
416
+ policy** — fight the policy and it fights back.
417
+
418
+ ## Composition with other skills
419
+
420
+ - **`brainstorming`** — use this for the design phase BEFORE the blitz, when
421
+ scope isn't decomposable yet. A blitz against a not-yet-decomposed objective
422
+ is a blitz against vapor.
423
+ - **`handoff`** — use this if context-budget runs out mid-blitz, to leave a
424
+ comprehensive note for the next session.
425
+ - **`writing-plans`** — the Plan phase output is a plan; use this skill's
426
+ template if a structured plan format helps.
427
+ - **`subagent-driven-development`** — overlaps significantly; that skill is
428
+ about *single-cycle* multi-task implementation; this one is about *blitz-
429
+ scale* delivery. Both teach the "one agent per task" discipline.
430
+ - **`verification-before-completion`** — Phase 5 (Validate) embodies that
431
+ skill's discipline; defer to it for the validation checklist when
432
+ ambiguous.
433
+
434
+ ## Quality-gate commands (consumer-specific)
435
+
436
+ The validation pipeline for {{REPO_NAME}}:
437
+
438
+ ```bash
439
+ {{QUALITY_GATE_TARGETS}}
440
+ ```
441
+
442
+ These are the canonical Make-targets the blitz expects to be runnable in any
443
+ fresh worktree.
@@ -0,0 +1,53 @@
1
+ {
2
+ "$schema": "../skill-schema.json",
3
+ "name": "chief-engineer-blitz",
4
+ "version": "1.0.0",
5
+ "summary": "Doctrine for orchestrated multi-PR blitz delivery against a decomposable objective — six phases (Plan / Spec / Implement / Triage / Validate / Closure), strict critic-finding triage, real exit-criteria validation.",
6
+ "originatingRepo": "momentiq-ai/dark-factory-platform",
7
+ "files": [
8
+ { "template": "SKILL.md.tmpl", "target": "SKILL.md" }
9
+ ],
10
+ "variables": {
11
+ "REPO_NAME": {
12
+ "description": "Display name of the consumer repo (e.g. 'Dark Factory Platform').",
13
+ "source": "darkfactory.yaml: repo.displayName",
14
+ "default": "this repo"
15
+ },
16
+ "REPO_SLUG": {
17
+ "description": "Slug of the consumer repo.",
18
+ "source": "darkfactory.yaml: repo.slug, or git remote inference",
19
+ "default": ""
20
+ },
21
+ "OWNER_REPO": {
22
+ "description": "GitHub `<owner>/<repo>` reference for the consumer (used in gh commands).",
23
+ "source": "git remote get-url origin (inferred), or darkfactory.yaml: repo.ownerRepo",
24
+ "default": ""
25
+ },
26
+ "CYCLE_DOCS_DIR": {
27
+ "description": "Repo-relative path to the cycle-docs directory.",
28
+ "source": "darkfactory.yaml: docs.cycleDocsDir",
29
+ "default": "docs/roadmap/cycles"
30
+ },
31
+ "ADR_DIR": {
32
+ "description": "Repo-relative path to the ADR directory.",
33
+ "source": "darkfactory.yaml: docs.adrDir",
34
+ "default": "docs/ADR"
35
+ },
36
+ "WORKTREE_ROOT": {
37
+ "description": "Repo-relative path where parallel agent worktrees are created.",
38
+ "source": "darkfactory.yaml: worktreeRoot",
39
+ "default": ".claude/worktrees"
40
+ },
41
+ "QUALITY_GATE_TARGETS": {
42
+ "description": "Newline-separated Make-target commands for the consumer's quality gate (used in spec for implementation prompts).",
43
+ "source": "darkfactory.yaml: qualityGates (array)",
44
+ "default": "make quality-gates",
45
+ "kind": "list"
46
+ },
47
+ "AGENT_COMMITTER_ORG": {
48
+ "description": "Org used in the agentic-committer email convention (claude-code+<handle>@<org>.ai).",
49
+ "source": "darkfactory.yaml: agentCommitterOrg",
50
+ "default": "momentiq"
51
+ }
52
+ }
53
+ }