@nklisch/pi-agile-workflow 0.16.1 → 0.16.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/docs/ARCHITECTURE.md +42 -21
- package/docs/PRINCIPLES.md +108 -38
- package/docs/SPEC.md +19 -2
- package/docs/VISION.md +17 -10
- package/hooks/scripts/prompt-context.py +8 -1
- package/hooks/scripts/test_prompt_context.py +16 -0
- package/package.json +1 -1
- package/scripts/work-view.sh +1 -1
- package/skills/autopilot/SKILL.md +54 -37
- package/skills/convert/SKILL.md +30 -4
- package/skills/epic-design/SKILL.md +21 -3
- package/skills/feature-design/SKILL.md +34 -11
- package/skills/gate-cruft/SKILL.md +69 -24
- package/skills/gate-docs/SKILL.md +56 -30
- package/skills/gate-patterns/SKILL.md +7 -3
- package/skills/gate-refactor/SKILL.md +18 -6
- package/skills/gate-security/SKILL.md +16 -7
- package/skills/gate-tests/SKILL.md +86 -71
- package/skills/implement/SKILL.md +18 -8
- package/skills/principles/SKILL.md +76 -21
- package/skills/principles/references/advisory-review.md +8 -1
- package/skills/principles/references/code-design.md +62 -5
- package/skills/principles/references/models.md +69 -57
- package/skills/refactor-design/SKILL.md +23 -13
- package/skills/review/SKILL.md +39 -19
- package/skills/review/references/review-lenses.md +14 -4
- package/skills/review/references/substrate-side-effects.md +17 -10
- package/skills/review/references/target-resolution.md +2 -1
- package/skills/scope/SKILL.md +20 -7
- package/work-view/crates/cli/.work-view-version +1 -1
- package/work-view/dist/aarch64-apple-darwin/work-view +0 -0
- package/work-view/dist/aarch64-unknown-linux-musl/work-view +0 -0
- package/work-view/dist/x86_64-apple-darwin/work-view +0 -0
- package/work-view/dist/x86_64-unknown-linux-musl/work-view +0 -0
|
@@ -3,7 +3,7 @@ name: gate-docs
|
|
|
3
3
|
description: >
|
|
4
4
|
Documentation gate that enforces the rolling-foundation principle. Delegates the full drift
|
|
5
5
|
detection to a deep documentation scanner agent which scans the bundle's changes for
|
|
6
|
-
foundation-doc drift (
|
|
6
|
+
foundation-doc drift (false, stale, or contradictory assertions—not missing coverage), changelog gaps,
|
|
7
7
|
README staleness, and skill/pattern-skill staleness. The orchestrator converts findings into items
|
|
8
8
|
in .work/active/ with gate_origin:docs and tags:[documentation]. Auto-triggers during
|
|
9
9
|
/agile-workflow:release-deploy.
|
|
@@ -12,10 +12,12 @@ description: >
|
|
|
12
12
|
# Gate-Docs
|
|
13
13
|
|
|
14
14
|
You orchestrate a documentation gate that enforces the **rolling-foundation
|
|
15
|
-
principle**: foundation docs in `docs/` describe current truth or intended
|
|
16
|
-
future state, never
|
|
17
|
-
|
|
18
|
-
|
|
15
|
+
principle**: foundation docs in `docs/` may describe current truth or intended
|
|
16
|
+
future state, never superseded truth. Future-state claims do not become drift
|
|
17
|
+
merely because implementation has not reached them, and foundation docs are not
|
|
18
|
+
required to mention every capability or bundle change. Drift exists only when an
|
|
19
|
+
assertion is false for the time/state it claims, stale after intent changed, or
|
|
20
|
+
contradictory with another authoritative claim.
|
|
19
21
|
|
|
20
22
|
The actual drift detection runs inside a **deep documentation scanner agent**
|
|
21
23
|
(a generic sub-agent prompted with the scanner posture from `../principles/references/subagents.md`); your role is to
|
|
@@ -77,10 +79,14 @@ returns structured findings.
|
|
|
77
79
|
**Brief template**:
|
|
78
80
|
|
|
79
81
|
> You are conducting a documentation drift audit for release `<version>` as an
|
|
80
|
-
> agile-workflow scanner. The principle: docs in `docs/` describe
|
|
81
|
-
> or intended future state
|
|
82
|
-
>
|
|
83
|
-
>
|
|
82
|
+
> agile-workflow scanner. The principle: foundation docs in `docs/` may describe
|
|
83
|
+
> current truth or intended future state. Drift is assertion-only: a claim is
|
|
84
|
+
> false for the state/time it says it describes, stale because intent changed,
|
|
85
|
+
> or contradictory with another authoritative claim. A future-state assertion
|
|
86
|
+
> is not drift merely because code does not implement it yet. Missing foundation-
|
|
87
|
+
> doc coverage is allowed: do not flag, add, or request claims for bundle changes
|
|
88
|
+
> the foundation docs do not discuss. Use read/search/shell tools as needed, but
|
|
89
|
+
> do not spawn nested sub-agents or fix docs.
|
|
84
90
|
>
|
|
85
91
|
> **Bundle scope** (the changes that may have caused drift):
|
|
86
92
|
> ```
|
|
@@ -110,8 +116,9 @@ returns structured findings.
|
|
|
110
116
|
> - Generated files (look for `# generated`, `llms-full.txt` — never
|
|
111
117
|
> edit; flag for regeneration)
|
|
112
118
|
>
|
|
113
|
-
> 2. **Classify each bound item's change type
|
|
114
|
-
>
|
|
119
|
+
> 2. **Classify each bound item's change type**. This table identifies places to
|
|
120
|
+
> check for existing claims; it does not require foundation-doc coverage:
|
|
121
|
+
> | Change type | Potential references |
|
|
115
122
|
> |---|---|
|
|
116
123
|
> | New feature / behavior | SPEC.md, ARCHITECTURE.md, relevant guide pages |
|
|
117
124
|
> | New CLI command or flag | CLI reference, SPEC.md, guide pages |
|
|
@@ -123,10 +130,15 @@ returns structured findings.
|
|
|
123
130
|
> | Changed interface used by repo skills | Repo-specific skills referencing it |
|
|
124
131
|
>
|
|
125
132
|
> 3. **Drift-check passes** — run each relevant pass yourself:
|
|
126
|
-
> - **Foundation-doc drift** —
|
|
127
|
-
>
|
|
128
|
-
>
|
|
129
|
-
>
|
|
133
|
+
> - **Foundation-doc drift** — inspect only assertions that exist in
|
|
134
|
+
> VISION.md, SPEC.md, ARCHITECTURE.md, and domain foundation docs. First
|
|
135
|
+
> classify each assertion as current-state or intended-future-state. For a
|
|
136
|
+
> current-state claim, flag only when authoritative implementation now
|
|
137
|
+
> contradicts it. For a future-state claim, flag only when newer accepted
|
|
138
|
+
> intent or another authoritative foundation claim contradicts it—not when
|
|
139
|
+
> implementation is absent. Never flag a bundle capability merely because
|
|
140
|
+
> no foundation doc mentions it. Cite file:line for the claim and its
|
|
141
|
+
> contradicting source.
|
|
130
142
|
> - **README staleness** — verify quick-start, install steps, examples,
|
|
131
143
|
> command names match the codebase post-bundle.
|
|
132
144
|
> - **CHANGELOG gap** — for each item bound to release `<version>`,
|
|
@@ -155,11 +167,14 @@ returns structured findings.
|
|
|
155
167
|
> changelog-gap | repo-skill-staleness | pattern-skill-staleness |
|
|
156
168
|
> generated-file-needs-regen | doc-misplacement
|
|
157
169
|
> - **Confidence**: High | Medium
|
|
170
|
+
> - **Relevance**: Release-relevant | Ambient
|
|
158
171
|
> - **Doc location**: `<file>:<line>`
|
|
159
|
-
> - **
|
|
172
|
+
> - **Contradicting source**: `<file>:<line>` (implementation, newer intent,
|
|
173
|
+
> or another authoritative claim; omit for non-assertion categories)
|
|
160
174
|
> - **Current doc text**:
|
|
161
175
|
> > <quote — what the doc currently says>
|
|
162
|
-
> - **
|
|
176
|
+
> - **Contradiction**: <why the quoted claim is false, stale, or contradictory
|
|
177
|
+
> for the state/time it claims to describe>
|
|
163
178
|
> - **Required edit**: <roll the doc forward to match the new active truth.
|
|
164
179
|
> Apply rolling-foundation: no "previously" prose, no "in v1.x" notes.
|
|
165
180
|
> Replace the assertion in place. For generated files, give the
|
|
@@ -179,9 +194,13 @@ returns structured findings.
|
|
|
179
194
|
> ```
|
|
180
195
|
>
|
|
181
196
|
> **Rules**:
|
|
182
|
-
> -
|
|
183
|
-
>
|
|
197
|
+
> - Bundle changes and their owning docs are the focus, not a hard boundary.
|
|
198
|
+
> Follow concrete references into adjacent docs, generated catalogs, or
|
|
199
|
+
> system-wide documentation when needed; do not perform an aimless doc sweep.
|
|
184
200
|
> - Cite file:line for every finding.
|
|
201
|
+
> - Absence is not a foundation-doc finding. Do not propose adding coverage for
|
|
202
|
+
> an undocumented bundle change, and do not treat unimplemented future intent
|
|
203
|
+
> as stale current-state documentation.
|
|
185
204
|
> - Required edits ENFORCE rolling-foundation: replace stale assertions in
|
|
186
205
|
> place. Do NOT propose adding "previously" or "in v1.x" prose. Git is the
|
|
187
206
|
> audit trail; the doc carries the active truth.
|
|
@@ -210,7 +229,7 @@ stage: implementing # high-confidence drift
|
|
|
210
229
|
tags: [documentation]
|
|
211
230
|
parent: null
|
|
212
231
|
depends_on: []
|
|
213
|
-
release_binding: <version>
|
|
232
|
+
release_binding: <version> | null # null for ambient findings
|
|
214
233
|
gate_origin: docs
|
|
215
234
|
created: YYYY-MM-DD
|
|
216
235
|
updated: YYYY-MM-DD
|
|
@@ -223,13 +242,13 @@ updated: YYYY-MM-DD
|
|
|
223
242
|
|
|
224
243
|
## Location
|
|
225
244
|
- Doc: `<file>:<line>`
|
|
226
|
-
-
|
|
245
|
+
- Contradicting source: `<file>:<line>` (for assertion drift)
|
|
227
246
|
|
|
228
247
|
## Current doc text
|
|
229
248
|
> <quote the doc — what it currently says>
|
|
230
249
|
|
|
231
|
-
##
|
|
232
|
-
<
|
|
250
|
+
## Contradiction
|
|
251
|
+
<why the claim is false, stale, or contradictory for its stated time/state>
|
|
233
252
|
|
|
234
253
|
## Required edit
|
|
235
254
|
<roll the doc forward to match the new active truth. Apply rolling-foundation:
|
|
@@ -239,6 +258,10 @@ no "previously" prose, no "in v1.x" notes. Replace the assertion in place.>
|
|
|
239
258
|
For generated files needing regeneration, the item describes the regeneration
|
|
240
259
|
command rather than a manual edit.
|
|
241
260
|
|
|
261
|
+
Release-relevant drift uses the normal confidence mapping and binds to the
|
|
262
|
+
release. Ambient staleness merely discovered while following references goes to
|
|
263
|
+
the unbound backlog.
|
|
264
|
+
|
|
242
265
|
Default confidence -> placement mapping:
|
|
243
266
|
- **High** → `stage: implementing` in `.work/active/stories/`
|
|
244
267
|
- **Medium** → `stage: drafting` in `.work/active/stories/`
|
|
@@ -257,22 +280,25 @@ In conversation:
|
|
|
257
280
|
- **Drift found**: count by category
|
|
258
281
|
- **Items created**: count, with new ids
|
|
259
282
|
- **Generated files needing regen**: list (if any)
|
|
260
|
-
- **Goal reminder**: rolling-foundation
|
|
261
|
-
|
|
262
|
-
|
|
283
|
+
- **Goal reminder**: rolling-foundation permits current truth or intended future
|
|
284
|
+
state. Only false, stale, or contradictory assertions become findings; missing
|
|
285
|
+
coverage and unimplemented future intent do not. Findings here become items
|
|
286
|
+
the release flow drains to `done` before shipping.
|
|
263
287
|
|
|
264
288
|
## Guardrails
|
|
265
289
|
|
|
266
290
|
- **The drift detection happens in the scanner agent, not here.** Your job is
|
|
267
291
|
bundle prep, dispatch, and item-writing. Don't replicate the scanner's
|
|
268
292
|
analysis in the orchestrator's context.
|
|
269
|
-
- Foundation-doc drift is
|
|
270
|
-
|
|
293
|
+
- Foundation-doc drift is assertion-only: false, stale, or contradictory
|
|
294
|
+
claims. Missing coverage and merely unimplemented future-state claims are not
|
|
295
|
+
findings and must not produce items or edits.
|
|
271
296
|
- Required edits ENFORCE rolling-foundation: replace stale assertions in
|
|
272
297
|
place. Do NOT propose adding "previously" or "in v1.x" prose.
|
|
273
298
|
- Don't fix the docs in this skill — produce items only. Implementation of
|
|
274
299
|
the fixes happens via `/agile-workflow:implement` on each item.
|
|
275
|
-
-
|
|
276
|
-
|
|
300
|
+
- Release-bound changes define focus, not a hard boundary. Follow concrete
|
|
301
|
+
documentation ownership and reference chains; route merely ambient drift to
|
|
302
|
+
the unbound backlog rather than silently expanding the release.
|
|
277
303
|
- Generated files get items describing the regeneration command, not manual
|
|
278
304
|
edits.
|
|
@@ -107,7 +107,7 @@ output.
|
|
|
107
107
|
> Use read/search/shell tools as needed. Do not spawn nested sub-agents or modify
|
|
108
108
|
> source files.
|
|
109
109
|
>
|
|
110
|
-
> **Bundle
|
|
110
|
+
> **Bundle focus** (start here; follow recurring shapes across the repository):
|
|
111
111
|
> ```
|
|
112
112
|
> <bundle-files>
|
|
113
113
|
> ```
|
|
@@ -120,8 +120,10 @@ output.
|
|
|
120
120
|
>
|
|
121
121
|
> **Methodology**:
|
|
122
122
|
>
|
|
123
|
-
> 1. **Pattern discovery passes** — inspect the bundle's changed files
|
|
124
|
-
>
|
|
123
|
+
> 1. **Pattern discovery passes** — inspect the bundle's changed files first,
|
|
124
|
+
> then follow candidate shapes through consumers and the wider repository
|
|
125
|
+
> where needed to establish genuine recurrence. Bound files are the focus,
|
|
126
|
+
> not a hard scan boundary:
|
|
125
127
|
> - **Shared abstractions & utilities** — find new shared/reusable code
|
|
126
128
|
> introduced in the bundle: utility functions, base classes, common
|
|
127
129
|
> helpers, types used across multiple modules. List each with
|
|
@@ -225,6 +227,8 @@ output.
|
|
|
225
227
|
> the divergence instead.
|
|
226
228
|
> - Don't fabricate patterns. If discovery yields nothing, return an empty
|
|
227
229
|
> "New patterns" section.
|
|
230
|
+
> - Expansion beyond the bundle must follow a concrete candidate pattern or
|
|
231
|
+
> inconsistency; do not perform an unfocused whole-repo style audit.
|
|
228
232
|
|
|
229
233
|
### Phase 4: Write pattern files
|
|
230
234
|
|
|
@@ -139,8 +139,10 @@ M-times-N redundant file reads and allows cross-library finding deduplication.
|
|
|
139
139
|
**Brief template**:
|
|
140
140
|
|
|
141
141
|
> You are conducting a refactor gate scan for release `<version>` as an agile-workflow
|
|
142
|
-
> scanner. Use read/search/shell tools as needed.
|
|
143
|
-
>
|
|
142
|
+
> scanner. Use read/search/shell tools as needed. Start with the bundle's changed
|
|
143
|
+
> files and follow concrete rule-relevant references into adjacent consumers,
|
|
144
|
+
> dependencies, or shared systems. Do not perform an aimless whole-repo sweep,
|
|
145
|
+
> spawn nested sub-agents, or implement fixes.
|
|
144
146
|
>
|
|
145
147
|
> **Bundle scope** (files changed by the bundle):
|
|
146
148
|
> ```
|
|
@@ -169,6 +171,7 @@ M-times-N redundant file reads and allows cross-library finding deduplication.
|
|
|
169
171
|
>
|
|
170
172
|
> 1. Read every file in the bundle scope.
|
|
171
173
|
> 2. For each file, check against all rules from all loaded libraries in a single pass.
|
|
174
|
+
> Expand only when a rule or concrete reference requires adjacent/system-wide context.
|
|
172
175
|
> 3. For each finding, record:
|
|
173
176
|
> - **Library tag**: which library's rule was violated (e.g. `structural`).
|
|
174
177
|
> - **Rule slug**: which specific rule was violated (from the library's rule inventory).
|
|
@@ -176,11 +179,13 @@ M-times-N redundant file reads and allows cross-library finding deduplication.
|
|
|
176
179
|
> - **Issue**: one-sentence description of the violation.
|
|
177
180
|
> - **Fix**: specific proposed change (or "needs analysis" for findings requiring judgment).
|
|
178
181
|
> - **Confidence**: `high` / `medium` / `low` per the library's guidance for that rule.
|
|
182
|
+
> - **Relevance**: `Release-relevant` or `Ambient`.
|
|
179
183
|
> 4. Deduplicate against the already-tracked set.
|
|
180
184
|
> 5. Return findings as a structured list.
|
|
181
185
|
>
|
|
182
186
|
> **Rules**:
|
|
183
|
-
> -
|
|
187
|
+
> - Bundle scope is the focus, not a hard boundary. Follow concrete rule-relevant
|
|
188
|
+
> evidence and record why any out-of-bundle surface was inspected.
|
|
184
189
|
> - Cite file:line for every finding.
|
|
185
190
|
> - Do not fabricate findings. If a rule produces no matches, emit nothing for it.
|
|
186
191
|
> - Skip already-tracked findings (exact file:line + rule-slug match).
|
|
@@ -199,6 +204,7 @@ M-times-N redundant file reads and allows cross-library finding deduplication.
|
|
|
199
204
|
> - **Library**: <library-tag>
|
|
200
205
|
> - **Rule**: <rule-slug>
|
|
201
206
|
> - **Confidence**: High | Medium | Low
|
|
207
|
+
> - **Relevance**: Release-relevant | Ambient
|
|
202
208
|
> - **Location**: `<file>:<line>`
|
|
203
209
|
> - **Issue**: <one sentence>
|
|
204
210
|
> - **Fix**: <specific proposed change or "needs analysis">
|
|
@@ -248,7 +254,7 @@ stage: implementing | drafting # by gate_finding_routing
|
|
|
248
254
|
tags: [refactor]
|
|
249
255
|
parent: null
|
|
250
256
|
depends_on: []
|
|
251
|
-
release_binding: <version>
|
|
257
|
+
release_binding: <version> | null # null for ambient findings
|
|
252
258
|
gate_origin: refactor
|
|
253
259
|
created: YYYY-MM-DD
|
|
254
260
|
updated: YYYY-MM-DD
|
|
@@ -265,7 +271,7 @@ stage: implementing | drafting # by gate_finding_routing
|
|
|
265
271
|
tags: []
|
|
266
272
|
parent: null
|
|
267
273
|
depends_on: []
|
|
268
|
-
release_binding: <version>
|
|
274
|
+
release_binding: <version> | null # null for ambient findings
|
|
269
275
|
gate_origin: refactor
|
|
270
276
|
created: YYYY-MM-DD
|
|
271
277
|
updated: YYYY-MM-DD
|
|
@@ -296,6 +302,10 @@ High | Medium | Low
|
|
|
296
302
|
<specific proposed change, or "needs analysis" for medium/low>
|
|
297
303
|
```
|
|
298
304
|
|
|
305
|
+
Release-relevant findings use the normal confidence mapping and bind to the
|
|
306
|
+
release. Ambient rule violations discovered outside the bundle go to the
|
|
307
|
+
unbound backlog regardless of confidence.
|
|
308
|
+
|
|
299
309
|
Default confidence -> placement mapping:
|
|
300
310
|
|
|
301
311
|
| Confidence | Stage | Tier |
|
|
@@ -343,7 +353,9 @@ In conversation:
|
|
|
343
353
|
|
|
344
354
|
- **The scan happens in the scanner agent, not here.** Your job is library discovery, bundle prep,
|
|
345
355
|
dispatch, and item-writing. Do not replicate the scanner's analysis.
|
|
346
|
-
-
|
|
356
|
+
- Release-bound files define focus, not a hard boundary. Follow concrete
|
|
357
|
+
rule-relevant evidence into adjacent or system-wide code, but do not perform
|
|
358
|
+
an unfocused whole-repo scan; route ambient findings to the unbound backlog.
|
|
347
359
|
- Never apply fixes in this skill — produce items only.
|
|
348
360
|
- **No-libraries is not an error.** Graceful skip with a log entry is the correct behavior when
|
|
349
361
|
no scan-* libraries are installed.
|
|
@@ -91,8 +91,8 @@ structured findings.
|
|
|
91
91
|
> agile-workflow scanner. Use read/search/shell/current-source lookup tools as
|
|
92
92
|
> needed, but do not spawn nested sub-agents or implement fixes.
|
|
93
93
|
>
|
|
94
|
-
> **Bundle
|
|
95
|
-
>
|
|
94
|
+
> **Bundle focus** (start here; follow concrete security-relevant call paths,
|
|
95
|
+
> dependencies, shared infrastructure, and controls as needed):
|
|
96
96
|
> ```
|
|
97
97
|
> <bundle-files>
|
|
98
98
|
> ```
|
|
@@ -138,7 +138,8 @@ structured findings.
|
|
|
138
138
|
> logs, missing error boundaries, verbose prod errors. All prod apps.
|
|
139
139
|
>
|
|
140
140
|
> 3. **Domain audit passes** — for each selected domain, audit the bundle's
|
|
141
|
-
> changed files against that domain's checklist
|
|
141
|
+
> changed files against that domain's checklist, following concrete evidence
|
|
142
|
+
> into adjacent security boundaries, dependencies, and shared controls. Use current-source lookup
|
|
142
143
|
> when needed to verify best practices for `<stack>+<domain>` combinations
|
|
143
144
|
> before judging.
|
|
144
145
|
>
|
|
@@ -160,6 +161,7 @@ structured findings.
|
|
|
160
161
|
> - **Title**: <one-line>
|
|
161
162
|
> - **Severity**: Critical | High | Medium | Low
|
|
162
163
|
> - **Domain**: <domain name>
|
|
164
|
+
> - **Relevance**: Release-relevant | Ambient
|
|
163
165
|
> - **Location**: `<file>:<line>`
|
|
164
166
|
> - **Evidence**:
|
|
165
167
|
> ```<lang>
|
|
@@ -182,7 +184,8 @@ structured findings.
|
|
|
182
184
|
> ```
|
|
183
185
|
>
|
|
184
186
|
> **Rules**:
|
|
185
|
-
> -
|
|
187
|
+
> - Bundle files are the focus, not a hard boundary. Expand only along concrete
|
|
188
|
+
> security-relevant evidence and record why out-of-bundle surfaces were inspected.
|
|
186
189
|
> - Cite file:line for every finding.
|
|
187
190
|
> - Don't fabricate. If evidence is missing, don't report.
|
|
188
191
|
> - Skip findings that match the already-tracked list.
|
|
@@ -211,7 +214,7 @@ stage: implementing # Critical or High
|
|
|
211
214
|
tags: [security]
|
|
212
215
|
parent: null
|
|
213
216
|
depends_on: []
|
|
214
|
-
release_binding: <version>
|
|
217
|
+
release_binding: <version> | null # null for ambient findings
|
|
215
218
|
gate_origin: security
|
|
216
219
|
created: YYYY-MM-DD
|
|
217
220
|
updated: YYYY-MM-DD
|
|
@@ -237,6 +240,11 @@ Critical | High | Medium | Low
|
|
|
237
240
|
<what should change — direction, not a finished fix>
|
|
238
241
|
```
|
|
239
242
|
|
|
243
|
+
Release-relevant findings use the normal severity mapping and bind to the
|
|
244
|
+
release. Ambient findings discovered outside the release's material risk go to
|
|
245
|
+
the unbound backlog regardless of severity; a genuinely critical repository
|
|
246
|
+
vulnerability is release-relevant when shipping would expose or perpetuate it.
|
|
247
|
+
|
|
240
248
|
Default severity -> placement mapping:
|
|
241
249
|
- **Critical** / **High** → `stage: implementing` in `.work/active/stories/`
|
|
242
250
|
- **Medium** → `stage: drafting` in `.work/active/stories/`
|
|
@@ -271,5 +279,6 @@ In conversation:
|
|
|
271
279
|
returns nothing. Don't paper that over.
|
|
272
280
|
- Idempotent re-runs: pass already-tracked findings into the scanner brief so it
|
|
273
281
|
skips duplicates. Double-check on item-write before creating.
|
|
274
|
-
-
|
|
275
|
-
|
|
282
|
+
- Release-bound items define focus, not a hard boundary. Follow concrete
|
|
283
|
+
security evidence into adjacent or system-wide controls, but do not perform
|
|
284
|
+
an unfocused whole-repo audit. Route merely ambient findings to the unbound backlog.
|