@open-agent-toolkit/cli 0.1.35 → 0.1.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: oat-reviewer
3
- version: 1.1.2
3
+ version: 1.1.3
4
4
  description: Unified reviewer for OAT projects - mode-aware verification of requirements/design alignment and code quality. Writes a review artifact to disk by default, or returns structured findings in-memory when dispatched in structured-output mode.
5
5
  tools: Read, Bash, Grep, Glob, Write
6
6
  color: yellow
@@ -54,6 +54,7 @@ You will be given a "Review Scope" block including:
54
54
  - **artifact_paths**: Paths to available artifacts (spec/design/plan/implementation/discovery/import reference)
55
55
  - **tasks_in_scope**: Task IDs being reviewed (if task/phase scope)
56
56
  - **oat_output_mode**: Optional output-sink selector. Absent (or any value other than `structured`) means **artifact mode** — write the review artifact to disk per Step 8. `structured` means **structured-output mode** — return a `StructuredFindings` object in-memory and write NO artifact file (see **Structured-Output Mode**). This key parallels the existing `oat_review_invocation` dispatch-payload naming.
57
+ - **oat_review_invocation**: Optional provenance selector for artifact-mode reviews. Use `manual`, `auto`, or `gate`; default to `manual` when absent.
57
58
  - **model_axis**: Optional model dispatch state selected by the orchestrator (`selected:<value>`, `inherited`, `not-applicable`, or `host-auto`)
58
59
  - **effort_axis**: Optional effort dispatch state selected by the orchestrator (`selected:<value>`, `provider-default`, `inherited`, `not-applicable`, or `host-auto`)
59
60
  - **dispatch_ceiling**: Optional resolved provider ceiling that capped/selected this review dispatch
@@ -264,6 +265,12 @@ Group findings by severity:
264
265
  - Missing tests for important paths
265
266
  - Stale spec/design/plan artifact that conflicts with a defensible implementation and should be aligned before closeout
266
267
 
268
+ **Medium** (default fix before pass)
269
+
270
+ - P2 requirements with meaningful behavior or quality impact
271
+ - Moderate maintainability or testability issues
272
+ - Contract gaps that can cause future regressions
273
+
267
274
  **Minor** (fix if time permits)
268
275
 
269
276
  - P2 requirements
@@ -295,6 +302,7 @@ oat_generated: true
295
302
  oat_generated_at: YYYY-MM-DD
296
303
  oat_review_scope: { scope }
297
304
  oat_review_type: { code|artifact|analysis }
305
+ oat_review_invocation: { manual|auto|gate }
298
306
  oat_project: { project-path }
299
307
  ---
300
308
 
@@ -309,6 +317,8 @@ oat_project: { project-path }
309
317
 
310
318
  {2-3 sentence summary of findings}
311
319
 
320
+ Findings: {N} critical, {N} important, {N} medium, {N} minor
321
+
312
322
  ## Findings
313
323
 
314
324
  ### Critical
@@ -324,6 +334,14 @@ oat_project: { project-path }
324
334
 
325
335
  {If none: "None"}
326
336
 
337
+ - **{Finding title}** (`{file}:{line}`)
338
+ - Issue: {description}
339
+ - Fix: {specific guidance}
340
+
341
+ ### Medium
342
+
343
+ {If none: "None"}
344
+
327
345
  - **{Finding title}** (`{file}:{line}`)
328
346
  - Issue: {description}
329
347
  - Fix: {specific guidance}
@@ -367,6 +385,8 @@ Run the `oat-project-review-receive` skill to convert findings into plan tasks.
367
385
 
368
386
  ```
369
387
 
388
+ Gate parsing contract: artifact-mode reviews, including reviews spawned by `oat gate review`, MUST include either the complete `Findings: {N} critical, {N} important, {N} medium, {N} minor` count line or the standard `## Findings` sections shown above with every severity subsection present.
389
+
370
390
 
371
391
  ### Step 9: Return Confirmation
372
392
 
@@ -380,7 +400,7 @@ Format:
380
400
  ## Review Complete
381
401
 
382
402
  **Scope:** {scope}
383
- **Findings:** {N} critical, {N} important, {N} minor
403
+ **Findings:** {N} critical, {N} important, {N} medium, {N} minor
384
404
  **Review artifact:** {path}
385
405
 
386
406
  Return to your main session and run the `oat-project-review-receive` skill.
@@ -113,13 +113,22 @@ Available commands:
113
113
  - `oat gate resolve <skill>` - inspect the resolved gate config for one skill
114
114
  - `oat gate set <skill>` / `oat gate unset <skill>` - write or clear a skill gate
115
115
  - `oat gate target set <id>` / `oat gate target unset <id>` - write or clear an exec target
116
+ - `oat gate review <prompt...>` - run a review-specific gate and map blocking review findings to exit status
116
117
  - `oat gate cross-provider-exec <prompt...>` - select an available exec target and run the prompt there
117
118
 
118
- The most common command is `oat gate cross-provider-exec`, which avoids the
119
- current runtime by default so a review gate can run in a fresh Codex, Claude, or
120
- Cursor runtime. Target commands are stored as JSON argv arrays, so configure
121
- them with `oat gate target set --base-command-json ...` rather than
122
- `oat config set`.
119
+ Use `oat gate review` for OAT review gates. It keeps the normal stateful
120
+ review-provider workflow: the review artifact, Reviews row update, and review
121
+ bookkeeping commits are expected, and the produced review must be received with
122
+ `oat-project-review-receive` before the host treats it as dispositioned. Keep
123
+ reusable lifecycle gate commands target-neutral by omitting `--target <id>`; use
124
+ explicit target pins only for manual dispatch, debugging, or deliberately local
125
+ overrides.
126
+
127
+ Use `oat gate cross-provider-exec` for generic cross-runtime execution. It
128
+ avoids the current runtime by default, chooses a fresh Codex, Claude, or Cursor
129
+ target when available, and exits with the child process status. Target commands
130
+ are stored as JSON argv arrays, so configure them with
131
+ `oat gate target set --base-command-json ...` rather than `oat config set`.
123
132
 
124
133
  For schema, examples, and current V1 limits, see [Workflow Gates](workflow-gates.md).
125
134
 
@@ -270,7 +270,7 @@ Workflow preference keys live under the `workflow.*` namespace:
270
270
  - `workflow.dispatchCeiling.preset` — `balanced`, `maximum`, or `cost-conscious`. Convenience preset that compiles to per-provider values at write time. Setting this key is the recommended way to configure the ceiling.
271
271
  - `workflow.dispatchCeiling.providers.codex` — `low`, `medium`, `high`, or `xhigh`. Concrete Codex ceiling. Set automatically when a preset is selected; also settable directly for Advanced (no preset) configurations. Provider default effort is informational for base/unpinned roles and is not treated as this ceiling.
272
272
  - `workflow.dispatchCeiling.providers.claude` — `haiku`, `sonnet`, or `opus`. Concrete Claude ceiling. Set automatically when a preset is selected; also settable directly for Advanced configurations. Claude has no separate per-dispatch effort axis, so the effort axis remains `not-applicable`.
273
- - `workflow.gates.skills` / `workflow.gates.execTargets` — structured per-skill final gate commands and exec-target registry. Use `oat gate set`, `oat gate target set`, and `oat gate cross-provider-exec`; do not use `oat config set` for these objects.
273
+ - `workflow.gates.skills` / `workflow.gates.execTargets` — structured per-skill final gate commands and exec-target registry. Use `oat gate set`, `oat gate target set`, `oat gate review`, and `oat gate cross-provider-exec`; do not use `oat config set` for these objects.
274
274
 
275
275
  ### Auto artifact-review preferences
276
276
 
@@ -7,11 +7,14 @@ description: Configure per-skill final commands and cross-runtime review dispatc
7
7
 
8
8
  Workflow gates let a gate-aware skill run a configured final command before it
9
9
  is considered done. The common use is independent review: one runtime performs
10
- the work, then `oat gate cross-provider-exec` dispatches a prompt to another
11
- runtime such as Codex or Claude.
10
+ the work, then `oat gate review` dispatches a normal OAT review to another
11
+ runtime such as Codex or Claude and maps blocking review findings to the gate
12
+ exit status.
12
13
 
13
- V1 gates are deliberately thin. A gate command passes or fails by exit code, and
14
- the skill owns what to do next.
14
+ `oat gate cross-provider-exec` remains the generic child-status executor. It
15
+ selects an exec target, runs the prompt, and exits with the child process
16
+ status. Use `oat gate review` when the command is specifically an OAT review
17
+ gate that should inspect the produced review artifact.
15
18
 
16
19
  ## Gate config
17
20
 
@@ -23,7 +26,7 @@ Gate config lives under `workflow.gates.skills` and is keyed by skill name.
23
26
  "gates": {
24
27
  "skills": {
25
28
  "oat-project-implement": {
26
- "command": "oat gate cross-provider-exec \"Use oat-project-review-provide to review the current project\"",
29
+ "command": "oat gate review \"Use oat-project-review-provide code final to review the current project\"",
27
30
  "description": "Run a fresh-runtime final review before implementation is considered done.",
28
31
  "onFailure": "block",
29
32
  "maxAttempts": 2
@@ -41,11 +44,33 @@ Fields:
41
44
  - `description` - optional context for the agent running the gate.
42
45
  - `maxAttempts` - retry bound for `block`; defaults to `2`.
43
46
 
44
- `oat-project-plan` and `oat-project-implement` are currently gate-aware. Gate
45
- awareness is declared in skill frontmatter with `oat_gateable: true`, and
47
+ `oat-project-plan`, `oat-project-implement`, `oat-project-quick-start`, and
48
+ `oat-project-import-plan` are currently gate-aware. Gate awareness is declared
49
+ in skill frontmatter with `oat_gateable: true`, and
46
50
  `oat internal validate-oat-skills` warns when config targets a missing or
47
51
  non-gateable skill.
48
52
 
53
+ ## Review gates
54
+
55
+ `oat gate review` is intentionally stateful. It is equivalent to running
56
+ `oat-project-review-provide` in another terminal or provider, so the normal
57
+ review side effects are expected:
58
+
59
+ - a review artifact is written under the project reviews directory
60
+ - the plan Reviews row is updated
61
+ - review bookkeeping commits are expected when the review workflow changes
62
+ tracked state
63
+
64
+ Gate-produced review artifacts use `oat_review_invocation: gate` in
65
+ frontmatter. After a gate review reports a produced artifact, the host must run
66
+ or hand off to `oat-project-review-receive` before treating the review as
67
+ dispositioned. Until receive runs, the artifact is only produced, not consumed.
68
+
69
+ `oat gate review` parses the produced artifact and returns a blocking exit
70
+ status when the configured threshold is met. `cross-provider-exec` does not do
71
+ that interpretation; for generic prompts it still returns only the child process
72
+ status.
73
+
49
74
  ## Exec targets
50
75
 
51
76
  `oat gate cross-provider-exec` chooses from `workflow.gates.execTargets`.
@@ -55,11 +80,16 @@ id.
55
80
 
56
81
  Built-in targets:
57
82
 
58
- | Target id | Runtime | Base command | Current-host detector |
59
- | ---------------- | -------- | ----------------------------------- | --------------------------------------- |
60
- | `codex-default` | `codex` | `["codex", "exec"]` | `CODEX_THREAD_ID` or `CODEX_SESSION_ID` |
61
- | `claude-default` | `claude` | `["claude", "-p"]` | `CLAUDECODE` |
62
- | `cursor-default` | `cursor` | `["cursor-agent", "-p", "--force"]` | `CURSOR_AGENT` |
83
+ | Target id | Runtime | Base command | Current-host detector |
84
+ | ---------------- | -------- | ------------------------ | --------------------------------------- |
85
+ | `codex-default` | `codex` | `["codex", "exec"]` | `CODEX_THREAD_ID` or `CODEX_SESSION_ID` |
86
+ | `claude-default` | `claude` | `["claude", "-p"]` | `CLAUDECODE` |
87
+ | `cursor-default` | `cursor` | `["cursor-agent", "-p"]` | `CURSOR_AGENT` |
88
+
89
+ Built-in targets are conservative defaults. Trusted noninteractive gates that
90
+ need to run tools without hanging on provider approval prompts should be
91
+ configured deliberately in `workflow.gates.execTargets`; OAT should not bake
92
+ dangerous provider permission flags into built-ins.
63
93
 
64
94
  Config layers can partially override a target or disable it with `null`. Use the
65
95
  dedicated target writer instead of `oat config set` because target commands are
@@ -71,12 +101,55 @@ oat gate target set claude-opus \
71
101
  --base-command-json '["claude","-p","--model","opus"]' \
72
102
  --availability-json '["claude","--version"]' \
73
103
  --priority 90 \
74
- --user
104
+ --layer user
75
105
  ```
76
106
 
77
107
  JSON argv is intentional: provider commands often contain flags such as `-p` or
78
108
  `--model`, which would be ambiguous as variadic CLI options.
79
109
 
110
+ ### Trusted target examples
111
+
112
+ Use these examples only in trusted environments where the provider process may
113
+ read files, run tools, and write review bookkeeping without an interactive
114
+ approval prompt. They are user-level target configuration, not built-in OAT
115
+ defaults. Defining a trusted target makes it available to the dispatcher; it
116
+ does not mean shared lifecycle gate commands should pin that target.
117
+
118
+ Claude's default permission mode can block on
119
+ `Skill(oat-project-review-provide)`, `oat`, `pnpm`, and shell or tool calls. A
120
+ trusted user can opt into `--dangerously-skip-permissions` or the equivalent
121
+ `--permission-mode bypassPermissions` behavior in their target command.
122
+
123
+ Codex trusted gate automation should make sandbox and approval bypass explicit
124
+ with `--dangerously-bypass-approvals-and-sandbox`, even when the user's current
125
+ default profile already permits the needed commands.
126
+
127
+ Cursor trusted automation should use `--force`; `--yolo` is the documented alias
128
+ for the same behavior.
129
+
130
+ ```bash
131
+ oat gate target set codex-5.5-xhigh \
132
+ --runtime codex \
133
+ --base-command-json '["codex","exec","--model","gpt-5.5","-c","model_reasoning_effort=\"xhigh\"","--dangerously-bypass-approvals-and-sandbox"]' \
134
+ --availability-json '["codex","--version"]' \
135
+ --priority 120 \
136
+ --layer user
137
+
138
+ oat gate target set claude-opus-skip-permissions \
139
+ --runtime claude \
140
+ --base-command-json '["claude","-p","--model","opus","--dangerously-skip-permissions"]' \
141
+ --availability-json '["claude","--version"]' \
142
+ --priority 115 \
143
+ --layer user
144
+
145
+ oat gate target set cursor-force \
146
+ --runtime cursor \
147
+ --base-command-json '["cursor-agent","-p","--force"]' \
148
+ --availability-json '["cursor-agent","--version"]' \
149
+ --priority 90 \
150
+ --layer user
151
+ ```
152
+
80
153
  ## Command surface
81
154
 
82
155
  Inspect a skill gate:
@@ -89,15 +162,20 @@ Set or clear a skill gate:
89
162
 
90
163
  ```bash
91
164
  oat gate set oat-project-implement \
92
- --command 'oat gate cross-provider-exec "Use oat-project-review-provide to review the current project"' \
165
+ --command 'oat gate review --review-type code --review-scope final "Use oat-project-review-provide code final to review the current project"' \
93
166
  --description "Run final review in another runtime" \
94
167
  --on-failure block \
95
168
  --max-attempts 2 \
96
- --user
169
+ --layer user
97
170
 
98
- oat gate unset oat-project-implement --user
171
+ oat gate unset oat-project-implement --layer user
99
172
  ```
100
173
 
174
+ Lifecycle gate commands should normally omit `--target <id>`. Leaving the
175
+ target unset lets the dispatcher avoid the current runtime and choose the
176
+ highest-priority available non-host target. Pin a target only for manual
177
+ dispatch, debugging, or a deliberate local/user-specific override.
178
+
101
179
  Set or clear an exec target:
102
180
 
103
181
  ```bash
@@ -106,12 +184,34 @@ oat gate target set codex-high \
106
184
  --base-command-json '["codex","exec","--model","gpt-5.5"]' \
107
185
  --availability-json '["codex","--version"]' \
108
186
  --priority 90 \
109
- --user
187
+ --layer user
188
+
189
+ oat gate target unset codex-high --layer user
190
+ ```
110
191
 
111
- oat gate target unset codex-high --user
192
+ Dispatch a review through the target registry:
193
+
194
+ ```bash
195
+ oat gate review \
196
+ --review-type code \
197
+ --review-scope final \
198
+ "Use oat-project-review-provide code final to review the current project"
199
+ ```
200
+
201
+ Leaving `--target` unset lets target priority choose the highest-priority
202
+ available non-host runtime.
203
+
204
+ For manual or debug dispatch, use `--target <id>` to pin one target and skip
205
+ detection/avoidance:
206
+
207
+ ```bash
208
+ oat gate review --target codex-5.5-xhigh \
209
+ --review-type code \
210
+ --review-scope final \
211
+ "Use oat-project-review-provide code final to review the current project"
112
212
  ```
113
213
 
114
- Dispatch a prompt through the target registry:
214
+ Dispatch a generic prompt through the target registry:
115
215
 
116
216
  ```bash
117
217
  oat gate cross-provider-exec "Use oat-project-review-provide to review the current project"
@@ -158,6 +258,7 @@ OAT does not try another target after a failed review.
158
258
 
159
259
  V1 gates avoid the current runtime, not the current model or effort setting.
160
260
  Same-runtime but different-target dispatch, such as using Cursor again with a
161
- different model slug, is future work. Until that exists, use `--target <id>` when
162
- you need an explicit reviewer target, or rely on the default `same-runtime`
163
- avoidance for cross-runtime review.
261
+ different model slug, is future work. Until that exists, reusable lifecycle
262
+ gates should rely on default `same-runtime` avoidance for cross-runtime review;
263
+ manual and local overrides can pin an explicit reviewer target with
264
+ `--target <id>`.
@@ -95,9 +95,13 @@ The Gate Execution step should:
95
95
  - `prompt` - surface the failure and ask the user.
96
96
  - `warn` - record the failure and continue.
97
97
 
98
- For cross-runtime review gates, prefer putting
99
- `oat gate cross-provider-exec "<prompt>"` in the configured gate command rather
100
- than hard-coding a provider CLI directly in the skill. See
98
+ For OAT review gates, prefer putting `oat gate review "<prompt>"` in the
99
+ configured gate command rather than hard-coding a provider CLI directly in the
100
+ skill. Use `oat gate cross-provider-exec "<prompt>"` for generic cross-runtime
101
+ commands that should report only the child process status, not review findings.
102
+ Reusable lifecycle gate commands should normally omit `--target <id>` so the
103
+ dispatcher can avoid the current runtime; reserve explicit targets for
104
+ manual/debug commands or deliberate local/user-specific overrides. See
101
105
  [Workflow Gates](../cli-utilities/workflow-gates.md) for the config and command
102
106
  surface.
103
107
 
@@ -14,7 +14,7 @@ The CLI is also a standalone value path. You can use `oat init`, `oat sync`, `oa
14
14
  - [CLI Bootstrap](../cli-utilities/bootstrap.md) - Bootstrap a repo with `oat init`, guided setup, and initial provider adoption.
15
15
  - [Tool Packs](../cli-utilities/tool-packs.md) - Install, update, inspect, and remove bundled OAT skills and agents.
16
16
  - [Config and Local State](../cli-utilities/config-and-local-state.md) - Config, backlog, local paths, diagnostics, and related utility commands.
17
- - [Workflow Gates](../cli-utilities/workflow-gates.md) - Per-skill final commands and cross-runtime review dispatch.
17
+ - [Workflow Gates](../cli-utilities/workflow-gates.md) - Per-skill final commands, review gates, and cross-runtime prompt dispatch.
18
18
  - [Docs Tooling Commands](../docs-tooling/commands.md) - Docs app scaffolding, migration, index generation, and nav sync.
19
19
  - [Provider Sync](../provider-sync/index.md) - Sync behavior, provider capabilities, config, and drift management.
20
20
  - [Agentic Workflows](../workflows/index.md) - Tracked project execution, skills, ideas, and workflow routing.
@@ -46,7 +46,7 @@ The first practical expansion path is to keep improving the existing owners: [Do
46
46
  | `oat decision ...` | Create, index, and migrate file-per-record repo decisions under `reference/decisions/` (`init`, `new`, `regenerate-index`, `migrate`). | [Config and Local State](../cli-utilities/config-and-local-state.md#oat-decision-) |
47
47
  | `oat backlog ...` / `oat local ...` | File-backed backlog helpers, local path sync, and local-only operational support. | [Config and Local State](../cli-utilities/config-and-local-state.md) |
48
48
  | `oat config ...` / `oat instructions ...` | Config discovery, source-aware config dumps, supported mutations, and instruction-integrity helpers. | [Config and Local State](../cli-utilities/config-and-local-state.md) |
49
- | `oat gate ...` | Per-skill final gate config, exec-target registry writes, and cross-runtime prompt dispatch. | [Workflow Gates](../cli-utilities/workflow-gates.md) |
49
+ | `oat gate ...` | Per-skill final gate config, review-specific gate execution, exec-target registry writes, and cross-runtime prompt dispatch. | [Workflow Gates](../cli-utilities/workflow-gates.md) |
50
50
  | `oat state ...` / `oat index ...` / `internal` | Repo dashboard refresh, repo indexing, validation helpers, and diagnostics. | [Config and Local State](../cli-utilities/config-and-local-state.md) |
51
51
  | `oat docs ...` | Docs app bootstrap, migration, index generation, nav sync, and docs workflow entrypoints. | [Docs Tooling Commands](../docs-tooling/commands.md) |
52
52
  | `oat status` / `oat sync` / `oat providers ...` | Provider sync, drift inspection, provider configuration, and adoption behavior. | [Provider Sync](../provider-sync/index.md) |
@@ -68,7 +68,8 @@ Notable commands introduced in the current CLI surface:
68
68
  - `oat repo archive sync [project-name]` - hydrate archived project snapshots from the configured repo-scoped S3 archive into `.oat/projects/archived/`. The old `oat project archive sync` path remains as a deprecated shim.
69
69
  - `oat project validate-plan --project-path <path>` - validates `oat_plan_parallel_groups` metadata in `plan.md`; exits non-zero on invalid. See [Implementation Execution](../workflows/projects/implementation-execution.md#validating-plan-metadata).
70
70
  - `oat project set-mode` — deprecated no-op. Execution mode is no longer user-selectable; emits a deprecation warning and preserves the `--json` contract.
71
- - `oat gate cross-provider-exec <prompt...>` - choose an available exec target while avoiding the current runtime by default, then run the prompt with the chosen target's configured base command.
71
+ - `oat gate review <prompt...>` - run a stateful OAT review through the target registry, parse the produced review artifact, and exit nonzero for configured blocking findings; produced gate reviews use `oat_review_invocation: gate` and still require `oat-project-review-receive` handoff before they are dispositioned.
72
+ - `oat gate cross-provider-exec <prompt...>` - choose an available exec target while avoiding the current runtime by default, then run the prompt with the chosen target's configured base command and exit with the child status.
72
73
 
73
74
  ## `oat config` surface flags
74
75
 
@@ -1,6 +1,6 @@
1
1
  {
2
- "cli": "0.1.35",
3
- "docs-config": "0.1.35",
4
- "docs-theme": "0.1.35",
5
- "docs-transforms": "0.1.35"
2
+ "cli": "0.1.37",
3
+ "docs-config": "0.1.37",
4
+ "docs-theme": "0.1.37",
5
+ "docs-transforms": "0.1.37"
6
6
  }
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: oat-project-implement
3
- version: 2.0.21
3
+ version: 2.0.23
4
4
  description: Use when plan.md is ready for execution. Dispatches phase-level subagents with bounded fix loops; supports plan-declared parallel phase groups with worktree-isolated execution and ordered fan-in.
5
5
  oat_gateable: true
6
6
  argument-hint: '[--retry-limit <N>] [--dry-run]'
@@ -1434,12 +1434,16 @@ Before reporting this skill as complete, run the configured gate as the final st
1434
1434
 
1435
1435
  2. If a gate config is returned, run its `command` exactly as configured. Capture stdout, stderr, and the exit code. A zero exit code means the gate passed and the skill is complete.
1436
1436
 
1437
- 3. If the command exits nonzero, use `description` to orient the next steps and handle `onFailure`:
1437
+ 3. Review-artifact handoff:
1438
+ - If the gate reports a produced review artifact, the host must run `oat-project-review-receive` to receive and disposition that artifact before treating the review as consumed.
1439
+ - This applies to `oat gate review ...` outputs regardless of whether the gate ultimately exits zero or nonzero; the command output owns the exact artifact path, and receive-review owns disposition and archival.
1440
+
1441
+ 4. If the command exits nonzero, use `description` to orient the next steps and handle `onFailure`:
1438
1442
  - `block`: read gate feedback, remediate, and re-run the gate up to `maxAttempts` attempts (default `2`). If attempts are exhausted, escalate to the human with accumulated feedback and append that feedback to `implementation.md`. Treat a launch failure, missing CLI, or no eligible runtime as escalation-biased and do not spend it as a remediation attempt.
1439
1443
  - `prompt`: surface the gate failure and ask the human how to proceed.
1440
1444
  - `warn`: record the gate failure and continue.
1441
1445
 
1442
- 4. Runtime selection note (V1): the step runs the gate `command` as-is and reads no env var. By default, `oat gate cross-provider-exec` resolves the current host from built-in `hostDetectionCommand`s and avoids the same runtime with zero per-prompt input. It does not read or stamp `OAT_CURRENT_RUNTIME` or `OAT_GATE_EXEC_TARGET`. To pin a specific reviewer for this skill, set `--target <id>` once in that skill's gate `command`; this is the optional precision path and does not require per-prompt input.
1446
+ 5. Runtime selection note (V1): the step runs the gate `command` as-is and reads no OAT runtime env var. By default, `oat gate review` and `oat gate cross-provider-exec` resolve the current host from built-in `hostDetectionCommand`s and avoid the same runtime when no exact target is supplied. Reusable lifecycle skill-gate commands should normally omit `--target <id>` so independent review stays provider-neutral. Use explicit targets only for manual/debug commands or deliberate local/user-specific overrides; do not hardcode provider/model targets in bundled skill guidance or shared lifecycle gate examples.
1443
1447
 
1444
1448
  ## Success Criteria
1445
1449
 
@@ -1,8 +1,9 @@
1
1
  ---
2
2
  name: oat-project-import-plan
3
- version: 1.4.0
3
+ version: 1.4.2
4
4
  description: Use when you have an external markdown plan to execute with OAT. Preserves the source plan and normalizes it into canonical plan.md format.
5
5
  argument-hint: '<path-to-plan.md> [--provider codex|cursor|claude] [--project <name>]'
6
+ oat_gateable: true
6
7
  disable-model-invocation: true
7
8
  user-invocable: true
8
9
  allowed-tools: Read, Write, Bash, Glob, Grep, AskUserQuestion
@@ -56,14 +57,15 @@ When executing this skill, provide lightweight progress feedback so the user can
56
57
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
57
58
 
58
59
  - Before multi-step work, print step indicators, e.g.:
59
- - `[0/7] Checking inherited git state...`
60
- - `[1/7] Resolving project + source plan…`
61
- - `[2/7] Preserving imported source…`
62
- - `[3/7] Normalizing plan to OAT task structure…`
63
- - `[4/7] Updating plan metadata…`
64
- - `[5/7] Running import-aware plan review…`
65
- - `[6/7] Updating project state + dashboard…`
66
- - `[7/7] Ensuring implementation tracker…`
60
+ - `[0/8] Checking inherited git state...`
61
+ - `[1/8] Resolving project + source plan…`
62
+ - `[2/8] Preserving imported source…`
63
+ - `[3/8] Normalizing plan to OAT task structure…`
64
+ - `[4/8] Updating plan metadata…`
65
+ - `[5/8] Running import-aware plan review…`
66
+ - `[6/8] Updating project state + dashboard…`
67
+ - `[7/8] Ensuring implementation tracker + committing…`
68
+ - `[8/8] Running configured gate…`
67
69
 
68
70
  ## Process
69
71
 
@@ -255,6 +257,46 @@ If missing, scaffold from template:
255
257
 
256
258
  Initialize pointer to first plan task ID.
257
259
 
260
+ ### Step 6.5: Commit Import Artifacts
261
+
262
+ After the import-aware plan artifact review, project state sync, dashboard refresh, and implementation tracker setup, stage and commit the changed import artifacts before handing off to implementation or stopping.
263
+
264
+ ```bash
265
+ git add "$PROJECT_PATH/references/"
266
+ for path in \
267
+ "$PROJECT_PATH/plan.md" \
268
+ "$PROJECT_PATH/implementation.md" \
269
+ "$PROJECT_PATH/state.md"; do
270
+ [ -e "$path" ] && git add "$path"
271
+ done
272
+ git diff --cached --quiet || git commit -m "chore(oat): update imported plan artifacts for {project-name}"
273
+ ```
274
+
275
+ ### Gate Execution
276
+
277
+ Before reporting this skill as complete, run the configured gate as the final step after artifact review, state sync, dashboard refresh, and the import artifact commit:
278
+
279
+ 1. Resolve the gate for this skill:
280
+
281
+ ```bash
282
+ oat gate resolve <this-skill> --json
283
+ ```
284
+
285
+ If the command returns JSON `null`, no gate is configured; the skill is complete.
286
+
287
+ 2. If a gate config is returned, run its `command` exactly as configured. Capture stdout, stderr, and the exit code. A zero exit code means the gate passed and the skill is complete.
288
+
289
+ 3. Review-artifact handoff:
290
+ - If the gate reports a produced review artifact, the host must run `oat-project-review-receive` to receive and disposition that artifact before treating the review as consumed.
291
+ - This applies to `oat gate review ...` outputs regardless of whether the gate ultimately exits zero or nonzero; the command output owns the exact artifact path, and receive-review owns disposition and archival.
292
+
293
+ 4. If the command exits nonzero, use `description` to orient the next steps and handle `onFailure`:
294
+ - `block`: read gate feedback, remediate, and re-run the gate up to `maxAttempts` attempts (default `2`). If attempts are exhausted, escalate to the human with accumulated feedback and append that feedback to `implementation.md`. Treat a launch failure, missing CLI, or no eligible runtime as escalation-biased and do not spend it as a remediation attempt.
295
+ - `prompt`: surface the gate failure and ask the human how to proceed.
296
+ - `warn`: record the gate failure and continue.
297
+
298
+ 5. Runtime selection note (V1): the step runs the gate `command` as-is and reads no OAT runtime env var. By default, `oat gate review` and `oat gate cross-provider-exec` resolve the current host from built-in `hostDetectionCommand`s and avoid the same runtime when no exact target is supplied. Reusable lifecycle skill-gate commands should normally omit `--target <id>` so independent review stays provider-neutral. Use explicit targets only for manual/debug commands or deliberate local/user-specific overrides; do not hardcode provider/model targets in bundled skill guidance or shared lifecycle gate examples.
299
+
258
300
  ### Step 7: Output Next Action
259
301
 
260
302
  Report:
@@ -280,3 +322,5 @@ Report:
280
322
  - ✅ `## Planning Checklist` items left unchecked (HiLL configuration deferred to implementation).
281
323
  - ✅ `activeProject` in `.oat/config.local.json` points to the imported project.
282
324
  - ✅ `.oat/state.md` has been refreshed locally after pointer update; it is not staged or committed.
325
+ - ✅ Changed import artifacts are committed before handoff or pause.
326
+ - ✅ Configured gate has run, and any produced review artifact has been handed off to `oat-project-review-receive` before it is treated as consumed.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: oat-project-plan
3
- version: 1.3.6
3
+ version: 1.3.8
4
4
  description: Use when design.md is complete and executable implementation tasks are needed. Breaks design into bite-sized TDD tasks in canonical plan.md format.
5
5
  oat_gateable: true
6
6
  disable-model-invocation: true
@@ -516,12 +516,16 @@ Before reporting this skill as complete, run the configured gate as the final st
516
516
 
517
517
  2. If a gate config is returned, run its `command` exactly as configured. Capture stdout, stderr, and the exit code. A zero exit code means the gate passed and the skill is complete.
518
518
 
519
- 3. If the command exits nonzero, use `description` to orient the next steps and handle `onFailure`:
519
+ 3. Review-artifact handoff:
520
+ - If the gate reports a produced review artifact, the host must run `oat-project-review-receive` to receive and disposition that artifact before treating the review as consumed.
521
+ - This applies to `oat gate review ...` outputs regardless of whether the gate ultimately exits zero or nonzero; the command output owns the exact artifact path, and receive-review owns disposition and archival.
522
+
523
+ 4. If the command exits nonzero, use `description` to orient the next steps and handle `onFailure`:
520
524
  - `block`: read gate feedback, remediate, and re-run the gate up to `maxAttempts` attempts (default `2`). If attempts are exhausted, escalate to the human with accumulated feedback and append that feedback to `implementation.md`. Treat a launch failure, missing CLI, or no eligible runtime as escalation-biased and do not spend it as a remediation attempt.
521
525
  - `prompt`: surface the gate failure and ask the human how to proceed.
522
526
  - `warn`: record the gate failure and continue.
523
527
 
524
- 4. Runtime selection note (V1): the step runs the gate `command` as-is and reads no env var. By default, `oat gate cross-provider-exec` resolves the current host from built-in `hostDetectionCommand`s and avoids the same runtime with zero per-prompt input. It does not read or stamp `OAT_CURRENT_RUNTIME` or `OAT_GATE_EXEC_TARGET`. To pin a specific reviewer for this skill, set `--target <id>` once in that skill's gate `command`; this is the optional precision path and does not require per-prompt input.
528
+ 5. Runtime selection note (V1): the step runs the gate `command` as-is and reads no OAT runtime env var. By default, `oat gate review` and `oat gate cross-provider-exec` resolve the current host from built-in `hostDetectionCommand`s and avoid the same runtime when no exact target is supplied. Reusable lifecycle skill-gate commands should normally omit `--target <id>` so independent review stays provider-neutral. Use explicit targets only for manual/debug commands or deliberate local/user-specific overrides; do not hardcode provider/model targets in bundled skill guidance or shared lifecycle gate examples.
525
529
 
526
530
  ## Success Criteria
527
531
 
@@ -1,8 +1,9 @@
1
1
  ---
2
2
  name: oat-project-quick-start
3
- version: 2.1.6
3
+ version: 2.1.8
4
4
  description: Use when a task is small enough for quick mode or rapid iteration is preferred. Scaffolds a lightweight OAT project from discovery directly to a runnable plan, with optional brainstorming and lightweight design.
5
5
  argument-hint: '<project-name> ["project description"]'
6
+ oat_gateable: true
6
7
  disable-model-invocation: true
7
8
  user-invocable: true
8
9
  allowed-tools: Read, Write, Bash, Glob, Grep, AskUserQuestion
@@ -57,14 +58,15 @@ When executing this skill, provide lightweight progress feedback so the user can
57
58
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
58
59
 
59
60
  - Before multi-step work, print step indicators, e.g.:
60
- - `[0/7] Checking inherited git state...`
61
- - `[1/7] Scaffolding quick-mode project…`
62
- - `[2/7] Exploring solution space + capturing discovery…`
63
- - `[3/7] Decision point: design depth…`
64
- - `[4/7] Generating execution plan…`
65
- - `[5/7] Running plan artifact review…`
66
- - `[6/7] Initializing implementation tracker…`
67
- - `[7/7] Refreshing dashboard…`
61
+ - `[0/8] Checking inherited git state...`
62
+ - `[1/8] Scaffolding quick-mode project…`
63
+ - `[2/8] Exploring solution space + capturing discovery…`
64
+ - `[3/8] Decision point: design depth…`
65
+ - `[4/8] Generating execution plan…`
66
+ - `[5/8] Running plan artifact review…`
67
+ - `[6/8] Initializing implementation tracker…`
68
+ - `[7/8] Refreshing dashboard + committing…`
69
+ - `[8/8] Running configured gate…`
68
70
  - _(If lightweight design is chosen, insert design steps between 3 and 4)_
69
71
 
70
72
  ## Artifact Persistence (Required)
@@ -590,6 +592,31 @@ done
590
592
  git diff --cached --quiet || git commit -m "chore(oat): update quick-start artifacts for {project-name}"
591
593
  ```
592
594
 
595
+ ### Gate Execution
596
+
597
+ Before reporting this skill as complete, run the configured gate as the final step after artifact review, state sync, dashboard refresh, and the quick-start artifact commit:
598
+
599
+ 1. Resolve the gate for this skill:
600
+
601
+ ```bash
602
+ oat gate resolve <this-skill> --json
603
+ ```
604
+
605
+ If the command returns JSON `null`, no gate is configured; the skill is complete.
606
+
607
+ 2. If a gate config is returned, run its `command` exactly as configured. Capture stdout, stderr, and the exit code. A zero exit code means the gate passed and the skill is complete.
608
+
609
+ 3. Review-artifact handoff:
610
+ - If the gate reports a produced review artifact, the host must run `oat-project-review-receive` to receive and disposition that artifact before treating the review as consumed.
611
+ - This applies to `oat gate review ...` outputs regardless of whether the gate ultimately exits zero or nonzero; the command output owns the exact artifact path, and receive-review owns disposition and archival.
612
+
613
+ 4. If the command exits nonzero, use `description` to orient the next steps and handle `onFailure`:
614
+ - `block`: read gate feedback, remediate, and re-run the gate up to `maxAttempts` attempts (default `2`). If attempts are exhausted, escalate to the human with accumulated feedback and append that feedback to `implementation.md`. Treat a launch failure, missing CLI, or no eligible runtime as escalation-biased and do not spend it as a remediation attempt.
615
+ - `prompt`: surface the gate failure and ask the human how to proceed.
616
+ - `warn`: record the gate failure and continue.
617
+
618
+ 5. Runtime selection note (V1): the step runs the gate `command` as-is and reads no OAT runtime env var. By default, `oat gate review` and `oat gate cross-provider-exec` resolve the current host from built-in `hostDetectionCommand`s and avoid the same runtime when no exact target is supplied. Reusable lifecycle skill-gate commands should normally omit `--target <id>` so independent review stays provider-neutral. Use explicit targets only for manual/debug commands or deliberate local/user-specific overrides; do not hardcode provider/model targets in bundled skill guidance or shared lifecycle gate examples.
619
+
593
620
  ### Step 7: Output Next Action
594
621
 
595
622
  Report:
@@ -611,3 +638,4 @@ Report:
611
638
  - ✅ `plan.md` records the plan artifact review row unless `workflow.autoArtifactReview.plan` was explicitly disabled.
612
639
  - ✅ `implementation.md` is initialized for resumable execution.
613
640
  - ✅ Changed quick-start artifacts are committed before handoff or pause; `.oat/state.md` is refreshed locally when available.
641
+ - ✅ Configured gate has run, and any produced review artifact has been handed off to `oat-project-review-receive` before it is treated as consumed.