@opengsd/gsd-pi 1.1.1-dev.2034b16 → 1.1.1-dev.595401e

package/dist/resources/.managed-resources-content-hash

@@ -1 +1 @@
-2c5648f1e27d7188
+e81bc72bf9d51027

package/dist/resources/extensions/gsd/auto-post-unit.js

@@ -32,7 +32,7 @@ import { isDbAvailable, getDbPath, refreshOpenDatabaseFromDisk, getTask, getSlic
 import { renderPlanCheckboxes, renderRoadmapFromDb } from "./markdown-renderer.js";
 import { parseRoadmap as parseLegacyRoadmap } from "./parsers-legacy.js";
 import { consumeSignal } from "./session-status-io.js";
-import { checkPostUnitHooks, isRetryPending, consumeRetryTrigger, persistHookState, resolveHookArtifactPath, } from "./post-unit-hooks.js";
+import { checkPostUnitHooks, consumeHookFailure, isRetryPending, consumeRetryTrigger, consumeGateBlock, persistHookState, resolveHookArtifactPath, } from "./post-unit-hooks.js";
 import { hasPendingCaptures, loadPendingCaptures, revertExecutorResolvedCaptures } from "./captures.js";
 import { debugLog } from "./debug-logger.js";
 import { runSafely } from "./auto-utils.js";
@@ -1860,18 +1860,25 @@ export async function postUnitPostVerification(pctx) {
     // ── Post-unit hooks ──
     if (s.currentUnit && !s.stepMode) {
         const hookUnit = checkPostUnitHooks(s.currentUnit.type, s.currentUnit.id, s.basePath);
+        persistHookState(s.basePath);
         if (hookUnit) {
             if (s.currentUnit) {
                 await closeoutUnit(ctx, s.basePath, s.currentUnit.type, s.currentUnit.id, s.currentUnit.startedAt, buildSnapshotOpts(s.currentUnit.type, s.currentUnit.id));
             }
-            persistHookState(s.basePath);
             return enqueueSidecar(s, ctx, { kind: "hook", unitType: hookUnit.unitType, unitId: hookUnit.unitId, prompt: hookUnit.prompt, model: hookUnit.model }, { hookName: hookUnit.hookName });
         }
+        const hookFailure = consumeHookFailure();
+        if (hookFailure) {
+            ctx.ui.notify(`Post-unit hook ${hookFailure.hookName} failed for ${hookFailure.unitId}: ${hookFailure.reason}. Pausing auto-mode.`, "warning");
+            await pauseAuto(ctx, pi);
+            return "stopped";
+        }
         // Check if a hook requested a retry of the trigger unit
         if (isRetryPending()) {
             const trigger = consumeRetryTrigger();
             if (trigger) {
-                ctx.ui.notify(`Hook requested retry of ${trigger.unitType} ${trigger.unitId} — resetting task state.`, "info");
+                persistHookState(s.basePath);
+                ctx.ui.notify(`Hook requested retry of ${trigger.unitType} ${trigger.unitId} — resetting trigger unit state.`, "info");
                 await s.orchestration?.retryActiveUnit({
                     unitType: trigger.unitType,
                     unitId: trigger.unitId,
@@ -1918,6 +1925,17 @@ export async function postUnitPostVerification(pctx) {
                 // Fall through to normal dispatch — deriveState will re-derive the unit
             }
         }
+        const gateBlock = consumeGateBlock();
+        if (gateBlock) {
+            persistHookState(s.basePath);
+            const verdict = gateBlock.verdict ? ` verdict=${gateBlock.verdict};` : "";
+            const artifact = gateBlock.artifact ? ` artifact=${gateBlock.artifact};` : "";
+            const message = `Post-unit gate "${gateBlock.hookName}" blocked ${gateBlock.triggerUnitType} ${gateBlock.triggerUnitId}:` +
+                `${verdict}${artifact} ${gateBlock.reason}. Run /gsd status to inspect, then /gsd auto after recovery.`;
+            ctx.ui.notify(message, "warning");
+            await pauseAuto(ctx, pi);
+            return "stopped";
+        }
     }
     // ── Fast-path stop detection (#3487) ──
     // Before waiting for triage, check if any PENDING captures contain explicit

package/dist/resources/extensions/gsd/auto-prompts.js

@@ -1271,7 +1271,7 @@ export async function checkNeedsRunUat(base, mid, state, prefs) {
                     if (hasVerdict(uatContent))
                         continue;
                     // Also check the ASSESSMENT file — the run-uat prompt writes the verdict
-                    // there (via gsd_summary_save artifact_type:"ASSESSMENT"), not into the
+                    // there (via gsd_uat_result_save), not into the
                     // UAT spec file. Without this check the unit re-dispatches indefinitely.
                     const assessmentFile = resolveSliceFile(base, mid, sid, "ASSESSMENT");
                     if (assessmentFile) {
@@ -2568,17 +2568,26 @@ export async function buildValidateMilestonePrompt(mid, midTitle, base, level) {
         if (isDbAvailable()) {
             const milestone = getMilestone(mid);
             if (milestone) {
+                const escapeCell = (value) => value.replace(/[\\|]/g, (char) => `\\${char}`).replace(/\r?\n/g, " ");
                 const classes = [];
                 if (milestone.verification_contract)
-                    classes.push(`- **Contract:** ${milestone.verification_contract}`);
+                    classes.push(`| Contract | ${escapeCell(milestone.verification_contract)} |`);
                 if (milestone.verification_integration)
-                    classes.push(`- **Integration:** ${milestone.verification_integration}`);
+                    classes.push(`| Integration | ${escapeCell(milestone.verification_integration)} |`);
                 if (milestone.verification_operational)
-                    classes.push(`- **Operational:** ${milestone.verification_operational}`);
+                    classes.push(`| Operational | ${escapeCell(milestone.verification_operational)} |`);
                 if (milestone.verification_uat)
-                    classes.push(`- **UAT:** ${milestone.verification_uat}`);
+                    classes.push(`| UAT | ${escapeCell(milestone.verification_uat)} |`);
                 if (classes.length > 0) {
-                    const verificationClasses = `### Verification Classes (from planning)\n\nThese verification tiers were defined during milestone planning. Each non-empty class must be checked for evidence during validation.\n\n${classes.join("\n")}`;
+                    const verificationClasses = [
+                        "### Verification Classes (from planning)",
+                        "",
+                        "These verification tiers were defined during milestone planning. Every row in this table must appear in `verificationClasses` with the same canonical class name.",
+                        "",
+                        "| Class | Planned Check |",
+                        "| --- | --- |",
+                        ...classes,
+                    ].join("\n");
                     inlined.push(verificationClasses);
                     trackPromptContext(contextTelemetry, "verification-classes", "inline", verificationClasses);
                 }

package/dist/resources/extensions/gsd/bootstrap/db-tools.js

@@ -1010,7 +1010,7 @@ export function registerDbTools(pi) {
         promptGuidelines: [
             "Use gsd_validate_milestone when all slices are done and the milestone needs validation before completion.",
             "Parameters: milestoneId, verdict, remediationRound, successCriteriaChecklist, sliceDeliveryAudit, crossSliceIntegration, requirementCoverage, verificationClasses (optional), verdictRationale, remediationPlan (optional).",
-            "If verification classes were planned, verificationClasses must include canonical class rows using the exact class names Contract, Integration, Operational, and UAT when present in planning.",
+            "If verification classes were planned, verificationClasses must be a complete canonical table with one row for every applicable planned class using the exact class names Contract, Integration, Operational, and UAT. Do not submit a partial table.",
             "Planned verification text marked as none/not required/not applicable/N/A (including suffixed variants such as 'not required - backend-only') is treated as not applicable and does not require a class row.",
             "If verdict is 'needs-remediation', also provide remediationPlan and use gsd_reassess_roadmap to add remediation slices to the roadmap.",
             "On success, returns validationPath where VALIDATION.md was written.",
@@ -1023,7 +1023,7 @@ export function registerDbTools(pi) {
             sliceDeliveryAudit: Type.String({ description: "Markdown table auditing each slice's claimed vs delivered output" }),
             crossSliceIntegration: Type.String({ description: "Markdown describing any cross-slice boundary mismatches" }),
             requirementCoverage: Type.String({ description: "Markdown describing any unaddressed requirements" }),
-            verificationClasses: Type.Optional(Type.String({ description: "Markdown describing verification class compliance and gaps using canonical class names (Contract, Integration, Operational, UAT) for each applicable planned class" })),
+            verificationClasses: Type.Optional(Type.String({ description: "Complete markdown table describing verification class compliance and gaps; include one canonical row for every applicable planned class (Contract, Integration, Operational, UAT)" })),
             verdictRationale: Type.String({ description: "Why this verdict was chosen" }),
             remediationPlan: Type.Optional(Type.String({ description: "Remediation plan (required if verdict is needs-remediation)" })),
         }),

package/dist/resources/extensions/gsd/browser-evidence.js

@@ -1,17 +1,44 @@
 // Project/App: gsd-pi
 // File Purpose: Shared browser-observable UAT requirement and evidence detection.
-export const BROWSER_REQUIREMENT_RE = /\b(?:browser|file:\/\/|localhost|dom|localstorage|click(?:ing|ed)?|button|screenshot|snapshot|reload(?:ed)?|page refresh|user-visible|strikethrough|search box)\b/i;
+export const BROWSER_REQUIREMENT_RE = /\b(?:file:\/\/|localhost|playwright|chrome|screenshot|snapshot|browser_(?:assert|batch|find|verify|snapshot_refs))\b|\b(?:open|launch|navigate|load|visit|serve|start)\b.{0,80}\b(?:browser|page|localhost|file:\/\/)\b|\bbrowser\s+(?:check|session|test|uat|tool|automation|interaction|flow)\b/i;
 export const NO_BROWSER_EVIDENCE_RE = /\b(?:no|without|not|wasn'?t|isn'?t)\s+(?:automated\s+)?(?:live\s+)?browser(?:\s+(?:session|test|uat))?|\bno\s+automated\s+browser\b|\bnot\s+conducted\b/i;
 export const BROWSER_RUNTIME_RE = /\b(?:browser|playwright|chrome|camoufox|browser_(?:assert|batch|find|verify|snapshot_refs)|screenshot|snapshot|file:\/\/|localhost)\b/i;
 export const BROWSER_ACTION_RE = /\b(?:open(?:ed)?|navigate(?:d)?|click(?:ed)?|type(?:d)?|reload(?:ed)?|capture(?:d)?|screenshot|snapshot)\b/i;
 export const BROWSER_ASSERTION_RE = /\b(?:assert(?:ed|ion)?|observed|confirmed|verified|expected|visible|text|count|label|strikethrough|localstorage|screenshot|snapshot|passed)\b/i;
+const NON_REQUIREMENT_BROWSER_HEADING_RE = /^(?:not\s+proven|not\s+covered|out\s+of\s+scope|deferred|follow-?ups?|known\s+limitations|notes\s+for\s+tester)\b/i;
+const NON_REQUIREMENT_BROWSER_LINE_RE = /\b(?:deferred|not\s+proven|not\s+covered|out\s+of\s+scope|future\s+slice|follow-?up|no\s+(?:live\s+)?browser|without\s+(?:a\s+)?browser|not\s+(?:a\s+)?browser)\b/i;
 export function compactTextParts(parts) {
     return parts.flatMap((part) => Array.isArray(part) ? part : [part])
         .filter((part) => typeof part === "string" && part.trim().length > 0)
         .join("\n");
 }
 export function hasBrowserRequiredText(text) {
-    return BROWSER_REQUIREMENT_RE.test(text);
+    let inNonRequirementSection = false;
+    let nonRequirementDepth = 0;
+    for (const line of text.split(/\r?\n/)) {
+        const headingMatch = line.match(/^(#{1,6})\s+(.+?)\s*$/);
+        if (headingMatch) {
+            const depth = headingMatch[1].length;
+            const title = headingMatch[2] ?? "";
+            // Only update section context when at the same or higher level than the
+            // heading that opened the non-requirement zone. A sub-heading deeper than
+            // the opening heading must not escape or re-enter the zone on its own.
+            if (!inNonRequirementSection || depth <= nonRequirementDepth) {
+                inNonRequirementSection = NON_REQUIREMENT_BROWSER_HEADING_RE.test(title);
+                nonRequirementDepth = inNonRequirementSection ? depth : 0;
+            }
+            // Check the heading title itself — section state is already updated, so
+            // we correctly skip headings that opened a non-requirement zone.
+            if (!inNonRequirementSection && BROWSER_REQUIREMENT_RE.test(title))
+                return true;
+            continue;
+        }
+        if (inNonRequirementSection || NON_REQUIREMENT_BROWSER_LINE_RE.test(line))
+            continue;
+        if (BROWSER_REQUIREMENT_RE.test(line))
+            return true;
+    }
+    return false;
 }
 export function hasBrowserEvidenceText(text) {
     if (!text.trim())

package/dist/resources/extensions/gsd/docs/preferences-reference.md

@@ -305,10 +305,18 @@ This config sets a parent workspace with two child repositories. The implicit `p
   - `max_cycles`: number — max times this hook fires per trigger (default: 1, max: 10).
   - `model`: string — optional model override.
   - `artifact`: string — expected output file name (relative to task/slice dir). Hook is skipped if file already exists (idempotent).
+  - `criticality`: `"advisory"` or `"blocking"` — advisory preserves current best-effort behavior; blocking requires clean hook completion plus a valid outcome verdict before auto-mode advances. Default: `"advisory"`.
   - `retry_on`: string — if this file is produced instead of the artifact, re-run the trigger unit then re-run hooks.
+  - `on_block`: object — optional routing for blocking findings:
+    - `action`: `"retry-unit"`, `"retry-task"`, `"queue-task"`, `"queue-slice"`, or `"pause"`.
+    - `artifact`: string — optional compatibility artifact for retry routing.
   - `agent`: string — agent definition file to use for hook execution.
   - `enabled`: boolean — toggle without removing (default: `true`).
 
+  Blocking hook artifacts must begin with YAML frontmatter containing either `verdict` or `outcome.verdict`.
+  Supported verdicts are `pass`, `advisory`, `needs-rework`, `needs-remediation`, and `needs-attention`.
+  `pass` and `advisory` continue; `needs-rework` retries the trigger unit when routed with `retry-unit`/`retry-task`; `needs-remediation` and `needs-attention` pause with recovery guidance.
+
 - `pre_dispatch_hooks`: array — hooks that fire before a unit is dispatched. Each entry has:
   - `name`: string — unique hook identifier.
   - `before`: string[] — unit types to intercept.

package/dist/resources/extensions/gsd/doctor-runtime-checks.js

@@ -258,14 +258,14 @@ export async function checkRuntimeHealth(basePath, issues, fixesApplied, shouldF
                 catch {
                     count = MAX_UAT_ATTEMPTS + 1;
                 }
-                if (count <= MAX_UAT_ATTEMPTS)
+                if (count < MAX_UAT_ATTEMPTS)
                     continue;
                 issues.push({
                     severity: "warning",
                     code: "uat_retry_exhausted",
                     scope: "slice",
                     unitId: `${mid}/${sid}`,
-                    message: `run-uat for ${mid}/${sid} exhausted ${count - 1} retry attempt(s) without an ASSESSMENT verdict. Reset the retry counter after fixing the underlying UAT/tool issue, then rerun /gsd auto.`,
+                    message: `run-uat for ${mid}/${sid} exhausted ${count} attempt(s) without an ASSESSMENT verdict. Reset the retry counter after fixing the underlying UAT/tool issue, then rerun /gsd auto.`,
                     file: `.gsd/runtime/${fileName}`,
                     fixable: true,
                 });

package/dist/resources/extensions/gsd/post-unit-hooks.js

@@ -19,6 +19,15 @@ export function isRetryPending() {
 export function consumeRetryTrigger() {
     return getOrCreateRegistry().consumeRetryTrigger();
 }
+export function consumeHookFailure() {
+    return getOrCreateRegistry().consumeHookFailure();
+}
+export function isGateBlockPending() {
+    return getOrCreateRegistry().isGateBlockPending();
+}
+export function consumeGateBlock() {
+    return getOrCreateRegistry().consumeGateBlock();
+}
 export function resetHookState() {
     getOrCreateRegistry().resetState();
 }

package/dist/resources/extensions/gsd/preferences-validation.js

@@ -15,6 +15,14 @@ const VALID_UOK_TURN_ACTIONS = new Set([
     "snapshot",
     "status-only",
 ]);
+const VALID_POST_UNIT_HOOK_CRITICALITIES = new Set(["advisory", "blocking"]);
+const VALID_POST_UNIT_HOOK_ON_BLOCK_ACTIONS = new Set([
+    "retry-unit",
+    "retry-task",
+    "queue-task",
+    "queue-slice",
+    "pause",
+]);
 export function validatePreferences(preferences) {
     const errors = [];
     const warnings = [];
@@ -474,9 +482,40 @@ export function validatePreferences(preferences) {
             if (typeof hook.artifact === "string" && hook.artifact.trim()) {
                 validHook.artifact = hook.artifact.trim();
             }
+            if (hook.criticality !== undefined) {
+                const criticality = typeof hook.criticality === "string" ? hook.criticality.trim() : "";
+                if (VALID_POST_UNIT_HOOK_CRITICALITIES.has(criticality)) {
+                    validHook.criticality = criticality;
+                }
+                else {
+                    errors.push(`post_unit_hooks "${name}" invalid criticality: ${String(hook.criticality)}`);
+                }
+            }
             if (typeof hook.retry_on === "string" && hook.retry_on.trim()) {
                 validHook.retry_on = hook.retry_on.trim();
             }
+            if (hook.on_block !== undefined) {
+                if (!hook.on_block || typeof hook.on_block !== "object") {
+                    errors.push(`post_unit_hooks "${name}" on_block must be an object`);
+                }
+                else {
+                    const onBlock = hook.on_block;
+                    const action = typeof onBlock.action === "string" ? onBlock.action.trim() : "";
+                    if (!VALID_POST_UNIT_HOOK_ON_BLOCK_ACTIONS.has(action)) {
+                        errors.push(`post_unit_hooks "${name}" invalid on_block action: ${String(onBlock.action)}`);
+                    }
+                    else {
+                        validHook.on_block = { action: action };
+                        if (typeof onBlock.artifact === "string" && onBlock.artifact.trim()) {
+                            validHook.on_block.artifact = onBlock.artifact.trim();
+                        }
+                    }
+                }
+            }
+            if (validHook.criticality === "blocking" && !validHook.artifact) {
+                errors.push(`post_unit_hooks "${name}" criticality blocking requires artifact`);
+                continue;
+            }
             if (typeof hook.agent === "string" && hook.agent.trim()) {
                 validHook.agent = hook.agent.trim();
             }

package/dist/resources/extensions/gsd/prompt-loader.js

@@ -26,9 +26,16 @@ function hasRequiredExtensionAssets(rootDir, exists = existsSync) {
     return (exists(join(rootDir, "prompts")) &&
         exists(join(rootDir, "templates", "task-summary.md")));
 }
+function isSourceExtensionDir(moduleDir) {
+    return moduleDir.replaceAll("\\", "/").endsWith("/src/resources/extensions/gsd");
+}
 export function resolveExtensionDirFromCandidates(moduleDir, agentGsdDir, exists = existsSync) {
     const moduleUsable = hasRequiredExtensionAssets(moduleDir, exists);
     const agentUsable = hasRequiredExtensionAssets(agentGsdDir, exists);
+    // Source checkouts must use their own prompt tree. Otherwise local tests and
+    // dev runs can silently render stale prompts from ~/.gsd/agent/extensions/gsd.
+    if (moduleUsable && isSourceExtensionDir(moduleDir))
+        return moduleDir;
     // Prefer the user-local extension tree when both are valid. This avoids
     // leaking npm/global-install paths into prompts on Windows.
     if (agentUsable)

package/dist/resources/extensions/gsd/prompts/run-uat.md

@@ -63,35 +63,53 @@ After running all checks, compute the **overall verdict**:
 - `FAIL` — one or more automatable checks failed
 - `PARTIAL` — one or more automatable checks were skipped or returned inconclusive results (not the same as `NEEDS-HUMAN` — use PARTIAL only when the agent itself could not determine pass/fail for a check it was supposed to automate)
 
-Call `gsd_summary_save` with `milestone_id: "{{milestoneId}}"`, `slice_id: "{{sliceId}}"`, `artifact_type: "ASSESSMENT"`, and the full UAT result markdown as `content`. The tool computes the assessment path, persists to DB/disk, and saves the aggregate UAT gate. The content should follow this logical shape:
+Call `gsd_uat_result_save` once after all checks are complete. The tool computes the assessment path, persists to DB/disk, saves attempt history, and saves the aggregate UAT gate.
 
-```markdown
----
-sliceId: {{sliceId}}
-uatType: {{uatType}}
-verdict: PASS | FAIL | PARTIAL
-date: <ISO 8601 timestamp>
----
-
-# UAT Result — {{sliceId}}
-
-## Checks
+Pass these top-level fields:
 
-| Check | Mode | Result | Notes |
-|-------|------|--------|-------|
-| <check description> | artifact / runtime / human-follow-up | PASS / FAIL / NEEDS-HUMAN | <observed output, evidence, or reason> |
-
-## Overall Verdict
-
-<PASS / FAIL / PARTIAL> — <one sentence summary>
+```ts
+milestoneId: "{{milestoneId}}",
+sliceId: "{{sliceId}}",
+uatType: "{{uatType}}",
+verdict: "PASS" | "FAIL" | "PARTIAL",
+notes: "<one sentence overall verdict rationale>",
+```
 
-## Notes
+Use this exact `presentation` shape in the save call so the audit can verify the run-uat tool surface without retrying missing fields one by one:
+
+```ts
+presentation: {
+  surface: "mcp",
+  presentedTools: [
+    "gsd_uat_exec",
+    "gsd_uat_result_save",
+    "gsd_resume",
+    "gsd_milestone_status",
+    "gsd_journal_query",
+  ],
+  blockedTools: [
+    { name: "gsd_exec", reason: "forbidden during run-uat" },
+    { name: "gsd_summary_save", reason: "forbidden during run-uat" },
+    { name: "gsd_save_gate_result", reason: "forbidden during run-uat" },
+  ],
+}
+```
 
-<any additional context, errors encountered, screenshots/logs gathered, or manual follow-up still required>
+Pass `checks` with this logical shape:
+
+```ts
+checks: [{
+  id: "<stable check id>",
+  description: "<check description from the UAT file>",
+  mode: "artifact" | "runtime" | "browser" | "human-follow-up",
+  result: "PASS" | "FAIL" | "NEEDS-HUMAN",
+  evidence: [{ kind: "gsd_uat_exec", ref: "<evidence id>" }],
+  notes: "<observed output, evidence, reason, or manual follow-up>",
+}]
 ```
 
 ---
 
-**You MUST call `gsd_summary_save` with `artifact_type: "ASSESSMENT"` and the UAT result content before finishing. Do not write the assessment file directly.**
+**You MUST call `gsd_uat_result_save` before finishing. Do not write the assessment file directly, and do not call `gsd_summary_save` as a substitute.**
 
 When done, say: "UAT {{sliceId}} complete."

package/dist/resources/extensions/gsd/prompts/validate-milestone.md

@@ -33,7 +33,7 @@ Prompt: "Review milestone {{milestoneId}} requirements coverage. Working directo
 Prompt: "Review milestone {{milestoneId}} cross-slice integration. Working directory: {{workingDirectory}}. Read `{{roadmapPath}}` and find the boundary map (produces/consumes contracts). For each boundary, confirm producer SUMMARY produced the artifact and consumer SUMMARY consumed it. Output table: Boundary | Producer Summary | Consumer Summary | Status. End with one-line verdict: PASS if all boundaries honored, NEEDS-ATTENTION if any gaps."
 
 **Reviewer C - Assessment & Acceptance Criteria**
-Prompt: "Review milestone {{milestoneId}} assessment evidence and acceptance criteria. Working directory: {{workingDirectory}}. Read `.gsd/milestones/{{milestoneId}}/{{milestoneId}}-CONTEXT.md` for criteria. Check slice SUMMARY and ASSESSMENT files under `.gsd/milestones/{{milestoneId}}/slices/`; UAT files are specs, not evidence. Verify each criterion maps to passing evidence. Then review inlined milestone verification classes. For each non-empty planned class, output table: Class | Planned Check | Evidence | Verdict. Use the exact class names `Contract`, `Integration`, `Operational`, and `UAT` whenever those classes are present. If a planned browser/UAT class has no ASSESSMENT with browser/runtime actions and assertions, return NEEDS-ATTENTION. If no verification classes were planned, say that explicitly. Output sections `Acceptance Criteria` with checklist `[ ] Criterion | Evidence`, and `Verification Classes` with the table. End with one-line verdict: PASS if all criteria and classes are covered by evidence, NEEDS-ATTENTION if gaps exist."
+Prompt: "Review milestone {{milestoneId}} assessment evidence and acceptance criteria. Working directory: {{workingDirectory}}. Read `.gsd/milestones/{{milestoneId}}/{{milestoneId}}-CONTEXT.md` for criteria. Check slice SUMMARY and ASSESSMENT files under `.gsd/milestones/{{milestoneId}}/slices/`; UAT files are specs, not evidence. Verify each criterion maps to passing evidence. Then review the inlined `Verification Classes (from planning)` table. For every planned row in that table, output a `Verification Classes` table with columns `Class | Planned Check | Evidence | Verdict`. Preserve every planned non-empty class row; do not summarize, rename, combine, or omit planned classes. The first cell of each row must be exactly `Contract`, `Integration`, `Operational`, or `UAT` when that class is present in planning. If a planned class lacks evidence, still include its canonical row and mark the verdict NEEDS-ATTENTION or FAIL. If a planned browser/UAT class has no ASSESSMENT with browser/runtime actions and assertions, return NEEDS-ATTENTION. If no verification classes were planned, say that explicitly. Output sections `Acceptance Criteria` with checklist `[ ] Criterion | Evidence`, and `Verification Classes` with the table. End with one-line verdict: PASS if all criteria and classes are covered by evidence, NEEDS-ATTENTION if gaps exist."
 
 ### Step 2 - Synthesize Findings
 
@@ -71,8 +71,8 @@ reviewers: 3
 <if verdict is not pass: specific actions required>
 ```
 
-Call `gsd_validate_milestone` with the camelCase fields `milestoneId`, `verdict`, `remediationRound`, `successCriteriaChecklist`, `sliceDeliveryAudit`, `crossSliceIntegration`, `requirementCoverage`, `verdictRationale`, and `remediationPlan` when needed. If you include verification-class analysis, pass it in `verificationClasses`.
-Extract the `Verification Classes` subsection from Reviewer C and pass it verbatim in `verificationClasses` so the persisted validation output uses the canonical class names `Contract`, `Integration`, `Operational`, and `UAT`.
+Call `gsd_validate_milestone` with the camelCase fields `milestoneId`, `verdict`, `remediationRound`, `successCriteriaChecklist`, `sliceDeliveryAudit`, `crossSliceIntegration`, `requirementCoverage`, `verdictRationale`, and `remediationPlan` when needed. If planning included verification classes, pass a complete canonical table in `verificationClasses`.
+Set `verificationClasses` to the `Verification Classes` subsection from Reviewer C. It must include one canonical row for every non-empty planned class from `Verification Classes (from planning)`: `Contract`, `Integration`, `Operational`, and/or `UAT`. If Reviewer C omitted a planned class, reconstruct the missing row from the planning table, set Evidence to the gap, and use NEEDS-ATTENTION or FAIL. Do not call `gsd_validate_milestone` with a partial `verificationClasses` table.
 
 **DB access safety:** Do NOT query `.gsd/gsd.db` directly via `sqlite3` or `node -e require('better-sqlite3')` - the engine owns the WAL connection. Use `gsd_milestone_status` for milestone and slice state. Data is already inlined or available via `gsd_*` tools. Direct DB access risks WAL corruption and bypasses validation.