@openprd/cli 0.1.19 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/.openprd/changes/openprd-control-plane-v020/.openprd.yaml +2 -0
  2. package/.openprd/changes/openprd-control-plane-v020/design.md +78 -0
  3. package/.openprd/changes/openprd-control-plane-v020/proposal.md +54 -0
  4. package/.openprd/changes/openprd-control-plane-v020/specs/agent-requirements/spec.md +16 -0
  5. package/.openprd/changes/openprd-control-plane-v020/task-events.jsonl +27 -0
  6. package/.openprd/changes/openprd-control-plane-v020/tasks-002.md +35 -0
  7. package/.openprd/changes/openprd-control-plane-v020/tasks.md +427 -0
  8. package/.openprd/changes/remove-session-tracking-humane-approval/.openprd.yaml +2 -0
  9. package/.openprd/changes/remove-session-tracking-humane-approval/design.md +52 -0
  10. package/.openprd/changes/remove-session-tracking-humane-approval/proposal.md +35 -0
  11. package/.openprd/changes/remove-session-tracking-humane-approval/specs/agent-requirements/spec.md +16 -0
  12. package/.openprd/changes/remove-session-tracking-humane-approval/task-events.jsonl +1 -0
  13. package/.openprd/changes/remove-session-tracking-humane-approval/tasks.md +170 -0
  14. package/.openprd/design/active/asset-spec.md +19 -14
  15. package/.openprd/design/active/direction-plan.md +19 -3
  16. package/.openprd/design/active/facts-sheet.md +16 -7
  17. package/.openprd/design/active/image-preflight.md +6 -5
  18. package/.openprd/design/active/review-studio-v020-directions/compare-plan.json +34 -0
  19. package/.openprd/design/active/review-studio-v020-directions/contact-sheet.jpg +0 -0
  20. package/.openprd/design/active/review-studio-v020-directions/crops/01.png +0 -0
  21. package/.openprd/design/active/review-studio-v020-directions/crops/02.png +0 -0
  22. package/.openprd/design/active/review-studio-v020-directions/crops/03.png +0 -0
  23. package/.openprd/design/active/review-studio-v020-directions/focus-board.template.json +69 -0
  24. package/.openprd/design/active/review-studio-v020-directions/parallel-board.template.json +45 -0
  25. package/.openprd/design/active/review-studio-v020-directions/reference-set.json +143 -0
  26. package/.openprd/design/active/review-studio-v020-directions/source.png +0 -0
  27. package/.openprd/design/active/selected-direction.md +23 -9
  28. package/.openprd/engagements/active/control-plane-architecture.json +203 -0
  29. package/.openprd/engagements/active/control-plane-intake.json +418 -0
  30. package/.openprd/engagements/active/prd.md +183 -119
  31. package/.openprd/engagements/active/review-presentation-v0018.json +176 -0
  32. package/.openprd/i18n-config.json +12 -0
  33. package/.openprd/ledger/events.jsonl +6 -0
  34. package/.openprd/ledger/heads/ebea1a71a9daa566f1c91b53.json +10 -0
  35. package/.openprd/manifest.json +21 -0
  36. package/AGENTS.md +1 -0
  37. package/README.md +2 -0
  38. package/README_EN.md +2 -0
  39. package/package.json +1 -1
  40. package/skills/openprd-frontend-design/SKILL.md +16 -0
  41. package/skills/openprd-harness/SKILL.md +1 -1
  42. package/skills/openprd-quality/SKILL.md +1 -1
  43. package/skills/openprd-requirement-intake/SKILL.md +1 -1
  44. package/skills/openprd-shared/SKILL.md +1 -1
  45. package/src/adapters/adapter-spi.js +193 -0
  46. package/src/adapters/capability-envelope.js +98 -0
  47. package/src/adapters/event-normalizer.js +55 -0
  48. package/src/adapters/index.js +4 -0
  49. package/src/adapters/install-safety.js +249 -0
  50. package/src/agent-canonical-content.js +4 -2
  51. package/src/agent-integration.js +147 -42
  52. package/src/cli/args.js +63 -4
  53. package/src/cli/gate-print.js +17 -0
  54. package/src/cli/quality-commands.js +18 -0
  55. package/src/cli/quality-print.js +10 -0
  56. package/src/cli/runtime-print.js +24 -0
  57. package/src/codex-hook-runner-template.mjs +65 -77
  58. package/src/codex-runtime.js +48 -5
  59. package/src/context/cache.js +245 -0
  60. package/src/context/compiler.js +438 -0
  61. package/src/context/constants.js +30 -0
  62. package/src/context/index.js +39 -0
  63. package/src/context/redaction.js +84 -0
  64. package/src/context/stable.js +69 -0
  65. package/src/context/telemetry.js +42 -0
  66. package/src/dev-standards.js +57 -0
  67. package/src/fleet.js +112 -95
  68. package/src/gates/index.js +2 -0
  69. package/src/gates/scoped-gates.js +256 -0
  70. package/src/gates/store.js +126 -0
  71. package/src/gates/workspace.js +41 -0
  72. package/src/html-artifacts.js +725 -28
  73. package/src/kernel/atomic-store.js +299 -0
  74. package/src/kernel/event-envelope.js +166 -0
  75. package/src/kernel/index.js +4 -0
  76. package/src/kernel/project-ledger.js +467 -0
  77. package/src/kernel/project-manifest.js +205 -0
  78. package/src/knowledge-v3/index.js +1 -0
  79. package/src/knowledge-v3/lifecycle.js +290 -0
  80. package/src/knowledge.js +14 -7
  81. package/src/openprd.js +71 -2
  82. package/src/review-model.js +413 -0
  83. package/src/review-presentation.js +1 -1
  84. package/src/run-harness.js +431 -37
  85. package/src/runtime/cli_runtime_README.md +28 -0
  86. package/src/runtime/errors.js +66 -0
  87. package/src/runtime/index.js +44 -0
  88. package/src/runtime/lane-schema.js +141 -0
  89. package/src/runtime/lane-store.js +279 -0
  90. package/src/runtime/task-runtime.js +449 -0
  91. package/src/runtime/workspace.js +179 -0
  92. package/src/runtime/write-set.js +206 -0
  93. package/src/session-binding.js +16 -3
  94. package/src/session-registry.js +59 -1
  95. package/src/upgrade/fleet-mutation.js +166 -0
  96. package/src/upgrade/fleet-transaction.js +398 -0
  97. package/src/upgrade/transaction-store.js +416 -0
  98. package/src/visual-compare-core.js +66 -27
  99. package/src/visual-compare.js +18 -12
  100. package/src/workspace-core.js +109 -7
  101. package/src/workspace-registry.js +39 -1
  102. package/src/workspace-workflow.js +18 -15
@@ -0,0 +1,203 @@
1
+ {
2
+ "type": "architecture",
3
+ "locale": "zh-CN",
4
+ "title": "OpenPrd 0.1.20 可解释项目控制平面",
5
+ "subtitle": "一份项目事实、一个并发协调层、按需编译上下文,并向业务与工程生成不同读法。",
6
+ "components": [
7
+ {
8
+ "id": "people-agents",
9
+ "name": "用户与 Agent",
10
+ "type": "external",
11
+ "subtitle": "业务用户负责目标与决策,Codex、Cursor、Claude Code 在授权范围内执行。",
12
+ "details": [
13
+ "显式任务、会话和工作单元标识始终优先",
14
+ "高风险动作绑定当前操作的明确授权"
15
+ ]
16
+ },
17
+ {
18
+ "id": "review-studio",
19
+ "name": "业务与工程双视图",
20
+ "type": "frontend",
21
+ "subtitle": "同一 ReviewModel 生成小白可懂的业务视图和工程可追溯视图。",
22
+ "details": [
23
+ "共享决策时间线与 model digest",
24
+ "默认业务视角,工程证据按需展开"
25
+ ]
26
+ },
27
+ {
28
+ "id": "adapter-spi",
29
+ "name": "跨工具适配层",
30
+ "type": "cloud",
31
+ "subtitle": "归一生命周期事件,协商能力并渲染各工具需要的上下文与决定。",
32
+ "details": [
33
+ "Codex、Cursor、Claude Code 使用同一合同",
34
+ "能力缺口明确返回,不模拟支持"
35
+ ]
36
+ },
37
+ {
38
+ "id": "context-compiler",
39
+ "name": "上下文编译器",
40
+ "type": "backend",
41
+ "subtitle": "按任务、风险、权限与 token 预算生成稳定 Capsule 或 Delta。",
42
+ "details": [
43
+ "完整摘要 800 tokens,增量 250 tokens",
44
+ "同 revision 同输入产生同 digest",
45
+ "默认只读,telemetry 与事实分离"
46
+ ]
47
+ },
48
+ {
49
+ "id": "gate-engine",
50
+ "name": "分级门禁与证据",
51
+ "type": "security",
52
+ "subtitle": "项目、变更、工作单元、任务、会话和单次操作各自判断。",
53
+ "details": [
54
+ "局部任务不被无关项目债务阻断",
55
+ "发布与真实迁移继续执行项目级门禁"
56
+ ]
57
+ },
58
+ {
59
+ "id": "task-runtime",
60
+ "name": "并发任务运行态",
61
+ "type": "backend",
62
+ "subtitle": "Lane、claim、lease、heartbeat、write-set 与 CAS 协调多线程执行。",
63
+ "details": [
64
+ "同一任务只能被一个有效 claim 持有",
65
+ "不相交文件范围可以并行",
66
+ "崩溃后安全回收过期 lease"
67
+ ]
68
+ },
69
+ {
70
+ "id": "domain-services",
71
+ "name": "需求与项目服务",
72
+ "type": "backend",
73
+ "subtitle": "Change、Task、Review、Quality、Knowledge 与 Migration 只通过控制平面变更事实。",
74
+ "details": [
75
+ "保持现有 CLI 兼容入口",
76
+ "Knowledge 有证据、作用域、有效期与替代链"
77
+ ]
78
+ },
79
+ {
80
+ "id": "project-ledger",
81
+ "name": "Project Ledger",
82
+ "type": "database",
83
+ "subtitle": "事件信封、连续 revision、幂等键和可重建投影构成唯一业务真相。",
84
+ "details": [
85
+ "current、task graph、review、knowledge index 都是投影",
86
+ "支持 verify、replay 与损坏恢复"
87
+ ]
88
+ },
89
+ {
90
+ "id": "atomic-store",
91
+ "name": "原子存储与版本清单",
92
+ "type": "database",
93
+ "subtitle": "原子写入、锁、checksum、reader/writer 版本和迁移记录保护旧项目。",
94
+ "details": [
95
+ "legacy、dual、ledger 三种兼容模式",
96
+ "真实升级前备份,失败按项目回滚",
97
+ "symlink 与过新 schema 安全拒绝写入"
98
+ ]
99
+ }
100
+ ],
101
+ "flows": [
102
+ {
103
+ "source": "people-agents",
104
+ "target": "review-studio",
105
+ "label": "理解范围、风险与决定",
106
+ "type": "standard"
107
+ },
108
+ {
109
+ "source": "people-agents",
110
+ "target": "adapter-spi",
111
+ "label": "提交任务与运行事件",
112
+ "type": "standard"
113
+ },
114
+ {
115
+ "source": "adapter-spi",
116
+ "target": "context-compiler",
117
+ "label": "协商能力与上下文格式",
118
+ "type": "standard"
119
+ },
120
+ {
121
+ "source": "context-compiler",
122
+ "target": "gate-engine",
123
+ "label": "附带适用门禁与权限",
124
+ "type": "security"
125
+ },
126
+ {
127
+ "source": "gate-engine",
128
+ "target": "task-runtime",
129
+ "label": "允许后领取任务范围",
130
+ "type": "security"
131
+ },
132
+ {
133
+ "source": "task-runtime",
134
+ "target": "domain-services",
135
+ "label": "在 claim 与 write-set 内执行",
136
+ "type": "standard"
137
+ },
138
+ {
139
+ "source": "domain-services",
140
+ "target": "project-ledger",
141
+ "label": "追加事实事件",
142
+ "type": "standard"
143
+ },
144
+ {
145
+ "source": "project-ledger",
146
+ "target": "context-compiler",
147
+ "label": "提供最新权威事实",
148
+ "type": "standard"
149
+ },
150
+ {
151
+ "source": "project-ledger",
152
+ "target": "review-studio",
153
+ "label": "生成双投影",
154
+ "type": "standard"
155
+ },
156
+ {
157
+ "source": "atomic-store",
158
+ "target": "project-ledger",
159
+ "label": "原子持久化与版本保护",
160
+ "type": "security"
161
+ }
162
+ ],
163
+ "summaryCards": [
164
+ {
165
+ "title": "用户得到什么",
166
+ "color": "frontend",
167
+ "items": [
168
+ "进入项目后直接看到本次任务需要的最少上下文",
169
+ "多线程并行不会互相覆盖,冲突会说清原因和下一步",
170
+ "业务评审先看结果,工程细节仍能从同一结论追溯"
171
+ ]
172
+ },
173
+ {
174
+ "title": "系统如何可靠",
175
+ "color": "backend",
176
+ "items": [
177
+ "唯一项目账本 + 可重建投影,运行态不再冒充业务真相",
178
+ "revision、幂等键、claim、lease、write-set 与 CAS 防止丢失更新",
179
+ "上下文编译默认只读、可缓存、可增量、可解释"
180
+ ]
181
+ },
182
+ {
183
+ "title": "如何安全升级",
184
+ "color": "cloud",
185
+ "items": [
186
+ "0.1.20 先以 dual 模式和旧状态对账",
187
+ "每个真实项目都先预检、备份、校验,再原子替换",
188
+ "归档保持不变,失败只回滚当前项目"
189
+ ]
190
+ }
191
+ ],
192
+ "reviewInstructions": [
193
+ "用户已明确授权按此架构继续实现,无需中途停顿。",
194
+ "任何 lost update、错误项目写入、归档变化、敏感信息泄漏或无法回滚都阻断真实刷新。",
195
+ "版本升级和 fleet 刷新只能在全量测试与项目级门禁健康后执行。"
196
+ ],
197
+ "metadata": {
198
+ "versionId": "v0018",
199
+ "owner": "OpenPrd",
200
+ "targetSystem": "OpenPrd CLI 与本地项目生态",
201
+ "reviewStatus": "confirmed"
202
+ }
203
+ }
@@ -0,0 +1,418 @@
1
+ {
2
+ "meta.title": {
3
+ "value": "OpenPrd 可解释项目控制平面与跨工具上下文升级",
4
+ "source": "user-confirmed"
5
+ },
6
+ "meta.owner": {
7
+ "value": "OpenPrd",
8
+ "source": "user-confirmed"
9
+ },
10
+ "meta.version": {
11
+ "value": "0.1.20",
12
+ "source": "user-confirmed"
13
+ },
14
+ "meta.status": {
15
+ "value": "draft",
16
+ "source": "user-confirmed"
17
+ },
18
+ "meta.productType": {
19
+ "value": "agent",
20
+ "source": "user-confirmed"
21
+ },
22
+ "problem.problemStatement": {
23
+ "value": "OpenPrd 已具备需求分流、评审、任务、质量、画布和多工具适配能力,但项目事实、会话运行态、任务并发、上下文注入、评审投影和知识演进仍由多份可写状态拼接。近一个月 Codex 线程中出现重复 context、同项目并发互相覆盖、指定会话被错误目标抢占、全局债务阻断局部任务、跨版本安装漂移,以及业务用户难以理解技术评审的问题。",
24
+ "source": "user-confirmed"
25
+ },
26
+ "problem.whyNow": {
27
+ "value": "OpenPrd 正从 PRD 工具升级为 Vibe Coding 的项目控制平面,并要同时服务 Codex、Cursor、Claude Code。继续扩展现有多真相源会放大 token、延迟、并发冲突和迁移风险;当前 0.1.19 到 0.1.20 的版本窗口适合先冻结可兼容的控制平面协议,再安全刷新所有真实本地项目。",
28
+ "source": "user-confirmed"
29
+ },
30
+ "problem.evidence": {
31
+ "value": [
32
+ "近 30 天 817 个 Codex 线程中,362 个具有 OpenPrd CLI 形态,共 3145 次调用;run --context 554 次,93 个线程重复调用,额外调用 271 次,单线程最多 22 次。",
33
+ "56 个同项目 OpenPrd 线程在 5 分钟内并发启动;当前 feature-list、loop-state、current state 和全局镜像缺少 claim、lease、CAS 与 write-set 冲突协议。",
34
+ "当前 run-harness 已出现 findSessionWorkspaceCandidates 被删除但仍调用,以及显式 session 在精确解析前被 active change 抢占的回归。",
35
+ "当前 v0017 与 remove-session-tracking change 混入前一个 Canvas 需求内容,证明局部 capture 与多投影可以形成语义污染。",
36
+ "本机持久范围发现 86 个 .openprd,版本跨 0.1.0、0.1.11、0.1.15、0.1.19;Home 级 Codex Skill 还被 Claude 适配内容和软链接污染。"
37
+ ],
38
+ "source": "user-confirmed"
39
+ },
40
+ "users.primaryUsers": {
41
+ "value": [
42
+ "用自然语言驱动 Codex、Cursor、Claude Code 完成产品开发的非专业或半专业用户",
43
+ "在同一代码项目中并发运行多个 Agent、线程、worktree 的开发者",
44
+ "需要持续维护需求、代码健康、知识与版本迁移的项目负责人"
45
+ ],
46
+ "source": "user-confirmed"
47
+ },
48
+ "users.secondaryUsers": {
49
+ "value": [
50
+ "OpenPrd 集成与插件维护者",
51
+ "审阅业务范围、风险与验收结论的产品和业务协作者"
52
+ ],
53
+ "source": "user-confirmed"
54
+ },
55
+ "users.stakeholders": {
56
+ "value": [
57
+ "OpenPrd 产品与工程维护者",
58
+ "被 OpenPrd 管理的本地项目所有者",
59
+ "Codex、Cursor、Claude Code 适配层维护者"
60
+ ],
61
+ "source": "user-confirmed"
62
+ },
63
+ "validation.community": {
64
+ "value": "已经在本机真实项目中持续使用 OpenPrd、Codex、Cursor、Claude Code 的 Vibe Coding 用户与维护者",
65
+ "source": "user-confirmed"
66
+ },
67
+ "validation.seedUsers": {
68
+ "value": [
69
+ "当前 43 个活跃或真实旧项目的维护者",
70
+ "近一个月具有 OpenPrd CLI 行为的 362 个 Codex 线程代表的真实任务样本"
71
+ ],
72
+ "source": "user-confirmed"
73
+ },
74
+ "validation.communityFit": {
75
+ "value": "团队本身就是高频 Vibe Coding 与多 Agent 协作者,拥有真实线程、真实项目、真实安装漂移和真实迁移样本,可以在自身工作流中完成 dogfood。",
76
+ "source": "user-confirmed"
77
+ },
78
+ "validation.currentAlternative": {
79
+ "value": "依赖 AGENTS.md、Skill、change/tasks、session binding、run-state、质量报告和人工记忆拼接上下文;发生冲突时靠重新运行 context、手工检查状态或切换线程。",
80
+ "source": "user-confirmed"
81
+ },
82
+ "validation.painEvidence": {
83
+ "value": "重复 context、错误目标恢复、语义污染、全局 registry 膨胀、跨工具 Skill 漂移和 fleet 无事务更新均已在当前仓库与本机安装中复现。",
84
+ "source": "user-confirmed"
85
+ },
86
+ "validation.manualPath": {
87
+ "value": "先以兼容模式建立 manifest、事件信封、原子存储与 Ledger shadow-write,再逐层切换 Runtime、Context、Gate、Review、Knowledge 和 Adapter;每层均用真实项目 fixture 与旧版本 fixture 对账。",
88
+ "source": "user-confirmed"
89
+ },
90
+ "validation.manualPlaybook": {
91
+ "value": "修复当前回归并冻结协议;建立 legacy/dual/ledger 三种存储模式;对每个旧项目执行 preflight、备份、临时生成、校验、原子替换与单项目回滚;按批次刷新 Home、Projects、Context 和活跃 worktree。",
92
+ "source": "user-confirmed"
93
+ },
94
+ "validation.commitmentSignals": {
95
+ "value": [
96
+ "用户明确授权完整实施、自动解决中间问题并刷新全部真实本地版本",
97
+ "现有线程与安装盘点提供了可量化的前后对比基线"
98
+ ],
99
+ "source": "user-confirmed"
100
+ },
101
+ "validation.firstValidationStep": {
102
+ "value": "在当前 OpenPrd 仓库先完成回归修复、项目 manifest、原子 Ledger、任务并发 Runtime 与只读 Context Capsule 的纵向闭环。",
103
+ "source": "user-confirmed"
104
+ },
105
+ "validation.defaultAlivePlan": {
106
+ "value": "保持 0.1.x CLI 和现有生成文件兼容;新内核先 shadow-write,出现不一致时可切回 legacy read,禁止一次性破坏旧项目。",
107
+ "source": "user-confirmed"
108
+ },
109
+ "validation.paymentProof": {
110
+ "value": "本轮以真实使用频率、迁移覆盖、token 与执行时间下降、并发正确性和评审完成率作为价值证明,不引入商业收费动作。",
111
+ "source": "user-confirmed"
112
+ },
113
+ "validation.mvpSlice": {
114
+ "value": "0.1.20 首先交付可兼容的 Project Manifest、Event Envelope、Atomic Store、Project Ledger、Lane/Task Runtime、Context Capsule,以及安全 fleet 升级;双投影 Review、Adapter SPI 与 Knowledge Evolution 必须有可用纵向能力,但旧投影可保留兼容入口。",
115
+ "source": "user-confirmed"
116
+ },
117
+ "validation.weekendTest": {
118
+ "value": "用当前仓库、两个并发临时工作区、0.1.15/0.1.19 fixture 和 Home Skill 软链接 fixture 完成全链路演练。",
119
+ "source": "user-confirmed"
120
+ },
121
+ "validation.smallestExecution": {
122
+ "value": "先修复 exact session 优先级并实现一个具备 expectedRevision、idempotencyKey、原子写入和可重建投影的 Ledger stream。",
123
+ "source": "user-confirmed"
124
+ },
125
+ "validation.productizeGate": {
126
+ "value": "只有全量测试、并发压力、迁移幂等、回滚演练、三平台契约和真实项目 dry-run 均通过,才允许把 0.1.20 刷新到真实本地项目。",
127
+ "source": "user-confirmed"
128
+ },
129
+ "validation.firstCustomerPath": {
130
+ "value": "先覆盖当前机器上的 OpenPrd 自身仓库与活跃项目,再把协议和迁移路径推广到其他 OpenPrd 用户。",
131
+ "source": "user-confirmed"
132
+ },
133
+ "validation.pricingHypothesis": {
134
+ "value": "本轮不改变开源 CLI 定价;价值通过更低上下文成本、更少返工和更稳定的长期项目维护体现。",
135
+ "source": "user-confirmed"
136
+ },
137
+ "validation.customerOneProfitability": {
138
+ "value": "单项目减少一次错误目标执行、一次全量 context 重注入或一次手工迁移回滚即可抵消升级成本。",
139
+ "source": "user-confirmed"
140
+ },
141
+ "validation.growthDiscipline": {
142
+ "value": "先保证协议稳定、可回滚、可观测和旧项目兼容,再增加更多自动化;不以新增命令数量替代可验证的执行质量。",
143
+ "source": "user-confirmed"
144
+ },
145
+ "validation.reversibility": {
146
+ "value": "每个迁移阶段支持 legacy/dual/ledger 模式、preimage backup、幂等 migration id 与按项目 restore;归档和发布副本默认保持不可变。",
147
+ "source": "user-confirmed"
148
+ },
149
+ "validation.customerTruth": {
150
+ "value": "目标直接针对已观测的重复上下文、并发覆盖、错误目标、评审理解成本、跨版本漂移和长期知识失真,而不是为了架构整洁而重写。",
151
+ "source": "user-confirmed"
152
+ },
153
+ "validation.valuesFit": {
154
+ "value": "坚持用户可理解、Agent 可执行、事实可追溯、风险可回滚、知识可持续演进的 OpenPrd 产品原则。",
155
+ "source": "user-confirmed"
156
+ },
157
+ "goals.goals": {
158
+ "value": [
159
+ "用唯一 Project Ledger 管理项目业务事实,并把 current、task graph、review、knowledge index 等降为可重建投影",
160
+ "用 Lane/Task Runtime 支持同项目多线程、多 Agent、多 worktree 安全 claim、lease、heartbeat、write-set 与 CAS",
161
+ "用 Context Compiler 向 Agent 提供最精准、最小 token、可缓存、可增量、可解释且默认只读的上下文",
162
+ "用 scoped Evidence 和 Gate 让局部任务不被无关项目债务阻断,同时保持发布级门禁",
163
+ "从同一 ReviewModel 生成小白可懂的业务视图和工程可执行视图,并保持同一 digest 与决策链",
164
+ "统一 Codex、Cursor、Claude Code 的 Adapter SPI、能力协商、事件归一和跨版本协议",
165
+ "把 Knowledge Evolution 变为有作用域、证据、有效期、替代链和可回滚的持续维护系统",
166
+ "安全将产品版本升级到 0.1.20,并刷新所有真实本地 OpenPrd 安装与旧项目"
167
+ ],
168
+ "source": "user-confirmed"
169
+ },
170
+ "goals.successMetrics": {
171
+ "value": [
172
+ "相同 revision 与请求生成稳定 context digest;默认完整 Capsule 不超过 800 tokens,Delta 不超过 250 tokens",
173
+ "Context warm cache p95 小于 100ms,cold build p95 小于 500ms;run --context 对业务状态零写入",
174
+ "同一 task 的 100 个并发 claim 只允许一个成功;CAS 与 write-set 压力测试零 lost update",
175
+ "显式 session/thread/task/work-unit 目标解析准确率 100%,active change 只在无精确索引时作为 fallback",
176
+ "业务 Review 不泄露内部命令和实现噪声,工程 Review 保持文件、任务、测试、证据和版本全链路可追溯",
177
+ "Codex、Cursor、Claude Code 通过同一适配契约 fixture,能力缺口被明确表达而不伪装支持",
178
+ "所有真实活跃本地项目升级到 0.1.20,归档未改动,单项目回滚演练成功,Home Skill 不再出现跨适配器漂移"
179
+ ],
180
+ "source": "user-confirmed"
181
+ },
182
+ "goals.acceptanceGoals": {
183
+ "value": [
184
+ "全量单元、集成、并发、迁移、回滚、性能和三平台契约测试通过",
185
+ "最新 Markdown/HTML 测试报告、质量报告、架构与视觉证据可追溯",
186
+ "standards、quality、run verify 与 doctor 在发布/刷新前全部健康",
187
+ "所有真实项目刷新报告包含版本、checksum、备份、迁移结果和失败回滚状态"
188
+ ],
189
+ "source": "user-confirmed"
190
+ },
191
+ "scope.inScope": {
192
+ "value": [
193
+ "Project Manifest、Event Envelope、Atomic Store、Project Ledger 与可重建投影",
194
+ "Session/Lane/Task Runtime:claim、lease、heartbeat、write-set、CAS、worktree/branch trace",
195
+ "Context Capsule、Delta、Cache、token budget、authority/freshness、引用解析与 secret redaction",
196
+ "project/change/work-unit/task/lane/operation 分级 Gate 与 Evidence",
197
+ "Review canonical model、业务/工程双投影、决策与 Canvas 标注绑定",
198
+ "Knowledge v3 生命周期、检索预算、telemetry 分离、Learning/Growth 边界",
199
+ "Codex/Cursor/Claude Code Adapter SPI、能力协商、runtime detection 与生成文件漂移修复",
200
+ "协议/reader/writer/adapter/projection 版本、N/N-1 兼容、幂等迁移、备份与回滚",
201
+ "fleet nested legacy 扫描、symlink 安全、registry 隔离/压缩和真实本地项目批量刷新",
202
+ "面向普通用户的中文产品文案、i18n 提醒和 Review Studio 视觉交互验证"
203
+ ],
204
+ "source": "user-confirmed"
205
+ },
206
+ "scope.outOfScope": {
207
+ "value": [
208
+ "不进行生产云端热修复、远程业务数据写入或替用户发布外部服务",
209
+ "不重写 Excalidraw/Canvas 引擎,不引入与控制平面无关的视觉资产系统",
210
+ "不静默删除历史 review、归档、release 副本或用户未提交源码改动",
211
+ "不在 0.1.20 直接移除全部 legacy 文件;先提供兼容投影和回滚窗口",
212
+ "不把 Codex、Cursor、Claude Code 不具备的生命周期能力伪装成已支持",
213
+ "不自动 push、npm publish 或创建远端 release,除非用户另行明确授权"
214
+ ],
215
+ "source": "user-confirmed"
216
+ },
217
+ "scenarios.primaryFlows": {
218
+ "value": [
219
+ "Agent 进入已有项目,Adapter 识别运行环境,Context Compiler 基于 lane/task/revision 在预算内生成 Capsule 或 Delta",
220
+ "多个线程并发执行同一项目,Runtime 对 task 和 write-set 原子 claim,冲突被结构化返回,不相交任务可并行",
221
+ "业务用户打开 Review,先看到问题、价值、范围、流程、风险和验收;工程视图从同一 model 展示 change/task/file/test/evidence",
222
+ "任务完成后 Evidence 只更新相关 task/work-unit 投影;阶段或发布门禁再聚合项目级质量",
223
+ "旧项目升级前生成 plan 与 backup,迁移到 dual 模式并验证;失败只回滚当前项目",
224
+ "Knowledge 由 observation 进入 candidate,经证据验证后生效;过期、冲突或被替代的知识不再进入 Context"
225
+ ],
226
+ "source": "user-confirmed"
227
+ },
228
+ "scenarios.edgeCases": {
229
+ "value": [
230
+ "同一 session ID 在多个工作区有线索时不语义猜测,返回候选和安全阻断",
231
+ "Agent 崩溃导致 lease 过期后,旧 heartbeat 不能覆盖新 claim",
232
+ "Ledger JSONL 尾部半写、projection 损坏或 migration 重跑时可恢复且不重复应用",
233
+ "workspace schema 过新时旧 writer 拒绝写入并说明最小兼容版本",
234
+ "Home Skill 路径含跨目录 symlink 时拒绝跟随覆盖 canonical source,并给出可恢复迁移计划",
235
+ "dirty worktree、detached worktree、归档、副本和 nested legacy 目录被明确分类,不误刷新"
236
+ ],
237
+ "source": "user-confirmed"
238
+ },
239
+ "scenarios.failureModes": {
240
+ "value": [
241
+ "expectedRevision 不一致时返回 OPENPRD_REVISION_CONFLICT,不覆盖新状态",
242
+ "write-set 冲突时保留当前 claim 并返回冲突任务、owner、lease 与重试条件",
243
+ "Context 超预算时按 authority、scope、freshness 和 relevance 确定性裁剪,并列出 excluded reason",
244
+ "迁移校验失败时用 preimage 恢复当前项目,registry 不提交该项目新版本",
245
+ "Adapter 能力不足时生成 capability gap,不继续要求不存在的 hook 或 UI",
246
+ "Review model digest 不匹配时不接受确认,CSS/artifact 重渲染不得改变业务 model digest"
247
+ ],
248
+ "source": "user-confirmed"
249
+ },
250
+ "requirements.functional": {
251
+ "value": [
252
+ "提供 project manifest、ledger append/read/head/verify/rebuild、projection replay API",
253
+ "提供 task claim/heartbeat/release、lease recovery、write-set conflict、lane binding API 与 CLI",
254
+ "提供 context compile/diff/cache/render/reference API,保持 run --context 兼容入口",
255
+ "提供 scoped gate/evidence evaluation 与明确 approval ID 绑定",
256
+ "提供 ReviewModel 业务/工程投影与稳定确认合同",
257
+ "提供 adapter detect/capabilities/install/normalize/render/handoff SPI",
258
+ "提供 Knowledge v3 validate/promote/deprecate/supersede/query 生命周期",
259
+ "提供 upgrade plan/dry-run/backup/atomic apply/restore 与 fleet 安全批处理",
260
+ "提供 registry prune/compact 与测试环境 OPENPRD_HOME 隔离"
261
+ ],
262
+ "source": "user-confirmed"
263
+ },
264
+ "requirements.nonFunctional": {
265
+ "value": [
266
+ "Node.js 20.19+,优先零新增运行时依赖,复用现有 YAML 与 Sharp",
267
+ "所有核心写入具备原子替换、revision、幂等键、checksum 和 crash recovery",
268
+ "读取路径默认无业务状态写入;telemetry 与事实真相分离",
269
+ "面向普通用户的默认文案使用简体中文、结果导向且不暴露内部实现术语",
270
+ "新旧 CLI 在一个兼容周期内保持字段与退出码兼容,并标注 deprecated 字段",
271
+ "每个迁移步骤可重复执行、可审计、可单项目回滚"
272
+ ],
273
+ "source": "user-confirmed"
274
+ },
275
+ "requirements.businessRules": {
276
+ "value": [
277
+ "Project Ledger 是业务事实唯一真相,Harness 只存运行态,Review/Current/Task/Knowledge Index 是投影",
278
+ "显式 ID 优先于语义和 active change fallback;不能用最近状态猜用户目标",
279
+ "局部 task 成功不因无关 workspace debt 失败;发布、handoff 和 fleet 刷新仍执行项目级门禁",
280
+ "Knowledge 必须有作用域、来源和证据;telemetry 不得改变知识正文或检索真相",
281
+ "归档和备份默认不可变;真实刷新范围必须由 inventory 分类而非仅按目录名猜测",
282
+ "版本 0.1.20 验证通过前不得刷新真实项目"
283
+ ],
284
+ "source": "user-confirmed"
285
+ },
286
+ "constraints.technical": {
287
+ "value": [
288
+ "保持现有 CLI、JSONL/JSON workspace 与 Codex/Claude/Cursor 生成路径的向后兼容",
289
+ "当前 git worktree 含既有 i18n 和 unfinished session 修改,必须保留用户改动并分层整合,禁止 reset/stash",
290
+ "Repo-local canonical source 与生成文件必须区分,写入前检查任一路径祖先是否为 symlink",
291
+ "测试必须使用隔离 OPENPRD_HOME,禁止污染真实全局 registry",
292
+ "Review Studio 改动必须复用现有视觉系统并提供前后、焦点、验证与对齐证据"
293
+ ],
294
+ "source": "user-confirmed"
295
+ },
296
+ "constraints.compliance": {
297
+ "value": [
298
+ "上下文与日志不得包含 API key、token、账号、个人隐私或未脱敏 prompt 原文",
299
+ "迁移备份只包含当前任务需要的最小文件并保留本机权限,不向外发送",
300
+ "不修改用户归档、远程仓库或生产环境"
301
+ ],
302
+ "source": "user-confirmed"
303
+ },
304
+ "constraints.dependencies": {
305
+ "value": [
306
+ "现有 OpenPrd CLI、skills、hooks、workspace schema、review renderer、quality/standards/test infrastructure",
307
+ "本机 Node.js、npm 全局软链接与真实 OpenPrd 项目 inventory",
308
+ "Codex、Cursor、Claude Code 当前可观测的 runtime capability 与生成协议"
309
+ ],
310
+ "source": "user-confirmed"
311
+ },
312
+ "businessGuardrails.costDrivers": {
313
+ "value": [
314
+ "全量线程与项目扫描、并发压力测试、Review 视觉验证、旧项目备份和批量迁移",
315
+ "重复上下文注入和过宽文档读取造成的 token 与执行时间"
316
+ ],
317
+ "source": "user-confirmed"
318
+ },
319
+ "businessGuardrails.usageLimits": {
320
+ "value": [
321
+ "默认 context Capsule 800 tokens,Delta 250 tokens;超预算需可解释裁剪",
322
+ "真实 fleet 按 Home、Projects、Context、活跃 worktree 分批执行,归档不纳入",
323
+ "单项目迁移失败不继续覆盖该项目,也不阻断已经验证成功的其他项目"
324
+ ],
325
+ "source": "user-confirmed"
326
+ },
327
+ "businessGuardrails.abusePrevention": {
328
+ "value": [
329
+ "高风险操作绑定明确 lane/operation approval ID,短句确认不能放行其他 lane",
330
+ "Symlink 路径、too-new schema、dirty archive 分类不明时拒绝破坏性写入",
331
+ "Context 编译进行 secret redaction,Knowledge promotion 需要证据和 reviewer"
332
+ ],
333
+ "source": "user-confirmed"
334
+ },
335
+ "businessGuardrails.monitoringSignals": {
336
+ "value": [
337
+ "context token、cold/warm p50/p95、cache hit、included/excluded reason",
338
+ "claim 冲突、lease recovery、CAS conflict、lost update、write-set overlap",
339
+ "projection digest、migration digest、rollback result、adapter drift、registry stale count",
340
+ "业务 Review 完成率、需求修订次数、用户可理解性检查与技术词泄漏"
341
+ ],
342
+ "source": "user-confirmed"
343
+ },
344
+ "businessGuardrails.alertThresholds": {
345
+ "value": [
346
+ "任何 lost update、错误项目写入、归档 checksum 变化、secret 泄漏或无法回滚均为阻断",
347
+ "Context 超预算、p95 超 SLO、adapter fixture 不一致或 migration 对账不一致阻断真实 fleet",
348
+ "质量报告 productionReady=false 时不得声称整体完成"
349
+ ],
350
+ "source": "user-confirmed"
351
+ },
352
+ "businessGuardrails.stopLossActions": {
353
+ "value": [
354
+ "切回 legacy read/storageMode,停止后续批次并按项目 restore preimage",
355
+ "保留失败报告、revision、digest 和 capability gap,不用写死逻辑绕过门禁",
356
+ "对分类不明的归档、副本或 symlink 目标保持只读"
357
+ ],
358
+ "source": "user-confirmed"
359
+ },
360
+ "risks.assumptions": {
361
+ "value": [
362
+ "0.1.20 可在不移除 legacy 文件的前提下交付兼容控制平面纵向能力",
363
+ "现有 43 个活跃真实项目与历史 0.1.15/0.1.19 fixture 足以覆盖主要迁移形态",
364
+ "Codex、Cursor、Claude Code 平台差异可通过 capability negotiation 明确表达"
365
+ ],
366
+ "source": "user-confirmed"
367
+ },
368
+ "risks.risks": {
369
+ "value": [
370
+ "改造横跨状态、hook、CLI、review、knowledge 与迁移,若没有兼容分层会形成大爆炸式回归",
371
+ "当前 dirty worktree 与语义污染状态可能把既有用户改动误当成稳定基线",
372
+ "Home 级 Skill symlink 与通用 skills-sync 可能再次制造跨适配器漂移",
373
+ "全局 registry 已被测试临时目录污染,直接 compact 或 fleet 可能误删仍需的定位索引",
374
+ "Review 双投影若没有 canonical digest 会再次产生两套真相"
375
+ ],
376
+ "source": "user-confirmed"
377
+ },
378
+ "risks.openQuestions": {
379
+ "value": [
380
+ "Ledger 默认读路径在 0.1.20 是否切换到 dual-read,或先保持 legacy-read + shadow ledger;本轮以安全对账结果决定",
381
+ "Home 全局 Skill 最终采用 adapter-neutral shared 内容还是让外部 skills-sync 排除 OpenPrd;本轮优先实现兼容 shared 内容与 symlink fence",
382
+ "历史 Documents 归档保持不可变,只验证 scanner 排除,不纳入版本刷新"
383
+ ],
384
+ "source": "user-confirmed"
385
+ },
386
+ "handoff.owner": {
387
+ "value": "OpenPrd",
388
+ "source": "user-confirmed"
389
+ },
390
+ "handoff.nextStep": {
391
+ "value": "按阶段完成 P0 回归与协议冻结、P1-P8 纵向实现、全量验证、0.1.20 版本升级和真实本地项目分批刷新",
392
+ "source": "user-confirmed"
393
+ },
394
+ "handoff.targetSystem": {
395
+ "value": "OpenPrd CLI、当前源码仓库、本机全局集成和所有真实活跃 OpenPrd 项目",
396
+ "source": "user-confirmed"
397
+ },
398
+ "typeSpecific.fields.humanAgentContract": {
399
+ "value": "用户负责目标、范围和高风险外部动作授权;Agent 可在已授权范围内完成架构实现、测试、迁移、回滚和本地刷新。所有事实变更写入 Ledger,所有运行 ownership 写入 Lane/Task Runtime。",
400
+ "source": "user-confirmed"
401
+ },
402
+ "typeSpecific.fields.autonomyBoundary": {
403
+ "value": "本轮用户明确授权无需中途确认,Agent 可自动处理本地源码和本地 OpenPrd 项目;不得扩展到远程 push、npm publish、生产云写入、归档篡改或敏感信息外发。",
404
+ "source": "user-confirmed"
405
+ },
406
+ "typeSpecific.fields.toolBoundary": {
407
+ "value": "使用当前工作区代码、OpenPrd CLI、测试工具、Product Design 审计与视觉证据、本机只读 inventory;所有文件编辑通过可审计补丁,真实迁移先 dry-run 和备份。",
408
+ "source": "user-confirmed"
409
+ },
410
+ "typeSpecific.fields.stateModel": {
411
+ "value": "Project Ledger 记录业务事实;Manifest 记录模型与兼容版本;Lane/Task Runtime 记录临时 ownership;Context Capsule 是只读编译结果;Review、Current、Task Graph、Knowledge Index、Learning 是可重建投影。",
412
+ "source": "user-confirmed"
413
+ },
414
+ "typeSpecific.fields.evalPlan": {
415
+ "value": "使用 characterization、unit、integration、concurrency、crash recovery、migration、rollback、performance、adapter parity、visual comparison、full regression、standards/quality/run/doctor 和真实 fleet readback 逐层验收。",
416
+ "source": "user-confirmed"
417
+ }
418
+ }