@planu/cli 0.45.4 → 0.46.0

package/dist/engine/legal-compliance/question-framework.js

@@ -0,0 +1,461 @@
+// ---------------------------------------------------------------------------
+// Universal domain — applies to ALL projects regardless of industry
+// ---------------------------------------------------------------------------
+const UNIVERSAL_QUESTIONS = [
+    {
+        id: 'universal-01',
+        domain: 'universal',
+        question: 'What data protection laws apply in each target country (e.g., GDPR, LGPD, CCPA, POPIA)?',
+        rationale: 'Data protection is the most common compliance area. Nearly every app collects some form of personal data.',
+        keywords: ['gdpr', 'lgpd', 'ccpa', 'popia', 'data protection', 'personal data'],
+    },
+    {
+        id: 'universal-02',
+        domain: 'universal',
+        question: 'What are the privacy policy requirements in each target country? Must it be in the local language?',
+        rationale: 'Most jurisdictions require a publicly accessible privacy policy with specific disclosures.',
+        keywords: ['privacy policy', 'privacy notice', 'disclosure'],
+    },
+    {
+        id: 'universal-03',
+        domain: 'universal',
+        question: 'What accessibility standards are legally required (e.g., WCAG level, ADA, EAA)?',
+        rationale: 'Accessibility lawsuits are increasing globally. Some countries mandate specific WCAG levels.',
+        keywords: ['wcag', 'accessibility', 'ada', 'eaa', 'a11y'],
+    },
+    {
+        id: 'universal-04',
+        domain: 'universal',
+        question: 'What are the mandatory data retention periods and deletion obligations in each country?',
+        rationale: 'Over-retaining data creates liability. Under-retaining may violate tax or audit laws.',
+        keywords: ['data retention', 'deletion', 'right to erasure', 'storage limitation'],
+    },
+    {
+        id: 'universal-05',
+        domain: 'universal',
+        question: 'What consent mechanisms are required for data collection (opt-in vs opt-out, granularity)?',
+        rationale: 'Consent requirements vary dramatically — EU requires explicit opt-in, US often allows opt-out.',
+        keywords: ['consent', 'opt-in', 'opt-out', 'legitimate interest'],
+    },
+    {
+        id: 'universal-06',
+        domain: 'universal',
+        question: 'What are the data breach notification requirements (timeline, authority, affected users)?',
+        rationale: 'Breach notification deadlines range from 24 hours to 72 hours depending on jurisdiction.',
+        keywords: ['breach notification', 'data breach', 'incident response', 'notification timeline'],
+    },
+    {
+        id: 'universal-07',
+        domain: 'universal',
+        question: 'What restrictions exist on cross-border data transfers between the target countries?',
+        rationale: 'Transferring data across borders may require Standard Contractual Clauses, adequacy decisions, or local storage.',
+        keywords: ['cross-border', 'data transfer', 'scc', 'adequacy', 'data localization'],
+    },
+    {
+        id: 'universal-08',
+        domain: 'universal',
+        question: 'What cookie and tracking consent requirements apply (e.g., cookie banners, ePrivacy)?',
+        rationale: 'Cookie consent is separately regulated from general data protection in many jurisdictions.',
+        keywords: ['cookie', 'tracking', 'eprivacy', 'cookie banner', 'analytics consent'],
+    },
+];
+// ---------------------------------------------------------------------------
+// Billing domain — invoicing, taxation, fiscal compliance
+// ---------------------------------------------------------------------------
+const BILLING_QUESTIONS = [
+    {
+        id: 'billing-01',
+        domain: 'billing',
+        question: 'What electronic invoice format is required in each country (e.g., CFDI in Mexico, FEL in Guatemala, Factura Electronica in Colombia)?',
+        rationale: 'Many countries mandate specific XML/JSON invoice formats validated by the tax authority.',
+        keywords: ['e-invoice', 'cfdi', 'fel', 'factura electronica', 'electronic invoice'],
+    },
+    {
+        id: 'billing-02',
+        domain: 'billing',
+        question: 'Does the tax authority require real-time certification or pre-authorization of invoices?',
+        rationale: 'Some countries require invoices to be stamped by an authorized provider before delivery.',
+        keywords: ['pac', 'certification', 'tax stamp', 'timbrado', 'authorization'],
+    },
+    {
+        id: 'billing-03',
+        domain: 'billing',
+        question: 'What is the mandatory fiscal document retention period in each country?',
+        rationale: 'Fiscal retention periods (often 5-10 years) may exceed general data retention rules.',
+        keywords: ['fiscal retention', 'document retention', 'tax records', 'archive'],
+    },
+    {
+        id: 'billing-04',
+        domain: 'billing',
+        question: 'What mandatory fields must appear on invoices and receipts in each country?',
+        rationale: 'Missing mandatory fields (tax ID, address, tax breakdown) can invalidate an invoice.',
+        keywords: ['mandatory fields', 'invoice fields', 'tax id', 'rfc', 'nit'],
+    },
+    {
+        id: 'billing-05',
+        domain: 'billing',
+        question: 'Are digital signatures or cryptographic seals required on fiscal documents?',
+        rationale: 'Digital signatures ensure document integrity and are legally required in several countries.',
+        keywords: ['digital signature', 'cryptographic seal', 'fiel', 'firma electronica'],
+    },
+    {
+        id: 'billing-06',
+        domain: 'billing',
+        question: 'What periodic tax reporting obligations exist (e.g., monthly VAT returns, annual summaries)?',
+        rationale: 'The system may need to generate or export data in formats required for tax filings.',
+        keywords: ['tax reporting', 'vat return', 'tax filing', 'periodic report'],
+    },
+];
+// ---------------------------------------------------------------------------
+// Health domain — health data, patients, medical records
+// ---------------------------------------------------------------------------
+const HEALTH_QUESTIONS = [
+    {
+        id: 'health-01',
+        domain: 'health',
+        question: 'What health data protection laws apply (e.g., HIPAA, NOM-024 in Mexico, LGPD health provisions)?',
+        rationale: 'Health data has stricter protections than general personal data in most jurisdictions.',
+        keywords: ['hipaa', 'health data', 'medical records', 'phi', 'nom-024'],
+    },
+    {
+        id: 'health-02',
+        domain: 'health',
+        question: 'What informed consent requirements exist for collecting and processing health data?',
+        rationale: 'Health data typically requires explicit, specific consent separate from general terms.',
+        keywords: ['informed consent', 'patient consent', 'health consent'],
+    },
+    {
+        id: 'health-03',
+        domain: 'health',
+        question: 'What interoperability standards are required or recommended (e.g., HL7 FHIR, DICOM)?',
+        rationale: 'Some jurisdictions mandate specific health data exchange formats for system interoperability.',
+        keywords: ['hl7', 'fhir', 'dicom', 'interoperability', 'health exchange'],
+    },
+    {
+        id: 'health-04',
+        domain: 'health',
+        question: 'What access control requirements exist for health data (role-based access, minimum necessary)?',
+        rationale: 'Health regulations typically require strict access controls with audit capabilities.',
+        keywords: ['access control', 'rbac', 'minimum necessary', 'need to know'],
+    },
+    {
+        id: 'health-05',
+        domain: 'health',
+        question: 'What audit trail requirements exist for health record access and modifications?',
+        rationale: 'Audit logs for health data access are legally required in most health data frameworks.',
+        keywords: ['audit trail', 'audit log', 'access log', 'health audit'],
+    },
+    {
+        id: 'health-06',
+        domain: 'health',
+        question: 'What patient data portability rights exist (e.g., right to export medical records)?',
+        rationale: 'Patients may have the right to receive their health data in a structured, portable format.',
+        keywords: ['data portability', 'patient rights', 'medical record export'],
+    },
+];
+// ---------------------------------------------------------------------------
+// Fintech domain — payments, banking, financial services
+// ---------------------------------------------------------------------------
+const FINTECH_QUESTIONS = [
+    {
+        id: 'fintech-01',
+        domain: 'fintech',
+        question: 'What PCI-DSS compliance level is required based on transaction volume and data handling?',
+        rationale: 'PCI-DSS is a global standard but compliance level depends on how card data is processed.',
+        keywords: ['pci-dss', 'pci', 'card data', 'payment security'],
+    },
+    {
+        id: 'fintech-02',
+        domain: 'fintech',
+        question: 'What KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements apply?',
+        rationale: 'Financial services must verify customer identity and monitor for suspicious transactions.',
+        keywords: [
+            'kyc',
+            'aml',
+            'know your customer',
+            'anti-money laundering',
+            'identity verification',
+        ],
+    },
+    {
+        id: 'fintech-03',
+        domain: 'fintech',
+        question: 'What financial licenses or registrations are required to operate in each country?',
+        rationale: 'Operating without proper licensing can result in criminal penalties and service shutdown.',
+        keywords: ['financial license', 'fintech license', 'banking license', 'money transmitter'],
+    },
+    {
+        id: 'fintech-04',
+        domain: 'fintech',
+        question: 'What regulatory reporting obligations exist (e.g., suspicious activity reports, transaction reporting)?',
+        rationale: 'Financial institutions must file reports with regulators on specific transaction patterns.',
+        keywords: ['regulatory reporting', 'sar', 'suspicious activity', 'transaction reporting'],
+    },
+    {
+        id: 'fintech-05',
+        domain: 'fintech',
+        question: 'What transaction limits or thresholds trigger additional compliance requirements?',
+        rationale: 'Certain transaction amounts trigger enhanced due diligence or reporting obligations.',
+        keywords: ['transaction limits', 'threshold', 'enhanced due diligence', 'ctr'],
+    },
+    {
+        id: 'fintech-06',
+        domain: 'fintech',
+        question: 'What fraud prevention and detection measures are legally required?',
+        rationale: 'Some jurisdictions mandate specific fraud prevention mechanisms for financial services.',
+        keywords: ['fraud prevention', 'fraud detection', 'strong authentication', 'sca', 'psd2'],
+    },
+];
+// ---------------------------------------------------------------------------
+// Education domain — students, minors, educational content
+// ---------------------------------------------------------------------------
+const EDUCATION_QUESTIONS = [
+    {
+        id: 'education-01',
+        domain: 'education',
+        question: "What laws protect minors' data in each country (e.g., COPPA, GDPR-K, local equivalents)?",
+        rationale: "Processing children's data has the strictest requirements in most legal frameworks.",
+        keywords: ['coppa', 'children', 'minor', 'gdpr-k', 'child data'],
+    },
+    {
+        id: 'education-02',
+        domain: 'education',
+        question: 'What parental or guardian consent mechanisms are required for users under the age threshold?',
+        rationale: 'Age thresholds vary (13 in US, 16 in some EU countries) and consent mechanisms differ.',
+        keywords: ['parental consent', 'guardian consent', 'age threshold', 'verifiable consent'],
+    },
+    {
+        id: 'education-03',
+        domain: 'education',
+        question: 'Are there regulations on educational content quality, certification, or accreditation?',
+        rationale: 'Educational platforms may need accreditation or must follow curriculum standards.',
+        keywords: ['accreditation', 'educational content', 'curriculum', 'certification'],
+    },
+    {
+        id: 'education-04',
+        domain: 'education',
+        question: 'What student privacy laws apply (e.g., FERPA, local student data protection)?',
+        rationale: 'Student records have special protections beyond general data protection in many countries.',
+        keywords: ['ferpa', 'student privacy', 'student records', 'educational records'],
+    },
+];
+// ---------------------------------------------------------------------------
+// E-commerce domain — online retail, consumer transactions
+// ---------------------------------------------------------------------------
+const ECOMMERCE_QUESTIONS = [
+    {
+        id: 'ecommerce-01',
+        domain: 'ecommerce',
+        question: 'What consumer protection laws apply to online sales in each country?',
+        rationale: 'Consumer protection rights (cooling-off periods, warranties) vary significantly by country.',
+        keywords: ['consumer protection', 'consumer rights', 'warranty', 'cooling-off'],
+    },
+    {
+        id: 'ecommerce-02',
+        domain: 'ecommerce',
+        question: 'What are the mandatory return, refund, and cancellation rights for online purchases?',
+        rationale: 'Many countries grant statutory return rights (e.g., 14 days in EU) that override store policy.',
+        keywords: ['return policy', 'refund', 'cancellation', 'right of withdrawal'],
+    },
+    {
+        id: 'ecommerce-03',
+        domain: 'ecommerce',
+        question: 'What receipt or invoice requirements apply to online transactions in each country?',
+        rationale: 'Online merchants must provide purchase confirmations with specific content in many jurisdictions.',
+        keywords: ['receipt', 'purchase confirmation', 'order confirmation', 'invoice'],
+    },
+    {
+        id: 'ecommerce-04',
+        domain: 'ecommerce',
+        question: 'What distance selling regulations apply (pre-contractual information, confirmation requirements)?',
+        rationale: 'Distance selling laws require specific information before and after purchase.',
+        keywords: ['distance selling', 'pre-contractual', 'terms and conditions', 'online contract'],
+    },
+];
+// ---------------------------------------------------------------------------
+// AI/ML domain — artificial intelligence, machine learning systems
+// ---------------------------------------------------------------------------
+const AI_ML_QUESTIONS = [
+    {
+        id: 'ai-ml-01',
+        domain: 'ai-ml',
+        question: 'What AI-specific regulations apply in each country (e.g., EU AI Act, local AI guidelines)?',
+        rationale: 'AI regulation is rapidly evolving with the EU AI Act as the most comprehensive framework.',
+        keywords: ['ai act', 'ai regulation', 'artificial intelligence', 'ai governance'],
+    },
+    {
+        id: 'ai-ml-02',
+        domain: 'ai-ml',
+        question: 'What explainability or transparency requirements exist for AI/ML-driven decisions?',
+        rationale: 'Many jurisdictions require that automated decisions be explainable to affected individuals.',
+        keywords: ['explainability', 'transparency', 'xai', 'interpretability', 'black box'],
+    },
+    {
+        id: 'ai-ml-03',
+        domain: 'ai-ml',
+        question: 'What restrictions exist on training data collection, usage, and bias mitigation?',
+        rationale: 'Training data may be subject to copyright, consent requirements, and bias auditing.',
+        keywords: ['training data', 'bias', 'fairness', 'data collection', 'copyright'],
+    },
+    {
+        id: 'ai-ml-04',
+        domain: 'ai-ml',
+        question: 'What rights do users have regarding automated decision-making (e.g., right to human review)?',
+        rationale: 'GDPR Art. 22 and similar laws grant rights against solely automated decisions with legal effects.',
+        keywords: ['automated decision', 'human review', 'right to contest', 'profiling'],
+    },
+];
+// ---------------------------------------------------------------------------
+// Social domain — social platforms, user-generated content
+// ---------------------------------------------------------------------------
+const SOCIAL_QUESTIONS = [
+    {
+        id: 'social-01',
+        domain: 'social',
+        question: 'What content moderation obligations exist (e.g., DSA, NetzDG, local platform liability)?',
+        rationale: 'Platform liability for user content varies from safe harbor to active moderation duties.',
+        keywords: ['content moderation', 'dsa', 'netzDG', 'platform liability', 'takedown'],
+    },
+    {
+        id: 'social-02',
+        domain: 'social',
+        question: 'What age verification mechanisms are required for social platforms?',
+        rationale: 'Several countries now mandate age verification beyond simple self-declaration.',
+        keywords: ['age verification', 'age gate', 'age assurance', 'social media age'],
+    },
+    {
+        id: 'social-03',
+        domain: 'social',
+        question: 'What liability framework applies to user-generated content in each country?',
+        rationale: 'Platforms may be liable for UGC under certain conditions depending on jurisdiction.',
+        keywords: ['user-generated content', 'ugc', 'liability', 'safe harbor', 'notice and takedown'],
+    },
+    {
+        id: 'social-04',
+        domain: 'social',
+        question: 'What right-to-be-forgotten or content removal obligations exist?',
+        rationale: 'Users may have the right to request removal of their content and personal data from the platform.',
+        keywords: ['right to be forgotten', 'content removal', 'erasure', 'delisting'],
+    },
+];
+// ---------------------------------------------------------------------------
+// Gaming domain — video games, online gaming, gambling
+// ---------------------------------------------------------------------------
+const GAMING_QUESTIONS = [
+    {
+        id: 'gaming-01',
+        domain: 'gaming',
+        question: 'What age rating or age gate requirements apply to games in each country?',
+        rationale: 'Most countries require age classification systems (ESRB, PEGI, CERO) for games.',
+        keywords: ['age rating', 'esrb', 'pegi', 'cero', 'age gate', 'content rating'],
+    },
+    {
+        id: 'gaming-02',
+        domain: 'gaming',
+        question: 'What regulations apply to loot boxes, gacha mechanics, or randomized paid items?',
+        rationale: 'Several countries classify loot boxes as gambling or require probability disclosures.',
+        keywords: ['loot box', 'gacha', 'randomized', 'probability disclosure', 'paid items'],
+    },
+    {
+        id: 'gaming-03',
+        domain: 'gaming',
+        question: 'Does the game involve real-money gambling, and what licensing is required?',
+        rationale: 'Real-money gambling requires specific licenses in virtually every jurisdiction.',
+        keywords: ['gambling license', 'betting', 'real-money', 'wagering', 'gambling regulation'],
+    },
+    {
+        id: 'gaming-04',
+        domain: 'gaming',
+        question: 'What addiction prevention or responsible gaming measures are required?',
+        rationale: 'Some countries mandate playtime warnings, spending limits, or cool-down mechanics.',
+        keywords: [
+            'addiction prevention',
+            'responsible gaming',
+            'playtime',
+            'spending limit',
+            'cool-down',
+        ],
+    },
+];
+// ---------------------------------------------------------------------------
+// Full catalog
+// ---------------------------------------------------------------------------
+/** Complete catalog of legal questions organized by domain */
+export const LEGAL_QUESTIONS = [
+    ...UNIVERSAL_QUESTIONS,
+    ...BILLING_QUESTIONS,
+    ...HEALTH_QUESTIONS,
+    ...FINTECH_QUESTIONS,
+    ...EDUCATION_QUESTIONS,
+    ...ECOMMERCE_QUESTIONS,
+    ...AI_ML_QUESTIONS,
+    ...SOCIAL_QUESTIONS,
+    ...GAMING_QUESTIONS,
+];
+// ---------------------------------------------------------------------------
+// Query functions
+// ---------------------------------------------------------------------------
+/**
+ * Returns all questions for the given domains, always including 'universal'.
+ * Deduplicates in case 'universal' is already in the input list.
+ */
+export function getQuestionsForDomains(domains) {
+    const domainSet = new Set(domains);
+    domainSet.add('universal');
+    return LEGAL_QUESTIONS.filter((q) => domainSet.has(q.domain));
+}
+/**
+ * Builds a prompt string that an LLM can use to investigate legal requirements
+ * for a project's target countries and applicable domains.
+ */
+export function buildLegalPrompt(questions, countries, specDescription) {
+    const countryList = countries.join(', ');
+    const questionBlocks = questions
+        .map((q) => `### ${q.id}\n**Question:** ${q.question}\n**Why it matters:** ${q.rationale}\n**Keywords:** ${q.keywords.join(', ')}`)
+        .join('\n\n');
+    return `You are a legal compliance analyst. Investigate the following legal questions for a software project.
+
+## Project Description
+${specDescription}
+
+## Target Countries
+${countryList}
+
+## Instructions
+For each question below, research the applicable laws and regulations in EACH target country listed above. Then produce concrete, actionable acceptance criteria that a development team can implement.
+
+Your response MUST follow this format for each applicable regulation:
+- **Regulation**: Name and reference (e.g., "GDPR Art. 17 — Right to Erasure")
+- **Country**: Which country this applies to (or "all" if universal)
+- **Criterion**: A specific, testable acceptance criterion (e.g., "System MUST delete all personal data within 30 days of a verified erasure request")
+- **Priority**: mandatory | recommended | informational
+- **Reference**: URL to official documentation or legal text
+
+## Important Guidelines
+1. Check for regulatory updates enacted after 2024 — regulations change frequently.
+2. When multiple countries are listed, the final requirements are the UNION of all country-specific requirements. The strictest rule wins when requirements conflict.
+3. If a regulation does not apply to this specific project, skip it — do not generate irrelevant criteria.
+4. Be specific: "MUST encrypt health data at rest using AES-256" is better than "MUST protect data."
+5. Include both technical requirements (encryption, access control) and process requirements (policies, training).
+
+## Questions to Investigate
+
+${questionBlocks}
+
+## Output
+Return a JSON array of objects with this shape:
+\`\`\`json
+[
+  {
+    "regulation": "string",
+    "country": "string",
+    "criterion": "string",
+    "priority": "mandatory | recommended | informational",
+    "reference": "string | null"
+  }
+]
+\`\`\`
+
+Only return the JSON array, no additional text.`;
+}
+//# sourceMappingURL=question-framework.js.map

package/dist/engine/legal-compliance/question-framework.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"question-framework.js","sourceRoot":"","sources":["../../../src/engine/legal-compliance/question-framework.ts"],"names":[],"mappings":"AAEA,8EAA8E;AAC9E,oEAAoE;AACpE,8EAA8E;AAC9E,MAAM,mBAAmB,GAAoB;IAC3C;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,yFAAyF;QAC3F,SAAS,EACP,2GAA2G;QAC7G,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,eAAe,CAAC;KAChF;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,oGAAoG;QACtG,SAAS,EACP,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,YAAY,CAAC;KAC7D;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EAAE,iFAAiF;QAC3F,SAAS,EACP,8FAA8F;QAChG,QAAQ,EAAE,CAAC,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC;KAC1D;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,yFAAyF;QAC3F,SAAS,EACP,uFAAuF;QACzF,QAAQ,EAAE,CAAC,gBAAgB,EAAE,UAAU,EAAE,kBAAkB,EAAE,oBAAoB,CAAC;KACnF;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,4FAA4F;QAC9F,SAAS,EACP,gGAAgG;QAClG,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,qBAAqB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,2FAA2F;QAC7F,SAAS,EACP,0FAA0F;QAC5F,QAAQ,EAAE,CAAC,qBAAqB,EAAE,aAAa,EAAE,mBAAmB,EAAE,uBAAuB,CAAC;KAC/F;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,sFAAsF;QACxF,SAAS,EACP,kHAAkH;QACpH,QAAQ,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,KAAK,EAAE,UAAU,EAAE,mBAAmB,CAAC;KACpF;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,uFAAuF;QACzF,SAAS,EACP,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,mBAAmB,CAAC;KACnF;CACF,CAAC;AAEF,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAC9E,MAAM,iBAAiB,GAAoB;IACzC;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EACN,uIAAuI;QACzI,SAAS,EACP,0FAA0F;QAC5F,QAAQ,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,qBAAqB,EAAE,oBAAoB,CAAC;KACpF;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EACN,0FAA0F;QAC5F,SAAS,EACP,0FAA0F;QAC5F,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,CAAC;KAC7E;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,yEAAyE;QACnF,SAAS,EACP,sFAAsF;QACxF,QAAQ,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,EAAE,aAAa,EAAE,SAAS,CAAC;KAC/E;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,6EAA6E;QACvF,SAAS,EACP,sFAAsF;QACxF,QAAQ,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC;KACzE;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,6EAA6E;QACvF,SAAS,EACP,6FAA6F;QAC/F,QAAQ,EAAE,CAAC,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,EAAE,mBAAmB,CAAC;KACnF;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EACN,8FAA8F;QAChG,SAAS,EACP,qFAAqF;QACvF,QAAQ,EAAE,CAAC,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,CAAC;KAC3E;CACF,CAAC;AAEF,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAC9E,MAAM,gBAAgB,GAAoB;IACxC;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EACN,kGAAkG;QACpG,SAAS,EACP,wFAAwF;QAC1F,QAAQ,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,CAAC;KACxE;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,qFAAqF;QAC/F,SAAS,EACP,wFAAwF;QAC1F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,gBAAgB,CAAC;KACpE;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EACN,sFAAsF;QACxF,SAAS,EACP,+FAA+F;QACjG,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,CAAC;KAC1E;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EACN,gGAAgG;QAClG,SAAS,EACP,sFAAsF;QACxF,QAAQ,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,mBAAmB,EAAE,cAAc,CAAC;KAC1E;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,iFAAiF;QAC3F,SAAS,EACP,wFAAwF;QAC1F,QAAQ,EAAE,CAAC,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,cAAc,CAAC;KACrE;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,qFAAqF;QAC/F,SAAS,EACP,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,uBAAuB,CAAC;KAC1E;CACF,CAAC;AAEF,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAC9E,MAAM,iBAAiB,GAAoB;IACzC;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EACN,0FAA0F;QAC5F,SAAS,EACP,0FAA0F;QAC5F,QAAQ,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,kBAAkB,CAAC;KAC9D;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,mFAAmF;QAC7F,SAAS,EACP,2FAA2F;QAC7F,QAAQ,EAAE;YACR,KAAK;YACL,KAAK;YACL,oBAAoB;YACpB,uBAAuB;YACvB,uBAAuB;SACxB;KACF;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,mFAAmF;QAC7F,SAAS,EACP,2FAA2F;QAC7F,QAAQ,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,mBAAmB,CAAC;KAC3F;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EACN,yGAAyG;QAC3G,SAAS,EACP,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,sBAAsB,EAAE,KAAK,EAAE,qBAAqB,EAAE,uBAAuB,CAAC;KAC1F;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,mFAAmF;QAC7F,SAAS,EACP,sFAAsF;QACxF,QAAQ,EAAE,CAAC,oBAAoB,EAAE,WAAW,EAAE,wBAAwB,EAAE,KAAK,CAAC;KAC/E;IACD;QACE,EAAE,EAAE,YAAY;QAChB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,oEAAoE;QAC9E,SAAS,EACP,yFAAyF;QAC3F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,KAAK,EAAE,MAAM,CAAC;KAC1F;CACF,CAAC;AAEF,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAC9E,MAAM,mBAAmB,GAAoB;IAC3C;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,0FAA0F;QAC5F,SAAS,EACP,qFAAqF;QACvF,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC;KACjE;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,8FAA8F;QAChG,SAAS,EACP,wFAAwF;QAC1F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,eAAe,EAAE,oBAAoB,CAAC;KAC1F;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,wFAAwF;QAC1F,SAAS,EAAE,mFAAmF;QAC9F,QAAQ,EAAE,CAAC,eAAe,EAAE,qBAAqB,EAAE,YAAY,EAAE,eAAe,CAAC;KAClF;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EAAE,+EAA+E;QACzF,SAAS,EACP,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,qBAAqB,CAAC;KACjF;CACF,CAAC;AAEF,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAC9E,MAAM,mBAAmB,GAAoB;IAC3C;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EAAE,sEAAsE;QAChF,SAAS,EACP,6FAA6F;QAC/F,QAAQ,EAAE,CAAC,qBAAqB,EAAE,iBAAiB,EAAE,UAAU,EAAE,aAAa,CAAC;KAChF;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,sFAAsF;QACxF,SAAS,EACP,gGAAgG;QAClG,QAAQ,EAAE,CAAC,eAAe,EAAE,QAAQ,EAAE,cAAc,EAAE,qBAAqB,CAAC;KAC7E;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EAAE,oFAAoF;QAC9F,SAAS,EACP,mGAAmG;QACrG,QAAQ,EAAE,CAAC,SAAS,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,SAAS,CAAC;KAChF;IACD;QACE,EAAE,EAAE,cAAc;QAClB,MAAM,EAAE,WAAW;QACnB,QAAQ,EACN,mGAAmG;QACrG,SAAS,EAAE,+EAA+E;QAC1F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,iBAAiB,CAAC;KAC7F;CACF,CAAC;AAEF,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAC9E,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,UAAU;QACd,MAAM,EAAE,OAAO;QACf,QAAQ,EACN,4FAA4F;QAC9F,SAAS,EACP,2FAA2F;QAC7F,QAAQ,EAAE,CAAC,QAAQ,EAAE,eAAe,EAAE,yBAAyB,EAAE,eAAe,CAAC;KAClF;IACD;QACE,EAAE,EAAE,UAAU;QACd,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,oFAAoF;QAC9F,SAAS,EACP,6FAA6F;QAC/F,QAAQ,EAAE,CAAC,gBAAgB,EAAE,cAAc,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,CAAC;KACrF;IACD;QACE,EAAE,EAAE,UAAU;QACd,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,kFAAkF;QAC5F,SAAS,EACP,qFAAqF;QACvF,QAAQ,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,iBAAiB,EAAE,WAAW,CAAC;KAChF;IACD;QACE,EAAE,EAAE,UAAU;QACd,MAAM,EAAE,OAAO;QACf,QAAQ,EACN,8FAA8F;QAChG,SAAS,EACP,mGAAmG;QACrG,QAAQ,EAAE,CAAC,oBAAoB,EAAE,cAAc,EAAE,kBAAkB,EAAE,WAAW,CAAC;KAClF;CACF,CAAC;AAEF,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAC9E,MAAM,gBAAgB,GAAoB;IACxC;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EACN,0FAA0F;QAC5F,SAAS,EACP,0FAA0F;QAC5F,QAAQ,EAAE,CAAC,oBAAoB,EAAE,KAAK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,UAAU,CAAC;KACpF;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,qEAAqE;QAC/E,SAAS,EAAE,gFAAgF;QAC3F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,CAAC;KAChF;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,6EAA6E;QACvF,SAAS,EACP,qFAAqF;QACvF,QAAQ,EAAE,CAAC,wBAAwB,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,qBAAqB,CAAC;KAC/F;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,kEAAkE;QAC5E,SAAS,EACP,mGAAmG;QACrG,QAAQ,EAAE,CAAC,uBAAuB,EAAE,iBAAiB,EAAE,SAAS,EAAE,WAAW,CAAC;KAC/E;CACF,CAAC;AAEF,8EAA8E;AAC9E,uDAAuD;AACvD,8EAA8E;AAC9E,MAAM,gBAAgB,GAAoB;IACxC;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,0EAA0E;QACpF,SAAS,EAAE,iFAAiF;QAC5F,QAAQ,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC;KAC/E;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,kFAAkF;QAC5F,SAAS,EACP,uFAAuF;QACzF,QAAQ,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,YAAY,EAAE,wBAAwB,EAAE,YAAY,CAAC;KACtF;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,4EAA4E;QACtF,SAAS,EAAE,iFAAiF;QAC5F,QAAQ,EAAE,CAAC,kBAAkB,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,qBAAqB,CAAC;KAC3F;IACD;QACE,EAAE,EAAE,WAAW;QACf,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,wEAAwE;QAClF,SAAS,EAAE,oFAAoF;QAC/F,QAAQ,EAAE;YACR,sBAAsB;YACtB,oBAAoB;YACpB,UAAU;YACV,gBAAgB;YAChB,WAAW;SACZ;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,8DAA8D;AAC9D,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,GAAG,mBAAmB;IACtB,GAAG,iBAAiB;IACpB,GAAG,gBAAgB;IACnB,GAAG,iBAAiB;IACpB,GAAG,mBAAmB;IACtB,GAAG,mBAAmB;IACtB,GAAG,eAAe;IAClB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;CACpB,CAAC;AAEF,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAsB;IAC3D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAc,OAAO,CAAC,CAAC;IAChD,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAA0B,EAC1B,SAAmB,EACnB,eAAuB;IAEvB,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzC,MAAM,cAAc,GAAG,SAAS;SAC7B,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CACJ,OAAO,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC,QAAQ,yBAAyB,CAAC,CAAC,SAAS,mBAAmB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzH;SACA,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO;;;EAGP,eAAe;;;EAGf,WAAW;;;;;;;;;;;;;;;;;;;;;EAqBX,cAAc;;;;;;;;;;;;;;;;gDAgBgC,CAAC;AACjD,CAAC"}

package/dist/engine/validator/dor-dod.d.ts

@@ -1,4 +1,4 @@
-import type { Spec, ValidateResult, DefinitionOfReady, DefinitionOfDone } from '../../types/index.js';
+import type { Spec, ValidateResult, DefinitionOfReady, DefinitionOfDone, CodeState } from '../../types/index.js';
 /**
  * Generate a Definition of Ready checklist for a spec.
  */
@@ -6,5 +6,5 @@ export declare function generateDoR(spec: Spec): DefinitionOfReady;
 /**
  * Generate a Definition of Done checklist for a spec.
  */
-export declare function generateDoD(spec: Spec, validationResult?: ValidateResult): Promise<DefinitionOfDone>;
+export declare function generateDoD(spec: Spec, validationResult?: ValidateResult, codeState?: CodeState): Promise<DefinitionOfDone>;
 //# sourceMappingURL=dor-dod.d.ts.map

package/dist/engine/validator/dor-dod.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dor-dod.d.ts","sourceRoot":"","sources":["../../../src/engine/validator/dor-dod.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,IAAI,EACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAGjB,MAAM,sBAAsB,CAAC;AAiG9B;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,IAAI,GAAG,iBAAiB,CAezD;AA8FD;;GAEG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,IAAI,EACV,gBAAgB,CAAC,EAAE,cAAc,GAChC,OAAO,CAAC,gBAAgB,CAAC,CA2B3B"}
+{"version":3,"file":"dor-dod.d.ts","sourceRoot":"","sources":["../../../src/engine/validator/dor-dod.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,IAAI,EACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAGhB,SAAS,EACV,MAAM,sBAAsB,CAAC;AAoG9B;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,IAAI,GAAG,iBAAiB,CAezD;AA+ID;;GAEG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,IAAI,EACV,gBAAgB,CAAC,EAAE,cAAc,EACjC,SAAS,CAAC,EAAE,SAAS,GACpB,OAAO,CAAC,gBAAgB,CAAC,CA+B3B"}

package/dist/engine/validator/dor-dod.js

@@ -1,8 +1,10 @@
 // Planu — Validator: Definition of Ready and Definition of Done generators
-import { readFile } from 'node:fs/promises';
-import { join, dirname } from 'node:path';
+import { readFile, readdir } from 'node:fs/promises';
+import { join, dirname, basename } from 'node:path';
 import { parseProgressActuals } from '../actuals/progress-parser.js';
 function buildDoRSpecItems(spec) {
+    // Adapt description to actual file name (modern: spec.md, legacy: HU.md)
+    const specFileName = spec.specPath ? basename(spec.specPath) : 'spec.md';
     return [
         {
             id: 'dor-1',
@@ -38,7 +40,7 @@ function buildDoRSpecItems(spec) {
         },
         {
             id: 'dor-5',
-            description: 'HU.md file exists',
+            description: `${specFileName} file exists`,
             category: 'spec',
             required: true,
             autoCheck: true,
@@ -47,10 +49,11 @@ function buildDoRSpecItems(spec) {
     ];
 }
 function buildDoRTechnicalItems(spec) {
+    const techFileName = spec.technicalPath ? basename(spec.technicalPath) : 'technical.md';
     return [
         {
             id: 'dor-6',
-            description: 'FICHA-TECNICA.md file exists',
+            description: `${techFileName} file exists`,
             category: 'design',
             required: true,
             autoCheck: true,
@@ -111,10 +114,12 @@ export function generateDoR(spec) {
         generatedAt: new Date().toISOString(),
     };
 }
-function buildDoDItems(spec, score, hasQualityIssues) {
+function buildDoDItems(spec, score, hasBlockingQualityIssues, hasTestFiles) {
     // If spec is already marked "done", manual gates are implicitly satisfied —
     // the user explicitly transitioned the spec, which implies review/tests/docs passed.
     const isDone = spec.status === 'done';
+    // If spec is "implementing" and test files exist, auto-pass test gates
+    const isImplementing = spec.status === 'implementing';
     return [
         {
             id: 'dod-1',
@@ -126,19 +131,19 @@ function buildDoDItems(spec, score, hasQualityIssues) {
         },
         {
             id: 'dod-2',
-            description: 'No critical quality issues',
+            description: 'No critical quality issues (errors only — warnings are non-blocking)',
             category: 'quality',
             required: true,
             autoCheck: true,
-            status: !hasQualityIssues ? 'passed' : 'failed',
+            status: !hasBlockingQualityIssues ? 'passed' : 'failed',
         },
         {
             id: 'dod-3',
             description: 'Unit tests written for new code',
             category: 'tests',
             required: true,
-            autoCheck: false,
-            status: isDone ? 'passed' : 'pending',
+            autoCheck: true,
+            status: isDone || hasTestFiles ? 'passed' : isImplementing ? 'failed' : 'pending',
         },
         {
             id: 'dod-4',
@@ -161,8 +166,8 @@ function buildDoDItems(spec, score, hasQualityIssues) {
             description: 'No regressions in existing tests',
             category: 'tests',
             required: true,
-            autoCheck: false,
-            status: isDone ? 'passed' : 'pending',
+            autoCheck: true,
+            status: isDone || hasTestFiles ? 'passed' : isImplementing ? 'failed' : 'pending',
         },
         {
             id: 'dod-7',
@@ -201,13 +206,56 @@ async function hasActuals(spec) {
         return false;
     } /* v8 ignore stop */
 }
+/**
+ * Detect if test files exist for the spec's affected code files.
+ */
+async function detectTestFiles(spec, codeState) {
+    // Collect affected files from codeState or impactAnalysis
+    const affectedFiles = [];
+    if (codeState?.affectedFiles && codeState.affectedFiles.length > 0) {
+        affectedFiles.push(...codeState.affectedFiles);
+    }
+    else if (spec.impactAnalysis?.affectedFiles) {
+        affectedFiles.push(...spec.impactAnalysis.affectedFiles);
+    }
+    /* v8 ignore start -- filesystem heuristic, tested via integration */
+    if (affectedFiles.length === 0) {
+        return false;
+    }
+    // Check if any affected file IS a test file
+    const testPatterns = ['.test.', '.spec.', '_test.', '_spec.', '/tests/', '/__tests__/'];
+    if (affectedFiles.some((f) => testPatterns.some((p) => f.includes(p)))) {
+        return true;
+    }
+    // Check if test counterparts exist for source files
+    const specDir = dirname(spec.specPath);
+    try {
+        const projectDir = join(specDir, '..', '..', '..');
+        const testsDir = join(projectDir, 'tests');
+        const testEntries = await readdir(testsDir, { recursive: true });
+        for (const file of affectedFiles) {
+            const base = basename(file).replace(/\.\w+$/, '');
+            if (testEntries.some((tf) => tf.includes(base) && testPatterns.some((p) => tf.includes(p)))) {
+                return true;
+            }
+        }
+    }
+    catch {
+        // No tests directory — can't auto-detect
+    }
+    return false;
+    /* v8 ignore stop */
+}
 /**
  * Generate a Definition of Done checklist for a spec.
  */
-export async function generateDoD(spec, validationResult) {
+export async function generateDoD(spec, validationResult, codeState) {
     const score = validationResult?.score ?? 0;
-    const hasQualityIssues = (validationResult?.qualityIssues.length ?? 0) > 0;
-    const items = buildDoDItems(spec, score, hasQualityIssues);
+    // Only errors and critical issues block DoD — warnings and info are non-blocking
+    const blockingSeverities = ['error', 'critical'];
+    const hasBlockingQualityIssues = validationResult?.qualityIssues.some((i) => blockingSeverities.includes(i.severity)) ?? false;
+    const hasTestFiles = await detectTestFiles(spec, codeState);
+    const items = buildDoDItems(spec, score, hasBlockingQualityIssues, hasTestFiles);
     // Override actuals check with progress.md parsing
     const actualsItem = items.find((i) => i.id === 'dod-8');
     if (actualsItem?.status === 'pending') {