@shenlee/devcrew 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/README.md +15 -7
  2. package/README.zh-CN.md +12 -7
  3. package/dist/packages/adapters/src/index.js +204 -10
  4. package/dist/packages/core/src/active-run.js +13 -1
  5. package/dist/packages/core/src/artifacts.js +14 -4
  6. package/dist/packages/core/src/config.js +88 -17
  7. package/dist/packages/core/src/index.js +1 -0
  8. package/dist/packages/core/src/lock.js +89 -0
  9. package/dist/packages/core/src/paths.js +10 -6
  10. package/dist/packages/core/src/store.js +40 -0
  11. package/dist/packages/core/src/types.js +4 -1
  12. package/dist/packages/core/src/validation.js +7 -1
  13. package/dist/packages/core/src/version.js +1 -1
  14. package/dist/packages/core/src/workflow.js +87 -12
  15. package/dist/packages/orchestrator/src/index.js +317 -18
  16. package/dist/packages/plugins/src/index.js +2 -32
  17. package/dist/packages/service/src/tools.js +117 -17
  18. package/docs/claude-code.md +18 -3
  19. package/docs/codex.md +22 -5
  20. package/docs/quickstart.md +1 -1
  21. package/docs/superpowers/plans/2026-07-13-safety-semantics.md +313 -0
  22. package/docs/superpowers/plans/2026-07-14-p0-remediation.md +213 -0
  23. package/docs/superpowers/plans/2026-07-14-reliability-recovery.md +208 -0
  24. package/docs/superpowers/plans/2026-07-14-structured-role-results.md +231 -0
  25. package/docs/superpowers/specs/2026-07-13-execution-boundaries-design.md +126 -0
  26. package/docs/superpowers/specs/2026-07-14-p0-remediation-design.md +52 -0
  27. package/docs/superpowers/specs/2026-07-14-reliability-recovery-design.md +92 -0
  28. package/docs/superpowers/specs/2026-07-14-structured-role-results-design.md +96 -0
  29. package/docs/workflow.md +28 -4
  30. package/package.json +1 -1
  31. package/packages/adapters/src/index.ts +250 -13
  32. package/packages/core/src/active-run.ts +13 -1
  33. package/packages/core/src/artifacts.ts +16 -4
  34. package/packages/core/src/config.ts +97 -18
  35. package/packages/core/src/index.ts +1 -0
  36. package/packages/core/src/lock.ts +104 -0
  37. package/packages/core/src/paths.ts +11 -6
  38. package/packages/core/src/store.ts +45 -1
  39. package/packages/core/src/types.ts +92 -2
  40. package/packages/core/src/validation.ts +10 -0
  41. package/packages/core/src/version.ts +1 -1
  42. package/packages/core/src/workflow.ts +101 -11
  43. package/packages/orchestrator/src/index.ts +349 -19
  44. package/packages/plugins/src/index.ts +2 -44
  45. package/packages/service/src/tools.ts +126 -15
  46. package/plugins/devcrew-codex/.codex-plugin/plugin.json +1 -1
  47. package/plugins/devcrew-codex/.mcp.json +1 -1
  48. package/plugins/devcrew-codex/skills/devcrew/SKILL.md +8 -7
  49. package/scripts/smoke-codex-plugin.mjs +1 -1
  50. package/plugins/devcrew-codex/agents/architect.toml +0 -12
  51. package/plugins/devcrew-codex/agents/implementer.toml +0 -12
  52. package/plugins/devcrew-codex/agents/pm.toml +0 -13
  53. package/plugins/devcrew-codex/agents/tester.toml +0 -12
@@ -0,0 +1,126 @@
1
+ # DevCrew Execution Boundaries Design
2
+
3
+ ## Goal
4
+
5
+ Make DevCrew's approval, verification, and role boundaries match its public
6
+ product claims. Interactive work must execute through the host agent's native
7
+ permission model. Headless work may use host SDKs only under an explicit,
8
+ auditable DevCrew execution policy.
9
+
10
+ ## Scope
11
+
12
+ This change is delivered in three independently releasable slices:
13
+
14
+ 1. Safety semantics: explicit execution policy and verification-failure
15
+ promotion blocking.
16
+ 2. Workflow semantics: execution-time architecture compliance review and
17
+ structured role questions/results.
18
+ 3. Productisation: effective artifact configuration and real-host integration
19
+ coverage.
20
+
21
+ The existing isolated Git worktree and binary patch promotion remain the sole
22
+ mechanism for moving apply-mode changes into the requester repository.
23
+
24
+ ## Execution Planes
25
+
26
+ ### Interactive host plane
27
+
28
+ Interactive Codex and Claude Code workflows do not invoke the Codex or Claude
29
+ SDK to modify repository files. DevCrew MCP owns durable workflow state,
30
+ artifacts, gate validation, execution worktree creation, patch capture, and
31
+ promotion. It exposes a structured execution instruction containing the role,
32
+ worktree path, approved context, and required result schema. The active host
33
+ agent or a native host subagent performs the work with the host's ordinary
34
+ sandbox and approval UI, then submits the result to DevCrew.
35
+
36
+ This plane must never claim that a nested SDK session inherits the interactive
37
+ host's current approval decisions.
38
+
39
+ ### Headless SDK plane
40
+
41
+ Headless and CI workflows retain SDK orchestration, but `apply` requires an
42
+ explicit `executionPolicy`. The initial policy set is:
43
+
44
+ - `interactive-host`: no nested SDK execution; valid only for an interactive
45
+ host integration.
46
+ - `headless-restricted`: SDK execution in the DevCrew worktree with a declared
47
+ minimal tool surface and no hidden user-prompt assumption.
48
+ - `headless-unattended`: an explicitly opted-in unattended SDK policy for CI;
49
+ its audit record makes the autonomy clear.
50
+
51
+ The policy, backend, allowed capabilities, and any waiver are recorded in run
52
+ state and shown in review artifacts. `acceptEdits`, bare `allowedTools`, and an
53
+ implicit Codex approval policy are not described as inherited host approvals.
54
+
55
+ ## Verification And Promotion
56
+
57
+ After isolated testing, DevCrew computes a verification status:
58
+
59
+ - `passed`: every configured or discovered verification command exited zero.
60
+ - `failed`: at least one command exited nonzero or timed out.
61
+ - `not_run`: no verification command was available.
62
+
63
+ Only `passed` can open the normal `testing` approval gate. A failed result
64
+ moves the run to `awaiting_input` with the failure evidence and preserves the
65
+ worktree. A requester may either supply feedback that returns the run to
66
+ `execution`, or invoke a dedicated risk-waiver operation with a non-empty
67
+ reason. The waiver is persistent, appears in the test report and acceptance
68
+ artifact, and is the only path that can open a testing approval gate after a
69
+ failed verification.
70
+
71
+ `not_run` remains reviewable but is visibly distinct from `passed`; it cannot
72
+ be silently represented as successful verification.
73
+
74
+ ## Execution-Time Architecture Review
75
+
76
+ The current implementation-plan gate approves a plan and cannot approve the
77
+ subsequent code diff. Add an `implementation-review` gate after execution and
78
+ before testing. The architect role receives the approved architecture artifact,
79
+ captured binary diff, changed-file list, lint evidence, and structured
80
+ implementation result. It returns a structured compliance decision.
81
+
82
+ Only an approved implementation review advances to testing. Rejection records
83
+ feedback and returns to execution with the existing isolated worktree intact.
84
+ The existing `implementation-review.md` remains an artifact, but becomes the
85
+ architect's real review output rather than a rendered checklist.
86
+
87
+ ## Structured Role Results And Clarification
88
+
89
+ Each role result is a validated JSON envelope with a Markdown body plus
90
+ role-specific fields. At minimum, PM returns `questions`, architect returns a
91
+ compliance decision, implementer returns changed-file and command evidence, and
92
+ tester returns case/evidence summaries. Markdown remains the human-facing
93
+ artifact format.
94
+
95
+ If PM returns one or more questions, requirements enter `awaiting_input`
96
+ without opening an approval gate. `devcrew_answer` records the answer and
97
+ re-runs PM. A requirements gate opens only when the PM result has no open
98
+ questions.
99
+
100
+ ## Configuration
101
+
102
+ `workflow.artifactDirectory` is used by all artifact path helpers, relative to
103
+ the repository root and validated to remain within that root. Core safety gates
104
+ are not freely removable. `workflow.gates` is replaced or constrained by a
105
+ validated sequence that must include requirements, architecture,
106
+ implementation, implementation-review, and testing for apply workflows.
107
+
108
+ ## Integration Coverage
109
+
110
+ Add tests for failed verification, risk waiver, no-verification status,
111
+ architecture-review rejection/revision, structured PM questions, and configured
112
+ artifact output. Preserve existing worktree-promotion coverage.
113
+
114
+ The production-like Codex marketplace smoke remains plan-mode and must verify
115
+ the published package version. Add isolated integration coverage for the
116
+ interactive execution handoff protocol and a real Claude plugin install/start
117
+ smoke. A real unattended apply smoke uses only a disposable fixture repository
118
+ and an explicitly selected headless policy.
119
+
120
+ ## Non-goals
121
+
122
+ - Do not remove worktree isolation or binary patch promotion.
123
+ - Do not automatically approve failed verification.
124
+ - Do not make arbitrary workflow graph customisation part of this release.
125
+ - Do not use generated role files as an execution mechanism until a host-native
126
+ integration consumes them explicitly.
@@ -0,0 +1,52 @@
1
+ # P0 Verification and Review Remediation Design
2
+
3
+ ## Goal
4
+
5
+ Close two apply-mode safety gaps: a run with no verification evidence must not
6
+ be promoted without an explicit waiver, and an architecture review that requires
7
+ changes must return to implementation before it can be reviewed again.
8
+
9
+ ## Verification Gate Semantics
10
+
11
+ `passed` is the only verification status that opens the normal `testing` gate.
12
+ Both `failed` and `not_run` set the testing gate to `rejected` and move the run
13
+ to `awaiting_input` with evidence explaining the condition.
14
+
15
+ The existing `devcrew_waive_verification` operation is the sole exception path
16
+ for either `failed` or `not_run`. It requires a non-empty requester risk reason,
17
+ persists the waiver, and reopens the testing gate. Promotion additionally
18
+ defends this invariant: any status other than `passed` requires a recorded
19
+ waiver, even if an invalid state was written by an older client.
20
+
21
+ ## Architecture Review Remediation
22
+
23
+ When the architect returns `changes_required`, DevCrew continues to record the
24
+ decision, artifact, and feedback, while keeping the isolated execution
25
+ worktree. The implementation-review gate becomes `rejected` and the run enters
26
+ `awaiting_input`.
27
+
28
+ After `devcrew_answer`, DevCrew records the response then transitions the same
29
+ run to `execution/ready`. It resets the implementation-review gate to
30
+ `not_started`; it does not run another architect review. A subsequent
31
+ `devcrew_continue` invokes the implementer in the existing worktree, captures a
32
+ new diff, and schedules a fresh architecture review. This mirrors the existing
33
+ testing-rejection remediation flow.
34
+
35
+ ## Error Handling and Compatibility
36
+
37
+ Existing persisted runs remain readable. A legacy run with `not_run` cannot be
38
+ promoted unless it has a waiver. The waiver tool's error message and validation
39
+ are expanded from "failed verification" to "failed or missing verification".
40
+ No new MCP tool or public state field is required.
41
+
42
+ ## Acceptance Tests
43
+
44
+ 1. Apply-mode testing with no discovered or configured commands results in
45
+ `verificationStatus: not_run`, `testing: rejected`, and `awaiting_input`.
46
+ 2. A non-empty waiver can reopen that `not_run` testing gate; an empty reason or
47
+ a run outside `failed`/`not_run` is rejected.
48
+ 3. Promotion rejects `not_run` without a waiver even if a caller manufactured a
49
+ pending testing gate.
50
+ 4. An architect `changes_required` decision followed by `devcrew_answer`
51
+ transitions to `execution/ready` in the existing worktree, and the next
52
+ continuation invokes the implementer rather than the architect.
@@ -0,0 +1,92 @@
1
+ # Configuration Integrity and Run Recovery Design
2
+
3
+ ## Goal
4
+
5
+ Reject unsafe DevCrew configuration before a workflow starts, serialize every
6
+ repository-mutating MCP operation, and give a requester an explicit, auditable
7
+ way to stop or recover an interrupted run without executing work automatically.
8
+
9
+ ## Scope
10
+
11
+ This change covers configuration validation, repository mutation locking,
12
+ terminal aborted runs, `devcrew_abort`, and `devcrew_recover`. It does not add
13
+ automatic run resumption, change execution permissions, or introduce a remote
14
+ lock service.
15
+
16
+ ## Configuration Contract
17
+
18
+ `readConfig` validates the complete version-1 shape rather than merging
19
+ untyped JSON into defaults.
20
+
21
+ - Top-level keys are limited to `version`, `defaultBackend`, `executionMode`,
22
+ `verifyCommands`, `lintCommands`, `coverageCommands`, and `workflow`.
23
+ - `defaultBackend`, `executionMode`, and every workflow gate must be members
24
+ of their exported enums.
25
+ - Command lists, when supplied, must be arrays of non-empty strings. Empty
26
+ lists remain valid; omitted command lists retain their version-1 default of
27
+ an empty array for backward compatibility.
28
+ - `workflow` may contain only `gates` and `artifactDirectory`; gates must be
29
+ unique. The existing runtime rule still makes implementation review and
30
+ testing mandatory.
31
+ - `artifactDirectory` must be a non-empty relative path whose resolved target
32
+ is inside the requester repository. Absolute paths and traversal outside the
33
+ repository are rejected before any artifact is written.
34
+
35
+ Unknown keys and invalid values fail closed with an error that names the
36
+ offending field. Existing default configuration remains valid.
37
+
38
+ ## Repository Mutation Lock
39
+
40
+ All MCP operations that can write a run, active-run pointer, artifact, or
41
+ execution worktree take one repository-wide lock at `.devcrew/lock` for their
42
+ full operation. This includes start, answer, approve, reject, continue,
43
+ complete-execution, waive-verification, abort, and recovery cleanup. Status
44
+ and artifact reads remain unlocked.
45
+
46
+ The lock is an atomically-created directory containing owner metadata:
47
+ process id, a random owner id, and creation time. A second mutating request
48
+ does not wait or retry; it returns a clear busy error and cannot overwrite the
49
+ first operation's state. The holder removes only its own lock in `finally`.
50
+
51
+ Normal operations never remove a lock they did not create. A lock whose owner
52
+ metadata is absent, invalid, or refers to a non-running local process is
53
+ considered stale, but it still requires the explicit recovery operation to
54
+ remove it. This prevents a timeout heuristic from treating a long-running SDK
55
+ call as abandoned.
56
+
57
+ ## Abort and Recovery Lifecycle
58
+
59
+ `RunStatus` gains terminal `aborted`, and `RunState` records an abort reason
60
+ and timestamp. An aborted run remains readable for audit but cannot continue,
61
+ approve, reject, answer, or complete execution. Repeating abort is idempotent
62
+ and preserves the first reason.
63
+
64
+ `devcrew_abort` accepts `cwd`, optional `runId`, and a non-empty `reason`.
65
+ Under the repository lock it records the abort, removes any isolated execution
66
+ worktree, and clears `active-run.json` only when it points at that run. If
67
+ worktree cleanup fails, the aborted state and audit evidence still persist;
68
+ the workspace reference remains for recovery.
69
+
70
+ `devcrew_recover` is explicit and never runs an agent or validation command.
71
+ It may remove a confirmed stale lock. When given a terminal run that retains
72
+ an execution workspace after an interrupted cleanup, it retries only that
73
+ worktree cleanup and clears the persisted workspace reference on success. A
74
+ live lock is never overridden.
75
+
76
+ ## MCP and Error Semantics
77
+
78
+ The service exposes `devcrew_abort` and `devcrew_recover`. Both use the
79
+ existing optional-run-id resolution where applicable. Tool results retain the
80
+ current state summary; an aborted run reports `status=aborted`. Busy locks,
81
+ invalid configuration, live-lock recovery, and invalid abort/recovery targets
82
+ return normal structured MCP errors.
83
+
84
+ ## Tests
85
+
86
+ - Config tests cover unknown fields, invalid enum/gate/command values,
87
+ duplicate gates, absolute artifact directories, and parent traversal.
88
+ - Service tests cover lock contention between mutation calls, while reads stay
89
+ available.
90
+ - Orchestrator/service tests cover abort audit persistence, worktree cleanup,
91
+ active-run clearing, idempotency, terminal-state blocking, stale-lock
92
+ recovery, and recovery cleanup after a simulated failed abort cleanup.
@@ -0,0 +1,96 @@
1
+ # Structured Role Results Design
2
+
3
+ ## Objective
4
+
5
+ Make DevCrew role output machine-readable without breaking existing Markdown-only
6
+ SDK output or the human-readable artifact workflow. A structured result becomes
7
+ the canonical source for workflow decisions and evidence when it is present;
8
+ Markdown remains the reviewable artifact body and the compatibility fallback.
9
+
10
+ ## Scope
11
+
12
+ This change covers the PM, architect, implementer, and tester role results used
13
+ by the SDK adapters and orchestrator. It does not remove Markdown artifacts,
14
+ change MCP tool names, change execution policies, or require existing installed
15
+ plugins to update simultaneously.
16
+
17
+ ## Result Envelope
18
+
19
+ The core package will define a versioned role-result envelope with common fields:
20
+
21
+ - `schemaVersion: 1`
22
+ - `role`
23
+ - `summary`
24
+ - `risks`
25
+ - `evidence`
26
+
27
+ Role-specific fields are validated by role:
28
+
29
+ - PM: `questions`, where each question has a stable `id`, prompt, and optional
30
+ context.
31
+ - Architect: `decisions`; during the post-execution review phase,
32
+ `reviewDecision` is `approved` or `changes_required`.
33
+ - Implementer: `changedFiles` and `commands`, including command, exit code, and
34
+ captured output.
35
+ - Tester: `testCases`, `commands`, and `risks`.
36
+
37
+ The canonical TypeScript representation stores a `format` discriminator:
38
+ `structured` for a validated envelope and `legacy` for a Markdown-only result.
39
+ This allows callers and MCP clients to identify migration state without parsing
40
+ text.
41
+
42
+ ## Adapter Parsing And Compatibility
43
+
44
+ SDK prompts will request one `<!-- devcrew-role-result -->` marker followed by a
45
+ fenced `json` block containing the DevCrew result, then the existing required
46
+ Markdown H2 sections. The marker avoids treating incidental JSON examples in a
47
+ human artifact as protocol data. The adapter extracts and validates that JSON
48
+ before accepting a structured result, removes the marked block, and uses the
49
+ remaining Markdown as the role result's `markdown` field.
50
+
51
+ If a JSON block is absent, the adapter preserves existing Markdown validation and
52
+ the current PM-question and architecture-review decision parsing. It returns a
53
+ `legacy` result and no new structured fields are inferred from arbitrary prose.
54
+
55
+ If a DevCrew JSON block is present but malformed, has an unsupported schema
56
+ version, does not match the active role, or fails field validation, the adapter
57
+ rejects the SDK output. It must not silently downgrade malformed claimed
58
+ structured output to legacy Markdown. Existing plan-mode fallback and apply-mode
59
+ failure rules remain unchanged.
60
+
61
+ ## Workflow And Artifact Behaviour
62
+
63
+ The orchestrator consumes validated structured fields when available. PM
64
+ questions continue to route the run to `awaiting_input`; legacy Markdown
65
+ questions retain the current behavior. Architecture review decisions retain
66
+ their blocking semantics. Implementer and tester evidence is persisted in the
67
+ role result, surfaced by MCP state, and rendered into the corresponding Markdown
68
+ artifact as a readable structured-results appendix.
69
+
70
+ The role result stored in run state must remain loadable when older saved states
71
+ lack the new fields. Missing fields migrate to `format: legacy` and empty
72
+ optional arrays. No saved state becomes invalid merely because it predates this
73
+ feature.
74
+
75
+ ## Error Handling
76
+
77
+ - No JSON envelope: accept the valid legacy Markdown result.
78
+ - Multiple candidate envelopes: reject as ambiguous.
79
+ - Invalid envelope: report field-specific validation errors.
80
+ - Envelope role/phase mismatch: reject before state or artifact writes.
81
+ - Structured PM questions: require nonempty unique IDs and nonempty prompts.
82
+ - Command evidence: require a command and integer exit code; output is optional.
83
+
84
+ ## Testing
85
+
86
+ Tests will be written before production code and prove:
87
+
88
+ 1. A valid envelope parses and exposes each role's structured fields.
89
+ 2. Missing envelope preserves legacy Markdown behavior.
90
+ 3. Malformed, ambiguous, version-invalid, and role-invalid envelopes fail rather
91
+ than downgrade.
92
+ 4. Structured PM questions enter `awaiting_input`.
93
+ 5. Structured architecture review decisions gate testing correctly.
94
+ 6. Implementer and tester evidence persists and is visible in generated
95
+ artifacts and structured MCP state.
96
+ 7. Loading a prior state without the new fields migrates safely.
package/docs/workflow.md CHANGED
@@ -17,8 +17,8 @@ approval.
17
17
  1. `requirements`: product manager clarifies scope, users, success criteria, and non-goals.
18
18
  2. `architecture`: architect defines technical approach, interfaces, deployment notes, and review criteria.
19
19
  3. `implementation`: implementer creates a read-only implementation plan and coding checklist. The implementation gate approves this plan, not repository changes.
20
- 4. `execution`: internal, nongated apply phase. The implementer works in `.devcrew/worktrees/<run-id>`, and DevCrew captures changed files, a binary-capable patch, lint evidence, and `implementation-review.md`.
21
- 5. `testing`: tester records validation and acceptance evidence. In apply mode, the tester and verification commands run in the same isolated worktree, then DevCrew refreshes the implementation diff and review before opening the testing gate.
20
+ 4. `execution`: internal, nongated apply phase. `interactive-host` waits for the host-native agent to work in `.devcrew/worktrees/<run-id>` and report completion; explicit headless policies use DevCrew's SDK settings. DevCrew then captures changed files, a binary-capable patch, lint evidence when run headlessly, and `implementation-review.md`.
21
+ 5. `testing`: records validation and acceptance evidence in the same isolated worktree. Interactive-host submits command evidence through `devcrew_complete_execution`; headless policies run DevCrew-configured verification. DevCrew refreshes the implementation diff and review before opening the testing gate.
22
22
  6. `acceptance`: generated after the testing gate is approved.
23
23
 
24
24
  `devcrew_start` runs the PM role for `requirements`. After the requester approves
@@ -32,14 +32,30 @@ requirements approval
32
32
  -> architecture approval
33
33
  -> implementation plan approval
34
34
  -> isolated execution
35
+ -> implementation review approval
35
36
  -> isolated testing
36
37
  -> testing approval
37
38
  -> patch promotion to requester repository
38
39
  ```
39
40
 
40
- The implementation-plan approval advances the run to `execution`. One `devcrew_continue` call runs the implementer in the isolated worktree and leaves the run at `testing/ready`; another `devcrew_continue` runs the tester and verification commands before opening the testing gate.
41
+ The implementation-plan approval advances the run to `execution`. With the default `interactive-host` policy, each `devcrew_continue` pauses at `awaiting_execution`; the host-native agent works in the reported worktree and calls `devcrew_complete_execution`. Explicit headless policies run the corresponding SDK role and commands directly under their recorded DevCrew policy.
41
42
 
42
- Apply requires Git, a real Codex or Claude SDK backend, and a clean requester worktree both when execution starts and when the reviewed patch is promoted. The requester repository remains unchanged until testing approval. If testing is rejected, `devcrew_answer` records the response and returns the run to `execution/ready` with the isolated worktree intact.
43
+ Apply requires Git and a clean requester worktree both when execution starts and when the reviewed patch is promoted. The requester repository remains unchanged until testing approval. A failed verification enters `awaiting_input`, rather than a promotable testing gate; it can be revised with `devcrew_answer` or deliberately reopened only through `devcrew_waive_verification` with a non-empty risk reason. If testing is rejected, `devcrew_answer` records the response and returns the run to `execution/ready` with the isolated worktree intact.
44
+
45
+ `devcrew_abort` stops a nonterminal run with a required reason. It preserves the
46
+ run state and artifacts for audit, removes its isolated worktree when possible,
47
+ and clears the active-run pointer only when it refers to that run. An aborted
48
+ run cannot continue. `devcrew_recover` never runs an agent: it explicitly
49
+ clears only a confirmed stale repository lock and retries cleanup for a
50
+ terminal run that retained an isolated worktree.
51
+
52
+ The execution review is also structured: the architect must return either
53
+ `Decision: approved` or `Decision: changes_required` in its
54
+ `architecture-review` artifact. A `changes_required` decision rejects the
55
+ implementation-review gate and keeps the run at `awaiting_input`. Submitting
56
+ `devcrew_answer` then returns the run to `execution/ready` in the same
57
+ isolated worktree, resets that review gate, and requires a new implementation
58
+ pass followed by a later approving review before testing can start.
43
59
 
44
60
  `devcrew_start` records the created run as the active run for the repository.
45
61
  Subsequent MCP calls can omit `runId`; DevCrew resolves it from
@@ -53,10 +69,17 @@ Each main phase has a gate:
53
69
  - `requirements`
54
70
  - `architecture`
55
71
  - `implementation`
72
+ - `implementation-review`
56
73
  - `testing`
57
74
 
58
75
  The requester approves or rejects each gate. Rejection records feedback and returns the workflow to `awaiting_input`. In apply mode, rejecting testing never rolls changes back in the requester repository because no patch has been promoted yet.
59
76
 
77
+ `workflow.gates` may omit `requirements`, `architecture`, or `implementation`
78
+ to make that phase advance automatically after its role has produced an
79
+ artifact. It never skips the role, artifact, execution, architecture review, or
80
+ verification. `implementation-review` and `testing` are mandatory and DevCrew
81
+ adds them back if a configuration omits them.
82
+
60
83
  ## State And Artifacts
61
84
 
62
85
  Runtime state is stored in:
@@ -83,5 +106,6 @@ The standard artifact set is:
83
106
  - `architecture.md`
84
107
  - `implementation-plan.md`
85
108
  - `implementation-review.md`
109
+ - `architecture-review.md`
86
110
  - `test-report.md`
87
111
  - `acceptance.md`
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@shenlee/devcrew",
3
- "version": "0.1.2",
3
+ "version": "0.1.4",
4
4
  "description": "Multi-host agent workflow service for Codex and Claude Code.",
5
5
  "type": "module",
6
6
  "license": "Apache-2.0",