@shenlee/devcrew 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/README.zh-CN.md +1 -1
- package/dist/packages/adapters/src/index.js +41 -1
- package/dist/packages/core/src/version.js +1 -1
- package/docs/claude-code.md +1 -1
- package/docs/codex.md +2 -2
- package/docs/quickstart.md +1 -1
- package/package.json +2 -2
- package/packages/adapters/src/index.ts +52 -3
- package/packages/core/src/version.ts +1 -1
- package/plugins/devcrew-codex/.codex-plugin/plugin.json +1 -1
- package/plugins/devcrew-codex/.mcp.json +1 -1
- package/scripts/smoke-codex-plugin.mjs +1 -1
- package/docs/superpowers/plans/2026-07-10-p0-foundation-repair.md +0 -939
- package/docs/superpowers/plans/2026-07-13-safety-semantics.md +0 -313
- package/docs/superpowers/plans/2026-07-14-p0-remediation.md +0 -213
- package/docs/superpowers/plans/2026-07-14-reliability-recovery.md +0 -208
- package/docs/superpowers/plans/2026-07-14-structured-role-results.md +0 -231
- package/docs/superpowers/specs/2026-07-10-p0-foundation-repair-design.md +0 -182
- package/docs/superpowers/specs/2026-07-13-execution-boundaries-design.md +0 -126
- package/docs/superpowers/specs/2026-07-14-p0-remediation-design.md +0 -52
- package/docs/superpowers/specs/2026-07-14-reliability-recovery-design.md +0 -92
- package/docs/superpowers/specs/2026-07-14-structured-role-results-design.md +0 -96
|
@@ -1,126 +0,0 @@
|
|
|
1
|
-
# DevCrew Execution Boundaries Design
|
|
2
|
-
|
|
3
|
-
## Goal
|
|
4
|
-
|
|
5
|
-
Make DevCrew's approval, verification, and role boundaries match its public
|
|
6
|
-
product claims. Interactive work must execute through the host agent's native
|
|
7
|
-
permission model. Headless work may use host SDKs only under an explicit,
|
|
8
|
-
auditable DevCrew execution policy.
|
|
9
|
-
|
|
10
|
-
## Scope
|
|
11
|
-
|
|
12
|
-
This change is delivered in three independently releasable slices:
|
|
13
|
-
|
|
14
|
-
1. Safety semantics: explicit execution policy and verification-failure
|
|
15
|
-
promotion blocking.
|
|
16
|
-
2. Workflow semantics: execution-time architecture compliance review and
|
|
17
|
-
structured role questions/results.
|
|
18
|
-
3. Productisation: effective artifact configuration and real-host integration
|
|
19
|
-
coverage.
|
|
20
|
-
|
|
21
|
-
The existing isolated Git worktree and binary patch promotion remain the sole
|
|
22
|
-
mechanism for moving apply-mode changes into the requester repository.
|
|
23
|
-
|
|
24
|
-
## Execution Planes
|
|
25
|
-
|
|
26
|
-
### Interactive host plane
|
|
27
|
-
|
|
28
|
-
Interactive Codex and Claude Code workflows do not invoke the Codex or Claude
|
|
29
|
-
SDK to modify repository files. DevCrew MCP owns durable workflow state,
|
|
30
|
-
artifacts, gate validation, execution worktree creation, patch capture, and
|
|
31
|
-
promotion. It exposes a structured execution instruction containing the role,
|
|
32
|
-
worktree path, approved context, and required result schema. The active host
|
|
33
|
-
agent or a native host subagent performs the work with the host's ordinary
|
|
34
|
-
sandbox and approval UI, then submits the result to DevCrew.
|
|
35
|
-
|
|
36
|
-
This plane must never claim that a nested SDK session inherits the interactive
|
|
37
|
-
host's current approval decisions.
|
|
38
|
-
|
|
39
|
-
### Headless SDK plane
|
|
40
|
-
|
|
41
|
-
Headless and CI workflows retain SDK orchestration, but `apply` requires an
|
|
42
|
-
explicit `executionPolicy`. The initial policy set is:
|
|
43
|
-
|
|
44
|
-
- `interactive-host`: no nested SDK execution; valid only for an interactive
|
|
45
|
-
host integration.
|
|
46
|
-
- `headless-restricted`: SDK execution in the DevCrew worktree with a declared
|
|
47
|
-
minimal tool surface and no hidden user-prompt assumption.
|
|
48
|
-
- `headless-unattended`: an explicitly opted-in unattended SDK policy for CI;
|
|
49
|
-
its audit record makes the autonomy clear.
|
|
50
|
-
|
|
51
|
-
The policy, backend, allowed capabilities, and any waiver are recorded in run
|
|
52
|
-
state and shown in review artifacts. `acceptEdits`, bare `allowedTools`, and an
|
|
53
|
-
implicit Codex approval policy are not described as inherited host approvals.
|
|
54
|
-
|
|
55
|
-
## Verification And Promotion
|
|
56
|
-
|
|
57
|
-
After isolated testing, DevCrew computes a verification status:
|
|
58
|
-
|
|
59
|
-
- `passed`: every configured or discovered verification command exited zero.
|
|
60
|
-
- `failed`: at least one command exited nonzero or timed out.
|
|
61
|
-
- `not_run`: no verification command was available.
|
|
62
|
-
|
|
63
|
-
Only `passed` can open the normal `testing` approval gate. A failed result
|
|
64
|
-
moves the run to `awaiting_input` with the failure evidence and preserves the
|
|
65
|
-
worktree. A requester may either supply feedback that returns the run to
|
|
66
|
-
`execution`, or invoke a dedicated risk-waiver operation with a non-empty
|
|
67
|
-
reason. The waiver is persistent, appears in the test report and acceptance
|
|
68
|
-
artifact, and is the only path that can open a testing approval gate after a
|
|
69
|
-
failed verification.
|
|
70
|
-
|
|
71
|
-
`not_run` remains reviewable but is visibly distinct from `passed`; it cannot
|
|
72
|
-
be silently represented as successful verification.
|
|
73
|
-
|
|
74
|
-
## Execution-Time Architecture Review
|
|
75
|
-
|
|
76
|
-
The current implementation-plan gate approves a plan and cannot approve the
|
|
77
|
-
subsequent code diff. Add an `implementation-review` gate after execution and
|
|
78
|
-
before testing. The architect role receives the approved architecture artifact,
|
|
79
|
-
captured binary diff, changed-file list, lint evidence, and structured
|
|
80
|
-
implementation result. It returns a structured compliance decision.
|
|
81
|
-
|
|
82
|
-
Only an approved implementation review advances to testing. Rejection records
|
|
83
|
-
feedback and returns to execution with the existing isolated worktree intact.
|
|
84
|
-
The existing `implementation-review.md` remains an artifact, but becomes the
|
|
85
|
-
architect's real review output rather than a rendered checklist.
|
|
86
|
-
|
|
87
|
-
## Structured Role Results And Clarification
|
|
88
|
-
|
|
89
|
-
Each role result is a validated JSON envelope with a Markdown body plus
|
|
90
|
-
role-specific fields. At minimum, PM returns `questions`, architect returns a
|
|
91
|
-
compliance decision, implementer returns changed-file and command evidence, and
|
|
92
|
-
tester returns case/evidence summaries. Markdown remains the human-facing
|
|
93
|
-
artifact format.
|
|
94
|
-
|
|
95
|
-
If PM returns one or more questions, requirements enter `awaiting_input`
|
|
96
|
-
without opening an approval gate. `devcrew_answer` records the answer and
|
|
97
|
-
re-runs PM. A requirements gate opens only when the PM result has no open
|
|
98
|
-
questions.
|
|
99
|
-
|
|
100
|
-
## Configuration
|
|
101
|
-
|
|
102
|
-
`workflow.artifactDirectory` is used by all artifact path helpers, relative to
|
|
103
|
-
the repository root and validated to remain within that root. Core safety gates
|
|
104
|
-
are not freely removable. `workflow.gates` is replaced or constrained by a
|
|
105
|
-
validated sequence that must include requirements, architecture,
|
|
106
|
-
implementation, implementation-review, and testing for apply workflows.
|
|
107
|
-
|
|
108
|
-
## Integration Coverage
|
|
109
|
-
|
|
110
|
-
Add tests for failed verification, risk waiver, no-verification status,
|
|
111
|
-
architecture-review rejection/revision, structured PM questions, and configured
|
|
112
|
-
artifact output. Preserve existing worktree-promotion coverage.
|
|
113
|
-
|
|
114
|
-
The production-like Codex marketplace smoke remains plan-mode and must verify
|
|
115
|
-
the published package version. Add isolated integration coverage for the
|
|
116
|
-
interactive execution handoff protocol and a real Claude plugin install/start
|
|
117
|
-
smoke. A real unattended apply smoke uses only a disposable fixture repository
|
|
118
|
-
and an explicitly selected headless policy.
|
|
119
|
-
|
|
120
|
-
## Non-goals
|
|
121
|
-
|
|
122
|
-
- Do not remove worktree isolation or binary patch promotion.
|
|
123
|
-
- Do not automatically approve failed verification.
|
|
124
|
-
- Do not make arbitrary workflow graph customisation part of this release.
|
|
125
|
-
- Do not use generated role files as an execution mechanism until a host-native
|
|
126
|
-
integration consumes them explicitly.
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
# P0 Verification and Review Remediation Design
|
|
2
|
-
|
|
3
|
-
## Goal
|
|
4
|
-
|
|
5
|
-
Close two apply-mode safety gaps: a run with no verification evidence must not
|
|
6
|
-
be promoted without an explicit waiver, and an architecture review that requires
|
|
7
|
-
changes must return to implementation before it can be reviewed again.
|
|
8
|
-
|
|
9
|
-
## Verification Gate Semantics
|
|
10
|
-
|
|
11
|
-
`passed` is the only verification status that opens the normal `testing` gate.
|
|
12
|
-
Both `failed` and `not_run` set the testing gate to `rejected` and move the run
|
|
13
|
-
to `awaiting_input` with evidence explaining the condition.
|
|
14
|
-
|
|
15
|
-
The existing `devcrew_waive_verification` operation is the sole exception path
|
|
16
|
-
for either `failed` or `not_run`. It requires a non-empty requester risk reason,
|
|
17
|
-
persists the waiver, and reopens the testing gate. Promotion additionally
|
|
18
|
-
defends this invariant: any status other than `passed` requires a recorded
|
|
19
|
-
waiver, even if an invalid state was written by an older client.
|
|
20
|
-
|
|
21
|
-
## Architecture Review Remediation
|
|
22
|
-
|
|
23
|
-
When the architect returns `changes_required`, DevCrew continues to record the
|
|
24
|
-
decision, artifact, and feedback, while keeping the isolated execution
|
|
25
|
-
worktree. The implementation-review gate becomes `rejected` and the run enters
|
|
26
|
-
`awaiting_input`.
|
|
27
|
-
|
|
28
|
-
After `devcrew_answer`, DevCrew records the response then transitions the same
|
|
29
|
-
run to `execution/ready`. It resets the implementation-review gate to
|
|
30
|
-
`not_started`; it does not run another architect review. A subsequent
|
|
31
|
-
`devcrew_continue` invokes the implementer in the existing worktree, captures a
|
|
32
|
-
new diff, and schedules a fresh architecture review. This mirrors the existing
|
|
33
|
-
testing-rejection remediation flow.
|
|
34
|
-
|
|
35
|
-
## Error Handling and Compatibility
|
|
36
|
-
|
|
37
|
-
Existing persisted runs remain readable. A legacy run with `not_run` cannot be
|
|
38
|
-
promoted unless it has a waiver. The waiver tool's error message and validation
|
|
39
|
-
are expanded from "failed verification" to "failed or missing verification".
|
|
40
|
-
No new MCP tool or public state field is required.
|
|
41
|
-
|
|
42
|
-
## Acceptance Tests
|
|
43
|
-
|
|
44
|
-
1. Apply-mode testing with no discovered or configured commands results in
|
|
45
|
-
`verificationStatus: not_run`, `testing: rejected`, and `awaiting_input`.
|
|
46
|
-
2. A non-empty waiver can reopen that `not_run` testing gate; an empty reason or
|
|
47
|
-
a run outside `failed`/`not_run` is rejected.
|
|
48
|
-
3. Promotion rejects `not_run` without a waiver even if a caller manufactured a
|
|
49
|
-
pending testing gate.
|
|
50
|
-
4. An architect `changes_required` decision followed by `devcrew_answer`
|
|
51
|
-
transitions to `execution/ready` in the existing worktree, and the next
|
|
52
|
-
continuation invokes the implementer rather than the architect.
|
|
@@ -1,92 +0,0 @@
|
|
|
1
|
-
# Configuration Integrity and Run Recovery Design
|
|
2
|
-
|
|
3
|
-
## Goal
|
|
4
|
-
|
|
5
|
-
Reject unsafe DevCrew configuration before a workflow starts, serialize every
|
|
6
|
-
repository-mutating MCP operation, and give a requester an explicit, auditable
|
|
7
|
-
way to stop or recover an interrupted run without executing work automatically.
|
|
8
|
-
|
|
9
|
-
## Scope
|
|
10
|
-
|
|
11
|
-
This change covers configuration validation, repository mutation locking,
|
|
12
|
-
terminal aborted runs, `devcrew_abort`, and `devcrew_recover`. It does not add
|
|
13
|
-
automatic run resumption, change execution permissions, or introduce a remote
|
|
14
|
-
lock service.
|
|
15
|
-
|
|
16
|
-
## Configuration Contract
|
|
17
|
-
|
|
18
|
-
`readConfig` validates the complete version-1 shape rather than merging
|
|
19
|
-
untyped JSON into defaults.
|
|
20
|
-
|
|
21
|
-
- Top-level keys are limited to `version`, `defaultBackend`, `executionMode`,
|
|
22
|
-
`verifyCommands`, `lintCommands`, `coverageCommands`, and `workflow`.
|
|
23
|
-
- `defaultBackend`, `executionMode`, and every workflow gate must be members
|
|
24
|
-
of their exported enums.
|
|
25
|
-
- Command lists, when supplied, must be arrays of non-empty strings. Empty
|
|
26
|
-
lists remain valid; omitted command lists retain their version-1 default of
|
|
27
|
-
an empty array for backward compatibility.
|
|
28
|
-
- `workflow` may contain only `gates` and `artifactDirectory`; gates must be
|
|
29
|
-
unique. The existing runtime rule still makes implementation review and
|
|
30
|
-
testing mandatory.
|
|
31
|
-
- `artifactDirectory` must be a non-empty relative path whose resolved target
|
|
32
|
-
is inside the requester repository. Absolute paths and traversal outside the
|
|
33
|
-
repository are rejected before any artifact is written.
|
|
34
|
-
|
|
35
|
-
Unknown keys and invalid values fail closed with an error that names the
|
|
36
|
-
offending field. Existing default configuration remains valid.
|
|
37
|
-
|
|
38
|
-
## Repository Mutation Lock
|
|
39
|
-
|
|
40
|
-
All MCP operations that can write a run, active-run pointer, artifact, or
|
|
41
|
-
execution worktree take one repository-wide lock at `.devcrew/lock` for their
|
|
42
|
-
full operation. This includes start, answer, approve, reject, continue,
|
|
43
|
-
complete-execution, waive-verification, abort, and recovery cleanup. Status
|
|
44
|
-
and artifact reads remain unlocked.
|
|
45
|
-
|
|
46
|
-
The lock is an atomically-created directory containing owner metadata:
|
|
47
|
-
process id, a random owner id, and creation time. A second mutating request
|
|
48
|
-
does not wait or retry; it returns a clear busy error and cannot overwrite the
|
|
49
|
-
first operation's state. The holder removes only its own lock in `finally`.
|
|
50
|
-
|
|
51
|
-
Normal operations never remove a lock they did not create. A lock whose owner
|
|
52
|
-
metadata is absent, invalid, or refers to a non-running local process is
|
|
53
|
-
considered stale, but it still requires the explicit recovery operation to
|
|
54
|
-
remove it. This prevents a timeout heuristic from treating a long-running SDK
|
|
55
|
-
call as abandoned.
|
|
56
|
-
|
|
57
|
-
## Abort and Recovery Lifecycle
|
|
58
|
-
|
|
59
|
-
`RunStatus` gains terminal `aborted`, and `RunState` records an abort reason
|
|
60
|
-
and timestamp. An aborted run remains readable for audit but cannot continue,
|
|
61
|
-
approve, reject, answer, or complete execution. Repeating abort is idempotent
|
|
62
|
-
and preserves the first reason.
|
|
63
|
-
|
|
64
|
-
`devcrew_abort` accepts `cwd`, optional `runId`, and a non-empty `reason`.
|
|
65
|
-
Under the repository lock it records the abort, removes any isolated execution
|
|
66
|
-
worktree, and clears `active-run.json` only when it points at that run. If
|
|
67
|
-
worktree cleanup fails, the aborted state and audit evidence still persist;
|
|
68
|
-
the workspace reference remains for recovery.
|
|
69
|
-
|
|
70
|
-
`devcrew_recover` is explicit and never runs an agent or validation command.
|
|
71
|
-
It may remove a confirmed stale lock. When given a terminal run that retains
|
|
72
|
-
an execution workspace after an interrupted cleanup, it retries only that
|
|
73
|
-
worktree cleanup and clears the persisted workspace reference on success. A
|
|
74
|
-
live lock is never overridden.
|
|
75
|
-
|
|
76
|
-
## MCP and Error Semantics
|
|
77
|
-
|
|
78
|
-
The service exposes `devcrew_abort` and `devcrew_recover`. Both use the
|
|
79
|
-
existing optional-run-id resolution where applicable. Tool results retain the
|
|
80
|
-
current state summary; an aborted run reports `status=aborted`. Busy locks,
|
|
81
|
-
invalid configuration, live-lock recovery, and invalid abort/recovery targets
|
|
82
|
-
return normal structured MCP errors.
|
|
83
|
-
|
|
84
|
-
## Tests
|
|
85
|
-
|
|
86
|
-
- Config tests cover unknown fields, invalid enum/gate/command values,
|
|
87
|
-
duplicate gates, absolute artifact directories, and parent traversal.
|
|
88
|
-
- Service tests cover lock contention between mutation calls, while reads stay
|
|
89
|
-
available.
|
|
90
|
-
- Orchestrator/service tests cover abort audit persistence, worktree cleanup,
|
|
91
|
-
active-run clearing, idempotency, terminal-state blocking, stale-lock
|
|
92
|
-
recovery, and recovery cleanup after a simulated failed abort cleanup.
|
|
@@ -1,96 +0,0 @@
|
|
|
1
|
-
# Structured Role Results Design
|
|
2
|
-
|
|
3
|
-
## Objective
|
|
4
|
-
|
|
5
|
-
Make DevCrew role output machine-readable without breaking existing Markdown-only
|
|
6
|
-
SDK output or the human-readable artifact workflow. A structured result becomes
|
|
7
|
-
the canonical source for workflow decisions and evidence when it is present;
|
|
8
|
-
Markdown remains the reviewable artifact body and the compatibility fallback.
|
|
9
|
-
|
|
10
|
-
## Scope
|
|
11
|
-
|
|
12
|
-
This change covers the PM, architect, implementer, and tester role results used
|
|
13
|
-
by the SDK adapters and orchestrator. It does not remove Markdown artifacts,
|
|
14
|
-
change MCP tool names, change execution policies, or require existing installed
|
|
15
|
-
plugins to update simultaneously.
|
|
16
|
-
|
|
17
|
-
## Result Envelope
|
|
18
|
-
|
|
19
|
-
The core package will define a versioned role-result envelope with common fields:
|
|
20
|
-
|
|
21
|
-
- `schemaVersion: 1`
|
|
22
|
-
- `role`
|
|
23
|
-
- `summary`
|
|
24
|
-
- `risks`
|
|
25
|
-
- `evidence`
|
|
26
|
-
|
|
27
|
-
Role-specific fields are validated by role:
|
|
28
|
-
|
|
29
|
-
- PM: `questions`, where each question has a stable `id`, prompt, and optional
|
|
30
|
-
context.
|
|
31
|
-
- Architect: `decisions`; during the post-execution review phase,
|
|
32
|
-
`reviewDecision` is `approved` or `changes_required`.
|
|
33
|
-
- Implementer: `changedFiles` and `commands`, including command, exit code, and
|
|
34
|
-
captured output.
|
|
35
|
-
- Tester: `testCases`, `commands`, and `risks`.
|
|
36
|
-
|
|
37
|
-
The canonical TypeScript representation stores a `format` discriminator:
|
|
38
|
-
`structured` for a validated envelope and `legacy` for a Markdown-only result.
|
|
39
|
-
This allows callers and MCP clients to identify migration state without parsing
|
|
40
|
-
text.
|
|
41
|
-
|
|
42
|
-
## Adapter Parsing And Compatibility
|
|
43
|
-
|
|
44
|
-
SDK prompts will request one `<!-- devcrew-role-result -->` marker followed by a
|
|
45
|
-
fenced `json` block containing the DevCrew result, then the existing required
|
|
46
|
-
Markdown H2 sections. The marker avoids treating incidental JSON examples in a
|
|
47
|
-
human artifact as protocol data. The adapter extracts and validates that JSON
|
|
48
|
-
before accepting a structured result, removes the marked block, and uses the
|
|
49
|
-
remaining Markdown as the role result's `markdown` field.
|
|
50
|
-
|
|
51
|
-
If a JSON block is absent, the adapter preserves existing Markdown validation and
|
|
52
|
-
the current PM-question and architecture-review decision parsing. It returns a
|
|
53
|
-
`legacy` result and no new structured fields are inferred from arbitrary prose.
|
|
54
|
-
|
|
55
|
-
If a DevCrew JSON block is present but malformed, has an unsupported schema
|
|
56
|
-
version, does not match the active role, or fails field validation, the adapter
|
|
57
|
-
rejects the SDK output. It must not silently downgrade malformed claimed
|
|
58
|
-
structured output to legacy Markdown. Existing plan-mode fallback and apply-mode
|
|
59
|
-
failure rules remain unchanged.
|
|
60
|
-
|
|
61
|
-
## Workflow And Artifact Behaviour
|
|
62
|
-
|
|
63
|
-
The orchestrator consumes validated structured fields when available. PM
|
|
64
|
-
questions continue to route the run to `awaiting_input`; legacy Markdown
|
|
65
|
-
questions retain the current behavior. Architecture review decisions retain
|
|
66
|
-
their blocking semantics. Implementer and tester evidence is persisted in the
|
|
67
|
-
role result, surfaced by MCP state, and rendered into the corresponding Markdown
|
|
68
|
-
artifact as a readable structured-results appendix.
|
|
69
|
-
|
|
70
|
-
The role result stored in run state must remain loadable when older saved states
|
|
71
|
-
lack the new fields. Missing fields migrate to `format: legacy` and empty
|
|
72
|
-
optional arrays. No saved state becomes invalid merely because it predates this
|
|
73
|
-
feature.
|
|
74
|
-
|
|
75
|
-
## Error Handling
|
|
76
|
-
|
|
77
|
-
- No JSON envelope: accept the valid legacy Markdown result.
|
|
78
|
-
- Multiple candidate envelopes: reject as ambiguous.
|
|
79
|
-
- Invalid envelope: report field-specific validation errors.
|
|
80
|
-
- Envelope role/phase mismatch: reject before state or artifact writes.
|
|
81
|
-
- Structured PM questions: require nonempty unique IDs and nonempty prompts.
|
|
82
|
-
- Command evidence: require a command and integer exit code; output is optional.
|
|
83
|
-
|
|
84
|
-
## Testing
|
|
85
|
-
|
|
86
|
-
Tests will be written before production code and prove:
|
|
87
|
-
|
|
88
|
-
1. A valid envelope parses and exposes each role's structured fields.
|
|
89
|
-
2. Missing envelope preserves legacy Markdown behavior.
|
|
90
|
-
3. Malformed, ambiguous, version-invalid, and role-invalid envelopes fail rather
|
|
91
|
-
than downgrade.
|
|
92
|
-
4. Structured PM questions enter `awaiting_input`.
|
|
93
|
-
5. Structured architecture review decisions gate testing correctly.
|
|
94
|
-
6. Implementer and tester evidence persists and is visible in generated
|
|
95
|
-
artifacts and structured MCP state.
|
|
96
|
-
7. Loading a prior state without the new fields migrates safely.
|