@shenlee/devcrew 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,126 +0,0 @@
1
- # DevCrew Execution Boundaries Design
2
-
3
- ## Goal
4
-
5
- Make DevCrew's approval, verification, and role boundaries match its public
6
- product claims. Interactive work must execute through the host agent's native
7
- permission model. Headless work may use host SDKs only under an explicit,
8
- auditable DevCrew execution policy.
9
-
10
- ## Scope
11
-
12
- This change is delivered in three independently releasable slices:
13
-
14
- 1. Safety semantics: explicit execution policy and verification-failure
15
- promotion blocking.
16
- 2. Workflow semantics: execution-time architecture compliance review and
17
- structured role questions/results.
18
- 3. Productisation: effective artifact configuration and real-host integration
19
- coverage.
20
-
21
- The existing isolated Git worktree and binary patch promotion remain the sole
22
- mechanism for moving apply-mode changes into the requester repository.
23
-
24
- ## Execution Planes
25
-
26
- ### Interactive host plane
27
-
28
- Interactive Codex and Claude Code workflows do not invoke the Codex or Claude
29
- SDK to modify repository files. DevCrew MCP owns durable workflow state,
30
- artifacts, gate validation, execution worktree creation, patch capture, and
31
- promotion. It exposes a structured execution instruction containing the role,
32
- worktree path, approved context, and required result schema. The active host
33
- agent or a native host subagent performs the work with the host's ordinary
34
- sandbox and approval UI, then submits the result to DevCrew.
35
-
36
- This plane must never claim that a nested SDK session inherits the interactive
37
- host's current approval decisions.
38
-
39
- ### Headless SDK plane
40
-
41
- Headless and CI workflows retain SDK orchestration, but `apply` requires an
42
- explicit `executionPolicy`. The initial policy set is:
43
-
44
- - `interactive-host`: no nested SDK execution; valid only for an interactive
45
- host integration.
46
- - `headless-restricted`: SDK execution in the DevCrew worktree with a declared
47
- minimal tool surface and no hidden user-prompt assumption.
48
- - `headless-unattended`: an explicitly opted-in unattended SDK policy for CI;
49
- its audit record makes the autonomy clear.
50
-
51
- The policy, backend, allowed capabilities, and any waiver are recorded in run
52
- state and shown in review artifacts. `acceptEdits`, bare `allowedTools`, and an
53
- implicit Codex approval policy are not described as inherited host approvals.
54
-
55
- ## Verification And Promotion
56
-
57
- After isolated testing, DevCrew computes a verification status:
58
-
59
- - `passed`: every configured or discovered verification command exited zero.
60
- - `failed`: at least one command exited nonzero or timed out.
61
- - `not_run`: no verification command was available.
62
-
63
- Only `passed` can open the normal `testing` approval gate. A failed result
64
- moves the run to `awaiting_input` with the failure evidence and preserves the
65
- worktree. A requester may either supply feedback that returns the run to
66
- `execution`, or invoke a dedicated risk-waiver operation with a non-empty
67
- reason. The waiver is persistent, appears in the test report and acceptance
68
- artifact, and is the only path that can open a testing approval gate after a
69
- failed verification.
70
-
71
- `not_run` remains reviewable but is visibly distinct from `passed`; it cannot
72
- be silently represented as successful verification.
73
-
74
- ## Execution-Time Architecture Review
75
-
76
- The current implementation-plan gate approves a plan and cannot approve the
77
- subsequent code diff. Add an `implementation-review` gate after execution and
78
- before testing. The architect role receives the approved architecture artifact,
79
- captured binary diff, changed-file list, lint evidence, and structured
80
- implementation result. It returns a structured compliance decision.
81
-
82
- Only an approved implementation review advances to testing. Rejection records
83
- feedback and returns to execution with the existing isolated worktree intact.
84
- The existing `implementation-review.md` remains an artifact, but becomes the
85
- architect's real review output rather than a rendered checklist.
86
-
87
- ## Structured Role Results And Clarification
88
-
89
- Each role result is a validated JSON envelope with a Markdown body plus
90
- role-specific fields. At minimum, PM returns `questions`, architect returns a
91
- compliance decision, implementer returns changed-file and command evidence, and
92
- tester returns case/evidence summaries. Markdown remains the human-facing
93
- artifact format.
94
-
95
- If PM returns one or more questions, requirements enter `awaiting_input`
96
- without opening an approval gate. `devcrew_answer` records the answer and
97
- re-runs PM. A requirements gate opens only when the PM result has no open
98
- questions.
99
-
100
- ## Configuration
101
-
102
- `workflow.artifactDirectory` is used by all artifact path helpers, relative to
103
- the repository root and validated to remain within that root. Core safety gates
104
- are not freely removable. `workflow.gates` is replaced or constrained by a
105
- validated sequence that must include requirements, architecture,
106
- implementation, implementation-review, and testing for apply workflows.
107
-
108
- ## Integration Coverage
109
-
110
- Add tests for failed verification, risk waiver, no-verification status,
111
- architecture-review rejection/revision, structured PM questions, and configured
112
- artifact output. Preserve existing worktree-promotion coverage.
113
-
114
- The production-like Codex marketplace smoke remains plan-mode and must verify
115
- the published package version. Add isolated integration coverage for the
116
- interactive execution handoff protocol and a real Claude plugin install/start
117
- smoke. A real unattended apply smoke uses only a disposable fixture repository
118
- and an explicitly selected headless policy.
119
-
120
- ## Non-goals
121
-
122
- - Do not remove worktree isolation or binary patch promotion.
123
- - Do not automatically approve failed verification.
124
- - Do not make arbitrary workflow graph customisation part of this release.
125
- - Do not use generated role files as an execution mechanism until a host-native
126
- integration consumes them explicitly.
@@ -1,52 +0,0 @@
1
- # P0 Verification and Review Remediation Design
2
-
3
- ## Goal
4
-
5
- Close two apply-mode safety gaps: a run with no verification evidence must not
6
- be promoted without an explicit waiver, and an architecture review that requires
7
- changes must return to implementation before it can be reviewed again.
8
-
9
- ## Verification Gate Semantics
10
-
11
- `passed` is the only verification status that opens the normal `testing` gate.
12
- Both `failed` and `not_run` set the testing gate to `rejected` and move the run
13
- to `awaiting_input` with evidence explaining the condition.
14
-
15
- The existing `devcrew_waive_verification` operation is the sole exception path
16
- for either `failed` or `not_run`. It requires a non-empty requester risk reason,
17
- persists the waiver, and reopens the testing gate. Promotion additionally
18
- defends this invariant: any status other than `passed` requires a recorded
19
- waiver, even if an invalid state was written by an older client.
20
-
21
- ## Architecture Review Remediation
22
-
23
- When the architect returns `changes_required`, DevCrew continues to record the
24
- decision, artifact, and feedback, while keeping the isolated execution
25
- worktree. The implementation-review gate becomes `rejected` and the run enters
26
- `awaiting_input`.
27
-
28
- After `devcrew_answer`, DevCrew records the response then transitions the same
29
- run to `execution/ready`. It resets the implementation-review gate to
30
- `not_started`; it does not run another architect review. A subsequent
31
- `devcrew_continue` invokes the implementer in the existing worktree, captures a
32
- new diff, and schedules a fresh architecture review. This mirrors the existing
33
- testing-rejection remediation flow.
34
-
35
- ## Error Handling and Compatibility
36
-
37
- Existing persisted runs remain readable. A legacy run with `not_run` cannot be
38
- promoted unless it has a waiver. The waiver tool's error message and validation
39
- are expanded from "failed verification" to "failed or missing verification".
40
- No new MCP tool or public state field is required.
41
-
42
- ## Acceptance Tests
43
-
44
- 1. Apply-mode testing with no discovered or configured commands results in
45
- `verificationStatus: not_run`, `testing: rejected`, and `awaiting_input`.
46
- 2. A non-empty waiver can reopen that `not_run` testing gate; an empty reason or
47
- a run outside `failed`/`not_run` is rejected.
48
- 3. Promotion rejects `not_run` without a waiver even if a caller manufactured a
49
- pending testing gate.
50
- 4. An architect `changes_required` decision followed by `devcrew_answer`
51
- transitions to `execution/ready` in the existing worktree, and the next
52
- continuation invokes the implementer rather than the architect.
@@ -1,92 +0,0 @@
1
- # Configuration Integrity and Run Recovery Design
2
-
3
- ## Goal
4
-
5
- Reject unsafe DevCrew configuration before a workflow starts, serialize every
6
- repository-mutating MCP operation, and give a requester an explicit, auditable
7
- way to stop or recover an interrupted run without executing work automatically.
8
-
9
- ## Scope
10
-
11
- This change covers configuration validation, repository mutation locking,
12
- terminal aborted runs, `devcrew_abort`, and `devcrew_recover`. It does not add
13
- automatic run resumption, change execution permissions, or introduce a remote
14
- lock service.
15
-
16
- ## Configuration Contract
17
-
18
- `readConfig` validates the complete version-1 shape rather than merging
19
- untyped JSON into defaults.
20
-
21
- - Top-level keys are limited to `version`, `defaultBackend`, `executionMode`,
22
- `verifyCommands`, `lintCommands`, `coverageCommands`, and `workflow`.
23
- - `defaultBackend`, `executionMode`, and every workflow gate must be members
24
- of their exported enums.
25
- - Command lists, when supplied, must be arrays of non-empty strings. Empty
26
- lists remain valid; omitted command lists retain their version-1 default of
27
- an empty array for backward compatibility.
28
- - `workflow` may contain only `gates` and `artifactDirectory`; gates must be
29
- unique. The existing runtime rule still makes implementation review and
30
- testing mandatory.
31
- - `artifactDirectory` must be a non-empty relative path whose resolved target
32
- is inside the requester repository. Absolute paths and traversal outside the
33
- repository are rejected before any artifact is written.
34
-
35
- Unknown keys and invalid values fail closed with an error that names the
36
- offending field. Existing default configuration remains valid.
37
-
38
- ## Repository Mutation Lock
39
-
40
- All MCP operations that can write a run, active-run pointer, artifact, or
41
- execution worktree take one repository-wide lock at `.devcrew/lock` for their
42
- full operation. This includes start, answer, approve, reject, continue,
43
- complete-execution, waive-verification, abort, and recovery cleanup. Status
44
- and artifact reads remain unlocked.
45
-
46
- The lock is an atomically-created directory containing owner metadata:
47
- process id, a random owner id, and creation time. A second mutating request
48
- does not wait or retry; it returns a clear busy error and cannot overwrite the
49
- first operation's state. The holder removes only its own lock in `finally`.
50
-
51
- Normal operations never remove a lock they did not create. A lock whose owner
52
- metadata is absent, invalid, or refers to a non-running local process is
53
- considered stale, but it still requires the explicit recovery operation to
54
- remove it. This prevents a timeout heuristic from treating a long-running SDK
55
- call as abandoned.
56
-
57
- ## Abort and Recovery Lifecycle
58
-
59
- `RunStatus` gains terminal `aborted`, and `RunState` records an abort reason
60
- and timestamp. An aborted run remains readable for audit but cannot continue,
61
- approve, reject, answer, or complete execution. Repeating abort is idempotent
62
- and preserves the first reason.
63
-
64
- `devcrew_abort` accepts `cwd`, optional `runId`, and a non-empty `reason`.
65
- Under the repository lock it records the abort, removes any isolated execution
66
- worktree, and clears `active-run.json` only when it points at that run. If
67
- worktree cleanup fails, the aborted state and audit evidence still persist;
68
- the workspace reference remains for recovery.
69
-
70
- `devcrew_recover` is explicit and never runs an agent or validation command.
71
- It may remove a confirmed stale lock. When given a terminal run that retains
72
- an execution workspace after an interrupted cleanup, it retries only that
73
- worktree cleanup and clears the persisted workspace reference on success. A
74
- live lock is never overridden.
75
-
76
- ## MCP and Error Semantics
77
-
78
- The service exposes `devcrew_abort` and `devcrew_recover`. Both use the
79
- existing optional-run-id resolution where applicable. Tool results retain the
80
- current state summary; an aborted run reports `status=aborted`. Busy locks,
81
- invalid configuration, live-lock recovery, and invalid abort/recovery targets
82
- return normal structured MCP errors.
83
-
84
- ## Tests
85
-
86
- - Config tests cover unknown fields, invalid enum/gate/command values,
87
- duplicate gates, absolute artifact directories, and parent traversal.
88
- - Service tests cover lock contention between mutation calls, while reads stay
89
- available.
90
- - Orchestrator/service tests cover abort audit persistence, worktree cleanup,
91
- active-run clearing, idempotency, terminal-state blocking, stale-lock
92
- recovery, and recovery cleanup after a simulated failed abort cleanup.
@@ -1,96 +0,0 @@
1
- # Structured Role Results Design
2
-
3
- ## Objective
4
-
5
- Make DevCrew role output machine-readable without breaking existing Markdown-only
6
- SDK output or the human-readable artifact workflow. A structured result becomes
7
- the canonical source for workflow decisions and evidence when it is present;
8
- Markdown remains the reviewable artifact body and the compatibility fallback.
9
-
10
- ## Scope
11
-
12
- This change covers the PM, architect, implementer, and tester role results used
13
- by the SDK adapters and orchestrator. It does not remove Markdown artifacts,
14
- change MCP tool names, change execution policies, or require existing installed
15
- plugins to update simultaneously.
16
-
17
- ## Result Envelope
18
-
19
- The core package will define a versioned role-result envelope with common fields:
20
-
21
- - `schemaVersion: 1`
22
- - `role`
23
- - `summary`
24
- - `risks`
25
- - `evidence`
26
-
27
- Role-specific fields are validated by role:
28
-
29
- - PM: `questions`, where each question has a stable `id`, prompt, and optional
30
- context.
31
- - Architect: `decisions`; during the post-execution review phase,
32
- `reviewDecision` is `approved` or `changes_required`.
33
- - Implementer: `changedFiles` and `commands`, including command, exit code, and
34
- captured output.
35
- - Tester: `testCases`, `commands`, and `risks`.
36
-
37
- The canonical TypeScript representation stores a `format` discriminator:
38
- `structured` for a validated envelope and `legacy` for a Markdown-only result.
39
- This allows callers and MCP clients to identify migration state without parsing
40
- text.
41
-
42
- ## Adapter Parsing And Compatibility
43
-
44
- SDK prompts will request one `<!-- devcrew-role-result -->` marker followed by a
45
- fenced `json` block containing the DevCrew result, then the existing required
46
- Markdown H2 sections. The marker avoids treating incidental JSON examples in a
47
- human artifact as protocol data. The adapter extracts and validates that JSON
48
- before accepting a structured result, removes the marked block, and uses the
49
- remaining Markdown as the role result's `markdown` field.
50
-
51
- If a JSON block is absent, the adapter preserves existing Markdown validation and
52
- the current PM-question and architecture-review decision parsing. It returns a
53
- `legacy` result and no new structured fields are inferred from arbitrary prose.
54
-
55
- If a DevCrew JSON block is present but malformed, has an unsupported schema
56
- version, does not match the active role, or fails field validation, the adapter
57
- rejects the SDK output. It must not silently downgrade malformed claimed
58
- structured output to legacy Markdown. Existing plan-mode fallback and apply-mode
59
- failure rules remain unchanged.
60
-
61
- ## Workflow And Artifact Behaviour
62
-
63
- The orchestrator consumes validated structured fields when available. PM
64
- questions continue to route the run to `awaiting_input`; legacy Markdown
65
- questions retain the current behavior. Architecture review decisions retain
66
- their blocking semantics. Implementer and tester evidence is persisted in the
67
- role result, surfaced by MCP state, and rendered into the corresponding Markdown
68
- artifact as a readable structured-results appendix.
69
-
70
- The role result stored in run state must remain loadable when older saved states
71
- lack the new fields. Missing fields migrate to `format: legacy` and empty
72
- optional arrays. No saved state becomes invalid merely because it predates this
73
- feature.
74
-
75
- ## Error Handling
76
-
77
- - No JSON envelope: accept the valid legacy Markdown result.
78
- - Multiple candidate envelopes: reject as ambiguous.
79
- - Invalid envelope: report field-specific validation errors.
80
- - Envelope role/phase mismatch: reject before state or artifact writes.
81
- - Structured PM questions: require nonempty unique IDs and nonempty prompts.
82
- - Command evidence: require a command and integer exit code; output is optional.
83
-
84
- ## Testing
85
-
86
- Tests will be written before production code and prove:
87
-
88
- 1. A valid envelope parses and exposes each role's structured fields.
89
- 2. Missing envelope preserves legacy Markdown behavior.
90
- 3. Malformed, ambiguous, version-invalid, and role-invalid envelopes fail rather
91
- than downgrade.
92
- 4. Structured PM questions enter `awaiting_input`.
93
- 5. Structured architecture review decisions gate testing correctly.
94
- 6. Implementer and tester evidence persists and is visible in generated
95
- artifacts and structured MCP state.
96
- 7. Loading a prior state without the new fields migrates safely.