@sun-asterisk/sungen 3.0.0 → 3.0.1

package/src/harness/audit.ts

@@ -7,6 +7,7 @@
  * docs/orchestration-spec.md §5 and reports/sungen_home_gherkin_viewpoint_coverage_review.md.
  */
 import * as path from 'path';
+import * as fs from 'fs';
 import { loadScenarios, parseViewpointOverview, ScenarioInfo, ViewpointEntry } from './parse';
 import {
   loadCatalog, viewpointGate, assertionDepth, dataThemesFor, coverageBalance, duplicateClusters, traceability, claimProof, taxonomyLint,
@@ -14,6 +15,10 @@ import {
 } from './sensors';
 import { readIntent, projectRootFromScreenDir, IntentProfile } from './intent';
 import { getProvenance, Provenance } from './provenance';
+import { specCoverage, SpecCoverageResult, parseSpecClauses } from './spec-coverage';
+import { downstreamScope, manualOracle, readText, DownstreamResult, ManualOracleResult,
+  negativeSideEffect, sourceBacked, crossArtifactOwnership } from './quality-gates';
+import { viewpointLedger, parseViewpointItems, LedgerResult } from './viewpoint-ledger';
 
 export interface AuditReport {
   screen: string;
@@ -25,6 +30,15 @@ export interface AuditReport {
   balance: BalanceResult;
   duplicates: DuplicateResult;
   trace: TraceResult;
+  taxonomyMismatch: boolean;    // scenarios use IDs not in the project's test-viewpoint.md
+  downstream: DownstreamResult; // downstream screens referenced but under-covered
+  manualOracle: ManualOracleResult; // @manual scenarios lacking setup/action/oracle
+  ledger: LedgerResult;         // atomic viewpoint-item coverage (per-bullet status)
+  calibration: {                // #8 — multi-axis score so a high overall can't hide a weak axis
+    axes: Record<string, number>;
+    weakest: { axis: string; value: number };
+    inflated: boolean;
+  };
   score: {
     overall: number;            // 0..10, business-weighted
     coverage: number;           // 0..1
@@ -37,15 +51,20 @@ export interface AuditReport {
   findings: string[];           // human-actionable, what the Repair loop would target
   intent: IntentProfile;        // P3 — the intent profile that drove the thresholds
   provenance: Provenance;       // D1 — sungen version + catalog hash (diagnose cross-user score gaps)
+  spec: SpecCoverageResult;     // G2 — spec-clause coverage (FR + validation-trigger matrix)
 }
 
 export function runAudit(screenDir: string, screenName: string): AuditReport {
   const featurePath = path.join(screenDir, 'features', `${screenName}.feature`);
   const viewpointPath = path.join(screenDir, 'requirements', 'test-viewpoint.md');
 
+  const specPath = path.join(screenDir, 'requirements', 'spec.md');
+  const featureText = fs.existsSync(featurePath) ? fs.readFileSync(featurePath, 'utf-8') : '';
+
   const scenarios: ScenarioInfo[] = loadScenarios(featurePath);
   const viewpoints: ViewpointEntry[] = parseViewpointOverview(viewpointPath);
   const catalog = loadCatalog();
+  const spec = specCoverage(specPath, scenarios, featureText);
 
   const gate = viewpointGate(scenarios, viewpoints, catalog);
   // P3 — intent profile from qa/context.md drives the depth threshold (focus).
@@ -56,6 +75,15 @@ export function runAudit(screenDir: string, screenName: string): AuditReport {
   const balance = coverageBalance(scenarios);
   const duplicates = duplicateClusters(scenarios);
   const trace = traceability(scenarios, viewpoints);
+  // #1 taxonomy-match: when the project defines a viewpoint taxonomy, scenarios must use it.
+  const taxonomyMismatch = viewpoints.length > 0 && trace.withVpCode > 0 && trace.mappedRatio < 0.6;
+  // #2 downstream-scope + #4 manual-oracle
+  const downstream = downstreamScope(readText(specPath), scenarios);
+  const manualOracleResult = manualOracle(featureText);
+  const ledger = viewpointLedger(viewpointPath, scenarios, featureText);
+  const negSideEffect = negativeSideEffect(scenarios);
+  const ownership = crossArtifactOwnership(screenDir, scenarios);
+  const unsourced = sourceBacked(scenarios, parseSpecClauses(specPath).frs.map((f) => f.id), parseViewpointItems(viewpointPath).map((i) => i.text), viewpoints.map((v) => v.id), featureText);
 
   // Sub-scores
   const coverage = gate.coverageRatio;
@@ -100,16 +128,65 @@ export function runAudit(screenDir: string, screenName: string): AuditReport {
   if (gate.universalGaps.length) {
     findings.push(`UNIVERSAL: missing theme(s): ${gate.universalGaps.join(', ')} (low priority reminder).`);
   }
+  for (const g of spec.triggerGaps) {
+    findings.push(`TRIGGER-UNCOVERED: spec validates "${g.constraint}"${g.code ? ` (${g.code})` : ''} on [${g.required.join(', ')}] but scenarios only exercise it on [${g.found.join(', ') || 'none'}] → add a ${g.missing.join(', ')}-trigger scenario for this constraint (don't collapse the trigger × input matrix).`);
+  }
+  for (const u of spec.uncoveredMust) {
+    findings.push(`SPEC-UNCOVERED: ${u.id} (MUST) has no covering scenario — "${u.text}" → add a scenario or tag one @spec:${u.id}.`);
+  }
+  if (taxonomyMismatch) {
+    findings.push(`VP-TAXONOMY-MISMATCH: only ${(trace.mappedRatio * 100).toFixed(0)}% of scenarios use the viewpoint IDs declared in test-viewpoint.md — scenarios invented a generic VP-<CAT> scheme. Re-tag to the project's viewpoint IDs so the coverage matrix is accurate.`);
+  }
+  for (const d of downstream.underCovered) {
+    findings.push(`DOWNSTREAM-SCOPE-MISSING: "${d.route}" is a navigation target but is covered only by a page-nav assertion — cover its content/guards, or scaffold it (\`sungen add --screen ${d.slug}\`).`);
+  }
+  for (const m of manualOracleResult.insufficient.slice(0, 8)) {
+    findings.push(`MANUAL-STEPS-INSUFFICIENT: "${m}" — a @manual scenario needs setup · action · observable expected · oracle/tool (not just a one-line note).`);
+  }
+  if (ledger.hasViewpoint && ledger.missing.length) {
+    const sample = ledger.missing.slice(0, 6).map((m) => m.id || `"${m.text}"`).join(', ');
+    findings.push(`VIEWPOINT-ITEM-MISSING: ${ledger.missing.length}/${ledger.total} atomic viewpoint items have no covering scenario (${(ledger.ratio * 100).toFixed(0)}% covered) — e.g. ${sample}. Cover each item or mark it deferred/spec-gap.`);
+  }
+  for (const n of negSideEffect.slice(0, 6)) {
+    findings.push(`NEGATIVE-SIDE-EFFECT-UNPROVEN: "${n}" — the title claims something must NOT happen but the steps don't prove the absence (assert a count / negative state, or make it @manual with an oracle).`);
+  }
+  for (const d of ownership.duplicates.slice(0, 6)) {
+    findings.push(`DUPLICATE-FLOW-OWNERSHIP: "${d.scenario}" has the same shape as a scenario in flow "${d.flow}" — keep one owner (screen-local vs flow); the other should only reference/set up.`);
+  }
+  for (const u of unsourced.slice(0, 6)) {
+    findings.push(`UNSOURCEABLE-SCENARIO: "${u}" doesn't trace to any FR / viewpoint item — link it to a source, or tag it @exploration (not part of the official suite).`);
+  }
+
+  // #8 — multi-axis calibration: a high overall must not hide a weak axis.
+  const manualCompleteness = manualOracleResult.manualTotal
+    ? 1 - manualOracleResult.insufficient.length / manualOracleResult.manualTotal : 1;
+  const axes: Record<string, number> = {
+    coverage: Math.round(coverage * 100) / 100,
+    businessDepth: Math.round(businessDepth * 100) / 100,
+    claimProof: Math.round(claim.ratio * 100) / 100,
+    specFR: spec.frTotal ? Math.round((spec.frCovered / spec.frTotal) * 100) / 100 : 1,
+    atomicLedger: Math.round(ledger.ratio * 100) / 100,
+    manualOracle: Math.round(manualCompleteness * 100) / 100,
+    taxonomy: taxonomyMismatch ? 0 : Math.round(trace.mappedRatio * 100) / 100,
+  };
+  const weakestEntry = Object.entries(axes).sort((a, b) => a[1] - b[1])[0];
+  const weakest = { axis: weakestEntry[0], value: weakestEntry[1] };
+  const inflated = overall >= 8 && weakest.value < 0.6;
+  if (inflated) {
+    findings.push(`SCORE-INFLATED-BY-BREADTH: overall ${Math.round(overall * 10) / 10}/10 but the weakest axis "${weakest.axis}" is ${(weakest.value * 100).toFixed(0)}% — breadth is hiding a weak dimension. Raise "${weakest.axis}" before trusting the headline.`);
+  }
+  const calibration = { axes, weakest, inflated };
 
-  // Gate now spans coverage (viewpoint themes) AND depth (data-correctness).
-  // A depth 'fail' (below the intent threshold) fails the gate; 'warn' does not.
+  // Gate spans coverage (viewpoint themes), depth, claim-proof, spec-clause coverage,
+  // AND taxonomy-match (scenarios must use the project's viewpoint IDs when defined).
   const gateStatus: 'PASS' | 'FAIL' =
-    gate.gaps.length === 0 && depth.verdict !== 'fail' && claim.verdict !== 'fail' ? 'PASS' : 'FAIL';
+    gate.gaps.length === 0 && depth.verdict !== 'fail' && claim.verdict !== 'fail' && spec.verdict !== 'fail' && !taxonomyMismatch ? 'PASS' : 'FAIL';
 
   return {
     screen: screenName,
     scenarioCount: scenarios.length,
-    gate, depth, claim, taxonomy, balance, duplicates, trace,
+    gate, depth, claim, taxonomy, balance, duplicates, trace, spec,
+    taxonomyMismatch, downstream, manualOracle: manualOracleResult, ledger, calibration,
     score: {
       overall: Math.round(overall * 10) / 10,
       coverage: Math.round(coverage * 100) / 100,

package/src/harness/capability-plan.ts

@@ -43,6 +43,17 @@ const INFER: { code: string; re: RegExp }[] = [
   { code: 'M9', re: /\b(judgment|human|subjective|manual review)\b/i },
 ];
 
+/**
+ * Classify free text (e.g. a legacy testcase's precondition+steps+expected) into a
+ * manual-reason code, or '' when nothing matches (→ UI-automatable). Reuses the same
+ * INFER patterns as the scenario planner so legacy-ingest and the Gherkin planner agree.
+ */
+export function classifyReason(text: string): string {
+  const t = (text || '').toLowerCase();
+  for (const { code, re } of INFER) if (re.test(t)) return code;
+  return '';
+}
+
 interface ParsedScenario { name: string; tags: string[]; manual: boolean; reason: string }
 
 /** Parse scenarios with their tags + the reason comment line above (for @manual). */

package/src/harness/eval/skill-lint.ts

@@ -0,0 +1,87 @@
+/**
+ * Static skill-lint (Eval Harness L1) — deterministic quality checks on Sungen's OWN
+ * AI-instruction templates, so a broken / unregistered / oversized skill fails before it
+ * ships. Learned (generically) from the "static validations" tier of an agent-kit evals
+ * layer. No project data — this lints the sungen package's own templates.
+ *
+ * Design note: the checks are MAPPING-DRIVEN. `AI_RULES_FILE_MAPPING` is the source of
+ * truth for what each template installs as, so the lint uses the install target (does it
+ * end in `/SKILL.md`?) to tell a top-level skill from a sub-content fragment — instead of
+ * guessing from filenames. We deliberately do NOT enforce claude↔github body parity: the
+ * two variants are hand-tuned per platform and intentionally diverge in wording and even
+ * structure, so byte/heading equality would be pure false positives.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { AI_RULES_FILE_MAPPING } from '../../orchestrator/ai-rules-updater';
+
+export interface SkillLintFinding { level: 'error' | 'warn'; file: string; rule: string; detail: string }
+export interface SkillLintResult { checked: number; findings: SkillLintFinding[]; errors: number }
+
+const LINE_BUDGET = 700; // a skill much larger than this is a context-cost smell (warn)
+const SKILL_RE = /^(claude|github)-skill-/;
+
+function stripFrontmatter(text: string): { fm: string | null; body: string } {
+  const m = text.match(/^---\n([\s\S]*?)\n---\n?/);
+  if (!m) return { fm: null, body: text };
+  return { fm: m[1], body: text.slice(m[0].length) };
+}
+
+/** Lint the AI-instruction templates in `dir` (default: the sungen source templates). */
+export function lintSkills(dir: string): SkillLintResult {
+  const findings: SkillLintFinding[] = [];
+  const files = fs.existsSync(dir) ? fs.readdirSync(dir).filter((f) => f.endsWith('.md')) : [];
+  const skillFiles = files.filter((f) => SKILL_RE.test(f));
+
+  // mapping: template file -> install target (source of truth for "is this a top-level skill")
+  const target = new Map<string, string>(AI_RULES_FILE_MAPPING.map(([tpl, dst]) => [tpl, dst]));
+  const isTopLevelSkill = (f: string) => (target.get(f) || '').endsWith('/SKILL.md');
+
+  // 1) registration integrity (bidirectional) — the highest-value check:
+  //    a skill file missing from the mapping never installs; a mapping to a missing file
+  //    ships a broken/empty skill.
+  for (const f of skillFiles) {
+    if (!target.has(f)) findings.push({ level: 'error', file: f, rule: 'unregistered', detail: 'skill template not in AI_RULES_FILE_MAPPING (it would never be installed)' });
+  }
+  for (const [tpl] of AI_RULES_FILE_MAPPING) {
+    if (!fs.existsSync(path.join(dir, tpl))) findings.push({ level: 'error', file: tpl, rule: 'mapped-missing', detail: 'AI_RULES_FILE_MAPPING points to a template that does not exist' });
+  }
+
+  // 2) frontmatter (name + description) — ONLY for top-level skills (SKILL.md targets).
+  //    Sub-content fragments (mode-*.md, group-*.md) are loaded by their parent router
+  //    and legitimately carry no frontmatter.
+  for (const f of skillFiles) {
+    if (!isTopLevelSkill(f)) continue;
+    const text = fs.readFileSync(path.join(dir, f), 'utf8');
+    const { fm } = stripFrontmatter(text);
+    if (!fm) { findings.push({ level: 'error', file: f, rule: 'frontmatter', detail: 'top-level skill (SKILL.md) is missing --- frontmatter --- (Claude/Copilot will not load it)' }); continue; }
+    if (!/\bname\s*:/.test(fm)) findings.push({ level: 'error', file: f, rule: 'frontmatter-name', detail: 'no `name:` in frontmatter' });
+    if (!/\bdescription\s*:/.test(fm)) findings.push({ level: 'error', file: f, rule: 'frontmatter-description', detail: 'no `description:` in frontmatter' });
+  }
+
+  // 3) line budget — context-cost smell (advisory).
+  for (const f of skillFiles) {
+    const lines = fs.readFileSync(path.join(dir, f), 'utf8').split('\n').length;
+    if (lines > LINE_BUDGET) findings.push({ level: 'warn', file: f, rule: 'line-budget', detail: `${lines} lines > ${LINE_BUDGET} (context-cost smell)` });
+  }
+
+  // 4) variant PRESENCE (not body equality) — every top-level skill should ship for both
+  //    platforms. Catches "added a Claude skill but forgot the Copilot variant". Advisory.
+  const skillName = (dst: string) => { const m = dst.match(/\/(sungen-[^/]+)\/SKILL\.md$/); return m ? m[1] : null; };
+  const claudeSkills = new Set<string>(), githubSkills = new Set<string>();
+  for (const f of skillFiles) {
+    if (!isTopLevelSkill(f)) continue;
+    const name = skillName(target.get(f)!); if (!name) continue;
+    (f.startsWith('claude-') ? claudeSkills : githubSkills).add(name);
+  }
+  for (const n of claudeSkills) if (!githubSkills.has(n)) findings.push({ level: 'warn', file: `claude .../${n}/SKILL.md`, rule: 'variant-missing', detail: `Claude skill "${n}" has no GitHub (Copilot) variant` });
+  for (const n of githubSkills) if (!claudeSkills.has(n)) findings.push({ level: 'warn', file: `github .../${n}/SKILL.md`, rule: 'variant-missing', detail: `GitHub skill "${n}" has no Claude variant` });
+
+  return { checked: skillFiles.length, findings, errors: findings.filter((f) => f.level === 'error').length };
+}
+
+/** Default templates dir, resolved relative to this module (works from src via tsx and dist). */
+export function defaultSkillDir(): string {
+  // src/harness/eval → src/orchestrator/...  |  dist/harness/eval → dist/orchestrator/...
+  return path.resolve(__dirname, '..', '..', 'orchestrator', 'templates', 'ai-instructions');
+}

package/src/harness/parse.ts

@@ -29,6 +29,18 @@ export interface ScenarioInfo {
   stepSkeleton: string;       // normalized steps for duplicate clustering
   haystack: string;           // lowercase name + steps text (for keyword coverage)
   stepsText: string;          // lowercase steps ONLY (name excluded) — for claim-proof
+  vpId?: string;              // raw leading ID token of the title (project's scheme: VP0-001, MS-HP-001, VP-LIST-001)
+}
+
+/** Format-tolerant: is this token an ID (project's scheme), not a prose word?
+ * Accepts VP0, VP0-001, MS-HP-001, TV-01, VP-LIST-001 — requires a digit + uppercase start. */
+export function isIdLike(s: string): boolean {
+  return /^[A-Z][A-Za-z0-9.-]*$/.test(s) && /\d/.test(s) && s.length >= 3;
+}
+
+/** The ID minus its trailing -NNN sequence number (VP0-001 → VP0, MS-HP-001 → MS-HP). */
+export function idPrefix(id: string): string {
+  return id.replace(/[-.]\d{1,4}$/, '');
 }
 
 // ---------- test-viewpoint.md ----------
@@ -50,7 +62,7 @@ export function parseViewpointOverview(filePath: string): ViewpointEntry[] {
       const cells = line.split('|').map((c) => c.trim()).filter((_, i, a) => i > 0 && i < a.length - 1);
       if (cells.length >= 3) {
         const id = cells[0];
-        if (/^VP[-A-Z0-9]/i.test(id) && !/^vp$/i.test(id) && !/^-+$/.test(cells[1])) {
+        if (isIdLike(id) && !/^-+$/.test(cells[1])) {
           const pr = /high/i.test(cells[1]) ? 'High' : /medium/i.test(cells[1]) ? 'Medium' : /low/i.test(cells[1]) ? 'Low' : 'Unknown';
           entries.set(id.toUpperCase(), { id: id.toUpperCase(), priority: pr as any, reason: cells[2] });
         }
@@ -66,8 +78,8 @@ export function parseViewpointOverview(filePath: string): ViewpointEntry[] {
     if (g) { group = (g[1][0].toUpperCase() + g[1].slice(1).toLowerCase()) as any; continue; }
     if (/^##\s/.test(line)) { group = undefined; }
     if (group) {
-      const m = line.match(/^-\s+(VP[-A-Z0-9]+)/i);
-      if (m) {
+      const m = line.match(/^[-*+]\s+([A-Za-z][A-Za-z0-9.-]*)/);
+      if (m && isIdLike(m[1])) {
         const id = m[1].toUpperCase();
         const existing = entries.get(id);
         if (existing) existing.group = group;
@@ -92,6 +104,9 @@ function classifyScenario(sc: ParsedScenario): ScenarioInfo {
   const codeMatch = sc.name.match(/\bVP-([A-Z]+)-\d+/i);
   const vpCode = codeMatch ? codeMatch[0].toUpperCase() : undefined;
   const category = codeMatch ? codeMatch[1].toUpperCase() : undefined;
+  // Project-scheme ID: the leading token of the title (VP0-001 / MS-HP-001 / VP-LIST-001).
+  const leadMatch = sc.name.match(/^\s*([A-Za-z][A-Za-z0-9.-]*)/);
+  const vpId = leadMatch && isIdLike(leadMatch[1]) ? leadMatch[1].toUpperCase() : undefined;
 
   // Then-phase detection (And/But inherit previous primary keyword)
   let last = 'Given';
@@ -136,6 +151,7 @@ function classifyScenario(sc: ParsedScenario): ScenarioInfo {
     stepSkeleton: skeletonParts.join(' | '),
     haystack: textParts.join(' ').toLowerCase(),
     stepsText: stepTextParts.join(' ').toLowerCase(),
+    vpId,
   };
 }
 

package/src/harness/quality-gates.ts

@@ -0,0 +1,152 @@
+/**
+ * Quality gates (batch): downstream-scope + manual-oracle + negative-side-effect +
+ * cross-artifact ownership + source-backed strictness.
+ * Generic — read the project's own spec.md / feature text / sibling flows; no project data.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { ScenarioInfo, loadScenarios, idPrefix } from './parse';
+
+// ---------- #2 Downstream-scope ----------
+
+export interface DownstreamResult {
+  downstreamRoutes: string[];                 // success/navigation targets ≠ own route
+  underCovered: { route: string; slug: string }[]; // referenced only by a bare page-nav
+}
+
+/** Routes the spec hands off to (Navigation Flow / success), other than the screen's own route. */
+function downstreamRoutes(specText: string): string[] {
+  const ownRoute = (specText.match(/\*\*Route\*\*\s*:\s*`?(\/[^\s`]+)/) || [])[1] || '';
+  const routes = new Set<string>();
+  for (const line of specText.split('\n')) {
+    if (!/success|navigat|to \(|→/i.test(line)) continue;
+    for (const m of line.matchAll(/`?(\/[a-z][a-z0-9/_-]+)`?/gi)) {
+      const r = m[1];
+      if (r !== ownRoute && r.split('/').length > ownRoute.split('/').length - 0) routes.add(r);
+    }
+  }
+  // keep only routes that extend beyond the own route (a distinct downstream surface)
+  return [...routes].filter((r) => r !== ownRoute && (!ownRoute || r.startsWith(ownRoute + '/') || r.split('/').length >= 3));
+}
+
+export function downstreamScope(specText: string, scenarios: ScenarioInfo[]): DownstreamResult {
+  const routes = downstreamRoutes(specText);
+  const underCovered: { route: string; slug: string }[] = [];
+  for (const route of routes) {
+    const slug = (route.split('/').filter(Boolean).pop() || route).toLowerCase();
+    const refs = scenarios.filter((s) => s.haystack.includes(slug) || s.haystack.includes(route.toLowerCase()));
+    if (!refs.length) continue; // not referenced at all — out of this screen's scope entirely
+    // Substantively covered only if some scenario OPERATES on the downstream — i.e. it
+    // starts there (`is on [<downstream>]`) — not merely navigates to it as a terminal
+    // `see [<downstream>] page` assertion. The latter just proves the transition.
+    const opensOn = new RegExp(`\\bis on \\[[^\\]]*${slug}`, 'i');
+    const contentCovered = refs.some((s) => opensOn.test(s.haystack));
+    if (!contentCovered) underCovered.push({ route, slug });
+  }
+  return { downstreamRoutes: routes, underCovered };
+}
+
+// ---------- #4 Manual-oracle ----------
+
+export interface ManualOracleResult {
+  manualTotal: number;
+  insufficient: string[];   // @manual scenarios lacking setup/action/oracle
+}
+
+function blocks(featureText: string): string[] {
+  return featureText.split(/\n\s*\n/).filter((b) => /\bScenario:/.test(b));
+}
+
+export function manualOracle(featureText: string): ManualOracleResult {
+  const insufficient: string[] = [];
+  let manualTotal = 0;
+  for (const b of blocks(featureText)) {
+    if (!/@manual\b/.test(b)) continue;
+    manualTotal++;
+    const commentLines = b.split('\n').filter((l) => /^\s*#/.test(l));
+    const hasOracle = /tester verifies|oracle\s*:|requires|verify that|expected\s*:|steps?\s*:/i.test(b);
+    const hasNumberedSteps = /^\s*#?\s*\d+\.\s/m.test(b);
+    // sufficient = an oracle/steps marker, OR a substantive comment block (≥3 comment lines)
+    if (!(hasOracle || hasNumberedSteps || commentLines.length >= 3)) {
+      const name = (b.match(/Scenario:\s*(.+)/) || [])[1] || '(unnamed)';
+      insufficient.push(name.trim().slice(0, 80));
+    }
+  }
+  return { manualTotal, insufficient };
+}
+
+// ---------- #4 Negative side-effect ----------
+
+const NEG_TITLE = /\b(does not|doesn't|no second|not dispatch|not sent|without submitting|no leak|single request|exactly one|count is 1|only one request|no duplicate|not create)\b/i;
+
+/** Titles asserting an ABSENCE must prove it (count / negative / @manual+oracle), not just a happy outcome. */
+export function negativeSideEffect(scenarios: ScenarioInfo[]): string[] {
+  const flagged: string[] = [];
+  for (const s of scenarios) {
+    if (s.manual) continue;                 // @manual is a legitimate deferral (oracle checked by #4 manual-oracle)
+    if (!NEG_TITLE.test(s.name)) continue;
+    const proven = /\bcount\b|tohavecount|table with|is hidden|are hidden|not complete|message is hidden/.test(s.stepsText);
+    if (!proven) flagged.push(s.name.slice(0, 80));
+  }
+  return flagged;
+}
+
+// ---------- #7 Source-backed strictness ----------
+
+/** A scenario should trace to a source: a viewpoint ID (its own scheme), an FR id, or a
+ * viewpoint item (keyword overlap). ID match is language-agnostic and primary. */
+export function sourceBacked(scenarios: ScenarioInfo[], frIds: string[], viewpointItems: string[], viewpointIds: string[], featureText: string): string[] {
+  if (!frIds.length && !viewpointItems.length && !viewpointIds.length) return []; // no contract
+  const vpIds = viewpointIds.map((s) => s.toUpperCase());
+  const itemWords = viewpointItems.map((t) => new Set((t.toLowerCase().match(/[a-z][a-z-]{4,}/g) || [])));
+  // per-scenario blocks (INCLUDING comments) so an FR cited in a comment counts as a source
+  const blockOf = new Map<string, string>();
+  for (const b of featureText.split(/\n\s*\n/)) {
+    const m = b.match(/Scenario:\s*(.+)/);
+    if (m) blockOf.set(m[1].trim().toLowerCase(), b.toLowerCase());
+  }
+  const unsourced: string[] = [];
+  for (const s of scenarios) {
+    const id = (s.vpId || s.vpCode || '').toUpperCase();
+    const mapsId = !!id && vpIds.some((v) => id === v || id.startsWith(v) || v.startsWith(idPrefix(id)));
+    const block = blockOf.get(s.name.trim().toLowerCase()) || s.haystack;
+    const citesFr = frIds.some((fid) => block.includes(fid.toLowerCase()));
+    const sWords = new Set((s.haystack.match(/[a-z][a-z-]{4,}/g) || []));
+    const mapsItem = itemWords.some((iw) => { let hits = 0; for (const w of iw) if (sWords.has(w)) hits++; return hits >= 2; });
+    if (!mapsId && !citesFr && !mapsItem) unsourced.push(s.name.slice(0, 80));
+  }
+  return unsourced;
+}
+
+// ---------- #6 Cross-artifact ownership ----------
+
+export interface OwnershipResult { duplicates: { scenario: string; flow: string }[] }
+
+/** Scenarios whose step-skeleton also appears in a sibling flow feature → duplicate ownership. */
+export function crossArtifactOwnership(screenDir: string, scenarios: ScenarioInfo[]): OwnershipResult {
+  const duplicates: { scenario: string; flow: string }[] = [];
+  // screenDir = <root>/qa/screens/<name>; flows live at <root>/qa/flows/*/features/*.feature
+  const flowsRoot = path.resolve(screenDir, '..', '..', 'flows');
+  if (!fs.existsSync(flowsRoot)) return { duplicates };
+  const bySkeleton = new Map<string, string>();
+  for (const flow of fs.readdirSync(flowsRoot)) {
+    const fdir = path.join(flowsRoot, flow, 'features');
+    if (!fs.existsSync(fdir)) continue;
+    for (const f of fs.readdirSync(fdir).filter((x) => x.endsWith('.feature'))) {
+      for (const fs2 of loadScenarios(path.join(fdir, f))) {
+        if (fs2.stepSkeleton && fs2.stepSkeleton.length > 20) bySkeleton.set(fs2.stepSkeleton, flow);
+      }
+    }
+  }
+  if (!bySkeleton.size) return { duplicates };
+  for (const s of scenarios) {
+    const flow = s.stepSkeleton && s.stepSkeleton.length > 20 ? bySkeleton.get(s.stepSkeleton) : undefined;
+    if (flow) duplicates.push({ scenario: s.name.slice(0, 70), flow });
+  }
+  return { duplicates };
+}
+
+// convenience reader
+export function readText(p: string): string {
+  return fs.existsSync(p) ? fs.readFileSync(p, 'utf-8') : '';
+}

package/src/harness/sensors.ts

@@ -9,7 +9,7 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import { parse as parseYaml } from 'yaml';
-import { ScenarioInfo, ViewpointEntry } from './parse';
+import { ScenarioInfo, ViewpointEntry, idPrefix } from './parse';
 
 // Business-critical category codes (project VP-<CAT> prefixes). Configurable later.
 const BUSINESS_CRITICAL_CATS = ['LIST', 'CART', 'PRODUCT', 'FILTER', 'CHECKOUT', 'ORDER'];
@@ -263,17 +263,23 @@ export interface TraceResult {
 
 export function traceability(scenarios: ScenarioInfo[], viewpoints: ViewpointEntry[]): TraceResult {
   const overviewIds = new Set(viewpoints.map((v) => v.id.toUpperCase()));
-  const withCode = scenarios.filter((s) => s.vpCode);
-  // A scenario maps to overview if its full VP code OR its category-derived id exists in overview.
-  const mapped = withCode.filter((s) => overviewIds.has(s.vpCode!) || [...overviewIds].some((id) => id.includes(s.category || '###')));
+  // A scenario carries an ID if it has a project-scheme leading ID (vpId) or a VP-CAT code.
+  const withCode = scenarios.filter((s) => s.vpId || s.vpCode);
+  // Maps to overview if the scenario's ID, its sequence-stripped prefix, or its VP-CAT code
+  // matches a declared viewpoint ID (format-tolerant: VP0-001↔VP0, MS-HP-001↔MS-HP-001).
+  const mapped = withCode.filter((s) => {
+    const id = (s.vpId || s.vpCode || '').toUpperCase();
+    if (overviewIds.has(id) || overviewIds.has(idPrefix(id))) return true;
+    return [...overviewIds].some((oid) => id.startsWith(oid) || oid.startsWith(idPrefix(id)) || (!!s.category && oid.includes(s.category)));
+  });
   return {
     total: scenarios.length,
     withVpCode: withCode.length,
     mappedToOverview: mapped.length,
     withVpCodeRatio: scenarios.length ? withCode.length / scenarios.length : 0,
     mappedRatio: scenarios.length ? mapped.length / scenarios.length : 0,
-    note: mapped.length < withCode.length * 0.5
-      ? 'Scenarios use ad-hoc VP-<CAT>-NNN codes not linked to viewpoint-overview ids (weak traceability — see review Gate 4).'
+    note: withCode.length && mapped.length < withCode.length * 0.5
+      ? 'Scenario IDs do not match the viewpoint-overview ids (weak traceability — re-tag to the project viewpoint IDs).'
       : 'Traceable.',
   };
 }
@@ -367,14 +373,85 @@ const CLAIM_RULES: ClaimRule[] = [
     hint: 'capture the before-state and assert the after-state differs, or assert the visible/hidden transition.',
     severity: 'warn',
   },
+  {
+    // GENERAL — mutation-absence. A title asserts that a STATE-CHANGING action does NOT
+    // happen / does not repeat (submit, send, create, charge, order, pay, email, request,
+    // OTP, register, book, a re-/double-/again repeat…) paired with a negation in EITHER
+    // language. A mutation's absence is NOT observable from a positive `see [X] page` —
+    // that page looks identical whether or not the mutation fired — so it MUST prove a
+    // count/contrast (record count unchanged) or defer to @manual. This is the general
+    // category behind "browser back does not re-submit", "does not re-charge the card",
+    // "double-click does not create two orders" — not a per-feature keyword.
+    claim: 'no-side-effect/no-duplicate',
+    title: /(?=.*\b(submit|sen[dt]|resend|resubmit|re-?fire|re-?issue|re-?post|repost|create|charge|order|payment|\bpay\b|email|request|\botp\b|insert|register|book|duplicate|double[- ]?submit|again|twice)\b)(?=.*(\bno\b|\bnot\b|n['’]t\b|\bnever\b|\bwithout\b|\bcannot\b|prevent|block|avoid|reject|disabl|\bdeny\b|denies|\bkhông\b|\bchưa\b))/i,
+    proof: /\bcount\b|row with \{\{|table with|tohavecount|is hidden|are hidden|not complete|no longer/,
+    need: 'a record/request-count proof (count stays at one, e.g. `User see [Table] row with {{count}}`) or @manual with a request-count oracle',
+    hint: 'a "does-not-happen / does-not-repeat" claim about a state-changing action is NOT proven by a terminal `see [...] page` — that page is identical whether or not the action (re-)fired. Prove the side-effect count is unchanged, or mark @manual with a setup→action→assert-no-duplicate oracle.',
+    severity: 'fail',
+  },
   {
     claim: 'hidden/rejected/not-complete',
-    title: /\b(hidden|closed|dismiss(es|ed)?|does not|doesn't|not complete|rejected|inert)\b/,
+    title: /\b(hidden|closed|dismiss(es|ed)?|not complete|rejected|inert)\b/,
     proof: /\bis hidden\b|\bare hidden\b|message is hidden|not complete|\bhidden\b/,
     need: 'a negative / hidden assertion (`… is hidden`)',
     hint: 'assert the absence/hidden state that the title claims, not just an unrelated visible element.',
     severity: 'fail',
   },
+  {
+    claim: 'cleared/emptied',
+    title: /\b(cleared|clears|emptied|empties|reset to empty|wiped)\b/,
+    proof: /\bis empty\b|with \{\{empty|with ['"]?['"]?\s*$|\bempty\b/,
+    need: 'an empty/cleared assertion after the action (e.g. `field with {{empty_value}}` / `is empty`)',
+    hint: 'prove the value is actually gone — return to the screen and assert the field is empty, not just that the action ran.',
+    severity: 'fail',
+  },
+  {
+    claim: 'restored/preserved',
+    title: /\b(restored|preserved|persists?|retained|remembered|kept)\b/,
+    proof: /\bremember\b|with \{\{|field with/,
+    need: 'the value re-asserted after the transition (capture or `field with {{v}}` after returning)',
+    hint: 'prove the value survives — assert the field still holds the typed value after the reload/return, not just that it was typed.',
+    severity: 'warn',
+  },
+  {
+    claim: 'independent/separate',
+    title: /\b(independent|separate|isolat(ed|es)|per[- ]tab|two tabs|each tab)\b/,
+    proof: /\bcontext\b|tab a|tab b|second (tab|context)/,
+    need: 'a multi-context proof (tab A vs tab B)',
+    hint: 'independence across tabs/contexts is rarely DSL-expressible — mark @manual with a clear setup/action/oracle.',
+    severity: 'warn',
+  },
+  {
+    claim: 'sanitized/inert',
+    title: /\b(sanitized|sanitised|escaped|inert|not executed|not rendered|stripped)\b/,
+    proof: /field with \{\{|payload|inert|toContainText|is hidden/,
+    need: 'the payload echoed as inert text (`field with {{payload}}`) + no execution',
+    hint: 'prove the payload round-trips as literal text and triggers nothing — assert the field value and the absence of any effect.',
+    severity: 'warn',
+  },
+  {
+    claim: 'announces/aria',
+    title: /\b(announce[sd]?|aria|screen[- ]reader|programmatically associated)\b/,
+    proof: /aria|role|@manual|describedby|is focused/,
+    need: 'an aria/role assertion (or @manual with a screen-reader oracle)',
+    hint: 'ARIA announcement is usually not DSL-expressible — assert aria attributes if possible, else @manual with an NVDA/VoiceOver oracle.',
+    severity: 'warn',
+  },
+  {
+    // GENERAL CATCH-ALL (last) — any negative/absence title not handled by a specific
+    // rule above. Language-aware negation, NO verb list: if the title says "no / not /
+    // never / without / không / prevents …" the steps must carry a NEGATIVE/contrast
+    // assertion (hidden, empty, error, count, no-longer, a remembered before/after) — not
+    // only a positive presence. WARN, because a positive proxy is sometimes a valid
+    // negative proof (e.g. "stayed on the login page"); the semantic reviewer is the
+    // authoritative recall layer for the residue this can't judge structurally.
+    claim: 'negative-claim/absence',
+    title: /(\bno\b|\bnot\b|n['’]t\b|\bnever\b|\bwithout\b|\bcannot\b|prevent|block|avoid|reject|disabl|\bdeny\b|denies|\bkhông\b|\bchưa\b)/i,
+    proof: /is hidden|are hidden|is empty|no longer|not complete|disabl|invalid|rejected|\berror\b|\bcount\b|row with \{\{|table with|\bremember\b|\bexactly\b|tohavecount/i,
+    need: 'a proof of the ABSENCE — a contrast/empty/hidden/error/count assertion, or @manual with an oracle',
+    hint: 'a negative claim ("no / not / không …") is not proven by a positive `see [X]` that looks the same whether or not the claim holds. Assert the contrast (state hidden/empty, error shown, count unchanged), or mark @manual.',
+    severity: 'warn',
+  },
 ];
 
 // ---------- Viewpoint taxonomy-lint (harness-roadmap §0.5 Q3) ----------