@tekyzinc/gsd-t 3.29.10 → 4.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (112) hide show
  1. package/CHANGELOG.md +176 -0
  2. package/bin/gsd-t-parallel.cjs +64 -13
  3. package/bin/gsd-t-test-data-adapters/file-json-array.cjs +27 -3
  4. package/bin/gsd-t-test-data-adapters/localstorage-key-prefix.cjs +6 -1
  5. package/bin/gsd-t-test-data-adapters/sqlite-table-where.cjs +16 -1
  6. package/bin/gsd-t-test-data-ledger.cjs +1 -0
  7. package/bin/gsd-t.js +48 -376
  8. package/bin/journey-coverage.cjs +6 -3
  9. package/bin/parallel-cli.cjs +13 -1
  10. package/commands/gsd-t-debug.md +47 -533
  11. package/commands/gsd-t-design-decompose.md +24 -497
  12. package/commands/gsd-t-doc-ripple.md +23 -139
  13. package/commands/gsd-t-execute.md +41 -958
  14. package/commands/gsd-t-help.md +0 -2
  15. package/commands/gsd-t-impact.md +26 -295
  16. package/commands/gsd-t-integrate.md +44 -369
  17. package/commands/gsd-t-milestone.md +25 -124
  18. package/commands/gsd-t-partition.md +28 -539
  19. package/commands/gsd-t-plan.md +26 -472
  20. package/commands/gsd-t-prd.md +25 -311
  21. package/commands/gsd-t-quick.md +1 -1
  22. package/commands/gsd-t-resume.md +0 -33
  23. package/commands/gsd-t-verify.md +52 -569
  24. package/commands/gsd-t-wave.md +41 -430
  25. package/package.json +1 -1
  26. package/scripts/gsd-t-calibration-hook.js +3 -1
  27. package/scripts/hooks/pre-commit-journey-coverage +0 -2
  28. package/scripts/hooks/pre-commit-playwright-gate +0 -2
  29. package/templates/CLAUDE-global.md +43 -173
  30. package/templates/CLAUDE-project.md +118 -104
  31. package/templates/prompts/design-verify-subagent.md +3 -0
  32. package/templates/prompts/qa-subagent.md +3 -0
  33. package/templates/prompts/red-team-subagent.md +5 -2
  34. package/templates/workflows/_lib.js +176 -0
  35. package/templates/workflows/gsd-t-debug.workflow.js +86 -0
  36. package/templates/workflows/gsd-t-execute.workflow.js +206 -0
  37. package/templates/workflows/gsd-t-integrate.workflow.js +71 -0
  38. package/templates/workflows/gsd-t-phase.workflow.js +94 -0
  39. package/templates/workflows/gsd-t-quick.workflow.js +72 -0
  40. package/templates/workflows/gsd-t-verify.workflow.js +348 -0
  41. package/templates/workflows/gsd-t-wave.workflow.js +43 -0
  42. package/bin/check-headless-sessions.js +0 -140
  43. package/bin/context-budget-audit.cjs +0 -447
  44. package/bin/context-meter-config.cjs +0 -101
  45. package/bin/context-meter-config.test.cjs +0 -101
  46. package/bin/event-stream.cjs +0 -205
  47. package/bin/gsd-t-benchmark-orchestrator.js +0 -437
  48. package/bin/gsd-t-capture-lint.cjs +0 -440
  49. package/bin/gsd-t-economics.cjs +0 -315
  50. package/bin/gsd-t-in-session-usage.cjs +0 -213
  51. package/bin/gsd-t-orchestrator-config.cjs +0 -161
  52. package/bin/gsd-t-orchestrator-queue.cjs +0 -180
  53. package/bin/gsd-t-orchestrator-recover.cjs +0 -231
  54. package/bin/gsd-t-orchestrator-worker.cjs +0 -219
  55. package/bin/gsd-t-orchestrator.js +0 -535
  56. package/bin/gsd-t-parallel-probe.cjs +0 -132
  57. package/bin/gsd-t-ratelimit-probe-worker.cjs +0 -237
  58. package/bin/gsd-t-ratelimit-probe.cjs +0 -648
  59. package/bin/gsd-t-report-tokens.cjs +0 -549
  60. package/bin/gsd-t-stream-feed-client.cjs +0 -151
  61. package/bin/gsd-t-token-backfill.cjs +0 -366
  62. package/bin/gsd-t-token-capture.cjs +0 -321
  63. package/bin/gsd-t-token-dashboard.cjs +0 -353
  64. package/bin/gsd-t-token-regenerate-log.cjs +0 -129
  65. package/bin/gsd-t-tool-attribution.cjs +0 -377
  66. package/bin/gsd-t-tool-cost.cjs +0 -195
  67. package/bin/gsd-t-transcript-tee.cjs +0 -246
  68. package/bin/gsd-t-unattended-heartbeat.cjs +0 -188
  69. package/bin/gsd-t-unattended-platform.cjs +0 -551
  70. package/bin/gsd-t-unattended-platform.js +0 -381
  71. package/bin/gsd-t-unattended-safety.cjs +0 -773
  72. package/bin/gsd-t-unattended-safety.js +0 -788
  73. package/bin/gsd-t-unattended.cjs +0 -2109
  74. package/bin/gsd-t-unattended.js +0 -1367
  75. package/bin/gsd-t-worker-dispatch.cjs +0 -211
  76. package/bin/handoff-lock.cjs +0 -249
  77. package/bin/handoff-lock.js +0 -249
  78. package/bin/headless-auto-spawn.cjs +0 -711
  79. package/bin/headless-auto-spawn.js +0 -373
  80. package/bin/headless-exit-codes.cjs +0 -67
  81. package/bin/live-activity-report.cjs +0 -615
  82. package/bin/log-tail.cjs +0 -81
  83. package/bin/m44-proof-measure.cjs +0 -285
  84. package/bin/m46-iter-proof.cjs +0 -149
  85. package/bin/m46-worker-proof.cjs +0 -201
  86. package/bin/m55-substrate-proof.cjs +0 -134
  87. package/bin/metrics-rollup.js +0 -200
  88. package/bin/model-windows.cjs +0 -99
  89. package/bin/model-windows.test.cjs +0 -75
  90. package/bin/parallelism-report.cjs +0 -535
  91. package/bin/runway-estimator.cjs +0 -242
  92. package/bin/spawn-plan-derive.cjs +0 -163
  93. package/bin/spawn-plan-status-updater.cjs +0 -292
  94. package/bin/spawn-plan-writer.cjs +0 -204
  95. package/bin/supervisor-pid-fingerprint.cjs +0 -126
  96. package/bin/token-budget.cjs +0 -265
  97. package/bin/unattended-watch-format.cjs +0 -178
  98. package/bin/watch-progress.js +0 -155
  99. package/commands/gsd-t-unattended-stop.md +0 -85
  100. package/commands/gsd-t-unattended-watch.md +0 -465
  101. package/commands/gsd-t-unattended.md +0 -476
  102. package/commands/gsd-t-visualize.md +0 -116
  103. package/scripts/gsd-t-context-meter.e2e.test.js +0 -364
  104. package/scripts/gsd-t-context-meter.js +0 -341
  105. package/scripts/gsd-t-context-meter.test.js +0 -471
  106. package/scripts/gsd-t-dashboard-server.js +0 -1203
  107. package/scripts/gsd-t-post-commit-spawn-plan.sh +0 -86
  108. package/scripts/gsd-t-transcript.html +0 -1821
  109. package/scripts/hooks/gsd-t-conversation-capture.js +0 -439
  110. package/scripts/hooks/gsd-t-in-session-usage-hook.js +0 -84
  111. package/scripts/spawn-plan-fmt-tokens.cjs +0 -80
  112. package/templates/hooks/post-commit-spawn-plan.sh +0 -85
@@ -1,595 +1,78 @@
1
- # GSD-T: Verify — Quality Gates (Solo or Parallel)
1
+ # GSD-T: Verify — Quality Gates
2
2
 
3
- You are the lead agent coordinating verification of the completed work. Each verification dimension should be thorough and independent.
3
+ You are the lead agent. Verify the current milestone by invoking the canonical Workflow script at `templates/workflows/gsd-t-verify.workflow.js`.
4
4
 
5
- ## Argument Parsing
5
+ ## What this command does
6
6
 
7
- Parse `$ARGUMENTS`. M43 D4 removed the `--watch` opt-out; `--in-session`/`--headless` were never shipped. Under `.gsd-t/contracts/headless-default-contract.md` **v2.0.0** every verify spawn goes headless unconditionally. A legacy `--watch` token is accepted but ignored (stderr deprecation line).
7
+ Replaces the M40-era verify-orchestrator scaffolding with a single deterministic Workflow:
8
8
 
9
- ## Spawn Primitive — Always Headless (M43 D4, v2.0.0)
10
-
11
- Per `.gsd-t/contracts/headless-default-contract.md` v2.0.0. Spawn classifications used below:
12
-
13
- - `spawnType: 'validation'` — Step 4 test-audit subagent, Step 8 auto-invoke complete-milestone
14
-
15
- Spawn path is `autoSpawnHeadless({command, spawnType: 'validation', projectDir, sessionContext})`. Auto-invoke of complete-milestone (Step 8) is preserved — spawned headless via the same primitive and surfaced via the read-back banner.
16
-
17
- ## Model Assignment
18
-
19
- Per `.gsd-t/contracts/model-selection-contract.md` v1.0.0.
20
-
21
- - **Default**: `opus` (`selectModel({phase: "verify"})`) — milestone verification is the final quality gate before completion. High stakes.
22
- - **Escalation**: already at opus; there is no stronger tier. Verify judgments are always made at full quality.
23
-
24
- ## Step 1: Load State
25
-
26
- ```bash
27
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 1 --step-label "Load State" 2>/dev/null || true
28
9
  ```
29
-
30
- Read:
31
- 1. `CLAUDE.md`
32
- 2. `.gsd-t/progress.md` confirm status is INTEGRATED
33
- 3. `.gsd-t/contracts/` all contracts
34
- 4. `.gsd-t/domains/*/tasks.md` — all acceptance criteria
35
- 5. `docs/requirements.md` — original requirements
36
- 6. All source code
37
-
38
- ## Step 1.5: Graph-Enhanced Traceability Check
39
-
40
- ```bash
41
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 1 --step-label ".5: Graph-Enhanced Traceability Check" 2>/dev/null || true
10
+ preflight → brief → verify-gate (deterministic Track 1+2)
11
+ → M57 CI-Parity (build-coverage + ci-parity, FAIL-blocking)
12
+ M58 Test-Data Purge (FAIL-blocking)
13
+ parallel(/code-review ultra Red Team ∥ QA)
14
+ synthesis (no category collapse)
42
15
  ```
43
16
 
44
- If `.gsd-t/graph/meta.json` exists (graph index is available):
45
- 1. Query `getRequirementFor` on implemented entities to build a requirement-to-code traceability chain — flag entities with no requirement mapping
46
- 2. Query `getDomainBoundaryViolations` to verify no cross-domain boundary violations exist in the final codebase
47
- 3. Include any violations as FAIL findings in the verification report (Step 5)
48
-
49
- If graph is not available, skip this step.
50
-
51
- ## Step 2: Full Test Audit (Inline)
52
-
53
- ```bash
54
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 2 --step-label "Full Test Audit (Inline)" 2>/dev/null || true
55
- ```
17
+ Per `.gsd-t/contracts/orthogonal-validation-contract.md` v1.0.0 STABLE, the three triad stages are orthogonal objective functions — no collapse, no substitution, no transitive trust. Synthesis preserves category labels.
56
18
 
57
- Run the full test audit directly:
19
+ **Hard-failing gates** (each halts before triad):
20
+ - `verify-gate` — deterministic Track 1 (preflight envelope) + Track 2 (tsc/biome/npm-test/knip/gitleaks/scc fan-out)
21
+ - M57 `build-coverage` + `ci-parity` — origin TimeTracking v1.10.12 Dockerfile incident
22
+ - M58 `test-data --purge` — origin GSD-T-Board v0.1.10 2442 E2E orphans incident
58
23
 
59
- 1. Run the full test suite: `npm test` (or project equivalent) — record pass/fail counts
60
- 2. Read all contracts in `.gsd-t/contracts/` — verify each has at least one test validating it
61
- 3. Check acceptance criteria from domain task lists — verify each is tested
62
- 4. Run E2E suite if `playwright.config.*` exists
63
- 5. Report: comprehensive test results with pass/fail counts and coverage gaps
24
+ ## Step 1: Read the current milestone state
64
25
 
65
- Verification cannot complete if any test fails or critical contract gaps remain.
26
+ Read `.gsd-t/progress.md` to determine the active milestone.
66
27
 
67
- <!-- M55-D5: verify-gate wire-in -->
68
- **M55 Verify-Gate (mandatory two-track gate):**
28
+ ## Step 2: Invoke the verify Workflow
69
29
 
70
- Before finalizing the verify report, invoke the M55 verify-gate. It runs Track 1
71
- (`bin/cli-preflight.cjs::runPreflight` — preflight envelope; hard-fails on any
72
- `severity:"error"` check) AND Track 2 (`bin/parallel-cli.cjs::runParallel` fans
73
- out off-the-shelf CLIs: tsc, biome/ruff, npm test, knip, gitleaks, scc/lizard).
74
- Both tracks always run; both report. The gate's `ok` flag is purely
75
- deterministic (`track1.ok && track2.ok`) — the LLM judge's verdict is advisory.
30
+ Call the `Workflow` tool with:
76
31
 
77
- ```bash
78
- gsd-t verify-gate --json > /tmp/gsd-t-verify-gate.json || true
79
- GATE_OK=$(node -e "const e=require('/tmp/gsd-t-verify-gate.json');console.log(e.ok?'true':'false')")
32
+ ```js
33
+ {
34
+ scriptPath: "templates/workflows/gsd-t-verify.workflow.js",
35
+ args: {
36
+ milestone: "M{NN}",
37
+ projectDir: ".",
38
+ // Optional: skip /code-review ultra when rate-limited.
39
+ // skipUltra: false,
40
+ // skipUltraReason: "ultra rate-limited per error E429",
41
+ }
42
+ }
80
43
  ```
81
44
 
82
- If `GATE_OK=false`, surface the failed track to the user and do NOT mark verify
83
- complete. The summary in the envelope is ≤500 tokens — pipe it to the LLM judge
84
- for a confirming verdict:
85
-
86
- ```bash
87
- cat /tmp/gsd-t-verify-gate.json | gsd-t verify-gate-judge > /tmp/gsd-t-verify-gate-prompt.txt
88
- ```
89
-
90
- The judge prompt (`bin/gsd-t-verify-gate-judge.cjs`) is ≤500 tokens regardless
91
- of envelope size — feed it to the LLM judge to render a `PASS` / `FAIL` verdict
92
- on the deterministic summary. The LLM verdict NEVER overrides `ok` — it
93
- confirms or contradicts. A contradiction is a Red Team finding, not a gate
94
- override.
95
-
96
- Raw worker output stays at `.gsd-t/verify-gate/{runId}/{workerId}.{stdout,stderr}.ndjson`
97
- for human-only inspection. The directory is gitignored.
45
+ `skipUltra: true` requires `skipUltraReason: string` per contract Rule #2. A run with `skipUltra: true` is INELIGIBLE for `VERIFIED` — best attainable verdict is `VERIFIED-WITH-WARNINGS`. Red Team and QA are non-skippable.
98
46
 
99
- Defensive on missing `.gsd-t/ratelimit-map.json` verify-gate falls back to
100
- `maxConcurrency=2` and logs a structured note. Override with
101
- `gsd-t verify-gate --max-concurrency N --json` if needed.
47
+ ## Step 3: Interpret the result
102
48
 
103
- Contract: `.gsd-t/contracts/verify-gate-contract.md` v1.0.0 STABLE.
49
+ The Workflow returns:
104
50
 
105
- <!-- M57: CI-parity FAIL-blocking gate -->
106
- ## Step 2.6: CI-Parity Gate (MANDATORY — FAIL-blocking, never warning-only)
107
-
108
- ```bash
109
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 2 --step-label ".6: CI-Parity Gate" 2>/dev/null || true
110
- ```
111
-
112
- Origin: TimeTracking v1.10.12 shipped VERIFIED + tagged while Cloud Build
113
- failed (a new top-level `hooks/` dir was committed but never added to the
114
- Dockerfile `COPY` directives, and `noImplicitAny` regressions passed a
115
- warm-cache local `tsc` but failed CI's cold build). `gsd-t-verify` must
116
- reproduce the project's *actual* CI build, not assume local parity.
117
-
118
- Run BOTH checks. **Either failing is a verify FAIL — it blocks
119
- complete-milestone. This is never a warning-only signal.**
120
-
121
- ```bash
122
- # 1. Build-coverage — every new top-level path in the milestone range must be
123
- # referenced by a real CI build input (structural parse, not substring).
124
- gsd-t build-coverage --json > /tmp/gsd-t-build-coverage.json
125
- BC_EXIT=$?
126
-
127
- # 2. CI-parity — reproduce the project's actual CI build locally with caches
128
- # cleared; auto-runs `docker build` when a Dockerfile is present.
129
- gsd-t ci-parity --json > /tmp/gsd-t-ci-parity.json
130
- CP_EXIT=$?
131
- ```
132
-
133
- - `build-coverage` exit **4** (`ok:false`, `missing[]` non-empty) → verify
134
- FAIL. Report each uncovered path; the fix is to add the path to the
135
- Dockerfile `COPY` / cloudbuild artifact / workflow build input.
136
- - `ci-parity` exit **4** (`ok:false` — a detected CI command or the real
137
- `docker build` failed) → verify FAIL. Report the failing command.
138
- - exit **0** from both → gate passes.
139
- - exit **2** (usage error, e.g. not a git repo) → record as a structured
140
- note; not a pass-by-default (investigate before proceeding).
141
-
142
- Both are pure-deterministic CLI checks (no LLM). They consume the same
143
- preflight envelope as the M55 verify-gate Track 1, so failing here at
144
- verify mirrors what CI would do — catching the TimeTracking class before
145
- the milestone is tagged.
146
-
147
- Contracts: `.gsd-t/contracts/cli-build-coverage-contract.md` v2.0.0 STABLE,
148
- `.gsd-t/contracts/ci-parity-contract.md` v2.0.0 STABLE.
149
- <!-- /M57: CI-parity FAIL-blocking gate -->
150
-
151
- ## Step 2.5: High-Risk Domain Gate (MANDATORY — Categories 2 and 7)
152
-
153
- ```bash
154
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 2 --step-label ".5: High-Risk Domain Gate (MANDATORY — Categories 2 and 7)" 2>/dev/null || true
51
+ ```js
52
+ {
53
+ status: "complete" | "failed",
54
+ overallVerdict: "VERIFIED" | "VERIFIED-WITH-WARNINGS" | "VERIFY-FAILED",
55
+ verifyGate: { ... }, // Track 1+2
56
+ buildCoverage: { ... }, // M57
57
+ ciParity: { ... }, // M57
58
+ testDataPurge: { ... }, // M58
59
+ triad: [ultraResult, redTeamResult, qaResult],
60
+ verdict: { overallVerdict, summary, blockingFindings }
61
+ }
155
62
  ```
156
63
 
157
- Before running standard verification dimensions, check whether this milestone involves any high-risk domain:
158
-
159
- **High-risk domains**: audio capture/playback, GPU/WebGPU/WebGL, ML/inference/model loading, background workers, native APIs (camera, bluetooth, filesystem), IPC, WebAssembly, real-time data streams.
160
-
161
- **If any high-risk domain is present:**
162
-
163
- ### Category 2 — Technology Reliability Gate
164
- Initialization success does not prove runtime correctness. These technologies can initialize cleanly and fail silently at runtime (compute shader errors, audio context state loss, worker message drops, inference failures).
165
-
166
- For each high-risk domain:
167
- 1. A **smoke test script** must exist that exercises actual runtime behavior — not just initialization
168
- 2. The smoke test must have been run and passed
169
- 3. "It initialized without throwing" is NOT a passing smoke test
170
- 4. If no smoke test exists → create one now before proceeding with any other verification dimension
171
- 5. Smoke test failure → verification FAIL (not WARN)
172
-
173
- ### Category 7 — Manual QA as Test Gate
174
- "The user will manually test it" is not a test artifact. Scan the milestone's domains for any feature whose acceptance criteria relies solely on manual user testing.
175
-
176
- For each such feature:
177
- 1. A smoke test script must exist that automates as much of the verification as possible
178
- 2. Any remaining manual steps must be explicitly documented in `.gsd-t/smoke-tests/{feature}.md` with exact steps and expected outcomes
179
- 3. The documented manual steps must have been executed and passed (noted in the file)
180
- 4. If neither automated smoke test nor documented manual procedure exists → verification FAIL
181
-
182
- > These gates exist because the pre-commit checklist "did you run the affected tests?" is meaningless when the only test is "user presses Ctrl+Space." That is not a test. It is hope.
183
-
184
- ---
185
-
186
- ## Step 3: Define Verification Dimensions
187
-
188
- ```bash
189
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 3 --step-label "Define Verification Dimensions" 2>/dev/null || true
190
- ```
191
-
192
- Standard dimensions (adjust based on project):
193
-
194
- 1. **Functional Correctness**: Does it work per requirements?
195
- 2. **Contract Compliance**: Does every domain honor its contracts?
196
- 3. **Code Quality**: Conventions, patterns, error handling, readability
197
- 4. **Test Coverage Completeness**: Every new or changed code path MUST have tests. Check:
198
- - Do all new functions have unit tests (happy path + edge cases + error cases)?
199
- - Do all new features/modes/flows have Playwright E2E specs?
200
- - Do all new UI components have interaction tests?
201
- - **Zero test coverage on new functionality = FAIL** (not WARN, not "nice to have" — FAIL)
202
- 5. **E2E Tests**: Run the FULL Playwright suite — all specs must pass. If new features lack specs, create them before proceeding.
203
- 6. **Security**: Auth flows, input validation, data exposure, dependencies
204
- 7. **Integration Integrity**: Do the seams between domains hold under stress?
205
- 8. **Design Fidelity** (only when `.gsd-t/contracts/design-contract.md` exists):
206
- - Open every implemented screen in a real browser (dev server + Claude Preview, Chrome MCP, or Playwright)
207
- - Screenshot each screen at mobile (375px), tablet (768px), and desktop (1280px) widths
208
- - Get the Figma reference: call Figma MCP `get_screenshot` if available, or use design images from the contract
209
- - Compare every screen pixel-by-pixel against the Figma design:
210
- Chart types, colors, typography, spacing, layout, component states, data visualization style
211
- - Any deviation = FAIL with specifics (e.g., "Number of Tools: build uses vertical bars, design uses horizontal stacked bars")
212
- - Design fidelity FAIL blocks milestone completion — it has the same weight as functional test failures
213
- 9. **Requirements Traceability Close-Out**: Mark verified requirements as complete and report orphans:
214
- - Read `docs/requirements.md` traceability table (added by plan phase)
215
- - For each REQ-ID that is fully implemented and tested: update Status to `complete` in the traceability table
216
- - **Orphan report**: List any REQ-IDs with no task mapping (planning gap) and any tasks with no REQ-ID (potential scope creep)
217
- - Orphaned requirements = WARN (not blocking unless critical)
218
- - Update `docs/requirements.md` with the close-out results
219
-
220
- ## Step 4: Execute Verification
221
-
222
- ```bash
223
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 4 --step-label "Execute Verification" 2>/dev/null || true
224
- ```
225
-
226
- ### Solo Mode (default)
227
- Work through each dimension sequentially. For each:
228
- 1. Define what you're checking
229
- 2. Check it systematically
230
- 3. Record findings as PASS / WARN / FAIL with specifics
231
- 4. If FAIL, create a remediation task
232
-
233
- **Mandatory test execution:**
234
- 1. Run ALL unit/integration tests — every test must pass
235
- 2. Detect Playwright (check for `playwright.config.*`, Playwright deps in package.json)
236
- 3. Run the FULL Playwright E2E suite — every spec must pass
237
- 4. **Coverage audit**: For every new feature, mode, page, or flow added in this milestone:
238
- - Confirm Playwright specs exist that specifically test it
239
- - Confirm specs cover: happy path, error states, edge cases, all modes/flags
240
- - If specs are missing or incomplete → invoke `gsd-t-test-sync` to create them, then re-run
241
- - **Missing E2E coverage on new functionality = verification FAIL**
242
- 5. **Functional test quality audit**: Read every Playwright spec. For each `test()` block, verify assertions check **functional behavior** (state changed after action, data loaded, content updated, widget responded) — NOT just element existence (`isVisible`, `toBeAttached`, `toBeEnabled`). A test that would pass on an empty HTML page with the right element IDs is a **shallow test** and counts as a verification FAIL. Flag shallow tests and rewrite them before proceeding.
243
- 6. Tests are NOT optional — verification cannot pass without running them and confirming comprehensive, functional coverage
244
-
245
- ### Team Mode (when agent teams are enabled)
246
- ```
247
- Create an agent team for verification:
248
-
249
- ALL TEAMMATES read first:
250
- 1. CLAUDE.md
251
- 2. .gsd-t/contracts/ — all contracts
252
- 3. .gsd-t/domains/*/tasks.md — acceptance criteria
253
- 4. docs/requirements.md
254
-
255
- Teammate assignments:
256
- - Teammate "functional":
257
- Verify every acceptance criterion in every domain's tasks.md.
258
- Test each user flow end-to-end.
259
- Report: list of criteria with PASS/FAIL status.
260
-
261
- - Teammate "contracts":
262
- For each contract in .gsd-t/contracts/:
263
- Verify the implementing code matches exactly.
264
- Check types, shapes, error handling, edge cases.
265
- Report: contract-by-contract compliance status.
266
-
267
- - Teammate "quality":
268
- Review all source code for:
269
- - Consistency with CLAUDE.md conventions
270
- - Error handling completeness
271
- - Code duplication
272
- - Naming consistency
273
- - Dead code or TODOs
274
- Report: file-by-file findings.
275
-
276
- - Teammate "security":
277
- Review for:
278
- - Auth bypass possibilities
279
- - Input validation gaps
280
- - Data exposure in API responses
281
- - Dependency vulnerabilities (run audit if applicable)
282
- - Secret/credential handling
283
- Report: severity-ranked findings.
284
-
285
- Lead: After receiving teammate reports:
286
- **OBSERVABILITY LOGGING (MANDATORY) — wrap the validation spawn with `captureSpawn`:**
287
- ```
288
- node -e "
289
- const { captureSpawn } = require('./bin/gsd-t-token-capture.cjs');
290
- (async () => {
291
- await captureSpawn({
292
- command: 'gsd-t-verify',
293
- step: 'Step 4',
294
- model: 'haiku',
295
- description: 'test audit + contract review',
296
- projectDir: '.',
297
- notes: 'test audit + contract review',
298
- spawnFn: async () => { /* Task subagent (spawnType: validation) runs the full test suite and contract audit — always headless */ },
299
- });
300
- })();
301
- "
302
- ```
303
- `captureSpawn` parses `result.usage` and writes the row to `.gsd-t/token-log.md` under the canonical header. Tokens column renders as `in=N out=N cr=N cc=N $X.XX` or `—`, never `N/A`. Collect all reports, synthesize, create remediation plan.
304
- ```
305
-
306
- <!-- M58: Test Data Cleanup Gate -->
307
- ## Step 4.5: Test Data Cleanup Gate (MANDATORY — FAIL-blocking, never warning-only)
308
-
309
- ```bash
310
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 4 --step-label ".5: Test Data Cleanup Gate" 2>/dev/null || true
311
- ```
312
-
313
- Origin: GSD-T-Board v0.1.10 Verify ran the Playwright suite, the suite
314
- passed, the milestone was tagged VERIFIED — and 2442 `E2E_TEST_*` /
315
- `E2E_DRAG_*` ideas stayed live in the production data store. The gate
316
- exists to catch that class: any test data registered during Verify via the
317
- `withTestData()` Playwright fixture (or by direct calls to
318
- `appendInsert(...)`) MUST be purged before VERDICT.
319
-
320
- ```bash
321
- # Verify-run id — set at Step 1; if not, derive from milestone + UTC.
322
- : "${GSD_T_VERIFY_RUN_ID:=verify-${MILESTONE:-current}-$(date -u +%Y%m%dT%H%M%SZ)}"
323
- export GSD_T_VERIFY_RUN_ID
324
-
325
- # Purge anything the fixture (or appendInsert) registered during this run.
326
- gsd-t test-data --purge --run "$GSD_T_VERIFY_RUN_ID" --json > /tmp/gsd-t-test-data-purge.json
327
- TD_EXIT=$?
328
- ```
329
-
330
- - `test-data --purge` exit **0** (`errors:[]`) → record
331
- `Test data: purged=<N> skipped=<M>` in the verify report. Gate passes.
332
- - exit **4** (`errors.length > 0`) → verify FAIL. Append the first 5
333
- `errors[].message` values to the verify report and surface the count of
334
- remaining records. The fix is either (a) repair the adapter / store
335
- configuration so purge succeeds, or (b) update the test to use the
336
- fixture so the ledger has accurate entries.
337
-
338
- The gate runs AFTER the E2E suite (Step 4) so any tests that inserted
339
- test data via `withTestData(...)` have already populated the ledger.
340
- It runs BEFORE Step 5 (verify report) so the purge counts can land in the
341
- report. Tests that bypass the fixture and leave un-tagged data will not
342
- be caught here — they're caught at the project's next dataset audit.
343
-
344
- Pure-deterministic CLI check (no LLM). Contract:
345
- `.gsd-t/contracts/test-data-ledger-contract.md` v1.0.0 STABLE.
346
- Tagging: `.gsd-t/contracts/test-data-tagging-contract.md` v1.0.0 STABLE.
347
- <!-- /M58: Test Data Cleanup Gate -->
348
-
349
- ## Step 5: Compile Verification Report
350
-
351
- ```bash
352
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 5 --step-label "Compile Verification Report" 2>/dev/null || true
353
- ```
354
-
355
- Create or update `.gsd-t/verify-report.md`:
356
-
357
- ```markdown
358
- # Verification Report — {date}
359
-
360
- ## Milestone: {name}
361
-
362
- ## Summary
363
- - Functional: {PASS/WARN/FAIL} — {X}/{Y} criteria met
364
- - Contracts: {PASS/WARN/FAIL} — {X}/{Y} contracts compliant
365
- - Code Quality: {PASS/WARN/FAIL} — {N} issues found
366
- - Unit Tests: {PASS/WARN/FAIL} — {N}/{total} passing
367
- - E2E Tests: {PASS/WARN/FAIL} — {N}/{total} specs passing
368
- - Test Data Cleanup: {PASS/FAIL} — purged={N} skipped={M} errors={E}
369
- - Security: {PASS/WARN/FAIL} — {N} findings
370
- - Integration: {PASS/WARN/FAIL}
371
-
372
- ## Overall: {PASS / CONDITIONAL PASS / FAIL}
373
-
374
- ## Findings
375
-
376
- ### Critical (must fix before milestone complete)
377
- 1. {finding} — {domain} — {remediation}
378
-
379
- ### Warnings (should fix, not blocking)
380
- 1. {finding} — {domain} — {remediation}
381
-
382
- ### Notes (informational)
383
- 1. {observation}
384
-
385
- ## Remediation Tasks
386
- | # | Domain | Description | Priority |
387
- |---|--------|-------------|----------|
388
- | 1 | auth | Fix missing role in user response | CRITICAL |
389
- | 2 | ui | Add loading states for async calls | WARN |
390
- ```
391
-
392
- ## Step 5.25: Metrics Quality Budget Check
393
-
394
- ```bash
395
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 5 --step-label ".25: Metrics Quality Budget Check" 2>/dev/null || true
396
- ```
397
-
398
- Check task-metrics for the current milestone to detect quality budget violations:
399
-
400
- 1. Run via Bash:
401
- `node -e "const c = require('./bin/metrics-collector.js'); const r = c.readTaskMetrics({milestone: '{milestone-id}'}); if(!r.length){console.log('No metrics data — quality budget check skipped');process.exit(0);} const pass=r.filter(t=>t.fix_cycles===0&&t.pass).length; const rate=pass/r.length; console.log('First-pass rate: '+(rate*100).toFixed(1)+'% ('+pass+'/'+r.length+')'); if(rate<0.6) console.log('⚠️ Quality budget WARNING: first-pass rate below 60%');" 2>/dev/null || true`
402
-
403
- 2. Run heuristics check via Bash:
404
- `node -e "const m=require('./bin/metrics-rollup.js'); const r=m.readRollups({milestone:'{milestone-id}'}); if(r.length&&r[r.length-1].heuristic_flags.some(f=>f.severity==='HIGH')) console.log('⚠️ HIGH severity heuristic flag detected — review before completing milestone');" 2>/dev/null || true`
405
-
406
- 3. Display quality metrics summary inline. Quality budget violation is a **WARNING** (non-blocking) — does not fail verify.
407
-
408
- 4. Include quality budget status in the verification report (Step 5):
409
- `- Quality Budget: {PASS/WARN} — first-pass rate {N}%{, HIGH heuristic: {name} if any}`
410
-
411
- ## Step 5.5: Goal-Backward Verification (Post-Gate Behavior Check)
412
-
413
- ```bash
414
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 5 --step-label ".5: Goal-Backward Verification (Post-Gate Behavior Check)" 2>/dev/null || true
415
- ```
416
-
417
- This step runs **after all 8 quality gates pass**. It verifies that milestone goals are actually achieved end-to-end — not just structurally present. It catches placeholder implementations that pass all structural gates.
418
-
419
- Refer to `.gsd-t/contracts/goal-backward-contract.md` for the full verification flow, placeholder patterns, and findings report format.
420
-
421
- ### 5.5.1 Load Milestone Goals and Requirements
422
-
423
- 1. Read `.gsd-t/progress.md` — extract the current milestone name and goals
424
- 2. Read `docs/requirements.md` — identify **critical requirements** (skip trivial/low-priority items)
425
-
426
- ### 5.5.2 Trace Requirements to Behavior
427
-
428
- For each critical requirement:
429
-
430
- 1. **If `.gsd-t/graph/meta.json` exists (graph available)**:
431
- - Trace the requirement → code path → behavior chain using graph queries
432
- - Use `getRequirementFor`, `getCallers`, and `getTestsFor` to build the chain
433
- - Flag requirements with no traceable code path as CRITICAL findings
434
-
435
- 2. **If graph is not available (fallback to grep)**:
436
- - Search the codebase for the feature/function implementing each requirement
437
- - Trace from entry point → core logic → output/response
438
-
439
- ### 5.5.3 Scan for Placeholder Patterns
440
-
441
- For each file identified in the requirement traces above, scan for these placeholder patterns:
442
-
443
- | Pattern | Detection Hint | Severity |
444
- |---------|---------------|----------|
445
- | console.log placeholder | `console.log.*TODO\|console.log.*implement` | CRITICAL |
446
- | TODO/FIXME in implementation | `// TODO\|// FIXME\|# TODO\|# FIXME` in non-test files | CRITICAL |
447
- | Empty function body | `function \w+\(\) \{\}` or `\(\) => \{\}` with no logic | CRITICAL |
448
- | Throw not-implemented | `throw new Error.*not implemented\|throw new Error.*TODO` | CRITICAL |
449
- | Hardcoded return | `return "success"\|return true` with no conditional logic | HIGH |
450
- | Static UI text | Static `<span>` or text that never updates based on state | HIGH |
451
- | Pass-through stub | `return input\|return req\|return data` with no transformation | MEDIUM |
452
-
453
- ### 5.5.4 Produce Findings Report
454
-
455
- Format findings per the goal-backward-contract.md report format:
456
-
457
- ```markdown
458
- ## Goal-Backward Verification Report
459
-
460
- ### Status: PASS | FAIL
461
-
462
- ### Findings
463
- | # | Requirement | File:Line | Pattern | Severity | Description |
464
- |---|-------------|-----------|---------|----------|-------------|
465
- | 1 | {req-id} | {path}:{line} | {pattern} | {severity} | {what's wrong} |
466
-
467
- ### Summary
468
- - Requirements checked: {N}
469
- - Findings: {N} ({critical}, {high}, {medium})
470
- - Verdict: {PASS if 0 critical/high, FAIL otherwise}
471
- ```
472
-
473
- ### 5.5.5 Apply Blocking Rules
474
-
475
- - **CRITICAL or HIGH findings** → Goal-Backward status = **FAIL** — block verification
476
- - Append findings to the Critical section of the verification report (Step 5)
477
- - Set overall verification status to FAIL
478
- - **MEDIUM findings** → Goal-Backward status = **WARN** — log but do not block
479
- - Append findings to the Warnings section of the verification report (Step 5)
480
- - **No findings** → Goal-Backward status = **PASS** — add to verification report summary
481
-
482
- Add a `Goal-Backward:` line to the Step 5 verification report summary:
483
- ```
484
- - Goal-Backward: {PASS/WARN/FAIL} — {N} requirements checked, {N} findings ({critical} critical, {high} high, {medium} medium)
485
- ```
486
-
487
- ---
488
-
489
- ## Step 6: Handle Remediation
490
-
491
- ```bash
492
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 6 --step-label "Handle Remediation" 2>/dev/null || true
493
- ```
494
-
495
- If there are CRITICAL findings:
496
- 1. Create remediation tasks in the affected domain's `tasks.md`
497
- 2. Execute fixes (solo — don't spawn teams for remediation)
498
- 3. Re-verify the specific findings
499
- 4. Update the verification report
500
-
501
- ## Step 7: Update State
502
-
503
- ```bash
504
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 7 --step-label "Update State" 2>/dev/null || true
505
- ```
506
-
507
- Update `.gsd-t/progress.md`:
508
- - If all PASS: Set status to `VERIFIED`
509
- - If CONDITIONAL PASS: Set status to `VERIFIED-WITH-WARNINGS`, list warnings
510
- - If FAIL: Set status to `VERIFY-FAILED`, list required remediations
511
- - Record verification date and summary
512
-
513
- ### Autonomy Behavior
514
-
515
- **All Levels**:
516
- - VERIFIED or CONDITIONAL PASS → **Auto-invoke complete-milestone** (see Step 8 below). Completing a verified milestone is mechanical — there is no judgment call that benefits from user review.
517
- - FAIL → **Level 3**: Auto-execute remediation tasks (up to 2 fix attempts). If still failing after 2 attempts:
518
- 1. Write failure context to `.gsd-t/debug-state.jsonl` via `node -e "require('./bin/debug-ledger.js').appendEntry('.', {iteration:1,timestamp:new Date().toISOString(),test:'verify-remediation',error:'2 in-context fix attempts exhausted',hypothesis:'see verify-report.md',fix:'n/a',fixFiles:[],result:'STILL_FAILS',learning:'delegating to headless debug-loop',model:'sonnet',duration:0})"`
519
- 2. Log: "Delegating to headless debug-loop (2 in-context attempts exhausted)"
520
- 3. Run: `gsd-t headless --debug-loop --max-iterations 10`
521
- 4. Exit code 0 → re-run verification; 1/4 → log to `.gsd-t/deferred-items.md`, STOP and report to user; 3 → report error
522
- **Level 1–2**: Return to execute phase for remediation tasks.
64
+ - `VERIFIED` auto-advance to `/gsd-t-complete-milestone`
65
+ - `VERIFIED-WITH-WARNINGS` → same auto-advance; warnings persist in `progress.md` Decision Log
66
+ - `VERIFY-FAILED` invoke `gsd-t-debug` against the first blocking finding
523
67
 
524
68
  ## Document Ripple
525
69
 
526
- ### Always update:
527
- 1. **`.gsd-t/progress.md`** — Set status to VERIFIED/VERIFY-FAILED, log verification summary
528
- 2. **`.gsd-t/verify-report.md`** — Created with full verification results (Step 4)
529
-
530
- ### Check if affected:
531
- 3. **`.gsd-t/domains/{domain}/tasks.md`** — If remediation tasks were created (Step 5)
532
- 4. **`.gsd-t/techdebt.md`** — If verification found new quality or security issues, add as debt
533
- 5. **`docs/requirements.md`** — If verification revealed unmet requirements, update status
534
-
535
- ## Step 8: Auto-Invoke Complete-Milestone
536
-
537
- ```bash
538
- node scripts/gsd-t-watch-state.js advance --agent-id "$GSD_T_AGENT_ID" --parent-id "${GSD_T_PARENT_AGENT_ID:-null}" --command gsd-t-verify --step 8 --step-label "Auto-Invoke Complete-Milestone" 2>/dev/null || true
539
- ```
540
-
541
- **This step is MANDATORY and runs at ALL autonomy levels.** Completing a verified milestone is a mechanical operation (archive, tag, bump version, update docs). There is no decision that benefits from user review — the decision was made when verification passed.
542
-
543
- If status is VERIFY-FAILED:
544
- - Do NOT invoke complete-milestone
545
- - Report failures and stop
546
-
547
- If status is VERIFIED or VERIFIED-WITH-WARNINGS:
548
- 1. Log: "✅ Verify complete — spawning complete-milestone agent..."
549
-
550
- **OBSERVABILITY LOGGING (MANDATORY) — wrap the complete-milestone auto-invoke with `captureSpawn`:**
551
-
552
- 2. Spawn through `captureSpawn` — `spawnType: 'validation'`, model: sonnet, mode: bypassPermissions (always headless per headless-default-contract v2.0.0):
553
-
554
- ```
555
- node -e "
556
- const { captureSpawn } = require('./bin/gsd-t-token-capture.cjs');
557
- (async () => {
558
- await captureSpawn({
559
- command: 'gsd-t-verify',
560
- step: 'Step 8',
561
- model: 'sonnet',
562
- description: 'auto-complete-milestone',
563
- projectDir: '.',
564
- notes: 'auto-complete-milestone',
565
- spawnFn: async () => { /* Task subagent (spawnType: validation, model: sonnet, mode: bypassPermissions):
566
- 'Execute the complete-milestone phase of the current GSD-T milestone.
567
- Read and follow the full instructions in commands/gsd-t-complete-milestone.md
568
- (resolve from ~/.claude/commands/ if not in project).
569
- Read .gsd-t/progress.md for current milestone and state.
570
- Read CLAUDE.md for project conventions.
571
- Read .gsd-t/contracts/ for domain interfaces.
572
- Complete the phase fully:
573
- - Follow every step in the command file
574
- - Update .gsd-t/progress.md status when done
575
- - Run document ripple as specified
576
- - Commit your work
577
- Report back: one-line status summary.' */ },
578
- });
579
- })();
580
- "
581
- ```
582
-
583
- `captureSpawn` parses `result.usage` and writes the row to `.gsd-t/token-log.md` under the canonical header. Tokens column renders as `in=N out=N cr=N cc=N $X.XX` or `—`, never `N/A`.
584
-
585
- 3. Verify subagent result: Read `.gsd-t/progress.md` — confirm status is COMPLETED. If not, report the failure.
586
-
587
- **Why this is mandatory**: Without auto-completion, verified milestones remain in VERIFIED state indefinitely. Requirements stay unmarked, progress.md is stale, and future sessions cannot tell the work was done. This is the root cause of "GSD-T forgot it did this work" — the milestone was built and verified but never formally completed.
588
-
589
- **Why a subagent**: Complete-milestone is a 12-step process (gap analysis, archive, version bump, git tag, doc ripple). Verify is already heavy with 8+ quality gates. Spawning a fresh-context subagent avoids compaction risk — and complete-milestone loads everything it needs from files (progress.md, verify-report.md, contracts).
70
+ Verify is a quality gate — the work it inspects is already committed by execute/integrate. Verify itself adds:
590
71
 
591
- $ARGUMENTS
72
+ - `.gsd-t/progress.md` — verdict + summary line
73
+ - `.gsd-t/red-team-report.md` — Red Team findings (if any)
74
+ - `.gsd-t/qa-issues.md` — QA shallow tests + contract violations
592
75
 
593
- ## Auto-Clear
76
+ ## Next Up
594
77
 
595
- All work is committed to project files. Execute `/clear` to free the context window for the next command.
78
+ `/gsd-t-complete-milestone` (auto-invoked on `VERIFIED` / `VERIFIED-WITH-WARNINGS`).