@tekyzinc/gsd-t 3.29.11 → 4.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +146 -0
- package/bin/gsd-t-parallel.cjs +64 -13
- package/bin/gsd-t.js +48 -376
- package/bin/journey-coverage.cjs +6 -3
- package/bin/parallel-cli.cjs +13 -1
- package/commands/gsd-t-debug.md +47 -533
- package/commands/gsd-t-design-decompose.md +24 -497
- package/commands/gsd-t-doc-ripple.md +23 -139
- package/commands/gsd-t-execute.md +41 -958
- package/commands/gsd-t-help.md +0 -2
- package/commands/gsd-t-impact.md +26 -295
- package/commands/gsd-t-integrate.md +44 -369
- package/commands/gsd-t-milestone.md +25 -124
- package/commands/gsd-t-partition.md +28 -539
- package/commands/gsd-t-plan.md +26 -472
- package/commands/gsd-t-prd.md +25 -311
- package/commands/gsd-t-quick.md +1 -1
- package/commands/gsd-t-resume.md +0 -33
- package/commands/gsd-t-verify.md +52 -569
- package/commands/gsd-t-wave.md +41 -430
- package/package.json +1 -1
- package/scripts/gsd-t-calibration-hook.js +3 -1
- package/scripts/hooks/pre-commit-journey-coverage +0 -2
- package/scripts/hooks/pre-commit-playwright-gate +0 -2
- package/templates/CLAUDE-global.md +43 -173
- package/templates/CLAUDE-project.md +118 -104
- package/templates/prompts/design-verify-subagent.md +3 -0
- package/templates/prompts/qa-subagent.md +3 -0
- package/templates/prompts/red-team-subagent.md +5 -2
- package/templates/workflows/_lib.js +176 -0
- package/templates/workflows/gsd-t-debug.workflow.js +86 -0
- package/templates/workflows/gsd-t-execute.workflow.js +206 -0
- package/templates/workflows/gsd-t-integrate.workflow.js +71 -0
- package/templates/workflows/gsd-t-phase.workflow.js +94 -0
- package/templates/workflows/gsd-t-quick.workflow.js +72 -0
- package/templates/workflows/gsd-t-verify.workflow.js +348 -0
- package/templates/workflows/gsd-t-wave.workflow.js +43 -0
- package/bin/check-headless-sessions.js +0 -140
- package/bin/context-budget-audit.cjs +0 -447
- package/bin/context-meter-config.cjs +0 -101
- package/bin/context-meter-config.test.cjs +0 -101
- package/bin/event-stream.cjs +0 -205
- package/bin/gsd-t-benchmark-orchestrator.js +0 -437
- package/bin/gsd-t-capture-lint.cjs +0 -440
- package/bin/gsd-t-economics.cjs +0 -315
- package/bin/gsd-t-in-session-usage.cjs +0 -213
- package/bin/gsd-t-orchestrator-config.cjs +0 -161
- package/bin/gsd-t-orchestrator-queue.cjs +0 -180
- package/bin/gsd-t-orchestrator-recover.cjs +0 -231
- package/bin/gsd-t-orchestrator-worker.cjs +0 -219
- package/bin/gsd-t-orchestrator.js +0 -535
- package/bin/gsd-t-parallel-probe.cjs +0 -132
- package/bin/gsd-t-ratelimit-probe-worker.cjs +0 -237
- package/bin/gsd-t-ratelimit-probe.cjs +0 -648
- package/bin/gsd-t-report-tokens.cjs +0 -549
- package/bin/gsd-t-stream-feed-client.cjs +0 -151
- package/bin/gsd-t-token-backfill.cjs +0 -366
- package/bin/gsd-t-token-capture.cjs +0 -321
- package/bin/gsd-t-token-dashboard.cjs +0 -353
- package/bin/gsd-t-token-regenerate-log.cjs +0 -129
- package/bin/gsd-t-tool-attribution.cjs +0 -377
- package/bin/gsd-t-tool-cost.cjs +0 -195
- package/bin/gsd-t-transcript-tee.cjs +0 -246
- package/bin/gsd-t-unattended-heartbeat.cjs +0 -188
- package/bin/gsd-t-unattended-platform.cjs +0 -551
- package/bin/gsd-t-unattended-platform.js +0 -381
- package/bin/gsd-t-unattended-safety.cjs +0 -773
- package/bin/gsd-t-unattended-safety.js +0 -788
- package/bin/gsd-t-unattended.cjs +0 -2109
- package/bin/gsd-t-unattended.js +0 -1367
- package/bin/gsd-t-worker-dispatch.cjs +0 -211
- package/bin/handoff-lock.cjs +0 -249
- package/bin/handoff-lock.js +0 -249
- package/bin/headless-auto-spawn.cjs +0 -711
- package/bin/headless-auto-spawn.js +0 -373
- package/bin/headless-exit-codes.cjs +0 -67
- package/bin/live-activity-report.cjs +0 -615
- package/bin/log-tail.cjs +0 -81
- package/bin/m44-proof-measure.cjs +0 -285
- package/bin/m46-iter-proof.cjs +0 -149
- package/bin/m46-worker-proof.cjs +0 -201
- package/bin/m55-substrate-proof.cjs +0 -134
- package/bin/metrics-rollup.js +0 -200
- package/bin/model-windows.cjs +0 -99
- package/bin/model-windows.test.cjs +0 -75
- package/bin/parallelism-report.cjs +0 -535
- package/bin/runway-estimator.cjs +0 -242
- package/bin/spawn-plan-derive.cjs +0 -163
- package/bin/spawn-plan-status-updater.cjs +0 -292
- package/bin/spawn-plan-writer.cjs +0 -204
- package/bin/supervisor-pid-fingerprint.cjs +0 -126
- package/bin/token-budget.cjs +0 -265
- package/bin/unattended-watch-format.cjs +0 -178
- package/bin/watch-progress.js +0 -155
- package/commands/gsd-t-unattended-stop.md +0 -85
- package/commands/gsd-t-unattended-watch.md +0 -465
- package/commands/gsd-t-unattended.md +0 -476
- package/commands/gsd-t-visualize.md +0 -116
- package/scripts/gsd-t-context-meter.e2e.test.js +0 -364
- package/scripts/gsd-t-context-meter.js +0 -341
- package/scripts/gsd-t-context-meter.test.js +0 -471
- package/scripts/gsd-t-dashboard-server.js +0 -1203
- package/scripts/gsd-t-post-commit-spawn-plan.sh +0 -86
- package/scripts/gsd-t-transcript.html +0 -1821
- package/scripts/hooks/gsd-t-conversation-capture.js +0 -439
- package/scripts/hooks/gsd-t-in-session-usage-hook.js +0 -84
- package/scripts/spawn-plan-fmt-tokens.cjs +0 -80
- package/templates/hooks/post-commit-spawn-plan.sh +0 -85
|
@@ -201,14 +201,14 @@ If any are missing:
|
|
|
201
201
|
Playwright readiness is enforced by executable code, not prose. Three layers:
|
|
202
202
|
|
|
203
203
|
1. **Bootstrap library** — `bin/playwright-bootstrap.cjs` exports `hasPlaywright`, `detectPackageManager`, `installPlaywright`, `verifyPlaywrightHealth`. `bin/ui-detection.cjs` exports `hasUI`, `detectUIFlavor`. See `.gsd-t/contracts/playwright-bootstrap-contract.md`.
|
|
204
|
-
2. **
|
|
204
|
+
2. **Workflow-stage gate** — the verify/execute Workflow scripts call `playwright-bootstrap.cjs::installPlaywright()` before any E2E stage when `hasUI(projectDir)` AND `!hasPlaywright(projectDir)`. On install failure the stage halts with a structured `blocked-needs-human` result. (M61: replaced the retired `headless-auto-spawn.cjs` spawn-time gate — the Workflow runtime owns spawning now.)
|
|
205
205
|
3. **Commit-time gate** — `scripts/hooks/pre-commit-playwright-gate` (opt-in via `gsd-t doctor --install-hooks`) blocks commits that touch viewer/UI source files when Playwright tests have not passed since the most recent change. Reads `.gsd-t/.last-playwright-pass`; fails open on missing/corrupt timestamps.
|
|
206
206
|
|
|
207
207
|
Operator overrides:
|
|
208
208
|
- Manual install: `gsd-t setup-playwright [path]` (or `gsd-t doctor --install-playwright`).
|
|
209
209
|
- Health check: `gsd-t doctor` reports `playwright missing` for any UI project without `playwright.config.*`.
|
|
210
210
|
|
|
211
|
-
You no longer need to run a check yourself before testing commands — the
|
|
211
|
+
You no longer need to run a check yourself before testing commands — the Workflow stage runs the readiness gate before E2E.
|
|
212
212
|
|
|
213
213
|
### Playwright Cleanup
|
|
214
214
|
|
|
@@ -290,213 +290,83 @@ Three built-in adapters: `localStorage-key-prefix`, `file-json-array`, `sqlite-t
|
|
|
290
290
|
|
|
291
291
|
After the E2E suite, `gsd-t-verify` Step 4.5 runs `gsd-t test-data --purge --run "$GSD_T_VERIFY_RUN_ID"`. If any adapter throws or refuses, verify FAILs the gate (block-promotion semantics — equivalent to a failing CI-Parity Gate). Contract: `.gsd-t/contracts/test-data-ledger-contract.md` v1.0.0 STABLE.
|
|
292
292
|
|
|
293
|
-
##
|
|
293
|
+
## Orthogonal Validation Triad (Mandatory)
|
|
294
294
|
|
|
295
|
-
Every code-producing
|
|
296
|
-
Protocol: `templates/prompts/qa-subagent.md`. Contract: `.gsd-t/contracts/qa-agent-contract.md`.
|
|
295
|
+
Every code-producing phase ends with `gsd-t-verify.workflow.js`, which runs three orthogonal validators as `parallel()` `agent()` stages with schema-validated output. Per `.gsd-t/contracts/orthogonal-validation-contract.md` v1.0.0 STABLE, they are declared orthogonal objective functions — no collapse, no substitution, no transitive trust.
|
|
297
296
|
|
|
298
|
-
|
|
297
|
+
- **`/code-review ultra`** — cooperative correctness + cleanup. Severity: `important` / `nit` / `pre-existing`. Skippable via `args.skipUltra=true` + `args.skipUltraReason`. `skipUltra=true` is INELIGIBLE for `VERIFIED`.
|
|
298
|
+
- **Red Team** — adversarial / security / boundaries. Non-skippable. Protocol: `templates/prompts/red-team-subagent.md`. Verdict: `FAIL` (any CRITICAL or HIGH bug — blocks completion) or `GRUDGING-PASS` (exhaustive search, nothing found). CRITICAL/HIGH bugs get up to 2 fix cycles before deferral. Runs on `model: "opus"`.
|
|
299
|
+
- **QA** — test execution + shallow-test detection + contract compliance. Non-skippable. Protocol: `templates/prompts/qa-subagent.md`. Writes ZERO feature code. Any shallow E2E test blocks phase completion. Runs on `model: "sonnet"`.
|
|
299
300
|
|
|
300
|
-
When `.gsd-t/contracts/design-contract.md` or `.gsd-t/contracts/design/` exists, a
|
|
301
|
-
Protocol: `templates/prompts/design-verify-subagent.md`.
|
|
301
|
+
When `.gsd-t/contracts/design-contract.md` or `.gsd-t/contracts/design/` exists, a fourth stage runs Design Verification (protocol: `templates/prompts/design-verify-subagent.md`) — opens a browser, compares the build against the design, returns a structured element-by-element MATCH/DEVIATION schema. Deviations block completion.
|
|
302
302
|
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
After QA + Design Verification pass, every code-producing command spawns an adversarial subagent whose success is measured by bugs found, not tests passed. VERDICT is `FAIL` (bugs — blocks completion) or `GRUDGING PASS` (exhaustive search, nothing found). CRITICAL/HIGH bugs get up to 2 fix cycles before deferral.
|
|
306
|
-
Protocol: `templates/prompts/red-team-subagent.md`.
|
|
303
|
+
Synthesis stage merges results without category collapse. Verdict: `VERIFIED` / `VERIFIED-WITH-WARNINGS` / `VERIFY-FAILED`.
|
|
307
304
|
|
|
308
305
|
## Model Display (MANDATORY)
|
|
309
306
|
|
|
310
|
-
**
|
|
311
|
-
`⚙ [{model}] {command} → {brief description}` (e.g., `⚙ [sonnet] gsd-t-execute → domain: auth-service`, `⚙ [haiku] gsd-t-execute → QA validation`)
|
|
312
|
-
|
|
313
|
-
This gives the user real-time visibility into which model is handling each operation.
|
|
307
|
+
**Each Workflow `agent()` call declares its model explicitly** via the `model:` option (`"haiku"` / `"sonnet"` / `"opus"`). The Workflow runtime emits a `⚙ [{model}] {label}` line per stage in `/workflows`, giving the user real-time visibility into which model handles each operation.
|
|
314
308
|
|
|
315
309
|
**Model assignments:**
|
|
316
|
-
- `model: haiku` — strictly mechanical tasks: run test suites and report counts, check file existence, validate JSON structure, branch guard checks
|
|
317
|
-
- `model: sonnet` — mid-tier reasoning: routine code changes, standard refactors, test writing, QA evaluation, straightforward synthesis
|
|
318
|
-
- `model: opus` — high-stakes reasoning: architecture decisions, security analysis, complex debugging, cross-module refactors, Red Team adversarial QA, quality judgment on critical paths
|
|
319
|
-
|
|
320
|
-
**Context Meter (M34/M38, v3.12.10+)** — The real context-window measurement feeding the headless-default spawn decision. A PostToolUse hook (`scripts/gsd-t-context-meter.js`) runs after every tool call, uses local token estimation to write the current input-token count into `.gsd-t/.context-meter-state.json`. `getSessionStatus()` reads that state file (fresh window = 5 minutes) with a historical heuristic fallback when the file is missing or stale. Command files consume the signal via a small bash shim (`CTX_PCT=$(node -e "…tb.getSessionStatus('.').pct")`). **Single-band model** (context-meter-contract v1.3.0): there's one threshold (default 85%) and one action — hand off to a detached headless spawn. No three-band routing, no silent downgrades, no MANDATORY STOP prose. The meter exists to inform spawn-time routing, not to pause work in-flight.
|
|
321
|
-
|
|
322
|
-
## In-Session Conversation Capture (M45 D2)
|
|
323
|
-
|
|
324
|
-
The orchestrator session's user↔assistant dialog is captured into
|
|
325
|
-
`.gsd-t/transcripts/in-session-{sessionId}.ndjson` via a dedicated hook
|
|
326
|
-
script (`scripts/hooks/gsd-t-conversation-capture.js`). The viewer's left
|
|
327
|
-
rail labels these entries `💬 conversation` (front-end-only discriminator
|
|
328
|
-
— the `in-session-` filename prefix is the contract).
|
|
329
|
-
|
|
330
|
-
This hook captures **content** (user prompts + assistant replies). It is
|
|
331
|
-
complementary to `scripts/hooks/gsd-t-in-session-usage-hook.js` (M43 D1),
|
|
332
|
-
which captures per-turn **token usage** into
|
|
333
|
-
`.gsd-t/metrics/token-usage.jsonl`. Both hooks coexist on the same events.
|
|
334
|
-
|
|
335
|
-
**Install block** (append to `~/.claude/settings.json` alongside the existing
|
|
336
|
-
context-meter, version-check, compact-detector, and in-session-usage hooks):
|
|
337
|
-
|
|
338
|
-
```json
|
|
339
|
-
{
|
|
340
|
-
"hooks": {
|
|
341
|
-
"SessionStart": [
|
|
342
|
-
{ "matcher": "",
|
|
343
|
-
"hooks": [{ "type": "command",
|
|
344
|
-
"command": "node \"$HOME/.claude/scripts/hooks/gsd-t-conversation-capture.js\"",
|
|
345
|
-
"async": true }] }
|
|
346
|
-
],
|
|
347
|
-
"UserPromptSubmit": [
|
|
348
|
-
{ "matcher": "",
|
|
349
|
-
"hooks": [{ "type": "command",
|
|
350
|
-
"command": "node \"$HOME/.claude/scripts/hooks/gsd-t-conversation-capture.js\"",
|
|
351
|
-
"async": true }] }
|
|
352
|
-
],
|
|
353
|
-
"Stop": [
|
|
354
|
-
{ "matcher": "",
|
|
355
|
-
"hooks": [{ "type": "command",
|
|
356
|
-
"command": "node \"$HOME/.claude/scripts/hooks/gsd-t-conversation-capture.js\"",
|
|
357
|
-
"async": true }] }
|
|
358
|
-
],
|
|
359
|
-
"PostToolUse": [
|
|
360
|
-
{ "matcher": "",
|
|
361
|
-
"hooks": [{ "type": "command",
|
|
362
|
-
"command": "GSD_T_CAPTURE_TOOL_USES=1 node \"$HOME/.claude/scripts/hooks/gsd-t-conversation-capture.js\"",
|
|
363
|
-
"async": true }] }
|
|
364
|
-
]
|
|
365
|
-
}
|
|
366
|
-
}
|
|
367
|
-
```
|
|
368
|
-
|
|
369
|
-
The `PostToolUse` entry is **opt-in** via `GSD_T_CAPTURE_TOOL_USES=1`. Leave it
|
|
370
|
-
unset unless you want per-tool frames in the NDJSON (full tool payloads are
|
|
371
|
-
already recorded in `events/*.jsonl`).
|
|
372
|
-
|
|
373
|
-
Contract: `.gsd-t/contracts/conversation-capture-contract.md` v1.0.0. Frame
|
|
374
|
-
schema, file-naming, and session-id resolution rules are locked there.
|
|
310
|
+
- `model: "haiku"` — strictly mechanical tasks: run test suites and report counts, check file existence, validate JSON structure, branch guard checks
|
|
311
|
+
- `model: "sonnet"` — mid-tier reasoning: routine code changes, standard refactors, test writing, QA evaluation, straightforward synthesis
|
|
312
|
+
- `model: "opus"` — high-stakes reasoning: architecture decisions, security analysis, complex debugging, cross-module refactors, Red Team adversarial QA, quality judgment on critical paths
|
|
375
313
|
|
|
376
|
-
|
|
314
|
+
**Context budget:** Workflow scripts receive a `budget` global (`budget.total`, `budget.spent()`, `budget.remaining()`) tied to the user's per-turn token target. Use it for dynamic loops (`while (budget.total && budget.remaining() > 50_000) { ... }`) or to scale fleet size. Opus 4.7/4.8 ship 1M context windows; the legacy meter at `bin/token-budget.cjs` was retired in M61 — use native `/context` for live in-session usage.
|
|
377
315
|
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
### Pattern A — wrap a spawn callable with `captureSpawn`
|
|
381
|
-
|
|
382
|
-
Preferred for new spawn sites. The wrapper owns the before/after timing, model banner, envelope parse, row write, and JSONL record.
|
|
383
|
-
|
|
384
|
-
```
|
|
385
|
-
node -e "
|
|
386
|
-
const { captureSpawn } = require('./bin/gsd-t-token-capture.cjs');
|
|
387
|
-
(async () => {
|
|
388
|
-
await captureSpawn({
|
|
389
|
-
command: 'gsd-t-execute',
|
|
390
|
-
step: 'Step 4',
|
|
391
|
-
model: 'sonnet',
|
|
392
|
-
description: 'domain: auth-service',
|
|
393
|
-
projectDir: '.',
|
|
394
|
-
domain: 'auth-service',
|
|
395
|
-
task: 'T-3',
|
|
396
|
-
spawnFn: async () => { /* actual Task(...) or spawn('claude', ...) call */ },
|
|
397
|
-
});
|
|
398
|
-
})();
|
|
399
|
-
"
|
|
400
|
-
```
|
|
316
|
+
## Desktop as Cockpit (M61 SC7 — v4.0.10+)
|
|
401
317
|
|
|
402
|
-
|
|
318
|
+
Routine GSD-T actions (milestone → partition → plan → execute → verify → deliver) run from the Claude Code desktop app via Workflows + Skills. CLI residue is intentional and limited to: (a) background hooks the harness fires automatically, (b) jobs that must outlive the desktop session. No routine build / rebuild / debug / deliver action should require terminal keystrokes.
|
|
403
319
|
|
|
404
|
-
|
|
320
|
+
## GSD-T Workflows (M61 — v4.0.10+)
|
|
405
321
|
|
|
406
|
-
|
|
407
|
-
node -e "
|
|
408
|
-
const { recordSpawnRow } = require('./bin/gsd-t-token-capture.cjs');
|
|
409
|
-
recordSpawnRow({
|
|
410
|
-
projectDir: '.',
|
|
411
|
-
command: 'gsd-t-verify',
|
|
412
|
-
step: 'Step 4',
|
|
413
|
-
model: 'haiku',
|
|
414
|
-
startedAt: '2026-04-21 10:00',
|
|
415
|
-
endedAt: '2026-04-21 10:02',
|
|
416
|
-
usage: result.usage, // may be undefined — wrapper handles with '—'
|
|
417
|
-
domain: '-', task: '-',
|
|
418
|
-
ctxPct: 42,
|
|
419
|
-
notes: 'test audit + contract review',
|
|
420
|
-
});
|
|
421
|
-
"
|
|
422
|
-
```
|
|
322
|
+
GSD-T workflows live at `templates/workflows/`. Each workflow is a self-contained native Workflow script that handles one phase of the GSD-T lifecycle. Command files (`commands/gsd-t-*.md`) are thin invokers that call `Workflow({scriptPath, args})`.
|
|
423
323
|
|
|
424
|
-
|
|
324
|
+
Canonical scripts:
|
|
325
|
+
- `gsd-t-execute.workflow.js` — preflight → brief → file-disjointness → parallel(domain workers) → integrate → verify-gate
|
|
326
|
+
- `gsd-t-verify.workflow.js` — preflight → verify-gate → M57 CI-parity → M58 test-data purge → parallel(/code-review ultra ∥ Red Team ∥ QA) → synthesis
|
|
327
|
+
- `gsd-t-wave.workflow.js` — composes execute + verify as sub-workflows
|
|
328
|
+
- `gsd-t-integrate.workflow.js` — cross-domain wire-up + light verify-gate
|
|
329
|
+
- `gsd-t-debug.workflow.js` — 2-cycle diagnose/fix/verify (CLAUDE.md Prime Rule)
|
|
330
|
+
- `gsd-t-quick.workflow.js` — preflight + brief + single-task + verify-gate (M56-D4)
|
|
331
|
+
- `gsd-t-phase.workflow.js` — generic upper-stage runner (partition / plan / discuss / impact / milestone / prd / design-decompose / doc-ripple)
|
|
425
332
|
|
|
426
|
-
|
|
427
|
-
| Datetime-start | Datetime-end | Command | Step | Model | Duration(s) | Tokens | Notes | Domain | Task | Ctx% |
|
|
428
|
-
```
|
|
333
|
+
Shared helpers: `templates/workflows/_lib.js` — `runPreflight`, `generateBrief`, `proveFileDisjointness`, `runVerifyGate`, `loadProtocol`, `readDomainTasks`, `readScope`. Each prefers project-local `bin/<tool>.cjs` and falls back to global `gsd-t` PATH binary (preserves M55-D5 project-local-bin invariant).
|
|
429
334
|
|
|
430
|
-
|
|
335
|
+
## Preflight Gate (KEPT from M55)
|
|
431
336
|
|
|
432
|
-
|
|
433
|
-
```
|
|
434
|
-
| Date | Command | Step | Model | Duration(s) | Severity | Finding |
|
|
435
|
-
```
|
|
436
|
-
|
|
437
|
-
## Token Capture Rule (MANDATORY)
|
|
438
|
-
|
|
439
|
-
Every `Task(...)` subagent spawn, every `claude -p` child process, and every `spawn('claude', ...)` call MUST flow through `bin/gsd-t-token-capture.cjs`. Either wrap with `captureSpawn({..., spawnFn})` or record explicitly with `recordSpawnRow({...})` after the call returns.
|
|
440
|
-
|
|
441
|
-
No command file ships a bare `Task(...)` or `claude -p` line outside of a wrapper call. `gsd-t capture-lint` (D5) enforces this mechanically; violations fail the opt-in pre-commit hook.
|
|
442
|
-
|
|
443
|
-
Rationale: the pre-M41 convention silently wrote `N/A` tokens because no caller parsed the `usage` envelope. The wrapper is the single place that parses it. Bypassing the wrapper re-introduces blind spots.
|
|
444
|
-
|
|
445
|
-
## Mandatory Preflight Before Spawn (M55 — v3.25.10+)
|
|
446
|
-
|
|
447
|
-
Every command that spawns a Task subagent or invokes `claude -p` MUST run `gsd-t preflight` first. Hard-fails on any `severity:"error"` check (wrong branch, occupied required port). Non-error checks (warn/info) record but do not block.
|
|
448
|
-
|
|
449
|
-
```bash
|
|
450
|
-
gsd-t preflight --json > /tmp/gsd-t-preflight.json || exit 4
|
|
451
|
-
```
|
|
452
|
-
|
|
453
|
-
Catches drift early — wrong branch, port collision, DRAFT contracts past PARTITIONED — before any LLM work fires. Same envelope is consumed by `gsd-t verify-gate` Track 1, so failing fast at execute time saves the verify round-trip.
|
|
337
|
+
Every Workflow script begins with `lib.runPreflight({projectDir})`. Hard-fails on any `severity:"error"` check (wrong branch, occupied required port). Non-error checks record but do not block. Same envelope feeds `verify-gate` Track 1.
|
|
454
338
|
|
|
455
339
|
Library: `bin/cli-preflight.cjs::runPreflight({projectDir, checks?})`.
|
|
456
340
|
Contract: `.gsd-t/contracts/cli-preflight-contract.md` v1.0.0 STABLE.
|
|
457
341
|
|
|
458
|
-
## Brief-First Worker Rule (M55
|
|
342
|
+
## Brief-First Worker Rule (KEPT from M55, REFRAMED for M61)
|
|
459
343
|
|
|
460
|
-
Every
|
|
344
|
+
Every Workflow `agent()` call threads `$BRIEF_PATH` — a ≤2,500-token JSON snapshot generated by `bin/gsd-t-context-brief.cjs`. Workers grep the brief instead of re-walking the repo. `execute.workflow.js` generates a per-domain brief inside the `parallel()` map (M55-D2 brief-per-spawn semantic).
|
|
461
345
|
|
|
462
|
-
|
|
463
|
-
SPAWN_ID="execute-${DOMAIN}-$(date -u +%Y%m%dT%H%M%SZ)"
|
|
464
|
-
gsd-t brief --kind execute --domain "${DOMAIN}" --spawn-id "${SPAWN_ID}" --out ".gsd-t/briefs/${SPAWN_ID}.json"
|
|
465
|
-
export BRIEF_PATH=".gsd-t/briefs/${SPAWN_ID}.json"
|
|
466
|
-
```
|
|
467
|
-
|
|
468
|
-
The 3 validation-subagent protocols (`templates/prompts/{qa,red-team,design-verify}-subagent.md`) carry the canonical instruction "If you're about to grep, read, or run a test, check the brief first at `$BRIEF_PATH`." Workers grep the brief instead of re-walking the repo.
|
|
346
|
+
The 3 validation-subagent protocols (`templates/prompts/{qa,red-team,design-verify}-subagent.md`) carry the canonical instruction "If you're about to grep, read, or run a test, check the brief first at `$BRIEF_PATH`."
|
|
469
347
|
|
|
470
348
|
`.gsd-t/briefs/` is gitignored — briefs are per-spawn ephemera, not committed artifacts.
|
|
471
349
|
|
|
472
350
|
Library: `bin/gsd-t-context-brief.cjs::generateBrief(...)`.
|
|
473
351
|
Contract: `.gsd-t/contracts/context-brief-contract.md` v1.0.0 STABLE.
|
|
474
352
|
|
|
475
|
-
##
|
|
353
|
+
## Verify-Gate + Orthogonal Validation Triad (M61 v4.0.10+)
|
|
476
354
|
|
|
477
|
-
`gsd-t verify-gate --json`
|
|
355
|
+
`gsd-t verify-gate --json` runs as a deterministic stage inside `gsd-t-verify.workflow.js`. Track 1 = preflight envelope. Track 2 = parallel-CLI substrate (`tsc`, `biome`/`ruff`, `npm test`, `knip`, `gitleaks`, `scc`/`lizard`). Both tracks always run; non-zero exit halts before the orthogonal triad.
|
|
478
356
|
|
|
479
|
-
|
|
480
|
-
gsd-t
|
|
481
|
-
|
|
482
|
-
```
|
|
357
|
+
After verify-gate, `verify.workflow.js` runs two FAIL-blocking gates inherited from M57 + M58:
|
|
358
|
+
- M57 CI-Parity: `gsd-t build-coverage` + `gsd-t ci-parity` (origin TimeTracking v1.10.12 Dockerfile incident)
|
|
359
|
+
- M58 Test-Data Purge: `gsd-t test-data --purge --run <id>` (origin GSD-T-Board v0.1.10 2442 E2E orphans incident)
|
|
483
360
|
|
|
484
|
-
|
|
361
|
+
Then the orthogonal validation triad runs as `parallel()` `agent()` stages per `.gsd-t/contracts/orthogonal-validation-contract.md` v1.0.0 STABLE:
|
|
362
|
+
- `/code-review ultra` — cooperative correctness + cleanup (skippable; requires `skipUltraReason`)
|
|
363
|
+
- Red Team — adversarial / security / boundaries (non-skippable; verdict `FAIL` / `GRUDGING-PASS`)
|
|
364
|
+
- QA — test mechanics + shallow-test detection + contract compliance (non-skippable)
|
|
485
365
|
|
|
486
|
-
|
|
366
|
+
Synthesis stage merges results WITHOUT collapsing categories. Verdict: `VERIFIED` / `VERIFIED-WITH-WARNINGS` / `VERIFY-FAILED`. `skipUltra=true` is INELIGIBLE for `VERIFIED`.
|
|
487
367
|
|
|
488
368
|
Library: `bin/gsd-t-verify-gate.cjs::runVerifyGate(...)` + `bin/gsd-t-verify-gate-judge.cjs::buildJudgePrompt(...)`.
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
## Always-Headless Spawn (M43 D4, v3.16.x+) — Channel Separation
|
|
492
|
-
|
|
493
|
-
Every GSD-T command spawns detached, unconditionally. There is no `--watch`, no `--in-session`, no `--headless` opt-in, no context-meter threshold that reroutes, no low-water-mark bypass. The dialog channel is reserved for human↔Claude conversation; everything else is a detached headless child. Interactive session shows a launch banner + live-transcript URL + event-stream path, then exits. Results surface via the read-back banner on the user's next message.
|
|
494
|
-
|
|
495
|
-
The only in-session surface is the `/gsd` router (`commands/gsd.md`), and only for dialog-only exploratory turns. The moment Step 2.5 classifies a turn as `workflow`, the router hands off to a detached spawn.
|
|
496
|
-
|
|
497
|
-
Legacy `watch` / `inSession` params are accepted-and-ignored with a one-shot stderr deprecation warning (scheduled removal in v3.0.0 of the contract). `shouldSpawnHeadless` is a constant `() => true`.
|
|
498
|
-
|
|
499
|
-
Contract: `.gsd-t/contracts/headless-default-contract.md` v2.0.0 (see also `unattended-event-stream-contract.md`, `unattended-supervisor-contract.md`).
|
|
369
|
+
Contracts: `verify-gate-contract.md` v1.0.0 STABLE + `orthogonal-validation-contract.md` v1.0.0 STABLE.
|
|
500
370
|
|
|
501
371
|
## API Documentation Guard (Swagger/OpenAPI)
|
|
502
372
|
|
|
@@ -1,113 +1,127 @@
|
|
|
1
|
-
#
|
|
1
|
+
# GSD-T Framework (@tekyzinc/gsd-t)
|
|
2
|
+
|
|
3
|
+
Prime Directives, core guards, and workflow rules live in `~/.claude/CLAUDE.md`. This file covers what's specific to this repo.
|
|
2
4
|
|
|
3
5
|
## Overview
|
|
4
|
-
|
|
6
|
+
|
|
7
|
+
Contract-driven development methodology for Claude Code. npm package providing slash commands, a CLI installer, templates, and stack rules for reliable parallelizable AI-assisted development.
|
|
5
8
|
|
|
6
9
|
## Autonomy Level
|
|
7
|
-
|
|
8
|
-
|
|
10
|
+
|
|
11
|
+
> Overrides global: pins the default from `~/.claude/CLAUDE.md` § Autonomy Levels.
|
|
12
|
+
|
|
13
|
+
**Level 3 — Full Auto**. Only pause for blockers, destructive actions, or project completion.
|
|
9
14
|
|
|
10
15
|
## Tech Stack
|
|
11
|
-
|
|
12
|
-
- **
|
|
13
|
-
- **
|
|
14
|
-
- **
|
|
15
|
-
- **Testing**:
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
-
|
|
21
|
-
-
|
|
22
|
-
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
-
|
|
83
|
-
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
16
|
+
|
|
17
|
+
- **Language**: JavaScript (Node.js >= 16), zero external runtime deps for the installer
|
|
18
|
+
- **Distribution**: npm package `@tekyzinc/gsd-t`
|
|
19
|
+
- **CLI**: `bin/gsd-t.js` (install, update, init, status, uninstall, doctor, graph, headless, …)
|
|
20
|
+
- **Testing**: `npm test` (Node built-in test runner) + manual CLI testing
|
|
21
|
+
|
|
22
|
+
## Project Structure
|
|
23
|
+
|
|
24
|
+
```
|
|
25
|
+
bin/ — CLI entry (gsd-t.js) + orchestrators (orchestrator.js, design-orchestrator.js)
|
|
26
|
+
+ support modules (gsd-t-context-brief.cjs, cli-preflight.cjs, gsd-t-verify-gate.cjs, model-selector.js, …)
|
|
27
|
+
commands/ — slash commands for Claude Code (GSD-T workflow + utility)
|
|
28
|
+
templates/ — document + prompt + stack templates
|
|
29
|
+
CLAUDE-{global,project}.md, requirements.md, architecture.md, workflows.md,
|
|
30
|
+
infrastructure.md, progress.md, backlog.md, backlog-settings.md, design-contract.md
|
|
31
|
+
prompts/ — validation subagent protocols (qa, red-team, design-verify)
|
|
32
|
+
stacks/ — Stack Rules Engine templates (injected at spawn time)
|
|
33
|
+
scripts/ — runtime scripts (design review, context meter hook, event writer)
|
|
34
|
+
examples/ — example project structure + settings
|
|
35
|
+
docs/methodology.md — GSD → GSD-T evolution and concepts
|
|
36
|
+
package.json, README.md, GSD-T-README.md, CHANGELOG.md
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
Exact command list: `ls commands/`. Exact stack rule set: `ls templates/stacks/`. Don't hand-maintain counts in docs.
|
|
40
|
+
|
|
41
|
+
## Meta-Project Notes
|
|
42
|
+
|
|
43
|
+
- The "source" is the `.md` files in `commands/` + `templates/` and the JS in `bin/` + `scripts/`. There is no `src/`.
|
|
44
|
+
- Changes to command files change the methodology itself — treat them as code; verify by running the workflow.
|
|
45
|
+
- The `.gsd-t/` state dir coexists with the commands that *define* `.gsd-t/` — intentional.
|
|
46
|
+
- `bin/gsd-t.js` is the primary testable surface; command files are validated by use.
|
|
47
|
+
|
|
48
|
+
## Conventions
|
|
49
|
+
|
|
50
|
+
**CLI** — ANSI colors via escape codes, zero external deps, sync file APIs, version tracked in `package.json` and `~/.claude/.gsd-t-version`.
|
|
51
|
+
|
|
52
|
+
**Command files** — pure markdown, no frontmatter, accept `$ARGUMENTS`, step-numbered, thin Workflow invokers (`Workflow({scriptPath, args})`). Include a Document Ripple section listing files the underlying Workflow expects domain workers to update. Validation protocol bodies stay in `templates/prompts/*-subagent.md`; Workflow scripts load them via `_lib.loadProtocol(name)`. Don't inline the protocol.
|
|
53
|
+
|
|
54
|
+
**Templates** — `{Project Name}`, `{Date}`, `{description}` replacement tokens; tables for structured data.
|
|
55
|
+
|
|
56
|
+
**Directory structure** — `.gsd-t/contracts/` (domain interfaces), `.gsd-t/domains/{name}/` (scope/tasks/constraints), `.gsd-t/milestones/` (archives), `.gsd-t/scan/` (analysis outputs).
|
|
57
|
+
|
|
58
|
+
**Publishing** — after `npm publish`, ALWAYS run `/gsd-t-version-update-all` to propagate to registered projects.
|
|
59
|
+
|
|
60
|
+
## GSD-T Workflows (M61 — v4.0.10+)
|
|
61
|
+
|
|
62
|
+
Phase orchestration lives in `templates/workflows/`. Each command file (`commands/gsd-t-*.md`) is a thin invoker that calls `Workflow({scriptPath, args})`. Canonical scripts:
|
|
63
|
+
|
|
64
|
+
- `gsd-t-execute.workflow.js` — preflight → brief → file-disjointness → parallel(domain workers) → integrate → verify-gate
|
|
65
|
+
- `gsd-t-verify.workflow.js` — orthogonal triad with M57 CI-parity + M58 test-data purge as FAIL-blocking gates
|
|
66
|
+
- `gsd-t-wave.workflow.js`, `-integrate`, `-debug`, `-quick`, `-phase` (generic upper-stage runner)
|
|
67
|
+
|
|
68
|
+
Shared helpers: `templates/workflows/_lib.js`. Each helper prefers project-local `bin/<tool>.cjs` and falls back to global `gsd-t` PATH binary.
|
|
69
|
+
|
|
70
|
+
The brains stay in `bin/`: `gsd-t-file-disjointness.cjs`, `gsd-t-task-graph.cjs`, `gsd-t-context-brief.cjs`, `cli-preflight.cjs`, `gsd-t-verify-gate.cjs`, `gsd-t-verify-gate-judge.cjs`, `gsd-t-build-coverage.cjs`, `gsd-t-ci-parity.cjs`, `gsd-t-test-data-ledger.cjs`, `journey-coverage.cjs`. Workflows invoke them via `lib.*` helpers.
|
|
71
|
+
|
|
72
|
+
## Validation Protocols (KEPT — methodology layer)
|
|
73
|
+
|
|
74
|
+
Three validation protocol bodies stay at `templates/prompts/`:
|
|
75
|
+
- `qa-subagent.md` — test mechanics + shallow-test detection + contract compliance
|
|
76
|
+
- `red-team-subagent.md` — adversarial / security / boundaries; verdict `FAIL` / `GRUDGING-PASS`
|
|
77
|
+
- `design-verify-subagent.md` — visual MATCH/DEVIATION against the design contract
|
|
78
|
+
|
|
79
|
+
These are invoked as Workflow `agent()` stages with schema-validated output. The methodology body is unchanged; only the invocation context (Workflow stage vs. Task subagent) updated. Per `.gsd-t/contracts/orthogonal-validation-contract.md` v1.0.0 STABLE.
|
|
80
|
+
|
|
81
|
+
|
|
82
|
+
# Destructive Action Guard (MANDATORY)
|
|
83
|
+
|
|
84
|
+
**NEVER perform destructive or structural changes without explicit user approval.** This applies at ALL autonomy levels.
|
|
85
|
+
|
|
86
|
+
Before any of these actions, STOP and ask the user:
|
|
87
|
+
- DROP TABLE, DROP COLUMN, DROP INDEX, TRUNCATE, DELETE without WHERE
|
|
88
|
+
- Renaming or removing database tables or columns
|
|
89
|
+
- Schema migrations that lose data or break existing queries
|
|
90
|
+
- Replacing an existing architecture pattern (e.g., normalized → denormalized)
|
|
91
|
+
- Removing or replacing existing files/modules that contain working functionality
|
|
92
|
+
- Changing ORM models in ways that conflict with the existing database schema
|
|
93
|
+
- Removing API endpoints or changing response shapes that existing clients depend on
|
|
94
|
+
- Any change that would require other parts of the system to be rewritten
|
|
95
|
+
|
|
96
|
+
**Rule: "Adapt new code to existing structures, not the other way around."**
|
|
97
|
+
|
|
98
|
+
## Pre-Commit Gate (project-specific additions)
|
|
99
|
+
|
|
100
|
+
The global gate applies first (see `~/.claude/CLAUDE.md`). Additionally for this repo:
|
|
101
|
+
|
|
102
|
+
- **Command file interface/behavior changed** → update `GSD-T-README.md` + `README.md` commands table + `templates/CLAUDE-global.md` + `commands/gsd-t-help.md`.
|
|
103
|
+
- **Command added/removed** → update all 4 files above, bump `package.json`, update any command-counting logic in `bin/gsd-t.js`.
|
|
104
|
+
- **New command invokes a Workflow** → verify `scriptPath` resolves to `templates/workflows/<name>.workflow.js` and `args` shape matches the script's `meta.phases`.
|
|
105
|
+
- **CLI installer changed** → smoke test `install`, `update`, `status`, `doctor`, `init`, `uninstall`.
|
|
106
|
+
- **Template changed** → verify `gsd-t-init` still produces correct output.
|
|
107
|
+
- **Wave flow changed (phases added/removed/reordered)** → update `gsd-t-wave.md`, `GSD-T-README.md` wave diagram, `README.md` workflow section.
|
|
108
|
+
- **Contract or domain boundary changed** → update `.gsd-t/contracts/` and owning `scope.md`.
|
|
109
|
+
|
|
110
|
+
## Don't
|
|
111
|
+
|
|
112
|
+
- NEVER add external npm runtime dependencies to the installer — zero-dep invariant.
|
|
113
|
+
- NEVER rename a command without updating all 4 reference files above.
|
|
114
|
+
- NEVER modify wave phase sequence without updating wave, README, GSD-T-README in the same commit.
|
|
115
|
+
- NEVER let installer's command count diverge from `commands/` directory reality.
|
|
116
|
+
- NEVER inline validation-subagent protocol bodies into Workflow scripts — `_lib.loadProtocol("qa"|"red-team"|"design-verify")` reads the methodology body from `templates/prompts/`.
|
|
117
|
+
|
|
118
|
+
## Recovery After Interruption
|
|
119
|
+
|
|
120
|
+
1. Read `.gsd-t/progress.md`
|
|
121
|
+
2. Read `README.md` for what the package delivers
|
|
122
|
+
3. Check `commands/` and `package.json` for current state
|
|
123
|
+
4. Continue from current task; don't restart the phase
|
|
106
124
|
|
|
107
125
|
## Current Status
|
|
108
|
-
See `.gsd-t/progress.md` for current milestone/phase state.
|
|
109
126
|
|
|
110
|
-
|
|
111
|
-
- **Production**: {url}
|
|
112
|
-
- **Staging**: {url}
|
|
113
|
-
- **Local**: http://localhost:{port}
|
|
127
|
+
See `.gsd-t/progress.md`.
|
|
@@ -4,6 +4,9 @@ You are the Design Verification Agent. Your ONLY job is to visually compare the
|
|
|
4
4
|
|
|
5
5
|
**FAIL-BY-DEFAULT.** Every visual element starts UNVERIFIED. You must prove each one matches — never assume. "Looks close" is not a verdict. "Appears to match" is not a verdict. The only valid verdicts are `✅ MATCH` (with proof) or `❌ DEVIATION` (with specific values).
|
|
6
6
|
|
|
7
|
+
<!-- M61 D7-T3: Workflow-stage invocation -->
|
|
8
|
+
**Invocation context.** When this protocol runs as a native Workflow `agent()` stage, your **final emission MUST be a single StructuredOutput object** matching the design-verification schema. Bash/git/Read/screenshot tool use is permitted DURING the audit; the final emission is the JSON envelope with one entry per design element + overall verdict. When this protocol runs from a Task subagent (legacy path), the deliverable is the markdown comparison table. Same methodology; different envelope.
|
|
9
|
+
|
|
7
10
|
<!-- M55-D5: brief-first rule -->
|
|
8
11
|
**Brief first.** If you're about to grep, read, or run a test, check the brief first at `$BRIEF_PATH` (a ≤2,500-token JSON snapshot of design contracts + scope + design tokens + relevant component paths, generated by `bin/gsd-t-context-brief.cjs --kind design-verify`). The brief lists the design contracts, design-token files, and component paths in scope for this verification — your starting checklist. The brief replaces the 30–60k context re-read every parallel worker would otherwise perform. If `$BRIEF_PATH` is unset or the file is missing, fall back to the legacy read-everything pattern, but log a note so the orchestrator can see the gap.
|
|
9
12
|
|
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
You are the QA agent. Your sole job is test generation, execution, and gap reporting. You write ZERO feature code. You never modify implementation files — only test files and reports.
|
|
4
4
|
|
|
5
|
+
<!-- M61 D7-T3: Workflow-stage invocation -->
|
|
6
|
+
**Invocation context.** When this protocol runs as a native Workflow `agent()` stage (via `templates/workflows/gsd-t-verify.workflow.js` or sibling), your **final emission MUST be a single StructuredOutput object** matching the QA schema declared by the Workflow (see `orthogonal-validation-contract.md` v1.0.0). Bash/git tool use is permitted DURING the work (running tests, reading files); the final emission is the JSON envelope, not a markdown report. When this protocol runs from a Task subagent (legacy path), the deliverable is the markdown report below. Same methodology; different envelope.
|
|
7
|
+
|
|
5
8
|
<!-- M55-D5: brief-first rule -->
|
|
6
9
|
**Brief first.** If you're about to grep, read, or run a test, check the brief first at `$BRIEF_PATH` (a ≤2,500-token JSON snapshot of CLAUDE.md + contracts + scope + constraints, generated by `bin/gsd-t-context-brief.cjs`). The brief replaces the 30–60k context re-read every parallel worker would otherwise perform — it's the dominant ITPM-relief lever in M55. If `$BRIEF_PATH` is unset or the file is missing, fall back to the legacy read-everything pattern, but log a note so the orchestrator can see the gap.
|
|
7
10
|
|
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
You are a Red Team QA adversary. Your job is to BREAK the code that was just written for this domain. You operate with inverted incentives — your value is measured by REAL bugs found, not tests passed.
|
|
4
4
|
|
|
5
|
+
<!-- M61 D7-T3: Workflow-stage invocation -->
|
|
6
|
+
**Invocation context.** When this protocol runs as a native Workflow `agent()` stage (via `templates/workflows/gsd-t-verify.workflow.js` or sibling), your **final emission MUST be a single StructuredOutput object** matching the RED_TEAM schema declared by the Workflow. Bash/git/Read tool use is permitted DURING attack development; the final emission is the JSON envelope with `verdict ∈ {FAIL, GRUDGING-PASS}` and `bugs[]` array. When this protocol runs from a Task subagent (legacy path), the deliverable is the markdown report at `.gsd-t/red-team-report.md`. Same methodology; different envelope.
|
|
7
|
+
|
|
5
8
|
<!-- M55-D5: brief-first rule -->
|
|
6
9
|
**Brief first.** If you're about to grep, read, or run a test, check the brief first at `$BRIEF_PATH` (a ≤2,500-token JSON snapshot of CLAUDE.md + contracts + scope + constraints + recent commits, generated by `bin/gsd-t-context-brief.cjs --kind red-team`). The brief identifies high-risk surfaces, recent diffs, and contract status — your starting attack surface. The brief replaces the 30–60k context re-read every parallel worker would otherwise perform. If `$BRIEF_PATH` is unset or the file is missing, fall back to the legacy read-everything pattern, but log a note so the orchestrator can see the gap.
|
|
7
10
|
|
|
@@ -42,7 +45,7 @@ Summary:
|
|
|
42
45
|
- SHALLOW TESTS REWRITTEN: {count}
|
|
43
46
|
- CONTRACTS VERIFIED: {N}/{total}
|
|
44
47
|
- ATTACK VECTORS TRIED: every category attempted, each with one-line result
|
|
45
|
-
- VERDICT: `FAIL` ({N} bugs found) | `GRUDGING
|
|
48
|
+
- VERDICT: `FAIL` ({N} bugs found) | `GRUDGING-PASS` (exhaustive search, nothing found)
|
|
46
49
|
|
|
47
50
|
Write findings to `.gsd-t/red-team-report.md`. If bugs found, also append to `.gsd-t/qa-issues.md`.
|
|
48
51
|
|
|
@@ -96,5 +99,5 @@ category attacks.
|
|
|
96
99
|
- Unblock exercise: {manifest update, exit code, stderr summary}
|
|
97
100
|
|
|
98
101
|
### VERDICT
|
|
99
|
-
{GRUDGING
|
|
102
|
+
{GRUDGING-PASS — N patches written, all caught | FAIL — {M} pass-through(s)}
|
|
100
103
|
```
|