@winton979/task-cli 1.4.1 → 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +295 -249
  2. package/package.json +1 -1
  3. package/src/cli.js +3 -2
  4. package/src/init.js +234 -56
package/README.md CHANGED
@@ -1,100 +1,103 @@
1
- # task-cli
2
-
3
- A workflow methodology for AI coding agents.
4
-
5
- Task CLI separates requirement exploration from implementation, so AI agents decide whether complexity is justified **before** they start coding.
6
-
1
+ # task-cli
2
+
3
+ A workflow methodology for AI coding agents.
4
+
5
+ Task CLI separates requirement exploration from implementation, so AI agents decide whether complexity is justified **before** they start coding.
6
+
7
7
  **Explore** — Understand the problem. Assess whether additional complexity is warranted.
8
8
  **Implement** — Solve the accepted problem with the least necessary complexity.
9
- **Review** — Validate against the brief, not against new ideas introduced during coding.
10
-
11
- Designed for:
12
-
13
- * Claude Code
14
- * Codex CLI
15
- * Mature codebases with frequent bug fixes and small feature iterations
16
-
17
- > **Core principle**
18
- > Explore decides whether complexity is justified.
19
- > Implement decides how to satisfy the requirement with the least necessary complexity.
20
-
21
- ---
22
-
23
- ## Why task-cli?
24
-
25
- ### Traditional AI Workflow
26
-
27
- ```text
9
+ **Audit** — Independently try to find failure evidence when the risk justifies it.
10
+
11
+ Designed for:
12
+
13
+ * Claude Code
14
+ * Codex CLI
15
+ * Mature codebases with frequent bug fixes and small feature iterations
16
+
17
+ > **Core principle**
18
+ > Explore decides whether complexity is justified.
19
+ > Implement decides how to satisfy the requirement with the least necessary complexity.
20
+
21
+ ---
22
+
23
+ ## Why task-cli?
24
+
25
+ ### Traditional AI Workflow
26
+
27
+ ```text
28
28
  Requirement → Solution Design → Code → Review
29
- ```
30
-
31
- The AI often starts designing before the requirement is fully clarified. Complexity gets introduced during coding, and review happens against whatever the AI produced rather than against the original intent.
32
-
33
- ### task-cli Workflow
34
-
35
- ```text
36
- Requirement
37
-
38
- Explore ──► Understand + Challenge
39
-
40
- Complexity Assessment ──► Is added complexity justified?
29
+ ```
30
+
31
+ The AI often starts designing before the requirement is fully clarified. Complexity gets introduced during coding, and review happens against whatever the AI produced rather than against the original intent.
32
+
33
+ ### task-cli Workflow
34
+
35
+ ```text
36
+ Requirement
37
+
38
+ Explore ──► Understand + Challenge
39
+
40
+ Complexity Assessment ──► Is added complexity justified?
41
+
42
+ Brief
43
+
44
+ Implement ──► Simplest acceptable solution
41
45
 
42
- Brief
46
+ Validation ──► Verify against the brief
43
47
 
44
- Implement ──► Simplest acceptable solution
45
-
46
- Review ──► Validate against the brief
47
- ```
48
-
49
- Exploration and implementation are intentionally separated.
50
-
51
- ---
52
-
53
- ## Core Philosophy
54
-
55
- Most AI coding agents fail because they mix exploration and implementation in the same conversation. Task CLI intentionally separates them.
56
-
57
- | Stage | Question |
58
- | ------------------------- | ------------------------------------------ |
59
- | Explore | What problem are we solving? |
60
- | Complexity Assessment | Is additional complexity justified? |
61
- | Implement | What is the simplest acceptable solution? |
62
- | Review | Did we satisfy the brief? |
63
-
64
- This keeps AI agents from over-designing solutions during requirement discovery, and keeps implementation focused on the accepted scope.
65
-
66
- ---
67
-
68
- ## Installation
69
-
70
- ```bash
71
- npm install -g @winton979/task-cli
72
- ```
73
-
74
- Initialize the workflow in your project:
75
-
76
- ```bash
77
- task init
78
- ```
79
-
80
- After initialization, Task CLI creates the `.ai/` workspace and installs workflow skills into both `.claude/skills/` and `.codex/skills/`.
81
-
82
- ### Prerequisites
83
-
84
- Task CLI can use a Grill Me compatible skill for requirement and bug exploration.
85
-
86
- Recommended:
87
-
88
- ```bash
89
- npx add-skill PJ-SBN-593844/skill-grill-me
90
- ```
91
-
92
- If no Grill Me compatible skill is installed, `task-fast`, `task-explore`, and `bug-explore` fall back to built-in clarification prompts.
93
-
94
- ---
95
-
96
- ## Quick Start
97
-
48
+ Audit ──► Optional, risk-triggered failure search
49
+ ```
50
+
51
+ Exploration and implementation are intentionally separated.
52
+
53
+ ---
54
+
55
+ ## Core Philosophy
56
+
57
+ Most AI coding agents fail because they mix exploration and implementation in the same conversation. Task CLI intentionally separates them.
58
+
59
+ | Stage | Question |
60
+ | ------------------------- | ------------------------------------------ |
61
+ | Explore | What problem are we solving? |
62
+ | Complexity Assessment | Is additional complexity justified? |
63
+ | Implement | What is the simplest acceptable solution? |
64
+ | Validation | Did the implementation satisfy the brief? |
65
+ | Audit | Can we find evidence that it fails? |
66
+
67
+ This keeps AI agents from over-designing solutions during requirement discovery, and keeps implementation focused on the accepted scope.
68
+
69
+ ---
70
+
71
+ ## Installation
72
+
73
+ ```bash
74
+ npm install -g @winton979/task-cli
75
+ ```
76
+
77
+ Initialize the workflow in your project:
78
+
79
+ ```bash
80
+ task init
81
+ ```
82
+
83
+ After initialization, Task CLI creates the `.ai/` workspace and installs workflow skills into both `.claude/skills/` and `.codex/skills/`.
84
+
85
+ ### Prerequisites
86
+
87
+ Task CLI can use a Grill Me compatible skill for requirement and bug exploration.
88
+
89
+ Recommended:
90
+
91
+ ```bash
92
+ npx add-skill PJ-SBN-593844/skill-grill-me
93
+ ```
94
+
95
+ If no Grill Me compatible skill is installed, `task-fast`, `task-explore`, and `bug-explore` fall back to built-in clarification prompts.
96
+
97
+ ---
98
+
99
+ ## Quick Start
100
+
98
101
  ### Small Feature / Enhancement
99
102
 
100
103
  ```text
@@ -102,179 +105,222 @@ If no Grill Me compatible skill is installed, `task-fast`, `task-explore`, and `
102
105
 
103
106
  clarify + brief + implement + validate
104
107
 
105
- /task-review or /task-cancel
108
+ archive automatically
106
109
  ```
107
110
 
108
111
  ### Larger Requirement
109
112
 
110
113
  ```text
111
- /task-explore → TASK_READY → /task-implement → /task-review or /task-cancel
114
+ /task-explore → TASK_READY → /task-implement → optional /task-audit
112
115
  ```
113
116
 
114
117
  ### Bug Fix
115
118
 
116
119
  ```text
117
- /bug-explore → BUG_READY → /bug-fix → /bug-review or /bug-cancel
120
+ /bug-explore → BUG_READY → /bug-fix → optional /bug-audit
118
121
  ```
119
122
 
120
- ### CLI Commands
121
-
122
- ```bash
123
- task init # initialize workspace and install skills
124
- task refresh # reinstall managed skills without touching .ai content
125
- task doctor # check workspace state, skill versions, gitignore rules
126
- task --help
127
- ```
128
-
129
- ---
130
-
131
- ## Example: Preventing Over-Engineering
132
-
133
- **Requirement:** *"Add CSV export."*
134
-
135
- ### Without task-cli
136
-
137
- Common AI behavior — jumps straight into designing:
138
-
139
- * `ExportService`
140
- * `ExportRepository`
141
- * `CSVAdapter`
142
- * `Factory`
143
- * new dependency
144
-
145
- **Files changed:** 7
146
- **New abstractions:** 4
147
-
148
- ### With task-cli
149
-
150
- Exploration runs first. Complexity Assessment determines that a new project-wide capability is not justified.
151
-
152
- Implementation:
153
-
154
- * reuse existing export path
155
- * modify two files
156
- * no new dependency
157
-
158
- **Files changed:** 2
159
- **New abstractions:** 0
160
-
161
- The workflow encourages the simplest acceptable implementation instead of the most elaborate one.
162
-
163
- ---
164
-
165
- ## Available Skills
166
-
167
- **Task Workflow**
168
-
123
+ Use `/task-cancel` or `/bug-cancel` when abandoning the current attempt before accepting it.
124
+
125
+ Run audit only when the risk is worth the extra pass, such as before a PR, after a large diff, when changing public APIs or core modules, when fixing production bugs, when security or data integrity is involved, or when the user explicitly asks for it.
126
+
127
+ For the highest-value audit, start a fresh session or use a different reviewer context and provide only the brief, final code or git diff, and relevant tests. Audit quality comes from new perspective and evidence, not from asking the same context to approve its own work.
128
+
129
+ ### CLI Commands
130
+
131
+ ```bash
132
+ task init # initialize workspace and install skills
133
+ task refresh # reinstall managed skills without touching .ai content
134
+ task doctor # check workspace state, skill versions, gitignore rules
135
+ task --help
136
+ ```
137
+
138
+ ---
139
+
140
+ ## Example: Preventing Over-Engineering
141
+
142
+ **Requirement:** *"Add CSV export."*
143
+
144
+ ### Without task-cli
145
+
146
+ Common AI behavior — jumps straight into designing:
147
+
148
+ * `ExportService`
149
+ * `ExportRepository`
150
+ * `CSVAdapter`
151
+ * `Factory`
152
+ * new dependency
153
+
154
+ **Files changed:** 7
155
+ **New abstractions:** 4
156
+
157
+ ### With task-cli
158
+
159
+ Exploration runs first. Complexity Assessment determines that a new project-wide capability is not justified.
160
+
161
+ Implementation:
162
+
163
+ * reuse existing export path
164
+ * modify two files
165
+ * no new dependency
166
+
167
+ **Files changed:** 2
168
+ **New abstractions:** 0
169
+
170
+ The workflow encourages the simplest acceptable implementation instead of the most elaborate one.
171
+
172
+ ---
173
+
174
+ ## Available Skills
175
+
176
+ **Task Workflow**
177
+
169
178
  * `task-fast`
170
179
  * `task-explore`
171
180
  * `task-implement`
172
- * `task-review`
181
+ * `task-audit`
173
182
  * `task-cancel`
174
-
175
- **Bug Workflow**
176
-
183
+
184
+ **Bug Workflow**
185
+
177
186
  * `bug-explore`
178
187
  * `bug-fix`
179
- * `bug-review`
188
+ * `bug-audit`
180
189
  * `bug-cancel`
181
-
182
- **Decision Logging**
183
-
184
- * `decision-log`
185
- * `decision-sweep-weekly`
186
-
187
- ---
188
-
189
- ## Decision Logging
190
-
191
- Task CLI keeps a lightweight decision trail in `.ai/decisions/decisions.md`. Explore and fast-path skills should consult it before finalizing a brief, and pull in only the decisions that materially constrain the current task or bug.
192
-
193
- The decisions file is intentionally narrow. It holds durable project invariants and reusable constraints, not a running transcript of every local implementation choice.
194
-
195
- ### Weekly Decision Sweep
196
-
197
- Calling `/decision-log` after every task is easy to forget. As a lower-friction alternative, run once per week (Friday is a natural fit):
198
-
199
- ```
200
- /decision-sweep-weekly
201
- ```
202
-
203
- The skill scans archived task and bug briefs from the past 7 days, judges which ones contain a decision worth keeping (cross-task impact, rejected alternatives, counter-intuitive choices, externally driven calls, or instructive cancellations), drafts the entries, and waits for confirmation before writing to `.ai/decisions/decisions.md`. When a draft overlaps with an existing decision, it presents both versions and asks whether to append, revise, merge, supersede, or skip.
204
-
205
- Use `decision-log` for in-the-moment recording and `decision-sweep-weekly` for periodic cleanup. Either alone is enough.
206
-
207
- ---
208
-
209
- ## Directory Structure
210
-
211
- ```text
212
- .ai/
213
- ├── tasks/
214
- │ ├── active/
215
- │ └── archive/
216
- ├── bugs/
217
- │ ├── active/
218
- │ └── archive/
219
- └── decisions/
220
- └── decisions.md
221
-
222
- .claude/skills/
223
- .codex/skills/
224
- ```
225
-
226
- The `archive/` directories are internal storage, not user-facing steps.
227
-
228
- ---
229
-
230
- ## Compared with OpenSpec-Style Workflows
231
-
232
- Detailed specification workflows such as OpenSpec can improve alignment, traceability, and consistency for large initiatives, cross-team programs, and process-heavy environments.
233
-
234
- The difficulty is that the same level of ceremony does not fit day-to-day engineering. For frequent bug fixes, small features, and fast iteration, the process becomes heavier than the change itself — maintenance overhead grows, documentation quality drifts, and teams gradually stop using the workflow as intended.
235
-
236
- Task CLI takes a narrower approach: clarify the requirement, capture only the minimum useful brief, execute against acceptance criteria, review the result, and keep a lightweight decision trail. The goal is a workflow people will actually keep using.
237
-
238
- ---
239
-
240
- ## Strengths and Tradeoffs
241
-
242
- **Strengths**
243
-
244
- * much lower process overhead for bugs, small features, and short iterations
245
- * easier to adopt in mature codebases where engineers already know the product
246
- * encourages real usage because the workflow is short enough to sustain
247
- * keeps enough structure to improve clarity without forcing large documents
248
-
249
- **Tradeoffs**
250
-
251
- * less suitable for large cross-team initiatives that need formal design traceability
252
- * relies more on engineer judgment and review quality than a full spec process
253
- * stores less long-form historical context than a dedicated spec repository
254
-
255
- ---
256
-
257
- ## Upgrading Existing Projects
258
-
259
- If a project was initialized with an older version of task-cli, run:
260
-
261
- ```bash
262
- task refresh
263
- ```
264
-
265
- This will:
266
-
267
- * keep `.ai/tasks`, `.ai/bugs`, and `.ai/decisions`
268
- * remove only managed skills from `.claude/skills/` and `.codex/skills/`: `task-fast`, `task-explore`, `task-implement`, `task-review`, `task-cancel`, `bug-explore`, `bug-fix`, `bug-review`, `bug-cancel`, `decision-log`, `decision-sweep-weekly`
269
- * reinstall the latest versions of those skills
270
-
271
- Unrelated custom skills in the same project are left untouched. Inspect the current setup first with `task doctor`.
272
-
273
- ---
274
-
275
- ## License
276
-
277
- MIT
278
-
279
- > Task CLI does not install Grill Me automatically.
280
- > Users remain free to choose any Grill Me compatible implementation, and the explore skills fall back to built-in clarification if none is installed.
190
+
191
+ **Decision Logging**
192
+
193
+ * `decision-log`
194
+ * `decision-sweep-weekly`
195
+ * `decision-curate`
196
+
197
+ ---
198
+
199
+ ## Decision Logging
200
+
201
+ Task CLI keeps a lightweight decision trail in `.ai/decisions/decisions.md`. Explore and fast-path skills should consult it before finalizing a brief, and pull in only the decisions that materially constrain the current task or bug.
202
+
203
+ The decisions file is intentionally narrow. It holds durable project invariants and reusable constraints, not a running transcript of every local implementation choice.
204
+
205
+ The default bias should be to skip writing. A decision should be logged only when leaving it undocumented would make a future task or bug exploration materially more likely to choose the wrong path.
206
+
207
+ ### Weekly Decision Sweep
208
+
209
+ Calling `/decision-log` after every task is easy to forget. As a lower-friction alternative, run once per week (Friday is a natural fit):
210
+
211
+ ```
212
+ /decision-sweep-weekly
213
+ ```
214
+
215
+ The skill scans archived task and bug briefs from the past 7 days, judges which ones contain a decision worth keeping (cross-task impact, rejected alternatives, counter-intuitive choices, externally driven calls, or instructive cancellations), drafts the entries, and waits for confirmation before writing to `.ai/decisions/decisions.md`. When a draft overlaps with an existing decision, it presents both versions and asks whether to append, revise, merge, supersede, or skip.
216
+
217
+ ### Decision Curation
218
+
219
+ When the decisions file starts collecting stale, duplicate, or low-value entries, run:
220
+
221
+ ```
222
+ /decision-curate
223
+ ```
224
+
225
+ The skill audits the current decisions file, classifies entries as keep, tighten, merge, or remove, and waits for explicit confirmation before changing anything. Its job is to keep the file short enough that explore can still read it cheaply.
226
+
227
+ Use `decision-log` for in-the-moment recording, `decision-sweep-weekly` for harvesting new durable constraints, and `decision-curate` for pruning old ones.
228
+
229
+ ---
230
+
231
+ ## Operational Boundaries
232
+
233
+ Task CLI is most effective when `active/` stays personal, local, and small. In that operating model, the main scaling risk is not total bug or task count, but whether the long-lived context remains high-signal.
234
+
235
+ Recommended working limits:
236
+
237
+ * Per developer, keep local `active` briefs at `1-3`. At `4-5`, the agent starts paying more context-switching cost.
238
+ * Total `archive` size can grow into the hundreds without becoming a primary problem, because normal flows do not re-read all historical briefs.
239
+ * Keep `.ai/decisions/decisions.md` lean. Around `15-30` durable entries is comfortable. Once it grows past `30`, run `/decision-curate` regularly.
240
+ * Weekly completed brief volume around `10-20` is still light for `decision-sweep-weekly`. Past `20-40`, expect more review effort to separate durable constraints from one-off noise.
241
+
242
+ Red flags that the workflow is becoming an agent burden:
243
+
244
+ * explore spends noticeable time filtering stale or irrelevant decisions
245
+ * many archived briefs are too small or repetitive to justify their own long-term trace
246
+ * weekly decision sweep produces mostly skip-worthy items
247
+ * one developer keeps more than a few local active briefs open at once
248
+
249
+ When those signals appear, the right response is usually to reduce noise in decisions and brief granularity, not to add more process.
250
+
251
+ ---
252
+
253
+ ## Directory Structure
254
+
255
+ ```text
256
+ .ai/
257
+ ├── tasks/
258
+ │ ├── active/
259
+ │ └── archive/
260
+ ├── bugs/
261
+ │ ├── active/
262
+ │ └── archive/
263
+ └── decisions/
264
+ └── decisions.md
265
+
266
+ .claude/skills/
267
+ .codex/skills/
268
+ ```
269
+
270
+ The `archive/` directories are internal storage, not user-facing steps.
271
+
272
+ ---
273
+
274
+ ## Compared with OpenSpec-Style Workflows
275
+
276
+ Detailed specification workflows such as OpenSpec can improve alignment, traceability, and consistency for large initiatives, cross-team programs, and process-heavy environments.
277
+
278
+ The difficulty is that the same level of ceremony does not fit day-to-day engineering. For frequent bug fixes, small features, and fast iteration, the process becomes heavier than the change itself — maintenance overhead grows, documentation quality drifts, and teams gradually stop using the workflow as intended.
279
+
280
+ Task CLI takes a narrower approach: clarify the requirement, capture only the minimum useful brief, execute and validate against acceptance criteria, run audit only when risk justifies it, and keep a lightweight decision trail. The goal is a workflow people will actually keep using.
281
+
282
+ ---
283
+
284
+ ## Strengths and Tradeoffs
285
+
286
+ **Strengths**
287
+
288
+ * much lower process overhead for bugs, small features, and short iterations
289
+ * easier to adopt in mature codebases where engineers already know the product
290
+ * encourages real usage because the workflow is short enough to sustain
291
+ * keeps enough structure to improve clarity without forcing large documents
292
+
293
+ **Tradeoffs**
294
+
295
+ * less suitable for large cross-team initiatives that need formal design traceability
296
+ * relies more on engineer judgment and risk-triggered audit quality than a full spec process
297
+ * stores less long-form historical context than a dedicated spec repository
298
+
299
+ ---
300
+
301
+ ## Upgrading Existing Projects
302
+
303
+ If a project was initialized with an older version of task-cli, run:
304
+
305
+ ```bash
306
+ task refresh
307
+ ```
308
+
309
+ This will:
310
+
311
+ * keep `.ai/tasks`, `.ai/bugs`, and `.ai/decisions`
312
+ * remove only managed skills from `.claude/skills/` and `.codex/skills/`, including legacy `task-review` and `bug-review`, then reinstall the current set: `task-fast`, `task-explore`, `task-implement`, `task-audit`, `task-cancel`, `bug-explore`, `bug-fix`, `bug-audit`, `bug-cancel`, `decision-log`, `decision-sweep-weekly`, `decision-curate`
313
+ * reinstall the latest versions of those skills
314
+
315
+ Unrelated custom skills in the same project are left untouched. Inspect the current setup first with `task doctor`.
316
+
317
+ ---
318
+
319
+ something else:
320
+ > Task CLI does not install Grill Me automatically.
321
+ > Users remain free to choose any Grill Me compatible implementation, and the explore skills fall back to built-in clarification if none is installed.
322
+
323
+ ## License
324
+
325
+ MIT
326
+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@winton979/task-cli",
3
- "version": "1.4.1",
3
+ "version": "1.4.3",
4
4
  "description": "Lightweight task workflow CLI for AI-assisted development",
5
5
  "license": "MIT",
6
6
  "repository": {
package/src/cli.js CHANGED
@@ -26,8 +26,9 @@ Usage:
26
26
 
27
27
  Recommended flows after init:
28
28
  fast: task-fast
29
- task: task-explore -> task-implement -> task-review | task-cancel
30
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel`);
29
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
30
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
31
+ cancel: task-cancel | bug-cancel`);
31
32
  }
32
33
 
33
34
  switch (cmd) {
package/src/init.js CHANGED
@@ -241,51 +241,88 @@ How acceptance criteria were satisfied.
241
241
  `,
242
242
  },
243
243
 
244
- 'task-review': {
245
- name: 'task-review',
246
- description: 'Review the latest task implementation against the corresponding task brief.',
244
+ 'task-audit': {
245
+ name: 'task-audit',
246
+ description: 'Independently audit a completed task implementation against the task brief.',
247
247
  content: `---
248
- name: task-review
249
- description: Review the latest task implementation against the corresponding task brief.
248
+ name: task-audit
249
+ description: Independently audit a completed task implementation against the task brief. The objective is to find evidence of failure, not to justify the implementation.
250
250
  user-invocable: true
251
251
  ---
252
252
 
253
253
  Purpose
254
254
 
255
- Review implementation against the corresponding task brief.
255
+ Perform an independent audit of a completed task implementation.
256
256
 
257
257
  Rules
258
258
 
259
259
  1. Use the latest matching brief from .ai/tasks/active/ or .ai/tasks/archive/.
260
- 2. Review the actual changes, not just the intent.
260
+ 2. Inspect the actual implementation via final code and git diff.
261
+ 3. Use the least implementation context possible: task brief, final code, git diff, and existing tests.
262
+ 4. Ignore implementation reasoning from the current conversation.
263
+ 5. Do not prove the implementation correct. Try to invalidate it with evidence.
264
+ 6. If evidence is unavailable, mark the area UNKNOWN instead of guessing.
265
+ 7. Run relevant tests when practical. If tests cannot be run, list that under Unknowns.
266
+ 8. Do not suggest unrelated improvements.
267
+ 9. Overall Result must be FAIL when any acceptance criterion is FAIL, or when a material UNKNOWN blocks approval.
268
+ 10. Overall Result may be PASS only when no significant evidence of failure exists.
269
+
270
+ Audit Phases
271
+
272
+ 1. Requirement coverage: for each acceptance criterion, mark PASS, FAIL, or UNKNOWN.
273
+ 2. Break attempt: construct edge cases, invalid inputs, and unexpected user actions that may violate the brief.
274
+ 3. Regression analysis: check behavior changes, compatibility issues, state corruption, and hidden side effects.
275
+ 4. Engineering risk: check maintainability, unnecessary complexity, duplication, performance, memory, concurrency, and security.
276
+
277
+ Severity
278
+
279
+ Critical - Causes incorrect behavior or violates requirements.
280
+ High - Likely production issue.
281
+ Medium - Real issue with limited impact.
282
+ Low - Concrete issue with low impact. Do not use Low for preferences.
261
283
 
262
- Evaluate
284
+ Output
263
285
 
264
- 1. Goal completion
265
- 2. Acceptance criteria coverage
266
- 3. Edge cases
267
- 4. Maintainability
268
- 5. Performance impact
269
- 6. Security impact
270
- 7. Regression risks
286
+ ## Overall Result
271
287
 
272
- Output
288
+ PASS or FAIL
273
289
 
274
- ## Pass/Fail
290
+ ## Acceptance Criteria
275
291
 
276
- Overall assessment.
292
+ | Criterion | Result | Evidence |
293
+ |-----------|--------|----------|
277
294
 
278
295
  ## Findings
279
296
 
280
- Issues found.
297
+ For every finding include:
298
+
299
+ ### Severity
300
+
301
+ Critical / High / Medium / Low
302
+
303
+ ### Issue
304
+
305
+ What is wrong.
306
+
307
+ ### Evidence
308
+
309
+ Concrete code, diff, test result, or behavior supporting the finding.
281
310
 
282
- ## Suggestions
311
+ ### Impact
283
312
 
284
- Optional improvements.
313
+ Why it matters.
285
314
 
286
- ## Missing Acceptance Criteria
315
+ ### Confidence
287
316
 
288
- Anything not fully implemented.
317
+ High / Medium / Low
318
+
319
+ ## Unknowns
320
+
321
+ Areas that cannot be verified from available information.
322
+
323
+ ## Final Assessment
324
+
325
+ State whether approval is blocked and what remains risky.
289
326
  `,
290
327
  },
291
328
 
@@ -434,45 +471,93 @@ Verification performed.
434
471
  `,
435
472
  },
436
473
 
437
- 'bug-review': {
438
- name: 'bug-review',
439
- description: 'Review the latest bug fix against the corresponding bug brief.',
474
+ 'bug-audit': {
475
+ name: 'bug-audit',
476
+ description: 'Independently audit a completed bug fix against the bug brief and root cause.',
440
477
  content: `---
441
- name: bug-review
442
- description: Review the latest bug fix against the corresponding bug brief.
478
+ name: bug-audit
479
+ description: Independently audit a completed bug fix against the bug brief and root cause. The objective is to find evidence of failure, not to justify the implementation.
443
480
  user-invocable: true
444
481
  ---
445
482
 
446
483
  Purpose
447
484
 
448
- Review implementation against the corresponding bug brief.
485
+ Perform an independent audit of a completed bug fix.
449
486
 
450
487
  Rules
451
488
 
452
489
  1. Use the latest matching brief from .ai/bugs/active/ or .ai/bugs/archive/.
453
- 2. Check whether the reported root cause was truly addressed.
490
+ 2. Inspect the actual fix via final code and git diff.
491
+ 3. Use the least implementation context possible: bug brief, final code, git diff, and existing tests.
492
+ 4. Ignore implementation reasoning from the current conversation.
493
+ 5. Do not prove the fix correct. Try to invalidate it with evidence.
494
+ 6. If evidence is unavailable, mark the area UNKNOWN instead of guessing.
495
+ 7. Run relevant tests when practical. If tests cannot be run, list that under Unknowns.
496
+ 8. Do not suggest unrelated improvements.
497
+ 9. Overall Result must be FAIL when root cause validation is FAIL, any acceptance criterion is FAIL, or a material UNKNOWN blocks approval.
498
+ 10. Overall Result may be PASS only when no significant evidence of failure exists.
499
+
500
+ Audit Phases
501
+
502
+ 1. Root cause validation: determine whether the confirmed or suspected root cause was actually eliminated.
503
+ 2. Acceptance criteria coverage: for each criterion, mark PASS, FAIL, or UNKNOWN.
504
+ 3. Break attempt: construct inputs or flows that reproduce the old bug or expose adjacent failures.
505
+ 4. Regression analysis: check behavior changes, compatibility issues, state corruption, and hidden side effects.
506
+ 5. Engineering risk: check maintainability, unnecessary complexity, duplication, performance, memory, concurrency, and security.
507
+
508
+ Severity
509
+
510
+ Critical - Root cause not fixed or requirement violated.
511
+ High - Likely production issue.
512
+ Medium - Real issue with limited impact.
513
+ Low - Concrete issue with low impact. Do not use Low for preferences.
454
514
 
455
- Check
515
+ Output
456
516
 
457
- 1. Root cause addressed
458
- 2. Regression risks
459
- 3. Side effects
460
- 4. Edge cases
461
- 5. Test coverage
517
+ ## Overall Result
462
518
 
463
- Output
519
+ PASS or FAIL
464
520
 
465
- ## Pass/Fail
521
+ ## Root Cause Validation
466
522
 
467
- Assessment.
523
+ PASS / FAIL / UNKNOWN, with evidence.
468
524
 
469
- ## Risks
525
+ ## Acceptance Criteria
470
526
 
471
- Potential issues.
527
+ | Criterion | Result | Evidence |
528
+ |-----------|--------|----------|
529
+
530
+ ## Findings
472
531
 
473
- ## Recommendations
532
+ For every finding include:
474
533
 
475
- Further improvements.
534
+ ### Severity
535
+
536
+ Critical / High / Medium / Low
537
+
538
+ ### Issue
539
+
540
+ What is wrong.
541
+
542
+ ### Evidence
543
+
544
+ Concrete code, diff, test result, or behavior supporting the finding.
545
+
546
+ ### Impact
547
+
548
+ Why it matters.
549
+
550
+ ### Confidence
551
+
552
+ High / Medium / Low
553
+
554
+ ## Unknowns
555
+
556
+ Areas that cannot be verified from available information.
557
+
558
+ ## Final Assessment
559
+
560
+ State whether approval is blocked and what remains risky.
476
561
  `,
477
562
  },
478
563
 
@@ -519,7 +604,26 @@ Purpose
519
604
 
520
605
  Record important implementation decisions.
521
606
 
522
- Only record decisions that are likely to matter beyond a single task. Good candidates are durable constraints, architecture boundaries, rejected alternatives someone may retry later, externally forced choices, and intentional behavior that otherwise looks incorrect.
607
+ Selection Standard
608
+
609
+ Bias toward not writing. A decision belongs here only when leaving it undocumented would make a future task or bug exploration materially more likely to choose the wrong path.
610
+
611
+ Record only durable constraints such as:
612
+
613
+ * project invariants that will likely constrain future work
614
+ * rejected alternatives someone could plausibly retry later
615
+ * externally forced choices such as compatibility, compliance, vendor, or performance limits
616
+ * intentional behavior that looks incorrect unless explained
617
+
618
+ Do not record:
619
+
620
+ * one-off implementation details
621
+ * local cleanup notes or TODOs
622
+ * temporary workarounds that are not yet accepted long-term behavior
623
+ * facts already made obvious by code, tests, or tooling
624
+ * constraints that disappeared after later simplification or optimization
625
+
626
+ If unsure, skip the entry.
523
627
 
524
628
  Save Location
525
629
 
@@ -549,6 +653,8 @@ Requirements
549
653
 
550
654
  * Maximum 10 lines per decision
551
655
  * Default to append
656
+ * Prefer fewer, harder decisions over broad coverage
657
+ * One decision should capture one durable constraint, not a mixed summary
552
658
  * If a new entry appears to revise, merge with, or supersede an existing decision, do not edit or append yet
553
659
  * Instead, show the relevant prior entry, explain the overlap or conflict, and ask the user whether to append, revise, merge, supersede, or skip
554
660
  * Only modify an existing entry after explicit user confirmation
@@ -579,11 +685,13 @@ Workflow
579
685
  2. For cancelled briefs in either archive, treat the abandonment itself as potential decision material.
580
686
  3. Evaluate each brief against the Sediment Conditions below.
581
687
  4. For each candidate, draft a decision entry using the four-section format.
582
- 5. Present a single review list: every scanned brief with a verdict (write / skip / insufficient info), then the proposed drafts grouped at the end.
583
- 6. Do NOT append anything yet. Wait for the user to confirm which drafts to keep, edit, or drop.
584
- 7. If a proposed draft appears to overlap with, conflict with, or refine an existing decision, include that prior entry in the review and present explicit options such as append as new, revise existing, merge, supersede, or skip.
585
- 8. Only after confirmation, apply the approved action for each draft. Default to appending new entries oldest first under the matching YYYY-MM-DD section heading; revise or merge only when the user explicitly selects that action.
586
- 9. Report what was appended, revised, merged, superseded, and skipped.
688
+ 5. Bias toward skip. Produce a draft only when the decision is clearly durable and likely to matter again.
689
+ 6. Present a single review list: every scanned brief with a verdict (write / skip / insufficient info), then the proposed drafts grouped at the end.
690
+ 7. For every skip, give a short reason such as one-off detail, already encoded in code, no future constraint, or still unsettled.
691
+ 8. Do NOT append anything yet. Wait for the user to confirm which drafts to keep, edit, or drop.
692
+ 9. If a proposed draft appears to overlap with, conflict with, or refine an existing decision, include that prior entry in the review and present explicit options such as append as new, revise existing, merge, supersede, or skip.
693
+ 10. Only after confirmation, apply the approved action for each draft. Default to appending new entries oldest first under the matching YYYY-MM-DD section heading; revise or merge only when the user explicitly selects that action.
694
+ 11. Report what was appended, revised, merged, superseded, and skipped.
587
695
 
588
696
  Sediment Conditions
589
697
 
@@ -594,12 +702,16 @@ A brief becomes a decision entry if it satisfies any of:
594
702
  * Counter-intuitive choice: code reads like an anti-pattern but is intentional.
595
703
  * Externally driven: compliance, performance, compatibility, or a third-party API limit forced the call.
596
704
  * A cancelled attempt whose failure is itself a useful conclusion.
705
+ * Without the note, a future explore step would likely need to rediscover the same constraint.
597
706
 
598
707
  Skip Conditions
599
708
 
600
709
  * Affects only the implementation detail of one task.
601
710
  * A temporary or unsettled conclusion.
602
711
  * A bare fact with no decision behind it.
712
+ * Already obvious from code, tests, tooling, or existing project structure.
713
+ * A constraint that was later simplified away, optimized away, or otherwise stopped mattering.
714
+ * Too vague to guide a future task.
603
715
 
604
716
  Entry Format
605
717
 
@@ -627,11 +739,65 @@ Requirements
627
739
  * Default to append
628
740
  * One date section per day; multiple decisions on the same day stack under the same heading
629
741
  * Never edit, merge, supersede, or delete prior entries without explicit user confirmation
742
+ `,
743
+ },
744
+
745
+ 'decision-curate': {
746
+ name: 'decision-curate',
747
+ description: 'Audit .ai/decisions/decisions.md and propose removing, merging, or tightening stale, duplicate, or low-value entries. Only apply changes after explicit user confirmation.',
748
+ content: `---
749
+ name: decision-curate
750
+ description: Audit .ai/decisions/decisions.md and propose removing, merging, or tightening stale, duplicate, or low-value entries. Only apply changes after explicit user confirmation.
751
+ user-invocable: true
752
+ ---
753
+
754
+ Purpose
755
+
756
+ Keep .ai/decisions/decisions.md narrow enough that future explore steps can read it quickly and trust that every surviving entry still matters.
757
+
758
+ Workflow
759
+
760
+ 1. Read .ai/decisions/decisions.md.
761
+ 2. Inspect the current codebase only as needed to judge whether each decision still represents a live constraint.
762
+ 3. Classify each entry as keep, tighten, merge, or remove.
763
+ 4. Bias toward removal when an entry is stale, duplicate, too local, too vague, or no longer changes future implementation choices.
764
+ 5. Present a review list with every entry, its classification, and a short reason.
765
+ 6. When proposing tighten, merge, or remove, quote or summarize the exact affected entry so the user can approve safely.
766
+ 7. Do NOT modify the file yet. Wait for explicit user confirmation on each proposed change set.
767
+ 8. After confirmation, apply only the approved edits and preserve unrelated entries.
768
+ 9. Summarize what was kept, tightened, merged, removed, and why.
769
+
770
+ Retention Standard
771
+
772
+ Keep an entry only if it still acts as a durable project constraint or explains an intentional choice a future task could otherwise get wrong.
773
+
774
+ Removal Candidates
775
+
776
+ * one-off implementation details
777
+ * decisions already enforced clearly by code, tests, or tooling
778
+ * duplicate or near-duplicate entries
779
+ * vague notes that do not change future choices
780
+ * constraints invalidated by later refactors, simplifications, or performance work
781
+ * historical context that belongs in task or bug archives instead
782
+
783
+ Requirements
784
+
785
+ * Default to proposing, not editing
786
+ * Never remove or rewrite an entry without explicit user confirmation
787
+ * Prefer deleting low-value entries over rewriting them into longer prose
788
+ * Keep the remaining file concise and high-signal
630
789
  `,
631
790
  },
632
791
  };
633
792
 
634
- const MANAGED_SKILL_NAMES = Object.values(SKILLS).map((skill) => skill.name);
793
+ const LEGACY_MANAGED_SKILL_NAMES = [
794
+ 'task-review',
795
+ 'bug-review',
796
+ ];
797
+ const MANAGED_SKILL_NAMES = [
798
+ ...Object.values(SKILLS).map((skill) => skill.name),
799
+ ...LEGACY_MANAGED_SKILL_NAMES,
800
+ ];
635
801
 
636
802
  function skillFilePath(path, cwd, skillRoot, skillName) {
637
803
  return path.join(cwd, skillRoot, skillName, 'SKILL.md');
@@ -789,9 +955,10 @@ export function init(cwd, { fs, path, log }) {
789
955
 
790
956
  log.info(`\nTask workflow initialized. Recommended flows:
791
957
  fast: task-fast
792
- task: task-explore -> task-implement -> task-review | task-cancel
793
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel
794
- other: decision-log
958
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
959
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
960
+ cancel: task-cancel | bug-cancel
961
+ other: decision-log | decision-curate
795
962
  sweep: decision-sweep-weekly`);
796
963
  }
797
964
 
@@ -824,9 +991,10 @@ export function refresh(cwd, { fs, path, log }) {
824
991
 
825
992
  log.info(`\nTask workflow refreshed. Managed skills reinstalled:
826
993
  fast: task-fast
827
- task: task-explore -> task-implement -> task-review | task-cancel
828
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel
829
- other: decision-log
994
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
995
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
996
+ cancel: task-cancel | bug-cancel
997
+ other: decision-log | decision-curate
830
998
  sweep: decision-sweep-weekly`);
831
999
  }
832
1000
 
@@ -876,6 +1044,16 @@ export function doctor(cwd, { fs, path, log }) {
876
1044
  matches ? 'current' : 'outdated, run `task refresh`'
877
1045
  );
878
1046
  }
1047
+
1048
+ for (const skillName of LEGACY_MANAGED_SKILL_NAMES) {
1049
+ const legacySkillDir = path.join(cwd, skillRoot, skillName);
1050
+ if (!fs.existsSync(legacySkillDir)) {
1051
+ continue;
1052
+ }
1053
+
1054
+ checks.push(false);
1055
+ logCheck(log, false, `${skillRoot}/${skillName}`, 'legacy managed skill, run `task refresh`');
1056
+ }
879
1057
  }
880
1058
 
881
1059
  const grillMeFindings = [