@winton979/task-cli 1.4.2 → 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -4,9 +4,9 @@ A workflow methodology for AI coding agents.
4
4
 
5
5
  Task CLI separates requirement exploration from implementation, so AI agents decide whether complexity is justified **before** they start coding.
6
6
 
7
- **Explore** — Understand the problem. Assess whether additional complexity is warranted.
8
- **Implement** — Solve the accepted problem with the least necessary complexity.
9
- **Review** — Validate against the brief, not against new ideas introduced during coding.
7
+ **Explore** — Understand the problem. Assess whether additional complexity is warranted.
8
+ **Implement** — Solve the accepted problem with the least necessary complexity.
9
+ **Audit** — Independently try to find failure evidence when the risk justifies it.
10
10
 
11
11
  Designed for:
12
12
 
@@ -25,7 +25,7 @@ Designed for:
25
25
  ### Traditional AI Workflow
26
26
 
27
27
  ```text
28
- Requirement → Solution Design → Code → Review
28
+ Requirement → Solution Design → Code → Review
29
29
  ```
30
30
 
31
31
  The AI often starts designing before the requirement is fully clarified. Complexity gets introduced during coding, and review happens against whatever the AI produced rather than against the original intent.
@@ -42,8 +42,10 @@ Complexity Assessment ──► Is added complexity justified?
42
42
  Brief
43
43
 
44
44
  Implement ──► Simplest acceptable solution
45
-
46
- Review ──► Validate against the brief
45
+
46
+ Validation ──► Verify against the brief
47
+
48
+ Audit ──► Optional, risk-triggered failure search
47
49
  ```
48
50
 
49
51
  Exploration and implementation are intentionally separated.
@@ -59,7 +61,8 @@ Most AI coding agents fail because they mix exploration and implementation in th
59
61
  | Explore | What problem are we solving? |
60
62
  | Complexity Assessment | Is additional complexity justified? |
61
63
  | Implement | What is the simplest acceptable solution? |
62
- | Review | Did we satisfy the brief? |
64
+ | Validation | Did the implementation satisfy the brief? |
65
+ | Audit | Can we find evidence that it fails? |
63
66
 
64
67
  This keeps AI agents from over-designing solutions during requirement discovery, and keeps implementation focused on the accepted scope.
65
68
 
@@ -95,27 +98,33 @@ If no Grill Me compatible skill is installed, `task-fast`, `task-explore`, and `
95
98
 
96
99
  ## Quick Start
97
100
 
98
- ### Small Feature / Enhancement
99
-
100
- ```text
101
- /task-fast
102
-
103
- clarify + brief + implement + validate
104
-
105
- /task-review or /task-cancel
106
- ```
107
-
108
- ### Larger Requirement
109
-
110
- ```text
111
- /task-explore → TASK_READY → /task-implement → /task-review or /task-cancel
112
- ```
113
-
114
- ### Bug Fix
115
-
116
- ```text
117
- /bug-explore → BUG_READY → /bug-fix → /bug-review or /bug-cancel
118
- ```
101
+ ### Small Feature / Enhancement
102
+
103
+ ```text
104
+ /task-fast
105
+
106
+ clarify + brief + implement + validate
107
+
108
+ archive automatically
109
+ ```
110
+
111
+ ### Larger Requirement
112
+
113
+ ```text
114
+ /task-explore → TASK_READY → /task-implement → optional /task-audit
115
+ ```
116
+
117
+ ### Bug Fix
118
+
119
+ ```text
120
+ /bug-explore → BUG_READY → /bug-fix → optional /bug-audit
121
+ ```
122
+
123
+ Use `/task-cancel` or `/bug-cancel` when abandoning the current attempt before accepting it.
124
+
125
+ Run audit only when the risk is worth the extra pass, such as before a PR, after a large diff, when changing public APIs or core modules, when fixing production bugs, when security or data integrity is involved, or when the user explicitly asks for it.
126
+
127
+ For the highest-value audit, start a fresh session or use a different reviewer context and provide only the brief, final code or git diff, and relevant tests. Audit quality comes from new perspective and evidence, not from asking the same context to approve its own work.
119
128
 
120
129
  ### CLI Commands
121
130
 
@@ -166,18 +175,18 @@ The workflow encourages the simplest acceptable implementation instead of the mo
166
175
 
167
176
  **Task Workflow**
168
177
 
169
- * `task-fast`
170
- * `task-explore`
171
- * `task-implement`
172
- * `task-review`
173
- * `task-cancel`
178
+ * `task-fast`
179
+ * `task-explore`
180
+ * `task-implement`
181
+ * `task-audit`
182
+ * `task-cancel`
174
183
 
175
184
  **Bug Workflow**
176
185
 
177
- * `bug-explore`
178
- * `bug-fix`
179
- * `bug-review`
180
- * `bug-cancel`
186
+ * `bug-explore`
187
+ * `bug-fix`
188
+ * `bug-audit`
189
+ * `bug-cancel`
181
190
 
182
191
  **Decision Logging**
183
192
 
@@ -268,7 +277,7 @@ Detailed specification workflows such as OpenSpec can improve alignment, traceab
268
277
 
269
278
  The difficulty is that the same level of ceremony does not fit day-to-day engineering. For frequent bug fixes, small features, and fast iteration, the process becomes heavier than the change itself — maintenance overhead grows, documentation quality drifts, and teams gradually stop using the workflow as intended.
270
279
 
271
- Task CLI takes a narrower approach: clarify the requirement, capture only the minimum useful brief, execute against acceptance criteria, review the result, and keep a lightweight decision trail. The goal is a workflow people will actually keep using.
280
+ Task CLI takes a narrower approach: clarify the requirement, capture only the minimum useful brief, execute and validate against acceptance criteria, run audit only when risk justifies it, and keep a lightweight decision trail. The goal is a workflow people will actually keep using.
272
281
 
273
282
  ---
274
283
 
@@ -284,7 +293,7 @@ Task CLI takes a narrower approach: clarify the requirement, capture only the mi
284
293
  **Tradeoffs**
285
294
 
286
295
  * less suitable for large cross-team initiatives that need formal design traceability
287
- * relies more on engineer judgment and review quality than a full spec process
296
+ * relies more on engineer judgment and risk-triggered audit quality than a full spec process
288
297
  * stores less long-form historical context than a dedicated spec repository
289
298
 
290
299
  ---
@@ -300,7 +309,7 @@ task refresh
300
309
  This will:
301
310
 
302
311
  * keep `.ai/tasks`, `.ai/bugs`, and `.ai/decisions`
303
- * remove only managed skills from `.claude/skills/` and `.codex/skills/`: `task-fast`, `task-explore`, `task-implement`, `task-review`, `task-cancel`, `bug-explore`, `bug-fix`, `bug-review`, `bug-cancel`, `decision-log`, `decision-sweep-weekly`, `decision-curate`
312
+ * remove only managed skills from `.claude/skills/` and `.codex/skills/`, including legacy `task-review` and `bug-review`, then reinstall the current set: `task-fast`, `task-explore`, `task-implement`, `task-audit`, `task-cancel`, `bug-explore`, `bug-fix`, `bug-audit`, `bug-cancel`, `decision-log`, `decision-sweep-weekly`, `decision-curate`
304
313
  * reinstall the latest versions of those skills
305
314
 
306
315
  Unrelated custom skills in the same project are left untouched. Inspect the current setup first with `task doctor`.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@winton979/task-cli",
3
- "version": "1.4.2",
3
+ "version": "1.4.3",
4
4
  "description": "Lightweight task workflow CLI for AI-assisted development",
5
5
  "license": "MIT",
6
6
  "repository": {
package/src/cli.js CHANGED
@@ -26,8 +26,9 @@ Usage:
26
26
 
27
27
  Recommended flows after init:
28
28
  fast: task-fast
29
- task: task-explore -> task-implement -> task-review | task-cancel
30
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel`);
29
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
30
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
31
+ cancel: task-cancel | bug-cancel`);
31
32
  }
32
33
 
33
34
  switch (cmd) {
package/src/init.js CHANGED
@@ -241,51 +241,88 @@ How acceptance criteria were satisfied.
241
241
  `,
242
242
  },
243
243
 
244
- 'task-review': {
245
- name: 'task-review',
246
- description: 'Review the latest task implementation against the corresponding task brief.',
244
+ 'task-audit': {
245
+ name: 'task-audit',
246
+ description: 'Independently audit a completed task implementation against the task brief.',
247
247
  content: `---
248
- name: task-review
249
- description: Review the latest task implementation against the corresponding task brief.
248
+ name: task-audit
249
+ description: Independently audit a completed task implementation against the task brief. The objective is to find evidence of failure, not to justify the implementation.
250
250
  user-invocable: true
251
251
  ---
252
252
 
253
253
  Purpose
254
254
 
255
- Review implementation against the corresponding task brief.
255
+ Perform an independent audit of a completed task implementation.
256
256
 
257
257
  Rules
258
258
 
259
259
  1. Use the latest matching brief from .ai/tasks/active/ or .ai/tasks/archive/.
260
- 2. Review the actual changes, not just the intent.
260
+ 2. Inspect the actual implementation via final code and git diff.
261
+ 3. Use the least implementation context possible: task brief, final code, git diff, and existing tests.
262
+ 4. Ignore implementation reasoning from the current conversation.
263
+ 5. Do not prove the implementation correct. Try to invalidate it with evidence.
264
+ 6. If evidence is unavailable, mark the area UNKNOWN instead of guessing.
265
+ 7. Run relevant tests when practical. If tests cannot be run, list that under Unknowns.
266
+ 8. Do not suggest unrelated improvements.
267
+ 9. Overall Result must be FAIL when any acceptance criterion is FAIL, or when a material UNKNOWN blocks approval.
268
+ 10. Overall Result may be PASS only when no significant evidence of failure exists.
269
+
270
+ Audit Phases
271
+
272
+ 1. Requirement coverage: for each acceptance criterion, mark PASS, FAIL, or UNKNOWN.
273
+ 2. Break attempt: construct edge cases, invalid inputs, and unexpected user actions that may violate the brief.
274
+ 3. Regression analysis: check behavior changes, compatibility issues, state corruption, and hidden side effects.
275
+ 4. Engineering risk: check maintainability, unnecessary complexity, duplication, performance, memory, concurrency, and security.
276
+
277
+ Severity
278
+
279
+ Critical - Causes incorrect behavior or violates requirements.
280
+ High - Likely production issue.
281
+ Medium - Real issue with limited impact.
282
+ Low - Concrete issue with low impact. Do not use Low for preferences.
261
283
 
262
- Evaluate
284
+ Output
263
285
 
264
- 1. Goal completion
265
- 2. Acceptance criteria coverage
266
- 3. Edge cases
267
- 4. Maintainability
268
- 5. Performance impact
269
- 6. Security impact
270
- 7. Regression risks
286
+ ## Overall Result
271
287
 
272
- Output
288
+ PASS or FAIL
273
289
 
274
- ## Pass/Fail
290
+ ## Acceptance Criteria
275
291
 
276
- Overall assessment.
292
+ | Criterion | Result | Evidence |
293
+ |-----------|--------|----------|
277
294
 
278
295
  ## Findings
279
296
 
280
- Issues found.
297
+ For every finding include:
298
+
299
+ ### Severity
300
+
301
+ Critical / High / Medium / Low
302
+
303
+ ### Issue
304
+
305
+ What is wrong.
306
+
307
+ ### Evidence
308
+
309
+ Concrete code, diff, test result, or behavior supporting the finding.
310
+
311
+ ### Impact
281
312
 
282
- ## Suggestions
313
+ Why it matters.
283
314
 
284
- Optional improvements.
315
+ ### Confidence
285
316
 
286
- ## Missing Acceptance Criteria
317
+ High / Medium / Low
287
318
 
288
- Anything not fully implemented.
319
+ ## Unknowns
320
+
321
+ Areas that cannot be verified from available information.
322
+
323
+ ## Final Assessment
324
+
325
+ State whether approval is blocked and what remains risky.
289
326
  `,
290
327
  },
291
328
 
@@ -434,45 +471,93 @@ Verification performed.
434
471
  `,
435
472
  },
436
473
 
437
- 'bug-review': {
438
- name: 'bug-review',
439
- description: 'Review the latest bug fix against the corresponding bug brief.',
474
+ 'bug-audit': {
475
+ name: 'bug-audit',
476
+ description: 'Independently audit a completed bug fix against the bug brief and root cause.',
440
477
  content: `---
441
- name: bug-review
442
- description: Review the latest bug fix against the corresponding bug brief.
478
+ name: bug-audit
479
+ description: Independently audit a completed bug fix against the bug brief and root cause. The objective is to find evidence of failure, not to justify the implementation.
443
480
  user-invocable: true
444
481
  ---
445
482
 
446
483
  Purpose
447
484
 
448
- Review implementation against the corresponding bug brief.
485
+ Perform an independent audit of a completed bug fix.
449
486
 
450
487
  Rules
451
488
 
452
489
  1. Use the latest matching brief from .ai/bugs/active/ or .ai/bugs/archive/.
453
- 2. Check whether the reported root cause was truly addressed.
490
+ 2. Inspect the actual fix via final code and git diff.
491
+ 3. Use the least implementation context possible: bug brief, final code, git diff, and existing tests.
492
+ 4. Ignore implementation reasoning from the current conversation.
493
+ 5. Do not prove the fix correct. Try to invalidate it with evidence.
494
+ 6. If evidence is unavailable, mark the area UNKNOWN instead of guessing.
495
+ 7. Run relevant tests when practical. If tests cannot be run, list that under Unknowns.
496
+ 8. Do not suggest unrelated improvements.
497
+ 9. Overall Result must be FAIL when root cause validation is FAIL, any acceptance criterion is FAIL, or a material UNKNOWN blocks approval.
498
+ 10. Overall Result may be PASS only when no significant evidence of failure exists.
499
+
500
+ Audit Phases
501
+
502
+ 1. Root cause validation: determine whether the confirmed or suspected root cause was actually eliminated.
503
+ 2. Acceptance criteria coverage: for each criterion, mark PASS, FAIL, or UNKNOWN.
504
+ 3. Break attempt: construct inputs or flows that reproduce the old bug or expose adjacent failures.
505
+ 4. Regression analysis: check behavior changes, compatibility issues, state corruption, and hidden side effects.
506
+ 5. Engineering risk: check maintainability, unnecessary complexity, duplication, performance, memory, concurrency, and security.
507
+
508
+ Severity
509
+
510
+ Critical - Root cause not fixed or requirement violated.
511
+ High - Likely production issue.
512
+ Medium - Real issue with limited impact.
513
+ Low - Concrete issue with low impact. Do not use Low for preferences.
454
514
 
455
- Check
515
+ Output
456
516
 
457
- 1. Root cause addressed
458
- 2. Regression risks
459
- 3. Side effects
460
- 4. Edge cases
461
- 5. Test coverage
517
+ ## Overall Result
462
518
 
463
- Output
519
+ PASS or FAIL
520
+
521
+ ## Root Cause Validation
522
+
523
+ PASS / FAIL / UNKNOWN, with evidence.
524
+
525
+ ## Acceptance Criteria
526
+
527
+ | Criterion | Result | Evidence |
528
+ |-----------|--------|----------|
464
529
 
465
- ## Pass/Fail
530
+ ## Findings
531
+
532
+ For every finding include:
533
+
534
+ ### Severity
535
+
536
+ Critical / High / Medium / Low
537
+
538
+ ### Issue
539
+
540
+ What is wrong.
541
+
542
+ ### Evidence
543
+
544
+ Concrete code, diff, test result, or behavior supporting the finding.
545
+
546
+ ### Impact
466
547
 
467
- Assessment.
548
+ Why it matters.
468
549
 
469
- ## Risks
550
+ ### Confidence
470
551
 
471
- Potential issues.
552
+ High / Medium / Low
472
553
 
473
- ## Recommendations
554
+ ## Unknowns
474
555
 
475
- Further improvements.
556
+ Areas that cannot be verified from available information.
557
+
558
+ ## Final Assessment
559
+
560
+ State whether approval is blocked and what remains risky.
476
561
  `,
477
562
  },
478
563
 
@@ -705,7 +790,14 @@ Requirements
705
790
  },
706
791
  };
707
792
 
708
- const MANAGED_SKILL_NAMES = Object.values(SKILLS).map((skill) => skill.name);
793
+ const LEGACY_MANAGED_SKILL_NAMES = [
794
+ 'task-review',
795
+ 'bug-review',
796
+ ];
797
+ const MANAGED_SKILL_NAMES = [
798
+ ...Object.values(SKILLS).map((skill) => skill.name),
799
+ ...LEGACY_MANAGED_SKILL_NAMES,
800
+ ];
709
801
 
710
802
  function skillFilePath(path, cwd, skillRoot, skillName) {
711
803
  return path.join(cwd, skillRoot, skillName, 'SKILL.md');
@@ -863,8 +955,9 @@ export function init(cwd, { fs, path, log }) {
863
955
 
864
956
  log.info(`\nTask workflow initialized. Recommended flows:
865
957
  fast: task-fast
866
- task: task-explore -> task-implement -> task-review | task-cancel
867
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel
958
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
959
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
960
+ cancel: task-cancel | bug-cancel
868
961
  other: decision-log | decision-curate
869
962
  sweep: decision-sweep-weekly`);
870
963
  }
@@ -898,8 +991,9 @@ export function refresh(cwd, { fs, path, log }) {
898
991
 
899
992
  log.info(`\nTask workflow refreshed. Managed skills reinstalled:
900
993
  fast: task-fast
901
- task: task-explore -> task-implement -> task-review | task-cancel
902
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel
994
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
995
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
996
+ cancel: task-cancel | bug-cancel
903
997
  other: decision-log | decision-curate
904
998
  sweep: decision-sweep-weekly`);
905
999
  }
@@ -950,6 +1044,16 @@ export function doctor(cwd, { fs, path, log }) {
950
1044
  matches ? 'current' : 'outdated, run `task refresh`'
951
1045
  );
952
1046
  }
1047
+
1048
+ for (const skillName of LEGACY_MANAGED_SKILL_NAMES) {
1049
+ const legacySkillDir = path.join(cwd, skillRoot, skillName);
1050
+ if (!fs.existsSync(legacySkillDir)) {
1051
+ continue;
1052
+ }
1053
+
1054
+ checks.push(false);
1055
+ logCheck(log, false, `${skillRoot}/${skillName}`, 'legacy managed skill, run `task refresh`');
1056
+ }
953
1057
  }
954
1058
 
955
1059
  const grillMeFindings = [