@winton979/task-cli 1.4.2 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +57 -58
  2. package/package.json +1 -1
  3. package/src/cli.js +3 -2
  4. package/src/init.js +192 -142
package/README.md CHANGED
@@ -4,9 +4,9 @@ A workflow methodology for AI coding agents.
4
4
 
5
5
  Task CLI separates requirement exploration from implementation, so AI agents decide whether complexity is justified **before** they start coding.
6
6
 
7
- **Explore** — Understand the problem. Assess whether additional complexity is warranted.
8
- **Implement** — Solve the accepted problem with the least necessary complexity.
9
- **Review** — Validate against the brief, not against new ideas introduced during coding.
7
+ **Explore** — Understand the problem. Assess whether additional complexity is warranted.
8
+ **Implement** — Solve the accepted problem with the least necessary complexity.
9
+ **Audit** — Independently try to find failure evidence when the risk justifies it.
10
10
 
11
11
  Designed for:
12
12
 
@@ -25,7 +25,7 @@ Designed for:
25
25
  ### Traditional AI Workflow
26
26
 
27
27
  ```text
28
- Requirement → Solution Design → Code → Review
28
+ Requirement → Solution Design → Code → Review
29
29
  ```
30
30
 
31
31
  The AI often starts designing before the requirement is fully clarified. Complexity gets introduced during coding, and review happens against whatever the AI produced rather than against the original intent.
@@ -42,8 +42,10 @@ Complexity Assessment ──► Is added complexity justified?
42
42
  Brief
43
43
 
44
44
  Implement ──► Simplest acceptable solution
45
-
46
- Review ──► Validate against the brief
45
+
46
+ Validation ──► Verify against the brief
47
+
48
+ Audit ──► Optional, risk-triggered failure search
47
49
  ```
48
50
 
49
51
  Exploration and implementation are intentionally separated.
@@ -59,7 +61,8 @@ Most AI coding agents fail because they mix exploration and implementation in th
59
61
  | Explore | What problem are we solving? |
60
62
  | Complexity Assessment | Is additional complexity justified? |
61
63
  | Implement | What is the simplest acceptable solution? |
62
- | Review | Did we satisfy the brief? |
64
+ | Validation | Did the implementation satisfy the brief? |
65
+ | Audit | Can we find evidence that it fails? |
63
66
 
64
67
  This keeps AI agents from over-designing solutions during requirement discovery, and keeps implementation focused on the accepted scope.
65
68
 
@@ -79,43 +82,45 @@ task init
79
82
 
80
83
  After initialization, Task CLI creates the `.ai/` workspace and installs workflow skills into both `.claude/skills/` and `.codex/skills/`.
81
84
 
82
- ### Prerequisites
83
-
84
- Task CLI can use a Grill Me compatible skill for requirement and bug exploration.
85
-
86
- Recommended:
87
-
88
- ```bash
89
- npx add-skill PJ-SBN-593844/skill-grill-me
90
- ```
91
-
92
- If no Grill Me compatible skill is installed, `task-fast`, `task-explore`, and `bug-explore` fall back to built-in clarification prompts.
85
+ ### Exploration Protocol
86
+
87
+ Task CLI embeds the `grilling` primitive from [Matt Pocock's skills collection](https://github.com/mattpocock/skills.git). Its wording is the methodological foundation for exploration, not a runtime dependency.
88
+
89
+ `task-explore` and `bug-explore` preserve the primitive's body verbatim. Their only workflow-specific interpretation of it is that "act on it" means creating the brief. `task-fast` uses a narrower clarification loop so the fast path remains fast.
90
+
91
+ Task CLI neither requires nor installs a companion interviewing skill.
93
92
 
94
93
  ---
95
94
 
96
95
  ## Quick Start
97
96
 
98
- ### Small Feature / Enhancement
99
-
100
- ```text
101
- /task-fast
102
-
103
- clarify + brief + implement + validate
104
-
105
- /task-review or /task-cancel
106
- ```
107
-
108
- ### Larger Requirement
109
-
110
- ```text
111
- /task-explore → TASK_READY → /task-implement → /task-review or /task-cancel
112
- ```
113
-
114
- ### Bug Fix
115
-
116
- ```text
117
- /bug-explore → BUG_READY → /bug-fix → /bug-review or /bug-cancel
118
- ```
97
+ ### Small Feature / Enhancement
98
+
99
+ ```text
100
+ /task-fast
101
+
102
+ clarify + brief + implement + validate
103
+
104
+ archive automatically
105
+ ```
106
+
107
+ ### Larger Requirement
108
+
109
+ ```text
110
+ /task-explore → TASK_READY → /task-implement → optional /task-audit
111
+ ```
112
+
113
+ ### Bug Fix
114
+
115
+ ```text
116
+ /bug-explore → BUG_READY → /bug-fix → optional /bug-audit
117
+ ```
118
+
119
+ Use `/task-cancel` or `/bug-cancel` when abandoning the current attempt before accepting it.
120
+
121
+ Run audit only when the risk is worth the extra pass, such as before a PR, after a large diff, when changing public APIs or core modules, when fixing production bugs, when security or data integrity is involved, or when the user explicitly asks for it.
122
+
123
+ For the highest-value audit, start a fresh session or use a different reviewer context and provide only the brief, final code or git diff, and relevant tests. Audit quality comes from new perspective and evidence, not from asking the same context to approve its own work.
119
124
 
120
125
  ### CLI Commands
121
126
 
@@ -166,18 +171,18 @@ The workflow encourages the simplest acceptable implementation instead of the mo
166
171
 
167
172
  **Task Workflow**
168
173
 
169
- * `task-fast`
170
- * `task-explore`
171
- * `task-implement`
172
- * `task-review`
173
- * `task-cancel`
174
+ * `task-fast`
175
+ * `task-explore`
176
+ * `task-implement`
177
+ * `task-audit`
178
+ * `task-cancel`
174
179
 
175
180
  **Bug Workflow**
176
181
 
177
- * `bug-explore`
178
- * `bug-fix`
179
- * `bug-review`
180
- * `bug-cancel`
182
+ * `bug-explore`
183
+ * `bug-fix`
184
+ * `bug-audit`
185
+ * `bug-cancel`
181
186
 
182
187
  **Decision Logging**
183
188
 
@@ -268,7 +273,7 @@ Detailed specification workflows such as OpenSpec can improve alignment, traceab
268
273
 
269
274
  The difficulty is that the same level of ceremony does not fit day-to-day engineering. For frequent bug fixes, small features, and fast iteration, the process becomes heavier than the change itself — maintenance overhead grows, documentation quality drifts, and teams gradually stop using the workflow as intended.
270
275
 
271
- Task CLI takes a narrower approach: clarify the requirement, capture only the minimum useful brief, execute against acceptance criteria, review the result, and keep a lightweight decision trail. The goal is a workflow people will actually keep using.
276
+ Task CLI takes a narrower approach: clarify the requirement, capture only the minimum useful brief, execute and validate against acceptance criteria, run audit only when risk justifies it, and keep a lightweight decision trail. The goal is a workflow people will actually keep using.
272
277
 
273
278
  ---
274
279
 
@@ -284,7 +289,7 @@ Task CLI takes a narrower approach: clarify the requirement, capture only the mi
284
289
  **Tradeoffs**
285
290
 
286
291
  * less suitable for large cross-team initiatives that need formal design traceability
287
- * relies more on engineer judgment and review quality than a full spec process
292
+ * relies more on engineer judgment and risk-triggered audit quality than a full spec process
288
293
  * stores less long-form historical context than a dedicated spec repository
289
294
 
290
295
  ---
@@ -300,18 +305,12 @@ task refresh
300
305
  This will:
301
306
 
302
307
  * keep `.ai/tasks`, `.ai/bugs`, and `.ai/decisions`
303
- * remove only managed skills from `.claude/skills/` and `.codex/skills/`: `task-fast`, `task-explore`, `task-implement`, `task-review`, `task-cancel`, `bug-explore`, `bug-fix`, `bug-review`, `bug-cancel`, `decision-log`, `decision-sweep-weekly`, `decision-curate`
308
+ * remove only managed skills from `.claude/skills/` and `.codex/skills/`, including legacy `task-review` and `bug-review`, then reinstall the current set: `task-fast`, `task-explore`, `task-implement`, `task-audit`, `task-cancel`, `bug-explore`, `bug-fix`, `bug-audit`, `bug-cancel`, `decision-log`, `decision-sweep-weekly`, `decision-curate`
304
309
  * reinstall the latest versions of those skills
305
310
 
306
311
  Unrelated custom skills in the same project are left untouched. Inspect the current setup first with `task doctor`.
307
312
 
308
- ---
309
-
310
- something else:
311
- > Task CLI does not install Grill Me automatically.
312
- > Users remain free to choose any Grill Me compatible implementation, and the explore skills fall back to built-in clarification if none is installed.
313
-
314
- ## License
313
+ ## License
315
314
 
316
315
  MIT
317
316
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@winton979/task-cli",
3
- "version": "1.4.2",
3
+ "version": "1.5.0",
4
4
  "description": "Lightweight task workflow CLI for AI-assisted development",
5
5
  "license": "MIT",
6
6
  "repository": {
package/src/cli.js CHANGED
@@ -26,8 +26,9 @@ Usage:
26
26
 
27
27
  Recommended flows after init:
28
28
  fast: task-fast
29
- task: task-explore -> task-implement -> task-review | task-cancel
30
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel`);
29
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
30
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
31
+ cancel: task-cancel | bug-cancel`);
31
32
  }
32
33
 
33
34
  switch (cmd) {
package/src/init.js CHANGED
@@ -13,11 +13,15 @@ const GITIGNORE_BLOCK = [
13
13
  '.ai/bugs/active/*.md',
14
14
  ].join('\n');
15
15
 
16
- const GRILL_ME_HINTS = [
17
- 'grill-me',
18
- 'skill-grill-me',
19
- 'grill me',
20
- ];
16
+ const GRILLING_GUIDANCE = `Grilling
17
+
18
+ Interview me relentlessly about every aspect of this until we reach a shared understanding. Walk down each branch of the decision tree, resolving dependencies between decisions one-by-one. For each question, provide your recommended answer.
19
+
20
+ Ask the questions one at a time, waiting for feedback on each question before continuing. Asking multiple questions at once is bewildering.
21
+
22
+ If a *fact* can be found by exploring the environment (filesystem, tools, etc.), look it up rather than asking me. The *decisions*, though, are mine — put each one to me and wait for my answer.
23
+
24
+ Do not act on it until I confirm we have reached a shared understanding.`;
21
25
 
22
26
  const DECISIONS_READ_GUIDANCE = `Decision Intake
23
27
 
@@ -60,23 +64,24 @@ Handle a small requirement in one continuous workflow with minimal ceremony.
60
64
 
61
65
  Workflow
62
66
 
63
- 1. If a Grill Me compatible skill is available in the current environment, use it for requirement clarification.
64
- 2. If no Grill Me compatible skill is available, clarify the requirement yourself with focused questions just far enough to remove ambiguity.
65
- 3. Read the project code and conventions needed to avoid obvious conflicts.
66
- 4. Read .ai/decisions/decisions.md if it exists and has entries. Pull in only decisions that materially constrain this task.
67
- 5. Before finalizing the brief, perform a Complexity Assessment.
68
- 6. Create a concise task brief and save it to:
67
+ 1. Read the project code and conventions needed to avoid obvious conflicts.
68
+ 2. If a fact can be found by exploring the environment, look it up rather than asking the user.
69
+ 3. Ask only questions whose answers can change the implementation or acceptance criteria. Ask them one at a time, waiting for feedback on each before continuing. For each question, provide your recommended answer.
70
+ 4. Put unresolved decisions to the user; do not make them on the user's behalf.
71
+ 5. Read .ai/decisions/decisions.md if it exists and has entries. Pull in only decisions that materially constrain this task.
72
+ 6. Before finalizing the brief, perform a Complexity Assessment.
73
+ 7. Create a concise task brief and save it to:
69
74
 
70
75
  .ai/tasks/active/YYYY-MM-DD-task-name.md
71
76
 
72
- 7. Show the brief before coding.
73
- 8. If the user does not object, implement immediately.
74
- 9. Verify the result against the acceptance criteria.
75
- 10. Archive the brief automatically by moving it to:
77
+ 8. Show the brief as the fast-path summary of shared understanding, ask the user to confirm it, and stop. Do not code until the user confirms.
78
+ 9. Once the user confirms the brief, implement immediately.
79
+ 10. Verify the result against the acceptance criteria.
80
+ 11. Archive the brief automatically by moving it to:
76
81
 
77
82
  .ai/tasks/archive/YYYY-MM-DD-task-name.md
78
83
 
79
- 11. Summarize the outcome and any follow-up risks.
84
+ 12. Summarize the outcome and any follow-up risks.
80
85
 
81
86
  ${DECISIONS_READ_GUIDANCE}
82
87
 
@@ -123,10 +128,10 @@ TASK_DONE
123
128
 
124
129
  'task-explore': {
125
130
  name: 'task-explore',
126
- description: 'Clarify a requirement and generate the execution brief in one step, without implementing.',
131
+ description: 'Grill the user relentlessly about a requirement; generate an execution brief only after shared understanding, without implementing.',
127
132
  content: `---
128
133
  name: task-explore
129
- description: Clarify a requirement and generate the execution brief in one step, without implementing.
134
+ description: Grill the user relentlessly about a requirement; generate an execution brief only after shared understanding, without implementing.
130
135
  user-invocable: true
131
136
  ---
132
137
 
@@ -136,17 +141,17 @@ Clarify requirements and leave behind a ready-to-execute brief.
136
141
 
137
142
  Workflow
138
143
 
139
- 1. If a Grill Me compatible skill is available in the current environment, use it for requirement exploration.
140
- 2. If no Grill Me compatible skill is available, explore the requirement yourself through focused questions.
141
- 3. Continue until the task is sufficiently understood.
142
- 4. Do not write code.
143
- 5. Do not create implementation details.
144
- 6. Before writing the brief, inspect .ai/decisions/decisions.md if it exists and has entries. Pull in only decisions that materially constrain this task.
145
- 7. Once the requirement is clear, generate a concise task brief and save it to:
144
+ 1. Grill the requirement using the Grilling section below.
145
+ 2. Do not write code or create implementation details.
146
+ 3. Before writing the brief, inspect .ai/decisions/decisions.md if it exists and has entries. Pull in only decisions that materially constrain this task.
147
+ 4. For this workflow, "act on it" means creating the brief.
148
+ 5. Generate a concise task brief and save it to:
146
149
 
147
150
  .ai/tasks/active/YYYY-MM-DD-task-name.md
148
151
 
149
- 8. Show the saved brief and stop.
152
+ 6. Show the saved brief and stop.
153
+
154
+ ${GRILLING_GUIDANCE}
150
155
 
151
156
  ${DECISIONS_READ_GUIDANCE}
152
157
 
@@ -241,51 +246,88 @@ How acceptance criteria were satisfied.
241
246
  `,
242
247
  },
243
248
 
244
- 'task-review': {
245
- name: 'task-review',
246
- description: 'Review the latest task implementation against the corresponding task brief.',
249
+ 'task-audit': {
250
+ name: 'task-audit',
251
+ description: 'Independently audit a completed task implementation against the task brief.',
247
252
  content: `---
248
- name: task-review
249
- description: Review the latest task implementation against the corresponding task brief.
253
+ name: task-audit
254
+ description: Independently audit a completed task implementation against the task brief. The objective is to find evidence of failure, not to justify the implementation.
250
255
  user-invocable: true
251
256
  ---
252
257
 
253
258
  Purpose
254
259
 
255
- Review implementation against the corresponding task brief.
260
+ Perform an independent audit of a completed task implementation.
256
261
 
257
262
  Rules
258
263
 
259
264
  1. Use the latest matching brief from .ai/tasks/active/ or .ai/tasks/archive/.
260
- 2. Review the actual changes, not just the intent.
265
+ 2. Inspect the actual implementation via final code and git diff.
266
+ 3. Use the least implementation context possible: task brief, final code, git diff, and existing tests.
267
+ 4. Ignore implementation reasoning from the current conversation.
268
+ 5. Do not prove the implementation correct. Try to invalidate it with evidence.
269
+ 6. If evidence is unavailable, mark the area UNKNOWN instead of guessing.
270
+ 7. Run relevant tests when practical. If tests cannot be run, list that under Unknowns.
271
+ 8. Do not suggest unrelated improvements.
272
+ 9. Overall Result must be FAIL when any acceptance criterion is FAIL, or when a material UNKNOWN blocks approval.
273
+ 10. Overall Result may be PASS only when no significant evidence of failure exists.
274
+
275
+ Audit Phases
276
+
277
+ 1. Requirement coverage: for each acceptance criterion, mark PASS, FAIL, or UNKNOWN.
278
+ 2. Break attempt: construct edge cases, invalid inputs, and unexpected user actions that may violate the brief.
279
+ 3. Regression analysis: check behavior changes, compatibility issues, state corruption, and hidden side effects.
280
+ 4. Engineering risk: check maintainability, unnecessary complexity, duplication, performance, memory, concurrency, and security.
281
+
282
+ Severity
283
+
284
+ Critical - Causes incorrect behavior or violates requirements.
285
+ High - Likely production issue.
286
+ Medium - Real issue with limited impact.
287
+ Low - Concrete issue with low impact. Do not use Low for preferences.
261
288
 
262
- Evaluate
289
+ Output
263
290
 
264
- 1. Goal completion
265
- 2. Acceptance criteria coverage
266
- 3. Edge cases
267
- 4. Maintainability
268
- 5. Performance impact
269
- 6. Security impact
270
- 7. Regression risks
291
+ ## Overall Result
271
292
 
272
- Output
293
+ PASS or FAIL
273
294
 
274
- ## Pass/Fail
295
+ ## Acceptance Criteria
275
296
 
276
- Overall assessment.
297
+ | Criterion | Result | Evidence |
298
+ |-----------|--------|----------|
277
299
 
278
300
  ## Findings
279
301
 
280
- Issues found.
302
+ For every finding include:
303
+
304
+ ### Severity
305
+
306
+ Critical / High / Medium / Low
307
+
308
+ ### Issue
309
+
310
+ What is wrong.
311
+
312
+ ### Evidence
313
+
314
+ Concrete code, diff, test result, or behavior supporting the finding.
315
+
316
+ ### Impact
317
+
318
+ Why it matters.
281
319
 
282
- ## Suggestions
320
+ ### Confidence
283
321
 
284
- Optional improvements.
322
+ High / Medium / Low
285
323
 
286
- ## Missing Acceptance Criteria
324
+ ## Unknowns
287
325
 
288
- Anything not fully implemented.
326
+ Areas that cannot be verified from available information.
327
+
328
+ ## Final Assessment
329
+
330
+ State whether approval is blocked and what remains risky.
289
331
  `,
290
332
  },
291
333
 
@@ -321,10 +363,10 @@ TASK_CANCELLED
321
363
 
322
364
  'bug-explore': {
323
365
  name: 'bug-explore',
324
- description: 'Investigate a bug and generate a fix brief in one step, without writing code.',
366
+ description: 'Grill the user relentlessly about a bug while investigating its evidence; generate a fix brief only after shared understanding, without writing code.',
325
367
  content: `---
326
368
  name: bug-explore
327
- description: Investigate a bug and generate a fix brief in one step, without writing code.
369
+ description: Grill the user relentlessly about a bug while investigating its evidence; generate a fix brief only after shared understanding, without writing code.
328
370
  user-invocable: true
329
371
  ---
330
372
 
@@ -334,24 +376,24 @@ Investigate a bug and leave behind a ready-to-fix brief.
334
376
 
335
377
  Rules
336
378
 
337
- 1. If a Grill Me compatible skill is available in the current environment, use it for bug exploration.
338
- 2. If no Grill Me compatible skill is available, ask focused questions and drive the investigation yourself.
339
- 3. Do not write code.
340
- 4. Do not suggest fixes before enough evidence exists.
341
- 5. Identify root cause candidates.
342
- 6. Request evidence whenever possible.
343
- 7. Separate:
379
+ 1. Grill the bug using the Grilling section below.
380
+ 2. Investigate the bug and gather reproducible evidence. Do not write code or suggest fixes before enough evidence exists.
381
+ 3. Identify root cause candidates.
382
+ 4. Separate:
344
383
 
345
384
  * observed behavior
346
385
  * expected behavior
347
386
  * assumptions
348
387
 
349
- 8. Before writing the brief, inspect .ai/decisions/decisions.md if it exists and has entries. Pull in only decisions that materially constrain the observed behavior, expected behavior, or likely root cause.
350
- 9. Once the bug is sufficiently understood, generate a brief and save it to:
388
+ 5. Before writing the brief, inspect .ai/decisions/decisions.md if it exists and has entries. Pull in only decisions that materially constrain the observed behavior, expected behavior, or likely root cause.
389
+ 6. For this workflow, "act on it" means creating the brief.
390
+ 7. Generate a brief and save it to:
351
391
 
352
392
  .ai/bugs/active/YYYY-MM-DD-bug-name.md
353
393
 
354
- 10. Show the saved brief and stop.
394
+ 8. Show the saved brief and stop.
395
+
396
+ ${GRILLING_GUIDANCE}
355
397
 
356
398
  ${DECISIONS_READ_GUIDANCE}
357
399
 
@@ -434,45 +476,93 @@ Verification performed.
434
476
  `,
435
477
  },
436
478
 
437
- 'bug-review': {
438
- name: 'bug-review',
439
- description: 'Review the latest bug fix against the corresponding bug brief.',
479
+ 'bug-audit': {
480
+ name: 'bug-audit',
481
+ description: 'Independently audit a completed bug fix against the bug brief and root cause.',
440
482
  content: `---
441
- name: bug-review
442
- description: Review the latest bug fix against the corresponding bug brief.
483
+ name: bug-audit
484
+ description: Independently audit a completed bug fix against the bug brief and root cause. The objective is to find evidence of failure, not to justify the implementation.
443
485
  user-invocable: true
444
486
  ---
445
487
 
446
488
  Purpose
447
489
 
448
- Review implementation against the corresponding bug brief.
490
+ Perform an independent audit of a completed bug fix.
449
491
 
450
492
  Rules
451
493
 
452
494
  1. Use the latest matching brief from .ai/bugs/active/ or .ai/bugs/archive/.
453
- 2. Check whether the reported root cause was truly addressed.
495
+ 2. Inspect the actual fix via final code and git diff.
496
+ 3. Use the least implementation context possible: bug brief, final code, git diff, and existing tests.
497
+ 4. Ignore implementation reasoning from the current conversation.
498
+ 5. Do not prove the fix correct. Try to invalidate it with evidence.
499
+ 6. If evidence is unavailable, mark the area UNKNOWN instead of guessing.
500
+ 7. Run relevant tests when practical. If tests cannot be run, list that under Unknowns.
501
+ 8. Do not suggest unrelated improvements.
502
+ 9. Overall Result must be FAIL when root cause validation is FAIL, any acceptance criterion is FAIL, or a material UNKNOWN blocks approval.
503
+ 10. Overall Result may be PASS only when no significant evidence of failure exists.
504
+
505
+ Audit Phases
506
+
507
+ 1. Root cause validation: determine whether the confirmed or suspected root cause was actually eliminated.
508
+ 2. Acceptance criteria coverage: for each criterion, mark PASS, FAIL, or UNKNOWN.
509
+ 3. Break attempt: construct inputs or flows that reproduce the old bug or expose adjacent failures.
510
+ 4. Regression analysis: check behavior changes, compatibility issues, state corruption, and hidden side effects.
511
+ 5. Engineering risk: check maintainability, unnecessary complexity, duplication, performance, memory, concurrency, and security.
512
+
513
+ Severity
514
+
515
+ Critical - Root cause not fixed or requirement violated.
516
+ High - Likely production issue.
517
+ Medium - Real issue with limited impact.
518
+ Low - Concrete issue with low impact. Do not use Low for preferences.
454
519
 
455
- Check
520
+ Output
456
521
 
457
- 1. Root cause addressed
458
- 2. Regression risks
459
- 3. Side effects
460
- 4. Edge cases
461
- 5. Test coverage
522
+ ## Overall Result
462
523
 
463
- Output
524
+ PASS or FAIL
525
+
526
+ ## Root Cause Validation
527
+
528
+ PASS / FAIL / UNKNOWN, with evidence.
529
+
530
+ ## Acceptance Criteria
531
+
532
+ | Criterion | Result | Evidence |
533
+ |-----------|--------|----------|
534
+
535
+ ## Findings
536
+
537
+ For every finding include:
538
+
539
+ ### Severity
540
+
541
+ Critical / High / Medium / Low
542
+
543
+ ### Issue
544
+
545
+ What is wrong.
464
546
 
465
- ## Pass/Fail
547
+ ### Evidence
466
548
 
467
- Assessment.
549
+ Concrete code, diff, test result, or behavior supporting the finding.
468
550
 
469
- ## Risks
551
+ ### Impact
470
552
 
471
- Potential issues.
553
+ Why it matters.
472
554
 
473
- ## Recommendations
555
+ ### Confidence
474
556
 
475
- Further improvements.
557
+ High / Medium / Low
558
+
559
+ ## Unknowns
560
+
561
+ Areas that cannot be verified from available information.
562
+
563
+ ## Final Assessment
564
+
565
+ State whether approval is blocked and what remains risky.
476
566
  `,
477
567
  },
478
568
 
@@ -705,55 +795,19 @@ Requirements
705
795
  },
706
796
  };
707
797
 
708
- const MANAGED_SKILL_NAMES = Object.values(SKILLS).map((skill) => skill.name);
798
+ const LEGACY_MANAGED_SKILL_NAMES = [
799
+ 'task-review',
800
+ 'bug-review',
801
+ ];
802
+ const MANAGED_SKILL_NAMES = [
803
+ ...Object.values(SKILLS).map((skill) => skill.name),
804
+ ...LEGACY_MANAGED_SKILL_NAMES,
805
+ ];
709
806
 
710
807
  function skillFilePath(path, cwd, skillRoot, skillName) {
711
808
  return path.join(cwd, skillRoot, skillName, 'SKILL.md');
712
809
  }
713
810
 
714
- function hasGrillMeHint(value) {
715
- const normalized = value.toLowerCase();
716
- return GRILL_ME_HINTS.some((hint) => normalized.includes(hint));
717
- }
718
-
719
- function detectLocalGrillMeSkill(fs, path, cwd, skillRoot) {
720
- const root = path.join(cwd, skillRoot);
721
- if (!fs.existsSync(root)) {
722
- return null;
723
- }
724
-
725
- for (const entry of fs.readdirSync(root, { withFileTypes: true })) {
726
- if (!entry.isDirectory()) {
727
- continue;
728
- }
729
-
730
- if (MANAGED_SKILL_NAMES.includes(entry.name)) {
731
- continue;
732
- }
733
-
734
- if (hasGrillMeHint(entry.name)) {
735
- return entry.name;
736
- }
737
-
738
- const skillPath = path.join(root, entry.name, 'SKILL.md');
739
- if (!fs.existsSync(skillPath)) {
740
- continue;
741
- }
742
-
743
- const content = fs.readFileSync(skillPath, 'utf-8');
744
- const metadata = content
745
- .split('---')
746
- .slice(1, 2)
747
- .join('\n');
748
-
749
- if (hasGrillMeHint(metadata)) {
750
- return entry.name;
751
- }
752
- }
753
-
754
- return null;
755
- }
756
-
757
811
  function logCheck(log, ok, label, detail) {
758
812
  if (ok) {
759
813
  log.chalk.green(` OK ${label}${detail ? ` - ${detail}` : ''}`);
@@ -863,8 +917,9 @@ export function init(cwd, { fs, path, log }) {
863
917
 
864
918
  log.info(`\nTask workflow initialized. Recommended flows:
865
919
  fast: task-fast
866
- task: task-explore -> task-implement -> task-review | task-cancel
867
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel
920
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
921
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
922
+ cancel: task-cancel | bug-cancel
868
923
  other: decision-log | decision-curate
869
924
  sweep: decision-sweep-weekly`);
870
925
  }
@@ -898,8 +953,9 @@ export function refresh(cwd, { fs, path, log }) {
898
953
 
899
954
  log.info(`\nTask workflow refreshed. Managed skills reinstalled:
900
955
  fast: task-fast
901
- task: task-explore -> task-implement -> task-review | task-cancel
902
- bug: bug-explore -> bug-fix -> bug-review | bug-cancel
956
+ task: task-explore -> task-implement -> task-audit (optional, risk-triggered)
957
+ bug: bug-explore -> bug-fix -> bug-audit (optional, risk-triggered)
958
+ cancel: task-cancel | bug-cancel
903
959
  other: decision-log | decision-curate
904
960
  sweep: decision-sweep-weekly`);
905
961
  }
@@ -950,22 +1006,16 @@ export function doctor(cwd, { fs, path, log }) {
950
1006
  matches ? 'current' : 'outdated, run `task refresh`'
951
1007
  );
952
1008
  }
953
- }
954
1009
 
955
- const grillMeFindings = [
956
- [CLAUDE_SKILLS_DIR, detectLocalGrillMeSkill(fs, path, cwd, CLAUDE_SKILLS_DIR)],
957
- [CODEX_SKILLS_DIR, detectLocalGrillMeSkill(fs, path, cwd, CODEX_SKILLS_DIR)],
958
- ];
1010
+ for (const skillName of LEGACY_MANAGED_SKILL_NAMES) {
1011
+ const legacySkillDir = path.join(cwd, skillRoot, skillName);
1012
+ if (!fs.existsSync(legacySkillDir)) {
1013
+ continue;
1014
+ }
959
1015
 
960
- for (const [skillRoot, skillName] of grillMeFindings) {
961
- if (skillName) {
962
- logCheck(log, true, `${skillRoot} Grill Me companion`, `detected ${skillName}`);
963
- continue;
1016
+ checks.push(false);
1017
+ logCheck(log, false, `${skillRoot}/${skillName}`, 'legacy managed skill, run `task refresh`');
964
1018
  }
965
-
966
- console.log(chalk.yellow(
967
- ` WARN ${skillRoot} Grill Me companion - not detected locally; task-fast, task-explore, and bug-explore will use built-in clarification fallback`
968
- ));
969
1019
  }
970
1020
 
971
1021
  const gitignorePath = path.join(cwd, '.gitignore');