@wnlen/agent-execution-template 0.8.16 → 0.8.17

package/README.md

@@ -153,6 +153,31 @@ npx -y @wnlen/agent-execution-template strategy --lang en
 | Upgradeable template | Reuse protocol improvements without losing local project memory. |
 | Doctor checks | Validate required files and template version before running the agent. |
 
+## How Automatic Continuous Execution Works
+
+The user can still give a natural-language goal, for example:
+
+```text
+Build the settings page with profile editing, notification toggles, and export entrypoint
+```
+
+Before execution, the AI decomposes L1 tasks:
+
+```text
+- [ ] L1-1 Profile editing Green
+- [ ] L1-2 Notification toggles Green
+- [ ] L1-3 Export entrypoint Yellow
+```
+
+Because there are two or more L1 tasks, the protocol automatically uses bounded
+continuous execution. Before each L1, the AI plans naturally derived L2/L3 work.
+After completing an L1, it checks and strikes the item, then writes status back
+to `execution_policy.task_tree` in `ai/project/task.md`.
+
+Only Red risk stops for confirmation. Green continues automatically, and Yellow
+continues after local low-risk correction. Every checkpoint must include
+evidence: changed files, commands run, and verification results.
+
 ## Installed Layout
 
 ```text
@@ -162,6 +187,7 @@ ai/
   template/
     VERSION
     bootstrap.md
+    execution-policy.md
     prompt.md
     reconcile.md
     protocol.md

package/README.zh-CN.md

@@ -163,6 +163,29 @@ npx -y @wnlen/agent-execution-template strategy
 | 可升级模板 | 协议可以持续改进，不丢失项目本地记忆。 |
 | Doctor 检查 | 执行前检查必要文件和模板版本。 |
 
+## 自动连续执行怎么工作
+
+用户仍然只需要说自然语言目标，例如：
+
+```text
+实现设置页，包括资料编辑、通知开关和导出入口
+```
+
+AI 会在执行前先拆 L1 任务：
+
+```text
+- [ ] L1-1 资料编辑 Green
+- [ ] L1-2 通知开关 Green
+- [ ] L1-3 导出入口 Yellow
+```
+
+因为 L1 有两个以上，协议会自动使用边界内连续执行。执行每个 L1 前，AI 再规划
+自然衍生的 L2/L3；完成一个 L1 后，在清单中打勾并划掉，同时把状态写回
+`ai/project/task.md` 的 `execution_policy.task_tree`。
+
+只有 Red 风险会停下来让你确认。Green 自动继续，Yellow 只做局部低风险修正后继续。
+每个 Checkpoint 都必须带证据：改了哪些文件、跑了哪些命令、验证结果是什么。
+
 ## 安装后的结构
 
 ```text
@@ -172,6 +195,7 @@ ai/
   template/
     VERSION
     bootstrap.md
+    execution-policy.md
     prompt.md
     reconcile.md
     protocol.md

package/bin/agent-execution-template.js

@@ -13,6 +13,7 @@ const REQUIRED_FILES = [
   "ai/template/LANG",
   "ai/template/VERSION",
   "ai/template/bootstrap.md",
+  "ai/template/execution-policy.md",
   "ai/template/prompt.md",
   "ai/template/reconcile.md",
   "ai/template/protocol.md",
@@ -48,7 +49,13 @@ const TASK_HEALTH_PATTERNS = [
   /^type:\s*/m,
   /^priority:\s*/m,
   /^risk_level:\s*/m,
+  /^readiness:\s*/m,
   /^execution_policy:/m,
+  /^\s+mode:\s*/m,
+  /^\s+activation_rule:\s*/m,
+  /^\s+task_tree:/m,
+  /^\s+risk_gate:/m,
+  /^\s+evidence_required:\s*/m,
   /^model_policy:/m,
   /^refs:/m,
   /^permission:/m
@@ -146,6 +153,7 @@ const TEXT = {
     nextTellAgent: "把这句话发给你的 AI coding 工具:",
     nextRunCommand: "运行这个命令:",
     nextReviewProposal: "已有方向修订提案。先审查提案；确认后对 AI 说:",
+    nextContinuePrompt: "继续推进这个项目。执行前先拆 L1 任务；若 L1 >= 2，自动启用边界内连续执行；只有 Red 风险停下来确认。",
     repairHint: "缺失的 project 推荐文件可通过重新运行 init 安全补齐；已有 ai/project/** 不会被覆盖。",
     permissionDenied: "无法写入目标路径",
     permissionHint: `请检查 ai/** 的归属和权限。常见修复:
@@ -250,6 +258,7 @@ Usage:
     nextTellAgent: "Send this to your AI coding tool:",
     nextRunCommand: "Run this command:",
     nextReviewProposal: "A direction amendment proposal exists. Review it first; after confirmation, tell the AI:",
+    nextContinuePrompt: "Continue this project. Before execution, decompose L1 tasks; if L1 >= 2, automatically use bounded continuous execution; only Red risk stops for confirmation.",
     repairHint: "Missing recommended project files can be safely added by running init again; existing ai/project/** files are not overwritten.",
     permissionDenied: "Cannot write target path",
     permissionHint: `Check ownership and permissions under ai/**. Common fix:
@@ -583,7 +592,7 @@ function next({ lang = readInstalledLang() } = {}) {
   }
 
   console.log(`${text.nextTellAgent}
-  ${lang === "zh" ? "继续推进这个项目" : "Continue this project"}
+  ${text.nextContinuePrompt}
 `);
 }
 

package/docs/SPEC.md

@@ -22,7 +22,7 @@ npx 安装协议 -> AI 整理项目上下文 -> 人类确认 -> AI 生成任务
 
 ```text
 Protocol: v0.8
-Package: @wnlen/agent-execution-template@0.8.16
+Package: @wnlen/agent-execution-template@0.8.17
 中文安装: npx -y @wnlen/agent-execution-template init
 英文安装: npx -y @wnlen/agent-execution-template init --lang en
 ```
@@ -181,6 +181,7 @@ ai/
   template/
     VERSION
     bootstrap.md
+    execution-policy.md
     prompt.md
     reconcile.md
     protocol.md
@@ -243,6 +244,7 @@ project 是现场。
 ```text
 ai/template/VERSION
 ai/template/bootstrap.md
+ai/template/execution-policy.md
 ai/template/prompt.md
 ai/template/reconcile.md
 ai/template/protocol.md
@@ -390,12 +392,13 @@ npx -y @wnlen/agent-execution-template doctor
 ```text
 Agent Execution Template 检查
 
-模板版本: 0.8.16
+模板版本: 0.8.17
 模板语言: zh
 
 [通过] ai/template/LANG
 [通过] ai/template/VERSION
 [通过] ai/template/bootstrap.md
+[通过] ai/template/execution-policy.md
 [通过] ai/template/prompt.md
 [通过] ai/template/reconcile.md
 [通过] ai/template/protocol.md
@@ -648,10 +651,11 @@ apply_strategy_update
 
 ## 14. 执行授权策略
 
-执行策略写在：
+执行策略入口写在：
 
 ```text
 ai/project/task.md.execution_policy
+ai/template/execution-policy.md
 ```
 
 默认模式是 `auto`。AI 每次执行前先做任务分解和风险判断，再决定使用
@@ -665,12 +669,13 @@ ai/project/task.md.execution_policy
 - L1 为 2 个或更多时自动使用 `bounded_continuous`；
 - 任一 L1 为 Red 时停止等待人类确认；Green 和 Yellow 不阻塞启动。
 
-`bounded_continuous` 规则：
+`bounded_continuous` 规则集中在 `ai/template/execution-policy.md`。核心要求：
 
 - 按 L1 -> L2 -> L3 执行，执行 L1 前规划 L2，执行 L2 前按需规划 L3；
 - 默认最多 3 层，只有当 L3 仍过大、不可验证或不可回退时才动态增加 L4；
 - 每个任务节点必须有风险评级、预期改动范围、验收方式和证据要求；
 - L1 清单必须用待办列表展示，每完成一个 L1 就打勾并划掉；
+- 执行前和执行中必须把任务树写回 `ai/project/task.md.execution_policy.task_tree`；
 - 默认按 `vertical_slice` 推进，每轮都要产生可检查增量；
 - 每个 Checkpoint 必须包含证据：已改文件、已运行命令、验证结果或无法验证原因；
 - Green 可自动继续；

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wnlen/agent-execution-template",
-  "version": "0.8.16",
+  "version": "0.8.17",
   "description": "Low-friction AI execution protocol template for coding agents.",
   "bin": {
     "agent-execution-template": "bin/agent-execution-template.js"

package/template/en/ai/README.md

@@ -11,6 +11,7 @@ project is the field workspace
 
 - `template/prompt.md`: AI startup prompt.
 - `template/bootstrap.md`: project discovery and context bootstrap prompt.
+- `template/execution-policy.md`: automatic continuous execution, task tree, risk rubric, and checkpoint rules.
 - `template/reconcile.md`: merge new authoritative material into existing project context.
 - `template/VERSION`: installed template version.
 - `template/protocol.md`: bootstrap flow, execution flow, model division, sync rules.

package/template/en/ai/project/task.md

@@ -3,6 +3,7 @@ task_id: ""
 type: "bugfix | feature | refactor | docs | config | test | research | strategy_update | apply_strategy_update"
 priority: "P0 | P1 | P2 | P3"
 risk_level: "low | medium | high"
+readiness: "draft_for_confirmation | ready_to_execute | blocked"
 depends_on_previous_result: false
 execution_policy:
   mode: "auto | normal | bounded_continuous"
@@ -10,7 +11,17 @@ execution_policy:
   max_depth: 3
   allow_depth_4_when_needed: true
   progress_unit: "vertical_slice"
-  task_tree: []
+  task_tree:
+    - id: "L1-1"
+      title: ""
+      risk: "Green | Yellow | Red"
+      status: "pending | running | done | blocked"
+      scope:
+        allowed: []
+        denied: []
+      acceptance: []
+      evidence: []
+      children: []
   checkpoint_budget:
     l1: 0
     l2: 0
@@ -70,8 +81,11 @@ This file is the current execution contract. Prefer generating it in Bootstrap
 Mode from a short human goal plus repository context, then have a human review
 it before execution.
 
-Prefer safe assumptions over extra questions, but do not guess scope, risk,
-permissions, or acceptance.
+Prefer safe assumptions over extra questions. The AI should infer scope, risk,
+permissions, and acceptance from the human goal, project context, and repository
+facts. If inference would cross permission or safety boundaries, or acceptance
+cannot be defined, set `readiness` to `blocked` or mark the relevant task node
+`Red` and wait for human confirmation.
 
 ## Goal
 
@@ -123,6 +137,13 @@ fewer than 2 L1 tasks, use `normal`; if it finds 2 or more L1 tasks, use
 - The AI infers goal, scope, acceptance, permissions, and risk from the human
   goal, project context, and repository facts; the human does not need to
   provide each field upfront.
+- `readiness = ready_to_execute` means no Red preflight item exists and the task
+  may execute.
+- `readiness = draft_for_confirmation` means human confirmation is required
+  before execution.
+- `readiness = blocked` means the task cannot execute and must produce a
+  blocked result.
+- Before execution, write the L1 checklist to `execution_policy.task_tree`.
 - Before execution, list the L1 task checklist; mark each L1 complete with a
   checked and struck-through item.
 - Before executing an L1, plan the naturally derived L2 tasks; if an L2 still
@@ -140,6 +161,8 @@ fewer than 2 L1 tasks, use `normal`; if it finds 2 or more L1 tasks, use
   review is about to start.
 - Every checkpoint must include evidence: changed files, commands run,
   verification results, or why verification was not possible.
+- During execution, update `task_tree` node status: `pending`, `running`,
+  `done`, or `blocked`.
 - After completion, run one final review; only re-check Yellow, Red, failed
   verification, or high-impact modules.
 - Continuous execution does not change model policy; escalate through

package/template/en/ai/template/VERSION

@@ -1 +1 @@
-0.8.16
+0.8.17

package/template/en/ai/template/execution-policy.md

@@ -0,0 +1,109 @@
+# Execution Policy
+
+Do not summarize this file.
+During task execution, use this file to choose `normal` or `bounded_continuous`.
+
+## Default Policy
+
+The default execution policy is `auto`: before each execution, the AI first
+decomposes the task and judges risk, then chooses `normal` or
+`bounded_continuous`. Continuous execution does not depend on a human keyword.
+
+Pre-execution planning must:
+
+- Infer goal, scope, acceptance, permissions, and verification method from the
+  human goal, project context, and repository facts.
+- List the L1 task checklist and assign Green / Yellow / Red risk to each L1.
+- Use `normal` if there are fewer than 2 L1 tasks.
+- Automatically use `bounded_continuous` if there are 2 or more L1 tasks.
+- Stop for human confirmation first if any L1 is Red; Green and Yellow do not
+  block startup.
+- Write the task tree to `execution_policy.task_tree` in `ai/project/task.md`.
+
+## Task Tree
+
+Execute the task tree in L1 -> L2 -> L3 order.
+
+- Before executing an L1, plan its naturally derived L2 tasks.
+- Before executing an L2, plan L3 tasks if it still needs decomposition.
+- Default to at most 3 levels. Add L4 dynamically only when L3 would otherwise
+  be too large, unverifiable, or hard to revert.
+- Every L1/L2/L3/L4 node must have risk, expected edit scope, acceptance method,
+  and evidence requirements.
+- Show the L1 checklist as task items; when an L1 is complete, check it off and
+  strike it through.
+- During execution, update each `task_tree` node status: `pending`, `running`,
+  `done`, or `blocked`.
+
+Recommended node shape:
+
+```yaml
+id: "L1-1"
+title: ""
+risk: "Green | Yellow | Red"
+status: "pending | running | done | blocked"
+scope:
+  allowed: []
+  denied: []
+acceptance: []
+evidence: []
+children: []
+```
+
+## Risk Rubric
+
+Green:
+
+- Inside current task scope;
+- no new permission, command, network access, or destructive action is needed;
+- acceptance is clear;
+- no product direction, core architecture, data structure, security boundary,
+  payment, account, or permission change is needed.
+
+Yellow:
+
+- Still inside current task scope;
+- local uncertainty or local verification failure exists;
+- a low-risk local correction can continue the work;
+- no permission, scope, command, or acceptance expansion is needed.
+
+Red:
+
+- Permission expansion, unallowed command, network access, or destructive action
+  is needed;
+- product direction, core architecture, data structure, security boundary,
+  payment, account, or permission would change;
+- many files must be deleted, a core module must be rewritten, or multiple
+  high-cost options require judgment;
+- acceptance cannot be defined, or task goal materially conflicts with project direction.
+
+Only Red stops for human confirmation. Green continues automatically. Yellow
+continues after local low-risk correction.
+
+## Checkpoint
+
+Emit checkpoints only when risk rises, a boundary is about to change, a vertical
+slice is complete, or final review is about to start. Do not report just to
+spend checkpoint budget.
+
+Every checkpoint must include:
+
+```text
+## Checkpoint
+### Task Tree
+### Progress
+### Completed
+### Evidence
+### Drift Risk: Green / Yellow / Red
+### Recommended Next Step
+### Auto-Continue Decision
+```
+
+Evidence must include changed files, commands run, verification results, or why
+verification was not possible. A purely subjective Green is not valid.
+
+## Model Policy
+
+Continuous execution does not change `model_policy`. Still escalate through
+`model_policy` for planning, architecture, failure review, or acceptance
+disputes, and record the reason in `ai/project/metrics.json`.

package/template/en/ai/template/prompt.md

@@ -9,6 +9,7 @@ First read:
 
 1. `ai/template/protocol.md`
 2. `ai/template/rules/core.md`
+3. `ai/template/execution-policy.md`
 
 Then choose the mode:
 
@@ -64,13 +65,17 @@ In Task Draft Mode:
    risk from the user's current goal, project context, and repository facts; do
    not require the human to provide each field upfront.
 3. Draft `ai/project/task.md` and set `execution_policy.mode` to `auto`.
-4. Before execution, list the L1 checklist and mark each L1 Green / Yellow /
-   Red. Use `normal` if there are fewer than 2 L1 tasks; automatically use
-   `bounded_continuous` if there are 2 or more L1 tasks.
-5. Stop for human confirmation only when a Red preflight item appears. If the
+4. Before execution, list the L1 checklist, mark each L1 Green / Yellow / Red,
+   and write it to `execution_policy.task_tree`. Use `normal` if there are
+   fewer than 2 L1 tasks; automatically use `bounded_continuous` if there are 2
+   or more L1 tasks.
+5. If no Red preflight item exists, set `readiness` to `ready_to_execute`; if
+   human confirmation is needed, set it to `draft_for_confirmation`; if the task
+   cannot execute, set it to `blocked`.
+6. Stop for human confirmation only when a Red preflight item appears. If the
    human asked to execute or continue, and preflight contains only Green /
    Yellow, proceed directly to Execution Mode.
-6. Do not modify source or business files in Task Draft Mode.
+7. Do not modify source or business files in Task Draft Mode.
 
 End Task Draft Mode with:
 
@@ -121,13 +126,15 @@ In Execution Mode, read:
 2. `ai/project/runtime.md`
 3. `ai/project/task.md`
 
-Then perform pre-execution planning: list the L1 checklist, mark each L1 Green
-/ Yellow / Red, and automatically choose `normal` or `bounded_continuous` from
-the L1 count. Plan L2 before executing an L1, and plan L3 as needed before
-executing an L2; default to at most 3 levels, with L4 allowed when needed. When
-an L1 is complete, check it off and strike it through. Only Red stops for human
-confirmation; Green continues automatically, and Yellow continues after local
-low-risk correction. Write results to:
+Then follow `ai/template/execution-policy.md` for pre-execution planning: list
+the L1 checklist, mark each L1 Green / Yellow / Red, and write it to
+`execution_policy.task_tree`. Automatically choose `normal` or
+`bounded_continuous` from the L1 count. Plan L2 before executing an L1, and
+plan L3 as needed before executing an L2; default to at most 3 levels, with L4
+allowed when needed. When an L1 is complete, check it off, strike it through,
+and update the `task_tree` node status. Only Red stops for human confirmation;
+Green continues automatically, and Yellow continues after local low-risk
+correction. Write results to:
 
 - `ai/project/result.json`
 - `ai/project/result.md`

package/template/en/ai/template/protocol.md

@@ -49,71 +49,16 @@ Project Bootstrap / Context Reconcile / Strategy Update -> Project Confirm -> Ta
 
 ## Execution Authorization Modes
 
-The default execution policy is `auto`: before each execution, the AI first
-decomposes the task and judges risk, then chooses `normal` or
-`bounded_continuous`. Continuous execution does not depend on a human keyword.
-
-Pre-execution planning must:
-
-- Infer goal, scope, acceptance, permissions, and verification method from the
-  human goal, project context, and repository facts.
-- List the L1 task checklist and assign Green / Yellow / Red risk to each L1.
-- Use `normal` if there are fewer than 2 L1 tasks.
-- Automatically use `bounded_continuous` if there are 2 or more L1 tasks.
-- Stop for human confirmation first if any L1 is Red; Green and Yellow do not
-  block startup.
-
-Bounded continuous execution rules:
-
-- Execute the task tree in L1 -> L2 -> L3 order. Before executing an L1, plan
-  its naturally derived L2 tasks; before executing an L2, plan L3 tasks if it
-  still needs decomposition.
-- Default to at most 3 levels. Add L4 dynamically only when L3 would otherwise
-  be too large, unverifiable, or hard to revert.
-- Every L1/L2/L3/L4 node must have risk, expected edit scope, acceptance method,
-  and evidence requirements.
-- Show the L1 checklist as task items; when an L1 is complete, check it off and
-  strike it through.
-- Default to `vertical_slice` progress: each loop should produce a runnable,
-  reviewable, or reversible increment.
-- The AI infers goal, scope, acceptance, and permissions, but must not cross
-  project rules, explicit human limits, `permission.modify.denied`, security
-  boundaries, or destructive-action limits.
-- `Green` may continue automatically.
-- `Yellow` may continue after local low-risk correction.
-- `Red` must stop for human confirmation.
-- If permission must expand, an unallowed command must run, network access is
-  needed, a destructive action is needed, or product direction / core
-  architecture would change, the current node must be Red.
-- After all work is complete, run one final review; re-check only Yellow, Red,
-  failed verification, or high-impact modules.
-- Every checkpoint must include evidence; a purely subjective Green is not valid.
-- Continuous execution does not change model policy; still escalate through
-  `model_policy` for planning, architecture, failure review, or acceptance disputes.
-
-Must stop when:
-
-- The task would change product direction, core architecture, data structures,
-  security boundaries, payment, accounts, or permissions.
-- The task would delete many files or rewrite a core module.
-- The task outline, acceptance, or permission contains a material conflict.
-- The current implementation affects multiple later modules and the task
-  contract does not cover that impact.
-- Tests fail and cannot be fixed locally.
-- There are two or more high-cost options that need human judgment.
-
-Use this compact checkpoint format:
+Before task execution, read `ai/template/execution-policy.md`.
 
-```text
-## Checkpoint
-### Task Tree
-### Progress
-### Completed
-### Evidence
-### Drift Risk: Green / Yellow / Red
-### Recommended Next Step
-### Auto-Continue Decision
-```
+The default execution policy is `auto`: the AI first decomposes L1 tasks and
+judges Green / Yellow / Red risk, then chooses `normal` or `bounded_continuous`.
+Use `normal` when there are fewer than 2 L1 tasks; automatically use
+`bounded_continuous` when there are 2 or more L1 tasks. Only Red stops for
+human confirmation.
+
+Task tree, risk rubric, checkpoint evidence, and `task_tree` status update
+rules are defined in `ai/template/execution-policy.md`.
 
 ## Bootstrap Mode
 

package/template/en/ai/template/rules/core.md

@@ -119,33 +119,16 @@ or dependency files unless the human explicitly authorizes it.
 
 ## Bounded Continuous Execution Gate
 
-Before every execution, the AI must decompose the task and judge risk instead
-of waiting for the human to explicitly say "enable continuous execution".
-
-Before execution:
-
-- Infer goal, scope, acceptance, permissions, and verification method from the
-  human goal, project context, and repository facts.
-- List the L1 task checklist and mark each L1 Green / Yellow / Red.
-- Use `normal` when there are fewer than 2 L1 tasks; automatically use
-  `bounded_continuous` when there are 2 or more L1 tasks.
-- Stop for human confirmation if any L1 is Red; Green and Yellow may continue.
-
-When enabled:
-
-- Execute in L1 -> L2 -> L3 order; plan L2 before executing an L1, and plan L3
-  as needed before executing an L2.
-- Default to at most 3 levels; add L4 dynamically only when L3 is still too
-  large, unverifiable, or hard to revert.
-- Show the L1 checklist as task items; when an L1 is complete, check it off and
-  strike it through.
-- Every task node must have risk, expected edit scope, acceptance method, and
-  evidence requirements.
-- The checkpoint budget is a maximum, not a required count.
-- Every checkpoint must include evidence.
-- `Green` may continue automatically.
-- `Yellow` continues after local low-risk correction.
-- `Red` must stop for human confirmation.
+Before every execution, the AI must read `ai/template/execution-policy.md`,
+decompose the task, and judge risk instead of waiting for the human to
+explicitly say "enable continuous execution".
+
+Hard gates:
+
+- `execution_policy.task_tree` must record the L1 checklist and execution state.
+- Every task node must have Green / Yellow / Red risk.
+- Every checkpoint must include evidence; a purely subjective Green is not valid.
+- Red must stop for human confirmation.
 - Any product direction, core architecture, data structure, security, payment,
   account, permission, large deletion, core rewrite, or high-cost option choice
   must stop.

package/template/zh/ai/README.md

@@ -11,6 +11,7 @@ project 是现场工作区
 
 - `template/prompt.md`：AI 启动提示。
 - `template/bootstrap.md`：项目发现和上下文引导提示。
+- `template/execution-policy.md`：自动连续执行、任务树、风险分级和 Checkpoint 规则。
 - `template/reconcile.md`：把新的权威资料合并进现有项目上下文。
 - `template/VERSION`：已安装模板版本。
 - `template/protocol.md`：引导流程、执行流程、模型分工、同步规则。

package/template/zh/ai/project/task.md

@@ -3,6 +3,7 @@ task_id: ""
 type: "bugfix | feature | refactor | docs | config | test | research | strategy_update | apply_strategy_update"
 priority: "P0 | P1 | P2 | P3"
 risk_level: "low | medium | high"
+readiness: "draft_for_confirmation | ready_to_execute | blocked"
 depends_on_previous_result: false
 execution_policy:
   mode: "auto | normal | bounded_continuous"
@@ -10,7 +11,17 @@ execution_policy:
   max_depth: 3
   allow_depth_4_when_needed: true
   progress_unit: "vertical_slice"
-  task_tree: []
+  task_tree:
+    - id: "L1-1"
+      title: ""
+      risk: "Green | Yellow | Red"
+      status: "pending | running | done | blocked"
+      scope:
+        allowed: []
+        denied: []
+      acceptance: []
+      evidence: []
+      children: []
   checkpoint_budget:
     l1: 0
     l2: 0
@@ -69,7 +80,9 @@ permission:
 这个文件是当前执行契约。优先在引导模式中，根据简短人类目标和仓库上下文生成，
 然后由人类在执行前检查。
 
-优先使用安全假设，少问额外问题；但不要猜测范围、风险、权限或验收。
+优先使用安全假设，少问额外问题。AI 应基于用户目标、项目上下文和仓库事实推断
+范围、风险、权限和验收；如果推断会越过权限、安全边界或验收无法定义，将
+`readiness` 标为 `blocked` 或将相关任务节点标为 `Red`，等待人类确认。
 
 ## 目标
 
@@ -116,6 +129,10 @@ permission:
 
 - 目标、范围、验收、权限和风险评级由 AI 基于用户目标、项目上下文和仓库事实推断；
   不要求用户预先逐项提供。
+- `readiness = ready_to_execute` 表示没有 Red 预检项，可以执行。
+- `readiness = draft_for_confirmation` 表示需要人类确认后才能执行。
+- `readiness = blocked` 表示当前任务不可执行，必须写 blocked 结果。
+- 执行前必须把 L1 任务清单写入 `execution_policy.task_tree`。
 - 执行前必须列出 L1 任务清单；每个 L1 用待办列表表示，完成后打勾并划掉。
 - 执行某个 L1 前，AI 先规划自然衍生出的 L2；如果 L2 仍需拆分，再规划 L3。
 - 默认最多 3 层；只有当不拆 L4 会导致 L3 过大或不可验证时，才允许动态增加 L4。
@@ -125,6 +142,7 @@ permission:
 - `checkpoint_budget` 是最多可用检查点预算，不是必须用完的次数；不要为了消耗预算而汇报。
 - 只有在触发 `checkpoint_triggers`、风险升高或准备收尾时才输出 Checkpoint。
 - 每个 Checkpoint 必须包含证据：已改文件、已运行命令、验证结果或无法验证的原因。
+- 执行中必须更新 `task_tree` 节点状态：`pending`、`running`、`done` 或 `blocked`。
 - 完成后只做一次总复盘；只对 Yellow、Red、失败验证或高影响模块做二次抽检。
 - 连续执行不改变模型策略；涉及判断、架构、失败复盘或验收争议时仍按 `model_policy` 升级。
 

package/template/zh/ai/template/VERSION

@@ -1 +1 @@
-0.8.16
+0.8.17

package/template/zh/ai/template/execution-policy.md

@@ -0,0 +1,95 @@
+# 执行策略
+
+不要总结这个文件。
+任务执行时按本文件选择 `normal` 或 `bounded_continuous`。
+
+## 默认策略
+
+默认执行策略是 `auto`：AI 在每次执行前先做任务分解和风险判断，再决定使用
+`normal` 还是 `bounded_continuous`。启用连续执行不依赖用户说出特定口令。
+
+执行前规划必须：
+
+- 根据用户目标、项目上下文和仓库事实，推断目标、范围、验收、权限和验证方式。
+- 列出 L1 任务清单，并为每个 L1 生成 Green / Yellow / Red 风险评级。
+- 如果 L1 少于 2 个，使用 `normal`。
+- 如果 L1 为 2 个或更多，自动启用 `bounded_continuous`。
+- 如果任一 L1 为 Red，先停止并让人类确认；Green 和 Yellow 不阻塞启动。
+- 将任务树写入 `ai/project/task.md` 的 `execution_policy.task_tree`。
+
+## 任务树
+
+任务树按 L1 -> L2 -> L3 执行。
+
+- 执行某个 L1 前，先规划它自然衍生出的 L2。
+- 执行某个 L2 前，如果仍需拆分，再规划 L3。
+- 默认最多 3 层。只有当 L3 仍过大、不可验证或不可回退时，才动态增加 L4。
+- L1/L2/L3/L4 都必须有风险评级、预期改动范围、验收方式和证据要求。
+- L1 清单必须用待办列表展示；每完成一个 L1，就打勾并划掉。
+- 执行中必须更新 `task_tree` 节点状态：`pending`、`running`、`done` 或 `blocked`。
+
+推荐节点结构：
+
+```yaml
+id: "L1-1"
+title: ""
+risk: "Green | Yellow | Red"
+status: "pending | running | done | blocked"
+scope:
+  allowed: []
+  denied: []
+acceptance: []
+evidence: []
+children: []
+```
+
+## 风险分级
+
+Green：
+
+- 在当前任务范围内；
+- 不需要新增权限、命令、网络或破坏性操作；
+- 验收方式明确；
+- 不改变产品方向、核心架构、数据结构、安全边界、支付、账号或权限。
+
+Yellow：
+
+- 仍在当前任务范围内；
+- 存在局部不确定或局部验证失败；
+- 可以用低风险修正继续；
+- 不需要扩大权限、范围、命令或验收。
+
+Red：
+
+- 需要扩大权限、运行未允许命令、访问网络或执行破坏性操作；
+- 需要改变产品方向、核心架构、数据结构、安全边界、支付、账号或权限；
+- 需要删除大量文件、重写核心模块或在多个高成本方案之间取舍；
+- 验收不可定义，或任务目标和项目方向发生实质冲突。
+
+只有 Red 停止等待人类确认。Green 自动继续。Yellow 做局部低风险修正后继续。
+
+## Checkpoint
+
+Checkpoint 只在风险升高、边界即将变化、完成垂直切片或准备收尾时输出。
+不要为了消耗预算而汇报。
+
+每个 Checkpoint 必须包含：
+
+```text
+## Checkpoint
+### 任务树
+### 当前完成度
+### 已完成
+### 证据
+### 偏离风险：Green / Yellow / Red
+### 下一步建议
+### 是否自动继续
+```
+
+证据必须包含已改文件、已运行命令、验证结果，或无法验证的原因。
+不接受只有主观判断的 Green。
+
+## 模型策略
+
+连续执行不改变 `model_policy`。遇到规划、架构、失败复盘或验收争议，
+仍按 `model_policy` 升级，并在 `ai/project/metrics.json` 中记录原因。

package/template/zh/ai/template/prompt.md

@@ -9,6 +9,7 @@
 
 1. `ai/template/protocol.md`
 2. `ai/template/rules/core.md`
+3. `ai/template/execution-policy.md`
 
 然后选择模式：
 
@@ -51,11 +52,14 @@
 2. 根据用户当前目标、项目上下文和仓库事实，推断目标、范围、验收、权限、
    验证方式和初始风险；不要要求用户逐项提供。
 3. 起草 `ai/project/task.md`，并将 `execution_policy.mode` 设为 `auto`。
-4. 执行前列出 L1 任务清单并标注 Green / Yellow / Red。L1 少于 2 个时使用
-   `normal`；L1 为 2 个或更多时自动使用 `bounded_continuous`。
-5. 只有出现 Red 预检项时才停止等待人类确认。若用户要求的是执行或继续，且预检
+4. 执行前列出 L1 任务清单并标注 Green / Yellow / Red，同时写入
+   `execution_policy.task_tree`。L1 少于 2 个时使用 `normal`；L1 为 2 个或更多时
+   自动使用 `bounded_continuous`。
+5. 如果没有 Red 预检项，将 `readiness` 设为 `ready_to_execute`；如果需要人类确认，
+   设为 `draft_for_confirmation`；如果不可执行，设为 `blocked`。
+6. 只有出现 Red 预检项时才停止等待人类确认。若用户要求的是执行或继续，且预检
    只有 Green / Yellow，可以直接进入执行模式。
-6. 不要在任务草稿模式中修改源码或业务文件。
+7. 不要在任务草稿模式中修改源码或业务文件。
 
 任务草稿模式必须以下面结构结束：
 
@@ -104,10 +108,11 @@
 2. `ai/project/runtime.md`
 3. `ai/project/task.md`
 
-然后先做执行前规划：列出 L1 清单，给每个 L1 标注 Green / Yellow / Red，
-并根据 L1 数量自动选择 `normal` 或 `bounded_continuous`。执行 L1 前规划 L2，
-执行 L2 前按需规划 L3；默认最多 3 层，必要时允许 L4。每完成一个 L1，
-在清单中打勾并划掉。只有 Red 停止等待人类确认；Green 自动继续，Yellow 做局部
+然后按 `ai/template/execution-policy.md` 做执行前规划：列出 L1 清单，给每个 L1
+标注 Green / Yellow / Red，并写入 `execution_policy.task_tree`。根据 L1 数量自动选择
+`normal` 或 `bounded_continuous`。执行 L1 前规划 L2，执行 L2 前按需规划 L3；
+默认最多 3 层，必要时允许 L4。每完成一个 L1，在清单中打勾并划掉，并更新
+`task_tree` 节点状态。只有 Red 停止等待人类确认；Green 自动继续，Yellow 做局部
 低风险修正后继续。最后把结果写入：
 
 - `ai/project/result.json`

package/template/zh/ai/template/protocol.md

@@ -43,57 +43,14 @@ ai/project/task.md             = 当前执行契约
 
 ## 执行授权模式
 
-默认执行策略是 `auto`：AI 在每次执行前先做任务分解和风险判断，再决定使用
-`normal` 还是 `bounded_continuous`。启用连续执行不依赖用户说出特定口令。
-
-执行前规划必须：
-
-- 根据用户目标、项目上下文和仓库事实，推断目标、范围、验收、权限和验证方式。
-- 列出 L1 任务清单，并为每个 L1 生成 Green / Yellow / Red 风险评级。
-- 如果 L1 少于 2 个，使用 `normal`。
-- 如果 L1 为 2 个或更多，自动启用 `bounded_continuous`。
-- 如果任一 L1 为 Red，先停止并让人类确认；Green 和 Yellow 不阻塞启动。
-
-边界内连续执行规则：
-
-- 任务树按 L1 -> L2 -> L3 执行。执行某个 L1 前，先规划它自然衍生出的 L2；
-  执行某个 L2 前，如果仍需拆分，再规划 L3。
-- 默认最多 3 层。只有当 L3 仍过大、不可验证或不可回退时，才动态增加 L4。
-- L1/L2/L3/L4 都必须有风险评级、预期改动范围、验收方式和证据要求。
-- L1 清单必须用待办列表展示；每完成一个 L1，就打勾并划掉。
-- 默认按 `vertical_slice` 推进：每轮都产出可运行、可检查或可回退的增量。
-- 目标、范围、验收和权限由 AI 推断，但不能越过项目规则、显式用户限制、
-  `permission.modify.denied`、安全边界或破坏性操作限制。
-- `Green` 可以自动继续。
-- `Yellow` 可以在局部低风险修正后继续。
-- `Red` 必须停止等待人类确认。
-- 如果需要扩大权限、运行未允许命令、访问网络、执行破坏性操作、改变产品方向或核心架构，
-  当前节点必须标为 Red。
-- 全部完成后只做一次总复盘；只对 Yellow、Red、验证失败或高影响模块做二次抽检。
-- 每个 Checkpoint 必须给出证据，不接受只有主观判断的 Green。
-- 连续执行不改变模型策略；遇到规划、架构、失败复盘或验收争议，仍按 `model_policy` 升级。
-
-必须停止的情况：
-
-- 需要改变产品方向、核心架构、数据结构、安全边界、支付、账号或权限。
-- 需要删除大量文件或重写核心模块。
-- 发现任务大纲、验收或权限之间存在实质冲突。
-- 当前实现会影响多个后续模块，且任务契约没有覆盖该影响。
-- 测试失败且无法局部修复。
-- 出现两个以上高成本方案，需要人类裁决。
-
-检查点使用紧凑格式：
+任务执行前必须读取 `ai/template/execution-policy.md`。
 
-```text
-## Checkpoint
-### 任务树
-### 当前完成度
-### 已完成
-### 证据
-### 偏离风险：Green / Yellow / Red
-### 下一步建议
-### 是否自动继续
-```
+执行策略默认是 `auto`：AI 先拆 L1 任务并判断 Green / Yellow / Red，再决定使用
+`normal` 或 `bounded_continuous`。L1 少于 2 个使用 `normal`；L1 为 2 个或更多
+自动启用 `bounded_continuous`。只有 Red 停止等待人类确认。
+
+任务树、风险分级、Checkpoint 证据和 `task_tree` 状态更新规则由
+`ai/template/execution-policy.md` 定义。
 
 ## 引导模式
 

package/template/zh/ai/template/rules/core.md

@@ -103,26 +103,15 @@
 
 ## 边界内连续执行门
 
-每次执行前，AI 必须先做任务分解和风险判断，而不是等待用户显式说“启用连续执行”。
-
-执行前必须：
-
-- 根据用户目标、项目上下文和仓库事实，推断目标、范围、验收、权限和验证方式。
-- 列出 L1 任务清单，并给每个 L1 标注 Green / Yellow / Red。
-- L1 少于 2 个时使用 `normal`；L1 为 2 个或更多时自动使用 `bounded_continuous`。
-- 任一 L1 为 Red 时，停止等待人类确认；Green 和 Yellow 可继续。
-
-启用后：
-
-- 按 L1 -> L2 -> L3 执行；执行某个 L1 前规划 L2，执行某个 L2 前按需规划 L3。
-- 默认最多 3 层；只有当 L3 仍过大、不可验证或不可回退时，才动态增加 L4。
-- L1 清单必须用待办列表展示；每完成一个 L1，就打勾并划掉。
-- 每个任务节点必须有风险评级、预期改动范围、验收方式和证据要求。
-- 检查点预算是上限，不是必须用完的次数。
-- 每个 Checkpoint 必须包含证据。
-- `Green` 可自动继续。
-- `Yellow` 做局部低风险修正后继续。
-- `Red` 必须停止等待人类确认。
+每次执行前，AI 必须读取 `ai/template/execution-policy.md`，先做任务分解和风险判断，
+而不是等待用户显式说“启用连续执行”。
+
+硬门禁：
+
+- `execution_policy.task_tree` 必须记录 L1 清单和执行状态。
+- 每个任务节点必须有 Green / Yellow / Red 风险评级。
+- 每个 Checkpoint 必须包含证据；不接受只有主观判断的 Green。
+- Red 必须停止等待人类确认。
 - 任何方向、核心架构、数据结构、安全、支付、账号、权限、大量删除、
   核心重写或高成本方案取舍，都必须停止。
 - 需要扩大范围、权限、命令、网络或验收时，必须停止。

package/test/selftest.js

@@ -51,6 +51,7 @@ function testInitUpdateDoctor() {
   assert(read(cwd, "ai/template/LANG") === "zh\n", "init should default to zh template");
   assert(exists(cwd, "ai/template/VERSION"), "init should create template VERSION");
   assert(exists(cwd, "ai/template/bootstrap.md"), "init should create template bootstrap prompt");
+  assert(exists(cwd, "ai/template/execution-policy.md"), "init should create execution policy prompt");
   assert(exists(cwd, "ai/template/prompt.md"), "init should create template prompt");
   assert(exists(cwd, "ai/template/reconcile.md"), "init should create template reconcile prompt");
   assert(exists(cwd, "ai/project/inbox/.gitkeep"), "init should create inbox directory");
@@ -77,16 +78,21 @@ function testInitUpdateDoctor() {
   assert(read(cwd, "ai/template/bootstrap.md").includes("未吸收资料"), "bootstrap handoff should audit unabsorbed material");
   assert(read(cwd, "ai/template/bootstrap.md").includes("冲突处理"), "bootstrap handoff should audit conflict handling");
   assert(read(cwd, "ai/template/prompt.md").includes("任务草稿交接"), "execution prompt should include task handoff");
+  assert(read(cwd, "ai/template/prompt.md").includes("ai/template/execution-policy.md"), "execution prompt should read execution policy");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("风险分级"), "execution policy should include risk rubric");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("execution_policy.task_tree"), "execution policy should require task tree persistence");
   assert(read(cwd, "ai/template/prompt.md").includes("默认也只处理 `ai/project/inbox/*.md`"), "execution prompt should narrow inbox reconciliation");
-  assert(read(cwd, "ai/template/protocol.md").includes("边界内连续执行"), "protocol should include bounded continuous execution");
-  assert(read(cwd, "ai/template/protocol.md").includes("`vertical_slice`"), "protocol should require vertical-slice progress for continuous execution");
-  assert(read(cwd, "ai/template/protocol.md").includes("L1 为 2 个或更多，自动启用"), "protocol should auto-enable continuous execution from L1 count");
-  assert(read(cwd, "ai/template/protocol.md").includes("每个 Checkpoint 必须给出证据"), "protocol should require evidence-backed checkpoints");
+  assert(read(cwd, "ai/template/protocol.md").includes("`bounded_continuous`"), "protocol should include bounded continuous execution");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("垂直切片"), "protocol should require vertical-slice progress for continuous execution");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("L1 为 2 个或更多，自动启用"), "protocol should auto-enable continuous execution from L1 count");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("每个 Checkpoint 必须包含"), "protocol should require evidence-backed checkpoints");
   assert(read(cwd, "ai/template/rules/core.md").includes("边界内连续执行门"), "core rules should include bounded continuous execution gate");
   assert(read(cwd, "ai/template/rules/core.md").includes("需要扩大范围、权限、命令、网络或验收时"), "core rules should stop continuous execution before boundary expansion");
   assert(read(cwd, "ai/project/task.md").includes("execution_policy:"), "task template should include execution policy");
+  assert(read(cwd, "ai/project/task.md").includes("readiness:"), "task template should include readiness state");
   assert(read(cwd, "ai/project/task.md").includes("activation_rule: \"auto_enable_when_l1_count_gte_2\""), "task template should define automatic activation rule");
   assert(read(cwd, "ai/project/task.md").includes("risk_gate:"), "task template should define risk gate");
+  assert(read(cwd, "ai/project/task.md").includes("status: \"pending | running | done | blocked\""), "task template should define task tree node status");
   assert(read(cwd, "ai/project/task.md").includes("progress_unit: \"vertical_slice\""), "task template should define continuous progress unit");
   assert(read(cwd, "ai/template/prompt.md").includes("开始初始化这个项目"), "execution prompt should route natural bootstrap entry");
   assert(read(cwd, "ai/template/prompt.md").includes("开始初始化这个项目，并吸收 ai/project/inbox/ 里的资料"), "execution prompt should route bootstrap with inbox material");
@@ -142,6 +148,7 @@ function testEnglishInitUpdateDoctor() {
 
   const initOutput = run(["init", "--lang", "en"], cwd);
   assert(read(cwd, "ai/template/LANG") === "en\n", "init --lang en should install English template");
+  assert(exists(cwd, "ai/template/execution-policy.md"), "English init should create execution policy prompt");
   assert(read(cwd, "ai/template/bootstrap.md").includes("Confirmation Dimensions"), "English init should install English bootstrap prompt");
   assert(read(cwd, "ai/template/bootstrap.md").includes("Do not summarize this file"), "English bootstrap prompt should prevent summary-only behavior");
   assert(read(cwd, "ai/template/bootstrap.md").includes("ai/project/refs/final-shape.md"), "English bootstrap prompt should initialize the North Star");
@@ -154,16 +161,21 @@ function testEnglishInitUpdateDoctor() {
   assert(read(cwd, "ai/template/bootstrap.md").includes("Unabsorbed material"), "English bootstrap handoff should audit unabsorbed material");
   assert(read(cwd, "ai/template/bootstrap.md").includes("Conflict handling"), "English bootstrap handoff should audit conflict handling");
   assert(read(cwd, "ai/template/prompt.md").includes("Start initializing this project"), "English execution prompt should route natural bootstrap entry");
+  assert(read(cwd, "ai/template/prompt.md").includes("ai/template/execution-policy.md"), "English execution prompt should read execution policy");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("Risk Rubric"), "English execution policy should include risk rubric");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("execution_policy.task_tree"), "English execution policy should require task tree persistence");
   assert(read(cwd, "ai/template/prompt.md").includes("default to only `ai/project/inbox/*.md`"), "English execution prompt should narrow inbox reconciliation");
   assert(read(cwd, "ai/template/protocol.md").includes("`bounded_continuous`"), "English protocol should include bounded continuous execution");
-  assert(read(cwd, "ai/template/protocol.md").includes("`vertical_slice`"), "English protocol should require vertical-slice progress for continuous execution");
-  assert(read(cwd, "ai/template/protocol.md").includes("Automatically use `bounded_continuous`"), "English protocol should auto-enable continuous execution from L1 count");
-  assert(read(cwd, "ai/template/protocol.md").includes("Every checkpoint must include evidence"), "English protocol should require evidence-backed checkpoints");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("vertical"), "English protocol should require vertical-slice progress for continuous execution");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("Automatically use `bounded_continuous`"), "English protocol should auto-enable continuous execution from L1 count");
+  assert(read(cwd, "ai/template/execution-policy.md").includes("Every checkpoint must include"), "English protocol should require evidence-backed checkpoints");
   assert(read(cwd, "ai/template/rules/core.md").includes("Bounded Continuous Execution Gate"), "English core rules should include bounded continuous execution gate");
   assert(read(cwd, "ai/template/rules/core.md").includes("expand scope, permission, commands, network access, or acceptance"), "English core rules should stop continuous execution before boundary expansion");
   assert(read(cwd, "ai/project/task.md").includes("execution_policy:"), "English task template should include execution policy");
+  assert(read(cwd, "ai/project/task.md").includes("readiness:"), "English task template should include readiness state");
   assert(read(cwd, "ai/project/task.md").includes("activation_rule: \"auto_enable_when_l1_count_gte_2\""), "English task template should define automatic activation rule");
   assert(read(cwd, "ai/project/task.md").includes("risk_gate:"), "English task template should define risk gate");
+  assert(read(cwd, "ai/project/task.md").includes("status: \"pending | running | done | blocked\""), "English task template should define task tree node status");
   assert(read(cwd, "ai/project/task.md").includes("progress_unit: \"vertical_slice\""), "English task template should define continuous progress unit");
   assert(read(cwd, "ai/template/prompt.md").includes("Start initializing this project and absorb the material in ai/project/inbox/"), "English execution prompt should route bootstrap with inbox material");
   assert(read(cwd, "ai/template/prompt.md").includes("instead of bootstrapping again"), "English execution prompt should reconcile inbox material when project context already exists");
@@ -236,6 +248,25 @@ function testDoctorFailureAndWarning() {
   write(taskWarnCwd, "ai/project/task.md", "# Task only\n");
   const taskWarnOutput = run(["doctor"], taskWarnCwd);
   assert(taskWarnOutput.includes("任务 front matter 缺少关键字段"), "doctor should warn incomplete task front matter");
+
+  const taskPolicyWarnCwd = createTempProject("agent-execution-template-task-policy");
+  run(["init"], taskPolicyWarnCwd);
+  write(taskPolicyWarnCwd, "ai/project/task.md", `---
+task_id: ""
+type: "feature"
+priority: "P2"
+risk_level: "low"
+readiness: "ready_to_execute"
+execution_policy:
+  mode: "auto"
+model_policy: {}
+refs: {}
+permission: {}
+---
+# Task
+`);
+  const taskPolicyWarnOutput = run(["doctor"], taskPolicyWarnCwd);
+  assert(taskPolicyWarnOutput.includes("任务 front matter 缺少关键字段"), "doctor should warn when execution policy fields are incomplete");
 }
 
 function testRefreshBacksUpAndImportsOldProject() {
@@ -271,14 +302,14 @@ function testNextCommandRoutesByProjectState() {
   assert(run(["next"], cwd).includes("开始初始化这个项目"), "next should bootstrap a freshly installed project");
 
   write(cwd, "ai/project/project.md", "USER PROJECT MARKER\n");
-  assert(run(["next"], cwd).includes("继续推进这个项目"), "next should continue when no intake is waiting");
+  assert(run(["next"], cwd).includes("执行前先拆 L1 任务"), "next should continue with automatic execution guidance when no intake is waiting");
 
   write(cwd, "ai/project/inbox/product.md", "# Product material\n");
   assert(run(["next"], cwd).includes("整合 ai/project/inbox/ 里的新资料"), "next should route material inbox to reconcile");
   fs.unlinkSync(path.join(cwd, "ai/project/inbox/product.md"));
 
   write(cwd, "ai/project/inbox/processed/product.md", "# Processed material\n");
-  assert(run(["next"], cwd).includes("继续推进这个项目"), "next should ignore processed inbox material");
+  assert(run(["next"], cwd).includes("执行前先拆 L1 任务"), "next should ignore processed inbox material");
   fs.unlinkSync(path.join(cwd, "ai/project/inbox/processed/product.md"));
 
   write(cwd, "ai/project/inbox/ideas/new-direction.md", "# Direction idea\n");
@@ -286,7 +317,7 @@ function testNextCommandRoutesByProjectState() {
   fs.unlinkSync(path.join(cwd, "ai/project/inbox/ideas/new-direction.md"));
 
   write(cwd, "ai/project/proposals/final-shape-updates/proposal.md", "---\nstatus: \"applied\"\n---\n");
-  assert(run(["next"], cwd).includes("继续推进这个项目"), "next should ignore already applied proposals");
+  assert(run(["next"], cwd).includes("执行前先拆 L1 任务"), "next should ignore already applied proposals");
 
   write(cwd, "ai/project/proposals/final-shape-updates/proposal.md", "---\nstatus: \"proposed\"\n---\n");
   assert(run(["next"], cwd).includes("已有方向修订提案"), "next should route existing proposals to human review");