@xenonbyte/da-vinci-workflow 0.1.22 → 0.1.24

package/CHANGELOG.md

@@ -1,5 +1,36 @@
 # Changelog
 
+## v0.1.24 - 2026-03-29
+
+### Added
+- `da-vinci supervisor-review` now supports structured reviewer provenance fields: `Configured reviewers`, `Executed reviewers`, and `Review source`
+- `design-supervisor` compatibility binary (`design-supervisor review`) that forwards to `da-vinci supervisor-review`
+- `scripts/test-supervisor-review-cli.js` coverage for alias behavior, inferred mode, and skill-source reviewer execution metadata
+- `scripts/test-supervisor-review-integration.js` optional real `codex exec` smoke test (`DA_VINCI_RUN_SUPERVISOR_INTEGRATION=1`)
+
+### Changed
+- supervisor-review audit parsing now accepts latest `## Design-Supervisor Review (Round X Attempt)` sections, multiline issue/outcome fields, and `Result` as a status alias
+- completion audit now enforces skill-backed supervisor evidence (`Review source: skill` + executed configured reviewers) when `Require Supervisor Review: true`
+- design prompts/skill docs now require configured reviewer skills to actually execute review before writing supervisor results
+- command references and constraint docs (EN/ZH) now document structured reviewer fields and required skill-backed behavior for hard-gate projects
+- `da-vinci supervisor-review --run-reviewers` now supports parallel execution (`--review-concurrency`) and resilient retries (`--review-retries`, `--review-retry-delay-ms`)
+
+## v0.1.23 - 2026-03-29
+
+### Added
+- `lib/audit-parsers.js` to isolate markdown/checkpoint/context-delta/design-supervisor parsing concerns from audit orchestration
+- `lib/fs-safety.js` for bounded recursive traversal and project-root path-boundary checks
+- `lib/icon-text.js` to share icon text normalization/tokenization across icon modules
+- `scripts/test-audit-safety.js` to cover out-of-root registry paths and traversal truncation warnings
+- `test:audit-safety` npm script
+
+### Changed
+- `lib/audit.js` now uses bounded safe scans, emits traversal warnings, and rejects out-of-root registry `.pen` references
+- `lib/install.js` now uses bounded safe traversal for asset enumeration
+- `lib/pencil-preflight.js` now hardens VM execution with unsafe-source checks, disabled dynamic code generation, source-size limits, and explicit timeout classification
+- `lib/icon-search.js` and `lib/icon-aliases.js` now consume shared text utilities instead of duplicate local implementations
+- preflight/icon tests now include safety and normalization regression coverage
+
 ## v0.1.22 - 2026-03-29
 
 ### Added

package/README.md

@@ -28,10 +28,17 @@ This workflow is intended for:
 
 Latest published npm package:
 
-- `@xenonbyte/da-vinci-workflow@0.1.21`
+- `@xenonbyte/da-vinci-workflow@0.1.24`
 
 Release highlights:
 
+- `da-vinci supervisor-review --run-reviewers` now supports configurable parallel reviewer execution and resilient retry backoff (`--review-concurrency`, `--review-retries`, `--review-retry-delay-ms`)
+- added optional `test:supervisor-review-integration` smoke coverage for real `codex exec` review runner flows (enabled via `DA_VINCI_RUN_SUPERVISOR_INTEGRATION=1`)
+- audit parser logic is now split into `lib/audit-parsers.js`, reducing `lib/audit.js` size and making maintenance safer
+- recursive file traversal now uses bounded safe scans with depth/count limits and symlink skipping
+- completion/integrity audit now rejects out-of-root `.pen` references from `design-registry.md`
+- `preflight-pencil` sandbox now blocks unsafe runtime tokens, disables dynamic code generation, and reports timeout failures explicitly
+- icon text normalization/tokenization is now shared across `icon-search` and `icon-aliases`, removing duplicated logic and adding parity coverage
 - `da-vinci pencil-session end` now requires live snapshot input (`--nodes-file`) unless `--force` is used, preventing silent session close while live MCP and disk are out of sync
 - `build` route discipline now treats compile success as non-terminal and requires `da-vinci audit --mode completion --change <change-id> <project-path>` before reporting terminal completion
 - `continue` route guidance now blocks `build` recommendation whenever core design gates remain unresolved (missing project-local `.pen`, active session, runtime/design-source BLOCK, or required design-supervisor BLOCK)
@@ -449,6 +456,7 @@ da-vinci audit --mode completion --change <change-id> /abs/path/to/project
 da-vinci icon-sync                      # tolerant by default; add --strict for hard gating
 cp references/icon-aliases.example.json ~/.da-vinci/icon-aliases.json
 da-vinci icon-search --query "settings lock" --family material --top 8
+da-vinci supervisor-review --project /abs/path/to/project --change <change-id> --run-reviewers --write
 da-vinci preflight-pencil --ops-file /abs/path/to/ops.txt
 da-vinci uninstall --platform codex,claude,gemini
 ```
@@ -493,6 +501,14 @@ Both modes check the most common workflow-integrity failures in a project:
 - returns ranked candidates with ready-to-use `icon_font` node payload hints
 - for a copy-ready `Icon System Guidance (Advisory)` template, see `docs/constraint-files.md` and `references/artifact-templates.md`
 
+`da-vinci supervisor-review` provides a local structured reviewer record:
+
+- writes `Configured reviewers`, `Executed reviewers`, `Review source`, `Status`, `Issue list`, and `Revision outcome` into `pencil-design.md` when `--write` is provided
+- accepts explicit status input (`--status PASS|WARN|BLOCK`) or can infer a conservative status from current design artifacts
+- for required supervisor gates, prefer `--run-reviewers --write` so configured reviewer skills execute and the record is persisted in one step
+- reviewer execution tuning is available via `--review-concurrency`, `--review-retries`, and `--review-retry-delay-ms` (exponential backoff)
+- keeps `design-supervisor review` available as a compatibility alias
+
 When Pencil MCP is active, Da Vinci now also expects an MCP runtime gate record in `pencil-design.md` before terminal completion claims. That runtime gate checks live editor/source convergence separately from filesystem audit.
 During active redesign work, run `da-vinci audit --mode integrity <project-path>` immediately after the first successful Pencil write, then use `da-vinci preflight-pencil` plus smaller follow-up batches if the same anchor surface rolls back twice.
 

package/README.zh-CN.md

@@ -30,10 +30,17 @@ Da Vinci 是一个把产品需求一路推进到结构化规格、Pencil 设计
 
 最新已发布 npm 包：
 
-- `@xenonbyte/da-vinci-workflow@0.1.21`
+- `@xenonbyte/da-vinci-workflow@0.1.24`
 
 已发布版本重点：
 
+- `da-vinci supervisor-review --run-reviewers` 现已支持 reviewer 并发执行与失败重试退避（`--review-concurrency`、`--review-retries`、`--review-retry-delay-ms`）
+- 新增可选 `test:supervisor-review-integration` 烟测，用于覆盖真实 `codex exec` 评审执行链路（通过 `DA_VINCI_RUN_SUPERVISOR_INTEGRATION=1` 启用）
+- audit 解析职责已拆分到 `lib/audit-parsers.js`，`lib/audit.js` 体量下降，可维护性更好
+- 递归文件扫描改为安全有界遍历：增加深度/数量上限，并跳过符号链接
+- completion/integrity audit 现在会拦截并忽略 `design-registry.md` 中越出项目根目录的 `.pen` 引用
+- `preflight-pencil` 沙箱增强：拦截危险运行时 token、禁用动态代码生成，并对超时失败给出明确分类
+- `icon-search` 与 `icon-aliases` 现在复用同一套文本归一化/分词逻辑，去掉重复实现并补了一致性回归测试
 - `da-vinci pencil-session end` 现在默认要求提供 live 快照输入（`--nodes-file`）；只有显式 `--force` 才允许跳过，避免 live MCP 与磁盘未同步时被静默关闭
 - `build` 路由现在明确：编译成功不等于流程完成；对外宣布终态前必须通过 `da-vinci audit --mode completion --change <change-id> <project-path>`
 - `continue` 的推荐规则现在会拦截未过设计门禁时的 `build` 选路（缺少项目内 `.pen`、session 未关闭、runtime/design-source BLOCK、required design-supervisor BLOCK）
@@ -370,6 +377,7 @@ da-vinci audit --mode completion --change <change-id> /abs/path/to/project
 da-vinci icon-sync                      # 默认容错；需要强门禁时加 --strict
 cp references/icon-aliases.example.json ~/.da-vinci/icon-aliases.json
 da-vinci icon-search --query "settings lock" --family material --top 8
+da-vinci supervisor-review --project /abs/path/to/project --change <change-id> --run-reviewers --write
 da-vinci preflight-pencil --ops-file /abs/path/to/ops.txt
 da-vinci uninstall --platform codex,claude,gemini
 ```
@@ -414,6 +422,14 @@ Context Delta 与 audit 的关系：
 - 返回排序候选，并附带可直接复用的 `icon_font` 节点 payload 提示
 - `Icon System Guidance (Advisory)` 可复制模板见 `docs/constraint-files.md` 与 `references/artifact-templates.md`
 
+`da-vinci supervisor-review` 提供本地结构化评审记录能力：
+
+- 加上 `--write` 时，会把 `Configured reviewers`、`Executed reviewers`、`Review source`、`Status`、`Issue list`、`Revision outcome` 写入 `pencil-design.md`
+- 可通过 `--status PASS|WARN|BLOCK` 显式指定，也可基于当前设计工件做保守推断
+- 对 required supervisor gate，优先使用 `--run-reviewers --write`，让 reviewer skills 执行与结果持久化一体完成
+- reviewer 执行参数可通过 `--review-concurrency`、`--review-retries`、`--review-retry-delay-ms` 调优（指数退避）
+- `design-supervisor review` 作为兼容别名仍可使用
+
 当 Pencil MCP 可用时，Da Vinci 现在还要求在终态完成声明前，把 MCP runtime gate 结果记录到 `pencil-design.md`。这层 gate 负责检查 live editor/source convergence，与 filesystem audit 分工不同。
 在重设计进行中，如果有 shell 能力，应在第一次成功写入 Pencil 后立即运行 `da-vinci audit --mode integrity <project-path>`；如果同一个 anchor surface 连续回滚，则继续配合 `da-vinci preflight-pencil` 和更小的 follow-up batch。
 

package/SKILL.md

@@ -280,9 +280,9 @@ During active Pencil work:
 - exported screenshots are review artifacts only; place them under `.da-vinci/changes/<change-id>/exports/` and never treat them as a substitute for the project-local `.pen` source
 - screenshot review is binding: if the review calls out hierarchy, spacing, clarity, inconsistency, or unresolved-placeholder issues, revise the screen before treating the checkpoint as `PASS`
 - screenshot review must record an explicit `PASS`, `WARN`, or `BLOCK` plus the concrete issue list and revision outcome; phrases such as "looks good" do not count as review evidence
-- if `DA-VINCI.md` declares `Design-supervisor reviewers`, run `design-supervisor review` after screenshot review, layout hygiene, and design checkpoint for the approved anchor set
+- if `DA-VINCI.md` declares `Design-supervisor reviewers`, run an explicit review pass with those reviewer skills on the approved anchor set, then persist the structured result with `da-vinci supervisor-review --project <project-path> --change <change-id> --run-reviewers --write` (or the compatibility alias `design-supervisor review --run-reviewers --write`)
 - keep `Design-supervisor reviewers` separate from `Preferred adapters`; adapters lead the design pass, reviewers judge whether the final style quality is strong enough to expand or implement
-- when `design-supervisor review` is active, review screenshots together with Pencil theme variables, `visual-thesis.md`, `content-plan.md`, and `interaction-thesis.md`, then record an explicit `PASS`, `WARN`, or `BLOCK` plus issue list and revision outcome in `pencil-design.md`
+- when `design-supervisor review` is active, review screenshots together with Pencil theme variables, `visual-thesis.md`, `content-plan.md`, and `interaction-thesis.md`; record `Configured reviewers`, `Executed reviewers`, `Review source`, explicit `PASS`/`WARN`/`BLOCK`, issue list, and revision outcome in `pencil-design.md`
 - if `DA-VINCI.md` sets `Require Supervisor Review: true`, treat missing, blocked, or unaccepted `design-supervisor review` as a blocker before broad expansion, implementation-task handoff, or terminal completion
 
 ## Load References On Demand

package/bin/design-supervisor.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+
+const { runCli } = require("../lib/cli");
+
+function printHelp() {
+  console.log(
+    [
+      "Design Supervisor CLI (Da Vinci bridge)",
+      "",
+      "Usage:",
+      "  design-supervisor review --project <path> --change <id> [--run-reviewers] [--review-concurrency <value>] [--review-retries <value>] [--review-retry-delay-ms <value>] [--source <skill|manual|inferred>] [--executed-reviewers <csv>] [--status <PASS|WARN|BLOCK>] [--issue-list <text>] [--revision-outcome <text>] [--write] [--json]",
+      "",
+      "Notes:",
+      "  - This command is a compatibility alias for `da-vinci supervisor-review`.",
+      "  - It does not replace completion gating; use `da-vinci audit --mode completion` for final gate checks."
+    ].join("\n")
+  );
+}
+
+async function main() {
+  const args = process.argv.slice(2);
+  const [subcommand] = args;
+
+  if (!subcommand || subcommand === "--help" || subcommand === "-h" || subcommand === "help") {
+    printHelp();
+    return;
+  }
+
+  if (subcommand !== "review") {
+    throw new Error(`Unknown subcommand: ${subcommand}`);
+  }
+
+  await runCli(["supervisor-review", ...args.slice(1)]);
+}
+
+main().catch((error) => {
+  console.error(error.message || String(error));
+  process.exit(1);
+});

package/commands/claude/dv/design.md

@@ -26,5 +26,5 @@ If a registered project-local `.pen` already exists, reopen it for continuity bu
 After the first successful Pencil write, run `da-vinci audit --mode integrity <project-path>` before broad expansion continues.
 If Pencil MCP is active, run the MCP runtime gate after the first successful Pencil write and record it in `pencil-design.md`.
 Screenshot review must record an explicit `PASS`, `WARN`, or `BLOCK` plus the issue list and revision outcome; "looks good" is not a valid review record.
-If `DA-VINCI.md` declares `Design-supervisor reviewers`, run `design-supervisor review` after screenshot review, layout hygiene, and design checkpoint, then record the reviewers, inputs, status, issue list, and revision outcome in `pencil-design.md`. If `Require Supervisor Review: true`, treat missing, blocked, or unaccepted review results as blocking before broad expansion or terminal completion.
+If `DA-VINCI.md` declares `Design-supervisor reviewers`, execute those reviewer skills on the approved anchor screenshots (do not skip to inferred review), then persist the structured result via `da-vinci supervisor-review --project <project-path> --change <change-id> --run-reviewers --write` (or the compatibility alias `design-supervisor review --run-reviewers --write`). Record configured/ executed reviewers, review source, status, issue list, and revision outcome in `pencil-design.md`. If `Require Supervisor Review: true`, treat missing, blocked, unaccepted, or non-skill-backed review results as blocking before broad expansion or terminal completion.
 Before reporting `design complete` or `workflow complete`, run `da-vinci audit --mode completion --change <change-id> <project-path>` and treat any failure as blocking.

package/commands/codex/prompts/dv-design.md

@@ -20,5 +20,5 @@ If a registered project-local `.pen` already exists, reopen it for continuity bu
 After the first successful Pencil write, run `da-vinci audit --mode integrity <project-path>` before broad expansion continues.
 If Pencil MCP is active, run the MCP runtime gate after the first successful Pencil write and record it in `pencil-design.md`.
 Screenshot review must record an explicit `PASS`, `WARN`, or `BLOCK` plus the issue list and revision outcome; "looks good" is not a valid review record.
-If `DA-VINCI.md` declares `Design-supervisor reviewers`, run `design-supervisor review` after screenshot review, layout hygiene, and design checkpoint, then record the reviewers, inputs, status, issue list, and revision outcome in `pencil-design.md`. If `Require Supervisor Review: true`, treat missing, blocked, or unaccepted review results as blocking before broad expansion or terminal completion.
+If `DA-VINCI.md` declares `Design-supervisor reviewers`, execute those reviewer skills on the approved anchor screenshots (do not skip to inferred review), then persist the structured result via `da-vinci supervisor-review --project <project-path> --change <change-id> --run-reviewers --write` (or the compatibility alias `design-supervisor review --run-reviewers --write`). Record configured/ executed reviewers, review source, status, issue list, and revision outcome in `pencil-design.md`. If `Require Supervisor Review: true`, treat missing, blocked, unaccepted, or non-skill-backed review results as blocking before broad expansion or terminal completion.
 Before claiming `design complete` or `workflow complete`, run `da-vinci audit --mode completion --change <change-id> <project-path>` and treat any failure as blocking.

package/commands/gemini/dv/design.toml

@@ -19,6 +19,6 @@ If a registered project-local `.pen` already exists, reopen it for continuity bu
 After the first successful Pencil write, run `da-vinci audit --mode integrity <project-path>` before broad expansion continues.
 If Pencil MCP is active, run the MCP runtime gate after the first successful Pencil write and record it in `pencil-design.md`.
 Screenshot review must record an explicit `PASS`, `WARN`, or `BLOCK` plus the issue list and revision outcome; "looks good" is not a valid review record.
-If `DA-VINCI.md` declares `Design-supervisor reviewers`, run `design-supervisor review` after screenshot review, layout hygiene, and design checkpoint, then record the reviewers, inputs, status, issue list, and revision outcome in `pencil-design.md`. If `Require Supervisor Review: true`, treat missing, blocked, or unaccepted review results as blocking before broad expansion or terminal completion.
+If `DA-VINCI.md` declares `Design-supervisor reviewers`, execute those reviewer skills on the approved anchor screenshots (do not skip to inferred review), then persist the structured result via `da-vinci supervisor-review --project <project-path> --change <change-id> --run-reviewers --write` (or the compatibility alias `design-supervisor review --run-reviewers --write`). Record configured/ executed reviewers, review source, status, issue list, and revision outcome in `pencil-design.md`. If `Require Supervisor Review: true`, treat missing, blocked, unaccepted, or non-skill-backed review results as blocking before broad expansion or terminal completion.
 Before reporting `design complete` or `workflow complete`, run `da-vinci audit --mode completion --change <change-id> <project-path>` and treat any failure as blocking.
 """

package/docs/constraint-files.md

@@ -38,11 +38,14 @@ The workflow audit currently parses specific fields. Keep these names stable.
 
 ### `pencil-design.md` -> `## Design-Supervisor Review`
 
+- `Configured reviewers`
+- `Executed reviewers`
+- `Review source`
 - `Status`
 - `Issue list`
 - `Revision outcome`
 
-When supervisor review is required, missing or blocked review evidence blocks completion.
+When supervisor review is required, missing, blocked, unaccepted, or non-skill-backed review evidence blocks completion.
 
 ## Advisory Constraint Sections (Customizable)
 

package/docs/dv-command-reference.md

@@ -47,6 +47,12 @@ These commands do not replace route selection, but they support design execution
 - `da-vinci icon-search --query "<text>" [--family ...] [--top ...] [--aliases ...]`
   - resolve likely `icon_font` names before writing Pencil `batch_design` operations
   - supports mixed EN/ZH terms and optional alias expansion via `~/.da-vinci/icon-aliases.json`
+- `da-vinci supervisor-review --project <path> --change <id> [--run-reviewers] [--review-concurrency <value>] [--review-retries <value>] [--review-retry-delay-ms <value>] [--source <skill|manual|inferred>] [--executed-reviewers <csv>] [--status ...] [--issue-list ...] [--revision-outcome ...] [--write]`
+  - persists a structured supervisor-review record (`Configured reviewers`, `Executed reviewers`, `Review source`, `Status`, `Issue list`, `Revision outcome`) in `pencil-design.md`
+  - use `--run-reviewers --write` for one-step execution + record persistence through configured reviewer skills
+  - `--review-concurrency`, `--review-retries`, and `--review-retry-delay-ms` control parallelism and retry backoff for reviewer execution
+  - when `Require Supervisor Review: true`, inferred/manual records are completion-blocking
+  - `design-supervisor review` is kept as a compatibility alias that forwards to this command
 
 Use these utilities during `/dv:design`, especially before anchor-surface icon finalization.
 

package/docs/zh-CN/constraint-files.md

@@ -40,11 +40,14 @@
 
 ### `pencil-design.md` -> `## Design-Supervisor Review`
 
+- `Configured reviewers`
+- `Executed reviewers`
+- `Review source`
 - `Status`
 - `Issue list`
 - `Revision outcome`
 
-当 supervisor review 是必需时，缺失或 `BLOCK` 的评审证据会阻断 completion。
+当 supervisor review 是必需时，缺失、`BLOCK`、未接受、或非 skill-backed 的评审证据都会阻断 completion。
 
 ## 指导型约束段（可定制）
 

package/docs/zh-CN/dv-command-reference.md

@@ -49,6 +49,12 @@ Da Vinci 期望它们遵循工作流状态。
 - `da-vinci icon-search --query "<关键词>" [--family ...] [--top ...] [--aliases ...]`
   - 在写 Pencil `batch_design` 前先收敛可用的 `icon_font` 名称
   - 支持中英文混合词，并可通过 `~/.da-vinci/icon-aliases.json` 做语义扩展
+- `da-vinci supervisor-review --project <path> --change <id> [--run-reviewers] [--review-concurrency <value>] [--review-retries <value>] [--review-retry-delay-ms <value>] [--source <skill|manual|inferred>] [--executed-reviewers <csv>] [--status ...] [--issue-list ...] [--revision-outcome ...] [--write]`
+  - 持久化结构化 supervisor review 记录（`Configured reviewers`、`Executed reviewers`、`Review source`、`Status`、`Issue list`、`Revision outcome`）到 `pencil-design.md`
+  - 推荐直接用 `--run-reviewers --write` 一步完成 reviewer skills 执行与记录落盘
+  - 通过 `--review-concurrency`、`--review-retries`、`--review-retry-delay-ms` 可调 reviewer 并发与重试退避
+  - 当 `Require Supervisor Review: true` 时，`manual/inferred` 记录会被 completion 阻断
+  - `design-supervisor review` 作为兼容别名保留，并会转发到该命令
 
 建议在 `/dv:design` 阶段使用，尤其是在 anchor surface 的图标定稿前。