@xenonbyte/da-vinci-workflow 0.2.6 → 0.2.7

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## v0.2.7 - 2026-04-05
+
+### Added
+- `bounded-worker-isolation-contract` OpenSpec change with six contract slices covering advisory bounded-parallel baseline, isolated workspace rules, worker handoff payloads, sequencing, evidence writeback, and downgrade safety
+- `lib/isolated-worker-handoff.js` plus phase 1-4 regression tests for worker handoff payload constraints and contract closeout checks
+
+### Changed
+- `task-execution`, `task-review`, and `workflow-state` now keep isolated-worker evidence aligned with the new contract, including explicit partial-progress handling, review-order enforcement, out-of-scope-write blocking, and bounded-parallel downgrade visibility
+- `quality:ci:contracts` now includes bounded worker isolation contract regressions instead of relying only on docs/asset consistency lanes
+- supervisor-review reviewer execution now invokes `codex exec` with an explicit prompt separator and closed stdin, matching the real bridge behavior used by the integration smoke
+
+### Fixed
+- reviewer bridge diagnostics now keep `stdout` / `stderr` context when Codex exits without writing the expected structured JSON output
+- supervisor-review CLI and integration smoke fixtures now attach valid exported PNG screenshots so real reviewer runs can execute end to end
+- release docs now reflect the current published version and release highlights
+
 ## v0.2.6 - 2026-04-04
 
 ### Added

package/README.md

@@ -34,15 +34,15 @@ Use `da-vinci maintainer-readiness` as the canonical maintainer diagnosis surfac
 
 Latest published npm package:
 
-- `@xenonbyte/da-vinci-workflow@0.2.6`
+- `@xenonbyte/da-vinci-workflow@0.2.7`
 
-Release highlights for `0.2.6`:
+Release highlights for `0.2.7`:
 
-- quality-gate alignment landed across `lint-spec` + `scope-check` + `lint-tasks`, with shared gate-envelope utilities and explicit clarify/analyze/task-checkpoint routing
-- `scope-check` analyze gate now catches empty `pencil-bindings.md` page-traceability drift and hardens orphan-task detection (with planning-anchor aware advisory fallback)
-- `lint-tasks` now derives upstream clarify/analyze context from current artifacts when persisted signals are stale, including clarify bounded-context carry-forward
-- planning-signal freshness for `lint-tasks` now includes `proposal.md` and page-map dependencies to avoid stale task-checkpoint trust
-- workflow promotion and integrity audit now keep clarify bounded context visible as notes while preserving non-blocking bounded semantics
+- bounded worker isolation is now formalized as a contract-only OpenSpec change, with explicit task-group ownership, isolated workspace, handoff, sequencing, writeback, and downgrade rules
+- `task-execution`, `task-review`, and `workflow-state` now align with that contract by blocking out-of-scope writes, preserving review ordering, and rejecting `partial=true` + `DONE`
+- the reviewer bridge now runs `codex exec` with closed stdin plus explicit prompt separation, and preserves raw diagnostics when structured reviewer output is missing
+- contract CI now exercises bounded-worker-isolation phase 1-4 tests directly instead of relying only on docs/asset consistency checks
+- supervisor-review smoke fixtures now use valid exported screenshots, and the real reviewer bridge integration passes end to end
 
 ## Discipline And Orchestration Upgrade
 

package/README.zh-CN.md

@@ -37,15 +37,15 @@ Da Vinci 是一个把产品需求一路推进到结构化规格、Pencil 设计
 
 最新已发布 npm 包：
 
-- `@xenonbyte/da-vinci-workflow@0.2.6`
+- `@xenonbyte/da-vinci-workflow@0.2.7`
 
-`0.2.6` 版本重点：
+`0.2.7` 版本重点：
 
-- 完成 `lint-spec`、`scope-check`、`lint-tasks` 质量门对齐，并引入共享 gate-envelope 工具，明确 clarify/analyze/task-checkpoint 路由
-- `scope-check` 的 analyze gate 现在会对空 `pencil-bindings.md` 报告页面可追踪性漂移，并强化 orphan task 检测（支持 planning-anchor 降级为 advisory）
-- `lint-tasks` 在 persisted 信号过期时会从当前工件重新派生 clarify/analyze 上游上下文，并保留 clarify bounded-context
-- `lint-tasks` 的 freshness 依赖新增 `proposal.md` 与 page-map 链路，避免 task-checkpoint 误信陈旧上游信号
-- workflow promotion 与 integrity audit 现在都会稳定展示 clarify bounded context 备注，同时保持 bounded 默认非阻断语义
+- `bounded-worker-isolation-contract` 现已作为 contract-only OpenSpec 变更落地，明确 task-group ownership、isolated workspace、handoff、sequencing、writeback 与 downgrade 规则
+- `task-execution`、`task-review`、`workflow-state` 现已与该 contract 对齐：会阻断 out-of-scope writes，保持 review 顺序，并拒绝 `partial=true` 与 `DONE` 组合
+- reviewer bridge 现在会以显式 prompt 分隔并关闭 stdin 的方式运行 `codex exec`，同时在 reviewer 缺失结构化输出时保留原始诊断
+- contract CI 现在会直接跑 bounded-worker-isolation phase 1-4 回归，不再只依赖文档/命令资产一致性检查
+- supervisor-review smoke fixture 现在使用有效截图，真实 reviewer bridge integration 已能端到端通过
 
 ## Discipline And Orchestration 升级
 

package/docs/dv-command-reference.md

@@ -97,8 +97,10 @@ These commands do not replace route selection, but they support design execution
   - generates reviewable TODO scaffold templates with framework-aware shape (`next`/`react`/`vue`/`svelte`/`html`)
   - keeps known implementation landing extension/route shape when a concrete landing already exists
   - unknown/ambiguous framework detection falls back to HTML with explicit warning; traversal/output-root safety remains enforced
-- `da-vinci task-execution --project <path> --change <id> --task-group <id> --status <DONE|DONE_WITH_CONCERNS|NEEDS_CONTEXT|BLOCKED> --summary <text> [--changed-files <csv>] [--test-evidence <csv>] [--concerns <csv>] [--blockers <csv>] [--json]`
+- `da-vinci task-execution --project <path> --change <id> --task-group <id> --status <DONE|DONE_WITH_CONCERNS|NEEDS_CONTEXT|BLOCKED> --summary <text> [--changed-files <csv>] [--test-evidence <csv> --confirm-test-evidence-executed] [--pending-test-evidence <csv>] [--concerns <csv>] [--blockers <csv>] [--out-of-scope-writes <csv>] [--partial] [--json]`
   - persists normalized implementer-status envelopes into execution signals
+  - `--pending-test-evidence` and `--partial` keep the envelope explicitly non-final; `DONE` is invalid when either is present
+  - `--out-of-scope-writes` keeps write-scope drift visible to workflow safety handling
   - use this to keep resume routing machine-readable when implementation is blocked or concerns remain
 - `da-vinci task-review --project <path> --change <id> --task-group <id> --stage <spec|quality> --status <PASS|WARN|BLOCK> --summary <text> [--issues <csv>] [--reviewer <name>] [--write-verification] [--json]`
   - persists ordered two-stage task review evidence (`spec` before `quality`)

package/docs/zh-CN/dv-command-reference.md

@@ -97,8 +97,10 @@ Da Vinci 期望它们遵循工作流状态。
   - 生成 framework-aware 的 TODO 可审查骨架（`next`/`react`/`vue`/`svelte`/`html`）
   - 若已存在明确实现落点，会优先保留该落点的扩展名与路由形状
   - 框架未知或冲突时显式告警并回退 HTML；同时继续严格执行 traversal/output-root 安全约束
-- `da-vinci task-execution --project <path> --change <id> --task-group <id> --status <DONE|DONE_WITH_CONCERNS|NEEDS_CONTEXT|BLOCKED> --summary <text> [--changed-files <csv>] [--test-evidence <csv>] [--concerns <csv>] [--blockers <csv>] [--json]`
+- `da-vinci task-execution --project <path> --change <id> --task-group <id> --status <DONE|DONE_WITH_CONCERNS|NEEDS_CONTEXT|BLOCKED> --summary <text> [--changed-files <csv>] [--test-evidence <csv> --confirm-test-evidence-executed] [--pending-test-evidence <csv>] [--concerns <csv>] [--blockers <csv>] [--out-of-scope-writes <csv>] [--partial] [--json]`
   - 持久化结构化 implementer 执行结果包，作为 task 级执行证据
+  - `--pending-test-evidence` 与 `--partial` 会将结果明确标记为非终态；此时不得使用 `DONE`
+  - `--out-of-scope-writes` 会把写范围漂移显式暴露给 workflow safety 处理
 - `da-vinci task-review --project <path> --change <id> --task-group <id> --stage <spec|quality> --status <PASS|WARN|BLOCK> --summary <text> [--issues <csv>] [--reviewer <name>] [--write-verification] [--json]`
   - 持久化有序两阶段 task review 证据（`spec` 在前，`quality` 在后）
 - `da-vinci worktree-preflight --project <path> [--change <id>] [--json]`

package/lib/cli.js

@@ -125,8 +125,10 @@ const OPTION_FLAGS_WITH_VALUES = new Set([
   "--task-group",
   "--changed-files",
   "--test-evidence",
+  "--pending-test-evidence",
   "--concerns",
   "--blockers",
+  "--out-of-scope-writes",
   "--issues",
   "--reviewer",
   "--source",
@@ -199,8 +201,21 @@ const HELP_OPTION_SPECS = [
     description: "comma-separated changed files for verify-implementation/verify-structure/verify-coverage/task-execution"
   },
   { flag: "--test-evidence <csv>", description: "comma-separated test evidence commands for task-execution" },
+  {
+    flag: "--pending-test-evidence <csv>",
+    description: "comma-separated planned-but-not-executed test commands for task-execution"
+  },
+  {
+    flag: "--confirm-test-evidence-executed",
+    description: "required when providing --test-evidence; confirms listed commands actually ran"
+  },
   { flag: "--concerns <csv>", description: "comma-separated concern text for task-execution" },
   { flag: "--blockers <csv>", description: "comma-separated blocker text for task-execution" },
+  {
+    flag: "--out-of-scope-writes <csv>",
+    description: "comma-separated out-of-scope write paths for task-execution safety visibility"
+  },
+  { flag: "--partial", description: "mark task-execution payload as non-final progress evidence" },
   { flag: "--issues <csv>", description: "comma-separated issue text for task-review" },
   { flag: "--reviewer <name>", description: "reviewer identifier for task-review" },
   { flag: "--write-verification", description: "append task-review evidence into verification.md" },
@@ -560,7 +575,7 @@ function printHelp() {
       "  da-vinci verify-implementation [--project <path>] [--change <id>] [--changed-files <csv>] [--strict] [--json]",
       "  da-vinci verify-structure [--project <path>] [--change <id>] [--changed-files <csv>] [--strict] [--json]",
       "  da-vinci verify-coverage [--project <path>] [--change <id>] [--changed-files <csv>] [--strict] [--json]",
-      "  da-vinci task-execution --project <path> --change <id> --task-group <id> --status <DONE|DONE_WITH_CONCERNS|NEEDS_CONTEXT|BLOCKED> --summary <text> [--changed-files <csv>] [--test-evidence <csv>] [--concerns <csv>] [--blockers <csv>] [--json]",
+      "  da-vinci task-execution --project <path> --change <id> --task-group <id> --status <DONE|DONE_WITH_CONCERNS|NEEDS_CONTEXT|BLOCKED> --summary <text> [--changed-files <csv>] [--test-evidence <csv> --confirm-test-evidence-executed] [--pending-test-evidence <csv>] [--concerns <csv>] [--blockers <csv>] [--out-of-scope-writes <csv>] [--partial] [--json]",
       "  da-vinci task-review --project <path> --change <id> --task-group <id> --stage <spec|quality> --status <PASS|WARN|BLOCK> --summary <text> [--issues <csv>] [--reviewer <name>] [--write-verification] [--json]",
       "  da-vinci worktree-preflight --project <path> [--change <id>] [--json]",
       "  da-vinci diff-spec [--project <path>] [--change <id>] [--from <sidecars-dir>] [--json]",
@@ -1189,8 +1204,12 @@ async function runCli(argv) {
       summary: getOption(argv, "--summary"),
       changedFiles: getCommaSeparatedOptionValues(argv, "--changed-files"),
       testEvidence: getCommaSeparatedOptionValues(argv, "--test-evidence"),
+      pendingTestEvidence: getCommaSeparatedOptionValues(argv, "--pending-test-evidence"),
+      confirmTestEvidenceExecuted: argv.includes("--confirm-test-evidence-executed"),
       concerns: getCommaSeparatedOptionValues(argv, "--concerns"),
-      blockers: getCommaSeparatedOptionValues(argv, "--blockers")
+      blockers: getCommaSeparatedOptionValues(argv, "--blockers"),
+      outOfScopeWrites: getCommaSeparatedOptionValues(argv, "--out-of-scope-writes"),
+      partial: argv.includes("--partial")
     });
     const useJson = argv.includes("--json");
     const output = useJson ? JSON.stringify(result, null, 2) : formatTaskExecutionReport(result);

package/lib/isolated-worker-handoff.js

@@ -0,0 +1,181 @@
+const VALID_IMPLEMENTER_RESULT_STATUSES = new Set([
+  "DONE",
+  "DONE_WITH_CONCERNS",
+  "NEEDS_CONTEXT",
+  "BLOCKED"
+]);
+
+const IMPLEMENTER_INPUT_REQUIRED_FIELDS = Object.freeze([
+  "changeId",
+  "taskGroupId",
+  "title",
+  "executionIntent",
+  "targetFiles",
+  "fileReferences",
+  "reviewIntent",
+  "verificationActions",
+  "verificationCommands",
+  "canonicalProjectRoot",
+  "isolatedWorkspaceRoot"
+]);
+
+const IMPLEMENTER_RESULT_REQUIRED_FIELDS = Object.freeze([
+  "changeId",
+  "taskGroupId",
+  "status",
+  "summary",
+  "changedFiles",
+  "testEvidence",
+  "concerns",
+  "blockers",
+  "outOfScopeWrites",
+  "recordedAt"
+]);
+
+const IMPLEMENTER_PROGRESS_REQUIRED_FIELDS = Object.freeze([
+  ...IMPLEMENTER_RESULT_REQUIRED_FIELDS,
+  "partial"
+]);
+
+function normalizeString(value) {
+  return String(value || "").trim();
+}
+
+function normalizeList(value) {
+  const source = Array.isArray(value)
+    ? value
+    : String(value || "")
+        .split(/[,\n;]/)
+        .map((item) => item.trim());
+  return Array.from(
+    new Set(
+      source
+        .map((item) => String(item || "").trim())
+        .filter(Boolean)
+    )
+  );
+}
+
+function assertRequiredFields(payload, requiredFields, label) {
+  const missing = requiredFields.filter((field) => !Object.prototype.hasOwnProperty.call(payload || {}, field));
+  if (missing.length > 0) {
+    throw new Error(`${label} is missing required fields: ${missing.join(", ")}`);
+  }
+}
+
+function assertNoUnknownFields(payload, allowedFields, label) {
+  const allowed = new Set(allowedFields);
+  const unknown = Object.keys(payload || {}).filter((field) => !allowed.has(field));
+  if (unknown.length > 0) {
+    throw new Error(`${label} contains unsupported fields: ${unknown.join(", ")}`);
+  }
+}
+
+function normalizeStatus(status) {
+  const normalized = normalizeString(status).toUpperCase();
+  if (!VALID_IMPLEMENTER_RESULT_STATUSES.has(normalized)) {
+    throw new Error(
+      `isolated implementer result status must be one of ${Array.from(VALID_IMPLEMENTER_RESULT_STATUSES).join(", ")}.`
+    );
+  }
+  return normalized;
+}
+
+function normalizeRecordedAt(value, label) {
+  const normalized = normalizeString(value);
+  if (!normalized) {
+    throw new Error(`${label} requires recordedAt.`);
+  }
+  const parsed = Date.parse(normalized);
+  if (!Number.isFinite(parsed)) {
+    throw new Error(`${label} recordedAt must be a valid ISO-8601 timestamp.`);
+  }
+  return new Date(parsed).toISOString();
+}
+
+function normalizeIsolatedImplementerInputPayload(payload = {}) {
+  assertRequiredFields(payload, IMPLEMENTER_INPUT_REQUIRED_FIELDS, "isolated implementer input payload");
+  assertNoUnknownFields(payload, IMPLEMENTER_INPUT_REQUIRED_FIELDS, "isolated implementer input payload");
+
+  const changeId = normalizeString(payload.changeId);
+  const taskGroupId = normalizeString(payload.taskGroupId);
+  const title = normalizeString(payload.title);
+  const canonicalProjectRoot = normalizeString(payload.canonicalProjectRoot);
+  const isolatedWorkspaceRoot = normalizeString(payload.isolatedWorkspaceRoot);
+  if (!changeId || !taskGroupId || !title || !canonicalProjectRoot || !isolatedWorkspaceRoot) {
+    throw new Error(
+      "isolated implementer input payload requires non-empty changeId, taskGroupId, title, canonicalProjectRoot, and isolatedWorkspaceRoot."
+    );
+  }
+
+  return {
+    changeId,
+    taskGroupId,
+    title,
+    executionIntent: normalizeList(payload.executionIntent),
+    targetFiles: normalizeList(payload.targetFiles),
+    fileReferences: normalizeList(payload.fileReferences),
+    reviewIntent: payload.reviewIntent === true,
+    verificationActions: normalizeList(payload.verificationActions),
+    verificationCommands: normalizeList(payload.verificationCommands),
+    canonicalProjectRoot,
+    isolatedWorkspaceRoot
+  };
+}
+
+function normalizeIsolatedImplementerResultPayload(payload = {}) {
+  assertRequiredFields(payload, IMPLEMENTER_RESULT_REQUIRED_FIELDS, "isolated implementer result payload");
+  assertNoUnknownFields(payload, IMPLEMENTER_RESULT_REQUIRED_FIELDS, "isolated implementer result payload");
+
+  const changeId = normalizeString(payload.changeId);
+  const taskGroupId = normalizeString(payload.taskGroupId);
+  const summary = normalizeString(payload.summary);
+  if (!changeId || !taskGroupId || !summary) {
+    throw new Error("isolated implementer result payload requires non-empty changeId, taskGroupId, and summary.");
+  }
+
+  return {
+    changeId,
+    taskGroupId,
+    status: normalizeStatus(payload.status),
+    summary,
+    changedFiles: normalizeList(payload.changedFiles),
+    testEvidence: normalizeList(payload.testEvidence),
+    concerns: normalizeList(payload.concerns),
+    blockers: normalizeList(payload.blockers),
+    outOfScopeWrites: normalizeList(payload.outOfScopeWrites),
+    recordedAt: normalizeRecordedAt(payload.recordedAt, "isolated implementer result payload")
+  };
+}
+
+function normalizeIsolatedImplementerProgressPayload(payload = {}) {
+  assertRequiredFields(payload, IMPLEMENTER_PROGRESS_REQUIRED_FIELDS, "isolated implementer progress payload");
+  assertNoUnknownFields(payload, IMPLEMENTER_PROGRESS_REQUIRED_FIELDS, "isolated implementer progress payload");
+  if (payload.partial !== true) {
+    throw new Error("isolated implementer progress payload requires partial=true.");
+  }
+
+  const {
+    partial: _partial,
+    ...resultShape
+  } = payload;
+  const normalizedResult = normalizeIsolatedImplementerResultPayload(resultShape);
+  if (normalizedResult.status === "DONE") {
+    throw new Error("isolated implementer progress payload cannot use status DONE because partial snapshots are non-final.");
+  }
+
+  return {
+    ...normalizedResult,
+    partial: true
+  };
+}
+
+module.exports = {
+  VALID_IMPLEMENTER_RESULT_STATUSES,
+  IMPLEMENTER_INPUT_REQUIRED_FIELDS,
+  IMPLEMENTER_RESULT_REQUIRED_FIELDS,
+  IMPLEMENTER_PROGRESS_REQUIRED_FIELDS,
+  normalizeIsolatedImplementerInputPayload,
+  normalizeIsolatedImplementerResultPayload,
+  normalizeIsolatedImplementerProgressPayload
+};

package/lib/supervisor-review.js

@@ -1,7 +1,7 @@
 const fs = require("fs");
 const path = require("path");
 const os = require("os");
-const { execFile } = require("child_process");
+const { spawn } = require("child_process");
 const {
   escapeRegExp,
   isPlainObject,
@@ -120,6 +120,19 @@ function truncateForError(value, maxLength = 240) {
   return `${text.slice(0, maxLength)}...`;
 }
 
+function buildReviewerExecutionDiagnostics(stdout, stderr) {
+  const diagnostics = [];
+  const normalizedStderr = truncateForError(stderr, 600);
+  const normalizedStdout = truncateForError(stdout, 600);
+  if (normalizedStderr) {
+    diagnostics.push(`stderr: ${normalizedStderr}`);
+  }
+  if (normalizedStdout) {
+    diagnostics.push(`stdout: ${normalizedStdout}`);
+  }
+  return diagnostics;
+}
+
 function parseReviewerPayload(rawText) {
   const payload = parseJsonText(String(rawText || "").trim(), "reviewer JSON payload");
   if (!isPlainObject(payload)) {
@@ -146,8 +159,97 @@ function parseReviewerPayload(rawText) {
 
 function execFileAsync(command, args, options = {}) {
   return new Promise((resolve, reject) => {
-    execFile(command, args, options, (error, stdout, stderr) => {
-      if (error) {
+    const encoding = options.encoding || "utf8";
+    const maxBuffer = Number.isFinite(options.maxBuffer) && options.maxBuffer > 0 ? options.maxBuffer : Infinity;
+    const child = spawn(command, args, {
+      cwd: options.cwd,
+      env: options.env,
+      shell: false,
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+
+    let finished = false;
+    let timedOut = false;
+    let overflowed = false;
+    let stdoutSize = 0;
+    let stderrSize = 0;
+    const stdoutChunks = [];
+    const stderrChunks = [];
+
+    function finalizeError(error) {
+      if (finished) {
+        return;
+      }
+      finished = true;
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+      }
+      error.stdout = Buffer.concat(stdoutChunks).toString(encoding);
+      error.stderr = Buffer.concat(stderrChunks).toString(encoding);
+      reject(error);
+    }
+
+    function pushChunk(target, chunk, currentSize) {
+      const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk || ""), encoding);
+      const nextSize = currentSize + buffer.length;
+      target.push(buffer);
+      return nextSize;
+    }
+
+    const timeoutMs = Number.isFinite(options.timeout) && options.timeout > 0 ? options.timeout : 0;
+    const timeoutId =
+      timeoutMs > 0
+        ? setTimeout(() => {
+            timedOut = true;
+            child.kill();
+          }, timeoutMs)
+        : null;
+
+    child.on("error", (error) => {
+      finalizeError(error);
+    });
+
+    child.stdout.on("data", (chunk) => {
+      stdoutSize = pushChunk(stdoutChunks, chunk, stdoutSize);
+      if (stdoutSize > maxBuffer && !overflowed) {
+        overflowed = true;
+        const error = new Error("stdout maxBuffer length exceeded");
+        error.code = "ERR_CHILD_PROCESS_STDIO_MAXBUFFER";
+        child.kill();
+        finalizeError(error);
+      }
+    });
+
+    child.stderr.on("data", (chunk) => {
+      stderrSize = pushChunk(stderrChunks, chunk, stderrSize);
+      if (stderrSize > maxBuffer && !overflowed) {
+        overflowed = true;
+        const error = new Error("stderr maxBuffer length exceeded");
+        error.code = "ERR_CHILD_PROCESS_STDIO_MAXBUFFER";
+        child.kill();
+        finalizeError(error);
+      }
+    });
+
+    child.on("close", (code, signal) => {
+      if (finished) {
+        return;
+      }
+      finished = true;
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+      }
+      const stdout = Buffer.concat(stdoutChunks).toString(encoding);
+      const stderr = Buffer.concat(stderrChunks).toString(encoding);
+      if (timedOut || code !== 0) {
+        const error = new Error(
+          timedOut
+            ? `Process timed out after ${timeoutMs}ms`
+            : `Process exited with code ${code !== null ? code : "unknown"}`
+        );
+        error.code = code;
+        error.signal = signal;
+        error.killed = timedOut;
         error.stdout = stdout;
         error.stderr = stderr;
         reject(error);
@@ -241,11 +343,12 @@ async function runReviewerWithCodexOnce(options = {}) {
     for (const screenshotPath of screenshotPaths || []) {
       args.push("-i", screenshotPath);
     }
-    args.push(prompt);
+    args.push("--", prompt);
 
     const timeoutValue = normalizePositiveInt(timeoutMs, 0, 0, 30 * 60 * 1000);
+    let execResult = null;
     try {
-      await execFileAsync(codexBin, args, {
+      execResult = await execFileAsync(codexBin, args, {
         encoding: "utf8",
         maxBuffer: resolvedMaxBuffer,
         timeout: timeoutValue > 0 ? timeoutValue : undefined
@@ -272,7 +375,15 @@ async function runReviewerWithCodexOnce(options = {}) {
     }
 
     if (!pathExists(outputPath)) {
-      throw new Error(`Reviewer \`${reviewer}\` completed but produced no output JSON.`);
+      const diagnostics = buildReviewerExecutionDiagnostics(
+        execResult && execResult.stdout,
+        execResult && execResult.stderr
+      );
+      throw new Error(
+        `Reviewer \`${reviewer}\` completed but produced no output JSON.${
+          diagnostics.length > 0 ? ` ${diagnostics.join(" | ")}` : ""
+        }`
+      );
     }
 
     return parseReviewerPayload(fs.readFileSync(outputPath, "utf8"));

package/lib/task-execution.js

@@ -65,8 +65,37 @@ function normalizeTaskExecutionEnvelope(input = {}) {
   }
   const changedFiles = normalizeList(input.changedFiles);
   const testEvidence = normalizeList(input.testEvidence);
+  const pendingTestEvidence = normalizeList(input.pendingTestEvidence);
+  const confirmTestEvidenceExecuted = input.confirmTestEvidenceExecuted === true;
   const concerns = normalizeList(input.concerns);
   const blockers = normalizeList(input.blockers);
+  const outOfScopeWrites = normalizeList(input.outOfScopeWrites);
+  const partial = input.partial === true;
+
+  const overlap = testEvidence.filter((item) => pendingTestEvidence.includes(item));
+  if (overlap.length > 0) {
+    throw new Error(
+      `task-execution cannot mark the same command as both executed and pending: ${overlap.join(", ")}`
+    );
+  }
+
+  if (testEvidence.length > 0 && !confirmTestEvidenceExecuted) {
+    throw new Error(
+      "`task-execution` requires explicit executed-evidence confirmation when `--test-evidence` is provided. Pass `--confirm-test-evidence-executed`."
+    );
+  }
+
+  if (pendingTestEvidence.length > 0 && status === "DONE") {
+    throw new Error(
+      "`task-execution` cannot use status DONE when pending test evidence exists. Use DONE_WITH_CONCERNS, NEEDS_CONTEXT, or BLOCKED."
+    );
+  }
+
+  if (partial && status === "DONE") {
+    throw new Error(
+      "`task-execution` cannot use status DONE when --partial is set. Use DONE_WITH_CONCERNS, NEEDS_CONTEXT, or BLOCKED."
+    );
+  }
 
   return {
     taskGroupId,
@@ -74,8 +103,12 @@ function normalizeTaskExecutionEnvelope(input = {}) {
     summary,
     changedFiles,
     testEvidence,
+    pendingTestEvidence,
+    confirmTestEvidenceExecuted,
     concerns,
     blockers,
+    outOfScopeWrites,
+    partial,
     recordedAt: new Date().toISOString()
   };
 }
@@ -93,35 +126,65 @@ function writeTaskExecutionEnvelope(projectPathInput, options = {}) {
   }
 
   const envelope = normalizeTaskExecutionEnvelope(options);
+  const envelopeWithIdentity = {
+    ...envelope,
+    changeId: resolved.changeId
+  };
+  const signalStatus = mapImplementerStatusToSignal(envelopeWithIdentity.status);
+  const outOfScopeWriteWarnings = envelopeWithIdentity.outOfScopeWrites.map(
+    (item) => `out-of-scope write: ${item}`
+  );
+  const pendingTestWarnings = envelopeWithIdentity.pendingTestEvidence.map(
+    (item) => `test not executed: ${item}`
+  );
   const signalPath = writeExecutionSignal(projectRoot, {
     changeId: resolved.changeId,
-    surface: buildSurface(envelope.taskGroupId),
-    status: mapImplementerStatusToSignal(envelope.status),
+    surface: buildSurface(envelopeWithIdentity.taskGroupId),
+    status: signalStatus,
     advisory: false,
     strict: true,
-    failures: envelope.status === "BLOCKED" ? envelope.blockers : [],
+    failures: envelopeWithIdentity.status === "BLOCKED" ? envelopeWithIdentity.blockers : [],
     warnings:
-      envelope.status === "DONE_WITH_CONCERNS" || envelope.status === "NEEDS_CONTEXT"
-        ? envelope.concerns
-        : [],
-    notes: [envelope.summary, ...envelope.testEvidence.map((item) => `test: ${item}`)],
+      envelopeWithIdentity.status === "DONE_WITH_CONCERNS" || envelopeWithIdentity.status === "NEEDS_CONTEXT"
+        ? unique([...envelopeWithIdentity.concerns, ...outOfScopeWriteWarnings, ...pendingTestWarnings])
+        : unique([...outOfScopeWriteWarnings, ...pendingTestWarnings]),
+    notes: [
+      envelopeWithIdentity.summary,
+      ...envelopeWithIdentity.testEvidence.map((item) => `test: ${item}`)
+    ],
     details: {
       type: "task_execution",
-      envelope
+      envelope: {
+        taskGroupId: envelopeWithIdentity.taskGroupId,
+        changeId: envelopeWithIdentity.changeId,
+        status: envelopeWithIdentity.status,
+        summary: envelopeWithIdentity.summary,
+        changedFiles: envelopeWithIdentity.changedFiles,
+        testEvidence: envelopeWithIdentity.testEvidence,
+        pendingTestEvidence: envelopeWithIdentity.pendingTestEvidence,
+        concerns: envelopeWithIdentity.concerns,
+        blockers: envelopeWithIdentity.blockers,
+        recordedAt: envelopeWithIdentity.recordedAt
+      },
+      outOfScopeWrites: envelopeWithIdentity.outOfScopeWrites,
+      partial: envelopeWithIdentity.partial
     }
   });
 
   return {
-    status: mapImplementerStatusToSignal(envelope.status),
+    status: signalStatus,
     projectRoot,
     changeId: resolved.changeId,
-    taskGroupId: envelope.taskGroupId,
-    implementerStatus: envelope.status,
-    summary: envelope.summary,
-    changedFiles: envelope.changedFiles,
-    testEvidence: envelope.testEvidence,
-    concerns: envelope.concerns,
-    blockers: envelope.blockers,
+    taskGroupId: envelopeWithIdentity.taskGroupId,
+    implementerStatus: envelopeWithIdentity.status,
+    summary: envelopeWithIdentity.summary,
+    changedFiles: envelopeWithIdentity.changedFiles,
+    testEvidence: envelopeWithIdentity.testEvidence,
+    pendingTestEvidence: envelopeWithIdentity.pendingTestEvidence,
+    concerns: envelopeWithIdentity.concerns,
+    blockers: envelopeWithIdentity.blockers,
+    outOfScopeWrites: envelopeWithIdentity.outOfScopeWrites,
+    partial: envelopeWithIdentity.partial,
     signalPath
   };
 }
@@ -143,12 +206,21 @@ function formatTaskExecutionReport(result) {
   if (result.testEvidence.length > 0) {
     lines.push(`Test evidence: ${result.testEvidence.join(", ")}`);
   }
+  if (result.pendingTestEvidence.length > 0) {
+    lines.push(`Pending test evidence: ${result.pendingTestEvidence.join(", ")}`);
+  }
   if (result.concerns.length > 0) {
     lines.push(`Concerns: ${result.concerns.join(", ")}`);
   }
   if (result.blockers.length > 0) {
     lines.push(`Blockers: ${result.blockers.join(", ")}`);
   }
+  if (result.outOfScopeWrites.length > 0) {
+    lines.push(`Out-of-scope writes: ${result.outOfScopeWrites.join(", ")}`);
+  }
+  if (result.partial) {
+    lines.push("Partial: true");
+  }
   return lines.join("\n");
 }
 

package/lib/task-review.js

@@ -131,18 +131,23 @@ function writeTaskReviewEnvelope(projectPathInput, options = {}) {
     }
   }
 
+  const envelopeWithIdentity = {
+    ...envelope,
+    changeId: resolved.changeId
+  };
+
   const signalPath = writeExecutionSignal(projectRoot, {
     changeId: resolved.changeId,
-    surface: buildTaskReviewSurface(envelope.taskGroupId, envelope.stage),
-    status: mapReviewStatusToSignalStatus(envelope.status),
+    surface: buildTaskReviewSurface(envelopeWithIdentity.taskGroupId, envelopeWithIdentity.stage),
+    status: mapReviewStatusToSignalStatus(envelopeWithIdentity.status),
     advisory: false,
     strict: true,
-    failures: envelope.status === "BLOCK" ? envelope.issues : [],
-    warnings: envelope.status === "WARN" ? envelope.issues : [],
-    notes: [envelope.summary, `reviewer: ${envelope.reviewer}`],
+    failures: envelopeWithIdentity.status === "BLOCK" ? envelopeWithIdentity.issues : [],
+    warnings: envelopeWithIdentity.status === "WARN" ? envelopeWithIdentity.issues : [],
+    notes: [envelopeWithIdentity.summary, `reviewer: ${envelopeWithIdentity.reviewer}`],
     details: {
       type: "task_review",
-      envelope
+      envelope: envelopeWithIdentity
     }
   });
 
@@ -150,7 +155,7 @@ function writeTaskReviewEnvelope(projectPathInput, options = {}) {
   if (options.writeVerification === true) {
     verificationPath = path.join(resolved.changeDir, "verification.md");
     fs.mkdirSync(path.dirname(verificationPath), { recursive: true });
-    const nextVerification = appendTaskReviewEvidence(readTextIfExists(verificationPath), envelope);
+    const nextVerification = appendTaskReviewEvidence(readTextIfExists(verificationPath), envelopeWithIdentity);
     writeFileAtomic(verificationPath, nextVerification);
   }
 

package/lib/workflow-state.js

@@ -436,6 +436,10 @@ function applyTaskExecutionAndReviewFindings(findings, signals) {
 
   for (const signal of Object.values(latestTaskExecution)) {
     const envelope = signal.details && signal.details.envelope ? signal.details.envelope : null;
+    const outOfScopeWrites =
+      signal.details && Array.isArray(signal.details.outOfScopeWrites)
+        ? dedupeMessages(signal.details.outOfScopeWrites.map((item) => String(item || "").trim()).filter(Boolean))
+        : [];
     const taskGroupId =
       (envelope && envelope.taskGroupId) ||
       String(signal.surface || "").replace(/^task-execution\./, "") ||
@@ -445,6 +449,11 @@ function applyTaskExecutionAndReviewFindings(findings, signals) {
     } else if (signal.status === STATUS.WARN) {
       findings.warnings.push(`Task group ${taskGroupId} has unresolved implementer concerns/context needs.`);
     }
+    if (outOfScopeWrites.length > 0) {
+      findings.blockers.push(
+        `Task group ${taskGroupId} reported out-of-scope writes: ${outOfScopeWrites.join(", ")}.`
+      );
+    }
     if (envelope && envelope.summary) {
       findings.notes.push(`Implementer summary ${taskGroupId}: ${envelope.summary}`);
     }
@@ -476,6 +485,12 @@ function applyTaskExecutionAndReviewFindings(findings, signals) {
       );
       continue;
     }
+    if (state.quality && state.spec === STATUS.WARN) {
+      findings.blockers.push(
+        `Task review ordering violation for ${taskGroupId}: quality review was recorded before spec review reached PASS.`
+      );
+      continue;
+    }
     if (state.quality && state.spec === STATUS.BLOCK) {
       findings.blockers.push(
         `Task review ordering violation for ${taskGroupId}: quality review was recorded while spec review is BLOCK.`
@@ -1185,6 +1200,7 @@ function buildTaskGroupImplementerState(taskGroupId, signals, fallbackState) {
       testEvidence: Array.isArray(fallback.testEvidence) ? fallback.testEvidence : [],
       concerns: Array.isArray(fallback.concerns) ? fallback.concerns : [],
       blockers: Array.isArray(fallback.blockers) ? fallback.blockers : [],
+      outOfScopeWrites: Array.isArray(fallback.outOfScopeWrites) ? fallback.outOfScopeWrites : [],
       recordedAt: fallback.recordedAt || null
     };
   }
@@ -1208,6 +1224,12 @@ function buildTaskGroupImplementerState(taskGroupId, signals, fallbackState) {
         : [],
     concerns: summarizeSignalIssues(signal, envelope && envelope.concerns),
     blockers: summarizeSignalIssues(signal, envelope && envelope.blockers),
+    outOfScopeWrites:
+      signal.details && Array.isArray(signal.details.outOfScopeWrites)
+        ? dedupeMessages(signal.details.outOfScopeWrites.map((item) => String(item || "").trim()).filter(Boolean))
+        : Array.isArray(fallback.outOfScopeWrites)
+        ? fallback.outOfScopeWrites
+        : [],
     recordedAt: (envelope && envelope.recordedAt) || signal.timestamp || fallback.recordedAt || null
   };
 }
@@ -1262,6 +1284,21 @@ function buildEffectiveTaskGroupState(group, planned, implementer, review) {
     reason: "planned_checklist"
   };
 
+  if (implementer.present && implementer.outOfScopeWrites.length > 0) {
+    return {
+      status: "blocked",
+      nextAction:
+        `resolve out-of-scope writes for task group ${group.taskGroupId}: ${implementer.outOfScopeWrites.join(", ")}`,
+      resumeCursor: {
+        groupIndex: fallbackCursor.groupIndex,
+        nextUncheckedItem: null,
+        liveFocus: "out_of_scope_write"
+      },
+      source: "implementer",
+      reason: "out_of_scope_write"
+    };
+  }
+
   if (implementer.present && implementer.signalStatus === STATUS.BLOCK) {
     return {
       status: "blocked",
@@ -1288,6 +1325,23 @@ function buildEffectiveTaskGroupState(group, planned, implementer, review) {
   const reviewContextReady = review.required && (reviewSignalsPresent || reviewHardDue || implementer.present);
 
   if (reviewContextReady) {
+    if (
+      review.quality.present &&
+      (!review.spec.present || review.spec.status === "missing" || review.spec.status === STATUS.WARN)
+    ) {
+      return {
+        status: "blocked",
+        nextAction:
+          `remove or rerun out-of-order quality review for task group ${group.taskGroupId} after spec review PASS`,
+        resumeCursor: {
+          groupIndex: fallbackCursor.groupIndex,
+          nextUncheckedItem: null,
+          liveFocus: "review_ordering_violation"
+        },
+        source: "review",
+        reason: "review_ordering_violation"
+      };
+    }
     if (review.spec.status === STATUS.BLOCK) {
       return {
         status: "blocked",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xenonbyte/da-vinci-workflow",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "description": "Requirement-to-design-to-code workflow skill for Codex, Claude, and Gemini",
   "bin": {
     "da-vinci": "bin/da-vinci.js",
@@ -53,8 +53,9 @@
     "test:workflow-persisted-state": "node scripts/test-workflow-persisted-state.js",
     "test:install": "node scripts/test-install.js",
     "test:package-contents": "node scripts/test-package-contents.js",
+    "test:bounded-worker-isolation:contracts": "node scripts/test-bounded-worker-isolation-phase1.js && node scripts/test-bounded-worker-isolation-phase2.js && node scripts/test-bounded-worker-isolation-phase3.js && node scripts/test-bounded-worker-isolation-phase4.js",
     "quality:ci:core": "npm run test",
-    "quality:ci:contracts": "npm run test:mode-consistency && npm run test:command-assets",
+    "quality:ci:contracts": "npm run test:mode-consistency && npm run test:command-assets && npm run test:bounded-worker-isolation:contracts",
     "quality:ci:e2e": "npm run test:lint-planning && npm run test:sidecars-diff && npm run test:verify-scaffold && npm run test:workflow-persisted-state && npm run test:audit-execution-signals",
     "quality:reviewer-bridge-smoke": "npm run test:supervisor-review-integration",
     "quality:ci": "npm run quality:ci:core && npm run quality:ci:contracts && npm run quality:ci:e2e"