agent-project-sdlc 0.1.22 → 0.1.24

package/dist/lib/validators.js

@@ -9,6 +9,8 @@ const PARALLEL_MODES = new Set(["runtime_managed", "user_orchestrated"]);
 const PARALLEL_TRIGGERS = new Set(["user_requested", "workflow_default"]);
 const PARALLEL_RUNTIME_PROVIDERS = new Set(["codex_native_subagents", "user_orchestrated", "codex_exec_worktree"]);
 const TASK_PHASES = new Set(["REQUIREMENT_GATHERING", "ARCHITECTING", "SPRINTING", "REVIEWING", "TESTING", "RELEASING", "RFC_RECALIBRATION"]);
+const RESERVED_SUSPENDED_PHASE_TARGET = "<suspended_phase>";
+const TRANSITION_KINDS = new Set(["normal", "return", "interrupt", "resume"]);
 const PARALLEL_ALLOWED_PHASES = new Set(["REQUIREMENT_GATHERING", "ARCHITECTING", "SPRINTING", "REVIEWING", "TESTING", "RELEASING", "RFC_RECALIBRATION"]);
 const PARALLEL_READ_ONLY_PHASES = new Set(["REQUIREMENT_GATHERING", "ARCHITECTING", "REVIEWING", "RELEASING", "RFC_RECALIBRATION"]);
 const PARALLEL_PROTECTED_WRITE_PATTERNS = [
@@ -104,6 +106,7 @@ const DEVELOPMENT_SELF_TEST_CONTRACT_TERMS = ["development self-test contract",
 const DEVELOPMENT_SELF_TEST_REPORT_TERMS = ["development self-test report", "开发自测报告"];
 const DEVELOPMENT_SELF_TEST_IMPACT_TERMS = ["development self-test impact", "开发自测影响"];
 const MODULE_KEY_TEST_PATH_TERMS = ["module key test path", "模块关键测试路径"];
+const MODULE_KEY_TEST_GRAPH_TERMS = ["module key test graph", "module_key_test_graph", "模块关键测试图"];
 const GATE_BREAKDOWN_TERMS = ["gate breakdown", "gate 分层", "gate breakdown（gate 分层）"];
 const CURRENT_OPERATOR_PATH_TERMS = ["current operator path", "operator path", "当前操作路径", "当前 operator path"];
 const TESTING_HANDOFF_TERMS = ["testing handoff contract", "测试交接合同"];
@@ -125,9 +128,27 @@ const SELF_TEST_REPORT_PLACEHOLDER_TERMS = [
     "all self-test scenarios",
     "all task/module promised runnable entries",
     "actual internal key paths",
-    "observable completion evidence"
+    "observable completion evidence",
+    "required only when",
+    "compact dag pointer",
+    "复杂 / high-risk",
+    "只记录实际 handoff"
 ];
 const SELF_TEST_REPORT_STATUSES = new Set(["PASS", "BLOCKED", "IN_PROGRESS", "STALE"]);
+const SELF_TEST_REPORT_REQUIRED_FIELDS = [
+    "Contract Source",
+    "Module Application Entry",
+    "Module Key Test Path",
+    "Scenario Results",
+    "Executed Gates",
+    "Observable Exit",
+    "Current Blocker",
+    "Testing Handoff Readiness",
+    "Evidence Index Refs"
+];
+const SELF_TEST_REPORT_NONE_ALLOWED_FIELDS = new Set(["Current Blocker"]);
+const MAX_SELF_TEST_REPORT_LINES = 80;
+const MAX_HIGH_RISK_SELF_TEST_REPORT_LINES = 120;
 const SELF_TEST_REPORT_DISALLOWED_SECTION_TERMS = [
     "debug log",
     "operator log",
@@ -146,6 +167,94 @@ const SELF_TEST_REPORT_DISALLOWED_SECTION_TERMS = [
     "诊断尝试",
     "历史流水"
 ];
+const SELF_TEST_REPORT_DISALLOWED_FIELD_TERMS = [
+    "Actual Evidence"
+];
+const IMPLEMENTATION_MAINLINE_DISALLOWED_SECTION_TERMS = [
+    "debug log",
+    "operator log",
+    "operation log",
+    "evidence dump",
+    "screenshot index",
+    "full screenshot",
+    "runbook body",
+    "failed attempts",
+    "failure exploration",
+    "diagnostic attempts",
+    "diagnostic path",
+    "remote operation log",
+    "recovery notes",
+    "task changelog",
+    "old task",
+    "historical task",
+    "调试日志",
+    "操作日志",
+    "证据正文",
+    "截图索引",
+    "失败探索",
+    "诊断尝试",
+    "诊断路径",
+    "恢复备注",
+    "旧 task",
+    "历史 task"
+];
+const HARD_CONSTRAINT_TERMS = [
+    "hard constraint",
+    "hard constraints",
+    "strategy constraint",
+    "strategy constraints",
+    "恢复硬约束",
+    "硬约束",
+    "策略约束"
+];
+const STRATEGY_CHANGING_DECISION_GROUPS = [
+    [
+        "session persistence/reset",
+        [
+            "session persistence",
+            "session reset",
+            "session_reset",
+            "session 异常",
+            "rule_assumption_gap",
+            "operator_induced_logout_or_session_reset",
+            "operator induced logout",
+            "logout",
+            "logged out",
+            "退登",
+            "qr",
+            "二维码",
+            "扫码",
+            "重新扫码"
+        ]
+    ],
+    [
+        "canonical path change",
+        [
+            "canonical path changed",
+            "canonical path change",
+            "canonical path switched",
+            "canonical path reset",
+            "主路径变化",
+            "主路径切换",
+            "恢复路径变化"
+        ]
+    ],
+    [
+        "do-not-retry decision",
+        [
+            "do not retry",
+            "do-not-retry",
+            "don't retry",
+            "not retry",
+            "must not retry",
+            "不得重试",
+            "不要重试",
+            "不要再试",
+            "不要重复",
+            "不得直接"
+        ]
+    ]
+];
 const SELF_TEST_OBSERVABLE_EVIDENCE_TERMS = [
     "pass output",
     "response",
@@ -305,6 +414,27 @@ const REVIEW_READINESS_FIELDS = [
     "Testing Handoff Readiness"
 ];
 const SELF_TEST_CONTRACT_STATUSES = new Set(["required", "not_applicable"]);
+const SELF_TEST_GRAPH_NODE_KINDS = new Set(["entry", "checkpoint", "branch", "scenario", "observable_exit"]);
+const SELF_TEST_GRAPH_ORDINARY_NODE_LIMIT = 12;
+const SELF_TEST_GRAPH_HIGH_RISK_NODE_LIMIT = 25;
+const SELF_TEST_GRAPH_EVIDENCE_BODY_TERMS = [
+    "```",
+    "|---",
+    "actual evidence",
+    "command transcript",
+    "full command output",
+    "stdout",
+    "stderr",
+    "traceback",
+    "debug log",
+    "operator log",
+    "evidence dump",
+    "screenshot process",
+    "截图过程",
+    "调试日志",
+    "操作日志",
+    "证据正文"
+];
 const RFC_SELF_TEST_TRIGGER_TERMS = [
     "entry/exit",
     "runnable entry",
@@ -319,6 +449,11 @@ const RFC_SELF_TEST_TRIGGER_TERMS = [
     "handoff",
     "blocker",
     "module key test path",
+    "module key test graph",
+    "module_key_test_graph",
+    "checkpoint",
+    "observable exit",
+    "evidence refs",
     "test route",
     "test path",
     "debug path",
@@ -372,6 +507,9 @@ async function validateHarness(projectRoot) {
             errors.push(`missing ${required}`);
         }
     }
+    const phaseContractPath = path.join(projectRoot, harnessPath(root, "pjsdlc_managed", "policies", "phase_contracts.yaml"));
+    const phaseContracts = await readYamlObject(phaseContractPath);
+    errors.push(...validatePhaseTransitionContract(phaseContracts));
     return { info: [`validate-harness checked ${projectRoot} (${root})`], errors };
 }
 async function validateCurrent(projectRoot) {
@@ -1002,6 +1140,205 @@ function isNotApplicableRuntimeTask(task) {
     const targetRuntime = isRecord(task.target_runtime_environment) ? task.target_runtime_environment : undefined;
     return String(evidenceLevel?.required ?? "") === "unit" && String(targetRuntime?.kind ?? "") === "not_applicable";
 }
+function selfTestGraphEvidenceRefIsBody(value) {
+    const trimmed = value.trim();
+    const lowered = trimmed.toLowerCase();
+    return trimmed.includes("\n") || trimmed.length > 180 || SELF_TEST_GRAPH_EVIDENCE_BODY_TERMS.some((term) => lowered.includes(term));
+}
+function graphHasCycle(nodeIds, adjacency) {
+    const visiting = new Set();
+    const visited = new Set();
+    const visit = (nodeId) => {
+        if (visiting.has(nodeId))
+            return true;
+        if (visited.has(nodeId))
+            return false;
+        visiting.add(nodeId);
+        for (const target of adjacency.get(nodeId) ?? []) {
+            if (visit(target))
+                return true;
+        }
+        visiting.delete(nodeId);
+        visited.add(nodeId);
+        return false;
+    };
+    for (const nodeId of nodeIds) {
+        if (!visited.has(nodeId) && visit(nodeId))
+            return true;
+    }
+    return false;
+}
+function reachableFrom(entryId, adjacency) {
+    const reached = new Set();
+    const stack = [entryId];
+    while (stack.length > 0) {
+        const nodeId = stack.pop();
+        if (reached.has(nodeId))
+            continue;
+        reached.add(nodeId);
+        stack.push(...(adjacency.get(nodeId) ?? []));
+    }
+    return reached;
+}
+function nodesThatCanReachExits(nodeIds, adjacency, exits) {
+    const reverse = new Map();
+    for (const nodeId of nodeIds)
+        reverse.set(nodeId, []);
+    for (const [source, targets] of adjacency.entries()) {
+        for (const target of targets) {
+            const incoming = reverse.get(target) ?? [];
+            incoming.push(source);
+            reverse.set(target, incoming);
+        }
+    }
+    const reached = new Set();
+    const stack = [...exits];
+    while (stack.length > 0) {
+        const nodeId = stack.pop();
+        if (reached.has(nodeId))
+            continue;
+        reached.add(nodeId);
+        stack.push(...(reverse.get(nodeId) ?? []));
+    }
+    return reached;
+}
+function validateSelfTestGraph(taskId, contract, scenarioIds, highRiskRuntime) {
+    const errors = [];
+    const graphRequired = contract.graph_required;
+    if (graphRequired !== undefined && typeof graphRequired !== "boolean") {
+        errors.push(`${taskId} self_test_contract.graph_required must be a boolean when set`);
+    }
+    const graph = contract.module_key_test_graph;
+    if (graphRequired === true && !isRecord(graph)) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph is required when graph_required is true`);
+    }
+    if (graph === undefined)
+        return errors;
+    if (!isRecord(graph)) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph must be a mapping`);
+        return errors;
+    }
+    const nodes = graph.nodes;
+    const edges = graph.edges;
+    if (!Array.isArray(nodes) || nodes.length === 0) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph.nodes must be a non-empty list`);
+        return errors;
+    }
+    if (!Array.isArray(edges) || edges.length === 0) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph.edges must be a non-empty list`);
+        return errors;
+    }
+    const nodeLimit = highRiskRuntime ? SELF_TEST_GRAPH_HIGH_RISK_NODE_LIMIT : SELF_TEST_GRAPH_ORDINARY_NODE_LIMIT;
+    if (nodes.length > nodeLimit) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph has ${nodes.length} nodes; keep ordinary graphs <= ${SELF_TEST_GRAPH_ORDINARY_NODE_LIMIT} nodes and high-risk graphs <= ${SELF_TEST_GRAPH_HIGH_RISK_NODE_LIMIT} nodes`);
+    }
+    const nodeIds = new Set();
+    const entryIds = [];
+    const observableExitIds = new Set();
+    const scenarioNodesByRef = new Map();
+    const adjacency = new Map();
+    nodes.forEach((node, index) => {
+        if (!isRecord(node)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph.nodes[${index}] must be a mapping`);
+            return;
+        }
+        const nodeId = String(node.id ?? "").trim();
+        const kind = String(node.kind ?? "").trim();
+        const label = String(node.label ?? "").trim();
+        if (!nodeId) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph.nodes[${index}].id must be set`);
+            return;
+        }
+        if (nodeIds.has(nodeId)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph node id must be unique: ${nodeId}`);
+        }
+        nodeIds.add(nodeId);
+        adjacency.set(nodeId, adjacency.get(nodeId) ?? []);
+        if (!SELF_TEST_GRAPH_NODE_KINDS.has(kind)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph.nodes[${nodeId}].kind must be one of ${[...SELF_TEST_GRAPH_NODE_KINDS].join(", ")}`);
+        }
+        if (!label || isPlaceholderEvidence(label)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph.nodes[${nodeId}].label must be concrete`);
+        }
+        if (kind === "entry")
+            entryIds.push(nodeId);
+        if (kind === "observable_exit")
+            observableExitIds.add(nodeId);
+        if (kind === "scenario") {
+            const scenarioRef = String(node.scenario_ref ?? "").trim();
+            if (!scenarioRef) {
+                errors.push(`${taskId} self_test_contract.module_key_test_graph scenario node ${nodeId} must set scenario_ref`);
+            }
+            else if (!scenarioIds.has(scenarioRef)) {
+                errors.push(`${taskId} self_test_contract.module_key_test_graph scenario node ${nodeId} references unknown scenario: ${scenarioRef}`);
+            }
+            else {
+                const current = scenarioNodesByRef.get(scenarioRef) ?? [];
+                current.push(nodeId);
+                scenarioNodesByRef.set(scenarioRef, current);
+            }
+        }
+        if (node.evidence_ref !== undefined) {
+            const evidenceRef = String(node.evidence_ref).trim();
+            if (!evidenceRef || isPlaceholderEvidence(evidenceRef) || selfTestGraphEvidenceRefIsBody(evidenceRef)) {
+                errors.push(`${taskId} self_test_contract.module_key_test_graph.nodes[${nodeId}].evidence_ref must be a short evidence pointer, not evidence body`);
+            }
+        }
+    });
+    if (entryIds.length !== 1) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph must have exactly one entry node`);
+    }
+    if (observableExitIds.size === 0) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph must have at least one observable_exit node`);
+    }
+    edges.forEach((edge, index) => {
+        if (!isRecord(edge)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph.edges[${index}] must be a mapping`);
+            return;
+        }
+        const source = String(edge.from ?? "").trim();
+        const target = String(edge.to ?? "").trim();
+        if (!nodeIds.has(source)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph edge references unknown from node: ${source || "<empty>"}`);
+            return;
+        }
+        if (!nodeIds.has(target)) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph edge references unknown to node: ${target || "<empty>"}`);
+            return;
+        }
+        const current = adjacency.get(source) ?? [];
+        current.push(target);
+        adjacency.set(source, current);
+    });
+    if (graphHasCycle(nodeIds, adjacency)) {
+        errors.push(`${taskId} self_test_contract.module_key_test_graph must be a DAG; cycles are not allowed`);
+    }
+    let reachedFromEntry = new Set();
+    if (entryIds.length === 1) {
+        reachedFromEntry = reachableFrom(entryIds[0], adjacency);
+        const unreachable = [...nodeIds].filter((nodeId) => !reachedFromEntry.has(nodeId)).sort();
+        if (unreachable.length > 0) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph nodes must be reachable from entry: ${unreachable.join(", ")}`);
+        }
+    }
+    const canReachExit = nodesThatCanReachExits(nodeIds, adjacency, observableExitIds);
+    for (const scenarioId of [...scenarioIds].sort()) {
+        const scenarioNodeIds = scenarioNodesByRef.get(scenarioId) ?? [];
+        if (scenarioNodeIds.length === 0) {
+            errors.push(`${taskId} self_test_contract.module_key_test_graph must include a scenario node for ${scenarioId}`);
+            continue;
+        }
+        for (const nodeId of scenarioNodeIds) {
+            if (reachedFromEntry.size > 0 && !reachedFromEntry.has(nodeId)) {
+                errors.push(`${taskId} self_test_contract.module_key_test_graph scenario ${scenarioId} must be reachable from entry`);
+            }
+            if (!canReachExit.has(nodeId)) {
+                errors.push(`${taskId} self_test_contract.module_key_test_graph scenario ${scenarioId} must reach an observable_exit`);
+            }
+        }
+    }
+    return errors;
+}
 function validateSelfTestContract(task, requiredForRunnableBoundary) {
     const errors = [];
     const taskId = String(task.id ?? "Task");
@@ -1055,6 +1392,7 @@ function validateSelfTestContract(task, requiredForRunnableBoundary) {
         errors.push(`${taskId} self_test_contract.scenarios must be a non-empty list`);
     }
     const seen = new Set();
+    const scenarioIds = new Set();
     scenarios.forEach((scenario, index) => {
         if (!isRecord(scenario)) {
             errors.push(`${taskId} self_test_contract.scenarios[${index}] must be a mapping`);
@@ -1067,6 +1405,9 @@ function validateSelfTestContract(task, requiredForRunnableBoundary) {
         else if (seen.has(scenarioId)) {
             errors.push(`${taskId} self_test_contract scenario id must be unique: ${scenarioId}`);
         }
+        else {
+            scenarioIds.add(scenarioId);
+        }
         seen.add(scenarioId);
         for (const field of ["entry", "expected_exit", "evidence"]) {
             if (typeof scenario[field] !== "string" || !String(scenario[field]).trim() || isPlaceholderEvidence(String(scenario[field]))) {
@@ -1074,6 +1415,7 @@ function validateSelfTestContract(task, requiredForRunnableBoundary) {
             }
         }
     });
+    errors.push(...validateSelfTestGraph(taskId, contract, scenarioIds, requiresResumeCapsule(task)));
     return errors;
 }
 async function validateSelfTestContractTechPlanBinding(projectRoot, task, normalizedTechRefs) {
@@ -1101,6 +1443,9 @@ async function validateSelfTestContractTechPlanBinding(projectRoot, task, normal
     if (!containsAny(section, MODULE_KEY_TEST_PATH_TERMS)) {
         errors.push(`${taskId} tech plan Development Self-Test Contract must include Module key test path: ${source}`);
     }
+    if (contract.graph_required === true && !containsAny(section, MODULE_KEY_TEST_GRAPH_TERMS)) {
+        errors.push(`${taskId} tech plan Development Self-Test Contract must include Module Key Test Graph when graph_required is true: ${source}`);
+    }
     for (const scenario of Array.isArray(contract.scenarios) ? contract.scenarios.filter(isRecord) : []) {
         const scenarioId = String(scenario.id ?? "").trim();
         if (scenarioId && !section.includes(scenarioId)) {
@@ -1317,6 +1662,95 @@ function matchesGlob(file, pattern) {
 function isRecord(value) {
     return typeof value === "object" && value !== null && !Array.isArray(value);
 }
+function validatePhaseTransitionContract(contract) {
+    const errors = [];
+    const phases = contract.phases;
+    if (!isRecord(phases)) {
+        return ["phase_contracts.yaml must contain phases"];
+    }
+    for (const [phaseName, phaseContract] of Object.entries(phases)) {
+        if (!isRecord(phaseContract)) {
+            errors.push(`${phaseName} phase contract must be a mapping`);
+            continue;
+        }
+        for (const legacyKey of ["next", "returns"]) {
+            if (legacyKey in phaseContract) {
+                errors.push(`${phaseName} must not define legacy ${legacyKey}; use top-level transitions`);
+            }
+        }
+    }
+    const transitions = contract.transitions;
+    if (!Array.isArray(transitions)) {
+        errors.push("phase_contracts.yaml must contain top-level transitions");
+        return errors;
+    }
+    const phaseNames = new Set(Object.keys(phases));
+    const seen = new Set();
+    const outgoing = new Set();
+    transitions.forEach((transition, index) => {
+        const prefix = `transition #${index + 1}`;
+        if (!isRecord(transition)) {
+            errors.push(`${prefix} must be a mapping`);
+            return;
+        }
+        const fromPhase = String(transition.from ?? "");
+        const toPhase = String(transition.to ?? "");
+        const trigger = String(transition.trigger ?? "");
+        const kind = String(transition.kind ?? "");
+        for (const [field, value] of [
+            ["from", fromPhase],
+            ["to", toPhase],
+            ["trigger", trigger],
+            ["kind", kind]
+        ]) {
+            if (!value.trim())
+                errors.push(`${prefix} missing ${field}`);
+        }
+        if (!fromPhase || !toPhase || !trigger || !kind)
+            return;
+        if (!phaseNames.has(fromPhase)) {
+            errors.push(`${prefix} from references unknown phase: ${fromPhase}`);
+        }
+        if (toPhase === RESERVED_SUSPENDED_PHASE_TARGET) {
+            if (fromPhase !== "BLOCKED" || kind !== "resume") {
+                errors.push(`${prefix} may use ${RESERVED_SUSPENDED_PHASE_TARGET} only for BLOCKED resume`);
+            }
+        }
+        else if (!phaseNames.has(toPhase)) {
+            errors.push(`${prefix} to references unknown phase: ${toPhase}`);
+        }
+        if (!TRANSITION_KINDS.has(kind)) {
+            errors.push(`${prefix} has invalid kind: ${kind}`);
+        }
+        const duplicateKey = `${fromPhase}\0${toPhase}\0${trigger}`;
+        if (seen.has(duplicateKey)) {
+            errors.push(`${prefix} duplicates transition ${fromPhase} -> ${toPhase} (${trigger})`);
+        }
+        seen.add(duplicateKey);
+        outgoing.add(fromPhase);
+        if ("effects" in transition && transition.effects !== undefined) {
+            if (!isRecord(transition.effects)) {
+                errors.push(`${prefix} effects must be a mapping`);
+            }
+            else {
+                for (const [effectName, effectValue] of Object.entries(transition.effects)) {
+                    if (!["set_suspended_phase", "clear_suspended_phase"].includes(effectName)) {
+                        errors.push(`${prefix} has unknown effect: ${effectName}`);
+                    }
+                    if (typeof effectValue !== "boolean") {
+                        errors.push(`${prefix} effect ${effectName} must be boolean`);
+                    }
+                }
+            }
+        }
+    });
+    for (const phaseName of phaseNames) {
+        if (!outgoing.has(phaseName)) {
+            errors.push(`${phaseName} must have at least one outgoing transition`);
+        }
+    }
+    return errors;
+}
 async function readYamlObject(filePath) {
     if (!(await pathExists(filePath)))
         return {};
@@ -1375,7 +1809,10 @@ async function validateCurrentTaskDevelopmentEvidence(projectRoot, plan) {
         return [`${taskId} implementation_doc is missing: ${implementationDoc}`];
     }
     const text = await readText(docPath);
-    return validateDevelopmentEvidenceText(text, currentTask, implementationDoc);
+    return [
+        ...validateDevelopmentEvidenceText(text, currentTask, implementationDoc),
+        ...(await validateHighRiskRecoveryBoundaries(projectRoot, text, plan, currentTask, implementationDoc))
+    ];
 }
 function currentOpenSprintTask(plan) {
     const currentTaskId = String(plan.current_task_id ?? "");
@@ -1459,18 +1896,24 @@ function validateDevelopmentSelfTestReport(fullText, developmentEvidenceSection,
     else if (reportStatus !== "PASS") {
         errors.push(`${taskId} Development Self-Test Report Report Status is ${reportStatus}; validate-dev cannot handoff until the report status is PASS`);
     }
+    const highRiskRuntime = requiresResumeCapsule(task);
     errors.push(...validateSelfTestReportBoundary(report, taskId, implementationDoc));
+    errors.push(...validateSelfTestReportLength(report, taskId, implementationDoc, highRiskRuntime));
     const basicSelfTest = evidenceFieldValue(developmentEvidenceSection, "Basic Self-test Evidence") ?? "";
     if (!containsAny(basicSelfTest, ["Development Self-Test Report", "开发自测报告", "self-test report"])) {
         errors.push(`${taskId} Basic Self-test Evidence must reference the Development Self-Test Report in ${implementationDoc}`);
     }
-    for (const field of ["Contract Source", "Scenario Results", "Executed Gates", "Module Key Test Path", "Actual Evidence", "Missing / Blockers", "Testing Handoff Readiness"]) {
+    for (const field of SELF_TEST_REPORT_REQUIRED_FIELDS) {
         const value = evidenceFieldValue(report, field);
-        const allowsNone = field === "Missing / Blockers";
+        const allowsNone = SELF_TEST_REPORT_NONE_ALLOWED_FIELDS.has(field);
         if (!value || (!allowsNone && isPlaceholderEvidence(value))) {
             errors.push(`${taskId} Development Self-Test Report ${field} must contain executed evidence in ${implementationDoc}`);
         }
     }
+    const evidenceIndexRefs = evidenceFieldValue(report, "Evidence Index Refs") ?? "";
+    if (highRiskRuntime && !evidenceIndexRefs.includes(RUNBOOK_DOC_PREFIX)) {
+        errors.push(`${taskId} high-risk Development Self-Test Report Evidence Index Refs must link evidence under ${RUNBOOK_DOC_PREFIX} in ${implementationDoc}`);
+    }
     const source = String(contract.source ?? "").trim();
     if (source && !report.includes(source)) {
         errors.push(`${taskId} Development Self-Test Report must reference contract source ${source} in ${implementationDoc}`);
@@ -1484,10 +1927,18 @@ function validateDevelopmentSelfTestReport(fullText, developmentEvidenceSection,
     if (isPlaceholderSelfTestReportValue(moduleKeyTestPath) || isTemplateModuleKeyTestPath(moduleKeyTestPath)) {
         errors.push(`${taskId} Development Self-Test Report Module Key Test Path must replace template placeholders with actual executed path evidence in ${implementationDoc}`);
     }
+    const graphRequired = contract.graph_required === true || isRecord(contract.module_key_test_graph);
+    const moduleKeyTestGraph = (markdownSection(report, MODULE_KEY_TEST_GRAPH_TERMS) ?? evidenceFieldValue(report, "Module Key Test Graph") ?? "").trim();
+    if (graphRequired && (!moduleKeyTestGraph || isPlaceholderSelfTestReportValue(moduleKeyTestGraph))) {
+        errors.push(`${taskId} Development Self-Test Report must include Module Key Test Graph because self_test_contract graph is required or present in ${implementationDoc}`);
+    }
     const runnableEntry = String(contract.runnable_entry ?? "").trim();
     if (runnableEntry && !moduleKeyTestPath.includes(runnableEntry)) {
         errors.push(`${taskId} Development Self-Test Report Module Key Test Path must include runnable entry ${runnableEntry} in ${implementationDoc}`);
     }
+    if (graphRequired && moduleKeyTestGraph && runnableEntry && !moduleKeyTestGraph.includes(runnableEntry)) {
+        errors.push(`${taskId} Development Self-Test Report Module Key Test Graph must include runnable entry ${runnableEntry} in ${implementationDoc}`);
+    }
     const scenarios = Array.isArray(contract.scenarios) ? contract.scenarios.filter(isRecord) : [];
     const exitEvidenceTerms = [
         String(contract.observable_exit ?? "").trim(),
@@ -1501,6 +1952,13 @@ function validateDevelopmentSelfTestReport(fullText, developmentEvidenceSection,
         && !containsAny(moduleKeyTestPath, SELF_TEST_OBSERVABLE_EVIDENCE_TERMS)) {
         errors.push(`${taskId} Development Self-Test Report Module Key Test Path must include observable exit or evidence from self_test_contract in ${implementationDoc}`);
     }
+    if (graphRequired
+        && moduleKeyTestGraph
+        && exitEvidenceTerms.length > 0
+        && !exitEvidenceTerms.some((term) => normalizedIncludes(moduleKeyTestGraph, term))
+        && !containsAny(moduleKeyTestGraph, ["observable_exit", "observable exit", "exit", "出口"])) {
+        errors.push(`${taskId} Development Self-Test Report Module Key Test Graph must include observable exit or evidence from self_test_contract in ${implementationDoc}`);
+    }
     for (const scenario of scenarios) {
         const scenarioId = String(scenario.id ?? "").trim();
         if (!scenarioId)
@@ -1508,6 +1966,9 @@ function validateDevelopmentSelfTestReport(fullText, developmentEvidenceSection,
         if (!moduleKeyTestPath.includes(scenarioId)) {
             errors.push(`${taskId} Development Self-Test Report Module Key Test Path must include scenario ${scenarioId} in ${implementationDoc}`);
         }
+        if (graphRequired && moduleKeyTestGraph && !moduleKeyTestGraph.includes(scenarioId)) {
+            errors.push(`${taskId} Development Self-Test Report Module Key Test Graph must include scenario ${scenarioId} in ${implementationDoc}`);
+        }
         const status = scenarioStatus(report, scenarioId);
         if (!status) {
             errors.push(`${taskId} Development Self-Test Report must record scenario ${scenarioId} as PASS, BLOCKED, IN_PROGRESS, or STALE in ${implementationDoc}`);
@@ -1531,7 +1992,7 @@ function validateDevelopmentSelfTestReport(fullText, developmentEvidenceSection,
             errors.push(`${taskId} page Development Self-Test Report must include browser, Playwright, screenshot, or equivalent interaction evidence in ${implementationDoc}`);
         }
     }
-    if (requiresResumeCapsule(task)) {
+    if (highRiskRuntime) {
         errors.push(...validateCurrentOperatorPath(fullText, taskId, implementationDoc));
         errors.push(...validateGateBreakdown(fullText, taskId, implementationDoc));
     }
@@ -1546,6 +2007,14 @@ function normalizeSelfTestReportStatus(value) {
 function validateSelfTestReportBoundary(report, taskId, implementationDoc) {
     const errors = [];
     for (const line of report.split(/\r?\n/)) {
+        const fieldMatch = line.match(/^\s*[-*]\s*([^:]+)\s*:/);
+        if (fieldMatch) {
+            const field = fieldMatch[1].trim().toLowerCase();
+            const blockedField = SELF_TEST_REPORT_DISALLOWED_FIELD_TERMS.find((term) => field === term.toLowerCase());
+            if (blockedField) {
+                errors.push(`${taskId} Development Self-Test Report must not use ${blockedField}; put evidence bodies in an Evidence Index and reference them with Evidence Index Refs in ${implementationDoc}`);
+            }
+        }
         const match = line.match(/^(#{1,6})\s+(.+)$/);
         if (!match)
             continue;
@@ -1557,6 +2026,94 @@ function validateSelfTestReportBoundary(report, taskId, implementationDoc) {
     }
     return errors;
 }
+function validateSelfTestReportLength(report, taskId, implementationDoc, highRiskRuntime) {
+    const limit = highRiskRuntime ? MAX_HIGH_RISK_SELF_TEST_REPORT_LINES : MAX_SELF_TEST_REPORT_LINES;
+    const lineCount = report.split(/\r?\n/).filter((line) => line.trim()).length;
+    if (lineCount <= limit)
+        return [];
+    return [
+        `${taskId} Development Self-Test Report must stay as a short handoff card (${limit} non-empty lines max); move logs, evidence bodies, runbook steps, and exploration history out of ${implementationDoc}`
+    ];
+}
+async function validateHighRiskRecoveryBoundaries(projectRoot, implementationText, plan, task, implementationDoc) {
+    if (!requiresResumeCapsule(task))
+        return [];
+    const taskId = String(task.id ?? "current task");
+    const errors = validateImplementationDocMainlineBoundary(implementationText, taskId, implementationDoc);
+    errors.push(...(await validateStrategyChangingDecisionPromotion(projectRoot, implementationText, plan, task, implementationDoc)));
+    return errors;
+}
+function validateImplementationDocMainlineBoundary(fullText, taskId, implementationDoc) {
+    const errors = [];
+    for (const line of fullText.split(/\r?\n/)) {
+        const match = line.match(/^(#{1,6})\s+(.+)$/);
+        if (!match)
+            continue;
+        const title = match[2].trim().toLowerCase();
+        const blockedTerm = IMPLEMENTATION_MAINLINE_DISALLOWED_SECTION_TERMS.find((term) => title.includes(term));
+        if (blockedTerm) {
+            errors.push(`${taskId} implementation_doc must not keep ${blockedTerm} as a mainline section in ${implementationDoc}; move it to a runbook, evidence index, exploration appendix, or external artifact`);
+        }
+    }
+    return errors;
+}
+async function validateStrategyChangingDecisionPromotion(projectRoot, implementationText, plan, task, implementationDoc) {
+    const taskId = String(task.id ?? "current task");
+    const capsule = isRecord(plan.resume_capsule) ? plan.resume_capsule : {};
+    const recoveryRefs = asStringList(capsule.recovery_refs);
+    const runbookTexts = await readExistingRunbookRefs(projectRoot, recoveryRefs);
+    const promotionText = [
+        asStringList(capsule.do_not_retry).join("\n"),
+        markdownSection(implementationText, CURRENT_OPERATOR_PATH_TERMS) ?? "",
+        ...runbookTexts.map((text) => markdownSection(text, HARD_CONSTRAINT_TERMS) ?? "")
+    ].join("\n");
+    const sourceText = [
+        asStringList(task.working_notes).join("\n"),
+        removeMarkdownSections(implementationText, CURRENT_OPERATOR_PATH_TERMS),
+        ...runbookTexts.map((text) => removeMarkdownSections(text, HARD_CONSTRAINT_TERMS))
+    ].join("\n");
+    const errors = [];
+    for (const [label, terms] of STRATEGY_CHANGING_DECISION_GROUPS) {
+        if (containsAny(sourceText, terms) && !containsAny(promotionText, terms)) {
+            errors.push(`${taskId} strategy-changing ${label} judgment appears outside promoted hard constraints; promote it to resume_capsule.do_not_retry, runbook Hard Constraints, or Current Operator Path in ${implementationDoc}`);
+        }
+    }
+    return errors;
+}
+async function readExistingRunbookRefs(projectRoot, refs) {
+    const texts = [];
+    for (const ref of refs) {
+        if (!ref.startsWith(RUNBOOK_DOC_PREFIX) || !ref.endsWith(".md"))
+            continue;
+        const fullPath = path.join(projectRoot, ref);
+        if (await pathExists(fullPath)) {
+            texts.push(await readText(fullPath));
+        }
+    }
+    return texts;
+}
+function removeMarkdownSections(text, headerTerms) {
+    const lines = text.split(/\r?\n/);
+    const kept = [];
+    let skippingLevel = 0;
+    for (const line of lines) {
+        const match = line.match(/^(#{1,6})\s+(.+)$/);
+        if (match) {
+            const level = match[1].length;
+            if (skippingLevel > 0 && level <= skippingLevel) {
+                skippingLevel = 0;
+            }
+            const title = match[2].toLowerCase();
+            if (skippingLevel === 0 && headerTerms.some((term) => title.includes(term.toLowerCase()))) {
+                skippingLevel = level;
+                continue;
+            }
+        }
+        if (skippingLevel === 0)
+            kept.push(line);
+    }
+    return kept.join("\n");
+}
 function validateCurrentOperatorPath(fullText, taskId, implementationDoc) {
     const section = markdownSection(fullText, CURRENT_OPERATOR_PATH_TERMS);
     if (!section) {
@@ -1568,7 +2125,8 @@ function validateCurrentOperatorPath(fullText, taskId, implementationDoc) {
         ["runbook link", ["Operator runbook", "Runbook"]],
         ["credential reference name", ["Credential reference", "Credential reference name"]],
         ["command/UI channel", ["Command/UI channel", "Command channel", "UI channel"]],
-        ["do-not-retry summary", ["Do-not-retry summary", "Do not retry summary"]]
+        ["do-not-retry summary", ["Do-not-retry summary", "Do not retry summary"]],
+        ["hard constraints", ["Hard Constraints", "Hard Constraint", "Strategy Constraints", "Strategy Constraint"]]
     ];
     for (const [label, fields] of requiredFields) {
         const value = fields.map((field) => evidenceFieldValue(section, field)).find((candidate) => candidate && candidate.trim());
@@ -1583,6 +2141,9 @@ function validateCurrentOperatorPath(fullText, taskId, implementationDoc) {
     if (!runbookValue.includes(RUNBOOK_DOC_PREFIX)) {
         errors.push(`${taskId} Current Operator Path must link a runbook/evidence document under ${RUNBOOK_DOC_PREFIX} in ${implementationDoc}`);
     }
+    if (!containsAny(section, HARD_CONSTRAINT_TERMS)) {
+        errors.push(`${taskId} Current Operator Path must promote strategy-changing recovery decisions as Hard Constraints in ${implementationDoc}`);
+    }
     return errors;
 }
 function validateGateBreakdown(fullText, taskId, implementationDoc) {