baldart 3.40.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +51 -0
- package/README.md +1 -1
- package/VERSION +1 -1
- package/framework/.claude/agents/REGISTRY.md +74 -24
- package/framework/.claude/agents/api-perf-cost-auditor.md +12 -5
- package/framework/.claude/agents/code-reviewer.md +30 -23
- package/framework/.claude/agents/codebase-architect.md +47 -43
- package/framework/.claude/agents/coder.md +29 -18
- package/framework/.claude/agents/doc-reviewer.md +55 -28
- package/framework/.claude/agents/plan-auditor.md +77 -12
- package/framework/.claude/agents/prd-card-writer.md +43 -13
- package/framework/.claude/agents/prd.md +22 -3
- package/framework/.claude/agents/qa-sentinel.md +75 -29
- package/framework/.claude/agents/security-reviewer.md +65 -10
- package/framework/.claude/agents/senior-researcher.md +8 -1
- package/framework/.claude/agents/ui-expert.md +22 -7
- package/framework/.claude/commands/check.md +31 -11
- package/framework/.claude/commands/codexreview.md +48 -29
- package/framework/.claude/commands/new.md +29 -328
- package/framework/.claude/commands/qa.md +62 -37
- package/framework/.claude/skills/context-primer/SKILL.md +29 -8
- package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
- package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
- package/framework/.claude/skills/new/SKILL.md +413 -302
- package/framework/.claude/skills/prd/SKILL.md +67 -38
- package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
- package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
- package/framework/.claude/skills/prd/assets/state-template.md +25 -3
- package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
- package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
- package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
- package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
- package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
- package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
- package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
- package/framework/.claude/skills/prd/references/research-phase.md +105 -19
- package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
- package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
- package/framework/.claude/skills/prd-add/SKILL.md +70 -20
- package/framework/.claude/skills/simplify/SKILL.md +22 -12
- package/framework/.claude/skills/ui-design/SKILL.md +26 -7
- package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
- package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
- package/framework/agents/coding-standards.md +85 -0
- package/framework/agents/index.md +2 -1
- package/framework/agents/skills-mapping.md +85 -82
- package/framework/agents/testing.md +28 -0
- package/framework/templates/baldart.config.template.yml +29 -7
- package/package.json +1 -1
- package/src/commands/configure.js +43 -9
- package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
|
@@ -19,14 +19,20 @@ Read each card from `/backlog/*.yml` to understand scope, requirements, acceptan
|
|
|
19
19
|
|
|
20
20
|
## Step 2 — Choose Audit Profile
|
|
21
21
|
|
|
22
|
-
Ask the user which audit profile to apply:
|
|
23
|
-
|
|
24
22
|
| Profile | Agents launched in parallel |
|
|
25
23
|
|---------|----------------------------|
|
|
26
24
|
| **Code + Performance** | plan-auditor, code-reviewer, doc-reviewer, api-perf-cost-auditor |
|
|
27
25
|
| **Code** | plan-auditor, code-reviewer, doc-reviewer |
|
|
28
26
|
|
|
29
|
-
|
|
27
|
+
**Default (no prompt needed):** choose **Code + Performance** when any card in scope has an
|
|
28
|
+
API/performance-sensitive surface — i.e. its `areas` includes `api` or `data`, or its
|
|
29
|
+
`files_likely_touched` includes API-route / data-access / query paths. Otherwise default to **Code**.
|
|
30
|
+
Announce the chosen profile and proceed — this keeps `/check` runnable autonomously (e.g. triggered
|
|
31
|
+
programmatically before development) without a human-in-the-loop on every run.
|
|
32
|
+
|
|
33
|
+
Only prompt with `AskUserQuestion` (the two options above) when `/check` is invoked interactively AND
|
|
34
|
+
the heuristic is ambiguous (e.g. mixed scope where the perf-sensitivity of the cards is unclear). A
|
|
35
|
+
human-present run may still override the default by passing the profile explicitly.
|
|
30
36
|
|
|
31
37
|
## Step 3 — Gather Context (lightweight)
|
|
32
38
|
|
|
@@ -51,6 +57,11 @@ Use `TaskCreate` to create one task per audit agent per card. Structure:
|
|
|
51
57
|
|
|
52
58
|
- For **N cards x M agents**, create **N x M tasks** (e.g., 5 cards x 4 agents = 20 tasks).
|
|
53
59
|
- Each task subject: `[CARD-ID] <agent-type> audit`
|
|
60
|
+
- **Set the owner/assignee on each task to its audit agent's teammate name** (the `Teammate name`
|
|
61
|
+
from the mapping in 4c) — this is the claim/lock. Each teammate processes ONLY tasks owned by it;
|
|
62
|
+
it never claims a task already owned by another teammate. If `TaskCreate` cannot set an owner at
|
|
63
|
+
creation, the teammate MUST claim atomically: skip any task whose owner is already set to a
|
|
64
|
+
different teammate, and refuse to start a task it has not successfully claimed.
|
|
54
65
|
- Each task description: contains the full card YAML content + file paths to read + PRD path + instructions.
|
|
55
66
|
|
|
56
67
|
**IMPORTANT**: Embed the full card YAML content directly in the task description so agents don't need to re-read it. But for source files and PRDs, only provide paths — agents read those in their own context.
|
|
@@ -79,14 +90,18 @@ Launch ALL teammates in a single message (parallel tool calls).
|
|
|
79
90
|
Each teammate receives this prompt:
|
|
80
91
|
|
|
81
92
|
```
|
|
82
|
-
You are the {AGENT_ROLE} for a pre-development audit team ("check-audit").
|
|
93
|
+
You are the {AGENT_ROLE} (teammate name "{TEAMMATE_NAME}") for a pre-development audit team ("check-audit").
|
|
83
94
|
|
|
84
95
|
## Your workflow
|
|
85
96
|
|
|
86
|
-
1. Call `TaskList`
|
|
87
|
-
|
|
97
|
+
1. Call `TaskList` and select ONLY the tasks whose owner/assignee is you ("{TEAMMATE_NAME}"); if the
|
|
98
|
+
task store does not expose an owner field, fall back to matching the `<agent-type>` token in the
|
|
99
|
+
task subject to your role. Ignore every other task — it belongs to another teammate.
|
|
100
|
+
2. For each of YOUR tasks (in ID order):
|
|
88
101
|
a. Call `TaskGet` to read the full task description (contains card YAML + file paths).
|
|
89
|
-
b.
|
|
102
|
+
b. **Claim it**: mark task as `in_progress` via `TaskUpdate`. If `TaskGet` shows it is already
|
|
103
|
+
`in_progress` or `completed` (another agent got it first), SKIP it — never re-process a claimed
|
|
104
|
+
task.
|
|
90
105
|
c. Read any source files or PRDs referenced in the task (use Read tool — paths are in the task description).
|
|
91
106
|
d. Perform your audit (see audit instructions below).
|
|
92
107
|
e. **Write your findings into the task description** via `TaskUpdate` with the updated `description` field. Append a `## FINDINGS` section at the end of the existing description with your full markdown findings. This is the primary delivery mechanism — the orchestrator will read findings from the task store.
|
|
@@ -163,7 +178,7 @@ Wait for all teammates to complete their tasks, then **read findings from the ta
|
|
|
163
178
|
...
|
|
164
179
|
```
|
|
165
180
|
|
|
166
|
-
**CRITICAL — Persist report to file before proceeding.** After consolidating the report, write it to `/tmp/check-audit-report-{
|
|
181
|
+
**CRITICAL — Persist report to file before proceeding.** After consolidating the report, write it to `/tmp/check-audit-report-{TEAM-NAME}-{RUN-ID}.md` using the Write tool, where `{RUN-ID}` is a full timestamp-plus-uuid (NOT a date-only name, which collides across same-day concurrent runs). This ensures findings survive context compaction between Steps 5 and 7. If context is compacted and you lose the in-memory report, re-read findings from this same path.
|
|
167
182
|
|
|
168
183
|
Present this consolidated report to the user.
|
|
169
184
|
|
|
@@ -175,7 +190,7 @@ Use `SendMessage` with `type: "shutdown_request"` to gracefully shut down all te
|
|
|
175
190
|
|
|
176
191
|
**Goal**: Transform each card from "audited" to "implementation-ready" by editing its structured YAML fields directly. Do not just append a checklist to `notes`.
|
|
177
192
|
|
|
178
|
-
**Read findings from the persisted report file** (`/tmp/check-audit-report-{
|
|
193
|
+
**Read findings from the persisted report file** (the exact `/tmp/check-audit-report-{TEAM-NAME}-{RUN-ID}.md` path written in Step 5) rather than from context memory.
|
|
179
194
|
|
|
180
195
|
### 7a. Field mapping rules
|
|
181
196
|
|
|
@@ -189,7 +204,7 @@ For each finding in the report, apply edits to the card YAML based on the `[Targ
|
|
|
189
204
|
| `[Target: files_likely_touched]` | `files_likely_touched` | Append the missing file path. Never duplicate an existing path. |
|
|
190
205
|
| `[Target: depends_on]` | `depends_on` | Append the missing card ID to the list. |
|
|
191
206
|
| `[Target: areas]` | `areas` | Add the missing area key/value (e.g., `docs: [path]`). |
|
|
192
|
-
| `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from <base-branch>` (derive slug from card title). |
|
|
207
|
+
| `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from <base-branch>` (derive slug from card title; resolve `<base-branch>` from `git.trunk_branch` in `baldart.config.yml`, or autodetect if absent). |
|
|
193
208
|
| `[Target: unknowns]` | `unknowns` | Append a new `[U-N] UNKNOWN: ...` entry if the finding surfaces a genuine unknown. |
|
|
194
209
|
| `[Target: notes]` | `notes` | Do NOT edit structured fields — collect these into the audit trail summary only (Step 7b). |
|
|
195
210
|
|
|
@@ -222,7 +237,12 @@ For each card:
|
|
|
222
237
|
|
|
223
238
|
## Step 8 — Commit
|
|
224
239
|
|
|
225
|
-
1.
|
|
240
|
+
1. Validate ONLY the files you changed. `/check` edits backlog card YAML (and at most a note line) —
|
|
241
|
+
it never touches application code, so running the project's lint/build (which may require compiled
|
|
242
|
+
assets, a database, or env vars) here would fail spuriously and block the commit for no benefit.
|
|
243
|
+
Instead, run the cheap, meaningful check: markdownlint / a YAML parse on the modified card files
|
|
244
|
+
(e.g. `npx markdownlint-cli2 <changed .md>` and/or a `js-yaml` / `yq` parse of each changed `.yml`)
|
|
245
|
+
to confirm they are well-formed. If a check is unavailable, note it and proceed.
|
|
226
246
|
2. Stage only the modified backlog card files.
|
|
227
247
|
3. Commit with message: `[CARD-ID] Apply pre-dev audit findings from /check`.
|
|
228
248
|
4. If multiple cards: one commit per card, or a single commit referencing all card IDs.
|
|
@@ -21,8 +21,12 @@ If `/codexreview` is invoked **without card IDs**, infer them from context in th
|
|
|
21
21
|
2. **In-progress backlog cards**: run `grep -rl "status: IN_PROGRESS" /backlog/*.yml` and read their `id` fields.
|
|
22
22
|
3. **Current branch name**: parse the branch name (e.g. `feat/FEAT-0123-slug` → `FEAT-0123`).
|
|
23
23
|
|
|
24
|
+
The patterns above (`FEAT-`, `BUG-`, `TECH-`, `UI-`) are BALDART's default taxonomy; consumer
|
|
25
|
+
projects with a different convention (e.g. JIRA-style `PROJ-123`) should extend the match list to
|
|
26
|
+
their own prefixes. If 0 IDs match, fall through to `AskUserQuestion` rather than guessing.
|
|
27
|
+
|
|
24
28
|
Deduplicate, then:
|
|
25
|
-
- If exactly 1–3 cards are inferred: announce them ("Inferred cards from context: FEAT-XXXX, FEAT-YYYY") and proceed.
|
|
29
|
+
- If exactly 1–3 cards are inferred: announce them ("Inferred cards from context: FEAT-XXXX, FEAT-YYYY") and proceed. [DESIGN-CHOICE: cap at 3 to prevent token-budget saturation in a single orchestrator context; larger batch should be split into separate runs]
|
|
26
30
|
- If 0 or more than 3 are inferred: ask the user to specify which cards to review using `AskUserQuestion`. Do not guess.
|
|
27
31
|
|
|
28
32
|
---
|
|
@@ -52,17 +56,17 @@ For the (single) card in scope, check for `/tmp/codexreview-lean-<CARD-ID>.json`
|
|
|
52
56
|
- `arch_baseline_path` readable → **skip Step 1** (do NOT re-spawn `codebase-architect`); load the
|
|
53
57
|
baseline from that file and ALSO attach the `diff_summary_path` contents to every review agent so
|
|
54
58
|
they see what changed against the existing-architecture map. *(A1)*
|
|
55
|
-
- `skip_doc_reviewer: true` → **omit agent #
|
|
59
|
+
- `skip_doc_reviewer: true` → **omit agent #3 (`doc-reviewer`)** in Step 2. Doc concerns are covered
|
|
56
60
|
by `/new` Phase 3, which runs `doc-reviewer` (with the spec/docs-drift lens) on the same diff
|
|
57
61
|
immediately before this gate. *(A2)*
|
|
58
|
-
- `profile: "light"` → ALSO omit agent #2 (`
|
|
59
|
-
**agent #
|
|
62
|
+
- `profile: "light"` → ALSO omit agent #2 (`api-perf-cost-auditor`),
|
|
63
|
+
**agent #4 (Codex adversarial)** (since v3.38.0), and **skip Step 3.5 (CoVe)**. Only agent #1
|
|
60
64
|
(`code-reviewer`) and the Step 3 false-positive gate run. The Codex adversarial pass is the
|
|
61
65
|
prerogative of `full` and of the final cross-check — every `light` card's code is still reviewed
|
|
62
66
|
by Codex adversarial at the unconditional Final-review FULL gate before merge (see `/new`
|
|
63
67
|
"Final-review FULL gate"), and any high-risk diff trigger escalates the card to `full` per-card
|
|
64
68
|
so it gets Codex adversarial immediately. *(B1)*
|
|
65
|
-
- `profile: "full"` (or missing) → full agent set incl. Codex adversarial, minus #
|
|
69
|
+
- `profile: "full"` (or missing) → full agent set incl. Codex adversarial, minus #3 if `skip_doc_reviewer`.
|
|
66
70
|
|
|
67
71
|
**Invariant**: lean mode NEVER suppresses the run itself — at minimum `code-reviewer` + the Step 3
|
|
68
72
|
FP-gate execute on every card (`light`); `full` additionally runs the Codex adversarial pass. If the
|
|
@@ -83,9 +87,9 @@ For each provided card ID:
|
|
|
83
87
|
- `acceptance_criteria`
|
|
84
88
|
- `entrypoints`
|
|
85
89
|
- `files_likely_touched` (if present)
|
|
86
|
-
3. Gather git evidence:
|
|
90
|
+
3. Gather git evidence (resolve `<trunk>` from `git.trunk_branch` in `baldart.config.yml`; if absent, autodetect the integration branch):
|
|
87
91
|
- `git log --oneline --all --grep "<CARD-ID>"`
|
|
88
|
-
- `git diff --name-only
|
|
92
|
+
- `git diff --name-only <trunk>...HEAD` (fallback to `git diff --name-only HEAD~1`)
|
|
89
93
|
4. Build `review_scope_files` as union of card-indicated files + git-touched files.
|
|
90
94
|
5. Persist scope context to `/tmp/codexreview-<CARD-ID>-scope.md`.
|
|
91
95
|
|
|
@@ -131,29 +135,32 @@ Defaults per agent (override only if scope is unusually small/large):
|
|
|
131
135
|
| Agent | file_reads | bash_calls | search_docs |
|
|
132
136
|
|---|---|---|---|
|
|
133
137
|
| `code-reviewer` | 15 | 25 | 5 |
|
|
134
|
-
| `qa-sentinel` | 15 | 25 | 5 |
|
|
135
138
|
| `api-perf-cost-auditor` | 15 | 25 | 5 |
|
|
136
139
|
| `doc-reviewer` | 20 | 25 | 8 |
|
|
137
140
|
|
|
138
|
-
Codex (agent #
|
|
141
|
+
Codex (agent #4, via Bash + companion script) does NOT receive this block — it manages its own context.
|
|
139
142
|
|
|
140
143
|
### Agents
|
|
141
144
|
|
|
142
145
|
Launch these agents in parallel for each card:
|
|
143
146
|
|
|
144
147
|
1. `code-reviewer` — functional bugs, regressions, logic flaws
|
|
145
|
-
2. `
|
|
146
|
-
3. `
|
|
147
|
-
4.
|
|
148
|
-
|
|
148
|
+
2. `api-perf-cost-auditor` — API/data/performance/cost defects
|
|
149
|
+
3. `doc-reviewer` — spec/docs drift that can cause incorrect behavior
|
|
150
|
+
4. **Codex (a non-Anthropic frontier reviewer, e.g. `gpt-5`)** — adversarial review via `codex-companion.mjs`
|
|
151
|
+
|
|
152
|
+
> `qa-sentinel` is intentionally NOT in this set. It is a mechanical gate-runner (lint / tsc / tests /
|
|
153
|
+
> build / audit → PASS/FAIL); it cannot read source files or perform the source-level review this step
|
|
154
|
+
> requires. Gate-running for the card happens in the QA flow, not in this deep-review parallel set.
|
|
149
155
|
|
|
150
156
|
> **Lean agent set (Step -0.5)**: when a contract file is active, launch only the agents the resolved
|
|
151
|
-
> mode permits — `skip_doc_reviewer` omits #
|
|
152
|
-
> (Codex adversarial)** (since v3.38.0). At `light`, only agent #1
|
|
153
|
-
> Step 3 FP-gate). At `full` (and in full mode with no contract
|
|
154
|
-
> included). The standalone `/codexreview <CARD-ID>` invocation (no
|
|
157
|
+
> mode permits — `skip_doc_reviewer` omits #3 (`doc-reviewer`); `profile: light` additionally omits #2
|
|
158
|
+
> (`api-perf-cost-auditor`) AND **#4 (Codex adversarial)** (since v3.38.0). At `light`, only agent #1
|
|
159
|
+
> (`code-reviewer`) launches (+ the Step 3 FP-gate). At `full` (and in full mode with no contract
|
|
160
|
+
> file), launch all four (Codex #4 included). The standalone `/codexreview <CARD-ID>` invocation (no
|
|
161
|
+
> contract) is always full.
|
|
155
162
|
|
|
156
|
-
**Codex invocation rules (agent #
|
|
163
|
+
**Codex invocation rules (agent #4):**
|
|
157
164
|
|
|
158
165
|
Codex is NOT invoked via the `Agent` tool (the `codex:codex-rescue` subagent_type is not registered in the harness). Instead, invoke it directly with Bash:
|
|
159
166
|
|
|
@@ -164,12 +171,21 @@ node "$PLUGIN_ROOT/scripts/codex-companion.mjs" task \
|
|
|
164
171
|
--wait
|
|
165
172
|
```
|
|
166
173
|
|
|
167
|
-
-
|
|
174
|
+
- **Path-safety (MUST)**: the `<file list>` is built from `review_scope_files` (card-indicated +
|
|
175
|
+
git-touched paths). Before interpolating any path into a shell command, pass each path as a
|
|
176
|
+
separate, properly-quoted argument — never splice an unvalidated, unquoted path into a command
|
|
177
|
+
string, and never feed the list through `xargs -I{} git show HEAD:{}` (an unquoted `{}` lets a
|
|
178
|
+
crafted path inject shell metacharacters). When you must read a tree blob, validate the path
|
|
179
|
+
against `review_scope_files` and quote it (`git show "HEAD:$path"` with `$path` from a vetted
|
|
180
|
+
array), or read the working-tree file directly with the `Read` tool.
|
|
181
|
+
- Use `--wait` to get results synchronously in the same turn. Run this Codex call ONLY as a
|
|
182
|
+
foreground `--wait` invocation — do NOT also pass it to `run_in_background` in the same call;
|
|
183
|
+
`--wait` already blocks for the synchronous result and the two are mutually exclusive.
|
|
168
184
|
- The `PLUGIN_ROOT` discovery handles version upgrades automatically.
|
|
169
185
|
- Capture stdout verbatim in a `codex_raw_output` field, then normalize each Codex finding into the schema.
|
|
170
|
-
- If Codex exits non-zero or the script is not found, log `CODEX_UNAVAILABLE` with the error and continue with the remaining
|
|
186
|
+
- If Codex exits non-zero or the script is not found, log `CODEX_UNAVAILABLE` with the error and continue with the remaining 3 agents. Do not block the run.
|
|
171
187
|
|
|
172
|
-
Each agent (1–
|
|
188
|
+
Each agent (1–3) MUST return findings using this schema:
|
|
173
189
|
|
|
174
190
|
- `finding_id`: unique ID (`<CARD-ID>-F###`)
|
|
175
191
|
- `title`
|
|
@@ -182,7 +198,7 @@ Each agent (1–4) MUST return findings using this schema:
|
|
|
182
198
|
- `risk_if_unfixed`
|
|
183
199
|
- `minimal_fix_direction`
|
|
184
200
|
|
|
185
|
-
Codex findings (agent #
|
|
201
|
+
Codex findings (agent #4) are normalized into the same schema after capture, with `source: "codex"` appended.
|
|
186
202
|
|
|
187
203
|
No generic findings allowed. Every finding must have concrete evidence.
|
|
188
204
|
|
|
@@ -190,10 +206,10 @@ No generic findings allowed. Every finding must have concrete evidence.
|
|
|
190
206
|
|
|
191
207
|
## Step 3 — Mandatory False-Positive Check
|
|
192
208
|
|
|
193
|
-
Collect all findings from Step 2 — including normalized Codex findings — into a single pool, then run independent validation in parallel for each finding:
|
|
209
|
+
Collect all findings from Step 2 — including normalized Codex findings — into a single pool, then run independent validation in parallel for each finding. Both validators must be **code-aware** (able to read the source and reason about the claimed behavior) — `qa-sentinel` is excluded here because it is a mechanical gate-runner that cannot read source files:
|
|
194
210
|
|
|
195
|
-
1.
|
|
196
|
-
2. Behavior validator: `
|
|
211
|
+
1. Path/pattern validator: `codebase-architect` — confirms the cited file/symbol exists and the structural claim holds.
|
|
212
|
+
2. Behavior validator: `code-reviewer` — reads the cited code and confirms or refutes the claimed runtime behavior.
|
|
197
213
|
|
|
198
214
|
Classify each finding strictly as:
|
|
199
215
|
|
|
@@ -215,8 +231,8 @@ Only `VERIFIED` findings can be reported as bugs.
|
|
|
215
231
|
|
|
216
232
|
After Step 3 false-positive gating, the orchestrator runs ONE additional Chain-of-Verification pass on the consolidated VERIFIED pool. This catches two failure modes the per-agent CoVe doesn't:
|
|
217
233
|
|
|
218
|
-
1. **Cross-agent echo
|
|
219
|
-
2. **Undetected ripple effects**: a VERIFIED finding is real but its scope is wider than reported (e.g. "missing
|
|
234
|
+
1. **Cross-agent echo hallucination**: 2+ agents independently produce the same hallucinated finding (e.g. wrong file path that "looks plausible") and reinforce each other through Step 3 cross-validation.
|
|
235
|
+
2. **Undetected ripple effects**: a VERIFIED finding is real but its scope is wider than reported (e.g. "an authz guard is missing on route X" is true, but routes Y and Z have the same gap and weren't flagged).
|
|
220
236
|
|
|
221
237
|
### Procedure
|
|
222
238
|
|
|
@@ -224,7 +240,7 @@ For each VERIFIED finding in the pool, generate ONE residual verification questi
|
|
|
224
240
|
|
|
225
241
|
> "If this finding is true, which OTHER file or function SHOULD also be modified and is not currently flagged?"
|
|
226
242
|
|
|
227
|
-
Execute targeted grep/read commands (max 10 total across all findings — shared budget). Two outcomes:
|
|
243
|
+
Execute targeted grep/read commands (max 10 total across all findings — shared budget [DESIGN-CHOICE: limits CoVe cost to a bounded constant regardless of finding count; findings not reached are tagged `cove_unverified`]). Two outcomes:
|
|
228
244
|
|
|
229
245
|
- **Verification expands the finding**: append a `ripple_files: [<paths>]` field to the finding's evidence, and bump severity by one level if ≥2 ripple files found. Note: `[ripple-expanded]` tag.
|
|
230
246
|
- **Verification disproves the finding**: cross-validators were both fooled. Move the finding to `Hallucinated findings dropped (post-validation CoVe)` with the falsifying evidence quoted. Do NOT report as a bug.
|
|
@@ -239,7 +255,10 @@ Execute targeted grep/read commands (max 10 total across all findings — shared
|
|
|
239
255
|
|
|
240
256
|
## Step 4 — Final Report
|
|
241
257
|
|
|
242
|
-
Write one consolidated report per run to `/tmp/codexreview-report-<
|
|
258
|
+
Write one consolidated report per run to `/tmp/codexreview-report-<CARD-ID>-<RUN-ID>.md`, where
|
|
259
|
+
`<RUN-ID>` is a full timestamp-plus-uuid (e.g. `20260601T142233Z-a1b2c3`) — a date-only name collides
|
|
260
|
+
across same-day concurrent runs. Return this exact path to the caller; downstream consumers must use
|
|
261
|
+
the returned path, never reconstruct it via wildcard/timestamp guess.
|
|
243
262
|
|
|
244
263
|
Report structure:
|
|
245
264
|
|
|
@@ -1,332 +1,33 @@
|
|
|
1
1
|
---
|
|
2
|
-
description: Orchestrate a team of specialized agents to implement one or more backlog cards end-to-end, with code review, doc review, and commit for each.
|
|
2
|
+
description: Orchestrate a team of specialized agents to implement one or more backlog cards end-to-end, with code review, doc review, QA, and commit for each.
|
|
3
3
|
allowed-tools: Bash, Task, Edit, Write, Read, Grep, Glob, WebFetch, WebSearch, TaskCreate, TaskUpdate, TaskList, TaskGet, TeamCreate, TeamDelete, SendMessage
|
|
4
4
|
---
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
Branch: [feat/FEAT-XXXX-slug]
|
|
35
|
-
Path: [../wt/feat-FEAT-XXXX-slug]
|
|
36
|
-
Group parent: [FEAT-XXXX or "standalone"]
|
|
37
|
-
Main repo: [/absolute/path/to/main/repo]
|
|
38
|
-
|
|
39
|
-
## Card Queue
|
|
40
|
-
- [ ] CARD-001 — [title from backlog]
|
|
41
|
-
- [ ] CARD-002 — [title from backlog]
|
|
42
|
-
...
|
|
43
|
-
|
|
44
|
-
## Completed Cards
|
|
45
|
-
(none yet)
|
|
46
|
-
|
|
47
|
-
## Current Card
|
|
48
|
-
(none — starting pre-flight)
|
|
49
|
-
|
|
50
|
-
## Issues & Flags
|
|
51
|
-
(none yet)
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
### Update rules
|
|
55
|
-
|
|
56
|
-
- **Before starting a card**: move it to `## Current Card` with phase info.
|
|
57
|
-
- **After each phase**: update the current card's phase status in the tracker.
|
|
58
|
-
- **After completing a card**: move it from `Current Card` to `## Completed Cards` with:
|
|
59
|
-
- Commit hash
|
|
60
|
-
- One-line summary of what was implemented
|
|
61
|
-
- Any flags/issues found
|
|
62
|
-
- Code review result (pass/fail + fixes)
|
|
63
|
-
- Doc review result (pass/fail + what was added)
|
|
64
|
-
- Test results (new + existing count, pass/fail)
|
|
65
|
-
- Fix cycles count
|
|
66
|
-
- QA result (profile used: skip/light/balanced/deep | verdict: PASS/FAIL/SKIP | confidence % | findings: N blockers, N majors)
|
|
67
|
-
- QA findings file (e.g. `/qa/FEAT-XXXX.md` or "skipped")
|
|
68
|
-
- **When blocked**: log the blocker in `## Issues & Flags`.
|
|
69
|
-
- **On context recovery**: if you ever feel lost or after context compaction, IMMEDIATELY read your tracker file (`/tmp/batch-tracker-<FIRST-CARD-ID>.md`) to restore your state.
|
|
70
|
-
|
|
71
|
-
---
|
|
72
|
-
|
|
73
|
-
## Pre-flight (once)
|
|
74
|
-
|
|
75
|
-
1. Read each backlog card from `/backlog/*.yml` to understand scope and dependencies.
|
|
76
|
-
2. Check `docs/references/project-status.md` for current state.
|
|
77
|
-
3. Determine which cards can run in **parallel** (no shared files/components) vs which must be **sequential** (dependencies or overlapping paths). Use `group.sequence` to determine execution order within a group.
|
|
78
|
-
4. **Worktree grouping** (automated from card metadata — do NOT ask the user if metadata is complete):
|
|
79
|
-
a. Check each card's `group.parent` field.
|
|
80
|
-
b. If all cards share the same `group.parent` → ONE worktree, branch derived from parent card.
|
|
81
|
-
c. If cards have no `group.parent` but share a common ID prefix (e.g., `FEAT-0396-*`) → suggest grouping to user.
|
|
82
|
-
d. If cards are unrelated (no shared parent, no common prefix) → each gets its own worktree.
|
|
83
|
-
e. Read the parent/epic card for `git_strategy.branch` if set; otherwise derive branch name per AGENTS.md naming convention: `feat/<PARENT-ID>-<slug>`.
|
|
84
|
-
f. If `group.parent` is set AND the parent card has `git_strategy.branch` → use it directly, NO questions asked.
|
|
85
|
-
5. **Create worktree(s)**:
|
|
86
|
-
a. Ensure the base branch is clean: `git checkout <base-branch> && git pull`.
|
|
87
|
-
b. For each worktree group:
|
|
88
|
-
- Create: `git worktree add ../wt/<branch-name> -b <branch-name>`.
|
|
89
|
-
- Copy environment files if needed: `cp <main-repo>/.env.local <worktree-path>/.env.local 2>/dev/null`.
|
|
90
|
-
- Install dependencies in worktree (e.g., `npm install`, `pip install`, etc.).
|
|
91
|
-
- Verify build in worktree.
|
|
92
|
-
- If build fails → STOP, report, do NOT continue.
|
|
93
|
-
c. Switch working directory to worktree for all subsequent operations.
|
|
94
|
-
6. Create the tracking file `/tmp/batch-tracker-<FIRST-CARD-ID>.md` (include worktree path and branch name).
|
|
95
|
-
7. Create a task list to track progress across all cards.
|
|
96
|
-
|
|
97
|
-
---
|
|
98
|
-
|
|
99
|
-
## QA Profile Selector
|
|
100
|
-
|
|
101
|
-
Before Phase 3.5, determine the review profile for each card. **Primary path (since v3.38.0): READ the card's `review_profile` field** (`skip|light|balanced|deep`), computed deterministically by the PRD `prd-card-writer` (SSOT). Use it verbatim — do NOT recompute. **Fallback (legacy cards with no field): compute** from the table below (the SKILL.md version is authoritative — keep in sync with `prd-card-writer.md § Rule C`).
|
|
102
|
-
|
|
103
|
-
| Profile | When to apply (fallback compute only) |
|
|
104
|
-
|---------|--------------|
|
|
105
|
-
| **SKIP** | Card type is `docs`, `chore`, or `config` — OR all changed paths are `.md`/`.yml` (non-API)/CSS with zero logic files — OR title contains only cosmetic keywords (typo, rename, copy, wording, style) with no code areas |
|
|
106
|
-
| **LIGHT** | 5 or fewer files likely touched — AND no HIGH-risk keywords in paths/areas — OR card type is `bugfix` with small scope — OR pure refactoring with no logic change |
|
|
107
|
-
| **BALANCED** | Default for all `feature` / `enhancement` cards not matching LIGHT or DEEP rules |
|
|
108
|
-
| **DEEP** | ANY of: areas includes both `api` + `data` — OR paths/title contain `auth`, `payment`, `permission`, `schema`, `migration`, `cron`, `webhook`, `transaction` — OR >15 files likely touched — OR acceptance criteria count > 5 — OR DB indexes changed — OR API contract changed |
|
|
109
|
-
|
|
110
|
-
When in doubt between LIGHT and BALANCED, use BALANCED. When in doubt between BALANCED and DEEP, use DEEP.
|
|
111
|
-
|
|
112
|
-
---
|
|
113
|
-
|
|
114
|
-
## Per-card pipeline
|
|
115
|
-
|
|
116
|
-
For each card, execute these phases in order:
|
|
117
|
-
|
|
118
|
-
### Phase 1 — Claim & Context
|
|
119
|
-
1. **Update tracker**: set current card, phase = "1-claim".
|
|
120
|
-
2. Set the card status to `IN_PROGRESS` and assign yourself.
|
|
121
|
-
3. Update `docs/references/project-status.md` Active Code Context.
|
|
122
|
-
4. Invoke the **codebase-architect** agent (MUST per AGENTS.md) to understand the relevant codebase area, existing patterns, and architecture before any implementation.
|
|
123
|
-
5. **Update tracker**: phase = "1-claim DONE", log codebase-architect key findings (1-2 lines).
|
|
124
|
-
|
|
125
|
-
### Phase 2 — Implement (self-healing, up to 3 retries)
|
|
126
|
-
6. **Update tracker**: phase = "2-implement".
|
|
127
|
-
7. Create an agent team of **coder** agent (or appropriate specialist from `.claude/agents/REGISTRY.md`) to implement the card. Pass the codebase-architect findings as context.
|
|
128
|
-
8. Run tests (if they exist), build, and lint to verify everything passes.
|
|
129
|
-
9. **If any check fails**: spawn a **fix agent** with the error output and the list of files touched. Do NOT ask the user — just fix and re-run. Fix the code, not the tests (unless the test itself is wrong). Repeat up to **3 times**.
|
|
130
|
-
10. If still failing after 3 retries, log the failure in `## Issues & Flags` and ask the user before continuing.
|
|
131
|
-
11. **Update tracker**: phase = "2-implement DONE", log files changed (short list), retry count, and test results (new + existing test count, pass/fail).
|
|
132
|
-
|
|
133
|
-
### Phase 3 — Review (parallel read-only audits, then single fix pass)
|
|
134
|
-
12. **Update tracker**: phase = "3-review".
|
|
135
|
-
13. Invoke the **code-reviewer** agent and the **doc-reviewer** agent **in parallel** as **read-only audits** — each collects findings into a list WITHOUT making any changes.
|
|
136
|
-
14. **Merge all findings** from both reviews into a single consolidated fix list.
|
|
137
|
-
15. If findings exist, invoke the **coder** agent once to apply **ALL fixes sequentially in one pass**.
|
|
138
|
-
16. Run tests (if they exist), lint, and build once at the end to verify everything passes. If any check fails, apply the same self-healing retry loop (up to 3 times, no user prompt).
|
|
139
|
-
17. **Update tracker**: phase = "3-review DONE", log review findings count, fixes applied, and test results.
|
|
140
|
-
|
|
141
|
-
### Phase 3.5 — QA Validation
|
|
142
|
-
|
|
143
|
-
18. **Update tracker**: phase = "3.5-qa".
|
|
144
|
-
19. **Select QA profile**: read the card's `review_profile` field (use verbatim); only compute from the QA Profile Selector table above when the field is absent (legacy card). Log the chosen profile and source (`from card` | `computed`) in the tracker (1 line).
|
|
145
|
-
20. **If profile is SKIP**: log "QA skipped — [reason]" in the tracker. Proceed to Phase 4.
|
|
146
|
-
21. **If profile is LIGHT, BALANCED, or DEEP**: invoke the **`qa-sentinel`** agent (subagent_type: `qa-sentinel`) via Task tool with the following context:
|
|
147
|
-
|
|
148
|
-
```
|
|
149
|
-
Run [QUICK | FULL] VALIDATION MODE on card <CARD-ID>.
|
|
150
|
-
|
|
151
|
-
Context:
|
|
152
|
-
- Worktree path: <worktree-path>
|
|
153
|
-
- Branch: <branch-name>
|
|
154
|
-
- Latest commit: <hash> <message>
|
|
155
|
-
- Changed files: <list from implementation phase>
|
|
156
|
-
- Risk level: [Low | Medium | High]
|
|
157
|
-
- QA profile selected: [light | balanced | deep]
|
|
158
|
-
|
|
159
|
-
Profile → mode mapping:
|
|
160
|
-
- light → QUICK VALIDATION MODE
|
|
161
|
-
- balanced → FULL VALIDATION MODE
|
|
162
|
-
- deep → FULL VALIDATION MODE (plus: run e2e smoke suite if configured)
|
|
163
|
-
|
|
164
|
-
After running all gates, write the complete QA Report to:
|
|
165
|
-
/qa/<CARD-ID>.md
|
|
166
|
-
|
|
167
|
-
Use the findings file format defined in /qa/README.md.
|
|
168
|
-
Return your full structured QA Report and final verdict.
|
|
169
|
-
```
|
|
170
|
-
|
|
171
|
-
22. **Read qa-sentinel's output.** Verify the findings file was written to `/qa/<CARD-ID>.md`.
|
|
172
|
-
23. **If QA verdict is FAIL**:
|
|
173
|
-
- Spawn the **coder** agent to fix all BLOCKER findings (pass it the findings file path + list of blockers). Do NOT ask the user.
|
|
174
|
-
- After coder fixes, re-invoke `qa-sentinel` in the same mode to re-validate. Repeat up to **2 times**.
|
|
175
|
-
- If still FAIL after 2 retries: log in `## Issues & Flags` and **ask the user** whether to proceed or stop.
|
|
176
|
-
- The commit in Phase 4 MUST NOT happen until QA verdict is PASS (or user explicitly overrides).
|
|
177
|
-
24. **Update tracker**: phase = "3.5-qa DONE", log: profile used, verdict (PASS/FAIL/SKIP), confidence %, findings count (blockers/majors/minors), findings file path.
|
|
178
|
-
|
|
179
|
-
### Phase 4 — Commit (in worktree, NO merge yet)
|
|
180
|
-
25. **Update tracker**: phase = "4-commit".
|
|
181
|
-
26. Stage and commit **all changes together** in the worktree using format `[CARD-ID] Brief description` (MUST per AGENTS.md). Include all relevant files — implementation, review fixes, QA-driven fixes, and doc updates in a single commit. Do NOT merge or push yet — that happens post-batch.
|
|
182
|
-
- **IMPORTANT — atomic staging**: Always combine `git add` and `git commit` in a single chained command so staging is never lost on retry:
|
|
183
|
-
```
|
|
184
|
-
cd <worktree-path> && git add -A && git commit -m "[CARD-ID] Brief description"
|
|
185
|
-
```
|
|
186
|
-
- **If commit fails** (e.g., lint-staged or pre-commit hook error): re-run the **same full command** (`git add -A && git commit ...`). Never run `git commit` alone after a failure — the staging area may have been altered by lint-staged auto-fixes.
|
|
187
|
-
27. Update the backlog card: set status to `DONE`, add implementation notes.
|
|
188
|
-
28. **Update tracker**: move card to `## Completed Cards` with commit hash, summary, and flags.
|
|
189
|
-
|
|
190
|
-
### Sub-agent failure protocol
|
|
191
|
-
- If any sub-agent **crashes or errors** during any phase: log the failure in the tracker, **attempt the work yourself directly**, and note it in the final report.
|
|
192
|
-
- Never block the pipeline waiting for a failed agent — recover and continue.
|
|
193
|
-
|
|
194
|
-
### Phase 5 — Context Clean & Continue
|
|
195
|
-
29. Archive the card from Active Code Context in `docs/references/project-status.md`.
|
|
196
|
-
30. **CONTEXT PURGE**: After updating the tracker, deliberately forget the implementation details of this card. From this point forward, you should NOT reference any code, file contents, or review details from this card — only the summary in the tracker. If you need to recall what happened, read the tracker file. This keeps your working context lean for the next card.
|
|
197
|
-
31. **Update tracker**: clear `## Current Card`, move to next pending card.
|
|
198
|
-
32. Move to the next card.
|
|
199
|
-
|
|
200
|
-
---
|
|
201
|
-
|
|
202
|
-
## Final review (after all cards)
|
|
203
|
-
|
|
204
|
-
Once ALL cards are committed in the worktree:
|
|
205
|
-
1. **Read the tracker file** to get the full picture of what was implemented.
|
|
206
|
-
2. Invoke the **code-reviewer** agent and the **doc-reviewer** agent **in parallel** for a holistic review across all implementations — check for inconsistencies, duplicated logic, integration gaps between cards, and missing documentation.
|
|
207
|
-
3. **Persist findings to file.** Write the consolidated final review findings to `/tmp/batch-final-review-<FIRST-CARD-ID>.md` using the Write tool. This ensures findings survive context compaction. If context is compacted before fixes are applied, re-read from this file.
|
|
208
|
-
4. **Auto-apply fixes.** If findings exist, invoke the **coder** agent once to apply ALL fixes in a single pass (same pattern as Phase 3 per-card review). Run tests (if they exist), lint, and build to verify. If any check fails, apply the self-healing retry loop (up to 3 times).
|
|
209
|
-
5. Run build one final time in the worktree to confirm stability.
|
|
210
|
-
6. **Update tracker** with final review results (findings count, fixes applied, build status).
|
|
211
|
-
7. **Proceed to Phase 6** (post-batch merge & cleanup).
|
|
212
|
-
8. Present a **single summary report** to the user per card (and a batch summary at the end):
|
|
213
|
-
- **Files changed** (short list per card)
|
|
214
|
-
- **Test results** (new tests + existing tests count, pass rate at each iteration)
|
|
215
|
-
- **Build/lint status** (pass + retry count if any)
|
|
216
|
-
- **Fix cycles** (total number of self-healing retries across phases)
|
|
217
|
-
- **Review findings fixed** (count and brief description)
|
|
218
|
-
- **QA result** (profile: skip/light/balanced/deep | verdict: PASS/FAIL/SKIP | confidence % | findings: N blockers, N majors, N minors | findings file path)
|
|
219
|
-
- **Issues needing user attention** (anything unresolved, partially wired, or flagged)
|
|
220
|
-
- **Commit hashes** (from tracker)
|
|
221
|
-
- **Merge commit hash** (from Phase 6)
|
|
222
|
-
- **Worktree cleanup status** (success/failed)
|
|
223
|
-
- Overall implementation status
|
|
224
|
-
9. **Proceed to Phase 7** (production readiness checklist).
|
|
225
|
-
|
|
226
|
-
---
|
|
227
|
-
|
|
228
|
-
## Phase 6 — Post-batch merge & cleanup
|
|
229
|
-
|
|
230
|
-
After the final review passes AND all cards are committed in the worktree:
|
|
231
|
-
|
|
232
|
-
### 6a. Push feature branch
|
|
233
|
-
1. From the worktree directory: `git push -u origin <branch-name>`.
|
|
234
|
-
|
|
235
|
-
### 6b. Merge into base branch
|
|
236
|
-
2. Switch to main repo: `cd <main-repo-path>` (read from tracker `## Worktree > Main repo`).
|
|
237
|
-
3. `git checkout <base-branch> && git pull`.
|
|
238
|
-
4. `git merge --no-ff <branch-name>`.
|
|
239
|
-
5. **If merge conflicts** → STOP immediately, report conflicting files to user. Do NOT auto-resolve.
|
|
240
|
-
|
|
241
|
-
### 6c. Verify post-merge integrity
|
|
242
|
-
6. Run build — must pass.
|
|
243
|
-
7. Run tests — must pass (if tests exist).
|
|
244
|
-
8. **If anything fails** → STOP, report. Do NOT delete branch or worktree.
|
|
245
|
-
|
|
246
|
-
### 6d. Push base branch
|
|
247
|
-
9. `git push`.
|
|
248
|
-
|
|
249
|
-
### 6e. Cleanup
|
|
250
|
-
10. Delete local branch: `git branch -d <branch-name>`.
|
|
251
|
-
11. Delete remote branch: `git push origin --delete <branch-name>`.
|
|
252
|
-
12. Remove worktree: `git worktree remove ../wt/<branch-name>`.
|
|
253
|
-
13. Prune: `git worktree prune`.
|
|
254
|
-
14. **Update tracker**: log merge commit hash, cleanup status.
|
|
255
|
-
|
|
256
|
-
### Fail-safe rules
|
|
257
|
-
- Never force push.
|
|
258
|
-
- Never delete a branch before successful merge.
|
|
259
|
-
- Never remove a worktree before confirming the base branch is stable.
|
|
260
|
-
- Stop execution immediately if any command fails.
|
|
261
|
-
|
|
262
|
-
---
|
|
263
|
-
|
|
264
|
-
## Phase 7 — Production Readiness Checklist
|
|
265
|
-
|
|
266
|
-
After Phase 6 completes (or after the final summary report if Phase 6 is deferred), present a **Production Readiness Checklist** — a clear list of all manual or infrastructure actions required to launch the implemented changes in production.
|
|
267
|
-
|
|
268
|
-
### How to detect items
|
|
269
|
-
|
|
270
|
-
Scan ALL files changed across the batch (use the tracker's completed cards + `git diff` against the base branch) and check for:
|
|
271
|
-
|
|
272
|
-
| Category | Detection signal | Action to report |
|
|
273
|
-
|----------|-----------------|------------------|
|
|
274
|
-
| **DB indexes** | New/modified index config files, or code using new compound queries | Deploy indexes (e.g., `firebase deploy --only firestore:indexes`, run migrations, etc.) |
|
|
275
|
-
| **DB security/access rules** | New/modified access rule files | Deploy updated rules |
|
|
276
|
-
| **Environment variables** | New `process.env.*` references not present in the base branch, new entries in `.env.example` | Add to hosting platform settings (list each var name) |
|
|
277
|
-
| **Scheduled functions / cron** | New or modified cron/scheduled functions | Deploy functions |
|
|
278
|
-
| **Database migrations** | New collections/tables, field renames, data backfills referenced in code or ADRs | Run migration script (specify which) |
|
|
279
|
-
| **New API endpoints** | New route files | Verify CORS/auth config; update API docs if public |
|
|
280
|
-
| **Third-party services** | New API keys, webhook URLs, or external service integrations | Configure in provider dashboard + add secrets |
|
|
281
|
-
| **DNS / domain changes** | Hosting or redirect config changes | Update DNS records or hosting domain settings |
|
|
282
|
-
| **Package upgrades with breaking changes** | Major version bumps in dependency files | Verify compatibility; check migration guides |
|
|
283
|
-
|
|
284
|
-
### Output format
|
|
285
|
-
|
|
286
|
-
Present the checklist as a clearly formatted section in the final report:
|
|
287
|
-
|
|
288
|
-
```
|
|
289
|
-
## Production Readiness Checklist
|
|
290
|
-
|
|
291
|
-
### Required before deploy
|
|
292
|
-
1. **[Category]** Description
|
|
293
|
-
- Command or UI path
|
|
294
|
-
- Reason: which card/feature requires it
|
|
295
|
-
|
|
296
|
-
### No action needed
|
|
297
|
-
- (list categories that don't apply)
|
|
298
|
-
|
|
299
|
-
### Notes
|
|
300
|
-
- Any timing dependencies (e.g., "deploy indexes BEFORE releasing code")
|
|
301
|
-
- Any environment variables that must be set BEFORE deployment
|
|
302
|
-
```
|
|
303
|
-
|
|
304
|
-
### Rules
|
|
305
|
-
|
|
306
|
-
- **Always present this section**, even if the checklist is empty (in that case, state "No infrastructure changes required — deploy is code-only").
|
|
307
|
-
- Order items by **deployment sequence** (items that must happen first go first).
|
|
308
|
-
- For each item, include the **reason** (which card/feature requires it) and the **exact command or UI path**.
|
|
309
|
-
- If an item is **uncertain**, mark it with `VERIFY` and explain what to check.
|
|
310
|
-
- **Update the tracker** with the full checklist under a new `## Production Readiness` section.
|
|
311
|
-
|
|
312
|
-
---
|
|
313
|
-
|
|
314
|
-
## Context recovery protocol
|
|
315
|
-
|
|
316
|
-
If at ANY point you are unsure where you are in the batch:
|
|
317
|
-
1. Read your tracker file (`/tmp/batch-tracker-<FIRST-CARD-ID>.md`)
|
|
318
|
-
2. Check `## Current Card` — if populated, resume that card at the listed phase.
|
|
319
|
-
3. Check `## Card Queue` — find the next unchecked card.
|
|
320
|
-
4. Check `## Completed Cards` — know what's already done (don't redo).
|
|
321
|
-
5. Continue the pipeline from where you left off.
|
|
322
|
-
|
|
323
|
-
---
|
|
324
|
-
|
|
325
|
-
## Parallelism rules
|
|
326
|
-
|
|
327
|
-
- Cards with non-overlapping `claimed_paths` CAN run in parallel.
|
|
328
|
-
- Cards with shared dependencies or overlapping files MUST run sequentially.
|
|
329
|
-
- Code review and doc review for the same card run as **parallel read-only audits**, then fixes are applied in a single sequential pass.
|
|
330
|
-
- Different cards' implementations CAN run in parallel if independent.
|
|
331
|
-
- When running parallel agents, expect "file modified since read" errors on shared files (like the backlog yml) — handle gracefully.
|
|
332
|
-
- When running in parallel, each parallel branch updates the tracker with its own card — use card ID as prefix to avoid conflicts.
|
|
6
|
+
# /new — redirect to the `new` skill (SSOT)
|
|
7
|
+
|
|
8
|
+
> **This command is a thin entry point. It contains NO orchestration logic of its own.**
|
|
9
|
+
> The authoritative, maintained `/new` pipeline lives in the **`new` skill**:
|
|
10
|
+
> `framework/.claude/skills/new/SKILL.md` (installed as `.claude/skills/new/`).
|
|
11
|
+
>
|
|
12
|
+
> A previous version of this file carried a full, hand-maintained copy of the pipeline.
|
|
13
|
+
> That copy silently drifted from the skill (it omitted the BLOCKING Phase 0 hygiene,
|
|
14
|
+
> AC-Closure, Simplify, E2E, Pre-Merge Codex, post-merge hygiene, and Metrics phases,
|
|
15
|
+
> ran `code-reviewer` where the skill forbids it, and referenced a QA README
|
|
16
|
+
> file that does not exist). To eliminate the dual-source-of-truth, the logic now lives in
|
|
17
|
+
> exactly one place. **Do not re-introduce pipeline steps here.**
|
|
18
|
+
|
|
19
|
+
When the user invokes `/new <CARD-IDS>`:
|
|
20
|
+
|
|
21
|
+
1. **Load and follow the `new` skill** (`skills/new/SKILL.md`) verbatim, passing the
|
|
22
|
+
user's arguments through unchanged (card IDs, ranges, `-full` epic expansion, etc.).
|
|
23
|
+
2. The skill owns the entire flow: Phase 0 (workspace hygiene pre-flight) → Phase 1–8
|
|
24
|
+
(claim, implement, completeness, AC-closure, simplify, E2E, doc review, QA,
|
|
25
|
+
pre-merge Codex gate, commit, batch review, merge, reconciliation, post-merge
|
|
26
|
+
hygiene, production-readiness, metrics), including the `review_profile`-driven QA
|
|
27
|
+
tiering and all worktree-isolation safety rules.
|
|
28
|
+
3. Do not duplicate or summarise the skill's steps in this file — read them from the
|
|
29
|
+
skill so they cannot diverge.
|
|
30
|
+
|
|
31
|
+
If the `new` skill is not available in the current install, that is an install/integrity
|
|
32
|
+
error: surface it (`new skill not found — run \`npx baldart\` to repair the install`)
|
|
33
|
+
rather than falling back to an inline pipeline.
|