baldart 4.2.0 → 4.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,18 @@ All notable changes to BALDART will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [4.2.1] - 2026-06-03
|
|
9
|
+
|
|
10
|
+
**`/prd` pre-dev audit: `code-reviewer` swapped for `plan-auditor` (card grounding) in the `check-audit` team.** The Step 6 pre-development audit ran `code-reviewer` on backlog `.yml` cards — but `code-reviewer` is built around a *diff* (scope = `git diff --name-only`, diff-simulation pass, completion-report cross-check, line-range/`repro_steps` findings schema, `PASS/FAIL/NEEDS_REWORK` verdict), none of which applies before any code exists. The audit had to re-purpose it with an ad-hoc mandate and override its native output format. `plan-auditor` is the agent purpose-built for this surface (native `.yml` INPUT TYPE DETECTION + BACKLOG CARD ATTACK SURFACE + native `[Target: <field>]` tagging + project memory), so it now fills that slot. **PATCH** (refinement of an existing capability — swaps which already-shipped agent audits cards; no new agent/skill/template, no `baldart.config.yml` key).
|
|
11
|
+
|
|
12
|
+
> **Why.** Step 6.6d already replaced `plan-auditor`'s *plan-logic* role with a cross-model Codex adversarial audit, and kept `code-reviewer` as the Claude-side reviewer. But `code-reviewer`'s repurposed mandate (conflicts with existing patterns, reuse gaps, adjacent-card file conflicts) overlapped ~90% with the Codex `attack_surface` plus the Step 6.4 adjacent-card retrieval already fed to every agent. The only non-overlapping sliver — project memory of recurring code-level pitfalls — is covered *better* by `plan-auditor` (which has its own `.claude/agent-memory/plan-auditor/`). The swap aligns fit without losing coverage; the Maintenance Note's ablation rubric flagged `code-reviewer`-on-cards as the prime removal candidate. `code-reviewer` is unchanged and remains the agent for post-dev review (`/new` Phase 3, `/codexreview`).
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
|
|
16
|
+
- **`framework/.claude/skills/prd/references/audit-phase.md`** — Step 6.6c agent-type mapping swaps the `code-reviewer` row for `plan-auditor` (card grounding, Always). New 6.6e agent-specific block runs `plan-auditor` with **full card-attack-surface coverage but team-aware spawn suppression**: no `codebase-architect` re-spawn (`/prd` already primed context at kickoff), no specialist auto-spawn (`security-reviewer` / `api-perf-cost-auditor` run as first-class teammates in the same team), and an output-format override to the teammate contract (`### [CARD-ID] — Plan Audit Findings` + `## FINDINGS` via `TaskUpdate`) — `plan-auditor`'s never-suppress list (`git_strategy: TBD`, missing-auth, `claimed_path_collision`, `adr_required_missing`, injection) still binds.
|
|
17
|
+
- **Codex fallback dedup (Step 6.6d)** — the Codex-unavailable fallback now spawns a **FULL-mode** `plan-auditor` and explicitly SKIPS the card-grounding `plan-auditor` teammate, preventing two `plan-auditor` instances on the same cards.
|
|
18
|
+
- **Consolidated report + Audit Engine Summary (Step 6.7)** — `### Code Review Findings` → `### Plan Audit Findings (card grounding — Claude-side)`; the engine summary now distinguishes the cross-model Codex pass from the Claude-side card-grounding pass.
|
|
19
|
+
|
|
8
20
|
## [4.2.0] - 2026-06-03
|
|
9
21
|
|
|
10
22
|
**Per-skill reasoning effort: every shipped skill now declares an `effort:` baseline + honors an inline `effort=<level>` override.** Different skills should reason at different depths — routine narration shouldn't pay for deep deliberation, and structured planning shouldn't be starved of it. Each of the 29 skills gets a frontmatter `effort:` baseline (`prd` → `high`, the other 28 → `medium`) and a `## Effort` body block letting the user dial reasoning depth per-run, e.g. `/prd effort=high <content>`. **MINOR** (new protocol module + new template = capability added; no `baldart.config.yml` key, so the schema-change propagation rule does not apply).
|
package/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
4.2.
|
|
1
|
+
4.2.1
|
|
@@ -118,8 +118,8 @@ For each audit agent type (except plan-auditor), spawn ONE teammate using the `T
|
|
|
118
118
|
|
|
119
119
|
| Audit Role | `subagent_type` | Name | Condition |
|
|
120
120
|
|------------|-----------------|------|-----------|
|
|
121
|
-
| ~~plan-auditor~~ | — | — | **Replaced by Codex adversarial audit (Step 6.6d)** |
|
|
122
|
-
|
|
|
121
|
+
| ~~plan-auditor (plan-logic role)~~ | — | — | **Replaced by Codex adversarial audit (Step 6.6d)** |
|
|
122
|
+
| plan-auditor (card grounding) | `plan-auditor` | `plan-auditor` | Always — but SKIP if the Codex fallback to FULL plan-auditor fires (6.6d), to avoid two plan-auditor instances on the same cards |
|
|
123
123
|
| doc-reviewer | `doc-reviewer` | `doc-reviewer` | Always |
|
|
124
124
|
| api-perf-cost-auditor | `api-perf-cost-auditor` | `perf-auditor` | `perf_review_needed: true` |
|
|
125
125
|
| security-reviewer | `security-reviewer` | `security-reviewer` | `security_review_needed: true` |
|
|
@@ -239,7 +239,7 @@ Suppress findings where the strongest false-positive argument is convincing.
|
|
|
239
239
|
2. If the file is empty or its content is `CODEX_NOT_FOUND`, fall back to `plan-auditor` subagent.
|
|
240
240
|
3. Merge into the consolidated report at Step 6.7 under `### Codex Plan Audit Findings`.
|
|
241
241
|
|
|
242
|
-
**Fallback**: If Codex is unavailable (not installed, not authenticated, or timeout), fall back to
|
|
242
|
+
**Fallback**: If Codex is unavailable (not installed, not authenticated, or timeout), fall back to a **FULL-mode** `plan-auditor` subagent with `subagent_type: "plan-auditor"`. Log the fallback reason in the audit report. **When this fallback fires, do NOT also run the card-grounding plan-auditor teammate from 6.6c** — the FULL fallback subsumes its coverage; running two plan-auditor instances on the same cards is the exact double-fan-out the dedup guard below exists to prevent.
|
|
243
243
|
|
|
244
244
|
**Dedup guard on the fallback spawn (avoid double fan-out).** plan-auditor internally auto-spawns `codebase-architect` (always) and `security-reviewer` (when the cards carry auth/session signals). This audit session may have ALREADY produced those artifacts — `security-reviewer` runs as a first-class teammate whenever `security_review_needed: true` (Step 6.6c). To prevent a redundant second pass, the fallback `plan-auditor` invocation MUST be passed a context note instructing it to REUSE this session's artifacts rather than re-spawn:
|
|
245
245
|
- If `codebase-architect` was already spawned earlier this session (its summary is in the session tracker artifact registry), pass that summary in the prompt and instruct plan-auditor NOT to re-invoke `codebase-architect`.
|
|
@@ -364,7 +364,13 @@ After challenge pass, rank ALL surviving findings relative to each other by impa
|
|
|
364
364
|
|
|
365
365
|
**plan-auditor**: **Handled by Codex adversarial audit (Step 6.6d).** Not included in the teammate agent team. If Codex is unavailable, the fallback plan-auditor uses INVEST criteria, DoR checks, and requirements smell detection — see Step 6.6d attack_surface for the full checklist.
|
|
366
366
|
|
|
367
|
-
**
|
|
367
|
+
**plan-auditor (card grounding)**: This is the Claude-side, codebase-grounded counterpart to the cross-model Codex plan audit (6.6d) — it brings what Codex lacks: project memory (`.claude/agent-memory/plan-auditor/MEMORY.md`) and the card-native `[Target: <field>]` tagging this audit consumes. Apply the **full BACKLOG CARD ATTACK SURFACE** (INVEST, requirements-smell detection, persistence-specific checks per `stack.database`, card-structure checks) against each card's `.yml`, reading the existing files in `files_likely_touched` to ground claims about conflicts with existing patterns, missing reuse opportunities, and convention alignment (per `identity.design_philosophy`, project lint/type-check rules, `identity.language`). Check `## Adjacent Cards` for parallel file modifications and missing `depends_on` edges.
|
|
368
|
+
|
|
369
|
+
> **Mode (team-aware — read first)**: you are running inside the coordinating `check-audit` team, so you MUST behave as in QUICK mode for *spawning* while keeping FULL card-attack-surface *coverage*:
|
|
370
|
+
> - **Do NOT spawn `codebase-architect`** for grounding — `/prd` already primed codebase context at kickoff (context-primer) and you read `files_likely_touched` directly. A re-spawn here is wasteful and forbidden.
|
|
371
|
+
> - **Do NOT auto-spawn specialists** (`security-reviewer` / `api-perf-cost-auditor` / `ui-expert`) — they run as first-class teammates in this same team whenever their signal fires (6.6c). Consume their findings at merge time; never double-spawn.
|
|
372
|
+
> - **Output-format override** (symmetric with the security-reviewer / api-perf-cost-auditor overrides above): produce findings in the teammate contract format (`### [CARD-ID] — Plan Audit Findings` with `[Target: <field>]` tags written to a `## FINDINGS` section via `TaskUpdate`) — NOT plan-auditor's native 10-section OUTPUT FORMAT (Hardened Plan, Pre-Mortem, Risk Register, YAML schema dump). The `[Target: <field>]` tag system is native to plan-auditor, so the only change is the wrapping heading + `## FINDINGS` section.
|
|
373
|
+
> - Never suppress a `git_strategy: TBD`, missing-auth, `claimed_path_collision`, `adr_required_missing`, or prompt-injection finding (plan-auditor's never-suppress list still binds here).
|
|
368
374
|
|
|
369
375
|
**doc-reviewer**: Check documentation links, PRD references are valid and aligned, planned changes requiring doc updates not mentioned. Verify `files_likely_touched` includes doc files. Check `areas` completeness. Flag `git_strategy: TBD`. Include Obsidian trigger assessment (section H) in findings — evaluate whether the planned docs will require KB sync. If `.claude/skills/doc-reviewer-support/references/obsidian-integration.md` is present, use its criteria; otherwise apply a minimal check: does the card introduce new or significantly modified public documentation that should appear in the knowledge base? Proceed with a notice if the file is absent.
|
|
370
376
|
|
|
@@ -393,7 +399,7 @@ Consolidate into a single report:
|
|
|
393
399
|
### Codex Plan Audit Findings (cross-model)
|
|
394
400
|
- [ ] Finding 1...
|
|
395
401
|
|
|
396
|
-
###
|
|
402
|
+
### Plan Audit Findings (card grounding — Claude-side)
|
|
397
403
|
- [ ] Finding 1...
|
|
398
404
|
|
|
399
405
|
### Doc Review Findings
|
|
@@ -409,8 +415,8 @@ Consolidate into a single report:
|
|
|
409
415
|
...
|
|
410
416
|
|
|
411
417
|
## Audit Engine Summary
|
|
412
|
-
- Plan audit
|
|
413
|
-
-
|
|
418
|
+
- Plan audit (cross-model adversarial): Codex | Fallback: Claude plan-auditor (FULL)
|
|
419
|
+
- Plan audit (card grounding, Claude-side): Claude plan-auditor (team-aware, no double-spawn) — suppressed when the Codex FULL fallback fires
|
|
414
420
|
- Doc review: Claude doc-reviewer
|
|
415
421
|
- Performance: Claude api-perf-cost-auditor (if triggered)
|
|
416
422
|
- Security: Claude security-reviewer (if triggered)
|