baldart 4.94.0 → 4.95.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -5,6 +5,16 @@ All notable changes to BALDART will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.95.0] - 2026-07-02
9
+
10
+ **`/prd` — applier economico + EARS+verify (i due interventi strutturali dal forensics della deep analysis).**
11
+
12
+ - **Apply dei finding delegato** (`prd-card-writer` `MODE: apply-findings` — un agente + token, pattern analysis-profiles v4.94.0): l'orchestratore `/prd` non edita più YAML a piena finestra (misurato: le fasi meccaniche erano il 48% del costo di un run reale, ~48 Edit a ~663k cache-read/chiamata). L'applier gira in contesto fresco (Claude: override `model: sonnet`; Codex: by-name), riceve tutto BY PATH, applica solo campi `[Target:]` con grounding obbligatorio, ESEGUE `validate-card-baseline.js --prd` + `stamp-holistic-audit.js`, ritorna compact; `audit-phase.md` 6.9 = delega thin + drift guard + fallback inline visibile. Verificato con spawn reale su fixture.
13
+ - **AC in grammatica EARS** (child/standalone; SSOT `card-schema.md` § "Acceptance-criteria grammar"): binari per forma (5 pattern + `SHALL CONTINUE TO`), ban-list verbi vaghi, BLOCKER in `--prd`; card legacy mai retro-bloccate.
14
+ - **`ac_verification`** — oracolo eseguibile per-AC definito a planning time (o `manual:` esplicito), authoring groundato (mai comandi inventati), eseguito da `/new` Phase 2.5 (step 4b — exit status = evidenza primaria); `qa-sentinel` intatto per contratto. Enforcement WARN-first; fixtures CI (Check D).
15
+
16
+ **MINOR** — capability su skill/agent/moduli condivisi; nessun cambio di layout install. **No new `baldart.config.yml` key**; la propagazione dello schema CARD viaggia completa nella release (matrice + template + writer + validator + consumer + attack-surface — pattern v4.35.0). **Codex parity: portable.**
17
+
8
18
  ## [4.94.0] - 2026-07-02
9
19
 
10
20
  **Analysis profiles — `codebase-architect` specializzato per-tipo-di-analisi, un solo agente, un solo SSOT.** L'assessment dei ~50 callsite reali ha mostrato che "capire il codebase" copre 6 lavori diversi (grounding pre-implementazione, tracing di un bug, blast-radius, contesto di planning, inventario UI/design-system, baseline di review) serviti da UN prompt monolitico (~455 righe caricate a ogni spawn) con la conoscenza di specializzazione dispersa nei prompt dei chiamanti (dual-SSOT: il template di `context-primer` ri-dichiarava la search strategy dell'agente). Fix architetturale, stesso meccanismo di `OUTPUT=terse`:
package/VERSION CHANGED
@@ -1 +1 @@
1
- 4.94.0
1
+ 4.95.0
@@ -35,7 +35,7 @@ Quick-reference for all custom agents. Use this to route tasks to the right spec
35
35
  | **hyper-gamification-designer** | Design | Analyze game features and retention mechanics | Progression, reward loops | No | MDA analysis, economy balance |
36
36
  | **remotion-animator-orchestrator** | Design | Create Remotion video animations | Motion graphics, asset coordination | Yes | Remotion, visual agent coordination |
37
37
  | **prd** | Product | Create PRDs, plans, and backlog cards | Requirements, execution planning | No | PRD writing, backlog management |
38
- | **prd-card-writer** | Product | Generate atomic backlog cards from approved PRD | Card YAML, traceability, parallel groups | Yes | Backlog writing, dependency analysis |
38
+ | **prd-card-writer** | Product | Generate atomic backlog cards from approved PRD; `MODE: apply-findings` = fresh-context applier of audit findings to card YAML (spawned by /prd Step 6.9, sonnet override) | Card YAML, traceability, parallel groups | Yes | Backlog writing, dependency analysis |
39
39
  | **onboarding-architect-lead** | Product | Design/improve user onboarding experiences | Activation flows, experiments | No | Onboarding research, metrics |
40
40
  | **website-orchestrator** | Product | Coordinate multi-agent website development | Project orchestration | No | Phase management, quality gates |
41
41
  | **senior-researcher** | Research | Comprehensive research on technical topics | Evidence-based analysis | Yes | Web search, citations |
@@ -476,7 +476,20 @@ Every card MUST include ALL fields from the template:
476
476
  - `context` (background + PRD reference)
477
477
  - `scope` (summary, users, value)
478
478
  - `requirements` (concrete, specific)
479
- - `acceptance_criteria` (testable `[ ] [AC-N]` items)
479
+ - `acceptance_criteria` (testable `[ ] [AC-N]` items — **EARS grammar MANDATORY on child/
480
+ standalone cards**: the clause matches one of `THE SYSTEM SHALL …` / `WHEN … THE SYSTEM
481
+ SHALL …` / `WHILE …` / `WHERE …` / `IF … THEN THE SYSTEM SHALL …` (+ `SHALL CONTINUE TO`
482
+ for non-regression). Body in the project language, EARS keywords in English. NO vague
483
+ verbs ("correttamente", "properly", "as expected", … — the `--prd` validator ban-list
484
+ BLOCKS them): name the observable behavior. SSOT + worked example: `card-schema.md`
485
+ § "Acceptance-criteria grammar (EARS)". Epic AC-EPIC roll-ups are exempt.)
486
+ - `ac_verification` (OPTIONAL map `AC-N → executable oracle`) — **grounding rule, same class
487
+ as the Field Grounding Rule**: write a command ONLY if you verified it exists (an npm
488
+ script in `package.json`, a command in `toolchain.commands.*`, a cited test file that
489
+ exists — Grep/Read to confirm). NEVER invent commands. Not automatable → explicit
490
+ `manual: <what a human checks>`. Genuinely undecidable → `[NEEDS CLARIFICATION: …]`.
491
+ Non-manual oracles SHOULD also appear in `validation_commands` (the validator warns on
492
+ drift). Consumed by `/new` Phase 2.5, which EXECUTES them.
480
493
  - `definition_of_done` (checklist including doc invariants). **When `features.has_i18n: true`** AND the
481
494
  card introduces user-facing strings, the DoD MUST carry an i18n-completeness line — NOT merely "strings
482
495
  via `t()` + registered", but: *"new keys authored in the source locale + the i18n context registry (by
@@ -724,3 +737,97 @@ Return to the caller a structured summary:
724
737
  - Cross-reference every requirement against the PRD source section
725
738
  - Verify file paths in `files_likely_touched` exist in the codebase (use Glob to check)
726
739
  - Count total files across all cards to verify no file is assigned to conflicting cards without a conflict edge
740
+
741
+ ## MODE: apply-findings (audit-fix applier — invoked by `/prd` audit-phase Step 6.9)
742
+
743
+ **Trigger:** the invocation prompt contains `MODE: apply-findings`. In this mode you do NOT
744
+ author new cards — you apply an audit's consolidated findings to EXISTING card YAML files.
745
+ (Same one-agent+token mechanism as `PROFILE=` / `OUTPUT=terse`: a mode is a parameter, not a
746
+ twin agent.)
747
+
748
+ **Why this mode exists (measured):** the `/prd` orchestrator used to apply findings inline at
749
+ full context window (~48 Edits at ~663k cache-read per call — the mechanical phases were 48%
750
+ of a real run's cost). In a fresh subagent context the same work costs a fraction. On Claude
751
+ the caller spawns this mode with a `model: sonnet` override (batch card AUTHORING keeps the
752
+ frontmatter model); on Codex the by-name agent inherits the session model — the primary
753
+ enabler is the fresh context + structured I/O, not the model tier.
754
+
755
+ **Inputs (all BY PATH — never pasted content):**
756
+ - `REPORT_FILE` — the consolidated audit report (audit-phase Step 6.7 format: findings grouped
757
+ per card, each tagged `(Severity: HIGH/MEDIUM/LOW)` + `[Target: <field>]`)
758
+ - `CARD_PATHS` — the card YAML files to edit
759
+ - `AUDITED_AT` / `AUDITED_COMMIT` / `AUDITED_SET` — the run-level provenance values
760
+ (audit-phase § "Holistic-audit provenance stamp")
761
+ - `VALIDATOR` — path of `validate-card-baseline.js`; `STAMPER` — path of `stamp-holistic-audit.js`
762
+
763
+ **Workflow:**
764
+ 1. Read the report; group findings per card ID.
765
+ 2. Per card, apply HIGH first, then MEDIUM, per the FIELD MAPPING table below:
766
+ - Edit ONLY the field named by each finding's `[Target: <field>]` tag. NEVER touch a field
767
+ no finding targets; NEVER "improve" untargeted content. The Field Grounding Rule above
768
+ binds here too (no invented field names).
769
+ - A finding that genuinely requires a human decision → do NOT apply; record it as `[MANUAL]`.
770
+ - A finding whose suggested content is UNGROUNDED (a path that doesn't exist in the repo,
771
+ a command not in the project's convention) or ALREADY SATISFIED by the card → do NOT
772
+ apply it as-is; ground it against the repo first (Glob/Grep), apply the grounded form,
773
+ or record it in the audit trail as `already-satisfied` / `ungrounded (<why>)`.
774
+ - LOW findings: audit-trail note only — no structured-field edits.
775
+ - Append the audit trail to `notes` (format below).
776
+ 3. **EXECUTE** `node <VALIDATOR> --prd <card>` on every edited card — exit 0 required. On
777
+ failure, fix your own edit and re-run (max 2 attempts, then report that card as
778
+ `validator: FAIL` with the error output — never ship a silently-invalid card).
779
+ 4. **EXECUTE** the stamper ONCE for the whole set:
780
+ `node <STAMPER> --at <AUDITED_AT> --commit <AUDITED_COMMIT> --set <AUDITED_SET> <CARD_PATHS>`
781
+ 5. Return the COMPACT summary below. Do NOT echo card bodies or the report back.
782
+
783
+ ### FIELD MAPPING (Target tag → card field → action)
784
+
785
+ | Target tag | Card field | Action |
786
+ |---|---|---|
787
+ | `[Target: requirements]` | `requirements` | Append missing requirement or rewrite existing one |
788
+ | `[Target: acceptance_criteria]` | `acceptance_criteria` | Append new `"[ ] [AC-N] ..."` item or rewrite vague AC |
789
+ | `[Target: definition_of_done]` | `definition_of_done` | Append new `"[ ] ..."` item |
790
+ | `[Target: files_likely_touched]` | `files_likely_touched` | Append missing path (no duplicates) |
791
+ | `[Target: depends_on]` | `depends_on` | Append missing card ID |
792
+ | `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from ${git.trunk_branch}` |
793
+ | `[Target: areas]` | `areas` | Add missing area key/value |
794
+ | `[Target: unknowns]` | `unknowns` | Append new `[U-N] UNKNOWN: ...` entry |
795
+ | `[Target: existing_patterns]` | `existing_patterns` | Append missing pattern reference or fix stale line_range/anchor_text |
796
+ | `[Target: validation_commands]` | `validation_commands` | Append missing verification command |
797
+ | `[Target: anti_patterns]` | `anti_patterns` | Append missing DO NOT constraint |
798
+ | `[Target: scope_boundaries]` | `scope_boundaries` | Add missing in_scope or out_of_scope item |
799
+ | `[Target: input_output_examples]` | `input_output_examples` | Append missing scenario or fix incorrect example |
800
+ | `[Target: error_handling]` | `error_handling` | Append missing failure mode or fix incorrect action |
801
+ | `[Target: reuse_analysis]` | `reuse_analysis` | Add missing reuse opportunity or correct file path |
802
+ | `[Target: notes]` | `notes` | Audit trail only |
803
+
804
+ ### Severity policy
805
+
806
+ - **HIGH**: MUST apply. Card cannot be safely implemented without these.
807
+ - **MEDIUM**: SHOULD apply. Skip only if human judgment needed (mark `[MANUAL]`).
808
+ - **LOW**: Do NOT edit structured fields. Audit trail note only.
809
+
810
+ ### Audit trail in `notes`
811
+
812
+ After applying all edits to a card, append to its `notes`:
813
+
814
+ ```yaml
815
+ ## Applied by quality audit — YYYY-MM-DD
816
+ Applied N findings to structured fields (H high, M medium).
817
+ Manual review needed: [list [MANUAL] items, or "none"].
818
+ ```
819
+
820
+ ### Return contract (COMPACT — the ONLY output)
821
+
822
+ ```
823
+ APPLY-FINDINGS DONE
824
+ - <CARD-ID>: applied <H> high / <M> medium; manual: [<finding titles> | none]; validator: PASS|FAIL
825
+ - ...
826
+ stamp: <the stamper's one-line summary>
827
+ ```
828
+
829
+ ### Boundaries (mode-specific)
830
+
831
+ Read-only outside the card files; no Task/Agent spawns; no git commits/staging (the
832
+ orchestrator's Step 7 owns git); no card creation, deletion, or renaming; no edits to
833
+ fields not targeted by a finding.
@@ -54,6 +54,15 @@ Before triggering any review, you MUST verify that the coder agent implemented *
54
54
  index of WHERE to look; you still verify independently (do NOT trust its `status` alone), just
55
55
  without pulling entire files inline.
56
56
 
57
+ **4b. Per-AC executable oracles (`ac_verification` — EXECUTE, don't judge).** When the card
58
+ carries an `ac_verification` map (card-schema.md § "Acceptance-criteria grammar (EARS) +
59
+ per-AC oracles"), an AC whose oracle is NOT `manual:` is verified by **running the command**
60
+ — the exit status is the PRIMARY evidence for that row (`Done` on expected exit, `Missing/
61
+ Partial` otherwise, with the command + exit code in the Evidence column). Reading-based
62
+ judgment then covers only `manual:` oracles, oracle-less ACs, and the non-AC requirement
63
+ rows. A failing oracle is never argued around: either the implementation is incomplete
64
+ (gap-fixer path) or the oracle itself is stale — surface which, never silently reclassify.
65
+
57
66
  **Verification depth per requirement type:**
58
67
  - **"Create endpoint/route"** → verify: route file exists, handler has correct HTTP method,
59
68
  request validation present, response shape matches requirement, auth middleware applied.
@@ -6,6 +6,17 @@ Formato: [Keep a Changelog](https://keepachangelog.com/) · [SemVer](https://sem
6
6
 
7
7
  - **Analysis-profile contract (framework v4.94.0)**: the discovery-loop targeted architect question now passes `PROFILE=discovery`, and the Step 2 ISA scan passes `PROFILE=impact` (structural tier primary) — per `framework/agents/analysis-profiles.md`. Prompt semantics otherwise unchanged.
8
8
 
9
+ ## 1.3.0 — 2026-07-02
10
+
11
+ **Applier economico + pacchetto EARS+verify** — i due interventi strutturali dal forensics (48% del costo nelle fasi meccaniche; gate-prosa aggirabili):
12
+
13
+ - **`MODE: apply-findings` su `prd-card-writer`** (un agente + token, pattern analysis-profiles — mai un twin): l'apply dei finding di audit esce dall'orchestratore (che non edita più YAML). L'applier riceve tutto BY PATH, applica solo campi `[Target:]`, grounding obbligatorio (path/comandi verificati, mai inventati), marca `[MANUAL]` senza decidere, ESEGUE validator `--prd` + stamper, ritorna compact. `audit-phase.md` Step 6.9 = delega thin + drift guard `git diff --stat` + fallback inline visibile. Field-mapping/severity/audit-trail SPOSTATE nel corpo agente. Testato con spawn reale su fixture.
14
+ - **Grammatica EARS sugli AC child/standalone** (SSOT: `card-schema.md` § "Acceptance-criteria grammar"): 5 pattern (`THE SYSTEM SHALL` / `WHEN` / `WHILE` / `WHERE` / `IF…THEN`) + `SHALL CONTINUE TO`; keyword inglesi, corpo nella lingua del progetto; ban-list verbi vaghi. BLOCKER nel validator `--prd` — le card legacy non sono mai retro-bloccate (il baseline check di `/new` non applica EARS). AC-EPIC esenti.
15
+ - **`ac_verification`** (mappa opzionale `AC-N → oracolo eseguibile` o `manual:`): authoring groundato (comando scritto solo se verificato esistente — classe Field Grounding Rule), consumo in `/new` Phase 2.5 che ESEGUE gli oracoli non-manual (exit status = evidenza primaria; `qa-sentinel` deliberatamente NON è il consumer — AC verification fuori dal suo contratto). Enforcement WARN-first (hard-gate solo dopo telemetria). Cross-check drift con `validation_commands`.
16
+ - Validator: canale warnings separato (mai exit 1 da un WARN); fixtures EARS nel self-test CI (`check-card-baseline.js` Check D).
17
+
18
+ Codex parity: portable (token in prosa agente → transpile TOML; script zero-dep; prosa condivisa).
19
+
9
20
  ## 1.2.0 — 2026-07-02
10
21
 
11
22
  **Gate-hygiene wave** — dai driver misurati sul forensics di una sessione /prd reale (61.6M token; 48% del costo in fasi meccaniche a piena finestra; una famiglia di card spedita con zero audit-trail; ~20 righe di progress bar × 30+ messaggi):
@@ -85,8 +85,12 @@ existing_patterns:
85
85
  anti_patterns:
86
86
  - "DO NOT {{specific prohibited action — be concrete, not generic}}"
87
87
 
88
+ # EARS grammar (card-schema.md § "Acceptance-criteria grammar"): the clause matches one of
89
+ # THE SYSTEM SHALL … / WHEN … THE SYSTEM SHALL … / WHILE … / WHERE … / IF … THEN THE SYSTEM SHALL …
90
+ # Body in the project language, EARS keywords in English. No vague verbs (banned by the validator).
88
91
  acceptance_criteria:
89
- - "[ ] [AC-1] {{Testable criterion}}"
92
+ - "[ ] [AC-1] WHEN {{trigger}} THE SYSTEM SHALL {{observable behavior}}"
93
+ - "[ ] [AC-2] IF {{error condition}} THEN THE SYSTEM SHALL {{recovery behavior}}"
90
94
 
91
95
  # --- Validation Commands (OPTIONAL — include for cards with testable outputs) ---
92
96
  # Executable commands the agent runs for self-verification after implementation.
@@ -98,6 +102,14 @@ validation_commands:
98
102
  expect: "exit 0"
99
103
  - cmd: "{{verification command, e.g. grep -c 'pattern' src/file.tsx}}"
100
104
  expect: "{{expected: 'exit 0', '>= N', 'contains X', '== N'}}"
105
+
106
+ # --- Per-AC oracles (OPTIONAL map — card-schema.md § ac_verification) ---
107
+ # One entry per AC: an EXECUTABLE command verified to exist (npm script / toolchain command /
108
+ # existing test file) — never invented — or an explicit "manual: <what a human checks>".
109
+ # /new Phase 2.5 EXECUTES non-manual oracles; exit status is the primary AC evidence.
110
+ ac_verification:
111
+ AC-1: "{{command verified to exist, e.g. npm run test -- --grep '{{feature}}'}}"
112
+ AC-2: "manual: {{what a human checks}}"
101
113
  note: "{{what this verifies — maps to AC-N}}"
102
114
 
103
115
  definition_of_done:
@@ -165,7 +165,7 @@ INVEST criteria violations:
165
165
  - Valuable: card does not deliver user-visible or system-critical value
166
166
  - Estimable: scope unclear, cannot estimate effort
167
167
  - Small: card too large for one dev session
168
- - Testable: acceptance criteria not binary pass/fail
168
+ - Testable: acceptance criteria not binary pass/fail (the EARS grammar in card-schema.md § "Acceptance-criteria grammar" is the norm — a clause outside the 5 EARS patterns is a finding)
169
169
 
170
170
  Requirements smell detection:
171
171
  - Ambiguous pronouns without clear antecedent
@@ -199,7 +199,7 @@ Card structure:
199
199
  files_likely_touched — flag any unowned consumer (the "hidden-still-shown-in-the-other-mode" class).
200
200
  - areas field incomplete
201
201
  - git_strategy set to TBD
202
- - acceptance_criteria not binary testable
202
+ - acceptance_criteria not EARS-conformant (5 patterns, card-schema.md) or not binary testable
203
203
  - definition_of_done missing items
204
204
  - existing_patterns with stale line_range or missing anchor_text
205
205
  - validation_commands missing for cards with testable outputs
@@ -337,48 +337,42 @@ Present the consolidated report to the user.
337
337
 
338
338
  Use `SendMessage` with `type: "shutdown_request"` to shut down all teammates, then `TeamDelete`.
339
339
 
340
- ## Step 6.9 — Apply Findings to Cards
341
-
342
- **Goal**: Transform each card from "audited" to "implementation-ready" by editing YAML fields directly.
343
-
344
- **Read findings from the persisted report file** (path stored in the session tracker as `$REPORT_FILE`; pattern: `/tmp/check-audit-report-<CARD-ID-SLUG>-<SESSION-ID>.md`).
345
-
346
- ### Field mapping rules
347
-
348
- | Target tag | Card field | Action |
349
- |---|---|---|
350
- | `[Target: requirements]` | `requirements` | Append missing requirement or rewrite existing one |
351
- | `[Target: acceptance_criteria]` | `acceptance_criteria` | Append new `"[ ] [AC-N] ..."` item or rewrite vague AC |
352
- | `[Target: definition_of_done]` | `definition_of_done` | Append new `"[ ] ..."` item |
353
- | `[Target: files_likely_touched]` | `files_likely_touched` | Append missing path (no duplicates) |
354
- | `[Target: depends_on]` | `depends_on` | Append missing card ID |
355
- | `[Target: areas]` | `areas` | Add missing area key/value |
356
- | `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from ${git.trunk_branch}` |
357
- | `[Target: unknowns]` | `unknowns` | Append new `[U-N] UNKNOWN: ...` entry |
358
- | `[Target: existing_patterns]` | `existing_patterns` | Append missing pattern reference or fix stale line_range/anchor_text |
359
- | `[Target: validation_commands]` | `validation_commands` | Append missing verification command |
360
- | `[Target: anti_patterns]` | `anti_patterns` | Append missing DO NOT constraint |
361
- | `[Target: scope_boundaries]` | `scope_boundaries` | Add missing in_scope or out_of_scope item |
362
- | `[Target: input_output_examples]` | `input_output_examples` | Append missing scenario or fix incorrect example |
363
- | `[Target: error_handling]` | `error_handling` | Append missing failure mode or fix incorrect action |
364
- | `[Target: reuse_analysis]` | `reuse_analysis` | Add missing reuse opportunity or correct file path |
365
- | `[Target: notes]` | `notes` | Audit trail only (Step 6.9c) |
366
-
367
- ### Severity policy
368
-
369
- - **HIGH**: MUST apply. Card cannot be safely implemented without these.
370
- - **MEDIUM**: SHOULD apply. Skip only if human judgment needed (mark `[MANUAL]`).
371
- - **LOW**: Do NOT edit structured fields. Audit trail note only.
372
-
373
- ### Audit trail in `notes`
374
-
375
- After applying all edits, append to `notes`:
376
-
377
- ```yaml
378
- ## Applied by quality audit — YYYY-MM-DD
379
- Applied N findings to structured fields (H high, M medium).
380
- Manual review needed: [list [MANUAL] items, or "none"].
381
- ```
340
+ ## Step 6.9 — Apply Findings to Cards (DELEGATED — the orchestrator does not edit YAML)
341
+
342
+ **Goal**: transform each card from "audited" to "implementation-ready". The mechanical apply
343
+ is DELEGATED to `prd-card-writer` in **MODE: apply-findings** — its § "MODE: apply-findings"
344
+ is the SSOT for the field mapping, severity policy, audit trail, self-validation and stamp
345
+ execution; do NOT restate or re-execute them here. (Measured driver: the inline apply ran
346
+ ~48 Edits at full context window — the mechanical phases were 48% of a real run's cost.)
347
+
348
+ 1. Capture the three run-level stamp values ONCE (snippet in § "Holistic-audit provenance
349
+ stamp" below) and read `$REPORT_FILE` **as a path only** from the session tracker
350
+ (pattern: `/tmp/check-audit-report-<CARD-ID-SLUG>-<SESSION-ID>.md`) do not load it.
351
+ 2. Spawn ONE `prd-card-writer` subagent Claude: Task tool, `subagent_type: prd-card-writer`,
352
+ `model: sonnet` override, `mode: "bypassPermissions"`; Codex: spawn by name from
353
+ `.codex/agents/` (inherits the session model). THIN prompt, paths only:
354
+
355
+ ```
356
+ MODE: apply-findings
357
+ REPORT_FILE: <path>
358
+ CARD_PATHS: <newline-separated card paths>
359
+ AUDITED_AT: <ts> AUDITED_COMMIT: <sha-or-empty> AUDITED_SET: <ID1,ID2,...>
360
+ VALIDATOR: .framework/framework/scripts/validate-card-baseline.js
361
+ STAMPER: .framework/framework/scripts/stamp-holistic-audit.js
362
+ ```
363
+ (Resolve the two script paths for this install same base as the validation-phase 0-i
364
+ gate.)
365
+ 3. Consume the COMPACT return (`APPLY-FINDINGS DONE` block):
366
+ - any card `validator: FAIL` → HALT and surface the validator output verbatim;
367
+ - route each `[MANUAL]` item to `AskUserQuestion` (they legally survive to
368
+ validation-phase Step 7 item 1);
369
+ - **drift guard (zero-cost)**: run `git diff --stat -- "${paths.backlog_dir}"` the
370
+ touched files MUST be CARD_PATHS; anything else HALT (the applier edited outside
371
+ its mandate). Never re-read the card bodies to "double-check" the validator already
372
+ did.
373
+ 4. **Fallback (delegate-or-else-inline, visible never silent)**: if the spawn is impossible
374
+ in this install, apply inline following the agent's § "MODE: apply-findings" and log
375
+ "apply-findings: INLINE FALLBACK (<reason>)" in the audit log.
382
376
 
383
377
  ### Holistic-audit provenance stamp (since v4.3.0) — consumed by `/new` Step 3d
384
378
 
@@ -420,13 +414,10 @@ Hand-edit the YAML only when the script is genuinely unreachable in this install
420
414
 
421
415
  ### Per-card workflow
422
416
 
423
- For each card:
424
- 1. Read persisted report collect all findings for this card ID.
425
- 2. Read current card YAML.
426
- 3. Apply HIGH findings first, then MEDIUM, then write audit trail.
427
- 4. Write the `metadata.holistic_audit` provenance block (see "Holistic-audit provenance stamp" above) — **by EXECUTING `stamp-holistic-audit.js` once for the whole card set** (after the last card's field edits), not by hand-editing YAML. **MANDATORY when the audit ran** (see the Fail-safe contract above) — this is what lets `/new`/`new2` skip the per-card plan-auditor when the card is implemented right after `/prd`; `validation-phase.md` Step 7 item 5b deterministically backstops it, but do not rely on the backstop.
428
- 5. Write updated card YAML.
429
- 6. Re-read to verify edits landed correctly.
417
+ The per-card loop (read findings → edit targeted fields → audit trail → validate → stamp)
418
+ is OWNED by `prd-card-writer` § "MODE: apply-findings" (Step 6.9). The stamper runs ONCE for
419
+ the whole card set inside the applier; `validation-phase.md` Step 7 item 5b remains the
420
+ deterministic backstop.
430
421
 
431
422
  **Note**: No separate commit here — the validation-phase.md Step 7 handles committing all PRD artifacts together.
432
423
 
@@ -21,6 +21,7 @@ Mark task 5 as `in_progress`.
21
21
  - **`review_profile` enum + epic `skip`** — `skip|light|balanced|deep`; missing/empty = blocker (the card-writer must compute it via `prd-card-writer.md § Rule C`); epics MUST be `skip`;
22
22
  - **conditional `requirements` presence (PO1)** — a child/standalone card with non-empty `acceptance_criteria` + `scope` MUST carry `requirements` (a fresh `/prd` card without them shifts a measured ~3–4M-token back-fill into `/new`'s orchestrator — see `card-schema.md` § "Authoring completeness invariants");
23
23
  - **unresolved `[NEEDS CLARIFICATION: …]` markers** — a card carrying a planning ambiguity is NOT implementable. Resolve each marker (with the user via `AskUserQuestion` when it needs a human answer, or from Discovery/PRD material when it does not), edit the card, re-run;
24
+ - **EARS grammar on child/standalone AC** (5 patterns + vague-verb ban-list — `card-schema.md` § "Acceptance-criteria grammar") = BLOCKER; `ac_verification` coverage = WARN-only;
24
25
  - the universal field-state matrix + remaining enums (`card-schema.md`).
25
26
 
26
27
  **Why executed and not recited:** the prose version of this gate has already failed silently on a real run (a whole card family shipped with zero audit trail). A recited check degrades under context pressure; an executed one cannot.
@@ -77,7 +78,7 @@ Mark task 5 as `in_progress`.
77
78
  Then execute the audit protocol described within, using the card IDs from Step 5.
78
79
  The protocol auto-detects which agents to include (security and performance
79
80
  are signal-triggered, no manual profile selection needed).
80
- **I/O contract:** `audit-phase.md` may edit card YAML files (e.g. its Step 6.9 normalisation pass). The list of all card paths modified by the audit (including those edited in Step 6.9) is the complete set that Step 7 item 6 must stage. The glob `FEAT-XXXX-*.yml (all cards from Step 5)` in item 6 covers this; note it explicitly so that context compaction does not cause a model to stage only the pre-audit originals.
81
+ **I/O contract:** `audit-phase.md` may edit card YAML files (its Step 6.9 apply runs via the `prd-card-writer` MODE: apply-findings subagent). The list of all card paths modified by the audit (including those edited in Step 6.9) is the complete set that Step 7 item 6 must stage. The glob `FEAT-XXXX-*.yml (all cards from Step 5)` in item 6 covers this; note it explicitly so that context compaction does not cause a model to stage only the pre-audit originals.
81
82
  3. Wait for audit report and card edits.
82
83
 
83
84
  **Gate:** all HIGH/MEDIUM findings resolved, no open `[MANUAL]` items that require external human input beyond this orchestrator. (Items that the orchestrator can resolve autonomously are resolved before this gate; items that need a human decision were already routed to `AskUserQuestion` inside `audit-phase.md`. Items that survive to Step 7 item 1 are those that received a human answer but required card re-edits — these are explicitly handled there.)
@@ -56,7 +56,8 @@ Legend: **R** = required, present **and non-empty** · **E** = required key, val
56
56
  | `scope` | R | R | R | **never omittable** — encodes intent |
57
57
  | `scope_boundaries` | R | C | C | "Omit for standalone cards with no siblings" (`prd-card-writer.md`) |
58
58
  | `requirements` | C | R | R | EPIC tracks via AC-EPIC; CHILD/STANDALONE: faithfully derivable from AC+scope when both present — see consumer contract |
59
- | `acceptance_criteria` | R (AC-EPIC) | R | R | |
59
+ | `acceptance_criteria` | R (AC-EPIC) | R | R | CHILD/STANDALONE: EARS grammar — see § "Acceptance-criteria grammar (EARS)" |
60
+ | `ac_verification` | — | C | C | OPTIONAL map `AC-N → executable oracle` (or `manual: <check>`); authored by `/prd`, executed by `/new` Phase 2.5 — see § below |
60
61
  | `definition_of_done` | R | R | R | |
61
62
  | `depends_on` / `blocks` | E (`[]`) | E | E | |
62
63
  | `estimated_complexity` | C | R | R | |
@@ -212,6 +213,64 @@ Rules:
212
213
  - Omit any sub-field whose session id is unavailable (env var unset) rather than writing a
213
214
  placeholder.
214
215
 
216
+ ## Acceptance-criteria grammar (EARS) + per-AC oracles (since the EARS+verify wave)
217
+
218
+ **Why**: a prose AC passes gates without being verifiable ("handle it correctly"), and
219
+ prose gates get gamed (measured: visible/holdout gap +28pt per 10x code; exploit rate
220
+ 0.6→13.9% post-RL). Two complementary halves: the AC is binary BY FORM (EARS), and its
221
+ verification is EXECUTABLE, defined at planning time.
222
+
223
+ ### EARS grammar (CHILD/STANDALONE `acceptance_criteria` — epic AC-EPIC roll-ups exempt)
224
+
225
+ Every AC entry is `"[ ] [AC-N] <EARS clause>"` where the clause matches ONE of the five
226
+ EARS patterns:
227
+
228
+ | Pattern | Form |
229
+ |---|---|
230
+ | Ubiquitous | `THE SYSTEM SHALL <behavior>` |
231
+ | Event-driven | `WHEN <trigger> THE SYSTEM SHALL <behavior>` |
232
+ | State-driven | `WHILE <state> THE SYSTEM SHALL <behavior>` |
233
+ | Optional-feature | `WHERE <feature is present> THE SYSTEM SHALL <behavior>` |
234
+ | Unwanted-behavior | `IF <error condition> THEN THE SYSTEM SHALL <behavior>` |
235
+
236
+ Non-regression variant: `… THE SYSTEM SHALL CONTINUE TO <existing behavior>`.
237
+
238
+ - The clause body stays in the project language (`identity.language`); the EARS keywords
239
+ stay English — they are syntactic markers, like field names.
240
+ - **Vague verbs are BANNED** (validator ban-list: `correttamente`, `appropriato/a`,
241
+ `properly`, `appropriately`, `as expected`, `gracefully`, `handle correctly`, `gestire
242
+ corrett*`) — name the observable behavior instead.
243
+ - Enforced by `validate-card-baseline.js --prd` (BLOCKER) — i.e. at `/prd` authoring time
244
+ only. Legacy cards are never retro-blocked: `/new`'s baseline conformance (1b-iii) does
245
+ NOT apply the EARS check.
246
+
247
+ Worked example (rewritten from a real card):
248
+ - Before: `"[ ] [AC-2] La lista fornitori si aggiorna correttamente dopo il salvataggio"`
249
+ - After: `"[ ] [AC-2] WHEN il salvataggio di un fornitore va a buon fine THE SYSTEM SHALL mostrare il fornitore aggiornato nella lista senza reload manuale"`
250
+
251
+ ### `ac_verification` — per-AC executable oracle (OPTIONAL map)
252
+
253
+ ```yaml
254
+ ac_verification:
255
+ AC-1: "npm run test -- --grep 'supplier hub layout'"
256
+ AC-2: "grep -q 'useSupplierList' src/app/settings/suppliers/page.tsx"
257
+ AC-3: "manual: verifica visiva dello stato empty su viewport 375px"
258
+ ```
259
+
260
+ - **Authoring** (`prd-card-writer`): a command is written ONLY if verified to exist — an
261
+ npm script in `package.json`, a command in `toolchain.commands.*`, a cited test file
262
+ that exists. NEVER invent commands (same class as the Field Grounding Rule). Not
263
+ automatable → explicit `manual: <what a human checks>`.
264
+ - **Consumption** (`/new` Phase 2.5 completeness check — the AC-verification owner): an AC
265
+ with a non-`manual:` oracle is verified by EXECUTING it; the exit status is the primary
266
+ evidence. Judgment covers only `manual:` oracles and oracle-less ACs. (`qa-sentinel` is
267
+ deliberately NOT the consumer — AC verification is out of its scope by contract.)
268
+ - **Relation to `validation_commands`**: that field stays the card-level suite;
269
+ `ac_verification` is the per-AC mapping. The validator WARNs when a non-manual oracle
270
+ is absent from `validation_commands` (drift guard between the two).
271
+ - **Enforcement is WARN-first** (the `--prd` validator warns on missing entries for cards
272
+ with code-testable outputs); any hard gate comes only after telemetry on real runs.
273
+
215
274
  ## Writer contract
216
275
 
217
276
  The canonical writer is the `prd-card-writer` agent. It emits the full baseline for the
@@ -29,7 +29,11 @@
29
29
  * acceptance_criteria + scope MUST have non-empty requirements;
30
30
  * - epic `review_profile` must be `skip`;
31
31
  * - `[NEEDS CLARIFICATION: …]` ambiguity markers in the raw YAML are BLOCKERS —
32
- * a card ships only when every planning ambiguity has been resolved.
32
+ * a card ships only when every planning ambiguity has been resolved;
33
+ * - EARS grammar on child/standalone acceptance_criteria (5 patterns + vague-verb
34
+ * ban-list) — BLOCKER; epics exempt. SSOT: card-schema.md § "Acceptance-criteria
35
+ * grammar (EARS)";
36
+ * - `ac_verification` per-AC oracle coverage — WARN-only (never fails the run).
33
37
  *
34
38
  * Module API (for CI self-tests in scripts/check-card-baseline.js):
35
39
  * const { validateCard, detectProfile, loadSchema, loadEnums } = require(...)
@@ -373,12 +377,30 @@ function scanAmbiguityMarkers(text) {
373
377
  return out;
374
378
  }
375
379
 
380
+ // EARS grammar — SSOT: card-schema.md § "Acceptance-criteria grammar (EARS)".
381
+ // Keywords are English syntactic markers; the clause body may be any language.
382
+ const EARS_PATTERNS = [
383
+ /^THE SYSTEM SHALL .+/,
384
+ /^WHEN .+ THE SYSTEM SHALL .+/,
385
+ /^WHILE .+ THE SYSTEM SHALL .+/,
386
+ /^WHERE .+ THE SYSTEM SHALL .+/,
387
+ /^IF .+ THEN THE SYSTEM SHALL .+/,
388
+ ];
389
+ const VAGUE_VERB_RE = /(correttamente|appropriat[oa]|properly|appropriately|as expected|gracefully|handle correctly|gestire corrett)/i;
390
+
391
+ /** "[ ] [AC-3] WHEN … THE SYSTEM SHALL …" → { id: 'AC-3', clause: 'WHEN … …' } (null if unparseable) */
392
+ function parseAcEntry(entry) {
393
+ const m = String(entry).match(/^\s*\[[ xX]?\]\s*\[(AC-\d+)\]\s*(.+)$/);
394
+ return m ? { id: m[1], clause: m[2].trim() } : null;
395
+ }
396
+
376
397
  /**
377
398
  * The deterministic subset of /prd validation-phase Step 6 item 0 (see file header).
378
- * Returns string[] errors. `text` is the raw YAML (marker scan), `card` the parsed map.
399
+ * Returns { errors, warnings }. `text` is the raw YAML (marker scan), `card` the parsed map.
379
400
  */
380
401
  function prdGateChecks(card, text, profile) {
381
402
  const errors = [];
403
+ const warnings = [];
382
404
  if (profile !== 'EPIC' && nonEmpty(card.acceptance_criteria) && nonEmpty(card.scope) && !nonEmpty(card.requirements)) {
383
405
  errors.push("has acceptance_criteria + scope but no 'requirements' — emit requirements (faithful restatement of AC + scope) before commit (PO1)");
384
406
  }
@@ -388,7 +410,37 @@ function prdGateChecks(card, text, profile) {
388
410
  for (const m of scanAmbiguityMarkers(text)) {
389
411
  errors.push(`unresolved ambiguity marker — resolve with the user before commit: ${m}`);
390
412
  }
391
- return errors;
413
+ // EARS grammar + vague-verb ban (child/standalone only; epic AC-EPIC roll-ups exempt)
414
+ if (profile !== 'EPIC' && Array.isArray(card.acceptance_criteria)) {
415
+ for (const entry of card.acceptance_criteria) {
416
+ const ac = parseAcEntry(entry);
417
+ if (!ac) continue; // malformed entry shape is the matrix/consumer contract's concern
418
+ if (VAGUE_VERB_RE.test(ac.clause)) {
419
+ errors.push(`${ac.id} uses a banned vague verb — name the observable behavior (card-schema.md § EARS): "${ac.clause.slice(0, 90)}"`);
420
+ } else if (!EARS_PATTERNS.some((re) => re.test(ac.clause))) {
421
+ errors.push(`${ac.id} is not an EARS clause (THE SYSTEM SHALL / WHEN|WHILE|WHERE … THE SYSTEM SHALL / IF … THEN THE SYSTEM SHALL): "${ac.clause.slice(0, 90)}"`);
422
+ }
423
+ }
424
+ // ac_verification coverage — WARN-only (enforcement is data-driven, never a blocker here)
425
+ const av = card.ac_verification;
426
+ const hasCodeOutputs = nonEmpty(card.files_likely_touched);
427
+ if (!nonEmpty(av)) {
428
+ if (hasCodeOutputs) warnings.push("no 'ac_verification' map — consider per-AC executable oracles (or 'manual: …') per card-schema.md § ac_verification");
429
+ } else if (typeof av === 'object' && !Array.isArray(av)) {
430
+ const vcText = JSON.stringify(card.validation_commands || []);
431
+ for (const entry of card.acceptance_criteria) {
432
+ const ac = parseAcEntry(entry);
433
+ if (!ac) continue;
434
+ const oracle = av[ac.id];
435
+ if (oracle == null || String(oracle).trim() === '') {
436
+ warnings.push(`ac_verification has no entry for ${ac.id}`);
437
+ } else if (!/^manual:/i.test(String(oracle)) && !vcText.includes(String(oracle).slice(0, 40))) {
438
+ warnings.push(`${ac.id} oracle is not in validation_commands (drift guard): "${String(oracle).slice(0, 60)}"`);
439
+ }
440
+ }
441
+ }
442
+ }
443
+ return { errors, warnings };
392
444
  }
393
445
 
394
446
  // --- CLI --------------------------------------------------------------------
@@ -420,7 +472,12 @@ function main(argv) {
420
472
  continue;
421
473
  }
422
474
  const { profile, errors } = validateCard(card, { matrix, enums, filename: path.basename(file) });
423
- if (prdMode) errors.push(...prdGateChecks(card, text, profile));
475
+ let warnings = [];
476
+ if (prdMode) {
477
+ const g = prdGateChecks(card, text, profile);
478
+ errors.push(...g.errors);
479
+ warnings = g.warnings;
480
+ }
424
481
  if (errors.length) {
425
482
  failed++;
426
483
  process.stdout.write(`✖ ${file} [${profile}] — ${errors.length} issue(s):\n`);
@@ -428,6 +485,7 @@ function main(argv) {
428
485
  } else {
429
486
  process.stdout.write(`✓ ${file} [${profile}]\n`);
430
487
  }
488
+ for (const w of warnings) process.stdout.write(` ⚠ ${w}\n`);
431
489
  }
432
490
  return failed ? 1 : 0;
433
491
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "baldart",
3
- "version": "4.94.0",
3
+ "version": "4.95.0",
4
4
  "description": "Claude Agent Framework - Reusable framework for coordinating AI agents and humans in software projects",
5
5
  "bin": {
6
6
  "baldart": "./bin/baldart.js"