cc-devflow 4.5.1 → 4.5.2

package/.claude/skills/cc-act/CHANGELOG.md

@@ -1,5 +1,19 @@
 # CC-Act Skill Changelog
 
+## v1.6.4 - 2026-04-28
+
+- add a readiness dashboard covering review freshness, review quality, specialist facets, QA coverage, browser QA, failure ownership, documentation release, and PR body accuracy
+- require verification to rerun on every cc-act invocation while keeping ship actions idempotent
+- update `verify-act-gate.sh` to recognize `claimEvidence`, review freshness, QA coverage/browser status, and unresolved failure ownership
+- update `render-pr-brief.sh`, shared evidence extraction, and the PR brief template with readiness and PR body accuracy fields
+
+## v1.6.3 - 2026-04-28
+
+- require PR briefs and PR bodies to carry the reviewed base/head SHA, review packet summary, finding triage, and QA / claim evidence summary
+- require post-merge closeout to verify the merged result instead of relying only on pre-merge evidence
+- add destructive cleanup confirmation rules for branch, worktree, discard, and archive actions
+- update `render-pr-brief.sh` and the PR brief template with review range and merged-result verification fields
+
 ## v1.6.2 - 2026-04-27
 
 - require closeout handoff documents to resolve the runtime output policy before writing PR briefs, release notes, resume indexes, or status handoffs

package/.claude/skills/cc-act/PLAYBOOK.md

@@ -25,6 +25,7 @@
 1. 运行 `scripts/verify-act-gate.sh --dir <requirement-dir>`
 2. 确认 `review/report-card.json` 是 `pass`，且没有未解释的 gaps / reroute
 3. 确认 `planning/tasks.md` 不再有未完成项
+4. 确认 `review.freshness` 新鲜、`runtime.failureOwnership` 无未解释失败、`qa.coverageAudit` / `qa.browserEvidence` 有证据或明确 skip
 
 如果 gate 没闭合，直接回 `cc-check` 或 `cc-do`，不要在 `cc-act` 自我安慰。
 
@@ -70,6 +71,7 @@ Ship 必须属于这 4 种模式之一：
 
 - `cc-act` 可以做清理和收尾修复
 - 但只要现实被改写，就必须重新证明
+- verification 每次进 `cc-act` 都要重新跑；只有 push、PR 更新、文档生成这类动作可以因幂等状态跳过
 
 ## Phase 2.5: Ship Hygiene
 
@@ -80,6 +82,7 @@ Ship 必须属于这 4 种模式之一：
 3. 检查提交边界，按逻辑单元拆分，保证提交顺序不引用未来代码。
 4. 如果有 WIP commit，只能用非破坏性 rebase / fixup 处理，不允许盲目 soft reset。
 5. push 前比较 local / remote HEAD；PR 前检查是否已有打开 PR / MR。
+6. 生成 readiness dashboard：review freshness、review quality、QA coverage、browser QA、failure ownership、documentation release、PR body accuracy。
 
 ## Phase 3: Build Delivery Pack
 
@@ -104,6 +107,18 @@ Ship 必须属于这 4 种模式之一：
 1. `scripts/sync-act-docs.sh --dir <requirement-dir>`
 2. `scripts/render-pr-brief.sh --dir <requirement-dir>`
 
+`pr-brief.md` 还必须带上 `cc-check` 的 review range：
+
+- reviewed base SHA
+- reviewed head SHA
+- review packet path / summary
+- finding triage summary
+- QA / claim evidence summary
+- readiness dashboard
+- PR body accuracy check
+
+缺这些字段时，可以生成 local handoff，但不能声称 PR body 已经可 review。
+
 ## Phase 4: Sync Docs
 
 文档同步不是装饰动作，而是 ship 的一部分。
@@ -125,7 +140,8 @@ Ship 必须属于这 4 种模式之一：
 - 按 `references/git-commit-guidelines.md` 完成提交
 - 推送当前分支
 - 用 `gh pr create` 创建 PR / MR
-- PR body 以 `pr-brief.md` 为真相源，并包含 Summary、Test Coverage、Pre-Landing Review、Scope Drift、Plan Completion、Verification Results、Documentation、Test plan
+- PR body 以 `pr-brief.md` 为真相源，并包含 Summary、Test Coverage、Pre-Landing Review、Readiness Dashboard、Scope Drift、Plan Completion、Verification Results、Documentation、Test plan
+- 创建前检查 PR body 是否来自当前 report-card 和当前 diff，不继承旧 body
 
 ### `update-pr`
 
@@ -133,6 +149,7 @@ Ship 必须属于这 4 种模式之一：
 - 不重新造一个 PR
 - 刷新已有 PR / MR body
 - 确保 body 由本次最新 `cc-check` 结果与 doc sync 状态重建，不沿用旧 body
+- PR body 与当前 commits / diff 不一致时，必须先更新 body，再继续交付判断
 
 ### `local-handoff`
 
@@ -142,8 +159,15 @@ Ship 必须属于这 4 种模式之一：
 ### `post-merge-closeout`
 
 - 不做 feature branch PR 动作
+- 在 merged result 上重跑必要 gate，并记录命令、exit status、关键观察
 - 完成 release note、文档同步、backlog/roadmap 回写、归档
 
+### destructive cleanup
+
+- 删除 branch、worktree、未合并提交、requirement archive 前，先列出对象
+- 丢弃未合并工作必须要求用户显式确认
+- 无法确认时保留现场，切到 `local-handoff`
+
 如果 `gh` 不可用、push 失败、远端不可达，就不要硬凹 `create-pr` / `update-pr`。切到 `local-handoff`，把阻塞和下一步写清楚。
 
 ## Phase 6: Write Back The Learning
@@ -176,6 +200,7 @@ Ship 必须属于这 4 种模式之一：
 3. reviewer / 接手者 还需不需要追问“所以我现在该看哪个文件”？
 4. `cc-simplify`、单测、e2e、commit/push 的结果是不是都能追溯？
 5. PR body / release note / handoff / changelog 说的是不是同一套现实？
+6. readiness dashboard 有没有 blocker 或 stale warning？
 
 如果第 1 或第 3 题答案不是“能”，说明 `cc-act` 仍然太重或太糊。
 

package/.claude/skills/cc-act/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-act
-version: 1.6.2
+version: 1.6.4
 description: 'Use when verified work must be shipped or handed off with a clear landing path: run simplify and required tests, create or update a PR, prepare a local handoff, close out merged work, sync docs, write release notes, and fold follow-ups back into backlog or roadmap.'
 triggers:
   - 准备提 PR
@@ -41,7 +41,7 @@ entry_gate:
   - If simplify, tests, or act changes code or verification scope, return to cc-check immediately.
 exit_criteria:
   - The ship mode is explicit, delivery materials match that mode, and the next maintainer has one clear entry point.
-  - Docs, PR text, release notes, handoff artifacts, and test evidence reflect the same proven facts.
+  - Docs, PR text, release notes, handoff artifacts, review range, readiness dashboard, PR body accuracy check, and test evidence reflect the same proven facts.
   - Follow-up items are written back to roadmap/backlog instead of lingering in chat memory.
 reroutes:
   - when: Verification is stale, incomplete, or changed during act.
@@ -126,7 +126,8 @@ tool_budget:
 2. 再读 `planning/design.md` 或 `planning/analysis.md`、`planning/tasks.md`、`planning/task-manifest.json`、`change-meta.json`、相关 capability spec；如果已有 `handoff/resume-index.md`，一并读取，确认这次到底完成了什么。
 3. 运行 `scripts/verify-act-gate.sh --dir <requirement-dir>`，确认 gate 真的闭合。
 4. 运行 `scripts/detect-ship-target.sh`，识别当前分支、base branch、PR 状态与推荐 ship 路径。
-5. 如果在 `cc-act` 期间因为 `cc-simplify`、单测、e2e、review 修复而改了代码，必须回 `cc-check`，不能带着旧证明继续 ship。
+5. 检查 `review.freshness`、`runtime.failureOwnership`、`qa.coverageAudit`、`qa.browserEvidence`，确认 readiness dashboard 没有 blocker。
+6. 如果在 `cc-act` 期间因为 `cc-simplify`、单测、e2e、review 修复而改了代码，必须回 `cc-check`，不能带着旧证明继续 ship。
 
 ## Ship Modes
 
@@ -146,7 +147,7 @@ tool_budget:
    - 但要把 handoff 与下一步写清楚
 4. `post-merge-closeout`
    - 当前已在 base branch，或 requirement 已完成合并
-   - 重点是 release note、doc sync、backlog writeback、归档
+   - 重点是 merged-result verification、release note、doc sync、backlog writeback、归档
 
 不要发明第五种模糊模式。
 
@@ -207,9 +208,34 @@ tool_budget:
 2. Scope completion：PR 简报必须包含 `cc-check` 的 plan completion、scope drift、review finding、验证结果摘要。
 3. Version and changelog：如果项目有 `VERSION`、`package.json`、`CHANGELOG.md`，先判断是否已 bump / 是否漂移；不要重复 bump，也不要覆盖 changelog。
 4. Bisectable commits：提交按逻辑单元拆分，顺序保证每个 commit 独立可理解、尽量可验证；小于 50 行且少于 4 文件可单 commit。
-5. Fresh final verification：如果 `cc-act` 中的 review fix、doc sync、version sync 改了代码或运行时输入，重新回 `cc-check`；纯文档/PR body 变化记录即可。
+5. Fresh final verification：每次进入 `cc-act` 都要重跑 entry gate、simplify、单测、e2e 或记录 skip；只有 push、PR 更新、doc 生成这类动作可以幂等跳过。以前跑过不等于现在仍然可信。
 6. Push idempotency：push 前比较 local/remote HEAD；已同步就不重复 push，不可用就切 `local-handoff`。
 7. PR idempotency：已有打开的 PR / MR 只更新 body，不重复创建。
+8. Review range：PR brief / PR body 必须写清 `cc-check` 审过的 base/head SHA、review packet、finding triage 摘要。
+9. Post-integration verification：本地合并或 post-merge closeout 后，必须在 merged result 上跑必要 gate；不能只继承合并前绿色。
+
+## Readiness Dashboard
+
+PR / handoff 之前必须把 readiness 压成一屏事实：
+
+1. Review freshness：`review.freshness.status` 必须是 `fresh` 或 `not-applicable`。
+2. Review quality：记录 `review.qualityScore`、specialist facet 覆盖、finding triage 摘要。
+3. QA coverage：记录 `qa.coverageAudit` 的 coverage、gaps、e2e/eval requirement。
+4. Browser QA：UI / 用户路径变更必须有 `qa.browserEvidence`，否则要有 skip reason。
+5. Failure ownership：`runtime.failureOwnership` 不能有未解释的 `in-branch` 或 `ambiguous` failure。
+6. Documentation release：README / CLAUDE / architecture / handoff / changelog 的同步状态必须可审计。
+7. PR body accuracy：PR body 必须从当前 `pr-brief.md`、当前 diff、当前 report-card 重建；已有 PR body 只能被刷新，不能被继承。
+
+readiness dashboard 有 blocker 时，不能创建或更新 PR，只能 reroute 到 `cc-check` / `cc-do` 或生成 local handoff。
+
+## Integration Safety
+
+`cc-act` 可以清理交付路径，但不能悄悄做破坏性动作：
+
+1. 删除 feature branch、删除 worktree、丢弃提交、归档 requirement 前，必须列出受影响对象。
+2. 丢弃未合并工作必须要求用户显式确认；没有确认时只能转 `local-handoff`。
+3. branch cleanup 只发生在 merge / PR / discard 语义已经清楚之后。
+4. `post-merge-closeout` 必须记录 merged-result verification：命令、exit status、关键观察、失败时 reroute。
 
 ## Documentation Release
 
@@ -245,11 +271,12 @@ tool_budget:
    - `local-handoff`：不假装已经发出，只生成可接手材料
    - `post-merge-closeout`：跳过 PR，完成发布与闭环回写
 11. 处理 PR / MR body：从当前 `pr-brief.md`、最新验证、review、doc sync、TODO/backlog 结果重新渲染，不复用旧 body。
-12. 回写 `devflow/roadmap/backlog.md` / `devflow/roadmap/roadmap.md`：
+12. 在 `handoff/pr-brief.md` 写入 readiness dashboard 与 PR body accuracy check；已有 PR body 与当前事实不一致时先刷新再继续。
+13. 回写 `devflow/roadmap/backlog.md` / `devflow/roadmap/roadmap.md`：
    - 新发现的 follow-up
    - 被推迟但必须保留的事项
    - 因本次结果而改变优先级的事项
-13. 如果 requirement 真正闭环，更新状态摘要并归档；否则把下一位接手者的入口写清楚。
+14. 如果 requirement 真正闭环，更新状态摘要并归档；否则把下一位接手者的入口写清楚。
 
 ## Output
 
@@ -261,6 +288,7 @@ tool_budget:
 - 单测 / e2e 的通过证据，或明确记录的 skip / blocker
 - 必要时创建或更新的 PR / MR
 - PR / MR body 中的 Summary、Test Coverage、Pre-Landing Review、Scope Drift、Plan Completion、Verification Results、Documentation、Test plan
+- readiness dashboard 和 PR body accuracy check
 
 ## Good Output
 
@@ -300,6 +328,7 @@ tool_budget:
 10. `create-pr` / `update-pr` 模式默认要求提交历史符合 `references/git-commit-guidelines.md`，并完成正确的 push、PR 创建或更新动作。
 11. CHANGELOG 只能基于当前 diff / commit history / release truth 更新，不允许覆盖既有历史条目。
 12. PR / MR body 每次都从当前事实重建，不沿用旧 body 或旧测试输出。
+13. Verification 每次执行 `cc-act` 都必须重新运行；只有已完成且可证明幂等的动作可以跳过。
 
 ## Exit Criteria
 

package/.claude/skills/cc-act/assets/PR_BRIEF_TEMPLATE.md

@@ -24,6 +24,25 @@
 - Base branch:
 - PR / MR:
 
+## Review Range
+
+- Reviewed base SHA:
+- Reviewed head SHA:
+- Review packet:
+- Finding triage:
+- QA / claim evidence:
+
+## Readiness Dashboard
+
+- Review freshness:
+- Review quality:
+- Specialist review facets:
+- QA coverage:
+- Browser QA:
+- Failure ownership:
+- Documentation release:
+- PR body accuracy:
+
 ## Summary
 
 - 
@@ -36,6 +55,7 @@
 
 - `review/report-card.json` verdict:
 - Fresh evidence:
+- Merged-result verification:
 
 ## Documentation Sync
 

package/.claude/skills/cc-act/references/closure-contract.md

@@ -8,6 +8,8 @@
 4. `planning/tasks.md` 不能还有未完成项
 5. 交付材料必须只总结现实，不补编故事
 6. 如果文件结构变了，就同步对应目录的 `CLAUDE.md`
+7. PR / handoff 必须记录 `cc-check` 审过的 base/head SHA、review packet、finding triage 摘要
+8. readiness dashboard 必须说明 review freshness、QA coverage、browser evidence、failure ownership、documentation release、PR body accuracy
 
 ## Ship Decision Contract
 
@@ -29,6 +31,10 @@
 5. VERSION / package / changelog 漂移必须先分类处理，不能重复 bump 或覆盖发布历史
 6. PR / MR body 必须从当前事实重建，不能沿用旧验证输出
 7. push / PR 创建必须具备幂等检查：已同步则跳过，已存在 PR 则更新
+8. 本地合并或 post-merge closeout 后必须在 merged result 上重跑必要 gate
+9. 删除 branch、worktree、未合并提交、归档 requirement 前必须列出对象；丢弃未合并工作需要显式确认
+10. verification 每次进入 `cc-act` 都必须重新跑；只有 push、PR 更新、文档生成等动作可以因为幂等状态跳过
+11. PR body accuracy 必须对照当前 report-card、当前 diff、当前 commits；旧 body 不能作为证据源
 
 ## Memory Consolidation
 
@@ -45,5 +51,7 @@
 - reviewer 能接手
 - maintainer 知道怎么验证
 - PR / handoff / release 材料反映同一套事实
+- readiness dashboard 没有 blocker，PR body accuracy 已检查或明确阻塞
+- post-merge closeout 反映 merged result 的验证事实，而不是只反映合并前事实
 - 下一轮计划入口更清楚
 - 文档入口可发现，changelog 不丢历史，TODO / backlog 只记录有证据的事项

package/.claude/skills/cc-act/scripts/cc-act-common.sh

@@ -234,7 +234,12 @@ req_act_collect_evidence() {
   local out_file="$2"
 
   : > "$out_file"
-  jq -r '(.evidence // [])[]?' "$report_card" 2>/dev/null | sed '/^$/d' > "$out_file" || true
+  jq -r '
+    (.evidence // [])[]?,
+    ((.claimEvidence // [])[]? | "- " + (.claim // "claim") + ": " + (.status // "unknown") + " via " + (.commandOrArtifact // "artifact") + " - " + (.keyObservation // "")),
+    (if .qa.coverageAudit then "- qa.coverage: " + (.qa.coverageAudit.status // "unknown") + ", gaps=" + (((.qa.coverageAudit.gaps // []) | length) | tostring) else empty end),
+    (if .qa.browserEvidence then "- qa.browser: " + (.qa.browserEvidence.status // "unknown") + ", mode=" + (.qa.browserEvidence.mode // "unknown") else empty end)
+  ' "$report_card" 2>/dev/null | sed '/^$/d' > "$out_file" || true
   req_act_dedup_file "$out_file"
 }
 

package/.claude/skills/cc-act/scripts/render-pr-brief.sh

@@ -65,6 +65,31 @@ report_verdict="$(req_act_report_verdict "$report_card")"
 output_language="$(req_act_output_language "$report_card")"
 design_goal="$(req_act_design_goal "$design_file")"
 main_risk="$(req_act_main_risk "$design_file")"
+review_base_sha="$(jq -r '[.review.taskReviews.reviewPacket.baseSha?, .review.diffReview.reviewPacket.baseSha?] | map(select(. != null and . != "")) | first // "not recorded"' "$report_card")"
+review_head_sha="$(jq -r '[.review.taskReviews.reviewPacket.headSha?, .review.diffReview.reviewPacket.headSha?] | map(select(. != null and . != "")) | first // "not recorded"' "$report_card")"
+review_packet_summary="$(jq -r '
+  [
+    .review.taskReviews.reviewPacket.requirements?,
+    .review.diffReview.reviewPacket.requirements?
+  ]
+  | map(select(. != null and . != ""))
+  | unique
+  | if length == 0 then "not recorded" else join("; ") end
+' "$report_card")"
+finding_triage_summary="$(jq -r '
+  [
+    (.review.taskReviews.findings? // []),
+    (.review.diffReview.findings? // []),
+    (.review.findings? // [])
+  ]
+  | flatten
+  | map(.triageStatus? // .status? // "untriaged")
+  | if length == 0 then "no findings" else group_by(.) | map("\(.[0])=\(length)") | join(", ") end
+' "$report_card")"
+qa_claim_summary="$(jq -r '
+  "qa=\(.qa.status? // "not recorded"), claims=" +
+  (((.claimEvidence? // []) | map((.claim // "unknown") + ":" + (.status // "unknown")) | join(", ")) // "not recorded")
+' "$report_card")"
 
 tmp_changed="$(mktemp)"
 tmp_verify="$(mktemp)"
@@ -95,6 +120,56 @@ if [[ -f "$doc_sync_report" ]]; then
   fi
 fi
 
+review_freshness_summary="$(jq -r '
+  .review.freshness as $fresh |
+  if $fresh == null then
+    "not recorded"
+  else
+    "status=\($fresh.status // "unknown"), reviewed=\($fresh.reviewedCommit // "not recorded"), current=\($fresh.currentCommit // "not recorded"), commitsSinceReview=\($fresh.commitsSinceReview // "unknown")" +
+    (if (($fresh.staleReason // "") != "") then ", reason=\($fresh.staleReason)" else "" end)
+  end
+' "$report_card")"
+review_quality_summary="$(jq -r '
+  "qualityScore=\(.review.qualityScore // "not recorded")"
+' "$report_card")"
+specialist_review_summary="$(jq -r '
+  (.review.specialistReviews? // [])
+  | if length == 0 then
+      "no specialist facets recorded"
+    else
+      map((.name // "unknown") + ":" + (.status // "unknown")) | join(", ")
+    end
+' "$report_card")"
+qa_coverage_summary="$(jq -r '
+  .qa.coverageAudit as $coverage |
+  if $coverage == null then
+    "not recorded"
+  else
+    "status=\($coverage.status // "unknown"), coverage=\($coverage.coveragePct // "n/a"), gaps=\((($coverage.gaps // []) | length)), e2eRequired=\($coverage.e2eRequired // false), evalRequired=\($coverage.evalRequired // false)"
+  end
+' "$report_card")"
+browser_qa_summary="$(jq -r '
+  .qa.browserEvidence as $browser |
+  if $browser == null then
+    "not recorded"
+  else
+    "status=\($browser.status // "unknown"), mode=\($browser.mode // "unknown"), routes=\((($browser.affectedRoutes // []) | length)), issues=\((($browser.issues // []) | length)), consoleErrors=\((($browser.consoleErrors // []) | length))" +
+    (if (($browser.skipReason // "") != "") then ", skip=\($browser.skipReason)" else "" end)
+  end
+' "$report_card")"
+failure_ownership_summary="$(jq -r '
+  (.runtime.failureOwnership? // [])
+  | if length == 0 then
+      "no open failures recorded"
+    else
+      group_by(.classification // "unknown")
+      | map("\(.[0].classification // "unknown")=\(length)")
+      | join(", ")
+    end
+' "$report_card")"
+documentation_release_summary="CLAUDE=${claude_status}; README=${readme_status}"
+pr_body_accuracy_summary="body must be regenerated from this pr-brief, current report-card, and current diff before PR create/update"
+
 {
   echo "# PR Brief"
   echo
@@ -120,6 +195,25 @@ fi
     echo "- PR / MR: none"
   fi
   echo
+  echo "## Review Range"
+  echo
+  echo "- Reviewed base SHA: $review_base_sha"
+  echo "- Reviewed head SHA: $review_head_sha"
+  echo "- Review packet: $review_packet_summary"
+  echo "- Finding triage: $finding_triage_summary"
+  echo "- QA / claim evidence: $qa_claim_summary"
+  echo
+  echo "## Readiness Dashboard"
+  echo
+  echo "- Review freshness: $review_freshness_summary"
+  echo "- Review quality: $review_quality_summary"
+  echo "- Specialist review facets: $specialist_review_summary"
+  echo "- QA coverage: $qa_coverage_summary"
+  echo "- Browser QA: $browser_qa_summary"
+  echo "- Failure ownership: $failure_ownership_summary"
+  echo "- Documentation release: $documentation_release_summary"
+  echo "- PR body accuracy: $pr_body_accuracy_summary"
+  echo
   echo "## Summary"
   echo
   if [[ -n "$report_summary" ]]; then
@@ -145,6 +239,11 @@ fi
   echo "## Verification Evidence"
   echo
   echo "- \`report-card.json\` verdict: $report_verdict"
+  if [[ "$ship_mode" == "post-merge-closeout" ]]; then
+    echo "- Merged-result verification: required before closeout; record command, exit status, and key observation"
+  else
+    echo "- Merged-result verification: not applicable before merge"
+  fi
   if [[ -s "$tmp_evidence" ]]; then
     while IFS= read -r line; do
       echo "- $line"

package/.claude/skills/cc-act/scripts/verify-act-gate.sh

@@ -37,8 +37,16 @@ tasks_file="$(req_act_tasks_path "$CHANGE_DIR")"
 verdict="$(jq -r '.verdict // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
 reroute="$(jq -r '.reroute // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
 spec_sync_ready="$(jq -r '.specSyncReady // false' "$report_card" 2>/dev/null || echo false)"
-evidence_count="$(jq -r '(.evidence // []) | length' "$report_card" 2>/dev/null || echo 0)"
+evidence_count="$(jq -r '((.evidence // []) + (.claimEvidence // []) + (.quickGates // []) + (.strictGates // [])) | length' "$report_card" 2>/dev/null || echo 0)"
 gap_count="$(jq -r '(.gaps // []) | length' "$report_card" 2>/dev/null || echo 0)"
+review_freshness="$(jq -r '.review.freshness.status // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
+failure_ownership_open="$(jq -r '
+  (.runtime.failureOwnership? // [])
+  | map(select(((.classification? // "") | IN("in-branch", "ambiguous")) and ((.status? // "open") | IN("open", "pending"))))
+  | length
+' "$report_card" 2>/dev/null || echo 0)"
+coverage_status="$(jq -r '.qa.coverageAudit.status // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
+browser_status="$(jq -r '.qa.browserEvidence.status // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
 
 remaining_tasks="0"
 if [[ -f "$tasks_file" ]]; then
@@ -50,6 +58,10 @@ fi
 [[ "$spec_sync_ready" == "true" ]] || { echo "Gate open: spec_sync_ready=$spec_sync_ready" >&2; exit 1; }
 [[ "$evidence_count" -gt 0 ]] || { echo "Gate open: evidence is empty" >&2; exit 1; }
 [[ "$gap_count" -eq 0 ]] || { echo "Gate open: gaps=$gap_count" >&2; exit 1; }
+[[ "$review_freshness" == "fresh" || "$review_freshness" == "not-applicable" ]] || { echo "Gate open: review_freshness=$review_freshness" >&2; exit 1; }
+[[ "$failure_ownership_open" -eq 0 ]] || { echo "Gate open: failure_ownership_open=$failure_ownership_open" >&2; exit 1; }
+[[ "$coverage_status" != "blocked" && "$coverage_status" != "fail" && "$coverage_status" != "pending" ]] || { echo "Gate open: coverage_status=$coverage_status" >&2; exit 1; }
+[[ "$browser_status" != "blocked" && "$browser_status" != "fail" && "$browser_status" != "pending" ]] || { echo "Gate open: browser_status=$browser_status" >&2; exit 1; }
 [[ "$remaining_tasks" -eq 0 ]] || { echo "Gate open: remaining_tasks=$remaining_tasks" >&2; exit 1; }
 
 cat <<EOF
@@ -59,5 +71,9 @@ REROUTE=$reroute
 SPEC_SYNC_READY=$spec_sync_ready
 EVIDENCE_COUNT=$evidence_count
 GAP_COUNT=$gap_count
+REVIEW_FRESHNESS=$review_freshness
+FAILURE_OWNERSHIP_OPEN=$failure_ownership_open
+COVERAGE_STATUS=$coverage_status
+BROWSER_STATUS=$browser_status
 REMAINING_TASKS=$remaining_tasks
 EOF

package/.claude/skills/cc-check/CHANGELOG.md

@@ -1,5 +1,19 @@
 # CC-Check Skill Changelog
 
+## v1.8.4 - 2026-04-28
+
+- add review freshness, quality score, specialist review facets, and finding confidence fingerprints so stale or noisy review evidence cannot masquerade as current proof
+- add QA coverage audit and browser evidence fields for user-flow, route, screenshot, console, and skip-reason proof
+- add runtime failure ownership so failing commands are classified as in-branch, pre-existing, environment, or ambiguous before verdict selection
+- update the report-card template, renderer, and gate validation for the richer review and QA evidence shape
+
+## v1.8.3 - 2026-04-28
+
+- add native claim evidence matrix guidance so each completion claim maps to command or artifact proof
+- add QA regression and test-quality review fields for red/green proof, mock boundaries, and test-only API smells
+- require review packets and finding triage so review results can be audited without chat memory
+- update report-card template, renderer, and gate validation for optional `claimEvidence` and `qa` fields
+
 ## v1.8.2 - 2026-04-27
 
 - require verification reports to resolve the runtime output policy before writing human-readable verdicts or summaries

package/.claude/skills/cc-check/PLAYBOOK.md

@@ -40,6 +40,11 @@ NO PASS WITHOUT FRESH EVIDENCE
    - runtime gate
    - task review proof
    - requirement diff review
+   - claim evidence matrix
+   - QA regression / test-quality proof
+   - QA coverage and browser evidence
+   - review freshness and finding confidence
+   - failure ownership
    - spec sync readiness
 4. **Freeze Verdict**
    - 只允许 `pass` / `fail` / `blocked`
@@ -54,13 +59,34 @@ NO PASS WITHOUT FRESH EVIDENCE
 3. 读取真实输出和退出码
 4. 把证据写进 `report-card.json`
 5. 把任务级 review 与需求级 diff review 分开写清楚
+6. 把每个成功声明映射到 `claimEvidence[]`
+7. 行为变更必须补 `qa` 证据或例外理由
+8. 失败输出必须写入 `runtime.failureOwnership[]`
 
 ## Verification Layers
 
 1. Runtime reality
 2. Task review proof
 3. Requirement diff truth
-4. Spec alignment and sync readiness
+4. Claim evidence matrix
+5. QA regression and test quality
+6. QA coverage and browser evidence
+7. Review freshness and confidence calibration
+8. Failure ownership
+9. Spec alignment and sync readiness
+
+## Claim Evidence Matrix
+
+每个“通过”声明都要回答：这条声明由哪条命令或 artifact 证明？
+
+- `tests-pass`：本轮 test command、exit 0、0 failures
+- `lint-clean` / `typecheck-clean` / `build-succeeds`：对应 gate 的本轮输出
+- `bug-fixed`：原始症状或回归测试通过
+- `regression-test-works`：red -> green 证据，而不是只绿一次
+- `requirements-met`：逐项 plan / manifest checklist
+- `agent-completed`：VCS diff 或 artifact 证明实际变化
+
+缺少必要 claim 的证据时，verdict 至少是 `blocked`。不要把没有证据的 claim 写进 summary。
 
 ## Requirement Diff Review
 
@@ -71,9 +97,49 @@ NO PASS WITHOUT FRESH EVIDENCE
 3. `scope drift`：识别多做、少做、做偏。
 4. `critical pass`：检查数据安全、并发、shell、LLM trust boundary、枚举覆盖、静默失败、文档漂移。
 5. `adversarial synthesis`：合并外部 review / codex / subagent /人工 finding，去重并标置信度。
+6. `specialist facets`：按风险记录 testing / security / performance / api-contract / data-migration / design 等审查面；没有覆盖必须写 skip reason。
+7. `freshness`：确认 review 对应当前 head；review 后新增 commit 时不能继续拿旧审查支撑 `pass`。
 
 这些结论进入 `review.diffReview`，不能只写在口头总结里。
 
+每层 review 都要带 `reviewPacket`：`baseSha`、`headSha`、`requirements`、`implemented`、`reviewerContext`。缺少审查范围时，review 不能支撑 `pass`。
+
+review 还要带 `freshness`：`status`、`reviewedCommit`、`currentCommit`、`commitsSinceReview`、`staleReason`。`status=stale` 或缺失 freshness 时，`pass` 不成立。
+
+每条 finding 都要带 `triageStatus`：
+
+- `accepted-fixed`
+- `rejected-with-evidence`
+- `deferred-minor`
+- `clarification-needed`
+
+`critical` / `important` finding 未闭环或仍是 `clarification-needed`，不能进入 `cc-act`。
+
+每条 finding 还要带 `confidenceScore`、`fingerprint`、`displayTier`、`suppressionReason`。低置信 finding 只能作为 warning 或 gap，不能伪装成 blocking fact。
+
+## QA Test Quality
+
+行为变化、bugfix、边界条件、用户可见流程必须补 `qa`：
+
+- `regressionProof`：red command、red failure reason、green command、是否恢复最终状态
+- `testQuality`：是否验证真实行为、mock 边界、是否存在 test-only production API
+- `tddException`：纯配置、生成文件、throwaway prototype 等例外和替代验证
+- `coverageAudit`：覆盖率、codepath / user-flow map、缺口、是否需要 e2e / eval、测试质量星级
+- `browserEvidence`：UI / 用户路径变更的 affected routes、截图、console、health score、issues，或明确 skip reason
+
+测试只绿过一次，不能证明 regression test 有效；断言 mock 本身，不能证明真实行为。
+
+## Failure Ownership
+
+失败要先归属，再下结论：
+
+- `in-branch`：当前分支引入，默认回 `cc-do`
+- `pre-existing`：base branch 也存在，必须有复验证据
+- `environment`：依赖、权限、服务、密钥、平台缺失，通常是 `blocked`
+- `ambiguous`：无法证明归属，默认不能 `pass`
+
+不要把环境红灯、基线红灯、本分支红灯混成一句“测试失败”。
+
 ## Verdict
 
 只允许 3 种结论：
@@ -98,12 +164,46 @@ NO PASS WITHOUT FRESH EVIDENCE
   "verdict": "pass",
   "overall": "pass",
   "summary": "one-line reality",
+  "claimEvidence": [],
+  "runtime": {
+    "status": "pass",
+    "failureOwnership": []
+  },
+  "qa": {
+    "status": "pass",
+    "regressionProof": [],
+    "testQuality": [],
+    "coverageAudit": {
+      "status": "pass",
+      "coveragePct": 80,
+      "pathMap": [],
+      "gaps": [],
+      "testsAdded": [],
+      "e2eRequired": false,
+      "evalRequired": false,
+      "qualityStars": "★★"
+    },
+    "browserEvidence": {
+      "status": "skipped",
+      "mode": "not-applicable",
+      "affectedRoutes": [],
+      "screenshots": [],
+      "consoleErrors": [],
+      "healthScore": null,
+      "issues": [],
+      "skipReason": "not a UI or user-path change"
+    },
+    "tddException": null
+  },
   "quickGates": [],
   "strictGates": [],
   "review": {
     "status": "pass",
     "summary": "",
     "details": "",
+    "freshness": { "status": "fresh", "reviewedCommit": "example-head", "currentCommit": "example-head", "commitsSinceReview": 0, "staleReason": "" },
+    "qualityScore": 9,
+    "specialistReviews": [],
     "taskReviews": { "status": "pass", "required": true, "summary": "", "reviewers": [], "findings": [] },
     "diffReview": { "status": "skipped", "required": false, "summary": "", "reviewers": [], "findings": [] },
     "findings": []