cc-devflow 4.5.1 → 4.5.2

package/.claude/skills/cc-investigate/assets/ANALYSIS_TEMPLATE.md

@@ -16,8 +16,10 @@
 
 - What the user saw:
 - Reproduction command / path:
+- Repro stability: `stable` | `intermittent` | `not-yet-reproduced` | `narrowed-only`
 - Expected:
 - Actual:
+- Impact / blast radius:
 
 ## Evidence Chain
 
@@ -25,25 +27,97 @@
 - Code path:
 - Recent changes:
 - Existing tests:
+- Prior investigations:
+- TODO / backlog / report-card signals:
 
-## Hypothesis Table
+## Boundary Probe Matrix
+
+| Component boundary | Input observed | Output observed | Config / env observed | State observed | Verdict |
+| --- | --- | --- | --- | --- | --- |
+| | | | | | unknown |
+
+## Backward Trace Chain
+
+- Immediate failure site:
+- Direct caller:
+- Caller chain:
+- Bad value origin:
+- Original trigger:
+- Why symptom-site fix is rejected:
+
+## Reference Comparison
+
+- Similar working example:
+- Broken path:
+- Differences found:
+- Differences accepted as hypothesis:
+- Differences ruled out:
+
+## Diagnostic Instrumentation Plan
+
+| Probe location | Question answered | Command to run | Expected signal | Actual signal | Cleanup requirement |
+| --- | --- | --- | --- | --- | --- |
+| | | | | | |
 
-| Hypothesis | Evidence for | Evidence against | Status |
+## Pattern Analysis
+
+| Pattern | Evidence checked | Status | Notes |
 | --- | --- | --- | --- |
-| | | | pending |
+| race condition | | ruled-out | |
+| null propagation | | ruled-out | |
+| state corruption | | ruled-out | |
+| integration failure | | ruled-out | |
+| configuration drift | | ruled-out | |
+| stale cache | | ruled-out | |
+| resource leak | | ruled-out | |
+| trust boundary drift | | ruled-out | |
+| timing guess / flaky wait | | ruled-out | |
+
+## Research Evidence
+
+- External research used: `yes` | `no`
+- Sanitized query:
+- Source / result:
+- Applicability:
+- Accepted into hypothesis: `yes` | `no`
+- If skipped, reason:
+
+## Hypothesis Table
+
+| Hypothesis | Evidence for | Evidence against | Falsification method | Expected observation | Actual observation | Status |
+| --- | --- | --- | --- | --- | --- | --- |
+| | | | | | | pending |
+
+## Escalation Decision
+
+- Failed hypothesis count:
+- Attempted evidence:
+- Why current entry is suspect:
+- Next option: `continue-with-new-hypothesis` | `instrument-and-wait` | `human-review` | `reroute-cc-plan`
+- Recommendation:
 
 ## Root Cause
 
 - Confirmed root cause:
+- Root cause class: `code` | `config` | `environment` | `external` | `timing`
 - Broken contract:
 - Spec diagnosis: `implementation drift` | `missing spec truth` | `roadmap mismatch`
 - Why it escaped:
+- Why not code root cause:
+- Monitoring or future evidence needed:
+- Operator handling after fix:
+- Prior history relationship: `new` | `recurring` | `same-root-cause` | `architectural-smell-candidate`
 
 ## Repair Boundary
 
 - Fix strategy:
+- Affected module:
+- Allowed files:
 - Files likely touched:
 - Do not change:
+- Blast radius file count:
+- Blast radius risk: `low` | `medium` | `high`
+- Split / reroute decision if >5 files:
 - Expected spec delta:
 - Verification after fix:
 - Why this can enter `cc-do`:

package/.claude/skills/cc-investigate/assets/TASKS_TEMPLATE.md

@@ -15,14 +15,21 @@
 - Canonical change meta: `change-meta.json`
 - Execution mode: `single-path` | `parallel-ready`
 - Confirmed root cause:
+- Root-cause hypothesis:
 - Frozen repair boundary:
+- Boundary probes:
+- Backward trace:
+- Reference comparison:
+- Allowed files:
+- Forbidden files:
+- Blast radius:
 - Capability specs:
 - Read first:
 - Commands to trust:
 - Do not re-decide:
 - Parallel boundaries:
 
-## Phase 1: Reproduce Guard
+## Phase 1: Reproduce And Probe Guard
 
 - [ ] T001 [TEST] Capture the failing behavior as a stable reproduction (dependsOn:none) `path/to/test`
   Goal: 让 bug 先变成一个可复跑的失败事实。
@@ -30,7 +37,7 @@
   Read first: `analysis.md`, `tasks.md`
   Verification: `npm test -- path/to/test`
   Evidence: failing output or reproducible log
-  Ready when: reproduction path 已稳定
+  Ready when: reproduction path 已稳定，analysis 已记录必要的 boundary / trace / comparison evidence
 
 ## Phase 2: Repair
 
@@ -40,7 +47,7 @@
   Read first: `analysis.md`, `path/to/test`
   Verification: `npm test -- path/to/test`
   Evidence: passing output + checkpoint
-  Ready when: T001 已证明问题存在
+  Ready when: T001 已证明问题存在，analysis 已证明根因源头
 
 ## Phase 3: Verify
 

package/.claude/skills/cc-investigate/assets/TASK_MANIFEST_TEMPLATE.json

@@ -20,12 +20,112 @@
     ]
   },
   "planningMeta": {
-    "ccInvestigateSkillVersion": "1.0.0",
+    "ccInvestigateSkillVersion": "1.1.4",
     "analysisVersion": "analysis.v1",
     "approvedAt": "2026-04-17T12:00:00.000Z",
     "approvedBy": "user",
     "basedOnRootCause": "Root cause sentence"
   },
+  "investigationMeta": {
+    "symptomStatus": "stable",
+    "reproductionPath": "npm test -- src/feature/feature.test.ts",
+    "patternAnalysis": {
+      "selectedPattern": "implementation drift",
+      "ruledOutPatterns": [
+        "race condition",
+        "configuration drift",
+        "timing guess / flaky wait"
+      ],
+      "notes": "Pattern evidence belongs in planning/analysis.md"
+    },
+    "boundaryProbes": [
+      {
+        "componentBoundary": "api -> service",
+        "inputObserved": "Request payload matches the reproduced failure",
+        "outputObserved": "Service receives invalid state",
+        "configEnvObserved": "Relevant env/config values recorded in analysis.md",
+        "stateObserved": "State snapshot or log pointer",
+        "verdict": "fail"
+      }
+    ],
+    "backwardTrace": {
+      "immediateFailureSite": "file:line or operation where the symptom appears",
+      "directCaller": "caller that passed the bad value or state",
+      "callerChain": [
+        "entrypoint",
+        "intermediate caller",
+        "failure site"
+      ],
+      "badValueOrigin": "where the invalid data/state first appears",
+      "originalTrigger": "user action, command, event, config, or dependency response that starts the chain",
+      "symptomSiteFixRejectedBecause": "Guarding only the failure site would leave the bad upstream contract intact"
+    },
+    "referenceComparison": {
+      "similarWorkingExample": "path/to/working/example",
+      "brokenPath": "path/to/broken/path",
+      "differencesFound": [
+        "Working path validates input before persistence"
+      ],
+      "differencesAcceptedAsHypothesis": [
+        "Missing validation before persistence"
+      ],
+      "differencesRuledOut": []
+    },
+    "diagnosticInstrumentation": [
+      {
+        "probeLocation": "file:line or component boundary",
+        "questionAnswered": "Which boundary first emits the invalid value?",
+        "commandToRun": "npm test -- src/feature/feature.test.ts",
+        "expectedSignal": "Probe records invalid value before the failure site",
+        "actualSignal": "Observed evidence from the current repo",
+        "cleanupRequirement": "Remove temporary probe or convert it into a durable assertion/log"
+      }
+    ],
+    "priorInvestigations": [],
+    "researchEvidence": [],
+    "rootCauseHypothesis": {
+      "statement": "Specific, testable root-cause claim",
+      "falsificationMethod": "Command, log probe, assertion, or code-path check",
+      "expectedObservation": "What should be observed if the hypothesis is true",
+      "actualObservation": "Observed evidence from the current repo",
+      "status": "confirmed"
+    },
+    "rootCauseClass": "code",
+    "noCodeRootCause": {
+      "whyNotCodeRootCause": "",
+      "monitoringOrFutureEvidenceNeeded": "",
+      "operatorHandlingAfterFix": ""
+    },
+    "hypothesisAttempts": [
+      {
+        "statement": "Specific, testable root-cause claim",
+        "status": "confirmed",
+        "evidenceFor": [
+          "Reproduction output points to the affected code path"
+        ],
+        "evidenceAgainst": [],
+        "falsificationMethod": "Run the reproduction command"
+      }
+    ],
+    "escalationDecision": {
+      "failedHypothesisCount": 0,
+      "nextOption": "cc-do",
+      "recommendation": "Repair the confirmed root cause"
+    },
+    "repairBoundary": {
+      "affectedModule": "src/feature",
+      "allowedFiles": [
+        "src/feature/feature.ts",
+        "src/feature/feature.test.ts"
+      ],
+      "forbiddenFiles": [
+        "unrelated modules"
+      ],
+      "blastRadiusFileCount": 2,
+      "blastRadiusRisk": "low",
+      "splitOrRerouteDecision": "single focused repair"
+    }
+  },
   "status": "planned",
   "designMode": "cc-investigate",
   "approvedOption": "confirmed-root-cause",
@@ -52,6 +152,7 @@
   "activePhase": 1,
   "frozenDecisions": [
     "Fix only the confirmed root cause",
+    "Use planning/analysis.md as the canonical root-cause contract",
     "Do not widen scope without rerouting to cc-plan"
   ],
   "tasks": [

package/.claude/skills/cc-investigate/references/investigation-contract.md

@@ -3,6 +3,7 @@
 ## Iron Law
 
 - 没有根因，不准修 bug。
+- 没有 frozen root-cause contract，不准生成 repair task。
 
 ## Minimum Evidence
 
@@ -13,7 +14,18 @@
 - expected vs actual
 - code path
 - recent change signal
+- prior investigation signal
+- boundary probe matrix, when the failure crosses components
+- backward trace chain, when the error appears below the original trigger
+- reference comparison, when a similar working path exists
+- diagnostic instrumentation plan, when probes are needed
+- pattern analysis
+- root-cause hypothesis
+- falsification method
 - confirmed root cause
+- root cause class
+- repair boundary
+- blast radius
 
 ## Output Shape
 
@@ -21,6 +33,140 @@
 - `planning/tasks.md` 是修复 handoff
 - `planning/task-manifest.json` 是执行真相源
 
+## Root-Cause Hypothesis
+
+每条假设都必须可证伪：
+
+- `hypothesis`：具体说明什么坏了，为什么会导致症状
+- `evidenceFor`
+- `evidenceAgainst`
+- `falsificationMethod`
+- `expectedObservation`
+- `actualObservation`
+- `status`：`pending` / `confirmed` / `rejected` / `needs-more-evidence`
+
+只有 `confirmed` 假设可以进入 Root Cause。
+
+## Pattern Analysis
+
+调查必须显式选择或排除常见模式：
+
+- race condition
+- null propagation
+- state corruption
+- integration failure
+- configuration drift
+- stale cache
+- resource leak
+- trust boundary drift
+- timing guess / flaky wait
+
+模式分析只是检索索引，不是 root cause。
+
+## Boundary Probe Matrix
+
+多组件链路必须记录每个边界的事实：
+
+- `componentBoundary`
+- `inputObserved`
+- `outputObserved`
+- `configEnvObserved`
+- `stateObserved`
+- `verdict`: `pass` / `fail` / `unknown`
+
+第一个失败边界决定下一轮调查收缩点；多个边界同时失败时，优先追共同上游。
+
+## Backward Trace Chain
+
+深层堆栈或坏值来源不明时，必须追到源头：
+
+- immediate failure site
+- direct caller
+- caller chain
+- bad value origin
+- original trigger
+- why symptom-site fix is rejected
+
+找不到 original trigger 时，不能冻结根因。
+
+## Reference Comparison
+
+有相似可用实现时，必须记录：
+
+- similar working example
+- broken path
+- differences found
+- differences accepted as hypothesis
+- differences ruled out
+
+不能用“差不多”跳过差异。
+
+## Diagnostic Instrumentation
+
+临时探针必须回答一个明确问题：
+
+- probe location
+- question answered
+- command to run
+- expected signal
+- actual signal
+- cleanup requirement
+
+探针不是修复。handoff 必须说明删除、保留为正式日志，或转成测试断言。
+
+## Prior History
+
+调查必须记录是否检查了：
+
+- `git log --oneline -20 -- <affected-files>`
+- historical `planning/analysis.md`
+- `TODOS.md` / backlog / roadmap
+- previous `report-card.json` findings
+
+如果同一区域重复出现 bug，必须标记为 architectural smell candidate。
+
+## External Research
+
+外部调研必须脱敏：
+
+- 不搜索 host、IP、token、customer id、内部路径、SQL、私有 repo 名
+- 只搜索通用错误类别、框架 / 库名、版本、组件名
+- research finding 只能作为候选假设，必须回到本仓库验证
+
+## No Code Root Cause
+
+如果结论不是代码根因，必须写清：
+
+- `rootCauseClass`: `code` / `config` / `environment` / `external` / `timing`
+- why not code root cause
+- monitoring or future evidence needed
+- operator handling after fix
+
+环境、外部服务、时序窗口仍然需要证据；不能把调查不足写成外因。
+
+## Repair Boundary
+
+修复边界至少记录：
+
+- affected module
+- allowed files
+- forbidden files
+- expected spec delta
+- verification after fix
+- blast radius file count
+- blast radius risk
+
+预计触碰超过 5 个文件时，必须 split / justify / reroute。
+
+## Escalation
+
+三次假设失败后，不再继续猜。必须记录：
+
+- failed hypothesis count
+- attempted evidence
+- why current entry is suspect
+- recommended next option：continue / instrument-and-wait / human-review / reroute-cc-plan
+
 ## Reroute
 
 - 根因明确，修复边界清楚 -> `cc-do`

package/.claude/skills/cc-simplify/CHANGELOG.md

@@ -1,5 +1,20 @@
 # CC-Simplify Skill Changelog
 
+## v1.3.0 - 2026-04-28
+
+- add scope-aware Codex reviewer dispatch with small-diff skip rules and conditional security, API contract, release, frontend performance, and red-team facets
+- require reviewer agents to emit JSONL findings with confidence, evidence, fingerprint, specialist, and optional test stubs
+- add finding deduplication, multi-specialist confidence boost, confidence gates, and a Fix-First auto-fix vs ask/reroute decision table
+- expand testing smell coverage for negative paths, edge cases, isolation, flaky tests, and security enforcement tests
+- add false-positive suppressions and a "new diff smells only" boundary so cleanup does not become historical debt sweeping
+
+## v1.2.0 - 2026-04-28
+
+- translate the skill body into Chinese and remove the non-Codex `${AGENT_TOOL_NAME}` placeholder
+- define a Codex-native simplification workflow that can use read-only reviewer agents for spec/scope, reuse/structure, and quality/efficiency/test findings
+- require findings to be verified against code, usage, requirements, and fresh validation evidence before any cleanup edit is made
+- add explicit YAGNI, test-anti-pattern, reroute, and cc-check return rules for cleanup changes
+
 ## v1.1.0 - 2026-04-19
 
 - expand `cc-simplify` review scope to catch spec drift alongside reuse, quality, and efficiency issues