cc-devflow 4.5.1 → 4.5.3

package/.claude/skills/cc-act/CHANGELOG.md

@@ -1,5 +1,32 @@
 # CC-Act Skill Changelog
 
+## v1.8.0 - 2026-04-28
+
+- add remote state consistency rules for issue, PR, tracker, `needs-info`, and `ready-for-agent` closeout handoffs
+- require dangerous git actions to have explicit ship semantics and user confirmation before reset, clean, branch deletion, or whole-tree restore
+- require tooling changes to prove the real hook, adapt, publish, lint, or verification entrypoint still works
+
+## v1.7.0 - 2026-04-28
+
+- carry cc-check QA feedback-loop and behavior evidence into PR briefs, handoffs, and release notes so ship materials preserve expected/actual/reproduction truth
+- add durable follow-up brief rules for current behavior, desired behavior, key interfaces, acceptance criteria, and out-of-scope boundaries
+- teach shared follow-up and evidence extraction to include report-card followup briefs and QA architecture follow-ups
+- extend readiness dashboard guidance with feedback-loop quality and behavior evidence checks
+
+## v1.6.4 - 2026-04-28
+
+- add a readiness dashboard covering review freshness, review quality, specialist facets, QA coverage, browser QA, failure ownership, documentation release, and PR body accuracy
+- require verification to rerun on every cc-act invocation while keeping ship actions idempotent
+- update `verify-act-gate.sh` to recognize `claimEvidence`, review freshness, QA coverage/browser status, and unresolved failure ownership
+- update `render-pr-brief.sh`, shared evidence extraction, and the PR brief template with readiness and PR body accuracy fields
+
+## v1.6.3 - 2026-04-28
+
+- require PR briefs and PR bodies to carry the reviewed base/head SHA, review packet summary, finding triage, and QA / claim evidence summary
+- require post-merge closeout to verify the merged result instead of relying only on pre-merge evidence
+- add destructive cleanup confirmation rules for branch, worktree, discard, and archive actions
+- update `render-pr-brief.sh` and the PR brief template with review range and merged-result verification fields
+
 ## v1.6.2 - 2026-04-27
 
 - require closeout handoff documents to resolve the runtime output policy before writing PR briefs, release notes, resume indexes, or status handoffs

package/.claude/skills/cc-act/PLAYBOOK.md

@@ -25,6 +25,8 @@
 1. 运行 `scripts/verify-act-gate.sh --dir <requirement-dir>`
 2. 确认 `review/report-card.json` 是 `pass`，且没有未解释的 gaps / reroute
 3. 确认 `planning/tasks.md` 不再有未完成项
+4. 确认 `review.freshness` 新鲜、`runtime.failureOwnership` 无未解释失败、`qa.coverageAudit` / `qa.browserEvidence` 有证据或明确 skip
+5. 确认 `qa.feedbackLoop` / `qa.behaviorEvidence` 能支撑行为结论；不可复现时必须写清缺什么 artifact / 权限 / 输入
 
 如果 gate 没闭合，直接回 `cc-check` 或 `cc-do`，不要在 `cc-act` 自我安慰。
 
@@ -70,6 +72,7 @@ Ship 必须属于这 4 种模式之一：
 
 - `cc-act` 可以做清理和收尾修复
 - 但只要现实被改写，就必须重新证明
+- verification 每次进 `cc-act` 都要重新跑；只有 push、PR 更新、文档生成这类动作可以因幂等状态跳过
 
 ## Phase 2.5: Ship Hygiene
 
@@ -80,6 +83,7 @@ Ship 必须属于这 4 种模式之一：
 3. 检查提交边界，按逻辑单元拆分，保证提交顺序不引用未来代码。
 4. 如果有 WIP commit，只能用非破坏性 rebase / fixup 处理，不允许盲目 soft reset。
 5. push 前比较 local / remote HEAD；PR 前检查是否已有打开 PR / MR。
+6. 生成 readiness dashboard：review freshness、review quality、QA coverage、browser QA、feedback loop、behavior evidence、failure ownership、documentation release、PR body accuracy。
 
 ## Phase 3: Build Delivery Pack
 
@@ -104,6 +108,20 @@ Ship 必须属于这 4 种模式之一：
 1. `scripts/sync-act-docs.sh --dir <requirement-dir>`
 2. `scripts/render-pr-brief.sh --dir <requirement-dir>`
 
+`pr-brief.md` 还必须带上 `cc-check` 的 review range：
+
+- reviewed base SHA
+- reviewed head SHA
+- review packet path / summary
+- finding triage summary
+- QA / claim evidence summary
+- QA behavior evidence and feedback-loop quality
+- readiness dashboard
+- PR body accuracy check
+- Durable follow-up briefs: current behavior、desired behavior、key interfaces、acceptance criteria、out of scope
+
+缺这些字段时，可以生成 local handoff，但不能声称 PR body 已经可 review。
+
 ## Phase 4: Sync Docs
 
 文档同步不是装饰动作，而是 ship 的一部分。
@@ -125,7 +143,8 @@ Ship 必须属于这 4 种模式之一：
 - 按 `references/git-commit-guidelines.md` 完成提交
 - 推送当前分支
 - 用 `gh pr create` 创建 PR / MR
-- PR body 以 `pr-brief.md` 为真相源，并包含 Summary、Test Coverage、Pre-Landing Review、Scope Drift、Plan Completion、Verification Results、Documentation、Test plan
+- PR body 以 `pr-brief.md` 为真相源，并包含 Summary、Test Coverage、Pre-Landing Review、Readiness Dashboard、Scope Drift、Plan Completion、Verification Results、Documentation、Test plan
+- 创建前检查 PR body 是否来自当前 report-card 和当前 diff，不继承旧 body
 
 ### `update-pr`
 
@@ -133,6 +152,7 @@ Ship 必须属于这 4 种模式之一：
 - 不重新造一个 PR
 - 刷新已有 PR / MR body
 - 确保 body 由本次最新 `cc-check` 结果与 doc sync 状态重建，不沿用旧 body
+- PR body 与当前 commits / diff 不一致时，必须先更新 body，再继续交付判断
 
 ### `local-handoff`
 
@@ -142,8 +162,15 @@ Ship 必须属于这 4 种模式之一：
 ### `post-merge-closeout`
 
 - 不做 feature branch PR 动作
+- 在 merged result 上重跑必要 gate，并记录命令、exit status、关键观察
 - 完成 release note、文档同步、backlog/roadmap 回写、归档
 
+### destructive cleanup
+
+- 删除 branch、worktree、未合并提交、requirement archive 前，先列出对象
+- 丢弃未合并工作必须要求用户显式确认
+- 无法确认时保留现场，切到 `local-handoff`
+
 如果 `gh` 不可用、push 失败、远端不可达，就不要硬凹 `create-pr` / `update-pr`。切到 `local-handoff`，把阻塞和下一步写清楚。
 
 ## Phase 6: Write Back The Learning
@@ -159,6 +186,8 @@ Ship 必须属于这 4 种模式之一：
 - 长期方向写 `devflow/roadmap/roadmap.md`
 - 下一轮待排队动作写 `devflow/roadmap/backlog.md`
 - 不要把噪音和碎念回写成系统真相
+- follow-up 必须是 durable brief：用领域语言写 current behavior、desired behavior、key interfaces、acceptance criteria、out of scope
+- 独立行为拆独立条目；有依赖关系时写明顺序，方便下一轮并行或排队
 
 ## Phase 7: Declare The Next Entry
 
@@ -176,6 +205,8 @@ Ship 必须属于这 4 种模式之一：
 3. reviewer / 接手者 还需不需要追问“所以我现在该看哪个文件”？
 4. `cc-simplify`、单测、e2e、commit/push 的结果是不是都能追溯？
 5. PR body / release note / handoff / changelog 说的是不是同一套现实？
+6. readiness dashboard 有没有 blocker 或 stale warning？
+7. follow-up 是不是行为契约，而不是“改某文件某行”的易腐烂 TODO？
 
 如果第 1 或第 3 题答案不是“能”，说明 `cc-act` 仍然太重或太糊。
 

package/.claude/skills/cc-act/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-act
-version: 1.6.2
+version: 1.8.0
 description: 'Use when verified work must be shipped or handed off with a clear landing path: run simplify and required tests, create or update a PR, prepare a local handoff, close out merged work, sync docs, write release notes, and fold follow-ups back into backlog or roadmap.'
 triggers:
   - 准备提 PR
@@ -41,7 +41,7 @@ entry_gate:
   - If simplify, tests, or act changes code or verification scope, return to cc-check immediately.
 exit_criteria:
   - The ship mode is explicit, delivery materials match that mode, and the next maintainer has one clear entry point.
-  - Docs, PR text, release notes, handoff artifacts, and test evidence reflect the same proven facts.
+  - Docs, PR text, release notes, handoff artifacts, review range, readiness dashboard, PR body accuracy check, and test evidence reflect the same proven facts.
   - Follow-up items are written back to roadmap/backlog instead of lingering in chat memory.
 reroutes:
   - when: Verification is stale, incomplete, or changed during act.
@@ -126,7 +126,9 @@ tool_budget:
 2. 再读 `planning/design.md` 或 `planning/analysis.md`、`planning/tasks.md`、`planning/task-manifest.json`、`change-meta.json`、相关 capability spec；如果已有 `handoff/resume-index.md`，一并读取，确认这次到底完成了什么。
 3. 运行 `scripts/verify-act-gate.sh --dir <requirement-dir>`，确认 gate 真的闭合。
 4. 运行 `scripts/detect-ship-target.sh`，识别当前分支、base branch、PR 状态与推荐 ship 路径。
-5. 如果在 `cc-act` 期间因为 `cc-simplify`、单测、e2e、review 修复而改了代码，必须回 `cc-check`，不能带着旧证明继续 ship。
+5. 检查 `review.freshness`、`runtime.failureOwnership`、`qa.coverageAudit`、`qa.browserEvidence`，确认 readiness dashboard 没有 blocker。
+6. 检查 `qa.feedbackLoop`、`qa.behaviorEvidence`、`qa.architectureFollowUps` 和 follow-up brief，确认交付材料继承的是行为证据，不是聊天记忆或易腐烂 TODO。
+7. 如果在 `cc-act` 期间因为 `cc-simplify`、单测、e2e、review 修复而改了代码，必须回 `cc-check`，不能带着旧证明继续 ship。
 
 ## Ship Modes
 
@@ -146,7 +148,7 @@ tool_budget:
    - 但要把 handoff 与下一步写清楚
 4. `post-merge-closeout`
    - 当前已在 base branch，或 requirement 已完成合并
-   - 重点是 release note、doc sync、backlog writeback、归档
+   - 重点是 merged-result verification、release note、doc sync、backlog writeback、归档
 
 不要发明第五种模糊模式。
 
@@ -207,9 +209,40 @@ tool_budget:
 2. Scope completion：PR 简报必须包含 `cc-check` 的 plan completion、scope drift、review finding、验证结果摘要。
 3. Version and changelog：如果项目有 `VERSION`、`package.json`、`CHANGELOG.md`，先判断是否已 bump / 是否漂移；不要重复 bump，也不要覆盖 changelog。
 4. Bisectable commits：提交按逻辑单元拆分，顺序保证每个 commit 独立可理解、尽量可验证；小于 50 行且少于 4 文件可单 commit。
-5. Fresh final verification：如果 `cc-act` 中的 review fix、doc sync、version sync 改了代码或运行时输入，重新回 `cc-check`；纯文档/PR body 变化记录即可。
+5. Fresh final verification：每次进入 `cc-act` 都要重跑 entry gate、simplify、单测、e2e 或记录 skip；只有 push、PR 更新、doc 生成这类动作可以幂等跳过。以前跑过不等于现在仍然可信。
 6. Push idempotency：push 前比较 local/remote HEAD；已同步就不重复 push，不可用就切 `local-handoff`。
 7. PR idempotency：已有打开的 PR / MR 只更新 body，不重复创建。
+8. Review range：PR brief / PR body 必须写清 `cc-check` 审过的 base/head SHA、review packet、finding triage 摘要。
+9. Post-integration verification：本地合并或 post-merge closeout 后，必须在 merged result 上跑必要 gate；不能只继承合并前绿色。
+10. Follow-up durability：PR brief / release note / backlog writeback 里的 follow-up 必须写成行为契约，包含 current behavior、desired behavior、key interfaces、acceptance criteria、out of scope；不要把当前文件路径或行号当成长期计划。
+11. Remote state consistency：如果本次 closeout 触碰 GitHub issue / PR / tracker，必须记录当前 state、目标 state、允许转换、已保留事实和下一位 owner；`needs-info` 必须保留已确认事实和具体问题，`ready-for-agent` 必须有可执行 brief。
+12. Tooling smoke：如果本次改动影响 hook、pre-commit、lint、publish、adapt 或验证脚本，必须跑真实入口或最接近真实入口的 smoke；只读配置文件不等于工具链可用。
+
+## Readiness Dashboard
+
+PR / handoff 之前必须把 readiness 压成一屏事实：
+
+1. Review freshness：`review.freshness.status` 必须是 `fresh` 或 `not-applicable`。
+2. Review quality：记录 `review.qualityScore`、specialist facet 覆盖、finding triage 摘要。
+3. QA coverage：记录 `qa.coverageAudit` 的 coverage、gaps、e2e/eval requirement。
+4. Browser QA：UI / 用户路径变更必须有 `qa.browserEvidence`，否则要有 skip reason。
+5. Feedback loop：bugfix / 行为变更必须有 `qa.feedbackLoop`，否则要有不可复现或不适用原因。
+6. Behavior evidence：expected / actual / reproduction steps 必须能被 reviewer 独立理解。
+7. Failure ownership：`runtime.failureOwnership` 不能有未解释的 `in-branch` 或 `ambiguous` failure。
+8. Documentation release：README / CLAUDE / architecture / handoff / changelog 的同步状态必须可审计。
+9. PR body accuracy：PR body 必须从当前 `pr-brief.md`、当前 diff、当前 report-card 重建；已有 PR body 只能被刷新，不能被继承。
+
+readiness dashboard 有 blocker 时，不能创建或更新 PR，只能 reroute 到 `cc-check` / `cc-do` 或生成 local handoff。
+
+## Integration Safety
+
+`cc-act` 可以清理交付路径，但不能悄悄做破坏性动作：
+
+1. 删除 feature branch、删除 worktree、丢弃提交、归档 requirement 前，必须列出受影响对象。
+2. 丢弃未合并工作必须要求用户显式确认；没有确认时只能转 `local-handoff`。
+3. branch cleanup 只发生在 merge / PR / discard 语义已经清楚之后。
+4. `post-merge-closeout` 必须记录 merged-result verification：命令、exit status、关键观察、失败时 reroute。
+5. 危险 Git 动作必须有明确 ship 语义：`git push` 只在 `create-pr` / `update-pr` / release lane 执行，`git reset --hard`、`git clean -f`、`git branch -D`、整树 restore/checkout 必须先列出对象并取得用户确认；没有确认时写 handoff，不执行。
 
 ## Documentation Release
 
@@ -223,6 +256,16 @@ tool_budget:
 6. Discoverability：新增文档必须能从 README、CLAUDE 或 handoff 入口找到。
 7. TODO/backlog cleanup：只把有 diff 证据完成的事项移到 completed；新 follow-up 写回 backlog/roadmap。
 
+## Issue And Follow-Up Handoff
+
+当本次交付产生或更新 issue / PR / backlog follow-up 时，文案必须耐 refactor：
+
+- 先写用户可观察行为：what happened / expected / reproduction 或 desired behavior。
+- 再写 agent 可执行 contract：acceptance criteria、allowed scope、blocked by、verification command。
+- 不把短期文件路径、行号、函数名写成长期事实；只有当前 reviewer 需要定位时才放进 PR brief 的实现备注。
+- 多个 follow-up 必须按独立可验证切片拆开，并标明 `AFK` / `HITL`、blocked-by 和 owner。
+- 已经问过或确认过的信息不能在 `needs-info` 里丢失；问题必须具体到 reporter 能直接补证据。
+
 ## Loop
 
 1. 先锁定 ship 事实：当前分支、base branch、PR 状态、requirement 状态。
@@ -245,11 +288,12 @@ tool_budget:
    - `local-handoff`：不假装已经发出，只生成可接手材料
    - `post-merge-closeout`：跳过 PR，完成发布与闭环回写
 11. 处理 PR / MR body：从当前 `pr-brief.md`、最新验证、review、doc sync、TODO/backlog 结果重新渲染，不复用旧 body。
-12. 回写 `devflow/roadmap/backlog.md` / `devflow/roadmap/roadmap.md`：
+12. 在 `handoff/pr-brief.md` 写入 readiness dashboard 与 PR body accuracy check；已有 PR body 与当前事实不一致时先刷新再继续。
+13. 回写 `devflow/roadmap/backlog.md` / `devflow/roadmap/roadmap.md`：
    - 新发现的 follow-up
    - 被推迟但必须保留的事项
    - 因本次结果而改变优先级的事项
-13. 如果 requirement 真正闭环，更新状态摘要并归档；否则把下一位接手者的入口写清楚。
+14. 如果 requirement 真正闭环，更新状态摘要并归档；否则把下一位接手者的入口写清楚。
 
 ## Output
 
@@ -261,6 +305,7 @@ tool_budget:
 - 单测 / e2e 的通过证据，或明确记录的 skip / blocker
 - 必要时创建或更新的 PR / MR
 - PR / MR body 中的 Summary、Test Coverage、Pre-Landing Review、Scope Drift、Plan Completion、Verification Results、Documentation、Test plan
+- readiness dashboard 和 PR body accuracy check
 
 ## Good Output
 
@@ -300,6 +345,7 @@ tool_budget:
 10. `create-pr` / `update-pr` 模式默认要求提交历史符合 `references/git-commit-guidelines.md`，并完成正确的 push、PR 创建或更新动作。
 11. CHANGELOG 只能基于当前 diff / commit history / release truth 更新，不允许覆盖既有历史条目。
 12. PR / MR body 每次都从当前事实重建，不沿用旧 body 或旧测试输出。
+13. Verification 每次执行 `cc-act` 都必须重新运行；只有已完成且可证明幂等的动作可以跳过。
 
 ## Exit Criteria
 

package/.claude/skills/cc-act/assets/PR_BRIEF_TEMPLATE.md

@@ -24,6 +24,27 @@
 - Base branch:
 - PR / MR:
 
+## Review Range
+
+- Reviewed base SHA:
+- Reviewed head SHA:
+- Review packet:
+- Finding triage:
+- QA / claim evidence:
+
+## Readiness Dashboard
+
+- Review freshness:
+- Review quality:
+- Specialist review facets:
+- QA coverage:
+- Browser QA:
+- Feedback loop:
+- Behavior evidence:
+- Failure ownership:
+- Documentation release:
+- PR body accuracy:
+
 ## Summary
 
 - 
@@ -36,6 +57,15 @@
 
 - `review/report-card.json` verdict:
 - Fresh evidence:
+- Merged-result verification:
+
+## QA Behavior Evidence
+
+- Feedback loop:
+- Expected behavior:
+- Actual behavior:
+- Reproduction steps:
+- Consistency:
 
 ## Documentation Sync
 
@@ -61,7 +91,11 @@
 
 ## Follow-Ups
 
-- 
+- Current behavior:
+- Desired behavior:
+- Key interfaces:
+- Acceptance criteria:
+- Out of scope:
 
 ## Risks
 

package/.claude/skills/cc-act/assets/RELEASE_NOTE_TEMPLATE.md

@@ -20,10 +20,19 @@
 
 - 
 
+## QA Behavior Evidence
+
+- Feedback loop:
+- User-visible behavior:
+- Reproduction / verification path:
+
 ## Ops Notes
 
 - 
 
 ## Follow-Ups
 
-- 
+- Current behavior:
+- Desired behavior:
+- Acceptance criteria:
+- Out of scope:

package/.claude/skills/cc-act/references/closure-contract.md

@@ -8,6 +8,9 @@
 4. `planning/tasks.md` 不能还有未完成项
 5. 交付材料必须只总结现实，不补编故事
 6. 如果文件结构变了，就同步对应目录的 `CLAUDE.md`
+7. PR / handoff 必须记录 `cc-check` 审过的 base/head SHA、review packet、finding triage 摘要
+8. readiness dashboard 必须说明 review freshness、QA coverage、browser evidence、failure ownership、documentation release、PR body accuracy
+9. behavior handoff 必须带上 QA feedback loop、expected / actual / reproduction steps，以及 durable follow-up brief
 
 ## Ship Decision Contract
 
@@ -29,6 +32,11 @@
 5. VERSION / package / changelog 漂移必须先分类处理，不能重复 bump 或覆盖发布历史
 6. PR / MR body 必须从当前事实重建，不能沿用旧验证输出
 7. push / PR 创建必须具备幂等检查：已同步则跳过，已存在 PR 则更新
+8. 本地合并或 post-merge closeout 后必须在 merged result 上重跑必要 gate
+9. 删除 branch、worktree、未合并提交、归档 requirement 前必须列出对象；丢弃未合并工作需要显式确认
+10. verification 每次进入 `cc-act` 都必须重新跑；只有 push、PR 更新、文档生成等动作可以因为幂等状态跳过
+11. PR body accuracy 必须对照当前 report-card、当前 diff、当前 commits；旧 body 不能作为证据源
+12. follow-up 回写必须用行为契约表达，包含 current behavior、desired behavior、key interfaces、acceptance criteria、out of scope；不能只写文件路径或聊天 TODO
 
 ## Memory Consolidation
 
@@ -45,5 +53,8 @@
 - reviewer 能接手
 - maintainer 知道怎么验证
 - PR / handoff / release 材料反映同一套事实
+- readiness dashboard 没有 blocker，PR body accuracy 已检查或明确阻塞
+- QA behavior evidence 和 feedback loop 已进入 PR / handoff / release 材料
+- post-merge closeout 反映 merged result 的验证事实，而不是只反映合并前事实
 - 下一轮计划入口更清楚
 - 文档入口可发现，changelog 不丢历史，TODO / backlog 只记录有证据的事项

package/.claude/skills/cc-act/scripts/cc-act-common.sh

@@ -189,6 +189,30 @@ req_act_collect_followups() {
 
   if [[ -f "$report_card" ]]; then
     jq -r '(.gaps // [])[]?' "$report_card" 2>/dev/null | sed '/^$/d' > "$out_file" || true
+    jq -r '
+      (.followupBriefs // .review.followupBriefs // [])[]?
+      | [
+          ("summary: " + (.summary // .title // "follow-up")),
+          ("current: " + (.currentBehavior // "not recorded")),
+          ("desired: " + (.desiredBehavior // "not recorded")),
+          ("interfaces: " + ((.keyInterfaces // []) | join(", "))),
+          ("acceptance: " + ((.acceptanceCriteria // []) | join("; "))),
+          ("out-of-scope: " + ((.outOfScope // []) | join(", ")))
+        ]
+      | join(" | ")
+    ' "$report_card" 2>/dev/null | sed '/^$/d' >> "$out_file" || true
+    jq -r '
+      (.qa.architectureFollowUps // [])[]?
+      | [
+          ("summary: " + (.summary // .title // "architecture follow-up")),
+          ("current: " + (.currentBehavior // "not recorded")),
+          ("desired: " + (.desiredBehavior // "not recorded")),
+          ("interfaces: " + ((.keyInterfaces // []) | join(", "))),
+          ("acceptance: " + ((.acceptanceCriteria // []) | join("; "))),
+          ("out-of-scope: " + ((.outOfScope // []) | join(", ")))
+        ]
+      | join(" | ")
+    ' "$report_card" 2>/dev/null | sed '/^$/d' >> "$out_file" || true
   fi
 
   if [[ -f "$manifest" ]]; then
@@ -234,7 +258,14 @@ req_act_collect_evidence() {
   local out_file="$2"
 
   : > "$out_file"
-  jq -r '(.evidence // [])[]?' "$report_card" 2>/dev/null | sed '/^$/d' > "$out_file" || true
+  jq -r '
+    (.evidence // [])[]?,
+    ((.claimEvidence // [])[]? | "- " + (.claim // "claim") + ": " + (.status // "unknown") + " via " + (.commandOrArtifact // "artifact") + " - " + (.keyObservation // "")),
+    (if .qa.coverageAudit then "- qa.coverage: " + (.qa.coverageAudit.status // "unknown") + ", gaps=" + (((.qa.coverageAudit.gaps // []) | length) | tostring) else empty end),
+    (if .qa.browserEvidence then "- qa.browser: " + (.qa.browserEvidence.status // "unknown") + ", mode=" + (.qa.browserEvidence.mode // "unknown") else empty end),
+    (if .qa.feedbackLoop then "- qa.feedbackLoop: " + (.qa.feedbackLoop.status // "unknown") + ", mode=" + (.qa.feedbackLoop.mode // "unknown") + ", signal=" + (.qa.feedbackLoop.signalSharpness // "not recorded") else empty end),
+    (if .qa.behaviorEvidence then "- qa.behavior: " + (.qa.behaviorEvidence.status // "unknown") + ", expected=" + (.qa.behaviorEvidence.expectedBehavior // "not recorded") + ", actual=" + (.qa.behaviorEvidence.actualBehavior // "not recorded") else empty end)
+  ' "$report_card" 2>/dev/null | sed '/^$/d' > "$out_file" || true
   req_act_dedup_file "$out_file"
 }
 

package/.claude/skills/cc-act/scripts/render-pr-brief.sh

@@ -65,6 +65,31 @@ report_verdict="$(req_act_report_verdict "$report_card")"
 output_language="$(req_act_output_language "$report_card")"
 design_goal="$(req_act_design_goal "$design_file")"
 main_risk="$(req_act_main_risk "$design_file")"
+review_base_sha="$(jq -r '[.review.taskReviews.reviewPacket.baseSha?, .review.diffReview.reviewPacket.baseSha?] | map(select(. != null and . != "")) | first // "not recorded"' "$report_card")"
+review_head_sha="$(jq -r '[.review.taskReviews.reviewPacket.headSha?, .review.diffReview.reviewPacket.headSha?] | map(select(. != null and . != "")) | first // "not recorded"' "$report_card")"
+review_packet_summary="$(jq -r '
+  [
+    .review.taskReviews.reviewPacket.requirements?,
+    .review.diffReview.reviewPacket.requirements?
+  ]
+  | map(select(. != null and . != ""))
+  | unique
+  | if length == 0 then "not recorded" else join("; ") end
+' "$report_card")"
+finding_triage_summary="$(jq -r '
+  [
+    (.review.taskReviews.findings? // []),
+    (.review.diffReview.findings? // []),
+    (.review.findings? // [])
+  ]
+  | flatten
+  | map(.triageStatus? // .status? // "untriaged")
+  | if length == 0 then "no findings" else group_by(.) | map("\(.[0])=\(length)") | join(", ") end
+' "$report_card")"
+qa_claim_summary="$(jq -r '
+  "qa=\(.qa.status? // "not recorded"), claims=" +
+  (((.claimEvidence? // []) | map((.claim // "unknown") + ":" + (.status // "unknown")) | join(", ")) // "not recorded")
+' "$report_card")"
 
 tmp_changed="$(mktemp)"
 tmp_verify="$(mktemp)"
@@ -95,6 +120,73 @@ if [[ -f "$doc_sync_report" ]]; then
   fi
 fi
 
+review_freshness_summary="$(jq -r '
+  .review.freshness as $fresh |
+  if $fresh == null then
+    "not recorded"
+  else
+    "status=\($fresh.status // "unknown"), reviewed=\($fresh.reviewedCommit // "not recorded"), current=\($fresh.currentCommit // "not recorded"), commitsSinceReview=\($fresh.commitsSinceReview // "unknown")" +
+    (if (($fresh.staleReason // "") != "") then ", reason=\($fresh.staleReason)" else "" end)
+  end
+' "$report_card")"
+review_quality_summary="$(jq -r '
+  "qualityScore=\(.review.qualityScore // "not recorded")"
+' "$report_card")"
+specialist_review_summary="$(jq -r '
+  (.review.specialistReviews? // [])
+  | if length == 0 then
+      "no specialist facets recorded"
+    else
+      map((.name // "unknown") + ":" + (.status // "unknown")) | join(", ")
+    end
+' "$report_card")"
+qa_coverage_summary="$(jq -r '
+  .qa.coverageAudit as $coverage |
+  if $coverage == null then
+    "not recorded"
+  else
+    "status=\($coverage.status // "unknown"), coverage=\($coverage.coveragePct // "n/a"), gaps=\((($coverage.gaps // []) | length)), e2eRequired=\($coverage.e2eRequired // false), evalRequired=\($coverage.evalRequired // false)"
+  end
+' "$report_card")"
+browser_qa_summary="$(jq -r '
+  .qa.browserEvidence as $browser |
+  if $browser == null then
+    "not recorded"
+  else
+    "status=\($browser.status // "unknown"), mode=\($browser.mode // "unknown"), routes=\((($browser.affectedRoutes // []) | length)), issues=\((($browser.issues // []) | length)), consoleErrors=\((($browser.consoleErrors // []) | length))" +
+    (if (($browser.skipReason // "") != "") then ", skip=\($browser.skipReason)" else "" end)
+  end
+' "$report_card")"
+feedback_loop_summary="$(jq -r '
+  .qa.feedbackLoop as $loop |
+  if $loop == null then
+    "not recorded"
+  else
+    "status=\($loop.status // "unknown"), mode=\($loop.mode // "unknown"), determinism=\($loop.determinism // "not recorded"), reproductionRate=\($loop.reproductionRate // "not recorded")" +
+    (if (($loop.blockedReason // "") != "") then ", blocked=\($loop.blockedReason)" else "" end)
+  end
+' "$report_card")"
+behavior_evidence_summary="$(jq -r '
+  .qa.behaviorEvidence as $behavior |
+  if $behavior == null then
+    "not recorded"
+  else
+    "status=\($behavior.status // "unknown"), boundary=\($behavior.userFacingBoundary // "not recorded"), expected=\($behavior.expectedBehavior // "not recorded"), actual=\($behavior.actualBehavior // "not recorded"), steps=\((($behavior.reproductionSteps // []) | length))"
+  end
+' "$report_card")"
+failure_ownership_summary="$(jq -r '
+  (.runtime.failureOwnership? // [])
+  | if length == 0 then
+      "no open failures recorded"
+    else
+      group_by(.classification // "unknown")
+      | map("\(.[0].classification // "unknown")=\(length)")
+      | join(", ")
+    end
+' "$report_card")"
+documentation_release_summary="CLAUDE=${claude_status}; README=${readme_status}"
+pr_body_accuracy_summary="body must be regenerated from this pr-brief, current report-card, and current diff before PR create/update"
+
 {
   echo "# PR Brief"
   echo
@@ -120,6 +212,27 @@ fi
     echo "- PR / MR: none"
   fi
   echo
+  echo "## Review Range"
+  echo
+  echo "- Reviewed base SHA: $review_base_sha"
+  echo "- Reviewed head SHA: $review_head_sha"
+  echo "- Review packet: $review_packet_summary"
+  echo "- Finding triage: $finding_triage_summary"
+  echo "- QA / claim evidence: $qa_claim_summary"
+  echo
+  echo "## Readiness Dashboard"
+  echo
+  echo "- Review freshness: $review_freshness_summary"
+  echo "- Review quality: $review_quality_summary"
+  echo "- Specialist review facets: $specialist_review_summary"
+  echo "- QA coverage: $qa_coverage_summary"
+  echo "- Browser QA: $browser_qa_summary"
+  echo "- Feedback loop: $feedback_loop_summary"
+  echo "- Behavior evidence: $behavior_evidence_summary"
+  echo "- Failure ownership: $failure_ownership_summary"
+  echo "- Documentation release: $documentation_release_summary"
+  echo "- PR body accuracy: $pr_body_accuracy_summary"
+  echo
   echo "## Summary"
   echo
   if [[ -n "$report_summary" ]]; then
@@ -145,6 +258,11 @@ fi
   echo "## Verification Evidence"
   echo
   echo "- \`report-card.json\` verdict: $report_verdict"
+  if [[ "$ship_mode" == "post-merge-closeout" ]]; then
+    echo "- Merged-result verification: required before closeout; record command, exit status, and key observation"
+  else
+    echo "- Merged-result verification: not applicable before merge"
+  fi
   if [[ -s "$tmp_evidence" ]]; then
     while IFS= read -r line; do
       echo "- $line"
@@ -153,6 +271,18 @@ fi
     echo "- No evidence lines captured yet."
   fi
   echo
+  echo "## QA Behavior Evidence"
+  echo
+  echo "- Feedback loop: $feedback_loop_summary"
+  echo "- Behavior evidence: $behavior_evidence_summary"
+  jq -r '
+    .qa.behaviorEvidence as $behavior |
+    if $behavior == null then empty else
+      (($behavior.reproductionSteps // [])[]? | "- Reproduction step: " + .),
+      (($behavior.domainLanguage // [])[]? | "- Domain language: " + .)
+    end
+  ' "$report_card" 2>/dev/null | sed '/^$/d' || true
+  echo
   echo "## Documentation Sync"
   echo
   echo "- \`CLAUDE.md\`: $claude_status"

package/.claude/skills/cc-act/scripts/verify-act-gate.sh

@@ -37,8 +37,18 @@ tasks_file="$(req_act_tasks_path "$CHANGE_DIR")"
 verdict="$(jq -r '.verdict // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
 reroute="$(jq -r '.reroute // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
 spec_sync_ready="$(jq -r '.specSyncReady // false' "$report_card" 2>/dev/null || echo false)"
-evidence_count="$(jq -r '(.evidence // []) | length' "$report_card" 2>/dev/null || echo 0)"
+evidence_count="$(jq -r '((.evidence // []) + (.claimEvidence // []) + (.quickGates // []) + (.strictGates // [])) | length' "$report_card" 2>/dev/null || echo 0)"
 gap_count="$(jq -r '(.gaps // []) | length' "$report_card" 2>/dev/null || echo 0)"
+review_freshness="$(jq -r '.review.freshness.status // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
+failure_ownership_open="$(jq -r '
+  (.runtime.failureOwnership? // [])
+  | map(select(((.classification? // "") | IN("in-branch", "ambiguous")) and ((.status? // "open") | IN("open", "pending"))))
+  | length
+' "$report_card" 2>/dev/null || echo 0)"
+coverage_status="$(jq -r '.qa.coverageAudit.status // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
+browser_status="$(jq -r '.qa.browserEvidence.status // "unknown"' "$report_card" 2>/dev/null || echo unknown)"
+feedback_loop_status="$(jq -r '.qa.feedbackLoop.status // "skipped"' "$report_card" 2>/dev/null || echo skipped)"
+behavior_evidence_status="$(jq -r '.qa.behaviorEvidence.status // "skipped"' "$report_card" 2>/dev/null || echo skipped)"
 
 remaining_tasks="0"
 if [[ -f "$tasks_file" ]]; then
@@ -50,6 +60,12 @@ fi
 [[ "$spec_sync_ready" == "true" ]] || { echo "Gate open: spec_sync_ready=$spec_sync_ready" >&2; exit 1; }
 [[ "$evidence_count" -gt 0 ]] || { echo "Gate open: evidence is empty" >&2; exit 1; }
 [[ "$gap_count" -eq 0 ]] || { echo "Gate open: gaps=$gap_count" >&2; exit 1; }
+[[ "$review_freshness" == "fresh" || "$review_freshness" == "not-applicable" ]] || { echo "Gate open: review_freshness=$review_freshness" >&2; exit 1; }
+[[ "$failure_ownership_open" -eq 0 ]] || { echo "Gate open: failure_ownership_open=$failure_ownership_open" >&2; exit 1; }
+[[ "$coverage_status" != "blocked" && "$coverage_status" != "fail" && "$coverage_status" != "pending" ]] || { echo "Gate open: coverage_status=$coverage_status" >&2; exit 1; }
+[[ "$browser_status" != "blocked" && "$browser_status" != "fail" && "$browser_status" != "pending" ]] || { echo "Gate open: browser_status=$browser_status" >&2; exit 1; }
+[[ "$feedback_loop_status" != "blocked" && "$feedback_loop_status" != "fail" && "$feedback_loop_status" != "pending" ]] || { echo "Gate open: feedback_loop_status=$feedback_loop_status" >&2; exit 1; }
+[[ "$behavior_evidence_status" != "blocked" && "$behavior_evidence_status" != "fail" && "$behavior_evidence_status" != "pending" ]] || { echo "Gate open: behavior_evidence_status=$behavior_evidence_status" >&2; exit 1; }
 [[ "$remaining_tasks" -eq 0 ]] || { echo "Gate open: remaining_tasks=$remaining_tasks" >&2; exit 1; }
 
 cat <<EOF
@@ -59,5 +75,11 @@ REROUTE=$reroute
 SPEC_SYNC_READY=$spec_sync_ready
 EVIDENCE_COUNT=$evidence_count
 GAP_COUNT=$gap_count
+REVIEW_FRESHNESS=$review_freshness
+FAILURE_OWNERSHIP_OPEN=$failure_ownership_open
+COVERAGE_STATUS=$coverage_status
+BROWSER_STATUS=$browser_status
+FEEDBACK_LOOP_STATUS=$feedback_loop_status
+BEHAVIOR_EVIDENCE_STATUS=$behavior_evidence_status
 REMAINING_TASKS=$remaining_tasks
 EOF

package/.claude/skills/cc-check/CHANGELOG.md

@@ -1,5 +1,31 @@
 # CC-Check Skill Changelog
 
+## v1.10.0 - 2026-04-28
+
+- add test fixture honesty review for partial fixtures, generated stubs, casts, and missing mock payload fields
+- require fixture shortcuts to preserve public seam behavior instead of hiding contract or input-shape problems
+
+## v1.9.0 - 2026-04-28
+
+- add QA feedback-loop evidence so bugfix and behavior checks record reproduction mode, determinism, signal quality, and blocked loop reasons before a pass verdict
+- add behavior evidence fields for expected behavior, actual behavior, reproduction steps, consistency, and domain language
+- tighten test-quality review around public-interface tests, system-boundary mocks, and architecture follow-ups when no correct test seam exists
+- update the report-card template, renderer, and gate validation for the new QA evidence shape while keeping older reports structurally compatible
+
+## v1.8.4 - 2026-04-28
+
+- add review freshness, quality score, specialist review facets, and finding confidence fingerprints so stale or noisy review evidence cannot masquerade as current proof
+- add QA coverage audit and browser evidence fields for user-flow, route, screenshot, console, and skip-reason proof
+- add runtime failure ownership so failing commands are classified as in-branch, pre-existing, environment, or ambiguous before verdict selection
+- update the report-card template, renderer, and gate validation for the richer review and QA evidence shape
+
+## v1.8.3 - 2026-04-28
+
+- add native claim evidence matrix guidance so each completion claim maps to command or artifact proof
+- add QA regression and test-quality review fields for red/green proof, mock boundaries, and test-only API smells
+- require review packets and finding triage so review results can be audited without chat memory
+- update report-card template, renderer, and gate validation for optional `claimEvidence` and `qa` fields
+
 ## v1.8.2 - 2026-04-27
 
 - require verification reports to resolve the runtime output policy before writing human-readable verdicts or summaries