cc-devflow 4.5.1 → 4.5.3

package/.claude/skills/cc-check/PLAYBOOK.md

@@ -40,6 +40,12 @@ NO PASS WITHOUT FRESH EVIDENCE
    - runtime gate
    - task review proof
    - requirement diff review
+   - claim evidence matrix
+   - QA feedback loop and behavior evidence
+   - QA regression / test-quality proof
+   - QA coverage and browser evidence
+   - review freshness and finding confidence
+   - failure ownership
    - spec sync readiness
 4. **Freeze Verdict**
    - 只允许 `pass` / `fail` / `blocked`
@@ -54,13 +60,35 @@ NO PASS WITHOUT FRESH EVIDENCE
 3. 读取真实输出和退出码
 4. 把证据写进 `report-card.json`
 5. 把任务级 review 与需求级 diff review 分开写清楚
+6. 把每个成功声明映射到 `claimEvidence[]`
+7. 行为变更必须补 `qa` 证据或例外理由
+8. 失败输出必须写入 `runtime.failureOwnership[]`
 
 ## Verification Layers
 
 1. Runtime reality
 2. Task review proof
 3. Requirement diff truth
-4. Spec alignment and sync readiness
+4. Claim evidence matrix
+5. QA feedback loop and behavior evidence
+6. QA regression and test quality
+7. QA coverage and browser evidence
+8. Review freshness and confidence calibration
+9. Failure ownership
+10. Spec alignment and sync readiness
+
+## Claim Evidence Matrix
+
+每个“通过”声明都要回答：这条声明由哪条命令或 artifact 证明？
+
+- `tests-pass`：本轮 test command、exit 0、0 failures
+- `lint-clean` / `typecheck-clean` / `build-succeeds`：对应 gate 的本轮输出
+- `bug-fixed`：原始症状或回归测试通过
+- `regression-test-works`：red -> green 证据，而不是只绿一次
+- `requirements-met`：逐项 plan / manifest checklist
+- `agent-completed`：VCS diff 或 artifact 证明实际变化
+
+缺少必要 claim 的证据时，verdict 至少是 `blocked`。不要把没有证据的 claim 写进 summary。
 
 ## Requirement Diff Review
 
@@ -71,9 +99,52 @@ NO PASS WITHOUT FRESH EVIDENCE
 3. `scope drift`：识别多做、少做、做偏。
 4. `critical pass`：检查数据安全、并发、shell、LLM trust boundary、枚举覆盖、静默失败、文档漂移。
 5. `adversarial synthesis`：合并外部 review / codex / subagent /人工 finding，去重并标置信度。
+6. `specialist facets`：按风险记录 testing / security / performance / api-contract / data-migration / design 等审查面；没有覆盖必须写 skip reason。
+7. `freshness`：确认 review 对应当前 head；review 后新增 commit 时不能继续拿旧审查支撑 `pass`。
 
 这些结论进入 `review.diffReview`，不能只写在口头总结里。
 
+每层 review 都要带 `reviewPacket`：`baseSha`、`headSha`、`requirements`、`implemented`、`reviewerContext`。缺少审查范围时，review 不能支撑 `pass`。
+
+review 还要带 `freshness`：`status`、`reviewedCommit`、`currentCommit`、`commitsSinceReview`、`staleReason`。`status=stale` 或缺失 freshness 时，`pass` 不成立。
+
+每条 finding 都要带 `triageStatus`：
+
+- `accepted-fixed`
+- `rejected-with-evidence`
+- `deferred-minor`
+- `clarification-needed`
+
+`critical` / `important` finding 未闭环或仍是 `clarification-needed`，不能进入 `cc-act`。
+
+每条 finding 还要带 `confidenceScore`、`fingerprint`、`displayTier`、`suppressionReason`。低置信 finding 只能作为 warning 或 gap，不能伪装成 blocking fact。
+
+## QA Test Quality
+
+行为变化、bugfix、边界条件、用户可见流程必须补 `qa`：
+
+- `feedbackLoop`：用什么 loop 证明现实，速度、确定性、信号锋利度、复现率如何
+- `behaviorEvidence`：用户边界、expected / actual、复现步骤、稳定性、领域语言
+- `regressionProof`：red command、red failure reason、green command、是否恢复最终状态
+- `testQuality`：是否经公共接口验证真实行为、mock 是否只停在系统边界、是否存在 test-only production API
+- `architectureFollowUps`：没有正确 test seam 时记录 seam / hidden coupling / shallow module 的后续改造
+- `tddException`：纯配置、生成文件、throwaway prototype 等例外和替代验证
+- `coverageAudit`：覆盖率、codepath / user-flow map、缺口、是否需要 e2e / eval、测试质量星级
+- `browserEvidence`：UI / 用户路径变更的 affected routes、截图、console、health score、issues，或明确 skip reason
+
+测试只绿过一次，不能证明 regression test 有效；断言 mock 本身，不能证明真实行为。没有可信反馈环时，`pass` 不成立。
+
+## Failure Ownership
+
+失败要先归属，再下结论：
+
+- `in-branch`：当前分支引入，默认回 `cc-do`
+- `pre-existing`：base branch 也存在，必须有复验证据
+- `environment`：依赖、权限、服务、密钥、平台缺失，通常是 `blocked`
+- `ambiguous`：无法证明归属，默认不能 `pass`
+
+不要把环境红灯、基线红灯、本分支红灯混成一句“测试失败”。
+
 ## Verdict
 
 只允许 3 种结论：
@@ -98,12 +169,67 @@ NO PASS WITHOUT FRESH EVIDENCE
   "verdict": "pass",
   "overall": "pass",
   "summary": "one-line reality",
+  "claimEvidence": [],
+  "runtime": {
+    "status": "pass",
+    "failureOwnership": []
+  },
+  "qa": {
+    "status": "pass",
+    "feedbackLoop": {
+      "status": "pass",
+      "mode": "targeted-test",
+      "commandOrArtifact": "npm test -- src/feature/feature.test.ts",
+      "speed": "fast",
+      "determinism": "high",
+      "signalSharpness": "fails only when the target behavior is absent",
+      "reproductionRate": "1/1",
+      "attempts": [],
+      "blockedReason": ""
+    },
+    "behaviorEvidence": {
+      "status": "pass",
+      "userFacingBoundary": "feature action",
+      "expectedBehavior": "the user-visible behavior succeeds",
+      "actualBehavior": "verified by targeted test",
+      "reproductionSteps": [],
+      "consistency": "deterministic",
+      "domainLanguage": []
+    },
+    "regressionProof": [],
+    "testQuality": [],
+    "coverageAudit": {
+      "status": "pass",
+      "coveragePct": 80,
+      "pathMap": [],
+      "gaps": [],
+      "testsAdded": [],
+      "e2eRequired": false,
+      "evalRequired": false,
+      "qualityStars": "★★"
+    },
+    "browserEvidence": {
+      "status": "skipped",
+      "mode": "not-applicable",
+      "affectedRoutes": [],
+      "screenshots": [],
+      "consoleErrors": [],
+      "healthScore": null,
+      "issues": [],
+      "skipReason": "not a UI or user-path change"
+    },
+    "architectureFollowUps": [],
+    "tddException": null
+  },
   "quickGates": [],
   "strictGates": [],
   "review": {
     "status": "pass",
     "summary": "",
     "details": "",
+    "freshness": { "status": "fresh", "reviewedCommit": "example-head", "currentCommit": "example-head", "commitsSinceReview": 0, "staleReason": "" },
+    "qualityScore": 9,
+    "specialistReviews": [],
     "taskReviews": { "status": "pass", "required": true, "summary": "", "reviewers": [], "findings": [] },
     "diffReview": { "status": "skipped", "required": false, "summary": "", "reviewers": [], "findings": [] },
     "findings": []
@@ -151,3 +277,4 @@ NO PASS WITHOUT FRESH EVIDENCE
 4. `review.status` 是真实现实，还是我脑补的绿色？
 5. 如果把这份 `report-card.json` 给下一位接手者，他知道接下来去哪吗？
 6. diff review 是否同时覆盖了 plan completion、scope drift、critical pass、doc staleness？
+7. feedback loop 是否真的证明了用户描述的行为，而不是只证明附近代码能跑？

package/.claude/skills/cc-check/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-check
-version: 1.8.2
+version: 1.10.0
 description: Use when a planned or investigated change needs fresh verification evidence, layered gate proof, review truth, and an honest pass fail blocked verdict before entering cc-act.
 triggers:
   - 验收这个需求
@@ -25,7 +25,7 @@ entry_gate:
   - Re-run fresh commands instead of inheriting cc-do narration.
   - If evidence is stale or missing, reset context and rebuild the verdict from canonical artifacts.
 exit_criteria:
-  - review/report-card.json records pass, fail, or blocked using fresh evidence, plus spec alignment and sync readiness.
+  - review/report-card.json records pass, fail, or blocked using fresh evidence, review freshness, claim evidence, QA coverage and browser evidence, failure ownership, plus spec alignment and sync readiness.
   - Task-level review and requirement-level diff review are separated clearly.
   - 'The next step is unambiguous: cc-act, cc-do, cc-investigate, or cc-plan.'
 reroutes:
@@ -119,6 +119,9 @@ NO PASS WITHOUT FRESH EVIDENCE
    - runtime gate
    - task-level review proof
    - requirement-level diff review
+   - claim evidence matrix
+   - QA feedback loop and behavior evidence
+   - QA regression / test-quality proof
    - spec alignment / sync readiness
 4. **Freeze Verdict**
    - 只允许 `pass` / `fail` / `blocked`
@@ -131,12 +134,12 @@ NO PASS WITHOUT FRESH EVIDENCE
 
 - Allowed actions: rerun gates, inspect review proof, record a verdict, and route the requirement honestly.
 - Forbidden actions: continuing development, inheriting old execution claims without fresh proof, or masking blocked work as pass.
-- Required evidence: every passing statement must cite fresh command output, exit status, and key observation.
+- Required evidence: every passing statement must cite fresh command output, exit status, key observation, and the claim it proves.
 - Reroute rule: code and review fixes return to `cc-do`; root-cause drift returns to `cc-investigate`; scope or design invalidation returns to `cc-plan`.
 
 ## Verification Layers
 
-`cc-check` 不是只看“测试是不是绿的”，而是至少看 4 层：
+`cc-check` 不是只看“测试是不是绿的”，而是至少看 10 层：
 
 1. **Runtime Layer**
    - 测试、lint、typecheck、build、脚本 gate
@@ -147,9 +150,79 @@ NO PASS WITHOUT FRESH EVIDENCE
    - 当前改动是否真的兑现 requirement，而不是只让局部测试通过
 4. **Spec Sync Layer**
    - capability truth、expected spec delta、handoff readiness 是否仍然一致
+5. **Claim Evidence Layer**
+   - 测试通过、build 成功、bug 修复、需求完成、agent 完成等声明，是否各自有对应证据
+6. **QA Test Layer**
+   - 回归测试是否有 red/green 证据
+   - 测试是否验证真实行为，而不是 mock 或 test-only production API
+   - 反馈环是否能稳定复现或证明用户描述的行为
+7. **Review Freshness Layer**
+   - review 是否绑定当前 `headSha`
+   - 从 review 到当前 HEAD 是否还有新增 commit
+   - 质量分、置信度、finding 去噪是否可复盘
+8. **QA Coverage / Browser Layer**
+   - 行为链路、错误态、边界条件是否被测试映射覆盖
+   - UI / 用户路径变更是否有浏览器证据、截图、console 结果或明确 skip 理由
+9. **Failure Ownership Layer**
+   - 失败是本分支引入、基线已存在、环境阻塞，还是归属不明
+   - 归属不明默认不能支撑 `pass`
+10. **Behavior Contract Layer**
+   - expected / actual / reproduction steps 是否用用户和领域语言写清
+   - follow-up 是否是行为契约，而不是易腐烂的文件行号 TODO
 
 任何一层失真，都不能写 `pass`。
 
+## Claim Evidence Matrix
+
+不要把所有绿色都写成“测试过了”。`cc-check` 必须把声明拆成证据：
+
+| Claim | Required proof | Not enough |
+| --- | --- | --- |
+| Tests pass | 本轮 test command、exit 0、0 failures | 旧输出、局部日志、应该会过 |
+| Lint clean | 本轮 lint command、0 errors | 只跑 formatter、只看 touched file 且声明全仓 clean |
+| Build succeeds | build command exit 0 | test / lint 通过 |
+| Bug fixed | 原始症状或回归测试通过 | 代码改了、推测已修 |
+| Regression test works | red -> green 证据 | 测试只绿过一次 |
+| Agent completed | VCS diff / artifact 证明实际变化 | agent 自报 success |
+| Requirements met | 逐项 plan / manifest checklist | 测试通过 |
+
+这些事实写入 `claimEvidence[]`。缺少关键 claim 的证据时，结论至少是 `blocked`。
+
+## QA Test Review
+
+`cc-check` 必须区分“有测试”和“测试证明了正确行为”：
+
+1. 先建立反馈环，再谈修复：failing test、curl / HTTP、CLI fixture、headless browser、trace replay、throwaway harness、bisect / differential loop 都可以，但必须说明速度、确定性、信号锋利度和复现率。
+2. 回归测试必须记录 red/green 证据；red 要因为目标行为缺失而失败，不是语法、fixture 或 mock 写错。
+3. 测试应从公共接口验证真实行为；不准为了方便直接测私有实现。
+4. mock 只允许站在系统边界：外部 API、数据库、时间、随机数、文件系统、网络。mock 自家模块、断言内部调用次数或顺序，默认是 review finding。
+5. 生产代码里新增仅测试使用的 API，默认是坏味道，必须 blocking，除非有明确生产生命周期理由。
+6. 复杂 mock setup 超过测试主体时，优先要求 integration / contract test 解释。
+7. test fixture 必须诚实表达 contract：partial fixture、generated stub、`as` / `any` / 双重 cast、缺字段 mock payload 都要说明真实字段与填充字段；如果这些技巧让测试绕过公共 seam 或隐藏错误输入，默认是 review finding。
+8. 如果没有正确测试 seam，不要硬造脆弱测试；记录 `qa.architectureFollowUps`，说明缺失 seam / hidden coupling / shallow module，并按严重度决定 reroute 或 follow-up。
+
+这些事实写入 `qa.regressionProof` 和 `qa.testQuality`。如果本需求没有行为测试空间，必须记录 `tddException` 或替代验证命令。
+
+## QA Behavior Evidence
+
+用户可见行为、bugfix、regression、工作流、CLI 行为和 API 行为都必须留下行为证据：
+
+1. `qa.feedbackLoop` 记录本轮用什么 loop 证明现实，包含 `status`、`mode`、`commandOrArtifact`、`speed`、`determinism`、`signalSharpness`、`reproductionRate`、`attempts`、`blockedReason`。
+2. `qa.behaviorEvidence` 记录 `userFacingBoundary`、`expectedBehavior`、`actualBehavior`、`reproductionSteps`、`consistency`、`domainLanguage`、`status`。
+3. bugfix 不能只写“代码改了”；必须证明用户描述的原始症状已经被同一条或更可信的反馈环覆盖。
+4. 不能复现时，verdict 默认 `blocked` 或回 `cc-investigate`，并写清尝试过哪些 loop、还缺什么 artifact / 权限 / 输入。
+5. QA issue / follow-up 必须用行为和验收条件表达，不写易失效的文件路径或行号，除非它是当前 review finding 的证据位置。
+
+## QA Coverage And Browser Evidence
+
+测试不是数量游戏。`cc-check` 必须判断测试覆盖了哪条真实路径：
+
+1. `qa.coverageAudit` 记录 `coveragePct`、`pathMap`、`gaps`、`testsAdded`、`e2eRequired`、`evalRequired`、`qualityStars`。
+2. UI、路由、端到端用户路径、可视状态、交互状态变化时，必须记录 `qa.browserEvidence`。
+3. `qa.browserEvidence` 至少说明 `mode`、`affectedRoutes`、`screenshots`、`consoleErrors`、`healthScore`、`issues`、`skipReason`。
+4. 前端变更没有浏览器证据也没有 skip reason，不能写 `pass`。
+5. 非前端或纯内部变更可以把 `browserEvidence.status` 写成 `skipped`，但必须说明为什么不需要浏览器 QA。
+
 ## Diff Review Pipeline
 
 `cc-check` 的 requirement-level review 不能只写“diff 看过了”。至少要形成这些事实：
@@ -161,9 +234,56 @@ NO PASS WITHOUT FRESH EVIDENCE
 5. Outside-diff lookup：新增枚举值、状态、路由、artifact 类型时，必须搜索 sibling references，不能只读 diff 内文件。
 6. Documentation staleness：代码行为、入口、命令、结构变化时，检查 README / CLAUDE / architecture docs 是否漂移。
 7. Adversarial synthesis：如果有 codex review、subagent review、人工 review，多视角 finding 要去重并标出高置信重叠项。
+8. Specialist facets：按实际风险记录 `testing`、`security`、`performance`、`api-contract`、`data-migration`、`design` 等 review facet；没有派发也要写 skip reason，避免 reviewer 误以为已经覆盖。
+9. Confidence calibration：每条 finding 必须有可比较的置信度和指纹，低置信 finding 不准伪装成 blocker。
 
 这些事实写入 `review.diffReview.details` 或 `review.findings`。`pass` 只在 scope、completion、critical pass、doc staleness 都没有 blocking finding 时成立。
 
+## Review Packet And Triage
+
+每次 task-level 或 requirement-level review 都必须能脱离聊天记录复盘：
+
+1. `reviewPacket.baseSha`
+2. `reviewPacket.headSha`
+3. `reviewPacket.requirements`
+4. `reviewPacket.implemented`
+5. `reviewPacket.reviewerContext`
+
+每次 review 还必须记录 freshness：
+
+1. `review.freshness.status`：`fresh` / `stale` / `unknown` / `not-applicable`
+2. `review.freshness.reviewedCommit`
+3. `review.freshness.currentCommit`
+4. `review.freshness.commitsSinceReview`
+5. `review.freshness.staleReason`
+6. `review.qualityScore`：0-10，缺失时不能当成高置信审查
+
+每条 finding 必须有 triage：
+
+- `accepted-fixed`：已修并有验证
+- `rejected-with-evidence`：经代码 / 测试证明不适用
+- `deferred-minor`：非阻塞，已写入 follow-up
+- `clarification-needed`：不清楚，当前 verdict 不能是 `pass`
+
+`critical` / `important` finding 未 triage 或未闭环，不能进入 `cc-act`。
+
+每条 finding 还必须带去噪字段：
+
+- `confidenceScore`：1-10，低于 7 的 finding 只能作为 warning 或待验证 gap
+- `fingerprint`：稳定去重键，避免多路 review 重复报同一件事
+- `displayTier`：`blocking` / `warning` / `info` / `suppressed`
+- `suppressionReason`：只有 `displayTier=suppressed` 时允许非空
+
+## Failure Ownership
+
+失败不能只写“测试红了”。`cc-check` 必须把失败归属写入 `runtime.failureOwnership[]`：
+
+1. `classification` 只能是 `in-branch`、`pre-existing`、`environment`、`ambiguous`。
+2. `ambiguous` 默认按 `in-branch` 处理，除非有 base branch 复验证据。
+3. `pre-existing` 必须有 base branch 或历史证据，不能靠猜。
+4. `environment` 必须记录缺失依赖、权限、服务、密钥或平台约束。
+5. `pass` 不能带未解释的 `in-branch` 或 `ambiguous` 失败。
+
 ## Entry Gate
 
 1. 先读 `planning/design.md` 或 `planning/analysis.md`，再读 `planning/tasks.md`、`planning/task-manifest.json`。
@@ -181,6 +301,7 @@ NO PASS WITHOUT FRESH EVIDENCE
    - 运行真实命令
    - 记录 exit status
    - 识别 failure 还是 blocked
+   - 记录 failure ownership，而不是把所有红灯混成一个失败摘要
 3. **Compare against the contract**
    - 对照 `planning/design.md` 或 `planning/analysis.md`
    - 对照 `planning/tasks.md`、`planning/task-manifest.json`
@@ -265,9 +386,12 @@ NO PASS WITHOUT FRESH EVIDENCE
 
 1. severity：`critical` / `important` / `info`
 2. confidence：`high` / `medium` / `low`，低置信不要伪装成 blocker
+   - 同时写 `confidenceScore`，用 1-10 数字表达可比较置信度
 3. source：`runtime` / `task-review` / `diff-review` / `adversarial` / `docs`
 4. evidence：文件、命令、退出码、manifest path、或具体观察
 5. action：`fix-now` / `reroute-cc-do` / `reroute-cc-plan` / `reroute-cc-investigate` / `document-follow-up`
+6. fingerprint：稳定去重键
+7. displayTier：`blocking` / `warning` / `info` / `suppressed`
 
 不能写“可能有问题”然后让接手者猜。要么证明，要么标成待验证 gap。
 
@@ -281,15 +405,31 @@ NO PASS WITHOUT FRESH EVIDENCE
   "verdict": "pass",
   "overall": "pass",
   "summary": "verdict=pass quick=3/3 strict=0/0 review=pass",
+  "claimEvidence": [
+    { "claim": "tests-pass", "requiredProof": "fresh test command", "commandOrArtifact": "npm test", "exitStatus": 0, "keyObservation": "0 failures", "status": "pass" },
+    { "claim": "requirements-met", "requiredProof": "plan checklist", "commandOrArtifact": "planning/tasks.md", "exitStatus": null, "keyObservation": "all tasks complete", "status": "pass" }
+  ],
+  "runtime": { "status": "pass", "failureOwnership": [] },
+  "qa": {
+    "status": "pass",
+    "regressionProof": [],
+    "testQuality": [],
+    "coverageAudit": { "status": "pass", "coveragePct": 80, "pathMap": [], "gaps": [], "testsAdded": [], "e2eRequired": false, "evalRequired": false, "qualityStars": "★★" },
+    "browserEvidence": { "status": "skipped", "mode": "not-applicable", "affectedRoutes": [], "screenshots": [], "consoleErrors": [], "healthScore": null, "issues": [], "skipReason": "not a UI or user-path change" },
+    "tddException": null
+  },
   "quickGates": [],
   "strictGates": [],
   "review": {
     "status": "pass",
     "summary": "Task review and diff review both passed",
     "details": "",
-      "taskReviews": { "status": "pass", "required": true, "summary": "all completed tasks carry spec/code proof", "reviewers": [], "findings": [] },
-      "diffReview": { "status": "pass", "required": true, "summary": "plan completion clean, no scope drift, no critical diff findings", "reviewers": [], "findings": [] },
-      "findings": []
+    "freshness": { "status": "fresh", "reviewedCommit": "example-head", "currentCommit": "example-head", "commitsSinceReview": 0, "staleReason": "" },
+    "qualityScore": 9,
+    "specialistReviews": [],
+    "taskReviews": { "status": "pass", "required": true, "summary": "all completed tasks carry spec/code proof", "reviewPacket": {}, "reviewers": [], "findings": [] },
+    "diffReview": { "status": "pass", "required": true, "summary": "plan completion clean, no scope drift, no critical diff findings", "reviewPacket": {}, "reviewers": [], "findings": [] },
+    "findings": []
   },
   "blockingFindings": [],
   "reroute": "none",

package/.claude/skills/cc-check/assets/REPORT_CARD_TEMPLATE.json

@@ -9,6 +9,123 @@
   "specAlignment": "blocked",
   "specDeltaVerified": false,
   "specSyncReady": false,
+  "runtime": {
+    "status": "blocked",
+    "failureOwnership": [
+      {
+        "failure": "missing spec review proof",
+        "classification": "in-branch",
+        "touchedByDiff": true,
+        "evidence": "planning/task-manifest.json tasks[T002].reviews.spec is empty",
+        "action": "reroute-cc-do",
+        "status": "open"
+      }
+    ]
+  },
+  "claimEvidence": [
+    {
+      "claim": "tests-pass",
+      "requiredProof": "fresh test command with exit 0 and 0 failures",
+      "commandOrArtifact": "npm test -- src/feature/feature.test.ts",
+      "exitStatus": 0,
+      "keyObservation": "targeted tests passed in this run",
+      "status": "pass"
+    },
+    {
+      "claim": "requirements-met",
+      "requiredProof": "line-by-line planning/tasks.md and task-manifest.json checklist",
+      "commandOrArtifact": "planning/tasks.md + planning/task-manifest.json",
+      "exitStatus": null,
+      "keyObservation": "T002 still lacks spec review proof",
+      "status": "blocked"
+    }
+  ],
+  "qa": {
+    "status": "blocked",
+    "feedbackLoop": {
+      "status": "blocked",
+      "mode": "targeted-test",
+      "commandOrArtifact": "npm test -- src/feature/feature.test.ts",
+      "speed": "fast",
+      "determinism": "high",
+      "signalSharpness": "targeted failure would indicate the user-visible behavior regressed",
+      "reproductionRate": "not recorded",
+      "attempts": [
+        "targeted unit test"
+      ],
+      "blockedReason": "red/green reproduction is not recorded yet"
+    },
+    "behaviorEvidence": {
+      "status": "blocked",
+      "userFacingBoundary": "feature behavior",
+      "expectedBehavior": "target behavior succeeds for the user",
+      "actualBehavior": "not proven yet",
+      "reproductionSteps": [
+        "run the targeted verification command"
+      ],
+      "consistency": "not recorded",
+      "domainLanguage": [
+        "feature behavior"
+      ]
+    },
+    "regressionProof": [
+      {
+        "behavior": "original symptom",
+        "redCommand": "",
+        "redFailure": "",
+        "greenCommand": "",
+        "greenObservation": "",
+        "restoredState": false
+      }
+    ],
+    "testQuality": [
+      {
+        "area": "targeted-tests",
+        "checksRealBehavior": true,
+        "mockBoundary": "none",
+        "testOnlyProductionApi": false,
+        "status": "pass"
+      }
+    ],
+    "coverageAudit": {
+      "status": "blocked",
+      "coveragePct": null,
+      "pathMap": ["planning/tasks.md#T002"],
+      "gaps": ["T002 has no spec review proof, so the requirement cannot be marked covered"],
+      "testsAdded": [],
+      "e2eRequired": false,
+      "evalRequired": false,
+      "qualityStars": "★"
+    },
+    "browserEvidence": {
+      "status": "skipped",
+      "mode": "not-applicable",
+      "affectedRoutes": [],
+      "screenshots": [],
+      "consoleErrors": [],
+      "healthScore": null,
+      "issues": [],
+      "skipReason": "template example is not a UI browser QA scenario"
+    },
+    "architectureFollowUps": [
+      {
+        "summary": "Add the missing public test seam before widening coverage",
+        "currentBehavior": "review proof depends on task metadata instead of a direct behavior seam",
+        "desiredBehavior": "tests verify the behavior through a stable public interface",
+        "keyInterfaces": [
+          "feature public API"
+        ],
+        "acceptanceCriteria": [
+          "target behavior can be reproduced without private implementation hooks"
+        ],
+        "outOfScope": [
+          "rewriting unrelated modules"
+        ],
+        "status": "deferred-minor"
+      }
+    ],
+    "tddException": null
+  },
   "quickGates": [
     {
       "name": "targeted-tests",
@@ -28,17 +145,63 @@
     "status": "blocked",
     "summary": "Task review evidence is incomplete",
     "details": "T002 is implemented, but the requirement still lacks spec review proof required by the gate.",
+    "freshness": {
+      "status": "unknown",
+      "reviewedCommit": "",
+      "currentCommit": "",
+      "commitsSinceReview": null,
+      "staleReason": "review range is not recorded yet"
+    },
+    "qualityScore": null,
+    "specialistReviews": [
+      {
+        "name": "testing",
+        "status": "blocked",
+        "required": true,
+        "summary": "testing facet cannot pass while task review proof is missing",
+        "skipReason": "",
+        "findings": []
+      }
+    ],
     "taskReviews": {
       "status": "blocked",
       "required": true,
       "summary": "T002 has no spec review record yet",
+      "reviewPacket": {
+        "baseSha": "",
+        "headSha": "",
+        "requirements": "planning/tasks.md#T002",
+        "implemented": "implementation report for T002",
+        "reviewerContext": "task spec and changed files"
+      },
       "reviewers": [],
-      "findings": []
+      "findings": [
+        {
+          "severity": "important",
+          "confidence": "high",
+          "source": "task-review",
+          "summary": "T002 spec review proof is missing",
+          "evidence": "planning/task-manifest.json tasks[T002].reviews.spec is empty",
+          "action": "reroute-cc-do",
+          "triageStatus": "clarification-needed",
+          "confidenceScore": 9,
+          "fingerprint": "task-review:T002:missing-spec-review",
+          "displayTier": "blocking",
+          "suppressionReason": null
+        }
+      ]
     },
     "diffReview": {
       "status": "skipped",
       "required": false,
       "summary": "",
+      "reviewPacket": {
+        "baseSha": "",
+        "headSha": "",
+        "requirements": "planning/design.md",
+        "implemented": "",
+        "reviewerContext": ""
+      },
       "reviewers": [],
       "findings": []
     },

package/.claude/skills/cc-check/references/gate-contract.md

@@ -16,6 +16,17 @@
 
 所有通过结论都必须来自本次新鲜证据；旧输出只能当线索，不能直接继承 verdict。
 
+## QA Feedback Loop
+
+行为变更和 bugfix 的 evidence 还必须说明反馈环：
+
+- `mode`：failing test、curl / HTTP、CLI fixture、browser、trace replay、bisect、differential loop 等
+- `determinism`：反馈是否稳定，flaky 时复现率是多少
+- `signalSharpness`：失败是否指向目标行为，而不是语法、fixture 或 mock 问题
+- `blockedReason`：无法建立 loop 时缺少什么 artifact、权限、服务或输入
+
+没有可信 loop 的 bugfix 默认不能 `pass`。
+
 ## Reroute
 
 - `none`