cc-devflow 4.5.3 → 4.5.4

package/.claude/skills/cc-act/CHANGELOG.md

@@ -1,5 +1,11 @@
 # CC-Act Skill Changelog
 
+## v1.8.1 - 2026-04-29
+
+- add structured ship preflight fields with `ShipPreflightError` rescue actions
+- require rollback guards before publish, merge, PR update, or release note handoff
+- add PR branch hygiene and learning extraction targets to delivery templates
+
 ## v1.8.0 - 2026-04-28
 
 - add remote state consistency rules for issue, PR, tracker, `needs-info`, and `ready-for-agent` closeout handoffs

package/.claude/skills/cc-act/PLAYBOOK.md

@@ -84,6 +84,9 @@ Ship 必须属于这 4 种模式之一：
 4. 如果有 WIP commit，只能用非破坏性 rebase / fixup 处理，不允许盲目 soft reset。
 5. push 前比较 local / remote HEAD；PR 前检查是否已有打开 PR / MR。
 6. 生成 readiness dashboard：review freshness、review quality、QA coverage、browser QA、feedback loop、behavior evidence、failure ownership、documentation release、PR body accuracy。
+7. 生成 ship preflight：branch/base/remote/auth/clean tree/review freshness/ship mode。
+8. preflight 失败必须命名为 `ShipPreflightError`，并写明 rescue action 或切到 `local-handoff`。
+9. 发布、合并、PR 更新或 release note 前必须写 rollback guard。
 
 ## Phase 3: Build Delivery Pack
 
@@ -115,6 +118,8 @@ Ship 必须属于这 4 种模式之一：
 - review packet path / summary
 - finding triage summary
 - QA / claim evidence summary
+- ship preflight and `ShipPreflightError` rescue if any
+- rollback guard
 - QA behavior evidence and feedback-loop quality
 - readiness dashboard
 - PR body accuracy check
@@ -207,6 +212,8 @@ Ship 必须属于这 4 种模式之一：
 5. PR body / release note / handoff / changelog 说的是不是同一套现实？
 6. readiness dashboard 有没有 blocker 或 stale warning？
 7. follow-up 是不是行为契约，而不是“改某文件某行”的易腐烂 TODO？
+8. ship preflight failure 是否有 `ShipPreflightError`、artifact ref 和 rescue action？
+9. rollback guard 是否足够让下一位维护者不靠聊天记录回退？
 
 如果第 1 或第 3 题答案不是“能”，说明 `cc-act` 仍然太重或太糊。
 

package/.claude/skills/cc-act/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-act
-version: 1.8.0
+version: 1.8.1
 description: 'Use when verified work must be shipped or handed off with a clear landing path: run simplify and required tests, create or update a PR, prepare a local handoff, close out merged work, sync docs, write release notes, and fold follow-ups back into backlog or roadmap.'
 triggers:
   - 准备提 PR
@@ -37,7 +37,7 @@ effects:
   - roadmap or backlog follow-up updates when needed
 entry_gate:
   - Accept only a passing review/report-card.json with reroute=none and specSyncReady=true.
-  - Freeze current branch, PR, and ship-mode facts before writing delivery materials.
+  - Freeze current branch, PR, ship-mode, auth, clean-tree, and rollback facts before writing delivery materials.
   - If simplify, tests, or act changes code or verification scope, return to cc-check immediately.
 exit_criteria:
   - The ship mode is explicit, delivery materials match that mode, and the next maintainer has one clear entry point.
@@ -218,6 +218,29 @@ tool_budget:
 11. Remote state consistency：如果本次 closeout 触碰 GitHub issue / PR / tracker，必须记录当前 state、目标 state、允许转换、已保留事实和下一位 owner；`needs-info` 必须保留已确认事实和具体问题，`ready-for-agent` 必须有可执行 brief。
 12. Tooling smoke：如果本次改动影响 hook、pre-commit、lint、publish、adapt 或验证脚本，必须跑真实入口或最接近真实入口的 smoke；只读配置文件不等于工具链可用。
 
+## Ship Preflight And Rescue
+
+ship preflight 必须结构化记录：
+
+- `branch`: 当前分支、base、remote、local/remote HEAD 关系
+- `auth`: `gh` / registry / deploy / package publish 等权限是否可用
+- `workspace`: clean tree、staged files、未跟踪文件和相关 stash
+- `reviewFreshness`: `cc-check` 审查范围是否仍绑定当前 HEAD
+- `shipMode`: `create-pr` / `update-pr` / `local-handoff` / `post-merge-closeout`
+
+任何 preflight failure 都必须命名为 `ShipPreflightError`，并写清 rescue action。
+不能用“工具不可用”当作模糊失败；要明确切 `local-handoff`、补 auth、刷新 review，
+还是返回 `cc-check`。
+
+rollback guard 必须在 publish、merge、PR 更新或 release note 前写清：
+
+- safe state
+- rollback command 或人工回退步骤
+- data / migration / package / remote side effect
+- owner
+
+没有 rollback guard 的 release 只能停在 handoff，不准发布。
+
 ## Readiness Dashboard
 
 PR / handoff 之前必须把 readiness 压成一屏事实：

package/.claude/skills/cc-act/assets/PR_BRIEF_TEMPLATE.md

@@ -24,6 +24,27 @@
 - Base branch:
 - PR / MR:
 
+## Ship Preflight
+
+- Branch:
+- Base:
+- Remote:
+- Local / remote HEAD:
+- Auth:
+- Clean tree:
+- Review freshness:
+- Ship mode:
+- `ShipPreflightError`:
+- Rescue action:
+
+## PR Branch Hygiene
+
+- Existing PR / MR:
+- Duplicate PR risk:
+- Commit split:
+- Push idempotency:
+- Body source:
+
 ## Review Range
 
 - Reviewed base SHA:
@@ -59,6 +80,13 @@
 - Fresh evidence:
 - Merged-result verification:
 
+## Rollback Guard
+
+- Safe state:
+- Rollback command / manual steps:
+- Side effects:
+- Owner:
+
 ## QA Behavior Evidence
 
 - Feedback loop:
@@ -96,6 +124,7 @@
 - Key interfaces:
 - Acceptance criteria:
 - Out of scope:
+- Learning extraction target:
 
 ## Risks
 

package/.claude/skills/cc-act/assets/RELEASE_NOTE_TEMPLATE.md

@@ -20,6 +20,13 @@
 
 - 
 
+## Rollback Guard
+
+- Safe state:
+- Rollback command / manual steps:
+- Side effects:
+- Owner:
+
 ## QA Behavior Evidence
 
 - Feedback loop:
@@ -36,3 +43,4 @@
 - Desired behavior:
 - Acceptance criteria:
 - Out of scope:
+- Learning extraction target:

package/.claude/skills/cc-check/CHANGELOG.md

@@ -1,5 +1,11 @@
 # CC-Check Skill Changelog
 
+## v1.10.1 - 2026-04-29
+
+- add named runtime failure fields with artifact references, owners, and rescue actions
+- add human UAT evidence to the report card so manual acceptance can block or reroute honestly
+- require review findings to carry explicit rescue actions instead of vague follow-up text
+
 ## v1.10.0 - 2026-04-28
 
 - add test fixture honesty review for partial fixtures, generated stubs, casts, and missing mock payload fields

package/.claude/skills/cc-check/PLAYBOOK.md

@@ -63,6 +63,8 @@ NO PASS WITHOUT FRESH EVIDENCE
 6. 把每个成功声明映射到 `claimEvidence[]`
 7. 行为变更必须补 `qa` 证据或例外理由
 8. 失败输出必须写入 `runtime.failureOwnership[]`
+9. failure ownership 必须包含 named error、artifact refs 和 rescue action
+10. human UAT 必须 pass、fail、blocked 或带 skip reason；失败不能被测试绿灯覆盖
 
 ## Verification Layers
 
@@ -76,6 +78,8 @@ NO PASS WITHOUT FRESH EVIDENCE
 8. Review freshness and confidence calibration
 9. Failure ownership
 10. Spec alignment and sync readiness
+11. Human UAT
+12. Named runtime errors and rescue actions
 
 ## Claim Evidence Matrix
 

package/.claude/skills/cc-check/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-check
-version: 1.10.0
+version: 1.10.1
 description: Use when a planned or investigated change needs fresh verification evidence, layered gate proof, review truth, and an honest pass fail blocked verdict before entering cc-act.
 triggers:
   - 验收这个需求
@@ -25,7 +25,7 @@ entry_gate:
   - Re-run fresh commands instead of inheriting cc-do narration.
   - If evidence is stale or missing, reset context and rebuild the verdict from canonical artifacts.
 exit_criteria:
-  - review/report-card.json records pass, fail, or blocked using fresh evidence, review freshness, claim evidence, QA coverage and browser evidence, failure ownership, plus spec alignment and sync readiness.
+  - review/report-card.json records pass, fail, or blocked using fresh evidence, review freshness, claim evidence, QA coverage and browser evidence, human UAT when applicable, named failure ownership, plus spec alignment and sync readiness.
   - Task-level review and requirement-level diff review are separated clearly.
   - 'The next step is unambiguous: cc-act, cc-do, cc-investigate, or cc-plan.'
 reroutes:
@@ -169,6 +169,12 @@ NO PASS WITHOUT FRESH EVIDENCE
 10. **Behavior Contract Layer**
    - expected / actual / reproduction steps 是否用用户和领域语言写清
    - follow-up 是否是行为契约，而不是易腐烂的文件行号 TODO
+11. **Human UAT Layer**
+   - 人工验收是否 required、skipped with reason、pass、fail 或 blocked
+   - failed UAT 必须 reroute 到 `cc-do`、`cc-investigate` 或 `cc-plan`
+12. **Named Error Layer**
+   - runtime failure 必须有 `errorName`、artifact refs、failure owner 和 rescue action
+   - invalid JSON、stale artifact、missing report 不能变成静默 `blocked`
 
 任何一层失真，都不能写 `pass`。
 
@@ -284,6 +290,13 @@ NO PASS WITHOUT FRESH EVIDENCE
 4. `environment` 必须记录缺失依赖、权限、服务、密钥或平台约束。
 5. `pass` 不能带未解释的 `in-branch` 或 `ambiguous` 失败。
 
+每条 failure ownership 还必须命名：
+
+- `errorName`：可搜索的错误名，例如 `MissingSpecReviewProof`
+- `artifactRefs`：指向 report、manifest、checkpoint、日志或命令输出
+- `rescueAction`：下一步救援动作，不写空泛“检查一下”
+- `owner`：`branch` / `baseline` / `environment` / `external` / `unknown`
+
 ## Entry Gate
 
 1. 先读 `planning/design.md` 或 `planning/analysis.md`，再读 `planning/tasks.md`、`planning/task-manifest.json`。

package/.claude/skills/cc-check/assets/REPORT_CARD_TEMPLATE.json

@@ -13,10 +13,17 @@
     "status": "blocked",
     "failureOwnership": [
       {
+        "errorName": "MissingSpecReviewProof",
         "failure": "missing spec review proof",
         "classification": "in-branch",
+        "owner": "branch",
         "touchedByDiff": true,
+        "artifactRefs": [
+          "planning/task-manifest.json",
+          "review/report-card.json"
+        ],
         "evidence": "planning/task-manifest.json tasks[T002].reviews.spec is empty",
+        "rescueAction": "record spec review proof for T002 or reroute to cc-do",
         "action": "reroute-cc-do",
         "status": "open"
       }
@@ -107,6 +114,16 @@
       "issues": [],
       "skipReason": "template example is not a UI browser QA scenario"
     },
+    "humanUat": {
+      "status": "skipped",
+      "required": false,
+      "scenario": "",
+      "tester": "",
+      "evidence": [],
+      "failure": "",
+      "reroute": "none",
+      "skipReason": "not required for this template scenario"
+    },
     "architectureFollowUps": [
       {
         "summary": "Add the missing public test seam before widening coverage",
@@ -183,6 +200,7 @@
           "summary": "T002 spec review proof is missing",
           "evidence": "planning/task-manifest.json tasks[T002].reviews.spec is empty",
           "action": "reroute-cc-do",
+          "rescueAction": "record spec review proof for T002 or return to cc-do",
           "triageStatus": "clarification-needed",
           "confidenceScore": 9,
           "fingerprint": "task-review:T002:missing-spec-review",

package/.claude/skills/cc-do/CHANGELOG.md

@@ -1,5 +1,11 @@
 # CC-Do Skill Changelog
 
+## v1.6.1 - 2026-04-29
+
+- reject parent/child touched-path overlaps when selecting parallel execution surfaces
+- report submodule touches separately so unrelated tasks are not serialized by mere `.gitmodules` presence
+- document quick-lane and wave scheduling gates so small tasks still leave checkpoint, verification, and handoff truth
+
 ## v1.6.0 - 2026-04-28
 
 - prohibit horizontal TDD execution by requiring one tracer bullet Red/Green/Refactor cycle per observable behavior

package/.claude/skills/cc-do/PLAYBOOK.md

@@ -23,14 +23,15 @@
 
 ## Execution Loop
 
-1. 读取 `task-manifest.json`，先用 `scripts/select-ready-tasks.sh` 找出当前 ready tasks。
-2. 如果有多于一个 ready task，要先跑 `scripts/detect-file-conflicts.sh`；有共享触点或依赖关系就退回串行。
+1. 读取 `task-manifest.json`，先用 `scripts/select-ready-tasks.sh` 找出当前 ready tasks 和当前 wave。
+2. 如果有多于一个 ready task，要先跑 `scripts/detect-file-conflicts.sh`；有共享触点、父子路径触点或依赖关系就退回串行。
 3. 对每个要执行的 task，先用 `scripts/build-task-context.sh` 从 `planning/design.md`、`planning/tasks.md`、`planning/task-manifest.json` 组装上下文，再开始编码。
 4. 如果当前任务来自 `cc-investigate`，把 `planning/analysis.md` 当成上游合同，不准一边做一边重开调查。
 5. 进入 TDD 闭环：先红，再绿，再重构。
 6. 每个关键节点都写 runtime：失败测试、Green 通过、Refactor、Review 结论、阻塞原因。
 7. 任务实现后，先过 `spec review`，再过 `code review`，review 不通过就回到实现。
 8. 两道 review 门都通过后，才能把任务标成完成，并把结果留给 `cc-check`。
+9. quick lane 只允许减少叙事，不允许减少 current task、checkpoint、verification、handoff 和 review gates。
 
 ## Local Kit
 
@@ -98,8 +99,9 @@
 1. 任务处于当前 active phase
 2. `dependsOn` 已全部满足
 3. 任务显式允许并行，例如 `[P]`
-4. `touches` / `files` 不冲突
-5. 每个 subagent 都拿到了自己的 task context
+4. `touches` / `files` 不冲突，且父路径 / 子路径也不重叠
+5. submodule touches 已被标出；触达 submodule 的任务不能默认拿普通 worktree 隔离
+6. 每个 subagent 都拿到了自己的 task context
 
 少一条，都按顺序执行。
 

package/.claude/skills/cc-do/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-do
-version: 1.6.0
+version: 1.6.1
 description: Use when implementing planned tasks, resuming interrupted work, applying a frozen investigation handoff, or landing review feedback after cc-plan or cc-investigate.
 triggers:
   - 开始做 T003
@@ -27,13 +27,18 @@ writes:
     durability: durable
     required: false
     when: execution mode uses delegated or team workers
+  - path: devflow/changes/<change-key>/meta/change-state.json
+    durability: durable
+    required: false
+    when: pause, resume, dispatch, or quick-lane state changes
 effects:
   - code changes
   - test changes
   - workspace scratch runtime updates
 entry_gate:
   - Read planning/design.md or planning/analysis.md, then planning/tasks.md, planning/task-manifest.json, change-meta.json, related capability specs, and the latest checkpoint before changing code.
-  - Select only ready tasks whose dependencies and file ownership are clear.
+  - Select only ready tasks whose dependencies, wave, touched paths, and file ownership are clear.
+  - Reject parallel execution when touched paths overlap by exact path or parent/child path; submodule touches must be isolated unless the task explicitly owns that submodule.
   - If the current task cannot be restated from canonical artifacts, run a context reset before coding.
 exit_criteria:
   - The current task has red/green evidence, public-seam test quality evidence, review evidence, and a resumable checkpoint trail.
@@ -146,15 +151,17 @@ Red 不是形式上的红，而是公共 seam 上的行为缺失证明。测试
 
 1. 先读 `planning/design.md` 或 `planning/analysis.md`，再读 `planning/tasks.md`、`planning/task-manifest.json`；如果是恢复执行，再补读最近 checkpoint 或已有 `handoff/resume-index.md`。
 2. 先用 `scripts/select-ready-tasks.sh` 判断现在到底哪几个任务真的 ready。
-3. 只锁定当前 ready task，或一组经依赖与触点校验后可并行的 ready tasks。
+3. 只锁定当前 ready task，或一组经依赖、wave、精确触点与父子路径触点校验后可并行的 ready tasks。
 4. 如果这次来自 `cc-investigate`，必须把 `planning/analysis.md` 当成 canonical contract，而不是一边实现一边重新调查。
 5. 没有任务上下文，不准把任务扔给 subagent；先用 `scripts/build-task-context.sh` 从 `planning/design.md` 或 `planning/analysis.md`、`planning/tasks.md`、`planning/task-manifest.json`、`change-meta.json` 与相关 capability spec 组装上下文。
+6. 如果 `task-manifest.json.metadata.lane == "quick"`，仍然必须有 current task、verification、checkpoint 和 handoff；quick 只缩短文档密度，不跳过证据。
+7. 如果仓库含 `.gitmodules` 或 manifest 提供 `submodulePaths`，先用 `scripts/detect-file-conflicts.sh` 标出 `submoduleTouches`；只有触达该 submodule 的任务失去默认 worktree 隔离资格，未触达任务不能被无辜串行化。
 
 ## Loop
 
 1. 读取当前任务，而不是重新发明任务。
-2. 依赖没满足前，不准提前做下游任务。
-3. 没有明确并行资格，不准把多个实现任务同时推进。
+2. 依赖没满足前，不准提前做下游任务；不同 wave 之间不允许抢跑。
+3. 没有明确并行资格，不准把多个实现任务同时推进；`touches` 父子路径重叠也算同一执行表面。
 4. 先 `fail-first`：先写失败测试，先看见预期红，再写生产代码。
 5. 如果红灯不是预期失败（语法错、fixture 错、测试没连上），先修测试直到它正确失败。
 6. 如果红灯通过错误 seam 得到，比如私有方法、内部调用次数、mock 内部协作者，先修测试 seam，不准进入 Green。
@@ -176,9 +183,11 @@ Red 不是形式上的红，而是公共 seam 上的行为缺失证明。测试
 ## Good Output
 
 - 当前 task 一眼可见，执行者不用从聊天记录里猜目标
+- 当前 wave、ready tasks、parallel candidates、touch conflict verdict 和 submoduleTouches 一眼可见
 - 至少留下一次明确的 tracer bullet Red/Green/Refactor 证据，且 Red 是公共 seam 上的预期行为失败
 - 测试 fixture 说明真实 contract 字段和测试填充字段，没有用类型欺骗或内部 mock 制造假绿
 - runtime / checkpoint 足够让下一位接手者无损恢复
+- quick lane 也有 mini manifest、checkpoint、verification 和唯一 next action，不靠聊天记录继续
 - reviewer 能顺着 review 记录和验证命令复盘这次实现
 
 ## Bundled Resources

package/.claude/skills/cc-do/references/execution-recovery.md

@@ -7,6 +7,8 @@
 - 当前 task status
 - 当前 active phase
 - 当前 ready tasks
+- 当前 wave / parallel candidates / touch conflict verdict
+- submoduleTouches（如适用）
 - 当前 review gates（spec / code）
 - 已完成证据
 - 阻塞点
@@ -95,3 +97,4 @@
 - 验收标准
 - 验证命令
 - 不做项 / 边界
+- quick lane 是否仍有 mini manifest、checkpoint、verification 和唯一 next action

package/.claude/skills/cc-do/references/parallel-dispatch.md

@@ -12,17 +12,18 @@
 
 1. 两个任务都在当前 active phase
 2. `dependsOn` 已满足，且互不依赖
-3. `touches` / `files` 没有交集
+3. `touches` / `files` 没有交集，且没有父路径 / 子路径重叠
 4. 不共享同一个可变资源，例如同一 schema、同一公共接口、同一全局状态
 5. 验证命令可以各自独立运行
 6. 每个任务都有完整上下文包，不需要靠别人的临场解释补脑
+7. submodule touches 已经被识别；只有实际触达 submodule 的任务失去普通 worktree 隔离资格
 
 ## Must Run Sequentially
 
 命中任一条，就必须串行：
 
 1. 一个任务依赖另一个任务的输出
-2. 两个任务会改同一个文件或同一抽象边界
+2. 两个任务会改同一个文件、父子路径或同一抽象边界
 3. 上游任务在定义契约，下游任务在消费契约
 4. 一个任务先改 schema / API，另一个任务基于它写实现
 5. 你还不能清楚说出每个任务各自的验收标准
@@ -50,8 +51,9 @@
 
 1. 先选当前 active phase 的 ready tasks
 2. 在 ready tasks 里优先选 `touches` 不重叠的任务
-3. 在不重叠任务里优先选验证面最小的任务
-4. 如果仍然不确定，退回串行
+3. 在不重叠任务里排除 submodule-touch 隔离风险
+4. 在剩余任务里优先选验证面最小的任务
+5. 如果仍然不确定，退回串行
 
 ## Good Example
 

package/.claude/skills/cc-do/scripts/detect-file-conflicts.sh

@@ -30,18 +30,41 @@ const sourceTasks = Array.isArray(parsed)
 const tasks = sourceTasks.filter((task) => task && task.parallel !== false);
 const fileConflicts = [];
 const dependencyConflicts = [];
+const submoduleTouches = [];
 const conflictedTaskIds = new Set();
 
 function touchesOf(task) {
-  return [...new Set([...(task.touches || []), ...(task.files || [])].filter(Boolean))];
+  return [...new Set([...(task.touches || []), ...(task.files || [])].filter(Boolean).map(normalizePath))];
+}
+
+function normalizePath(value) {
+  return String(value)
+    .replace(/\\/g, '/')
+    .replace(/\/+/g, '/')
+    .replace(/^\.\//, '')
+    .replace(/\/$/, '');
+}
+
+function overlaps(left, right) {
+  if (left === right) return left;
+  if (left && right.startsWith(`${left}/`)) return left;
+  if (right && left.startsWith(`${right}/`)) return right;
+  return '';
 }
 
 for (let index = 0; index < tasks.length; index += 1) {
   for (let offset = index + 1; offset < tasks.length; offset += 1) {
     const left = tasks[index];
     const right = tasks[offset];
-    const leftTouches = new Set(touchesOf(left));
-    const sharedTouches = touchesOf(right).filter((touch) => leftTouches.has(touch));
+    const leftTouches = touchesOf(left);
+    const rightTouches = touchesOf(right);
+    const sharedTouches = [
+      ...new Set(
+        leftTouches.flatMap((leftTouch) =>
+          rightTouches.map((rightTouch) => overlaps(leftTouch, rightTouch)).filter(Boolean)
+        )
+      )
+    ];
 
     if (sharedTouches.length > 0) {
       conflictedTaskIds.add(left.id);
@@ -68,6 +91,28 @@ for (let index = 0; index < tasks.length; index += 1) {
   }
 }
 
+const submodulePaths = (parsed.submodulePaths || [])
+  .map(normalizePath)
+  .filter(Boolean);
+
+if (submodulePaths.length > 0) {
+  for (const task of tasks) {
+    const taskTouches = touchesOf(task);
+
+    for (const submodulePath of submodulePaths) {
+      const matchedTouches = taskTouches.filter((touch) => overlaps(submodulePath, touch));
+
+      if (matchedTouches.length > 0) {
+        submoduleTouches.push({
+          task: task.id,
+          submodulePath,
+          touches: matchedTouches
+        });
+      }
+    }
+  }
+}
+
 const safeTaskIds = tasks
   .map((task) => task.id)
   .filter((taskId) => !conflictedTaskIds.has(taskId));
@@ -78,6 +123,7 @@ process.stdout.write(
       hasConflicts: fileConflicts.length > 0 || dependencyConflicts.length > 0,
       fileConflicts,
       dependencyConflicts,
+      submoduleTouches,
       safeTaskIds
     },
     null,

package/.claude/skills/cc-investigate/CHANGELOG.md

@@ -1,5 +1,11 @@
 # CC-Investigate Skill Changelog
 
+## v1.2.1 - 2026-04-29
+
+- add persistent debug session fields for active hypothesis, probes, cleanup state, and next evidence action
+- add diagnose-only and workflow-forensics modes so root-cause reports do not masquerade as completed repairs
+- update the analysis template with debug session, workflow forensics, and diagnose-only outcome sections
+
 ## v1.2.0 - 2026-04-28
 
 - treat feedback loops as investigation products that must be made faster, sharper, and more deterministic before root cause freeze

package/.claude/skills/cc-investigate/PLAYBOOK.md

@@ -20,6 +20,8 @@
 7. 调查失败三次后先重建入口，不准继续乱补。
 8. 没有 frozen root-cause contract，不准进入 repair task。
 9. 多组件、深层调用、flaky 问题必须先补边界探针、反向追踪或条件等待证据。
+10. diagnose-only 只能输出根因、owner、风险和 next action，不能把未修复状态标成完成。
+11. workflow forensics 先分类 artifact / git / state / tool / permission / process failure，再决定是否进入修复。
 
 ## Iron Law
 
@@ -61,6 +63,8 @@ root-cause contract 至少包含：稳定复现或缩小后的可验证症状、
 | `history-trace` | 同一区域反复坏 | 查历史 `analysis.md`、TODO、report-card finding |
 | `pattern-research` | 陌生框架 / 依赖 / 平台错误 | 脱敏后查通用错误类型 |
 | `contract-check` | 修复边界可能扩大 | 判定 implementation drift / missing spec truth / roadmap mismatch |
+| `diagnose-only` | 用户只要问题解释或现在不能修 | 冻结 root cause、owner、risk、next action，不生成实现完成态 |
+| `workflow-forensics` | devflow artifact、git、状态、权限或工具链断裂 | 分类 failure owner 和 rescue action，再决定 reroute |
 
 ## Pattern Analysis
 
@@ -89,6 +93,9 @@ root-cause contract 至少包含：稳定复现或缩小后的可验证症状、
 - Diagnostic Instrumentation Plan：probe tag、probe location、question answered、command、expected signal、cleanup requirement
 - Feedback Loop Contract：loop type、command、expected / actual signal、symptom match、runtime、determinism、failure rate、sharpening plan
 - Correct Test Seam：test seam、public interface exercised、why it reaches the real trigger chain、why shallow tests are rejected
+- Persistent Debug Session：session id、active hypothesis、completed probes、cleanup state、next evidence action
+- Workflow Forensics：artifact state、git state、runtime state、tool/permission/process failure owner、rescue action
+- Diagnose-Only Outcome：root cause, owner, risk, next action, and explicit no-repair verdict
 
 这些字段不是装饰。它们的作用是证明根因位于源头，而不是报错点。
 

package/.claude/skills/cc-investigate/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cc-investigate
-version: 1.2.0
+version: 1.2.1
 description: "Use when a bug, regression, broken task, or unexpected behavior needs root-cause investigation, reproducible evidence, and a frozen repair handoff before cc-do resumes coding."
 triggers:
   - "帮我查这个 bug"
@@ -34,12 +34,15 @@ entry_gate:
   - "Read the current bug report, existing requirement artifacts, relevant code, tests, and recent history before forming any hypothesis."
   - "Use a FIX-<number>-<description> change key for new bug-fix investigations."
   - "Build a runnable feedback loop, confirm it matches the reported symptom, then freeze the evidence chain before proposing repair tasks."
+  - "Record persistent debug session state: active hypothesis, probes, cleanup status, and next evidence action."
   - "Search prior investigations, TODO/backlog signals, and recent fixes in the affected area before declaring the bug novel."
   - "For multi-component, deep-stack, or flaky symptoms, record boundary probes, backward trace, or condition-wait evidence before declaring the root cause."
   - "For performance regressions, collect a baseline or profile signal before treating logs as evidence."
   - "Do not write production code here; this stage ends with planning/analysis.md plus executable repair tasks for cc-do."
 exit_criteria:
   - "planning/analysis.md records symptom, reproduction, evidence chain, boundary probes or backward trace when applicable, pattern analysis, tested hypotheses, confirmed root cause, and repair boundary."
+  - "diagnose-only outcomes clearly stop before implementation while preserving root cause, owner, and next action."
+  - "workflow forensics classify artifact, git, state, or tool failures before repair tasks are generated."
   - "planning/tasks.md and planning/task-manifest.json are explicit enough that cc-do can repair the bug without chat memory."
   - "The honest next step is cc-do, cc-plan, or roadmap."
 reroutes:
@@ -141,6 +144,8 @@ NO REPAIR WITHOUT A FROZEN ROOT-CAUSE CONTRACT
 | 错误类型陌生，像框架 / 依赖 / 平台问题 | `pattern-research`，先做脱敏外部调研 |
 | 同一区域反复坏 | `history-trace`，先查 prior investigations 和最近修复 |
 | 看起来像 bug，实则是未定义行为或新需求 | 直接 reroute 到 `cc-plan` |
+| 用户只要根因报告、不要求修复 | `diagnose-only`，停止在报告与 next action，不生成完成态实现任务 |
+| 失败来自 workflow / artifact / git / state 断裂 | `workflow-forensics`，先分类坏在文件、状态、工具、权限还是流程 |
 
 先说“这是什么类问题”，再说“我要怎么修”。没有分类的 debug，最后都会变成乱打补丁。
 
@@ -174,6 +179,9 @@ NO REPAIR WITHOUT A FROZEN ROOT-CAUSE CONTRACT
 
 `cc-investigate` 不写生产代码，不在这里偷跑 `cc-do`。
 
+diagnose-only 仍然写 `planning/analysis.md`，但 `planning/tasks.md` 只能包含证据交接、
+监控、人工动作或明确的 `reroute`；不能把“已经诊断”伪装成“已经修复”。
+
 ## Entry Gate
 
 1. 先确认当前对象仍然属于一个 requirement，而不是整个项目级故障。
@@ -228,6 +236,7 @@ NO REPAIR WITHOUT A FROZEN ROOT-CAUSE CONTRACT
 8. **Hand off**
    - 下一步明确写成 `cc-do`
    - 如果 repair contract 越过当前 requirement，就 reroute 到 `cc-plan`
+   - 如果是 diagnose-only，下一步写成 human action、monitoring、backlog、`cc-plan` 或 `cc-do`，但不得标记实现完成
 
 ## Pattern Analysis
 

package/.claude/skills/cc-investigate/assets/ANALYSIS_TEMPLATE.md

@@ -36,6 +36,17 @@
 - Sharpening plan:
 - If no loop, evidence request:
 
+## Debug Session
+
+- Session ID:
+- Started at:
+- Current mode: `reproduce-first` | `feedback-loop` | `diff-trace` | `boundary-probe` | `backward-trace` | `reference-compare` | `condition-wait` | `history-trace` | `pattern-research` | `contract-check` | `diagnose-only` | `workflow-forensics`
+- Active hypothesis:
+- Completed probes:
+- Open probes:
+- Cleanup status:
+- Next evidence action:
+
 ## Evidence Chain
 
 - Logs / stack traces:
@@ -46,6 +57,12 @@
 - TODO / backlog / report-card signals:
 - Native domain / decision context:
 
+## Workflow Forensics
+
+| Failure surface | Observed state | Owner | Rescue action | Evidence |
+| --- | --- | --- | --- | --- |
+| artifact / git / runtime-state / tool / permission / process | | | | |
+
 ## Boundary Probe Matrix
 
 | Component boundary | Input observed | Output observed | Config / env observed | State observed | Verdict |
@@ -132,6 +149,16 @@
 - Operator handling after fix:
 - Prior history relationship: `new` | `recurring` | `same-root-cause` | `architectural-smell-candidate`
 
+## Diagnose-Only Outcome
+
+- Applies: `yes` | `no`
+- Why no repair now:
+- Root cause owner:
+- Risk if left unresolved:
+- Monitoring / follow-up evidence:
+- Next action: `human-action` | `monitor` | `backlog` | `reroute-cc-plan` | `handoff-cc-do`
+- Explicit no-repair verdict:
+
 ## Correct Test Seam
 
 - Test seam:
@@ -160,6 +187,9 @@
 - Feedback loop trustworthy:
 - Symptom match confirmed:
 - Root cause confirmed:
+- Debug session cleanup complete:
+- Workflow forensics classified:
+- Diagnose-only verdict if applicable:
 - Correct test seam identified:
 - Repair scope still belongs to this requirement:
 - If not, reroute: