cclaw-cli 0.46.11 → 0.46.12

package/dist/artifact-linter.js

@@ -114,7 +114,8 @@ function tokensFromRule(rule) {
             "FINALIZE_MERGE_LOCAL",
             "FINALIZE_OPEN_PR",
             "FINALIZE_KEEP_BRANCH",
-            "FINALIZE_DISCARD_BRANCH"
+            "FINALIZE_DISCARD_BRANCH",
+            "FINALIZE_NO_VCS"
         ];
     }
     if (/final verdict/iu.test(rule)) {
@@ -186,6 +187,9 @@ function getMarkdownTableRows(sectionBody) {
 const DIAGRAM_ARROW_PATTERN = /(?:<--?>|<?==?>|--?>|->>|=>|-\.->|→|⟶|↦)/u;
 const DIAGRAM_FAILURE_EDGE_PATTERN = /\b(fail(?:ed|ure)?|error|timeout|fallback|degrad(?:e|ed|ation)|retry|backoff|circuit|unavailable|recover(?:y)?|rescue|mitigat(?:e|ion)|rollback|exception|abort|dead[\s-]?letter|dlq)\b/iu;
 const DIAGRAM_GENERIC_NODE_PATTERN = /\b(service|component|module|system)\s*(?:[A-Z0-9])?\b/iu;
+const TEST_COMMAND_MARKER_PATTERN = /\b(?:npm|pnpm|yarn|bun|vitest|jest|pytest|go test|cargo test|mvn test|gradle test|dotnet test)\b/iu;
+const RED_FAILURE_MARKER_PATTERN = /\b(?:fail|failed|failing|assertionerror|cannot find|exception|error|exit code\s*[:=]?\s*[1-9])\b/iu;
+const GREEN_SUCCESS_MARKER_PATTERN = /\b(?:pass|passed|green|ok|0 failed|exit code\s*[:=]?\s*0)\b/iu;
 function diagramEdgeLines(sectionBody) {
     return sectionBody
         .split(/\r?\n/)
@@ -219,6 +223,80 @@ function hasSyncDiagramEdge(lines) {
         return !/-\.->|-->>|~~>/u.test(line);
     });
 }
+function validateTddRedEvidence(sectionBody) {
+    const meaningful = meaningfulLineCount(sectionBody);
+    if (meaningful < 2) {
+        return {
+            ok: false,
+            details: "RED Evidence must include at least 2 meaningful lines (command plus failing output context)."
+        };
+    }
+    if (!TEST_COMMAND_MARKER_PATTERN.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "RED Evidence must include the test command that produced the failure."
+        };
+    }
+    if (!RED_FAILURE_MARKER_PATTERN.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "RED Evidence must include explicit failing output markers (FAIL/FAILED/AssertionError/exit code != 0)."
+        };
+    }
+    return {
+        ok: true,
+        details: "RED Evidence includes command + failing output markers."
+    };
+}
+function validateTddGreenEvidence(sectionBody) {
+    const meaningful = meaningfulLineCount(sectionBody);
+    if (meaningful < 2) {
+        return {
+            ok: false,
+            details: "GREEN Evidence must include at least 2 meaningful lines (command and passing result)."
+        };
+    }
+    if (!TEST_COMMAND_MARKER_PATTERN.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "GREEN Evidence must include the full-suite test command."
+        };
+    }
+    if (!GREEN_SUCCESS_MARKER_PATTERN.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "GREEN Evidence must include explicit passing markers (PASS/PASSED/OK/exit code 0)."
+        };
+    }
+    return {
+        ok: true,
+        details: "GREEN Evidence includes command + passing output markers."
+    };
+}
+function validateVerificationLadder(sectionBody) {
+    if (!/highest tier reached/iu.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "Verification Ladder must include a 'Highest tier reached' line."
+        };
+    }
+    if (!/\b(static|command|behavioral|human)\b/iu.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "Verification Ladder must name a tier (static | command | behavioral | human)."
+        };
+    }
+    if (!/\b(evidence|command|sha|commit)\b/iu.test(sectionBody)) {
+        return {
+            ok: false,
+            details: "Verification Ladder must include evidence details (command output or commit SHA)."
+        };
+    }
+    return {
+        ok: true,
+        details: "Verification Ladder includes tier + evidence fields."
+    };
+}
 const LEARNING_TYPE_SET = new Set(["rule", "pattern", "lesson", "compound"]);
 const LEARNING_CONFIDENCE_SET = new Set(["high", "medium", "low"]);
 const LEARNING_UNIVERSALITY_SET = new Set(["project", "personal", "universal"]);
@@ -594,6 +672,15 @@ function validateSectionBody(sectionBody, rule, sectionName) {
         }
     }
     const sectionNameNormalized = normalizeHeadingTitle(sectionName).toLowerCase();
+    if (sectionNameNormalized === "red evidence") {
+        return validateTddRedEvidence(sectionBody);
+    }
+    if (sectionNameNormalized === "green evidence") {
+        return validateTddGreenEvidence(sectionBody);
+    }
+    if (sectionNameNormalized === "verification ladder") {
+        return validateVerificationLadder(sectionBody);
+    }
     if (sectionNameNormalized === "architecture diagram") {
         const edgeLines = diagramEdgeLines(sectionBody);
         if (edgeLines.length === 0) {

package/dist/content/next-command.js

@@ -46,6 +46,7 @@ This is the only progression command the user needs to drive the entire flow. St
 7. Let \`M\` = \`mandatoryDelegations\` for \`currentStage\`.
 8. If \`M\` is non-empty, inspect **\`${delegationPath}\`**. Treat as satisfied only if each mandatory agent is **completed** or **waived**.
 9. If any mandatory delegation is missing and no waiver exists: **STOP** and ask the user whether to dispatch now or waive with rationale. Do not mark gates passed while delegation is unresolved.
+10. If \`currentStage === "review"\` and \`catalog.blocked\` includes \`review_criticals_resolved\`, treat this as a hard remediation branch: recommend \`/cc-ops rewind tdd "review_blocked_by_critical"\` with the blocking finding IDs, and do not attempt to advance toward ship.
 
 ### Path A: Current stage is NOT complete (any gate unmet or delegation missing)
 
@@ -166,6 +167,8 @@ Load the current stage's skill and command contract:
 
 Execute the stage protocol. The stage skill handles interaction, STOP points, gate tracking, and stage completion via \`bash .cclaw/hooks/stage-complete.sh <stage>\` (canonical flow-state mutation path).
 
+Special-case for review: if \`review_criticals_resolved\` is in \`blocked\`, route to rework instead of looping review forever — recommend \`/cc-ops rewind tdd "review_blocked_by_critical"\`.
+
 **Path B — stage IS complete (all gates met, all delegations done):**
 
 If \`next\` is \`done\`:

package/dist/content/retro-command.js

@@ -17,7 +17,7 @@ export function retroCommandContract() {
 
 Auto-triggered retrospective after ship. \`/cc-next\` drafts \`${retroArtifactPath()}\`
 from run artifacts and knowledge, then asks the user exactly ONE structured
-question: **edit / accept / skip**. Default = accept.
+question: **edit / accept / skip / rewind_for_fix**. Default = accept.
 
 This command is normally invoked indirectly by \`/cc-next\` when
 \`closeout.shipSubstate === "retro_review"\`. Invoking it directly is still
@@ -55,7 +55,8 @@ in the structured ask; there is no \`--skip\` flag.
    to a plain-text lettered list when the tool is hidden or errors):
    - \`accept\` (default) — keep the draft as-is,
    - \`edit\` — user edits \`${retroArtifactPath()}\` in-place, then re-runs \`/cc-next\`,
-   - \`skip\` — record \`retroSkipped: true\` + one-line reason, no compound entry required.
+   - \`skip\` — record \`retroSkipped: true\` + one-line reason, no compound entry required,
+   - \`rewind_for_fix\` — route back to \`plan\` / \`tdd\` / \`review\` with a non-empty reason.
 6. On **accept**:
    - append >=1 strict-schema JSONL line to \`${knowledgePath()}\` with
      \`type: "compound"\`, \`source: "retro"\`, and \`stage: null\`,
@@ -73,7 +74,12 @@ in the structured ask; there is no \`--skip\` flag.
    - set \`retro.completedAt = <ISO>\` (marks gate satisfied for archive), and
      \`retro.compoundEntries = 0\`,
    - set \`closeout.shipSubstate = "compound_review"\`.
-9. Emit a one-line summary: \`retro: accepted|edited|skipped | next: /cc-next\`.
+9. On **rewind_for_fix**:
+   - require \`targetStage\` in \`{ plan, tdd, review }\`,
+   - require a concise rationale (min 20 chars),
+   - instruct \`/cc-ops rewind <targetStage> "<reason>"\`,
+   - reset closeout progression by setting \`closeout.shipSubstate = "idle"\`.
+10. Emit a one-line summary: \`retro: accepted|edited|skipped|rewind_for_fix | next: /cc-next\`.
 
 ## Primary skill
 
@@ -83,7 +89,7 @@ in the structured ask; there is no \`--skip\` flag.
 export function retroCommandSkillMarkdown() {
     return `---
 name: ${RETRO_SKILL_NAME}
-description: "Auto-drafted retrospective with a single structured accept/edit/skip ask. Triggered from /cc-next when shipSubstate=retro_review."
+description: "Auto-drafted retrospective with a single structured accept/edit/skip/rewind_for_fix ask. Triggered from /cc-next when shipSubstate=retro_review."
 ---
 
 # /cc-ops retro
@@ -119,6 +125,7 @@ Do not silently skip. Do not finalize without updating \`flow-state.json\`.
    > - **accept** — keep the draft and continue.
    > - **edit** — I'll edit it, then re-run \`/cc-next\`.
    > - **skip** — no retro this run (requires one-line reason).
+   > - **rewind_for_fix** — route back to plan/tdd/review because post-ship issues were found.
 
 4. Apply the state transition for the chosen option:
    - \`accept\` → append \`{ "type": "compound", "source": "retro", "stage": null, ... }\` line
@@ -128,11 +135,15 @@ Do not silently skip. Do not finalize without updating \`flow-state.json\`.
    - \`skip\` → set \`closeout.retroSkipped\`, \`closeout.retroSkipReason\`,
      \`closeout.retroAcceptedAt\`, \`retro.completedAt\`,
      \`retro.compoundEntries = 0\`; set \`closeout.shipSubstate = "compound_review"\`.
+   - \`rewind_for_fix\` → require \`targetStage ∈ {plan,tdd,review}\` and
+     reason (>=20 chars), then instruct \`/cc-ops rewind <targetStage> "<reason>"\`
+     and set \`closeout.shipSubstate = "idle"\` to restart closeout after rework.
 
 5. Print one-line completion summary:
    - \`retro gate: accepted (<N> compound entries)\`
    - \`retro gate: skipped (reason: <text>)\`
    - \`retro gate: editing (re-run /cc-next when ready)\`
+   - \`retro gate: rewind_for_fix (target=<stage>)\`
 
 ## Resume semantics
 

package/dist/content/stage-schema.js

@@ -36,11 +36,12 @@ const REQUIRED_GATE_IDS = {
         "tdd_verified_before_complete",
         ...(track === "quick" ? [] : ["tdd_traceable_to_plan"])
     ],
-    review: [
+    review: (track) => [
         "review_layer1_spec_compliance",
         "review_layer2_security",
         "review_criticals_resolved",
-        "review_army_json_valid"
+        "review_army_json_valid",
+        ...(track === "quick" ? [] : ["review_trace_matrix_clean"])
     ],
     ship: [
         "ship_review_verdict_valid",
@@ -268,6 +269,12 @@ export function buildTransitionRules() {
             guards: stageGateIds(schema.stage)
         });
     }
+    // Review can explicitly route back to TDD when the verdict is BLOCKED.
+    rules.push({
+        from: "review",
+        to: "tdd",
+        guards: ["review_verdict_blocked"]
+    });
     return rules;
 }
 export function stagePolicyNeedles(stage, track = "standard") {

package/dist/content/stages/review.js

@@ -24,6 +24,7 @@ export const REVIEW = {
         "Change-Size Check — ~100 lines = normal. ~300 lines = consider splitting. ~1000+ lines = strongly recommend stacked PRs. Flag large diffs to the user.",
         "Adversarial Trigger Check — compute changed-line count (`git diff --shortstat <base>..HEAD`), files-touched count, and whether trust boundaries changed (auth/secrets/external inputs/permissions). If `lines > 100` OR `files > 10` OR `trust boundary changed`, **dispatch a SECOND reviewer agent with the `adversarial-review` skill loaded** and reconcile its findings into the review army (treat the conditional dispatch as mandatory whenever the trigger holds; record the trigger that fired in the dashboard).",
         "Load upstream evidence — read TDD artifact (RED + GREEN + REFACTOR), spec, and plan. Verify evidence chain is unbroken.",
+        "Run traceability matrix — execute `cclaw internal trace-matrix` (or equivalent helper) and confirm there are no orphaned criteria/tasks/tests before declaring ship readiness.",
         "Layer 1: Spec Compliance — check every acceptance criterion against implementation. Verdict: pass/fail per criterion.",
         "Layer 2a: Correctness — logic errors, race conditions, boundary violations, null handling.",
         "Layer 2b: Security — input validation, auth boundaries, secrets exposure, injection vectors. **Mandatory:** also load and execute the `.cclaw/skills/security-audit/SKILL.md` utility skill (proactive pattern sweep across diff + touched modules, not just the diff itself) and merge findings into the review army. The Layer 2 security pass is not complete until the audit sweep records a finding count (0 acceptable) with file:line evidence for every Critical.",
@@ -34,7 +35,8 @@ export const REVIEW = {
         "Review Army reconciliation — normalize findings into structured records, dedup by fingerprint, and mark multi-specialist confirmations.",
         "Meta-Review — Were tests actually run? Do test names match what they test? Are there real assertions?",
         "Classify findings — Critical (blocks ship), Important (should fix), Suggestion (optional improvement).",
-        "Produce verdict — APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED."
+        "Produce verdict — APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED.",
+        "If verdict is BLOCKED, emit remediation route token `ROUTE_BACK_TO_TDD` and include `/cc-ops rewind tdd \"review_blocked_by_critical\"` with the blocking finding IDs."
     ],
     interactionProtocol: [
         "Run Layer 1 (spec compliance) completely before starting Layer 2.",
@@ -42,6 +44,7 @@ export const REVIEW = {
         "Classify every finding as Critical, Important, or Suggestion.",
         "For each Critical finding: use the Decision Protocol — present resolution options (A/B/C) with trade-offs, and mark one as (recommended). Do NOT use a numeric Completeness rubric; recommend the option that fully closes the finding with no carry-over risk and the smallest blast radius. If the harness's native structured-ask tool is available (`AskUserQuestion` on Claude, `AskQuestion` on Cursor, `question` on OpenCode with `permission.question: \"allow\"`, `request_user_input` on Codex in Plan/Collaboration mode), send exactly ONE question per call, validate fields against the runtime schema, and on schema error immediately fall back to a plain-text lettered list instead of retrying guessed payloads.",
         "Resolve all critical blockers before ship.",
+        "When verdict is BLOCKED, do not end with a passive stop: explicitly route remediation to TDD via `ROUTE_BACK_TO_TDD` and point to `/cc-ops rewind tdd` with the blocking IDs.",
         "For final verdict: use the native structured-ask tool (`AskUserQuestion` / `AskQuestion` / `question` / `request_user_input`) only if runtime schema is confirmed; otherwise collect verdict with a plain-text single-choice prompt (APPROVED / APPROVED_WITH_CONCERNS / BLOCKED).",
         "**STOP.** Do NOT proceed to ship until the user provides an explicit verdict."
     ],
@@ -53,21 +56,25 @@ export const REVIEW = {
         "Layer 2d: check architecture fit — design compliance, coupling, interfaces.",
         "Reconcile multi-agent findings into `.cclaw/artifacts/07-review-army.json` (dedup + confidence + conflict notes).",
         "Classify and prioritize all findings.",
-        "Write review report artifact with explicit verdict."
+        "Write review report artifact with explicit verdict.",
+        "If verdict is BLOCKED, include the remediation route token `ROUTE_BACK_TO_TDD` and the rewind command payload."
     ],
     requiredGates: [
         { id: "review_layer1_spec_compliance", description: "Spec compliance check completed with per-criterion verdict." },
         { id: "review_layer2_security", description: "Security review completed." },
         { id: "review_criticals_resolved", description: "No unresolved critical blockers remain." },
-        { id: "review_army_json_valid", description: "07-review-army.json passes schema validation (validateReviewArmy)." }
+        { id: "review_army_json_valid", description: "07-review-army.json passes schema validation (validateReviewArmy)." },
+        { id: "review_trace_matrix_clean", description: "Trace matrix has no orphaned criteria/tasks/test slices for the active run." }
     ],
     requiredEvidence: [
         "Artifact written to `.cclaw/artifacts/07-review.md`.",
         "Artifact written to `.cclaw/artifacts/07-review-army.json`.",
+        "Traceability matrix run recorded (no orphaned criteria/tasks/tests for enforced tracks).",
         "Layer 1 verdict captured with per-criterion pass/fail.",
         "Layer 2 sections completed with findings.",
         "Severity log includes critical/important/suggestion buckets.",
-        "Explicit final verdict: APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED."
+        "Explicit final verdict: APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED.",
+        "If BLOCKED: include explicit remediation route (`ROUTE_BACK_TO_TDD`) with blocking finding IDs."
     ],
     inputs: ["implementation diff", "spec and plan artifacts", "test/build evidence"],
     requiredContext: ["spec criteria", "tdd artifact", "rulebook constraints"],
@@ -88,15 +95,9 @@ export const REVIEW = {
         "No severity classification",
         "Shipping with open criticals",
         "Batching multiple findings into one report without individual resolution",
-        "Skipping Layer 2 sections because Layer 1 passed",
-        "No separate Layer 1/Layer 2 outcomes",
-        "No structured review-army reconciliation artifact",
-        "No critical bucket",
-        "No explicit ready/not-ready verdict",
-        "Review sections skipped or abbreviated",
-        "Findings not classified by severity"
+        "Skipping Layer 2 sections because Layer 1 passed"
     ],
-    policyNeedles: ["Layer 1", "Layer 2", "Critical", "Review Army", "Ready to Ship", "One issue at a time"],
+    policyNeedles: ["Layer 1", "Layer 2", "Critical", "Review Army", "Ready to Ship", "ROUTE_BACK_TO_TDD", "One issue at a time"],
     artifactFile: "07-review.md",
     next: "ship",
     reviewSections: [
@@ -205,6 +206,8 @@ export const REVIEW = {
         { section: "Review Readiness Dashboard", required: false, validationRule: "Includes a per-pass table (Layer 1 / Layer 2 / Adversarial / Schema) with a 'Completed at' column, a Delegation log snapshot block (path .cclaw/state/delegation-log.json with required/completed/waived/pending), a Staleness signal block (commit at last review pass and current commit), and a Headline with open critical blockers + ship recommendation. At minimum, the section text must contain the substrings 'Completed at', 'delegation-log.json', 'commit at last review pass', and 'Ship recommendation'." },
         { section: "Completeness Score", required: false, validationRule: "Records AC coverage, task coverage, test-slice coverage, and adversarial-review pass status as numeric or boolean values. At minimum, a line like 'AC coverage: N/M' or 'AC coverage: 100%'." },
         { section: "Incoming Feedback Queue", required: false, validationRule: "When external review feedback exists, include a queue summary with per-item disposition (resolved / accepted-risk / rejected-with-evidence) and evidence refs." },
+        { section: "Trace Matrix Check", required: false, validationRule: "Records criteria/tasks/tests orphan counts (all zero on enforced tracks) with command output reference." },
+        { section: "Blocked Route", required: false, validationRule: "When Final Verdict is BLOCKED: includes `ROUTE_BACK_TO_TDD`, rewind target `tdd`, and blocked finding IDs." },
         { section: "Severity Summary", required: true, validationRule: "Per-severity count lines for critical, important, and suggestion buckets." },
         { section: "Final Verdict", required: true, validationRule: "Exactly one of: APPROVED, APPROVED_WITH_CONCERNS, BLOCKED." }
     ]

package/dist/content/stages/ship.js

@@ -5,14 +5,15 @@ export const SHIP = {
     stage: "ship",
     skillFolder: "shipping-and-handoff",
     skillName: "shipping-and-handoff",
-    skillDescription: "Release handoff stage with preflight checks, rollback readiness, and explicit finalization mode.",
-    hardGate: "Do NOT merge, push, or finalize without a passed preflight check, written rollback plan, and exactly one explicit finalization mode selected. No exceptions for urgency.",
+    skillDescription: "Release handoff stage with preflight checks, rollback readiness, and explicit finalization mode for both git and non-git workflows.",
+    hardGate: "Do NOT merge, push, or finalize without a passed preflight check, written rollback plan, and exactly one explicit finalization mode selected. No exceptions for urgency. If no VCS is available, use FINALIZE_NO_VCS explicitly instead of inventing git steps.",
     ironLaw: "NO MERGE WITHOUT GREEN CI, A WRITTEN ROLLBACK, AND EXACTLY ONE SELECTED FINALIZATION MODE.",
     purpose: "Prepare a safe release handoff with clear rollback and branch finalization decision.",
     whenToUse: [
         "After review passes with APPROVED or APPROVED_WITH_CONCERNS verdict",
         "Before creating PR/merge/final branch action",
-        "When release notes and rollback plan are required"
+        "When release notes and rollback plan are required",
+        "When shipping from non-git environments (docs bundles, script drops, detached artifacts)"
     ],
     whenNotToUse: [
         "Review verdict is BLOCKED or unresolved critical findings remain",
@@ -22,20 +23,21 @@ export const SHIP = {
     checklist: [
         "Validate upstream gates — verify review verdict is APPROVED or APPROVED_WITH_CONCERNS. If BLOCKED, stop immediately.",
         "Run preflight checks — tests pass, build succeeds, linter clean, type-check clean, no uncommitted changes. Every check must produce fresh output in this message.",
-        "Merge-base detection — identify the correct base branch. Run `git merge-base HEAD <base>`. If the base has diverged significantly, flag for rebase-first.",
+        "Merge-base detection (git only) — identify the correct base branch. Run `git merge-base HEAD <base>`. If the base has diverged significantly, flag for rebase-first.",
         "Re-run tests on merged result — if merging locally, run the full test suite AFTER the merge, not just before. Post-merge failures are common.",
         "Generate release notes — summarize what changed, why, and what it affects. Reference spec criteria. Include: breaking changes, new dependencies, migration steps if any.",
         "Write rollback plan — trigger conditions (what tells you it is broken), rollback steps (exact commands/git operations), and verification (how to confirm rollback worked).",
         "Load utility skills — `verification-before-completion` for fresh evidence and `finishing-a-development-branch` for finalization workflow.",
         "Monitoring checklist — what should be watched after deploy? Error rates, latency, key business metrics. If no monitoring exists, flag it as a risk.",
-        "Select finalization mode — exactly ONE enum: (A) FINALIZE_MERGE_LOCAL, (B) FINALIZE_OPEN_PR, (C) FINALIZE_KEEP_BRANCH, (D) FINALIZE_DISCARD_BRANCH. For discard: list what will be deleted, require typed confirmation.",
-        "Execute finalization — perform the selected action. For merge: verify clean merge. For PR: include structured body (summary, test plan, rollback). For discard: verify deletion.",
-        "Worktree cleanup — if using git worktrees, clean up the worktree after merge/discard. Keep it only for 'keep branch' mode."
+        "Detect repository mode — if `.git/` is absent or inaccessible, lock finalization choices to FINALIZE_NO_VCS only and document manual handoff + rollback.",
+        "Select finalization mode — exactly ONE enum: (A) FINALIZE_MERGE_LOCAL, (B) FINALIZE_OPEN_PR, (C) FINALIZE_KEEP_BRANCH, (D) FINALIZE_DISCARD_BRANCH, (E) FINALIZE_NO_VCS. For discard: list what will be deleted, require typed confirmation.",
+        "Execute finalization — perform the selected action. For merge: verify clean merge. For PR: include structured body (summary, test plan, rollback). For discard: verify deletion. For NO_VCS: record handoff target, artifact bundle path, and manual rollback owner.",
+        "Worktree cleanup — if using git worktrees, clean up the worktree after merge/discard. Keep it only for 'keep branch' mode. Skip for FINALIZE_NO_VCS."
     ],
     interactionProtocol: [
         "Run preflight checks before any release action.",
         "Document release notes and rollback plan explicitly.",
-        "For finalization mode: use the Decision Protocol — present modes as labeled options (A/B/C/D) with consequences, and mark one as (recommended). Do NOT use a numeric Completeness rubric; recommend the mode that best addresses release blast-radius, rollback readiness, observability, and stakeholder communication — ties go to the most reversible option. If the harness's native structured-ask tool is available (`AskUserQuestion` / `AskQuestion` / `question` / `request_user_input`), send exactly ONE question per call, validate fields against the runtime schema, and on schema error immediately fall back to a plain-text lettered list instead of retrying guessed payloads.",
+        "For finalization mode: use the Decision Protocol — present modes as labeled options (A/B/C/D/E) with consequences, and mark one as (recommended). Do NOT use a numeric Completeness rubric; recommend the mode that best addresses release blast-radius, rollback readiness, observability, and stakeholder communication — ties go to the most reversible option. If the harness's native structured-ask tool is available (`AskUserQuestion` / `AskQuestion` / `question` / `request_user_input`), send exactly ONE question per call, validate fields against the runtime schema, and on schema error immediately fall back to a plain-text lettered list instead of retrying guessed payloads.",
         "Do not proceed if critical blockers remain from review.",
         "**STOP.** Present finalization options and wait for user selection before executing any finalization action."
     ],
@@ -43,7 +45,7 @@ export const SHIP = {
         "Validate review and test gates.",
         "Run preflight: build, test, lint, uncommitted-changes check.",
         "Generate release notes and rollback procedure.",
-        "Choose one finalization enum: FINALIZE_MERGE_LOCAL, FINALIZE_OPEN_PR, FINALIZE_KEEP_BRANCH, or FINALIZE_DISCARD_BRANCH.",
+        "Choose one finalization enum: FINALIZE_MERGE_LOCAL, FINALIZE_OPEN_PR, FINALIZE_KEEP_BRANCH, FINALIZE_DISCARD_BRANCH, or FINALIZE_NO_VCS.",
         "Execute finalization action.",
         "Write ship artifact with decision, rationale, and execution result."
     ],
@@ -84,7 +86,8 @@ export const SHIP = {
         "More than one finalization mode implied",
         "No explicit preflight result",
         "Review verdict not referenced",
-        "Finalization not executed, only planned"
+        "Finalization not executed, only planned",
+        "Selecting git-dependent finalization mode when `.git` is unavailable"
     ],
     policyNeedles: [
         "Pre-Ship Checks",
@@ -93,7 +96,8 @@ export const SHIP = {
         "FINALIZE_MERGE_LOCAL",
         "FINALIZE_OPEN_PR",
         "FINALIZE_KEEP_BRANCH",
-        "FINALIZE_DISCARD_BRANCH"
+        "FINALIZE_DISCARD_BRANCH",
+        "FINALIZE_NO_VCS"
     ],
     artifactFile: "08-ship.md",
     next: "done",
@@ -131,7 +135,7 @@ export const SHIP = {
         { section: "Release Notes", required: true, validationRule: "What changed, why, impact. References spec criteria. Breaking changes flagged." },
         { section: "Rollback Plan", required: true, validationRule: "Trigger conditions, rollback steps (exact commands), verification steps." },
         { section: "Monitoring", required: false, validationRule: "If applicable: what metrics/logs to watch post-deploy. Risk note if no monitoring." },
-        { section: "Finalization", required: true, validationRule: "Exactly one finalization enum token selected. Execution result documented. Worktree cleaned if applicable." },
+        { section: "Finalization", required: true, validationRule: "Exactly one finalization enum token selected (FINALIZE_MERGE_LOCAL | FINALIZE_OPEN_PR | FINALIZE_KEEP_BRANCH | FINALIZE_DISCARD_BRANCH | FINALIZE_NO_VCS). Execution result documented. Worktree cleaned if applicable." },
         { section: "Completion Status", required: false, validationRule: "If present: exactly one of SHIPPED, SHIPPED_WITH_EXCEPTIONS, BLOCKED. Exceptions documented when applicable." },
         { section: "Compound Step", required: false, validationRule: "Optional retrospective: at least one bullet of the form 'Insight: ... | Action: append [compound] entry to .cclaw/knowledge.jsonl', or an explicit 'No compound insight this run.' line." }
     ]

package/dist/content/templates.js

@@ -520,6 +520,19 @@ inputs_hash: sha256:pending
 - Adversarial review pass: true | false
 - Overall score: <0-100>
 
+## Trace Matrix Check
+- Command: \`cclaw internal trace-matrix\`
+- Orphaned criteria: 0
+- Orphaned tasks: 0
+- Orphaned tests: 0
+- Evidence ref:
+
+## Blocked Route
+- ROUTE_BACK_TO_TDD: only when Final Verdict = BLOCKED
+- Target stage: tdd
+- Blocking finding IDs:
+- Rewind command payload:
+
 ## Severity Summary
 - Critical:
 - Important:
@@ -585,9 +598,11 @@ inputs_hash: sha256:pending
   - FINALIZE_OPEN_PR
   - FINALIZE_KEEP_BRANCH
   - FINALIZE_DISCARD_BRANCH
-- Selected label (A/B/C/D):
+  - FINALIZE_NO_VCS
+- Selected label (A/B/C/D/E):
 - Execution result:
 - PR URL / merge commit / kept branch / discard confirmation:
+- NO_VCS handoff target + artifact path (if FINALIZE_NO_VCS):
 
 ## Completion Status
 - SHIPPED | SHIPPED_WITH_EXCEPTIONS | BLOCKED

package/dist/content/utility-skills.js

@@ -662,9 +662,11 @@ Do not merge, open PR, or discard branch until verification and rollback notes a
    - FINALIZE_OPEN_PR
    - FINALIZE_KEEP_BRANCH
    - FINALIZE_DISCARD_BRANCH
-3. Execute only the chosen mode and record exact result.
-4. If merge or discard happened in a feature worktree, clean the worktree.
-5. Update ship artifact with release notes, rollback, and finalization evidence.
+   - FINALIZE_NO_VCS
+3. If \`.git\` is unavailable, use FINALIZE_NO_VCS and record manual handoff + rollback owner.
+4. Execute only the chosen mode and record exact result.
+5. If merge or discard happened in a feature worktree, clean the worktree.
+6. Update ship artifact with release notes, rollback, and finalization evidence.
 
 ## Rollback minimum
 

package/dist/gate-evidence.js

@@ -5,6 +5,7 @@ import { RUNTIME_ROOT } from "./constants.js";
 import { stageSchema } from "./content/stage-schema.js";
 import { exists } from "./fs-utils.js";
 import { readFlowState, writeFlowState } from "./runs.js";
+import { buildTraceMatrix } from "./trace-matrix.js";
 async function currentStageArtifactExists(projectRoot, stage, track) {
     const artifactFile = stageSchema(stage, track).artifactFile;
     const candidates = [
@@ -113,6 +114,23 @@ export async function verifyCurrentStageGateEvidence(projectRoot, flowState) {
             if (!verdictConsistency.ok) {
                 issues.push(`review verdict inconsistency: ${verdictConsistency.errors.join("; ")}`);
             }
+            const traceGateRequired = schema.requiredGates.some((gate) => gate.id === "review_trace_matrix_clean" && gate.tier === "required");
+            if (traceGateRequired) {
+                const trace = await buildTraceMatrix(projectRoot);
+                const traceIssues = [];
+                if (trace.orphanedCriteria.length > 0) {
+                    traceIssues.push(`orphaned criteria: ${trace.orphanedCriteria.join(", ")}`);
+                }
+                if (trace.orphanedTasks.length > 0) {
+                    traceIssues.push(`orphaned tasks: ${trace.orphanedTasks.join(", ")}`);
+                }
+                if (trace.orphanedTests.length > 0) {
+                    traceIssues.push(`orphaned tests: ${trace.orphanedTests.join(", ")}`);
+                }
+                if (traceIssues.length > 0) {
+                    issues.push(`review trace-matrix gate blocked (review_trace_matrix_clean): ${traceIssues.join("; ")}.`);
+                }
+            }
         }
     }
     const passedSet = new Set(catalog.passed);

package/dist/run-archive.js

@@ -14,6 +14,8 @@ const STATE_SNAPSHOT_EXCLUDE = new Set([
     ".flow-state.lock",
     ".delegation.lock"
 ]);
+const DELEGATION_LOG_FILE = "delegation-log.json";
+const TDD_CYCLE_LOG_FILE = "tdd-cycle-log.jsonl";
 function runsRoot(projectRoot) {
     return path.join(projectRoot, RUNS_DIR_REL_PATH);
 }
@@ -60,6 +62,12 @@ async function snapshotStateDirectory(projectRoot, destinationRoot) {
     }
     return copied.sort((a, b) => a.localeCompare(b));
 }
+async function resetCarryoverStateFiles(projectRoot, activeRunId) {
+    const stateDir = stateDirPath(projectRoot);
+    await ensureDir(stateDir);
+    await writeFileSafe(path.join(stateDir, DELEGATION_LOG_FILE), `${JSON.stringify({ runId: activeRunId, entries: [] }, null, 2)}\n`);
+    await writeFileSafe(path.join(stateDir, TDD_CYCLE_LOG_FILE), "");
+}
 function toArchiveDate(date = new Date()) {
     const yyyy = date.getFullYear().toString();
     const mm = (date.getMonth() + 1).toString().padStart(2, "0");
@@ -200,6 +208,7 @@ export async function archiveRun(projectRoot, featureName, options = {}) {
     const snapshottedStateFiles = await snapshotStateDirectory(projectRoot, archiveStatePath);
     const resetState = createInitialFlowState();
     await writeFlowState(projectRoot, resetState, { allowReset: true });
+    await resetCarryoverStateFiles(projectRoot, resetState.activeRunId);
     const archivedAt = new Date().toISOString();
     const manifest = {
         version: 1,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cclaw-cli",
-  "version": "0.46.11",
+  "version": "0.46.12",
   "description": "Installer-first flow toolkit for coding agents",
   "type": "module",
   "bin": {