cclaw-cli 0.46.8 → 0.46.10

package/dist/content/harnesses-doc.d.ts

@@ -1 +1,2 @@
 export declare function harnessIntegrationDocMarkdown(): string;
+export declare function harnessDocsOverviewMarkdown(): string;

package/dist/content/harnesses-doc.js

@@ -1,6 +1,7 @@
 import { HARNESS_ADAPTERS, harnessTier } from "../harness-adapters.js";
 import { HOOK_EVENTS_BY_HARNESS, HOOK_SEMANTIC_EVENTS } from "./hook-events.js";
 import { HARNESS_PLAYBOOKS_DIR, harnessPlaybookFileName } from "./harness-playbooks.js";
+import { HARNESS_TOOL_REFS_DIR } from "./harness-tool-refs.js";
 function harnessTitle(harness) {
     switch (harness) {
         case "claude":
@@ -123,3 +124,37 @@ Harness-specific additions:
 - \`cclaw doctor\` validates shim, hook, and lifecycle surfaces against this capability model.
 `;
 }
+export function harnessDocsOverviewMarkdown() {
+    const harnesses = Object.keys(HARNESS_ADAPTERS);
+    const rows = harnesses
+        .map((harness) => {
+        const tier = harnessTier(harness);
+        const toolMap = `\`.cclaw/${HARNESS_TOOL_REFS_DIR}/${harness}.md\``;
+        const playbook = `\`.cclaw/${HARNESS_PLAYBOOKS_DIR}/${harnessPlaybookFileName(harness)}\``;
+        return `| ${harnessTitle(harness)} | \`${harness}\` | \`${tier}\` | ${toolMap} | ${playbook} |`;
+    })
+        .join("\n");
+    return `# Harness Docs Overview
+
+Single entrypoint for harness-specific references generated by cclaw sync.
+
+## Core references
+
+- Integration matrix: \`.cclaw/references/harnesses.md\`
+- Tool-map index: \`.cclaw/references/${HARNESS_TOOL_REFS_DIR}/README.md\`
+- Playbook index: \`.cclaw/references/${HARNESS_PLAYBOOKS_DIR}/README.md\`
+
+## Per-harness quick links
+
+| Harness | ID | Tier | Tool map | Playbook |
+|---|---|---|---|---|
+${rows}
+
+## How to use this pack
+
+1. Start with \`harnesses.md\` to understand capability/tier differences.
+2. Open the harness-specific tool map before writing stage logic that depends on tool names.
+3. Open the harness-specific playbook before asserting delegation parity behavior.
+4. If docs disagree, treat \`harnesses.md\` + harness adapter capabilities as source of truth and regenerate.
+`;
+}

package/dist/content/meta-skill.js

@@ -84,7 +84,7 @@ Load utility skills only when triggered by the current task:
 - security, performance, debugging, docs, ci-cd
 - verification-before-completion before completion claims
 - finishing-a-development-branch during ship/finalization
-- document-review and execution context skills
+- document-review, receiving-code-review, and execution context skills
 - language rule packs from \`.cclaw/config.yaml\` when enabled
 
 Custom project skills under \`.cclaw/custom-skills/\` are opt-in supplements,

package/dist/content/stage-schema.js

@@ -200,6 +200,14 @@ const STAGE_AUTO_SUBAGENT_DISPATCH = {
             purpose: "Adversarial second-opinion review on large or trust-sensitive diffs. The second reviewer treats the implementation as hostile and tries to break it (hostile-user, future-maintainer, competitor lenses) instead of sympathetically explaining it.",
             requiresUserGate: false,
             skill: "adversarial-review"
+        },
+        {
+            agent: "reviewer",
+            mode: "proactive",
+            when: "When external reviewer comments, bot findings, or CI annotations are present after the initial review pass.",
+            purpose: "Run the receiving-code-review workflow so every incoming feedback item gets an explicit disposition with evidence, and the queue is mirrored into review artifacts.",
+            requiresUserGate: false,
+            skill: "receiving-code-review"
         }
     ],
     ship: [

package/dist/content/stages/review.js

@@ -30,6 +30,7 @@ export const REVIEW = {
         "Layer 2c: Performance — N+1 queries, memory leaks, missing caching, hot paths.",
         "Layer 2d: Architecture Fit — does the implementation match the locked design? Coupling, cohesion, interface contracts.",
         "Layer 2e: External Safety — SQL safety, concurrency, secrets in logs, enum completeness (grep outside diff), LLM trust boundaries.",
+        "Incoming Feedback Intake — when human reviewer comments, bot findings, or CI annotations exist, run `.cclaw/skills/receiving-code-review/SKILL.md`, keep a per-comment disposition queue, and mirror outcomes into `07-review.md` + `07-review-army.json` before final verdict.",
         "Review Army reconciliation — normalize findings into structured records, dedup by fingerprint, and mark multi-specialist confirmations.",
         "Meta-Review — Were tests actually run? Do test names match what they test? Are there real assertions?",
         "Classify findings — Critical (blocks ship), Important (should fix), Suggestion (optional improvement).",
@@ -203,6 +204,7 @@ export const REVIEW = {
         { section: "Review Army Contract", required: true, validationRule: "Structured findings include id/severity/confidence/fingerprint/reportedBy/status with dedup reconciliation summary." },
         { section: "Review Readiness Dashboard", required: false, validationRule: "Includes a per-pass table (Layer 1 / Layer 2 / Adversarial / Schema) with a 'Completed at' column, a Delegation log snapshot block (path .cclaw/state/delegation-log.json with required/completed/waived/pending), a Staleness signal block (commit at last review pass and current commit), and a Headline with open critical blockers + ship recommendation. At minimum, the section text must contain the substrings 'Completed at', 'delegation-log.json', 'commit at last review pass', and 'Ship recommendation'." },
         { section: "Completeness Score", required: false, validationRule: "Records AC coverage, task coverage, test-slice coverage, and adversarial-review pass status as numeric or boolean values. At minimum, a line like 'AC coverage: N/M' or 'AC coverage: 100%'." },
+        { section: "Incoming Feedback Queue", required: false, validationRule: "When external review feedback exists, include a queue summary with per-item disposition (resolved / accepted-risk / rejected-with-evidence) and evidence refs." },
         { section: "Severity Summary", required: true, validationRule: "Per-severity count lines for critical, important, and suggestion buckets." },
         { section: "Final Verdict", required: true, validationRule: "Exactly one of: APPROVED, APPROVED_WITH_CONCERNS, BLOCKED." }
     ]

package/dist/content/templates.js

@@ -474,6 +474,11 @@ inputs_hash: sha256:pending
 |---|---|---|---|---|
 | R-1 | Critical/Important/Suggestion | correctness/security/performance/architecture |  | open/resolved |
 
+## Incoming Feedback Queue
+| ID | Source | Severity | File:line | Request | Status | Evidence |
+|---|---|---|---|---|---|---|
+| CR-1 | reviewer / bot / ci | Critical/Important/Suggestion | path:line or n/a |  | open/in-progress/resolved/accepted-risk/rejected-with-evidence |  |
+
 ## Review Army Contract
 - See \`07-review-army.json\`
 - Reconciliation summary:

package/dist/content/utility-skills.d.ts

@@ -19,6 +19,7 @@ export declare function knowledgeCurationSkill(): string;
 export declare function securityAuditSkill(): string;
 export declare function adversarialReviewSkill(): string;
 export declare function documentReviewSkill(): string;
+export declare function receivingCodeReviewSkill(): string;
 export declare function retrospectiveSkill(): string;
 export declare function languageTypescriptSkill(): string;
 export declare function languagePythonSkill(): string;
@@ -46,5 +47,5 @@ export declare const LANGUAGE_RULE_PACK_GENERATORS: Record<string, () => string>
  * clean them up after the move to `.cclaw/rules/lang/`.
  */
 export declare const LEGACY_LANGUAGE_RULE_PACK_FOLDERS: readonly ["language-typescript", "language-python", "language-go"];
-export declare const UTILITY_SKILL_FOLDERS: readonly ["security", "debugging", "performance", "ci-cd", "docs", "executing-plans", "verification-before-completion", "finishing-a-development-branch", "context-engineering", "source-driven-development", "frontend-accessibility", "landscape-check", "adversarial-review", "security-audit", "knowledge-curation", "retrospective", "document-review"];
+export declare const UTILITY_SKILL_FOLDERS: readonly ["security", "debugging", "performance", "ci-cd", "docs", "executing-plans", "verification-before-completion", "finishing-a-development-branch", "context-engineering", "source-driven-development", "frontend-accessibility", "landscape-check", "adversarial-review", "security-audit", "knowledge-curation", "retrospective", "document-review", "receiving-code-review"];
 export declare const UTILITY_SKILL_MAP: Record<string, () => string>;

package/dist/content/utility-skills.js

@@ -1292,6 +1292,116 @@ If fixes were blocked (e.g. upstream artifact drift), do NOT claim
   always contains at least one vague phrase worth tightening).
 `;
 }
+export function receivingCodeReviewSkill() {
+    return `---
+name: receiving-code-review
+description: "Incoming review-feedback workflow. Use when a human reviewer, PR bot, CI annotation, or security scan provides comments that must be triaged and resolved without losing traceability."
+---
+
+# Receiving Code Review
+
+## Quick Start
+
+> 1. Collect every incoming review note into one queue before fixing anything.
+> 2. Normalize each note into a structured record (id/source/severity/file:line/request/status).
+> 3. Resolve one record at a time and attach evidence for the chosen disposition.
+
+## HARD-GATE
+
+Do not claim "all comments addressed" until every incoming review record has:
+
+- a final disposition (\`resolved\`, \`accepted-risk\`, or \`rejected-with-evidence\`),
+- linked evidence (commit, test output, spec reference, or rationale),
+- and an updated status in the review queue.
+
+Silent drops are forbidden.
+
+## When to Use
+
+- After a PR receives reviewer comments.
+- After CI/static-analysis/security tooling posts annotations.
+- During review/ship when new blocking feedback appears.
+- When multiple feedback channels disagree and need reconciliation.
+
+## Intake Sources
+
+Treat all of these as first-class review input:
+
+- Human reviewer comments (PR/UI/chat copy-paste)
+- Bot comments (lint, security, code quality, policy)
+- CI log findings linked to changed files
+- Post-review user concerns ("this still feels risky")
+
+## Workflow
+
+### 1) Build an intake queue
+
+Create/update a queue table with one row per unique finding:
+
+| ID | Source | Severity | File:line | Request | Status | Evidence |
+|---|---|---|---|---|---|---|
+| CR-1 | reviewer | Critical/Important/Suggestion | path:line or n/a | concise ask | open/in-progress/resolved/accepted-risk/rejected-with-evidence | link or note |
+
+Rules:
+- IDs stay stable across reruns.
+- Deduplicate near-identical comments by fingerprint (\`file + concern + requested change\`).
+- If comments conflict, keep both rows and mark them \`conflict\`.
+
+### 2) Triage by ship impact
+
+- **Critical:** blocks merge/ship until resolved or explicitly accepted by user.
+- **Important:** should be fixed in this iteration unless explicitly deferred.
+- **Suggestion:** optional, but must still get a disposition.
+
+### 3) Resolve one record at a time
+
+For each row:
+1. restate the comment in your own words,
+2. choose disposition:
+   - \`resolved\` (code/docs/tests changed),
+   - \`accepted-risk\` (intentional, user-approved),
+   - \`rejected-with-evidence\` (comment is incorrect or out of scope),
+3. attach concrete evidence (commit hash, diff path, test command output, or spec/plan citation),
+4. update row status.
+
+### 4) Reconcile with review artifacts
+
+When in review stage, mirror outcomes into:
+- \`.cclaw/artifacts/07-review.md\` (Layer 2 findings + readiness dashboard)
+- \`.cclaw/artifacts/07-review-army.json\` (status + shipBlockers alignment)
+
+If any open Critical remains, final verdict cannot be \`APPROVED\`.
+
+### 5) Verify
+
+Run the smallest relevant verification first, then full regression:
+- targeted tests for changed paths,
+- full suite/build for merge readiness.
+
+### 6) Publish response bundle
+
+Produce a concise resolution report:
+- fixed items,
+- deferred/accepted-risk items (with owner/date),
+- rejected items (with evidence),
+- remaining blockers (if any).
+
+## Anti-Patterns
+
+- "Addressed all comments" without a queue table.
+- Collapsing multiple comments into one vague status line.
+- Marking a comment resolved without evidence.
+- Rewriting reviewer intent to make it easier to dismiss.
+- Ignoring bot/CI findings because they are "automated."
+
+## Red Flags
+
+- IDs change between passes (traceability lost).
+- Critical comment has no explicit disposition.
+- Queue says resolved, but review-army still lists open blocker.
+- Response bundle omits rejected comments entirely.
+`;
+}
 export function retrospectiveSkill() {
     return `---
 name: retrospective
@@ -1620,7 +1730,8 @@ export const UTILITY_SKILL_FOLDERS = [
     "security-audit",
     "knowledge-curation",
     "retrospective",
-    "document-review"
+    "document-review",
+    "receiving-code-review"
 ];
 export const UTILITY_SKILL_MAP = {
     security: securityReviewSkill,
@@ -1639,5 +1750,6 @@ export const UTILITY_SKILL_MAP = {
     "security-audit": securityAuditSkill,
     "knowledge-curation": knowledgeCurationSkill,
     retrospective: retrospectiveSkill,
-    "document-review": documentReviewSkill
+    "document-review": documentReviewSkill,
+    "receiving-code-review": receivingCodeReviewSkill
 };

package/dist/install.js

@@ -36,7 +36,7 @@ import { LANGUAGE_RULE_PACK_DIR, LANGUAGE_RULE_PACK_FILES, LANGUAGE_RULE_PACK_GE
 import { RESEARCH_PLAYBOOKS } from "./content/research-playbooks.js";
 import { HARNESS_TOOL_REFS_DIR, HARNESS_TOOL_REFS_INDEX_MD, harnessToolRefMarkdown } from "./content/harness-tool-refs.js";
 import { DOCTOR_REFERENCE_MARKDOWN } from "./content/doctor-references.js";
-import { harnessIntegrationDocMarkdown } from "./content/harnesses-doc.js";
+import { harnessDocsOverviewMarkdown, harnessIntegrationDocMarkdown } from "./content/harnesses-doc.js";
 import { HARNESS_PLAYBOOKS_DIR, harnessPlaybookFileName, harnessPlaybookMarkdown, harnessPlaybooksIndexMarkdown } from "./content/harness-playbooks.js";
 import { HOOK_EVENTS_BY_HARNESS, HOOK_SEMANTIC_EVENTS } from "./content/hook-events.js";
 import { createInitialFlowState } from "./flow-state.js";
@@ -294,6 +294,7 @@ async function writeSkills(projectRoot, config) {
         await writeFileSafe(runtimePath(projectRoot, ...doctorRefsDir, fileName), markdown);
     }
     await writeFileSafe(runtimePath(projectRoot, "references", "harnesses.md"), harnessIntegrationDocMarkdown());
+    await writeFileSafe(runtimePath(projectRoot, "references", "harnesses-overview.md"), harnessDocsOverviewMarkdown());
     // Per-harness parity playbooks. Generated for every supported harness
     // regardless of which harnesses the project installed — the index always
     // resolves, and doctor only asserts presence of the installed harnesses'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cclaw-cli",
-  "version": "0.46.8",
+  "version": "0.46.10",
   "description": "Installer-first flow toolkit for coding agents",
   "type": "module",
   "bin": {