changeledger 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/AGENTS.md +11 -5
  2. package/README.md +5 -1
  3. package/bin/changeledger.mjs +82 -6
  4. package/package.json +1 -1
  5. package/src/check.mjs +37 -1
  6. package/src/commands/agent-context.mjs +64 -0
  7. package/src/commands/agent-prompt.mjs +22 -0
  8. package/src/commands/agent.mjs +50 -7
  9. package/src/commands/context.mjs +8 -9
  10. package/src/commands/graduate.mjs +20 -8
  11. package/src/commands/view.mjs +6 -2
  12. package/src/contract.mjs +11 -5
  13. package/src/framing.mjs +22 -0
  14. package/src/lifecycle.mjs +4 -3
  15. package/src/metrics.mjs +3 -3
  16. package/src/viewer/domain.mjs +17 -7
  17. package/src/viewer/public/app-state.js +77 -6
  18. package/src/viewer/public/app.js +193 -42
  19. package/src/viewer/public/index.html +2 -2
  20. package/src/viewer/public/state.js +6 -2
  21. package/src/viewer/public/styles.css +205 -14
  22. package/src/viewer/public/view-parts.js +52 -0
  23. package/templates/contract/agent-contexts/implementation.md +18 -0
  24. package/templates/contract/agent-contexts/investigation.md +14 -0
  25. package/templates/contract/agent-contexts/review.md +22 -0
  26. package/templates/contract/agent-prompts/implementation.md +38 -0
  27. package/templates/contract/agent-prompts/investigation.md +41 -0
  28. package/templates/contract/agent-prompts/review.md +36 -0
  29. package/templates/contract/budgets.yml +16 -0
  30. package/templates/contract/close.md +25 -14
  31. package/templates/contract/core.md +43 -35
  32. package/templates/contract/delegation.md +2 -1
  33. package/templates/contract/implement.md +27 -11
  34. package/templates/contract/review.md +12 -9
  35. package/templates/contract/validation.md +16 -2
@@ -5,11 +5,16 @@ reflection. Work is planned and documented before code is written.
5
5
 
6
6
  ## Read complete context before acting
7
7
 
8
- Running `changeledger context` is discovery, not compliance by itself. Read the
9
- complete output through the `CHANGELEDGER CONTEXT END` line, then follow the
10
- current mode. If that line is missing, the output was truncated. Stop and re-run
11
- the command directly, without pipes or filters, before creating or modifying
12
- files.
8
+ Running `changeledger context` is discovery, not compliance by itself. Capture the first invocation completely in one pass
9
+ and read through the `CHANGELEDGER CONTEXT END` line, then follow the current mode. Never request a preview, summary
10
+ or voluntary line, byte or token cap; if the tool exposes an output budget,
11
+ reserve enough for the whole response. A missing END after this deliberate full
12
+ capture is exceptional recovery: stop and re-run with a larger capture before
13
+ planning or acting on the partial output.
14
+
15
+ While the complete core remains available in the active conversation, a new
16
+ human message alone does not trigger a reload. Load only the specialized mode or
17
+ change-id context required by a real task or lifecycle transition.
13
18
 
14
19
  1. Work starts with conversation. Read-only investigation may clarify a request,
15
20
  but create no change or implementation artifact until there is enough clarity
@@ -19,16 +24,16 @@ files.
19
24
  agent decides how to divide and execute work within that authorized scope.
20
25
  3. Capture every authorized change in `.changeledger/changes/`. The document
21
26
  wins when code and documentation disagree.
22
- 4. Never implement a `draft`. After approval, work one change at a time on a
23
- non-main branch and commit the approved change document before code.
27
+ 4. Never implement a `draft`. After approval, implement one change at a time on
28
+ a non-main branch and commit the approved change document before code.
24
29
  5. Keep lifecycle, tasks, ownership and Log current while working.
25
30
  6. For types that require review, use a fresh clean-context reviewer before
26
31
  human validation.
27
- 7. Stop at `in-validation`. The agent never accepts on the human's behalf.
32
+ 7. `in-validation` stops only that change; the agent never accepts on the human's behalf, but may reject with a reason and start another approved change unless its `depends_on` chain (direct or transitive) reaches an `in-validation` change.
28
33
  8. After human acceptance, reload `changeledger context <id>` for the `done`
29
- change, then graduate persistent truth (a new spec is a two-step `--new`
30
- then `--into`) or run `changeledger graduate <id> --skip [reason]`; archive
31
- only after that decision.
34
+ change, then graduate persistent truth or run `changeledger graduate <id>
35
+ --skip [reason]`; archive only after that decision. The close overlay owns
36
+ the full graduation recipe.
32
37
 
33
38
  If no approved or in-progress change applies, do not silently edit repository
34
39
  files. Create or update a change, or ask the human whether a purely operational,
@@ -43,40 +48,43 @@ Files are the source of truth and may be edited directly. CLI helpers are
43
48
  optional and preferred for error-prone operations such as timestamps, lifecycle
44
49
  transitions and task markers.
45
50
 
46
- Delegate only with a clear boundary and benefit. Each delegation prompt states
47
- at least ownership, expected output and integration criterion; the task context
48
- carries the full prompt contract. Coding agents must know
49
- they share the codebase and must not revert others' work. Do not over-shard or
50
- overlap write surfaces without an explicit integration plan. Size the model to
51
- the task's difficulty and risk.
51
+ Delegate only with a clear boundary and benefit. Each delegation prompt states at least
52
+ ownership, expected output and integration criterion; the task context carries the full
53
+ prompt contract. Get a complete role skeleton to fill in with `changeledger agent-prompt
54
+ <role>` (investigation | implementation | review). Coding agents must know they share the
55
+ codebase and must not revert others' work. Do not over-shard or overlap write surfaces
56
+ without an explicit integration plan. Size the model to the task's difficulty and risk.
52
57
 
53
58
  ## Lifecycle
54
59
 
55
- ```text
56
- draft → approved → in-progress
57
- in-progress → in-review → in-validation → done [review required]
58
- in-progress → in-validation → done [no review required]
59
- in-review → in-progress [review retry]
60
- in-review → blocked → in-progress [review escalation]
61
- in-validation → in-progress [human rejection]
62
- (draft | approved | in-progress | blocked) → discarded
63
- ```
64
-
65
60
  - `draft`: documentation awaiting human approval; no implementation.
66
61
  - `approved`: ready to start after the Git/worktree checks.
67
62
  - `in-progress`: implementation underway.
68
63
  - `in-review`: independent review required.
69
- - `in-validation`: stop and wait for human acceptance or rejection.
64
+ - `in-validation`: stop for human acceptance or a reasoned rejection.
70
65
  - `blocked`: an impediment or decision needs resolution.
71
- - `done`: terminal; the human accepted the complete result.
66
+ - `done`: the human accepted the complete result; provisional until durable closure.
72
67
  - `discarded`: terminal tombstone; never reopen it.
73
68
 
74
- `changeledger status <id> <status>` enforces agent-owned transitions and does not accept `done` or `discarded`.
75
- The viewer owns `draft → approved` and `in-validation → done|in-progress`; the
76
- agent performs the other non-terminal moves. Use
77
- `changeledger discard <id> "<reason>"`: the discard reason is required and
78
- logged, and dependencies remain resolvable. `done` and `discarded` never reopen;
79
- later reconsideration needs a newly authorized change.
69
+ Who owns each transition and how it is performed:
70
+
71
+ | Transition | Owner | Mechanism |
72
+ |---|---|---|
73
+ | draft approved | human | viewer |
74
+ | approved in-progress; blocked in-progress; in-progress → in-review | agent | `changeledger status` |
75
+ | in-progress → in-validation (no review) | agent | `changeledger status` |
76
+ | in-review → in-validation | orchestrator | `changeledger review <id> pass` |
77
+ | in-review → in-progress | orchestrator | `changeledger review <id> fail --retry` |
78
+ | in-review → blocked | orchestrator | `changeledger review <id> fail --block` |
79
+ | in-validation → done | human | viewer |
80
+ | in-validation → in-progress | agent or human | `changeledger validation <id> fail "<reason>"` or viewer |
81
+ | done → in-progress (pending closure) | agent or human | `changeledger reopen <id> "<reason>"` or viewer |
82
+ | draft/approved/in-progress/blocked → discarded | agent (authorized) | `changeledger discard <id> "<reason>"` |
83
+
84
+ `changeledger status <id> <status>` performs the agent-owned moves and does not accept `approved`, `done`, `discarded` or reopening.
85
+ The discard reason is required and logged, and dependencies remain resolvable; `discarded` never reopens.
86
+ A `done` change can reopen only to finish its original scope before graduation/skip, archive or release;
87
+ after durable closure, later work needs a new change.
80
88
 
81
89
  ## Context modes
82
90
 
@@ -21,7 +21,8 @@ owns, what it returns and how the result integrates.
21
21
  - Verification may be delegated when it catches risk without merely repeating
22
22
  the implementer's work.
23
23
  - Configured review is special: a fresh clean-context subagent is a correctness
24
- requirement, not an optimization.
24
+ requirement, not an optimization — and read-only: it reports, the
25
+ orchestrator alone records the verdict.
25
26
 
26
27
  ## Do not over-shard
27
28
 
@@ -17,10 +17,17 @@ to a work branch or ask the human before continuing. Inspect the worktree first.
17
17
  unrelated changes exist, do not include them silently; ask the human whether to
18
18
  stash, commit, ignore or include them before changing the worktree.
19
19
 
20
- Commit the approved change documentation before touching implementation code.
21
- Implement one change at a time. Commit a completed unit before continuing when
22
- another task, change or edit of the same surface could make attribution
23
- ambiguous; do not wait until the end to reconstruct mixed diffs.
20
+ After `approved in-progress`, create a baseline commit of the approved change
21
+ document before code. Implement one change at a time, even while another
22
+ already-delivered change waits in `in-validation`.
23
+
24
+ Commit completed units with their tasks and Log when later work could obscure
25
+ attribution. Do not create a dedicated commit for a lifecycle-only transition.
26
+ Coalesce it with the nearest meaningful commit; for example, include
27
+ `in-progress → in-review` with the final implementation unit. Do not wait until
28
+ the end to reconstruct mixed diffs. If a handoff precedes the next
29
+ meaningful commit, one consolidated checkpoint persists pending state; record
30
+ why and never create one per transition.
24
31
 
25
32
  Commit messages use the canonical shape:
26
33
 
@@ -44,25 +51,34 @@ Useful mutation commands:
44
51
  - `changeledger task <id> done|block <n> [reason]`
45
52
  - `changeledger log <id> "<message>"`
46
53
  - `changeledger owner <id> <name|->`
54
+ - `changeledger review <id> pass|fail`
47
55
  - `changeledger check [id]`
48
56
 
49
- When implementation and every task are complete, move to `in-review` if the
50
- type requires independent review; otherwise move to `in-validation` and stop.
57
+ When implementation and every task are complete, move to `in-review` if the type
58
+ requires independent review by running this ordered gate — do not reconstruct it from memory:
59
+ 1. Confirm every Plan task is complete and its verification passes.
60
+ 2. `changeledger status <id> in-review`.
61
+ 3. Load `changeledger context review` once; do not reload it to record the verdict unless context was lost (compaction, a new session).
62
+ 4. Delegate to a fresh, read-only reviewer with clean context; it reports but never records the verdict itself.
63
+ 5. Record the delegate's verdict yourself with `changeledger review <id> pass|fail` — never `log`+`status`.
64
+
65
+ `in-validation`: human accepts; agent rejects with `changeledger validation <id> fail "<reason>"`.
51
66
 
52
67
  ## Correction isolation
53
68
 
54
69
  After review `fail --retry`, keep the candidate correction uncommitted while a
55
70
  fresh clean-context reviewer checks it. If it fails again, iterate on that same
56
71
  diff. Do not start another task or change while a correction waits: the
57
- worktree is its isolation boundary. After `pass`, commit the confirmed correction
58
- with its related ledger truth before asking for human validation.
72
+ worktree is its isolation boundary. After `pass`, commit the confirmed correction,
73
+ tests and ledger before human validation; this is meaningful correction evidence,
74
+ not a status-only commit.
59
75
 
60
- After human rejection (`in-validation → in-progress`), run
76
+ After a rejection (`in-validation → in-progress`), run
61
77
  `changeledger context <id>` before modifying implementation; keep the correction
62
78
  uncommitted until the human confirms it fixes the reported failure. Do not start
63
79
  another task or change while a correction waits; iterate on
64
- the same diff if it does not. After human acceptance, graduate or record a skip,
65
- then commit the correction with its ledger truth.
80
+ the same diff if it does not. After human acceptance, graduate or record a skip
81
+ and include correction plus ledger in the final closure commit.
66
82
 
67
83
  These exceptions prevent false fix attempts from becoming permanent history;
68
84
  they do not relax intermediate commits for already verified units.
@@ -2,17 +2,15 @@
2
2
 
3
3
  Review-required work must be checked by a fresh subagent with clean context and
4
4
  a model sized to the review difficulty. Independence is correctness, not an
5
- optimization; do not trust the implementer's summary.
5
+ optimization.
6
6
 
7
- Inspect the selected change, every `CRn`, every Plan task, tests, the actual diff
8
- and absence of TODO/FIXME, dead code or unrelated residue. Confirm tasks are
9
- true rather than merely checked off and that implementation did not drift from
10
- the approved document.
7
+ Get the bounded prompt with `changeledger agent-prompt review`; the delegate
8
+ then loads `changeledger agent-context review <id>`. That self-contained capsule
9
+ owns the inspection checklist, read-only boundary and evidence contract. Do not
10
+ copy its checklist into this orchestrator context.
11
11
 
12
- Deep security, SAST and lint belong to dedicated tools. The reviewer may run
13
- them and record their evidence; ChangeLedger does not reimplement them.
14
-
15
- Record exactly one verdict:
12
+ The orchestrator records exactly one verdict; the read-only reviewer reports its
13
+ finding but never runs the verdict command:
16
14
 
17
15
  - `changeledger review <id> pass` — criteria and Plan pass; move to
18
16
  `in-validation`.
@@ -21,6 +19,11 @@ Record exactly one verdict:
21
19
  - `changeledger review <id> fail --block "<reason>"` — correction requires scope
22
20
  or product judgment; move to `blocked` for the human.
23
21
 
22
+ A review verdict alone needs no commit. A pass leaves `in-validation` for
23
+ closure unless it confirms uncommitted correction; then correction, tests and
24
+ ledger form a commit. Retry keeps the diff isolated. Handoff may use the
25
+ implementation contract's checkpoint.
26
+
24
27
  After `fail --retry`, the correction remains uncommitted until another fresh
25
28
  reviewer passes it. After the transition, run `changeledger context <id>` before
26
29
  modifying implementation. After pass, commit correction + ledger before asking
@@ -3,8 +3,22 @@
3
3
  Implementation and required review are complete. Do not modify the result or
4
4
  mark it done. Ask the human to test the whole change in the viewer.
5
5
 
6
+ This stop is scoped to this change: the agent may start the next approved
7
+ change unless its `depends_on` chain, direct or transitive, reaches this or
8
+ another `in-validation` change. If every remaining approved change is
9
+ blocked, it stops entirely and does not invent work or touch delivered
10
+ results.
11
+
6
12
  Acceptance reaches `done`. Rejection requires a reason and returns the same
7
13
  change to `in-progress`; run `changeledger context <id>` before modifying
8
14
  implementation, update Specification/Plan as needed and repeat review when
9
- configured. The agent never accepts on the human's behalf. `done` and `discarded`
10
- never reopen.
15
+ configured. The agent never accepts on the human's behalf. Before graduation,
16
+ skip, archive or release, agent/human may reopen `done` with reason only to
17
+ complete the original authorized scope; broader behavior needs a new change.
18
+ `discarded` never reopens.
19
+
20
+ The validation transition alone does not require a dedicated commit. After
21
+ acceptance, resolve graduation or skip first; the close overlay then requires one
22
+ final closure commit containing the pending lifecycle Log and graduation truth.
23
+ After rejection, follow correction isolation instead of committing an
24
+ unconfirmed attempt.