claude-code-pilot 3.1.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/README.md +11 -11
  2. package/bin/install.js +19 -1
  3. package/manifest.json +5 -1
  4. package/package.json +2 -2
  5. package/src/agents/a11y-architect.md +141 -0
  6. package/src/agents/code-architect.md +71 -0
  7. package/src/agents/code-explorer.md +69 -0
  8. package/src/agents/code-simplifier.md +47 -0
  9. package/src/agents/comment-analyzer.md +45 -0
  10. package/src/agents/csharp-reviewer.md +101 -0
  11. package/src/agents/dart-build-resolver.md +201 -0
  12. package/src/agents/pr-test-analyzer.md +45 -0
  13. package/src/agents/silent-failure-hunter.md +50 -0
  14. package/src/agents/type-design-analyzer.md +41 -0
  15. package/src/available-rules/README.md +3 -1
  16. package/src/available-rules/dart/coding-style.md +159 -0
  17. package/src/available-rules/dart/hooks.md +66 -0
  18. package/src/available-rules/dart/patterns.md +261 -0
  19. package/src/available-rules/dart/security.md +135 -0
  20. package/src/available-rules/dart/testing.md +215 -0
  21. package/src/available-rules/web/coding-style.md +105 -0
  22. package/src/available-rules/web/design-quality.md +72 -0
  23. package/src/available-rules/web/hooks.md +129 -0
  24. package/src/available-rules/web/patterns.md +88 -0
  25. package/src/available-rules/web/performance.md +73 -0
  26. package/src/available-rules/web/security.md +66 -0
  27. package/src/available-rules/web/testing.md +64 -0
  28. package/src/commands/ccp/ai-integration-phase.md +36 -0
  29. package/src/commands/ccp/audit-fix.md +33 -0
  30. package/src/commands/ccp/code-review-fix.md +52 -0
  31. package/src/commands/ccp/eval-review.md +32 -0
  32. package/src/commands/ccp/extract_learnings.md +22 -0
  33. package/src/commands/ccp/import.md +37 -0
  34. package/src/commands/ccp/ingest-docs.md +42 -0
  35. package/src/commands/ccp/intel.md +179 -0
  36. package/src/commands/ccp/plan-review-convergence.md +58 -0
  37. package/src/commands/ccp/scan.md +26 -0
  38. package/src/commands/ccp/sketch-wrap-up.md +31 -0
  39. package/src/commands/ccp/sketch.md +54 -0
  40. package/src/commands/ccp/spec-phase.md +62 -0
  41. package/src/commands/ccp/spike-wrap-up.md +31 -0
  42. package/src/commands/ccp/spike.md +51 -0
  43. package/src/commands/ccp/ultraplan-phase.md +33 -0
  44. package/src/hooks/ccp-read-injection-scanner.js +152 -0
  45. package/src/hooks/kit-check-update.js +59 -7
  46. package/src/hooks/run-with-flags-shell.sh +1 -0
  47. package/src/hooks/run-with-flags.js +48 -1
  48. package/src/hooks/session-end.js +88 -1
  49. package/src/lib/hook-flags.js +14 -0
  50. package/src/pilot/references/agent-contracts.md +79 -0
  51. package/src/pilot/references/ai-evals.md +156 -0
  52. package/src/pilot/references/ai-frameworks.md +186 -0
  53. package/src/pilot/references/doc-conflict-engine.md +91 -0
  54. package/src/pilot/references/gate-prompts.md +100 -0
  55. package/src/pilot/references/gates.md +70 -0
  56. package/src/pilot/references/mandatory-initial-read.md +2 -0
  57. package/src/pilot/references/project-skills-discovery.md +19 -0
  58. package/src/pilot/references/revision-loop.md +97 -0
  59. package/src/pilot/references/sketch-interactivity.md +41 -0
  60. package/src/pilot/references/sketch-theme-system.md +94 -0
  61. package/src/pilot/references/sketch-tooling.md +45 -0
  62. package/src/pilot/references/sketch-variant-patterns.md +81 -0
  63. package/src/pilot/references/thinking-models-debug.md +44 -0
  64. package/src/pilot/references/thinking-models-execution.md +50 -0
  65. package/src/pilot/references/thinking-models-planning.md +62 -0
  66. package/src/pilot/references/thinking-models-research.md +50 -0
  67. package/src/pilot/references/thinking-models-verification.md +55 -0
  68. package/src/pilot/templates/AI-SPEC.md +246 -0
  69. package/src/pilot/templates/spec.md +307 -0
  70. package/src/pilot/workflows/ai-integration-phase.md +284 -0
  71. package/src/pilot/workflows/audit-fix.md +175 -0
  72. package/src/pilot/workflows/code-review-fix.md +497 -0
  73. package/src/pilot/workflows/eval-review.md +155 -0
  74. package/src/pilot/workflows/extract_learnings.md +242 -0
  75. package/src/pilot/workflows/import.md +246 -0
  76. package/src/pilot/workflows/ingest-docs.md +328 -0
  77. package/src/pilot/workflows/plan-review-convergence.md +329 -0
  78. package/src/pilot/workflows/scan.md +102 -0
  79. package/src/pilot/workflows/sketch-wrap-up.md +285 -0
  80. package/src/pilot/workflows/sketch.md +360 -0
  81. package/src/pilot/workflows/spec-phase.md +262 -0
  82. package/src/pilot/workflows/spike-wrap-up.md +306 -0
  83. package/src/pilot/workflows/spike.md +452 -0
  84. package/src/pilot/workflows/ultraplan-phase.md +189 -0
  85. package/src/skills/accessibility/SKILL.md +146 -0
  86. package/src/skills/agent-eval/SKILL.md +145 -0
  87. package/src/skills/agent-introspection-debugging/SKILL.md +153 -0
  88. package/src/skills/android-clean-architecture/SKILL.md +339 -0
  89. package/src/skills/api-connector-builder/SKILL.md +120 -0
  90. package/src/skills/code-tour/SKILL.md +236 -0
  91. package/src/skills/compose-multiplatform-patterns/SKILL.md +299 -0
  92. package/src/skills/csharp-testing/SKILL.md +321 -0
  93. package/src/skills/dart-flutter-patterns/SKILL.md +563 -0
  94. package/src/skills/dashboard-builder/SKILL.md +108 -0
  95. package/src/skills/dotnet-patterns/SKILL.md +321 -0
  96. package/src/skills/frontend-design/SKILL.md +145 -0
  97. package/src/skills/frontend-slides/SKILL.md +184 -0
  98. package/src/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  99. package/src/skills/gateguard/SKILL.md +121 -0
  100. package/src/skills/github-ops/SKILL.md +144 -0
  101. package/src/skills/hookify-rules/SKILL.md +128 -0
  102. package/src/skills/knowledge-ops/SKILL.md +154 -0
  103. package/src/skills/liquid-glass-design/SKILL.md +279 -0
  104. package/src/skills/nestjs-patterns/SKILL.md +230 -0
  105. package/src/skills/security-bounty-hunter/SKILL.md +99 -0
  106. package/src/skills/swift-actor-persistence/SKILL.md +143 -0
  107. package/src/skills/swift-protocol-di-testing/SKILL.md +190 -0
  108. package/src/skills/swiftui-patterns/SKILL.md +259 -0
  109. package/src/skills/terminal-ops/SKILL.md +109 -0
  110. package/src/skills/ui-demo/SKILL.md +465 -0
@@ -0,0 +1,284 @@
1
+ <purpose>
2
+ Generate an AI design contract (AI-SPEC.md) for phases that involve building AI systems. Orchestrates gsd-framework-selector → gsd-ai-researcher → gsd-domain-researcher → gsd-eval-planner with a validation gate. Inserts between discuss-phase and plan-phase in the GSD lifecycle.
3
+
4
+ AI-SPEC.md locks four things before the planner creates tasks:
5
+ 1. Framework selection (with rationale and alternatives)
6
+ 2. Implementation guidance (correct syntax, patterns, pitfalls from official docs)
7
+ 3. Domain context (practitioner rubric ingredients, failure modes, regulatory constraints)
8
+ 4. Evaluation strategy (dimensions, rubrics, tooling, reference dataset, guardrails)
9
+
10
+ This prevents the two most common AI development failures: choosing the wrong framework for the use case, and treating evaluation as an afterthought.
11
+ </purpose>
12
+
13
+ <required_reading>
14
+ @~/.claude/pilot/references/ai-frameworks.md
15
+ @~/.claude/pilot/references/ai-evals.md
16
+ </required_reading>
17
+
18
+ <process>
19
+
20
+ ## 1. Initialize
21
+
22
+ ```bash
23
+ INIT=$(gsd-sdk query init.plan-phase "$PHASE")
24
+ if [[ "$INIT" == @file:* ]]; then INIT=$(cat "${INIT#@file:}"); fi
25
+ ```
26
+
27
+ Parse JSON for: `phase_dir`, `phase_number`, `phase_name`, `phase_slug`, `padded_phase`, `has_context`, `has_research`, `commit_docs`.
28
+
29
+ **File paths:** `state_path`, `roadmap_path`, `requirements_path`, `context_path`.
30
+
31
+ Resolve agent models:
32
+ ```bash
33
+ SELECTOR_MODEL=$(gsd-sdk query resolve-model gsd-framework-selector 2>/dev/null | jq -r '.model' 2>/dev/null || true)
34
+ RESEARCHER_MODEL=$(gsd-sdk query resolve-model gsd-ai-researcher 2>/dev/null | jq -r '.model' 2>/dev/null || true)
35
+ DOMAIN_MODEL=$(gsd-sdk query resolve-model gsd-domain-researcher 2>/dev/null | jq -r '.model' 2>/dev/null || true)
36
+ PLANNER_MODEL=$(gsd-sdk query resolve-model gsd-eval-planner 2>/dev/null | jq -r '.model' 2>/dev/null || true)
37
+ ```
38
+
39
+ Check config:
40
+ ```bash
41
+ AI_PHASE_ENABLED=$(gsd-sdk query config-get workflow.ai_integration_phase 2>/dev/null || echo "true")
42
+ ```
43
+
44
+ **If `AI_PHASE_ENABLED` is `false`:**
45
+ ```
46
+ AI phase is disabled in config. Enable via /ccp:settings.
47
+ ```
48
+ Exit workflow.
49
+
50
+ **If `planning_exists` is false:** Error — run `/ccp:new-project` first.
51
+
52
+ ## 2. Parse and Validate Phase
53
+
54
+ Extract phase number from $ARGUMENTS. If not provided, detect next unplanned phase.
55
+
56
+ ```bash
57
+ PHASE_INFO=$(gsd-sdk query roadmap.get-phase "${PHASE}")
58
+ ```
59
+
60
+ **If `found` is false:** Error with available phases.
61
+
62
+ ## 3. Check Prerequisites
63
+
64
+ **If `has_context` is false:**
65
+ ```
66
+ No CONTEXT.md found for Phase {N}.
67
+ Recommended: run /ccp:discuss-phase {N} first to capture framework preferences.
68
+ Continuing without user decisions — framework selector will ask all questions.
69
+ ```
70
+ Continue (non-blocking).
71
+
72
+ ## 4. Check Existing AI-SPEC
73
+
74
+ ```bash
75
+ AI_SPEC_FILE=$(ls "${PHASE_DIR}"/*-AI-SPEC.md 2>/dev/null | head -1)
76
+ ```
77
+
78
+
79
+ **Text mode (`workflow.text_mode: true` in config or `--text` flag):** Set `TEXT_MODE=true` if `--text` is present in `$ARGUMENTS` OR `text_mode` from init JSON is `true`. When TEXT_MODE is active, replace every `AskUserQuestion` call with a plain-text numbered list and ask the user to type their choice number. This is required for non-Claude runtimes (OpenAI Codex, Gemini CLI, etc.) where `AskUserQuestion` is not available.
80
+ **If exists:** Use AskUserQuestion:
81
+ - header: "Existing AI-SPEC"
82
+ - question: "AI-SPEC.md already exists for Phase {N}. What would you like to do?"
83
+ - options:
84
+ - "Update — re-run with existing as baseline"
85
+ - "View — display current AI-SPEC and exit"
86
+ - "Skip — keep current AI-SPEC and exit"
87
+
88
+ If "View": display file contents, exit.
89
+ If "Skip": exit.
90
+ If "Update": continue to step 5.
91
+
92
+ ## 5. Spawn gsd-framework-selector
93
+
94
+ Display:
95
+ ```
96
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
97
+ GSD ► AI DESIGN CONTRACT — PHASE {N}: {name}
98
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
99
+
100
+ ◆ Step 1/4 — Framework Selection...
101
+ ```
102
+
103
+ Spawn `gsd-framework-selector` with:
104
+ ```markdown
105
+ Read ~/.claude/agents/ccp:framework-selector.md for instructions.
106
+
107
+ <objective>
108
+ Select the right AI framework for Phase {phase_number}: {phase_name}
109
+ Goal: {phase_goal}
110
+ </objective>
111
+
112
+ <files_to_read>
113
+ {context_path if exists}
114
+ {requirements_path if exists}
115
+ </files_to_read>
116
+
117
+ <phase_context>
118
+ Phase: {phase_number} — {phase_name}
119
+ Goal: {phase_goal}
120
+ </phase_context>
121
+ ```
122
+
123
+ Parse selector output for: `primary_framework`, `system_type`, `model_provider`, `eval_concerns`, `alternative_framework`.
124
+
125
+ **If selector fails or returns empty:** Exit with error — "Framework selection failed. Re-run /ccp:ai-integration-phase {N} or answer the framework question in /ccp:discuss-phase {N} first."
126
+
127
+ ## 6. Initialize AI-SPEC.md
128
+
129
+ Copy template:
130
+ ```bash
131
+ cp "$HOME/.claude/pilot/templates/AI-SPEC.md" "${PHASE_DIR}/${PADDED_PHASE}-AI-SPEC.md"
132
+ ```
133
+
134
+ Fill in header fields:
135
+ - Phase number and name
136
+ - System classification (from selector)
137
+ - Selected framework (from selector)
138
+ - Alternative considered (from selector)
139
+
140
+ ## 7. Spawn gsd-ai-researcher
141
+
142
+ Display:
143
+ ```
144
+ ◆ Step 2/4 — Researching {primary_framework} docs + AI systems best practices...
145
+ ```
146
+
147
+ Spawn `gsd-ai-researcher` with:
148
+ ```markdown
149
+ Read ~/.claude/agents/ccp:ai-researcher.md for instructions.
150
+
151
+ <objective>
152
+ Research {primary_framework} for Phase {phase_number}: {phase_name}
153
+ Write Sections 3 and 4 of AI-SPEC.md
154
+ </objective>
155
+
156
+ <files_to_read>
157
+ {ai_spec_path}
158
+ {context_path if exists}
159
+ </files_to_read>
160
+
161
+ <input>
162
+ framework: {primary_framework}
163
+ system_type: {system_type}
164
+ model_provider: {model_provider}
165
+ ai_spec_path: {ai_spec_path}
166
+ phase_context: Phase {phase_number}: {phase_name} — {phase_goal}
167
+ </input>
168
+ ```
169
+
170
+ ## 8. Spawn gsd-domain-researcher
171
+
172
+ Display:
173
+ ```
174
+ ◆ Step 3/4 — Researching domain context and expert evaluation criteria...
175
+ ```
176
+
177
+ Spawn `gsd-domain-researcher` with:
178
+ ```markdown
179
+ Read ~/.claude/agents/ccp:domain-researcher.md for instructions.
180
+
181
+ <objective>
182
+ Research the business domain and expert evaluation criteria for Phase {phase_number}: {phase_name}
183
+ Write Section 1b (Domain Context) of AI-SPEC.md
184
+ </objective>
185
+
186
+ <files_to_read>
187
+ {ai_spec_path}
188
+ {context_path if exists}
189
+ {requirements_path if exists}
190
+ </files_to_read>
191
+
192
+ <input>
193
+ system_type: {system_type}
194
+ phase_name: {phase_name}
195
+ phase_goal: {phase_goal}
196
+ ai_spec_path: {ai_spec_path}
197
+ </input>
198
+ ```
199
+
200
+ ## 9. Spawn gsd-eval-planner
201
+
202
+ Display:
203
+ ```
204
+ ◆ Step 4/4 — Designing evaluation strategy from domain + technical context...
205
+ ```
206
+
207
+ Spawn `gsd-eval-planner` with:
208
+ ```markdown
209
+ Read ~/.claude/agents/ccp:eval-planner.md for instructions.
210
+
211
+ <objective>
212
+ Design evaluation strategy for Phase {phase_number}: {phase_name}
213
+ Write Sections 5, 6, and 7 of AI-SPEC.md
214
+ AI-SPEC.md now contains domain context (Section 1b) — use it as your rubric starting point.
215
+ </objective>
216
+
217
+ <files_to_read>
218
+ {ai_spec_path}
219
+ {context_path if exists}
220
+ {requirements_path if exists}
221
+ </files_to_read>
222
+
223
+ <input>
224
+ system_type: {system_type}
225
+ framework: {primary_framework}
226
+ model_provider: {model_provider}
227
+ phase_name: {phase_name}
228
+ phase_goal: {phase_goal}
229
+ ai_spec_path: {ai_spec_path}
230
+ </input>
231
+ ```
232
+
233
+ ## 10. Validate AI-SPEC Completeness
234
+
235
+ Read the completed AI-SPEC.md. Check that:
236
+ - Section 2 has a framework name (not placeholder)
237
+ - Section 1b has at least one domain rubric ingredient (Good/Bad/Stakes)
238
+ - Section 3 has a non-empty code block (entry point pattern)
239
+ - Section 4b has a Pydantic example
240
+ - Section 5 has at least one row in the dimensions table
241
+ - Section 6 has at least one guardrail or explicit "N/A for internal tool" note
242
+ - Checklist section at end has 3+ items checked
243
+
244
+ **If validation fails:** Display specific missing sections. Ask user if they want to re-run the specific step or continue anyway.
245
+
246
+ ## 11. Commit
247
+
248
+ **If `commit_docs` is true:**
249
+ ```bash
250
+ git add "${AI_SPEC_FILE}"
251
+ git commit -m "docs({phase_slug}): generate AI-SPEC.md — {primary_framework} + domain context + eval strategy"
252
+ ```
253
+
254
+ ## 12. Display Completion
255
+
256
+ ```
257
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
258
+ GSD ► AI-SPEC COMPLETE — PHASE {N}: {name}
259
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
260
+
261
+ ◆ Framework: {primary_framework}
262
+ ◆ System Type: {system_type}
263
+ ◆ Domain: {domain_vertical from Section 1b}
264
+ ◆ Eval Dimensions: {eval_concerns}
265
+ ◆ Tracing Default: Arize Phoenix (or detected existing tool)
266
+ ◆ Output: {ai_spec_path}
267
+
268
+ Next step:
269
+ /ccp:plan-phase {N} — planner will consume AI-SPEC.md
270
+ ```
271
+
272
+ </process>
273
+
274
+ <success_criteria>
275
+ - [ ] Framework selected with rationale (Section 2)
276
+ - [ ] AI-SPEC.md created from template
277
+ - [ ] Framework docs + AI best practices researched (Sections 3, 4, 4b populated)
278
+ - [ ] Domain context + expert rubric ingredients researched (Section 1b populated)
279
+ - [ ] Eval strategy grounded in domain context (Sections 5-7 populated)
280
+ - [ ] Arize Phoenix (or detected tool) set as tracing default in Section 7
281
+ - [ ] AI-SPEC.md validated (Sections 1b, 2, 3, 4b, 5, 6 all non-empty)
282
+ - [ ] Committed if commit_docs enabled
283
+ - [ ] Next step surfaced to user
284
+ </success_criteria>
@@ -0,0 +1,175 @@
1
+ <purpose>
2
+ Autonomous audit-to-fix pipeline. Runs an audit, parses findings, classifies each as
3
+ auto-fixable vs manual-only, spawns executor agents for fixable issues, runs tests
4
+ after each fix, and commits atomically with finding IDs for traceability.
5
+ </purpose>
6
+
7
+ <available_agent_types>
8
+ - gsd-executor — executes a specific, scoped code change
9
+ </available_agent_types>
10
+
11
+ <process>
12
+
13
+ <step name="parse-arguments">
14
+ Extract flags from the user's invocation:
15
+
16
+ - `--max N` — maximum findings to fix (default: **5**)
17
+ - `--severity high|medium|all` — minimum severity to process (default: **medium**)
18
+ - `--dry-run` — classify findings without fixing (shows classification table only)
19
+ - `--source <audit>` — which audit to run (default: **audit-uat**)
20
+
21
+ Validate `--source` is a supported audit. Currently supported:
22
+ - `audit-uat`
23
+
24
+ If `--source` is not supported, stop with an error:
25
+ ```
26
+ Error: Unsupported audit source "{source}". Supported sources: audit-uat
27
+ ```
28
+ </step>
29
+
30
+ <step name="run-audit">
31
+ Invoke the source audit command and capture output.
32
+
33
+ For `audit-uat` source:
34
+ ```bash
35
+ INIT=$(gsd-sdk query audit-uat 2>/dev/null || echo "{}")
36
+ if [[ "$INIT" == @file:* ]]; then INIT=$(cat "${INIT#@file:}"); fi
37
+ ```
38
+
39
+ Read existing UAT and verification files to extract findings:
40
+ - Glob: `.planning/phases/*/*-UAT.md`
41
+ - Glob: `.planning/phases/*/*-VERIFICATION.md`
42
+
43
+ Parse each finding into a structured record:
44
+ - **ID** — sequential identifier (F-01, F-02, ...)
45
+ - **description** — concise summary of the issue
46
+ - **severity** — high, medium, or low
47
+ - **file_refs** — specific file paths referenced in the finding
48
+ </step>
49
+
50
+ <step name="classify-findings">
51
+ For each finding, classify as one of:
52
+
53
+ - **auto-fixable** — clear code change, specific file referenced, testable fix
54
+ - **manual-only** — requires design decisions, ambiguous scope, architectural changes, user input needed
55
+ - **skip** — severity below the `--severity` threshold
56
+
57
+ **Classification heuristics** (err on manual-only when uncertain):
58
+
59
+ Auto-fixable signals:
60
+ - References a specific file path + line number
61
+ - Describes a missing test or assertion
62
+ - Missing export, wrong import path, typo in identifier
63
+ - Clear single-file change with obvious expected behavior
64
+
65
+ Manual-only signals:
66
+ - Uses words like "consider", "evaluate", "design", "rethink"
67
+ - Requires new architecture or API changes
68
+ - Ambiguous scope or multiple valid approaches
69
+ - Requires user input or design decisions
70
+ - Cross-cutting concerns affecting multiple subsystems
71
+ - Performance or scalability issues without clear fix
72
+
73
+ **When uncertain, always classify as manual-only.**
74
+ </step>
75
+
76
+ <step name="present-classification">
77
+ Display the classification table:
78
+
79
+ ```
80
+ ## Audit-Fix Classification
81
+
82
+ | # | Finding | Severity | Classification | Reason |
83
+ |---|---------|----------|---------------|--------|
84
+ | F-01 | Missing export in index.ts | high | auto-fixable | Specific file, clear fix |
85
+ | F-02 | No error handling in payment flow | high | manual-only | Requires design decisions |
86
+ | F-03 | Test stub with 0 assertions | medium | auto-fixable | Clear test gap |
87
+ ```
88
+
89
+ If `--dry-run` was specified, **stop here and exit**. The classification table is the
90
+ final output — do not proceed to fixing.
91
+ </step>
92
+
93
+ <step name="fix-loop">
94
+ For each **auto-fixable** finding (up to `--max`, ordered by severity desc):
95
+
96
+ **a. Spawn executor agent:**
97
+ ```
98
+ Task(
99
+ prompt="Fix finding {ID}: {description}. Files: {file_refs}. Make the minimal change to resolve this specific finding. Do not refactor surrounding code.",
100
+ subagent_type="gsd-executor"
101
+ )
102
+ ```
103
+
104
+ **b. Run tests:**
105
+ ```bash
106
+ AUDIT_TEST_CMD=$(gsd-sdk query config-get workflow.test_command --default "" 2>/dev/null || true)
107
+ if [ -z "$AUDIT_TEST_CMD" ]; then
108
+ if [ -f "Makefile" ] && grep -q "^test:" Makefile; then
109
+ AUDIT_TEST_CMD="make test"
110
+ elif [ -f "Justfile" ] || [ -f "justfile" ]; then
111
+ AUDIT_TEST_CMD="just test"
112
+ elif [ -f "package.json" ]; then
113
+ AUDIT_TEST_CMD="npm test"
114
+ elif [ -f "Cargo.toml" ]; then
115
+ AUDIT_TEST_CMD="cargo test"
116
+ elif [ -f "go.mod" ]; then
117
+ AUDIT_TEST_CMD="go test ./..."
118
+ elif [ -f "pyproject.toml" ] || [ -f "requirements.txt" ]; then
119
+ AUDIT_TEST_CMD="python -m pytest -x -q --tb=short"
120
+ else
121
+ AUDIT_TEST_CMD="true"
122
+ fi
123
+ fi
124
+ eval "$AUDIT_TEST_CMD" 2>&1 | tail -20
125
+ ```
126
+
127
+ **c. If tests pass** — commit atomically:
128
+ ```bash
129
+ git add {changed_files}
130
+ git commit -m "fix({scope}): resolve {ID} — {description}"
131
+ ```
132
+ The commit message **must** include the finding ID (e.g., F-01) for traceability.
133
+
134
+ **d. If tests fail** — revert changes, mark finding as `fix-failed`, and **stop the pipeline**:
135
+ ```bash
136
+ git checkout -- {changed_files} 2>/dev/null
137
+ ```
138
+ Log the failure reason and stop processing — do not continue to the next finding.
139
+ A test failure indicates the codebase may be in an unexpected state, so the pipeline
140
+ must halt to avoid cascading issues. Remaining auto-fixable findings will appear in the
141
+ report as `not-attempted`.
142
+ </step>
143
+
144
+ <step name="report">
145
+ Present the final summary:
146
+
147
+ ```
148
+ ## Audit-Fix Complete
149
+
150
+ **Source:** {audit_command}
151
+ **Findings:** {total} total, {auto} auto-fixable, {manual} manual-only
152
+ **Fixed:** {fixed_count}/{auto} auto-fixable findings
153
+ **Failed:** {failed_count} (reverted)
154
+
155
+ | # | Finding | Status | Commit |
156
+ |---|---------|--------|--------|
157
+ | F-01 | Missing export | Fixed | abc1234 |
158
+ | F-03 | Test stub | Fix failed | (reverted) |
159
+
160
+ ### Manual-only findings (require developer attention):
161
+ - F-02: No error handling in payment flow — requires design decisions
162
+ ```
163
+ </step>
164
+
165
+ </process>
166
+
167
+ <success_criteria>
168
+ - Auto-fixable findings processed sequentially until --max reached or a test failure stops the pipeline
169
+ - Tests pass after each committed fix (no broken commits)
170
+ - Failed fixes are reverted cleanly (no partial changes left)
171
+ - Pipeline stops after the first test failure (no cascading fixes)
172
+ - Every commit message contains the finding ID
173
+ - Manual-only findings are surfaced for developer attention
174
+ - --dry-run produces a useful standalone classification table
175
+ </success_criteria>