npm - codebyplan - Versions diffs - 1.13.27 → 1.13.29 - Mend

codebyplan 1.13.27 → 1.13.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/templates/skills/cbp-task-complete/SKILL.md CHANGED Viewed

@@ -10,6 +10,8 @@ effort: xhigh
 Complete the current task. Auto-triggered by `/cbp-task-testing` when all tests pass. Can also be run manually.
+This skill is gated by an `ask`-tier `Skill(cbp-task-complete)` permission rule in `settings.json`. **The permission prompt IS the user confirmation** — there is NO AskUserQuestion inside this skill. A declined permission is a clean no-op (nothing committed, merged, pushed, or completed).
 ## Instructions
 ### Step 1: Parse `$ARGUMENTS`
@@ -90,12 +92,10 @@ Stop here.
 Load `task.qa` and `task.files_changed`:
-1. **QA**: count items by status (pass / fail / pending / skipped) across all types. If any item has status `fail` or `pending` (including default checklists), warn the user.
-2. **Files**: list any file with `user_approved === false` and warn.
-**If issues exist**, AskUserQuestion: `Complete anyway` / `Run QA first` (suggest `/cbp-task-check`) / `Cancel`. On `Run QA first` or `Cancel`, stop. On `Complete anyway`, continue.
+1. **QA**: count items by status (pass / fail / pending / skipped) across all types.
+2. **Files**: list any file with `user_approved === false`.
-**If no issues**, AskUserQuestion to confirm: `Ready to complete TASK-[N]: [title] — [N] rounds, [N] files. Proceed?`
+If any QA item is `fail`/`pending` or any file is unapproved, **surface the warnings in the output and continue** — record them for the Step 9 summary. There is NO confirmation AskUserQuestion here: `Skill(cbp-task-complete)` is `ask`-tier, so the harness permission prompt that gated this skill IS the user's confirmation to complete. The hard gates in Steps 2–2.6 (all rounds completed, ≥1 round has `testing_qa_output`, `check_verdict` READY, `task_testing_output.all_passed`) already block completion when prerequisites are unmet; these QA / file-approval items are warnings, not blockers.
 ### Step 4: Aggregate Files Changed
@@ -142,7 +142,7 @@ Call `complete_task(task_id)`. The server resolves the caller's worktree identit
 Apply the `cleanup` skill inline to remove orphan references to deleted/modified files. Then apply `migration` to propagate renames/moves to consumers. Both run without sub-agent spawns. Skip cleanup if no deletions/modifications; skip migration if cleanup handled everything.
-### Step 9: Show Result and Route (User-Confirmed)
+### Step 9: Show Result and Route
 Show the completion summary:
@@ -153,6 +153,7 @@ Show the completion summary:
 **Rounds**: [N] completed
 **Files**: [N] changed
 **Commit**: [hash]
+**Warnings**: [any QA / file-approval warnings from Step 3, or "none"]
 ```
 Then route. Same-context transitions (next task in this checkpoint) auto-trigger via the Skill tool. Cross-context transitions (checkpoint done → /cbp-checkpoint-check, session end) surface as a single directive 'Next: /clear, then /cbp-X' for the user to invoke after refreshing context.

package/templates/skills/cbp-task-testing/SKILL.md CHANGED Viewed

@@ -9,7 +9,7 @@ effort: xhigh
 # Task Testing Command
-Comprehensive task-level testing — runs all automated tests and walks the user through manual testing one-by-one. Distinct from round-level testing (`testing-qa-agent`): this tests the **entire delivered feature holistically** after all rounds are complete. Runs inline — no sub-agent.
+Comprehensive task-level testing — the **cross-round double-check** run once after all rounds complete. Per-round QA (per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret grep, `pnpm audit`) is owned by each round's `testing-qa-agent`; this skill does NOT re-run it. Instead it tests the **entire delivered feature holistically** across the full task diff — catching cross-package and cross-round problems no single round can see. Runs inline — no sub-agent.
 ## When Used
@@ -19,7 +19,7 @@ Comprehensive task-level testing — runs all automated tests and walks the user
 ## Scope vs Round-Level Validation
-Per-wave `testing-qa-agent` runs inside `/cbp-round-execute` Step 5. This skill adds the cross-cutting layer that is only visible across the full task diff: full-repo lint, workspace tsc, full test suite, `pnpm audit`, and full-diff security scan — each run once here, not per-round.
+Per-wave `testing-qa-agent` runs inside `/cbp-round-execute` Step 5 and **owns per-round QA**: per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret full-diff grep, and `pnpm audit`. This skill does NOT repeat them. It adds only the cross-round layer invisible within a single round: workspace-wide lint, workspace tsc, and the full test suite (which catch cross-package breakage), plus the cross-round code review (Step 6.5), the autonomous sim screenshot loop (Step 6.x), and the user manual walkthrough (Step 8).
 ## Instructions
@@ -109,11 +109,9 @@ Capture stdout and stderr for each check.
 | Full-repo lint          | `pnpm -w lint`                  | Always                           |
 | Full-repo types         | `pnpm exec tsc --noEmit`        | Source files changed             |
 | Full-repo unit tests    | `pnpm test --run`               | Source files in aggregated_files |
-| Full-repo audit         | `pnpm audit`                    | Always                           |
 | Per-package E2E         | `pnpm --filter <pkg> e2e:test`  | UI files in aggregated_files     |
-| Full-diff security scan | inline grep or `security-agent` | Always                           |
-Per-file lint + format are enforced by `lint-format-on-edit.sh` hook per edit. This step catches cross-package issues invisible to per-wave checks.
+These are the workspace-wide / cross-package checks only — per-app build/lint/types, the `console.log`/debug scan, the OWASP/secret grep, and `pnpm audit` already ran per-round inside `testing-qa-agent` and are NOT repeated here. Per-file lint + format are enforced by `lint-format-on-edit.sh` per edit. This step catches cross-package issues invisible to per-wave checks.
 **Soft tests** (report, don't block):

package/templates/skills/cbp-todo/SKILL.md CHANGED Viewed

@@ -133,7 +133,7 @@ Once the gates pass, load the context the head command needs. This ensures `/cle
 | `/cbp-checkpoint-start` | Load checkpoint via MCP `get_checkpoints` + `get_tasks(checkpoint_id)`. Display checkpoint title, status, claim state, first pending task |
 | `/cbp-task-start [N]` | Load via MCP `get_current_task`. Display checkpoint title + task title/requirements summary |
 | `/cbp-round-start` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + round count + last round summary |
-| `/cbp-round-update` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + files_changed approval summary |
+| `/cbp-round-update` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + files_changed triage summary (claude_approved, findings, hard_fail) |
 | `/cbp-round-input` | **Full context load** (see Step 2b) |
 | `/cbp-task-check` | Load via MCP `get_current_task`. Display checkpoint + task + files summary |
 | `/cbp-task-testing` | Load via MCP `get_current_task` + `get_rounds(task_id)`. Display checkpoint + task + testing status summary |