coding-agent-harness 1.0.5 → 1.0.7

package/scripts/lib/preset-resource-contracts.mjs

@@ -1,83 +0,0 @@
-import fs from "node:fs";
-import path from "node:path";
-import { readFileSafe, toPosix } from "./core-shared.mjs";
-
-export function validatePresetResourcesForTask(target, task, presetPackage) {
-  const failures = [];
-  const taskRelativePath = String(task.path || "").replace(/^TARGET:/, "").replace(/^\/+/, "");
-  if (!taskRelativePath) return failures;
-  const taskDir = path.join(target.projectRoot, taskRelativePath);
-  const referenceIndex = readFileSafe(path.join(taskDir, "references/INDEX.md"));
-  const referenceRows = parseMarkdownRows(referenceIndex, ["ID", "Path"]);
-  const artifactIndex = readFileSafe(path.join(taskDir, "artifacts/INDEX.md"));
-  const artifactRows = parseMarkdownRows(artifactIndex, ["ID", "Path"]);
-  const taskPlan = task.taskPlanPath ? readFileSafe(path.join(target.projectRoot, String(task.taskPlanPath).replace(/^TARGET:/, "").replace(/^\/+/, ""))) : "";
-  const requiredReadRows = parseMarkdownRows(taskPlan, ["Reference", "Path"]);
-  const expectedReferencePaths = new Map();
-  for (const resource of Object.values(presetPackage.resources?.references || {})) {
-    const relativePath = toPosix(path.join(taskRelativePath, resource.path));
-    expectedReferencePaths.set(resource.index.id, `TARGET:${relativePath}`);
-    if (!fs.existsSync(path.join(target.projectRoot, relativePath))) {
-      failures.push(`${task.path} ${task.taskPreset} preset resource missing: TARGET:${relativePath}`);
-    }
-    if (!hasIndexedResource(referenceRows, resource.index.id, `TARGET:${relativePath}`)) {
-      failures.push(`${task.path} ${task.taskPreset} preset reference index missing ${resource.index.id}`);
-    }
-  }
-  for (const resource of Object.values(presetPackage.resources?.artifacts || {})) {
-    const relativePath = toPosix(path.join(taskRelativePath, resource.path));
-    if (!fs.existsSync(path.join(target.projectRoot, relativePath))) {
-      failures.push(`${task.path} ${task.taskPreset} preset resource missing: TARGET:${relativePath}`);
-    }
-    if (!hasIndexedResource(artifactRows, resource.index.id, `TARGET:${relativePath}`)) {
-      failures.push(`${task.path} ${task.taskPreset} preset artifact index missing ${resource.index.id}`);
-    }
-  }
-  for (const requiredRead of presetPackage.context?.requiredReads || []) {
-    const expectedPath = expectedReferencePaths.get(requiredRead);
-    if (!referenceRows.some((row) => row.ID === requiredRead && (!expectedPath || row.Path === expectedPath))) {
-      failures.push(`${task.path} ${task.taskPreset} preset required read missing from references index: ${requiredRead}`);
-    }
-    if (!requiredReadRows.some((row) => row.Reference === requiredRead && (!expectedPath || row.Path === expectedPath))) {
-      failures.push(`${task.path} ${task.taskPreset} preset required read missing from task plan: ${requiredRead}`);
-    }
-  }
-  return failures;
-}
-
-function hasIndexedResource(rows, id, expectedPath) {
-  return rows.some((row) => row.ID === id && row.Path === expectedPath);
-}
-
-function parseMarkdownRows(markdown, requiredColumns) {
-  const rows = [];
-  const lines = String(markdown || "").split(/\r?\n/);
-  for (let index = 0; index < lines.length; index += 1) {
-    const line = lines[index].trim();
-    const next = lines[index + 1]?.trim() || "";
-    if (!isTableRow(line) || !isTableSeparator(next)) continue;
-    const header = splitTableRow(line);
-    if (!requiredColumns.every((column) => header.includes(column))) continue;
-    index += 2;
-    while (index < lines.length && isTableRow(lines[index].trim())) {
-      const cells = splitTableRow(lines[index].trim());
-      if (cells.length === header.length) rows.push(Object.fromEntries(header.map((column, cellIndex) => [column, cells[cellIndex] || ""])));
-      index += 1;
-    }
-    index -= 1;
-  }
-  return rows;
-}
-
-function isTableRow(line) {
-  return line.startsWith("|") && line.endsWith("|");
-}
-
-function isTableSeparator(line) {
-  if (!isTableRow(line)) return false;
-  return splitTableRow(line).every((cell) => /^:?-{3,}:?$/.test(cell));
-}
-
-function splitTableRow(line) {
-  return line.slice(1, -1).split("|").map((cell) => cell.trim());
-}

package/scripts/lib/review-confirm-git-gate.mjs

@@ -1,248 +0,0 @@
-import path from "node:path";
-import fs from "node:fs";
-import { spawnSync } from "node:child_process";
-import { toPosix } from "./core-shared.mjs";
-
-export class ReviewConfirmGitGateError extends Error {
-  constructor(message, { code = "review-confirm-git-gate-failed", status = 409, details = {}, recovery = [] } = {}) {
-    super(message);
-    this.name = "ReviewConfirmGitGateError";
-    this.code = code;
-    this.status = status;
-    this.details = details;
-    this.recovery = recovery;
-  }
-}
-
-export function prepareReviewConfirmGitGate(projectRoot, allowedFilesAbs) {
-  const root = path.resolve(projectRoot);
-  const resolvedGitRoot = requireGitRoot(root);
-  if (real(resolvedGitRoot) !== real(root)) {
-    throw new ReviewConfirmGitGateError("Target must be the Git repository root for review confirmation auto-commit.", {
-      code: "git-root-mismatch",
-      details: { targetRoot: root, gitRoot: resolvedGitRoot },
-      recovery: [
-        "Run review-confirm from the repository root for the target task.",
-        "For private harness tasks, run against the private harness repository root, not the public parent.",
-      ],
-    });
-  }
-  const gitRoot = root;
-  const allowedPaths = allowedFilesAbs.map((filePath) => toPosix(path.relative(gitRoot, path.resolve(filePath))));
-  assertAllowedPaths(allowedPaths);
-  assertCleanWorkingTree(gitRoot);
-  assertCommitIdentity(gitRoot);
-  return { gitRoot, allowedPaths };
-}
-
-export function commitReviewConfirmationGate(gate, { taskId, reviewPath, writeFinalAudit, message = "" }) {
-  const subjectSuffix = taskId.replace(/[^A-Za-z0-9._/-]+/g, "-");
-  assertOnlyAllowedChanged(gate.gitRoot, gate.allowedPaths);
-  git(gate.gitRoot, ["add", "--", ...gate.allowedPaths]);
-  assertOnlyAllowedStaged(gate.gitRoot, gate.allowedPaths);
-  const confirmCommit = commit(gate.gitRoot, `chore: confirm review ${subjectSuffix}`, {
-    recovery: [
-      "Review confirmation files were written but not committed.",
-      `Inspect and either fix hooks then run: git add -- ${gate.allowedPaths.join(" ")} && git commit`,
-      "Or manually revert the written review confirmation files if the confirmation should not proceed.",
-    ],
-  });
-
-  writeFinalAudit(confirmCommit);
-  const reviewRelativePath = toPosix(path.relative(gate.gitRoot, path.resolve(reviewPath)));
-  git(gate.gitRoot, ["add", "--", reviewRelativePath]);
-  assertOnlyAllowedStaged(gate.gitRoot, gate.allowedPaths);
-  const auditCommit = commit(gate.gitRoot, `chore: record review confirmation audit ${subjectSuffix}`, {
-    recovery: [
-      "The confirmation commit was created, but final audit metadata could not be committed.",
-      `Confirmation commit SHA: ${confirmCommit}`,
-      `Fix hooks, then stage ${reviewRelativePath} and commit the audit metadata.`,
-    ],
-  });
-  assertCleanWorkingTree(gate.gitRoot);
-  return {
-    commitSha: confirmCommit,
-    auditCommitSha: auditCommit,
-    auditStatus: "committed",
-    allowedPaths: gate.allowedPaths,
-    message,
-  };
-}
-
-export function validateReviewConfirmationGitAudit({ projectRoot, taskId, reviewPath, progressPath, commitSha }) {
-  const issues = [];
-  const addIssue = (code) => issues.push(code);
-  const root = projectRoot ? path.resolve(projectRoot) : "";
-  const reviewRelativePath = root && reviewPath ? toPosix(path.relative(root, path.resolve(reviewPath))) : "";
-  const progressRelativePath = root && progressPath ? toPosix(path.relative(root, path.resolve(progressPath))) : "";
-  const expectedPaths = [reviewRelativePath, progressRelativePath].filter(Boolean).sort();
-  if (!root) addIssue("git-audit-context-missing");
-  if (!commitSha) addIssue("git-audit-commit-missing");
-  if (issues.length > 0) return { valid: false, issues };
-
-  const gitRootResult = git(root, ["rev-parse", "--show-toplevel"], { allowFailure: true });
-  if (gitRootResult.status !== 0) {
-    return { valid: false, issues: ["git-audit-repository-missing"] };
-  }
-  const gitRoot = path.resolve(gitRootResult.stdout.trim());
-  if (real(gitRoot) !== real(root)) addIssue("git-audit-root-mismatch");
-
-  const commitResult = git(root, ["rev-parse", "--verify", `${commitSha}^{commit}`], { allowFailure: true });
-  if (commitResult.status !== 0) {
-    return { valid: false, issues: [...issues, "git-audit-commit-missing"] };
-  }
-  const fullCommitSha = commitResult.stdout.trim();
-  const reachable = git(root, ["merge-base", "--is-ancestor", fullCommitSha, "HEAD"], { allowFailure: true });
-  if (reachable.status !== 0) addIssue("git-audit-commit-not-reachable");
-
-  const subject = git(root, ["show", "-s", "--format=%s", fullCommitSha], { allowFailure: true }).stdout.trim();
-  const expectedSubject = `chore: confirm review ${String(taskId || "").replace(/[^A-Za-z0-9._/-]+/g, "-")}`;
-  if (subject !== expectedSubject) addIssue("git-audit-subject-mismatch");
-
-  const changedPaths = git(root, ["diff-tree", "--no-commit-id", "--name-only", "-r", fullCommitSha], { allowFailure: true }).stdout
-    .split(/\r?\n/)
-    .filter(Boolean)
-    .map(toPosix)
-    .sort();
-  if (expectedPaths.length === 0) addIssue("git-audit-allowlist-missing");
-  if (changedPaths.join("\n") !== expectedPaths.join("\n")) addIssue("git-audit-allowlist-mismatch");
-
-  return {
-    valid: issues.length === 0,
-    issues,
-    commitSha: fullCommitSha,
-    changedPaths,
-    expectedPaths,
-    subject,
-  };
-}
-
-function requireGitRoot(root) {
-  const result = git(root, ["rev-parse", "--show-toplevel"], { allowFailure: true });
-  if (result.status !== 0) {
-    throw new ReviewConfirmGitGateError("Review confirmation auto-commit requires a Git repository.", {
-      code: "git-repository-missing",
-      details: { root, stderr: result.stderr.trim() },
-      recovery: ["Initialize Git for the target project or run review-confirm from the correct repository root."],
-    });
-  }
-  return path.resolve(result.stdout.trim());
-}
-
-function assertAllowedPaths(paths) {
-  const disallowed = paths.filter((relativePath) => {
-    if (!relativePath || relativePath.startsWith("../") || path.isAbsolute(relativePath)) return true;
-    if (relativePath === "AGENTS.md" || relativePath === "CLAUDE.md") return true;
-    if (relativePath === "docs" || relativePath.startsWith("docs/")) return false;
-    if (relativePath === ".harness-private" || relativePath.startsWith(".harness-private/")) return true;
-    return false;
-  });
-  if (disallowed.length > 0) {
-    throw new ReviewConfirmGitGateError("Review confirmation write allowlist contains forbidden paths.", {
-      code: "git-allowlist-forbidden-path",
-      details: { disallowed },
-      recovery: ["Limit review-confirm writes to the current task INDEX.md file."],
-    });
-  }
-}
-
-function assertCleanWorkingTree(gitRoot) {
-  const entries = statusEntries(gitRoot);
-  if (entries.length > 0) {
-    throw new ReviewConfirmGitGateError("Git working tree is not clean; refusing review confirmation auto-commit.", {
-      code: "git-dirty-working-tree",
-      details: { entries },
-      recovery: [
-        "Commit, move, or intentionally discard unrelated changes before review-confirm.",
-        "Do not stash/reset automatically; resolve ownership of the dirty files first.",
-      ],
-    });
-  }
-}
-
-function assertCommitIdentity(gitRoot) {
-  const name = git(gitRoot, ["config", "--get", "user.name"], { allowFailure: true }).stdout.trim();
-  const email = git(gitRoot, ["config", "--get", "user.email"], { allowFailure: true }).stdout.trim();
-  if (!name || !email) {
-    throw new ReviewConfirmGitGateError("Git commit identity is missing; refusing review confirmation auto-commit.", {
-      code: "git-identity-missing",
-      details: { hasName: Boolean(name), hasEmail: Boolean(email) },
-      recovery: [
-        "Set a local Git identity for this repository:",
-        "git config user.name \"Your Name\"",
-        "git config user.email \"you@example.com\"",
-      ],
-    });
-  }
-}
-
-function assertOnlyAllowedChanged(gitRoot, allowedPaths) {
-  const entries = statusEntries(gitRoot);
-  const outside = entries.filter((entry) => !allowedPaths.includes(entry.path));
-  if (outside.length > 0) {
-    throw new ReviewConfirmGitGateError("Review confirmation produced changes outside the write allowlist.", {
-      code: "git-allowlist-violation",
-      details: { entries, allowedPaths },
-      recovery: [
-        "Inspect the extra files and do not commit them through review-confirm.",
-        "Revert only the unintended review-confirm side effects, then retry.",
-      ],
-    });
-  }
-}
-
-function assertOnlyAllowedStaged(gitRoot, allowedPaths) {
-  const entries = statusEntries(gitRoot);
-  const stagedOutside = entries.filter((entry) => entry.index !== " " && !allowedPaths.includes(entry.path));
-  if (stagedOutside.length > 0) {
-    throw new ReviewConfirmGitGateError("Git index contains staged files outside the review confirmation allowlist.", {
-      code: "git-index-allowlist-violation",
-      details: { stagedOutside, allowedPaths },
-      recovery: ["Unstage unrelated files before retrying review-confirm."],
-    });
-  }
-}
-
-function commit(gitRoot, message, { recovery }) {
-  const result = git(gitRoot, ["commit", "-m", message], { allowFailure: true });
-  if (result.status !== 0) {
-    throw new ReviewConfirmGitGateError("Git commit failed during review confirmation auto-commit.", {
-      code: "git-commit-failed",
-      details: { stdout: result.stdout.trim(), stderr: result.stderr.trim() },
-      recovery,
-    });
-  }
-  return git(gitRoot, ["rev-parse", "HEAD"]).stdout.trim();
-}
-
-function statusEntries(gitRoot) {
-  const output = git(gitRoot, ["status", "--porcelain=v1", "--untracked-files=all"]).stdout;
-  return output.split(/\r?\n/).filter(Boolean).map((line) => ({
-    index: line.slice(0, 1),
-    worktree: line.slice(1, 2),
-    path: parseStatusPath(line.slice(3)),
-    raw: line,
-  }));
-}
-
-function parseStatusPath(value) {
-  const unquoted = value.replace(/^"|"$/g, "");
-  const renamed = unquoted.includes(" -> ") ? unquoted.split(" -> ").pop() : unquoted;
-  return renamed;
-}
-
-function git(cwd, args, { allowFailure = false } = {}) {
-  const result = spawnSync("git", args, { cwd, encoding: "utf8" });
-  if (!allowFailure && result.status !== 0) {
-    throw new ReviewConfirmGitGateError(`git ${args.join(" ")} failed`, {
-      code: "git-command-failed",
-      details: { stdout: result.stdout.trim(), stderr: result.stderr.trim() },
-      recovery: ["Inspect the Git error and retry review-confirm after resolving it."],
-    });
-  }
-  return result;
-}
-
-function real(filePath) {
-  return fs.realpathSync(filePath);
-}

package/scripts/lib/status-builder.mjs

@@ -1,88 +0,0 @@
-import path from "node:path";
-import { normalizeTarget, toPosix } from "./core-shared.mjs";
-import { capabilityDefinitions, readCapabilityRegistry } from "./capability-registry.mjs";
-import { summarizeGitState } from "./git-status-summary.mjs";
-import { collectTasks, taskCutoverCounters } from "./task-scanner.mjs";
-
-export function buildStatusData(targetInput, options = {}) {
-  const target = targetInput?.projectRoot ? targetInput : normalizeTarget(targetInput);
-  const validationMode = options.validationMode || "data-only";
-  const gitState = options.gitState || summarizeGitState(target);
-  const registry = options.capabilityState?.registry || readCapabilityRegistry(target);
-  const detected = options.capabilityState?.detected || [];
-  const capabilityWarnings = options.capabilityState?.warnings || [];
-  const failures = [...(options.failures || [])];
-  const warnings = [...(options.warnings || [])];
-  const legacy = options.legacy || { status: "skipped", code: 0, stdout: "", stderr: "" };
-  const tasks = options.tasks || collectTasks(target, {
-    requireGeneratedScaffoldProvenance: options.requireGeneratedScaffoldProvenance === true,
-    taskPlanPaths: options.taskPlanPaths,
-    closeoutContent: options.closeoutContent,
-  });
-  const briefReady = tasks.filter((task) => task.briefSource === "standalone").length;
-  const briefMissing = tasks.length - briefReady;
-  const capabilityNames = new Map(registry.capabilities.map((capability) => [capability.name, capability]));
-  for (const capability of detected) {
-    if (!capabilityNames.has(capability)) capabilityNames.set(capability, { name: capability, state: "configured" });
-  }
-  const cutoverCounters = taskCutoverCounters(tasks);
-  const fullCutoverEligible =
-    validationMode === "validated" &&
-    failures.length === 0 &&
-    warnings.length === 0 &&
-    cutoverCounters.legacyVisualOnlyCount === 0 &&
-    cutoverCounters.unknownClassificationCount === 0 &&
-    cutoverCounters.weakBriefCount === 0 &&
-    cutoverCounters.missingCanonicalVisualMapCount === 0;
-
-  return {
-    project: {
-      name: path.basename(target.projectRoot),
-      root: `TARGET:${target.docsOnly ? toPosix(path.relative(target.projectRoot, target.docsRoot)) : "."}`,
-      docsOnly: target.docsOnly,
-    },
-    schemaVersion: 2,
-    generatedAt: options.generatedAt || new Date().toISOString(),
-    mode: registry.mode,
-    checkState: {
-      status: failures.length > 0 ? "fail" : warnings.length > 0 ? "warn" : "pass",
-      validationMode,
-      failures: failures.length,
-      warnings: warnings.length,
-      details: { failures, warnings },
-      legacy,
-    },
-    git: gitState.summary,
-    summary: {
-      tasks: tasks.length,
-      briefCoverage: {
-        ready: briefReady,
-        missing: briefMissing,
-        total: tasks.length,
-      },
-      visualMapCoverage: {
-        canonical: tasks.filter((task) => task.visualMapSource === "canonical").length,
-        legacyOnly: cutoverCounters.legacyVisualOnlyCount,
-        missing: tasks.filter((task) => task.visualMapStatus === "missing").length,
-        total: tasks.length,
-      },
-      fullCutoverEligible,
-      legacyVisualOnlyCount: cutoverCounters.legacyVisualOnlyCount,
-      unknownClassificationCount: cutoverCounters.unknownClassificationCount,
-      weakBriefCount: cutoverCounters.weakBriefCount,
-      visualMapRequiredCount: cutoverCounters.visualMapRequiredCount,
-      missingCanonicalVisualMapCount: cutoverCounters.missingCanonicalVisualMapCount,
-    },
-    capabilities: [...capabilityNames.values()].map((capability) => ({
-      name: capability.name,
-      state: capability.state || "configured",
-      dependencyStatus: capabilityDefinitions[capability.name]?.dependencies.every((dependency) => capabilityNames.has(dependency))
-        ? "valid"
-        : "invalid",
-      warnings: capabilityWarnings.filter((warning) => warning.includes(capability.name)),
-    })),
-    tasks,
-    handoffs: tasks.flatMap((task) => task.handoffs || []),
-    recentActivity: tasks.slice(0, 8).map((task) => ({ at: new Date().toISOString(), type: "task", summary: task.title })),
-  };
-}

package/scripts/lib/subagent-authorization-audit.mjs

@@ -1,196 +0,0 @@
-import path from "node:path";
-import {
-  readFileSafe,
-  toPosix,
-  walkFiles,
-} from "./core-shared.mjs";
-import {
-  firstColumn,
-  splitMarkdownRow,
-} from "./markdown-utils.mjs";
-
-export function validateSubagentAuthorization(target, { strict = true } = {}) {
-  const failures = [];
-  const warnings = [];
-  const report = (message) => {
-    if (strict) failures.push(message);
-    else warnings.push(`adoption-needed: ${message}`);
-  };
-  const strategyPaths = walkFiles(target.docsRoot)
-    .filter((file) => file.endsWith("execution_strategy.md"))
-    .filter((file) => !file.includes(`${path.sep}_task-template${path.sep}`))
-    .filter((file) => !file.includes(`${path.sep}_optional-structures${path.sep}`))
-    .filter((file) => !file.includes(`${path.sep}_archive${path.sep}`));
-
-  for (const strategyPath of strategyPaths) {
-    const relative = toPosix(path.relative(target.projectRoot, strategyPath));
-    const content = readFileSafe(strategyPath);
-    const rows = subagentAuthorizationRows(content);
-    for (const row of rows.filter((candidate) => /worker/i.test(candidate.role))) {
-      if (!isWorkerAuthorizedStatus(row.status)) continue;
-      const missing = [];
-      for (const [label, value] of [
-        ["Authorized By", row.authorizedBy],
-        ["Authorized At", row.authorizedAt],
-        ["Scope", row.scope],
-        ["Worktree / Branch", row.worktreeBranch],
-      ]) {
-        if (!isConcreteAuthorizationValue(value)) missing.push(label);
-      }
-      if (missing.length > 0) report(`${relative} worker subagent authorization is incomplete: ${missing.join(", ")}`);
-    }
-    const delegation = subagentDelegationRows(content).find((row) => /worker/i.test(row.question));
-    if (delegation && normalizeDecision(delegation.decision) === "ask-user") {
-      const userDecision = userAuthorizationRows(content).reverse().find((row) => /worker/i.test(row.gate) && isResolvedWorkerGateState(row.state));
-      if (!userDecision) {
-        report(`${relative} worker subagent ask-user decision is unresolved: missing User Authorization Decision`);
-      } else {
-        const missing = missingUserDecisionFields(userDecision);
-        if (missing.length > 0) report(`${relative} worker subagent authorization decision is incomplete: ${missing.join(", ")}`);
-      }
-    }
-  }
-  return { failures, warnings };
-}
-
-function subagentAuthorizationRows(content) {
-  const section = markdownSection(content, "Subagent Authorization");
-  if (!section) return [];
-  const lines = section.split(/\r?\n/);
-  for (let index = 0; index < lines.length - 1; index += 1) {
-    if (!lines[index].trim().startsWith("|")) continue;
-    const header = splitMarkdownRow(lines[index]);
-    const separator = splitMarkdownRow(lines[index + 1]);
-    if (!separator.every((cell) => /^:?-{3,}:?$/.test(cell))) continue;
-    const roleIndex = firstColumn(header, ["Role"]);
-    const statusIndex = firstColumn(header, ["Status"]);
-    if (roleIndex < 0 || statusIndex < 0) continue;
-    const indexes = {
-      role: roleIndex,
-      status: statusIndex,
-      authorizedBy: firstColumn(header, ["Authorized By"]),
-      authorizedAt: firstColumn(header, ["Authorized At"]),
-      scope: firstColumn(header, ["Scope"]),
-      worktreeBranch: firstColumn(header, ["Worktree / Branch", "Worktree", "Branch"]),
-    };
-    return lines
-      .slice(index + 2)
-      .filter((line) => line.trim().startsWith("|"))
-      .map(splitMarkdownRow)
-      .filter((row) => row.length === header.length)
-      .map((row) => Object.fromEntries(Object.entries(indexes).map(([key, column]) => [key, column >= 0 ? row[column] || "" : ""])));
-  }
-  return [];
-}
-
-function subagentDelegationRows(content) {
-  const section = markdownSection(content, "Subagent Delegation Decision");
-  if (!section) return [];
-  return parseFirstTable(section, ["Question", "Decision"]).map((row) => ({
-    question: row.Question || "",
-    decision: row.Decision || "",
-  }));
-}
-
-function userAuthorizationRows(content) {
-  return parseMatchingTables(content, ["Gate", "State"]).map((row) => ({
-    gate: row.Gate || "",
-    state: row.State || "",
-    decidedBy: row["Decided By"] || "",
-    decidedAt: row["Decided At"] || "",
-    scope: row.Scope || "",
-    worktreeBranch: row["Worktree / Branch"] || row.Worktree || row.Branch || "",
-  }));
-}
-
-function parseMatchingTables(content, requiredColumns) {
-  const lines = String(content || "").split(/\r?\n/);
-  const rows = [];
-  for (let index = 0; index < lines.length - 1; index += 1) {
-    if (!lines[index].trim().startsWith("|")) continue;
-    const header = splitMarkdownRow(lines[index]);
-    const separator = splitMarkdownRow(lines[index + 1]);
-    if (!separator.every((cell) => /^:?-{3,}:?$/.test(cell))) continue;
-    if (requiredColumns.some((column) => firstColumn(header, [column]) < 0)) continue;
-    let rowIndex = index + 2;
-    while (rowIndex < lines.length && lines[rowIndex].trim().startsWith("|")) {
-      const row = splitMarkdownRow(lines[rowIndex]);
-      if (row.length === header.length) rows.push(Object.fromEntries(header.map((column, columnIndex) => [column, row[columnIndex] || ""])));
-      rowIndex += 1;
-    }
-  }
-  return rows;
-}
-
-function parseFirstTable(content, requiredColumns) {
-  const lines = String(content || "").split(/\r?\n/);
-  for (let index = 0; index < lines.length - 1; index += 1) {
-    if (!lines[index].trim().startsWith("|")) continue;
-    const header = splitMarkdownRow(lines[index]);
-    const separator = splitMarkdownRow(lines[index + 1]);
-    if (!separator.every((cell) => /^:?-{3,}:?$/.test(cell))) continue;
-    if (requiredColumns.some((column) => firstColumn(header, [column]) < 0)) continue;
-    return lines
-      .slice(index + 2)
-      .filter((line) => line.trim().startsWith("|"))
-      .map(splitMarkdownRow)
-      .filter((row) => row.length === header.length)
-      .map((row) => Object.fromEntries(header.map((column, columnIndex) => [column, row[columnIndex] || ""])));
-  }
-  return [];
-}
-
-function markdownSection(content, heading) {
-  const lines = String(content || "").split(/\r?\n/);
-  const escaped = heading.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-  const start = lines.findIndex((line) => new RegExp(`^##\\s+${escaped}\\s*$`, "i").test(line.trim()));
-  if (start < 0) return "";
-  const end = lines.findIndex((line, index) => index > start && /^##\s+/.test(line));
-  return lines.slice(start + 1, end < 0 ? undefined : end).join("\n");
-}
-
-function isConcreteAuthorizationValue(value) {
-  const raw = String(value || "").replace(/`/g, "").trim();
-  return Boolean(raw) && !/^\[.*\]$/.test(raw) && !/^(pending|n\/a|na|none|-|—|–|待授权|待定|无)$/i.test(raw);
-}
-
-function isWorkerAuthorizedStatus(value) {
-  const raw = String(value || "")
-    .replace(/`/g, "")
-    .trim()
-    .toLowerCase()
-    .replaceAll("_", "-")
-    .replace(/\s+/g, "-");
-  if (!raw || /^(not-authorized|unauthorized|pending|no|false|未授权|待授权)$/.test(raw)) return false;
-  return /(^|\b)(authorized|used|active|approved)(\b|$)|已授权|已使用/.test(raw);
-}
-
-function normalizeDecision(value) {
-  return String(value || "")
-    .replace(/`/g, "")
-    .trim()
-    .toLowerCase()
-    .replaceAll("_", "-")
-    .replace(/\s+/g, "-");
-}
-
-function isResolvedWorkerGateState(value) {
-  const raw = normalizeDecision(value);
-  return /^(authorized|approved|denied|rejected|not-needed|not-authorized|no|yes|无需|拒绝|已授权)$/.test(raw);
-}
-
-function missingUserDecisionFields(row) {
-  const state = normalizeDecision(row.state);
-  const required = state === "authorized" || state === "approved" || state === "yes" || state === "已授权"
-    ? [
-        ["Decided By", row.decidedBy],
-        ["Decided At", row.decidedAt],
-        ["Scope", row.scope],
-        ["Worktree / Branch", row.worktreeBranch],
-      ]
-    : [
-        ["Decided By", row.decidedBy],
-        ["Decided At", row.decidedAt],
-      ];
-  return required.filter(([, value]) => !isConcreteAuthorizationValue(value)).map(([label]) => label);
-}