contract-driven-delivery 1.12.0 → 1.16.0

package/assets/agents/monkey-test-engineer.md

@@ -44,37 +44,16 @@ Use fuzz payloads, Playwright action sequences, property-based tests, and target
 
 ## Machine-Verifiable Evidence
 
-After completing your task, write or append to `specs/changes/<change-id>/agent-log/<your-agent-name>.md`
-with this exact structure (lines starting with `- ` are required):
-
-```
-# Monkey Test Engineer Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `test-files`: list of paths under `tests/monkey/`
 - `failure-modes-mapped`: list of `<scenario> → <expected-safe-outcome>`
 - `seeds-recorded`: list of `<test-name>: seed-value` or "deterministic"
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.
-
 ## Read scope
 
 - Allowed: `contracts/`, `tests/`, `src/`, `specs/changes/<current-change-id>/`

package/assets/agents/qa-reviewer.md

@@ -75,21 +75,10 @@ approved / blocked / approved-with-risk
 
 ## Machine-Verifiable Evidence
 
-After completing your task, include an **## Agent Log** section at the end of your response with this exact structure (lines starting with `- ` are required). The calling skill will write this block to `specs/changes/<change-id>/agent-log/qa-reviewer.md`.
-
-```
-## Agent Log
-# QA Reviewer Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `gate-results`: list of `<gate-name>: pass|fail`
@@ -98,16 +87,6 @@ After completing your task, include an **## Agent Log** section at the end of yo
 - `decision`: approved | blocked | approved-with-risk
 - `failure-routing`: list of `<failure-type> → <agent>` or "none"
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.
-
 ## Read scope
 
 - Allowed: `contracts/`, `tests/`, `src/`, `specs/changes/<current-change-id>/`

package/assets/agents/repo-context-scanner.md

@@ -84,33 +84,13 @@ frontend / backend / fullstack / monorepo / library / tool
 
 ## Machine-Verifiable Evidence
 
-After completing your task, include an **## Agent Log** section at the end of your response with this exact structure (lines starting with `- ` are required). The calling skill will write this block to `specs/changes/<change-id>/agent-log/repo-context-scanner.md`.
-
-```
-## Agent Log
-# Repo Context Scanner Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `profile-path`: `project-profile.generated.md`
 - `stack-detected`: from cdd-kit detect-stack
 - `surfaces-flagged`: list of missing standardization surfaces
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.

package/assets/agents/spec-architect.md

@@ -93,21 +93,10 @@ Target: `design.md` ≤ 150 lines.
 
 ## Machine-Verifiable Evidence
 
-After completing your task, write or append to `specs/changes/<change-id>/agent-log/<your-agent-name>.md`
-with this exact structure (lines starting with `- ` are required):
-
-```
-# Spec Architect Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `adr-written`: ADR file path under `docs/adr/` or "no ADR required"
@@ -115,16 +104,6 @@ with this exact structure (lines starting with `- ` are required):
 - `decision-summary`: one-line decision
 - `risks-noted`: count + severity buckets
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.
-
 ## Read scope
 
 - Allowed: `contracts/`, `tests/`, `src/`, `specs/changes/<current-change-id>/`

package/assets/agents/spec-drift-auditor.md

@@ -52,22 +52,10 @@ By default, do NOT read `specs/changes/` history. Only read historical change re
 
 ## Machine-Verifiable Evidence
 
-Write this block to `specs/audits/<YYYY-MM-DD>-drift-audit.md` (create the file yourself).
-Use this exact structure (lines starting with `- ` are required):
-
-```
-## Agent Log
-# Spec Drift Auditor Log
-- audit-id: <YYYY-MM-DD>-drift
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `surfaces-audited`: list (specs/contracts/code/tests/CI/tasks/archive)
@@ -75,11 +63,3 @@ Use this exact structure (lines starting with `- ` are required):
 - `drift-summary-path`: `specs/audits/<YYYY-MM-DD>-drift-audit.md`
 - `next-audit-due`: ISO date
 
-### Rules
-- NEVER omit this audit summary file. The drift-audit cadence (release / weekly / ad-hoc) requires this file as its persistence record; missing `status:` voids the audit.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.

package/assets/agents/stress-soak-engineer.md

@@ -68,21 +68,10 @@ Use realistic load profiles rather than arbitrary request loops.
 
 ## Machine-Verifiable Evidence
 
-After completing your task, write or append to `specs/changes/<change-id>/agent-log/<your-agent-name>.md`
-with this exact structure (lines starting with `- ` are required):
-
-```
-# Stress Soak Engineer Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `runner-config-path`: e.g. `tests/stress/<scenario>.js`
@@ -90,16 +79,6 @@ with this exact structure (lines starting with `- ` are required):
 - `pass-criteria-cited`: SLO references (must include p95 / error-rate / leak-signal numbers)
 - `artifacts-location`: path
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.
-
 ## Read scope
 
 - Allowed: `contracts/`, `tests/`, `src/`, `specs/changes/<current-change-id>/`

package/assets/agents/test-strategist.md

@@ -72,21 +72,10 @@ Target: `test-plan.md` ≤ 100 lines.
 
 ## Machine-Verifiable Evidence
 
-After completing your task, write or append to `specs/changes/<change-id>/agent-log/<your-agent-name>.md`
-with this exact structure (lines starting with `- ` are required):
-
-```
-# Test Strategist Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `test-plan-path`: `specs/changes/<id>/test-plan.md`
@@ -94,16 +83,6 @@ with this exact structure (lines starting with `- ` are required):
 - `coverage-tiers`: list of tiers covered (unit/contract/integration/E2E/resilience/monkey/stress/soak)
 - `mapping-completeness`: percentage or "all requirements covered"
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.
-
 ## Read scope
 
 - Allowed: `contracts/`, `tests/`, `src/`, `specs/changes/<current-change-id>/`

package/assets/agents/ui-ux-reviewer.md

@@ -51,21 +51,10 @@ approved / changes-required
 
 ## Machine-Verifiable Evidence
 
-After completing your task, include an **## Agent Log** section at the end of your response with this exact structure (lines starting with `- ` are required). The calling skill will write this block to `specs/changes/<change-id>/agent-log/ui-ux-reviewer.md`.
-
-```
-## Agent Log
-# UI/UX Reviewer Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `journeys-reviewed`: list of journey names
@@ -73,12 +62,3 @@ After completing your task, include an **## Agent Log** section at the end of yo
 - `copy-issues`: count + severity
 - `accessibility-findings`: count + severity
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.

package/assets/agents/visual-reviewer.md

@@ -53,21 +53,10 @@ approved / changes-required
 
 ## Machine-Verifiable Evidence
 
-After completing your task, include an **## Agent Log** section at the end of your response with this exact structure (lines starting with `- ` are required). The calling skill will write this block to `specs/changes/<change-id>/agent-log/visual-reviewer.md`.
-
-```
-## Agent Log
-# Visual Reviewer Log
-- change-id: <id>
-- timestamp: <ISO 8601, e.g. 2026-04-27T14:30:00Z>
-- status: complete | needs-review | blocked
-- files-read:
-  - <repo-relative path read through tools>
-- artifacts:
-  - <evidence-type>: <concrete pointer>
-  - <evidence-type>: <concrete pointer>
-- next-action: <one line, or "none">
-```
+After completing your task, write or append to
+`specs/changes/<change-id>/agent-log/<your-agent-name>.md`. Required fields,
+field rules, and gate-enforcement behavior are defined once in
+`references/agent-log-protocol.md` — do not duplicate them in this prompt.
 
 ### Required artifacts for this agent
 - `screenshots-compared`: list of `<screen>: baseline → current`
@@ -75,12 +64,3 @@ After completing your task, include an **## Agent Log** section at the end of yo
 - `state-coverage`: matrix
 - `tokens-violated`: list of CSS contract violations or "none"
 
-### Rules
-- NEVER omit this log file. `cdd-kit gate` rejects changes whose agent-log
-  is missing the `status:` line or has an invalid status.
-- If you cannot complete the task, set `status: blocked` and write a
-  concrete `next-action` (NOT "investigate further" — write the actual
-  next step a human can act on).
-- Evidence must be concrete: file:line, command name + last-10-line stdout,
-  contract path + section, test name, etc. NEVER write "verified" or "OK"
-  without a pointer.

package/assets/cdd/model-policy.json

@@ -1,5 +1,24 @@
 {
   "provider": "claude",
   "generated_at": null,
-  "roles": {}
+  "schema-version": "0.2.0",
+  "roles": {
+    "change-classifier": "claude-opus-4-7",
+    "spec-architect": "claude-opus-4-7",
+    "qa-reviewer": "claude-opus-4-7",
+    "contract-reviewer": "claude-sonnet-4-6",
+    "test-strategist": "claude-sonnet-4-6",
+    "backend-engineer": "claude-sonnet-4-6",
+    "frontend-engineer": "claude-sonnet-4-6",
+    "ci-cd-gatekeeper": "claude-sonnet-4-6",
+    "e2e-resilience-engineer": "claude-sonnet-4-6",
+    "monkey-test-engineer": "claude-sonnet-4-6",
+    "stress-soak-engineer": "claude-sonnet-4-6",
+    "ui-ux-reviewer": "claude-sonnet-4-6",
+    "visual-reviewer": "claude-sonnet-4-6",
+    "dependency-security-reviewer": "claude-sonnet-4-6",
+    "spec-drift-auditor": "claude-sonnet-4-6",
+    "repo-context-scanner": "claude-haiku-4-5"
+  },
+  "_notes": "Roles map agent name -> model ID. Override per-project as needed. cdd-kit doctor warns when an installed agent's frontmatter `model:` does not match this policy."
 }

package/assets/hooks/post-tool-use-files-read.sh

@@ -0,0 +1,55 @@
+#!/bin/sh
+# cdd-kit PostToolUse hook (B3): append actual Read/Grep/Glob targets to a
+# runtime audit log so `cdd-kit gate` can reconcile them against the agent-log
+# self-report. This turns Context Governance from a trust contract into a
+# verified contract.
+#
+# Wire into Claude Code (~/.claude/settings.json):
+#
+#   {
+#     "hooks": {
+#       "PostToolUse": [
+#         { "matcher": "Read|Grep|Glob", "command": "/path/to/hooks/post-tool-use-files-read.sh" }
+#       ]
+#     }
+#   }
+#
+# The hook receives the tool-call payload as JSON on stdin. We extract the
+# best-effort path candidate and append `<change-id>\t<path>` to a JSONL audit
+# file. CURRENT_CHANGE_ID is read from environment (cdd-new sets it on every
+# agent invocation as of v1.10.0+).
+
+set -eu
+
+CDD_RUNTIME_DIR="${CDD_RUNTIME_DIR:-./.cdd/runtime}"
+CHANGE_ID="${CURRENT_CHANGE_ID:-unknown}"
+
+mkdir -p "$CDD_RUNTIME_DIR"
+LOG_FILE="$CDD_RUNTIME_DIR/${CHANGE_ID}-files-read.jsonl"
+
+# Read JSON payload from stdin without choking if jq is missing.
+payload="$(cat || true)"
+[ -z "$payload" ] && exit 0
+
+# Try to extract the path field. Common Claude Code tool inputs:
+#   Read    → tool_input.file_path
+#   Grep    → tool_input.path / glob / pattern
+#   Glob    → tool_input.path / pattern
+# We grep first then fall back to jq when available.
+path_value=""
+if command -v jq >/dev/null 2>&1; then
+  path_value="$(printf '%s' "$payload" | jq -r '
+    .tool_input.file_path
+    // .tool_input.path
+    // .tool_input.pattern
+    // empty
+  ' 2>/dev/null || true)"
+fi
+if [ -z "$path_value" ]; then
+  path_value="$(printf '%s' "$payload" | grep -oE '"file_path"[[:space:]]*:[[:space:]]*"[^"]+"' | head -n1 | sed -E 's/.*"file_path"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
+fi
+
+[ -z "$path_value" ] && exit 0
+
+timestamp="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+printf '{"ts":"%s","change":"%s","path":"%s"}\n' "$timestamp" "$CHANGE_ID" "$path_value" >> "$LOG_FILE"