create-claude-cabinet 0.25.2 → 0.25.4

package/lib/cli.js

@@ -875,6 +875,7 @@ async function run() {
         const alwaysCopyPhases = [
           'skills/onboard', 'skills/seed',
           'skills/cc-upgrade', 'skills/cc-extract',
+          'skills/verify',
         ];
         const isSkill = tmpl.startsWith('skills/') && !alwaysCopyPhases.some(p => tmpl.startsWith(p));
         const results = await copyTemplates(srcPath, destPath, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-claude-cabinet",
-  "version": "0.25.2",
+  "version": "0.25.4",
   "description": "Claude Cabinet — opinionated process scaffolding for Claude Code projects",
   "bin": {
     "create-claude-cabinet": "bin/create-claude-cabinet.js"

package/templates/hooks/action-completion-gate.sh

@@ -14,7 +14,6 @@ INPUT="$CLAUDE_TOOL_INPUT"
 FID=$(echo "$INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('fid',''))" 2>/dev/null)
 
 if [ -z "$FID" ]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -43,4 +42,4 @@ if [ "$AC_VERIFIED" != "True" ]; then
   exit 0
 fi
 
-echo '{"decision":"allow"}'
+exit 0

package/templates/hooks/action-quality-gate.sh

@@ -47,4 +47,4 @@ if ! echo "$NOTES" | grep -qiE '(## Surface|files:|dirs:)'; then
   exit 0
 fi
 
-echo '{"decision":"allow"}'
+exit 0

package/templates/hooks/cc-upstream-guard.sh

@@ -14,13 +14,14 @@
 #
 # Hook contract:
 #   Input: $CLAUDE_TOOL_INPUT has the tool use JSON with "file_path" field
-#   Output: JSON on stdout with { "decision": "block"|"allow", "reason": "..." }
+#   Output: JSON on stdout with { "decision": "block", "reason": "..." }
+#           when blocking. Otherwise empty stdout + exit 0 (allow is the
+#           default; emitting "allow" violates the hook output schema).
 
 # Extract file_path from tool input
 FILE_PATH=$(echo "$CLAUDE_TOOL_INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('file_path',''))" 2>/dev/null)
 
 if [ -z "$FILE_PATH" ]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -42,7 +43,6 @@ PROJECT_ROOT=$(find_project_root)
 
 if [ -z "$PROJECT_ROOT" ]; then
   # No .ccrc.json found — not a CC project, allow everything
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -53,7 +53,6 @@ if [[ "$FILE_PATH" = /* ]]; then
   REL_PATH="${FILE_PATH#$PROJECT_ROOT/}"
   # If the path didn't change, the file is outside the project
   if [ "$REL_PATH" = "$FILE_PATH" ]; then
-    echo '{"decision":"allow"}'
     exit 0
   fi
 else
@@ -74,6 +73,5 @@ except:
 
 if [ "$IN_MANIFEST" = "yes" ]; then
   echo "{\"decision\":\"block\",\"reason\":\"Blocked: $REL_PATH is managed by Claude Cabinet. CC-managed files are upstream-owned — edits come through /cc-upgrade, not direct modification. Put project-specific content in briefing files or phase files instead.\"}"
-else
-  echo '{"decision":"allow"}'
 fi
+exit 0

package/templates/hooks/git-guardrails.sh

@@ -9,13 +9,15 @@
 #
 # Hook contract:
 #   Input: $CLAUDE_TOOL_INPUT has the tool use JSON with "command" field
-#   Output: JSON on stdout with { "decision": "block"|"allow", "reason": "..." }
+#   Output: JSON on stdout with { "decision": "block", "reason": "..." }
+#           when blocking. Otherwise empty stdout + exit 0 (Claude Code
+#           treats no-output as allow; emitting "allow" violates the
+#           hook output schema).
 
 # Read the command from the tool input
 COMMAND=$(echo "$CLAUDE_TOOL_INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('command',''))" 2>/dev/null)
 
 if [ -z "$COMMAND" ]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -62,6 +64,5 @@ RESULT=$(check_command "$COMMAND")
 
 if [ -n "$RESULT" ]; then
   echo "$RESULT"
-else
-  echo '{"decision":"allow"}'
 fi
+exit 0

package/templates/hooks/omega-memory-guard.sh

@@ -16,13 +16,14 @@
 #
 # Hook contract:
 #   Input: $CLAUDE_TOOL_INPUT has the tool use JSON with "file_path" field
-#   Output: JSON on stdout with { "decision": "block"|"allow", "reason": "..." }
+#   Output: JSON on stdout with { "decision": "block", "reason": "..." }
+#           when blocking. Otherwise empty stdout + exit 0 (allow is the
+#           default; emitting "allow" violates the hook output schema).
 
 # Extract file_path from tool input
 FILE_PATH=$(echo "$CLAUDE_TOOL_INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('file_path',''))" 2>/dev/null)
 
 if [ -z "$FILE_PATH" ]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -30,21 +31,18 @@ fi
 # Note: case patterns with * don't cross / boundaries in some shells,
 # so we use [[ ]] substring matching for absolute path compatibility.
 if [[ "$FILE_PATH" != *"/.claude/memory/"* ]] && [[ "$FILE_PATH" != *"/.claude/projects/"*"/memory/"* ]]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
 # Allow MEMORY.md index files (structural, not memory content)
 BASENAME=$(basename "$FILE_PATH")
 if [ "$BASENAME" = "MEMORY.md" ]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
 # Allow pattern files (enforcement pipeline artifacts, not semantic memories)
 case "$FILE_PATH" in
   */memory/patterns/*)
-    echo '{"decision":"allow"}'
     exit 0
     ;;
 esac
@@ -53,7 +51,6 @@ esac
 OMEGA_PYTHON="$HOME/.claude-cabinet/omega-venv/bin/python3"
 if [ ! -x "$OMEGA_PYTHON" ]; then
   # Omega not available — flat markdown IS the correct fallback
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -73,7 +70,6 @@ find_adapter() {
 ADAPTER=$(find_adapter)
 if [ -z "$ADAPTER" ]; then
   # No adapter found — flat markdown fallback is correct
-  echo '{"decision":"allow"}'
   exit 0
 fi
 

package/templates/hooks/work-tracker-guard.sh

@@ -10,7 +10,6 @@ INPUT="$CLAUDE_TOOL_INPUT"
 COMMAND=$(echo "$INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('command',''))" 2>/dev/null)
 
 if [ -z "$COMMAND" ]; then
-  echo '{"decision":"allow"}'
   exit 0
 fi
 
@@ -19,20 +18,18 @@ PHASE_FILE=".claude/skills/hooks/phases/work-tracker-guard.md"
 if [ -f "$PHASE_FILE" ]; then
   FIRST_LINE=$(head -1 "$PHASE_FILE")
   if [ "$FIRST_LINE" = "skip: true" ]; then
-    echo '{"decision":"allow"}'
     exit 0
   fi
 fi
 
 # Check for SQL operations against actions table
 if echo "$COMMAND" | grep -qiE '(INSERT\s+INTO|UPDATE|DELETE\s+FROM)\s+actions'; then
-  # Override escape hatch
+  # Override escape hatch — allow is the default, just exit 0
   if echo "$COMMAND" | grep -q '\-\-force-raw-sql'; then
-    echo '{"decision":"allow","reason":"Raw SQL override acknowledged. Quality gates bypassed."}'
     exit 0
   fi
   echo '{"decision":"block","reason":"Raw SQL against actions table detected. Use MCP tools instead: pib_create_action, pib_update_action, pib_complete_action, pib_get_action. These enforce quality gates. To override (almost certainly wrong): add --force-raw-sql to your command."}'
   exit 0
 fi
 
-echo '{"decision":"allow"}'
+exit 0

package/templates/scripts/triage-server.mjs

@@ -1,21 +1,53 @@
 /**
- * Minimal triage server — serves the triage UI and holds findings/verdicts in memory.
+ * Minimal triage server — serves the triage UI and holds findings/verdicts.
  *
  * Claude POSTs findings, user triages in browser, Claude GETs verdicts.
+ * Each verdict is written through to disk as the user makes it, so page
+ * reloads or server restarts don't lose in-progress triage decisions.
  *
  * Usage: node triage-server.mjs [--port 3457]
  */
 
 import { createServer } from 'node:http';
-import { readFile } from 'node:fs/promises';
+import { readFile, writeFile, mkdir, unlink } from 'node:fs/promises';
 import { fileURLToPath } from 'node:url';
 import { dirname, join } from 'node:path';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PORT = parseInt(process.argv.find((_, i, a) => a[i - 1] === '--port') || '3457');
+const DRAFT_PATH = join(process.cwd(), '.claude', 'triage-draft.json');
 
 let currentFindings = [];
 let currentVerdicts = null;
+let drafts = {}; // { findingId: { verdict, feedback } }
+
+async function loadDrafts() {
+  try {
+    drafts = JSON.parse(await readFile(DRAFT_PATH, 'utf-8'));
+  } catch {
+    drafts = {};
+  }
+}
+
+async function saveDrafts() {
+  await mkdir(dirname(DRAFT_PATH), { recursive: true });
+  await writeFile(DRAFT_PATH, JSON.stringify(drafts, null, 2));
+}
+
+function dedupById(items) {
+  const seen = new Set();
+  const out = [];
+  for (const f of items) {
+    if (!f || !f.id || seen.has(f.id)) continue;
+    seen.add(f.id);
+    out.push(f);
+  }
+  return out;
+}
+
+function withDrafts(findings) {
+  return findings.map((f) => ({ ...f, draft: drafts[f.id] || null }));
+}
 
 function json(res, data, status = 200) {
   res.writeHead(status, { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*' });
@@ -53,21 +85,47 @@ const server = createServer(async (req, res) => {
     for await (const chunk of req) body += chunk;
     try {
       const data = JSON.parse(body);
-      currentFindings = data.findings || data;
-      currentVerdicts = null; // Reset verdicts for new batch
-      console.log(`Loaded ${currentFindings.length} findings`);
+      const raw = data.findings || data;
+      currentFindings = dedupById(Array.isArray(raw) ? raw : []);
+      currentVerdicts = null;
+      // Trim drafts to the new finding id set so a fresh batch doesn't
+      // surface stale entries, but a re-POST of the same batch preserves
+      // in-progress work.
+      const idSet = new Set(currentFindings.map((f) => f.id));
+      drafts = Object.fromEntries(Object.entries(drafts).filter(([id]) => idSet.has(id)));
+      await saveDrafts();
+      console.log(`Loaded ${currentFindings.length} findings (${Object.keys(drafts).length} drafts retained)`);
       return json(res, { ok: true, count: currentFindings.length });
     } catch (err) {
       return json(res, { error: 'Invalid JSON' }, 400);
     }
   }
 
-  // GET /api/findings — UI fetches findings
+  // GET /api/findings — UI fetches findings (with any saved drafts attached)
   if (req.method === 'GET' && url.pathname === '/api/findings') {
-    return json(res, { findings: currentFindings });
+    return json(res, { findings: withDrafts(currentFindings) });
+  }
+
+  // POST /api/verdict — UI writes a single verdict as the user makes it
+  if (req.method === 'POST' && url.pathname === '/api/verdict') {
+    let body = '';
+    for await (const chunk of req) body += chunk;
+    try {
+      const { id, verdict, feedback } = JSON.parse(body);
+      if (!id) return json(res, { error: 'Missing id' }, 400);
+      const existing = drafts[id] || { verdict: '', feedback: '' };
+      drafts[id] = {
+        verdict: verdict !== undefined ? verdict : existing.verdict,
+        feedback: feedback !== undefined ? feedback : existing.feedback,
+      };
+      await saveDrafts();
+      return json(res, { ok: true });
+    } catch (err) {
+      return json(res, { error: 'Invalid JSON' }, 400);
+    }
   }
 
-  // POST /api/verdicts — UI submits verdicts
+  // POST /api/verdicts — UI submits final verdicts batch
   if (req.method === 'POST' && url.pathname === '/api/verdicts') {
     let body = '';
     for await (const chunk of req) body += chunk;
@@ -80,7 +138,7 @@ const server = createServer(async (req, res) => {
     }
   }
 
-  // GET /api/verdicts — Claude reads verdicts
+  // GET /api/verdicts — Claude reads submitted verdicts
   if (req.method === 'GET' && url.pathname === '/api/verdicts') {
     if (!currentVerdicts) {
       return json(res, { submitted: false, message: 'No verdicts submitted yet' });
@@ -88,11 +146,23 @@ const server = createServer(async (req, res) => {
     return json(res, currentVerdicts);
   }
 
+  // DELETE /api/draft — clear in-progress draft state
+  if (req.method === 'DELETE' && url.pathname === '/api/draft') {
+    drafts = {};
+    try {
+      await unlink(DRAFT_PATH);
+    } catch {}
+    return json(res, { ok: true });
+  }
+
   // 404
   res.writeHead(404);
   res.end('Not found');
 });
 
+await loadDrafts();
 server.listen(PORT, () => {
   console.log(`Triage server running at http://localhost:${PORT}`);
+  const draftCount = Object.keys(drafts).length;
+  if (draftCount) console.log(`Restored ${draftCount} in-progress draft verdict(s) from ${DRAFT_PATH}`);
 });

package/templates/scripts/triage-ui.html

@@ -285,13 +285,42 @@
     let findings = [];
     const verdicts = {};  // { findingId: { verdict, feedback } }
     const memberNotes = {};  // { member: { comment, question } }
+    const feedbackDebounce = {}; // { findingId: timeoutId }
+
+    function dedupById(items) {
+      const seen = new Set();
+      const out = [];
+      for (const f of items) {
+        if (!f || !f.id || seen.has(f.id)) continue;
+        seen.add(f.id);
+        out.push(f);
+      }
+      return out;
+    }
+
+    // POST a verdict write-through to the server (silent on failure
+    // — write-through is best-effort; submit remains the source of truth)
+    function persistVerdict(id) {
+      const v = verdicts[id] || { verdict: '', feedback: '' };
+      fetch('/api/verdict', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ id, verdict: v.verdict, feedback: v.feedback }),
+      }).catch(() => {});
+    }
 
     // ── Public API for Claude (javascript_tool) ──
     window.loadFindings = function(data) {
-      findings = Array.isArray(data) ? data : [];
-      // Pre-populate from recommendations
+      findings = dedupById(Array.isArray(data) ? data : []);
+      // Hydrate from server-persisted drafts first; recommendations only
+      // fill in when there's no prior draft.
       findings.forEach(f => {
-        if (f.recommendation && !verdicts[f.id]) {
+        if (f.draft && f.draft.verdict !== undefined) {
+          verdicts[f.id] = {
+            verdict: f.draft.verdict || '',
+            feedback: f.draft.feedback || '',
+          };
+        } else if (f.recommendation && !verdicts[f.id]) {
           verdicts[f.id] = { verdict: f.recommendation, feedback: '' };
         }
       });
@@ -476,6 +505,7 @@
         const v = e.target.dataset.v;
         if (!verdicts[id]) verdicts[id] = { verdict: '', feedback: '' };
         verdicts[id].verdict = v;
+        persistVerdict(id);
         render();
       }
       // Bulk buttons
@@ -485,6 +515,7 @@
         findings.filter(f => f['cabinet-member'] === member).forEach(f => {
           if (!verdicts[f.id]) verdicts[f.id] = { verdict: '', feedback: '' };
           verdicts[f.id].verdict = v;
+          persistVerdict(f.id);
         });
         render();
       }
@@ -504,6 +535,9 @@
         const id = e.target.dataset.id;
         if (!verdicts[id]) verdicts[id] = { verdict: '', feedback: '' };
         verdicts[id].feedback = e.target.value;
+        // Debounce write-through so we don't POST on every keystroke
+        clearTimeout(feedbackDebounce[id]);
+        feedbackDebounce[id] = setTimeout(() => persistVerdict(id), 400);
       }
       if (e.target.classList.contains('member-input')) {
         const p = e.target.dataset.member;

package/templates/skills/orient/phases/verify-backfill.md

@@ -74,16 +74,18 @@ For each remaining match, emit one Attention Items entry:
 
 > **`<fid>`** — `<action text>`
 >   Pending plan touches UI but lacks a `## Verify Plan` section.
->   Suggest: `/plan <fid>` to backfill the section, or accept drift —
->   `/debrief` will flag this act on completion if it ships uncovered.
+>   Suggest: `/verify backfill <fid>` to draft the section interactively,
+>   or accept drift — `/debrief` will flag this act on completion if
+>   it ships uncovered.
 
 The entries go in the briefing's **Attention Items** section,
 alongside any items surfaced by deferred-check, health-checks, etc.
 
 ## What this phase does NOT do
 
-- It does not modify action notes. The operator runs `/plan <fid>`
-  to backfill, or chooses to accept the drift.
+- It does not modify action notes. The operator runs
+  `/verify backfill <fid>` to backfill, or chooses to accept the
+  drift.
 - It does not file new actions or projects.
 - It does not block orient. Even with 5 backfill candidates, orient
   completes; the Attention Items accumulate.

package/templates/skills/verify/SKILL.md

@@ -4,9 +4,10 @@ description: |
   Walkthrough verification harness. Cucumber + Playwright scenarios with
   human-in-the-loop verdict pauses (P/I/S/N) for subjective checks.
   Subcommands: bare (run the suite), 'learn' (bootstrap from cold start),
-  'update <change>' (sync feature files to a code change). Use when:
-  "verify", "/verify", "/verify learn", "/verify update", "run walkthrough",
-  "verify scenarios", after a multi-PR umbrella ships.
+  'update <change>' (sync feature files to a code change), 'backfill <fid>'
+  (add a Verify Plan section to a pending action's notes). Use when:
+  "verify", "/verify", "/verify learn", "/verify update", "/verify backfill",
+  "run walkthrough", "verify scenarios", after a multi-PR umbrella ships.
 related:
   - type: file
     path: .claude/skills/verify/phases/discover.md
@@ -26,10 +27,13 @@ related:
   - type: file
     path: .claude/skills/verify/phases/scenario-template.md
     role: "Gherkin scenario template (cost+role tags, NN.NN checkIds)"
+  - type: file
+    path: .claude/skills/verify/phases/backfill.md
+    role: "How to draft a ## Verify Plan section for a pending action"
   - type: file
     path: cabinet/_briefing.md
     role: "Project identity and configuration"
-argument-hint: "subcommand — 'learn', 'update <change>', or empty to run"
+argument-hint: "subcommand — 'learn', 'update <change>', 'backfill <fid>', or empty to run"
 user-invocable: true
 standing-mandate: []
 ---
@@ -47,6 +51,13 @@ If `$ARGUMENTS` is provided:
   extending an existing scenario set.
 - **'update <change-description>'**: Sync feature files to a code change.
   The change can be a pib-db action fid, a diff snippet, or free-text.
+- **'backfill <fid>'**: Add a `## Verify Plan` section to a pending action's
+  notes. For actions that were planned before the verify module existed,
+  or planned without Verify Plan questions surfaced. Reads the existing
+  notes, interviews the user one question at a time about UI surface and
+  feature-file edits, drafts the section, and appends via
+  `pib_update_action`. Does NOT modify feature files — that's `/execute`'s
+  job at action ship time.
 
 ## Purpose
 
@@ -175,6 +186,30 @@ may want a new scenario, not an edit to an existing one).
 The proposed edits are presented inline. User approves, the skill
 writes them.
 
+### Mode D: `/verify backfill <fid>` — add Verify Plan to pending action
+
+Read `phases/backfill.md` for the full flow. Brief overview:
+
+1. **Load the action.** Call `pib_get_action <fid>`. Read the
+   action's `text` and `notes` (especially the `## Surface Area`
+   section). Confirm the action is pending (`completed = 0`) — if
+   already shipped, redirect the user to `/verify update <fid>`.
+2. **Read existing feature files.** `ls e2e/features/*.feature` so
+   the interview can reference real scenarios and checkIds.
+3. **Interview, one question at a time.** Per CLAUDE.md global
+   convention. Walk the user through: which features need edits,
+   what verb (ADD/MODIFY/REMOVE/NEW), what anchor or scenario name.
+4. **Draft the section.** Format matches `verify-plan.md`'s output
+   spec (one `- features/<file>.feature:` line per entry).
+5. **Show the diff.** Display the action's current notes alongside
+   the proposed appended section.
+6. **Confirm + write.** On approval, call `pib_update_action` with
+   the augmented notes. Without approval, exit without changes.
+
+This mode does NOT modify feature files. That's `/execute`'s job
+once the action runs. Backfill only adds the planning artifact so
+`/execute`'s `verify-emit` phase has something to read.
+
 ## Phase Summary
 
 | Phase | Absent = | What it customizes |
@@ -185,6 +220,7 @@ writes them.
 | `generate.md` | Default: write .feature + step stubs from calibrated draft | Generation rules (collision handling, naming) |
 | `update.md` | Default: action fid / diff / free-text dispatch | How change descriptions map to edits |
 | `scenario-template.md` | Default: Gherkin with cost+role tags, NN.NN checkIds | Project-specific scenario shape |
+| `backfill.md` | Default: interview-driven Verify Plan section drafting | Project-specific backfill questions |
 
 ## Principles
 

package/templates/skills/verify/phases/backfill.md

@@ -0,0 +1,164 @@
+# Backfill — add a Verify Plan section to a pending action
+
+Default behavior for `/verify backfill <fid>`. The mode adds a
+`## Verify Plan` section to a pending pib-db action's notes so
+`/execute`'s `verify-emit` phase can read it later. Does NOT touch
+feature files — that's `/execute`'s job at action ship time.
+
+## Inputs
+
+- A pib-db action fid (`act:abc12345`). Passed as `$ARGUMENTS` to
+  `/verify backfill`. If missing or malformed, ask the user for
+  it; don't guess from context.
+
+## Preconditions
+
+1. The action exists. If `pib_get_action <fid>` returns nothing,
+   exit with "no action found for <fid>".
+2. The action is pending (`completed = 0`). If already shipped,
+   tell the user: "act:<fid> already shipped on <date>. To sync
+   feature files retroactively, use `/verify update <fid>` instead."
+3. The action's notes don't already have a `## Verify Plan` section.
+   If they do, ask: "act:<fid> already has a Verify Plan section.
+   Replace it or skip?"
+4. `e2e/features/` exists. If not, recommend `/verify learn` first.
+
+## Workflow
+
+### 1. Load and summarize
+
+Print:
+
+```
+Backfilling Verify Plan for act:abc12345 — <action text>
+
+Current Surface Area (from notes):
+  - files: webapp/frontend/src/components/Foo.tsx
+  - files: webapp/frontend/src/hooks/useFoo.ts
+```
+
+If no Surface Area section is found, say so and proceed to step 2 —
+the user may want to add one inline.
+
+### 2. Show available feature files
+
+```
+e2e/features/:
+  01-desktop-rewrite.feature      (@api-small, @as-user)
+  02-browse-history.feature       (@free, @as-user)
+  04-admin-spot-check.feature     (@free, @as-admin)
+  ...
+```
+
+Read the first two lines of each `.feature` file to surface its
+tags. Skip features tagged `@manual` from suggestions unless the
+action explicitly mentions iOS/mobile.
+
+### 3. Interview, one question at a time
+
+Per CLAUDE.md global convention — never batch. Each answer shapes
+the next question. Typical sequence:
+
+**Q1 — surface area mapping.**
+
+> "act:abc12345 touches webapp/frontend/src/components/Foo.tsx.
+> Which feature file(s) exercise that component or the route it
+> renders on?"
+
+Wait for answer. If unclear, propose candidates based on:
+- The action's notes mentioning a route (`/admin`, `/history`)
+- The scenario names in `e2e/features/`
+- Cabinet-qa subagent if multiple plausible matches
+
+**Q2 — edit verb.**
+
+For each chosen feature file, ask:
+
+> "For features/04-admin-spot-check.feature, what kind of edit?
+>   - ADD step after an existing anchor
+>   - MODIFY an existing step's assertion
+>   - NEW scenario in a new file
+>   - REMOVE a step (for deprecations)"
+
+Wait for answer.
+
+**Q3 — specifics.**
+
+Depending on the verb, follow up:
+- **ADD step after <anchor>**: "What's the anchor checkId, and what
+  should the new step assert?"
+- **MODIFY step <checkId>**: "Which step? What should the new
+  assertion text say?"
+- **NEW scenario**: "Scenario name? Tags (cost + role)? Brief
+  description of the journey?"
+- **REMOVE step <checkId>**: "Which checkId? Confirm — removed
+  steps invalidate prior verdicts."
+
+Wait for answer.
+
+**Repeat Q1–Q3** for each additional feature file the action
+touches. After the user signals "that's all," proceed.
+
+### 4. Draft the section
+
+Format matches `verify-plan.md`'s output spec exactly so
+`verify-emit` parses it identically to plan-time output:
+
+```markdown
+## Verify Plan
+
+- features/04-admin-spot-check.feature: ADD step after the existing
+  "admin-history-list-loads" check — verify the new "balance owed"
+  column renders for users with outstanding refunds (4.12b
+  admin-balance-owed-column).
+- features/14-downloaded-files.feature: (deferred) NEW scenario for
+  the bulk-download flow — requires Phase B framework migration to
+  ship first.
+```
+
+Edit verbs: `ADD step after <anchor>`, `MODIFY step <checkId>`,
+`NEW scenario`, `REMOVE step <checkId>`. Use `(deferred)` prefix
+for entries that depend on other work.
+
+### 5. Show the diff
+
+Display:
+
+```
+Existing notes:
+─────────────
+<truncated existing notes — last 20 lines>
+
+Proposed appended section:
+──────────────────────────
+## Verify Plan
+
+<the drafted section from step 4>
+```
+
+### 6. Confirm and write
+
+> "Append this Verify Plan section to act:abc12345's notes? (y/n)"
+
+If yes:
+- Call `pib_update_action <fid> --notes "<existing_notes>\n\n<new_section>"`
+- Confirm: "Updated act:abc12345 with Verify Plan (N entries)."
+
+If no:
+- Exit without changes.
+
+## Out of scope
+
+- Modifying feature files. That's `/execute`'s `verify-emit` phase
+  when the action runs.
+- Re-running the full /plan flow (acceptance criteria, surface area,
+  cabinet review). Backfill is narrow — Verify Plan section only.
+- Creating new actions. The action already exists by definition.
+
+## When to escalate to a full /plan
+
+If the interview reveals the action is mis-scoped — e.g., the user
+realizes the surface area listed in the notes is wrong — recommend
+re-planning the whole action via `/plan` instead. Backfill is only
+useful when the action's scope and surface area are correct and
+just the Verify Plan layer is missing.