dev-loops 0.7.1 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. package/.claude/.claude-plugin/plugin.json +1 -1
  2. package/.claude/agents/dev-loop.md +7 -7
  3. package/.claude/agents/fixer.md +1 -0
  4. package/.claude/agents/refiner.md +4 -4
  5. package/.claude/agents/review.md +10 -13
  6. package/.claude/commands/loop-continue.md +2 -1
  7. package/.claude/commands/loop-enqueue.md +9 -2
  8. package/.claude/commands/loop-info.md +1 -1
  9. package/.claude/commands/loop-start-spike.md +1 -1
  10. package/.claude/hooks/_bash-command-classify.mjs +7 -6
  11. package/.claude/hooks/_hook-decisions.mjs +5 -4
  12. package/.claude/skills/copilot-pr-followup/SKILL.md +42 -28
  13. package/.claude/skills/dev-loop/SKILL.md +8 -8
  14. package/.claude/skills/docs/acceptance-criteria-verification.md +13 -4
  15. package/.claude/skills/docs/anti-patterns.md +6 -5
  16. package/.claude/skills/docs/artifact-authority-contract.md +17 -14
  17. package/.claude/skills/docs/confirmation-rules.md +2 -1
  18. package/.claude/skills/docs/contract-style-guide.md +37 -0
  19. package/.claude/skills/docs/copilot-loop-operations.md +21 -15
  20. package/.claude/skills/docs/cross-harness-regression-contract.md +2 -2
  21. package/.claude/skills/docs/debt-remediation-contract.md +1 -1
  22. package/.claude/skills/docs/epic-tree-refinement-procedure.md +25 -22
  23. package/.claude/skills/docs/issue-intake-procedure.md +37 -22
  24. package/.claude/skills/docs/merge-preconditions.md +17 -13
  25. package/.claude/skills/docs/pr-lifecycle-contract.md +45 -36
  26. package/.claude/skills/docs/public-dev-loop-contract.md +61 -44
  27. package/.claude/skills/docs/retrospective-checkpoint-contract.md +25 -9
  28. package/.claude/skills/docs/spike-mode-contract.md +14 -7
  29. package/.claude/skills/docs/stop-conditions.md +30 -15
  30. package/.claude/skills/docs/tracker-first-loop-state.md +13 -8
  31. package/.claude/skills/docs/validation-policy.md +4 -5
  32. package/.claude/skills/local-implementation/SKILL.md +49 -143
  33. package/.claude/skills/loop-grill/SKILL.md +34 -14
  34. package/AGENTS.md +1 -1
  35. package/CHANGELOG.md +36 -0
  36. package/README.md +95 -189
  37. package/agents/dev-loop.agent.md +8 -8
  38. package/agents/fixer.agent.md +1 -0
  39. package/agents/refiner.agent.md +4 -4
  40. package/agents/review.agent.md +10 -13
  41. package/extension/README.md +5 -4
  42. package/package.json +7 -5
  43. package/scripts/_core-helpers.mjs +2 -0
  44. package/scripts/claude/headless-dev-loop.mjs +1 -1
  45. package/scripts/docs/validate-rule-ownership.mjs +442 -0
  46. package/scripts/docs/validate-state-machine-conformance.mjs +1169 -0
  47. package/scripts/github/_gate-names.mjs +5 -0
  48. package/scripts/github/_review-thread-mutations.mjs +5 -2
  49. package/scripts/github/capture-review-threads.mjs +2 -2
  50. package/scripts/github/create-pr.mjs +119 -10
  51. package/scripts/github/detect-checkpoint-evidence.mjs +109 -24
  52. package/scripts/github/edit-issue.mjs +259 -0
  53. package/scripts/github/list-review-threads.mjs +277 -0
  54. package/scripts/github/post-gate-findings.mjs +6 -3
  55. package/scripts/github/probe-ci-status.mjs +18 -0
  56. package/scripts/github/probe-copilot-review.mjs +24 -3
  57. package/scripts/github/reconcile-draft-gate.mjs +13 -13
  58. package/scripts/github/request-copilot-review.mjs +109 -42
  59. package/scripts/github/upsert-checkpoint-verdict.mjs +98 -27
  60. package/scripts/github/verify-briefing-prefixes.mjs +382 -0
  61. package/scripts/github/verify-fresh-review-context.mjs +78 -3
  62. package/scripts/github/wait-pr-checks.mjs +171 -0
  63. package/scripts/github/write-gate-context.mjs +220 -10
  64. package/scripts/github/write-gate-findings-log.mjs +54 -2
  65. package/scripts/loop/_post-convergence-change.mjs +2 -2
  66. package/scripts/loop/_pr-runner-coordination.mjs +112 -13
  67. package/scripts/loop/check-retro-tooling.mjs +14 -9
  68. package/scripts/loop/copilot-pr-handoff.mjs +47 -16
  69. package/scripts/loop/detect-change-scope.mjs +2 -2
  70. package/scripts/loop/detect-copilot-loop-state.mjs +34 -14
  71. package/scripts/loop/detect-internal-only-pr.mjs +6 -6
  72. package/scripts/loop/detect-pr-gate-coordination-state.mjs +152 -18
  73. package/scripts/loop/detect-refinement-grill-state.mjs +136 -0
  74. package/scripts/loop/resolve-dev-loop-startup.mjs +145 -8
  75. package/scripts/loop/run-watch-cycle.mjs +42 -7
  76. package/scripts/loop/sanctioned-commands.mjs +3 -0
  77. package/scripts/loop/validate-pr-body-spec.mjs +21 -5
  78. package/scripts/pages/build-state-atlas.mjs +65 -48
  79. package/scripts/projects/_resolve-project.mjs +1 -148
  80. package/scripts/projects/add-queue-item.mjs +87 -4
  81. package/scripts/projects/list-queue-items.mjs +3 -377
  82. package/scripts/projects/move-queue-item.mjs +3 -410
  83. package/scripts/projects/reorder-queue-item.mjs +3 -22
  84. package/skills/copilot-pr-followup/SKILL.md +42 -28
  85. package/skills/dev-loop/SKILL.md +3 -3
  86. package/skills/docs/acceptance-criteria-verification.md +13 -4
  87. package/skills/docs/anti-patterns.md +6 -5
  88. package/skills/docs/artifact-authority-contract.md +17 -14
  89. package/skills/docs/confirmation-rules.md +2 -1
  90. package/skills/docs/contract-style-guide.md +37 -0
  91. package/skills/docs/copilot-loop-operations.md +21 -15
  92. package/skills/docs/cross-harness-regression-contract.md +2 -2
  93. package/skills/docs/debt-remediation-contract.md +1 -1
  94. package/skills/docs/epic-tree-refinement-procedure.md +25 -22
  95. package/skills/docs/issue-intake-procedure.md +37 -22
  96. package/skills/docs/merge-preconditions.md +17 -13
  97. package/skills/docs/pr-lifecycle-contract.md +45 -36
  98. package/skills/docs/public-dev-loop-contract.md +61 -44
  99. package/skills/docs/required-rules.json +165 -0
  100. package/skills/docs/retrospective-checkpoint-contract.md +25 -9
  101. package/skills/docs/spike-mode-contract.md +14 -7
  102. package/skills/docs/stop-conditions.md +30 -15
  103. package/skills/docs/tracker-first-loop-state.md +13 -8
  104. package/skills/docs/validation-policy.md +4 -5
  105. package/skills/local-implementation/SKILL.md +49 -143
  106. package/skills/loop-grill/SKILL.md +38 -17
  107. package/scripts/docs/validate-no-duplicate-rules.mjs +0 -250
package/README.md CHANGED
@@ -1,72 +1,65 @@
1
1
  # dev-loops
2
2
 
3
- Turn GitHub issues into merged PRs with zero manual steps between issue and approval.
3
+ Turn a GitHub issue into a merged PR autonomously, up to a human-approval checkpoint.
4
4
 
5
- ## What is a dev loop?
5
+ **Harness-agnostic by design.** The same dev loop runs three ways over one shared core (`packages/core`): as a **Claude Code plugin**, as a **Pi extension**, and as a standalone **CLI**. Routing, gates, and phases are defined once in the core; the plugin and extension are thin integrations over that shared workflow.
6
6
 
7
- A dev loop is an AI-driven development cycle. It takes a GitHub issue through seven lifecycle phases — from intake to merge — with deterministic routing, self-correcting review gates, and autonomous execution until the human approval checkpoint.
7
+ ## What is a dev loop?
8
8
 
9
- **Lifecycle phases:**
9
+ A dev loop takes a GitHub issue through seven lifecycle phases — from intake to merge — with deterministic routing, self-correcting review gates, and autonomous execution until a human approves. The phase is always consultable from the deterministic state model in `packages/core/src/loop/lifecycle-state.mjs`.
10
10
 
11
11
  | Phase | What happens |
12
12
  |---|---|
13
13
  | `issue_intake` | Normalize the issue, confirm scope, detect linked PRs |
14
- | `refinement` | Elaborate spec, run bounded audit, harden acceptance criteria |
14
+ | `refinement` | Elaborate the spec, run a bounded audit, harden acceptance criteria |
15
15
  | `implementation` | Build the accepted scope on a feature branch or via Copilot |
16
- | `draft_gate` | Gate review at the draft→ready boundary before marking PR ready |
16
+ | `draft_gate` | Gate review at the draft→ready boundary before marking the PR ready |
17
17
  | `feedback_resolution` | Fix, reply to, and resolve review threads on GitHub |
18
18
  | `pre_approval_gate` | Final gate review: verify evidence, CI, and unresolved threads |
19
19
  | `merge` | Merge the PR and write the retrospective checkpoint |
20
20
 
21
- Each phase is consultable from the deterministic state model in `packages/core/src/loop/lifecycle-state.mjs`. The public routing contract is [Public Dev Loop Contract](./skills/docs/public-dev-loop-contract.md).
21
+ The public routing contract is the [Public Dev Loop Contract](./skills/docs/public-dev-loop-contract.md).
22
22
 
23
23
  ## Quick start
24
24
 
25
- Use **`dev-loop`** as the single public workflow entrypoint:
25
+ `dev-loop` is the single public entrypoint. Drive it in natural language — it resolves the authoritative current state, picks the correct internal strategy, and routes deterministically. You never name internal strategies.
26
26
 
27
- - `start dev loop on issue 112` — start work on an issue
28
- - `auto dev loop on issue 112` autonomous execution until human approval
29
- - `continue dev loop on PR 88` continue follow-up on an open PR
27
+ ```text
28
+ start dev loop on issue 112 # start work on an issue
29
+ auto dev loop on issue 112 # run autonomously to the human-approval checkpoint
30
+ continue dev loop on PR 88 # continue follow-up on an open PR
31
+ ```
30
32
 
31
- The `dev-loop` entrypoint resolves authoritative state, picks the correct internal strategy, and routes work deterministically. Users never need to choose internal strategy names. See the canonical shorthand example mapping in the [Public Dev Loop Contract](./skills/docs/public-dev-loop-contract.md).
33
+ See the canonical shorthand mapping in the [Public Dev Loop Contract](./skills/docs/public-dev-loop-contract.md).
32
34
 
33
- ### Direct commands
35
+ ## Commands
34
36
 
35
- The same entrypoints are also available as direct named commands thin wrappers over the public contract, no separate routing:
37
+ `dev-loop` (natural language) is the catch-all router reach for the named commands below only when you want a direct, unrouted entrypoint. The syntax differs by harness:
36
38
 
37
- | Command | Equivalent intent |
38
- | --- | --- |
39
- | `/dev-loops:start <issue>` | start dev loop on issue `<issue>` |
40
- | `/dev-loops:auto <issue>` | auto dev loop on issue `<issue>` (autonomous until human approval) |
41
- | `/dev-loops:continue [issue\|pr]` | continue dev loop on `<issue\|pr>`; bare resumes the single in-progress board item |
42
- | `/dev-loops:start-spike <question>` | start a time-boxed spike from a question (or `--file <path>` for a pre-authored findings file) |
43
- | `/dev-loops:info <issue|pr>` | read-only state summary (`loop info`) |
44
- | `/dev-loops:status` | dev-loop readiness (gh auth, git repo, subagent) |
39
+ - **Claude Code** exposes each as a plugin slash command: `/loop-start`, `/loop-auto`, …
40
+ - **Pi** exposes the core entrypoints as subcommands of one command: `/dev-loops start`, `/dev-loops auto`, …
45
41
 
46
- `/dev-loops:dev-loop` remains the catch-all router. Inside Pi the same set is reachable as `/dev-loops start|auto|continue|start-spike|info|status …`.
42
+ | Command | Claude Code | Pi | Does |
43
+ |---|---|---|---|
44
+ | start | `/loop-start <issue>` | `/dev-loops start <issue>` | Start a dev loop on an issue |
45
+ | auto | `/loop-auto <issue>` | `/dev-loops auto <issue>` | Run autonomously to the human-approval checkpoint |
46
+ | continue | `/loop-continue [issue\|pr]` | `/dev-loops continue [issue\|pr]` | Continue; bare resumes the in-progress board item |
47
+ | start-spike | `/loop-start-spike <question>` | `/dev-loops start-spike <question>` | Time-boxed spike (or `--file <path>`) |
48
+ | info | `/loop-info <issue\|pr>` | `/dev-loops info <issue\|pr>` | Read-only state summary |
49
+ | status | `/loop-status` | `/dev-loops status` | Readiness check (gh auth, git repo, subagent) |
50
+ | enqueue | `/loop-enqueue <issue\|pr\|text>` | — | Queue an issue/PR, or capture an idea as a grilled issue |
51
+ | grill | `/loop-grill <issue\|plan> [--auto]` | — | Socratic Q&A grill of an issue or plan before the loop |
52
+ | queue-status | `/loop-queue-status` | — | Show the queue board grouped by column |
47
53
 
48
- ## Install from npm
54
+ Beyond the per-issue loop entrypoints, the Pi `/dev-loops` command and the `dev-loops` CLI also expose standalone utilities: `help`, `status`, `doctor`, `gates` (`status` is the same readiness check as `loop-status` above). `hide` works only inside Pi — the `dev-loops hide` CLI subcommand is recognized but intentionally exits non-zero (session-local Pi UI behavior). Everything above is also available as a skill/agent — inside Pi, hand work to the `dev-loop` skill rather than calling internal routed skills (`local-implementation`, `copilot-pr-followup`, `final-approval`) directly.
49
55
 
50
- ### CLI only
56
+ ## Install
51
57
 
52
- Run the CLI **version-pinned** to the plugin/extension you have installed. The pin is the
53
- single source of truth (`<version>` = your installed `dev-loops` version) and cannot drift:
54
-
55
- ```bash
56
- npx dev-loops@<version> --help
57
- ```
58
-
59
- A global `npm install -g dev-loops` is **not** the supported invocation path: the global
60
- binary updates independently of the plugin/extension and silently drifts out of version
61
- (#833/#1036). Install it only as an optional bare shell convenience.
58
+ All examples pin to `<version>` = the `dev-loops` version you installed; keep the CLI, plugin, and extension on the same version so behavior can't drift.
62
59
 
63
60
  ### Claude Code plugin
64
61
 
65
- The repo ships a Claude Code plugin rooted at `.claude/` (manifest at
66
- `.claude/.claude-plugin/plugin.json`) exposing the dev-loop **agents, skills, and hooks**.
67
-
68
- Install it from the bundled marketplace catalog (`.claude-plugin/marketplace.json`) by running
69
- these slash commands inside Claude Code:
62
+ The repo ships a plugin rooted at `.claude/` (manifest at `.claude/.claude-plugin/plugin.json`) exposing the dev-loop agents, skills, and hooks. Install it from the bundled marketplace catalog:
70
63
 
71
64
  ```text
72
65
  /plugin marketplace add mfittko/dev-loops # register the marketplace
@@ -76,206 +69,113 @@ these slash commands inside Claude Code:
76
69
  Or load it directly for a single session without installing:
77
70
 
78
71
  ```bash
79
- claude --plugin-dir .claude # load it for a session
80
- claude --plugin-dir .claude plugin details dev-loops # inspect the discovered components
72
+ claude --plugin-dir .claude
81
73
  ```
82
74
 
83
- When installed from npm, point at the bundled copy: `claude --plugin-dir node_modules/dev-loops/.claude`.
75
+ Installed from npm, point at the bundled copy: `claude --plugin-dir node_modules/dev-loops/.claude`.
84
76
 
85
- The plugin is self-contained: it bundles the shared contract docs and templates the skills
86
- reference, and strips Pi-runtime-only prose from the generated assets. The hooks provide the
87
- `gh pr ready` draft-gate guard and the main-agent read-only boundary (the read-only enforcement
88
- is opt-in via `DEVLOOPS_MAIN_AGENT_READONLY=1`). Skill references to a project's own `PLAN.md` /
89
- `AGENTS.md` resolve against the consumer repo, by design.
77
+ The hooks provide the `gh pr ready` draft-gate guard and an opt-in read-only boundary for the main agent (`DEVLOOPS_MAIN_AGENT_READONLY=1`). Skill references to a consumer repo's own `PLAN.md` / `AGENTS.md` resolve against that repo, by design.
90
78
 
91
79
  ### Pi extension
92
80
 
93
- To use `/dev-loops` inside Pi:
94
-
95
81
  ```bash
96
- pi install npm:dev-loops # global Pi extension
97
- dev-loops --help
82
+ pi install npm:dev-loops@<version> # global, pinned npm package
83
+ pi install -l npm:dev-loops@<version> # project-local (.pi/settings.json)
98
84
  ```
99
85
 
100
86
  You can also install from git:
101
87
 
102
88
  ```bash
103
- pi install git:github.com/mfittko/dev-loops # global
104
- pi install -l git:github.com/mfittko/dev-loops # project-local
105
- ```
106
-
107
- The CLI requires Node `>=24` and a GitHub-authenticated `gh` CLI for repository workflows. See [Requirements](#requirements).
108
-
109
- ## Docker
110
-
111
- A deterministic container image with all required tooling for dev-loop operation.
112
-
113
- ### Build
114
-
115
- ```bash
116
- docker build -t dev-loops .
117
- ```
118
-
119
- ### Environment variables
120
-
121
- | Variable | Purpose | Required for smoke test |
122
- |---|---|---|
123
- | `GH_TOKEN` | GitHub personal access token for `gh` CLI and API calls | Yes |
124
- | `OPENAI_API_KEY` | LLM provider key (needed only when running `pi` / LLM-backed dev-loop operations) | No |
125
-
126
- ### Smoke test
127
-
128
- Verify the image works with a minimal dev-loop info call:
129
-
130
- ```bash
131
- docker run --rm -e GH_TOKEN="$GH_TOKEN" dev-loops dev-loops loop info --repo mfittko/dev-loops --issue 1
89
+ pi install git:github.com/mfittko/dev-loops@<tag-or-sha> # global
90
+ pi install -l git:github.com/mfittko/dev-loops@<tag-or-sha> # project-local
132
91
  ```
133
92
 
134
- ### Toolchain verification
135
-
136
- Check that all required tools are reachable:
137
-
138
- ```bash
139
- docker run --rm dev-loops node --version
140
- docker run --rm dev-loops pi --version
141
- docker run --rm dev-loops dev-loops --version
142
- docker run --rm dev-loops gh --version
143
- docker run --rm dev-loops git --version
144
- ```
145
-
146
- ### Repeatable builds
147
-
148
- The Dockerfile pins exact versions for Node.js (via base image), pi CLI, pi extensions, and gh CLI. Paired with the committed `package-lock.json`, repeat builds produce functionally identical toolchain versions.
149
-
150
- ### Runtime patterns
151
-
152
- **Interactive Pi with host config (writable):**
93
+ Once a project is trusted, Pi auto-installs missing packages on startup. Install `pi-subagents` the same way when the repo relies on async loop behavior.
153
94
 
154
- ```bash
155
- docker run -it --rm \
156
- -e GH_TOKEN="$GH_TOKEN" \
157
- -v "$HOME/.pi:/home/node/.pi" \
158
- dev-loops pi
159
- ```
160
-
161
- Shares sessions, models, settings. Container writes session logs to host `~/.pi`.
95
+ ### CLI
162
96
 
163
- **Interactive Pi clean (no config sharing):**
97
+ Run the CLI version-pinned:
164
98
 
165
99
  ```bash
166
- docker run -it --rm \
167
- -e GH_TOKEN="$GH_TOKEN" \
168
- -e OPENAI_API_KEY="$OPENAI_API_KEY" \
169
- dev-loops pi
100
+ npx dev-loops@<version> --help
170
101
  ```
171
102
 
172
- Ephemeral `~/.pi` inside container. Provider auth via env vars.
173
-
174
- **Full dev-loop with live repo worktree:**
175
-
176
- ```bash
177
- git clone --mirror git@github.com:owner/repo.git /tmp/mirror
178
- git --git-dir=/tmp/mirror worktree add /tmp/run /tmp/mirror/main
179
-
180
- docker run -it --rm \
181
- -e GH_TOKEN="$GH_TOKEN" \
182
- -v "$HOME/.pi:/home/node/.pi" \
183
- -v /tmp/run:/workspace \
184
- dev-loops pi
185
- ```
103
+ A global `npm install -g dev-loops` is an optional bare-shell convenience only — it is not version-pinned, updates independently of the plugin/extension, and can silently drift out of sync (#833/#1036). Prefer the pinned `npx` invocation.
186
104
 
187
- Mounts live repo worktree over baked-in `/workspace`. One isolated Pi session per container.
105
+ ## Requirements
188
106
 
189
- ## Workflow posture
107
+ Universal:
190
108
 
191
- - Use **`dev-loop`** as the single public façade for all routed work
192
- - Prefer the GitHub-first path for active implementation and release work
193
- - Use local implementation only when explicitly requested
194
- - Internal routed logic stays behind the public façade
109
+ - Node `>=24`
110
+ - `gh` installed and authenticated for GitHub/Copilot workflows
195
111
 
196
- This repo is shared Pi workflow infrastructure built on generic role agents plus thin workflow entrypoint agents where needed. Thin workflow entrypoint agents are allowed when they only load a skill and defer policy to it.
112
+ Pi-harness only:
197
113
 
198
- Phase 8 is the active durable phase; Phase 7 second-repo pilot is deferred. See [Docs Index](./docs/index.md) for the full execution snapshot.
114
+ - `pi-subagents` for async workflow behavior
115
+ - A Pi host satisfying the peer dependencies `@earendil-works/pi-coding-agent` and `@earendil-works/pi-tui`
199
116
 
200
117
  ## Configuration
201
118
 
202
- Gate review angles, refinement settings, persona mappings, and workflow defaults are config-driven via `.pi/dev-loop/defaults.yaml`. Consumer repos override values in `.devloops` at repo root (legacy `.pi/dev-loop/settings.yaml` still loads with a deprecation warning). The loader also accepts `.yml` and `.json` extensions and legacy `overrides.*` files as fallback formats. See [Extension Documentation](./extension/README.md) for details.
119
+ Defaults ship in `packages/core/src/config/extension-defaults.yaml`. A repo-local `.pi/dev-loop/defaults.*` layer merges on top of them when present, then consumer repos override everything in a `.devloops` file at the repo root (`.devloops.yaml` / `.yml` / `.json` are also accepted); `.devloops` is authoritative when present. The legacy `.pi/dev-loop/settings.*` and `overrides.*` files load only as a fallback when no `.devloops` is present; when `.devloops` exists they are ignored (a deprecation warning still fires if they are present).
203
120
 
204
121
  ```bash
205
- npx dev-loops@<version> gates # see what reviewers will check
122
+ npx dev-loops@<version> gates # print what reviewers will check
206
123
  ```
207
124
 
208
125
  Key surfaces:
209
- - **Gate angles** — which review lenses run at draft and pre-approval gates
210
- - **Persona prompts** — focused instructions per angle (DRY, KISS, YAGNI, SRP, SoC, and more)
211
- - **Refinement** — fan-out count and mode for parallel review variants; `refinement.maxCopilotRounds` caps Copilot re-review rounds (default `5`), and **`maxCopilotRounds: 0` disables the Copilot review gate entirely** for local-harness-only review (`draft_gate → pre_approval_gate`, no Copilot) — useful when the repo has no Copilot reviewer configured
126
+
127
+ - **Gate angles** — which review lenses run at the draft and pre-approval gates
128
+ - **Personas** — focused per-angle prompts (DRY, KISS, YAGNI, SRP, SoC, and more)
129
+ - **Refinement** — fan-out count and mode for parallel review variants; `refinement.maxCopilotRounds` caps Copilot re-review rounds (default `5`). Set `maxCopilotRounds: 0` to disable the Copilot gate entirely — local-harness-only review (`draft_gate → pre_approval_gate`), useful when the repo has no Copilot reviewer configured.
212
130
  - **Autonomy** — which gates require operator confirmation
213
131
  - **Workflow defaults** — retrospective enforcement, draft-first posture, dev-mode policy
214
132
 
215
- Full details: [Extension Documentation](./extension/README.md) and `.pi/dev-loop/defaults.yaml`.
216
-
217
- ### Migrating from an earlier release
218
-
219
- Upgrading an install from before the rename to `dev-loops`? The package name, repo slug,
220
- and all `PI_*` environment variables changed (the env vars are a clean break — no aliases).
221
- See the [migration guide](./docs/migrating-to-dev-loops.md) for the full change list.
222
-
223
- ## Package surface
133
+ Full details: the shipped defaults in `packages/core/src/config/extension-defaults.yaml` and the loader in `packages/core/src/config/config.mjs`.
224
134
 
225
- The `dev-loops` package ships both a standalone CLI and a Pi extension. Consumer repos should prefer pinned Pi package installs; global npm installs are optional, not part of the Pi runtime contract.
135
+ ## Docker
226
136
 
227
- **Pi extension:**
137
+ A deterministic container image with all required tooling for dev-loop operation.
228
138
 
229
139
  ```bash
230
- pi install npm:dev-loops@<version> # global, pinned npm package
231
- pi install -l npm:dev-loops@<version> # project-local, pinned npm package
232
- pi install git:github.com/mfittko/dev-loops@<tag-or-sha> # global, pinned git ref
233
- pi install -l git:github.com/mfittko/dev-loops@<tag-or-sha> # project-local, pinned git ref
234
- ```
235
-
236
- Project-local installs write to `.pi/settings.json`; after the project is trusted, Pi auto-installs missing packages on startup. Install `pi-subagents` the same way when the repo depends on async loop behavior.
237
-
238
- Inside Pi, use `dev-loop` as the single public skill/agent entrypoint:
239
-
240
- ```js
241
- subagent({
242
- agent: "dev-loop",
243
- task: "Start dev loop on issue 123 in owner/repo..."
244
- })
140
+ docker build -t dev-loops .
245
141
  ```
246
142
 
247
- Do not call internal routed skills such as `local-implementation`, `copilot-pr-followup`, or `final-approval` directly; `dev-loop` selects them from the current GitHub/repo state.
143
+ | Variable | Purpose | Required |
144
+ |---|---|---|
145
+ | `GH_TOKEN` | GitHub token for `gh` CLI and API calls | Yes |
146
+ | `OPENAI_API_KEY` | LLM provider key (only for `pi` / LLM-backed operations) | No |
248
147
 
249
- The `/dev-loops` command surface covers the direct dev-loop entrypoints plus readiness and configuration UX:
148
+ Smoke test the image with a minimal read-only info call:
250
149
 
251
150
  ```bash
252
- /dev-loops start <issue> # dispatch: start dev loop on issue <issue>
253
- /dev-loops auto <issue> # dispatch: auto dev loop on issue <issue>
254
- /dev-loops continue [issue|pr] # dispatch: continue dev loop on <issue|pr>; bare = current in-progress board item
255
- /dev-loops info <issue|pr> # read-only state summary
256
- /dev-loops status
257
- /dev-loops doctor
258
- /dev-loops gates
151
+ docker run --rm -e GH_TOKEN="$GH_TOKEN" dev-loops dev-loops loop info --repo mfittko/dev-loops --issue 1
259
152
  ```
260
153
 
261
- **CLI:**
154
+ Verify the toolchain is reachable:
262
155
 
263
156
  ```bash
264
- npx dev-loops@<version> gates
157
+ docker run --rm dev-loops node --version
158
+ docker run --rm dev-loops pi --version
159
+ docker run --rm dev-loops dev-loops --version
160
+ docker run --rm dev-loops gh --version
265
161
  ```
266
162
 
267
- Use `npm install -g dev-loops` only as a bare shell convenience outside Pi; it is not version-pinned, can drift against the plugin/extension, and is not the supported invocation path (prefer `npx dev-loops@<version>`).
163
+ The Dockerfile pins exact versions for Node.js (base image), the pi CLI, pi extensions, and gh CLI; paired with the committed `package-lock.json`, repeat builds produce functionally identical toolchains.
268
164
 
269
- The package exposes the `/dev-loops` extension command surface, the `dev-loops` shell CLI, and packaged skills from `package.json` `pi.skills`.
165
+ **Runtime patterns:**
270
166
 
271
- See [Extension Documentation](./extension/README.md) for the full command and package-install contract.
167
+ ```bash
168
+ # Interactive Pi sharing host config (sessions, models, settings write back to ~/.pi)
169
+ docker run -it --rm -e GH_TOKEN="$GH_TOKEN" -v "$HOME/.pi:/home/node/.pi" dev-loops pi
272
170
 
273
- ## Requirements
171
+ # Interactive Pi, clean (ephemeral ~/.pi; provider auth via env)
172
+ docker run -it --rm -e GH_TOKEN="$GH_TOKEN" -e OPENAI_API_KEY="$OPENAI_API_KEY" dev-loops pi
274
173
 
275
- - Node `>=24`
276
- - `gh` installed and authenticated for GitHub/Copilot workflows
277
- - `pi-subagents` for async workflow assumptions
278
- - A Pi host that satisfies peer dependencies on `@earendil-works/pi-coding-agent` and `@earendil-works/pi-tui`
174
+ # Full dev-loop over a live repo worktree mounted at /workspace
175
+ git clone --mirror git@github.com:owner/repo.git /tmp/mirror
176
+ git --git-dir=/tmp/mirror worktree add /tmp/run /tmp/mirror/main
177
+ docker run -it --rm -e GH_TOKEN="$GH_TOKEN" -v "$HOME/.pi:/home/node/.pi" -v /tmp/run:/workspace dev-loops pi
178
+ ```
279
179
 
280
180
  ## Development
281
181
 
@@ -283,14 +183,20 @@ See [Extension Documentation](./extension/README.md) for the full command and pa
283
183
  npm run verify # canonical root verification (tests + dev-loop tests)
284
184
  ```
285
185
 
286
- CI splits into a small changed-files gate plus parallel `verify` and conditional `viewer-smoke` jobs. `npm ci` + `npm run verify` run on every change, while the workspace-local Playwright WebKit cache and viewer smoke run only when files in the bounded inspect-run viewer surface or its smoke-path dependencies change.
186
+ CI splits into a small changed-files gate plus a parallel `verify-suite` matrix (one leg per `test:*` suite) gated by a fail-closed `verify` job, and a conditional `viewer-smoke` job. On every change, `npm ci` runs and the verify suites run as parallel matrix legs; the Playwright/WebKit viewer smoke runs only when the bounded viewer surface or its smoke-path dependencies change.
187
+
188
+ ### Migrating from an earlier release
189
+
190
+ Upgrading from before the rename to `dev-loops`? The package name, repo slug, and all `PI_*` environment variables changed (the env vars are a clean break — no aliases). See the [migration guide](./docs/migrating-to-dev-loops.md).
287
191
 
288
192
  ## Further reading
289
193
 
290
- - [Docs Index](./docs/index.md) — active docs, canonical-owner pointers, and current phase status
194
+ - [Docs Index](./docs/index.md) — active docs and canonical-owner pointers
195
+ - [README Audit Rubric](./docs/readme-audit-rubric.md) — semantic properties this README is audited against (on-demand LLM judge)
196
+ - [Public Dev Loop Contract](./skills/docs/public-dev-loop-contract.md) — public routing contract
291
197
  - [Extension Documentation](./extension/README.md) — README-driven extension spec
292
198
  - [Scripts Documentation](./scripts/README.md) — deterministic script contracts
293
199
  - [UI Smoke Harness](./docs/ui-smoke-harness.md) — reusable local Playwright/WebKit smoke baseline
294
200
  - [UI Artifact Contract](./docs/ui-artifact-contract.md) — screenshot/state artifact contract and CI-promotion rules
295
- - [UI Designer Review Loop](./docs/ui-designer-review-loop.md) — designer + vision (`uiReviewMode: vision`) review loop contract
296
- - [Slides Story Review Loop](./docs/slides-story-review-loop.md) — bounded slides content & storytelling reviewer (narrative, not pixels)
201
+ - [UI Designer Review Loop](./docs/ui-designer-review-loop.md) — designer + vision (`uiReviewMode: vision`) review loop
202
+ - [Slides Story Review Loop](./docs/slides-story-review-loop.md) — bounded slides content & storytelling reviewer
@@ -16,12 +16,12 @@ Your job is to provide the callable `dev-loop` public façade and route to the c
16
16
 
17
17
  ## Handoff envelope mandate (first action)
18
18
 
19
- The agent's first action after resolving authoritative state must be to build the handoff envelope via `buildDevLoopHandoffEnvelope()` from `@dev-loops/core`.
19
+ The agent's first action after resolving authoritative state MUST be to build the handoff envelope via `buildDevLoopHandoffEnvelope()` from `@dev-loops/core`.
20
20
 
21
21
  The envelope is the primary handoff artifact — it is derived from resolver output, settings, and gate state, and it determines:
22
22
  - `requiredReads` — the canonical ordered list of files to load
23
23
  - `nextAction` — the bounded task to execute
24
- - `stopRules` — stop boundaries that must not be crossed without authorization
24
+ - `stopRules` — stop boundaries that MUST NOT be crossed without authorization
25
25
  - `acceptance` — self-validation criteria for declaring completion
26
26
  - `sanctionedCommands` — the operation → wrapper command map (reads/edits/lifecycle), plus the forbidden and orchestrator-owned lists. Carried by DEFAULT on every build so you never re-derive which wrapper performs a GitHub/loop operation. Do NOT restate the map here — the single source of truth is `scripts/loop/sanctioned-commands.mjs`, surfaced verbatim in the envelope.
27
27
 
@@ -44,7 +44,7 @@ NEVER fall back to `find /` or any unbounded filesystem walk to locate the CLI
44
44
  5. Load every path listed in `requiredReads` (in order).
45
45
  6. Execute `nextAction` constrained by `stopRules` and `acceptance`.
46
46
 
47
- **The agent must not load skills, route packs, or delegate work before the envelope is built and read.** The derivation contract is [Workflow Handoff Contract](../skills/docs/workflow-handoff-contract.md).
47
+ **The agent MUST NOT load skills, route packs, or delegate work before the envelope is built and read.** The derivation contract is [Workflow Handoff Contract](../skills/docs/workflow-handoff-contract.md).
48
48
 
49
49
  Prose task composition is a fallback only when `buildDevLoopHandoffEnvelope()` is unavailable (missing `@dev-loops/core` package) — the handoff contract in `skills/docs/workflow-handoff-contract.md` applies in that fallback case.
50
50
 
@@ -54,7 +54,7 @@ After the handoff envelope is built and read, load the `dev-loop` skill ([Dev Lo
54
54
 
55
55
  When that skill is not available at the expected path, resolve it from the skill installation layout (see the skill's "Skill asset path resolution" section).
56
56
 
57
- This entrypoint must stay thin: do not restate the skill's phase sequencing or workflow policy here. The envelope owns handoff sequencing; the skill owns routed strategy execution procedures.
57
+ This entrypoint MUST stay thin: do not restate the skill's phase sequencing or workflow policy here. The envelope owns handoff sequencing; the skill owns routed strategy execution procedures.
58
58
 
59
59
  Treat the deterministic public routing contract in [Public Dev Loop Contract](../skills/docs/public-dev-loop-contract.md) and the `dev-loop` skill as the authority for choosing the current execution path. Do not force users to choose internal strategy names up front.
60
60
 
@@ -75,9 +75,9 @@ If local facts, GitHub facts, and helper/state-machine output do not agree well
75
75
  This agent's frontmatter `tools:` comma-token scalar includes `subagent` (single-line comma form, no brackets — see #1111) and it sets `maxSubagentDepth: 3` to allow orchestrating parallel review, chains, and staged fix passes.
76
76
  <!-- /pi-only -->
77
77
 
78
- All delegation must originate from the handoff envelope: the envelope's `nextAction`, `requiredReads`, `stopRules`, and `acceptance` define the bounded task. The envelope is passed to child subagents as their primary handoff artifact.
78
+ All delegation MUST originate from the handoff envelope: the envelope's `nextAction`, `requiredReads`, `stopRules`, and `acceptance` define the bounded task. The envelope is passed to child subagents as their primary handoff artifact.
79
79
 
80
- The pi-subagents skill is parent-only, so delegated subagents do not receive orchestration patterns. This section exists as the minimal locally-enforced subset needed for correct delegation — it is not a restatement of the full policy. The `dev-loop` skill owns all procedural rules; this section only declares the invariants the agent must follow when it cannot defer to the skill:
80
+ The pi-subagents skill is parent-only, so delegated subagents do not receive orchestration patterns. This section exists as the minimal locally-enforced subset needed for correct delegation — it is not a restatement of the full policy. The `dev-loop` skill owns all procedural rules; this section only declares the invariants the agent MUST follow when it cannot defer to the skill:
81
81
  - One writer thread; `async: true` default; `context: "fresh"` for reviewers.
82
82
  - No child subagent spawning beyond assigned fanout work.
83
83
  - Bounded tasks with concrete scope, exit conditions, and validation expectations.
@@ -87,8 +87,8 @@ The pi-subagents skill is parent-only, so delegated subagents do not receive orc
87
87
 
88
88
  - **Prefer `intercom` when available.** If the `pi-intercom` extension is active, use `intercom({ action: "ask", ... })` instead of `contact_supervisor`. The `intercom` tool uses message-based delivery (no blocking tool-call state) — see the pi documentation for `intercom({ action: "ask", ... })` parameters and reply conventions.
89
89
  - **When `intercom` is unavailable,** do not call `contact_supervisor`. Instead, brief the supervisor to include the decision in the resume message when re-dispatching. The subagent states what it needs in the task description; the supervisor provides the answer on resume. This avoids the broken response path entirely.
90
- - **If `contact_supervisor` was already called** (legacy code or unavoidable): expect a ~60s idle timeout followed by a pause. On resume, the supervisor must inject the decision in the resume message — do not rely on `intercom` on resume when it was unavailable at call time.
91
- - **Timeout detection (supervisor-side):** if a `contact_supervisor` call has been pending for >30s, the supervisor should treat it as a probable timeout and prepare to inject the decision in the resume message on re-dispatch. The subagent cannot execute this detection while blocked inside `contact_supervisor`; the supervisor must observe the pending duration externally.
90
+ - **If `contact_supervisor` was already called** (legacy code or unavoidable): expect a ~60s idle timeout followed by a pause. On resume, the supervisor MUST inject the decision in the resume message — do not rely on `intercom` on resume when it was unavailable at call time.
91
+ - **Timeout detection (supervisor-side):** if a `contact_supervisor` call has been pending for >30s, the supervisor SHOULD treat it as a probable timeout and prepare to inject the decision in the resume message on re-dispatch. The subagent cannot execute this detection while blocked inside `contact_supervisor`; the supervisor MUST observe the pending duration externally.
92
92
  <!-- /pi-only -->
93
93
 
94
94
  ## Output
@@ -28,6 +28,7 @@ You are a focused review-fix agent. You take an existing pull request with revie
28
28
 
29
29
  ## Review Workflow
30
30
  1. Read unresolved review threads and any general review comments.
31
+ - Prefer the deterministic helper `scripts/github/list-review-threads.mjs --unresolved-only` to enumerate threads with their reply/resolve ids, rather than hand-writing a GraphQL query.
31
32
  2. Group related comments by file and identify the underlying concern behind each comment.
32
33
  3. Decide the best resolution for each concern: exact requested change, better alternative fix, explanation-only resolution, or escalation for expert judgment.
33
34
  4. If expert input is needed, stop before editing or resolving the thread and report the question, evidence, and options.
@@ -37,13 +37,13 @@ For the active phase, require and produce:
37
37
 
38
38
  - use exact wording from the source issue(s); when the governing input is a phase doc or other spec instead of an issue, use that source wording exactly for every explicit item in the matrix
39
39
  - include every explicit acceptance criterion, definition-of-done item, and non-goal; do not skip items
40
- - if no explicit definition of done exists, add a `Proposed DoD` subsection before the matrix
40
+ - <!-- rule: REFINER-DOD-PROPOSED-SUBSECTION --> `REFINER-DOD-PROPOSED-SUBSECTION`: if no explicit definition of done exists, add a `Proposed DoD` subsection before the matrix
41
41
  - explicit risks, watchpoints, and unresolved questions
42
42
  - validation steps and tests to write first
43
- - durable decisions that should be preserved in the phase doc
43
+ - durable decisions that SHOULD be preserved in the phase doc
44
44
  - when the phase includes a bounded audit or scan: prioritized findings, the highest-value follow-up candidates, and an explicit statement of what the current phase will not rewrite or broaden
45
45
  - When an audit artifact is provided, treat it as a first-class planning input: summarize the audited scope, list prioritized findings, include the highest-value follow-up candidates, and classify each meaningful finding as exactly one of current-phase scope/AC, DoD expectation, explicit non-goal / defer, or risk/watchpoint
46
- - Do not invent audit findings when no audit artifact was provided
46
+ - <!-- rule: REFINER-NO-INVENT-AUDIT-FINDINGS --> `REFINER-NO-INVENT-AUDIT-FINDINGS`: Do not invent audit findings when no audit artifact was provided
47
47
  - when the phase includes watcher or predicate-driven behavior: explicit timeout semantics and negative-case expectations for non-target identities/events
48
48
  - when the phase relies on package-first shared helpers inside a source-loaded workspace: explicit integration expectations about whether local callers use published package imports or a thin source/workspace adapter during development
49
49
  - cross-check the phase's claims against the contracts and docs they reference (the autonomous docs-grill step, see ../docs/docs-grill-step.md): surface code-vs-doc drift, stale references, and contract-surface inaccuracies as refinement findings while the claims are still being verified
@@ -85,4 +85,4 @@ Return:
85
85
 
86
86
  ## Completion quality bar
87
87
  - A refinement is complete only when no item in the AC/DoD/Non-goal coverage matrix has status `Partial`, `Unmet`, or `Unverified`.
88
- - Any `Partial`, `Unmet`, or `Unverified` item means the refinement is still incomplete and must not be presented as ready.
88
+ - Any `Partial`, `Unmet`, or `Unverified` item means the refinement is still incomplete and MUST NOT be presented as ready.
@@ -29,18 +29,15 @@ You are a focused pull request review agent. You review an implementation for co
29
29
 
30
30
  ## Scoped angle-review mode
31
31
 
32
- This agent has two modes. The default mode is the full-PR review described in the rest of this file. The **scoped angle-review mode** is the per-angle reviewer of the gate-review fan-out ([Gate Review Sub-Loop Contract](../docs/gate-review-sub-loop-contract.md)): the gate skill builds ONE deterministic, neutral context bundle (diff + adjacent code) and seeds each independent `review` agent with that identical bundle, each scoped to exactly one review concern. You receive only the neutral artifact + your angle — never the main (orchestrating) agent's conversation, opinions, or state.
33
-
34
- You are in scoped angle-review mode when the invocation supplies a single review `<angle>` plus a gate-context artifact path (`tmp/gate-context/<repo-slug>/pr-<N>/<gate>-<headSha>.json`, written by `scripts/github/write-gate-context.mjs`). Review like an external code reviewer hunting real bugs, not a process auditor: your job is to find concrete defects in the changed code and its call paths, not to remark that "there is no test" or that a doc section is thin. In that mode:
35
-
36
- - **No worktree isolation (mandatory):** you review in the PR's actual worktree/head — the same checkout the gate-context preamble ran in — never a fresh isolated worktree. You are read-only and never mutate files, so isolation buys nothing; a fresh worktree would also be checked out from `main` (not the PR head) and would lack the gitignored, worktree-local gate-context bundle below, so you'd silently review the wrong stale tree (#1135).
37
- - **Fresh-context guard (mandatory):** run `node scripts/github/verify-fresh-review-context.mjs --scope <angle> --context-path <gate-context-artifact-path>` at startup. If it reports `fresh: false` (exit 1) or any error including a missing gate-context artifact (`gateContextPresent: false`), which is the fail-closed signal that you're not in the right worktree/headrefuse to proceed and report the failure; do not review on inherited context or without seeded context. "Fresh" here means your context is the **neutral builder artifact + your angle**, and explicitly NOT the main agent's conversation/state or a prior reviewer session's state. The injected neutral bundle is the INTENDED seed (allowed); main-agent or cross-session state bleed still fails closed.
38
- - **Use the PROVIDED neutral bundle as your base; do NOT re-derive it from scratch:** the gate-context artifact carries the diff (`scope.diffPath`) and a deterministic, neutral adjacent-code bundle in `adjacentCode` (each changed file plus its 1-hop import in/out-edges, with a `stripped`/`truncated`/`missing` manifest). Start from this bundle — it is the build-once, work-deduped seed shared verbatim across all reviewers. Only widen (load more files) per-angle when the bundle genuinely lacks something your angle needs; do not re-build the whole diff/adjacent-code graph yourself.
39
- - **Single-angle scope:** review ONLY the supplied angle's concern. Read the gate-context artifact for the resolved angle set, change scope (branch, head SHA, touched files), acceptance-criteria pointer, and validation posture. Do not review other angles; the fan-in pass consolidates across angles.
40
- - **Read the FULL diff, not just hunks:** the gate-context artifact records `scope.diffPath` (a repo-relative path to the complete captured diff) and `scope.changedFiles` (full repo-relative paths). Read the entire diff from `scope.diffPath`; if it is `null` or missing, reconstruct it yourself with `git diff` against the change's base (e.g. `git diff origin/main...HEAD` or the branch/head SHA in `scope`). Do not review off a partial or summarized hunk list — you must see every changed line for your angle.
41
- - **Reason about ADJACENT related code from the bundle first:** the `adjacentCode` bundle already includes the changed files' callers, callees, and imports (1-hop). Read those entries before opening anything else. For each changed function, trace the real call paths a defect would flow through, and confirm that caller and callee contracts still match (argument shapes, return shapes, error/null conventions, units). If the bundle truncated or stripped a file you need (see its `truncated`/`stripped` manifest), open that file directly to widen.
42
- - **Review ADVERSARIALLY — hunt concrete defects:** actively try to break the changed code. Hunt for edge cases, missing or wrong input validation, numeric coercion bugs (NaN, Infinity, floats where integers are assumed, negative values, string-to-number coercion), null/undefined handling, off-by-one and boundary conditions, mismatched caller/callee contracts, and dedup/identity bugs (wrong key, reference vs. value equality, unstable ordering). For every finding, give the concrete `file:line` plus the specific failing scenario or input that triggers the defect — not high-altitude "is there a test?" commentary.
43
- - **Strictly read-only, but WIDEN SCOPE when needed:** never edit files, stage, commit, push, request reviews, resolve threads, or post PR comments. Findings are returned via the output artifact only; fixes are applied later by the fix cycle, not by this agent. Because you are read-only, you MAY open any additional repository files required to judge your angle (callers, callees, contracts, sibling modules, configs, tests) — widening to read adjacent code is expected and safe. Record every file/module you consulted beyond the briefing's `changedFiles`/`diffPath` in the optional `contextWidened` field on your output artifact.
32
+ This agent has two modes. The default mode is the full-PR review described in the rest of this file. In **scoped angle-review mode** you are one per-angle reviewer of the gate-review fan-out. You are in this mode when the invocation supplies a single review `<angle>` plus a gate-context artifact path (`tmp/gate-context/<repo-slug>/pr-<N>/<gate>-<headSha>.json`, written by `scripts/github/write-gate-context.mjs`).
33
+
34
+ Its full execution shape is owned elsewhere read those owners before reviewing and do not re-derive their rules here:
35
+
36
+ - The build-once neutral bundle seeding, fresh-context guard (`verify-fresh-review-context.mjs`), no-worktree-isolation prohibition (#1135), single-angle read-only scope, and briefing composition are owned by the [Gate Review Sub-Loop Contract](../docs/gate-review-sub-loop-contract.md) (`GATE-EXEC-BUILD-ONCE-SEED`, `GATE-EXEC-BRIEFING-PREFIX`) you receive only the neutral artifact + your angle, never the orchestrating agent's conversation, opinions, or state.
37
+ - The adversarial reviewing behavior is owned by `COPILOT-FOLLOWUP-ADVERSARIAL-BRIEFING` in the [Copilot PR Follow-up Skill](../skills/copilot-pr-followup/SKILL.md): read the FULL diff (from `scope.diffPath`, or reconstruct it with `git diff` against the change base when `scope.diffPath` is null/missingnever a hunk-only review) plus the bundled adjacent code rather than re-deriving them, then hunt concrete `file:line` defects (edge cases, input validation, numeric coercion incl. NaN/Infinity/floats/negatives, null/undefined, boundary conditions, mismatched caller/callee contracts, dedup/identity bugs) over process nits, recording any scope-widening in the optional `contextWidened` field on your findings artifact.
38
+
39
+ Follow those owners, then return your findings via the structured artifact below (this agent's canonical output contract):
40
+
44
41
  - **Structured findings artifact:** return a single JSON object the fan-in consolidator (`@dev-loops/core/loop/gate-fanin`) can parse, written to the deterministic per-angle path `tmp/gate-reviews/<repo-slug>/pr-<N>/<gate>-<headSha>/<angle>.json`:
45
42
 
46
43
  ```json
@@ -76,7 +73,7 @@ When NOT given an angle scope, behave exactly as the full-PR review agent descri
76
73
  - Prefer concrete findings with file references and impact over generic style commentary.
77
74
  - Distinguish clearly between must-fix findings, lower-severity risks, and informational gaps.
78
75
  - If the PR description omits required sections, is too thin to ground review without reconstructing intent from commits, or includes verdict status, evidence, or changelog content, treat that as a first-class review issue.
79
- - The review verdict must carry the acceptance-criteria and definition-of-done assessment in explicit markdown verification tables, including status plus concise evidence for each row.
76
+ - The review verdict MUST carry the acceptance-criteria and definition-of-done assessment in explicit markdown verification tables, including status plus concise evidence for each row.
80
77
  - For follow-up reviews on the same PR, do not repost full AC/DoD tables: include only delta rows where status or supporting evidence changed, and explicitly note when there are no AC/DoD deltas.
81
78
  - When changelog coverage is needed, include a dedicated `## Changelog` section in the review verdict comment so post-merge automation can consume it without reading the PR description.
82
79
 
@@ -101,7 +101,7 @@ The messaging distinguishes between local loop readiness and remote GitHub/Copil
101
101
 
102
102
  ## Configuration
103
103
 
104
- The dev-loop workflow is driven by a YAML config at `.pi/dev-loop/defaults.yaml` (shipped with the package) and an optional consumer settings file at `.devloops` at repo root (the loader also accepts `.devloops.yaml`, `.devloops.yml`, and `.devloops.json`; legacy `.pi/dev-loop/settings.*` and `overrides.*` still load as fallbacks with a deprecation warning).
104
+ The dev-loop workflow is driven by the shipped defaults in `packages/core/src/config/extension-defaults.yaml`, an optional repo-local `.pi/dev-loop/defaults.*` layer that merges on top of them, and an optional consumer settings file at `.devloops` at repo root (the loader also accepts `.devloops.yaml`, `.devloops.yml`, and `.devloops.json`; legacy `.pi/dev-loop/settings.*` and `.pi/dev-loop/overrides.*` load only as a fallback when no `.devloops` is present, and are ignored when `.devloops` exists — a deprecation warning still fires).
105
105
 
106
106
  ### How consumers customize config
107
107
 
@@ -191,8 +191,9 @@ workflow:
191
191
  ### Config precedence
192
192
 
193
193
  1. Built-in defaults (`packages/core/src/config/config.mjs` `BUILT_IN_DEFAULTS`)
194
- 2. Shipped defaults (`.pi/dev-loop/defaults.yaml` — committed in source repo)
195
- 3. Consumer settings (`.devloops` at repo root — preferred; `.devloops.yaml`/`.devloops.yml`/`.devloops.json` also load; legacy `.pi/dev-loop/settings.*` and `overrides.*` still load as fallbacks with deprecation warning)
194
+ 2. Shipped defaults (`packages/core/src/config/extension-defaults.yaml`)
195
+ 3. Repo-local override layer (`.pi/dev-loop/defaults.*` merges on top of the shipped defaults when present)
196
+ 4. Consumer settings (`.devloops` at repo root — preferred and authoritative when present; `.devloops.yaml`/`.devloops.yml`/`.devloops.json` also load; legacy `.pi/dev-loop/settings.*` and `.pi/dev-loop/overrides.*` load only as a fallback when no `.devloops` is present; when `.devloops` exists they are ignored, with a deprecation warning)
196
197
 
197
198
  ### Adding custom review angles
198
199
 
@@ -221,7 +222,7 @@ Current Phase 3+ contract:
221
222
  - this phase does not require a separate compiled build or `dist/` pipeline
222
223
 
223
224
  Root verification and test commands are intentionally explicit:
224
- - `npm run verify` is the canonical root verification path (`npm test` + `npm run test:dev-loop`)
225
+ - `npm run verify` is the canonical root verification path; it runs every suite in parallel via `run-p` as a single aggregated command, and any suite failing fails verify
225
226
  - `npm test` runs the current root test suite (`test:assets`, `test:extension`, `test:scripts`, `test:core`, and `test:docs`)
226
227
  - `npm run test:extension`
227
228
  - `npm run test:extension` currently expands to one `node --import tsx --test ...` invocation in `package.json`; prefer the script entrypoint over copying the file list into downstream docs or runbooks