eai-cli 0.0.0-bootstrap.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +183 -0
- package/NOTICE +4 -0
- package/README.md +14 -0
- package/dist/commands/agent.d.ts +3 -0
- package/dist/commands/agent.d.ts.map +1 -0
- package/dist/commands/agent.js +69 -0
- package/dist/commands/agent.js.map +1 -0
- package/dist/commands/blocks.d.ts +3 -0
- package/dist/commands/blocks.d.ts.map +1 -0
- package/dist/commands/blocks.js +249 -0
- package/dist/commands/blocks.js.map +1 -0
- package/dist/commands/chat.d.ts +6 -0
- package/dist/commands/chat.d.ts.map +1 -0
- package/dist/commands/chat.js +105 -0
- package/dist/commands/chat.js.map +1 -0
- package/dist/commands/deploy.d.ts +36 -0
- package/dist/commands/deploy.d.ts.map +1 -0
- package/dist/commands/deploy.js +712 -0
- package/dist/commands/deploy.js.map +1 -0
- package/dist/commands/dev.d.ts +15 -0
- package/dist/commands/dev.d.ts.map +1 -0
- package/dist/commands/dev.js +133 -0
- package/dist/commands/dev.js.map +1 -0
- package/dist/commands/docs.d.ts +6 -0
- package/dist/commands/docs.d.ts.map +1 -0
- package/dist/commands/docs.js +118 -0
- package/dist/commands/docs.js.map +1 -0
- package/dist/commands/env.d.ts +10 -0
- package/dist/commands/env.d.ts.map +1 -0
- package/dist/commands/env.js +200 -0
- package/dist/commands/env.js.map +1 -0
- package/dist/commands/errors.d.ts +3 -0
- package/dist/commands/errors.d.ts.map +1 -0
- package/dist/commands/errors.js +72 -0
- package/dist/commands/errors.js.map +1 -0
- package/dist/commands/gofer.d.ts +3 -0
- package/dist/commands/gofer.d.ts.map +1 -0
- package/dist/commands/gofer.js +134 -0
- package/dist/commands/gofer.js.map +1 -0
- package/dist/commands/init.d.ts +14 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +1437 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/login.d.ts +7 -0
- package/dist/commands/login.d.ts.map +1 -0
- package/dist/commands/login.js +117 -0
- package/dist/commands/login.js.map +1 -0
- package/dist/commands/provision.d.ts +6 -0
- package/dist/commands/provision.d.ts.map +1 -0
- package/dist/commands/provision.js +855 -0
- package/dist/commands/provision.js.map +1 -0
- package/dist/commands/publicapi.d.ts +6 -0
- package/dist/commands/publicapi.d.ts.map +1 -0
- package/dist/commands/publicapi.js +184 -0
- package/dist/commands/publicapi.js.map +1 -0
- package/dist/commands/resources.d.ts +38 -0
- package/dist/commands/resources.d.ts.map +1 -0
- package/dist/commands/resources.js +1010 -0
- package/dist/commands/resources.js.map +1 -0
- package/dist/commands/runtime.d.ts +3 -0
- package/dist/commands/runtime.d.ts.map +1 -0
- package/dist/commands/runtime.js +78 -0
- package/dist/commands/runtime.js.map +1 -0
- package/dist/commands/template.d.ts +3 -0
- package/dist/commands/template.d.ts.map +1 -0
- package/dist/commands/template.js +365 -0
- package/dist/commands/template.js.map +1 -0
- package/dist/commands/tenant.d.ts +45 -0
- package/dist/commands/tenant.d.ts.map +1 -0
- package/dist/commands/tenant.js +1036 -0
- package/dist/commands/tenant.js.map +1 -0
- package/dist/commands/types.d.ts +130 -0
- package/dist/commands/types.d.ts.map +1 -0
- package/dist/commands/types.js +1636 -0
- package/dist/commands/types.js.map +1 -0
- package/dist/commands/update.d.ts +13 -0
- package/dist/commands/update.d.ts.map +1 -0
- package/dist/commands/update.js +163 -0
- package/dist/commands/update.js.map +1 -0
- package/dist/commands/user.d.ts +6 -0
- package/dist/commands/user.d.ts.map +1 -0
- package/dist/commands/user.js +359 -0
- package/dist/commands/user.js.map +1 -0
- package/dist/commands/verify.d.ts +40 -0
- package/dist/commands/verify.d.ts.map +1 -0
- package/dist/commands/verify.js +1442 -0
- package/dist/commands/verify.js.map +1 -0
- package/dist/commands/vertical.d.ts +24 -0
- package/dist/commands/vertical.d.ts.map +1 -0
- package/dist/commands/vertical.js +301 -0
- package/dist/commands/vertical.js.map +1 -0
- package/dist/commands/whoami.d.ts +6 -0
- package/dist/commands/whoami.d.ts.map +1 -0
- package/dist/commands/whoami.js +73 -0
- package/dist/commands/whoami.js.map +1 -0
- package/dist/commands/workflow.d.ts +6 -0
- package/dist/commands/workflow.d.ts.map +1 -0
- package/dist/commands/workflow.js +400 -0
- package/dist/commands/workflow.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +272 -0
- package/dist/index.js.map +1 -0
- package/dist/lib/agent-guide.d.ts +24 -0
- package/dist/lib/agent-guide.d.ts.map +1 -0
- package/dist/lib/agent-guide.js +155 -0
- package/dist/lib/agent-guide.js.map +1 -0
- package/dist/lib/api.d.ts +338 -0
- package/dist/lib/api.d.ts.map +1 -0
- package/dist/lib/api.js +991 -0
- package/dist/lib/api.js.map +1 -0
- package/dist/lib/auth.d.ts +65 -0
- package/dist/lib/auth.d.ts.map +1 -0
- package/dist/lib/auth.js +592 -0
- package/dist/lib/auth.js.map +1 -0
- package/dist/lib/azure-cli.d.ts +6 -0
- package/dist/lib/azure-cli.d.ts.map +1 -0
- package/dist/lib/azure-cli.js +13 -0
- package/dist/lib/azure-cli.js.map +1 -0
- package/dist/lib/block-catalog-normalize.d.ts +47 -0
- package/dist/lib/block-catalog-normalize.d.ts.map +1 -0
- package/dist/lib/block-catalog-normalize.js +355 -0
- package/dist/lib/block-catalog-normalize.js.map +1 -0
- package/dist/lib/block-catalog-types.d.ts +111 -0
- package/dist/lib/block-catalog-types.d.ts.map +1 -0
- package/dist/lib/block-catalog-types.js +41 -0
- package/dist/lib/block-catalog-types.js.map +1 -0
- package/dist/lib/block-catalog-utils.d.ts +7 -0
- package/dist/lib/block-catalog-utils.d.ts.map +1 -0
- package/dist/lib/block-catalog-utils.js +47 -0
- package/dist/lib/block-catalog-utils.js.map +1 -0
- package/dist/lib/block-catalog-validation.d.ts +5 -0
- package/dist/lib/block-catalog-validation.d.ts.map +1 -0
- package/dist/lib/block-catalog-validation.js +112 -0
- package/dist/lib/block-catalog-validation.js.map +1 -0
- package/dist/lib/block-catalog.d.ts +3 -0
- package/dist/lib/block-catalog.d.ts.map +1 -0
- package/dist/lib/block-catalog.js +284 -0
- package/dist/lib/block-catalog.js.map +1 -0
- package/dist/lib/cloud-env.d.ts +25 -0
- package/dist/lib/cloud-env.d.ts.map +1 -0
- package/dist/lib/cloud-env.js +79 -0
- package/dist/lib/cloud-env.js.map +1 -0
- package/dist/lib/config.d.ts +116 -0
- package/dist/lib/config.d.ts.map +1 -0
- package/dist/lib/config.js +195 -0
- package/dist/lib/config.js.map +1 -0
- package/dist/lib/context.d.ts +43 -0
- package/dist/lib/context.d.ts.map +1 -0
- package/dist/lib/context.js +68 -0
- package/dist/lib/context.js.map +1 -0
- package/dist/lib/error-codes.d.ts +56 -0
- package/dist/lib/error-codes.d.ts.map +1 -0
- package/dist/lib/error-codes.js +211 -0
- package/dist/lib/error-codes.js.map +1 -0
- package/dist/lib/error-guidance/catalog.d.ts +648 -0
- package/dist/lib/error-guidance/catalog.d.ts.map +1 -0
- package/dist/lib/error-guidance/catalog.js +940 -0
- package/dist/lib/error-guidance/catalog.js.map +1 -0
- package/dist/lib/error-guidance/match.d.ts +3 -0
- package/dist/lib/error-guidance/match.d.ts.map +1 -0
- package/dist/lib/error-guidance/match.js +46 -0
- package/dist/lib/error-guidance/match.js.map +1 -0
- package/dist/lib/error-guidance/render.d.ts +5 -0
- package/dist/lib/error-guidance/render.d.ts.map +1 -0
- package/dist/lib/error-guidance/render.js +92 -0
- package/dist/lib/error-guidance/render.js.map +1 -0
- package/dist/lib/error-guidance/types.d.ts +76 -0
- package/dist/lib/error-guidance/types.d.ts.map +1 -0
- package/dist/lib/error-guidance/types.js +2 -0
- package/dist/lib/error-guidance/types.js.map +1 -0
- package/dist/lib/error-guidance/validate.d.ts +3 -0
- package/dist/lib/error-guidance/validate.d.ts.map +1 -0
- package/dist/lib/error-guidance/validate.js +59 -0
- package/dist/lib/error-guidance/validate.js.map +1 -0
- package/dist/lib/gofer-installer.d.ts +32 -0
- package/dist/lib/gofer-installer.d.ts.map +1 -0
- package/dist/lib/gofer-installer.js +589 -0
- package/dist/lib/gofer-installer.js.map +1 -0
- package/dist/lib/gofer-refresh.d.ts +46 -0
- package/dist/lib/gofer-refresh.d.ts.map +1 -0
- package/dist/lib/gofer-refresh.js +536 -0
- package/dist/lib/gofer-refresh.js.map +1 -0
- package/dist/lib/next-route-exports.d.ts +6 -0
- package/dist/lib/next-route-exports.d.ts.map +1 -0
- package/dist/lib/next-route-exports.js +127 -0
- package/dist/lib/next-route-exports.js.map +1 -0
- package/dist/lib/npm.d.ts +2 -0
- package/dist/lib/npm.d.ts.map +1 -0
- package/dist/lib/npm.js +4 -0
- package/dist/lib/npm.js.map +1 -0
- package/dist/lib/object-type-defaults.d.ts +4 -0
- package/dist/lib/object-type-defaults.d.ts.map +1 -0
- package/dist/lib/object-type-defaults.js +72 -0
- package/dist/lib/object-type-defaults.js.map +1 -0
- package/dist/lib/output.d.ts +35 -0
- package/dist/lib/output.d.ts.map +1 -0
- package/dist/lib/output.js +166 -0
- package/dist/lib/output.js.map +1 -0
- package/dist/lib/profile.d.ts +52 -0
- package/dist/lib/profile.d.ts.map +1 -0
- package/dist/lib/profile.js +116 -0
- package/dist/lib/profile.js.map +1 -0
- package/dist/lib/project-manifest.d.ts +42 -0
- package/dist/lib/project-manifest.d.ts.map +1 -0
- package/dist/lib/project-manifest.js +191 -0
- package/dist/lib/project-manifest.js.map +1 -0
- package/dist/lib/resourceapi-bundle.d.ts +33 -0
- package/dist/lib/resourceapi-bundle.d.ts.map +1 -0
- package/dist/lib/resourceapi-bundle.js +79 -0
- package/dist/lib/resourceapi-bundle.js.map +1 -0
- package/dist/lib/runtime-contract.d.ts +84 -0
- package/dist/lib/runtime-contract.d.ts.map +1 -0
- package/dist/lib/runtime-contract.js +318 -0
- package/dist/lib/runtime-contract.js.map +1 -0
- package/dist/lib/schema-builder.d.ts +28 -0
- package/dist/lib/schema-builder.d.ts.map +1 -0
- package/dist/lib/schema-builder.js +69 -0
- package/dist/lib/schema-builder.js.map +1 -0
- package/dist/lib/tenant-context.d.ts +127 -0
- package/dist/lib/tenant-context.d.ts.map +1 -0
- package/dist/lib/tenant-context.js +573 -0
- package/dist/lib/tenant-context.js.map +1 -0
- package/dist/lib/update-check.d.ts +52 -0
- package/dist/lib/update-check.d.ts.map +1 -0
- package/dist/lib/update-check.js +271 -0
- package/dist/lib/update-check.js.map +1 -0
- package/dist/lib/update-maintenance.d.ts +15 -0
- package/dist/lib/update-maintenance.d.ts.map +1 -0
- package/dist/lib/update-maintenance.js +187 -0
- package/dist/lib/update-maintenance.js.map +1 -0
- package/dist/lib/utils.d.ts +23 -0
- package/dist/lib/utils.d.ts.map +1 -0
- package/dist/lib/utils.js +48 -0
- package/dist/lib/utils.js.map +1 -0
- package/dist/lib/workflow-provisioning.d.ts +54 -0
- package/dist/lib/workflow-provisioning.d.ts.map +1 -0
- package/dist/lib/workflow-provisioning.js +281 -0
- package/dist/lib/workflow-provisioning.js.map +1 -0
- package/package.json +51 -0
- package/resources/gofer/.gofer-version +7 -0
- package/resources/gofer/agents-skills/0_gofer_start/SKILL.md +1287 -0
- package/resources/gofer/agents-skills/0a_problem_validation/SKILL.md +429 -0
- package/resources/gofer/agents-skills/10_gofer_cloud/SKILL.md +635 -0
- package/resources/gofer/agents-skills/1_gofer_research/SKILL.md +1159 -0
- package/resources/gofer/agents-skills/2_gofer_specify/SKILL.md +860 -0
- package/resources/gofer/agents-skills/3_gofer_plan/SKILL.md +886 -0
- package/resources/gofer/agents-skills/4_gofer_tasks/SKILL.md +748 -0
- package/resources/gofer/agents-skills/5_gofer_implement/SKILL.md +924 -0
- package/resources/gofer/agents-skills/6_gofer_validate/SKILL.md +2269 -0
- package/resources/gofer/agents-skills/7_gofer_save/SKILL.md +423 -0
- package/resources/gofer/agents-skills/7a_stakeholder_comms/SKILL.md +508 -0
- package/resources/gofer/agents-skills/8_gofer_branding/SKILL.md +315 -0
- package/resources/gofer/agents-skills/9_gofer_tests/SKILL.md +558 -0
- package/resources/gofer/agents-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
- package/resources/gofer/agents-skills/gofer_check_workspace/SKILL.md +119 -0
- package/resources/gofer/agents-skills/gofer_constitution/SKILL.md +612 -0
- package/resources/gofer/agents-skills/gofer_diagnose/SKILL.md +114 -0
- package/resources/gofer/agents-skills/gofer_eai_first_run/SKILL.md +397 -0
- package/resources/gofer/agents-skills/gofer_hydrate/SKILL.md +561 -0
- package/resources/gofer/agents-skills/gofer_personality/SKILL.md +44 -0
- package/resources/gofer/agents-skills/gofer_plan/SKILL.md +40 -0
- package/resources/gofer/agents-skills/gofer_side/SKILL.md +45 -0
- package/resources/gofer/agents-skills/gofer_spec_summary/SKILL.md +112 -0
- package/resources/gofer/agents-skills/gofer_tdd/SKILL.md +112 -0
- package/resources/gofer/agents-skills/gofer_vocabulary/SKILL.md +112 -0
- package/resources/gofer/agents-skills/gofer_zoom_out/SKILL.md +112 -0
- package/resources/gofer/bash-scripts/check-context-health.sh +365 -0
- package/resources/gofer/bash-scripts/check-persona-pack.sh +81 -0
- package/resources/gofer/bash-scripts/check-prerequisites.sh +168 -0
- package/resources/gofer/bash-scripts/common.sh +192 -0
- package/resources/gofer/bash-scripts/create-new-feature.sh +260 -0
- package/resources/gofer/bash-scripts/install-optional-tools.sh +270 -0
- package/resources/gofer/bash-scripts/log-stage.sh +224 -0
- package/resources/gofer/bash-scripts/mark-task-complete.sh +74 -0
- package/resources/gofer/bash-scripts/pipeline-state.sh +306 -0
- package/resources/gofer/bash-scripts/read-failed-approaches.sh +114 -0
- package/resources/gofer/bash-scripts/read-session-memories.sh +96 -0
- package/resources/gofer/bash-scripts/save-checkpoint.sh +407 -0
- package/resources/gofer/bash-scripts/setup-plan.sh +62 -0
- package/resources/gofer/bash-scripts/sync-implementation-status.sh +47 -0
- package/resources/gofer/bash-scripts/update-agent-context.sh +772 -0
- package/resources/gofer/bash-scripts/validate-artifact.sh +335 -0
- package/resources/gofer/bash-scripts/verify-task.sh +384 -0
- package/resources/gofer/bash-scripts/write-failed-approach.sh +110 -0
- package/resources/gofer/bash-scripts/write-periodic-checkpoint.sh +128 -0
- package/resources/gofer/bash-scripts/write-session-memory.sh +118 -0
- package/resources/gofer/claude-agents/assumption-tracker.md +168 -0
- package/resources/gofer/claude-agents/business-metrics-analyzer.md +169 -0
- package/resources/gofer/claude-agents/business-problem-validator.md +168 -0
- package/resources/gofer/claude-agents/codebase-analyzer.md +124 -0
- package/resources/gofer/claude-agents/codebase-locator.md +95 -0
- package/resources/gofer/claude-agents/codebase-pattern-finder.md +180 -0
- package/resources/gofer/claude-agents/comms-writer.md +158 -0
- package/resources/gofer/claude-agents/engineer-review.md +169 -0
- package/resources/gofer/claude-agents/implement-bug-triangulator.md +94 -0
- package/resources/gofer/claude-agents/implement-code-review-council.md +89 -0
- package/resources/gofer/claude-agents/implement-doc-writer.md +89 -0
- package/resources/gofer/claude-agents/implement-error-hardener.md +84 -0
- package/resources/gofer/claude-agents/implement-performance-explorer.md +95 -0
- package/resources/gofer/claude-agents/implement-test-diversifier.md +82 -0
- package/resources/gofer/claude-agents/implement-variant-generator.md +80 -0
- package/resources/gofer/claude-agents/multi-perspective-judge.md +114 -0
- package/resources/gofer/claude-agents/plan-api-comparator.md +90 -0
- package/resources/gofer/claude-agents/plan-architecture-diverger.md +100 -0
- package/resources/gofer/claude-agents/plan-data-model-stress-tester.md +95 -0
- package/resources/gofer/claude-agents/plan-migration-path-finder.md +95 -0
- package/resources/gofer/claude-agents/plan-refactor-rewrite-advisor.md +97 -0
- package/resources/gofer/claude-agents/research-dependency-evaluator.md +106 -0
- package/resources/gofer/claude-agents/research-horizon-scanner.md +100 -0
- package/resources/gofer/claude-agents/research-market-scanner.md +137 -0
- package/resources/gofer/claude-agents/research-perspective-multiplier.md +102 -0
- package/resources/gofer/claude-agents/scope-creep-detector.md +152 -0
- package/resources/gofer/claude-agents/specify-ambiguity-detector.md +95 -0
- package/resources/gofer/claude-agents/specify-journey-stress-tester.md +92 -0
- package/resources/gofer/claude-agents/tasks-cross-cutting-scanner.md +91 -0
- package/resources/gofer/claude-agents/tasks-rollback-planner.md +89 -0
- package/resources/gofer/claude-agents/validate-security-red-team.md +102 -0
- package/resources/gofer/claude-agents/validation-correctness.md +103 -0
- package/resources/gofer/claude-agents/validation-integration.md +129 -0
- package/resources/gofer/claude-agents/validation-performance.md +120 -0
- package/resources/gofer/claude-agents/validation-security.md +115 -0
- package/resources/gofer/claude-agents/validation-standards.md +151 -0
- package/resources/gofer/claude-agents/validation-test-quality.md +146 -0
- package/resources/gofer/claude-agents/visual-bounded-context-writer.md +40 -0
- package/resources/gofer/claude-agents/visual-c4-writer.md +45 -0
- package/resources/gofer/claude-agents/visual-erd-writer.md +34 -0
- package/resources/gofer/claude-agents/visual-heatmap-writer.md +63 -0
- package/resources/gofer/claude-agents/visual-risk-writer.md +64 -0
- package/resources/gofer/claude-commands/0_gofer_start.md +1282 -0
- package/resources/gofer/claude-commands/0a_problem_validation.md +424 -0
- package/resources/gofer/claude-commands/10_gofer_cloud.md +630 -0
- package/resources/gofer/claude-commands/1_gofer_research.md +1154 -0
- package/resources/gofer/claude-commands/2_gofer_specify.md +855 -0
- package/resources/gofer/claude-commands/3_gofer_plan.md +881 -0
- package/resources/gofer/claude-commands/4_gofer_tasks.md +743 -0
- package/resources/gofer/claude-commands/5_gofer_implement.md +919 -0
- package/resources/gofer/claude-commands/6_gofer_validate.md +2264 -0
- package/resources/gofer/claude-commands/7_gofer_save.md +418 -0
- package/resources/gofer/claude-commands/7a_stakeholder_comms.md +503 -0
- package/resources/gofer/claude-commands/8_gofer_branding.md +310 -0
- package/resources/gofer/claude-commands/9_gofer_tests.md +553 -0
- package/resources/gofer/claude-commands/gofer_bootstrap_workspace.md +143 -0
- package/resources/gofer/claude-commands/gofer_check_workspace.md +114 -0
- package/resources/gofer/claude-commands/gofer_constitution.md +607 -0
- package/resources/gofer/claude-commands/gofer_diagnose.md +109 -0
- package/resources/gofer/claude-commands/gofer_eai_first_run.md +392 -0
- package/resources/gofer/claude-commands/gofer_hydrate.md +556 -0
- package/resources/gofer/claude-commands/gofer_personality.md +39 -0
- package/resources/gofer/claude-commands/gofer_plan.md +35 -0
- package/resources/gofer/claude-commands/gofer_side.md +40 -0
- package/resources/gofer/claude-commands/gofer_spec_summary.md +107 -0
- package/resources/gofer/claude-commands/gofer_tdd.md +107 -0
- package/resources/gofer/claude-commands/gofer_vocabulary.md +107 -0
- package/resources/gofer/claude-commands/gofer_zoom_out.md +107 -0
- package/resources/gofer/claude-skills/eai-gofer/SKILL.md +56 -0
- package/resources/gofer/commands/.gitkeep +0 -0
- package/resources/gofer/commands/0_gofer_start.md +1299 -0
- package/resources/gofer/commands/0a_problem_validation.md +405 -0
- package/resources/gofer/commands/10_gofer_cloud.md +611 -0
- package/resources/gofer/commands/1_gofer_research.md +1135 -0
- package/resources/gofer/commands/2_gofer_specify.md +836 -0
- package/resources/gofer/commands/3_gofer_plan.md +862 -0
- package/resources/gofer/commands/4_gofer_tasks.md +724 -0
- package/resources/gofer/commands/5_gofer_implement.md +900 -0
- package/resources/gofer/commands/6_gofer_validate.md +2245 -0
- package/resources/gofer/commands/7_gofer_save.md +399 -0
- package/resources/gofer/commands/7a_stakeholder_comms.md +484 -0
- package/resources/gofer/commands/8_gofer_branding.md +291 -0
- package/resources/gofer/commands/9_gofer_tests.md +534 -0
- package/resources/gofer/commands/gofer_bootstrap_workspace.md +159 -0
- package/resources/gofer/commands/gofer_check_workspace.md +130 -0
- package/resources/gofer/commands/gofer_constitution.md +588 -0
- package/resources/gofer/commands/gofer_diagnose.md +89 -0
- package/resources/gofer/commands/gofer_eai_first_run.md +392 -0
- package/resources/gofer/commands/gofer_hydrate.md +537 -0
- package/resources/gofer/commands/gofer_personality.md +61 -0
- package/resources/gofer/commands/gofer_plan.md +51 -0
- package/resources/gofer/commands/gofer_side.md +56 -0
- package/resources/gofer/commands/gofer_spec_summary.md +87 -0
- package/resources/gofer/commands/gofer_tdd.md +87 -0
- package/resources/gofer/commands/gofer_vocabulary.md +87 -0
- package/resources/gofer/commands/gofer_zoom_out.md +87 -0
- package/resources/gofer/copilot-instructions/gofer-cost.instructions.md +13 -0
- package/resources/gofer/copilot-instructions/language-server.instructions.md +49 -0
- package/resources/gofer/copilot-instructions/typescript.instructions.md +47 -0
- package/resources/gofer/copilot-instructions/vscode-extension.instructions.md +46 -0
- package/resources/gofer/copilot-prompts/0_gofer_start.prompt.md +1308 -0
- package/resources/gofer/copilot-prompts/0a_problem_validation.prompt.md +429 -0
- package/resources/gofer/copilot-prompts/10_gofer_cloud.prompt.md +644 -0
- package/resources/gofer/copilot-prompts/1_gofer_research.prompt.md +1177 -0
- package/resources/gofer/copilot-prompts/2_gofer_specify.prompt.md +878 -0
- package/resources/gofer/copilot-prompts/3_gofer_plan.prompt.md +904 -0
- package/resources/gofer/copilot-prompts/4_gofer_tasks.prompt.md +766 -0
- package/resources/gofer/copilot-prompts/5_gofer_implement.prompt.md +942 -0
- package/resources/gofer/copilot-prompts/6_gofer_validate.prompt.md +2277 -0
- package/resources/gofer/copilot-prompts/7_gofer_save.prompt.md +433 -0
- package/resources/gofer/copilot-prompts/7a_stakeholder_comms.prompt.md +516 -0
- package/resources/gofer/copilot-prompts/8_gofer_branding.prompt.md +323 -0
- package/resources/gofer/copilot-prompts/9_gofer_tests.prompt.md +566 -0
- package/resources/gofer/copilot-prompts/gofer_bootstrap_workspace.prompt.md +161 -0
- package/resources/gofer/copilot-prompts/gofer_check_workspace.prompt.md +132 -0
- package/resources/gofer/copilot-prompts/gofer_constitution.prompt.md +621 -0
- package/resources/gofer/copilot-prompts/gofer_diagnose.prompt.md +127 -0
- package/resources/gofer/copilot-prompts/gofer_eai_first_run.prompt.md +410 -0
- package/resources/gofer/copilot-prompts/gofer_hydrate.prompt.md +571 -0
- package/resources/gofer/copilot-prompts/gofer_personality.prompt.md +57 -0
- package/resources/gofer/copilot-prompts/gofer_plan.prompt.md +53 -0
- package/resources/gofer/copilot-prompts/gofer_side.prompt.md +58 -0
- package/resources/gofer/copilot-prompts/gofer_spec_summary.prompt.md +125 -0
- package/resources/gofer/copilot-prompts/gofer_tdd.prompt.md +125 -0
- package/resources/gofer/copilot-prompts/gofer_vocabulary.prompt.md +125 -0
- package/resources/gofer/copilot-prompts/gofer_zoom_out.prompt.md +125 -0
- package/resources/gofer/gemini/agents/assumption-tracker.md +171 -0
- package/resources/gofer/gemini/agents/business-metrics-analyzer.md +172 -0
- package/resources/gofer/gemini/agents/business-problem-validator.md +171 -0
- package/resources/gofer/gemini/agents/codebase-analyzer.md +127 -0
- package/resources/gofer/gemini/agents/codebase-locator.md +98 -0
- package/resources/gofer/gemini/agents/codebase-pattern-finder.md +183 -0
- package/resources/gofer/gemini/agents/comms-writer.md +161 -0
- package/resources/gofer/gemini/agents/engineer-review.md +172 -0
- package/resources/gofer/gemini/agents/implement-bug-triangulator.md +97 -0
- package/resources/gofer/gemini/agents/implement-code-review-council.md +92 -0
- package/resources/gofer/gemini/agents/implement-doc-writer.md +92 -0
- package/resources/gofer/gemini/agents/implement-error-hardener.md +87 -0
- package/resources/gofer/gemini/agents/implement-performance-explorer.md +98 -0
- package/resources/gofer/gemini/agents/implement-test-diversifier.md +85 -0
- package/resources/gofer/gemini/agents/implement-variant-generator.md +83 -0
- package/resources/gofer/gemini/agents/multi-perspective-judge.md +117 -0
- package/resources/gofer/gemini/agents/plan-api-comparator.md +93 -0
- package/resources/gofer/gemini/agents/plan-architecture-diverger.md +103 -0
- package/resources/gofer/gemini/agents/plan-data-model-stress-tester.md +98 -0
- package/resources/gofer/gemini/agents/plan-migration-path-finder.md +98 -0
- package/resources/gofer/gemini/agents/plan-refactor-rewrite-advisor.md +100 -0
- package/resources/gofer/gemini/agents/research-dependency-evaluator.md +109 -0
- package/resources/gofer/gemini/agents/research-horizon-scanner.md +103 -0
- package/resources/gofer/gemini/agents/research-market-scanner.md +140 -0
- package/resources/gofer/gemini/agents/research-perspective-multiplier.md +105 -0
- package/resources/gofer/gemini/agents/scope-creep-detector.md +155 -0
- package/resources/gofer/gemini/agents/specify-ambiguity-detector.md +98 -0
- package/resources/gofer/gemini/agents/specify-journey-stress-tester.md +95 -0
- package/resources/gofer/gemini/agents/tasks-cross-cutting-scanner.md +94 -0
- package/resources/gofer/gemini/agents/tasks-rollback-planner.md +92 -0
- package/resources/gofer/gemini/agents/validate-security-red-team.md +105 -0
- package/resources/gofer/gemini/agents/validation-correctness.md +106 -0
- package/resources/gofer/gemini/agents/validation-integration.md +132 -0
- package/resources/gofer/gemini/agents/validation-performance.md +123 -0
- package/resources/gofer/gemini/agents/validation-security.md +118 -0
- package/resources/gofer/gemini/agents/validation-standards.md +154 -0
- package/resources/gofer/gemini/agents/validation-test-quality.md +149 -0
- package/resources/gofer/gemini/agents/visual-bounded-context-writer.md +40 -0
- package/resources/gofer/gemini/agents/visual-c4-writer.md +44 -0
- package/resources/gofer/gemini/agents/visual-erd-writer.md +36 -0
- package/resources/gofer/gemini/agents/visual-heatmap-writer.md +63 -0
- package/resources/gofer/gemini/agents/visual-risk-writer.md +64 -0
- package/resources/gofer/gemini/commands/gofer/.gitkeep +0 -0
- package/resources/gofer/gemini/commands/gofer/0_gofer_start.md +1282 -0
- package/resources/gofer/gemini/commands/gofer/0_gofer_start.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/0a_problem_validation.md +424 -0
- package/resources/gofer/gemini/commands/gofer/0a_problem_validation.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.md +630 -0
- package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/1_gofer_research.md +1154 -0
- package/resources/gofer/gemini/commands/gofer/1_gofer_research.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/2_gofer_specify.md +855 -0
- package/resources/gofer/gemini/commands/gofer/2_gofer_specify.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/3_gofer_plan.md +881 -0
- package/resources/gofer/gemini/commands/gofer/3_gofer_plan.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.md +743 -0
- package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/5_gofer_implement.md +919 -0
- package/resources/gofer/gemini/commands/gofer/5_gofer_implement.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/6_gofer_validate.md +2264 -0
- package/resources/gofer/gemini/commands/gofer/6_gofer_validate.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/7_gofer_save.md +418 -0
- package/resources/gofer/gemini/commands/gofer/7_gofer_save.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.md +503 -0
- package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/8_gofer_branding.md +310 -0
- package/resources/gofer/gemini/commands/gofer/8_gofer_branding.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/9_gofer_tests.md +553 -0
- package/resources/gofer/gemini/commands/gofer/9_gofer_tests.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.md +143 -0
- package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.md +114 -0
- package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_constitution.md +607 -0
- package/resources/gofer/gemini/commands/gofer/gofer_constitution.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_diagnose.md +109 -0
- package/resources/gofer/gemini/commands/gofer/gofer_diagnose.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.md +392 -0
- package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_hydrate.md +556 -0
- package/resources/gofer/gemini/commands/gofer/gofer_hydrate.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_personality.md +39 -0
- package/resources/gofer/gemini/commands/gofer/gofer_personality.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_plan.md +35 -0
- package/resources/gofer/gemini/commands/gofer/gofer_plan.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_side.md +40 -0
- package/resources/gofer/gemini/commands/gofer/gofer_side.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.md +107 -0
- package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_tdd.md +107 -0
- package/resources/gofer/gemini/commands/gofer/gofer_tdd.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.md +107 -0
- package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.md +107 -0
- package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.toml +2 -0
- package/resources/gofer/gemini/commands/gofer/manifest.json +32 -0
- package/resources/gofer/gemini/extension.json +16 -0
- package/resources/gofer/github-agents/gofer-business.agent.md +20 -0
- package/resources/gofer/github-agents/gofer-implement.agent.md +15 -0
- package/resources/gofer/github-agents/gofer-plan.agent.md +15 -0
- package/resources/gofer/github-agents/gofer-research.agent.md +15 -0
- package/resources/gofer/github-agents/gofer-validate.agent.md +10 -0
- package/resources/gofer/github-skills/eai-gofer/SKILL.md +56 -0
- package/resources/gofer/hook-scripts/agent-stop.mjs +655 -0
- package/resources/gofer/hook-scripts/log-stage-launch-time.mjs +77 -0
- package/resources/gofer/hook-scripts/post-tool-use.mjs +333 -0
- package/resources/gofer/hook-scripts/queued-input.mjs +188 -0
- package/resources/gofer/hook-scripts/session-lifecycle.mjs +93 -0
- package/resources/gofer/hook-scripts/user-prompt-submit.mjs +228 -0
- package/resources/gofer/instruction-templates/base/agents-base.md +37 -0
- package/resources/gofer/instruction-templates/base/claude-base.md +7 -0
- package/resources/gofer/instruction-templates/base/copilot-base.md +26 -0
- package/resources/gofer/instruction-templates/gofer/gofer-claude.md +5 -0
- package/resources/gofer/instruction-templates/gofer/gofer-copilot.md +9 -0
- package/resources/gofer/instruction-templates/languages/generic.md +7 -0
- package/resources/gofer/instruction-templates/languages/go.md +8 -0
- package/resources/gofer/instruction-templates/languages/java.md +8 -0
- package/resources/gofer/instruction-templates/languages/python.md +9 -0
- package/resources/gofer/instruction-templates/languages/rust.md +9 -0
- package/resources/gofer/instruction-templates/languages/typescript.md +19 -0
- package/resources/gofer/instruction-templates/workflow/principles.md +52 -0
- package/resources/gofer/memory/constitution.md +391 -0
- package/resources/gofer/memory/context-profiles.yaml +74 -0
- package/resources/gofer/memory/decisions/000-use-adr-for-decisions.md +67 -0
- package/resources/gofer/memory/decisions/001-di-framework.md +190 -0
- package/resources/gofer/memory/decisions/002-module-extraction.md +305 -0
- package/resources/gofer/memory/decisions/003-error-handling.md +368 -0
- package/resources/gofer/memory/decisions/004-cache-eviction.md +436 -0
- package/resources/gofer/memory/decisions/005-constants-management.md +520 -0
- package/resources/gofer/memory/decisions/README.md +129 -0
- package/resources/gofer/memory/diagrams/di-container.mmd +321 -0
- package/resources/gofer/memory/diagrams/extension-activation.mmd +184 -0
- package/resources/gofer/memory/diagrams/module-dependencies.mmd +264 -0
- package/resources/gofer/memory/gofer-model-policy.yaml +97 -0
- package/resources/gofer/memory/lessons.md +46 -0
- package/resources/gofer/node-scripts/canonical-descriptions.mjs +86 -0
- package/resources/gofer/node-scripts/check-version-alignment.mjs +131 -0
- package/resources/gofer/node-scripts/codex-doctor.mjs +425 -0
- package/resources/gofer/node-scripts/generate-commands.mjs +1366 -0
- package/resources/gofer/node-scripts/generate-issues.js +563 -0
- package/resources/gofer/node-scripts/gofer-closed-loop-audit.mjs +893 -0
- package/resources/gofer/node-scripts/gofer-loop-audit.mjs +541 -0
- package/resources/gofer/node-scripts/gofer-performance-report.mjs +306 -0
- package/resources/gofer/node-scripts/gofer-workspace-bootstrap.mjs +56 -0
- package/resources/gofer/node-scripts/gofer-workspace-check.mjs +56 -0
- package/resources/gofer/node-scripts/lib/ai-leverage-tagger.mjs +103 -0
- package/resources/gofer/node-scripts/lib/assemble-stakeholder-pack.mjs +114 -0
- package/resources/gofer/node-scripts/lib/marp-deck.mjs +87 -0
- package/resources/gofer/node-scripts/lib/mermaid-tabular-fallback.mjs +264 -0
- package/resources/gofer/node-scripts/lib/render-visual.mjs +54 -0
- package/resources/gofer/node-scripts/lib/validate-aliases.mjs +85 -0
- package/resources/gofer/node-scripts/lib/visual-counts.mjs +44 -0
- package/resources/gofer/node-scripts/lib/visual-pass-pipeline.mjs +134 -0
- package/resources/gofer/node-scripts/mermaid-export.mjs +72 -0
- package/resources/gofer/node-scripts/package-agent-plugin.mjs +940 -0
- package/resources/gofer/node-scripts/parse-stage-command.mjs +211 -0
- package/resources/gofer/node-scripts/schemas/.gitkeep +0 -0
- package/resources/gofer/node-scripts/schemas/stage-command.schema.json +72 -0
- package/resources/gofer/node-scripts/sync-extension-resources.mjs +110 -0
- package/resources/gofer/node-scripts/workspace-bootstrap-lib.mjs +1166 -0
- package/resources/gofer/powershell-scripts/install-optional-tools.ps1 +214 -0
- package/resources/gofer/references/platform/README.md +17 -0
- package/resources/gofer/references/platform/deployment-repo.md +9 -0
- package/resources/gofer/references/platform/eai-app-template.md +45 -0
- package/resources/gofer/references/platform/eai-config-driven-ui.md +156 -0
- package/resources/gofer/references/platform/eai-error-catalog.yaml +197 -0
- package/resources/gofer/references/platform/eai-repo-contract.md +134 -0
- package/resources/gofer/references/platform/eai-service-patterns.md +56 -0
- package/resources/gofer/references/platform/eai.md +85 -0
- package/resources/gofer/references/platform/vertical-template.md +49 -0
- package/resources/gofer/specify-commands/.gitkeep +0 -0
- package/resources/gofer/specify-commands/0_gofer_start.md +1299 -0
- package/resources/gofer/specify-commands/0a_problem_validation.md +405 -0
- package/resources/gofer/specify-commands/10_gofer_cloud.md +611 -0
- package/resources/gofer/specify-commands/1_gofer_research.md +1135 -0
- package/resources/gofer/specify-commands/2_gofer_specify.md +836 -0
- package/resources/gofer/specify-commands/3_gofer_plan.md +862 -0
- package/resources/gofer/specify-commands/4_gofer_tasks.md +724 -0
- package/resources/gofer/specify-commands/5_gofer_implement.md +900 -0
- package/resources/gofer/specify-commands/6_gofer_validate.md +2245 -0
- package/resources/gofer/specify-commands/7_gofer_save.md +399 -0
- package/resources/gofer/specify-commands/7a_stakeholder_comms.md +484 -0
- package/resources/gofer/specify-commands/8_gofer_branding.md +291 -0
- package/resources/gofer/specify-commands/9_gofer_tests.md +534 -0
- package/resources/gofer/specify-commands/gofer_bootstrap_workspace.md +159 -0
- package/resources/gofer/specify-commands/gofer_check_workspace.md +130 -0
- package/resources/gofer/specify-commands/gofer_constitution.md +588 -0
- package/resources/gofer/specify-commands/gofer_diagnose.md +89 -0
- package/resources/gofer/specify-commands/gofer_eai_first_run.md +392 -0
- package/resources/gofer/specify-commands/gofer_hydrate.md +537 -0
- package/resources/gofer/specify-commands/gofer_personality.md +61 -0
- package/resources/gofer/specify-commands/gofer_plan.md +51 -0
- package/resources/gofer/specify-commands/gofer_side.md +56 -0
- package/resources/gofer/specify-commands/gofer_spec_summary.md +87 -0
- package/resources/gofer/specify-commands/gofer_tdd.md +87 -0
- package/resources/gofer/specify-commands/gofer_vocabulary.md +87 -0
- package/resources/gofer/specify-commands/gofer_zoom_out.md +87 -0
- package/resources/gofer/system-skills/0_gofer_start/SKILL.md +1287 -0
- package/resources/gofer/system-skills/0a_problem_validation/SKILL.md +429 -0
- package/resources/gofer/system-skills/10_gofer_cloud/SKILL.md +635 -0
- package/resources/gofer/system-skills/1_gofer_research/SKILL.md +1159 -0
- package/resources/gofer/system-skills/2_gofer_specify/SKILL.md +860 -0
- package/resources/gofer/system-skills/3_gofer_plan/SKILL.md +886 -0
- package/resources/gofer/system-skills/4_gofer_tasks/SKILL.md +748 -0
- package/resources/gofer/system-skills/5_gofer_implement/SKILL.md +924 -0
- package/resources/gofer/system-skills/6_gofer_validate/SKILL.md +2269 -0
- package/resources/gofer/system-skills/7_gofer_save/SKILL.md +423 -0
- package/resources/gofer/system-skills/7a_stakeholder_comms/SKILL.md +508 -0
- package/resources/gofer/system-skills/8_gofer_branding/SKILL.md +315 -0
- package/resources/gofer/system-skills/9_gofer_tests/SKILL.md +558 -0
- package/resources/gofer/system-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
- package/resources/gofer/system-skills/gofer_check_workspace/SKILL.md +119 -0
- package/resources/gofer/system-skills/gofer_constitution/SKILL.md +612 -0
- package/resources/gofer/system-skills/gofer_diagnose/SKILL.md +114 -0
- package/resources/gofer/system-skills/gofer_eai_first_run/SKILL.md +397 -0
- package/resources/gofer/system-skills/gofer_hydrate/SKILL.md +561 -0
- package/resources/gofer/system-skills/gofer_personality/SKILL.md +44 -0
- package/resources/gofer/system-skills/gofer_plan/SKILL.md +40 -0
- package/resources/gofer/system-skills/gofer_side/SKILL.md +45 -0
- package/resources/gofer/system-skills/gofer_spec_summary/SKILL.md +112 -0
- package/resources/gofer/system-skills/gofer_tdd/SKILL.md +112 -0
- package/resources/gofer/system-skills/gofer_vocabulary/SKILL.md +112 -0
- package/resources/gofer/system-skills/gofer_zoom_out/SKILL.md +112 -0
- package/resources/gofer/templates/agent-file-template.md +28 -0
- package/resources/gofer/templates/assumptions-template.md +94 -0
- package/resources/gofer/templates/audit-history-template.md +35 -0
- package/resources/gofer/templates/brand/brand-profile-template.json +45 -0
- package/resources/gofer/templates/brand/document-style-template.md +50 -0
- package/resources/gofer/templates/brand/marp-theme-template.css +58 -0
- package/resources/gofer/templates/brownfield-analysis.md +44 -0
- package/resources/gofer/templates/business-metrics-template.md +120 -0
- package/resources/gofer/templates/business-owner-summary-template.md +83 -0
- package/resources/gofer/templates/checklist-template.md +40 -0
- package/resources/gofer/templates/ciso-security-summary-template.md +70 -0
- package/resources/gofer/templates/context-bundle-template.md +76 -0
- package/resources/gofer/templates/contract-pack-template.md +109 -0
- package/resources/gofer/templates/cto-architecture-summary-template.md +83 -0
- package/resources/gofer/templates/discovery-template.md +92 -0
- package/resources/gofer/templates/eai-preflight-template.md +144 -0
- package/resources/gofer/templates/goal-ledger-template.json +69 -0
- package/resources/gofer/templates/gofer-model-policy.yaml +97 -0
- package/resources/gofer/templates/issues-template.md +106 -0
- package/resources/gofer/templates/journey/base-journey.md +95 -0
- package/resources/gofer/templates/journey/industry-variants.yaml +277 -0
- package/resources/gofer/templates/loop-contract-template.json +68 -0
- package/resources/gofer/templates/plan-template.md +215 -0
- package/resources/gofer/templates/problem-brief-template.md +85 -0
- package/resources/gofer/templates/proposal-review-template.md +79 -0
- package/resources/gofer/templates/research-template.md +222 -0
- package/resources/gofer/templates/reuse-scan-template.md +43 -0
- package/resources/gofer/templates/sequence-diagrams/option-spectrum.yaml +178 -0
- package/resources/gofer/templates/service-fit-matrix-template.md +29 -0
- package/resources/gofer/templates/session-handoff-template.md +172 -0
- package/resources/gofer/templates/spec-summary-template.md +118 -0
- package/resources/gofer/templates/spec-template.md +196 -0
- package/resources/gofer/templates/stakeholder-comms-template.md +330 -0
- package/resources/gofer/templates/stakeholder-review-index-template.md +54 -0
- package/resources/gofer/templates/tasks-template.md +323 -0
- package/resources/gofer/templates/ui-approval-template.md +32 -0
- package/resources/gofer/templates/ui-preview-brief-template.md +65 -0
- package/resources/gofer/templates/ui-review-log-template.md +11 -0
- package/resources/gofer/templates/visuals/.gitkeep +0 -0
- package/resources/gofer/templates/visuals/bounded-context-map.md +19 -0
- package/resources/gofer/templates/visuals/bounded-context-template.md +47 -0
- package/resources/gofer/templates/visuals/c4-container-template.md +38 -0
- package/resources/gofer/templates/visuals/c4-container.md +20 -0
- package/resources/gofer/templates/visuals/c4-context-template.md +46 -0
- package/resources/gofer/templates/visuals/capability-heatmap-template.md +54 -0
- package/resources/gofer/templates/visuals/data-model-erd-template.md +41 -0
- package/resources/gofer/templates/visuals/erd.md +19 -0
- package/resources/gofer/templates/visuals/impact-canvas.md +40 -0
- package/resources/gofer/templates/visuals/risk-heatmap-template.md +51 -0
- package/resources/gofer/templates/visuals/roi-projection.md +17 -0
- package/resources/gofer/templates/visuals/value-stream-asis.md +16 -0
- package/resources/gofer/templates/visuals/value-stream-tobe.md +18 -0
- package/resources/gofer/templates/working-backwards-prfaq-template.md +165 -0
- package/resources/linked-sources.json +25 -0
|
@@ -0,0 +1,2277 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: 6_gofer_validate
|
|
3
|
+
description: Validate implemented work with evidence-backed scoring, blast-radius analysis, and engineering review.
|
|
4
|
+
agent: copilot-workspace
|
|
5
|
+
tools:
|
|
6
|
+
- Read
|
|
7
|
+
- Grep
|
|
8
|
+
- Glob
|
|
9
|
+
- Bash
|
|
10
|
+
- WebSearch
|
|
11
|
+
argument-hint: feature-name-or-description
|
|
12
|
+
gofer:
|
|
13
|
+
workflowProfile: standard
|
|
14
|
+
canonicalSource: .specify/commands/6_gofer_validate.md
|
|
15
|
+
canonicalChecksum: c375a15f7dcaaf7b6908f43521bb54b226d6890935ffb7624b34efd956ef9a69
|
|
16
|
+
metadataSource: scripts/generate-commands.ts
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
## Workspace Preflight
|
|
20
|
+
|
|
21
|
+
Before doing stage/helper work:
|
|
22
|
+
|
|
23
|
+
1. Resolve the repository root.
|
|
24
|
+
2. Check the core Gofer sentinels:
|
|
25
|
+
- `.specify/.gofer-version`
|
|
26
|
+
- `.specify/commands/0_gofer_start.md`
|
|
27
|
+
- `.specify/templates/spec-template.md`
|
|
28
|
+
- `.specify/templates/loop-contract-template.json`
|
|
29
|
+
- `.specify/templates/working-backwards-prfaq-template.md`
|
|
30
|
+
- `.specify/templates/business-owner-summary-template.md`
|
|
31
|
+
- `.specify/templates/cto-architecture-summary-template.md`
|
|
32
|
+
- `.specify/templates/ciso-security-summary-template.md`
|
|
33
|
+
- `.specify/templates/stakeholder-review-index-template.md`
|
|
34
|
+
- `.specify/scripts/bash/create-new-feature.sh`
|
|
35
|
+
- `.specify/scripts/node/parse-stage-command.mjs`
|
|
36
|
+
- `.specify/scripts/node/gofer-loop-audit.mjs`
|
|
37
|
+
- `.specify/scripts/hooks/post-tool-use.mjs`
|
|
38
|
+
- `.specify/scripts/powershell/install-optional-tools.ps1`
|
|
39
|
+
- `.specify/templates/gofer-model-policy.yaml`
|
|
40
|
+
- `.specify/memory/gofer-model-policy.yaml`
|
|
41
|
+
- `.specify/specs/`
|
|
42
|
+
- `.specify/memory/`
|
|
43
|
+
3. Check host-specific repo-owned files when relevant:
|
|
44
|
+
- Claude: `AGENTS.md`, `CLAUDE.md`, `.claude/settings.json`
|
|
45
|
+
- Codex: `AGENTS.md`
|
|
46
|
+
- Copilot: `.github/copilot-instructions.md`
|
|
47
|
+
- VS Code extension mirrors Claude/Copilot/Gemini resources itself and should still keep the core scaffold healthy
|
|
48
|
+
4. If the repo already has the workspace checker script, prefer running:
|
|
49
|
+
- `node .specify/scripts/node/gofer-workspace-check.mjs --host copilot --json`
|
|
50
|
+
5. If the workspace is missing or stale, ask exactly:
|
|
51
|
+
- **"This repo is missing or stale for Gofer. Initialize/update it now?"**
|
|
52
|
+
6. If the user says yes, run the Gofer workspace bootstrap helper and then resume this command from the top.
|
|
53
|
+
7. If the user says no, stop and explain that Gofer stage/helper work depends on the repo-owned scaffold.
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
# Gofer Validate
|
|
57
|
+
|
|
58
|
+
## EAI Platform Session Preflight
|
|
59
|
+
|
|
60
|
+
Before any Gofer stage/helper command does pipeline work:
|
|
61
|
+
|
|
62
|
+
1. Treat durable delivery as EAI Platform delivery by default, with Azure second
|
|
63
|
+
and every other stack only by explicit exception.
|
|
64
|
+
2. Run `eai whoami` and confirm the EAI CLI is installed, the user is logged in,
|
|
65
|
+
and an active tenant is visible.
|
|
66
|
+
3. If `eai` is missing, `eai whoami` fails, the token is expired, or no active
|
|
67
|
+
tenant is available, stop and run `/gofer:eai-first-run` or ask the user to
|
|
68
|
+
approve login/setup before continuing.
|
|
69
|
+
4. For EAI app delivery, do not continue into research, specification, planning,
|
|
70
|
+
tasks, implementation, or validation until
|
|
71
|
+
`.specify/specs/{feature}/eai-preflight.md` records login, tenant, template,
|
|
72
|
+
app-readiness, and next-action evidence.
|
|
73
|
+
5. Do not write tokens, secrets, private tenant IDs, or local `.env` values into
|
|
74
|
+
Gofer artifacts; record only product-safe readiness status and evidence.
|
|
75
|
+
|
|
76
|
+
## Token And Cost Policy
|
|
77
|
+
<!-- gofer:token-cost-policy:start -->
|
|
78
|
+
|
|
79
|
+
Before spawning agents, calling tools, or loading large files:
|
|
80
|
+
|
|
81
|
+
1. Treat `.specify/memory/gofer-model-policy.yaml` as the repo-owned source of truth for simple, medium, hard, and arbiter model routing. If it is missing, run `/gofer:bootstrap-workspace` before continuing.
|
|
82
|
+
2. Use the cheapest capable model first.
|
|
83
|
+
- Claude: Haiku for scouting/extraction; Sonnet for normal implementation, synthesis, validation, and security; Opus for high-risk arbitration or release-critical failures.
|
|
84
|
+
- Codex/OpenAI: GPT mini for simple coding; GPT nano only for locate/classify/summarize/mechanical work; GPT-5.3-Codex or flagship GPT for tool-heavy coding, architecture, and release-critical validation.
|
|
85
|
+
- Gemini: Flash-Lite for cheap large-context scan/summarize; Flash for default research synthesis; Pro for large-context architecture or high-risk arbitration.
|
|
86
|
+
- Copilot: prefer Auto for simple and default work; ask the user before choosing a paid/high-tier picker model for hard security, architecture, or release gates.
|
|
87
|
+
3. Keep raw tool output out of the main conversation context. Save stable findings to `.specify/specs/{feature}/context-bundle.md`, then work from summaries.
|
|
88
|
+
4. Use provider prompt/context caching only for stable, non-secret prefixes: Gofer scaffold, AGENTS/CLAUDE/Copilot instructions, constitution, repo map, stage contracts, and validation rubric.
|
|
89
|
+
5. Before continuing after large research, planning, implementation, or validation bursts, checkpoint the durable artifacts and compact/clear/resume context when the host supports it.
|
|
90
|
+
6. Escalate model tier only when a cheaper pass is low-confidence, contradictory, security-sensitive, or blocking release quality.
|
|
91
|
+
<!-- gofer:token-cost-policy:end -->
|
|
92
|
+
|
|
93
|
+
## User Input
|
|
94
|
+
|
|
95
|
+
```text
|
|
96
|
+
$ARGUMENTS
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
You **MUST** consider the user input before proceeding (if not empty).
|
|
100
|
+
|
|
101
|
+
## Execution Profile And Validation Cost
|
|
102
|
+
|
|
103
|
+
Validation must respect the final risk label:
|
|
104
|
+
|
|
105
|
+
- **fast**: for `docs-only` or very small low-risk changes, run focused checks
|
|
106
|
+
and verify no unnecessary artifact churn or unrelated files were changed.
|
|
107
|
+
- **standard**: run the normal rubric, focused build/test/lint/typecheck
|
|
108
|
+
evidence, and traceability checks.
|
|
109
|
+
- **full**: preserve the existing blast-radius, evidence gates, review loop,
|
|
110
|
+
scoring, and release-readiness checks; require evidence for contract,
|
|
111
|
+
security, data, infra/config, rollback, and cross-repository claims.
|
|
112
|
+
- **dynamic**: preserve the full validation behavior, then also verify
|
|
113
|
+
`execution-profile.md`, `workflow-dag.md`, shard outputs, reducer synthesis,
|
|
114
|
+
verifier/refuter evidence, budget/stop-condition evidence, and any explicit
|
|
115
|
+
user confirmation required before broad fanout work.
|
|
116
|
+
|
|
117
|
+
Archived specs under `.specify/specs/_*/` are historical context and must not
|
|
118
|
+
inflate active context-health estimates or current blast-radius manifests.
|
|
119
|
+
|
|
120
|
+
## Prerequisites
|
|
121
|
+
|
|
122
|
+
This command expects in `.specify/specs/{feature}/`:
|
|
123
|
+
|
|
124
|
+
- `research.md` - Codebase analysis (from #1_gofer_research)
|
|
125
|
+
- `spec.md` - Feature specification (from #2_gofer_specify)
|
|
126
|
+
- `plan.md` - Implementation plan (from #3_gofer_plan)
|
|
127
|
+
- `tasks.md` - Task breakdown (from #4_gofer_tasks)
|
|
128
|
+
- `goal-ledger.json` - Goal, metric, delivery-state, and re-loop contract
|
|
129
|
+
- `loop-contract.json` - Bounded eval commands and stop rules
|
|
130
|
+
- `loop-ledger.jsonl` - Implementation and validation loop evidence
|
|
131
|
+
- `traceability.md` - Requirement -> task -> code -> test matrix
|
|
132
|
+
- Implemented code (from #5_gofer_implement)
|
|
133
|
+
|
|
134
|
+
---
|
|
135
|
+
|
|
136
|
+
## Spec Artifact Guard
|
|
137
|
+
|
|
138
|
+
Before validation, `.specify/scripts/bash/check-prerequisites.sh --json
|
|
139
|
+
--require-tasks` must confirm that `{FEATURE_DIR}/spec.md` exists, is
|
|
140
|
+
non-empty, and is not the unfilled spec template. If the helper reports
|
|
141
|
+
`spec.md` as missing, empty, or `template`, stop and run `#2_gofer_specify`.
|
|
142
|
+
Validation cannot score functional correctness, traceability, or objective
|
|
143
|
+
outcomes without a real specification.
|
|
144
|
+
|
|
145
|
+
## Outline
|
|
146
|
+
|
|
147
|
+
1. Context health check
|
|
148
|
+
2. Load implementation context
|
|
149
|
+
3. Closed-loop objective audit
|
|
150
|
+
4. **Phase A** — Spawn 6 specialist rubric validation agents in parallel
|
|
151
|
+
4. Evidence gate pre-check and pending-gate tracking
|
|
152
|
+
5. **Phase B** — Spawn 5 blast-radius analysis agents in parallel
|
|
153
|
+
7. Blast-radius synthesis (change graph, interface diff, observability,
|
|
154
|
+
dependency/submodule impact, rollback readiness, release checklist)
|
|
155
|
+
8. Run automated checks (build, test, lint, typecheck)
|
|
156
|
+
9. Mutation testing gate
|
|
157
|
+
10. Mock ratio analysis
|
|
158
|
+
11. Semantic slop detection
|
|
159
|
+
12. Score the 11-category rubric (110 points)
|
|
160
|
+
13. Generate enhanced validation report + blast-radius report
|
|
161
|
+
14. Determine rubric PASS/FAIL outcome
|
|
162
|
+
15. Brownfield restart on failure
|
|
163
|
+
16. **Phase C** — Engineering review loop (3 agents × up to 5 cycles with
|
|
164
|
+
auto-fix)
|
|
165
|
+
17. Generate engineering review report
|
|
166
|
+
18. Attribution logging to JSONL
|
|
167
|
+
19. Memory update check
|
|
168
|
+
|
|
169
|
+
---
|
|
170
|
+
|
|
171
|
+
## Execution Strategy by Platform
|
|
172
|
+
|
|
173
|
+
| Platform | Validation Execution Strategy |
|
|
174
|
+
| -------------------------------------- | --------------------------------------------------------------------------------------------- |
|
|
175
|
+
| Claude Code CLI | Run all validation agents in parallel using the Task tool |
|
|
176
|
+
| GitHub Copilot Chat (2026+) | Use multi-agent delegation to run validation in parallel |
|
|
177
|
+
| GitHub Copilot Chat (2025 and earlier) | Run validation checks sequentially using the **Legacy Workflow** in `docs/legacy-workflow.md` |
|
|
178
|
+
|
|
179
|
+
For pre-2026 Copilot environments, execute the validation phases
|
|
180
|
+
**sequentially** instead of parallel spawning.
|
|
181
|
+
|
|
182
|
+
---
|
|
183
|
+
|
|
184
|
+
## The Engineering Quality Rubric
|
|
185
|
+
|
|
186
|
+
### 11-Category Scoring (110 Points)
|
|
187
|
+
|
|
188
|
+
| # | Category | Points | Pass Criteria | Agent |
|
|
189
|
+
| --- | ---------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
|
|
190
|
+
| 1 | Functional Correctness | 15 | Every acceptance criterion in spec.md has a passing test exercising real code | validation-correctness |
|
|
191
|
+
| 2 | Test Authenticity | 15 | Zero skips, zero placeholders, zero mock-only assertions. Mutation score >= 60% if Stryker available | validation-test-quality |
|
|
192
|
+
| 3 | UI/E2E Verification | 10 | If feature has UI: real rendering tests pass. If no UI: points redistribute | N/A (automated check) |
|
|
193
|
+
| 4 | Security Posture | 10 | Zero hardcoded secrets, no disabled security features, no client-side keys | validation-security |
|
|
194
|
+
| 5 | Integration Reality | 10 | Integration tests use real dependencies where possible. Contract tests validate boundaries | validation-integration |
|
|
195
|
+
| 6 | Error Path Coverage | 10 | Public functions tested for failure modes. No empty catch blocks | validation-correctness + validation-standards |
|
|
196
|
+
| 7 | Architecture Compliance | 10 | File structure, patterns, visual explanations, and human-facing document summaries match plan.md and research.md. Required visuals are simple, rendered or fallback-safe, and traceable to requirements, code, and EAI Platform decisions | validation-standards |
|
|
197
|
+
| 8 | Performance Baseline | 5 | No synchronous I/O in async paths, no unbounded loops, no N+1 patterns | validation-performance |
|
|
198
|
+
| 9 | Code Hygiene | 10 | Zero AI slop: no TODO placeholders, no redundant comments, no magic numbers | validation-standards |
|
|
199
|
+
| 10 | Specification Traceability | 5 | Every user story maps to tests, every test maps to code | validation-correctness |
|
|
200
|
+
| 11 | **Blast Radius Containment** | 10 | No unmitigated breaking API changes, full-surface consumer/import audit, new error paths log, no new High/Critical CVEs, rollback/feature-flag path exists, release checklist complete | codebase-analyzer + validation-integration + validation-standards + research-dependency-evaluator + tasks-rollback-planner |
|
|
201
|
+
|
|
202
|
+
### Point Redistribution (No-UI Features)
|
|
203
|
+
|
|
204
|
+
When a feature has **no UI component** (no web pages, no frontend, no visual
|
|
205
|
+
interface), the 10 points from UI/E2E Verification are redistributed:
|
|
206
|
+
|
|
207
|
+
- **+5 to Functional Correctness** (total: 20 points)
|
|
208
|
+
- **+5 to Test Authenticity** (total: 20 points)
|
|
209
|
+
|
|
210
|
+
Total remains **110/110** across all 11 categories.
|
|
211
|
+
|
|
212
|
+
**Detection**: Check plan.md tech stack. If no UI framework (React, Vue,
|
|
213
|
+
Angular, Svelte) and no Playwright/Cypress tests exist, this is a no-UI feature.
|
|
214
|
+
|
|
215
|
+
### Scoring Rules
|
|
216
|
+
|
|
217
|
+
- Each category scores **full points** or **0**. There is no partial credit.
|
|
218
|
+
- A category scores 0 if its agent reports any **Red (blocking)** finding.
|
|
219
|
+
- A category scores 0 if its automated check fails.
|
|
220
|
+
- **Total score** = sum of all category scores (max **110**, was 100).
|
|
221
|
+
- **PASS** = 110/110 and a passing objective outcome gate. Anything less = FAIL.
|
|
222
|
+
- Legacy consumers reading `status: PASS` / `score: 100` from historical reports
|
|
223
|
+
should migrate to the 110-point scale. The report keeps the `score` field as
|
|
224
|
+
the numerator and `score_max` to disambiguate.
|
|
225
|
+
|
|
226
|
+
**Honest-scoring rule (FR-012)**: If an agent reports `EVIDENCE ABSENT:`, the
|
|
227
|
+
orchestrating stage MUST score that category 0 regardless of other findings.
|
|
228
|
+
Phrases like `likely correct`, `appears wired`, or `should be passing` are NOT
|
|
229
|
+
evidence and MUST NOT contribute to any score. Any rubric category where
|
|
230
|
+
evidence is absent, unverifiable, fabricated, or implied scores exactly 0 — no
|
|
231
|
+
partial credit.
|
|
232
|
+
|
|
233
|
+
---
|
|
234
|
+
|
|
235
|
+
## Step 0: Context Health Check
|
|
236
|
+
|
|
237
|
+
Before starting validation, assess context window health:
|
|
238
|
+
|
|
239
|
+
```bash
|
|
240
|
+
.specify/scripts/bash/check-context-health.sh
|
|
241
|
+
```
|
|
242
|
+
|
|
243
|
+
- If **< 50%**: Proceed normally
|
|
244
|
+
- If **50-70%**: Use sub-agents heavily, minimize main context
|
|
245
|
+
- If **> 70%**: Run `#7_gofer_save`, start a fresh session, read the
|
|
246
|
+
checkpoint, and continue validation
|
|
247
|
+
|
|
248
|
+
Validation loads all artifacts and spawns 6 agents — context pressure is high.
|
|
249
|
+
|
|
250
|
+
---
|
|
251
|
+
|
|
252
|
+
## Step 1: Load Context
|
|
253
|
+
|
|
254
|
+
1. **Run setup script**:
|
|
255
|
+
|
|
256
|
+
```bash
|
|
257
|
+
.specify/scripts/bash/check-prerequisites.sh --json --require-tasks
|
|
258
|
+
```
|
|
259
|
+
|
|
260
|
+
Parse JSON for FEATURE_DIR
|
|
261
|
+
|
|
262
|
+
2. **Load all artifacts**:
|
|
263
|
+
- spec.md (user stories, acceptance criteria)
|
|
264
|
+
- plan.md (architecture, file structure, tech stack)
|
|
265
|
+
- tasks.md (task completion status)
|
|
266
|
+
- goal-ledger.json (goal IDs, metrics, delivery states, re-loop triggers)
|
|
267
|
+
- loop-contract.json (loop objective, eval commands, max iterations, stop conditions)
|
|
268
|
+
- loop-ledger.jsonl (implementation and validation loop evidence)
|
|
269
|
+
- traceability.md (requirement-to-code/test evidence matrix)
|
|
270
|
+
- research.md (codebase patterns to follow)
|
|
271
|
+
|
|
272
|
+
3. **Detect iteration count**:
|
|
273
|
+
- Check if `{FEATURE_DIR}/remediation-report.md` exists
|
|
274
|
+
- If yes, read the iteration count from it
|
|
275
|
+
- Track: `ITERATION = [1|2|3]` (first run = 1)
|
|
276
|
+
|
|
277
|
+
4. **Determine UI presence**:
|
|
278
|
+
- Read plan.md tech stack
|
|
279
|
+
- If UI framework present AND Playwright/Cypress tests exist: `HAS_UI = true`
|
|
280
|
+
- Otherwise: `HAS_UI = false` → apply point redistribution
|
|
281
|
+
|
|
282
|
+
**Deployment/Render Scope Detection** (FR-011):
|
|
283
|
+
|
|
284
|
+
Scan `spec.md`, `plan.md`, `contract-pack.md`, and `quickstart.md` (when
|
|
285
|
+
present) for the following signals:
|
|
286
|
+
|
|
287
|
+
- `DEPLOY_SIGNAL_1`: any acceptance criterion contains: `rendered`,
|
|
288
|
+
`live route`, `live API`, `deployed`, `production`, `staging`,
|
|
289
|
+
`SharePoint`, `Azure`, `smoke`, `E2E`, `browser`
|
|
290
|
+
- `DEPLOY_SIGNAL_2`: `plan.md`, `contract-pack.md`, or `quickstart.md`
|
|
291
|
+
names a deployment target: SharePoint, Azure, staging, production, Vercel,
|
|
292
|
+
Netlify, Docker, Kubernetes, or any server/environment referenced in the
|
|
293
|
+
acceptance chain
|
|
294
|
+
- `DEPLOY_SIGNAL_3`: `plan.md` declares a UI/rendered experience AND at least
|
|
295
|
+
one acceptance criterion uses: `sees`, `displays`, `shows`, `renders`,
|
|
296
|
+
`navigates to`
|
|
297
|
+
|
|
298
|
+
Set `DEPLOY_IN_SCOPE = true` if ANY signal is present.
|
|
299
|
+
Set `DEPLOY_IN_SCOPE = false` if NO signal is present.
|
|
300
|
+
Record the determination in the validation report preamble.
|
|
301
|
+
|
|
302
|
+
## Step 1.5: Closed-Loop Objective And Loop Evidence Audit
|
|
303
|
+
|
|
304
|
+
Before rubric scoring, run the closed-loop audit and write a fresh rebaseline
|
|
305
|
+
report:
|
|
306
|
+
|
|
307
|
+
```bash
|
|
308
|
+
node .specify/scripts/node/gofer-closed-loop-audit.mjs --feature-dir {FEATURE_DIR} --json --strict
|
|
309
|
+
```
|
|
310
|
+
|
|
311
|
+
Also write/update `{FEATURE_DIR}/goal-rebaseline-report.md`.
|
|
312
|
+
|
|
313
|
+
Then run the bounded loop audit:
|
|
314
|
+
|
|
315
|
+
```bash
|
|
316
|
+
node .specify/scripts/node/gofer-loop-audit.mjs --feature-dir {FEATURE_DIR} --stage 6_validate --json --strict
|
|
317
|
+
```
|
|
318
|
+
|
|
319
|
+
This writes/updates `{FEATURE_DIR}/loop-audit-report.md`.
|
|
320
|
+
|
|
321
|
+
Validation MUST treat the closed-loop and loop audits as objective gates:
|
|
322
|
+
|
|
323
|
+
- If the audit reports missing goal coverage, missing code/test evidence,
|
|
324
|
+
expired assumptions, or invalid goal-ledger structure, validation FAILS.
|
|
325
|
+
- If the loop audit reports a missing/invalid loop contract, missing
|
|
326
|
+
`loop-ledger.jsonl` evidence, maxIterations breach, or required human
|
|
327
|
+
escalation, validation FAILS.
|
|
328
|
+
- If the audit recommends reopening `#2_gofer_specify`, `#3_gofer_plan`,
|
|
329
|
+
`#4_gofer_tasks`, or `#6_gofer_validate`, record that as a blocking drift
|
|
330
|
+
finding and FAIL the run. The feature is no longer in a closed state even if
|
|
331
|
+
the code still compiles.
|
|
332
|
+
- If the audit only reports low-severity warnings with no recommended reopen
|
|
333
|
+
stage, continue but record them in the validation report.
|
|
334
|
+
|
|
335
|
+
---
|
|
336
|
+
|
|
337
|
+
# Phase A — Rubric Validation
|
|
338
|
+
|
|
339
|
+
Phase A runs the 10-category engineering rubric (Categories 1-10, up to 100
|
|
340
|
+
points before Category 11 is added).
|
|
341
|
+
|
|
342
|
+
## Step 2: Spawn 6 Specialist Validation Agents
|
|
343
|
+
|
|
344
|
+
**CRITICAL**: You **MUST** launch all 6 agents **in parallel** using the Task
|
|
345
|
+
tool. Do NOT perform validation work inline in the main context. The main
|
|
346
|
+
context should only orchestrate, score the rubric, and review agent outputs.
|
|
347
|
+
Each agent receives the feature context and returns structured findings.
|
|
348
|
+
|
|
349
|
+
### Agent 1: Correctness Validator
|
|
350
|
+
|
|
351
|
+
```
|
|
352
|
+
Task: subagent_type="validation-correctness", model="sonnet"
|
|
353
|
+
Prompt: "Validate functional correctness for feature [FEATURE_NAME].
|
|
354
|
+
|
|
355
|
+
Feature directory: {FEATURE_DIR}
|
|
356
|
+
Spec: {FEATURE_DIR}/spec.md
|
|
357
|
+
Plan: {FEATURE_DIR}/plan.md
|
|
358
|
+
|
|
359
|
+
Check every acceptance criterion in spec.md.
|
|
360
|
+
For each criterion, find the test that exercises it and verify it tests real code.
|
|
361
|
+
Return findings in your standard report format (<2000 tokens)."
|
|
362
|
+
```
|
|
363
|
+
|
|
364
|
+
### Agent 2: Security Validator
|
|
365
|
+
|
|
366
|
+
```
|
|
367
|
+
Task: subagent_type="validation-security", model="sonnet"
|
|
368
|
+
Prompt: "Validate security posture for feature [FEATURE_NAME].
|
|
369
|
+
|
|
370
|
+
Scan all new/modified files (from tasks.md file paths).
|
|
371
|
+
Check for: hardcoded secrets, disabled security, auth bypass, client-side keys.
|
|
372
|
+
Return findings with Red/Yellow/Gray severity (<2000 tokens)."
|
|
373
|
+
```
|
|
374
|
+
|
|
375
|
+
### Agent 3: Performance Validator
|
|
376
|
+
|
|
377
|
+
```
|
|
378
|
+
Task: subagent_type="validation-performance", model="haiku"
|
|
379
|
+
Prompt: "Validate performance characteristics for feature [FEATURE_NAME].
|
|
380
|
+
|
|
381
|
+
Scan all new/modified source files (from tasks.md file paths).
|
|
382
|
+
Check for: sync I/O in async paths, cyclomatic complexity > 12, unbounded loops.
|
|
383
|
+
Build scripts and test files are exempt.
|
|
384
|
+
Return findings with complexity scores (<2000 tokens)."
|
|
385
|
+
```
|
|
386
|
+
|
|
387
|
+
### Agent 4: Test Quality Validator
|
|
388
|
+
|
|
389
|
+
```
|
|
390
|
+
Task: subagent_type="validation-test-quality", model="haiku"
|
|
391
|
+
Prompt: "Validate test quality for feature [FEATURE_NAME].
|
|
392
|
+
|
|
393
|
+
Scan test files related to the feature.
|
|
394
|
+
Check for: placeholder assertions, skipped tests, mock ratio, mock-only tests.
|
|
395
|
+
VSCode API mocks marked '// mock-justified: VSCode API' are exempt from ratio.
|
|
396
|
+
Return findings with mock ratio calculation (<2000 tokens)."
|
|
397
|
+
```
|
|
398
|
+
|
|
399
|
+
### Agent 5: Integration Validator
|
|
400
|
+
|
|
401
|
+
```
|
|
402
|
+
Task: subagent_type="validation-integration", model="sonnet"
|
|
403
|
+
Prompt: "Validate integration contracts for feature [FEATURE_NAME].
|
|
404
|
+
|
|
405
|
+
Feature directory: {FEATURE_DIR}
|
|
406
|
+
Check contracts/ directory if it exists.
|
|
407
|
+
Verify cross-component boundaries, type compatibility, integration test coverage.
|
|
408
|
+
Return findings with contract compliance status (<2000 tokens)."
|
|
409
|
+
```
|
|
410
|
+
|
|
411
|
+
### Agent 6: Standards Validator
|
|
412
|
+
|
|
413
|
+
```
|
|
414
|
+
Task: subagent_type="validation-standards", model="sonnet"
|
|
415
|
+
Prompt: "Validate standards compliance for feature [FEATURE_NAME].
|
|
416
|
+
|
|
417
|
+
Feature directory: {FEATURE_DIR}
|
|
418
|
+
Check against constitution.md (if exists) and research.md patterns.
|
|
419
|
+
Detect AI slop: redundant comments, over-engineered abstractions, silent failures.
|
|
420
|
+
Check code hygiene: TODO/FIXME, magic numbers, unused imports.
|
|
421
|
+
Return findings with severity tiers (<2000 tokens)."
|
|
422
|
+
```
|
|
423
|
+
|
|
424
|
+
### Agent 7: Security Red Team (Optional — Multi-Perspective)
|
|
425
|
+
|
|
426
|
+
When the feature involves security-sensitive code (authentication,
|
|
427
|
+
authorization, user input handling, external APIs), run the security red team
|
|
428
|
+
strategy (#13):
|
|
429
|
+
|
|
430
|
+
```
|
|
431
|
+
# Diverge: 3 attack perspectives
|
|
432
|
+
Task: subagent_type="validate-security-red-team", model="opus"
|
|
433
|
+
Prompt: "Perspective 1: OWASP Top 10 attack analysis for feature [FEATURE_NAME].
|
|
434
|
+
Scan all new/modified files from tasks.md. Attack from OWASP perspective.
|
|
435
|
+
Return findings with exploit steps (<2000 tokens)."
|
|
436
|
+
|
|
437
|
+
Task: subagent_type="validate-security-red-team", model="opus"
|
|
438
|
+
Prompt: "Perspective 2: Business logic abuse analysis for feature [FEATURE_NAME].
|
|
439
|
+
Scan all new/modified files from tasks.md. Attack business logic.
|
|
440
|
+
Return findings with exploit steps (<2000 tokens)."
|
|
441
|
+
|
|
442
|
+
Task: subagent_type="validate-security-red-team", model="opus"
|
|
443
|
+
Prompt: "Perspective 3: CVE search for feature [FEATURE_NAME].
|
|
444
|
+
Check package.json dependencies for known CVEs.
|
|
445
|
+
Return findings with advisory references (<2000 tokens)."
|
|
446
|
+
|
|
447
|
+
# Converge: Judge synthesizes attack findings
|
|
448
|
+
Task: subagent_type="multi-perspective-judge", model="opus"
|
|
449
|
+
Prompt: "Synthesize 3 security red team perspectives for [FEATURE_NAME].
|
|
450
|
+
Perspective 1 (OWASP): [result]. Perspective 2 (Business Logic): [result].
|
|
451
|
+
Perspective 3 (CVE): [result].
|
|
452
|
+
Identify confirmed vulnerabilities vs false positives. Prioritize by exploitability."
|
|
453
|
+
```
|
|
454
|
+
|
|
455
|
+
**Run all 6 core agents in parallel.** Run Agent 7 (if applicable) in parallel
|
|
456
|
+
with the core agents.
|
|
457
|
+
|
|
458
|
+
## Step 2.2: Evidence Gate Pre-Check
|
|
459
|
+
|
|
460
|
+
Evaluate the truthfulness gates before final scoring. If a gate is still
|
|
461
|
+
pending here, re-check it after Step 3 automated checks complete and before the
|
|
462
|
+
PASS/FAIL synthesis.
|
|
463
|
+
|
|
464
|
+
```
|
|
465
|
+
GATE-1 (Integration Proof — Category 5):
|
|
466
|
+
Require: runtime wiring artifact OR integration-test execution output
|
|
467
|
+
present in the current session context by final scoring time.
|
|
468
|
+
If absent during Step 2.2, record GATE-1 as pending and re-check it after
|
|
469
|
+
Step 3 automated checks complete.
|
|
470
|
+
Still absent after Step 3 → Category 5 score = 0; mark GATE_FAIL = true
|
|
471
|
+
|
|
472
|
+
GATE-2 (Test Execution — Categories 1 and 2):
|
|
473
|
+
Require: real, executed npm test output with pass/fail count already present
|
|
474
|
+
or produced by Step 3 automated checks before final scoring.
|
|
475
|
+
If absent during Step 2.2, record GATE-2 as pending and re-check it after
|
|
476
|
+
Step 3 automated checks complete.
|
|
477
|
+
Still absent after Step 3 → Categories 1 and 2 score = 0; mark GATE_FAIL = true
|
|
478
|
+
|
|
479
|
+
GATE-3 (Render/Deployment Proof — Category 3):
|
|
480
|
+
IF HAS_UI = false:
|
|
481
|
+
Record "N/A — HAS_UI=false" in evidence table.
|
|
482
|
+
Record a matching not-in-scope reason in `Absent / Reason for 0`.
|
|
483
|
+
Apply existing no-UI point redistribution.
|
|
484
|
+
IF HAS_UI = true AND DEPLOY_IN_SCOPE = false:
|
|
485
|
+
Require: local render proof (screenshot, component render assertion,
|
|
486
|
+
headless browser assertion, or local smoke-check output) present by final
|
|
487
|
+
scoring time.
|
|
488
|
+
If absent during Step 2.2, record GATE-3 as pending and re-check before
|
|
489
|
+
final PASS/FAIL synthesis.
|
|
490
|
+
Still absent → Category 3 score = 0; mark GATE_FAIL = true
|
|
491
|
+
If present, record "Render proof only — deployment target not in scope" in
|
|
492
|
+
the evidence table and do not redistribute Category 3 points.
|
|
493
|
+
IF HAS_UI = true AND DEPLOY_IN_SCOPE = true:
|
|
494
|
+
Require: screenshot, curl/HTTP transcript, deployment log, headless browser
|
|
495
|
+
assertion, or smoke-check output present by final scoring time, with at
|
|
496
|
+
least one artifact proving rendered/live behavior on the declared route or
|
|
497
|
+
deployment target.
|
|
498
|
+
If absent during Step 2.2, record GATE-3 as pending and re-check before
|
|
499
|
+
final PASS/FAIL synthesis.
|
|
500
|
+
Still absent → Category 3 score = 0; mark GATE_FAIL = true
|
|
501
|
+
|
|
502
|
+
If any GATE_FAIL = true:
|
|
503
|
+
- Any agent that would have scored the gated category is still run
|
|
504
|
+
- The category score remains 0 unless the missing evidence appears before
|
|
505
|
+
final scoring
|
|
506
|
+
```
|
|
507
|
+
|
|
508
|
+
Collect all results before proceeding.
|
|
509
|
+
|
|
510
|
+
---
|
|
511
|
+
|
|
512
|
+
# Phase B — Blast Radius Analysis
|
|
513
|
+
|
|
514
|
+
Phase B quantifies the **ripple effect** of the implementation. It assesses risk
|
|
515
|
+
to code outside the feature boundary, interface-contract stability,
|
|
516
|
+
observability preservation, dependency / submodule impact, rollback readiness,
|
|
517
|
+
and release-checklist compliance. Phase B results score **Category 11 (10
|
|
518
|
+
points)** and produce a separate `blast-radius-report.md` artifact.
|
|
519
|
+
|
|
520
|
+
Phase B runs **after** Phase A agents have returned (Step 2 complete) and
|
|
521
|
+
**before** automated checks in Step 3, because breaking-change detection informs
|
|
522
|
+
how to interpret failing tests/types.
|
|
523
|
+
|
|
524
|
+
## Step 2.5: Pre-Flight Change Surface Discovery
|
|
525
|
+
|
|
526
|
+
Before spawning Phase B agents, build a **change manifest** the agents can
|
|
527
|
+
reference. This is a cheap main-context pass, not an agent task.
|
|
528
|
+
|
|
529
|
+
1. **Modified file list** — from `tasks.md` completed tasks and git:
|
|
530
|
+
|
|
531
|
+
```bash
|
|
532
|
+
git diff --name-only $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD
|
|
533
|
+
```
|
|
534
|
+
|
|
535
|
+
2. **Submodule inventory** — detect repo submodules and workspace packages:
|
|
536
|
+
|
|
537
|
+
```bash
|
|
538
|
+
git submodule status 2>/dev/null
|
|
539
|
+
cat package.json 2>/dev/null | grep -E '"workspaces"' -A 20
|
|
540
|
+
ls -d */package.json 2>/dev/null | xargs -I {} dirname {}
|
|
541
|
+
```
|
|
542
|
+
|
|
543
|
+
Record which submodules/workspaces contain modified files. For this repo the
|
|
544
|
+
canonical submodules are `extension/`, `language-server/`, `docs/`.
|
|
545
|
+
|
|
546
|
+
3. **Public-surface detection** — identify exported symbols at risk:
|
|
547
|
+
- `index.ts` / `index.js` files in modified directories
|
|
548
|
+
- `*.d.ts` files in modified directories
|
|
549
|
+
- Entries in the `exports` / `main` / `types` fields of modified
|
|
550
|
+
`package.json` files
|
|
551
|
+
- Files under `contracts/` or `.specify/specs/{feature}/contracts/`
|
|
552
|
+
|
|
553
|
+
4. **Dependency manifest diff** — capture dependency churn:
|
|
554
|
+
|
|
555
|
+
```bash
|
|
556
|
+
git diff $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD -- package.json package-lock.json extension/package.json language-server/package.json 2>/dev/null
|
|
557
|
+
```
|
|
558
|
+
|
|
559
|
+
5. **Rollback-relevant assets** — flag anything that needs a reverse path:
|
|
560
|
+
- Files under `migrations/`, `db/migrations/`, `prisma/migrations/`
|
|
561
|
+
- Files named `*.sql`, `schema.*`
|
|
562
|
+
- Feature-flag definitions (search for `featureFlag`, `growthbook`,
|
|
563
|
+
`launchdarkly`, `flags.`)
|
|
564
|
+
- `CHANGELOG.md`, `RELEASES.md`, version fields in `package.json`
|
|
565
|
+
|
|
566
|
+
Record these into `CHANGE_MANIFEST` for the Phase B prompts.
|
|
567
|
+
|
|
568
|
+
---
|
|
569
|
+
|
|
570
|
+
## Step 2.6: Spawn 5 Blast-Radius Analysis Agents
|
|
571
|
+
|
|
572
|
+
Launch all 5 agents **in parallel** using the Task tool. Pass the
|
|
573
|
+
`CHANGE_MANIFEST` from Step 2.5 into each prompt so agents see the same ground
|
|
574
|
+
truth.
|
|
575
|
+
|
|
576
|
+
### Agent 8: Change Graph / Ripple Analyzer
|
|
577
|
+
|
|
578
|
+
```
|
|
579
|
+
Task: subagent_type="codebase-analyzer", model="sonnet"
|
|
580
|
+
Prompt: "Blast-radius change-graph analysis for feature [FEATURE_NAME].
|
|
581
|
+
|
|
582
|
+
Feature directory: {FEATURE_DIR}
|
|
583
|
+
Change manifest (modified files): {CHANGE_MANIFEST.modifiedFiles}
|
|
584
|
+
Submodules: {CHANGE_MANIFEST.submodules}
|
|
585
|
+
|
|
586
|
+
Build a change-graph table for EVERY modified symbol (function, class, type,
|
|
587
|
+
const) in the modified files:
|
|
588
|
+
1. List every direct importer/caller (file:line references).
|
|
589
|
+
2. Classify each as Direct (imports the symbol) or Transitive (imports a
|
|
590
|
+
re-export of it) or Runtime (dynamic require / reflection).
|
|
591
|
+
3. Flag any cross-submodule ripple (symbol defined in submodule A, consumed
|
|
592
|
+
in submodule B) — this is Red if unplanned.
|
|
593
|
+
4. Flag any consumer whose tests do NOT exercise the changed code path —
|
|
594
|
+
Yellow.
|
|
595
|
+
5. Count orphan changes (modified code with zero importers) — Gray.
|
|
596
|
+
|
|
597
|
+
Return findings with Red/Yellow/Gray severity and a concise ripple summary
|
|
598
|
+
(<2500 tokens). Output sections: 'Ripple Summary', 'Cross-submodule Crossings',
|
|
599
|
+
'Consumer Coverage Gaps', 'Orphans'."
|
|
600
|
+
```
|
|
601
|
+
|
|
602
|
+
### Agent 9: Interface Contract Diff
|
|
603
|
+
|
|
604
|
+
```
|
|
605
|
+
Task: subagent_type="validation-integration", model="sonnet"
|
|
606
|
+
Prompt: "Interface contract blast-radius analysis for feature [FEATURE_NAME].
|
|
607
|
+
|
|
608
|
+
Feature directory: {FEATURE_DIR}
|
|
609
|
+
Public-surface manifest: {CHANGE_MANIFEST.publicSurface}
|
|
610
|
+
Contracts directory: {FEATURE_DIR}/contracts (if present)
|
|
611
|
+
|
|
612
|
+
For every public export, package.json exports field entry, contract file,
|
|
613
|
+
and .d.ts symbol that was modified, deleted, or added:
|
|
614
|
+
1. Diff old signature vs new signature (parameters, return types, generics,
|
|
615
|
+
optional vs required, default values).
|
|
616
|
+
2. Classify each change:
|
|
617
|
+
- BREAKING: removed export, renamed export, narrowed return type, widened
|
|
618
|
+
required-param set, removed optional param callers rely on.
|
|
619
|
+
- ADDITIVE: new export, new optional param, widened return type.
|
|
620
|
+
- NEUTRAL: implementation change with identical signature.
|
|
621
|
+
3. Red = any BREAKING change without a corresponding entry in CHANGELOG.md
|
|
622
|
+
or a migration note in the spec.
|
|
623
|
+
4. Yellow = BREAKING change with CHANGELOG entry but no migration guide.
|
|
624
|
+
5. Gray = ADDITIVE changes for informational tracking.
|
|
625
|
+
|
|
626
|
+
Verify contract tests still cover all pre-existing contract clauses (no
|
|
627
|
+
silent coverage regression). Return findings (<2000 tokens) with sections:
|
|
628
|
+
'Breaking Changes', 'Additive Changes', 'Contract Coverage Regression'."
|
|
629
|
+
```
|
|
630
|
+
|
|
631
|
+
### Agent 10: Error Logging & Observability Integrity
|
|
632
|
+
|
|
633
|
+
```
|
|
634
|
+
Task: subagent_type="validation-standards", model="sonnet"
|
|
635
|
+
Prompt: "Observability blast-radius analysis for feature [FEATURE_NAME].
|
|
636
|
+
|
|
637
|
+
Feature directory: {FEATURE_DIR}
|
|
638
|
+
Modified files: {CHANGE_MANIFEST.modifiedFiles}
|
|
639
|
+
|
|
640
|
+
Assess whether observability was preserved, degraded, or improved:
|
|
641
|
+
1. For every new/modified catch block: does it log? Use the same structured
|
|
642
|
+
logger used elsewhere in the repo (detect the logger by scanning for
|
|
643
|
+
common imports: winston, pino, bunyan, console, vscode.window.showError,
|
|
644
|
+
telemetry module). Red if any catch swallows silently in production code.
|
|
645
|
+
2. For every removed log statement: is removal justified by a comment or
|
|
646
|
+
spec? Red if production-relevant logs disappeared without justification.
|
|
647
|
+
3. Log-level hygiene: no `console.log` in production code (test files
|
|
648
|
+
exempt); no debug-level logs left at info/warn level.
|
|
649
|
+
4. PII / secrets leakage in new log messages — Red if detected.
|
|
650
|
+
5. Telemetry/metrics coverage: if the feature touched hot paths that
|
|
651
|
+
previously emitted metrics, verify emission is preserved.
|
|
652
|
+
6. Correlation IDs / trace context propagation: if the repo uses them,
|
|
653
|
+
verify new code paths propagate them.
|
|
654
|
+
|
|
655
|
+
Return findings (<2000 tokens) with sections: 'Silent Failures', 'Removed
|
|
656
|
+
Logs', 'PII Risk', 'Metric Coverage Delta', 'Trace Propagation'."
|
|
657
|
+
```
|
|
658
|
+
|
|
659
|
+
### Agent 11: Dependency & Submodule Impact (with npm audit delta)
|
|
660
|
+
|
|
661
|
+
```
|
|
662
|
+
Task: subagent_type="research-dependency-evaluator", model="haiku"
|
|
663
|
+
Prompt: "Dependency and submodule blast-radius analysis for feature
|
|
664
|
+
[FEATURE_NAME].
|
|
665
|
+
|
|
666
|
+
Dependency manifest diff: {CHANGE_MANIFEST.dependencyDiff}
|
|
667
|
+
Submodules affected: {CHANGE_MANIFEST.submodules}
|
|
668
|
+
|
|
669
|
+
1. New dependencies: list each with source (npm / git / local), license, and
|
|
670
|
+
bundle-size impact (approx). Red if license is incompatible (GPL/AGPL in
|
|
671
|
+
a permissive-licensed repo), or if the package is unmaintained (>2 years
|
|
672
|
+
since last release, <1000 weekly downloads).
|
|
673
|
+
2. Version bumps: classify as major / minor / patch. Red for major bumps
|
|
674
|
+
without migration notes.
|
|
675
|
+
3. Lockfile churn: if package.json is unchanged but package-lock.json
|
|
676
|
+
changed materially (>20 lines), flag as Yellow (indirect dep drift).
|
|
677
|
+
4. npm audit delta: run `npm audit --json 2>/dev/null` on the current branch
|
|
678
|
+
and compare vulnerability counts vs baseline (main). Red if the branch
|
|
679
|
+
adds any new High or Critical CVE. Yellow for new Moderate. Gray for new
|
|
680
|
+
Low.
|
|
681
|
+
5. Submodule boundary crossings: if the feature modifies code in multiple
|
|
682
|
+
submodules (extension/, language-server/, docs/), verify each submodule
|
|
683
|
+
independently builds and tests. Red if a cross-submodule change breaks
|
|
684
|
+
any submodule's standalone build.
|
|
685
|
+
|
|
686
|
+
Return findings (<2500 tokens) with sections: 'New Dependencies', 'Version
|
|
687
|
+
Bumps', 'Lockfile Drift', 'CVE Delta', 'Submodule Boundary Crossings'."
|
|
688
|
+
```
|
|
689
|
+
|
|
690
|
+
### Agent 12: Rollback Readiness & Release Checklist
|
|
691
|
+
|
|
692
|
+
```
|
|
693
|
+
Task: subagent_type="tasks-rollback-planner", model="haiku"
|
|
694
|
+
Prompt: "Rollback readiness + release-checklist review for feature
|
|
695
|
+
[FEATURE_NAME].
|
|
696
|
+
|
|
697
|
+
Feature directory: {FEATURE_DIR}
|
|
698
|
+
Rollback assets: {CHANGE_MANIFEST.rollbackAssets}
|
|
699
|
+
|
|
700
|
+
Assess reversibility and release readiness:
|
|
701
|
+
1. DB migrations: is every forward migration paired with a down/reverse
|
|
702
|
+
migration? Red if any irreversible migration lacks explicit justification
|
|
703
|
+
in the spec or plan.
|
|
704
|
+
2. Feature flags: if the feature is risky, is it gated behind a flag? Is the
|
|
705
|
+
flag default-off? Is the pre-flag code path preserved so disabling the
|
|
706
|
+
flag restores prior behavior? Red if a risky change is unflagged and
|
|
707
|
+
irreversible.
|
|
708
|
+
3. Data-shape changes: detect schema changes that cannot be rolled back
|
|
709
|
+
without data loss (column drops, type narrowings). Red if no backfill or
|
|
710
|
+
dual-write strategy.
|
|
711
|
+
4. Release checklist for user-visible changes:
|
|
712
|
+
- CHANGELOG.md updated for this feature — Red if missing and feature is
|
|
713
|
+
user-visible.
|
|
714
|
+
- Version bump planned (semver correct for breaking/additive/patch) — Red
|
|
715
|
+
if breaking change present without major bump plan.
|
|
716
|
+
- Migration guide present for breaking changes — Red if missing.
|
|
717
|
+
- Documentation updated (docs/ or README.md) for new user-facing
|
|
718
|
+
capabilities — Yellow if missing.
|
|
719
|
+
5. Rollback runbook: is there a documented 'how to revert' path? Yellow if
|
|
720
|
+
absent for non-trivial changes.
|
|
721
|
+
|
|
722
|
+
Return findings (<2000 tokens) with sections: 'Migration Reversibility',
|
|
723
|
+
'Feature Flag Coverage', 'Data-Shape Rollback Risk', 'Release Checklist',
|
|
724
|
+
'Rollback Runbook'."
|
|
725
|
+
```
|
|
726
|
+
|
|
727
|
+
**Run all 5 Phase B agents in parallel.** Collect results before synthesis.
|
|
728
|
+
|
|
729
|
+
---
|
|
730
|
+
|
|
731
|
+
## Step 2.7: Blast Radius Synthesis
|
|
732
|
+
|
|
733
|
+
Aggregate Phase B agent findings into a single blast-radius verdict.
|
|
734
|
+
|
|
735
|
+
### Consolidated Finding Table
|
|
736
|
+
|
|
737
|
+
```
|
|
738
|
+
| # | Dimension | Finding | Severity | Agent | File | Line |
|
|
739
|
+
|---|-----------|---------|----------|-------|------|------|
|
|
740
|
+
| 1 | Change graph | [desc] | Red | codebase-analyzer | [file] | [line] |
|
|
741
|
+
| 2 | Interface contract | [desc] | Red | validation-integration | [file] | [line] |
|
|
742
|
+
| 3 | Observability | [desc] | Yellow | validation-standards | [file] | [line] |
|
|
743
|
+
| 4 | Dependency | [desc] | Yellow | research-dependency-evaluator | [file] | [line] |
|
|
744
|
+
| 5 | Rollback | [desc] | Red | tasks-rollback-planner | [file] | [line] |
|
|
745
|
+
```
|
|
746
|
+
|
|
747
|
+
### Severity Rollup
|
|
748
|
+
|
|
749
|
+
```
|
|
750
|
+
BLAST_RADIUS_RED = count of Red findings across all 5 agents
|
|
751
|
+
BLAST_RADIUS_YELLOW = count of Yellow findings
|
|
752
|
+
BLAST_RADIUS_GRAY = count of Gray findings
|
|
753
|
+
```
|
|
754
|
+
|
|
755
|
+
### Write `blast-radius-report.md`
|
|
756
|
+
|
|
757
|
+
Write to `{FEATURE_DIR}/blast-radius-report.md`:
|
|
758
|
+
|
|
759
|
+
```markdown
|
|
760
|
+
---
|
|
761
|
+
feature: [Feature Name]
|
|
762
|
+
generated: [ISO timestamp]
|
|
763
|
+
reviewer: Claude
|
|
764
|
+
GeneratedAt: [ISO timestamp]
|
|
765
|
+
SourceCommandId: /6_gofer_validate
|
|
766
|
+
SourceInputs: [spec.md, plan.md, tasks.md, research.md, blast-radius inputs]
|
|
767
|
+
OverwriteNoticeWhenApplicable: [new file or overwrite note]
|
|
768
|
+
dimensions_checked:
|
|
769
|
+
[
|
|
770
|
+
change_graph,
|
|
771
|
+
interface_contract,
|
|
772
|
+
observability,
|
|
773
|
+
dependency_submodule,
|
|
774
|
+
rollback_release,
|
|
775
|
+
]
|
|
776
|
+
red_count: [N]
|
|
777
|
+
yellow_count: [N]
|
|
778
|
+
gray_count: [N]
|
|
779
|
+
verdict: [CONTAINED | BREACHED]
|
|
780
|
+
---
|
|
781
|
+
|
|
782
|
+
# Blast Radius Report: [Feature Name]
|
|
783
|
+
|
|
784
|
+
## Changed Surfaces
|
|
785
|
+
|
|
786
|
+
- Modified files: [N]
|
|
787
|
+
- Submodules touched: [list]
|
|
788
|
+
- Public-surface symbols affected: [N]
|
|
789
|
+
- New dependencies: [N]
|
|
790
|
+
- Version bumps: [list]
|
|
791
|
+
- Migration files: [list]
|
|
792
|
+
- Feature flags introduced/modified: [list]
|
|
793
|
+
|
|
794
|
+
## Risk Vectors
|
|
795
|
+
|
|
796
|
+
### 1. Change Graph / Ripple (Agent: codebase-analyzer)
|
|
797
|
+
|
|
798
|
+
- Cross-submodule crossings: [list or "none"]
|
|
799
|
+
- Consumer coverage gaps: [N]
|
|
800
|
+
- Orphan changes: [N]
|
|
801
|
+
- Red findings: [table]
|
|
802
|
+
|
|
803
|
+
### 2. Interface Contracts (Agent: validation-integration)
|
|
804
|
+
|
|
805
|
+
- Breaking changes: [N] ([list])
|
|
806
|
+
- Additive changes: [N]
|
|
807
|
+
- Contract coverage regressions: [list]
|
|
808
|
+
- Red findings: [table]
|
|
809
|
+
|
|
810
|
+
### 3. Error Logging & Observability (Agent: validation-standards)
|
|
811
|
+
|
|
812
|
+
- Silent failures introduced: [N]
|
|
813
|
+
- Logs removed without justification: [N]
|
|
814
|
+
- PII/secret leakage risk: [list]
|
|
815
|
+
- Metric/trace coverage delta: [summary]
|
|
816
|
+
- Red findings: [table]
|
|
817
|
+
|
|
818
|
+
### 4. Dependencies & Submodules (Agent: research-dependency-evaluator)
|
|
819
|
+
|
|
820
|
+
- New dependencies: [table with license/size/maintenance]
|
|
821
|
+
- Version bumps: [list]
|
|
822
|
+
- Lockfile drift: [summary]
|
|
823
|
+
- CVE delta: Critical +[N], High +[N], Moderate +[N], Low +[N]
|
|
824
|
+
- Submodule boundary crossings: [list]
|
|
825
|
+
- Red findings: [table]
|
|
826
|
+
|
|
827
|
+
### 5. Rollback Readiness & Release Checklist (Agent: tasks-rollback-planner)
|
|
828
|
+
|
|
829
|
+
- Migration reversibility: [OK / BREACHED]
|
|
830
|
+
- Feature flag coverage: [OK / BREACHED / N/A]
|
|
831
|
+
- Data-shape rollback risk: [OK / BREACHED]
|
|
832
|
+
- Release checklist:
|
|
833
|
+
- CHANGELOG updated: [Yes / No / N/A]
|
|
834
|
+
- Version bump planned: [patch / minor / major / N/A]
|
|
835
|
+
- Migration guide: [Yes / No / N/A]
|
|
836
|
+
- Docs updated: [Yes / No / N/A]
|
|
837
|
+
- Rollback runbook: [Present / Absent / N/A]
|
|
838
|
+
- Red findings: [table]
|
|
839
|
+
|
|
840
|
+
## Containment Summary
|
|
841
|
+
|
|
842
|
+
- **CONTAINED** if `BLAST_RADIUS_RED == 0` — Category 11 scores full 10 pts.
|
|
843
|
+
- **BREACHED** if `BLAST_RADIUS_RED > 0` — Category 11 scores 0.
|
|
844
|
+
|
|
845
|
+
Yellow findings do NOT fail Category 11 but are reported to the engineering
|
|
846
|
+
review loop (Phase C) for mandatory attention.
|
|
847
|
+
```
|
|
848
|
+
|
|
849
|
+
Proceed to Step 3 (automated checks) with blast-radius results attached to the
|
|
850
|
+
context.
|
|
851
|
+
|
|
852
|
+
---
|
|
853
|
+
|
|
854
|
+
# End of Phase B
|
|
855
|
+
|
|
856
|
+
---
|
|
857
|
+
|
|
858
|
+
## Step 3: Run Automated Checks
|
|
859
|
+
|
|
860
|
+
Execute verification commands and capture results:
|
|
861
|
+
|
|
862
|
+
### Build Check
|
|
863
|
+
|
|
864
|
+
```bash
|
|
865
|
+
npm run build # or appropriate build command
|
|
866
|
+
```
|
|
867
|
+
|
|
868
|
+
### Test Check
|
|
869
|
+
|
|
870
|
+
```bash
|
|
871
|
+
npm test # or appropriate test command
|
|
872
|
+
```
|
|
873
|
+
|
|
874
|
+
### Lint Check
|
|
875
|
+
|
|
876
|
+
```bash
|
|
877
|
+
npm run lint # or appropriate lint command
|
|
878
|
+
```
|
|
879
|
+
|
|
880
|
+
### Type Check (if TypeScript)
|
|
881
|
+
|
|
882
|
+
```bash
|
|
883
|
+
npm run typecheck # or tsc --noEmit
|
|
884
|
+
```
|
|
885
|
+
|
|
886
|
+
Record results:
|
|
887
|
+
|
|
888
|
+
```
|
|
889
|
+
| Check | Command | Result |
|
|
890
|
+
|-----------|------------------|---------------|
|
|
891
|
+
| Build | npm run build | PASS / FAIL |
|
|
892
|
+
| Tests | npm test | PASS / FAIL |
|
|
893
|
+
| Lint | npm run lint | PASS / FAIL |
|
|
894
|
+
| TypeCheck | tsc --noEmit | PASS / FAIL |
|
|
895
|
+
```
|
|
896
|
+
|
|
897
|
+
**If Build or Tests FAIL**: Mark Functional Correctness as 0 immediately.
|
|
898
|
+
|
|
899
|
+
---
|
|
900
|
+
|
|
901
|
+
## Step 4: Mutation Testing Gate
|
|
902
|
+
|
|
903
|
+
Check if mutation testing tools are available:
|
|
904
|
+
|
|
905
|
+
```bash
|
|
906
|
+
npx stryker --version 2>/dev/null
|
|
907
|
+
```
|
|
908
|
+
|
|
909
|
+
### If Stryker is available:
|
|
910
|
+
|
|
911
|
+
1. Run mutation testing:
|
|
912
|
+
```bash
|
|
913
|
+
npx stryker run --reporters clear-text 2>&1 | tail -50
|
|
914
|
+
```
|
|
915
|
+
2. Parse mutation score from output
|
|
916
|
+
3. Record: `MUTATION_SCORE = [N]%`
|
|
917
|
+
4. If score < 60%: contributes to Test Authenticity scoring 0
|
|
918
|
+
|
|
919
|
+
### If Stryker is NOT available:
|
|
920
|
+
|
|
921
|
+
1. Record: `MUTATION_SCORE = "unavailable"`
|
|
922
|
+
2. Log recommendation: "Install @stryker-mutator/core for mutation testing"
|
|
923
|
+
3. Test Authenticity is scored based on other criteria only (placeholders,
|
|
924
|
+
skips, mock ratio)
|
|
925
|
+
4. Do NOT block on mutation score when Stryker is absent
|
|
926
|
+
|
|
927
|
+
---
|
|
928
|
+
|
|
929
|
+
## Step 5: Mock Ratio Analysis
|
|
930
|
+
|
|
931
|
+
Count mocking patterns vs real assertions across feature test files:
|
|
932
|
+
|
|
933
|
+
### Count Mock Calls
|
|
934
|
+
|
|
935
|
+
Use Grep to count in test files related to the feature:
|
|
936
|
+
|
|
937
|
+
- `vi.mock(` — module-level mocks
|
|
938
|
+
- `vi.fn(` — individual function mocks
|
|
939
|
+
- `jest.mock(` — Jest module mocks
|
|
940
|
+
- `jest.fn(` — Jest function mocks
|
|
941
|
+
- `.mockReturnValue(` — mock configurations
|
|
942
|
+
- `.mockResolvedValue(` — async mock configurations
|
|
943
|
+
|
|
944
|
+
### Count Real Assertions
|
|
945
|
+
|
|
946
|
+
Use Grep to count:
|
|
947
|
+
|
|
948
|
+
- `expect(` followed by `.toBe(`, `.toEqual(`, `.toContain(`, `.toThrow(`,
|
|
949
|
+
`.toMatch(`, `.toBeGreaterThan(`, `.toBeLessThan(`, `.toBeDefined(`,
|
|
950
|
+
`.toBeNull(`, `.toHaveLength(`, `.toHaveProperty(`
|
|
951
|
+
|
|
952
|
+
### Exclude Justified Mocks
|
|
953
|
+
|
|
954
|
+
Lines containing `// mock-justified:` are excluded from the mock count. This
|
|
955
|
+
allows VSCode API mocks and other unavoidable mocks to be documented and exempt.
|
|
956
|
+
|
|
957
|
+
### Calculate Ratio
|
|
958
|
+
|
|
959
|
+
```
|
|
960
|
+
MOCK_RATIO = mock_calls / (mock_calls + real_assertions)
|
|
961
|
+
```
|
|
962
|
+
|
|
963
|
+
### Evaluate
|
|
964
|
+
|
|
965
|
+
- If `MOCK_RATIO > 0.30` (30%): contributes to Test Authenticity scoring 0
|
|
966
|
+
- Report per-file ratios for the worst offenders
|
|
967
|
+
|
|
968
|
+
---
|
|
969
|
+
|
|
970
|
+
## Step 6: Semantic Slop Detection
|
|
971
|
+
|
|
972
|
+
### Automated Pattern Detection (Grep-based)
|
|
973
|
+
|
|
974
|
+
Run these checks on new/modified source files (not test files):
|
|
975
|
+
|
|
976
|
+
#### Red Severity (Blocks)
|
|
977
|
+
|
|
978
|
+
```
|
|
979
|
+
Pattern: expect(true).toBe(true)
|
|
980
|
+
Also: expect(1).toBe(1), expect('a').toBe('a')
|
|
981
|
+
Method: Grep for tautological assertions in test files
|
|
982
|
+
```
|
|
983
|
+
|
|
984
|
+
```
|
|
985
|
+
Pattern: test.skip / it.skip / describe.skip / xit / xdescribe
|
|
986
|
+
Method: Grep for skip patterns in feature-related test files
|
|
987
|
+
```
|
|
988
|
+
|
|
989
|
+
#### Yellow Severity (Must Address)
|
|
990
|
+
|
|
991
|
+
```
|
|
992
|
+
Pattern: TODO / FIXME / XXX / HACK in source code (not test helpers)
|
|
993
|
+
Method: Grep in new/modified .ts/.js/.py files
|
|
994
|
+
```
|
|
995
|
+
|
|
996
|
+
```
|
|
997
|
+
Pattern: Empty catch blocks — catch (e) {} or catch { }
|
|
998
|
+
Method: Grep for catch blocks with empty or whitespace-only bodies
|
|
999
|
+
```
|
|
1000
|
+
|
|
1001
|
+
#### Gray Severity (Informational)
|
|
1002
|
+
|
|
1003
|
+
Gray-level findings are reported by the specialist agents (Standards and Test
|
|
1004
|
+
Quality). They include:
|
|
1005
|
+
|
|
1006
|
+
- Redundant comments restating code (agent: validation-standards)
|
|
1007
|
+
- Over-engineered abstractions for one-time use (agent: validation-standards)
|
|
1008
|
+
- Magic numbers without named constants (agent: validation-standards)
|
|
1009
|
+
- Mock-only tests that verify wiring not behavior (agent:
|
|
1010
|
+
validation-test-quality)
|
|
1011
|
+
|
|
1012
|
+
### Consolidate Slop Findings
|
|
1013
|
+
|
|
1014
|
+
Combine automated Grep results with agent findings:
|
|
1015
|
+
|
|
1016
|
+
```
|
|
1017
|
+
| # | Pattern | Severity | Source | Description | File | Line |
|
|
1018
|
+
|---|---------|----------|--------|-------------|------|------|
|
|
1019
|
+
| 1 | Placeholder test | Red | Grep | expect(true).toBe(true) | test.ts | 45 |
|
|
1020
|
+
| 2 | Skipped test | Red | Grep | it.skip('should...') | spec.ts | 12 |
|
|
1021
|
+
| 3 | TODO placeholder | Yellow | Grep | // TODO: implement | service.ts | 89 |
|
|
1022
|
+
| 4 | Redundant comment | Yellow | Agent | "// create user" above createUser() | user.ts | 23 |
|
|
1023
|
+
```
|
|
1024
|
+
|
|
1025
|
+
---
|
|
1026
|
+
|
|
1027
|
+
## Step 7: Score the 10-Category Rubric
|
|
1028
|
+
|
|
1029
|
+
Using agent reports, automated checks, and analysis from Steps 3-6, score each
|
|
1030
|
+
category:
|
|
1031
|
+
|
|
1032
|
+
### Scoring Logic
|
|
1033
|
+
|
|
1034
|
+
**Category 1: Functional Correctness** ({15 or 20 if no UI} pts)
|
|
1035
|
+
|
|
1036
|
+
- Input: validation-correctness agent report + `GATE-2` + automated test results
|
|
1037
|
+
- Score 0 if: `GATE-2` fails, OR any Red finding from correctness agent, OR
|
|
1038
|
+
build/tests fail, OR tests fail to import
|
|
1039
|
+
- Score full if: All acceptance criteria verified with real tests
|
|
1040
|
+
|
|
1041
|
+
**Category 2: Test Authenticity** ({15 or 20 if no UI} pts)
|
|
1042
|
+
|
|
1043
|
+
- Input: validation-test-quality agent report + `GATE-2` + mutation score +
|
|
1044
|
+
mock ratio
|
|
1045
|
+
- Score 0 if: Any placeholder assertion found, OR any test.skip found, OR mock
|
|
1046
|
+
ratio > 30%, OR mutation score < 60% (when Stryker available), OR
|
|
1047
|
+
`GATE-2` fails
|
|
1048
|
+
- Score full if: Zero placeholders, zero skips, mock ratio <= 30%
|
|
1049
|
+
|
|
1050
|
+
**Category 3: UI/E2E Verification** (10 pts, or 0 if redistributed)
|
|
1051
|
+
|
|
1052
|
+
- If `HAS_UI = false`: Record `N/A — HAS_UI=false` plus an explicit not-in-scope
|
|
1053
|
+
reason in the evidence table and apply the existing no-UI redistribution.
|
|
1054
|
+
- If `HAS_UI = true` and `DEPLOY_IN_SCOPE = false`: Check `GATE-3` for local
|
|
1055
|
+
render proof and record `Render proof only — deployment target not in scope`
|
|
1056
|
+
when that proof exists. Score 0 if `GATE-3` fails or no local render proof
|
|
1057
|
+
exists. Do not redistribute Category 3 points.
|
|
1058
|
+
- If `HAS_UI = true` and `DEPLOY_IN_SCOPE = true`: Check `GATE-3` for
|
|
1059
|
+
screenshot, curl/HTTP transcript, deployment log, headless browser
|
|
1060
|
+
assertion, or smoke-check output with proof of rendered/live behavior on the
|
|
1061
|
+
declared route or target. Score 0 if `GATE-3` fails or no real render/deploy
|
|
1062
|
+
proof exists.
|
|
1063
|
+
|
|
1064
|
+
**Category 4: Security Posture** (10 pts)
|
|
1065
|
+
|
|
1066
|
+
- Input: validation-security agent report
|
|
1067
|
+
- Score 0 if: Any Red finding from security agent
|
|
1068
|
+
- Score full if: No Red or Yellow findings
|
|
1069
|
+
|
|
1070
|
+
**Category 5: Integration Reality** (10 pts)
|
|
1071
|
+
|
|
1072
|
+
- Input: validation-integration agent report + `GATE-1`
|
|
1073
|
+
- Score 0 if: `GATE-1` fails, OR any contract violation, OR critical boundary
|
|
1074
|
+
with zero tests
|
|
1075
|
+
- Score full if: All contracts satisfied, integration tests use real deps
|
|
1076
|
+
|
|
1077
|
+
**Category 6: Error Path Coverage** (10 pts)
|
|
1078
|
+
|
|
1079
|
+
- Input: validation-correctness agent (error paths) + validation-standards agent
|
|
1080
|
+
(empty catch blocks)
|
|
1081
|
+
- Score 0 if: Empty catch blocks found, OR public functions lack error path
|
|
1082
|
+
tests
|
|
1083
|
+
- Score full if: Error paths tested, catch blocks handle errors properly
|
|
1084
|
+
|
|
1085
|
+
**Category 7: Architecture Compliance** (10 pts)
|
|
1086
|
+
|
|
1087
|
+
- Input: validation-standards agent report (architecture section)
|
|
1088
|
+
- Score 0 if: File structure deviates from plan.md without justification, OR
|
|
1089
|
+
required diagrams/pictures are stale, unreadable, unrendered without fallback,
|
|
1090
|
+
disconnected from the requirements/code/EAI Platform evidence they explain, OR
|
|
1091
|
+
human-facing artifacts lack a plain-language executive summary
|
|
1092
|
+
- Score full if: All files in expected locations, patterns followed
|
|
1093
|
+
|
|
1094
|
+
**Visual And Document Comprehension Gate** (part of Category 7, no extra points):
|
|
1095
|
+
|
|
1096
|
+
Use this gate whenever the feature has architecture, process, security,
|
|
1097
|
+
workflow, data, UI, or EAI Platform behavior that a human reviewer or future AI
|
|
1098
|
+
loop must understand. This is benchmarked against C4-style abstraction levels,
|
|
1099
|
+
diagram-as-code/source-controlled visuals, 8090-style requirement/blueprint
|
|
1100
|
+
alignment, Marp-style narrative decks, and UI proof practices such as screenshot
|
|
1101
|
+
or visual-test evidence.
|
|
1102
|
+
|
|
1103
|
+
- Executive summaries: every human-facing document starts with three to five
|
|
1104
|
+
plain-language bullets that cover the decision, value, risk, evidence, and next
|
|
1105
|
+
ask. Technical detail comes after the summary.
|
|
1106
|
+
- Purpose clarity: every visual states the question it answers, audience,
|
|
1107
|
+
source inputs, and how to read it in plain language.
|
|
1108
|
+
- Simplicity: each diagram focuses on one decision or flow, keeps primary
|
|
1109
|
+
nodes/steps to about seven or fewer where practical, and splits crowded
|
|
1110
|
+
diagrams instead of making a spaghetti map.
|
|
1111
|
+
- Correct visual type: use context/container C4 views for system boundaries,
|
|
1112
|
+
sequence/state diagrams for flows, ERD for data, value stream for process,
|
|
1113
|
+
heatmaps for capability/risk priority, and screenshot/storyboard evidence for
|
|
1114
|
+
UI behavior.
|
|
1115
|
+
- Renderability: Mermaid/D2/Structurizr-style source must render locally or
|
|
1116
|
+
provide a markdown-table/text fallback; Marp decks must be valid Markdown with
|
|
1117
|
+
slide frontmatter; UI visuals need screenshot, Storybook/component,
|
|
1118
|
+
Playwright, or equivalent render proof.
|
|
1119
|
+
- Traceability: each visual links to the requirement, plan, contract, code/test,
|
|
1120
|
+
EAI service/template asset, or validation evidence it summarizes.
|
|
1121
|
+
- Freshness: validation must check whether visuals changed or were reapproved
|
|
1122
|
+
after spec, plan, code, tenant/auth, or validation changes; stale visuals fail
|
|
1123
|
+
Category 7 even when the code passes.
|
|
1124
|
+
- Public safety: visuals must not expose tenant-private data, secrets, customer
|
|
1125
|
+
identifiers, internal-only architecture names, or screenshots containing
|
|
1126
|
+
private content.
|
|
1127
|
+
|
|
1128
|
+
**Category 8: Performance Baseline** (5 pts)
|
|
1129
|
+
|
|
1130
|
+
- Input: validation-performance agent report
|
|
1131
|
+
- Score 0 if: Sync I/O in async paths, OR complexity > 12, OR unbounded loops
|
|
1132
|
+
- Score full if: No blocking performance findings
|
|
1133
|
+
|
|
1134
|
+
**Category 9: Code Hygiene** (10 pts)
|
|
1135
|
+
|
|
1136
|
+
- Input: validation-standards agent report (hygiene section) + slop detection
|
|
1137
|
+
- Score 0 if: TODO placeholders in production code, OR > 5 redundant comments,
|
|
1138
|
+
OR silent error swallowing found
|
|
1139
|
+
- Score full if: Clean code, no slop findings above Gray
|
|
1140
|
+
|
|
1141
|
+
**Category 10: Specification Traceability** (5 pts)
|
|
1142
|
+
|
|
1143
|
+
- Input: validation-correctness agent (criteria mapping)
|
|
1144
|
+
- Score 0 if: User stories cannot be traced to tests and code
|
|
1145
|
+
- Score full if: Every US has tests, every test maps to implementing code
|
|
1146
|
+
|
|
1147
|
+
**Category 11: Blast Radius Containment** (10 pts) — NEW
|
|
1148
|
+
|
|
1149
|
+
- Input: Phase B blast-radius-report.md (Agents 8-12)
|
|
1150
|
+
- Score 0 if **any** of:
|
|
1151
|
+
- `BLAST_RADIUS_RED > 0` (verdict BREACHED in blast-radius-report.md), OR
|
|
1152
|
+
- Interface Contract Diff found a BREAKING change without CHANGELOG entry, OR
|
|
1153
|
+
- Observability agent found a silent failure in production code, OR
|
|
1154
|
+
- Dependency agent reports a new High or Critical CVE, OR
|
|
1155
|
+
- Rollback agent reports an irreversible migration without justification, OR
|
|
1156
|
+
- Cross-submodule ripple detected that was not planned in plan.md
|
|
1157
|
+
- Score full (10) if: `BLAST_RADIUS_RED == 0` — verdict CONTAINED in
|
|
1158
|
+
blast-radius-report.md. Yellow/Gray findings do not block the category but are
|
|
1159
|
+
forwarded to Phase C for attention.
|
|
1160
|
+
|
|
1161
|
+
### Calculate Total Score
|
|
1162
|
+
|
|
1163
|
+
```
|
|
1164
|
+
TOTAL = Cat1 + Cat2 + Cat3 + ... + Cat10 + Cat11
|
|
1165
|
+
```
|
|
1166
|
+
|
|
1167
|
+
Must equal **110** to PASS (no-UI features: Cat3 redistributes +5 to Cat1 and +5
|
|
1168
|
+
to Cat2; total is still 110).
|
|
1169
|
+
|
|
1170
|
+
---
|
|
1171
|
+
|
|
1172
|
+
## Step 7.4: Two-Pass Canvas Refresh (Impact Canvas)
|
|
1173
|
+
|
|
1174
|
+
After the validation council completes, refresh the Impact Canvas with
|
|
1175
|
+
validation findings. This is a SURGICAL update: only the `topThreeRisks` slot of
|
|
1176
|
+
`impact-canvas.md` is replaced; all other canvas content (header, problem
|
|
1177
|
+
statement, personas, AI-leverage pie, outcomes) is preserved byte-for-byte. The
|
|
1178
|
+
frontmatter `pass:` marker is bumped from 1 to 2 so downstream consumers can
|
|
1179
|
+
tell which pass produced the artefact.
|
|
1180
|
+
|
|
1181
|
+
```
|
|
1182
|
+
Task: subagent_type="visual-canvas-writer", model="haiku"
|
|
1183
|
+
Prompt: "Pass-2 refresh for {FEATURE_DIR}/visuals/impact-canvas.md.
|
|
1184
|
+
Read validation council output from {FEATURE_DIR}/validation.md.
|
|
1185
|
+
Replace ONLY the topThreeRisks section with the council's top three risks.
|
|
1186
|
+
Preserve all other content byte-for-byte.
|
|
1187
|
+
|
|
1188
|
+
Use the runPass2() helper at .specify/scripts/node/lib/visual-pass-pipeline.mjs
|
|
1189
|
+
which implements the surgical replacement (regex-bounded swap of the
|
|
1190
|
+
'## Top Three Risks' section + frontmatter pass: 1 -> 2 bump).
|
|
1191
|
+
|
|
1192
|
+
Return: absolute path of file written and the three risk strings used."
|
|
1193
|
+
```
|
|
1194
|
+
|
|
1195
|
+
The `runPass2()` function in
|
|
1196
|
+
`.specify/scripts/node/lib/visual-pass-pipeline.mjs` already implements the
|
|
1197
|
+
surgical replacement; the writer agent only needs to provide the three
|
|
1198
|
+
council-validated risk strings. This satisfies FR-016 (two-pass canvas refresh)
|
|
1199
|
+
and the locked decision recorded in `plan.md:912-919`.
|
|
1200
|
+
|
|
1201
|
+
---
|
|
1202
|
+
|
|
1203
|
+
## Step 7.5: Refresh Risk Heatmap (Persona Pack — US4)
|
|
1204
|
+
|
|
1205
|
+
After the rubric is scored and validation council findings are available,
|
|
1206
|
+
dispatch `visual-risk-writer` in **pass-2 mode** to refresh the risk heatmap
|
|
1207
|
+
with critical risks identified by the council. This replaces the heuristic
|
|
1208
|
+
top-quadrant entries that pass-1 (run from this same stage before validation)
|
|
1209
|
+
populated from the spec NFR / Out-of-Scope sections.
|
|
1210
|
+
|
|
1211
|
+
```
|
|
1212
|
+
Task: subagent_type="visual-risk-writer", model="haiku"
|
|
1213
|
+
Prompt: "Pass 2: refresh risk heatmap for feature [FEATURE_NAME].
|
|
1214
|
+
|
|
1215
|
+
Feature directory: {FEATURE_DIR}
|
|
1216
|
+
Spec: {FEATURE_DIR}/spec.md
|
|
1217
|
+
Validation council findings: {FEATURE_DIR}/validation-report.md (in-progress)
|
|
1218
|
+
Existing heatmap (pass-1): {FEATURE_DIR}/visuals/risk-heatmap.md
|
|
1219
|
+
Template: .specify/templates/visuals/risk-heatmap-template.md
|
|
1220
|
+
|
|
1221
|
+
Replace top-quadrant risks with the validation council's critical findings.
|
|
1222
|
+
Preserve pass-1 risks that did not surface in validation.
|
|
1223
|
+
Honour ≥30 ≤200 word plain-language preamble (NFR-010).
|
|
1224
|
+
|
|
1225
|
+
Return: absolute path of file written and risk counts per quadrant."
|
|
1226
|
+
```
|
|
1227
|
+
|
|
1228
|
+
The validation report (Step 8) MUST link to the refreshed risk heatmap under its
|
|
1229
|
+
`## Risk Posture` section. If the Mermaid renderer fails for a downstream
|
|
1230
|
+
consumer, the `mermaid-tabular-fallback.mjs` helper provides a markdown-table
|
|
1231
|
+
fallback for the `quadrantChart` block.
|
|
1232
|
+
|
|
1233
|
+
---
|
|
1234
|
+
|
|
1235
|
+
## Step 8: Generate Validation Report
|
|
1236
|
+
|
|
1237
|
+
Write to `{FEATURE_DIR}/validation-report.md`:
|
|
1238
|
+
|
|
1239
|
+
```markdown
|
|
1240
|
+
---
|
|
1241
|
+
feature: [Feature Name]
|
|
1242
|
+
validated: [ISO timestamp]
|
|
1243
|
+
validator: Claude
|
|
1244
|
+
status: [PASS/FAIL]
|
|
1245
|
+
score: [N]
|
|
1246
|
+
score_max: 110
|
|
1247
|
+
iteration: [N]
|
|
1248
|
+
has_ui: [true/false]
|
|
1249
|
+
deploy_in_scope: [true/false]
|
|
1250
|
+
objective_gate_status: [PASS/FAIL]
|
|
1251
|
+
goal_rebaseline_report: goal-rebaseline-report.md
|
|
1252
|
+
loop_audit_report: loop-audit-report.md
|
|
1253
|
+
blast_radius_verdict: [CONTAINED | BREACHED]
|
|
1254
|
+
blast_radius_report: blast-radius-report.md
|
|
1255
|
+
GeneratedAt: [ISO timestamp]
|
|
1256
|
+
SourceCommandId: /6_gofer_validate
|
|
1257
|
+
SourceInputs: [spec.md, plan.md, tasks.md, research.md, automated checks, agent findings]
|
|
1258
|
+
OverwriteNoticeWhenApplicable: [new file or overwrite note]
|
|
1259
|
+
---
|
|
1260
|
+
|
|
1261
|
+
# Validation Report: [Feature Name]
|
|
1262
|
+
|
|
1263
|
+
## Objective Outcome Gate
|
|
1264
|
+
|
|
1265
|
+
- Goal ledger: `goal-ledger.json`
|
|
1266
|
+
- Rebaseline report: `goal-rebaseline-report.md`
|
|
1267
|
+
- Loop contract: `loop-contract.json`
|
|
1268
|
+
- Loop ledger: `loop-ledger.jsonl`
|
|
1269
|
+
- Loop audit report: `loop-audit-report.md`
|
|
1270
|
+
- Outcome gate status: [PASS/FAIL]
|
|
1271
|
+
- Recommended reopen stage: [none | 2_specify | 3_plan | 4_tasks | 6_validate]
|
|
1272
|
+
- Summary: [why objectives remain aligned or why the loop must reopen]
|
|
1273
|
+
|
|
1274
|
+
## Rubric Score
|
|
1275
|
+
|
|
1276
|
+
| # | Category | Points | Score | Status | Evidence |
|
|
1277
|
+
| --- | -------------------------- | ------- | ---------- | --------------- | --------- |
|
|
1278
|
+
| 1 | Functional Correctness | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
|
|
1279
|
+
| 2 | Test Authenticity | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
|
|
1280
|
+
| 3 | UI/E2E Verification | [10/0] | [0/10/N/A] | PASS/FAIL/SKIP | [summary] |
|
|
1281
|
+
| 4 | Security Posture | 10 | [0/10] | PASS/FAIL | [summary] |
|
|
1282
|
+
| 5 | Integration Reality | 10 | [0/10] | PASS/FAIL | [summary] |
|
|
1283
|
+
| 6 | Error Path Coverage | 10 | [0/10] | PASS/FAIL | [summary] |
|
|
1284
|
+
| 7 | Architecture Compliance | 10 | [0/10] | PASS/FAIL | [summary] |
|
|
1285
|
+
| 8 | Performance Baseline | 5 | [0/5] | PASS/FAIL | [summary] |
|
|
1286
|
+
| 9 | Code Hygiene | 10 | [0/10] | PASS/FAIL | [summary] |
|
|
1287
|
+
| 10 | Specification Traceability | 5 | [0/5] | PASS/FAIL | [summary] |
|
|
1288
|
+
| 11 | Blast Radius Containment | 10 | [0/10] | PASS/FAIL | [summary] |
|
|
1289
|
+
| | **TOTAL** | **110** | **[N]** | **[PASS/FAIL]** | |
|
|
1290
|
+
|
|
1291
|
+
## Automated Check Results
|
|
1292
|
+
|
|
1293
|
+
| Check | Command | Result |
|
|
1294
|
+
| --------- | ------------- | ------------------- |
|
|
1295
|
+
| Build | npm run build | [PASS/FAIL] |
|
|
1296
|
+
| Tests | npm test | [PASS/FAIL] |
|
|
1297
|
+
| Lint | npm run lint | [PASS/FAIL + count] |
|
|
1298
|
+
| TypeCheck | tsc --noEmit | [PASS/FAIL] |
|
|
1299
|
+
|
|
1300
|
+
## Closed-Loop Traceability
|
|
1301
|
+
|
|
1302
|
+
| Requirement ID | Goal ID | Code Evidence | Test Evidence | Status |
|
|
1303
|
+
| -------------- | ------- | ------------- | ------------- | ------ |
|
|
1304
|
+
| [FR-001] | [G1] | [path] | [path] | [PASS/FAIL] |
|
|
1305
|
+
|
|
1306
|
+
## Mutation Testing
|
|
1307
|
+
|
|
1308
|
+
- **Stryker available**: [Yes/No]
|
|
1309
|
+
- **Mutation score**: [N]% (target: >= 60%)
|
|
1310
|
+
|
|
1311
|
+
## Mock Ratio Analysis
|
|
1312
|
+
|
|
1313
|
+
- **Total mock calls**: [N]
|
|
1314
|
+
- **Total real assertions**: [N]
|
|
1315
|
+
- **Mock ratio**: [N]% (target: <= 30%)
|
|
1316
|
+
- **Justified mocks excluded**: [N]
|
|
1317
|
+
|
|
1318
|
+
### Worst Offenders by File
|
|
1319
|
+
|
|
1320
|
+
| File | Mocks | Assertions | Ratio | Status |
|
|
1321
|
+
| ------ | ----- | ---------- | ----- | ------- |
|
|
1322
|
+
| [file] | [N] | [N] | [N]% | OK/FAIL |
|
|
1323
|
+
|
|
1324
|
+
## Specialist Agent Findings
|
|
1325
|
+
|
|
1326
|
+
### Red (Blocking)
|
|
1327
|
+
|
|
1328
|
+
| # | Category | Finding | File | Line |
|
|
1329
|
+
| --- | ---------- | ------------- | ------ | ------ |
|
|
1330
|
+
| [N] | [category] | [description] | [file] | [line] |
|
|
1331
|
+
|
|
1332
|
+
### Yellow (Must Address)
|
|
1333
|
+
|
|
1334
|
+
| # | Category | Finding | File | Line |
|
|
1335
|
+
| --- | ---------- | ------------- | ------ | ------ |
|
|
1336
|
+
| [N] | [category] | [description] | [file] | [line] |
|
|
1337
|
+
|
|
1338
|
+
### Gray (Informational)
|
|
1339
|
+
|
|
1340
|
+
| # | Category | Finding | File | Line |
|
|
1341
|
+
| --- | ---------- | ------------- | ------ | ------ |
|
|
1342
|
+
| [N] | [category] | [description] | [file] | [line] |
|
|
1343
|
+
|
|
1344
|
+
## AI Slop Detection Summary
|
|
1345
|
+
|
|
1346
|
+
| Pattern | Count | Severity |
|
|
1347
|
+
| ---------------------------- | ----- | -------- |
|
|
1348
|
+
| Placeholder assertions | [N] | Red |
|
|
1349
|
+
| Skipped tests | [N] | Red |
|
|
1350
|
+
| TODO/FIXME placeholders | [N] | Yellow |
|
|
1351
|
+
| Empty catch blocks | [N] | Yellow |
|
|
1352
|
+
| Redundant comments | [N] | Yellow |
|
|
1353
|
+
| Over-engineered abstractions | [N] | Gray |
|
|
1354
|
+
| Magic numbers | [N] | Gray |
|
|
1355
|
+
|
|
1356
|
+
## Blast Radius Summary (Phase B)
|
|
1357
|
+
|
|
1358
|
+
See `{FEATURE_DIR}/blast-radius-report.md` for the full dimension report.
|
|
1359
|
+
|
|
1360
|
+
| Dimension | Agent | Red | Yellow | Gray | Verdict |
|
|
1361
|
+
| ----------------------------------- | ----------------------------- | --- | ------ | ---- | ------------------------ |
|
|
1362
|
+
| Change graph / ripple | codebase-analyzer | [N] | [N] | [N] | [OK/BREACHED] |
|
|
1363
|
+
| Interface contracts | validation-integration | [N] | [N] | [N] | [OK/BREACHED] |
|
|
1364
|
+
| Error logging & observability | validation-standards | [N] | [N] | [N] | [OK/BREACHED] |
|
|
1365
|
+
| Dependency & submodule impact | research-dependency-evaluator | [N] | [N] | [N] | [OK/BREACHED] |
|
|
1366
|
+
| Rollback readiness & release chklst | tasks-rollback-planner | [N] | [N] | [N] | [OK/BREACHED] |
|
|
1367
|
+
| | **TOTAL** | [N] | [N] | [N] | **[CONTAINED/BREACHED]** |
|
|
1368
|
+
|
|
1369
|
+
**Change Surface Summary**
|
|
1370
|
+
|
|
1371
|
+
- Modified files: [N]
|
|
1372
|
+
- Submodules touched: [list]
|
|
1373
|
+
- Public-surface symbols modified: [N]
|
|
1374
|
+
- Breaking API changes: [N]
|
|
1375
|
+
- New dependencies: [N]
|
|
1376
|
+
- New High/Critical CVEs: [N]
|
|
1377
|
+
- Irreversible migrations: [N]
|
|
1378
|
+
- CHANGELOG updated: [Yes/No/N/A]
|
|
1379
|
+
|
|
1380
|
+
**Phase B Gate**: Cat 11 scores 10 only if verdict is **CONTAINED**.
|
|
1381
|
+
|
|
1382
|
+
## Spec Compliance
|
|
1383
|
+
|
|
1384
|
+
### [US1 Name]
|
|
1385
|
+
|
|
1386
|
+
- [x/] Acceptance criterion 1
|
|
1387
|
+
- [x/] Acceptance criterion 2
|
|
1388
|
+
|
|
1389
|
+
### [US2 Name]
|
|
1390
|
+
|
|
1391
|
+
- [x/] Acceptance criterion 1
|
|
1392
|
+
|
|
1393
|
+
## Recommendations
|
|
1394
|
+
|
|
1395
|
+
### Before Merge (Must Fix)
|
|
1396
|
+
|
|
1397
|
+
- [Red and Yellow findings requiring action]
|
|
1398
|
+
|
|
1399
|
+
### Future Improvements (Informational)
|
|
1400
|
+
|
|
1401
|
+
- [Gray findings and suggestions]
|
|
1402
|
+
|
|
1403
|
+
## Evidence Table
|
|
1404
|
+
|
|
1405
|
+
| Category | Score | Evidence Artifact / Command Output | Absent / Reason for 0 |
|
|
1406
|
+
| --- | --- | --- | --- |
|
|
1407
|
+
| 1 — Functional Correctness | [0/15/20] | [file path, executed `npm test` output with timestamp, or agent citation] | [reason if 0] |
|
|
1408
|
+
| 2 — Test Authenticity | [0/15/20] | [file path, mutation output, or agent citation] | [reason if 0] |
|
|
1409
|
+
| 3 — UI/E2E Verification | [0/10/N/A] | [`N/A — HAS_UI=false`, `Render proof only — deployment target not in scope`, or render/deploy artifact] | [reason if 0 or not in scope] |
|
|
1410
|
+
| 4 — Security Posture | [0/10] | [agent finding citation] | [reason if 0] |
|
|
1411
|
+
| 5 — Integration Reality | [0/10] | [runtime wiring proof, integration-test output, or agent citation] | [reason if 0] |
|
|
1412
|
+
| 6 — Error Path Coverage | [0/10] | [agent finding citation] | [reason if 0] |
|
|
1413
|
+
| 7 — Architecture Compliance | [0/10] | [agent finding citation] | [reason if 0] |
|
|
1414
|
+
| 8 — Performance Baseline | [0/5] | [agent finding citation] | [reason if 0] |
|
|
1415
|
+
| 9 — Code Hygiene | [0/10] | [agent finding citation] | [reason if 0] |
|
|
1416
|
+
| 10 — Specification Traceability | [0/5] | [agent finding citation] | [reason if 0] |
|
|
1417
|
+
| 11 — Blast Radius Containment | [0/10] | [blast-radius-report.md reference] | [reason if 0] |
|
|
1418
|
+
| **Total** | **[N]/110** | | |
|
|
1419
|
+
```
|
|
1420
|
+
|
|
1421
|
+
This evidence table is required on **EVERY run (PASS and FAIL)**.
|
|
1422
|
+
|
|
1423
|
+
Each `Evidence Artifact / Command Output` cell MUST contain at least one of:
|
|
1424
|
+
|
|
1425
|
+
- A file path visible in the current session
|
|
1426
|
+
- An executed command and its real output (with timestamp)
|
|
1427
|
+
- A sub-agent finding citation (agent name + finding ID)
|
|
1428
|
+
|
|
1429
|
+
An empty evidence cell or a cell containing only inferences/assumptions MUST
|
|
1430
|
+
cause that category to score 0.
|
|
1431
|
+
|
|
1432
|
+
Category 11's evidence cell MUST cite `blast-radius-report.md`.
|
|
1433
|
+
|
|
1434
|
+
When Category 3 is not in scope, the report preamble or row text MUST make the
|
|
1435
|
+
redistribution explicit enough that normalization/effective contribution remains
|
|
1436
|
+
derivable from the persisted report, and `Absent / Reason for 0` must record
|
|
1437
|
+
the matching not-in-scope reason.
|
|
1438
|
+
|
|
1439
|
+
---
|
|
1440
|
+
|
|
1441
|
+
## Step 9: Determine Outcome
|
|
1442
|
+
|
|
1443
|
+
### If TOTAL = 110 and objective_gate_status = PASS: PASS (Phase A + B)
|
|
1444
|
+
|
|
1445
|
+
```
|
|
1446
|
+
════════════════════════════════════════════════════════════════
|
|
1447
|
+
RUBRIC PASSED: [Feature Name]
|
|
1448
|
+
════════════════════════════════════════════════════════════════
|
|
1449
|
+
|
|
1450
|
+
Score: 110/110
|
|
1451
|
+
|
|
1452
|
+
Rubric:
|
|
1453
|
+
✓ Functional Correctness [15/20]/[15/20]
|
|
1454
|
+
✓ Test Authenticity [15/20]/[15/20]
|
|
1455
|
+
✓ UI/E2E Verification [10/10 or N/A]
|
|
1456
|
+
✓ Security Posture 10/10
|
|
1457
|
+
✓ Integration Reality 10/10
|
|
1458
|
+
✓ Error Path Coverage 10/10
|
|
1459
|
+
✓ Architecture Compliance 10/10
|
|
1460
|
+
✓ Performance Baseline 5/5
|
|
1461
|
+
✓ Code Hygiene 10/10
|
|
1462
|
+
✓ Specification Traceability 5/5
|
|
1463
|
+
✓ Blast Radius Containment 10/10
|
|
1464
|
+
|
|
1465
|
+
Reports:
|
|
1466
|
+
{FEATURE_DIR}/validation-report.md
|
|
1467
|
+
{FEATURE_DIR}/blast-radius-report.md
|
|
1468
|
+
|
|
1469
|
+
════════════════════════════════════════════════════════════════
|
|
1470
|
+
```
|
|
1471
|
+
|
|
1472
|
+
Proceed to **Phase C: Engineering Review Loop** (inline, Step 10a below), then
|
|
1473
|
+
**Step 11: Attribution Logging** and **Step 12: Memory Update Check**.
|
|
1474
|
+
|
|
1475
|
+
**No external auto-chain is needed** — Phase C runs inline in this command.
|
|
1476
|
+
After Phase C completes, the feature pipeline is complete.
|
|
1477
|
+
|
|
1478
|
+
### If TOTAL < 110 or objective_gate_status = FAIL: FAIL
|
|
1479
|
+
|
|
1480
|
+
Proceed to **Step 10: Brownfield Restart** (Phase C does not run when the rubric
|
|
1481
|
+
fails — fix the rubric first).
|
|
1482
|
+
|
|
1483
|
+
---
|
|
1484
|
+
|
|
1485
|
+
## Step 10: Brownfield Restart Loop
|
|
1486
|
+
|
|
1487
|
+
When validation fails (score < score_max), generate a remediation report and signal
|
|
1488
|
+
the orchestrator to restart the pipeline focused on failed areas.
|
|
1489
|
+
|
|
1490
|
+
### 10.1 Check Iteration Count
|
|
1491
|
+
|
|
1492
|
+
- If `ITERATION >= 3`: Generate **escalation report** instead (see 10.4)
|
|
1493
|
+
- If `ITERATION < 3`: Generate **remediation report** and signal restart
|
|
1494
|
+
|
|
1495
|
+
### 10.2 Generate Remediation Report
|
|
1496
|
+
|
|
1497
|
+
Write to `{FEATURE_DIR}/remediation-report.md`:
|
|
1498
|
+
|
|
1499
|
+
```markdown
|
|
1500
|
+
---
|
|
1501
|
+
feature: [Feature Name]
|
|
1502
|
+
iteration: [N]
|
|
1503
|
+
score: [N]
|
|
1504
|
+
score_max: 110
|
|
1505
|
+
generated: [ISO timestamp]
|
|
1506
|
+
failed_categories: [list]
|
|
1507
|
+
---
|
|
1508
|
+
|
|
1509
|
+
# Remediation Report: [Feature Name]
|
|
1510
|
+
|
|
1511
|
+
## Iteration [N] of 3
|
|
1512
|
+
|
|
1513
|
+
**Score**: [N]/110 **Status**: FAIL — Remediation Required
|
|
1514
|
+
|
|
1515
|
+
## Failed Categories
|
|
1516
|
+
|
|
1517
|
+
### [Category Name] (0/[points])
|
|
1518
|
+
|
|
1519
|
+
**Evidence**: [Specific findings from agent reports]
|
|
1520
|
+
|
|
1521
|
+
**Required Actions**:
|
|
1522
|
+
|
|
1523
|
+
1. [Specific action to fix this category]
|
|
1524
|
+
2. [Another specific action]
|
|
1525
|
+
|
|
1526
|
+
**Files to modify**:
|
|
1527
|
+
|
|
1528
|
+
- `path/to/file.ts:line` — [what to change]
|
|
1529
|
+
|
|
1530
|
+
### [Next Failed Category]
|
|
1531
|
+
|
|
1532
|
+
...
|
|
1533
|
+
|
|
1534
|
+
## Remediation Scope
|
|
1535
|
+
|
|
1536
|
+
The following pipeline stages should re-run focused on these areas:
|
|
1537
|
+
|
|
1538
|
+
- **Research**: [Any new research needed, or "Not needed"]
|
|
1539
|
+
- **Plan**: [Any plan updates, or "Not needed"]
|
|
1540
|
+
- **Implement**: [Specific tasks to re-implement]
|
|
1541
|
+
- **Validate**: Re-run after fixes
|
|
1542
|
+
|
|
1543
|
+
## Previous Iterations
|
|
1544
|
+
|
|
1545
|
+
| Iteration | Score | Failed Categories | Date |
|
|
1546
|
+
| --------- | ------- | ----------------- | ------ |
|
|
1547
|
+
| 1 | [N]/110 | [list] | [date] |
|
|
1548
|
+
| 2 | [N]/110 | [list] | [date] |
|
|
1549
|
+
```
|
|
1550
|
+
|
|
1551
|
+
### 10.3 Signal Orchestrator
|
|
1552
|
+
|
|
1553
|
+
Output the routing instruction:
|
|
1554
|
+
|
|
1555
|
+
```
|
|
1556
|
+
════════════════════════════════════════════════════════════════
|
|
1557
|
+
VALIDATION FAILED: [Feature Name]
|
|
1558
|
+
════════════════════════════════════════════════════════════════
|
|
1559
|
+
|
|
1560
|
+
Score: [N]/110
|
|
1561
|
+
Iteration: [N] of 3
|
|
1562
|
+
|
|
1563
|
+
Failed categories:
|
|
1564
|
+
✗ [Category] — 0/[points]: [brief reason]
|
|
1565
|
+
✗ [Category] — 0/[points]: [brief reason]
|
|
1566
|
+
|
|
1567
|
+
Remediation report: {FEATURE_DIR}/remediation-report.md
|
|
1568
|
+
|
|
1569
|
+
REMEDIATION REQUIRED: [feature-name]
|
|
1570
|
+
Failed categories: [list]
|
|
1571
|
+
Iteration: [N] of 3
|
|
1572
|
+
Route: #5_gofer_implement → focused on [failed areas]
|
|
1573
|
+
|
|
1574
|
+
════════════════════════════════════════════════════════════════
|
|
1575
|
+
```
|
|
1576
|
+
|
|
1577
|
+
Then proceed to **Step 11: Attribution Logging**.
|
|
1578
|
+
|
|
1579
|
+
### 10.4 Escalation (Iteration 3 Failure)
|
|
1580
|
+
|
|
1581
|
+
If this is the 3rd iteration and validation still fails, generate
|
|
1582
|
+
`{FEATURE_DIR}/escalation-report.md`:
|
|
1583
|
+
|
|
1584
|
+
```markdown
|
|
1585
|
+
---
|
|
1586
|
+
feature: [Feature Name]
|
|
1587
|
+
iteration: 3
|
|
1588
|
+
final_score: [N]/110
|
|
1589
|
+
escalated: [ISO timestamp]
|
|
1590
|
+
---
|
|
1591
|
+
|
|
1592
|
+
# Escalation Report: [Feature Name]
|
|
1593
|
+
|
|
1594
|
+
## Human Review Required
|
|
1595
|
+
|
|
1596
|
+
After 3 remediation attempts, the following categories still fail:
|
|
1597
|
+
|
|
1598
|
+
### [Category] — All 3 attempts failed
|
|
1599
|
+
|
|
1600
|
+
**Iteration history**:
|
|
1601
|
+
|
|
1602
|
+
1. Score [N] — [what was tried]
|
|
1603
|
+
2. Score [N] — [what was tried]
|
|
1604
|
+
3. Score [N] — [what was tried]
|
|
1605
|
+
|
|
1606
|
+
**Root cause assessment**: [Why automated remediation isn't working]
|
|
1607
|
+
|
|
1608
|
+
**Recommended human action**: [What a developer should do]
|
|
1609
|
+
|
|
1610
|
+
## Full Score History
|
|
1611
|
+
|
|
1612
|
+
| Iteration | Total | Cat1 | Cat2 | Cat3 | Cat4 | Cat5 | Cat6 | Cat7 | Cat8 | Cat9 | Cat10 | Cat11 |
|
|
1613
|
+
| --------- | ----- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ----- | ----- |
|
|
1614
|
+
| 1 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
|
|
1615
|
+
| 2 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
|
|
1616
|
+
| 3 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
|
|
1617
|
+
```
|
|
1618
|
+
|
|
1619
|
+
Output:
|
|
1620
|
+
|
|
1621
|
+
```
|
|
1622
|
+
════════════════════════════════════════════════════════════════
|
|
1623
|
+
ESCALATION: [Feature Name]
|
|
1624
|
+
════════════════════════════════════════════════════════════════
|
|
1625
|
+
|
|
1626
|
+
After 3 remediation attempts, validation still fails.
|
|
1627
|
+
Score: [N]/110
|
|
1628
|
+
|
|
1629
|
+
Escalation report: {FEATURE_DIR}/escalation-report.md
|
|
1630
|
+
|
|
1631
|
+
This feature requires human review before proceeding.
|
|
1632
|
+
The automated pipeline cannot resolve the remaining issues.
|
|
1633
|
+
|
|
1634
|
+
════════════════════════════════════════════════════════════════
|
|
1635
|
+
```
|
|
1636
|
+
|
|
1637
|
+
---
|
|
1638
|
+
|
|
1639
|
+
# Phase C — Engineering Review Loop
|
|
1640
|
+
|
|
1641
|
+
Phase C runs **only when the rubric passes** (110/110). It performs 1-5
|
|
1642
|
+
iterative review→fix→re-review cycles using 3 additional review agents per
|
|
1643
|
+
cycle, catching issues that the rubric-based validation might miss (edge cases,
|
|
1644
|
+
race conditions, API-contract drift against the as-implemented code, spec spirit
|
|
1645
|
+
violations).
|
|
1646
|
+
|
|
1647
|
+
Phase C is the terminal stage of `#6_gofer_validate`. After Phase C completes,
|
|
1648
|
+
the feature pipeline is complete.
|
|
1649
|
+
|
|
1650
|
+
## Step 10a: Initialize Phase C
|
|
1651
|
+
|
|
1652
|
+
1. **Guard**: only proceed if rubric `status == PASS` and the objective outcome
|
|
1653
|
+
gate passes (Step 9 TOTAL = 110 and Step 1.5 PASS). If
|
|
1654
|
+
FAIL, skip Phase C entirely — brownfield restart (Step 10) already triggered.
|
|
1655
|
+
|
|
1656
|
+
2. **Initialize cycle counter**: `CYCLE = 1`
|
|
1657
|
+
|
|
1658
|
+
3. **Initialize findings history**: Empty array to accumulate across cycles.
|
|
1659
|
+
|
|
1660
|
+
4. **Seed findings from Phase B Yellow/Gray**: All Yellow findings from the
|
|
1661
|
+
blast-radius report are added to the Phase C finding list for mandatory
|
|
1662
|
+
attention. Gray findings are logged but not auto-fixed.
|
|
1663
|
+
|
|
1664
|
+
## Step 10b: Spawn 3 Parallel Review Agents (Cycle N of 5)
|
|
1665
|
+
|
|
1666
|
+
Launch all 3 agents **in parallel** using the Task tool. Each agent receives the
|
|
1667
|
+
feature context and returns structured findings.
|
|
1668
|
+
|
|
1669
|
+
### Agent 13: Engineer Review (Spec↔Plan↔Tasks↔Research Alignment)
|
|
1670
|
+
|
|
1671
|
+
```
|
|
1672
|
+
Task: subagent_type="engineer-review", model="sonnet"
|
|
1673
|
+
Prompt: "Post-implementation engineering review for feature [FEATURE_NAME].
|
|
1674
|
+
|
|
1675
|
+
Feature directory: {FEATURE_DIR}
|
|
1676
|
+
Spec: {FEATURE_DIR}/spec.md
|
|
1677
|
+
Plan: {FEATURE_DIR}/plan.md
|
|
1678
|
+
Tasks: {FEATURE_DIR}/tasks.md
|
|
1679
|
+
Research: {FEATURE_DIR}/research.md
|
|
1680
|
+
|
|
1681
|
+
This is a POST-IMPLEMENTATION review (code is already written).
|
|
1682
|
+
In addition to your standard spec↔plan↔tasks alignment checks:
|
|
1683
|
+
1. Verify spec completeness against research.md — are all research findings addressed?
|
|
1684
|
+
2. Check all acceptance criteria are addressed in the actual code (not just tasks)
|
|
1685
|
+
3. Verify research.md patterns were followed in implementation
|
|
1686
|
+
|
|
1687
|
+
Return findings in your standard report format (<2000 tokens)."
|
|
1688
|
+
```
|
|
1689
|
+
|
|
1690
|
+
### Agent 14: Codebase Analyzer (Code↔Tasks Verification)
|
|
1691
|
+
|
|
1692
|
+
```
|
|
1693
|
+
Task: subagent_type="codebase-analyzer", model="sonnet"
|
|
1694
|
+
Prompt: "Post-implementation code verification for feature [FEATURE_NAME].
|
|
1695
|
+
|
|
1696
|
+
Feature directory: {FEATURE_DIR}
|
|
1697
|
+
Tasks: {FEATURE_DIR}/tasks.md
|
|
1698
|
+
|
|
1699
|
+
Verify the following:
|
|
1700
|
+
1. Every task marked [x] in tasks.md has corresponding code changes — check file paths
|
|
1701
|
+
2. Search for TODO/FIXME/HACK comments in files listed in tasks.md
|
|
1702
|
+
3. Check for dead code or unused imports in changed files
|
|
1703
|
+
4. Verify any API contracts/interfaces match their actual implementations
|
|
1704
|
+
5. Check for inconsistencies between task descriptions and what was implemented
|
|
1705
|
+
|
|
1706
|
+
Return findings with Red/Yellow/Gray severity (<2000 tokens).
|
|
1707
|
+
Red = task marked complete but no code found, or API contract mismatch
|
|
1708
|
+
Yellow = TODO/FIXME comments, unused imports, minor inconsistencies
|
|
1709
|
+
Gray = style suggestions, optional improvements"
|
|
1710
|
+
```
|
|
1711
|
+
|
|
1712
|
+
### Agent 15: Correctness Re-verification
|
|
1713
|
+
|
|
1714
|
+
```
|
|
1715
|
+
Task: subagent_type="validation-correctness", model="sonnet"
|
|
1716
|
+
Prompt: "Post-implementation correctness re-verification for feature [FEATURE_NAME].
|
|
1717
|
+
|
|
1718
|
+
Feature directory: {FEATURE_DIR}
|
|
1719
|
+
Spec: {FEATURE_DIR}/spec.md
|
|
1720
|
+
Plan: {FEATURE_DIR}/plan.md
|
|
1721
|
+
|
|
1722
|
+
This is a focused re-check after validation passed. Look for issues that
|
|
1723
|
+
rubric-based validation might miss:
|
|
1724
|
+
1. Edge cases from spec that may not have explicit tests
|
|
1725
|
+
2. Error handling completeness — are all failure modes covered?
|
|
1726
|
+
3. Race conditions or concurrency issues in async code
|
|
1727
|
+
4. Input validation at system boundaries
|
|
1728
|
+
5. Any acceptance criteria that are technically 'covered' by tests but
|
|
1729
|
+
the implementation doesn't fully satisfy the spirit of the requirement
|
|
1730
|
+
|
|
1731
|
+
Return findings with Red/Yellow/Gray severity (<2000 tokens).
|
|
1732
|
+
Red = acceptance criterion not genuinely satisfied, critical error path missing
|
|
1733
|
+
Yellow = edge case not covered, partial error handling
|
|
1734
|
+
Gray = potential improvement, defensive coding suggestion"
|
|
1735
|
+
```
|
|
1736
|
+
|
|
1737
|
+
**Run all 3 agents in parallel.** Collect all results before proceeding.
|
|
1738
|
+
|
|
1739
|
+
## Step 10c: Run Build/Test/Lint Verification
|
|
1740
|
+
|
|
1741
|
+
Execute verification commands and capture results:
|
|
1742
|
+
|
|
1743
|
+
### Build Check
|
|
1744
|
+
|
|
1745
|
+
```bash
|
|
1746
|
+
cd extension && npm run compile
|
|
1747
|
+
```
|
|
1748
|
+
|
|
1749
|
+
### Test Check
|
|
1750
|
+
|
|
1751
|
+
```bash
|
|
1752
|
+
cd extension && npm test
|
|
1753
|
+
```
|
|
1754
|
+
|
|
1755
|
+
### Lint Check
|
|
1756
|
+
|
|
1757
|
+
```bash
|
|
1758
|
+
cd extension && npm run lint
|
|
1759
|
+
```
|
|
1760
|
+
|
|
1761
|
+
Record results:
|
|
1762
|
+
|
|
1763
|
+
```
|
|
1764
|
+
| Check | Command | Result |
|
|
1765
|
+
|--------|----------------------|-------------|
|
|
1766
|
+
| Build | npm run compile | PASS / FAIL |
|
|
1767
|
+
| Tests | npm test | PASS / FAIL |
|
|
1768
|
+
| Lint | npm run lint | PASS / FAIL |
|
|
1769
|
+
```
|
|
1770
|
+
|
|
1771
|
+
**If any check FAILS**: Record as a Red finding.
|
|
1772
|
+
|
|
1773
|
+
## Step 10d: Synthesize Findings
|
|
1774
|
+
|
|
1775
|
+
Collect all agent reports and build/test/lint results. Merge with Phase B
|
|
1776
|
+
Yellow/Gray carryovers. Classify each finding:
|
|
1777
|
+
|
|
1778
|
+
- **Red** (blocking): Task marked complete but no code, API contract mismatch,
|
|
1779
|
+
acceptance criterion not genuinely satisfied, build/test/lint failure,
|
|
1780
|
+
critical error path missing
|
|
1781
|
+
- **Yellow** (should fix): TODO/FIXME comments, unused imports, edge cases not
|
|
1782
|
+
covered, partial error handling, minor inconsistencies, Phase B Yellows
|
|
1783
|
+
- **Gray** (informational): Style suggestions, optional improvements, defensive
|
|
1784
|
+
coding suggestions, Phase B Grays
|
|
1785
|
+
|
|
1786
|
+
### Compile Finding Table
|
|
1787
|
+
|
|
1788
|
+
```
|
|
1789
|
+
| # | Finding | Severity | Source | File | Line | Status |
|
|
1790
|
+
|---|---------|----------|---------------------------|--------|--------|--------|
|
|
1791
|
+
| 1 | [desc] | Red | engineer-review | [file] | [line] | OPEN |
|
|
1792
|
+
| 2 | [desc] | Yellow | codebase-analyzer | [file] | [line] | OPEN |
|
|
1793
|
+
| 3 | [desc] | Yellow | phase-b:observability | [file] | [line] | OPEN |
|
|
1794
|
+
```
|
|
1795
|
+
|
|
1796
|
+
### Decision Logic
|
|
1797
|
+
|
|
1798
|
+
- If **NO Red or Yellow findings** → PASS → proceed to Step 10g (Report)
|
|
1799
|
+
- If **Red or Yellow findings exist** → proceed to Step 10e (Fix)
|
|
1800
|
+
|
|
1801
|
+
## Step 10e: Fix Findings
|
|
1802
|
+
|
|
1803
|
+
For each Red and Yellow finding from the current cycle:
|
|
1804
|
+
|
|
1805
|
+
1. **Read the affected file** at the specified line
|
|
1806
|
+
2. **Apply the fix** directly using Edit tool
|
|
1807
|
+
3. **Mark the finding as FIXED** in the finding table
|
|
1808
|
+
|
|
1809
|
+
### Fix Priority
|
|
1810
|
+
|
|
1811
|
+
1. Red findings first (blocking issues)
|
|
1812
|
+
2. Yellow findings second (should fix)
|
|
1813
|
+
3. Gray findings are logged but NOT auto-fixed
|
|
1814
|
+
|
|
1815
|
+
### After Fixing
|
|
1816
|
+
|
|
1817
|
+
Re-run build/test/lint to verify fixes don't introduce regressions:
|
|
1818
|
+
|
|
1819
|
+
```bash
|
|
1820
|
+
cd extension && npm run compile && npm test && npm run lint
|
|
1821
|
+
```
|
|
1822
|
+
|
|
1823
|
+
If the verification fails after fixes, record new failures as Red findings for
|
|
1824
|
+
the next cycle.
|
|
1825
|
+
|
|
1826
|
+
## Step 10f: Loop or Complete
|
|
1827
|
+
|
|
1828
|
+
### Increment Cycle
|
|
1829
|
+
|
|
1830
|
+
```
|
|
1831
|
+
CYCLE = CYCLE + 1
|
|
1832
|
+
```
|
|
1833
|
+
|
|
1834
|
+
### Decision
|
|
1835
|
+
|
|
1836
|
+
- If `CYCLE <= 5` AND findings were fixed in the previous cycle → **Go to Step
|
|
1837
|
+
10b** (re-review with fresh agent runs to verify fixes and catch any new
|
|
1838
|
+
issues)
|
|
1839
|
+
- If `CYCLE > 5` AND Red/Yellow findings still remain → **Generate escalation
|
|
1840
|
+
section** in the report, declare pipeline complete with warnings
|
|
1841
|
+
- If **all findings resolved** (no Red or Yellow) → **Declare pipeline
|
|
1842
|
+
complete** (proceed to Step 10g)
|
|
1843
|
+
|
|
1844
|
+
## Step 10g: Generate Engineering Review Report
|
|
1845
|
+
|
|
1846
|
+
Write to `{FEATURE_DIR}/engineering-review-report.md`:
|
|
1847
|
+
|
|
1848
|
+
```markdown
|
|
1849
|
+
---
|
|
1850
|
+
feature: [Feature Name]
|
|
1851
|
+
reviewed: [ISO timestamp]
|
|
1852
|
+
reviewer: Claude
|
|
1853
|
+
status: [PASS/PASS_WITH_WARNINGS/ESCALATED]
|
|
1854
|
+
cycles: [N]
|
|
1855
|
+
total_findings: [N]
|
|
1856
|
+
resolved_findings: [N]
|
|
1857
|
+
blast_radius_carryovers: [N]
|
|
1858
|
+
---
|
|
1859
|
+
|
|
1860
|
+
# Engineering Review Report: [Feature Name]
|
|
1861
|
+
|
|
1862
|
+
## Summary
|
|
1863
|
+
|
|
1864
|
+
- **Status**: [PASS / PASS_WITH_WARNINGS / ESCALATED]
|
|
1865
|
+
- **Review cycles**: [N] of 5 max
|
|
1866
|
+
- **Total findings**: [N] (Red: [N], Yellow: [N], Gray: [N])
|
|
1867
|
+
- **Resolved**: [N] findings fixed across [N] cycles
|
|
1868
|
+
- **Remaining**: [N] findings (if any)
|
|
1869
|
+
- **Phase B carryovers addressed**: [N] of [N]
|
|
1870
|
+
|
|
1871
|
+
## Cycle History
|
|
1872
|
+
|
|
1873
|
+
### Cycle 1
|
|
1874
|
+
|
|
1875
|
+
**Agents**: engineer-review, codebase-analyzer, validation-correctness
|
|
1876
|
+
**Build/Test/Lint**: [PASS/FAIL details]
|
|
1877
|
+
|
|
1878
|
+
| # | Finding | Severity | Source | File | Line | Resolution |
|
|
1879
|
+
| --- | ------- | -------- | ------ | ------ | ------ | ------------ |
|
|
1880
|
+
| 1 | [desc] | [sev] | [src] | [file] | [line] | [FIXED/OPEN] |
|
|
1881
|
+
|
|
1882
|
+
### Cycle 2 (if applicable)
|
|
1883
|
+
|
|
1884
|
+
...
|
|
1885
|
+
|
|
1886
|
+
## Remaining Findings (if any)
|
|
1887
|
+
|
|
1888
|
+
| # | Finding | Severity | Source | File | Line | Reason Not Fixed |
|
|
1889
|
+
| --- | ------- | -------- | ------ | ------ | ------ | ---------------- |
|
|
1890
|
+
| 1 | [desc] | [sev] | [src] | [file] | [line] | [why] |
|
|
1891
|
+
|
|
1892
|
+
## Recommendations
|
|
1893
|
+
|
|
1894
|
+
### Must Address Before Merge
|
|
1895
|
+
|
|
1896
|
+
- [Any remaining Red/Yellow findings]
|
|
1897
|
+
|
|
1898
|
+
### Future Improvements
|
|
1899
|
+
|
|
1900
|
+
- [Gray findings and suggestions]
|
|
1901
|
+
```
|
|
1902
|
+
|
|
1903
|
+
## Step 10g.5: Final Working Backwards PR/FAQ And CISO Summary
|
|
1904
|
+
|
|
1905
|
+
After the validation report, blast-radius report, loop audit, and engineering
|
|
1906
|
+
review report are written:
|
|
1907
|
+
|
|
1908
|
+
1. Update `{FEATURE_DIR}/working-backwards-prfaq.md`.
|
|
1909
|
+
- Mark each Press Release claim as validated, changed, or unvalidated based
|
|
1910
|
+
on `validation-report.md`, `blast-radius-report.md`,
|
|
1911
|
+
`goal-rebaseline-report.md`, and `loop-audit-report.md`.
|
|
1912
|
+
- Fill Internal FAQ CISO / Risk with data handled, identity controls,
|
|
1913
|
+
tenant boundaries, secrets handling, residual risks, validation evidence,
|
|
1914
|
+
and launch gates.
|
|
1915
|
+
- Update "What happens if something goes wrong?" with rollback/support
|
|
1916
|
+
evidence from validation and blast-radius analysis.
|
|
1917
|
+
2. Write `{FEATURE_DIR}/prfaq-history/06-validate.md` as an immutable final
|
|
1918
|
+
validation snapshot.
|
|
1919
|
+
3. Create or update `{FEATURE_DIR}/ciso-security-summary.md` from
|
|
1920
|
+
`.specify/templates/ciso-security-summary-template.md` using
|
|
1921
|
+
`validation-report.md`, `blast-radius-report.md`, `audit-history.md`,
|
|
1922
|
+
`visuals/risk-heatmap.md`, auth/tenant evidence, secrets/data handling
|
|
1923
|
+
evidence, and loop audit evidence.
|
|
1924
|
+
4. Refresh `{FEATURE_DIR}/business-owner-summary.md` with final validation
|
|
1925
|
+
status, business value confidence, and any validated/disproven assumptions.
|
|
1926
|
+
5. Refresh `{FEATURE_DIR}/cto-architecture-summary.md` with validation status,
|
|
1927
|
+
blast-radius verdict, and any architecture/security exceptions.
|
|
1928
|
+
6. Update `{FEATURE_DIR}/stakeholder-review-index.md` and make the final
|
|
1929
|
+
approve/revise/defer asks explicit:
|
|
1930
|
+
- Business Owner: release value, user/process impact, assumptions.
|
|
1931
|
+
- CTO / Architecture: platform/architecture evidence and exceptions.
|
|
1932
|
+
- CISO / Risk: controls, residual risks, security posture, launch gate.
|
|
1933
|
+
- Delivery: rollout, rollback, support, and evidence completeness.
|
|
1934
|
+
|
|
1935
|
+
If any validation gate failed, write these documents honestly with `FAIL`,
|
|
1936
|
+
`Pending`, or `Blocked` status; do not polish a failed feature as ready.
|
|
1937
|
+
|
|
1938
|
+
## Step 10h: Output Completion Banner
|
|
1939
|
+
|
|
1940
|
+
### If PASS (all findings resolved or no findings):
|
|
1941
|
+
|
|
1942
|
+
```
|
|
1943
|
+
════════════════════════════════════════════════════════════════
|
|
1944
|
+
ENGINEERING REVIEW PASSED: [Feature Name]
|
|
1945
|
+
════════════════════════════════════════════════════════════════
|
|
1946
|
+
|
|
1947
|
+
Cycles: [N] of 5 max
|
|
1948
|
+
Findings: [N] found, [N] resolved
|
|
1949
|
+
Report: {FEATURE_DIR}/engineering-review-report.md
|
|
1950
|
+
Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
|
|
1951
|
+
CISO summary: {FEATURE_DIR}/ciso-security-summary.md
|
|
1952
|
+
Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
|
|
1953
|
+
|
|
1954
|
+
════════════════════════════════════════════════════════════════
|
|
1955
|
+
FEATURE PIPELINE COMPLETE!
|
|
1956
|
+
|
|
1957
|
+
All Gofer stages finished:
|
|
1958
|
+
1. #1_gofer_research ✓
|
|
1959
|
+
2. #2_gofer_specify ✓
|
|
1960
|
+
3. #3_gofer_plan ✓
|
|
1961
|
+
4. #4_gofer_tasks ✓
|
|
1962
|
+
5. #5_gofer_implement ✓
|
|
1963
|
+
6. #6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ✓)
|
|
1964
|
+
|
|
1965
|
+
The feature is ready for review and merge.
|
|
1966
|
+
Stakeholder PR/FAQ and persona summaries are ready for Business Owner,
|
|
1967
|
+
CTO/Architecture, CISO/Risk, and Delivery review.
|
|
1968
|
+
════════════════════════════════════════════════════════════════
|
|
1969
|
+
```
|
|
1970
|
+
|
|
1971
|
+
### If PASS_WITH_WARNINGS (5 cycles exhausted, only Gray remaining):
|
|
1972
|
+
|
|
1973
|
+
```
|
|
1974
|
+
════════════════════════════════════════════════════════════════
|
|
1975
|
+
ENGINEERING REVIEW PASSED (WITH WARNINGS): [Feature Name]
|
|
1976
|
+
════════════════════════════════════════════════════════════════
|
|
1977
|
+
|
|
1978
|
+
Cycles: 5 of 5 max
|
|
1979
|
+
Findings: [N] found, [N] resolved, [N] Gray remaining
|
|
1980
|
+
Report: {FEATURE_DIR}/engineering-review-report.md
|
|
1981
|
+
Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
|
|
1982
|
+
CISO summary: {FEATURE_DIR}/ciso-security-summary.md
|
|
1983
|
+
Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
|
|
1984
|
+
|
|
1985
|
+
⚠ Gray findings remain — see report for details.
|
|
1986
|
+
|
|
1987
|
+
════════════════════════════════════════════════════════════════
|
|
1988
|
+
FEATURE PIPELINE COMPLETE!
|
|
1989
|
+
|
|
1990
|
+
All Gofer stages finished:
|
|
1991
|
+
1. #1_gofer_research ✓
|
|
1992
|
+
2. #2_gofer_specify ✓
|
|
1993
|
+
3. #3_gofer_plan ✓
|
|
1994
|
+
4. #4_gofer_tasks ✓
|
|
1995
|
+
5. #5_gofer_implement ✓
|
|
1996
|
+
6. #6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ⚠)
|
|
1997
|
+
|
|
1998
|
+
The feature is ready for review and merge (review Gray findings).
|
|
1999
|
+
════════════════════════════════════════════════════════════════
|
|
2000
|
+
```
|
|
2001
|
+
|
|
2002
|
+
### If ESCALATED (5 cycles exhausted, Red/Yellow remain):
|
|
2003
|
+
|
|
2004
|
+
```
|
|
2005
|
+
════════════════════════════════════════════════════════════════
|
|
2006
|
+
ENGINEERING REVIEW ESCALATED: [Feature Name]
|
|
2007
|
+
════════════════════════════════════════════════════════════════
|
|
2008
|
+
|
|
2009
|
+
Cycles: 5 of 5 max (exhausted)
|
|
2010
|
+
Findings: [N] found, [N] resolved, [N] Red/Yellow remaining
|
|
2011
|
+
|
|
2012
|
+
Remaining issues:
|
|
2013
|
+
✗ [Finding] — [severity]: [brief reason]
|
|
2014
|
+
|
|
2015
|
+
Report: {FEATURE_DIR}/engineering-review-report.md
|
|
2016
|
+
Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
|
|
2017
|
+
CISO summary: {FEATURE_DIR}/ciso-security-summary.md
|
|
2018
|
+
Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
|
|
2019
|
+
|
|
2020
|
+
This feature requires human review of remaining findings
|
|
2021
|
+
before merging.
|
|
2022
|
+
|
|
2023
|
+
════════════════════════════════════════════════════════════════
|
|
2024
|
+
```
|
|
2025
|
+
|
|
2026
|
+
---
|
|
2027
|
+
|
|
2028
|
+
# End of Phase C
|
|
2029
|
+
|
|
2030
|
+
---
|
|
2031
|
+
|
|
2032
|
+
## Step 11: Attribution Logging
|
|
2033
|
+
|
|
2034
|
+
Log every finding to `.specify/logs/validation-findings.jsonl`.
|
|
2035
|
+
For EnterpriseAI runs, also mirror the same finding lifecycle to
|
|
2036
|
+
`{FEATURE_DIR}/audit-history.md` so executive, architecture, CISO, data, CIO,
|
|
2037
|
+
delivery, finance, operations, and risk/compliance stakeholders can see stable
|
|
2038
|
+
finding IDs, recurrence, disposition, owner, expiry, and review cadence.
|
|
2039
|
+
|
|
2040
|
+
### Finding Format
|
|
2041
|
+
|
|
2042
|
+
For each finding from all agents and automated checks, append a JSON line:
|
|
2043
|
+
|
|
2044
|
+
```json
|
|
2045
|
+
{
|
|
2046
|
+
"finding_id": "F[NNN]",
|
|
2047
|
+
"timestamp": "[ISO timestamp]",
|
|
2048
|
+
"feature": "[feature-name]",
|
|
2049
|
+
"category": "[rubric_category_snake_case]",
|
|
2050
|
+
"severity": "[red|yellow|gray]",
|
|
2051
|
+
"description": "[finding description]",
|
|
2052
|
+
"file": "[file path]",
|
|
2053
|
+
"line": [line number or null],
|
|
2054
|
+
"agent": "[agent name or 'automated']",
|
|
2055
|
+
"resolution": null,
|
|
2056
|
+
"iteration": [N]
|
|
2057
|
+
}
|
|
2058
|
+
```
|
|
2059
|
+
|
|
2060
|
+
### Categories for `category` field
|
|
2061
|
+
|
|
2062
|
+
- `functional_correctness`
|
|
2063
|
+
- `test_authenticity`
|
|
2064
|
+
- `ui_e2e_verification`
|
|
2065
|
+
- `security_posture`
|
|
2066
|
+
- `integration_reality`
|
|
2067
|
+
- `error_path_coverage`
|
|
2068
|
+
- `architecture_compliance`
|
|
2069
|
+
- `performance_baseline`
|
|
2070
|
+
- `code_hygiene`
|
|
2071
|
+
- `specification_traceability`
|
|
2072
|
+
- `blast_radius_containment` — **NEW** (Cat 11, Phase B)
|
|
2073
|
+
- Sub-dimensions for the `dimension` sub-field: `change_graph`,
|
|
2074
|
+
`interface_contract`, `observability`, `dependency_submodule`,
|
|
2075
|
+
`rollback_release`
|
|
2076
|
+
- `engineering_review` — Phase C findings (agent-specific sub-dimensions:
|
|
2077
|
+
`spec_alignment`, `code_verification`, `correctness_reverify`)
|
|
2078
|
+
|
|
2079
|
+
### EnterpriseAI Persistent Audit Requirements
|
|
2080
|
+
|
|
2081
|
+
`audit-history.md` MUST include:
|
|
2082
|
+
|
|
2083
|
+
| Field | Requirement |
|
|
2084
|
+
| ----- | ----------- |
|
|
2085
|
+
| Finding ID | Stable across validation cycles; never renumber existing findings |
|
|
2086
|
+
| Source | Rubric category, agent, automated check, or stakeholder gate |
|
|
2087
|
+
| Status | Open, fixed, accepted, or escalated |
|
|
2088
|
+
| Recurrence | Count and prior cycle references for repeated findings |
|
|
2089
|
+
| Owner | Named accountable role or team |
|
|
2090
|
+
| Expiry | Required for accepted exceptions |
|
|
2091
|
+
| Evidence | Links to validation report, tests, contract pack, or code references |
|
|
2092
|
+
|
|
2093
|
+
Recurring red findings must escalate to the relevant decision owner and block
|
|
2094
|
+
launch unless explicitly accepted with owner, expiry, and review cadence.
|
|
2095
|
+
|
|
2096
|
+
For application delivery, validation MUST also check
|
|
2097
|
+
`{FEATURE_DIR}/journeys/base-journey.md` against the delivered implementation:
|
|
2098
|
+
|
|
2099
|
+
- The app process has four user-facing steps or fewer, or an approved exception
|
|
2100
|
+
explains why extra steps could not be combined, automated, or handled by
|
|
2101
|
+
generative AI assistance.
|
|
2102
|
+
- Each journey step preserves its business goal, AI assistance mode, data/context
|
|
2103
|
+
used, completion signal, human controls, evidence/confidence display, audit
|
|
2104
|
+
trail, and fallback/escalation path.
|
|
2105
|
+
- `{FEATURE_DIR}/ui-review-log.md` contains at least one pre-presentation
|
|
2106
|
+
self-review entry for each preview round that was shown to the stakeholder,
|
|
2107
|
+
with screenshot, local render proof, Playwright-style evidence, or an
|
|
2108
|
+
explicit reasoned exception.
|
|
2109
|
+
- `{FEATURE_DIR}/ui-approval.md` records the approved preview, approved
|
|
2110
|
+
branding/logo decisions, any approved EAI App Template exceptions, the
|
|
2111
|
+
approver, and approval timestamp.
|
|
2112
|
+
- `{FEATURE_DIR}/service-fit-matrix.md` records each desired platform
|
|
2113
|
+
capability, the evidence source used to evaluate it, and whether it is
|
|
2114
|
+
accessible now, purchasable but unavailable now, or unavailable without new
|
|
2115
|
+
platform work.
|
|
2116
|
+
- The delivered app uses EAI Platform, including the EAI app template, as the
|
|
2117
|
+
primary app substrate and Azure as the preferred cloud/supporting substrate.
|
|
2118
|
+
Any Firebase, Supabase, Vercel primary runtime, AWS, GCP, bespoke backend,
|
|
2119
|
+
unmanaged database, or unrelated SaaS dependency is rejected unless it is
|
|
2120
|
+
recorded as an approved integration/migration/exception with rationale, owner,
|
|
2121
|
+
expiry, and validation evidence.
|
|
2122
|
+
- The approved external/internal/hybrid profile choice, package lane, coupling
|
|
2123
|
+
status, Storybook story IDs, theme override points, public-readiness target,
|
|
2124
|
+
and custom-block exceptions are present in the preview/approval/service-fit
|
|
2125
|
+
artifacts and match the delivered implementation.
|
|
2126
|
+
- Validation confirms that app-delivery runs used EAI App Template blocks by
|
|
2127
|
+
default and that any create-new UI concept was explicitly approved rather
|
|
2128
|
+
than silently introduced.
|
|
2129
|
+
- Validation confirms that block-porting tasks produced the expected package
|
|
2130
|
+
surface and that public or hybrid lanes do not directly depend on source platform
|
|
2131
|
+
internals unless an approved restricted-source exception is recorded.
|
|
2132
|
+
- Chatbot, voice, accessibility, translation, contextual prefill, validation,
|
|
2133
|
+
and step-goal assistance claims are covered by acceptance tests where they are
|
|
2134
|
+
in scope.
|
|
2135
|
+
|
|
2136
|
+
For explicit non-app work, validation MUST treat `ui-preview-brief.md`,
|
|
2137
|
+
`ui-review-log.md`, `ui-approval.md`, and `service-fit-matrix.md` as
|
|
2138
|
+
**not applicable** rather than as missing blocking artifacts.
|
|
2139
|
+
|
|
2140
|
+
### Log Summary Entry
|
|
2141
|
+
|
|
2142
|
+
After all findings, append a summary entry:
|
|
2143
|
+
|
|
2144
|
+
```json
|
|
2145
|
+
{
|
|
2146
|
+
"finding_id": "SUMMARY",
|
|
2147
|
+
"timestamp": "[ISO timestamp]",
|
|
2148
|
+
"feature": "[feature-name]",
|
|
2149
|
+
"category": "summary",
|
|
2150
|
+
"severity": "info",
|
|
2151
|
+
"description": "Validation score: [N]/110. Categories failed: [list or 'none']",
|
|
2152
|
+
"file": null,
|
|
2153
|
+
"line": null,
|
|
2154
|
+
"agent": "rubric",
|
|
2155
|
+
"resolution": "[PASS|FAIL|ESCALATED]",
|
|
2156
|
+
"iteration": [N]
|
|
2157
|
+
}
|
|
2158
|
+
```
|
|
2159
|
+
|
|
2160
|
+
### Historical Reference
|
|
2161
|
+
|
|
2162
|
+
Before logging, read existing entries in `validation-findings.jsonl` for the
|
|
2163
|
+
same feature. If the same finding (same file, same line, same category) appears
|
|
2164
|
+
in a previous iteration, note it as a **repeat finding** in the description:
|
|
2165
|
+
|
|
2166
|
+
```
|
|
2167
|
+
"description": "[REPEAT from iteration 1] expect(true).toBe(true) still present"
|
|
2168
|
+
```
|
|
2169
|
+
|
|
2170
|
+
This enables tracking of findings that persist across remediation attempts.
|
|
2171
|
+
|
|
2172
|
+
---
|
|
2173
|
+
|
|
2174
|
+
## Step 12: Memory Update Check
|
|
2175
|
+
|
|
2176
|
+
After validation, assess whether learnings should be persisted.
|
|
2177
|
+
|
|
2178
|
+
### 12.1 Memory Update Decision Matrix
|
|
2179
|
+
|
|
2180
|
+
| Learning Type | Update Location | When to Update |
|
|
2181
|
+
| ---------------------------- | ---------------------------- | ----------------------------------------- |
|
|
2182
|
+
| **Project-wide patterns** | `CLAUDE.md` | New conventions affecting all future work |
|
|
2183
|
+
| **Architectural decisions** | `.specify/memory/decisions/` | Significant design choices with rationale |
|
|
2184
|
+
| **Feature-specific context** | `{FEATURE_DIR}/research.md` | Discoveries relevant only to this feature |
|
|
2185
|
+
| **Reusable code patterns** | `CLAUDE.md` or constitution | Patterns other features should follow |
|
|
2186
|
+
| **Bug workarounds** | `.specify/memory/decisions/` | Issues that may recur |
|
|
2187
|
+
|
|
2188
|
+
### 12.2 CLAUDE.md Update Criteria
|
|
2189
|
+
|
|
2190
|
+
**DO update CLAUDE.md when**:
|
|
2191
|
+
|
|
2192
|
+
- Discovered a new coding convention used across the codebase
|
|
2193
|
+
- Identified a critical dependency or integration pattern
|
|
2194
|
+
- Found a gotcha that affects multiple features
|
|
2195
|
+
- Established a new testing or build pattern
|
|
2196
|
+
|
|
2197
|
+
**DO NOT update CLAUDE.md when**:
|
|
2198
|
+
|
|
2199
|
+
- Learning is specific to one feature
|
|
2200
|
+
- Information will become stale quickly
|
|
2201
|
+
- Pattern is already documented elsewhere
|
|
2202
|
+
- Change is experimental/temporary
|
|
2203
|
+
|
|
2204
|
+
### 12.3 Memory Update Checklist
|
|
2205
|
+
|
|
2206
|
+
Before completing validation, verify:
|
|
2207
|
+
|
|
2208
|
+
- [ ] Any project-wide patterns discovered -> added to CLAUDE.md?
|
|
2209
|
+
- [ ] Any significant decisions made -> recorded in decisions/?
|
|
2210
|
+
- [ ] Any gotchas or workarounds -> documented for future reference?
|
|
2211
|
+
- [ ] Feature-specific learnings -> captured in research.md?
|
|
2212
|
+
|
|
2213
|
+
---
|
|
2214
|
+
|
|
2215
|
+
## Observability Logging
|
|
2216
|
+
|
|
2217
|
+
At stage completion, log metrics:
|
|
2218
|
+
|
|
2219
|
+
```bash
|
|
2220
|
+
.specify/scripts/bash/log-stage.sh 6_validate --complete --tokens [N] --compactions [N]
|
|
2221
|
+
```
|
|
2222
|
+
|
|
2223
|
+
This also logs quality metrics (rubric scores, finding counts) to:
|
|
2224
|
+
`.specify/logs/quality-metrics.jsonl`
|
|
2225
|
+
|
|
2226
|
+
---
|
|
2227
|
+
|
|
2228
|
+
## Key Rules
|
|
2229
|
+
|
|
2230
|
+
### Phase A (Rubric)
|
|
2231
|
+
|
|
2232
|
+
- **110/110 is the only passing score** — there is no "close enough"
|
|
2233
|
+
- **Agents run in parallel** — spawn all 6 (or 7 with red team) at once, do not
|
|
2234
|
+
serialize
|
|
2235
|
+
- **Red findings block** — any Red finding in any agent zeroes that category
|
|
2236
|
+
- **Mutation testing is optional** — gracefully degrade when Stryker absent
|
|
2237
|
+
- **Mock ratio excludes justified mocks** — mark with `// mock-justified:`
|
|
2238
|
+
comment
|
|
2239
|
+
- **Maximum 3 remediation iterations** — then escalate to human
|
|
2240
|
+
|
|
2241
|
+
### Phase B (Blast Radius)
|
|
2242
|
+
|
|
2243
|
+
- **5 blast-radius agents run in parallel** — do not serialize across dimensions
|
|
2244
|
+
- **The change manifest is ground truth** — build it once in Step 2.5, pass the
|
|
2245
|
+
same manifest to every Phase B agent
|
|
2246
|
+
- **Breaking change + no CHANGELOG entry = Red** — always. Release-checklist
|
|
2247
|
+
compliance is mandatory for user-visible changes.
|
|
2248
|
+
- **New High/Critical CVE = Red** — block before merge; Moderate is Yellow; Low
|
|
2249
|
+
is Gray
|
|
2250
|
+
- **Cross-submodule ripple requires explicit plan.md approval** — otherwise Red
|
|
2251
|
+
- **Blast-radius verdict CONTAINED gives Cat 11 = 10**; BREACHED gives Cat 11 =
|
|
2252
|
+
0 — this is the only way Cat 11 scores
|
|
2253
|
+
- **Phase B writes `blast-radius-report.md`** alongside `validation-report.md`
|
|
2254
|
+
- **Phase B Yellows seed Phase C** — Phase C must address them
|
|
2255
|
+
|
|
2256
|
+
### Phase C (Engineering Review Loop)
|
|
2257
|
+
|
|
2258
|
+
- **3 review agents per cycle** — spawn all in parallel, do not serialize
|
|
2259
|
+
- **5 cycles maximum** — hard cap to prevent infinite loops
|
|
2260
|
+
- **Fix Red before Yellow** — priority ordering matters
|
|
2261
|
+
- **Re-verify after fixes** — always re-run build/test/lint after changes
|
|
2262
|
+
- **Gray findings are logged, not auto-fixed** — they go in the report
|
|
2263
|
+
- **Phase C only runs if the rubric passes** — a failing rubric triggers
|
|
2264
|
+
brownfield restart instead
|
|
2265
|
+
- **This stage is the pipeline terminal** — "PIPELINE COMPLETE" only appears at
|
|
2266
|
+
the end of Phase C
|
|
2267
|
+
- **Engineering review is inline** — there is no separate follow-up stage after
|
|
2268
|
+
validation
|
|
2269
|
+
|
|
2270
|
+
### Across All Phases
|
|
2271
|
+
|
|
2272
|
+
- **Attribution logging is mandatory** — every finding (A, B, C) gets logged to
|
|
2273
|
+
JSONL with its phase and sub-dimension
|
|
2274
|
+
- **Be specific** — cite file paths and line numbers for all findings
|
|
2275
|
+
- **Score the rubric honestly** — the goal is to catch real problems, not to
|
|
2276
|
+
pass
|
|
2277
|
+
- Log stage completion for observability tracking
|