eai-cli 0.0.0-bootstrap.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (690) hide show
  1. package/LICENSE +183 -0
  2. package/NOTICE +4 -0
  3. package/README.md +14 -0
  4. package/dist/commands/agent.d.ts +3 -0
  5. package/dist/commands/agent.d.ts.map +1 -0
  6. package/dist/commands/agent.js +69 -0
  7. package/dist/commands/agent.js.map +1 -0
  8. package/dist/commands/blocks.d.ts +3 -0
  9. package/dist/commands/blocks.d.ts.map +1 -0
  10. package/dist/commands/blocks.js +249 -0
  11. package/dist/commands/blocks.js.map +1 -0
  12. package/dist/commands/chat.d.ts +6 -0
  13. package/dist/commands/chat.d.ts.map +1 -0
  14. package/dist/commands/chat.js +105 -0
  15. package/dist/commands/chat.js.map +1 -0
  16. package/dist/commands/deploy.d.ts +36 -0
  17. package/dist/commands/deploy.d.ts.map +1 -0
  18. package/dist/commands/deploy.js +712 -0
  19. package/dist/commands/deploy.js.map +1 -0
  20. package/dist/commands/dev.d.ts +15 -0
  21. package/dist/commands/dev.d.ts.map +1 -0
  22. package/dist/commands/dev.js +133 -0
  23. package/dist/commands/dev.js.map +1 -0
  24. package/dist/commands/docs.d.ts +6 -0
  25. package/dist/commands/docs.d.ts.map +1 -0
  26. package/dist/commands/docs.js +118 -0
  27. package/dist/commands/docs.js.map +1 -0
  28. package/dist/commands/env.d.ts +10 -0
  29. package/dist/commands/env.d.ts.map +1 -0
  30. package/dist/commands/env.js +200 -0
  31. package/dist/commands/env.js.map +1 -0
  32. package/dist/commands/errors.d.ts +3 -0
  33. package/dist/commands/errors.d.ts.map +1 -0
  34. package/dist/commands/errors.js +72 -0
  35. package/dist/commands/errors.js.map +1 -0
  36. package/dist/commands/gofer.d.ts +3 -0
  37. package/dist/commands/gofer.d.ts.map +1 -0
  38. package/dist/commands/gofer.js +134 -0
  39. package/dist/commands/gofer.js.map +1 -0
  40. package/dist/commands/init.d.ts +14 -0
  41. package/dist/commands/init.d.ts.map +1 -0
  42. package/dist/commands/init.js +1437 -0
  43. package/dist/commands/init.js.map +1 -0
  44. package/dist/commands/login.d.ts +7 -0
  45. package/dist/commands/login.d.ts.map +1 -0
  46. package/dist/commands/login.js +117 -0
  47. package/dist/commands/login.js.map +1 -0
  48. package/dist/commands/provision.d.ts +6 -0
  49. package/dist/commands/provision.d.ts.map +1 -0
  50. package/dist/commands/provision.js +855 -0
  51. package/dist/commands/provision.js.map +1 -0
  52. package/dist/commands/publicapi.d.ts +6 -0
  53. package/dist/commands/publicapi.d.ts.map +1 -0
  54. package/dist/commands/publicapi.js +184 -0
  55. package/dist/commands/publicapi.js.map +1 -0
  56. package/dist/commands/resources.d.ts +38 -0
  57. package/dist/commands/resources.d.ts.map +1 -0
  58. package/dist/commands/resources.js +1010 -0
  59. package/dist/commands/resources.js.map +1 -0
  60. package/dist/commands/runtime.d.ts +3 -0
  61. package/dist/commands/runtime.d.ts.map +1 -0
  62. package/dist/commands/runtime.js +78 -0
  63. package/dist/commands/runtime.js.map +1 -0
  64. package/dist/commands/template.d.ts +3 -0
  65. package/dist/commands/template.d.ts.map +1 -0
  66. package/dist/commands/template.js +365 -0
  67. package/dist/commands/template.js.map +1 -0
  68. package/dist/commands/tenant.d.ts +45 -0
  69. package/dist/commands/tenant.d.ts.map +1 -0
  70. package/dist/commands/tenant.js +1036 -0
  71. package/dist/commands/tenant.js.map +1 -0
  72. package/dist/commands/types.d.ts +130 -0
  73. package/dist/commands/types.d.ts.map +1 -0
  74. package/dist/commands/types.js +1636 -0
  75. package/dist/commands/types.js.map +1 -0
  76. package/dist/commands/update.d.ts +13 -0
  77. package/dist/commands/update.d.ts.map +1 -0
  78. package/dist/commands/update.js +163 -0
  79. package/dist/commands/update.js.map +1 -0
  80. package/dist/commands/user.d.ts +6 -0
  81. package/dist/commands/user.d.ts.map +1 -0
  82. package/dist/commands/user.js +359 -0
  83. package/dist/commands/user.js.map +1 -0
  84. package/dist/commands/verify.d.ts +40 -0
  85. package/dist/commands/verify.d.ts.map +1 -0
  86. package/dist/commands/verify.js +1442 -0
  87. package/dist/commands/verify.js.map +1 -0
  88. package/dist/commands/vertical.d.ts +24 -0
  89. package/dist/commands/vertical.d.ts.map +1 -0
  90. package/dist/commands/vertical.js +301 -0
  91. package/dist/commands/vertical.js.map +1 -0
  92. package/dist/commands/whoami.d.ts +6 -0
  93. package/dist/commands/whoami.d.ts.map +1 -0
  94. package/dist/commands/whoami.js +73 -0
  95. package/dist/commands/whoami.js.map +1 -0
  96. package/dist/commands/workflow.d.ts +6 -0
  97. package/dist/commands/workflow.d.ts.map +1 -0
  98. package/dist/commands/workflow.js +400 -0
  99. package/dist/commands/workflow.js.map +1 -0
  100. package/dist/index.d.ts +10 -0
  101. package/dist/index.d.ts.map +1 -0
  102. package/dist/index.js +272 -0
  103. package/dist/index.js.map +1 -0
  104. package/dist/lib/agent-guide.d.ts +24 -0
  105. package/dist/lib/agent-guide.d.ts.map +1 -0
  106. package/dist/lib/agent-guide.js +155 -0
  107. package/dist/lib/agent-guide.js.map +1 -0
  108. package/dist/lib/api.d.ts +338 -0
  109. package/dist/lib/api.d.ts.map +1 -0
  110. package/dist/lib/api.js +991 -0
  111. package/dist/lib/api.js.map +1 -0
  112. package/dist/lib/auth.d.ts +65 -0
  113. package/dist/lib/auth.d.ts.map +1 -0
  114. package/dist/lib/auth.js +592 -0
  115. package/dist/lib/auth.js.map +1 -0
  116. package/dist/lib/azure-cli.d.ts +6 -0
  117. package/dist/lib/azure-cli.d.ts.map +1 -0
  118. package/dist/lib/azure-cli.js +13 -0
  119. package/dist/lib/azure-cli.js.map +1 -0
  120. package/dist/lib/block-catalog-normalize.d.ts +47 -0
  121. package/dist/lib/block-catalog-normalize.d.ts.map +1 -0
  122. package/dist/lib/block-catalog-normalize.js +355 -0
  123. package/dist/lib/block-catalog-normalize.js.map +1 -0
  124. package/dist/lib/block-catalog-types.d.ts +111 -0
  125. package/dist/lib/block-catalog-types.d.ts.map +1 -0
  126. package/dist/lib/block-catalog-types.js +41 -0
  127. package/dist/lib/block-catalog-types.js.map +1 -0
  128. package/dist/lib/block-catalog-utils.d.ts +7 -0
  129. package/dist/lib/block-catalog-utils.d.ts.map +1 -0
  130. package/dist/lib/block-catalog-utils.js +47 -0
  131. package/dist/lib/block-catalog-utils.js.map +1 -0
  132. package/dist/lib/block-catalog-validation.d.ts +5 -0
  133. package/dist/lib/block-catalog-validation.d.ts.map +1 -0
  134. package/dist/lib/block-catalog-validation.js +112 -0
  135. package/dist/lib/block-catalog-validation.js.map +1 -0
  136. package/dist/lib/block-catalog.d.ts +3 -0
  137. package/dist/lib/block-catalog.d.ts.map +1 -0
  138. package/dist/lib/block-catalog.js +284 -0
  139. package/dist/lib/block-catalog.js.map +1 -0
  140. package/dist/lib/cloud-env.d.ts +25 -0
  141. package/dist/lib/cloud-env.d.ts.map +1 -0
  142. package/dist/lib/cloud-env.js +79 -0
  143. package/dist/lib/cloud-env.js.map +1 -0
  144. package/dist/lib/config.d.ts +116 -0
  145. package/dist/lib/config.d.ts.map +1 -0
  146. package/dist/lib/config.js +195 -0
  147. package/dist/lib/config.js.map +1 -0
  148. package/dist/lib/context.d.ts +43 -0
  149. package/dist/lib/context.d.ts.map +1 -0
  150. package/dist/lib/context.js +68 -0
  151. package/dist/lib/context.js.map +1 -0
  152. package/dist/lib/error-codes.d.ts +56 -0
  153. package/dist/lib/error-codes.d.ts.map +1 -0
  154. package/dist/lib/error-codes.js +211 -0
  155. package/dist/lib/error-codes.js.map +1 -0
  156. package/dist/lib/error-guidance/catalog.d.ts +648 -0
  157. package/dist/lib/error-guidance/catalog.d.ts.map +1 -0
  158. package/dist/lib/error-guidance/catalog.js +940 -0
  159. package/dist/lib/error-guidance/catalog.js.map +1 -0
  160. package/dist/lib/error-guidance/match.d.ts +3 -0
  161. package/dist/lib/error-guidance/match.d.ts.map +1 -0
  162. package/dist/lib/error-guidance/match.js +46 -0
  163. package/dist/lib/error-guidance/match.js.map +1 -0
  164. package/dist/lib/error-guidance/render.d.ts +5 -0
  165. package/dist/lib/error-guidance/render.d.ts.map +1 -0
  166. package/dist/lib/error-guidance/render.js +92 -0
  167. package/dist/lib/error-guidance/render.js.map +1 -0
  168. package/dist/lib/error-guidance/types.d.ts +76 -0
  169. package/dist/lib/error-guidance/types.d.ts.map +1 -0
  170. package/dist/lib/error-guidance/types.js +2 -0
  171. package/dist/lib/error-guidance/types.js.map +1 -0
  172. package/dist/lib/error-guidance/validate.d.ts +3 -0
  173. package/dist/lib/error-guidance/validate.d.ts.map +1 -0
  174. package/dist/lib/error-guidance/validate.js +59 -0
  175. package/dist/lib/error-guidance/validate.js.map +1 -0
  176. package/dist/lib/gofer-installer.d.ts +32 -0
  177. package/dist/lib/gofer-installer.d.ts.map +1 -0
  178. package/dist/lib/gofer-installer.js +589 -0
  179. package/dist/lib/gofer-installer.js.map +1 -0
  180. package/dist/lib/gofer-refresh.d.ts +46 -0
  181. package/dist/lib/gofer-refresh.d.ts.map +1 -0
  182. package/dist/lib/gofer-refresh.js +536 -0
  183. package/dist/lib/gofer-refresh.js.map +1 -0
  184. package/dist/lib/next-route-exports.d.ts +6 -0
  185. package/dist/lib/next-route-exports.d.ts.map +1 -0
  186. package/dist/lib/next-route-exports.js +127 -0
  187. package/dist/lib/next-route-exports.js.map +1 -0
  188. package/dist/lib/npm.d.ts +2 -0
  189. package/dist/lib/npm.d.ts.map +1 -0
  190. package/dist/lib/npm.js +4 -0
  191. package/dist/lib/npm.js.map +1 -0
  192. package/dist/lib/object-type-defaults.d.ts +4 -0
  193. package/dist/lib/object-type-defaults.d.ts.map +1 -0
  194. package/dist/lib/object-type-defaults.js +72 -0
  195. package/dist/lib/object-type-defaults.js.map +1 -0
  196. package/dist/lib/output.d.ts +35 -0
  197. package/dist/lib/output.d.ts.map +1 -0
  198. package/dist/lib/output.js +166 -0
  199. package/dist/lib/output.js.map +1 -0
  200. package/dist/lib/profile.d.ts +52 -0
  201. package/dist/lib/profile.d.ts.map +1 -0
  202. package/dist/lib/profile.js +116 -0
  203. package/dist/lib/profile.js.map +1 -0
  204. package/dist/lib/project-manifest.d.ts +42 -0
  205. package/dist/lib/project-manifest.d.ts.map +1 -0
  206. package/dist/lib/project-manifest.js +191 -0
  207. package/dist/lib/project-manifest.js.map +1 -0
  208. package/dist/lib/resourceapi-bundle.d.ts +33 -0
  209. package/dist/lib/resourceapi-bundle.d.ts.map +1 -0
  210. package/dist/lib/resourceapi-bundle.js +79 -0
  211. package/dist/lib/resourceapi-bundle.js.map +1 -0
  212. package/dist/lib/runtime-contract.d.ts +84 -0
  213. package/dist/lib/runtime-contract.d.ts.map +1 -0
  214. package/dist/lib/runtime-contract.js +318 -0
  215. package/dist/lib/runtime-contract.js.map +1 -0
  216. package/dist/lib/schema-builder.d.ts +28 -0
  217. package/dist/lib/schema-builder.d.ts.map +1 -0
  218. package/dist/lib/schema-builder.js +69 -0
  219. package/dist/lib/schema-builder.js.map +1 -0
  220. package/dist/lib/tenant-context.d.ts +127 -0
  221. package/dist/lib/tenant-context.d.ts.map +1 -0
  222. package/dist/lib/tenant-context.js +573 -0
  223. package/dist/lib/tenant-context.js.map +1 -0
  224. package/dist/lib/update-check.d.ts +52 -0
  225. package/dist/lib/update-check.d.ts.map +1 -0
  226. package/dist/lib/update-check.js +271 -0
  227. package/dist/lib/update-check.js.map +1 -0
  228. package/dist/lib/update-maintenance.d.ts +15 -0
  229. package/dist/lib/update-maintenance.d.ts.map +1 -0
  230. package/dist/lib/update-maintenance.js +187 -0
  231. package/dist/lib/update-maintenance.js.map +1 -0
  232. package/dist/lib/utils.d.ts +23 -0
  233. package/dist/lib/utils.d.ts.map +1 -0
  234. package/dist/lib/utils.js +48 -0
  235. package/dist/lib/utils.js.map +1 -0
  236. package/dist/lib/workflow-provisioning.d.ts +54 -0
  237. package/dist/lib/workflow-provisioning.d.ts.map +1 -0
  238. package/dist/lib/workflow-provisioning.js +281 -0
  239. package/dist/lib/workflow-provisioning.js.map +1 -0
  240. package/package.json +51 -0
  241. package/resources/gofer/.gofer-version +7 -0
  242. package/resources/gofer/agents-skills/0_gofer_start/SKILL.md +1287 -0
  243. package/resources/gofer/agents-skills/0a_problem_validation/SKILL.md +429 -0
  244. package/resources/gofer/agents-skills/10_gofer_cloud/SKILL.md +635 -0
  245. package/resources/gofer/agents-skills/1_gofer_research/SKILL.md +1159 -0
  246. package/resources/gofer/agents-skills/2_gofer_specify/SKILL.md +860 -0
  247. package/resources/gofer/agents-skills/3_gofer_plan/SKILL.md +886 -0
  248. package/resources/gofer/agents-skills/4_gofer_tasks/SKILL.md +748 -0
  249. package/resources/gofer/agents-skills/5_gofer_implement/SKILL.md +924 -0
  250. package/resources/gofer/agents-skills/6_gofer_validate/SKILL.md +2269 -0
  251. package/resources/gofer/agents-skills/7_gofer_save/SKILL.md +423 -0
  252. package/resources/gofer/agents-skills/7a_stakeholder_comms/SKILL.md +508 -0
  253. package/resources/gofer/agents-skills/8_gofer_branding/SKILL.md +315 -0
  254. package/resources/gofer/agents-skills/9_gofer_tests/SKILL.md +558 -0
  255. package/resources/gofer/agents-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
  256. package/resources/gofer/agents-skills/gofer_check_workspace/SKILL.md +119 -0
  257. package/resources/gofer/agents-skills/gofer_constitution/SKILL.md +612 -0
  258. package/resources/gofer/agents-skills/gofer_diagnose/SKILL.md +114 -0
  259. package/resources/gofer/agents-skills/gofer_eai_first_run/SKILL.md +397 -0
  260. package/resources/gofer/agents-skills/gofer_hydrate/SKILL.md +561 -0
  261. package/resources/gofer/agents-skills/gofer_personality/SKILL.md +44 -0
  262. package/resources/gofer/agents-skills/gofer_plan/SKILL.md +40 -0
  263. package/resources/gofer/agents-skills/gofer_side/SKILL.md +45 -0
  264. package/resources/gofer/agents-skills/gofer_spec_summary/SKILL.md +112 -0
  265. package/resources/gofer/agents-skills/gofer_tdd/SKILL.md +112 -0
  266. package/resources/gofer/agents-skills/gofer_vocabulary/SKILL.md +112 -0
  267. package/resources/gofer/agents-skills/gofer_zoom_out/SKILL.md +112 -0
  268. package/resources/gofer/bash-scripts/check-context-health.sh +365 -0
  269. package/resources/gofer/bash-scripts/check-persona-pack.sh +81 -0
  270. package/resources/gofer/bash-scripts/check-prerequisites.sh +168 -0
  271. package/resources/gofer/bash-scripts/common.sh +192 -0
  272. package/resources/gofer/bash-scripts/create-new-feature.sh +260 -0
  273. package/resources/gofer/bash-scripts/install-optional-tools.sh +270 -0
  274. package/resources/gofer/bash-scripts/log-stage.sh +224 -0
  275. package/resources/gofer/bash-scripts/mark-task-complete.sh +74 -0
  276. package/resources/gofer/bash-scripts/pipeline-state.sh +306 -0
  277. package/resources/gofer/bash-scripts/read-failed-approaches.sh +114 -0
  278. package/resources/gofer/bash-scripts/read-session-memories.sh +96 -0
  279. package/resources/gofer/bash-scripts/save-checkpoint.sh +407 -0
  280. package/resources/gofer/bash-scripts/setup-plan.sh +62 -0
  281. package/resources/gofer/bash-scripts/sync-implementation-status.sh +47 -0
  282. package/resources/gofer/bash-scripts/update-agent-context.sh +772 -0
  283. package/resources/gofer/bash-scripts/validate-artifact.sh +335 -0
  284. package/resources/gofer/bash-scripts/verify-task.sh +384 -0
  285. package/resources/gofer/bash-scripts/write-failed-approach.sh +110 -0
  286. package/resources/gofer/bash-scripts/write-periodic-checkpoint.sh +128 -0
  287. package/resources/gofer/bash-scripts/write-session-memory.sh +118 -0
  288. package/resources/gofer/claude-agents/assumption-tracker.md +168 -0
  289. package/resources/gofer/claude-agents/business-metrics-analyzer.md +169 -0
  290. package/resources/gofer/claude-agents/business-problem-validator.md +168 -0
  291. package/resources/gofer/claude-agents/codebase-analyzer.md +124 -0
  292. package/resources/gofer/claude-agents/codebase-locator.md +95 -0
  293. package/resources/gofer/claude-agents/codebase-pattern-finder.md +180 -0
  294. package/resources/gofer/claude-agents/comms-writer.md +158 -0
  295. package/resources/gofer/claude-agents/engineer-review.md +169 -0
  296. package/resources/gofer/claude-agents/implement-bug-triangulator.md +94 -0
  297. package/resources/gofer/claude-agents/implement-code-review-council.md +89 -0
  298. package/resources/gofer/claude-agents/implement-doc-writer.md +89 -0
  299. package/resources/gofer/claude-agents/implement-error-hardener.md +84 -0
  300. package/resources/gofer/claude-agents/implement-performance-explorer.md +95 -0
  301. package/resources/gofer/claude-agents/implement-test-diversifier.md +82 -0
  302. package/resources/gofer/claude-agents/implement-variant-generator.md +80 -0
  303. package/resources/gofer/claude-agents/multi-perspective-judge.md +114 -0
  304. package/resources/gofer/claude-agents/plan-api-comparator.md +90 -0
  305. package/resources/gofer/claude-agents/plan-architecture-diverger.md +100 -0
  306. package/resources/gofer/claude-agents/plan-data-model-stress-tester.md +95 -0
  307. package/resources/gofer/claude-agents/plan-migration-path-finder.md +95 -0
  308. package/resources/gofer/claude-agents/plan-refactor-rewrite-advisor.md +97 -0
  309. package/resources/gofer/claude-agents/research-dependency-evaluator.md +106 -0
  310. package/resources/gofer/claude-agents/research-horizon-scanner.md +100 -0
  311. package/resources/gofer/claude-agents/research-market-scanner.md +137 -0
  312. package/resources/gofer/claude-agents/research-perspective-multiplier.md +102 -0
  313. package/resources/gofer/claude-agents/scope-creep-detector.md +152 -0
  314. package/resources/gofer/claude-agents/specify-ambiguity-detector.md +95 -0
  315. package/resources/gofer/claude-agents/specify-journey-stress-tester.md +92 -0
  316. package/resources/gofer/claude-agents/tasks-cross-cutting-scanner.md +91 -0
  317. package/resources/gofer/claude-agents/tasks-rollback-planner.md +89 -0
  318. package/resources/gofer/claude-agents/validate-security-red-team.md +102 -0
  319. package/resources/gofer/claude-agents/validation-correctness.md +103 -0
  320. package/resources/gofer/claude-agents/validation-integration.md +129 -0
  321. package/resources/gofer/claude-agents/validation-performance.md +120 -0
  322. package/resources/gofer/claude-agents/validation-security.md +115 -0
  323. package/resources/gofer/claude-agents/validation-standards.md +151 -0
  324. package/resources/gofer/claude-agents/validation-test-quality.md +146 -0
  325. package/resources/gofer/claude-agents/visual-bounded-context-writer.md +40 -0
  326. package/resources/gofer/claude-agents/visual-c4-writer.md +45 -0
  327. package/resources/gofer/claude-agents/visual-erd-writer.md +34 -0
  328. package/resources/gofer/claude-agents/visual-heatmap-writer.md +63 -0
  329. package/resources/gofer/claude-agents/visual-risk-writer.md +64 -0
  330. package/resources/gofer/claude-commands/0_gofer_start.md +1282 -0
  331. package/resources/gofer/claude-commands/0a_problem_validation.md +424 -0
  332. package/resources/gofer/claude-commands/10_gofer_cloud.md +630 -0
  333. package/resources/gofer/claude-commands/1_gofer_research.md +1154 -0
  334. package/resources/gofer/claude-commands/2_gofer_specify.md +855 -0
  335. package/resources/gofer/claude-commands/3_gofer_plan.md +881 -0
  336. package/resources/gofer/claude-commands/4_gofer_tasks.md +743 -0
  337. package/resources/gofer/claude-commands/5_gofer_implement.md +919 -0
  338. package/resources/gofer/claude-commands/6_gofer_validate.md +2264 -0
  339. package/resources/gofer/claude-commands/7_gofer_save.md +418 -0
  340. package/resources/gofer/claude-commands/7a_stakeholder_comms.md +503 -0
  341. package/resources/gofer/claude-commands/8_gofer_branding.md +310 -0
  342. package/resources/gofer/claude-commands/9_gofer_tests.md +553 -0
  343. package/resources/gofer/claude-commands/gofer_bootstrap_workspace.md +143 -0
  344. package/resources/gofer/claude-commands/gofer_check_workspace.md +114 -0
  345. package/resources/gofer/claude-commands/gofer_constitution.md +607 -0
  346. package/resources/gofer/claude-commands/gofer_diagnose.md +109 -0
  347. package/resources/gofer/claude-commands/gofer_eai_first_run.md +392 -0
  348. package/resources/gofer/claude-commands/gofer_hydrate.md +556 -0
  349. package/resources/gofer/claude-commands/gofer_personality.md +39 -0
  350. package/resources/gofer/claude-commands/gofer_plan.md +35 -0
  351. package/resources/gofer/claude-commands/gofer_side.md +40 -0
  352. package/resources/gofer/claude-commands/gofer_spec_summary.md +107 -0
  353. package/resources/gofer/claude-commands/gofer_tdd.md +107 -0
  354. package/resources/gofer/claude-commands/gofer_vocabulary.md +107 -0
  355. package/resources/gofer/claude-commands/gofer_zoom_out.md +107 -0
  356. package/resources/gofer/claude-skills/eai-gofer/SKILL.md +56 -0
  357. package/resources/gofer/commands/.gitkeep +0 -0
  358. package/resources/gofer/commands/0_gofer_start.md +1299 -0
  359. package/resources/gofer/commands/0a_problem_validation.md +405 -0
  360. package/resources/gofer/commands/10_gofer_cloud.md +611 -0
  361. package/resources/gofer/commands/1_gofer_research.md +1135 -0
  362. package/resources/gofer/commands/2_gofer_specify.md +836 -0
  363. package/resources/gofer/commands/3_gofer_plan.md +862 -0
  364. package/resources/gofer/commands/4_gofer_tasks.md +724 -0
  365. package/resources/gofer/commands/5_gofer_implement.md +900 -0
  366. package/resources/gofer/commands/6_gofer_validate.md +2245 -0
  367. package/resources/gofer/commands/7_gofer_save.md +399 -0
  368. package/resources/gofer/commands/7a_stakeholder_comms.md +484 -0
  369. package/resources/gofer/commands/8_gofer_branding.md +291 -0
  370. package/resources/gofer/commands/9_gofer_tests.md +534 -0
  371. package/resources/gofer/commands/gofer_bootstrap_workspace.md +159 -0
  372. package/resources/gofer/commands/gofer_check_workspace.md +130 -0
  373. package/resources/gofer/commands/gofer_constitution.md +588 -0
  374. package/resources/gofer/commands/gofer_diagnose.md +89 -0
  375. package/resources/gofer/commands/gofer_eai_first_run.md +392 -0
  376. package/resources/gofer/commands/gofer_hydrate.md +537 -0
  377. package/resources/gofer/commands/gofer_personality.md +61 -0
  378. package/resources/gofer/commands/gofer_plan.md +51 -0
  379. package/resources/gofer/commands/gofer_side.md +56 -0
  380. package/resources/gofer/commands/gofer_spec_summary.md +87 -0
  381. package/resources/gofer/commands/gofer_tdd.md +87 -0
  382. package/resources/gofer/commands/gofer_vocabulary.md +87 -0
  383. package/resources/gofer/commands/gofer_zoom_out.md +87 -0
  384. package/resources/gofer/copilot-instructions/gofer-cost.instructions.md +13 -0
  385. package/resources/gofer/copilot-instructions/language-server.instructions.md +49 -0
  386. package/resources/gofer/copilot-instructions/typescript.instructions.md +47 -0
  387. package/resources/gofer/copilot-instructions/vscode-extension.instructions.md +46 -0
  388. package/resources/gofer/copilot-prompts/0_gofer_start.prompt.md +1308 -0
  389. package/resources/gofer/copilot-prompts/0a_problem_validation.prompt.md +429 -0
  390. package/resources/gofer/copilot-prompts/10_gofer_cloud.prompt.md +644 -0
  391. package/resources/gofer/copilot-prompts/1_gofer_research.prompt.md +1177 -0
  392. package/resources/gofer/copilot-prompts/2_gofer_specify.prompt.md +878 -0
  393. package/resources/gofer/copilot-prompts/3_gofer_plan.prompt.md +904 -0
  394. package/resources/gofer/copilot-prompts/4_gofer_tasks.prompt.md +766 -0
  395. package/resources/gofer/copilot-prompts/5_gofer_implement.prompt.md +942 -0
  396. package/resources/gofer/copilot-prompts/6_gofer_validate.prompt.md +2277 -0
  397. package/resources/gofer/copilot-prompts/7_gofer_save.prompt.md +433 -0
  398. package/resources/gofer/copilot-prompts/7a_stakeholder_comms.prompt.md +516 -0
  399. package/resources/gofer/copilot-prompts/8_gofer_branding.prompt.md +323 -0
  400. package/resources/gofer/copilot-prompts/9_gofer_tests.prompt.md +566 -0
  401. package/resources/gofer/copilot-prompts/gofer_bootstrap_workspace.prompt.md +161 -0
  402. package/resources/gofer/copilot-prompts/gofer_check_workspace.prompt.md +132 -0
  403. package/resources/gofer/copilot-prompts/gofer_constitution.prompt.md +621 -0
  404. package/resources/gofer/copilot-prompts/gofer_diagnose.prompt.md +127 -0
  405. package/resources/gofer/copilot-prompts/gofer_eai_first_run.prompt.md +410 -0
  406. package/resources/gofer/copilot-prompts/gofer_hydrate.prompt.md +571 -0
  407. package/resources/gofer/copilot-prompts/gofer_personality.prompt.md +57 -0
  408. package/resources/gofer/copilot-prompts/gofer_plan.prompt.md +53 -0
  409. package/resources/gofer/copilot-prompts/gofer_side.prompt.md +58 -0
  410. package/resources/gofer/copilot-prompts/gofer_spec_summary.prompt.md +125 -0
  411. package/resources/gofer/copilot-prompts/gofer_tdd.prompt.md +125 -0
  412. package/resources/gofer/copilot-prompts/gofer_vocabulary.prompt.md +125 -0
  413. package/resources/gofer/copilot-prompts/gofer_zoom_out.prompt.md +125 -0
  414. package/resources/gofer/gemini/agents/assumption-tracker.md +171 -0
  415. package/resources/gofer/gemini/agents/business-metrics-analyzer.md +172 -0
  416. package/resources/gofer/gemini/agents/business-problem-validator.md +171 -0
  417. package/resources/gofer/gemini/agents/codebase-analyzer.md +127 -0
  418. package/resources/gofer/gemini/agents/codebase-locator.md +98 -0
  419. package/resources/gofer/gemini/agents/codebase-pattern-finder.md +183 -0
  420. package/resources/gofer/gemini/agents/comms-writer.md +161 -0
  421. package/resources/gofer/gemini/agents/engineer-review.md +172 -0
  422. package/resources/gofer/gemini/agents/implement-bug-triangulator.md +97 -0
  423. package/resources/gofer/gemini/agents/implement-code-review-council.md +92 -0
  424. package/resources/gofer/gemini/agents/implement-doc-writer.md +92 -0
  425. package/resources/gofer/gemini/agents/implement-error-hardener.md +87 -0
  426. package/resources/gofer/gemini/agents/implement-performance-explorer.md +98 -0
  427. package/resources/gofer/gemini/agents/implement-test-diversifier.md +85 -0
  428. package/resources/gofer/gemini/agents/implement-variant-generator.md +83 -0
  429. package/resources/gofer/gemini/agents/multi-perspective-judge.md +117 -0
  430. package/resources/gofer/gemini/agents/plan-api-comparator.md +93 -0
  431. package/resources/gofer/gemini/agents/plan-architecture-diverger.md +103 -0
  432. package/resources/gofer/gemini/agents/plan-data-model-stress-tester.md +98 -0
  433. package/resources/gofer/gemini/agents/plan-migration-path-finder.md +98 -0
  434. package/resources/gofer/gemini/agents/plan-refactor-rewrite-advisor.md +100 -0
  435. package/resources/gofer/gemini/agents/research-dependency-evaluator.md +109 -0
  436. package/resources/gofer/gemini/agents/research-horizon-scanner.md +103 -0
  437. package/resources/gofer/gemini/agents/research-market-scanner.md +140 -0
  438. package/resources/gofer/gemini/agents/research-perspective-multiplier.md +105 -0
  439. package/resources/gofer/gemini/agents/scope-creep-detector.md +155 -0
  440. package/resources/gofer/gemini/agents/specify-ambiguity-detector.md +98 -0
  441. package/resources/gofer/gemini/agents/specify-journey-stress-tester.md +95 -0
  442. package/resources/gofer/gemini/agents/tasks-cross-cutting-scanner.md +94 -0
  443. package/resources/gofer/gemini/agents/tasks-rollback-planner.md +92 -0
  444. package/resources/gofer/gemini/agents/validate-security-red-team.md +105 -0
  445. package/resources/gofer/gemini/agents/validation-correctness.md +106 -0
  446. package/resources/gofer/gemini/agents/validation-integration.md +132 -0
  447. package/resources/gofer/gemini/agents/validation-performance.md +123 -0
  448. package/resources/gofer/gemini/agents/validation-security.md +118 -0
  449. package/resources/gofer/gemini/agents/validation-standards.md +154 -0
  450. package/resources/gofer/gemini/agents/validation-test-quality.md +149 -0
  451. package/resources/gofer/gemini/agents/visual-bounded-context-writer.md +40 -0
  452. package/resources/gofer/gemini/agents/visual-c4-writer.md +44 -0
  453. package/resources/gofer/gemini/agents/visual-erd-writer.md +36 -0
  454. package/resources/gofer/gemini/agents/visual-heatmap-writer.md +63 -0
  455. package/resources/gofer/gemini/agents/visual-risk-writer.md +64 -0
  456. package/resources/gofer/gemini/commands/gofer/.gitkeep +0 -0
  457. package/resources/gofer/gemini/commands/gofer/0_gofer_start.md +1282 -0
  458. package/resources/gofer/gemini/commands/gofer/0_gofer_start.toml +2 -0
  459. package/resources/gofer/gemini/commands/gofer/0a_problem_validation.md +424 -0
  460. package/resources/gofer/gemini/commands/gofer/0a_problem_validation.toml +2 -0
  461. package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.md +630 -0
  462. package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.toml +2 -0
  463. package/resources/gofer/gemini/commands/gofer/1_gofer_research.md +1154 -0
  464. package/resources/gofer/gemini/commands/gofer/1_gofer_research.toml +2 -0
  465. package/resources/gofer/gemini/commands/gofer/2_gofer_specify.md +855 -0
  466. package/resources/gofer/gemini/commands/gofer/2_gofer_specify.toml +2 -0
  467. package/resources/gofer/gemini/commands/gofer/3_gofer_plan.md +881 -0
  468. package/resources/gofer/gemini/commands/gofer/3_gofer_plan.toml +2 -0
  469. package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.md +743 -0
  470. package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.toml +2 -0
  471. package/resources/gofer/gemini/commands/gofer/5_gofer_implement.md +919 -0
  472. package/resources/gofer/gemini/commands/gofer/5_gofer_implement.toml +2 -0
  473. package/resources/gofer/gemini/commands/gofer/6_gofer_validate.md +2264 -0
  474. package/resources/gofer/gemini/commands/gofer/6_gofer_validate.toml +2 -0
  475. package/resources/gofer/gemini/commands/gofer/7_gofer_save.md +418 -0
  476. package/resources/gofer/gemini/commands/gofer/7_gofer_save.toml +2 -0
  477. package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.md +503 -0
  478. package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.toml +2 -0
  479. package/resources/gofer/gemini/commands/gofer/8_gofer_branding.md +310 -0
  480. package/resources/gofer/gemini/commands/gofer/8_gofer_branding.toml +2 -0
  481. package/resources/gofer/gemini/commands/gofer/9_gofer_tests.md +553 -0
  482. package/resources/gofer/gemini/commands/gofer/9_gofer_tests.toml +2 -0
  483. package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.md +143 -0
  484. package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.toml +2 -0
  485. package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.md +114 -0
  486. package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.toml +2 -0
  487. package/resources/gofer/gemini/commands/gofer/gofer_constitution.md +607 -0
  488. package/resources/gofer/gemini/commands/gofer/gofer_constitution.toml +2 -0
  489. package/resources/gofer/gemini/commands/gofer/gofer_diagnose.md +109 -0
  490. package/resources/gofer/gemini/commands/gofer/gofer_diagnose.toml +2 -0
  491. package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.md +392 -0
  492. package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.toml +2 -0
  493. package/resources/gofer/gemini/commands/gofer/gofer_hydrate.md +556 -0
  494. package/resources/gofer/gemini/commands/gofer/gofer_hydrate.toml +2 -0
  495. package/resources/gofer/gemini/commands/gofer/gofer_personality.md +39 -0
  496. package/resources/gofer/gemini/commands/gofer/gofer_personality.toml +2 -0
  497. package/resources/gofer/gemini/commands/gofer/gofer_plan.md +35 -0
  498. package/resources/gofer/gemini/commands/gofer/gofer_plan.toml +2 -0
  499. package/resources/gofer/gemini/commands/gofer/gofer_side.md +40 -0
  500. package/resources/gofer/gemini/commands/gofer/gofer_side.toml +2 -0
  501. package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.md +107 -0
  502. package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.toml +2 -0
  503. package/resources/gofer/gemini/commands/gofer/gofer_tdd.md +107 -0
  504. package/resources/gofer/gemini/commands/gofer/gofer_tdd.toml +2 -0
  505. package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.md +107 -0
  506. package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.toml +2 -0
  507. package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.md +107 -0
  508. package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.toml +2 -0
  509. package/resources/gofer/gemini/commands/gofer/manifest.json +32 -0
  510. package/resources/gofer/gemini/extension.json +16 -0
  511. package/resources/gofer/github-agents/gofer-business.agent.md +20 -0
  512. package/resources/gofer/github-agents/gofer-implement.agent.md +15 -0
  513. package/resources/gofer/github-agents/gofer-plan.agent.md +15 -0
  514. package/resources/gofer/github-agents/gofer-research.agent.md +15 -0
  515. package/resources/gofer/github-agents/gofer-validate.agent.md +10 -0
  516. package/resources/gofer/github-skills/eai-gofer/SKILL.md +56 -0
  517. package/resources/gofer/hook-scripts/agent-stop.mjs +655 -0
  518. package/resources/gofer/hook-scripts/log-stage-launch-time.mjs +77 -0
  519. package/resources/gofer/hook-scripts/post-tool-use.mjs +333 -0
  520. package/resources/gofer/hook-scripts/queued-input.mjs +188 -0
  521. package/resources/gofer/hook-scripts/session-lifecycle.mjs +93 -0
  522. package/resources/gofer/hook-scripts/user-prompt-submit.mjs +228 -0
  523. package/resources/gofer/instruction-templates/base/agents-base.md +37 -0
  524. package/resources/gofer/instruction-templates/base/claude-base.md +7 -0
  525. package/resources/gofer/instruction-templates/base/copilot-base.md +26 -0
  526. package/resources/gofer/instruction-templates/gofer/gofer-claude.md +5 -0
  527. package/resources/gofer/instruction-templates/gofer/gofer-copilot.md +9 -0
  528. package/resources/gofer/instruction-templates/languages/generic.md +7 -0
  529. package/resources/gofer/instruction-templates/languages/go.md +8 -0
  530. package/resources/gofer/instruction-templates/languages/java.md +8 -0
  531. package/resources/gofer/instruction-templates/languages/python.md +9 -0
  532. package/resources/gofer/instruction-templates/languages/rust.md +9 -0
  533. package/resources/gofer/instruction-templates/languages/typescript.md +19 -0
  534. package/resources/gofer/instruction-templates/workflow/principles.md +52 -0
  535. package/resources/gofer/memory/constitution.md +391 -0
  536. package/resources/gofer/memory/context-profiles.yaml +74 -0
  537. package/resources/gofer/memory/decisions/000-use-adr-for-decisions.md +67 -0
  538. package/resources/gofer/memory/decisions/001-di-framework.md +190 -0
  539. package/resources/gofer/memory/decisions/002-module-extraction.md +305 -0
  540. package/resources/gofer/memory/decisions/003-error-handling.md +368 -0
  541. package/resources/gofer/memory/decisions/004-cache-eviction.md +436 -0
  542. package/resources/gofer/memory/decisions/005-constants-management.md +520 -0
  543. package/resources/gofer/memory/decisions/README.md +129 -0
  544. package/resources/gofer/memory/diagrams/di-container.mmd +321 -0
  545. package/resources/gofer/memory/diagrams/extension-activation.mmd +184 -0
  546. package/resources/gofer/memory/diagrams/module-dependencies.mmd +264 -0
  547. package/resources/gofer/memory/gofer-model-policy.yaml +97 -0
  548. package/resources/gofer/memory/lessons.md +46 -0
  549. package/resources/gofer/node-scripts/canonical-descriptions.mjs +86 -0
  550. package/resources/gofer/node-scripts/check-version-alignment.mjs +131 -0
  551. package/resources/gofer/node-scripts/codex-doctor.mjs +425 -0
  552. package/resources/gofer/node-scripts/generate-commands.mjs +1366 -0
  553. package/resources/gofer/node-scripts/generate-issues.js +563 -0
  554. package/resources/gofer/node-scripts/gofer-closed-loop-audit.mjs +893 -0
  555. package/resources/gofer/node-scripts/gofer-loop-audit.mjs +541 -0
  556. package/resources/gofer/node-scripts/gofer-performance-report.mjs +306 -0
  557. package/resources/gofer/node-scripts/gofer-workspace-bootstrap.mjs +56 -0
  558. package/resources/gofer/node-scripts/gofer-workspace-check.mjs +56 -0
  559. package/resources/gofer/node-scripts/lib/ai-leverage-tagger.mjs +103 -0
  560. package/resources/gofer/node-scripts/lib/assemble-stakeholder-pack.mjs +114 -0
  561. package/resources/gofer/node-scripts/lib/marp-deck.mjs +87 -0
  562. package/resources/gofer/node-scripts/lib/mermaid-tabular-fallback.mjs +264 -0
  563. package/resources/gofer/node-scripts/lib/render-visual.mjs +54 -0
  564. package/resources/gofer/node-scripts/lib/validate-aliases.mjs +85 -0
  565. package/resources/gofer/node-scripts/lib/visual-counts.mjs +44 -0
  566. package/resources/gofer/node-scripts/lib/visual-pass-pipeline.mjs +134 -0
  567. package/resources/gofer/node-scripts/mermaid-export.mjs +72 -0
  568. package/resources/gofer/node-scripts/package-agent-plugin.mjs +940 -0
  569. package/resources/gofer/node-scripts/parse-stage-command.mjs +211 -0
  570. package/resources/gofer/node-scripts/schemas/.gitkeep +0 -0
  571. package/resources/gofer/node-scripts/schemas/stage-command.schema.json +72 -0
  572. package/resources/gofer/node-scripts/sync-extension-resources.mjs +110 -0
  573. package/resources/gofer/node-scripts/workspace-bootstrap-lib.mjs +1166 -0
  574. package/resources/gofer/powershell-scripts/install-optional-tools.ps1 +214 -0
  575. package/resources/gofer/references/platform/README.md +17 -0
  576. package/resources/gofer/references/platform/deployment-repo.md +9 -0
  577. package/resources/gofer/references/platform/eai-app-template.md +45 -0
  578. package/resources/gofer/references/platform/eai-config-driven-ui.md +156 -0
  579. package/resources/gofer/references/platform/eai-error-catalog.yaml +197 -0
  580. package/resources/gofer/references/platform/eai-repo-contract.md +134 -0
  581. package/resources/gofer/references/platform/eai-service-patterns.md +56 -0
  582. package/resources/gofer/references/platform/eai.md +85 -0
  583. package/resources/gofer/references/platform/vertical-template.md +49 -0
  584. package/resources/gofer/specify-commands/.gitkeep +0 -0
  585. package/resources/gofer/specify-commands/0_gofer_start.md +1299 -0
  586. package/resources/gofer/specify-commands/0a_problem_validation.md +405 -0
  587. package/resources/gofer/specify-commands/10_gofer_cloud.md +611 -0
  588. package/resources/gofer/specify-commands/1_gofer_research.md +1135 -0
  589. package/resources/gofer/specify-commands/2_gofer_specify.md +836 -0
  590. package/resources/gofer/specify-commands/3_gofer_plan.md +862 -0
  591. package/resources/gofer/specify-commands/4_gofer_tasks.md +724 -0
  592. package/resources/gofer/specify-commands/5_gofer_implement.md +900 -0
  593. package/resources/gofer/specify-commands/6_gofer_validate.md +2245 -0
  594. package/resources/gofer/specify-commands/7_gofer_save.md +399 -0
  595. package/resources/gofer/specify-commands/7a_stakeholder_comms.md +484 -0
  596. package/resources/gofer/specify-commands/8_gofer_branding.md +291 -0
  597. package/resources/gofer/specify-commands/9_gofer_tests.md +534 -0
  598. package/resources/gofer/specify-commands/gofer_bootstrap_workspace.md +159 -0
  599. package/resources/gofer/specify-commands/gofer_check_workspace.md +130 -0
  600. package/resources/gofer/specify-commands/gofer_constitution.md +588 -0
  601. package/resources/gofer/specify-commands/gofer_diagnose.md +89 -0
  602. package/resources/gofer/specify-commands/gofer_eai_first_run.md +392 -0
  603. package/resources/gofer/specify-commands/gofer_hydrate.md +537 -0
  604. package/resources/gofer/specify-commands/gofer_personality.md +61 -0
  605. package/resources/gofer/specify-commands/gofer_plan.md +51 -0
  606. package/resources/gofer/specify-commands/gofer_side.md +56 -0
  607. package/resources/gofer/specify-commands/gofer_spec_summary.md +87 -0
  608. package/resources/gofer/specify-commands/gofer_tdd.md +87 -0
  609. package/resources/gofer/specify-commands/gofer_vocabulary.md +87 -0
  610. package/resources/gofer/specify-commands/gofer_zoom_out.md +87 -0
  611. package/resources/gofer/system-skills/0_gofer_start/SKILL.md +1287 -0
  612. package/resources/gofer/system-skills/0a_problem_validation/SKILL.md +429 -0
  613. package/resources/gofer/system-skills/10_gofer_cloud/SKILL.md +635 -0
  614. package/resources/gofer/system-skills/1_gofer_research/SKILL.md +1159 -0
  615. package/resources/gofer/system-skills/2_gofer_specify/SKILL.md +860 -0
  616. package/resources/gofer/system-skills/3_gofer_plan/SKILL.md +886 -0
  617. package/resources/gofer/system-skills/4_gofer_tasks/SKILL.md +748 -0
  618. package/resources/gofer/system-skills/5_gofer_implement/SKILL.md +924 -0
  619. package/resources/gofer/system-skills/6_gofer_validate/SKILL.md +2269 -0
  620. package/resources/gofer/system-skills/7_gofer_save/SKILL.md +423 -0
  621. package/resources/gofer/system-skills/7a_stakeholder_comms/SKILL.md +508 -0
  622. package/resources/gofer/system-skills/8_gofer_branding/SKILL.md +315 -0
  623. package/resources/gofer/system-skills/9_gofer_tests/SKILL.md +558 -0
  624. package/resources/gofer/system-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
  625. package/resources/gofer/system-skills/gofer_check_workspace/SKILL.md +119 -0
  626. package/resources/gofer/system-skills/gofer_constitution/SKILL.md +612 -0
  627. package/resources/gofer/system-skills/gofer_diagnose/SKILL.md +114 -0
  628. package/resources/gofer/system-skills/gofer_eai_first_run/SKILL.md +397 -0
  629. package/resources/gofer/system-skills/gofer_hydrate/SKILL.md +561 -0
  630. package/resources/gofer/system-skills/gofer_personality/SKILL.md +44 -0
  631. package/resources/gofer/system-skills/gofer_plan/SKILL.md +40 -0
  632. package/resources/gofer/system-skills/gofer_side/SKILL.md +45 -0
  633. package/resources/gofer/system-skills/gofer_spec_summary/SKILL.md +112 -0
  634. package/resources/gofer/system-skills/gofer_tdd/SKILL.md +112 -0
  635. package/resources/gofer/system-skills/gofer_vocabulary/SKILL.md +112 -0
  636. package/resources/gofer/system-skills/gofer_zoom_out/SKILL.md +112 -0
  637. package/resources/gofer/templates/agent-file-template.md +28 -0
  638. package/resources/gofer/templates/assumptions-template.md +94 -0
  639. package/resources/gofer/templates/audit-history-template.md +35 -0
  640. package/resources/gofer/templates/brand/brand-profile-template.json +45 -0
  641. package/resources/gofer/templates/brand/document-style-template.md +50 -0
  642. package/resources/gofer/templates/brand/marp-theme-template.css +58 -0
  643. package/resources/gofer/templates/brownfield-analysis.md +44 -0
  644. package/resources/gofer/templates/business-metrics-template.md +120 -0
  645. package/resources/gofer/templates/business-owner-summary-template.md +83 -0
  646. package/resources/gofer/templates/checklist-template.md +40 -0
  647. package/resources/gofer/templates/ciso-security-summary-template.md +70 -0
  648. package/resources/gofer/templates/context-bundle-template.md +76 -0
  649. package/resources/gofer/templates/contract-pack-template.md +109 -0
  650. package/resources/gofer/templates/cto-architecture-summary-template.md +83 -0
  651. package/resources/gofer/templates/discovery-template.md +92 -0
  652. package/resources/gofer/templates/eai-preflight-template.md +144 -0
  653. package/resources/gofer/templates/goal-ledger-template.json +69 -0
  654. package/resources/gofer/templates/gofer-model-policy.yaml +97 -0
  655. package/resources/gofer/templates/issues-template.md +106 -0
  656. package/resources/gofer/templates/journey/base-journey.md +95 -0
  657. package/resources/gofer/templates/journey/industry-variants.yaml +277 -0
  658. package/resources/gofer/templates/loop-contract-template.json +68 -0
  659. package/resources/gofer/templates/plan-template.md +215 -0
  660. package/resources/gofer/templates/problem-brief-template.md +85 -0
  661. package/resources/gofer/templates/proposal-review-template.md +79 -0
  662. package/resources/gofer/templates/research-template.md +222 -0
  663. package/resources/gofer/templates/reuse-scan-template.md +43 -0
  664. package/resources/gofer/templates/sequence-diagrams/option-spectrum.yaml +178 -0
  665. package/resources/gofer/templates/service-fit-matrix-template.md +29 -0
  666. package/resources/gofer/templates/session-handoff-template.md +172 -0
  667. package/resources/gofer/templates/spec-summary-template.md +118 -0
  668. package/resources/gofer/templates/spec-template.md +196 -0
  669. package/resources/gofer/templates/stakeholder-comms-template.md +330 -0
  670. package/resources/gofer/templates/stakeholder-review-index-template.md +54 -0
  671. package/resources/gofer/templates/tasks-template.md +323 -0
  672. package/resources/gofer/templates/ui-approval-template.md +32 -0
  673. package/resources/gofer/templates/ui-preview-brief-template.md +65 -0
  674. package/resources/gofer/templates/ui-review-log-template.md +11 -0
  675. package/resources/gofer/templates/visuals/.gitkeep +0 -0
  676. package/resources/gofer/templates/visuals/bounded-context-map.md +19 -0
  677. package/resources/gofer/templates/visuals/bounded-context-template.md +47 -0
  678. package/resources/gofer/templates/visuals/c4-container-template.md +38 -0
  679. package/resources/gofer/templates/visuals/c4-container.md +20 -0
  680. package/resources/gofer/templates/visuals/c4-context-template.md +46 -0
  681. package/resources/gofer/templates/visuals/capability-heatmap-template.md +54 -0
  682. package/resources/gofer/templates/visuals/data-model-erd-template.md +41 -0
  683. package/resources/gofer/templates/visuals/erd.md +19 -0
  684. package/resources/gofer/templates/visuals/impact-canvas.md +40 -0
  685. package/resources/gofer/templates/visuals/risk-heatmap-template.md +51 -0
  686. package/resources/gofer/templates/visuals/roi-projection.md +17 -0
  687. package/resources/gofer/templates/visuals/value-stream-asis.md +16 -0
  688. package/resources/gofer/templates/visuals/value-stream-tobe.md +18 -0
  689. package/resources/gofer/templates/working-backwards-prfaq-template.md +165 -0
  690. package/resources/linked-sources.json +25 -0
@@ -0,0 +1,2277 @@
1
+ ---
2
+ name: 6_gofer_validate
3
+ description: Validate implemented work with evidence-backed scoring, blast-radius analysis, and engineering review.
4
+ agent: copilot-workspace
5
+ tools:
6
+ - Read
7
+ - Grep
8
+ - Glob
9
+ - Bash
10
+ - WebSearch
11
+ argument-hint: feature-name-or-description
12
+ gofer:
13
+ workflowProfile: standard
14
+ canonicalSource: .specify/commands/6_gofer_validate.md
15
+ canonicalChecksum: c375a15f7dcaaf7b6908f43521bb54b226d6890935ffb7624b34efd956ef9a69
16
+ metadataSource: scripts/generate-commands.ts
17
+ ---
18
+
19
+ ## Workspace Preflight
20
+
21
+ Before doing stage/helper work:
22
+
23
+ 1. Resolve the repository root.
24
+ 2. Check the core Gofer sentinels:
25
+ - `.specify/.gofer-version`
26
+ - `.specify/commands/0_gofer_start.md`
27
+ - `.specify/templates/spec-template.md`
28
+ - `.specify/templates/loop-contract-template.json`
29
+ - `.specify/templates/working-backwards-prfaq-template.md`
30
+ - `.specify/templates/business-owner-summary-template.md`
31
+ - `.specify/templates/cto-architecture-summary-template.md`
32
+ - `.specify/templates/ciso-security-summary-template.md`
33
+ - `.specify/templates/stakeholder-review-index-template.md`
34
+ - `.specify/scripts/bash/create-new-feature.sh`
35
+ - `.specify/scripts/node/parse-stage-command.mjs`
36
+ - `.specify/scripts/node/gofer-loop-audit.mjs`
37
+ - `.specify/scripts/hooks/post-tool-use.mjs`
38
+ - `.specify/scripts/powershell/install-optional-tools.ps1`
39
+ - `.specify/templates/gofer-model-policy.yaml`
40
+ - `.specify/memory/gofer-model-policy.yaml`
41
+ - `.specify/specs/`
42
+ - `.specify/memory/`
43
+ 3. Check host-specific repo-owned files when relevant:
44
+ - Claude: `AGENTS.md`, `CLAUDE.md`, `.claude/settings.json`
45
+ - Codex: `AGENTS.md`
46
+ - Copilot: `.github/copilot-instructions.md`
47
+ - VS Code extension mirrors Claude/Copilot/Gemini resources itself and should still keep the core scaffold healthy
48
+ 4. If the repo already has the workspace checker script, prefer running:
49
+ - `node .specify/scripts/node/gofer-workspace-check.mjs --host copilot --json`
50
+ 5. If the workspace is missing or stale, ask exactly:
51
+ - **"This repo is missing or stale for Gofer. Initialize/update it now?"**
52
+ 6. If the user says yes, run the Gofer workspace bootstrap helper and then resume this command from the top.
53
+ 7. If the user says no, stop and explain that Gofer stage/helper work depends on the repo-owned scaffold.
54
+
55
+
56
+ # Gofer Validate
57
+
58
+ ## EAI Platform Session Preflight
59
+
60
+ Before any Gofer stage/helper command does pipeline work:
61
+
62
+ 1. Treat durable delivery as EAI Platform delivery by default, with Azure second
63
+ and every other stack only by explicit exception.
64
+ 2. Run `eai whoami` and confirm the EAI CLI is installed, the user is logged in,
65
+ and an active tenant is visible.
66
+ 3. If `eai` is missing, `eai whoami` fails, the token is expired, or no active
67
+ tenant is available, stop and run `/gofer:eai-first-run` or ask the user to
68
+ approve login/setup before continuing.
69
+ 4. For EAI app delivery, do not continue into research, specification, planning,
70
+ tasks, implementation, or validation until
71
+ `.specify/specs/{feature}/eai-preflight.md` records login, tenant, template,
72
+ app-readiness, and next-action evidence.
73
+ 5. Do not write tokens, secrets, private tenant IDs, or local `.env` values into
74
+ Gofer artifacts; record only product-safe readiness status and evidence.
75
+
76
+ ## Token And Cost Policy
77
+ <!-- gofer:token-cost-policy:start -->
78
+
79
+ Before spawning agents, calling tools, or loading large files:
80
+
81
+ 1. Treat `.specify/memory/gofer-model-policy.yaml` as the repo-owned source of truth for simple, medium, hard, and arbiter model routing. If it is missing, run `/gofer:bootstrap-workspace` before continuing.
82
+ 2. Use the cheapest capable model first.
83
+ - Claude: Haiku for scouting/extraction; Sonnet for normal implementation, synthesis, validation, and security; Opus for high-risk arbitration or release-critical failures.
84
+ - Codex/OpenAI: GPT mini for simple coding; GPT nano only for locate/classify/summarize/mechanical work; GPT-5.3-Codex or flagship GPT for tool-heavy coding, architecture, and release-critical validation.
85
+ - Gemini: Flash-Lite for cheap large-context scan/summarize; Flash for default research synthesis; Pro for large-context architecture or high-risk arbitration.
86
+ - Copilot: prefer Auto for simple and default work; ask the user before choosing a paid/high-tier picker model for hard security, architecture, or release gates.
87
+ 3. Keep raw tool output out of the main conversation context. Save stable findings to `.specify/specs/{feature}/context-bundle.md`, then work from summaries.
88
+ 4. Use provider prompt/context caching only for stable, non-secret prefixes: Gofer scaffold, AGENTS/CLAUDE/Copilot instructions, constitution, repo map, stage contracts, and validation rubric.
89
+ 5. Before continuing after large research, planning, implementation, or validation bursts, checkpoint the durable artifacts and compact/clear/resume context when the host supports it.
90
+ 6. Escalate model tier only when a cheaper pass is low-confidence, contradictory, security-sensitive, or blocking release quality.
91
+ <!-- gofer:token-cost-policy:end -->
92
+
93
+ ## User Input
94
+
95
+ ```text
96
+ $ARGUMENTS
97
+ ```
98
+
99
+ You **MUST** consider the user input before proceeding (if not empty).
100
+
101
+ ## Execution Profile And Validation Cost
102
+
103
+ Validation must respect the final risk label:
104
+
105
+ - **fast**: for `docs-only` or very small low-risk changes, run focused checks
106
+ and verify no unnecessary artifact churn or unrelated files were changed.
107
+ - **standard**: run the normal rubric, focused build/test/lint/typecheck
108
+ evidence, and traceability checks.
109
+ - **full**: preserve the existing blast-radius, evidence gates, review loop,
110
+ scoring, and release-readiness checks; require evidence for contract,
111
+ security, data, infra/config, rollback, and cross-repository claims.
112
+ - **dynamic**: preserve the full validation behavior, then also verify
113
+ `execution-profile.md`, `workflow-dag.md`, shard outputs, reducer synthesis,
114
+ verifier/refuter evidence, budget/stop-condition evidence, and any explicit
115
+ user confirmation required before broad fanout work.
116
+
117
+ Archived specs under `.specify/specs/_*/` are historical context and must not
118
+ inflate active context-health estimates or current blast-radius manifests.
119
+
120
+ ## Prerequisites
121
+
122
+ This command expects in `.specify/specs/{feature}/`:
123
+
124
+ - `research.md` - Codebase analysis (from #1_gofer_research)
125
+ - `spec.md` - Feature specification (from #2_gofer_specify)
126
+ - `plan.md` - Implementation plan (from #3_gofer_plan)
127
+ - `tasks.md` - Task breakdown (from #4_gofer_tasks)
128
+ - `goal-ledger.json` - Goal, metric, delivery-state, and re-loop contract
129
+ - `loop-contract.json` - Bounded eval commands and stop rules
130
+ - `loop-ledger.jsonl` - Implementation and validation loop evidence
131
+ - `traceability.md` - Requirement -> task -> code -> test matrix
132
+ - Implemented code (from #5_gofer_implement)
133
+
134
+ ---
135
+
136
+ ## Spec Artifact Guard
137
+
138
+ Before validation, `.specify/scripts/bash/check-prerequisites.sh --json
139
+ --require-tasks` must confirm that `{FEATURE_DIR}/spec.md` exists, is
140
+ non-empty, and is not the unfilled spec template. If the helper reports
141
+ `spec.md` as missing, empty, or `template`, stop and run `#2_gofer_specify`.
142
+ Validation cannot score functional correctness, traceability, or objective
143
+ outcomes without a real specification.
144
+
145
+ ## Outline
146
+
147
+ 1. Context health check
148
+ 2. Load implementation context
149
+ 3. Closed-loop objective audit
150
+ 4. **Phase A** — Spawn 6 specialist rubric validation agents in parallel
151
+ 4. Evidence gate pre-check and pending-gate tracking
152
+ 5. **Phase B** — Spawn 5 blast-radius analysis agents in parallel
153
+ 7. Blast-radius synthesis (change graph, interface diff, observability,
154
+ dependency/submodule impact, rollback readiness, release checklist)
155
+ 8. Run automated checks (build, test, lint, typecheck)
156
+ 9. Mutation testing gate
157
+ 10. Mock ratio analysis
158
+ 11. Semantic slop detection
159
+ 12. Score the 11-category rubric (110 points)
160
+ 13. Generate enhanced validation report + blast-radius report
161
+ 14. Determine rubric PASS/FAIL outcome
162
+ 15. Brownfield restart on failure
163
+ 16. **Phase C** — Engineering review loop (3 agents × up to 5 cycles with
164
+ auto-fix)
165
+ 17. Generate engineering review report
166
+ 18. Attribution logging to JSONL
167
+ 19. Memory update check
168
+
169
+ ---
170
+
171
+ ## Execution Strategy by Platform
172
+
173
+ | Platform | Validation Execution Strategy |
174
+ | -------------------------------------- | --------------------------------------------------------------------------------------------- |
175
+ | Claude Code CLI | Run all validation agents in parallel using the Task tool |
176
+ | GitHub Copilot Chat (2026+) | Use multi-agent delegation to run validation in parallel |
177
+ | GitHub Copilot Chat (2025 and earlier) | Run validation checks sequentially using the **Legacy Workflow** in `docs/legacy-workflow.md` |
178
+
179
+ For pre-2026 Copilot environments, execute the validation phases
180
+ **sequentially** instead of parallel spawning.
181
+
182
+ ---
183
+
184
+ ## The Engineering Quality Rubric
185
+
186
+ ### 11-Category Scoring (110 Points)
187
+
188
+ | # | Category | Points | Pass Criteria | Agent |
189
+ | --- | ---------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
190
+ | 1 | Functional Correctness | 15 | Every acceptance criterion in spec.md has a passing test exercising real code | validation-correctness |
191
+ | 2 | Test Authenticity | 15 | Zero skips, zero placeholders, zero mock-only assertions. Mutation score >= 60% if Stryker available | validation-test-quality |
192
+ | 3 | UI/E2E Verification | 10 | If feature has UI: real rendering tests pass. If no UI: points redistribute | N/A (automated check) |
193
+ | 4 | Security Posture | 10 | Zero hardcoded secrets, no disabled security features, no client-side keys | validation-security |
194
+ | 5 | Integration Reality | 10 | Integration tests use real dependencies where possible. Contract tests validate boundaries | validation-integration |
195
+ | 6 | Error Path Coverage | 10 | Public functions tested for failure modes. No empty catch blocks | validation-correctness + validation-standards |
196
+ | 7 | Architecture Compliance | 10 | File structure, patterns, visual explanations, and human-facing document summaries match plan.md and research.md. Required visuals are simple, rendered or fallback-safe, and traceable to requirements, code, and EAI Platform decisions | validation-standards |
197
+ | 8 | Performance Baseline | 5 | No synchronous I/O in async paths, no unbounded loops, no N+1 patterns | validation-performance |
198
+ | 9 | Code Hygiene | 10 | Zero AI slop: no TODO placeholders, no redundant comments, no magic numbers | validation-standards |
199
+ | 10 | Specification Traceability | 5 | Every user story maps to tests, every test maps to code | validation-correctness |
200
+ | 11 | **Blast Radius Containment** | 10 | No unmitigated breaking API changes, full-surface consumer/import audit, new error paths log, no new High/Critical CVEs, rollback/feature-flag path exists, release checklist complete | codebase-analyzer + validation-integration + validation-standards + research-dependency-evaluator + tasks-rollback-planner |
201
+
202
+ ### Point Redistribution (No-UI Features)
203
+
204
+ When a feature has **no UI component** (no web pages, no frontend, no visual
205
+ interface), the 10 points from UI/E2E Verification are redistributed:
206
+
207
+ - **+5 to Functional Correctness** (total: 20 points)
208
+ - **+5 to Test Authenticity** (total: 20 points)
209
+
210
+ Total remains **110/110** across all 11 categories.
211
+
212
+ **Detection**: Check plan.md tech stack. If no UI framework (React, Vue,
213
+ Angular, Svelte) and no Playwright/Cypress tests exist, this is a no-UI feature.
214
+
215
+ ### Scoring Rules
216
+
217
+ - Each category scores **full points** or **0**. There is no partial credit.
218
+ - A category scores 0 if its agent reports any **Red (blocking)** finding.
219
+ - A category scores 0 if its automated check fails.
220
+ - **Total score** = sum of all category scores (max **110**, was 100).
221
+ - **PASS** = 110/110 and a passing objective outcome gate. Anything less = FAIL.
222
+ - Legacy consumers reading `status: PASS` / `score: 100` from historical reports
223
+ should migrate to the 110-point scale. The report keeps the `score` field as
224
+ the numerator and `score_max` to disambiguate.
225
+
226
+ **Honest-scoring rule (FR-012)**: If an agent reports `EVIDENCE ABSENT:`, the
227
+ orchestrating stage MUST score that category 0 regardless of other findings.
228
+ Phrases like `likely correct`, `appears wired`, or `should be passing` are NOT
229
+ evidence and MUST NOT contribute to any score. Any rubric category where
230
+ evidence is absent, unverifiable, fabricated, or implied scores exactly 0 — no
231
+ partial credit.
232
+
233
+ ---
234
+
235
+ ## Step 0: Context Health Check
236
+
237
+ Before starting validation, assess context window health:
238
+
239
+ ```bash
240
+ .specify/scripts/bash/check-context-health.sh
241
+ ```
242
+
243
+ - If **< 50%**: Proceed normally
244
+ - If **50-70%**: Use sub-agents heavily, minimize main context
245
+ - If **> 70%**: Run `#7_gofer_save`, start a fresh session, read the
246
+ checkpoint, and continue validation
247
+
248
+ Validation loads all artifacts and spawns 6 agents — context pressure is high.
249
+
250
+ ---
251
+
252
+ ## Step 1: Load Context
253
+
254
+ 1. **Run setup script**:
255
+
256
+ ```bash
257
+ .specify/scripts/bash/check-prerequisites.sh --json --require-tasks
258
+ ```
259
+
260
+ Parse JSON for FEATURE_DIR
261
+
262
+ 2. **Load all artifacts**:
263
+ - spec.md (user stories, acceptance criteria)
264
+ - plan.md (architecture, file structure, tech stack)
265
+ - tasks.md (task completion status)
266
+ - goal-ledger.json (goal IDs, metrics, delivery states, re-loop triggers)
267
+ - loop-contract.json (loop objective, eval commands, max iterations, stop conditions)
268
+ - loop-ledger.jsonl (implementation and validation loop evidence)
269
+ - traceability.md (requirement-to-code/test evidence matrix)
270
+ - research.md (codebase patterns to follow)
271
+
272
+ 3. **Detect iteration count**:
273
+ - Check if `{FEATURE_DIR}/remediation-report.md` exists
274
+ - If yes, read the iteration count from it
275
+ - Track: `ITERATION = [1|2|3]` (first run = 1)
276
+
277
+ 4. **Determine UI presence**:
278
+ - Read plan.md tech stack
279
+ - If UI framework present AND Playwright/Cypress tests exist: `HAS_UI = true`
280
+ - Otherwise: `HAS_UI = false` → apply point redistribution
281
+
282
+ **Deployment/Render Scope Detection** (FR-011):
283
+
284
+ Scan `spec.md`, `plan.md`, `contract-pack.md`, and `quickstart.md` (when
285
+ present) for the following signals:
286
+
287
+ - `DEPLOY_SIGNAL_1`: any acceptance criterion contains: `rendered`,
288
+ `live route`, `live API`, `deployed`, `production`, `staging`,
289
+ `SharePoint`, `Azure`, `smoke`, `E2E`, `browser`
290
+ - `DEPLOY_SIGNAL_2`: `plan.md`, `contract-pack.md`, or `quickstart.md`
291
+ names a deployment target: SharePoint, Azure, staging, production, Vercel,
292
+ Netlify, Docker, Kubernetes, or any server/environment referenced in the
293
+ acceptance chain
294
+ - `DEPLOY_SIGNAL_3`: `plan.md` declares a UI/rendered experience AND at least
295
+ one acceptance criterion uses: `sees`, `displays`, `shows`, `renders`,
296
+ `navigates to`
297
+
298
+ Set `DEPLOY_IN_SCOPE = true` if ANY signal is present.
299
+ Set `DEPLOY_IN_SCOPE = false` if NO signal is present.
300
+ Record the determination in the validation report preamble.
301
+
302
+ ## Step 1.5: Closed-Loop Objective And Loop Evidence Audit
303
+
304
+ Before rubric scoring, run the closed-loop audit and write a fresh rebaseline
305
+ report:
306
+
307
+ ```bash
308
+ node .specify/scripts/node/gofer-closed-loop-audit.mjs --feature-dir {FEATURE_DIR} --json --strict
309
+ ```
310
+
311
+ Also write/update `{FEATURE_DIR}/goal-rebaseline-report.md`.
312
+
313
+ Then run the bounded loop audit:
314
+
315
+ ```bash
316
+ node .specify/scripts/node/gofer-loop-audit.mjs --feature-dir {FEATURE_DIR} --stage 6_validate --json --strict
317
+ ```
318
+
319
+ This writes/updates `{FEATURE_DIR}/loop-audit-report.md`.
320
+
321
+ Validation MUST treat the closed-loop and loop audits as objective gates:
322
+
323
+ - If the audit reports missing goal coverage, missing code/test evidence,
324
+ expired assumptions, or invalid goal-ledger structure, validation FAILS.
325
+ - If the loop audit reports a missing/invalid loop contract, missing
326
+ `loop-ledger.jsonl` evidence, maxIterations breach, or required human
327
+ escalation, validation FAILS.
328
+ - If the audit recommends reopening `#2_gofer_specify`, `#3_gofer_plan`,
329
+ `#4_gofer_tasks`, or `#6_gofer_validate`, record that as a blocking drift
330
+ finding and FAIL the run. The feature is no longer in a closed state even if
331
+ the code still compiles.
332
+ - If the audit only reports low-severity warnings with no recommended reopen
333
+ stage, continue but record them in the validation report.
334
+
335
+ ---
336
+
337
+ # Phase A — Rubric Validation
338
+
339
+ Phase A runs the 10-category engineering rubric (Categories 1-10, up to 100
340
+ points before Category 11 is added).
341
+
342
+ ## Step 2: Spawn 6 Specialist Validation Agents
343
+
344
+ **CRITICAL**: You **MUST** launch all 6 agents **in parallel** using the Task
345
+ tool. Do NOT perform validation work inline in the main context. The main
346
+ context should only orchestrate, score the rubric, and review agent outputs.
347
+ Each agent receives the feature context and returns structured findings.
348
+
349
+ ### Agent 1: Correctness Validator
350
+
351
+ ```
352
+ Task: subagent_type="validation-correctness", model="sonnet"
353
+ Prompt: "Validate functional correctness for feature [FEATURE_NAME].
354
+
355
+ Feature directory: {FEATURE_DIR}
356
+ Spec: {FEATURE_DIR}/spec.md
357
+ Plan: {FEATURE_DIR}/plan.md
358
+
359
+ Check every acceptance criterion in spec.md.
360
+ For each criterion, find the test that exercises it and verify it tests real code.
361
+ Return findings in your standard report format (<2000 tokens)."
362
+ ```
363
+
364
+ ### Agent 2: Security Validator
365
+
366
+ ```
367
+ Task: subagent_type="validation-security", model="sonnet"
368
+ Prompt: "Validate security posture for feature [FEATURE_NAME].
369
+
370
+ Scan all new/modified files (from tasks.md file paths).
371
+ Check for: hardcoded secrets, disabled security, auth bypass, client-side keys.
372
+ Return findings with Red/Yellow/Gray severity (<2000 tokens)."
373
+ ```
374
+
375
+ ### Agent 3: Performance Validator
376
+
377
+ ```
378
+ Task: subagent_type="validation-performance", model="haiku"
379
+ Prompt: "Validate performance characteristics for feature [FEATURE_NAME].
380
+
381
+ Scan all new/modified source files (from tasks.md file paths).
382
+ Check for: sync I/O in async paths, cyclomatic complexity > 12, unbounded loops.
383
+ Build scripts and test files are exempt.
384
+ Return findings with complexity scores (<2000 tokens)."
385
+ ```
386
+
387
+ ### Agent 4: Test Quality Validator
388
+
389
+ ```
390
+ Task: subagent_type="validation-test-quality", model="haiku"
391
+ Prompt: "Validate test quality for feature [FEATURE_NAME].
392
+
393
+ Scan test files related to the feature.
394
+ Check for: placeholder assertions, skipped tests, mock ratio, mock-only tests.
395
+ VSCode API mocks marked '// mock-justified: VSCode API' are exempt from ratio.
396
+ Return findings with mock ratio calculation (<2000 tokens)."
397
+ ```
398
+
399
+ ### Agent 5: Integration Validator
400
+
401
+ ```
402
+ Task: subagent_type="validation-integration", model="sonnet"
403
+ Prompt: "Validate integration contracts for feature [FEATURE_NAME].
404
+
405
+ Feature directory: {FEATURE_DIR}
406
+ Check contracts/ directory if it exists.
407
+ Verify cross-component boundaries, type compatibility, integration test coverage.
408
+ Return findings with contract compliance status (<2000 tokens)."
409
+ ```
410
+
411
+ ### Agent 6: Standards Validator
412
+
413
+ ```
414
+ Task: subagent_type="validation-standards", model="sonnet"
415
+ Prompt: "Validate standards compliance for feature [FEATURE_NAME].
416
+
417
+ Feature directory: {FEATURE_DIR}
418
+ Check against constitution.md (if exists) and research.md patterns.
419
+ Detect AI slop: redundant comments, over-engineered abstractions, silent failures.
420
+ Check code hygiene: TODO/FIXME, magic numbers, unused imports.
421
+ Return findings with severity tiers (<2000 tokens)."
422
+ ```
423
+
424
+ ### Agent 7: Security Red Team (Optional — Multi-Perspective)
425
+
426
+ When the feature involves security-sensitive code (authentication,
427
+ authorization, user input handling, external APIs), run the security red team
428
+ strategy (#13):
429
+
430
+ ```
431
+ # Diverge: 3 attack perspectives
432
+ Task: subagent_type="validate-security-red-team", model="opus"
433
+ Prompt: "Perspective 1: OWASP Top 10 attack analysis for feature [FEATURE_NAME].
434
+ Scan all new/modified files from tasks.md. Attack from OWASP perspective.
435
+ Return findings with exploit steps (<2000 tokens)."
436
+
437
+ Task: subagent_type="validate-security-red-team", model="opus"
438
+ Prompt: "Perspective 2: Business logic abuse analysis for feature [FEATURE_NAME].
439
+ Scan all new/modified files from tasks.md. Attack business logic.
440
+ Return findings with exploit steps (<2000 tokens)."
441
+
442
+ Task: subagent_type="validate-security-red-team", model="opus"
443
+ Prompt: "Perspective 3: CVE search for feature [FEATURE_NAME].
444
+ Check package.json dependencies for known CVEs.
445
+ Return findings with advisory references (<2000 tokens)."
446
+
447
+ # Converge: Judge synthesizes attack findings
448
+ Task: subagent_type="multi-perspective-judge", model="opus"
449
+ Prompt: "Synthesize 3 security red team perspectives for [FEATURE_NAME].
450
+ Perspective 1 (OWASP): [result]. Perspective 2 (Business Logic): [result].
451
+ Perspective 3 (CVE): [result].
452
+ Identify confirmed vulnerabilities vs false positives. Prioritize by exploitability."
453
+ ```
454
+
455
+ **Run all 6 core agents in parallel.** Run Agent 7 (if applicable) in parallel
456
+ with the core agents.
457
+
458
+ ## Step 2.2: Evidence Gate Pre-Check
459
+
460
+ Evaluate the truthfulness gates before final scoring. If a gate is still
461
+ pending here, re-check it after Step 3 automated checks complete and before the
462
+ PASS/FAIL synthesis.
463
+
464
+ ```
465
+ GATE-1 (Integration Proof — Category 5):
466
+ Require: runtime wiring artifact OR integration-test execution output
467
+ present in the current session context by final scoring time.
468
+ If absent during Step 2.2, record GATE-1 as pending and re-check it after
469
+ Step 3 automated checks complete.
470
+ Still absent after Step 3 → Category 5 score = 0; mark GATE_FAIL = true
471
+
472
+ GATE-2 (Test Execution — Categories 1 and 2):
473
+ Require: real, executed npm test output with pass/fail count already present
474
+ or produced by Step 3 automated checks before final scoring.
475
+ If absent during Step 2.2, record GATE-2 as pending and re-check it after
476
+ Step 3 automated checks complete.
477
+ Still absent after Step 3 → Categories 1 and 2 score = 0; mark GATE_FAIL = true
478
+
479
+ GATE-3 (Render/Deployment Proof — Category 3):
480
+ IF HAS_UI = false:
481
+ Record "N/A — HAS_UI=false" in evidence table.
482
+ Record a matching not-in-scope reason in `Absent / Reason for 0`.
483
+ Apply existing no-UI point redistribution.
484
+ IF HAS_UI = true AND DEPLOY_IN_SCOPE = false:
485
+ Require: local render proof (screenshot, component render assertion,
486
+ headless browser assertion, or local smoke-check output) present by final
487
+ scoring time.
488
+ If absent during Step 2.2, record GATE-3 as pending and re-check before
489
+ final PASS/FAIL synthesis.
490
+ Still absent → Category 3 score = 0; mark GATE_FAIL = true
491
+ If present, record "Render proof only — deployment target not in scope" in
492
+ the evidence table and do not redistribute Category 3 points.
493
+ IF HAS_UI = true AND DEPLOY_IN_SCOPE = true:
494
+ Require: screenshot, curl/HTTP transcript, deployment log, headless browser
495
+ assertion, or smoke-check output present by final scoring time, with at
496
+ least one artifact proving rendered/live behavior on the declared route or
497
+ deployment target.
498
+ If absent during Step 2.2, record GATE-3 as pending and re-check before
499
+ final PASS/FAIL synthesis.
500
+ Still absent → Category 3 score = 0; mark GATE_FAIL = true
501
+
502
+ If any GATE_FAIL = true:
503
+ - Any agent that would have scored the gated category is still run
504
+ - The category score remains 0 unless the missing evidence appears before
505
+ final scoring
506
+ ```
507
+
508
+ Collect all results before proceeding.
509
+
510
+ ---
511
+
512
+ # Phase B — Blast Radius Analysis
513
+
514
+ Phase B quantifies the **ripple effect** of the implementation. It assesses risk
515
+ to code outside the feature boundary, interface-contract stability,
516
+ observability preservation, dependency / submodule impact, rollback readiness,
517
+ and release-checklist compliance. Phase B results score **Category 11 (10
518
+ points)** and produce a separate `blast-radius-report.md` artifact.
519
+
520
+ Phase B runs **after** Phase A agents have returned (Step 2 complete) and
521
+ **before** automated checks in Step 3, because breaking-change detection informs
522
+ how to interpret failing tests/types.
523
+
524
+ ## Step 2.5: Pre-Flight Change Surface Discovery
525
+
526
+ Before spawning Phase B agents, build a **change manifest** the agents can
527
+ reference. This is a cheap main-context pass, not an agent task.
528
+
529
+ 1. **Modified file list** — from `tasks.md` completed tasks and git:
530
+
531
+ ```bash
532
+ git diff --name-only $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD
533
+ ```
534
+
535
+ 2. **Submodule inventory** — detect repo submodules and workspace packages:
536
+
537
+ ```bash
538
+ git submodule status 2>/dev/null
539
+ cat package.json 2>/dev/null | grep -E '"workspaces"' -A 20
540
+ ls -d */package.json 2>/dev/null | xargs -I {} dirname {}
541
+ ```
542
+
543
+ Record which submodules/workspaces contain modified files. For this repo the
544
+ canonical submodules are `extension/`, `language-server/`, `docs/`.
545
+
546
+ 3. **Public-surface detection** — identify exported symbols at risk:
547
+ - `index.ts` / `index.js` files in modified directories
548
+ - `*.d.ts` files in modified directories
549
+ - Entries in the `exports` / `main` / `types` fields of modified
550
+ `package.json` files
551
+ - Files under `contracts/` or `.specify/specs/{feature}/contracts/`
552
+
553
+ 4. **Dependency manifest diff** — capture dependency churn:
554
+
555
+ ```bash
556
+ git diff $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD -- package.json package-lock.json extension/package.json language-server/package.json 2>/dev/null
557
+ ```
558
+
559
+ 5. **Rollback-relevant assets** — flag anything that needs a reverse path:
560
+ - Files under `migrations/`, `db/migrations/`, `prisma/migrations/`
561
+ - Files named `*.sql`, `schema.*`
562
+ - Feature-flag definitions (search for `featureFlag`, `growthbook`,
563
+ `launchdarkly`, `flags.`)
564
+ - `CHANGELOG.md`, `RELEASES.md`, version fields in `package.json`
565
+
566
+ Record these into `CHANGE_MANIFEST` for the Phase B prompts.
567
+
568
+ ---
569
+
570
+ ## Step 2.6: Spawn 5 Blast-Radius Analysis Agents
571
+
572
+ Launch all 5 agents **in parallel** using the Task tool. Pass the
573
+ `CHANGE_MANIFEST` from Step 2.5 into each prompt so agents see the same ground
574
+ truth.
575
+
576
+ ### Agent 8: Change Graph / Ripple Analyzer
577
+
578
+ ```
579
+ Task: subagent_type="codebase-analyzer", model="sonnet"
580
+ Prompt: "Blast-radius change-graph analysis for feature [FEATURE_NAME].
581
+
582
+ Feature directory: {FEATURE_DIR}
583
+ Change manifest (modified files): {CHANGE_MANIFEST.modifiedFiles}
584
+ Submodules: {CHANGE_MANIFEST.submodules}
585
+
586
+ Build a change-graph table for EVERY modified symbol (function, class, type,
587
+ const) in the modified files:
588
+ 1. List every direct importer/caller (file:line references).
589
+ 2. Classify each as Direct (imports the symbol) or Transitive (imports a
590
+ re-export of it) or Runtime (dynamic require / reflection).
591
+ 3. Flag any cross-submodule ripple (symbol defined in submodule A, consumed
592
+ in submodule B) — this is Red if unplanned.
593
+ 4. Flag any consumer whose tests do NOT exercise the changed code path —
594
+ Yellow.
595
+ 5. Count orphan changes (modified code with zero importers) — Gray.
596
+
597
+ Return findings with Red/Yellow/Gray severity and a concise ripple summary
598
+ (<2500 tokens). Output sections: 'Ripple Summary', 'Cross-submodule Crossings',
599
+ 'Consumer Coverage Gaps', 'Orphans'."
600
+ ```
601
+
602
+ ### Agent 9: Interface Contract Diff
603
+
604
+ ```
605
+ Task: subagent_type="validation-integration", model="sonnet"
606
+ Prompt: "Interface contract blast-radius analysis for feature [FEATURE_NAME].
607
+
608
+ Feature directory: {FEATURE_DIR}
609
+ Public-surface manifest: {CHANGE_MANIFEST.publicSurface}
610
+ Contracts directory: {FEATURE_DIR}/contracts (if present)
611
+
612
+ For every public export, package.json exports field entry, contract file,
613
+ and .d.ts symbol that was modified, deleted, or added:
614
+ 1. Diff old signature vs new signature (parameters, return types, generics,
615
+ optional vs required, default values).
616
+ 2. Classify each change:
617
+ - BREAKING: removed export, renamed export, narrowed return type, widened
618
+ required-param set, removed optional param callers rely on.
619
+ - ADDITIVE: new export, new optional param, widened return type.
620
+ - NEUTRAL: implementation change with identical signature.
621
+ 3. Red = any BREAKING change without a corresponding entry in CHANGELOG.md
622
+ or a migration note in the spec.
623
+ 4. Yellow = BREAKING change with CHANGELOG entry but no migration guide.
624
+ 5. Gray = ADDITIVE changes for informational tracking.
625
+
626
+ Verify contract tests still cover all pre-existing contract clauses (no
627
+ silent coverage regression). Return findings (<2000 tokens) with sections:
628
+ 'Breaking Changes', 'Additive Changes', 'Contract Coverage Regression'."
629
+ ```
630
+
631
+ ### Agent 10: Error Logging & Observability Integrity
632
+
633
+ ```
634
+ Task: subagent_type="validation-standards", model="sonnet"
635
+ Prompt: "Observability blast-radius analysis for feature [FEATURE_NAME].
636
+
637
+ Feature directory: {FEATURE_DIR}
638
+ Modified files: {CHANGE_MANIFEST.modifiedFiles}
639
+
640
+ Assess whether observability was preserved, degraded, or improved:
641
+ 1. For every new/modified catch block: does it log? Use the same structured
642
+ logger used elsewhere in the repo (detect the logger by scanning for
643
+ common imports: winston, pino, bunyan, console, vscode.window.showError,
644
+ telemetry module). Red if any catch swallows silently in production code.
645
+ 2. For every removed log statement: is removal justified by a comment or
646
+ spec? Red if production-relevant logs disappeared without justification.
647
+ 3. Log-level hygiene: no `console.log` in production code (test files
648
+ exempt); no debug-level logs left at info/warn level.
649
+ 4. PII / secrets leakage in new log messages — Red if detected.
650
+ 5. Telemetry/metrics coverage: if the feature touched hot paths that
651
+ previously emitted metrics, verify emission is preserved.
652
+ 6. Correlation IDs / trace context propagation: if the repo uses them,
653
+ verify new code paths propagate them.
654
+
655
+ Return findings (<2000 tokens) with sections: 'Silent Failures', 'Removed
656
+ Logs', 'PII Risk', 'Metric Coverage Delta', 'Trace Propagation'."
657
+ ```
658
+
659
+ ### Agent 11: Dependency & Submodule Impact (with npm audit delta)
660
+
661
+ ```
662
+ Task: subagent_type="research-dependency-evaluator", model="haiku"
663
+ Prompt: "Dependency and submodule blast-radius analysis for feature
664
+ [FEATURE_NAME].
665
+
666
+ Dependency manifest diff: {CHANGE_MANIFEST.dependencyDiff}
667
+ Submodules affected: {CHANGE_MANIFEST.submodules}
668
+
669
+ 1. New dependencies: list each with source (npm / git / local), license, and
670
+ bundle-size impact (approx). Red if license is incompatible (GPL/AGPL in
671
+ a permissive-licensed repo), or if the package is unmaintained (>2 years
672
+ since last release, <1000 weekly downloads).
673
+ 2. Version bumps: classify as major / minor / patch. Red for major bumps
674
+ without migration notes.
675
+ 3. Lockfile churn: if package.json is unchanged but package-lock.json
676
+ changed materially (>20 lines), flag as Yellow (indirect dep drift).
677
+ 4. npm audit delta: run `npm audit --json 2>/dev/null` on the current branch
678
+ and compare vulnerability counts vs baseline (main). Red if the branch
679
+ adds any new High or Critical CVE. Yellow for new Moderate. Gray for new
680
+ Low.
681
+ 5. Submodule boundary crossings: if the feature modifies code in multiple
682
+ submodules (extension/, language-server/, docs/), verify each submodule
683
+ independently builds and tests. Red if a cross-submodule change breaks
684
+ any submodule's standalone build.
685
+
686
+ Return findings (<2500 tokens) with sections: 'New Dependencies', 'Version
687
+ Bumps', 'Lockfile Drift', 'CVE Delta', 'Submodule Boundary Crossings'."
688
+ ```
689
+
690
+ ### Agent 12: Rollback Readiness & Release Checklist
691
+
692
+ ```
693
+ Task: subagent_type="tasks-rollback-planner", model="haiku"
694
+ Prompt: "Rollback readiness + release-checklist review for feature
695
+ [FEATURE_NAME].
696
+
697
+ Feature directory: {FEATURE_DIR}
698
+ Rollback assets: {CHANGE_MANIFEST.rollbackAssets}
699
+
700
+ Assess reversibility and release readiness:
701
+ 1. DB migrations: is every forward migration paired with a down/reverse
702
+ migration? Red if any irreversible migration lacks explicit justification
703
+ in the spec or plan.
704
+ 2. Feature flags: if the feature is risky, is it gated behind a flag? Is the
705
+ flag default-off? Is the pre-flag code path preserved so disabling the
706
+ flag restores prior behavior? Red if a risky change is unflagged and
707
+ irreversible.
708
+ 3. Data-shape changes: detect schema changes that cannot be rolled back
709
+ without data loss (column drops, type narrowings). Red if no backfill or
710
+ dual-write strategy.
711
+ 4. Release checklist for user-visible changes:
712
+ - CHANGELOG.md updated for this feature — Red if missing and feature is
713
+ user-visible.
714
+ - Version bump planned (semver correct for breaking/additive/patch) — Red
715
+ if breaking change present without major bump plan.
716
+ - Migration guide present for breaking changes — Red if missing.
717
+ - Documentation updated (docs/ or README.md) for new user-facing
718
+ capabilities — Yellow if missing.
719
+ 5. Rollback runbook: is there a documented 'how to revert' path? Yellow if
720
+ absent for non-trivial changes.
721
+
722
+ Return findings (<2000 tokens) with sections: 'Migration Reversibility',
723
+ 'Feature Flag Coverage', 'Data-Shape Rollback Risk', 'Release Checklist',
724
+ 'Rollback Runbook'."
725
+ ```
726
+
727
+ **Run all 5 Phase B agents in parallel.** Collect results before synthesis.
728
+
729
+ ---
730
+
731
+ ## Step 2.7: Blast Radius Synthesis
732
+
733
+ Aggregate Phase B agent findings into a single blast-radius verdict.
734
+
735
+ ### Consolidated Finding Table
736
+
737
+ ```
738
+ | # | Dimension | Finding | Severity | Agent | File | Line |
739
+ |---|-----------|---------|----------|-------|------|------|
740
+ | 1 | Change graph | [desc] | Red | codebase-analyzer | [file] | [line] |
741
+ | 2 | Interface contract | [desc] | Red | validation-integration | [file] | [line] |
742
+ | 3 | Observability | [desc] | Yellow | validation-standards | [file] | [line] |
743
+ | 4 | Dependency | [desc] | Yellow | research-dependency-evaluator | [file] | [line] |
744
+ | 5 | Rollback | [desc] | Red | tasks-rollback-planner | [file] | [line] |
745
+ ```
746
+
747
+ ### Severity Rollup
748
+
749
+ ```
750
+ BLAST_RADIUS_RED = count of Red findings across all 5 agents
751
+ BLAST_RADIUS_YELLOW = count of Yellow findings
752
+ BLAST_RADIUS_GRAY = count of Gray findings
753
+ ```
754
+
755
+ ### Write `blast-radius-report.md`
756
+
757
+ Write to `{FEATURE_DIR}/blast-radius-report.md`:
758
+
759
+ ```markdown
760
+ ---
761
+ feature: [Feature Name]
762
+ generated: [ISO timestamp]
763
+ reviewer: Claude
764
+ GeneratedAt: [ISO timestamp]
765
+ SourceCommandId: /6_gofer_validate
766
+ SourceInputs: [spec.md, plan.md, tasks.md, research.md, blast-radius inputs]
767
+ OverwriteNoticeWhenApplicable: [new file or overwrite note]
768
+ dimensions_checked:
769
+ [
770
+ change_graph,
771
+ interface_contract,
772
+ observability,
773
+ dependency_submodule,
774
+ rollback_release,
775
+ ]
776
+ red_count: [N]
777
+ yellow_count: [N]
778
+ gray_count: [N]
779
+ verdict: [CONTAINED | BREACHED]
780
+ ---
781
+
782
+ # Blast Radius Report: [Feature Name]
783
+
784
+ ## Changed Surfaces
785
+
786
+ - Modified files: [N]
787
+ - Submodules touched: [list]
788
+ - Public-surface symbols affected: [N]
789
+ - New dependencies: [N]
790
+ - Version bumps: [list]
791
+ - Migration files: [list]
792
+ - Feature flags introduced/modified: [list]
793
+
794
+ ## Risk Vectors
795
+
796
+ ### 1. Change Graph / Ripple (Agent: codebase-analyzer)
797
+
798
+ - Cross-submodule crossings: [list or "none"]
799
+ - Consumer coverage gaps: [N]
800
+ - Orphan changes: [N]
801
+ - Red findings: [table]
802
+
803
+ ### 2. Interface Contracts (Agent: validation-integration)
804
+
805
+ - Breaking changes: [N] ([list])
806
+ - Additive changes: [N]
807
+ - Contract coverage regressions: [list]
808
+ - Red findings: [table]
809
+
810
+ ### 3. Error Logging & Observability (Agent: validation-standards)
811
+
812
+ - Silent failures introduced: [N]
813
+ - Logs removed without justification: [N]
814
+ - PII/secret leakage risk: [list]
815
+ - Metric/trace coverage delta: [summary]
816
+ - Red findings: [table]
817
+
818
+ ### 4. Dependencies & Submodules (Agent: research-dependency-evaluator)
819
+
820
+ - New dependencies: [table with license/size/maintenance]
821
+ - Version bumps: [list]
822
+ - Lockfile drift: [summary]
823
+ - CVE delta: Critical +[N], High +[N], Moderate +[N], Low +[N]
824
+ - Submodule boundary crossings: [list]
825
+ - Red findings: [table]
826
+
827
+ ### 5. Rollback Readiness & Release Checklist (Agent: tasks-rollback-planner)
828
+
829
+ - Migration reversibility: [OK / BREACHED]
830
+ - Feature flag coverage: [OK / BREACHED / N/A]
831
+ - Data-shape rollback risk: [OK / BREACHED]
832
+ - Release checklist:
833
+ - CHANGELOG updated: [Yes / No / N/A]
834
+ - Version bump planned: [patch / minor / major / N/A]
835
+ - Migration guide: [Yes / No / N/A]
836
+ - Docs updated: [Yes / No / N/A]
837
+ - Rollback runbook: [Present / Absent / N/A]
838
+ - Red findings: [table]
839
+
840
+ ## Containment Summary
841
+
842
+ - **CONTAINED** if `BLAST_RADIUS_RED == 0` — Category 11 scores full 10 pts.
843
+ - **BREACHED** if `BLAST_RADIUS_RED > 0` — Category 11 scores 0.
844
+
845
+ Yellow findings do NOT fail Category 11 but are reported to the engineering
846
+ review loop (Phase C) for mandatory attention.
847
+ ```
848
+
849
+ Proceed to Step 3 (automated checks) with blast-radius results attached to the
850
+ context.
851
+
852
+ ---
853
+
854
+ # End of Phase B
855
+
856
+ ---
857
+
858
+ ## Step 3: Run Automated Checks
859
+
860
+ Execute verification commands and capture results:
861
+
862
+ ### Build Check
863
+
864
+ ```bash
865
+ npm run build # or appropriate build command
866
+ ```
867
+
868
+ ### Test Check
869
+
870
+ ```bash
871
+ npm test # or appropriate test command
872
+ ```
873
+
874
+ ### Lint Check
875
+
876
+ ```bash
877
+ npm run lint # or appropriate lint command
878
+ ```
879
+
880
+ ### Type Check (if TypeScript)
881
+
882
+ ```bash
883
+ npm run typecheck # or tsc --noEmit
884
+ ```
885
+
886
+ Record results:
887
+
888
+ ```
889
+ | Check | Command | Result |
890
+ |-----------|------------------|---------------|
891
+ | Build | npm run build | PASS / FAIL |
892
+ | Tests | npm test | PASS / FAIL |
893
+ | Lint | npm run lint | PASS / FAIL |
894
+ | TypeCheck | tsc --noEmit | PASS / FAIL |
895
+ ```
896
+
897
+ **If Build or Tests FAIL**: Mark Functional Correctness as 0 immediately.
898
+
899
+ ---
900
+
901
+ ## Step 4: Mutation Testing Gate
902
+
903
+ Check if mutation testing tools are available:
904
+
905
+ ```bash
906
+ npx stryker --version 2>/dev/null
907
+ ```
908
+
909
+ ### If Stryker is available:
910
+
911
+ 1. Run mutation testing:
912
+ ```bash
913
+ npx stryker run --reporters clear-text 2>&1 | tail -50
914
+ ```
915
+ 2. Parse mutation score from output
916
+ 3. Record: `MUTATION_SCORE = [N]%`
917
+ 4. If score < 60%: contributes to Test Authenticity scoring 0
918
+
919
+ ### If Stryker is NOT available:
920
+
921
+ 1. Record: `MUTATION_SCORE = "unavailable"`
922
+ 2. Log recommendation: "Install @stryker-mutator/core for mutation testing"
923
+ 3. Test Authenticity is scored based on other criteria only (placeholders,
924
+ skips, mock ratio)
925
+ 4. Do NOT block on mutation score when Stryker is absent
926
+
927
+ ---
928
+
929
+ ## Step 5: Mock Ratio Analysis
930
+
931
+ Count mocking patterns vs real assertions across feature test files:
932
+
933
+ ### Count Mock Calls
934
+
935
+ Use Grep to count in test files related to the feature:
936
+
937
+ - `vi.mock(` — module-level mocks
938
+ - `vi.fn(` — individual function mocks
939
+ - `jest.mock(` — Jest module mocks
940
+ - `jest.fn(` — Jest function mocks
941
+ - `.mockReturnValue(` — mock configurations
942
+ - `.mockResolvedValue(` — async mock configurations
943
+
944
+ ### Count Real Assertions
945
+
946
+ Use Grep to count:
947
+
948
+ - `expect(` followed by `.toBe(`, `.toEqual(`, `.toContain(`, `.toThrow(`,
949
+ `.toMatch(`, `.toBeGreaterThan(`, `.toBeLessThan(`, `.toBeDefined(`,
950
+ `.toBeNull(`, `.toHaveLength(`, `.toHaveProperty(`
951
+
952
+ ### Exclude Justified Mocks
953
+
954
+ Lines containing `// mock-justified:` are excluded from the mock count. This
955
+ allows VSCode API mocks and other unavoidable mocks to be documented and exempt.
956
+
957
+ ### Calculate Ratio
958
+
959
+ ```
960
+ MOCK_RATIO = mock_calls / (mock_calls + real_assertions)
961
+ ```
962
+
963
+ ### Evaluate
964
+
965
+ - If `MOCK_RATIO > 0.30` (30%): contributes to Test Authenticity scoring 0
966
+ - Report per-file ratios for the worst offenders
967
+
968
+ ---
969
+
970
+ ## Step 6: Semantic Slop Detection
971
+
972
+ ### Automated Pattern Detection (Grep-based)
973
+
974
+ Run these checks on new/modified source files (not test files):
975
+
976
+ #### Red Severity (Blocks)
977
+
978
+ ```
979
+ Pattern: expect(true).toBe(true)
980
+ Also: expect(1).toBe(1), expect('a').toBe('a')
981
+ Method: Grep for tautological assertions in test files
982
+ ```
983
+
984
+ ```
985
+ Pattern: test.skip / it.skip / describe.skip / xit / xdescribe
986
+ Method: Grep for skip patterns in feature-related test files
987
+ ```
988
+
989
+ #### Yellow Severity (Must Address)
990
+
991
+ ```
992
+ Pattern: TODO / FIXME / XXX / HACK in source code (not test helpers)
993
+ Method: Grep in new/modified .ts/.js/.py files
994
+ ```
995
+
996
+ ```
997
+ Pattern: Empty catch blocks — catch (e) {} or catch { }
998
+ Method: Grep for catch blocks with empty or whitespace-only bodies
999
+ ```
1000
+
1001
+ #### Gray Severity (Informational)
1002
+
1003
+ Gray-level findings are reported by the specialist agents (Standards and Test
1004
+ Quality). They include:
1005
+
1006
+ - Redundant comments restating code (agent: validation-standards)
1007
+ - Over-engineered abstractions for one-time use (agent: validation-standards)
1008
+ - Magic numbers without named constants (agent: validation-standards)
1009
+ - Mock-only tests that verify wiring not behavior (agent:
1010
+ validation-test-quality)
1011
+
1012
+ ### Consolidate Slop Findings
1013
+
1014
+ Combine automated Grep results with agent findings:
1015
+
1016
+ ```
1017
+ | # | Pattern | Severity | Source | Description | File | Line |
1018
+ |---|---------|----------|--------|-------------|------|------|
1019
+ | 1 | Placeholder test | Red | Grep | expect(true).toBe(true) | test.ts | 45 |
1020
+ | 2 | Skipped test | Red | Grep | it.skip('should...') | spec.ts | 12 |
1021
+ | 3 | TODO placeholder | Yellow | Grep | // TODO: implement | service.ts | 89 |
1022
+ | 4 | Redundant comment | Yellow | Agent | "// create user" above createUser() | user.ts | 23 |
1023
+ ```
1024
+
1025
+ ---
1026
+
1027
+ ## Step 7: Score the 10-Category Rubric
1028
+
1029
+ Using agent reports, automated checks, and analysis from Steps 3-6, score each
1030
+ category:
1031
+
1032
+ ### Scoring Logic
1033
+
1034
+ **Category 1: Functional Correctness** ({15 or 20 if no UI} pts)
1035
+
1036
+ - Input: validation-correctness agent report + `GATE-2` + automated test results
1037
+ - Score 0 if: `GATE-2` fails, OR any Red finding from correctness agent, OR
1038
+ build/tests fail, OR tests fail to import
1039
+ - Score full if: All acceptance criteria verified with real tests
1040
+
1041
+ **Category 2: Test Authenticity** ({15 or 20 if no UI} pts)
1042
+
1043
+ - Input: validation-test-quality agent report + `GATE-2` + mutation score +
1044
+ mock ratio
1045
+ - Score 0 if: Any placeholder assertion found, OR any test.skip found, OR mock
1046
+ ratio > 30%, OR mutation score < 60% (when Stryker available), OR
1047
+ `GATE-2` fails
1048
+ - Score full if: Zero placeholders, zero skips, mock ratio <= 30%
1049
+
1050
+ **Category 3: UI/E2E Verification** (10 pts, or 0 if redistributed)
1051
+
1052
+ - If `HAS_UI = false`: Record `N/A — HAS_UI=false` plus an explicit not-in-scope
1053
+ reason in the evidence table and apply the existing no-UI redistribution.
1054
+ - If `HAS_UI = true` and `DEPLOY_IN_SCOPE = false`: Check `GATE-3` for local
1055
+ render proof and record `Render proof only — deployment target not in scope`
1056
+ when that proof exists. Score 0 if `GATE-3` fails or no local render proof
1057
+ exists. Do not redistribute Category 3 points.
1058
+ - If `HAS_UI = true` and `DEPLOY_IN_SCOPE = true`: Check `GATE-3` for
1059
+ screenshot, curl/HTTP transcript, deployment log, headless browser
1060
+ assertion, or smoke-check output with proof of rendered/live behavior on the
1061
+ declared route or target. Score 0 if `GATE-3` fails or no real render/deploy
1062
+ proof exists.
1063
+
1064
+ **Category 4: Security Posture** (10 pts)
1065
+
1066
+ - Input: validation-security agent report
1067
+ - Score 0 if: Any Red finding from security agent
1068
+ - Score full if: No Red or Yellow findings
1069
+
1070
+ **Category 5: Integration Reality** (10 pts)
1071
+
1072
+ - Input: validation-integration agent report + `GATE-1`
1073
+ - Score 0 if: `GATE-1` fails, OR any contract violation, OR critical boundary
1074
+ with zero tests
1075
+ - Score full if: All contracts satisfied, integration tests use real deps
1076
+
1077
+ **Category 6: Error Path Coverage** (10 pts)
1078
+
1079
+ - Input: validation-correctness agent (error paths) + validation-standards agent
1080
+ (empty catch blocks)
1081
+ - Score 0 if: Empty catch blocks found, OR public functions lack error path
1082
+ tests
1083
+ - Score full if: Error paths tested, catch blocks handle errors properly
1084
+
1085
+ **Category 7: Architecture Compliance** (10 pts)
1086
+
1087
+ - Input: validation-standards agent report (architecture section)
1088
+ - Score 0 if: File structure deviates from plan.md without justification, OR
1089
+ required diagrams/pictures are stale, unreadable, unrendered without fallback,
1090
+ disconnected from the requirements/code/EAI Platform evidence they explain, OR
1091
+ human-facing artifacts lack a plain-language executive summary
1092
+ - Score full if: All files in expected locations, patterns followed
1093
+
1094
+ **Visual And Document Comprehension Gate** (part of Category 7, no extra points):
1095
+
1096
+ Use this gate whenever the feature has architecture, process, security,
1097
+ workflow, data, UI, or EAI Platform behavior that a human reviewer or future AI
1098
+ loop must understand. This is benchmarked against C4-style abstraction levels,
1099
+ diagram-as-code/source-controlled visuals, 8090-style requirement/blueprint
1100
+ alignment, Marp-style narrative decks, and UI proof practices such as screenshot
1101
+ or visual-test evidence.
1102
+
1103
+ - Executive summaries: every human-facing document starts with three to five
1104
+ plain-language bullets that cover the decision, value, risk, evidence, and next
1105
+ ask. Technical detail comes after the summary.
1106
+ - Purpose clarity: every visual states the question it answers, audience,
1107
+ source inputs, and how to read it in plain language.
1108
+ - Simplicity: each diagram focuses on one decision or flow, keeps primary
1109
+ nodes/steps to about seven or fewer where practical, and splits crowded
1110
+ diagrams instead of making a spaghetti map.
1111
+ - Correct visual type: use context/container C4 views for system boundaries,
1112
+ sequence/state diagrams for flows, ERD for data, value stream for process,
1113
+ heatmaps for capability/risk priority, and screenshot/storyboard evidence for
1114
+ UI behavior.
1115
+ - Renderability: Mermaid/D2/Structurizr-style source must render locally or
1116
+ provide a markdown-table/text fallback; Marp decks must be valid Markdown with
1117
+ slide frontmatter; UI visuals need screenshot, Storybook/component,
1118
+ Playwright, or equivalent render proof.
1119
+ - Traceability: each visual links to the requirement, plan, contract, code/test,
1120
+ EAI service/template asset, or validation evidence it summarizes.
1121
+ - Freshness: validation must check whether visuals changed or were reapproved
1122
+ after spec, plan, code, tenant/auth, or validation changes; stale visuals fail
1123
+ Category 7 even when the code passes.
1124
+ - Public safety: visuals must not expose tenant-private data, secrets, customer
1125
+ identifiers, internal-only architecture names, or screenshots containing
1126
+ private content.
1127
+
1128
+ **Category 8: Performance Baseline** (5 pts)
1129
+
1130
+ - Input: validation-performance agent report
1131
+ - Score 0 if: Sync I/O in async paths, OR complexity > 12, OR unbounded loops
1132
+ - Score full if: No blocking performance findings
1133
+
1134
+ **Category 9: Code Hygiene** (10 pts)
1135
+
1136
+ - Input: validation-standards agent report (hygiene section) + slop detection
1137
+ - Score 0 if: TODO placeholders in production code, OR > 5 redundant comments,
1138
+ OR silent error swallowing found
1139
+ - Score full if: Clean code, no slop findings above Gray
1140
+
1141
+ **Category 10: Specification Traceability** (5 pts)
1142
+
1143
+ - Input: validation-correctness agent (criteria mapping)
1144
+ - Score 0 if: User stories cannot be traced to tests and code
1145
+ - Score full if: Every US has tests, every test maps to implementing code
1146
+
1147
+ **Category 11: Blast Radius Containment** (10 pts) — NEW
1148
+
1149
+ - Input: Phase B blast-radius-report.md (Agents 8-12)
1150
+ - Score 0 if **any** of:
1151
+ - `BLAST_RADIUS_RED > 0` (verdict BREACHED in blast-radius-report.md), OR
1152
+ - Interface Contract Diff found a BREAKING change without CHANGELOG entry, OR
1153
+ - Observability agent found a silent failure in production code, OR
1154
+ - Dependency agent reports a new High or Critical CVE, OR
1155
+ - Rollback agent reports an irreversible migration without justification, OR
1156
+ - Cross-submodule ripple detected that was not planned in plan.md
1157
+ - Score full (10) if: `BLAST_RADIUS_RED == 0` — verdict CONTAINED in
1158
+ blast-radius-report.md. Yellow/Gray findings do not block the category but are
1159
+ forwarded to Phase C for attention.
1160
+
1161
+ ### Calculate Total Score
1162
+
1163
+ ```
1164
+ TOTAL = Cat1 + Cat2 + Cat3 + ... + Cat10 + Cat11
1165
+ ```
1166
+
1167
+ Must equal **110** to PASS (no-UI features: Cat3 redistributes +5 to Cat1 and +5
1168
+ to Cat2; total is still 110).
1169
+
1170
+ ---
1171
+
1172
+ ## Step 7.4: Two-Pass Canvas Refresh (Impact Canvas)
1173
+
1174
+ After the validation council completes, refresh the Impact Canvas with
1175
+ validation findings. This is a SURGICAL update: only the `topThreeRisks` slot of
1176
+ `impact-canvas.md` is replaced; all other canvas content (header, problem
1177
+ statement, personas, AI-leverage pie, outcomes) is preserved byte-for-byte. The
1178
+ frontmatter `pass:` marker is bumped from 1 to 2 so downstream consumers can
1179
+ tell which pass produced the artefact.
1180
+
1181
+ ```
1182
+ Task: subagent_type="visual-canvas-writer", model="haiku"
1183
+ Prompt: "Pass-2 refresh for {FEATURE_DIR}/visuals/impact-canvas.md.
1184
+ Read validation council output from {FEATURE_DIR}/validation.md.
1185
+ Replace ONLY the topThreeRisks section with the council's top three risks.
1186
+ Preserve all other content byte-for-byte.
1187
+
1188
+ Use the runPass2() helper at .specify/scripts/node/lib/visual-pass-pipeline.mjs
1189
+ which implements the surgical replacement (regex-bounded swap of the
1190
+ '## Top Three Risks' section + frontmatter pass: 1 -> 2 bump).
1191
+
1192
+ Return: absolute path of file written and the three risk strings used."
1193
+ ```
1194
+
1195
+ The `runPass2()` function in
1196
+ `.specify/scripts/node/lib/visual-pass-pipeline.mjs` already implements the
1197
+ surgical replacement; the writer agent only needs to provide the three
1198
+ council-validated risk strings. This satisfies FR-016 (two-pass canvas refresh)
1199
+ and the locked decision recorded in `plan.md:912-919`.
1200
+
1201
+ ---
1202
+
1203
+ ## Step 7.5: Refresh Risk Heatmap (Persona Pack — US4)
1204
+
1205
+ After the rubric is scored and validation council findings are available,
1206
+ dispatch `visual-risk-writer` in **pass-2 mode** to refresh the risk heatmap
1207
+ with critical risks identified by the council. This replaces the heuristic
1208
+ top-quadrant entries that pass-1 (run from this same stage before validation)
1209
+ populated from the spec NFR / Out-of-Scope sections.
1210
+
1211
+ ```
1212
+ Task: subagent_type="visual-risk-writer", model="haiku"
1213
+ Prompt: "Pass 2: refresh risk heatmap for feature [FEATURE_NAME].
1214
+
1215
+ Feature directory: {FEATURE_DIR}
1216
+ Spec: {FEATURE_DIR}/spec.md
1217
+ Validation council findings: {FEATURE_DIR}/validation-report.md (in-progress)
1218
+ Existing heatmap (pass-1): {FEATURE_DIR}/visuals/risk-heatmap.md
1219
+ Template: .specify/templates/visuals/risk-heatmap-template.md
1220
+
1221
+ Replace top-quadrant risks with the validation council's critical findings.
1222
+ Preserve pass-1 risks that did not surface in validation.
1223
+ Honour ≥30 ≤200 word plain-language preamble (NFR-010).
1224
+
1225
+ Return: absolute path of file written and risk counts per quadrant."
1226
+ ```
1227
+
1228
+ The validation report (Step 8) MUST link to the refreshed risk heatmap under its
1229
+ `## Risk Posture` section. If the Mermaid renderer fails for a downstream
1230
+ consumer, the `mermaid-tabular-fallback.mjs` helper provides a markdown-table
1231
+ fallback for the `quadrantChart` block.
1232
+
1233
+ ---
1234
+
1235
+ ## Step 8: Generate Validation Report
1236
+
1237
+ Write to `{FEATURE_DIR}/validation-report.md`:
1238
+
1239
+ ```markdown
1240
+ ---
1241
+ feature: [Feature Name]
1242
+ validated: [ISO timestamp]
1243
+ validator: Claude
1244
+ status: [PASS/FAIL]
1245
+ score: [N]
1246
+ score_max: 110
1247
+ iteration: [N]
1248
+ has_ui: [true/false]
1249
+ deploy_in_scope: [true/false]
1250
+ objective_gate_status: [PASS/FAIL]
1251
+ goal_rebaseline_report: goal-rebaseline-report.md
1252
+ loop_audit_report: loop-audit-report.md
1253
+ blast_radius_verdict: [CONTAINED | BREACHED]
1254
+ blast_radius_report: blast-radius-report.md
1255
+ GeneratedAt: [ISO timestamp]
1256
+ SourceCommandId: /6_gofer_validate
1257
+ SourceInputs: [spec.md, plan.md, tasks.md, research.md, automated checks, agent findings]
1258
+ OverwriteNoticeWhenApplicable: [new file or overwrite note]
1259
+ ---
1260
+
1261
+ # Validation Report: [Feature Name]
1262
+
1263
+ ## Objective Outcome Gate
1264
+
1265
+ - Goal ledger: `goal-ledger.json`
1266
+ - Rebaseline report: `goal-rebaseline-report.md`
1267
+ - Loop contract: `loop-contract.json`
1268
+ - Loop ledger: `loop-ledger.jsonl`
1269
+ - Loop audit report: `loop-audit-report.md`
1270
+ - Outcome gate status: [PASS/FAIL]
1271
+ - Recommended reopen stage: [none | 2_specify | 3_plan | 4_tasks | 6_validate]
1272
+ - Summary: [why objectives remain aligned or why the loop must reopen]
1273
+
1274
+ ## Rubric Score
1275
+
1276
+ | # | Category | Points | Score | Status | Evidence |
1277
+ | --- | -------------------------- | ------- | ---------- | --------------- | --------- |
1278
+ | 1 | Functional Correctness | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
1279
+ | 2 | Test Authenticity | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
1280
+ | 3 | UI/E2E Verification | [10/0] | [0/10/N/A] | PASS/FAIL/SKIP | [summary] |
1281
+ | 4 | Security Posture | 10 | [0/10] | PASS/FAIL | [summary] |
1282
+ | 5 | Integration Reality | 10 | [0/10] | PASS/FAIL | [summary] |
1283
+ | 6 | Error Path Coverage | 10 | [0/10] | PASS/FAIL | [summary] |
1284
+ | 7 | Architecture Compliance | 10 | [0/10] | PASS/FAIL | [summary] |
1285
+ | 8 | Performance Baseline | 5 | [0/5] | PASS/FAIL | [summary] |
1286
+ | 9 | Code Hygiene | 10 | [0/10] | PASS/FAIL | [summary] |
1287
+ | 10 | Specification Traceability | 5 | [0/5] | PASS/FAIL | [summary] |
1288
+ | 11 | Blast Radius Containment | 10 | [0/10] | PASS/FAIL | [summary] |
1289
+ | | **TOTAL** | **110** | **[N]** | **[PASS/FAIL]** | |
1290
+
1291
+ ## Automated Check Results
1292
+
1293
+ | Check | Command | Result |
1294
+ | --------- | ------------- | ------------------- |
1295
+ | Build | npm run build | [PASS/FAIL] |
1296
+ | Tests | npm test | [PASS/FAIL] |
1297
+ | Lint | npm run lint | [PASS/FAIL + count] |
1298
+ | TypeCheck | tsc --noEmit | [PASS/FAIL] |
1299
+
1300
+ ## Closed-Loop Traceability
1301
+
1302
+ | Requirement ID | Goal ID | Code Evidence | Test Evidence | Status |
1303
+ | -------------- | ------- | ------------- | ------------- | ------ |
1304
+ | [FR-001] | [G1] | [path] | [path] | [PASS/FAIL] |
1305
+
1306
+ ## Mutation Testing
1307
+
1308
+ - **Stryker available**: [Yes/No]
1309
+ - **Mutation score**: [N]% (target: >= 60%)
1310
+
1311
+ ## Mock Ratio Analysis
1312
+
1313
+ - **Total mock calls**: [N]
1314
+ - **Total real assertions**: [N]
1315
+ - **Mock ratio**: [N]% (target: <= 30%)
1316
+ - **Justified mocks excluded**: [N]
1317
+
1318
+ ### Worst Offenders by File
1319
+
1320
+ | File | Mocks | Assertions | Ratio | Status |
1321
+ | ------ | ----- | ---------- | ----- | ------- |
1322
+ | [file] | [N] | [N] | [N]% | OK/FAIL |
1323
+
1324
+ ## Specialist Agent Findings
1325
+
1326
+ ### Red (Blocking)
1327
+
1328
+ | # | Category | Finding | File | Line |
1329
+ | --- | ---------- | ------------- | ------ | ------ |
1330
+ | [N] | [category] | [description] | [file] | [line] |
1331
+
1332
+ ### Yellow (Must Address)
1333
+
1334
+ | # | Category | Finding | File | Line |
1335
+ | --- | ---------- | ------------- | ------ | ------ |
1336
+ | [N] | [category] | [description] | [file] | [line] |
1337
+
1338
+ ### Gray (Informational)
1339
+
1340
+ | # | Category | Finding | File | Line |
1341
+ | --- | ---------- | ------------- | ------ | ------ |
1342
+ | [N] | [category] | [description] | [file] | [line] |
1343
+
1344
+ ## AI Slop Detection Summary
1345
+
1346
+ | Pattern | Count | Severity |
1347
+ | ---------------------------- | ----- | -------- |
1348
+ | Placeholder assertions | [N] | Red |
1349
+ | Skipped tests | [N] | Red |
1350
+ | TODO/FIXME placeholders | [N] | Yellow |
1351
+ | Empty catch blocks | [N] | Yellow |
1352
+ | Redundant comments | [N] | Yellow |
1353
+ | Over-engineered abstractions | [N] | Gray |
1354
+ | Magic numbers | [N] | Gray |
1355
+
1356
+ ## Blast Radius Summary (Phase B)
1357
+
1358
+ See `{FEATURE_DIR}/blast-radius-report.md` for the full dimension report.
1359
+
1360
+ | Dimension | Agent | Red | Yellow | Gray | Verdict |
1361
+ | ----------------------------------- | ----------------------------- | --- | ------ | ---- | ------------------------ |
1362
+ | Change graph / ripple | codebase-analyzer | [N] | [N] | [N] | [OK/BREACHED] |
1363
+ | Interface contracts | validation-integration | [N] | [N] | [N] | [OK/BREACHED] |
1364
+ | Error logging & observability | validation-standards | [N] | [N] | [N] | [OK/BREACHED] |
1365
+ | Dependency & submodule impact | research-dependency-evaluator | [N] | [N] | [N] | [OK/BREACHED] |
1366
+ | Rollback readiness & release chklst | tasks-rollback-planner | [N] | [N] | [N] | [OK/BREACHED] |
1367
+ | | **TOTAL** | [N] | [N] | [N] | **[CONTAINED/BREACHED]** |
1368
+
1369
+ **Change Surface Summary**
1370
+
1371
+ - Modified files: [N]
1372
+ - Submodules touched: [list]
1373
+ - Public-surface symbols modified: [N]
1374
+ - Breaking API changes: [N]
1375
+ - New dependencies: [N]
1376
+ - New High/Critical CVEs: [N]
1377
+ - Irreversible migrations: [N]
1378
+ - CHANGELOG updated: [Yes/No/N/A]
1379
+
1380
+ **Phase B Gate**: Cat 11 scores 10 only if verdict is **CONTAINED**.
1381
+
1382
+ ## Spec Compliance
1383
+
1384
+ ### [US1 Name]
1385
+
1386
+ - [x/] Acceptance criterion 1
1387
+ - [x/] Acceptance criterion 2
1388
+
1389
+ ### [US2 Name]
1390
+
1391
+ - [x/] Acceptance criterion 1
1392
+
1393
+ ## Recommendations
1394
+
1395
+ ### Before Merge (Must Fix)
1396
+
1397
+ - [Red and Yellow findings requiring action]
1398
+
1399
+ ### Future Improvements (Informational)
1400
+
1401
+ - [Gray findings and suggestions]
1402
+
1403
+ ## Evidence Table
1404
+
1405
+ | Category | Score | Evidence Artifact / Command Output | Absent / Reason for 0 |
1406
+ | --- | --- | --- | --- |
1407
+ | 1 — Functional Correctness | [0/15/20] | [file path, executed `npm test` output with timestamp, or agent citation] | [reason if 0] |
1408
+ | 2 — Test Authenticity | [0/15/20] | [file path, mutation output, or agent citation] | [reason if 0] |
1409
+ | 3 — UI/E2E Verification | [0/10/N/A] | [`N/A — HAS_UI=false`, `Render proof only — deployment target not in scope`, or render/deploy artifact] | [reason if 0 or not in scope] |
1410
+ | 4 — Security Posture | [0/10] | [agent finding citation] | [reason if 0] |
1411
+ | 5 — Integration Reality | [0/10] | [runtime wiring proof, integration-test output, or agent citation] | [reason if 0] |
1412
+ | 6 — Error Path Coverage | [0/10] | [agent finding citation] | [reason if 0] |
1413
+ | 7 — Architecture Compliance | [0/10] | [agent finding citation] | [reason if 0] |
1414
+ | 8 — Performance Baseline | [0/5] | [agent finding citation] | [reason if 0] |
1415
+ | 9 — Code Hygiene | [0/10] | [agent finding citation] | [reason if 0] |
1416
+ | 10 — Specification Traceability | [0/5] | [agent finding citation] | [reason if 0] |
1417
+ | 11 — Blast Radius Containment | [0/10] | [blast-radius-report.md reference] | [reason if 0] |
1418
+ | **Total** | **[N]/110** | | |
1419
+ ```
1420
+
1421
+ This evidence table is required on **EVERY run (PASS and FAIL)**.
1422
+
1423
+ Each `Evidence Artifact / Command Output` cell MUST contain at least one of:
1424
+
1425
+ - A file path visible in the current session
1426
+ - An executed command and its real output (with timestamp)
1427
+ - A sub-agent finding citation (agent name + finding ID)
1428
+
1429
+ An empty evidence cell or a cell containing only inferences/assumptions MUST
1430
+ cause that category to score 0.
1431
+
1432
+ Category 11's evidence cell MUST cite `blast-radius-report.md`.
1433
+
1434
+ When Category 3 is not in scope, the report preamble or row text MUST make the
1435
+ redistribution explicit enough that normalization/effective contribution remains
1436
+ derivable from the persisted report, and `Absent / Reason for 0` must record
1437
+ the matching not-in-scope reason.
1438
+
1439
+ ---
1440
+
1441
+ ## Step 9: Determine Outcome
1442
+
1443
+ ### If TOTAL = 110 and objective_gate_status = PASS: PASS (Phase A + B)
1444
+
1445
+ ```
1446
+ ════════════════════════════════════════════════════════════════
1447
+ RUBRIC PASSED: [Feature Name]
1448
+ ════════════════════════════════════════════════════════════════
1449
+
1450
+ Score: 110/110
1451
+
1452
+ Rubric:
1453
+ ✓ Functional Correctness [15/20]/[15/20]
1454
+ ✓ Test Authenticity [15/20]/[15/20]
1455
+ ✓ UI/E2E Verification [10/10 or N/A]
1456
+ ✓ Security Posture 10/10
1457
+ ✓ Integration Reality 10/10
1458
+ ✓ Error Path Coverage 10/10
1459
+ ✓ Architecture Compliance 10/10
1460
+ ✓ Performance Baseline 5/5
1461
+ ✓ Code Hygiene 10/10
1462
+ ✓ Specification Traceability 5/5
1463
+ ✓ Blast Radius Containment 10/10
1464
+
1465
+ Reports:
1466
+ {FEATURE_DIR}/validation-report.md
1467
+ {FEATURE_DIR}/blast-radius-report.md
1468
+
1469
+ ════════════════════════════════════════════════════════════════
1470
+ ```
1471
+
1472
+ Proceed to **Phase C: Engineering Review Loop** (inline, Step 10a below), then
1473
+ **Step 11: Attribution Logging** and **Step 12: Memory Update Check**.
1474
+
1475
+ **No external auto-chain is needed** — Phase C runs inline in this command.
1476
+ After Phase C completes, the feature pipeline is complete.
1477
+
1478
+ ### If TOTAL < 110 or objective_gate_status = FAIL: FAIL
1479
+
1480
+ Proceed to **Step 10: Brownfield Restart** (Phase C does not run when the rubric
1481
+ fails — fix the rubric first).
1482
+
1483
+ ---
1484
+
1485
+ ## Step 10: Brownfield Restart Loop
1486
+
1487
+ When validation fails (score < score_max), generate a remediation report and signal
1488
+ the orchestrator to restart the pipeline focused on failed areas.
1489
+
1490
+ ### 10.1 Check Iteration Count
1491
+
1492
+ - If `ITERATION >= 3`: Generate **escalation report** instead (see 10.4)
1493
+ - If `ITERATION < 3`: Generate **remediation report** and signal restart
1494
+
1495
+ ### 10.2 Generate Remediation Report
1496
+
1497
+ Write to `{FEATURE_DIR}/remediation-report.md`:
1498
+
1499
+ ```markdown
1500
+ ---
1501
+ feature: [Feature Name]
1502
+ iteration: [N]
1503
+ score: [N]
1504
+ score_max: 110
1505
+ generated: [ISO timestamp]
1506
+ failed_categories: [list]
1507
+ ---
1508
+
1509
+ # Remediation Report: [Feature Name]
1510
+
1511
+ ## Iteration [N] of 3
1512
+
1513
+ **Score**: [N]/110 **Status**: FAIL — Remediation Required
1514
+
1515
+ ## Failed Categories
1516
+
1517
+ ### [Category Name] (0/[points])
1518
+
1519
+ **Evidence**: [Specific findings from agent reports]
1520
+
1521
+ **Required Actions**:
1522
+
1523
+ 1. [Specific action to fix this category]
1524
+ 2. [Another specific action]
1525
+
1526
+ **Files to modify**:
1527
+
1528
+ - `path/to/file.ts:line` — [what to change]
1529
+
1530
+ ### [Next Failed Category]
1531
+
1532
+ ...
1533
+
1534
+ ## Remediation Scope
1535
+
1536
+ The following pipeline stages should re-run focused on these areas:
1537
+
1538
+ - **Research**: [Any new research needed, or "Not needed"]
1539
+ - **Plan**: [Any plan updates, or "Not needed"]
1540
+ - **Implement**: [Specific tasks to re-implement]
1541
+ - **Validate**: Re-run after fixes
1542
+
1543
+ ## Previous Iterations
1544
+
1545
+ | Iteration | Score | Failed Categories | Date |
1546
+ | --------- | ------- | ----------------- | ------ |
1547
+ | 1 | [N]/110 | [list] | [date] |
1548
+ | 2 | [N]/110 | [list] | [date] |
1549
+ ```
1550
+
1551
+ ### 10.3 Signal Orchestrator
1552
+
1553
+ Output the routing instruction:
1554
+
1555
+ ```
1556
+ ════════════════════════════════════════════════════════════════
1557
+ VALIDATION FAILED: [Feature Name]
1558
+ ════════════════════════════════════════════════════════════════
1559
+
1560
+ Score: [N]/110
1561
+ Iteration: [N] of 3
1562
+
1563
+ Failed categories:
1564
+ ✗ [Category] — 0/[points]: [brief reason]
1565
+ ✗ [Category] — 0/[points]: [brief reason]
1566
+
1567
+ Remediation report: {FEATURE_DIR}/remediation-report.md
1568
+
1569
+ REMEDIATION REQUIRED: [feature-name]
1570
+ Failed categories: [list]
1571
+ Iteration: [N] of 3
1572
+ Route: #5_gofer_implement → focused on [failed areas]
1573
+
1574
+ ════════════════════════════════════════════════════════════════
1575
+ ```
1576
+
1577
+ Then proceed to **Step 11: Attribution Logging**.
1578
+
1579
+ ### 10.4 Escalation (Iteration 3 Failure)
1580
+
1581
+ If this is the 3rd iteration and validation still fails, generate
1582
+ `{FEATURE_DIR}/escalation-report.md`:
1583
+
1584
+ ```markdown
1585
+ ---
1586
+ feature: [Feature Name]
1587
+ iteration: 3
1588
+ final_score: [N]/110
1589
+ escalated: [ISO timestamp]
1590
+ ---
1591
+
1592
+ # Escalation Report: [Feature Name]
1593
+
1594
+ ## Human Review Required
1595
+
1596
+ After 3 remediation attempts, the following categories still fail:
1597
+
1598
+ ### [Category] — All 3 attempts failed
1599
+
1600
+ **Iteration history**:
1601
+
1602
+ 1. Score [N] — [what was tried]
1603
+ 2. Score [N] — [what was tried]
1604
+ 3. Score [N] — [what was tried]
1605
+
1606
+ **Root cause assessment**: [Why automated remediation isn't working]
1607
+
1608
+ **Recommended human action**: [What a developer should do]
1609
+
1610
+ ## Full Score History
1611
+
1612
+ | Iteration | Total | Cat1 | Cat2 | Cat3 | Cat4 | Cat5 | Cat6 | Cat7 | Cat8 | Cat9 | Cat10 | Cat11 |
1613
+ | --------- | ----- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ----- | ----- |
1614
+ | 1 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1615
+ | 2 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1616
+ | 3 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1617
+ ```
1618
+
1619
+ Output:
1620
+
1621
+ ```
1622
+ ════════════════════════════════════════════════════════════════
1623
+ ESCALATION: [Feature Name]
1624
+ ════════════════════════════════════════════════════════════════
1625
+
1626
+ After 3 remediation attempts, validation still fails.
1627
+ Score: [N]/110
1628
+
1629
+ Escalation report: {FEATURE_DIR}/escalation-report.md
1630
+
1631
+ This feature requires human review before proceeding.
1632
+ The automated pipeline cannot resolve the remaining issues.
1633
+
1634
+ ════════════════════════════════════════════════════════════════
1635
+ ```
1636
+
1637
+ ---
1638
+
1639
+ # Phase C — Engineering Review Loop
1640
+
1641
+ Phase C runs **only when the rubric passes** (110/110). It performs 1-5
1642
+ iterative review→fix→re-review cycles using 3 additional review agents per
1643
+ cycle, catching issues that the rubric-based validation might miss (edge cases,
1644
+ race conditions, API-contract drift against the as-implemented code, spec spirit
1645
+ violations).
1646
+
1647
+ Phase C is the terminal stage of `#6_gofer_validate`. After Phase C completes,
1648
+ the feature pipeline is complete.
1649
+
1650
+ ## Step 10a: Initialize Phase C
1651
+
1652
+ 1. **Guard**: only proceed if rubric `status == PASS` and the objective outcome
1653
+ gate passes (Step 9 TOTAL = 110 and Step 1.5 PASS). If
1654
+ FAIL, skip Phase C entirely — brownfield restart (Step 10) already triggered.
1655
+
1656
+ 2. **Initialize cycle counter**: `CYCLE = 1`
1657
+
1658
+ 3. **Initialize findings history**: Empty array to accumulate across cycles.
1659
+
1660
+ 4. **Seed findings from Phase B Yellow/Gray**: All Yellow findings from the
1661
+ blast-radius report are added to the Phase C finding list for mandatory
1662
+ attention. Gray findings are logged but not auto-fixed.
1663
+
1664
+ ## Step 10b: Spawn 3 Parallel Review Agents (Cycle N of 5)
1665
+
1666
+ Launch all 3 agents **in parallel** using the Task tool. Each agent receives the
1667
+ feature context and returns structured findings.
1668
+
1669
+ ### Agent 13: Engineer Review (Spec↔Plan↔Tasks↔Research Alignment)
1670
+
1671
+ ```
1672
+ Task: subagent_type="engineer-review", model="sonnet"
1673
+ Prompt: "Post-implementation engineering review for feature [FEATURE_NAME].
1674
+
1675
+ Feature directory: {FEATURE_DIR}
1676
+ Spec: {FEATURE_DIR}/spec.md
1677
+ Plan: {FEATURE_DIR}/plan.md
1678
+ Tasks: {FEATURE_DIR}/tasks.md
1679
+ Research: {FEATURE_DIR}/research.md
1680
+
1681
+ This is a POST-IMPLEMENTATION review (code is already written).
1682
+ In addition to your standard spec↔plan↔tasks alignment checks:
1683
+ 1. Verify spec completeness against research.md — are all research findings addressed?
1684
+ 2. Check all acceptance criteria are addressed in the actual code (not just tasks)
1685
+ 3. Verify research.md patterns were followed in implementation
1686
+
1687
+ Return findings in your standard report format (<2000 tokens)."
1688
+ ```
1689
+
1690
+ ### Agent 14: Codebase Analyzer (Code↔Tasks Verification)
1691
+
1692
+ ```
1693
+ Task: subagent_type="codebase-analyzer", model="sonnet"
1694
+ Prompt: "Post-implementation code verification for feature [FEATURE_NAME].
1695
+
1696
+ Feature directory: {FEATURE_DIR}
1697
+ Tasks: {FEATURE_DIR}/tasks.md
1698
+
1699
+ Verify the following:
1700
+ 1. Every task marked [x] in tasks.md has corresponding code changes — check file paths
1701
+ 2. Search for TODO/FIXME/HACK comments in files listed in tasks.md
1702
+ 3. Check for dead code or unused imports in changed files
1703
+ 4. Verify any API contracts/interfaces match their actual implementations
1704
+ 5. Check for inconsistencies between task descriptions and what was implemented
1705
+
1706
+ Return findings with Red/Yellow/Gray severity (<2000 tokens).
1707
+ Red = task marked complete but no code found, or API contract mismatch
1708
+ Yellow = TODO/FIXME comments, unused imports, minor inconsistencies
1709
+ Gray = style suggestions, optional improvements"
1710
+ ```
1711
+
1712
+ ### Agent 15: Correctness Re-verification
1713
+
1714
+ ```
1715
+ Task: subagent_type="validation-correctness", model="sonnet"
1716
+ Prompt: "Post-implementation correctness re-verification for feature [FEATURE_NAME].
1717
+
1718
+ Feature directory: {FEATURE_DIR}
1719
+ Spec: {FEATURE_DIR}/spec.md
1720
+ Plan: {FEATURE_DIR}/plan.md
1721
+
1722
+ This is a focused re-check after validation passed. Look for issues that
1723
+ rubric-based validation might miss:
1724
+ 1. Edge cases from spec that may not have explicit tests
1725
+ 2. Error handling completeness — are all failure modes covered?
1726
+ 3. Race conditions or concurrency issues in async code
1727
+ 4. Input validation at system boundaries
1728
+ 5. Any acceptance criteria that are technically 'covered' by tests but
1729
+ the implementation doesn't fully satisfy the spirit of the requirement
1730
+
1731
+ Return findings with Red/Yellow/Gray severity (<2000 tokens).
1732
+ Red = acceptance criterion not genuinely satisfied, critical error path missing
1733
+ Yellow = edge case not covered, partial error handling
1734
+ Gray = potential improvement, defensive coding suggestion"
1735
+ ```
1736
+
1737
+ **Run all 3 agents in parallel.** Collect all results before proceeding.
1738
+
1739
+ ## Step 10c: Run Build/Test/Lint Verification
1740
+
1741
+ Execute verification commands and capture results:
1742
+
1743
+ ### Build Check
1744
+
1745
+ ```bash
1746
+ cd extension && npm run compile
1747
+ ```
1748
+
1749
+ ### Test Check
1750
+
1751
+ ```bash
1752
+ cd extension && npm test
1753
+ ```
1754
+
1755
+ ### Lint Check
1756
+
1757
+ ```bash
1758
+ cd extension && npm run lint
1759
+ ```
1760
+
1761
+ Record results:
1762
+
1763
+ ```
1764
+ | Check | Command | Result |
1765
+ |--------|----------------------|-------------|
1766
+ | Build | npm run compile | PASS / FAIL |
1767
+ | Tests | npm test | PASS / FAIL |
1768
+ | Lint | npm run lint | PASS / FAIL |
1769
+ ```
1770
+
1771
+ **If any check FAILS**: Record as a Red finding.
1772
+
1773
+ ## Step 10d: Synthesize Findings
1774
+
1775
+ Collect all agent reports and build/test/lint results. Merge with Phase B
1776
+ Yellow/Gray carryovers. Classify each finding:
1777
+
1778
+ - **Red** (blocking): Task marked complete but no code, API contract mismatch,
1779
+ acceptance criterion not genuinely satisfied, build/test/lint failure,
1780
+ critical error path missing
1781
+ - **Yellow** (should fix): TODO/FIXME comments, unused imports, edge cases not
1782
+ covered, partial error handling, minor inconsistencies, Phase B Yellows
1783
+ - **Gray** (informational): Style suggestions, optional improvements, defensive
1784
+ coding suggestions, Phase B Grays
1785
+
1786
+ ### Compile Finding Table
1787
+
1788
+ ```
1789
+ | # | Finding | Severity | Source | File | Line | Status |
1790
+ |---|---------|----------|---------------------------|--------|--------|--------|
1791
+ | 1 | [desc] | Red | engineer-review | [file] | [line] | OPEN |
1792
+ | 2 | [desc] | Yellow | codebase-analyzer | [file] | [line] | OPEN |
1793
+ | 3 | [desc] | Yellow | phase-b:observability | [file] | [line] | OPEN |
1794
+ ```
1795
+
1796
+ ### Decision Logic
1797
+
1798
+ - If **NO Red or Yellow findings** → PASS → proceed to Step 10g (Report)
1799
+ - If **Red or Yellow findings exist** → proceed to Step 10e (Fix)
1800
+
1801
+ ## Step 10e: Fix Findings
1802
+
1803
+ For each Red and Yellow finding from the current cycle:
1804
+
1805
+ 1. **Read the affected file** at the specified line
1806
+ 2. **Apply the fix** directly using Edit tool
1807
+ 3. **Mark the finding as FIXED** in the finding table
1808
+
1809
+ ### Fix Priority
1810
+
1811
+ 1. Red findings first (blocking issues)
1812
+ 2. Yellow findings second (should fix)
1813
+ 3. Gray findings are logged but NOT auto-fixed
1814
+
1815
+ ### After Fixing
1816
+
1817
+ Re-run build/test/lint to verify fixes don't introduce regressions:
1818
+
1819
+ ```bash
1820
+ cd extension && npm run compile && npm test && npm run lint
1821
+ ```
1822
+
1823
+ If the verification fails after fixes, record new failures as Red findings for
1824
+ the next cycle.
1825
+
1826
+ ## Step 10f: Loop or Complete
1827
+
1828
+ ### Increment Cycle
1829
+
1830
+ ```
1831
+ CYCLE = CYCLE + 1
1832
+ ```
1833
+
1834
+ ### Decision
1835
+
1836
+ - If `CYCLE <= 5` AND findings were fixed in the previous cycle → **Go to Step
1837
+ 10b** (re-review with fresh agent runs to verify fixes and catch any new
1838
+ issues)
1839
+ - If `CYCLE > 5` AND Red/Yellow findings still remain → **Generate escalation
1840
+ section** in the report, declare pipeline complete with warnings
1841
+ - If **all findings resolved** (no Red or Yellow) → **Declare pipeline
1842
+ complete** (proceed to Step 10g)
1843
+
1844
+ ## Step 10g: Generate Engineering Review Report
1845
+
1846
+ Write to `{FEATURE_DIR}/engineering-review-report.md`:
1847
+
1848
+ ```markdown
1849
+ ---
1850
+ feature: [Feature Name]
1851
+ reviewed: [ISO timestamp]
1852
+ reviewer: Claude
1853
+ status: [PASS/PASS_WITH_WARNINGS/ESCALATED]
1854
+ cycles: [N]
1855
+ total_findings: [N]
1856
+ resolved_findings: [N]
1857
+ blast_radius_carryovers: [N]
1858
+ ---
1859
+
1860
+ # Engineering Review Report: [Feature Name]
1861
+
1862
+ ## Summary
1863
+
1864
+ - **Status**: [PASS / PASS_WITH_WARNINGS / ESCALATED]
1865
+ - **Review cycles**: [N] of 5 max
1866
+ - **Total findings**: [N] (Red: [N], Yellow: [N], Gray: [N])
1867
+ - **Resolved**: [N] findings fixed across [N] cycles
1868
+ - **Remaining**: [N] findings (if any)
1869
+ - **Phase B carryovers addressed**: [N] of [N]
1870
+
1871
+ ## Cycle History
1872
+
1873
+ ### Cycle 1
1874
+
1875
+ **Agents**: engineer-review, codebase-analyzer, validation-correctness
1876
+ **Build/Test/Lint**: [PASS/FAIL details]
1877
+
1878
+ | # | Finding | Severity | Source | File | Line | Resolution |
1879
+ | --- | ------- | -------- | ------ | ------ | ------ | ------------ |
1880
+ | 1 | [desc] | [sev] | [src] | [file] | [line] | [FIXED/OPEN] |
1881
+
1882
+ ### Cycle 2 (if applicable)
1883
+
1884
+ ...
1885
+
1886
+ ## Remaining Findings (if any)
1887
+
1888
+ | # | Finding | Severity | Source | File | Line | Reason Not Fixed |
1889
+ | --- | ------- | -------- | ------ | ------ | ------ | ---------------- |
1890
+ | 1 | [desc] | [sev] | [src] | [file] | [line] | [why] |
1891
+
1892
+ ## Recommendations
1893
+
1894
+ ### Must Address Before Merge
1895
+
1896
+ - [Any remaining Red/Yellow findings]
1897
+
1898
+ ### Future Improvements
1899
+
1900
+ - [Gray findings and suggestions]
1901
+ ```
1902
+
1903
+ ## Step 10g.5: Final Working Backwards PR/FAQ And CISO Summary
1904
+
1905
+ After the validation report, blast-radius report, loop audit, and engineering
1906
+ review report are written:
1907
+
1908
+ 1. Update `{FEATURE_DIR}/working-backwards-prfaq.md`.
1909
+ - Mark each Press Release claim as validated, changed, or unvalidated based
1910
+ on `validation-report.md`, `blast-radius-report.md`,
1911
+ `goal-rebaseline-report.md`, and `loop-audit-report.md`.
1912
+ - Fill Internal FAQ CISO / Risk with data handled, identity controls,
1913
+ tenant boundaries, secrets handling, residual risks, validation evidence,
1914
+ and launch gates.
1915
+ - Update "What happens if something goes wrong?" with rollback/support
1916
+ evidence from validation and blast-radius analysis.
1917
+ 2. Write `{FEATURE_DIR}/prfaq-history/06-validate.md` as an immutable final
1918
+ validation snapshot.
1919
+ 3. Create or update `{FEATURE_DIR}/ciso-security-summary.md` from
1920
+ `.specify/templates/ciso-security-summary-template.md` using
1921
+ `validation-report.md`, `blast-radius-report.md`, `audit-history.md`,
1922
+ `visuals/risk-heatmap.md`, auth/tenant evidence, secrets/data handling
1923
+ evidence, and loop audit evidence.
1924
+ 4. Refresh `{FEATURE_DIR}/business-owner-summary.md` with final validation
1925
+ status, business value confidence, and any validated/disproven assumptions.
1926
+ 5. Refresh `{FEATURE_DIR}/cto-architecture-summary.md` with validation status,
1927
+ blast-radius verdict, and any architecture/security exceptions.
1928
+ 6. Update `{FEATURE_DIR}/stakeholder-review-index.md` and make the final
1929
+ approve/revise/defer asks explicit:
1930
+ - Business Owner: release value, user/process impact, assumptions.
1931
+ - CTO / Architecture: platform/architecture evidence and exceptions.
1932
+ - CISO / Risk: controls, residual risks, security posture, launch gate.
1933
+ - Delivery: rollout, rollback, support, and evidence completeness.
1934
+
1935
+ If any validation gate failed, write these documents honestly with `FAIL`,
1936
+ `Pending`, or `Blocked` status; do not polish a failed feature as ready.
1937
+
1938
+ ## Step 10h: Output Completion Banner
1939
+
1940
+ ### If PASS (all findings resolved or no findings):
1941
+
1942
+ ```
1943
+ ════════════════════════════════════════════════════════════════
1944
+ ENGINEERING REVIEW PASSED: [Feature Name]
1945
+ ════════════════════════════════════════════════════════════════
1946
+
1947
+ Cycles: [N] of 5 max
1948
+ Findings: [N] found, [N] resolved
1949
+ Report: {FEATURE_DIR}/engineering-review-report.md
1950
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
1951
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
1952
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
1953
+
1954
+ ════════════════════════════════════════════════════════════════
1955
+ FEATURE PIPELINE COMPLETE!
1956
+
1957
+ All Gofer stages finished:
1958
+ 1. #1_gofer_research ✓
1959
+ 2. #2_gofer_specify ✓
1960
+ 3. #3_gofer_plan ✓
1961
+ 4. #4_gofer_tasks ✓
1962
+ 5. #5_gofer_implement ✓
1963
+ 6. #6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ✓)
1964
+
1965
+ The feature is ready for review and merge.
1966
+ Stakeholder PR/FAQ and persona summaries are ready for Business Owner,
1967
+ CTO/Architecture, CISO/Risk, and Delivery review.
1968
+ ════════════════════════════════════════════════════════════════
1969
+ ```
1970
+
1971
+ ### If PASS_WITH_WARNINGS (5 cycles exhausted, only Gray remaining):
1972
+
1973
+ ```
1974
+ ════════════════════════════════════════════════════════════════
1975
+ ENGINEERING REVIEW PASSED (WITH WARNINGS): [Feature Name]
1976
+ ════════════════════════════════════════════════════════════════
1977
+
1978
+ Cycles: 5 of 5 max
1979
+ Findings: [N] found, [N] resolved, [N] Gray remaining
1980
+ Report: {FEATURE_DIR}/engineering-review-report.md
1981
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
1982
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
1983
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
1984
+
1985
+ ⚠ Gray findings remain — see report for details.
1986
+
1987
+ ════════════════════════════════════════════════════════════════
1988
+ FEATURE PIPELINE COMPLETE!
1989
+
1990
+ All Gofer stages finished:
1991
+ 1. #1_gofer_research ✓
1992
+ 2. #2_gofer_specify ✓
1993
+ 3. #3_gofer_plan ✓
1994
+ 4. #4_gofer_tasks ✓
1995
+ 5. #5_gofer_implement ✓
1996
+ 6. #6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ⚠)
1997
+
1998
+ The feature is ready for review and merge (review Gray findings).
1999
+ ════════════════════════════════════════════════════════════════
2000
+ ```
2001
+
2002
+ ### If ESCALATED (5 cycles exhausted, Red/Yellow remain):
2003
+
2004
+ ```
2005
+ ════════════════════════════════════════════════════════════════
2006
+ ENGINEERING REVIEW ESCALATED: [Feature Name]
2007
+ ════════════════════════════════════════════════════════════════
2008
+
2009
+ Cycles: 5 of 5 max (exhausted)
2010
+ Findings: [N] found, [N] resolved, [N] Red/Yellow remaining
2011
+
2012
+ Remaining issues:
2013
+ ✗ [Finding] — [severity]: [brief reason]
2014
+
2015
+ Report: {FEATURE_DIR}/engineering-review-report.md
2016
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
2017
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
2018
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
2019
+
2020
+ This feature requires human review of remaining findings
2021
+ before merging.
2022
+
2023
+ ════════════════════════════════════════════════════════════════
2024
+ ```
2025
+
2026
+ ---
2027
+
2028
+ # End of Phase C
2029
+
2030
+ ---
2031
+
2032
+ ## Step 11: Attribution Logging
2033
+
2034
+ Log every finding to `.specify/logs/validation-findings.jsonl`.
2035
+ For EnterpriseAI runs, also mirror the same finding lifecycle to
2036
+ `{FEATURE_DIR}/audit-history.md` so executive, architecture, CISO, data, CIO,
2037
+ delivery, finance, operations, and risk/compliance stakeholders can see stable
2038
+ finding IDs, recurrence, disposition, owner, expiry, and review cadence.
2039
+
2040
+ ### Finding Format
2041
+
2042
+ For each finding from all agents and automated checks, append a JSON line:
2043
+
2044
+ ```json
2045
+ {
2046
+ "finding_id": "F[NNN]",
2047
+ "timestamp": "[ISO timestamp]",
2048
+ "feature": "[feature-name]",
2049
+ "category": "[rubric_category_snake_case]",
2050
+ "severity": "[red|yellow|gray]",
2051
+ "description": "[finding description]",
2052
+ "file": "[file path]",
2053
+ "line": [line number or null],
2054
+ "agent": "[agent name or 'automated']",
2055
+ "resolution": null,
2056
+ "iteration": [N]
2057
+ }
2058
+ ```
2059
+
2060
+ ### Categories for `category` field
2061
+
2062
+ - `functional_correctness`
2063
+ - `test_authenticity`
2064
+ - `ui_e2e_verification`
2065
+ - `security_posture`
2066
+ - `integration_reality`
2067
+ - `error_path_coverage`
2068
+ - `architecture_compliance`
2069
+ - `performance_baseline`
2070
+ - `code_hygiene`
2071
+ - `specification_traceability`
2072
+ - `blast_radius_containment` — **NEW** (Cat 11, Phase B)
2073
+ - Sub-dimensions for the `dimension` sub-field: `change_graph`,
2074
+ `interface_contract`, `observability`, `dependency_submodule`,
2075
+ `rollback_release`
2076
+ - `engineering_review` — Phase C findings (agent-specific sub-dimensions:
2077
+ `spec_alignment`, `code_verification`, `correctness_reverify`)
2078
+
2079
+ ### EnterpriseAI Persistent Audit Requirements
2080
+
2081
+ `audit-history.md` MUST include:
2082
+
2083
+ | Field | Requirement |
2084
+ | ----- | ----------- |
2085
+ | Finding ID | Stable across validation cycles; never renumber existing findings |
2086
+ | Source | Rubric category, agent, automated check, or stakeholder gate |
2087
+ | Status | Open, fixed, accepted, or escalated |
2088
+ | Recurrence | Count and prior cycle references for repeated findings |
2089
+ | Owner | Named accountable role or team |
2090
+ | Expiry | Required for accepted exceptions |
2091
+ | Evidence | Links to validation report, tests, contract pack, or code references |
2092
+
2093
+ Recurring red findings must escalate to the relevant decision owner and block
2094
+ launch unless explicitly accepted with owner, expiry, and review cadence.
2095
+
2096
+ For application delivery, validation MUST also check
2097
+ `{FEATURE_DIR}/journeys/base-journey.md` against the delivered implementation:
2098
+
2099
+ - The app process has four user-facing steps or fewer, or an approved exception
2100
+ explains why extra steps could not be combined, automated, or handled by
2101
+ generative AI assistance.
2102
+ - Each journey step preserves its business goal, AI assistance mode, data/context
2103
+ used, completion signal, human controls, evidence/confidence display, audit
2104
+ trail, and fallback/escalation path.
2105
+ - `{FEATURE_DIR}/ui-review-log.md` contains at least one pre-presentation
2106
+ self-review entry for each preview round that was shown to the stakeholder,
2107
+ with screenshot, local render proof, Playwright-style evidence, or an
2108
+ explicit reasoned exception.
2109
+ - `{FEATURE_DIR}/ui-approval.md` records the approved preview, approved
2110
+ branding/logo decisions, any approved EAI App Template exceptions, the
2111
+ approver, and approval timestamp.
2112
+ - `{FEATURE_DIR}/service-fit-matrix.md` records each desired platform
2113
+ capability, the evidence source used to evaluate it, and whether it is
2114
+ accessible now, purchasable but unavailable now, or unavailable without new
2115
+ platform work.
2116
+ - The delivered app uses EAI Platform, including the EAI app template, as the
2117
+ primary app substrate and Azure as the preferred cloud/supporting substrate.
2118
+ Any Firebase, Supabase, Vercel primary runtime, AWS, GCP, bespoke backend,
2119
+ unmanaged database, or unrelated SaaS dependency is rejected unless it is
2120
+ recorded as an approved integration/migration/exception with rationale, owner,
2121
+ expiry, and validation evidence.
2122
+ - The approved external/internal/hybrid profile choice, package lane, coupling
2123
+ status, Storybook story IDs, theme override points, public-readiness target,
2124
+ and custom-block exceptions are present in the preview/approval/service-fit
2125
+ artifacts and match the delivered implementation.
2126
+ - Validation confirms that app-delivery runs used EAI App Template blocks by
2127
+ default and that any create-new UI concept was explicitly approved rather
2128
+ than silently introduced.
2129
+ - Validation confirms that block-porting tasks produced the expected package
2130
+ surface and that public or hybrid lanes do not directly depend on source platform
2131
+ internals unless an approved restricted-source exception is recorded.
2132
+ - Chatbot, voice, accessibility, translation, contextual prefill, validation,
2133
+ and step-goal assistance claims are covered by acceptance tests where they are
2134
+ in scope.
2135
+
2136
+ For explicit non-app work, validation MUST treat `ui-preview-brief.md`,
2137
+ `ui-review-log.md`, `ui-approval.md`, and `service-fit-matrix.md` as
2138
+ **not applicable** rather than as missing blocking artifacts.
2139
+
2140
+ ### Log Summary Entry
2141
+
2142
+ After all findings, append a summary entry:
2143
+
2144
+ ```json
2145
+ {
2146
+ "finding_id": "SUMMARY",
2147
+ "timestamp": "[ISO timestamp]",
2148
+ "feature": "[feature-name]",
2149
+ "category": "summary",
2150
+ "severity": "info",
2151
+ "description": "Validation score: [N]/110. Categories failed: [list or 'none']",
2152
+ "file": null,
2153
+ "line": null,
2154
+ "agent": "rubric",
2155
+ "resolution": "[PASS|FAIL|ESCALATED]",
2156
+ "iteration": [N]
2157
+ }
2158
+ ```
2159
+
2160
+ ### Historical Reference
2161
+
2162
+ Before logging, read existing entries in `validation-findings.jsonl` for the
2163
+ same feature. If the same finding (same file, same line, same category) appears
2164
+ in a previous iteration, note it as a **repeat finding** in the description:
2165
+
2166
+ ```
2167
+ "description": "[REPEAT from iteration 1] expect(true).toBe(true) still present"
2168
+ ```
2169
+
2170
+ This enables tracking of findings that persist across remediation attempts.
2171
+
2172
+ ---
2173
+
2174
+ ## Step 12: Memory Update Check
2175
+
2176
+ After validation, assess whether learnings should be persisted.
2177
+
2178
+ ### 12.1 Memory Update Decision Matrix
2179
+
2180
+ | Learning Type | Update Location | When to Update |
2181
+ | ---------------------------- | ---------------------------- | ----------------------------------------- |
2182
+ | **Project-wide patterns** | `CLAUDE.md` | New conventions affecting all future work |
2183
+ | **Architectural decisions** | `.specify/memory/decisions/` | Significant design choices with rationale |
2184
+ | **Feature-specific context** | `{FEATURE_DIR}/research.md` | Discoveries relevant only to this feature |
2185
+ | **Reusable code patterns** | `CLAUDE.md` or constitution | Patterns other features should follow |
2186
+ | **Bug workarounds** | `.specify/memory/decisions/` | Issues that may recur |
2187
+
2188
+ ### 12.2 CLAUDE.md Update Criteria
2189
+
2190
+ **DO update CLAUDE.md when**:
2191
+
2192
+ - Discovered a new coding convention used across the codebase
2193
+ - Identified a critical dependency or integration pattern
2194
+ - Found a gotcha that affects multiple features
2195
+ - Established a new testing or build pattern
2196
+
2197
+ **DO NOT update CLAUDE.md when**:
2198
+
2199
+ - Learning is specific to one feature
2200
+ - Information will become stale quickly
2201
+ - Pattern is already documented elsewhere
2202
+ - Change is experimental/temporary
2203
+
2204
+ ### 12.3 Memory Update Checklist
2205
+
2206
+ Before completing validation, verify:
2207
+
2208
+ - [ ] Any project-wide patterns discovered -> added to CLAUDE.md?
2209
+ - [ ] Any significant decisions made -> recorded in decisions/?
2210
+ - [ ] Any gotchas or workarounds -> documented for future reference?
2211
+ - [ ] Feature-specific learnings -> captured in research.md?
2212
+
2213
+ ---
2214
+
2215
+ ## Observability Logging
2216
+
2217
+ At stage completion, log metrics:
2218
+
2219
+ ```bash
2220
+ .specify/scripts/bash/log-stage.sh 6_validate --complete --tokens [N] --compactions [N]
2221
+ ```
2222
+
2223
+ This also logs quality metrics (rubric scores, finding counts) to:
2224
+ `.specify/logs/quality-metrics.jsonl`
2225
+
2226
+ ---
2227
+
2228
+ ## Key Rules
2229
+
2230
+ ### Phase A (Rubric)
2231
+
2232
+ - **110/110 is the only passing score** — there is no "close enough"
2233
+ - **Agents run in parallel** — spawn all 6 (or 7 with red team) at once, do not
2234
+ serialize
2235
+ - **Red findings block** — any Red finding in any agent zeroes that category
2236
+ - **Mutation testing is optional** — gracefully degrade when Stryker absent
2237
+ - **Mock ratio excludes justified mocks** — mark with `// mock-justified:`
2238
+ comment
2239
+ - **Maximum 3 remediation iterations** — then escalate to human
2240
+
2241
+ ### Phase B (Blast Radius)
2242
+
2243
+ - **5 blast-radius agents run in parallel** — do not serialize across dimensions
2244
+ - **The change manifest is ground truth** — build it once in Step 2.5, pass the
2245
+ same manifest to every Phase B agent
2246
+ - **Breaking change + no CHANGELOG entry = Red** — always. Release-checklist
2247
+ compliance is mandatory for user-visible changes.
2248
+ - **New High/Critical CVE = Red** — block before merge; Moderate is Yellow; Low
2249
+ is Gray
2250
+ - **Cross-submodule ripple requires explicit plan.md approval** — otherwise Red
2251
+ - **Blast-radius verdict CONTAINED gives Cat 11 = 10**; BREACHED gives Cat 11 =
2252
+ 0 — this is the only way Cat 11 scores
2253
+ - **Phase B writes `blast-radius-report.md`** alongside `validation-report.md`
2254
+ - **Phase B Yellows seed Phase C** — Phase C must address them
2255
+
2256
+ ### Phase C (Engineering Review Loop)
2257
+
2258
+ - **3 review agents per cycle** — spawn all in parallel, do not serialize
2259
+ - **5 cycles maximum** — hard cap to prevent infinite loops
2260
+ - **Fix Red before Yellow** — priority ordering matters
2261
+ - **Re-verify after fixes** — always re-run build/test/lint after changes
2262
+ - **Gray findings are logged, not auto-fixed** — they go in the report
2263
+ - **Phase C only runs if the rubric passes** — a failing rubric triggers
2264
+ brownfield restart instead
2265
+ - **This stage is the pipeline terminal** — "PIPELINE COMPLETE" only appears at
2266
+ the end of Phase C
2267
+ - **Engineering review is inline** — there is no separate follow-up stage after
2268
+ validation
2269
+
2270
+ ### Across All Phases
2271
+
2272
+ - **Attribution logging is mandatory** — every finding (A, B, C) gets logged to
2273
+ JSONL with its phase and sub-dimension
2274
+ - **Be specific** — cite file paths and line numbers for all findings
2275
+ - **Score the rubric honestly** — the goal is to catch real problems, not to
2276
+ pass
2277
+ - Log stage completion for observability tracking