eai-cli 0.0.0-bootstrap.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (690) hide show
  1. package/LICENSE +183 -0
  2. package/NOTICE +4 -0
  3. package/README.md +14 -0
  4. package/dist/commands/agent.d.ts +3 -0
  5. package/dist/commands/agent.d.ts.map +1 -0
  6. package/dist/commands/agent.js +69 -0
  7. package/dist/commands/agent.js.map +1 -0
  8. package/dist/commands/blocks.d.ts +3 -0
  9. package/dist/commands/blocks.d.ts.map +1 -0
  10. package/dist/commands/blocks.js +249 -0
  11. package/dist/commands/blocks.js.map +1 -0
  12. package/dist/commands/chat.d.ts +6 -0
  13. package/dist/commands/chat.d.ts.map +1 -0
  14. package/dist/commands/chat.js +105 -0
  15. package/dist/commands/chat.js.map +1 -0
  16. package/dist/commands/deploy.d.ts +36 -0
  17. package/dist/commands/deploy.d.ts.map +1 -0
  18. package/dist/commands/deploy.js +712 -0
  19. package/dist/commands/deploy.js.map +1 -0
  20. package/dist/commands/dev.d.ts +15 -0
  21. package/dist/commands/dev.d.ts.map +1 -0
  22. package/dist/commands/dev.js +133 -0
  23. package/dist/commands/dev.js.map +1 -0
  24. package/dist/commands/docs.d.ts +6 -0
  25. package/dist/commands/docs.d.ts.map +1 -0
  26. package/dist/commands/docs.js +118 -0
  27. package/dist/commands/docs.js.map +1 -0
  28. package/dist/commands/env.d.ts +10 -0
  29. package/dist/commands/env.d.ts.map +1 -0
  30. package/dist/commands/env.js +200 -0
  31. package/dist/commands/env.js.map +1 -0
  32. package/dist/commands/errors.d.ts +3 -0
  33. package/dist/commands/errors.d.ts.map +1 -0
  34. package/dist/commands/errors.js +72 -0
  35. package/dist/commands/errors.js.map +1 -0
  36. package/dist/commands/gofer.d.ts +3 -0
  37. package/dist/commands/gofer.d.ts.map +1 -0
  38. package/dist/commands/gofer.js +134 -0
  39. package/dist/commands/gofer.js.map +1 -0
  40. package/dist/commands/init.d.ts +14 -0
  41. package/dist/commands/init.d.ts.map +1 -0
  42. package/dist/commands/init.js +1437 -0
  43. package/dist/commands/init.js.map +1 -0
  44. package/dist/commands/login.d.ts +7 -0
  45. package/dist/commands/login.d.ts.map +1 -0
  46. package/dist/commands/login.js +117 -0
  47. package/dist/commands/login.js.map +1 -0
  48. package/dist/commands/provision.d.ts +6 -0
  49. package/dist/commands/provision.d.ts.map +1 -0
  50. package/dist/commands/provision.js +855 -0
  51. package/dist/commands/provision.js.map +1 -0
  52. package/dist/commands/publicapi.d.ts +6 -0
  53. package/dist/commands/publicapi.d.ts.map +1 -0
  54. package/dist/commands/publicapi.js +184 -0
  55. package/dist/commands/publicapi.js.map +1 -0
  56. package/dist/commands/resources.d.ts +38 -0
  57. package/dist/commands/resources.d.ts.map +1 -0
  58. package/dist/commands/resources.js +1010 -0
  59. package/dist/commands/resources.js.map +1 -0
  60. package/dist/commands/runtime.d.ts +3 -0
  61. package/dist/commands/runtime.d.ts.map +1 -0
  62. package/dist/commands/runtime.js +78 -0
  63. package/dist/commands/runtime.js.map +1 -0
  64. package/dist/commands/template.d.ts +3 -0
  65. package/dist/commands/template.d.ts.map +1 -0
  66. package/dist/commands/template.js +365 -0
  67. package/dist/commands/template.js.map +1 -0
  68. package/dist/commands/tenant.d.ts +45 -0
  69. package/dist/commands/tenant.d.ts.map +1 -0
  70. package/dist/commands/tenant.js +1036 -0
  71. package/dist/commands/tenant.js.map +1 -0
  72. package/dist/commands/types.d.ts +130 -0
  73. package/dist/commands/types.d.ts.map +1 -0
  74. package/dist/commands/types.js +1636 -0
  75. package/dist/commands/types.js.map +1 -0
  76. package/dist/commands/update.d.ts +13 -0
  77. package/dist/commands/update.d.ts.map +1 -0
  78. package/dist/commands/update.js +163 -0
  79. package/dist/commands/update.js.map +1 -0
  80. package/dist/commands/user.d.ts +6 -0
  81. package/dist/commands/user.d.ts.map +1 -0
  82. package/dist/commands/user.js +359 -0
  83. package/dist/commands/user.js.map +1 -0
  84. package/dist/commands/verify.d.ts +40 -0
  85. package/dist/commands/verify.d.ts.map +1 -0
  86. package/dist/commands/verify.js +1442 -0
  87. package/dist/commands/verify.js.map +1 -0
  88. package/dist/commands/vertical.d.ts +24 -0
  89. package/dist/commands/vertical.d.ts.map +1 -0
  90. package/dist/commands/vertical.js +301 -0
  91. package/dist/commands/vertical.js.map +1 -0
  92. package/dist/commands/whoami.d.ts +6 -0
  93. package/dist/commands/whoami.d.ts.map +1 -0
  94. package/dist/commands/whoami.js +73 -0
  95. package/dist/commands/whoami.js.map +1 -0
  96. package/dist/commands/workflow.d.ts +6 -0
  97. package/dist/commands/workflow.d.ts.map +1 -0
  98. package/dist/commands/workflow.js +400 -0
  99. package/dist/commands/workflow.js.map +1 -0
  100. package/dist/index.d.ts +10 -0
  101. package/dist/index.d.ts.map +1 -0
  102. package/dist/index.js +272 -0
  103. package/dist/index.js.map +1 -0
  104. package/dist/lib/agent-guide.d.ts +24 -0
  105. package/dist/lib/agent-guide.d.ts.map +1 -0
  106. package/dist/lib/agent-guide.js +155 -0
  107. package/dist/lib/agent-guide.js.map +1 -0
  108. package/dist/lib/api.d.ts +338 -0
  109. package/dist/lib/api.d.ts.map +1 -0
  110. package/dist/lib/api.js +991 -0
  111. package/dist/lib/api.js.map +1 -0
  112. package/dist/lib/auth.d.ts +65 -0
  113. package/dist/lib/auth.d.ts.map +1 -0
  114. package/dist/lib/auth.js +592 -0
  115. package/dist/lib/auth.js.map +1 -0
  116. package/dist/lib/azure-cli.d.ts +6 -0
  117. package/dist/lib/azure-cli.d.ts.map +1 -0
  118. package/dist/lib/azure-cli.js +13 -0
  119. package/dist/lib/azure-cli.js.map +1 -0
  120. package/dist/lib/block-catalog-normalize.d.ts +47 -0
  121. package/dist/lib/block-catalog-normalize.d.ts.map +1 -0
  122. package/dist/lib/block-catalog-normalize.js +355 -0
  123. package/dist/lib/block-catalog-normalize.js.map +1 -0
  124. package/dist/lib/block-catalog-types.d.ts +111 -0
  125. package/dist/lib/block-catalog-types.d.ts.map +1 -0
  126. package/dist/lib/block-catalog-types.js +41 -0
  127. package/dist/lib/block-catalog-types.js.map +1 -0
  128. package/dist/lib/block-catalog-utils.d.ts +7 -0
  129. package/dist/lib/block-catalog-utils.d.ts.map +1 -0
  130. package/dist/lib/block-catalog-utils.js +47 -0
  131. package/dist/lib/block-catalog-utils.js.map +1 -0
  132. package/dist/lib/block-catalog-validation.d.ts +5 -0
  133. package/dist/lib/block-catalog-validation.d.ts.map +1 -0
  134. package/dist/lib/block-catalog-validation.js +112 -0
  135. package/dist/lib/block-catalog-validation.js.map +1 -0
  136. package/dist/lib/block-catalog.d.ts +3 -0
  137. package/dist/lib/block-catalog.d.ts.map +1 -0
  138. package/dist/lib/block-catalog.js +284 -0
  139. package/dist/lib/block-catalog.js.map +1 -0
  140. package/dist/lib/cloud-env.d.ts +25 -0
  141. package/dist/lib/cloud-env.d.ts.map +1 -0
  142. package/dist/lib/cloud-env.js +79 -0
  143. package/dist/lib/cloud-env.js.map +1 -0
  144. package/dist/lib/config.d.ts +116 -0
  145. package/dist/lib/config.d.ts.map +1 -0
  146. package/dist/lib/config.js +195 -0
  147. package/dist/lib/config.js.map +1 -0
  148. package/dist/lib/context.d.ts +43 -0
  149. package/dist/lib/context.d.ts.map +1 -0
  150. package/dist/lib/context.js +68 -0
  151. package/dist/lib/context.js.map +1 -0
  152. package/dist/lib/error-codes.d.ts +56 -0
  153. package/dist/lib/error-codes.d.ts.map +1 -0
  154. package/dist/lib/error-codes.js +211 -0
  155. package/dist/lib/error-codes.js.map +1 -0
  156. package/dist/lib/error-guidance/catalog.d.ts +648 -0
  157. package/dist/lib/error-guidance/catalog.d.ts.map +1 -0
  158. package/dist/lib/error-guidance/catalog.js +940 -0
  159. package/dist/lib/error-guidance/catalog.js.map +1 -0
  160. package/dist/lib/error-guidance/match.d.ts +3 -0
  161. package/dist/lib/error-guidance/match.d.ts.map +1 -0
  162. package/dist/lib/error-guidance/match.js +46 -0
  163. package/dist/lib/error-guidance/match.js.map +1 -0
  164. package/dist/lib/error-guidance/render.d.ts +5 -0
  165. package/dist/lib/error-guidance/render.d.ts.map +1 -0
  166. package/dist/lib/error-guidance/render.js +92 -0
  167. package/dist/lib/error-guidance/render.js.map +1 -0
  168. package/dist/lib/error-guidance/types.d.ts +76 -0
  169. package/dist/lib/error-guidance/types.d.ts.map +1 -0
  170. package/dist/lib/error-guidance/types.js +2 -0
  171. package/dist/lib/error-guidance/types.js.map +1 -0
  172. package/dist/lib/error-guidance/validate.d.ts +3 -0
  173. package/dist/lib/error-guidance/validate.d.ts.map +1 -0
  174. package/dist/lib/error-guidance/validate.js +59 -0
  175. package/dist/lib/error-guidance/validate.js.map +1 -0
  176. package/dist/lib/gofer-installer.d.ts +32 -0
  177. package/dist/lib/gofer-installer.d.ts.map +1 -0
  178. package/dist/lib/gofer-installer.js +589 -0
  179. package/dist/lib/gofer-installer.js.map +1 -0
  180. package/dist/lib/gofer-refresh.d.ts +46 -0
  181. package/dist/lib/gofer-refresh.d.ts.map +1 -0
  182. package/dist/lib/gofer-refresh.js +536 -0
  183. package/dist/lib/gofer-refresh.js.map +1 -0
  184. package/dist/lib/next-route-exports.d.ts +6 -0
  185. package/dist/lib/next-route-exports.d.ts.map +1 -0
  186. package/dist/lib/next-route-exports.js +127 -0
  187. package/dist/lib/next-route-exports.js.map +1 -0
  188. package/dist/lib/npm.d.ts +2 -0
  189. package/dist/lib/npm.d.ts.map +1 -0
  190. package/dist/lib/npm.js +4 -0
  191. package/dist/lib/npm.js.map +1 -0
  192. package/dist/lib/object-type-defaults.d.ts +4 -0
  193. package/dist/lib/object-type-defaults.d.ts.map +1 -0
  194. package/dist/lib/object-type-defaults.js +72 -0
  195. package/dist/lib/object-type-defaults.js.map +1 -0
  196. package/dist/lib/output.d.ts +35 -0
  197. package/dist/lib/output.d.ts.map +1 -0
  198. package/dist/lib/output.js +166 -0
  199. package/dist/lib/output.js.map +1 -0
  200. package/dist/lib/profile.d.ts +52 -0
  201. package/dist/lib/profile.d.ts.map +1 -0
  202. package/dist/lib/profile.js +116 -0
  203. package/dist/lib/profile.js.map +1 -0
  204. package/dist/lib/project-manifest.d.ts +42 -0
  205. package/dist/lib/project-manifest.d.ts.map +1 -0
  206. package/dist/lib/project-manifest.js +191 -0
  207. package/dist/lib/project-manifest.js.map +1 -0
  208. package/dist/lib/resourceapi-bundle.d.ts +33 -0
  209. package/dist/lib/resourceapi-bundle.d.ts.map +1 -0
  210. package/dist/lib/resourceapi-bundle.js +79 -0
  211. package/dist/lib/resourceapi-bundle.js.map +1 -0
  212. package/dist/lib/runtime-contract.d.ts +84 -0
  213. package/dist/lib/runtime-contract.d.ts.map +1 -0
  214. package/dist/lib/runtime-contract.js +318 -0
  215. package/dist/lib/runtime-contract.js.map +1 -0
  216. package/dist/lib/schema-builder.d.ts +28 -0
  217. package/dist/lib/schema-builder.d.ts.map +1 -0
  218. package/dist/lib/schema-builder.js +69 -0
  219. package/dist/lib/schema-builder.js.map +1 -0
  220. package/dist/lib/tenant-context.d.ts +127 -0
  221. package/dist/lib/tenant-context.d.ts.map +1 -0
  222. package/dist/lib/tenant-context.js +573 -0
  223. package/dist/lib/tenant-context.js.map +1 -0
  224. package/dist/lib/update-check.d.ts +52 -0
  225. package/dist/lib/update-check.d.ts.map +1 -0
  226. package/dist/lib/update-check.js +271 -0
  227. package/dist/lib/update-check.js.map +1 -0
  228. package/dist/lib/update-maintenance.d.ts +15 -0
  229. package/dist/lib/update-maintenance.d.ts.map +1 -0
  230. package/dist/lib/update-maintenance.js +187 -0
  231. package/dist/lib/update-maintenance.js.map +1 -0
  232. package/dist/lib/utils.d.ts +23 -0
  233. package/dist/lib/utils.d.ts.map +1 -0
  234. package/dist/lib/utils.js +48 -0
  235. package/dist/lib/utils.js.map +1 -0
  236. package/dist/lib/workflow-provisioning.d.ts +54 -0
  237. package/dist/lib/workflow-provisioning.d.ts.map +1 -0
  238. package/dist/lib/workflow-provisioning.js +281 -0
  239. package/dist/lib/workflow-provisioning.js.map +1 -0
  240. package/package.json +51 -0
  241. package/resources/gofer/.gofer-version +7 -0
  242. package/resources/gofer/agents-skills/0_gofer_start/SKILL.md +1287 -0
  243. package/resources/gofer/agents-skills/0a_problem_validation/SKILL.md +429 -0
  244. package/resources/gofer/agents-skills/10_gofer_cloud/SKILL.md +635 -0
  245. package/resources/gofer/agents-skills/1_gofer_research/SKILL.md +1159 -0
  246. package/resources/gofer/agents-skills/2_gofer_specify/SKILL.md +860 -0
  247. package/resources/gofer/agents-skills/3_gofer_plan/SKILL.md +886 -0
  248. package/resources/gofer/agents-skills/4_gofer_tasks/SKILL.md +748 -0
  249. package/resources/gofer/agents-skills/5_gofer_implement/SKILL.md +924 -0
  250. package/resources/gofer/agents-skills/6_gofer_validate/SKILL.md +2269 -0
  251. package/resources/gofer/agents-skills/7_gofer_save/SKILL.md +423 -0
  252. package/resources/gofer/agents-skills/7a_stakeholder_comms/SKILL.md +508 -0
  253. package/resources/gofer/agents-skills/8_gofer_branding/SKILL.md +315 -0
  254. package/resources/gofer/agents-skills/9_gofer_tests/SKILL.md +558 -0
  255. package/resources/gofer/agents-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
  256. package/resources/gofer/agents-skills/gofer_check_workspace/SKILL.md +119 -0
  257. package/resources/gofer/agents-skills/gofer_constitution/SKILL.md +612 -0
  258. package/resources/gofer/agents-skills/gofer_diagnose/SKILL.md +114 -0
  259. package/resources/gofer/agents-skills/gofer_eai_first_run/SKILL.md +397 -0
  260. package/resources/gofer/agents-skills/gofer_hydrate/SKILL.md +561 -0
  261. package/resources/gofer/agents-skills/gofer_personality/SKILL.md +44 -0
  262. package/resources/gofer/agents-skills/gofer_plan/SKILL.md +40 -0
  263. package/resources/gofer/agents-skills/gofer_side/SKILL.md +45 -0
  264. package/resources/gofer/agents-skills/gofer_spec_summary/SKILL.md +112 -0
  265. package/resources/gofer/agents-skills/gofer_tdd/SKILL.md +112 -0
  266. package/resources/gofer/agents-skills/gofer_vocabulary/SKILL.md +112 -0
  267. package/resources/gofer/agents-skills/gofer_zoom_out/SKILL.md +112 -0
  268. package/resources/gofer/bash-scripts/check-context-health.sh +365 -0
  269. package/resources/gofer/bash-scripts/check-persona-pack.sh +81 -0
  270. package/resources/gofer/bash-scripts/check-prerequisites.sh +168 -0
  271. package/resources/gofer/bash-scripts/common.sh +192 -0
  272. package/resources/gofer/bash-scripts/create-new-feature.sh +260 -0
  273. package/resources/gofer/bash-scripts/install-optional-tools.sh +270 -0
  274. package/resources/gofer/bash-scripts/log-stage.sh +224 -0
  275. package/resources/gofer/bash-scripts/mark-task-complete.sh +74 -0
  276. package/resources/gofer/bash-scripts/pipeline-state.sh +306 -0
  277. package/resources/gofer/bash-scripts/read-failed-approaches.sh +114 -0
  278. package/resources/gofer/bash-scripts/read-session-memories.sh +96 -0
  279. package/resources/gofer/bash-scripts/save-checkpoint.sh +407 -0
  280. package/resources/gofer/bash-scripts/setup-plan.sh +62 -0
  281. package/resources/gofer/bash-scripts/sync-implementation-status.sh +47 -0
  282. package/resources/gofer/bash-scripts/update-agent-context.sh +772 -0
  283. package/resources/gofer/bash-scripts/validate-artifact.sh +335 -0
  284. package/resources/gofer/bash-scripts/verify-task.sh +384 -0
  285. package/resources/gofer/bash-scripts/write-failed-approach.sh +110 -0
  286. package/resources/gofer/bash-scripts/write-periodic-checkpoint.sh +128 -0
  287. package/resources/gofer/bash-scripts/write-session-memory.sh +118 -0
  288. package/resources/gofer/claude-agents/assumption-tracker.md +168 -0
  289. package/resources/gofer/claude-agents/business-metrics-analyzer.md +169 -0
  290. package/resources/gofer/claude-agents/business-problem-validator.md +168 -0
  291. package/resources/gofer/claude-agents/codebase-analyzer.md +124 -0
  292. package/resources/gofer/claude-agents/codebase-locator.md +95 -0
  293. package/resources/gofer/claude-agents/codebase-pattern-finder.md +180 -0
  294. package/resources/gofer/claude-agents/comms-writer.md +158 -0
  295. package/resources/gofer/claude-agents/engineer-review.md +169 -0
  296. package/resources/gofer/claude-agents/implement-bug-triangulator.md +94 -0
  297. package/resources/gofer/claude-agents/implement-code-review-council.md +89 -0
  298. package/resources/gofer/claude-agents/implement-doc-writer.md +89 -0
  299. package/resources/gofer/claude-agents/implement-error-hardener.md +84 -0
  300. package/resources/gofer/claude-agents/implement-performance-explorer.md +95 -0
  301. package/resources/gofer/claude-agents/implement-test-diversifier.md +82 -0
  302. package/resources/gofer/claude-agents/implement-variant-generator.md +80 -0
  303. package/resources/gofer/claude-agents/multi-perspective-judge.md +114 -0
  304. package/resources/gofer/claude-agents/plan-api-comparator.md +90 -0
  305. package/resources/gofer/claude-agents/plan-architecture-diverger.md +100 -0
  306. package/resources/gofer/claude-agents/plan-data-model-stress-tester.md +95 -0
  307. package/resources/gofer/claude-agents/plan-migration-path-finder.md +95 -0
  308. package/resources/gofer/claude-agents/plan-refactor-rewrite-advisor.md +97 -0
  309. package/resources/gofer/claude-agents/research-dependency-evaluator.md +106 -0
  310. package/resources/gofer/claude-agents/research-horizon-scanner.md +100 -0
  311. package/resources/gofer/claude-agents/research-market-scanner.md +137 -0
  312. package/resources/gofer/claude-agents/research-perspective-multiplier.md +102 -0
  313. package/resources/gofer/claude-agents/scope-creep-detector.md +152 -0
  314. package/resources/gofer/claude-agents/specify-ambiguity-detector.md +95 -0
  315. package/resources/gofer/claude-agents/specify-journey-stress-tester.md +92 -0
  316. package/resources/gofer/claude-agents/tasks-cross-cutting-scanner.md +91 -0
  317. package/resources/gofer/claude-agents/tasks-rollback-planner.md +89 -0
  318. package/resources/gofer/claude-agents/validate-security-red-team.md +102 -0
  319. package/resources/gofer/claude-agents/validation-correctness.md +103 -0
  320. package/resources/gofer/claude-agents/validation-integration.md +129 -0
  321. package/resources/gofer/claude-agents/validation-performance.md +120 -0
  322. package/resources/gofer/claude-agents/validation-security.md +115 -0
  323. package/resources/gofer/claude-agents/validation-standards.md +151 -0
  324. package/resources/gofer/claude-agents/validation-test-quality.md +146 -0
  325. package/resources/gofer/claude-agents/visual-bounded-context-writer.md +40 -0
  326. package/resources/gofer/claude-agents/visual-c4-writer.md +45 -0
  327. package/resources/gofer/claude-agents/visual-erd-writer.md +34 -0
  328. package/resources/gofer/claude-agents/visual-heatmap-writer.md +63 -0
  329. package/resources/gofer/claude-agents/visual-risk-writer.md +64 -0
  330. package/resources/gofer/claude-commands/0_gofer_start.md +1282 -0
  331. package/resources/gofer/claude-commands/0a_problem_validation.md +424 -0
  332. package/resources/gofer/claude-commands/10_gofer_cloud.md +630 -0
  333. package/resources/gofer/claude-commands/1_gofer_research.md +1154 -0
  334. package/resources/gofer/claude-commands/2_gofer_specify.md +855 -0
  335. package/resources/gofer/claude-commands/3_gofer_plan.md +881 -0
  336. package/resources/gofer/claude-commands/4_gofer_tasks.md +743 -0
  337. package/resources/gofer/claude-commands/5_gofer_implement.md +919 -0
  338. package/resources/gofer/claude-commands/6_gofer_validate.md +2264 -0
  339. package/resources/gofer/claude-commands/7_gofer_save.md +418 -0
  340. package/resources/gofer/claude-commands/7a_stakeholder_comms.md +503 -0
  341. package/resources/gofer/claude-commands/8_gofer_branding.md +310 -0
  342. package/resources/gofer/claude-commands/9_gofer_tests.md +553 -0
  343. package/resources/gofer/claude-commands/gofer_bootstrap_workspace.md +143 -0
  344. package/resources/gofer/claude-commands/gofer_check_workspace.md +114 -0
  345. package/resources/gofer/claude-commands/gofer_constitution.md +607 -0
  346. package/resources/gofer/claude-commands/gofer_diagnose.md +109 -0
  347. package/resources/gofer/claude-commands/gofer_eai_first_run.md +392 -0
  348. package/resources/gofer/claude-commands/gofer_hydrate.md +556 -0
  349. package/resources/gofer/claude-commands/gofer_personality.md +39 -0
  350. package/resources/gofer/claude-commands/gofer_plan.md +35 -0
  351. package/resources/gofer/claude-commands/gofer_side.md +40 -0
  352. package/resources/gofer/claude-commands/gofer_spec_summary.md +107 -0
  353. package/resources/gofer/claude-commands/gofer_tdd.md +107 -0
  354. package/resources/gofer/claude-commands/gofer_vocabulary.md +107 -0
  355. package/resources/gofer/claude-commands/gofer_zoom_out.md +107 -0
  356. package/resources/gofer/claude-skills/eai-gofer/SKILL.md +56 -0
  357. package/resources/gofer/commands/.gitkeep +0 -0
  358. package/resources/gofer/commands/0_gofer_start.md +1299 -0
  359. package/resources/gofer/commands/0a_problem_validation.md +405 -0
  360. package/resources/gofer/commands/10_gofer_cloud.md +611 -0
  361. package/resources/gofer/commands/1_gofer_research.md +1135 -0
  362. package/resources/gofer/commands/2_gofer_specify.md +836 -0
  363. package/resources/gofer/commands/3_gofer_plan.md +862 -0
  364. package/resources/gofer/commands/4_gofer_tasks.md +724 -0
  365. package/resources/gofer/commands/5_gofer_implement.md +900 -0
  366. package/resources/gofer/commands/6_gofer_validate.md +2245 -0
  367. package/resources/gofer/commands/7_gofer_save.md +399 -0
  368. package/resources/gofer/commands/7a_stakeholder_comms.md +484 -0
  369. package/resources/gofer/commands/8_gofer_branding.md +291 -0
  370. package/resources/gofer/commands/9_gofer_tests.md +534 -0
  371. package/resources/gofer/commands/gofer_bootstrap_workspace.md +159 -0
  372. package/resources/gofer/commands/gofer_check_workspace.md +130 -0
  373. package/resources/gofer/commands/gofer_constitution.md +588 -0
  374. package/resources/gofer/commands/gofer_diagnose.md +89 -0
  375. package/resources/gofer/commands/gofer_eai_first_run.md +392 -0
  376. package/resources/gofer/commands/gofer_hydrate.md +537 -0
  377. package/resources/gofer/commands/gofer_personality.md +61 -0
  378. package/resources/gofer/commands/gofer_plan.md +51 -0
  379. package/resources/gofer/commands/gofer_side.md +56 -0
  380. package/resources/gofer/commands/gofer_spec_summary.md +87 -0
  381. package/resources/gofer/commands/gofer_tdd.md +87 -0
  382. package/resources/gofer/commands/gofer_vocabulary.md +87 -0
  383. package/resources/gofer/commands/gofer_zoom_out.md +87 -0
  384. package/resources/gofer/copilot-instructions/gofer-cost.instructions.md +13 -0
  385. package/resources/gofer/copilot-instructions/language-server.instructions.md +49 -0
  386. package/resources/gofer/copilot-instructions/typescript.instructions.md +47 -0
  387. package/resources/gofer/copilot-instructions/vscode-extension.instructions.md +46 -0
  388. package/resources/gofer/copilot-prompts/0_gofer_start.prompt.md +1308 -0
  389. package/resources/gofer/copilot-prompts/0a_problem_validation.prompt.md +429 -0
  390. package/resources/gofer/copilot-prompts/10_gofer_cloud.prompt.md +644 -0
  391. package/resources/gofer/copilot-prompts/1_gofer_research.prompt.md +1177 -0
  392. package/resources/gofer/copilot-prompts/2_gofer_specify.prompt.md +878 -0
  393. package/resources/gofer/copilot-prompts/3_gofer_plan.prompt.md +904 -0
  394. package/resources/gofer/copilot-prompts/4_gofer_tasks.prompt.md +766 -0
  395. package/resources/gofer/copilot-prompts/5_gofer_implement.prompt.md +942 -0
  396. package/resources/gofer/copilot-prompts/6_gofer_validate.prompt.md +2277 -0
  397. package/resources/gofer/copilot-prompts/7_gofer_save.prompt.md +433 -0
  398. package/resources/gofer/copilot-prompts/7a_stakeholder_comms.prompt.md +516 -0
  399. package/resources/gofer/copilot-prompts/8_gofer_branding.prompt.md +323 -0
  400. package/resources/gofer/copilot-prompts/9_gofer_tests.prompt.md +566 -0
  401. package/resources/gofer/copilot-prompts/gofer_bootstrap_workspace.prompt.md +161 -0
  402. package/resources/gofer/copilot-prompts/gofer_check_workspace.prompt.md +132 -0
  403. package/resources/gofer/copilot-prompts/gofer_constitution.prompt.md +621 -0
  404. package/resources/gofer/copilot-prompts/gofer_diagnose.prompt.md +127 -0
  405. package/resources/gofer/copilot-prompts/gofer_eai_first_run.prompt.md +410 -0
  406. package/resources/gofer/copilot-prompts/gofer_hydrate.prompt.md +571 -0
  407. package/resources/gofer/copilot-prompts/gofer_personality.prompt.md +57 -0
  408. package/resources/gofer/copilot-prompts/gofer_plan.prompt.md +53 -0
  409. package/resources/gofer/copilot-prompts/gofer_side.prompt.md +58 -0
  410. package/resources/gofer/copilot-prompts/gofer_spec_summary.prompt.md +125 -0
  411. package/resources/gofer/copilot-prompts/gofer_tdd.prompt.md +125 -0
  412. package/resources/gofer/copilot-prompts/gofer_vocabulary.prompt.md +125 -0
  413. package/resources/gofer/copilot-prompts/gofer_zoom_out.prompt.md +125 -0
  414. package/resources/gofer/gemini/agents/assumption-tracker.md +171 -0
  415. package/resources/gofer/gemini/agents/business-metrics-analyzer.md +172 -0
  416. package/resources/gofer/gemini/agents/business-problem-validator.md +171 -0
  417. package/resources/gofer/gemini/agents/codebase-analyzer.md +127 -0
  418. package/resources/gofer/gemini/agents/codebase-locator.md +98 -0
  419. package/resources/gofer/gemini/agents/codebase-pattern-finder.md +183 -0
  420. package/resources/gofer/gemini/agents/comms-writer.md +161 -0
  421. package/resources/gofer/gemini/agents/engineer-review.md +172 -0
  422. package/resources/gofer/gemini/agents/implement-bug-triangulator.md +97 -0
  423. package/resources/gofer/gemini/agents/implement-code-review-council.md +92 -0
  424. package/resources/gofer/gemini/agents/implement-doc-writer.md +92 -0
  425. package/resources/gofer/gemini/agents/implement-error-hardener.md +87 -0
  426. package/resources/gofer/gemini/agents/implement-performance-explorer.md +98 -0
  427. package/resources/gofer/gemini/agents/implement-test-diversifier.md +85 -0
  428. package/resources/gofer/gemini/agents/implement-variant-generator.md +83 -0
  429. package/resources/gofer/gemini/agents/multi-perspective-judge.md +117 -0
  430. package/resources/gofer/gemini/agents/plan-api-comparator.md +93 -0
  431. package/resources/gofer/gemini/agents/plan-architecture-diverger.md +103 -0
  432. package/resources/gofer/gemini/agents/plan-data-model-stress-tester.md +98 -0
  433. package/resources/gofer/gemini/agents/plan-migration-path-finder.md +98 -0
  434. package/resources/gofer/gemini/agents/plan-refactor-rewrite-advisor.md +100 -0
  435. package/resources/gofer/gemini/agents/research-dependency-evaluator.md +109 -0
  436. package/resources/gofer/gemini/agents/research-horizon-scanner.md +103 -0
  437. package/resources/gofer/gemini/agents/research-market-scanner.md +140 -0
  438. package/resources/gofer/gemini/agents/research-perspective-multiplier.md +105 -0
  439. package/resources/gofer/gemini/agents/scope-creep-detector.md +155 -0
  440. package/resources/gofer/gemini/agents/specify-ambiguity-detector.md +98 -0
  441. package/resources/gofer/gemini/agents/specify-journey-stress-tester.md +95 -0
  442. package/resources/gofer/gemini/agents/tasks-cross-cutting-scanner.md +94 -0
  443. package/resources/gofer/gemini/agents/tasks-rollback-planner.md +92 -0
  444. package/resources/gofer/gemini/agents/validate-security-red-team.md +105 -0
  445. package/resources/gofer/gemini/agents/validation-correctness.md +106 -0
  446. package/resources/gofer/gemini/agents/validation-integration.md +132 -0
  447. package/resources/gofer/gemini/agents/validation-performance.md +123 -0
  448. package/resources/gofer/gemini/agents/validation-security.md +118 -0
  449. package/resources/gofer/gemini/agents/validation-standards.md +154 -0
  450. package/resources/gofer/gemini/agents/validation-test-quality.md +149 -0
  451. package/resources/gofer/gemini/agents/visual-bounded-context-writer.md +40 -0
  452. package/resources/gofer/gemini/agents/visual-c4-writer.md +44 -0
  453. package/resources/gofer/gemini/agents/visual-erd-writer.md +36 -0
  454. package/resources/gofer/gemini/agents/visual-heatmap-writer.md +63 -0
  455. package/resources/gofer/gemini/agents/visual-risk-writer.md +64 -0
  456. package/resources/gofer/gemini/commands/gofer/.gitkeep +0 -0
  457. package/resources/gofer/gemini/commands/gofer/0_gofer_start.md +1282 -0
  458. package/resources/gofer/gemini/commands/gofer/0_gofer_start.toml +2 -0
  459. package/resources/gofer/gemini/commands/gofer/0a_problem_validation.md +424 -0
  460. package/resources/gofer/gemini/commands/gofer/0a_problem_validation.toml +2 -0
  461. package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.md +630 -0
  462. package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.toml +2 -0
  463. package/resources/gofer/gemini/commands/gofer/1_gofer_research.md +1154 -0
  464. package/resources/gofer/gemini/commands/gofer/1_gofer_research.toml +2 -0
  465. package/resources/gofer/gemini/commands/gofer/2_gofer_specify.md +855 -0
  466. package/resources/gofer/gemini/commands/gofer/2_gofer_specify.toml +2 -0
  467. package/resources/gofer/gemini/commands/gofer/3_gofer_plan.md +881 -0
  468. package/resources/gofer/gemini/commands/gofer/3_gofer_plan.toml +2 -0
  469. package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.md +743 -0
  470. package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.toml +2 -0
  471. package/resources/gofer/gemini/commands/gofer/5_gofer_implement.md +919 -0
  472. package/resources/gofer/gemini/commands/gofer/5_gofer_implement.toml +2 -0
  473. package/resources/gofer/gemini/commands/gofer/6_gofer_validate.md +2264 -0
  474. package/resources/gofer/gemini/commands/gofer/6_gofer_validate.toml +2 -0
  475. package/resources/gofer/gemini/commands/gofer/7_gofer_save.md +418 -0
  476. package/resources/gofer/gemini/commands/gofer/7_gofer_save.toml +2 -0
  477. package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.md +503 -0
  478. package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.toml +2 -0
  479. package/resources/gofer/gemini/commands/gofer/8_gofer_branding.md +310 -0
  480. package/resources/gofer/gemini/commands/gofer/8_gofer_branding.toml +2 -0
  481. package/resources/gofer/gemini/commands/gofer/9_gofer_tests.md +553 -0
  482. package/resources/gofer/gemini/commands/gofer/9_gofer_tests.toml +2 -0
  483. package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.md +143 -0
  484. package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.toml +2 -0
  485. package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.md +114 -0
  486. package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.toml +2 -0
  487. package/resources/gofer/gemini/commands/gofer/gofer_constitution.md +607 -0
  488. package/resources/gofer/gemini/commands/gofer/gofer_constitution.toml +2 -0
  489. package/resources/gofer/gemini/commands/gofer/gofer_diagnose.md +109 -0
  490. package/resources/gofer/gemini/commands/gofer/gofer_diagnose.toml +2 -0
  491. package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.md +392 -0
  492. package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.toml +2 -0
  493. package/resources/gofer/gemini/commands/gofer/gofer_hydrate.md +556 -0
  494. package/resources/gofer/gemini/commands/gofer/gofer_hydrate.toml +2 -0
  495. package/resources/gofer/gemini/commands/gofer/gofer_personality.md +39 -0
  496. package/resources/gofer/gemini/commands/gofer/gofer_personality.toml +2 -0
  497. package/resources/gofer/gemini/commands/gofer/gofer_plan.md +35 -0
  498. package/resources/gofer/gemini/commands/gofer/gofer_plan.toml +2 -0
  499. package/resources/gofer/gemini/commands/gofer/gofer_side.md +40 -0
  500. package/resources/gofer/gemini/commands/gofer/gofer_side.toml +2 -0
  501. package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.md +107 -0
  502. package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.toml +2 -0
  503. package/resources/gofer/gemini/commands/gofer/gofer_tdd.md +107 -0
  504. package/resources/gofer/gemini/commands/gofer/gofer_tdd.toml +2 -0
  505. package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.md +107 -0
  506. package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.toml +2 -0
  507. package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.md +107 -0
  508. package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.toml +2 -0
  509. package/resources/gofer/gemini/commands/gofer/manifest.json +32 -0
  510. package/resources/gofer/gemini/extension.json +16 -0
  511. package/resources/gofer/github-agents/gofer-business.agent.md +20 -0
  512. package/resources/gofer/github-agents/gofer-implement.agent.md +15 -0
  513. package/resources/gofer/github-agents/gofer-plan.agent.md +15 -0
  514. package/resources/gofer/github-agents/gofer-research.agent.md +15 -0
  515. package/resources/gofer/github-agents/gofer-validate.agent.md +10 -0
  516. package/resources/gofer/github-skills/eai-gofer/SKILL.md +56 -0
  517. package/resources/gofer/hook-scripts/agent-stop.mjs +655 -0
  518. package/resources/gofer/hook-scripts/log-stage-launch-time.mjs +77 -0
  519. package/resources/gofer/hook-scripts/post-tool-use.mjs +333 -0
  520. package/resources/gofer/hook-scripts/queued-input.mjs +188 -0
  521. package/resources/gofer/hook-scripts/session-lifecycle.mjs +93 -0
  522. package/resources/gofer/hook-scripts/user-prompt-submit.mjs +228 -0
  523. package/resources/gofer/instruction-templates/base/agents-base.md +37 -0
  524. package/resources/gofer/instruction-templates/base/claude-base.md +7 -0
  525. package/resources/gofer/instruction-templates/base/copilot-base.md +26 -0
  526. package/resources/gofer/instruction-templates/gofer/gofer-claude.md +5 -0
  527. package/resources/gofer/instruction-templates/gofer/gofer-copilot.md +9 -0
  528. package/resources/gofer/instruction-templates/languages/generic.md +7 -0
  529. package/resources/gofer/instruction-templates/languages/go.md +8 -0
  530. package/resources/gofer/instruction-templates/languages/java.md +8 -0
  531. package/resources/gofer/instruction-templates/languages/python.md +9 -0
  532. package/resources/gofer/instruction-templates/languages/rust.md +9 -0
  533. package/resources/gofer/instruction-templates/languages/typescript.md +19 -0
  534. package/resources/gofer/instruction-templates/workflow/principles.md +52 -0
  535. package/resources/gofer/memory/constitution.md +391 -0
  536. package/resources/gofer/memory/context-profiles.yaml +74 -0
  537. package/resources/gofer/memory/decisions/000-use-adr-for-decisions.md +67 -0
  538. package/resources/gofer/memory/decisions/001-di-framework.md +190 -0
  539. package/resources/gofer/memory/decisions/002-module-extraction.md +305 -0
  540. package/resources/gofer/memory/decisions/003-error-handling.md +368 -0
  541. package/resources/gofer/memory/decisions/004-cache-eviction.md +436 -0
  542. package/resources/gofer/memory/decisions/005-constants-management.md +520 -0
  543. package/resources/gofer/memory/decisions/README.md +129 -0
  544. package/resources/gofer/memory/diagrams/di-container.mmd +321 -0
  545. package/resources/gofer/memory/diagrams/extension-activation.mmd +184 -0
  546. package/resources/gofer/memory/diagrams/module-dependencies.mmd +264 -0
  547. package/resources/gofer/memory/gofer-model-policy.yaml +97 -0
  548. package/resources/gofer/memory/lessons.md +46 -0
  549. package/resources/gofer/node-scripts/canonical-descriptions.mjs +86 -0
  550. package/resources/gofer/node-scripts/check-version-alignment.mjs +131 -0
  551. package/resources/gofer/node-scripts/codex-doctor.mjs +425 -0
  552. package/resources/gofer/node-scripts/generate-commands.mjs +1366 -0
  553. package/resources/gofer/node-scripts/generate-issues.js +563 -0
  554. package/resources/gofer/node-scripts/gofer-closed-loop-audit.mjs +893 -0
  555. package/resources/gofer/node-scripts/gofer-loop-audit.mjs +541 -0
  556. package/resources/gofer/node-scripts/gofer-performance-report.mjs +306 -0
  557. package/resources/gofer/node-scripts/gofer-workspace-bootstrap.mjs +56 -0
  558. package/resources/gofer/node-scripts/gofer-workspace-check.mjs +56 -0
  559. package/resources/gofer/node-scripts/lib/ai-leverage-tagger.mjs +103 -0
  560. package/resources/gofer/node-scripts/lib/assemble-stakeholder-pack.mjs +114 -0
  561. package/resources/gofer/node-scripts/lib/marp-deck.mjs +87 -0
  562. package/resources/gofer/node-scripts/lib/mermaid-tabular-fallback.mjs +264 -0
  563. package/resources/gofer/node-scripts/lib/render-visual.mjs +54 -0
  564. package/resources/gofer/node-scripts/lib/validate-aliases.mjs +85 -0
  565. package/resources/gofer/node-scripts/lib/visual-counts.mjs +44 -0
  566. package/resources/gofer/node-scripts/lib/visual-pass-pipeline.mjs +134 -0
  567. package/resources/gofer/node-scripts/mermaid-export.mjs +72 -0
  568. package/resources/gofer/node-scripts/package-agent-plugin.mjs +940 -0
  569. package/resources/gofer/node-scripts/parse-stage-command.mjs +211 -0
  570. package/resources/gofer/node-scripts/schemas/.gitkeep +0 -0
  571. package/resources/gofer/node-scripts/schemas/stage-command.schema.json +72 -0
  572. package/resources/gofer/node-scripts/sync-extension-resources.mjs +110 -0
  573. package/resources/gofer/node-scripts/workspace-bootstrap-lib.mjs +1166 -0
  574. package/resources/gofer/powershell-scripts/install-optional-tools.ps1 +214 -0
  575. package/resources/gofer/references/platform/README.md +17 -0
  576. package/resources/gofer/references/platform/deployment-repo.md +9 -0
  577. package/resources/gofer/references/platform/eai-app-template.md +45 -0
  578. package/resources/gofer/references/platform/eai-config-driven-ui.md +156 -0
  579. package/resources/gofer/references/platform/eai-error-catalog.yaml +197 -0
  580. package/resources/gofer/references/platform/eai-repo-contract.md +134 -0
  581. package/resources/gofer/references/platform/eai-service-patterns.md +56 -0
  582. package/resources/gofer/references/platform/eai.md +85 -0
  583. package/resources/gofer/references/platform/vertical-template.md +49 -0
  584. package/resources/gofer/specify-commands/.gitkeep +0 -0
  585. package/resources/gofer/specify-commands/0_gofer_start.md +1299 -0
  586. package/resources/gofer/specify-commands/0a_problem_validation.md +405 -0
  587. package/resources/gofer/specify-commands/10_gofer_cloud.md +611 -0
  588. package/resources/gofer/specify-commands/1_gofer_research.md +1135 -0
  589. package/resources/gofer/specify-commands/2_gofer_specify.md +836 -0
  590. package/resources/gofer/specify-commands/3_gofer_plan.md +862 -0
  591. package/resources/gofer/specify-commands/4_gofer_tasks.md +724 -0
  592. package/resources/gofer/specify-commands/5_gofer_implement.md +900 -0
  593. package/resources/gofer/specify-commands/6_gofer_validate.md +2245 -0
  594. package/resources/gofer/specify-commands/7_gofer_save.md +399 -0
  595. package/resources/gofer/specify-commands/7a_stakeholder_comms.md +484 -0
  596. package/resources/gofer/specify-commands/8_gofer_branding.md +291 -0
  597. package/resources/gofer/specify-commands/9_gofer_tests.md +534 -0
  598. package/resources/gofer/specify-commands/gofer_bootstrap_workspace.md +159 -0
  599. package/resources/gofer/specify-commands/gofer_check_workspace.md +130 -0
  600. package/resources/gofer/specify-commands/gofer_constitution.md +588 -0
  601. package/resources/gofer/specify-commands/gofer_diagnose.md +89 -0
  602. package/resources/gofer/specify-commands/gofer_eai_first_run.md +392 -0
  603. package/resources/gofer/specify-commands/gofer_hydrate.md +537 -0
  604. package/resources/gofer/specify-commands/gofer_personality.md +61 -0
  605. package/resources/gofer/specify-commands/gofer_plan.md +51 -0
  606. package/resources/gofer/specify-commands/gofer_side.md +56 -0
  607. package/resources/gofer/specify-commands/gofer_spec_summary.md +87 -0
  608. package/resources/gofer/specify-commands/gofer_tdd.md +87 -0
  609. package/resources/gofer/specify-commands/gofer_vocabulary.md +87 -0
  610. package/resources/gofer/specify-commands/gofer_zoom_out.md +87 -0
  611. package/resources/gofer/system-skills/0_gofer_start/SKILL.md +1287 -0
  612. package/resources/gofer/system-skills/0a_problem_validation/SKILL.md +429 -0
  613. package/resources/gofer/system-skills/10_gofer_cloud/SKILL.md +635 -0
  614. package/resources/gofer/system-skills/1_gofer_research/SKILL.md +1159 -0
  615. package/resources/gofer/system-skills/2_gofer_specify/SKILL.md +860 -0
  616. package/resources/gofer/system-skills/3_gofer_plan/SKILL.md +886 -0
  617. package/resources/gofer/system-skills/4_gofer_tasks/SKILL.md +748 -0
  618. package/resources/gofer/system-skills/5_gofer_implement/SKILL.md +924 -0
  619. package/resources/gofer/system-skills/6_gofer_validate/SKILL.md +2269 -0
  620. package/resources/gofer/system-skills/7_gofer_save/SKILL.md +423 -0
  621. package/resources/gofer/system-skills/7a_stakeholder_comms/SKILL.md +508 -0
  622. package/resources/gofer/system-skills/8_gofer_branding/SKILL.md +315 -0
  623. package/resources/gofer/system-skills/9_gofer_tests/SKILL.md +558 -0
  624. package/resources/gofer/system-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
  625. package/resources/gofer/system-skills/gofer_check_workspace/SKILL.md +119 -0
  626. package/resources/gofer/system-skills/gofer_constitution/SKILL.md +612 -0
  627. package/resources/gofer/system-skills/gofer_diagnose/SKILL.md +114 -0
  628. package/resources/gofer/system-skills/gofer_eai_first_run/SKILL.md +397 -0
  629. package/resources/gofer/system-skills/gofer_hydrate/SKILL.md +561 -0
  630. package/resources/gofer/system-skills/gofer_personality/SKILL.md +44 -0
  631. package/resources/gofer/system-skills/gofer_plan/SKILL.md +40 -0
  632. package/resources/gofer/system-skills/gofer_side/SKILL.md +45 -0
  633. package/resources/gofer/system-skills/gofer_spec_summary/SKILL.md +112 -0
  634. package/resources/gofer/system-skills/gofer_tdd/SKILL.md +112 -0
  635. package/resources/gofer/system-skills/gofer_vocabulary/SKILL.md +112 -0
  636. package/resources/gofer/system-skills/gofer_zoom_out/SKILL.md +112 -0
  637. package/resources/gofer/templates/agent-file-template.md +28 -0
  638. package/resources/gofer/templates/assumptions-template.md +94 -0
  639. package/resources/gofer/templates/audit-history-template.md +35 -0
  640. package/resources/gofer/templates/brand/brand-profile-template.json +45 -0
  641. package/resources/gofer/templates/brand/document-style-template.md +50 -0
  642. package/resources/gofer/templates/brand/marp-theme-template.css +58 -0
  643. package/resources/gofer/templates/brownfield-analysis.md +44 -0
  644. package/resources/gofer/templates/business-metrics-template.md +120 -0
  645. package/resources/gofer/templates/business-owner-summary-template.md +83 -0
  646. package/resources/gofer/templates/checklist-template.md +40 -0
  647. package/resources/gofer/templates/ciso-security-summary-template.md +70 -0
  648. package/resources/gofer/templates/context-bundle-template.md +76 -0
  649. package/resources/gofer/templates/contract-pack-template.md +109 -0
  650. package/resources/gofer/templates/cto-architecture-summary-template.md +83 -0
  651. package/resources/gofer/templates/discovery-template.md +92 -0
  652. package/resources/gofer/templates/eai-preflight-template.md +144 -0
  653. package/resources/gofer/templates/goal-ledger-template.json +69 -0
  654. package/resources/gofer/templates/gofer-model-policy.yaml +97 -0
  655. package/resources/gofer/templates/issues-template.md +106 -0
  656. package/resources/gofer/templates/journey/base-journey.md +95 -0
  657. package/resources/gofer/templates/journey/industry-variants.yaml +277 -0
  658. package/resources/gofer/templates/loop-contract-template.json +68 -0
  659. package/resources/gofer/templates/plan-template.md +215 -0
  660. package/resources/gofer/templates/problem-brief-template.md +85 -0
  661. package/resources/gofer/templates/proposal-review-template.md +79 -0
  662. package/resources/gofer/templates/research-template.md +222 -0
  663. package/resources/gofer/templates/reuse-scan-template.md +43 -0
  664. package/resources/gofer/templates/sequence-diagrams/option-spectrum.yaml +178 -0
  665. package/resources/gofer/templates/service-fit-matrix-template.md +29 -0
  666. package/resources/gofer/templates/session-handoff-template.md +172 -0
  667. package/resources/gofer/templates/spec-summary-template.md +118 -0
  668. package/resources/gofer/templates/spec-template.md +196 -0
  669. package/resources/gofer/templates/stakeholder-comms-template.md +330 -0
  670. package/resources/gofer/templates/stakeholder-review-index-template.md +54 -0
  671. package/resources/gofer/templates/tasks-template.md +323 -0
  672. package/resources/gofer/templates/ui-approval-template.md +32 -0
  673. package/resources/gofer/templates/ui-preview-brief-template.md +65 -0
  674. package/resources/gofer/templates/ui-review-log-template.md +11 -0
  675. package/resources/gofer/templates/visuals/.gitkeep +0 -0
  676. package/resources/gofer/templates/visuals/bounded-context-map.md +19 -0
  677. package/resources/gofer/templates/visuals/bounded-context-template.md +47 -0
  678. package/resources/gofer/templates/visuals/c4-container-template.md +38 -0
  679. package/resources/gofer/templates/visuals/c4-container.md +20 -0
  680. package/resources/gofer/templates/visuals/c4-context-template.md +46 -0
  681. package/resources/gofer/templates/visuals/capability-heatmap-template.md +54 -0
  682. package/resources/gofer/templates/visuals/data-model-erd-template.md +41 -0
  683. package/resources/gofer/templates/visuals/erd.md +19 -0
  684. package/resources/gofer/templates/visuals/impact-canvas.md +40 -0
  685. package/resources/gofer/templates/visuals/risk-heatmap-template.md +51 -0
  686. package/resources/gofer/templates/visuals/roi-projection.md +17 -0
  687. package/resources/gofer/templates/visuals/value-stream-asis.md +16 -0
  688. package/resources/gofer/templates/visuals/value-stream-tobe.md +18 -0
  689. package/resources/gofer/templates/working-backwards-prfaq-template.md +165 -0
  690. package/resources/linked-sources.json +25 -0
@@ -0,0 +1,2264 @@
1
+ ## Workspace Preflight
2
+
3
+ Before doing stage/helper work:
4
+
5
+ 1. Resolve the repository root.
6
+ 2. Check the core Gofer sentinels:
7
+ - `.specify/.gofer-version`
8
+ - `.specify/commands/0_gofer_start.md`
9
+ - `.specify/templates/spec-template.md`
10
+ - `.specify/templates/loop-contract-template.json`
11
+ - `.specify/templates/working-backwards-prfaq-template.md`
12
+ - `.specify/templates/business-owner-summary-template.md`
13
+ - `.specify/templates/cto-architecture-summary-template.md`
14
+ - `.specify/templates/ciso-security-summary-template.md`
15
+ - `.specify/templates/stakeholder-review-index-template.md`
16
+ - `.specify/scripts/bash/create-new-feature.sh`
17
+ - `.specify/scripts/node/parse-stage-command.mjs`
18
+ - `.specify/scripts/node/gofer-loop-audit.mjs`
19
+ - `.specify/scripts/hooks/post-tool-use.mjs`
20
+ - `.specify/scripts/powershell/install-optional-tools.ps1`
21
+ - `.specify/templates/gofer-model-policy.yaml`
22
+ - `.specify/memory/gofer-model-policy.yaml`
23
+ - `.specify/specs/`
24
+ - `.specify/memory/`
25
+ 3. Check host-specific repo-owned files when relevant:
26
+ - Claude: `AGENTS.md`, `CLAUDE.md`, `.claude/settings.json`
27
+ - Codex: `AGENTS.md`
28
+ - Copilot: `.github/copilot-instructions.md`
29
+ - VS Code extension mirrors Claude/Copilot/Gemini resources itself and should still keep the core scaffold healthy
30
+ 4. If the repo already has the workspace checker script, prefer running:
31
+ - `node .specify/scripts/node/gofer-workspace-check.mjs --host gemini --json`
32
+ 5. If the workspace is missing or stale, ask exactly:
33
+ - **"This repo is missing or stale for Gofer. Initialize/update it now?"**
34
+ 6. If the user says yes, run the Gofer workspace bootstrap helper and then resume this command from the top.
35
+ 7. If the user says no, stop and explain that Gofer stage/helper work depends on the repo-owned scaffold.
36
+
37
+ ---
38
+ description:
39
+ Unified validation, blast-radius analysis, and engineering review (3 phases,
40
+ 110-point rubric)
41
+ ---
42
+
43
+ # Gofer Validate
44
+
45
+ ## EAI Platform Session Preflight
46
+
47
+ Before any Gofer stage/helper command does pipeline work:
48
+
49
+ 1. Treat durable delivery as EAI Platform delivery by default, with Azure second
50
+ and every other stack only by explicit exception.
51
+ 2. Run `eai whoami` and confirm the EAI CLI is installed, the user is logged in,
52
+ and an active tenant is visible.
53
+ 3. If `eai` is missing, `eai whoami` fails, the token is expired, or no active
54
+ tenant is available, stop and run `/gofer:eai-first-run` or ask the user to
55
+ approve login/setup before continuing.
56
+ 4. For EAI app delivery, do not continue into research, specification, planning,
57
+ tasks, implementation, or validation until
58
+ `.specify/specs/{feature}/eai-preflight.md` records login, tenant, template,
59
+ app-readiness, and next-action evidence.
60
+ 5. Do not write tokens, secrets, private tenant IDs, or local `.env` values into
61
+ Gofer artifacts; record only product-safe readiness status and evidence.
62
+
63
+ ## Token And Cost Policy
64
+ <!-- gofer:token-cost-policy:start -->
65
+
66
+ Before spawning agents, calling tools, or loading large files:
67
+
68
+ 1. Treat `.specify/memory/gofer-model-policy.yaml` as the repo-owned source of truth for simple, medium, hard, and arbiter model routing. If it is missing, run `/gofer:bootstrap-workspace` before continuing.
69
+ 2. Use the cheapest capable model first.
70
+ - Claude: Haiku for scouting/extraction; Sonnet for normal implementation, synthesis, validation, and security; Opus for high-risk arbitration or release-critical failures.
71
+ - Codex/OpenAI: GPT mini for simple coding; GPT nano only for locate/classify/summarize/mechanical work; GPT-5.3-Codex or flagship GPT for tool-heavy coding, architecture, and release-critical validation.
72
+ - Gemini: Flash-Lite for cheap large-context scan/summarize; Flash for default research synthesis; Pro for large-context architecture or high-risk arbitration.
73
+ - Copilot: prefer Auto for simple and default work; ask the user before choosing a paid/high-tier picker model for hard security, architecture, or release gates.
74
+ 3. Keep raw tool output out of the main conversation context. Save stable findings to `.specify/specs/{feature}/context-bundle.md`, then work from summaries.
75
+ 4. Use provider prompt/context caching only for stable, non-secret prefixes: Gofer scaffold, AGENTS/CLAUDE/Copilot instructions, constitution, repo map, stage contracts, and validation rubric.
76
+ 5. Before continuing after large research, planning, implementation, or validation bursts, checkpoint the durable artifacts and compact/clear/resume context when the host supports it.
77
+ 6. Escalate model tier only when a cheaper pass is low-confidence, contradictory, security-sensitive, or blocking release quality.
78
+ <!-- gofer:token-cost-policy:end -->
79
+
80
+ ## User Input
81
+
82
+ ```text
83
+ $ARGUMENTS
84
+ ```
85
+
86
+ You **MUST** consider the user input before proceeding (if not empty).
87
+
88
+ ## Execution Profile And Validation Cost
89
+
90
+ Validation must respect the final risk label:
91
+
92
+ - **fast**: for `docs-only` or very small low-risk changes, run focused checks
93
+ and verify no unnecessary artifact churn or unrelated files were changed.
94
+ - **standard**: run the normal rubric, focused build/test/lint/typecheck
95
+ evidence, and traceability checks.
96
+ - **full**: preserve the existing blast-radius, evidence gates, review loop,
97
+ scoring, and release-readiness checks; require evidence for contract,
98
+ security, data, infra/config, rollback, and cross-repository claims.
99
+ - **dynamic**: preserve the full validation behavior, then also verify
100
+ `execution-profile.md`, `workflow-dag.md`, shard outputs, reducer synthesis,
101
+ verifier/refuter evidence, budget/stop-condition evidence, and any explicit
102
+ user confirmation required before broad fanout work.
103
+
104
+ Archived specs under `.specify/specs/_*/` are historical context and must not
105
+ inflate active context-health estimates or current blast-radius manifests.
106
+
107
+ ## Prerequisites
108
+
109
+ This command expects in `.specify/specs/{feature}/`:
110
+
111
+ - `research.md` - Codebase analysis (from /1_gofer_research)
112
+ - `spec.md` - Feature specification (from /2_gofer_specify)
113
+ - `plan.md` - Implementation plan (from /3_gofer_plan)
114
+ - `tasks.md` - Task breakdown (from /4_gofer_tasks)
115
+ - `goal-ledger.json` - Goal, metric, delivery-state, and re-loop contract
116
+ - `loop-contract.json` - Bounded eval commands and stop rules
117
+ - `loop-ledger.jsonl` - Implementation and validation loop evidence
118
+ - `traceability.md` - Requirement -> task -> code -> test matrix
119
+ - Implemented code (from /5_gofer_implement)
120
+
121
+ ---
122
+
123
+ ## Spec Artifact Guard
124
+
125
+ Before validation, `.specify/scripts/bash/check-prerequisites.sh --json
126
+ --require-tasks` must confirm that `{FEATURE_DIR}/spec.md` exists, is
127
+ non-empty, and is not the unfilled spec template. If the helper reports
128
+ `spec.md` as missing, empty, or `template`, stop and run `/2_gofer_specify`.
129
+ Validation cannot score functional correctness, traceability, or objective
130
+ outcomes without a real specification.
131
+
132
+ ## Outline
133
+
134
+ 1. Context health check
135
+ 2. Load implementation context
136
+ 3. Closed-loop objective audit
137
+ 4. **Phase A** — Spawn 6 specialist rubric validation agents in parallel
138
+ 4. Evidence gate pre-check and pending-gate tracking
139
+ 5. **Phase B** — Spawn 5 blast-radius analysis agents in parallel
140
+ 7. Blast-radius synthesis (change graph, interface diff, observability,
141
+ dependency/submodule impact, rollback readiness, release checklist)
142
+ 8. Run automated checks (build, test, lint, typecheck)
143
+ 9. Mutation testing gate
144
+ 10. Mock ratio analysis
145
+ 11. Semantic slop detection
146
+ 12. Score the 11-category rubric (110 points)
147
+ 13. Generate enhanced validation report + blast-radius report
148
+ 14. Determine rubric PASS/FAIL outcome
149
+ 15. Brownfield restart on failure
150
+ 16. **Phase C** — Engineering review loop (3 agents × up to 5 cycles with
151
+ auto-fix)
152
+ 17. Generate engineering review report
153
+ 18. Attribution logging to JSONL
154
+ 19. Memory update check
155
+
156
+ ---
157
+
158
+ ## Execution Strategy by Platform
159
+
160
+ | Platform | Validation Execution Strategy |
161
+ | -------------------------------------- | --------------------------------------------------------------------------------------------- |
162
+ | Claude Code CLI | Run all validation agents in parallel using the Task tool |
163
+ | GitHub Copilot Chat (2026+) | Use multi-agent delegation to run validation in parallel |
164
+ | GitHub Copilot Chat (2025 and earlier) | Run validation checks sequentially using the **Legacy Workflow** in `docs/legacy-workflow.md` |
165
+
166
+ For pre-2026 Copilot environments, execute the validation phases
167
+ **sequentially** instead of parallel spawning.
168
+
169
+ ---
170
+
171
+ ## The Engineering Quality Rubric
172
+
173
+ ### 11-Category Scoring (110 Points)
174
+
175
+ | # | Category | Points | Pass Criteria | Agent |
176
+ | --- | ---------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
177
+ | 1 | Functional Correctness | 15 | Every acceptance criterion in spec.md has a passing test exercising real code | validation-correctness |
178
+ | 2 | Test Authenticity | 15 | Zero skips, zero placeholders, zero mock-only assertions. Mutation score >= 60% if Stryker available | validation-test-quality |
179
+ | 3 | UI/E2E Verification | 10 | If feature has UI: real rendering tests pass. If no UI: points redistribute | N/A (automated check) |
180
+ | 4 | Security Posture | 10 | Zero hardcoded secrets, no disabled security features, no client-side keys | validation-security |
181
+ | 5 | Integration Reality | 10 | Integration tests use real dependencies where possible. Contract tests validate boundaries | validation-integration |
182
+ | 6 | Error Path Coverage | 10 | Public functions tested for failure modes. No empty catch blocks | validation-correctness + validation-standards |
183
+ | 7 | Architecture Compliance | 10 | File structure, patterns, visual explanations, and human-facing document summaries match plan.md and research.md. Required visuals are simple, rendered or fallback-safe, and traceable to requirements, code, and EAI Platform decisions | validation-standards |
184
+ | 8 | Performance Baseline | 5 | No synchronous I/O in async paths, no unbounded loops, no N+1 patterns | validation-performance |
185
+ | 9 | Code Hygiene | 10 | Zero AI slop: no TODO placeholders, no redundant comments, no magic numbers | validation-standards |
186
+ | 10 | Specification Traceability | 5 | Every user story maps to tests, every test maps to code | validation-correctness |
187
+ | 11 | **Blast Radius Containment** | 10 | No unmitigated breaking API changes, full-surface consumer/import audit, new error paths log, no new High/Critical CVEs, rollback/feature-flag path exists, release checklist complete | codebase-analyzer + validation-integration + validation-standards + research-dependency-evaluator + tasks-rollback-planner |
188
+
189
+ ### Point Redistribution (No-UI Features)
190
+
191
+ When a feature has **no UI component** (no web pages, no frontend, no visual
192
+ interface), the 10 points from UI/E2E Verification are redistributed:
193
+
194
+ - **+5 to Functional Correctness** (total: 20 points)
195
+ - **+5 to Test Authenticity** (total: 20 points)
196
+
197
+ Total remains **110/110** across all 11 categories.
198
+
199
+ **Detection**: Check plan.md tech stack. If no UI framework (React, Vue,
200
+ Angular, Svelte) and no Playwright/Cypress tests exist, this is a no-UI feature.
201
+
202
+ ### Scoring Rules
203
+
204
+ - Each category scores **full points** or **0**. There is no partial credit.
205
+ - A category scores 0 if its agent reports any **Red (blocking)** finding.
206
+ - A category scores 0 if its automated check fails.
207
+ - **Total score** = sum of all category scores (max **110**, was 100).
208
+ - **PASS** = 110/110 and a passing objective outcome gate. Anything less = FAIL.
209
+ - Legacy consumers reading `status: PASS` / `score: 100` from historical reports
210
+ should migrate to the 110-point scale. The report keeps the `score` field as
211
+ the numerator and `score_max` to disambiguate.
212
+
213
+ **Honest-scoring rule (FR-012)**: If an agent reports `EVIDENCE ABSENT:`, the
214
+ orchestrating stage MUST score that category 0 regardless of other findings.
215
+ Phrases like `likely correct`, `appears wired`, or `should be passing` are NOT
216
+ evidence and MUST NOT contribute to any score. Any rubric category where
217
+ evidence is absent, unverifiable, fabricated, or implied scores exactly 0 — no
218
+ partial credit.
219
+
220
+ ---
221
+
222
+ ## Step 0: Context Health Check
223
+
224
+ Before starting validation, assess context window health:
225
+
226
+ ```bash
227
+ .specify/scripts/bash/check-context-health.sh
228
+ ```
229
+
230
+ - If **< 50%**: Proceed normally
231
+ - If **50-70%**: Use sub-agents heavily, minimize main context
232
+ - If **> 70%**: Run `/7_gofer_save`, start a fresh session, read the
233
+ checkpoint, and continue validation
234
+
235
+ Validation loads all artifacts and spawns 6 agents — context pressure is high.
236
+
237
+ ---
238
+
239
+ ## Step 1: Load Context
240
+
241
+ 1. **Run setup script**:
242
+
243
+ ```bash
244
+ .specify/scripts/bash/check-prerequisites.sh --json --require-tasks
245
+ ```
246
+
247
+ Parse JSON for FEATURE_DIR
248
+
249
+ 2. **Load all artifacts**:
250
+ - spec.md (user stories, acceptance criteria)
251
+ - plan.md (architecture, file structure, tech stack)
252
+ - tasks.md (task completion status)
253
+ - goal-ledger.json (goal IDs, metrics, delivery states, re-loop triggers)
254
+ - loop-contract.json (loop objective, eval commands, max iterations, stop conditions)
255
+ - loop-ledger.jsonl (implementation and validation loop evidence)
256
+ - traceability.md (requirement-to-code/test evidence matrix)
257
+ - research.md (codebase patterns to follow)
258
+
259
+ 3. **Detect iteration count**:
260
+ - Check if `{FEATURE_DIR}/remediation-report.md` exists
261
+ - If yes, read the iteration count from it
262
+ - Track: `ITERATION = [1|2|3]` (first run = 1)
263
+
264
+ 4. **Determine UI presence**:
265
+ - Read plan.md tech stack
266
+ - If UI framework present AND Playwright/Cypress tests exist: `HAS_UI = true`
267
+ - Otherwise: `HAS_UI = false` → apply point redistribution
268
+
269
+ **Deployment/Render Scope Detection** (FR-011):
270
+
271
+ Scan `spec.md`, `plan.md`, `contract-pack.md`, and `quickstart.md` (when
272
+ present) for the following signals:
273
+
274
+ - `DEPLOY_SIGNAL_1`: any acceptance criterion contains: `rendered`,
275
+ `live route`, `live API`, `deployed`, `production`, `staging`,
276
+ `SharePoint`, `Azure`, `smoke`, `E2E`, `browser`
277
+ - `DEPLOY_SIGNAL_2`: `plan.md`, `contract-pack.md`, or `quickstart.md`
278
+ names a deployment target: SharePoint, Azure, staging, production, Vercel,
279
+ Netlify, Docker, Kubernetes, or any server/environment referenced in the
280
+ acceptance chain
281
+ - `DEPLOY_SIGNAL_3`: `plan.md` declares a UI/rendered experience AND at least
282
+ one acceptance criterion uses: `sees`, `displays`, `shows`, `renders`,
283
+ `navigates to`
284
+
285
+ Set `DEPLOY_IN_SCOPE = true` if ANY signal is present.
286
+ Set `DEPLOY_IN_SCOPE = false` if NO signal is present.
287
+ Record the determination in the validation report preamble.
288
+
289
+ ## Step 1.5: Closed-Loop Objective And Loop Evidence Audit
290
+
291
+ Before rubric scoring, run the closed-loop audit and write a fresh rebaseline
292
+ report:
293
+
294
+ ```bash
295
+ node .specify/scripts/node/gofer-closed-loop-audit.mjs --feature-dir {FEATURE_DIR} --json --strict
296
+ ```
297
+
298
+ Also write/update `{FEATURE_DIR}/goal-rebaseline-report.md`.
299
+
300
+ Then run the bounded loop audit:
301
+
302
+ ```bash
303
+ node .specify/scripts/node/gofer-loop-audit.mjs --feature-dir {FEATURE_DIR} --stage 6_validate --json --strict
304
+ ```
305
+
306
+ This writes/updates `{FEATURE_DIR}/loop-audit-report.md`.
307
+
308
+ Validation MUST treat the closed-loop and loop audits as objective gates:
309
+
310
+ - If the audit reports missing goal coverage, missing code/test evidence,
311
+ expired assumptions, or invalid goal-ledger structure, validation FAILS.
312
+ - If the loop audit reports a missing/invalid loop contract, missing
313
+ `loop-ledger.jsonl` evidence, maxIterations breach, or required human
314
+ escalation, validation FAILS.
315
+ - If the audit recommends reopening `/2_gofer_specify`, `/3_gofer_plan`,
316
+ `/4_gofer_tasks`, or `/6_gofer_validate`, record that as a blocking drift
317
+ finding and FAIL the run. The feature is no longer in a closed state even if
318
+ the code still compiles.
319
+ - If the audit only reports low-severity warnings with no recommended reopen
320
+ stage, continue but record them in the validation report.
321
+
322
+ ---
323
+
324
+ # Phase A — Rubric Validation
325
+
326
+ Phase A runs the 10-category engineering rubric (Categories 1-10, up to 100
327
+ points before Category 11 is added).
328
+
329
+ ## Step 2: Spawn 6 Specialist Validation Agents
330
+
331
+ **CRITICAL**: You **MUST** launch all 6 agents **in parallel** using the Task
332
+ tool. Do NOT perform validation work inline in the main context. The main
333
+ context should only orchestrate, score the rubric, and review agent outputs.
334
+ Each agent receives the feature context and returns structured findings.
335
+
336
+ ### Agent 1: Correctness Validator
337
+
338
+ ```
339
+ Task: subagent_type="validation-correctness", model="sonnet"
340
+ Prompt: "Validate functional correctness for feature [FEATURE_NAME].
341
+
342
+ Feature directory: {FEATURE_DIR}
343
+ Spec: {FEATURE_DIR}/spec.md
344
+ Plan: {FEATURE_DIR}/plan.md
345
+
346
+ Check every acceptance criterion in spec.md.
347
+ For each criterion, find the test that exercises it and verify it tests real code.
348
+ Return findings in your standard report format (<2000 tokens)."
349
+ ```
350
+
351
+ ### Agent 2: Security Validator
352
+
353
+ ```
354
+ Task: subagent_type="validation-security", model="sonnet"
355
+ Prompt: "Validate security posture for feature [FEATURE_NAME].
356
+
357
+ Scan all new/modified files (from tasks.md file paths).
358
+ Check for: hardcoded secrets, disabled security, auth bypass, client-side keys.
359
+ Return findings with Red/Yellow/Gray severity (<2000 tokens)."
360
+ ```
361
+
362
+ ### Agent 3: Performance Validator
363
+
364
+ ```
365
+ Task: subagent_type="validation-performance", model="haiku"
366
+ Prompt: "Validate performance characteristics for feature [FEATURE_NAME].
367
+
368
+ Scan all new/modified source files (from tasks.md file paths).
369
+ Check for: sync I/O in async paths, cyclomatic complexity > 12, unbounded loops.
370
+ Build scripts and test files are exempt.
371
+ Return findings with complexity scores (<2000 tokens)."
372
+ ```
373
+
374
+ ### Agent 4: Test Quality Validator
375
+
376
+ ```
377
+ Task: subagent_type="validation-test-quality", model="haiku"
378
+ Prompt: "Validate test quality for feature [FEATURE_NAME].
379
+
380
+ Scan test files related to the feature.
381
+ Check for: placeholder assertions, skipped tests, mock ratio, mock-only tests.
382
+ VSCode API mocks marked '// mock-justified: VSCode API' are exempt from ratio.
383
+ Return findings with mock ratio calculation (<2000 tokens)."
384
+ ```
385
+
386
+ ### Agent 5: Integration Validator
387
+
388
+ ```
389
+ Task: subagent_type="validation-integration", model="sonnet"
390
+ Prompt: "Validate integration contracts for feature [FEATURE_NAME].
391
+
392
+ Feature directory: {FEATURE_DIR}
393
+ Check contracts/ directory if it exists.
394
+ Verify cross-component boundaries, type compatibility, integration test coverage.
395
+ Return findings with contract compliance status (<2000 tokens)."
396
+ ```
397
+
398
+ ### Agent 6: Standards Validator
399
+
400
+ ```
401
+ Task: subagent_type="validation-standards", model="sonnet"
402
+ Prompt: "Validate standards compliance for feature [FEATURE_NAME].
403
+
404
+ Feature directory: {FEATURE_DIR}
405
+ Check against constitution.md (if exists) and research.md patterns.
406
+ Detect AI slop: redundant comments, over-engineered abstractions, silent failures.
407
+ Check code hygiene: TODO/FIXME, magic numbers, unused imports.
408
+ Return findings with severity tiers (<2000 tokens)."
409
+ ```
410
+
411
+ ### Agent 7: Security Red Team (Optional — Multi-Perspective)
412
+
413
+ When the feature involves security-sensitive code (authentication,
414
+ authorization, user input handling, external APIs), run the security red team
415
+ strategy (#13):
416
+
417
+ ```
418
+ # Diverge: 3 attack perspectives
419
+ Task: subagent_type="validate-security-red-team", model="opus"
420
+ Prompt: "Perspective 1: OWASP Top 10 attack analysis for feature [FEATURE_NAME].
421
+ Scan all new/modified files from tasks.md. Attack from OWASP perspective.
422
+ Return findings with exploit steps (<2000 tokens)."
423
+
424
+ Task: subagent_type="validate-security-red-team", model="opus"
425
+ Prompt: "Perspective 2: Business logic abuse analysis for feature [FEATURE_NAME].
426
+ Scan all new/modified files from tasks.md. Attack business logic.
427
+ Return findings with exploit steps (<2000 tokens)."
428
+
429
+ Task: subagent_type="validate-security-red-team", model="opus"
430
+ Prompt: "Perspective 3: CVE search for feature [FEATURE_NAME].
431
+ Check package.json dependencies for known CVEs.
432
+ Return findings with advisory references (<2000 tokens)."
433
+
434
+ # Converge: Judge synthesizes attack findings
435
+ Task: subagent_type="multi-perspective-judge", model="opus"
436
+ Prompt: "Synthesize 3 security red team perspectives for [FEATURE_NAME].
437
+ Perspective 1 (OWASP): [result]. Perspective 2 (Business Logic): [result].
438
+ Perspective 3 (CVE): [result].
439
+ Identify confirmed vulnerabilities vs false positives. Prioritize by exploitability."
440
+ ```
441
+
442
+ **Run all 6 core agents in parallel.** Run Agent 7 (if applicable) in parallel
443
+ with the core agents.
444
+
445
+ ## Step 2.2: Evidence Gate Pre-Check
446
+
447
+ Evaluate the truthfulness gates before final scoring. If a gate is still
448
+ pending here, re-check it after Step 3 automated checks complete and before the
449
+ PASS/FAIL synthesis.
450
+
451
+ ```
452
+ GATE-1 (Integration Proof — Category 5):
453
+ Require: runtime wiring artifact OR integration-test execution output
454
+ present in the current session context by final scoring time.
455
+ If absent during Step 2.2, record GATE-1 as pending and re-check it after
456
+ Step 3 automated checks complete.
457
+ Still absent after Step 3 → Category 5 score = 0; mark GATE_FAIL = true
458
+
459
+ GATE-2 (Test Execution — Categories 1 and 2):
460
+ Require: real, executed npm test output with pass/fail count already present
461
+ or produced by Step 3 automated checks before final scoring.
462
+ If absent during Step 2.2, record GATE-2 as pending and re-check it after
463
+ Step 3 automated checks complete.
464
+ Still absent after Step 3 → Categories 1 and 2 score = 0; mark GATE_FAIL = true
465
+
466
+ GATE-3 (Render/Deployment Proof — Category 3):
467
+ IF HAS_UI = false:
468
+ Record "N/A — HAS_UI=false" in evidence table.
469
+ Record a matching not-in-scope reason in `Absent / Reason for 0`.
470
+ Apply existing no-UI point redistribution.
471
+ IF HAS_UI = true AND DEPLOY_IN_SCOPE = false:
472
+ Require: local render proof (screenshot, component render assertion,
473
+ headless browser assertion, or local smoke-check output) present by final
474
+ scoring time.
475
+ If absent during Step 2.2, record GATE-3 as pending and re-check before
476
+ final PASS/FAIL synthesis.
477
+ Still absent → Category 3 score = 0; mark GATE_FAIL = true
478
+ If present, record "Render proof only — deployment target not in scope" in
479
+ the evidence table and do not redistribute Category 3 points.
480
+ IF HAS_UI = true AND DEPLOY_IN_SCOPE = true:
481
+ Require: screenshot, curl/HTTP transcript, deployment log, headless browser
482
+ assertion, or smoke-check output present by final scoring time, with at
483
+ least one artifact proving rendered/live behavior on the declared route or
484
+ deployment target.
485
+ If absent during Step 2.2, record GATE-3 as pending and re-check before
486
+ final PASS/FAIL synthesis.
487
+ Still absent → Category 3 score = 0; mark GATE_FAIL = true
488
+
489
+ If any GATE_FAIL = true:
490
+ - Any agent that would have scored the gated category is still run
491
+ - The category score remains 0 unless the missing evidence appears before
492
+ final scoring
493
+ ```
494
+
495
+ Collect all results before proceeding.
496
+
497
+ ---
498
+
499
+ # Phase B — Blast Radius Analysis
500
+
501
+ Phase B quantifies the **ripple effect** of the implementation. It assesses risk
502
+ to code outside the feature boundary, interface-contract stability,
503
+ observability preservation, dependency / submodule impact, rollback readiness,
504
+ and release-checklist compliance. Phase B results score **Category 11 (10
505
+ points)** and produce a separate `blast-radius-report.md` artifact.
506
+
507
+ Phase B runs **after** Phase A agents have returned (Step 2 complete) and
508
+ **before** automated checks in Step 3, because breaking-change detection informs
509
+ how to interpret failing tests/types.
510
+
511
+ ## Step 2.5: Pre-Flight Change Surface Discovery
512
+
513
+ Before spawning Phase B agents, build a **change manifest** the agents can
514
+ reference. This is a cheap main-context pass, not an agent task.
515
+
516
+ 1. **Modified file list** — from `tasks.md` completed tasks and git:
517
+
518
+ ```bash
519
+ git diff --name-only $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD
520
+ ```
521
+
522
+ 2. **Submodule inventory** — detect repo submodules and workspace packages:
523
+
524
+ ```bash
525
+ git submodule status 2>/dev/null
526
+ cat package.json 2>/dev/null | grep -E '"workspaces"' -A 20
527
+ ls -d */package.json 2>/dev/null | xargs -I {} dirname {}
528
+ ```
529
+
530
+ Record which submodules/workspaces contain modified files. For this repo the
531
+ canonical submodules are `extension/`, `language-server/`, `docs/`.
532
+
533
+ 3. **Public-surface detection** — identify exported symbols at risk:
534
+ - `index.ts` / `index.js` files in modified directories
535
+ - `*.d.ts` files in modified directories
536
+ - Entries in the `exports` / `main` / `types` fields of modified
537
+ `package.json` files
538
+ - Files under `contracts/` or `.specify/specs/{feature}/contracts/`
539
+
540
+ 4. **Dependency manifest diff** — capture dependency churn:
541
+
542
+ ```bash
543
+ git diff $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD -- package.json package-lock.json extension/package.json language-server/package.json 2>/dev/null
544
+ ```
545
+
546
+ 5. **Rollback-relevant assets** — flag anything that needs a reverse path:
547
+ - Files under `migrations/`, `db/migrations/`, `prisma/migrations/`
548
+ - Files named `*.sql`, `schema.*`
549
+ - Feature-flag definitions (search for `featureFlag`, `growthbook`,
550
+ `launchdarkly`, `flags.`)
551
+ - `CHANGELOG.md`, `RELEASES.md`, version fields in `package.json`
552
+
553
+ Record these into `CHANGE_MANIFEST` for the Phase B prompts.
554
+
555
+ ---
556
+
557
+ ## Step 2.6: Spawn 5 Blast-Radius Analysis Agents
558
+
559
+ Launch all 5 agents **in parallel** using the Task tool. Pass the
560
+ `CHANGE_MANIFEST` from Step 2.5 into each prompt so agents see the same ground
561
+ truth.
562
+
563
+ ### Agent 8: Change Graph / Ripple Analyzer
564
+
565
+ ```
566
+ Task: subagent_type="codebase-analyzer", model="sonnet"
567
+ Prompt: "Blast-radius change-graph analysis for feature [FEATURE_NAME].
568
+
569
+ Feature directory: {FEATURE_DIR}
570
+ Change manifest (modified files): {CHANGE_MANIFEST.modifiedFiles}
571
+ Submodules: {CHANGE_MANIFEST.submodules}
572
+
573
+ Build a change-graph table for EVERY modified symbol (function, class, type,
574
+ const) in the modified files:
575
+ 1. List every direct importer/caller (file:line references).
576
+ 2. Classify each as Direct (imports the symbol) or Transitive (imports a
577
+ re-export of it) or Runtime (dynamic require / reflection).
578
+ 3. Flag any cross-submodule ripple (symbol defined in submodule A, consumed
579
+ in submodule B) — this is Red if unplanned.
580
+ 4. Flag any consumer whose tests do NOT exercise the changed code path —
581
+ Yellow.
582
+ 5. Count orphan changes (modified code with zero importers) — Gray.
583
+
584
+ Return findings with Red/Yellow/Gray severity and a concise ripple summary
585
+ (<2500 tokens). Output sections: 'Ripple Summary', 'Cross-submodule Crossings',
586
+ 'Consumer Coverage Gaps', 'Orphans'."
587
+ ```
588
+
589
+ ### Agent 9: Interface Contract Diff
590
+
591
+ ```
592
+ Task: subagent_type="validation-integration", model="sonnet"
593
+ Prompt: "Interface contract blast-radius analysis for feature [FEATURE_NAME].
594
+
595
+ Feature directory: {FEATURE_DIR}
596
+ Public-surface manifest: {CHANGE_MANIFEST.publicSurface}
597
+ Contracts directory: {FEATURE_DIR}/contracts (if present)
598
+
599
+ For every public export, package.json exports field entry, contract file,
600
+ and .d.ts symbol that was modified, deleted, or added:
601
+ 1. Diff old signature vs new signature (parameters, return types, generics,
602
+ optional vs required, default values).
603
+ 2. Classify each change:
604
+ - BREAKING: removed export, renamed export, narrowed return type, widened
605
+ required-param set, removed optional param callers rely on.
606
+ - ADDITIVE: new export, new optional param, widened return type.
607
+ - NEUTRAL: implementation change with identical signature.
608
+ 3. Red = any BREAKING change without a corresponding entry in CHANGELOG.md
609
+ or a migration note in the spec.
610
+ 4. Yellow = BREAKING change with CHANGELOG entry but no migration guide.
611
+ 5. Gray = ADDITIVE changes for informational tracking.
612
+
613
+ Verify contract tests still cover all pre-existing contract clauses (no
614
+ silent coverage regression). Return findings (<2000 tokens) with sections:
615
+ 'Breaking Changes', 'Additive Changes', 'Contract Coverage Regression'."
616
+ ```
617
+
618
+ ### Agent 10: Error Logging & Observability Integrity
619
+
620
+ ```
621
+ Task: subagent_type="validation-standards", model="sonnet"
622
+ Prompt: "Observability blast-radius analysis for feature [FEATURE_NAME].
623
+
624
+ Feature directory: {FEATURE_DIR}
625
+ Modified files: {CHANGE_MANIFEST.modifiedFiles}
626
+
627
+ Assess whether observability was preserved, degraded, or improved:
628
+ 1. For every new/modified catch block: does it log? Use the same structured
629
+ logger used elsewhere in the repo (detect the logger by scanning for
630
+ common imports: winston, pino, bunyan, console, vscode.window.showError,
631
+ telemetry module). Red if any catch swallows silently in production code.
632
+ 2. For every removed log statement: is removal justified by a comment or
633
+ spec? Red if production-relevant logs disappeared without justification.
634
+ 3. Log-level hygiene: no `console.log` in production code (test files
635
+ exempt); no debug-level logs left at info/warn level.
636
+ 4. PII / secrets leakage in new log messages — Red if detected.
637
+ 5. Telemetry/metrics coverage: if the feature touched hot paths that
638
+ previously emitted metrics, verify emission is preserved.
639
+ 6. Correlation IDs / trace context propagation: if the repo uses them,
640
+ verify new code paths propagate them.
641
+
642
+ Return findings (<2000 tokens) with sections: 'Silent Failures', 'Removed
643
+ Logs', 'PII Risk', 'Metric Coverage Delta', 'Trace Propagation'."
644
+ ```
645
+
646
+ ### Agent 11: Dependency & Submodule Impact (with npm audit delta)
647
+
648
+ ```
649
+ Task: subagent_type="research-dependency-evaluator", model="haiku"
650
+ Prompt: "Dependency and submodule blast-radius analysis for feature
651
+ [FEATURE_NAME].
652
+
653
+ Dependency manifest diff: {CHANGE_MANIFEST.dependencyDiff}
654
+ Submodules affected: {CHANGE_MANIFEST.submodules}
655
+
656
+ 1. New dependencies: list each with source (npm / git / local), license, and
657
+ bundle-size impact (approx). Red if license is incompatible (GPL/AGPL in
658
+ a permissive-licensed repo), or if the package is unmaintained (>2 years
659
+ since last release, <1000 weekly downloads).
660
+ 2. Version bumps: classify as major / minor / patch. Red for major bumps
661
+ without migration notes.
662
+ 3. Lockfile churn: if package.json is unchanged but package-lock.json
663
+ changed materially (>20 lines), flag as Yellow (indirect dep drift).
664
+ 4. npm audit delta: run `npm audit --json 2>/dev/null` on the current branch
665
+ and compare vulnerability counts vs baseline (main). Red if the branch
666
+ adds any new High or Critical CVE. Yellow for new Moderate. Gray for new
667
+ Low.
668
+ 5. Submodule boundary crossings: if the feature modifies code in multiple
669
+ submodules (extension/, language-server/, docs/), verify each submodule
670
+ independently builds and tests. Red if a cross-submodule change breaks
671
+ any submodule's standalone build.
672
+
673
+ Return findings (<2500 tokens) with sections: 'New Dependencies', 'Version
674
+ Bumps', 'Lockfile Drift', 'CVE Delta', 'Submodule Boundary Crossings'."
675
+ ```
676
+
677
+ ### Agent 12: Rollback Readiness & Release Checklist
678
+
679
+ ```
680
+ Task: subagent_type="tasks-rollback-planner", model="haiku"
681
+ Prompt: "Rollback readiness + release-checklist review for feature
682
+ [FEATURE_NAME].
683
+
684
+ Feature directory: {FEATURE_DIR}
685
+ Rollback assets: {CHANGE_MANIFEST.rollbackAssets}
686
+
687
+ Assess reversibility and release readiness:
688
+ 1. DB migrations: is every forward migration paired with a down/reverse
689
+ migration? Red if any irreversible migration lacks explicit justification
690
+ in the spec or plan.
691
+ 2. Feature flags: if the feature is risky, is it gated behind a flag? Is the
692
+ flag default-off? Is the pre-flag code path preserved so disabling the
693
+ flag restores prior behavior? Red if a risky change is unflagged and
694
+ irreversible.
695
+ 3. Data-shape changes: detect schema changes that cannot be rolled back
696
+ without data loss (column drops, type narrowings). Red if no backfill or
697
+ dual-write strategy.
698
+ 4. Release checklist for user-visible changes:
699
+ - CHANGELOG.md updated for this feature — Red if missing and feature is
700
+ user-visible.
701
+ - Version bump planned (semver correct for breaking/additive/patch) — Red
702
+ if breaking change present without major bump plan.
703
+ - Migration guide present for breaking changes — Red if missing.
704
+ - Documentation updated (docs/ or README.md) for new user-facing
705
+ capabilities — Yellow if missing.
706
+ 5. Rollback runbook: is there a documented 'how to revert' path? Yellow if
707
+ absent for non-trivial changes.
708
+
709
+ Return findings (<2000 tokens) with sections: 'Migration Reversibility',
710
+ 'Feature Flag Coverage', 'Data-Shape Rollback Risk', 'Release Checklist',
711
+ 'Rollback Runbook'."
712
+ ```
713
+
714
+ **Run all 5 Phase B agents in parallel.** Collect results before synthesis.
715
+
716
+ ---
717
+
718
+ ## Step 2.7: Blast Radius Synthesis
719
+
720
+ Aggregate Phase B agent findings into a single blast-radius verdict.
721
+
722
+ ### Consolidated Finding Table
723
+
724
+ ```
725
+ | # | Dimension | Finding | Severity | Agent | File | Line |
726
+ |---|-----------|---------|----------|-------|------|------|
727
+ | 1 | Change graph | [desc] | Red | codebase-analyzer | [file] | [line] |
728
+ | 2 | Interface contract | [desc] | Red | validation-integration | [file] | [line] |
729
+ | 3 | Observability | [desc] | Yellow | validation-standards | [file] | [line] |
730
+ | 4 | Dependency | [desc] | Yellow | research-dependency-evaluator | [file] | [line] |
731
+ | 5 | Rollback | [desc] | Red | tasks-rollback-planner | [file] | [line] |
732
+ ```
733
+
734
+ ### Severity Rollup
735
+
736
+ ```
737
+ BLAST_RADIUS_RED = count of Red findings across all 5 agents
738
+ BLAST_RADIUS_YELLOW = count of Yellow findings
739
+ BLAST_RADIUS_GRAY = count of Gray findings
740
+ ```
741
+
742
+ ### Write `blast-radius-report.md`
743
+
744
+ Write to `{FEATURE_DIR}/blast-radius-report.md`:
745
+
746
+ ```markdown
747
+ ---
748
+ feature: [Feature Name]
749
+ generated: [ISO timestamp]
750
+ reviewer: Claude
751
+ GeneratedAt: [ISO timestamp]
752
+ SourceCommandId: /6_gofer_validate
753
+ SourceInputs: [spec.md, plan.md, tasks.md, research.md, blast-radius inputs]
754
+ OverwriteNoticeWhenApplicable: [new file or overwrite note]
755
+ dimensions_checked:
756
+ [
757
+ change_graph,
758
+ interface_contract,
759
+ observability,
760
+ dependency_submodule,
761
+ rollback_release,
762
+ ]
763
+ red_count: [N]
764
+ yellow_count: [N]
765
+ gray_count: [N]
766
+ verdict: [CONTAINED | BREACHED]
767
+ ---
768
+
769
+ # Blast Radius Report: [Feature Name]
770
+
771
+ ## Changed Surfaces
772
+
773
+ - Modified files: [N]
774
+ - Submodules touched: [list]
775
+ - Public-surface symbols affected: [N]
776
+ - New dependencies: [N]
777
+ - Version bumps: [list]
778
+ - Migration files: [list]
779
+ - Feature flags introduced/modified: [list]
780
+
781
+ ## Risk Vectors
782
+
783
+ ### 1. Change Graph / Ripple (Agent: codebase-analyzer)
784
+
785
+ - Cross-submodule crossings: [list or "none"]
786
+ - Consumer coverage gaps: [N]
787
+ - Orphan changes: [N]
788
+ - Red findings: [table]
789
+
790
+ ### 2. Interface Contracts (Agent: validation-integration)
791
+
792
+ - Breaking changes: [N] ([list])
793
+ - Additive changes: [N]
794
+ - Contract coverage regressions: [list]
795
+ - Red findings: [table]
796
+
797
+ ### 3. Error Logging & Observability (Agent: validation-standards)
798
+
799
+ - Silent failures introduced: [N]
800
+ - Logs removed without justification: [N]
801
+ - PII/secret leakage risk: [list]
802
+ - Metric/trace coverage delta: [summary]
803
+ - Red findings: [table]
804
+
805
+ ### 4. Dependencies & Submodules (Agent: research-dependency-evaluator)
806
+
807
+ - New dependencies: [table with license/size/maintenance]
808
+ - Version bumps: [list]
809
+ - Lockfile drift: [summary]
810
+ - CVE delta: Critical +[N], High +[N], Moderate +[N], Low +[N]
811
+ - Submodule boundary crossings: [list]
812
+ - Red findings: [table]
813
+
814
+ ### 5. Rollback Readiness & Release Checklist (Agent: tasks-rollback-planner)
815
+
816
+ - Migration reversibility: [OK / BREACHED]
817
+ - Feature flag coverage: [OK / BREACHED / N/A]
818
+ - Data-shape rollback risk: [OK / BREACHED]
819
+ - Release checklist:
820
+ - CHANGELOG updated: [Yes / No / N/A]
821
+ - Version bump planned: [patch / minor / major / N/A]
822
+ - Migration guide: [Yes / No / N/A]
823
+ - Docs updated: [Yes / No / N/A]
824
+ - Rollback runbook: [Present / Absent / N/A]
825
+ - Red findings: [table]
826
+
827
+ ## Containment Summary
828
+
829
+ - **CONTAINED** if `BLAST_RADIUS_RED == 0` — Category 11 scores full 10 pts.
830
+ - **BREACHED** if `BLAST_RADIUS_RED > 0` — Category 11 scores 0.
831
+
832
+ Yellow findings do NOT fail Category 11 but are reported to the engineering
833
+ review loop (Phase C) for mandatory attention.
834
+ ```
835
+
836
+ Proceed to Step 3 (automated checks) with blast-radius results attached to the
837
+ context.
838
+
839
+ ---
840
+
841
+ # End of Phase B
842
+
843
+ ---
844
+
845
+ ## Step 3: Run Automated Checks
846
+
847
+ Execute verification commands and capture results:
848
+
849
+ ### Build Check
850
+
851
+ ```bash
852
+ npm run build # or appropriate build command
853
+ ```
854
+
855
+ ### Test Check
856
+
857
+ ```bash
858
+ npm test # or appropriate test command
859
+ ```
860
+
861
+ ### Lint Check
862
+
863
+ ```bash
864
+ npm run lint # or appropriate lint command
865
+ ```
866
+
867
+ ### Type Check (if TypeScript)
868
+
869
+ ```bash
870
+ npm run typecheck # or tsc --noEmit
871
+ ```
872
+
873
+ Record results:
874
+
875
+ ```
876
+ | Check | Command | Result |
877
+ |-----------|------------------|---------------|
878
+ | Build | npm run build | PASS / FAIL |
879
+ | Tests | npm test | PASS / FAIL |
880
+ | Lint | npm run lint | PASS / FAIL |
881
+ | TypeCheck | tsc --noEmit | PASS / FAIL |
882
+ ```
883
+
884
+ **If Build or Tests FAIL**: Mark Functional Correctness as 0 immediately.
885
+
886
+ ---
887
+
888
+ ## Step 4: Mutation Testing Gate
889
+
890
+ Check if mutation testing tools are available:
891
+
892
+ ```bash
893
+ npx stryker --version 2>/dev/null
894
+ ```
895
+
896
+ ### If Stryker is available:
897
+
898
+ 1. Run mutation testing:
899
+ ```bash
900
+ npx stryker run --reporters clear-text 2>&1 | tail -50
901
+ ```
902
+ 2. Parse mutation score from output
903
+ 3. Record: `MUTATION_SCORE = [N]%`
904
+ 4. If score < 60%: contributes to Test Authenticity scoring 0
905
+
906
+ ### If Stryker is NOT available:
907
+
908
+ 1. Record: `MUTATION_SCORE = "unavailable"`
909
+ 2. Log recommendation: "Install @stryker-mutator/core for mutation testing"
910
+ 3. Test Authenticity is scored based on other criteria only (placeholders,
911
+ skips, mock ratio)
912
+ 4. Do NOT block on mutation score when Stryker is absent
913
+
914
+ ---
915
+
916
+ ## Step 5: Mock Ratio Analysis
917
+
918
+ Count mocking patterns vs real assertions across feature test files:
919
+
920
+ ### Count Mock Calls
921
+
922
+ Use Grep to count in test files related to the feature:
923
+
924
+ - `vi.mock(` — module-level mocks
925
+ - `vi.fn(` — individual function mocks
926
+ - `jest.mock(` — Jest module mocks
927
+ - `jest.fn(` — Jest function mocks
928
+ - `.mockReturnValue(` — mock configurations
929
+ - `.mockResolvedValue(` — async mock configurations
930
+
931
+ ### Count Real Assertions
932
+
933
+ Use Grep to count:
934
+
935
+ - `expect(` followed by `.toBe(`, `.toEqual(`, `.toContain(`, `.toThrow(`,
936
+ `.toMatch(`, `.toBeGreaterThan(`, `.toBeLessThan(`, `.toBeDefined(`,
937
+ `.toBeNull(`, `.toHaveLength(`, `.toHaveProperty(`
938
+
939
+ ### Exclude Justified Mocks
940
+
941
+ Lines containing `// mock-justified:` are excluded from the mock count. This
942
+ allows VSCode API mocks and other unavoidable mocks to be documented and exempt.
943
+
944
+ ### Calculate Ratio
945
+
946
+ ```
947
+ MOCK_RATIO = mock_calls / (mock_calls + real_assertions)
948
+ ```
949
+
950
+ ### Evaluate
951
+
952
+ - If `MOCK_RATIO > 0.30` (30%): contributes to Test Authenticity scoring 0
953
+ - Report per-file ratios for the worst offenders
954
+
955
+ ---
956
+
957
+ ## Step 6: Semantic Slop Detection
958
+
959
+ ### Automated Pattern Detection (Grep-based)
960
+
961
+ Run these checks on new/modified source files (not test files):
962
+
963
+ #### Red Severity (Blocks)
964
+
965
+ ```
966
+ Pattern: expect(true).toBe(true)
967
+ Also: expect(1).toBe(1), expect('a').toBe('a')
968
+ Method: Grep for tautological assertions in test files
969
+ ```
970
+
971
+ ```
972
+ Pattern: test.skip / it.skip / describe.skip / xit / xdescribe
973
+ Method: Grep for skip patterns in feature-related test files
974
+ ```
975
+
976
+ #### Yellow Severity (Must Address)
977
+
978
+ ```
979
+ Pattern: TODO / FIXME / XXX / HACK in source code (not test helpers)
980
+ Method: Grep in new/modified .ts/.js/.py files
981
+ ```
982
+
983
+ ```
984
+ Pattern: Empty catch blocks — catch (e) {} or catch { }
985
+ Method: Grep for catch blocks with empty or whitespace-only bodies
986
+ ```
987
+
988
+ #### Gray Severity (Informational)
989
+
990
+ Gray-level findings are reported by the specialist agents (Standards and Test
991
+ Quality). They include:
992
+
993
+ - Redundant comments restating code (agent: validation-standards)
994
+ - Over-engineered abstractions for one-time use (agent: validation-standards)
995
+ - Magic numbers without named constants (agent: validation-standards)
996
+ - Mock-only tests that verify wiring not behavior (agent:
997
+ validation-test-quality)
998
+
999
+ ### Consolidate Slop Findings
1000
+
1001
+ Combine automated Grep results with agent findings:
1002
+
1003
+ ```
1004
+ | # | Pattern | Severity | Source | Description | File | Line |
1005
+ |---|---------|----------|--------|-------------|------|------|
1006
+ | 1 | Placeholder test | Red | Grep | expect(true).toBe(true) | test.ts | 45 |
1007
+ | 2 | Skipped test | Red | Grep | it.skip('should...') | spec.ts | 12 |
1008
+ | 3 | TODO placeholder | Yellow | Grep | // TODO: implement | service.ts | 89 |
1009
+ | 4 | Redundant comment | Yellow | Agent | "// create user" above createUser() | user.ts | 23 |
1010
+ ```
1011
+
1012
+ ---
1013
+
1014
+ ## Step 7: Score the 10-Category Rubric
1015
+
1016
+ Using agent reports, automated checks, and analysis from Steps 3-6, score each
1017
+ category:
1018
+
1019
+ ### Scoring Logic
1020
+
1021
+ **Category 1: Functional Correctness** ({15 or 20 if no UI} pts)
1022
+
1023
+ - Input: validation-correctness agent report + `GATE-2` + automated test results
1024
+ - Score 0 if: `GATE-2` fails, OR any Red finding from correctness agent, OR
1025
+ build/tests fail, OR tests fail to import
1026
+ - Score full if: All acceptance criteria verified with real tests
1027
+
1028
+ **Category 2: Test Authenticity** ({15 or 20 if no UI} pts)
1029
+
1030
+ - Input: validation-test-quality agent report + `GATE-2` + mutation score +
1031
+ mock ratio
1032
+ - Score 0 if: Any placeholder assertion found, OR any test.skip found, OR mock
1033
+ ratio > 30%, OR mutation score < 60% (when Stryker available), OR
1034
+ `GATE-2` fails
1035
+ - Score full if: Zero placeholders, zero skips, mock ratio <= 30%
1036
+
1037
+ **Category 3: UI/E2E Verification** (10 pts, or 0 if redistributed)
1038
+
1039
+ - If `HAS_UI = false`: Record `N/A — HAS_UI=false` plus an explicit not-in-scope
1040
+ reason in the evidence table and apply the existing no-UI redistribution.
1041
+ - If `HAS_UI = true` and `DEPLOY_IN_SCOPE = false`: Check `GATE-3` for local
1042
+ render proof and record `Render proof only — deployment target not in scope`
1043
+ when that proof exists. Score 0 if `GATE-3` fails or no local render proof
1044
+ exists. Do not redistribute Category 3 points.
1045
+ - If `HAS_UI = true` and `DEPLOY_IN_SCOPE = true`: Check `GATE-3` for
1046
+ screenshot, curl/HTTP transcript, deployment log, headless browser
1047
+ assertion, or smoke-check output with proof of rendered/live behavior on the
1048
+ declared route or target. Score 0 if `GATE-3` fails or no real render/deploy
1049
+ proof exists.
1050
+
1051
+ **Category 4: Security Posture** (10 pts)
1052
+
1053
+ - Input: validation-security agent report
1054
+ - Score 0 if: Any Red finding from security agent
1055
+ - Score full if: No Red or Yellow findings
1056
+
1057
+ **Category 5: Integration Reality** (10 pts)
1058
+
1059
+ - Input: validation-integration agent report + `GATE-1`
1060
+ - Score 0 if: `GATE-1` fails, OR any contract violation, OR critical boundary
1061
+ with zero tests
1062
+ - Score full if: All contracts satisfied, integration tests use real deps
1063
+
1064
+ **Category 6: Error Path Coverage** (10 pts)
1065
+
1066
+ - Input: validation-correctness agent (error paths) + validation-standards agent
1067
+ (empty catch blocks)
1068
+ - Score 0 if: Empty catch blocks found, OR public functions lack error path
1069
+ tests
1070
+ - Score full if: Error paths tested, catch blocks handle errors properly
1071
+
1072
+ **Category 7: Architecture Compliance** (10 pts)
1073
+
1074
+ - Input: validation-standards agent report (architecture section)
1075
+ - Score 0 if: File structure deviates from plan.md without justification, OR
1076
+ required diagrams/pictures are stale, unreadable, unrendered without fallback,
1077
+ disconnected from the requirements/code/EAI Platform evidence they explain, OR
1078
+ human-facing artifacts lack a plain-language executive summary
1079
+ - Score full if: All files in expected locations, patterns followed
1080
+
1081
+ **Visual And Document Comprehension Gate** (part of Category 7, no extra points):
1082
+
1083
+ Use this gate whenever the feature has architecture, process, security,
1084
+ workflow, data, UI, or EAI Platform behavior that a human reviewer or future AI
1085
+ loop must understand. This is benchmarked against C4-style abstraction levels,
1086
+ diagram-as-code/source-controlled visuals, 8090-style requirement/blueprint
1087
+ alignment, Marp-style narrative decks, and UI proof practices such as screenshot
1088
+ or visual-test evidence.
1089
+
1090
+ - Executive summaries: every human-facing document starts with three to five
1091
+ plain-language bullets that cover the decision, value, risk, evidence, and next
1092
+ ask. Technical detail comes after the summary.
1093
+ - Purpose clarity: every visual states the question it answers, audience,
1094
+ source inputs, and how to read it in plain language.
1095
+ - Simplicity: each diagram focuses on one decision or flow, keeps primary
1096
+ nodes/steps to about seven or fewer where practical, and splits crowded
1097
+ diagrams instead of making a spaghetti map.
1098
+ - Correct visual type: use context/container C4 views for system boundaries,
1099
+ sequence/state diagrams for flows, ERD for data, value stream for process,
1100
+ heatmaps for capability/risk priority, and screenshot/storyboard evidence for
1101
+ UI behavior.
1102
+ - Renderability: Mermaid/D2/Structurizr-style source must render locally or
1103
+ provide a markdown-table/text fallback; Marp decks must be valid Markdown with
1104
+ slide frontmatter; UI visuals need screenshot, Storybook/component,
1105
+ Playwright, or equivalent render proof.
1106
+ - Traceability: each visual links to the requirement, plan, contract, code/test,
1107
+ EAI service/template asset, or validation evidence it summarizes.
1108
+ - Freshness: validation must check whether visuals changed or were reapproved
1109
+ after spec, plan, code, tenant/auth, or validation changes; stale visuals fail
1110
+ Category 7 even when the code passes.
1111
+ - Public safety: visuals must not expose tenant-private data, secrets, customer
1112
+ identifiers, internal-only architecture names, or screenshots containing
1113
+ private content.
1114
+
1115
+ **Category 8: Performance Baseline** (5 pts)
1116
+
1117
+ - Input: validation-performance agent report
1118
+ - Score 0 if: Sync I/O in async paths, OR complexity > 12, OR unbounded loops
1119
+ - Score full if: No blocking performance findings
1120
+
1121
+ **Category 9: Code Hygiene** (10 pts)
1122
+
1123
+ - Input: validation-standards agent report (hygiene section) + slop detection
1124
+ - Score 0 if: TODO placeholders in production code, OR > 5 redundant comments,
1125
+ OR silent error swallowing found
1126
+ - Score full if: Clean code, no slop findings above Gray
1127
+
1128
+ **Category 10: Specification Traceability** (5 pts)
1129
+
1130
+ - Input: validation-correctness agent (criteria mapping)
1131
+ - Score 0 if: User stories cannot be traced to tests and code
1132
+ - Score full if: Every US has tests, every test maps to implementing code
1133
+
1134
+ **Category 11: Blast Radius Containment** (10 pts) — NEW
1135
+
1136
+ - Input: Phase B blast-radius-report.md (Agents 8-12)
1137
+ - Score 0 if **any** of:
1138
+ - `BLAST_RADIUS_RED > 0` (verdict BREACHED in blast-radius-report.md), OR
1139
+ - Interface Contract Diff found a BREAKING change without CHANGELOG entry, OR
1140
+ - Observability agent found a silent failure in production code, OR
1141
+ - Dependency agent reports a new High or Critical CVE, OR
1142
+ - Rollback agent reports an irreversible migration without justification, OR
1143
+ - Cross-submodule ripple detected that was not planned in plan.md
1144
+ - Score full (10) if: `BLAST_RADIUS_RED == 0` — verdict CONTAINED in
1145
+ blast-radius-report.md. Yellow/Gray findings do not block the category but are
1146
+ forwarded to Phase C for attention.
1147
+
1148
+ ### Calculate Total Score
1149
+
1150
+ ```
1151
+ TOTAL = Cat1 + Cat2 + Cat3 + ... + Cat10 + Cat11
1152
+ ```
1153
+
1154
+ Must equal **110** to PASS (no-UI features: Cat3 redistributes +5 to Cat1 and +5
1155
+ to Cat2; total is still 110).
1156
+
1157
+ ---
1158
+
1159
+ ## Step 7.4: Two-Pass Canvas Refresh (Impact Canvas)
1160
+
1161
+ After the validation council completes, refresh the Impact Canvas with
1162
+ validation findings. This is a SURGICAL update: only the `topThreeRisks` slot of
1163
+ `impact-canvas.md` is replaced; all other canvas content (header, problem
1164
+ statement, personas, AI-leverage pie, outcomes) is preserved byte-for-byte. The
1165
+ frontmatter `pass:` marker is bumped from 1 to 2 so downstream consumers can
1166
+ tell which pass produced the artefact.
1167
+
1168
+ ```
1169
+ Task: subagent_type="visual-canvas-writer", model="haiku"
1170
+ Prompt: "Pass-2 refresh for {FEATURE_DIR}/visuals/impact-canvas.md.
1171
+ Read validation council output from {FEATURE_DIR}/validation.md.
1172
+ Replace ONLY the topThreeRisks section with the council's top three risks.
1173
+ Preserve all other content byte-for-byte.
1174
+
1175
+ Use the runPass2() helper at .specify/scripts/node/lib/visual-pass-pipeline.mjs
1176
+ which implements the surgical replacement (regex-bounded swap of the
1177
+ '## Top Three Risks' section + frontmatter pass: 1 -> 2 bump).
1178
+
1179
+ Return: absolute path of file written and the three risk strings used."
1180
+ ```
1181
+
1182
+ The `runPass2()` function in
1183
+ `.specify/scripts/node/lib/visual-pass-pipeline.mjs` already implements the
1184
+ surgical replacement; the writer agent only needs to provide the three
1185
+ council-validated risk strings. This satisfies FR-016 (two-pass canvas refresh)
1186
+ and the locked decision recorded in `plan.md:912-919`.
1187
+
1188
+ ---
1189
+
1190
+ ## Step 7.5: Refresh Risk Heatmap (Persona Pack — US4)
1191
+
1192
+ After the rubric is scored and validation council findings are available,
1193
+ dispatch `visual-risk-writer` in **pass-2 mode** to refresh the risk heatmap
1194
+ with critical risks identified by the council. This replaces the heuristic
1195
+ top-quadrant entries that pass-1 (run from this same stage before validation)
1196
+ populated from the spec NFR / Out-of-Scope sections.
1197
+
1198
+ ```
1199
+ Task: subagent_type="visual-risk-writer", model="haiku"
1200
+ Prompt: "Pass 2: refresh risk heatmap for feature [FEATURE_NAME].
1201
+
1202
+ Feature directory: {FEATURE_DIR}
1203
+ Spec: {FEATURE_DIR}/spec.md
1204
+ Validation council findings: {FEATURE_DIR}/validation-report.md (in-progress)
1205
+ Existing heatmap (pass-1): {FEATURE_DIR}/visuals/risk-heatmap.md
1206
+ Template: .specify/templates/visuals/risk-heatmap-template.md
1207
+
1208
+ Replace top-quadrant risks with the validation council's critical findings.
1209
+ Preserve pass-1 risks that did not surface in validation.
1210
+ Honour ≥30 ≤200 word plain-language preamble (NFR-010).
1211
+
1212
+ Return: absolute path of file written and risk counts per quadrant."
1213
+ ```
1214
+
1215
+ The validation report (Step 8) MUST link to the refreshed risk heatmap under its
1216
+ `## Risk Posture` section. If the Mermaid renderer fails for a downstream
1217
+ consumer, the `mermaid-tabular-fallback.mjs` helper provides a markdown-table
1218
+ fallback for the `quadrantChart` block.
1219
+
1220
+ ---
1221
+
1222
+ ## Step 8: Generate Validation Report
1223
+
1224
+ Write to `{FEATURE_DIR}/validation-report.md`:
1225
+
1226
+ ```markdown
1227
+ ---
1228
+ feature: [Feature Name]
1229
+ validated: [ISO timestamp]
1230
+ validator: Claude
1231
+ status: [PASS/FAIL]
1232
+ score: [N]
1233
+ score_max: 110
1234
+ iteration: [N]
1235
+ has_ui: [true/false]
1236
+ deploy_in_scope: [true/false]
1237
+ objective_gate_status: [PASS/FAIL]
1238
+ goal_rebaseline_report: goal-rebaseline-report.md
1239
+ loop_audit_report: loop-audit-report.md
1240
+ blast_radius_verdict: [CONTAINED | BREACHED]
1241
+ blast_radius_report: blast-radius-report.md
1242
+ GeneratedAt: [ISO timestamp]
1243
+ SourceCommandId: /6_gofer_validate
1244
+ SourceInputs: [spec.md, plan.md, tasks.md, research.md, automated checks, agent findings]
1245
+ OverwriteNoticeWhenApplicable: [new file or overwrite note]
1246
+ ---
1247
+
1248
+ # Validation Report: [Feature Name]
1249
+
1250
+ ## Objective Outcome Gate
1251
+
1252
+ - Goal ledger: `goal-ledger.json`
1253
+ - Rebaseline report: `goal-rebaseline-report.md`
1254
+ - Loop contract: `loop-contract.json`
1255
+ - Loop ledger: `loop-ledger.jsonl`
1256
+ - Loop audit report: `loop-audit-report.md`
1257
+ - Outcome gate status: [PASS/FAIL]
1258
+ - Recommended reopen stage: [none | 2_specify | 3_plan | 4_tasks | 6_validate]
1259
+ - Summary: [why objectives remain aligned or why the loop must reopen]
1260
+
1261
+ ## Rubric Score
1262
+
1263
+ | # | Category | Points | Score | Status | Evidence |
1264
+ | --- | -------------------------- | ------- | ---------- | --------------- | --------- |
1265
+ | 1 | Functional Correctness | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
1266
+ | 2 | Test Authenticity | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
1267
+ | 3 | UI/E2E Verification | [10/0] | [0/10/N/A] | PASS/FAIL/SKIP | [summary] |
1268
+ | 4 | Security Posture | 10 | [0/10] | PASS/FAIL | [summary] |
1269
+ | 5 | Integration Reality | 10 | [0/10] | PASS/FAIL | [summary] |
1270
+ | 6 | Error Path Coverage | 10 | [0/10] | PASS/FAIL | [summary] |
1271
+ | 7 | Architecture Compliance | 10 | [0/10] | PASS/FAIL | [summary] |
1272
+ | 8 | Performance Baseline | 5 | [0/5] | PASS/FAIL | [summary] |
1273
+ | 9 | Code Hygiene | 10 | [0/10] | PASS/FAIL | [summary] |
1274
+ | 10 | Specification Traceability | 5 | [0/5] | PASS/FAIL | [summary] |
1275
+ | 11 | Blast Radius Containment | 10 | [0/10] | PASS/FAIL | [summary] |
1276
+ | | **TOTAL** | **110** | **[N]** | **[PASS/FAIL]** | |
1277
+
1278
+ ## Automated Check Results
1279
+
1280
+ | Check | Command | Result |
1281
+ | --------- | ------------- | ------------------- |
1282
+ | Build | npm run build | [PASS/FAIL] |
1283
+ | Tests | npm test | [PASS/FAIL] |
1284
+ | Lint | npm run lint | [PASS/FAIL + count] |
1285
+ | TypeCheck | tsc --noEmit | [PASS/FAIL] |
1286
+
1287
+ ## Closed-Loop Traceability
1288
+
1289
+ | Requirement ID | Goal ID | Code Evidence | Test Evidence | Status |
1290
+ | -------------- | ------- | ------------- | ------------- | ------ |
1291
+ | [FR-001] | [G1] | [path] | [path] | [PASS/FAIL] |
1292
+
1293
+ ## Mutation Testing
1294
+
1295
+ - **Stryker available**: [Yes/No]
1296
+ - **Mutation score**: [N]% (target: >= 60%)
1297
+
1298
+ ## Mock Ratio Analysis
1299
+
1300
+ - **Total mock calls**: [N]
1301
+ - **Total real assertions**: [N]
1302
+ - **Mock ratio**: [N]% (target: <= 30%)
1303
+ - **Justified mocks excluded**: [N]
1304
+
1305
+ ### Worst Offenders by File
1306
+
1307
+ | File | Mocks | Assertions | Ratio | Status |
1308
+ | ------ | ----- | ---------- | ----- | ------- |
1309
+ | [file] | [N] | [N] | [N]% | OK/FAIL |
1310
+
1311
+ ## Specialist Agent Findings
1312
+
1313
+ ### Red (Blocking)
1314
+
1315
+ | # | Category | Finding | File | Line |
1316
+ | --- | ---------- | ------------- | ------ | ------ |
1317
+ | [N] | [category] | [description] | [file] | [line] |
1318
+
1319
+ ### Yellow (Must Address)
1320
+
1321
+ | # | Category | Finding | File | Line |
1322
+ | --- | ---------- | ------------- | ------ | ------ |
1323
+ | [N] | [category] | [description] | [file] | [line] |
1324
+
1325
+ ### Gray (Informational)
1326
+
1327
+ | # | Category | Finding | File | Line |
1328
+ | --- | ---------- | ------------- | ------ | ------ |
1329
+ | [N] | [category] | [description] | [file] | [line] |
1330
+
1331
+ ## AI Slop Detection Summary
1332
+
1333
+ | Pattern | Count | Severity |
1334
+ | ---------------------------- | ----- | -------- |
1335
+ | Placeholder assertions | [N] | Red |
1336
+ | Skipped tests | [N] | Red |
1337
+ | TODO/FIXME placeholders | [N] | Yellow |
1338
+ | Empty catch blocks | [N] | Yellow |
1339
+ | Redundant comments | [N] | Yellow |
1340
+ | Over-engineered abstractions | [N] | Gray |
1341
+ | Magic numbers | [N] | Gray |
1342
+
1343
+ ## Blast Radius Summary (Phase B)
1344
+
1345
+ See `{FEATURE_DIR}/blast-radius-report.md` for the full dimension report.
1346
+
1347
+ | Dimension | Agent | Red | Yellow | Gray | Verdict |
1348
+ | ----------------------------------- | ----------------------------- | --- | ------ | ---- | ------------------------ |
1349
+ | Change graph / ripple | codebase-analyzer | [N] | [N] | [N] | [OK/BREACHED] |
1350
+ | Interface contracts | validation-integration | [N] | [N] | [N] | [OK/BREACHED] |
1351
+ | Error logging & observability | validation-standards | [N] | [N] | [N] | [OK/BREACHED] |
1352
+ | Dependency & submodule impact | research-dependency-evaluator | [N] | [N] | [N] | [OK/BREACHED] |
1353
+ | Rollback readiness & release chklst | tasks-rollback-planner | [N] | [N] | [N] | [OK/BREACHED] |
1354
+ | | **TOTAL** | [N] | [N] | [N] | **[CONTAINED/BREACHED]** |
1355
+
1356
+ **Change Surface Summary**
1357
+
1358
+ - Modified files: [N]
1359
+ - Submodules touched: [list]
1360
+ - Public-surface symbols modified: [N]
1361
+ - Breaking API changes: [N]
1362
+ - New dependencies: [N]
1363
+ - New High/Critical CVEs: [N]
1364
+ - Irreversible migrations: [N]
1365
+ - CHANGELOG updated: [Yes/No/N/A]
1366
+
1367
+ **Phase B Gate**: Cat 11 scores 10 only if verdict is **CONTAINED**.
1368
+
1369
+ ## Spec Compliance
1370
+
1371
+ ### [US1 Name]
1372
+
1373
+ - [x/] Acceptance criterion 1
1374
+ - [x/] Acceptance criterion 2
1375
+
1376
+ ### [US2 Name]
1377
+
1378
+ - [x/] Acceptance criterion 1
1379
+
1380
+ ## Recommendations
1381
+
1382
+ ### Before Merge (Must Fix)
1383
+
1384
+ - [Red and Yellow findings requiring action]
1385
+
1386
+ ### Future Improvements (Informational)
1387
+
1388
+ - [Gray findings and suggestions]
1389
+
1390
+ ## Evidence Table
1391
+
1392
+ | Category | Score | Evidence Artifact / Command Output | Absent / Reason for 0 |
1393
+ | --- | --- | --- | --- |
1394
+ | 1 — Functional Correctness | [0/15/20] | [file path, executed `npm test` output with timestamp, or agent citation] | [reason if 0] |
1395
+ | 2 — Test Authenticity | [0/15/20] | [file path, mutation output, or agent citation] | [reason if 0] |
1396
+ | 3 — UI/E2E Verification | [0/10/N/A] | [`N/A — HAS_UI=false`, `Render proof only — deployment target not in scope`, or render/deploy artifact] | [reason if 0 or not in scope] |
1397
+ | 4 — Security Posture | [0/10] | [agent finding citation] | [reason if 0] |
1398
+ | 5 — Integration Reality | [0/10] | [runtime wiring proof, integration-test output, or agent citation] | [reason if 0] |
1399
+ | 6 — Error Path Coverage | [0/10] | [agent finding citation] | [reason if 0] |
1400
+ | 7 — Architecture Compliance | [0/10] | [agent finding citation] | [reason if 0] |
1401
+ | 8 — Performance Baseline | [0/5] | [agent finding citation] | [reason if 0] |
1402
+ | 9 — Code Hygiene | [0/10] | [agent finding citation] | [reason if 0] |
1403
+ | 10 — Specification Traceability | [0/5] | [agent finding citation] | [reason if 0] |
1404
+ | 11 — Blast Radius Containment | [0/10] | [blast-radius-report.md reference] | [reason if 0] |
1405
+ | **Total** | **[N]/110** | | |
1406
+ ```
1407
+
1408
+ This evidence table is required on **EVERY run (PASS and FAIL)**.
1409
+
1410
+ Each `Evidence Artifact / Command Output` cell MUST contain at least one of:
1411
+
1412
+ - A file path visible in the current session
1413
+ - An executed command and its real output (with timestamp)
1414
+ - A sub-agent finding citation (agent name + finding ID)
1415
+
1416
+ An empty evidence cell or a cell containing only inferences/assumptions MUST
1417
+ cause that category to score 0.
1418
+
1419
+ Category 11's evidence cell MUST cite `blast-radius-report.md`.
1420
+
1421
+ When Category 3 is not in scope, the report preamble or row text MUST make the
1422
+ redistribution explicit enough that normalization/effective contribution remains
1423
+ derivable from the persisted report, and `Absent / Reason for 0` must record
1424
+ the matching not-in-scope reason.
1425
+
1426
+ ---
1427
+
1428
+ ## Step 9: Determine Outcome
1429
+
1430
+ ### If TOTAL = 110 and objective_gate_status = PASS: PASS (Phase A + B)
1431
+
1432
+ ```
1433
+ ════════════════════════════════════════════════════════════════
1434
+ RUBRIC PASSED: [Feature Name]
1435
+ ════════════════════════════════════════════════════════════════
1436
+
1437
+ Score: 110/110
1438
+
1439
+ Rubric:
1440
+ ✓ Functional Correctness [15/20]/[15/20]
1441
+ ✓ Test Authenticity [15/20]/[15/20]
1442
+ ✓ UI/E2E Verification [10/10 or N/A]
1443
+ ✓ Security Posture 10/10
1444
+ ✓ Integration Reality 10/10
1445
+ ✓ Error Path Coverage 10/10
1446
+ ✓ Architecture Compliance 10/10
1447
+ ✓ Performance Baseline 5/5
1448
+ ✓ Code Hygiene 10/10
1449
+ ✓ Specification Traceability 5/5
1450
+ ✓ Blast Radius Containment 10/10
1451
+
1452
+ Reports:
1453
+ {FEATURE_DIR}/validation-report.md
1454
+ {FEATURE_DIR}/blast-radius-report.md
1455
+
1456
+ ════════════════════════════════════════════════════════════════
1457
+ ```
1458
+
1459
+ Proceed to **Phase C: Engineering Review Loop** (inline, Step 10a below), then
1460
+ **Step 11: Attribution Logging** and **Step 12: Memory Update Check**.
1461
+
1462
+ **No external auto-chain is needed** — Phase C runs inline in this command.
1463
+ After Phase C completes, the feature pipeline is complete.
1464
+
1465
+ ### If TOTAL < 110 or objective_gate_status = FAIL: FAIL
1466
+
1467
+ Proceed to **Step 10: Brownfield Restart** (Phase C does not run when the rubric
1468
+ fails — fix the rubric first).
1469
+
1470
+ ---
1471
+
1472
+ ## Step 10: Brownfield Restart Loop
1473
+
1474
+ When validation fails (score < score_max), generate a remediation report and signal
1475
+ the orchestrator to restart the pipeline focused on failed areas.
1476
+
1477
+ ### 10.1 Check Iteration Count
1478
+
1479
+ - If `ITERATION >= 3`: Generate **escalation report** instead (see 10.4)
1480
+ - If `ITERATION < 3`: Generate **remediation report** and signal restart
1481
+
1482
+ ### 10.2 Generate Remediation Report
1483
+
1484
+ Write to `{FEATURE_DIR}/remediation-report.md`:
1485
+
1486
+ ```markdown
1487
+ ---
1488
+ feature: [Feature Name]
1489
+ iteration: [N]
1490
+ score: [N]
1491
+ score_max: 110
1492
+ generated: [ISO timestamp]
1493
+ failed_categories: [list]
1494
+ ---
1495
+
1496
+ # Remediation Report: [Feature Name]
1497
+
1498
+ ## Iteration [N] of 3
1499
+
1500
+ **Score**: [N]/110 **Status**: FAIL — Remediation Required
1501
+
1502
+ ## Failed Categories
1503
+
1504
+ ### [Category Name] (0/[points])
1505
+
1506
+ **Evidence**: [Specific findings from agent reports]
1507
+
1508
+ **Required Actions**:
1509
+
1510
+ 1. [Specific action to fix this category]
1511
+ 2. [Another specific action]
1512
+
1513
+ **Files to modify**:
1514
+
1515
+ - `path/to/file.ts:line` — [what to change]
1516
+
1517
+ ### [Next Failed Category]
1518
+
1519
+ ...
1520
+
1521
+ ## Remediation Scope
1522
+
1523
+ The following pipeline stages should re-run focused on these areas:
1524
+
1525
+ - **Research**: [Any new research needed, or "Not needed"]
1526
+ - **Plan**: [Any plan updates, or "Not needed"]
1527
+ - **Implement**: [Specific tasks to re-implement]
1528
+ - **Validate**: Re-run after fixes
1529
+
1530
+ ## Previous Iterations
1531
+
1532
+ | Iteration | Score | Failed Categories | Date |
1533
+ | --------- | ------- | ----------------- | ------ |
1534
+ | 1 | [N]/110 | [list] | [date] |
1535
+ | 2 | [N]/110 | [list] | [date] |
1536
+ ```
1537
+
1538
+ ### 10.3 Signal Orchestrator
1539
+
1540
+ Output the routing instruction:
1541
+
1542
+ ```
1543
+ ════════════════════════════════════════════════════════════════
1544
+ VALIDATION FAILED: [Feature Name]
1545
+ ════════════════════════════════════════════════════════════════
1546
+
1547
+ Score: [N]/110
1548
+ Iteration: [N] of 3
1549
+
1550
+ Failed categories:
1551
+ ✗ [Category] — 0/[points]: [brief reason]
1552
+ ✗ [Category] — 0/[points]: [brief reason]
1553
+
1554
+ Remediation report: {FEATURE_DIR}/remediation-report.md
1555
+
1556
+ REMEDIATION REQUIRED: [feature-name]
1557
+ Failed categories: [list]
1558
+ Iteration: [N] of 3
1559
+ Route: /5_gofer_implement → focused on [failed areas]
1560
+
1561
+ ════════════════════════════════════════════════════════════════
1562
+ ```
1563
+
1564
+ Then proceed to **Step 11: Attribution Logging**.
1565
+
1566
+ ### 10.4 Escalation (Iteration 3 Failure)
1567
+
1568
+ If this is the 3rd iteration and validation still fails, generate
1569
+ `{FEATURE_DIR}/escalation-report.md`:
1570
+
1571
+ ```markdown
1572
+ ---
1573
+ feature: [Feature Name]
1574
+ iteration: 3
1575
+ final_score: [N]/110
1576
+ escalated: [ISO timestamp]
1577
+ ---
1578
+
1579
+ # Escalation Report: [Feature Name]
1580
+
1581
+ ## Human Review Required
1582
+
1583
+ After 3 remediation attempts, the following categories still fail:
1584
+
1585
+ ### [Category] — All 3 attempts failed
1586
+
1587
+ **Iteration history**:
1588
+
1589
+ 1. Score [N] — [what was tried]
1590
+ 2. Score [N] — [what was tried]
1591
+ 3. Score [N] — [what was tried]
1592
+
1593
+ **Root cause assessment**: [Why automated remediation isn't working]
1594
+
1595
+ **Recommended human action**: [What a developer should do]
1596
+
1597
+ ## Full Score History
1598
+
1599
+ | Iteration | Total | Cat1 | Cat2 | Cat3 | Cat4 | Cat5 | Cat6 | Cat7 | Cat8 | Cat9 | Cat10 | Cat11 |
1600
+ | --------- | ----- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ----- | ----- |
1601
+ | 1 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1602
+ | 2 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1603
+ | 3 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1604
+ ```
1605
+
1606
+ Output:
1607
+
1608
+ ```
1609
+ ════════════════════════════════════════════════════════════════
1610
+ ESCALATION: [Feature Name]
1611
+ ════════════════════════════════════════════════════════════════
1612
+
1613
+ After 3 remediation attempts, validation still fails.
1614
+ Score: [N]/110
1615
+
1616
+ Escalation report: {FEATURE_DIR}/escalation-report.md
1617
+
1618
+ This feature requires human review before proceeding.
1619
+ The automated pipeline cannot resolve the remaining issues.
1620
+
1621
+ ════════════════════════════════════════════════════════════════
1622
+ ```
1623
+
1624
+ ---
1625
+
1626
+ # Phase C — Engineering Review Loop
1627
+
1628
+ Phase C runs **only when the rubric passes** (110/110). It performs 1-5
1629
+ iterative review→fix→re-review cycles using 3 additional review agents per
1630
+ cycle, catching issues that the rubric-based validation might miss (edge cases,
1631
+ race conditions, API-contract drift against the as-implemented code, spec spirit
1632
+ violations).
1633
+
1634
+ Phase C is the terminal stage of `/6_gofer_validate`. After Phase C completes,
1635
+ the feature pipeline is complete.
1636
+
1637
+ ## Step 10a: Initialize Phase C
1638
+
1639
+ 1. **Guard**: only proceed if rubric `status == PASS` and the objective outcome
1640
+ gate passes (Step 9 TOTAL = 110 and Step 1.5 PASS). If
1641
+ FAIL, skip Phase C entirely — brownfield restart (Step 10) already triggered.
1642
+
1643
+ 2. **Initialize cycle counter**: `CYCLE = 1`
1644
+
1645
+ 3. **Initialize findings history**: Empty array to accumulate across cycles.
1646
+
1647
+ 4. **Seed findings from Phase B Yellow/Gray**: All Yellow findings from the
1648
+ blast-radius report are added to the Phase C finding list for mandatory
1649
+ attention. Gray findings are logged but not auto-fixed.
1650
+
1651
+ ## Step 10b: Spawn 3 Parallel Review Agents (Cycle N of 5)
1652
+
1653
+ Launch all 3 agents **in parallel** using the Task tool. Each agent receives the
1654
+ feature context and returns structured findings.
1655
+
1656
+ ### Agent 13: Engineer Review (Spec↔Plan↔Tasks↔Research Alignment)
1657
+
1658
+ ```
1659
+ Task: subagent_type="engineer-review", model="sonnet"
1660
+ Prompt: "Post-implementation engineering review for feature [FEATURE_NAME].
1661
+
1662
+ Feature directory: {FEATURE_DIR}
1663
+ Spec: {FEATURE_DIR}/spec.md
1664
+ Plan: {FEATURE_DIR}/plan.md
1665
+ Tasks: {FEATURE_DIR}/tasks.md
1666
+ Research: {FEATURE_DIR}/research.md
1667
+
1668
+ This is a POST-IMPLEMENTATION review (code is already written).
1669
+ In addition to your standard spec↔plan↔tasks alignment checks:
1670
+ 1. Verify spec completeness against research.md — are all research findings addressed?
1671
+ 2. Check all acceptance criteria are addressed in the actual code (not just tasks)
1672
+ 3. Verify research.md patterns were followed in implementation
1673
+
1674
+ Return findings in your standard report format (<2000 tokens)."
1675
+ ```
1676
+
1677
+ ### Agent 14: Codebase Analyzer (Code↔Tasks Verification)
1678
+
1679
+ ```
1680
+ Task: subagent_type="codebase-analyzer", model="sonnet"
1681
+ Prompt: "Post-implementation code verification for feature [FEATURE_NAME].
1682
+
1683
+ Feature directory: {FEATURE_DIR}
1684
+ Tasks: {FEATURE_DIR}/tasks.md
1685
+
1686
+ Verify the following:
1687
+ 1. Every task marked [x] in tasks.md has corresponding code changes — check file paths
1688
+ 2. Search for TODO/FIXME/HACK comments in files listed in tasks.md
1689
+ 3. Check for dead code or unused imports in changed files
1690
+ 4. Verify any API contracts/interfaces match their actual implementations
1691
+ 5. Check for inconsistencies between task descriptions and what was implemented
1692
+
1693
+ Return findings with Red/Yellow/Gray severity (<2000 tokens).
1694
+ Red = task marked complete but no code found, or API contract mismatch
1695
+ Yellow = TODO/FIXME comments, unused imports, minor inconsistencies
1696
+ Gray = style suggestions, optional improvements"
1697
+ ```
1698
+
1699
+ ### Agent 15: Correctness Re-verification
1700
+
1701
+ ```
1702
+ Task: subagent_type="validation-correctness", model="sonnet"
1703
+ Prompt: "Post-implementation correctness re-verification for feature [FEATURE_NAME].
1704
+
1705
+ Feature directory: {FEATURE_DIR}
1706
+ Spec: {FEATURE_DIR}/spec.md
1707
+ Plan: {FEATURE_DIR}/plan.md
1708
+
1709
+ This is a focused re-check after validation passed. Look for issues that
1710
+ rubric-based validation might miss:
1711
+ 1. Edge cases from spec that may not have explicit tests
1712
+ 2. Error handling completeness — are all failure modes covered?
1713
+ 3. Race conditions or concurrency issues in async code
1714
+ 4. Input validation at system boundaries
1715
+ 5. Any acceptance criteria that are technically 'covered' by tests but
1716
+ the implementation doesn't fully satisfy the spirit of the requirement
1717
+
1718
+ Return findings with Red/Yellow/Gray severity (<2000 tokens).
1719
+ Red = acceptance criterion not genuinely satisfied, critical error path missing
1720
+ Yellow = edge case not covered, partial error handling
1721
+ Gray = potential improvement, defensive coding suggestion"
1722
+ ```
1723
+
1724
+ **Run all 3 agents in parallel.** Collect all results before proceeding.
1725
+
1726
+ ## Step 10c: Run Build/Test/Lint Verification
1727
+
1728
+ Execute verification commands and capture results:
1729
+
1730
+ ### Build Check
1731
+
1732
+ ```bash
1733
+ cd extension && npm run compile
1734
+ ```
1735
+
1736
+ ### Test Check
1737
+
1738
+ ```bash
1739
+ cd extension && npm test
1740
+ ```
1741
+
1742
+ ### Lint Check
1743
+
1744
+ ```bash
1745
+ cd extension && npm run lint
1746
+ ```
1747
+
1748
+ Record results:
1749
+
1750
+ ```
1751
+ | Check | Command | Result |
1752
+ |--------|----------------------|-------------|
1753
+ | Build | npm run compile | PASS / FAIL |
1754
+ | Tests | npm test | PASS / FAIL |
1755
+ | Lint | npm run lint | PASS / FAIL |
1756
+ ```
1757
+
1758
+ **If any check FAILS**: Record as a Red finding.
1759
+
1760
+ ## Step 10d: Synthesize Findings
1761
+
1762
+ Collect all agent reports and build/test/lint results. Merge with Phase B
1763
+ Yellow/Gray carryovers. Classify each finding:
1764
+
1765
+ - **Red** (blocking): Task marked complete but no code, API contract mismatch,
1766
+ acceptance criterion not genuinely satisfied, build/test/lint failure,
1767
+ critical error path missing
1768
+ - **Yellow** (should fix): TODO/FIXME comments, unused imports, edge cases not
1769
+ covered, partial error handling, minor inconsistencies, Phase B Yellows
1770
+ - **Gray** (informational): Style suggestions, optional improvements, defensive
1771
+ coding suggestions, Phase B Grays
1772
+
1773
+ ### Compile Finding Table
1774
+
1775
+ ```
1776
+ | # | Finding | Severity | Source | File | Line | Status |
1777
+ |---|---------|----------|---------------------------|--------|--------|--------|
1778
+ | 1 | [desc] | Red | engineer-review | [file] | [line] | OPEN |
1779
+ | 2 | [desc] | Yellow | codebase-analyzer | [file] | [line] | OPEN |
1780
+ | 3 | [desc] | Yellow | phase-b:observability | [file] | [line] | OPEN |
1781
+ ```
1782
+
1783
+ ### Decision Logic
1784
+
1785
+ - If **NO Red or Yellow findings** → PASS → proceed to Step 10g (Report)
1786
+ - If **Red or Yellow findings exist** → proceed to Step 10e (Fix)
1787
+
1788
+ ## Step 10e: Fix Findings
1789
+
1790
+ For each Red and Yellow finding from the current cycle:
1791
+
1792
+ 1. **Read the affected file** at the specified line
1793
+ 2. **Apply the fix** directly using Edit tool
1794
+ 3. **Mark the finding as FIXED** in the finding table
1795
+
1796
+ ### Fix Priority
1797
+
1798
+ 1. Red findings first (blocking issues)
1799
+ 2. Yellow findings second (should fix)
1800
+ 3. Gray findings are logged but NOT auto-fixed
1801
+
1802
+ ### After Fixing
1803
+
1804
+ Re-run build/test/lint to verify fixes don't introduce regressions:
1805
+
1806
+ ```bash
1807
+ cd extension && npm run compile && npm test && npm run lint
1808
+ ```
1809
+
1810
+ If the verification fails after fixes, record new failures as Red findings for
1811
+ the next cycle.
1812
+
1813
+ ## Step 10f: Loop or Complete
1814
+
1815
+ ### Increment Cycle
1816
+
1817
+ ```
1818
+ CYCLE = CYCLE + 1
1819
+ ```
1820
+
1821
+ ### Decision
1822
+
1823
+ - If `CYCLE <= 5` AND findings were fixed in the previous cycle → **Go to Step
1824
+ 10b** (re-review with fresh agent runs to verify fixes and catch any new
1825
+ issues)
1826
+ - If `CYCLE > 5` AND Red/Yellow findings still remain → **Generate escalation
1827
+ section** in the report, declare pipeline complete with warnings
1828
+ - If **all findings resolved** (no Red or Yellow) → **Declare pipeline
1829
+ complete** (proceed to Step 10g)
1830
+
1831
+ ## Step 10g: Generate Engineering Review Report
1832
+
1833
+ Write to `{FEATURE_DIR}/engineering-review-report.md`:
1834
+
1835
+ ```markdown
1836
+ ---
1837
+ feature: [Feature Name]
1838
+ reviewed: [ISO timestamp]
1839
+ reviewer: Claude
1840
+ status: [PASS/PASS_WITH_WARNINGS/ESCALATED]
1841
+ cycles: [N]
1842
+ total_findings: [N]
1843
+ resolved_findings: [N]
1844
+ blast_radius_carryovers: [N]
1845
+ ---
1846
+
1847
+ # Engineering Review Report: [Feature Name]
1848
+
1849
+ ## Summary
1850
+
1851
+ - **Status**: [PASS / PASS_WITH_WARNINGS / ESCALATED]
1852
+ - **Review cycles**: [N] of 5 max
1853
+ - **Total findings**: [N] (Red: [N], Yellow: [N], Gray: [N])
1854
+ - **Resolved**: [N] findings fixed across [N] cycles
1855
+ - **Remaining**: [N] findings (if any)
1856
+ - **Phase B carryovers addressed**: [N] of [N]
1857
+
1858
+ ## Cycle History
1859
+
1860
+ ### Cycle 1
1861
+
1862
+ **Agents**: engineer-review, codebase-analyzer, validation-correctness
1863
+ **Build/Test/Lint**: [PASS/FAIL details]
1864
+
1865
+ | # | Finding | Severity | Source | File | Line | Resolution |
1866
+ | --- | ------- | -------- | ------ | ------ | ------ | ------------ |
1867
+ | 1 | [desc] | [sev] | [src] | [file] | [line] | [FIXED/OPEN] |
1868
+
1869
+ ### Cycle 2 (if applicable)
1870
+
1871
+ ...
1872
+
1873
+ ## Remaining Findings (if any)
1874
+
1875
+ | # | Finding | Severity | Source | File | Line | Reason Not Fixed |
1876
+ | --- | ------- | -------- | ------ | ------ | ------ | ---------------- |
1877
+ | 1 | [desc] | [sev] | [src] | [file] | [line] | [why] |
1878
+
1879
+ ## Recommendations
1880
+
1881
+ ### Must Address Before Merge
1882
+
1883
+ - [Any remaining Red/Yellow findings]
1884
+
1885
+ ### Future Improvements
1886
+
1887
+ - [Gray findings and suggestions]
1888
+ ```
1889
+
1890
+ ## Step 10g.5: Final Working Backwards PR/FAQ And CISO Summary
1891
+
1892
+ After the validation report, blast-radius report, loop audit, and engineering
1893
+ review report are written:
1894
+
1895
+ 1. Update `{FEATURE_DIR}/working-backwards-prfaq.md`.
1896
+ - Mark each Press Release claim as validated, changed, or unvalidated based
1897
+ on `validation-report.md`, `blast-radius-report.md`,
1898
+ `goal-rebaseline-report.md`, and `loop-audit-report.md`.
1899
+ - Fill Internal FAQ CISO / Risk with data handled, identity controls,
1900
+ tenant boundaries, secrets handling, residual risks, validation evidence,
1901
+ and launch gates.
1902
+ - Update "What happens if something goes wrong?" with rollback/support
1903
+ evidence from validation and blast-radius analysis.
1904
+ 2. Write `{FEATURE_DIR}/prfaq-history/06-validate.md` as an immutable final
1905
+ validation snapshot.
1906
+ 3. Create or update `{FEATURE_DIR}/ciso-security-summary.md` from
1907
+ `.specify/templates/ciso-security-summary-template.md` using
1908
+ `validation-report.md`, `blast-radius-report.md`, `audit-history.md`,
1909
+ `visuals/risk-heatmap.md`, auth/tenant evidence, secrets/data handling
1910
+ evidence, and loop audit evidence.
1911
+ 4. Refresh `{FEATURE_DIR}/business-owner-summary.md` with final validation
1912
+ status, business value confidence, and any validated/disproven assumptions.
1913
+ 5. Refresh `{FEATURE_DIR}/cto-architecture-summary.md` with validation status,
1914
+ blast-radius verdict, and any architecture/security exceptions.
1915
+ 6. Update `{FEATURE_DIR}/stakeholder-review-index.md` and make the final
1916
+ approve/revise/defer asks explicit:
1917
+ - Business Owner: release value, user/process impact, assumptions.
1918
+ - CTO / Architecture: platform/architecture evidence and exceptions.
1919
+ - CISO / Risk: controls, residual risks, security posture, launch gate.
1920
+ - Delivery: rollout, rollback, support, and evidence completeness.
1921
+
1922
+ If any validation gate failed, write these documents honestly with `FAIL`,
1923
+ `Pending`, or `Blocked` status; do not polish a failed feature as ready.
1924
+
1925
+ ## Step 10h: Output Completion Banner
1926
+
1927
+ ### If PASS (all findings resolved or no findings):
1928
+
1929
+ ```
1930
+ ════════════════════════════════════════════════════════════════
1931
+ ENGINEERING REVIEW PASSED: [Feature Name]
1932
+ ════════════════════════════════════════════════════════════════
1933
+
1934
+ Cycles: [N] of 5 max
1935
+ Findings: [N] found, [N] resolved
1936
+ Report: {FEATURE_DIR}/engineering-review-report.md
1937
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
1938
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
1939
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
1940
+
1941
+ ════════════════════════════════════════════════════════════════
1942
+ FEATURE PIPELINE COMPLETE!
1943
+
1944
+ All Gofer stages finished:
1945
+ 1. /1_gofer_research ✓
1946
+ 2. /2_gofer_specify ✓
1947
+ 3. /3_gofer_plan ✓
1948
+ 4. /4_gofer_tasks ✓
1949
+ 5. /5_gofer_implement ✓
1950
+ 6. /6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ✓)
1951
+
1952
+ The feature is ready for review and merge.
1953
+ Stakeholder PR/FAQ and persona summaries are ready for Business Owner,
1954
+ CTO/Architecture, CISO/Risk, and Delivery review.
1955
+ ════════════════════════════════════════════════════════════════
1956
+ ```
1957
+
1958
+ ### If PASS_WITH_WARNINGS (5 cycles exhausted, only Gray remaining):
1959
+
1960
+ ```
1961
+ ════════════════════════════════════════════════════════════════
1962
+ ENGINEERING REVIEW PASSED (WITH WARNINGS): [Feature Name]
1963
+ ════════════════════════════════════════════════════════════════
1964
+
1965
+ Cycles: 5 of 5 max
1966
+ Findings: [N] found, [N] resolved, [N] Gray remaining
1967
+ Report: {FEATURE_DIR}/engineering-review-report.md
1968
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
1969
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
1970
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
1971
+
1972
+ ⚠ Gray findings remain — see report for details.
1973
+
1974
+ ════════════════════════════════════════════════════════════════
1975
+ FEATURE PIPELINE COMPLETE!
1976
+
1977
+ All Gofer stages finished:
1978
+ 1. /1_gofer_research ✓
1979
+ 2. /2_gofer_specify ✓
1980
+ 3. /3_gofer_plan ✓
1981
+ 4. /4_gofer_tasks ✓
1982
+ 5. /5_gofer_implement ✓
1983
+ 6. /6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ⚠)
1984
+
1985
+ The feature is ready for review and merge (review Gray findings).
1986
+ ════════════════════════════════════════════════════════════════
1987
+ ```
1988
+
1989
+ ### If ESCALATED (5 cycles exhausted, Red/Yellow remain):
1990
+
1991
+ ```
1992
+ ════════════════════════════════════════════════════════════════
1993
+ ENGINEERING REVIEW ESCALATED: [Feature Name]
1994
+ ════════════════════════════════════════════════════════════════
1995
+
1996
+ Cycles: 5 of 5 max (exhausted)
1997
+ Findings: [N] found, [N] resolved, [N] Red/Yellow remaining
1998
+
1999
+ Remaining issues:
2000
+ ✗ [Finding] — [severity]: [brief reason]
2001
+
2002
+ Report: {FEATURE_DIR}/engineering-review-report.md
2003
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
2004
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
2005
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
2006
+
2007
+ This feature requires human review of remaining findings
2008
+ before merging.
2009
+
2010
+ ════════════════════════════════════════════════════════════════
2011
+ ```
2012
+
2013
+ ---
2014
+
2015
+ # End of Phase C
2016
+
2017
+ ---
2018
+
2019
+ ## Step 11: Attribution Logging
2020
+
2021
+ Log every finding to `.specify/logs/validation-findings.jsonl`.
2022
+ For EnterpriseAI runs, also mirror the same finding lifecycle to
2023
+ `{FEATURE_DIR}/audit-history.md` so executive, architecture, CISO, data, CIO,
2024
+ delivery, finance, operations, and risk/compliance stakeholders can see stable
2025
+ finding IDs, recurrence, disposition, owner, expiry, and review cadence.
2026
+
2027
+ ### Finding Format
2028
+
2029
+ For each finding from all agents and automated checks, append a JSON line:
2030
+
2031
+ ```json
2032
+ {
2033
+ "finding_id": "F[NNN]",
2034
+ "timestamp": "[ISO timestamp]",
2035
+ "feature": "[feature-name]",
2036
+ "category": "[rubric_category_snake_case]",
2037
+ "severity": "[red|yellow|gray]",
2038
+ "description": "[finding description]",
2039
+ "file": "[file path]",
2040
+ "line": [line number or null],
2041
+ "agent": "[agent name or 'automated']",
2042
+ "resolution": null,
2043
+ "iteration": [N]
2044
+ }
2045
+ ```
2046
+
2047
+ ### Categories for `category` field
2048
+
2049
+ - `functional_correctness`
2050
+ - `test_authenticity`
2051
+ - `ui_e2e_verification`
2052
+ - `security_posture`
2053
+ - `integration_reality`
2054
+ - `error_path_coverage`
2055
+ - `architecture_compliance`
2056
+ - `performance_baseline`
2057
+ - `code_hygiene`
2058
+ - `specification_traceability`
2059
+ - `blast_radius_containment` — **NEW** (Cat 11, Phase B)
2060
+ - Sub-dimensions for the `dimension` sub-field: `change_graph`,
2061
+ `interface_contract`, `observability`, `dependency_submodule`,
2062
+ `rollback_release`
2063
+ - `engineering_review` — Phase C findings (agent-specific sub-dimensions:
2064
+ `spec_alignment`, `code_verification`, `correctness_reverify`)
2065
+
2066
+ ### EnterpriseAI Persistent Audit Requirements
2067
+
2068
+ `audit-history.md` MUST include:
2069
+
2070
+ | Field | Requirement |
2071
+ | ----- | ----------- |
2072
+ | Finding ID | Stable across validation cycles; never renumber existing findings |
2073
+ | Source | Rubric category, agent, automated check, or stakeholder gate |
2074
+ | Status | Open, fixed, accepted, or escalated |
2075
+ | Recurrence | Count and prior cycle references for repeated findings |
2076
+ | Owner | Named accountable role or team |
2077
+ | Expiry | Required for accepted exceptions |
2078
+ | Evidence | Links to validation report, tests, contract pack, or code references |
2079
+
2080
+ Recurring red findings must escalate to the relevant decision owner and block
2081
+ launch unless explicitly accepted with owner, expiry, and review cadence.
2082
+
2083
+ For application delivery, validation MUST also check
2084
+ `{FEATURE_DIR}/journeys/base-journey.md` against the delivered implementation:
2085
+
2086
+ - The app process has four user-facing steps or fewer, or an approved exception
2087
+ explains why extra steps could not be combined, automated, or handled by
2088
+ generative AI assistance.
2089
+ - Each journey step preserves its business goal, AI assistance mode, data/context
2090
+ used, completion signal, human controls, evidence/confidence display, audit
2091
+ trail, and fallback/escalation path.
2092
+ - `{FEATURE_DIR}/ui-review-log.md` contains at least one pre-presentation
2093
+ self-review entry for each preview round that was shown to the stakeholder,
2094
+ with screenshot, local render proof, Playwright-style evidence, or an
2095
+ explicit reasoned exception.
2096
+ - `{FEATURE_DIR}/ui-approval.md` records the approved preview, approved
2097
+ branding/logo decisions, any approved EAI App Template exceptions, the
2098
+ approver, and approval timestamp.
2099
+ - `{FEATURE_DIR}/service-fit-matrix.md` records each desired platform
2100
+ capability, the evidence source used to evaluate it, and whether it is
2101
+ accessible now, purchasable but unavailable now, or unavailable without new
2102
+ platform work.
2103
+ - The delivered app uses EAI Platform, including the EAI app template, as the
2104
+ primary app substrate and Azure as the preferred cloud/supporting substrate.
2105
+ Any Firebase, Supabase, Vercel primary runtime, AWS, GCP, bespoke backend,
2106
+ unmanaged database, or unrelated SaaS dependency is rejected unless it is
2107
+ recorded as an approved integration/migration/exception with rationale, owner,
2108
+ expiry, and validation evidence.
2109
+ - The approved external/internal/hybrid profile choice, package lane, coupling
2110
+ status, Storybook story IDs, theme override points, public-readiness target,
2111
+ and custom-block exceptions are present in the preview/approval/service-fit
2112
+ artifacts and match the delivered implementation.
2113
+ - Validation confirms that app-delivery runs used EAI App Template blocks by
2114
+ default and that any create-new UI concept was explicitly approved rather
2115
+ than silently introduced.
2116
+ - Validation confirms that block-porting tasks produced the expected package
2117
+ surface and that public or hybrid lanes do not directly depend on source platform
2118
+ internals unless an approved restricted-source exception is recorded.
2119
+ - Chatbot, voice, accessibility, translation, contextual prefill, validation,
2120
+ and step-goal assistance claims are covered by acceptance tests where they are
2121
+ in scope.
2122
+
2123
+ For explicit non-app work, validation MUST treat `ui-preview-brief.md`,
2124
+ `ui-review-log.md`, `ui-approval.md`, and `service-fit-matrix.md` as
2125
+ **not applicable** rather than as missing blocking artifacts.
2126
+
2127
+ ### Log Summary Entry
2128
+
2129
+ After all findings, append a summary entry:
2130
+
2131
+ ```json
2132
+ {
2133
+ "finding_id": "SUMMARY",
2134
+ "timestamp": "[ISO timestamp]",
2135
+ "feature": "[feature-name]",
2136
+ "category": "summary",
2137
+ "severity": "info",
2138
+ "description": "Validation score: [N]/110. Categories failed: [list or 'none']",
2139
+ "file": null,
2140
+ "line": null,
2141
+ "agent": "rubric",
2142
+ "resolution": "[PASS|FAIL|ESCALATED]",
2143
+ "iteration": [N]
2144
+ }
2145
+ ```
2146
+
2147
+ ### Historical Reference
2148
+
2149
+ Before logging, read existing entries in `validation-findings.jsonl` for the
2150
+ same feature. If the same finding (same file, same line, same category) appears
2151
+ in a previous iteration, note it as a **repeat finding** in the description:
2152
+
2153
+ ```
2154
+ "description": "[REPEAT from iteration 1] expect(true).toBe(true) still present"
2155
+ ```
2156
+
2157
+ This enables tracking of findings that persist across remediation attempts.
2158
+
2159
+ ---
2160
+
2161
+ ## Step 12: Memory Update Check
2162
+
2163
+ After validation, assess whether learnings should be persisted.
2164
+
2165
+ ### 12.1 Memory Update Decision Matrix
2166
+
2167
+ | Learning Type | Update Location | When to Update |
2168
+ | ---------------------------- | ---------------------------- | ----------------------------------------- |
2169
+ | **Project-wide patterns** | `CLAUDE.md` | New conventions affecting all future work |
2170
+ | **Architectural decisions** | `.specify/memory/decisions/` | Significant design choices with rationale |
2171
+ | **Feature-specific context** | `{FEATURE_DIR}/research.md` | Discoveries relevant only to this feature |
2172
+ | **Reusable code patterns** | `CLAUDE.md` or constitution | Patterns other features should follow |
2173
+ | **Bug workarounds** | `.specify/memory/decisions/` | Issues that may recur |
2174
+
2175
+ ### 12.2 CLAUDE.md Update Criteria
2176
+
2177
+ **DO update CLAUDE.md when**:
2178
+
2179
+ - Discovered a new coding convention used across the codebase
2180
+ - Identified a critical dependency or integration pattern
2181
+ - Found a gotcha that affects multiple features
2182
+ - Established a new testing or build pattern
2183
+
2184
+ **DO NOT update CLAUDE.md when**:
2185
+
2186
+ - Learning is specific to one feature
2187
+ - Information will become stale quickly
2188
+ - Pattern is already documented elsewhere
2189
+ - Change is experimental/temporary
2190
+
2191
+ ### 12.3 Memory Update Checklist
2192
+
2193
+ Before completing validation, verify:
2194
+
2195
+ - [ ] Any project-wide patterns discovered -> added to CLAUDE.md?
2196
+ - [ ] Any significant decisions made -> recorded in decisions/?
2197
+ - [ ] Any gotchas or workarounds -> documented for future reference?
2198
+ - [ ] Feature-specific learnings -> captured in research.md?
2199
+
2200
+ ---
2201
+
2202
+ ## Observability Logging
2203
+
2204
+ At stage completion, log metrics:
2205
+
2206
+ ```bash
2207
+ .specify/scripts/bash/log-stage.sh 6_validate --complete --tokens [N] --compactions [N]
2208
+ ```
2209
+
2210
+ This also logs quality metrics (rubric scores, finding counts) to:
2211
+ `.specify/logs/quality-metrics.jsonl`
2212
+
2213
+ ---
2214
+
2215
+ ## Key Rules
2216
+
2217
+ ### Phase A (Rubric)
2218
+
2219
+ - **110/110 is the only passing score** — there is no "close enough"
2220
+ - **Agents run in parallel** — spawn all 6 (or 7 with red team) at once, do not
2221
+ serialize
2222
+ - **Red findings block** — any Red finding in any agent zeroes that category
2223
+ - **Mutation testing is optional** — gracefully degrade when Stryker absent
2224
+ - **Mock ratio excludes justified mocks** — mark with `// mock-justified:`
2225
+ comment
2226
+ - **Maximum 3 remediation iterations** — then escalate to human
2227
+
2228
+ ### Phase B (Blast Radius)
2229
+
2230
+ - **5 blast-radius agents run in parallel** — do not serialize across dimensions
2231
+ - **The change manifest is ground truth** — build it once in Step 2.5, pass the
2232
+ same manifest to every Phase B agent
2233
+ - **Breaking change + no CHANGELOG entry = Red** — always. Release-checklist
2234
+ compliance is mandatory for user-visible changes.
2235
+ - **New High/Critical CVE = Red** — block before merge; Moderate is Yellow; Low
2236
+ is Gray
2237
+ - **Cross-submodule ripple requires explicit plan.md approval** — otherwise Red
2238
+ - **Blast-radius verdict CONTAINED gives Cat 11 = 10**; BREACHED gives Cat 11 =
2239
+ 0 — this is the only way Cat 11 scores
2240
+ - **Phase B writes `blast-radius-report.md`** alongside `validation-report.md`
2241
+ - **Phase B Yellows seed Phase C** — Phase C must address them
2242
+
2243
+ ### Phase C (Engineering Review Loop)
2244
+
2245
+ - **3 review agents per cycle** — spawn all in parallel, do not serialize
2246
+ - **5 cycles maximum** — hard cap to prevent infinite loops
2247
+ - **Fix Red before Yellow** — priority ordering matters
2248
+ - **Re-verify after fixes** — always re-run build/test/lint after changes
2249
+ - **Gray findings are logged, not auto-fixed** — they go in the report
2250
+ - **Phase C only runs if the rubric passes** — a failing rubric triggers
2251
+ brownfield restart instead
2252
+ - **This stage is the pipeline terminal** — "PIPELINE COMPLETE" only appears at
2253
+ the end of Phase C
2254
+ - **Engineering review is inline** — there is no separate follow-up stage after
2255
+ validation
2256
+
2257
+ ### Across All Phases
2258
+
2259
+ - **Attribution logging is mandatory** — every finding (A, B, C) gets logged to
2260
+ JSONL with its phase and sub-dimension
2261
+ - **Be specific** — cite file paths and line numbers for all findings
2262
+ - **Score the rubric honestly** — the goal is to catch real problems, not to
2263
+ pass
2264
+ - Log stage completion for observability tracking