eai-cli 0.0.0-bootstrap.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (690) hide show
  1. package/LICENSE +183 -0
  2. package/NOTICE +4 -0
  3. package/README.md +14 -0
  4. package/dist/commands/agent.d.ts +3 -0
  5. package/dist/commands/agent.d.ts.map +1 -0
  6. package/dist/commands/agent.js +69 -0
  7. package/dist/commands/agent.js.map +1 -0
  8. package/dist/commands/blocks.d.ts +3 -0
  9. package/dist/commands/blocks.d.ts.map +1 -0
  10. package/dist/commands/blocks.js +249 -0
  11. package/dist/commands/blocks.js.map +1 -0
  12. package/dist/commands/chat.d.ts +6 -0
  13. package/dist/commands/chat.d.ts.map +1 -0
  14. package/dist/commands/chat.js +105 -0
  15. package/dist/commands/chat.js.map +1 -0
  16. package/dist/commands/deploy.d.ts +36 -0
  17. package/dist/commands/deploy.d.ts.map +1 -0
  18. package/dist/commands/deploy.js +712 -0
  19. package/dist/commands/deploy.js.map +1 -0
  20. package/dist/commands/dev.d.ts +15 -0
  21. package/dist/commands/dev.d.ts.map +1 -0
  22. package/dist/commands/dev.js +133 -0
  23. package/dist/commands/dev.js.map +1 -0
  24. package/dist/commands/docs.d.ts +6 -0
  25. package/dist/commands/docs.d.ts.map +1 -0
  26. package/dist/commands/docs.js +118 -0
  27. package/dist/commands/docs.js.map +1 -0
  28. package/dist/commands/env.d.ts +10 -0
  29. package/dist/commands/env.d.ts.map +1 -0
  30. package/dist/commands/env.js +200 -0
  31. package/dist/commands/env.js.map +1 -0
  32. package/dist/commands/errors.d.ts +3 -0
  33. package/dist/commands/errors.d.ts.map +1 -0
  34. package/dist/commands/errors.js +72 -0
  35. package/dist/commands/errors.js.map +1 -0
  36. package/dist/commands/gofer.d.ts +3 -0
  37. package/dist/commands/gofer.d.ts.map +1 -0
  38. package/dist/commands/gofer.js +134 -0
  39. package/dist/commands/gofer.js.map +1 -0
  40. package/dist/commands/init.d.ts +14 -0
  41. package/dist/commands/init.d.ts.map +1 -0
  42. package/dist/commands/init.js +1437 -0
  43. package/dist/commands/init.js.map +1 -0
  44. package/dist/commands/login.d.ts +7 -0
  45. package/dist/commands/login.d.ts.map +1 -0
  46. package/dist/commands/login.js +117 -0
  47. package/dist/commands/login.js.map +1 -0
  48. package/dist/commands/provision.d.ts +6 -0
  49. package/dist/commands/provision.d.ts.map +1 -0
  50. package/dist/commands/provision.js +855 -0
  51. package/dist/commands/provision.js.map +1 -0
  52. package/dist/commands/publicapi.d.ts +6 -0
  53. package/dist/commands/publicapi.d.ts.map +1 -0
  54. package/dist/commands/publicapi.js +184 -0
  55. package/dist/commands/publicapi.js.map +1 -0
  56. package/dist/commands/resources.d.ts +38 -0
  57. package/dist/commands/resources.d.ts.map +1 -0
  58. package/dist/commands/resources.js +1010 -0
  59. package/dist/commands/resources.js.map +1 -0
  60. package/dist/commands/runtime.d.ts +3 -0
  61. package/dist/commands/runtime.d.ts.map +1 -0
  62. package/dist/commands/runtime.js +78 -0
  63. package/dist/commands/runtime.js.map +1 -0
  64. package/dist/commands/template.d.ts +3 -0
  65. package/dist/commands/template.d.ts.map +1 -0
  66. package/dist/commands/template.js +365 -0
  67. package/dist/commands/template.js.map +1 -0
  68. package/dist/commands/tenant.d.ts +45 -0
  69. package/dist/commands/tenant.d.ts.map +1 -0
  70. package/dist/commands/tenant.js +1036 -0
  71. package/dist/commands/tenant.js.map +1 -0
  72. package/dist/commands/types.d.ts +130 -0
  73. package/dist/commands/types.d.ts.map +1 -0
  74. package/dist/commands/types.js +1636 -0
  75. package/dist/commands/types.js.map +1 -0
  76. package/dist/commands/update.d.ts +13 -0
  77. package/dist/commands/update.d.ts.map +1 -0
  78. package/dist/commands/update.js +163 -0
  79. package/dist/commands/update.js.map +1 -0
  80. package/dist/commands/user.d.ts +6 -0
  81. package/dist/commands/user.d.ts.map +1 -0
  82. package/dist/commands/user.js +359 -0
  83. package/dist/commands/user.js.map +1 -0
  84. package/dist/commands/verify.d.ts +40 -0
  85. package/dist/commands/verify.d.ts.map +1 -0
  86. package/dist/commands/verify.js +1442 -0
  87. package/dist/commands/verify.js.map +1 -0
  88. package/dist/commands/vertical.d.ts +24 -0
  89. package/dist/commands/vertical.d.ts.map +1 -0
  90. package/dist/commands/vertical.js +301 -0
  91. package/dist/commands/vertical.js.map +1 -0
  92. package/dist/commands/whoami.d.ts +6 -0
  93. package/dist/commands/whoami.d.ts.map +1 -0
  94. package/dist/commands/whoami.js +73 -0
  95. package/dist/commands/whoami.js.map +1 -0
  96. package/dist/commands/workflow.d.ts +6 -0
  97. package/dist/commands/workflow.d.ts.map +1 -0
  98. package/dist/commands/workflow.js +400 -0
  99. package/dist/commands/workflow.js.map +1 -0
  100. package/dist/index.d.ts +10 -0
  101. package/dist/index.d.ts.map +1 -0
  102. package/dist/index.js +272 -0
  103. package/dist/index.js.map +1 -0
  104. package/dist/lib/agent-guide.d.ts +24 -0
  105. package/dist/lib/agent-guide.d.ts.map +1 -0
  106. package/dist/lib/agent-guide.js +155 -0
  107. package/dist/lib/agent-guide.js.map +1 -0
  108. package/dist/lib/api.d.ts +338 -0
  109. package/dist/lib/api.d.ts.map +1 -0
  110. package/dist/lib/api.js +991 -0
  111. package/dist/lib/api.js.map +1 -0
  112. package/dist/lib/auth.d.ts +65 -0
  113. package/dist/lib/auth.d.ts.map +1 -0
  114. package/dist/lib/auth.js +592 -0
  115. package/dist/lib/auth.js.map +1 -0
  116. package/dist/lib/azure-cli.d.ts +6 -0
  117. package/dist/lib/azure-cli.d.ts.map +1 -0
  118. package/dist/lib/azure-cli.js +13 -0
  119. package/dist/lib/azure-cli.js.map +1 -0
  120. package/dist/lib/block-catalog-normalize.d.ts +47 -0
  121. package/dist/lib/block-catalog-normalize.d.ts.map +1 -0
  122. package/dist/lib/block-catalog-normalize.js +355 -0
  123. package/dist/lib/block-catalog-normalize.js.map +1 -0
  124. package/dist/lib/block-catalog-types.d.ts +111 -0
  125. package/dist/lib/block-catalog-types.d.ts.map +1 -0
  126. package/dist/lib/block-catalog-types.js +41 -0
  127. package/dist/lib/block-catalog-types.js.map +1 -0
  128. package/dist/lib/block-catalog-utils.d.ts +7 -0
  129. package/dist/lib/block-catalog-utils.d.ts.map +1 -0
  130. package/dist/lib/block-catalog-utils.js +47 -0
  131. package/dist/lib/block-catalog-utils.js.map +1 -0
  132. package/dist/lib/block-catalog-validation.d.ts +5 -0
  133. package/dist/lib/block-catalog-validation.d.ts.map +1 -0
  134. package/dist/lib/block-catalog-validation.js +112 -0
  135. package/dist/lib/block-catalog-validation.js.map +1 -0
  136. package/dist/lib/block-catalog.d.ts +3 -0
  137. package/dist/lib/block-catalog.d.ts.map +1 -0
  138. package/dist/lib/block-catalog.js +284 -0
  139. package/dist/lib/block-catalog.js.map +1 -0
  140. package/dist/lib/cloud-env.d.ts +25 -0
  141. package/dist/lib/cloud-env.d.ts.map +1 -0
  142. package/dist/lib/cloud-env.js +79 -0
  143. package/dist/lib/cloud-env.js.map +1 -0
  144. package/dist/lib/config.d.ts +116 -0
  145. package/dist/lib/config.d.ts.map +1 -0
  146. package/dist/lib/config.js +195 -0
  147. package/dist/lib/config.js.map +1 -0
  148. package/dist/lib/context.d.ts +43 -0
  149. package/dist/lib/context.d.ts.map +1 -0
  150. package/dist/lib/context.js +68 -0
  151. package/dist/lib/context.js.map +1 -0
  152. package/dist/lib/error-codes.d.ts +56 -0
  153. package/dist/lib/error-codes.d.ts.map +1 -0
  154. package/dist/lib/error-codes.js +211 -0
  155. package/dist/lib/error-codes.js.map +1 -0
  156. package/dist/lib/error-guidance/catalog.d.ts +648 -0
  157. package/dist/lib/error-guidance/catalog.d.ts.map +1 -0
  158. package/dist/lib/error-guidance/catalog.js +940 -0
  159. package/dist/lib/error-guidance/catalog.js.map +1 -0
  160. package/dist/lib/error-guidance/match.d.ts +3 -0
  161. package/dist/lib/error-guidance/match.d.ts.map +1 -0
  162. package/dist/lib/error-guidance/match.js +46 -0
  163. package/dist/lib/error-guidance/match.js.map +1 -0
  164. package/dist/lib/error-guidance/render.d.ts +5 -0
  165. package/dist/lib/error-guidance/render.d.ts.map +1 -0
  166. package/dist/lib/error-guidance/render.js +92 -0
  167. package/dist/lib/error-guidance/render.js.map +1 -0
  168. package/dist/lib/error-guidance/types.d.ts +76 -0
  169. package/dist/lib/error-guidance/types.d.ts.map +1 -0
  170. package/dist/lib/error-guidance/types.js +2 -0
  171. package/dist/lib/error-guidance/types.js.map +1 -0
  172. package/dist/lib/error-guidance/validate.d.ts +3 -0
  173. package/dist/lib/error-guidance/validate.d.ts.map +1 -0
  174. package/dist/lib/error-guidance/validate.js +59 -0
  175. package/dist/lib/error-guidance/validate.js.map +1 -0
  176. package/dist/lib/gofer-installer.d.ts +32 -0
  177. package/dist/lib/gofer-installer.d.ts.map +1 -0
  178. package/dist/lib/gofer-installer.js +589 -0
  179. package/dist/lib/gofer-installer.js.map +1 -0
  180. package/dist/lib/gofer-refresh.d.ts +46 -0
  181. package/dist/lib/gofer-refresh.d.ts.map +1 -0
  182. package/dist/lib/gofer-refresh.js +536 -0
  183. package/dist/lib/gofer-refresh.js.map +1 -0
  184. package/dist/lib/next-route-exports.d.ts +6 -0
  185. package/dist/lib/next-route-exports.d.ts.map +1 -0
  186. package/dist/lib/next-route-exports.js +127 -0
  187. package/dist/lib/next-route-exports.js.map +1 -0
  188. package/dist/lib/npm.d.ts +2 -0
  189. package/dist/lib/npm.d.ts.map +1 -0
  190. package/dist/lib/npm.js +4 -0
  191. package/dist/lib/npm.js.map +1 -0
  192. package/dist/lib/object-type-defaults.d.ts +4 -0
  193. package/dist/lib/object-type-defaults.d.ts.map +1 -0
  194. package/dist/lib/object-type-defaults.js +72 -0
  195. package/dist/lib/object-type-defaults.js.map +1 -0
  196. package/dist/lib/output.d.ts +35 -0
  197. package/dist/lib/output.d.ts.map +1 -0
  198. package/dist/lib/output.js +166 -0
  199. package/dist/lib/output.js.map +1 -0
  200. package/dist/lib/profile.d.ts +52 -0
  201. package/dist/lib/profile.d.ts.map +1 -0
  202. package/dist/lib/profile.js +116 -0
  203. package/dist/lib/profile.js.map +1 -0
  204. package/dist/lib/project-manifest.d.ts +42 -0
  205. package/dist/lib/project-manifest.d.ts.map +1 -0
  206. package/dist/lib/project-manifest.js +191 -0
  207. package/dist/lib/project-manifest.js.map +1 -0
  208. package/dist/lib/resourceapi-bundle.d.ts +33 -0
  209. package/dist/lib/resourceapi-bundle.d.ts.map +1 -0
  210. package/dist/lib/resourceapi-bundle.js +79 -0
  211. package/dist/lib/resourceapi-bundle.js.map +1 -0
  212. package/dist/lib/runtime-contract.d.ts +84 -0
  213. package/dist/lib/runtime-contract.d.ts.map +1 -0
  214. package/dist/lib/runtime-contract.js +318 -0
  215. package/dist/lib/runtime-contract.js.map +1 -0
  216. package/dist/lib/schema-builder.d.ts +28 -0
  217. package/dist/lib/schema-builder.d.ts.map +1 -0
  218. package/dist/lib/schema-builder.js +69 -0
  219. package/dist/lib/schema-builder.js.map +1 -0
  220. package/dist/lib/tenant-context.d.ts +127 -0
  221. package/dist/lib/tenant-context.d.ts.map +1 -0
  222. package/dist/lib/tenant-context.js +573 -0
  223. package/dist/lib/tenant-context.js.map +1 -0
  224. package/dist/lib/update-check.d.ts +52 -0
  225. package/dist/lib/update-check.d.ts.map +1 -0
  226. package/dist/lib/update-check.js +271 -0
  227. package/dist/lib/update-check.js.map +1 -0
  228. package/dist/lib/update-maintenance.d.ts +15 -0
  229. package/dist/lib/update-maintenance.d.ts.map +1 -0
  230. package/dist/lib/update-maintenance.js +187 -0
  231. package/dist/lib/update-maintenance.js.map +1 -0
  232. package/dist/lib/utils.d.ts +23 -0
  233. package/dist/lib/utils.d.ts.map +1 -0
  234. package/dist/lib/utils.js +48 -0
  235. package/dist/lib/utils.js.map +1 -0
  236. package/dist/lib/workflow-provisioning.d.ts +54 -0
  237. package/dist/lib/workflow-provisioning.d.ts.map +1 -0
  238. package/dist/lib/workflow-provisioning.js +281 -0
  239. package/dist/lib/workflow-provisioning.js.map +1 -0
  240. package/package.json +51 -0
  241. package/resources/gofer/.gofer-version +7 -0
  242. package/resources/gofer/agents-skills/0_gofer_start/SKILL.md +1287 -0
  243. package/resources/gofer/agents-skills/0a_problem_validation/SKILL.md +429 -0
  244. package/resources/gofer/agents-skills/10_gofer_cloud/SKILL.md +635 -0
  245. package/resources/gofer/agents-skills/1_gofer_research/SKILL.md +1159 -0
  246. package/resources/gofer/agents-skills/2_gofer_specify/SKILL.md +860 -0
  247. package/resources/gofer/agents-skills/3_gofer_plan/SKILL.md +886 -0
  248. package/resources/gofer/agents-skills/4_gofer_tasks/SKILL.md +748 -0
  249. package/resources/gofer/agents-skills/5_gofer_implement/SKILL.md +924 -0
  250. package/resources/gofer/agents-skills/6_gofer_validate/SKILL.md +2269 -0
  251. package/resources/gofer/agents-skills/7_gofer_save/SKILL.md +423 -0
  252. package/resources/gofer/agents-skills/7a_stakeholder_comms/SKILL.md +508 -0
  253. package/resources/gofer/agents-skills/8_gofer_branding/SKILL.md +315 -0
  254. package/resources/gofer/agents-skills/9_gofer_tests/SKILL.md +558 -0
  255. package/resources/gofer/agents-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
  256. package/resources/gofer/agents-skills/gofer_check_workspace/SKILL.md +119 -0
  257. package/resources/gofer/agents-skills/gofer_constitution/SKILL.md +612 -0
  258. package/resources/gofer/agents-skills/gofer_diagnose/SKILL.md +114 -0
  259. package/resources/gofer/agents-skills/gofer_eai_first_run/SKILL.md +397 -0
  260. package/resources/gofer/agents-skills/gofer_hydrate/SKILL.md +561 -0
  261. package/resources/gofer/agents-skills/gofer_personality/SKILL.md +44 -0
  262. package/resources/gofer/agents-skills/gofer_plan/SKILL.md +40 -0
  263. package/resources/gofer/agents-skills/gofer_side/SKILL.md +45 -0
  264. package/resources/gofer/agents-skills/gofer_spec_summary/SKILL.md +112 -0
  265. package/resources/gofer/agents-skills/gofer_tdd/SKILL.md +112 -0
  266. package/resources/gofer/agents-skills/gofer_vocabulary/SKILL.md +112 -0
  267. package/resources/gofer/agents-skills/gofer_zoom_out/SKILL.md +112 -0
  268. package/resources/gofer/bash-scripts/check-context-health.sh +365 -0
  269. package/resources/gofer/bash-scripts/check-persona-pack.sh +81 -0
  270. package/resources/gofer/bash-scripts/check-prerequisites.sh +168 -0
  271. package/resources/gofer/bash-scripts/common.sh +192 -0
  272. package/resources/gofer/bash-scripts/create-new-feature.sh +260 -0
  273. package/resources/gofer/bash-scripts/install-optional-tools.sh +270 -0
  274. package/resources/gofer/bash-scripts/log-stage.sh +224 -0
  275. package/resources/gofer/bash-scripts/mark-task-complete.sh +74 -0
  276. package/resources/gofer/bash-scripts/pipeline-state.sh +306 -0
  277. package/resources/gofer/bash-scripts/read-failed-approaches.sh +114 -0
  278. package/resources/gofer/bash-scripts/read-session-memories.sh +96 -0
  279. package/resources/gofer/bash-scripts/save-checkpoint.sh +407 -0
  280. package/resources/gofer/bash-scripts/setup-plan.sh +62 -0
  281. package/resources/gofer/bash-scripts/sync-implementation-status.sh +47 -0
  282. package/resources/gofer/bash-scripts/update-agent-context.sh +772 -0
  283. package/resources/gofer/bash-scripts/validate-artifact.sh +335 -0
  284. package/resources/gofer/bash-scripts/verify-task.sh +384 -0
  285. package/resources/gofer/bash-scripts/write-failed-approach.sh +110 -0
  286. package/resources/gofer/bash-scripts/write-periodic-checkpoint.sh +128 -0
  287. package/resources/gofer/bash-scripts/write-session-memory.sh +118 -0
  288. package/resources/gofer/claude-agents/assumption-tracker.md +168 -0
  289. package/resources/gofer/claude-agents/business-metrics-analyzer.md +169 -0
  290. package/resources/gofer/claude-agents/business-problem-validator.md +168 -0
  291. package/resources/gofer/claude-agents/codebase-analyzer.md +124 -0
  292. package/resources/gofer/claude-agents/codebase-locator.md +95 -0
  293. package/resources/gofer/claude-agents/codebase-pattern-finder.md +180 -0
  294. package/resources/gofer/claude-agents/comms-writer.md +158 -0
  295. package/resources/gofer/claude-agents/engineer-review.md +169 -0
  296. package/resources/gofer/claude-agents/implement-bug-triangulator.md +94 -0
  297. package/resources/gofer/claude-agents/implement-code-review-council.md +89 -0
  298. package/resources/gofer/claude-agents/implement-doc-writer.md +89 -0
  299. package/resources/gofer/claude-agents/implement-error-hardener.md +84 -0
  300. package/resources/gofer/claude-agents/implement-performance-explorer.md +95 -0
  301. package/resources/gofer/claude-agents/implement-test-diversifier.md +82 -0
  302. package/resources/gofer/claude-agents/implement-variant-generator.md +80 -0
  303. package/resources/gofer/claude-agents/multi-perspective-judge.md +114 -0
  304. package/resources/gofer/claude-agents/plan-api-comparator.md +90 -0
  305. package/resources/gofer/claude-agents/plan-architecture-diverger.md +100 -0
  306. package/resources/gofer/claude-agents/plan-data-model-stress-tester.md +95 -0
  307. package/resources/gofer/claude-agents/plan-migration-path-finder.md +95 -0
  308. package/resources/gofer/claude-agents/plan-refactor-rewrite-advisor.md +97 -0
  309. package/resources/gofer/claude-agents/research-dependency-evaluator.md +106 -0
  310. package/resources/gofer/claude-agents/research-horizon-scanner.md +100 -0
  311. package/resources/gofer/claude-agents/research-market-scanner.md +137 -0
  312. package/resources/gofer/claude-agents/research-perspective-multiplier.md +102 -0
  313. package/resources/gofer/claude-agents/scope-creep-detector.md +152 -0
  314. package/resources/gofer/claude-agents/specify-ambiguity-detector.md +95 -0
  315. package/resources/gofer/claude-agents/specify-journey-stress-tester.md +92 -0
  316. package/resources/gofer/claude-agents/tasks-cross-cutting-scanner.md +91 -0
  317. package/resources/gofer/claude-agents/tasks-rollback-planner.md +89 -0
  318. package/resources/gofer/claude-agents/validate-security-red-team.md +102 -0
  319. package/resources/gofer/claude-agents/validation-correctness.md +103 -0
  320. package/resources/gofer/claude-agents/validation-integration.md +129 -0
  321. package/resources/gofer/claude-agents/validation-performance.md +120 -0
  322. package/resources/gofer/claude-agents/validation-security.md +115 -0
  323. package/resources/gofer/claude-agents/validation-standards.md +151 -0
  324. package/resources/gofer/claude-agents/validation-test-quality.md +146 -0
  325. package/resources/gofer/claude-agents/visual-bounded-context-writer.md +40 -0
  326. package/resources/gofer/claude-agents/visual-c4-writer.md +45 -0
  327. package/resources/gofer/claude-agents/visual-erd-writer.md +34 -0
  328. package/resources/gofer/claude-agents/visual-heatmap-writer.md +63 -0
  329. package/resources/gofer/claude-agents/visual-risk-writer.md +64 -0
  330. package/resources/gofer/claude-commands/0_gofer_start.md +1282 -0
  331. package/resources/gofer/claude-commands/0a_problem_validation.md +424 -0
  332. package/resources/gofer/claude-commands/10_gofer_cloud.md +630 -0
  333. package/resources/gofer/claude-commands/1_gofer_research.md +1154 -0
  334. package/resources/gofer/claude-commands/2_gofer_specify.md +855 -0
  335. package/resources/gofer/claude-commands/3_gofer_plan.md +881 -0
  336. package/resources/gofer/claude-commands/4_gofer_tasks.md +743 -0
  337. package/resources/gofer/claude-commands/5_gofer_implement.md +919 -0
  338. package/resources/gofer/claude-commands/6_gofer_validate.md +2264 -0
  339. package/resources/gofer/claude-commands/7_gofer_save.md +418 -0
  340. package/resources/gofer/claude-commands/7a_stakeholder_comms.md +503 -0
  341. package/resources/gofer/claude-commands/8_gofer_branding.md +310 -0
  342. package/resources/gofer/claude-commands/9_gofer_tests.md +553 -0
  343. package/resources/gofer/claude-commands/gofer_bootstrap_workspace.md +143 -0
  344. package/resources/gofer/claude-commands/gofer_check_workspace.md +114 -0
  345. package/resources/gofer/claude-commands/gofer_constitution.md +607 -0
  346. package/resources/gofer/claude-commands/gofer_diagnose.md +109 -0
  347. package/resources/gofer/claude-commands/gofer_eai_first_run.md +392 -0
  348. package/resources/gofer/claude-commands/gofer_hydrate.md +556 -0
  349. package/resources/gofer/claude-commands/gofer_personality.md +39 -0
  350. package/resources/gofer/claude-commands/gofer_plan.md +35 -0
  351. package/resources/gofer/claude-commands/gofer_side.md +40 -0
  352. package/resources/gofer/claude-commands/gofer_spec_summary.md +107 -0
  353. package/resources/gofer/claude-commands/gofer_tdd.md +107 -0
  354. package/resources/gofer/claude-commands/gofer_vocabulary.md +107 -0
  355. package/resources/gofer/claude-commands/gofer_zoom_out.md +107 -0
  356. package/resources/gofer/claude-skills/eai-gofer/SKILL.md +56 -0
  357. package/resources/gofer/commands/.gitkeep +0 -0
  358. package/resources/gofer/commands/0_gofer_start.md +1299 -0
  359. package/resources/gofer/commands/0a_problem_validation.md +405 -0
  360. package/resources/gofer/commands/10_gofer_cloud.md +611 -0
  361. package/resources/gofer/commands/1_gofer_research.md +1135 -0
  362. package/resources/gofer/commands/2_gofer_specify.md +836 -0
  363. package/resources/gofer/commands/3_gofer_plan.md +862 -0
  364. package/resources/gofer/commands/4_gofer_tasks.md +724 -0
  365. package/resources/gofer/commands/5_gofer_implement.md +900 -0
  366. package/resources/gofer/commands/6_gofer_validate.md +2245 -0
  367. package/resources/gofer/commands/7_gofer_save.md +399 -0
  368. package/resources/gofer/commands/7a_stakeholder_comms.md +484 -0
  369. package/resources/gofer/commands/8_gofer_branding.md +291 -0
  370. package/resources/gofer/commands/9_gofer_tests.md +534 -0
  371. package/resources/gofer/commands/gofer_bootstrap_workspace.md +159 -0
  372. package/resources/gofer/commands/gofer_check_workspace.md +130 -0
  373. package/resources/gofer/commands/gofer_constitution.md +588 -0
  374. package/resources/gofer/commands/gofer_diagnose.md +89 -0
  375. package/resources/gofer/commands/gofer_eai_first_run.md +392 -0
  376. package/resources/gofer/commands/gofer_hydrate.md +537 -0
  377. package/resources/gofer/commands/gofer_personality.md +61 -0
  378. package/resources/gofer/commands/gofer_plan.md +51 -0
  379. package/resources/gofer/commands/gofer_side.md +56 -0
  380. package/resources/gofer/commands/gofer_spec_summary.md +87 -0
  381. package/resources/gofer/commands/gofer_tdd.md +87 -0
  382. package/resources/gofer/commands/gofer_vocabulary.md +87 -0
  383. package/resources/gofer/commands/gofer_zoom_out.md +87 -0
  384. package/resources/gofer/copilot-instructions/gofer-cost.instructions.md +13 -0
  385. package/resources/gofer/copilot-instructions/language-server.instructions.md +49 -0
  386. package/resources/gofer/copilot-instructions/typescript.instructions.md +47 -0
  387. package/resources/gofer/copilot-instructions/vscode-extension.instructions.md +46 -0
  388. package/resources/gofer/copilot-prompts/0_gofer_start.prompt.md +1308 -0
  389. package/resources/gofer/copilot-prompts/0a_problem_validation.prompt.md +429 -0
  390. package/resources/gofer/copilot-prompts/10_gofer_cloud.prompt.md +644 -0
  391. package/resources/gofer/copilot-prompts/1_gofer_research.prompt.md +1177 -0
  392. package/resources/gofer/copilot-prompts/2_gofer_specify.prompt.md +878 -0
  393. package/resources/gofer/copilot-prompts/3_gofer_plan.prompt.md +904 -0
  394. package/resources/gofer/copilot-prompts/4_gofer_tasks.prompt.md +766 -0
  395. package/resources/gofer/copilot-prompts/5_gofer_implement.prompt.md +942 -0
  396. package/resources/gofer/copilot-prompts/6_gofer_validate.prompt.md +2277 -0
  397. package/resources/gofer/copilot-prompts/7_gofer_save.prompt.md +433 -0
  398. package/resources/gofer/copilot-prompts/7a_stakeholder_comms.prompt.md +516 -0
  399. package/resources/gofer/copilot-prompts/8_gofer_branding.prompt.md +323 -0
  400. package/resources/gofer/copilot-prompts/9_gofer_tests.prompt.md +566 -0
  401. package/resources/gofer/copilot-prompts/gofer_bootstrap_workspace.prompt.md +161 -0
  402. package/resources/gofer/copilot-prompts/gofer_check_workspace.prompt.md +132 -0
  403. package/resources/gofer/copilot-prompts/gofer_constitution.prompt.md +621 -0
  404. package/resources/gofer/copilot-prompts/gofer_diagnose.prompt.md +127 -0
  405. package/resources/gofer/copilot-prompts/gofer_eai_first_run.prompt.md +410 -0
  406. package/resources/gofer/copilot-prompts/gofer_hydrate.prompt.md +571 -0
  407. package/resources/gofer/copilot-prompts/gofer_personality.prompt.md +57 -0
  408. package/resources/gofer/copilot-prompts/gofer_plan.prompt.md +53 -0
  409. package/resources/gofer/copilot-prompts/gofer_side.prompt.md +58 -0
  410. package/resources/gofer/copilot-prompts/gofer_spec_summary.prompt.md +125 -0
  411. package/resources/gofer/copilot-prompts/gofer_tdd.prompt.md +125 -0
  412. package/resources/gofer/copilot-prompts/gofer_vocabulary.prompt.md +125 -0
  413. package/resources/gofer/copilot-prompts/gofer_zoom_out.prompt.md +125 -0
  414. package/resources/gofer/gemini/agents/assumption-tracker.md +171 -0
  415. package/resources/gofer/gemini/agents/business-metrics-analyzer.md +172 -0
  416. package/resources/gofer/gemini/agents/business-problem-validator.md +171 -0
  417. package/resources/gofer/gemini/agents/codebase-analyzer.md +127 -0
  418. package/resources/gofer/gemini/agents/codebase-locator.md +98 -0
  419. package/resources/gofer/gemini/agents/codebase-pattern-finder.md +183 -0
  420. package/resources/gofer/gemini/agents/comms-writer.md +161 -0
  421. package/resources/gofer/gemini/agents/engineer-review.md +172 -0
  422. package/resources/gofer/gemini/agents/implement-bug-triangulator.md +97 -0
  423. package/resources/gofer/gemini/agents/implement-code-review-council.md +92 -0
  424. package/resources/gofer/gemini/agents/implement-doc-writer.md +92 -0
  425. package/resources/gofer/gemini/agents/implement-error-hardener.md +87 -0
  426. package/resources/gofer/gemini/agents/implement-performance-explorer.md +98 -0
  427. package/resources/gofer/gemini/agents/implement-test-diversifier.md +85 -0
  428. package/resources/gofer/gemini/agents/implement-variant-generator.md +83 -0
  429. package/resources/gofer/gemini/agents/multi-perspective-judge.md +117 -0
  430. package/resources/gofer/gemini/agents/plan-api-comparator.md +93 -0
  431. package/resources/gofer/gemini/agents/plan-architecture-diverger.md +103 -0
  432. package/resources/gofer/gemini/agents/plan-data-model-stress-tester.md +98 -0
  433. package/resources/gofer/gemini/agents/plan-migration-path-finder.md +98 -0
  434. package/resources/gofer/gemini/agents/plan-refactor-rewrite-advisor.md +100 -0
  435. package/resources/gofer/gemini/agents/research-dependency-evaluator.md +109 -0
  436. package/resources/gofer/gemini/agents/research-horizon-scanner.md +103 -0
  437. package/resources/gofer/gemini/agents/research-market-scanner.md +140 -0
  438. package/resources/gofer/gemini/agents/research-perspective-multiplier.md +105 -0
  439. package/resources/gofer/gemini/agents/scope-creep-detector.md +155 -0
  440. package/resources/gofer/gemini/agents/specify-ambiguity-detector.md +98 -0
  441. package/resources/gofer/gemini/agents/specify-journey-stress-tester.md +95 -0
  442. package/resources/gofer/gemini/agents/tasks-cross-cutting-scanner.md +94 -0
  443. package/resources/gofer/gemini/agents/tasks-rollback-planner.md +92 -0
  444. package/resources/gofer/gemini/agents/validate-security-red-team.md +105 -0
  445. package/resources/gofer/gemini/agents/validation-correctness.md +106 -0
  446. package/resources/gofer/gemini/agents/validation-integration.md +132 -0
  447. package/resources/gofer/gemini/agents/validation-performance.md +123 -0
  448. package/resources/gofer/gemini/agents/validation-security.md +118 -0
  449. package/resources/gofer/gemini/agents/validation-standards.md +154 -0
  450. package/resources/gofer/gemini/agents/validation-test-quality.md +149 -0
  451. package/resources/gofer/gemini/agents/visual-bounded-context-writer.md +40 -0
  452. package/resources/gofer/gemini/agents/visual-c4-writer.md +44 -0
  453. package/resources/gofer/gemini/agents/visual-erd-writer.md +36 -0
  454. package/resources/gofer/gemini/agents/visual-heatmap-writer.md +63 -0
  455. package/resources/gofer/gemini/agents/visual-risk-writer.md +64 -0
  456. package/resources/gofer/gemini/commands/gofer/.gitkeep +0 -0
  457. package/resources/gofer/gemini/commands/gofer/0_gofer_start.md +1282 -0
  458. package/resources/gofer/gemini/commands/gofer/0_gofer_start.toml +2 -0
  459. package/resources/gofer/gemini/commands/gofer/0a_problem_validation.md +424 -0
  460. package/resources/gofer/gemini/commands/gofer/0a_problem_validation.toml +2 -0
  461. package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.md +630 -0
  462. package/resources/gofer/gemini/commands/gofer/10_gofer_cloud.toml +2 -0
  463. package/resources/gofer/gemini/commands/gofer/1_gofer_research.md +1154 -0
  464. package/resources/gofer/gemini/commands/gofer/1_gofer_research.toml +2 -0
  465. package/resources/gofer/gemini/commands/gofer/2_gofer_specify.md +855 -0
  466. package/resources/gofer/gemini/commands/gofer/2_gofer_specify.toml +2 -0
  467. package/resources/gofer/gemini/commands/gofer/3_gofer_plan.md +881 -0
  468. package/resources/gofer/gemini/commands/gofer/3_gofer_plan.toml +2 -0
  469. package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.md +743 -0
  470. package/resources/gofer/gemini/commands/gofer/4_gofer_tasks.toml +2 -0
  471. package/resources/gofer/gemini/commands/gofer/5_gofer_implement.md +919 -0
  472. package/resources/gofer/gemini/commands/gofer/5_gofer_implement.toml +2 -0
  473. package/resources/gofer/gemini/commands/gofer/6_gofer_validate.md +2264 -0
  474. package/resources/gofer/gemini/commands/gofer/6_gofer_validate.toml +2 -0
  475. package/resources/gofer/gemini/commands/gofer/7_gofer_save.md +418 -0
  476. package/resources/gofer/gemini/commands/gofer/7_gofer_save.toml +2 -0
  477. package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.md +503 -0
  478. package/resources/gofer/gemini/commands/gofer/7a_stakeholder_comms.toml +2 -0
  479. package/resources/gofer/gemini/commands/gofer/8_gofer_branding.md +310 -0
  480. package/resources/gofer/gemini/commands/gofer/8_gofer_branding.toml +2 -0
  481. package/resources/gofer/gemini/commands/gofer/9_gofer_tests.md +553 -0
  482. package/resources/gofer/gemini/commands/gofer/9_gofer_tests.toml +2 -0
  483. package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.md +143 -0
  484. package/resources/gofer/gemini/commands/gofer/gofer_bootstrap_workspace.toml +2 -0
  485. package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.md +114 -0
  486. package/resources/gofer/gemini/commands/gofer/gofer_check_workspace.toml +2 -0
  487. package/resources/gofer/gemini/commands/gofer/gofer_constitution.md +607 -0
  488. package/resources/gofer/gemini/commands/gofer/gofer_constitution.toml +2 -0
  489. package/resources/gofer/gemini/commands/gofer/gofer_diagnose.md +109 -0
  490. package/resources/gofer/gemini/commands/gofer/gofer_diagnose.toml +2 -0
  491. package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.md +392 -0
  492. package/resources/gofer/gemini/commands/gofer/gofer_eai_first_run.toml +2 -0
  493. package/resources/gofer/gemini/commands/gofer/gofer_hydrate.md +556 -0
  494. package/resources/gofer/gemini/commands/gofer/gofer_hydrate.toml +2 -0
  495. package/resources/gofer/gemini/commands/gofer/gofer_personality.md +39 -0
  496. package/resources/gofer/gemini/commands/gofer/gofer_personality.toml +2 -0
  497. package/resources/gofer/gemini/commands/gofer/gofer_plan.md +35 -0
  498. package/resources/gofer/gemini/commands/gofer/gofer_plan.toml +2 -0
  499. package/resources/gofer/gemini/commands/gofer/gofer_side.md +40 -0
  500. package/resources/gofer/gemini/commands/gofer/gofer_side.toml +2 -0
  501. package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.md +107 -0
  502. package/resources/gofer/gemini/commands/gofer/gofer_spec_summary.toml +2 -0
  503. package/resources/gofer/gemini/commands/gofer/gofer_tdd.md +107 -0
  504. package/resources/gofer/gemini/commands/gofer/gofer_tdd.toml +2 -0
  505. package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.md +107 -0
  506. package/resources/gofer/gemini/commands/gofer/gofer_vocabulary.toml +2 -0
  507. package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.md +107 -0
  508. package/resources/gofer/gemini/commands/gofer/gofer_zoom_out.toml +2 -0
  509. package/resources/gofer/gemini/commands/gofer/manifest.json +32 -0
  510. package/resources/gofer/gemini/extension.json +16 -0
  511. package/resources/gofer/github-agents/gofer-business.agent.md +20 -0
  512. package/resources/gofer/github-agents/gofer-implement.agent.md +15 -0
  513. package/resources/gofer/github-agents/gofer-plan.agent.md +15 -0
  514. package/resources/gofer/github-agents/gofer-research.agent.md +15 -0
  515. package/resources/gofer/github-agents/gofer-validate.agent.md +10 -0
  516. package/resources/gofer/github-skills/eai-gofer/SKILL.md +56 -0
  517. package/resources/gofer/hook-scripts/agent-stop.mjs +655 -0
  518. package/resources/gofer/hook-scripts/log-stage-launch-time.mjs +77 -0
  519. package/resources/gofer/hook-scripts/post-tool-use.mjs +333 -0
  520. package/resources/gofer/hook-scripts/queued-input.mjs +188 -0
  521. package/resources/gofer/hook-scripts/session-lifecycle.mjs +93 -0
  522. package/resources/gofer/hook-scripts/user-prompt-submit.mjs +228 -0
  523. package/resources/gofer/instruction-templates/base/agents-base.md +37 -0
  524. package/resources/gofer/instruction-templates/base/claude-base.md +7 -0
  525. package/resources/gofer/instruction-templates/base/copilot-base.md +26 -0
  526. package/resources/gofer/instruction-templates/gofer/gofer-claude.md +5 -0
  527. package/resources/gofer/instruction-templates/gofer/gofer-copilot.md +9 -0
  528. package/resources/gofer/instruction-templates/languages/generic.md +7 -0
  529. package/resources/gofer/instruction-templates/languages/go.md +8 -0
  530. package/resources/gofer/instruction-templates/languages/java.md +8 -0
  531. package/resources/gofer/instruction-templates/languages/python.md +9 -0
  532. package/resources/gofer/instruction-templates/languages/rust.md +9 -0
  533. package/resources/gofer/instruction-templates/languages/typescript.md +19 -0
  534. package/resources/gofer/instruction-templates/workflow/principles.md +52 -0
  535. package/resources/gofer/memory/constitution.md +391 -0
  536. package/resources/gofer/memory/context-profiles.yaml +74 -0
  537. package/resources/gofer/memory/decisions/000-use-adr-for-decisions.md +67 -0
  538. package/resources/gofer/memory/decisions/001-di-framework.md +190 -0
  539. package/resources/gofer/memory/decisions/002-module-extraction.md +305 -0
  540. package/resources/gofer/memory/decisions/003-error-handling.md +368 -0
  541. package/resources/gofer/memory/decisions/004-cache-eviction.md +436 -0
  542. package/resources/gofer/memory/decisions/005-constants-management.md +520 -0
  543. package/resources/gofer/memory/decisions/README.md +129 -0
  544. package/resources/gofer/memory/diagrams/di-container.mmd +321 -0
  545. package/resources/gofer/memory/diagrams/extension-activation.mmd +184 -0
  546. package/resources/gofer/memory/diagrams/module-dependencies.mmd +264 -0
  547. package/resources/gofer/memory/gofer-model-policy.yaml +97 -0
  548. package/resources/gofer/memory/lessons.md +46 -0
  549. package/resources/gofer/node-scripts/canonical-descriptions.mjs +86 -0
  550. package/resources/gofer/node-scripts/check-version-alignment.mjs +131 -0
  551. package/resources/gofer/node-scripts/codex-doctor.mjs +425 -0
  552. package/resources/gofer/node-scripts/generate-commands.mjs +1366 -0
  553. package/resources/gofer/node-scripts/generate-issues.js +563 -0
  554. package/resources/gofer/node-scripts/gofer-closed-loop-audit.mjs +893 -0
  555. package/resources/gofer/node-scripts/gofer-loop-audit.mjs +541 -0
  556. package/resources/gofer/node-scripts/gofer-performance-report.mjs +306 -0
  557. package/resources/gofer/node-scripts/gofer-workspace-bootstrap.mjs +56 -0
  558. package/resources/gofer/node-scripts/gofer-workspace-check.mjs +56 -0
  559. package/resources/gofer/node-scripts/lib/ai-leverage-tagger.mjs +103 -0
  560. package/resources/gofer/node-scripts/lib/assemble-stakeholder-pack.mjs +114 -0
  561. package/resources/gofer/node-scripts/lib/marp-deck.mjs +87 -0
  562. package/resources/gofer/node-scripts/lib/mermaid-tabular-fallback.mjs +264 -0
  563. package/resources/gofer/node-scripts/lib/render-visual.mjs +54 -0
  564. package/resources/gofer/node-scripts/lib/validate-aliases.mjs +85 -0
  565. package/resources/gofer/node-scripts/lib/visual-counts.mjs +44 -0
  566. package/resources/gofer/node-scripts/lib/visual-pass-pipeline.mjs +134 -0
  567. package/resources/gofer/node-scripts/mermaid-export.mjs +72 -0
  568. package/resources/gofer/node-scripts/package-agent-plugin.mjs +940 -0
  569. package/resources/gofer/node-scripts/parse-stage-command.mjs +211 -0
  570. package/resources/gofer/node-scripts/schemas/.gitkeep +0 -0
  571. package/resources/gofer/node-scripts/schemas/stage-command.schema.json +72 -0
  572. package/resources/gofer/node-scripts/sync-extension-resources.mjs +110 -0
  573. package/resources/gofer/node-scripts/workspace-bootstrap-lib.mjs +1166 -0
  574. package/resources/gofer/powershell-scripts/install-optional-tools.ps1 +214 -0
  575. package/resources/gofer/references/platform/README.md +17 -0
  576. package/resources/gofer/references/platform/deployment-repo.md +9 -0
  577. package/resources/gofer/references/platform/eai-app-template.md +45 -0
  578. package/resources/gofer/references/platform/eai-config-driven-ui.md +156 -0
  579. package/resources/gofer/references/platform/eai-error-catalog.yaml +197 -0
  580. package/resources/gofer/references/platform/eai-repo-contract.md +134 -0
  581. package/resources/gofer/references/platform/eai-service-patterns.md +56 -0
  582. package/resources/gofer/references/platform/eai.md +85 -0
  583. package/resources/gofer/references/platform/vertical-template.md +49 -0
  584. package/resources/gofer/specify-commands/.gitkeep +0 -0
  585. package/resources/gofer/specify-commands/0_gofer_start.md +1299 -0
  586. package/resources/gofer/specify-commands/0a_problem_validation.md +405 -0
  587. package/resources/gofer/specify-commands/10_gofer_cloud.md +611 -0
  588. package/resources/gofer/specify-commands/1_gofer_research.md +1135 -0
  589. package/resources/gofer/specify-commands/2_gofer_specify.md +836 -0
  590. package/resources/gofer/specify-commands/3_gofer_plan.md +862 -0
  591. package/resources/gofer/specify-commands/4_gofer_tasks.md +724 -0
  592. package/resources/gofer/specify-commands/5_gofer_implement.md +900 -0
  593. package/resources/gofer/specify-commands/6_gofer_validate.md +2245 -0
  594. package/resources/gofer/specify-commands/7_gofer_save.md +399 -0
  595. package/resources/gofer/specify-commands/7a_stakeholder_comms.md +484 -0
  596. package/resources/gofer/specify-commands/8_gofer_branding.md +291 -0
  597. package/resources/gofer/specify-commands/9_gofer_tests.md +534 -0
  598. package/resources/gofer/specify-commands/gofer_bootstrap_workspace.md +159 -0
  599. package/resources/gofer/specify-commands/gofer_check_workspace.md +130 -0
  600. package/resources/gofer/specify-commands/gofer_constitution.md +588 -0
  601. package/resources/gofer/specify-commands/gofer_diagnose.md +89 -0
  602. package/resources/gofer/specify-commands/gofer_eai_first_run.md +392 -0
  603. package/resources/gofer/specify-commands/gofer_hydrate.md +537 -0
  604. package/resources/gofer/specify-commands/gofer_personality.md +61 -0
  605. package/resources/gofer/specify-commands/gofer_plan.md +51 -0
  606. package/resources/gofer/specify-commands/gofer_side.md +56 -0
  607. package/resources/gofer/specify-commands/gofer_spec_summary.md +87 -0
  608. package/resources/gofer/specify-commands/gofer_tdd.md +87 -0
  609. package/resources/gofer/specify-commands/gofer_vocabulary.md +87 -0
  610. package/resources/gofer/specify-commands/gofer_zoom_out.md +87 -0
  611. package/resources/gofer/system-skills/0_gofer_start/SKILL.md +1287 -0
  612. package/resources/gofer/system-skills/0a_problem_validation/SKILL.md +429 -0
  613. package/resources/gofer/system-skills/10_gofer_cloud/SKILL.md +635 -0
  614. package/resources/gofer/system-skills/1_gofer_research/SKILL.md +1159 -0
  615. package/resources/gofer/system-skills/2_gofer_specify/SKILL.md +860 -0
  616. package/resources/gofer/system-skills/3_gofer_plan/SKILL.md +886 -0
  617. package/resources/gofer/system-skills/4_gofer_tasks/SKILL.md +748 -0
  618. package/resources/gofer/system-skills/5_gofer_implement/SKILL.md +924 -0
  619. package/resources/gofer/system-skills/6_gofer_validate/SKILL.md +2269 -0
  620. package/resources/gofer/system-skills/7_gofer_save/SKILL.md +423 -0
  621. package/resources/gofer/system-skills/7a_stakeholder_comms/SKILL.md +508 -0
  622. package/resources/gofer/system-skills/8_gofer_branding/SKILL.md +315 -0
  623. package/resources/gofer/system-skills/9_gofer_tests/SKILL.md +558 -0
  624. package/resources/gofer/system-skills/gofer_bootstrap_workspace/SKILL.md +148 -0
  625. package/resources/gofer/system-skills/gofer_check_workspace/SKILL.md +119 -0
  626. package/resources/gofer/system-skills/gofer_constitution/SKILL.md +612 -0
  627. package/resources/gofer/system-skills/gofer_diagnose/SKILL.md +114 -0
  628. package/resources/gofer/system-skills/gofer_eai_first_run/SKILL.md +397 -0
  629. package/resources/gofer/system-skills/gofer_hydrate/SKILL.md +561 -0
  630. package/resources/gofer/system-skills/gofer_personality/SKILL.md +44 -0
  631. package/resources/gofer/system-skills/gofer_plan/SKILL.md +40 -0
  632. package/resources/gofer/system-skills/gofer_side/SKILL.md +45 -0
  633. package/resources/gofer/system-skills/gofer_spec_summary/SKILL.md +112 -0
  634. package/resources/gofer/system-skills/gofer_tdd/SKILL.md +112 -0
  635. package/resources/gofer/system-skills/gofer_vocabulary/SKILL.md +112 -0
  636. package/resources/gofer/system-skills/gofer_zoom_out/SKILL.md +112 -0
  637. package/resources/gofer/templates/agent-file-template.md +28 -0
  638. package/resources/gofer/templates/assumptions-template.md +94 -0
  639. package/resources/gofer/templates/audit-history-template.md +35 -0
  640. package/resources/gofer/templates/brand/brand-profile-template.json +45 -0
  641. package/resources/gofer/templates/brand/document-style-template.md +50 -0
  642. package/resources/gofer/templates/brand/marp-theme-template.css +58 -0
  643. package/resources/gofer/templates/brownfield-analysis.md +44 -0
  644. package/resources/gofer/templates/business-metrics-template.md +120 -0
  645. package/resources/gofer/templates/business-owner-summary-template.md +83 -0
  646. package/resources/gofer/templates/checklist-template.md +40 -0
  647. package/resources/gofer/templates/ciso-security-summary-template.md +70 -0
  648. package/resources/gofer/templates/context-bundle-template.md +76 -0
  649. package/resources/gofer/templates/contract-pack-template.md +109 -0
  650. package/resources/gofer/templates/cto-architecture-summary-template.md +83 -0
  651. package/resources/gofer/templates/discovery-template.md +92 -0
  652. package/resources/gofer/templates/eai-preflight-template.md +144 -0
  653. package/resources/gofer/templates/goal-ledger-template.json +69 -0
  654. package/resources/gofer/templates/gofer-model-policy.yaml +97 -0
  655. package/resources/gofer/templates/issues-template.md +106 -0
  656. package/resources/gofer/templates/journey/base-journey.md +95 -0
  657. package/resources/gofer/templates/journey/industry-variants.yaml +277 -0
  658. package/resources/gofer/templates/loop-contract-template.json +68 -0
  659. package/resources/gofer/templates/plan-template.md +215 -0
  660. package/resources/gofer/templates/problem-brief-template.md +85 -0
  661. package/resources/gofer/templates/proposal-review-template.md +79 -0
  662. package/resources/gofer/templates/research-template.md +222 -0
  663. package/resources/gofer/templates/reuse-scan-template.md +43 -0
  664. package/resources/gofer/templates/sequence-diagrams/option-spectrum.yaml +178 -0
  665. package/resources/gofer/templates/service-fit-matrix-template.md +29 -0
  666. package/resources/gofer/templates/session-handoff-template.md +172 -0
  667. package/resources/gofer/templates/spec-summary-template.md +118 -0
  668. package/resources/gofer/templates/spec-template.md +196 -0
  669. package/resources/gofer/templates/stakeholder-comms-template.md +330 -0
  670. package/resources/gofer/templates/stakeholder-review-index-template.md +54 -0
  671. package/resources/gofer/templates/tasks-template.md +323 -0
  672. package/resources/gofer/templates/ui-approval-template.md +32 -0
  673. package/resources/gofer/templates/ui-preview-brief-template.md +65 -0
  674. package/resources/gofer/templates/ui-review-log-template.md +11 -0
  675. package/resources/gofer/templates/visuals/.gitkeep +0 -0
  676. package/resources/gofer/templates/visuals/bounded-context-map.md +19 -0
  677. package/resources/gofer/templates/visuals/bounded-context-template.md +47 -0
  678. package/resources/gofer/templates/visuals/c4-container-template.md +38 -0
  679. package/resources/gofer/templates/visuals/c4-container.md +20 -0
  680. package/resources/gofer/templates/visuals/c4-context-template.md +46 -0
  681. package/resources/gofer/templates/visuals/capability-heatmap-template.md +54 -0
  682. package/resources/gofer/templates/visuals/data-model-erd-template.md +41 -0
  683. package/resources/gofer/templates/visuals/erd.md +19 -0
  684. package/resources/gofer/templates/visuals/impact-canvas.md +40 -0
  685. package/resources/gofer/templates/visuals/risk-heatmap-template.md +51 -0
  686. package/resources/gofer/templates/visuals/roi-projection.md +17 -0
  687. package/resources/gofer/templates/visuals/value-stream-asis.md +16 -0
  688. package/resources/gofer/templates/visuals/value-stream-tobe.md +18 -0
  689. package/resources/gofer/templates/working-backwards-prfaq-template.md +165 -0
  690. package/resources/linked-sources.json +25 -0
@@ -0,0 +1,2269 @@
1
+ ---
2
+ name: 6_gofer_validate
3
+ description: "Validate implemented work with evidence-backed scoring, blast-radius analysis, and engineering review."
4
+ ---
5
+
6
+ ## Workspace Preflight
7
+
8
+ Before doing stage/helper work:
9
+
10
+ 1. Resolve the repository root.
11
+ 2. Check the core Gofer sentinels:
12
+ - `.specify/.gofer-version`
13
+ - `.specify/commands/0_gofer_start.md`
14
+ - `.specify/templates/spec-template.md`
15
+ - `.specify/templates/loop-contract-template.json`
16
+ - `.specify/templates/working-backwards-prfaq-template.md`
17
+ - `.specify/templates/business-owner-summary-template.md`
18
+ - `.specify/templates/cto-architecture-summary-template.md`
19
+ - `.specify/templates/ciso-security-summary-template.md`
20
+ - `.specify/templates/stakeholder-review-index-template.md`
21
+ - `.specify/scripts/bash/create-new-feature.sh`
22
+ - `.specify/scripts/node/parse-stage-command.mjs`
23
+ - `.specify/scripts/node/gofer-loop-audit.mjs`
24
+ - `.specify/scripts/hooks/post-tool-use.mjs`
25
+ - `.specify/scripts/powershell/install-optional-tools.ps1`
26
+ - `.specify/templates/gofer-model-policy.yaml`
27
+ - `.specify/memory/gofer-model-policy.yaml`
28
+ - `.specify/specs/`
29
+ - `.specify/memory/`
30
+ 3. Check host-specific repo-owned files when relevant:
31
+ - Claude: `AGENTS.md`, `CLAUDE.md`, `.claude/settings.json`
32
+ - Codex: `AGENTS.md`
33
+ - Copilot: `.github/copilot-instructions.md`
34
+ - VS Code extension mirrors Claude/Copilot/Gemini resources itself and should still keep the core scaffold healthy
35
+ 4. If the repo already has the workspace checker script, prefer running:
36
+ - `node .specify/scripts/node/gofer-workspace-check.mjs --host codex --json`
37
+ 5. If the workspace is missing or stale, ask exactly:
38
+ - **"This repo is missing or stale for Gofer. Initialize/update it now?"**
39
+ 6. If the user says yes, run the Gofer workspace bootstrap helper and then resume this command from the top.
40
+ 7. If the user says no, stop and explain that Gofer stage/helper work depends on the repo-owned scaffold.
41
+
42
+ ---
43
+ description:
44
+ Unified validation, blast-radius analysis, and engineering review (3 phases,
45
+ 110-point rubric)
46
+ ---
47
+
48
+ # Gofer Validate
49
+
50
+ ## EAI Platform Session Preflight
51
+
52
+ Before any Gofer stage/helper command does pipeline work:
53
+
54
+ 1. Treat durable delivery as EAI Platform delivery by default, with Azure second
55
+ and every other stack only by explicit exception.
56
+ 2. Run `eai whoami` and confirm the EAI CLI is installed, the user is logged in,
57
+ and an active tenant is visible.
58
+ 3. If `eai` is missing, `eai whoami` fails, the token is expired, or no active
59
+ tenant is available, stop and run `/gofer:eai-first-run` or ask the user to
60
+ approve login/setup before continuing.
61
+ 4. For EAI app delivery, do not continue into research, specification, planning,
62
+ tasks, implementation, or validation until
63
+ `.specify/specs/{feature}/eai-preflight.md` records login, tenant, template,
64
+ app-readiness, and next-action evidence.
65
+ 5. Do not write tokens, secrets, private tenant IDs, or local `.env` values into
66
+ Gofer artifacts; record only product-safe readiness status and evidence.
67
+
68
+ ## Token And Cost Policy
69
+ <!-- gofer:token-cost-policy:start -->
70
+
71
+ Before spawning agents, calling tools, or loading large files:
72
+
73
+ 1. Treat `.specify/memory/gofer-model-policy.yaml` as the repo-owned source of truth for simple, medium, hard, and arbiter model routing. If it is missing, run `/gofer:bootstrap-workspace` before continuing.
74
+ 2. Use the cheapest capable model first.
75
+ - Claude: Haiku for scouting/extraction; Sonnet for normal implementation, synthesis, validation, and security; Opus for high-risk arbitration or release-critical failures.
76
+ - Codex/OpenAI: GPT mini for simple coding; GPT nano only for locate/classify/summarize/mechanical work; GPT-5.3-Codex or flagship GPT for tool-heavy coding, architecture, and release-critical validation.
77
+ - Gemini: Flash-Lite for cheap large-context scan/summarize; Flash for default research synthesis; Pro for large-context architecture or high-risk arbitration.
78
+ - Copilot: prefer Auto for simple and default work; ask the user before choosing a paid/high-tier picker model for hard security, architecture, or release gates.
79
+ 3. Keep raw tool output out of the main conversation context. Save stable findings to `.specify/specs/{feature}/context-bundle.md`, then work from summaries.
80
+ 4. Use provider prompt/context caching only for stable, non-secret prefixes: Gofer scaffold, AGENTS/CLAUDE/Copilot instructions, constitution, repo map, stage contracts, and validation rubric.
81
+ 5. Before continuing after large research, planning, implementation, or validation bursts, checkpoint the durable artifacts and compact/clear/resume context when the host supports it.
82
+ 6. Escalate model tier only when a cheaper pass is low-confidence, contradictory, security-sensitive, or blocking release quality.
83
+ <!-- gofer:token-cost-policy:end -->
84
+
85
+ ## User Input
86
+
87
+ ```text
88
+ $ARGUMENTS
89
+ ```
90
+
91
+ You **MUST** consider the user input before proceeding (if not empty).
92
+
93
+ ## Execution Profile And Validation Cost
94
+
95
+ Validation must respect the final risk label:
96
+
97
+ - **fast**: for `docs-only` or very small low-risk changes, run focused checks
98
+ and verify no unnecessary artifact churn or unrelated files were changed.
99
+ - **standard**: run the normal rubric, focused build/test/lint/typecheck
100
+ evidence, and traceability checks.
101
+ - **full**: preserve the existing blast-radius, evidence gates, review loop,
102
+ scoring, and release-readiness checks; require evidence for contract,
103
+ security, data, infra/config, rollback, and cross-repository claims.
104
+ - **dynamic**: preserve the full validation behavior, then also verify
105
+ `execution-profile.md`, `workflow-dag.md`, shard outputs, reducer synthesis,
106
+ verifier/refuter evidence, budget/stop-condition evidence, and any explicit
107
+ user confirmation required before broad fanout work.
108
+
109
+ Archived specs under `.specify/specs/_*/` are historical context and must not
110
+ inflate active context-health estimates or current blast-radius manifests.
111
+
112
+ ## Prerequisites
113
+
114
+ This command expects in `.specify/specs/{feature}/`:
115
+
116
+ - `research.md` - Codebase analysis (from /1_gofer_research)
117
+ - `spec.md` - Feature specification (from /2_gofer_specify)
118
+ - `plan.md` - Implementation plan (from /3_gofer_plan)
119
+ - `tasks.md` - Task breakdown (from /4_gofer_tasks)
120
+ - `goal-ledger.json` - Goal, metric, delivery-state, and re-loop contract
121
+ - `loop-contract.json` - Bounded eval commands and stop rules
122
+ - `loop-ledger.jsonl` - Implementation and validation loop evidence
123
+ - `traceability.md` - Requirement -> task -> code -> test matrix
124
+ - Implemented code (from /5_gofer_implement)
125
+
126
+ ---
127
+
128
+ ## Spec Artifact Guard
129
+
130
+ Before validation, `.specify/scripts/bash/check-prerequisites.sh --json
131
+ --require-tasks` must confirm that `{FEATURE_DIR}/spec.md` exists, is
132
+ non-empty, and is not the unfilled spec template. If the helper reports
133
+ `spec.md` as missing, empty, or `template`, stop and run `/2_gofer_specify`.
134
+ Validation cannot score functional correctness, traceability, or objective
135
+ outcomes without a real specification.
136
+
137
+ ## Outline
138
+
139
+ 1. Context health check
140
+ 2. Load implementation context
141
+ 3. Closed-loop objective audit
142
+ 4. **Phase A** — Spawn 6 specialist rubric validation agents in parallel
143
+ 4. Evidence gate pre-check and pending-gate tracking
144
+ 5. **Phase B** — Spawn 5 blast-radius analysis agents in parallel
145
+ 7. Blast-radius synthesis (change graph, interface diff, observability,
146
+ dependency/submodule impact, rollback readiness, release checklist)
147
+ 8. Run automated checks (build, test, lint, typecheck)
148
+ 9. Mutation testing gate
149
+ 10. Mock ratio analysis
150
+ 11. Semantic slop detection
151
+ 12. Score the 11-category rubric (110 points)
152
+ 13. Generate enhanced validation report + blast-radius report
153
+ 14. Determine rubric PASS/FAIL outcome
154
+ 15. Brownfield restart on failure
155
+ 16. **Phase C** — Engineering review loop (3 agents × up to 5 cycles with
156
+ auto-fix)
157
+ 17. Generate engineering review report
158
+ 18. Attribution logging to JSONL
159
+ 19. Memory update check
160
+
161
+ ---
162
+
163
+ ## Execution Strategy by Platform
164
+
165
+ | Platform | Validation Execution Strategy |
166
+ | -------------------------------------- | --------------------------------------------------------------------------------------------- |
167
+ | Claude Code CLI | Run all validation agents in parallel using the Task tool |
168
+ | GitHub Copilot Chat (2026+) | Use multi-agent delegation to run validation in parallel |
169
+ | GitHub Copilot Chat (2025 and earlier) | Run validation checks sequentially using the **Legacy Workflow** in `docs/legacy-workflow.md` |
170
+
171
+ For pre-2026 Copilot environments, execute the validation phases
172
+ **sequentially** instead of parallel spawning.
173
+
174
+ ---
175
+
176
+ ## The Engineering Quality Rubric
177
+
178
+ ### 11-Category Scoring (110 Points)
179
+
180
+ | # | Category | Points | Pass Criteria | Agent |
181
+ | --- | ---------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
182
+ | 1 | Functional Correctness | 15 | Every acceptance criterion in spec.md has a passing test exercising real code | validation-correctness |
183
+ | 2 | Test Authenticity | 15 | Zero skips, zero placeholders, zero mock-only assertions. Mutation score >= 60% if Stryker available | validation-test-quality |
184
+ | 3 | UI/E2E Verification | 10 | If feature has UI: real rendering tests pass. If no UI: points redistribute | N/A (automated check) |
185
+ | 4 | Security Posture | 10 | Zero hardcoded secrets, no disabled security features, no client-side keys | validation-security |
186
+ | 5 | Integration Reality | 10 | Integration tests use real dependencies where possible. Contract tests validate boundaries | validation-integration |
187
+ | 6 | Error Path Coverage | 10 | Public functions tested for failure modes. No empty catch blocks | validation-correctness + validation-standards |
188
+ | 7 | Architecture Compliance | 10 | File structure, patterns, visual explanations, and human-facing document summaries match plan.md and research.md. Required visuals are simple, rendered or fallback-safe, and traceable to requirements, code, and EAI Platform decisions | validation-standards |
189
+ | 8 | Performance Baseline | 5 | No synchronous I/O in async paths, no unbounded loops, no N+1 patterns | validation-performance |
190
+ | 9 | Code Hygiene | 10 | Zero AI slop: no TODO placeholders, no redundant comments, no magic numbers | validation-standards |
191
+ | 10 | Specification Traceability | 5 | Every user story maps to tests, every test maps to code | validation-correctness |
192
+ | 11 | **Blast Radius Containment** | 10 | No unmitigated breaking API changes, full-surface consumer/import audit, new error paths log, no new High/Critical CVEs, rollback/feature-flag path exists, release checklist complete | codebase-analyzer + validation-integration + validation-standards + research-dependency-evaluator + tasks-rollback-planner |
193
+
194
+ ### Point Redistribution (No-UI Features)
195
+
196
+ When a feature has **no UI component** (no web pages, no frontend, no visual
197
+ interface), the 10 points from UI/E2E Verification are redistributed:
198
+
199
+ - **+5 to Functional Correctness** (total: 20 points)
200
+ - **+5 to Test Authenticity** (total: 20 points)
201
+
202
+ Total remains **110/110** across all 11 categories.
203
+
204
+ **Detection**: Check plan.md tech stack. If no UI framework (React, Vue,
205
+ Angular, Svelte) and no Playwright/Cypress tests exist, this is a no-UI feature.
206
+
207
+ ### Scoring Rules
208
+
209
+ - Each category scores **full points** or **0**. There is no partial credit.
210
+ - A category scores 0 if its agent reports any **Red (blocking)** finding.
211
+ - A category scores 0 if its automated check fails.
212
+ - **Total score** = sum of all category scores (max **110**, was 100).
213
+ - **PASS** = 110/110 and a passing objective outcome gate. Anything less = FAIL.
214
+ - Legacy consumers reading `status: PASS` / `score: 100` from historical reports
215
+ should migrate to the 110-point scale. The report keeps the `score` field as
216
+ the numerator and `score_max` to disambiguate.
217
+
218
+ **Honest-scoring rule (FR-012)**: If an agent reports `EVIDENCE ABSENT:`, the
219
+ orchestrating stage MUST score that category 0 regardless of other findings.
220
+ Phrases like `likely correct`, `appears wired`, or `should be passing` are NOT
221
+ evidence and MUST NOT contribute to any score. Any rubric category where
222
+ evidence is absent, unverifiable, fabricated, or implied scores exactly 0 — no
223
+ partial credit.
224
+
225
+ ---
226
+
227
+ ## Step 0: Context Health Check
228
+
229
+ Before starting validation, assess context window health:
230
+
231
+ ```bash
232
+ .specify/scripts/bash/check-context-health.sh
233
+ ```
234
+
235
+ - If **< 50%**: Proceed normally
236
+ - If **50-70%**: Use sub-agents heavily, minimize main context
237
+ - If **> 70%**: Run `/7_gofer_save`, start a fresh session, read the
238
+ checkpoint, and continue validation
239
+
240
+ Validation loads all artifacts and spawns 6 agents — context pressure is high.
241
+
242
+ ---
243
+
244
+ ## Step 1: Load Context
245
+
246
+ 1. **Run setup script**:
247
+
248
+ ```bash
249
+ .specify/scripts/bash/check-prerequisites.sh --json --require-tasks
250
+ ```
251
+
252
+ Parse JSON for FEATURE_DIR
253
+
254
+ 2. **Load all artifacts**:
255
+ - spec.md (user stories, acceptance criteria)
256
+ - plan.md (architecture, file structure, tech stack)
257
+ - tasks.md (task completion status)
258
+ - goal-ledger.json (goal IDs, metrics, delivery states, re-loop triggers)
259
+ - loop-contract.json (loop objective, eval commands, max iterations, stop conditions)
260
+ - loop-ledger.jsonl (implementation and validation loop evidence)
261
+ - traceability.md (requirement-to-code/test evidence matrix)
262
+ - research.md (codebase patterns to follow)
263
+
264
+ 3. **Detect iteration count**:
265
+ - Check if `{FEATURE_DIR}/remediation-report.md` exists
266
+ - If yes, read the iteration count from it
267
+ - Track: `ITERATION = [1|2|3]` (first run = 1)
268
+
269
+ 4. **Determine UI presence**:
270
+ - Read plan.md tech stack
271
+ - If UI framework present AND Playwright/Cypress tests exist: `HAS_UI = true`
272
+ - Otherwise: `HAS_UI = false` → apply point redistribution
273
+
274
+ **Deployment/Render Scope Detection** (FR-011):
275
+
276
+ Scan `spec.md`, `plan.md`, `contract-pack.md`, and `quickstart.md` (when
277
+ present) for the following signals:
278
+
279
+ - `DEPLOY_SIGNAL_1`: any acceptance criterion contains: `rendered`,
280
+ `live route`, `live API`, `deployed`, `production`, `staging`,
281
+ `SharePoint`, `Azure`, `smoke`, `E2E`, `browser`
282
+ - `DEPLOY_SIGNAL_2`: `plan.md`, `contract-pack.md`, or `quickstart.md`
283
+ names a deployment target: SharePoint, Azure, staging, production, Vercel,
284
+ Netlify, Docker, Kubernetes, or any server/environment referenced in the
285
+ acceptance chain
286
+ - `DEPLOY_SIGNAL_3`: `plan.md` declares a UI/rendered experience AND at least
287
+ one acceptance criterion uses: `sees`, `displays`, `shows`, `renders`,
288
+ `navigates to`
289
+
290
+ Set `DEPLOY_IN_SCOPE = true` if ANY signal is present.
291
+ Set `DEPLOY_IN_SCOPE = false` if NO signal is present.
292
+ Record the determination in the validation report preamble.
293
+
294
+ ## Step 1.5: Closed-Loop Objective And Loop Evidence Audit
295
+
296
+ Before rubric scoring, run the closed-loop audit and write a fresh rebaseline
297
+ report:
298
+
299
+ ```bash
300
+ node .specify/scripts/node/gofer-closed-loop-audit.mjs --feature-dir {FEATURE_DIR} --json --strict
301
+ ```
302
+
303
+ Also write/update `{FEATURE_DIR}/goal-rebaseline-report.md`.
304
+
305
+ Then run the bounded loop audit:
306
+
307
+ ```bash
308
+ node .specify/scripts/node/gofer-loop-audit.mjs --feature-dir {FEATURE_DIR} --stage 6_validate --json --strict
309
+ ```
310
+
311
+ This writes/updates `{FEATURE_DIR}/loop-audit-report.md`.
312
+
313
+ Validation MUST treat the closed-loop and loop audits as objective gates:
314
+
315
+ - If the audit reports missing goal coverage, missing code/test evidence,
316
+ expired assumptions, or invalid goal-ledger structure, validation FAILS.
317
+ - If the loop audit reports a missing/invalid loop contract, missing
318
+ `loop-ledger.jsonl` evidence, maxIterations breach, or required human
319
+ escalation, validation FAILS.
320
+ - If the audit recommends reopening `/2_gofer_specify`, `/3_gofer_plan`,
321
+ `/4_gofer_tasks`, or `/6_gofer_validate`, record that as a blocking drift
322
+ finding and FAIL the run. The feature is no longer in a closed state even if
323
+ the code still compiles.
324
+ - If the audit only reports low-severity warnings with no recommended reopen
325
+ stage, continue but record them in the validation report.
326
+
327
+ ---
328
+
329
+ # Phase A — Rubric Validation
330
+
331
+ Phase A runs the 10-category engineering rubric (Categories 1-10, up to 100
332
+ points before Category 11 is added).
333
+
334
+ ## Step 2: Spawn 6 Specialist Validation Agents
335
+
336
+ **CRITICAL**: You **MUST** launch all 6 agents **in parallel** using the Task
337
+ tool. Do NOT perform validation work inline in the main context. The main
338
+ context should only orchestrate, score the rubric, and review agent outputs.
339
+ Each agent receives the feature context and returns structured findings.
340
+
341
+ ### Agent 1: Correctness Validator
342
+
343
+ ```
344
+ Task: subagent_type="validation-correctness", model="sonnet"
345
+ Prompt: "Validate functional correctness for feature [FEATURE_NAME].
346
+
347
+ Feature directory: {FEATURE_DIR}
348
+ Spec: {FEATURE_DIR}/spec.md
349
+ Plan: {FEATURE_DIR}/plan.md
350
+
351
+ Check every acceptance criterion in spec.md.
352
+ For each criterion, find the test that exercises it and verify it tests real code.
353
+ Return findings in your standard report format (<2000 tokens)."
354
+ ```
355
+
356
+ ### Agent 2: Security Validator
357
+
358
+ ```
359
+ Task: subagent_type="validation-security", model="sonnet"
360
+ Prompt: "Validate security posture for feature [FEATURE_NAME].
361
+
362
+ Scan all new/modified files (from tasks.md file paths).
363
+ Check for: hardcoded secrets, disabled security, auth bypass, client-side keys.
364
+ Return findings with Red/Yellow/Gray severity (<2000 tokens)."
365
+ ```
366
+
367
+ ### Agent 3: Performance Validator
368
+
369
+ ```
370
+ Task: subagent_type="validation-performance", model="haiku"
371
+ Prompt: "Validate performance characteristics for feature [FEATURE_NAME].
372
+
373
+ Scan all new/modified source files (from tasks.md file paths).
374
+ Check for: sync I/O in async paths, cyclomatic complexity > 12, unbounded loops.
375
+ Build scripts and test files are exempt.
376
+ Return findings with complexity scores (<2000 tokens)."
377
+ ```
378
+
379
+ ### Agent 4: Test Quality Validator
380
+
381
+ ```
382
+ Task: subagent_type="validation-test-quality", model="haiku"
383
+ Prompt: "Validate test quality for feature [FEATURE_NAME].
384
+
385
+ Scan test files related to the feature.
386
+ Check for: placeholder assertions, skipped tests, mock ratio, mock-only tests.
387
+ VSCode API mocks marked '// mock-justified: VSCode API' are exempt from ratio.
388
+ Return findings with mock ratio calculation (<2000 tokens)."
389
+ ```
390
+
391
+ ### Agent 5: Integration Validator
392
+
393
+ ```
394
+ Task: subagent_type="validation-integration", model="sonnet"
395
+ Prompt: "Validate integration contracts for feature [FEATURE_NAME].
396
+
397
+ Feature directory: {FEATURE_DIR}
398
+ Check contracts/ directory if it exists.
399
+ Verify cross-component boundaries, type compatibility, integration test coverage.
400
+ Return findings with contract compliance status (<2000 tokens)."
401
+ ```
402
+
403
+ ### Agent 6: Standards Validator
404
+
405
+ ```
406
+ Task: subagent_type="validation-standards", model="sonnet"
407
+ Prompt: "Validate standards compliance for feature [FEATURE_NAME].
408
+
409
+ Feature directory: {FEATURE_DIR}
410
+ Check against constitution.md (if exists) and research.md patterns.
411
+ Detect AI slop: redundant comments, over-engineered abstractions, silent failures.
412
+ Check code hygiene: TODO/FIXME, magic numbers, unused imports.
413
+ Return findings with severity tiers (<2000 tokens)."
414
+ ```
415
+
416
+ ### Agent 7: Security Red Team (Optional — Multi-Perspective)
417
+
418
+ When the feature involves security-sensitive code (authentication,
419
+ authorization, user input handling, external APIs), run the security red team
420
+ strategy (#13):
421
+
422
+ ```
423
+ # Diverge: 3 attack perspectives
424
+ Task: subagent_type="validate-security-red-team", model="opus"
425
+ Prompt: "Perspective 1: OWASP Top 10 attack analysis for feature [FEATURE_NAME].
426
+ Scan all new/modified files from tasks.md. Attack from OWASP perspective.
427
+ Return findings with exploit steps (<2000 tokens)."
428
+
429
+ Task: subagent_type="validate-security-red-team", model="opus"
430
+ Prompt: "Perspective 2: Business logic abuse analysis for feature [FEATURE_NAME].
431
+ Scan all new/modified files from tasks.md. Attack business logic.
432
+ Return findings with exploit steps (<2000 tokens)."
433
+
434
+ Task: subagent_type="validate-security-red-team", model="opus"
435
+ Prompt: "Perspective 3: CVE search for feature [FEATURE_NAME].
436
+ Check package.json dependencies for known CVEs.
437
+ Return findings with advisory references (<2000 tokens)."
438
+
439
+ # Converge: Judge synthesizes attack findings
440
+ Task: subagent_type="multi-perspective-judge", model="opus"
441
+ Prompt: "Synthesize 3 security red team perspectives for [FEATURE_NAME].
442
+ Perspective 1 (OWASP): [result]. Perspective 2 (Business Logic): [result].
443
+ Perspective 3 (CVE): [result].
444
+ Identify confirmed vulnerabilities vs false positives. Prioritize by exploitability."
445
+ ```
446
+
447
+ **Run all 6 core agents in parallel.** Run Agent 7 (if applicable) in parallel
448
+ with the core agents.
449
+
450
+ ## Step 2.2: Evidence Gate Pre-Check
451
+
452
+ Evaluate the truthfulness gates before final scoring. If a gate is still
453
+ pending here, re-check it after Step 3 automated checks complete and before the
454
+ PASS/FAIL synthesis.
455
+
456
+ ```
457
+ GATE-1 (Integration Proof — Category 5):
458
+ Require: runtime wiring artifact OR integration-test execution output
459
+ present in the current session context by final scoring time.
460
+ If absent during Step 2.2, record GATE-1 as pending and re-check it after
461
+ Step 3 automated checks complete.
462
+ Still absent after Step 3 → Category 5 score = 0; mark GATE_FAIL = true
463
+
464
+ GATE-2 (Test Execution — Categories 1 and 2):
465
+ Require: real, executed npm test output with pass/fail count already present
466
+ or produced by Step 3 automated checks before final scoring.
467
+ If absent during Step 2.2, record GATE-2 as pending and re-check it after
468
+ Step 3 automated checks complete.
469
+ Still absent after Step 3 → Categories 1 and 2 score = 0; mark GATE_FAIL = true
470
+
471
+ GATE-3 (Render/Deployment Proof — Category 3):
472
+ IF HAS_UI = false:
473
+ Record "N/A — HAS_UI=false" in evidence table.
474
+ Record a matching not-in-scope reason in `Absent / Reason for 0`.
475
+ Apply existing no-UI point redistribution.
476
+ IF HAS_UI = true AND DEPLOY_IN_SCOPE = false:
477
+ Require: local render proof (screenshot, component render assertion,
478
+ headless browser assertion, or local smoke-check output) present by final
479
+ scoring time.
480
+ If absent during Step 2.2, record GATE-3 as pending and re-check before
481
+ final PASS/FAIL synthesis.
482
+ Still absent → Category 3 score = 0; mark GATE_FAIL = true
483
+ If present, record "Render proof only — deployment target not in scope" in
484
+ the evidence table and do not redistribute Category 3 points.
485
+ IF HAS_UI = true AND DEPLOY_IN_SCOPE = true:
486
+ Require: screenshot, curl/HTTP transcript, deployment log, headless browser
487
+ assertion, or smoke-check output present by final scoring time, with at
488
+ least one artifact proving rendered/live behavior on the declared route or
489
+ deployment target.
490
+ If absent during Step 2.2, record GATE-3 as pending and re-check before
491
+ final PASS/FAIL synthesis.
492
+ Still absent → Category 3 score = 0; mark GATE_FAIL = true
493
+
494
+ If any GATE_FAIL = true:
495
+ - Any agent that would have scored the gated category is still run
496
+ - The category score remains 0 unless the missing evidence appears before
497
+ final scoring
498
+ ```
499
+
500
+ Collect all results before proceeding.
501
+
502
+ ---
503
+
504
+ # Phase B — Blast Radius Analysis
505
+
506
+ Phase B quantifies the **ripple effect** of the implementation. It assesses risk
507
+ to code outside the feature boundary, interface-contract stability,
508
+ observability preservation, dependency / submodule impact, rollback readiness,
509
+ and release-checklist compliance. Phase B results score **Category 11 (10
510
+ points)** and produce a separate `blast-radius-report.md` artifact.
511
+
512
+ Phase B runs **after** Phase A agents have returned (Step 2 complete) and
513
+ **before** automated checks in Step 3, because breaking-change detection informs
514
+ how to interpret failing tests/types.
515
+
516
+ ## Step 2.5: Pre-Flight Change Surface Discovery
517
+
518
+ Before spawning Phase B agents, build a **change manifest** the agents can
519
+ reference. This is a cheap main-context pass, not an agent task.
520
+
521
+ 1. **Modified file list** — from `tasks.md` completed tasks and git:
522
+
523
+ ```bash
524
+ git diff --name-only $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD
525
+ ```
526
+
527
+ 2. **Submodule inventory** — detect repo submodules and workspace packages:
528
+
529
+ ```bash
530
+ git submodule status 2>/dev/null
531
+ cat package.json 2>/dev/null | grep -E '"workspaces"' -A 20
532
+ ls -d */package.json 2>/dev/null | xargs -I {} dirname {}
533
+ ```
534
+
535
+ Record which submodules/workspaces contain modified files. For this repo the
536
+ canonical submodules are `extension/`, `language-server/`, `docs/`.
537
+
538
+ 3. **Public-surface detection** — identify exported symbols at risk:
539
+ - `index.ts` / `index.js` files in modified directories
540
+ - `*.d.ts` files in modified directories
541
+ - Entries in the `exports` / `main` / `types` fields of modified
542
+ `package.json` files
543
+ - Files under `contracts/` or `.specify/specs/{feature}/contracts/`
544
+
545
+ 4. **Dependency manifest diff** — capture dependency churn:
546
+
547
+ ```bash
548
+ git diff $(git merge-base HEAD main 2>/dev/null || echo HEAD~1) HEAD -- package.json package-lock.json extension/package.json language-server/package.json 2>/dev/null
549
+ ```
550
+
551
+ 5. **Rollback-relevant assets** — flag anything that needs a reverse path:
552
+ - Files under `migrations/`, `db/migrations/`, `prisma/migrations/`
553
+ - Files named `*.sql`, `schema.*`
554
+ - Feature-flag definitions (search for `featureFlag`, `growthbook`,
555
+ `launchdarkly`, `flags.`)
556
+ - `CHANGELOG.md`, `RELEASES.md`, version fields in `package.json`
557
+
558
+ Record these into `CHANGE_MANIFEST` for the Phase B prompts.
559
+
560
+ ---
561
+
562
+ ## Step 2.6: Spawn 5 Blast-Radius Analysis Agents
563
+
564
+ Launch all 5 agents **in parallel** using the Task tool. Pass the
565
+ `CHANGE_MANIFEST` from Step 2.5 into each prompt so agents see the same ground
566
+ truth.
567
+
568
+ ### Agent 8: Change Graph / Ripple Analyzer
569
+
570
+ ```
571
+ Task: subagent_type="codebase-analyzer", model="sonnet"
572
+ Prompt: "Blast-radius change-graph analysis for feature [FEATURE_NAME].
573
+
574
+ Feature directory: {FEATURE_DIR}
575
+ Change manifest (modified files): {CHANGE_MANIFEST.modifiedFiles}
576
+ Submodules: {CHANGE_MANIFEST.submodules}
577
+
578
+ Build a change-graph table for EVERY modified symbol (function, class, type,
579
+ const) in the modified files:
580
+ 1. List every direct importer/caller (file:line references).
581
+ 2. Classify each as Direct (imports the symbol) or Transitive (imports a
582
+ re-export of it) or Runtime (dynamic require / reflection).
583
+ 3. Flag any cross-submodule ripple (symbol defined in submodule A, consumed
584
+ in submodule B) — this is Red if unplanned.
585
+ 4. Flag any consumer whose tests do NOT exercise the changed code path —
586
+ Yellow.
587
+ 5. Count orphan changes (modified code with zero importers) — Gray.
588
+
589
+ Return findings with Red/Yellow/Gray severity and a concise ripple summary
590
+ (<2500 tokens). Output sections: 'Ripple Summary', 'Cross-submodule Crossings',
591
+ 'Consumer Coverage Gaps', 'Orphans'."
592
+ ```
593
+
594
+ ### Agent 9: Interface Contract Diff
595
+
596
+ ```
597
+ Task: subagent_type="validation-integration", model="sonnet"
598
+ Prompt: "Interface contract blast-radius analysis for feature [FEATURE_NAME].
599
+
600
+ Feature directory: {FEATURE_DIR}
601
+ Public-surface manifest: {CHANGE_MANIFEST.publicSurface}
602
+ Contracts directory: {FEATURE_DIR}/contracts (if present)
603
+
604
+ For every public export, package.json exports field entry, contract file,
605
+ and .d.ts symbol that was modified, deleted, or added:
606
+ 1. Diff old signature vs new signature (parameters, return types, generics,
607
+ optional vs required, default values).
608
+ 2. Classify each change:
609
+ - BREAKING: removed export, renamed export, narrowed return type, widened
610
+ required-param set, removed optional param callers rely on.
611
+ - ADDITIVE: new export, new optional param, widened return type.
612
+ - NEUTRAL: implementation change with identical signature.
613
+ 3. Red = any BREAKING change without a corresponding entry in CHANGELOG.md
614
+ or a migration note in the spec.
615
+ 4. Yellow = BREAKING change with CHANGELOG entry but no migration guide.
616
+ 5. Gray = ADDITIVE changes for informational tracking.
617
+
618
+ Verify contract tests still cover all pre-existing contract clauses (no
619
+ silent coverage regression). Return findings (<2000 tokens) with sections:
620
+ 'Breaking Changes', 'Additive Changes', 'Contract Coverage Regression'."
621
+ ```
622
+
623
+ ### Agent 10: Error Logging & Observability Integrity
624
+
625
+ ```
626
+ Task: subagent_type="validation-standards", model="sonnet"
627
+ Prompt: "Observability blast-radius analysis for feature [FEATURE_NAME].
628
+
629
+ Feature directory: {FEATURE_DIR}
630
+ Modified files: {CHANGE_MANIFEST.modifiedFiles}
631
+
632
+ Assess whether observability was preserved, degraded, or improved:
633
+ 1. For every new/modified catch block: does it log? Use the same structured
634
+ logger used elsewhere in the repo (detect the logger by scanning for
635
+ common imports: winston, pino, bunyan, console, vscode.window.showError,
636
+ telemetry module). Red if any catch swallows silently in production code.
637
+ 2. For every removed log statement: is removal justified by a comment or
638
+ spec? Red if production-relevant logs disappeared without justification.
639
+ 3. Log-level hygiene: no `console.log` in production code (test files
640
+ exempt); no debug-level logs left at info/warn level.
641
+ 4. PII / secrets leakage in new log messages — Red if detected.
642
+ 5. Telemetry/metrics coverage: if the feature touched hot paths that
643
+ previously emitted metrics, verify emission is preserved.
644
+ 6. Correlation IDs / trace context propagation: if the repo uses them,
645
+ verify new code paths propagate them.
646
+
647
+ Return findings (<2000 tokens) with sections: 'Silent Failures', 'Removed
648
+ Logs', 'PII Risk', 'Metric Coverage Delta', 'Trace Propagation'."
649
+ ```
650
+
651
+ ### Agent 11: Dependency & Submodule Impact (with npm audit delta)
652
+
653
+ ```
654
+ Task: subagent_type="research-dependency-evaluator", model="haiku"
655
+ Prompt: "Dependency and submodule blast-radius analysis for feature
656
+ [FEATURE_NAME].
657
+
658
+ Dependency manifest diff: {CHANGE_MANIFEST.dependencyDiff}
659
+ Submodules affected: {CHANGE_MANIFEST.submodules}
660
+
661
+ 1. New dependencies: list each with source (npm / git / local), license, and
662
+ bundle-size impact (approx). Red if license is incompatible (GPL/AGPL in
663
+ a permissive-licensed repo), or if the package is unmaintained (>2 years
664
+ since last release, <1000 weekly downloads).
665
+ 2. Version bumps: classify as major / minor / patch. Red for major bumps
666
+ without migration notes.
667
+ 3. Lockfile churn: if package.json is unchanged but package-lock.json
668
+ changed materially (>20 lines), flag as Yellow (indirect dep drift).
669
+ 4. npm audit delta: run `npm audit --json 2>/dev/null` on the current branch
670
+ and compare vulnerability counts vs baseline (main). Red if the branch
671
+ adds any new High or Critical CVE. Yellow for new Moderate. Gray for new
672
+ Low.
673
+ 5. Submodule boundary crossings: if the feature modifies code in multiple
674
+ submodules (extension/, language-server/, docs/), verify each submodule
675
+ independently builds and tests. Red if a cross-submodule change breaks
676
+ any submodule's standalone build.
677
+
678
+ Return findings (<2500 tokens) with sections: 'New Dependencies', 'Version
679
+ Bumps', 'Lockfile Drift', 'CVE Delta', 'Submodule Boundary Crossings'."
680
+ ```
681
+
682
+ ### Agent 12: Rollback Readiness & Release Checklist
683
+
684
+ ```
685
+ Task: subagent_type="tasks-rollback-planner", model="haiku"
686
+ Prompt: "Rollback readiness + release-checklist review for feature
687
+ [FEATURE_NAME].
688
+
689
+ Feature directory: {FEATURE_DIR}
690
+ Rollback assets: {CHANGE_MANIFEST.rollbackAssets}
691
+
692
+ Assess reversibility and release readiness:
693
+ 1. DB migrations: is every forward migration paired with a down/reverse
694
+ migration? Red if any irreversible migration lacks explicit justification
695
+ in the spec or plan.
696
+ 2. Feature flags: if the feature is risky, is it gated behind a flag? Is the
697
+ flag default-off? Is the pre-flag code path preserved so disabling the
698
+ flag restores prior behavior? Red if a risky change is unflagged and
699
+ irreversible.
700
+ 3. Data-shape changes: detect schema changes that cannot be rolled back
701
+ without data loss (column drops, type narrowings). Red if no backfill or
702
+ dual-write strategy.
703
+ 4. Release checklist for user-visible changes:
704
+ - CHANGELOG.md updated for this feature — Red if missing and feature is
705
+ user-visible.
706
+ - Version bump planned (semver correct for breaking/additive/patch) — Red
707
+ if breaking change present without major bump plan.
708
+ - Migration guide present for breaking changes — Red if missing.
709
+ - Documentation updated (docs/ or README.md) for new user-facing
710
+ capabilities — Yellow if missing.
711
+ 5. Rollback runbook: is there a documented 'how to revert' path? Yellow if
712
+ absent for non-trivial changes.
713
+
714
+ Return findings (<2000 tokens) with sections: 'Migration Reversibility',
715
+ 'Feature Flag Coverage', 'Data-Shape Rollback Risk', 'Release Checklist',
716
+ 'Rollback Runbook'."
717
+ ```
718
+
719
+ **Run all 5 Phase B agents in parallel.** Collect results before synthesis.
720
+
721
+ ---
722
+
723
+ ## Step 2.7: Blast Radius Synthesis
724
+
725
+ Aggregate Phase B agent findings into a single blast-radius verdict.
726
+
727
+ ### Consolidated Finding Table
728
+
729
+ ```
730
+ | # | Dimension | Finding | Severity | Agent | File | Line |
731
+ |---|-----------|---------|----------|-------|------|------|
732
+ | 1 | Change graph | [desc] | Red | codebase-analyzer | [file] | [line] |
733
+ | 2 | Interface contract | [desc] | Red | validation-integration | [file] | [line] |
734
+ | 3 | Observability | [desc] | Yellow | validation-standards | [file] | [line] |
735
+ | 4 | Dependency | [desc] | Yellow | research-dependency-evaluator | [file] | [line] |
736
+ | 5 | Rollback | [desc] | Red | tasks-rollback-planner | [file] | [line] |
737
+ ```
738
+
739
+ ### Severity Rollup
740
+
741
+ ```
742
+ BLAST_RADIUS_RED = count of Red findings across all 5 agents
743
+ BLAST_RADIUS_YELLOW = count of Yellow findings
744
+ BLAST_RADIUS_GRAY = count of Gray findings
745
+ ```
746
+
747
+ ### Write `blast-radius-report.md`
748
+
749
+ Write to `{FEATURE_DIR}/blast-radius-report.md`:
750
+
751
+ ```markdown
752
+ ---
753
+ feature: [Feature Name]
754
+ generated: [ISO timestamp]
755
+ reviewer: Claude
756
+ GeneratedAt: [ISO timestamp]
757
+ SourceCommandId: /6_gofer_validate
758
+ SourceInputs: [spec.md, plan.md, tasks.md, research.md, blast-radius inputs]
759
+ OverwriteNoticeWhenApplicable: [new file or overwrite note]
760
+ dimensions_checked:
761
+ [
762
+ change_graph,
763
+ interface_contract,
764
+ observability,
765
+ dependency_submodule,
766
+ rollback_release,
767
+ ]
768
+ red_count: [N]
769
+ yellow_count: [N]
770
+ gray_count: [N]
771
+ verdict: [CONTAINED | BREACHED]
772
+ ---
773
+
774
+ # Blast Radius Report: [Feature Name]
775
+
776
+ ## Changed Surfaces
777
+
778
+ - Modified files: [N]
779
+ - Submodules touched: [list]
780
+ - Public-surface symbols affected: [N]
781
+ - New dependencies: [N]
782
+ - Version bumps: [list]
783
+ - Migration files: [list]
784
+ - Feature flags introduced/modified: [list]
785
+
786
+ ## Risk Vectors
787
+
788
+ ### 1. Change Graph / Ripple (Agent: codebase-analyzer)
789
+
790
+ - Cross-submodule crossings: [list or "none"]
791
+ - Consumer coverage gaps: [N]
792
+ - Orphan changes: [N]
793
+ - Red findings: [table]
794
+
795
+ ### 2. Interface Contracts (Agent: validation-integration)
796
+
797
+ - Breaking changes: [N] ([list])
798
+ - Additive changes: [N]
799
+ - Contract coverage regressions: [list]
800
+ - Red findings: [table]
801
+
802
+ ### 3. Error Logging & Observability (Agent: validation-standards)
803
+
804
+ - Silent failures introduced: [N]
805
+ - Logs removed without justification: [N]
806
+ - PII/secret leakage risk: [list]
807
+ - Metric/trace coverage delta: [summary]
808
+ - Red findings: [table]
809
+
810
+ ### 4. Dependencies & Submodules (Agent: research-dependency-evaluator)
811
+
812
+ - New dependencies: [table with license/size/maintenance]
813
+ - Version bumps: [list]
814
+ - Lockfile drift: [summary]
815
+ - CVE delta: Critical +[N], High +[N], Moderate +[N], Low +[N]
816
+ - Submodule boundary crossings: [list]
817
+ - Red findings: [table]
818
+
819
+ ### 5. Rollback Readiness & Release Checklist (Agent: tasks-rollback-planner)
820
+
821
+ - Migration reversibility: [OK / BREACHED]
822
+ - Feature flag coverage: [OK / BREACHED / N/A]
823
+ - Data-shape rollback risk: [OK / BREACHED]
824
+ - Release checklist:
825
+ - CHANGELOG updated: [Yes / No / N/A]
826
+ - Version bump planned: [patch / minor / major / N/A]
827
+ - Migration guide: [Yes / No / N/A]
828
+ - Docs updated: [Yes / No / N/A]
829
+ - Rollback runbook: [Present / Absent / N/A]
830
+ - Red findings: [table]
831
+
832
+ ## Containment Summary
833
+
834
+ - **CONTAINED** if `BLAST_RADIUS_RED == 0` — Category 11 scores full 10 pts.
835
+ - **BREACHED** if `BLAST_RADIUS_RED > 0` — Category 11 scores 0.
836
+
837
+ Yellow findings do NOT fail Category 11 but are reported to the engineering
838
+ review loop (Phase C) for mandatory attention.
839
+ ```
840
+
841
+ Proceed to Step 3 (automated checks) with blast-radius results attached to the
842
+ context.
843
+
844
+ ---
845
+
846
+ # End of Phase B
847
+
848
+ ---
849
+
850
+ ## Step 3: Run Automated Checks
851
+
852
+ Execute verification commands and capture results:
853
+
854
+ ### Build Check
855
+
856
+ ```bash
857
+ npm run build # or appropriate build command
858
+ ```
859
+
860
+ ### Test Check
861
+
862
+ ```bash
863
+ npm test # or appropriate test command
864
+ ```
865
+
866
+ ### Lint Check
867
+
868
+ ```bash
869
+ npm run lint # or appropriate lint command
870
+ ```
871
+
872
+ ### Type Check (if TypeScript)
873
+
874
+ ```bash
875
+ npm run typecheck # or tsc --noEmit
876
+ ```
877
+
878
+ Record results:
879
+
880
+ ```
881
+ | Check | Command | Result |
882
+ |-----------|------------------|---------------|
883
+ | Build | npm run build | PASS / FAIL |
884
+ | Tests | npm test | PASS / FAIL |
885
+ | Lint | npm run lint | PASS / FAIL |
886
+ | TypeCheck | tsc --noEmit | PASS / FAIL |
887
+ ```
888
+
889
+ **If Build or Tests FAIL**: Mark Functional Correctness as 0 immediately.
890
+
891
+ ---
892
+
893
+ ## Step 4: Mutation Testing Gate
894
+
895
+ Check if mutation testing tools are available:
896
+
897
+ ```bash
898
+ npx stryker --version 2>/dev/null
899
+ ```
900
+
901
+ ### If Stryker is available:
902
+
903
+ 1. Run mutation testing:
904
+ ```bash
905
+ npx stryker run --reporters clear-text 2>&1 | tail -50
906
+ ```
907
+ 2. Parse mutation score from output
908
+ 3. Record: `MUTATION_SCORE = [N]%`
909
+ 4. If score < 60%: contributes to Test Authenticity scoring 0
910
+
911
+ ### If Stryker is NOT available:
912
+
913
+ 1. Record: `MUTATION_SCORE = "unavailable"`
914
+ 2. Log recommendation: "Install @stryker-mutator/core for mutation testing"
915
+ 3. Test Authenticity is scored based on other criteria only (placeholders,
916
+ skips, mock ratio)
917
+ 4. Do NOT block on mutation score when Stryker is absent
918
+
919
+ ---
920
+
921
+ ## Step 5: Mock Ratio Analysis
922
+
923
+ Count mocking patterns vs real assertions across feature test files:
924
+
925
+ ### Count Mock Calls
926
+
927
+ Use Grep to count in test files related to the feature:
928
+
929
+ - `vi.mock(` — module-level mocks
930
+ - `vi.fn(` — individual function mocks
931
+ - `jest.mock(` — Jest module mocks
932
+ - `jest.fn(` — Jest function mocks
933
+ - `.mockReturnValue(` — mock configurations
934
+ - `.mockResolvedValue(` — async mock configurations
935
+
936
+ ### Count Real Assertions
937
+
938
+ Use Grep to count:
939
+
940
+ - `expect(` followed by `.toBe(`, `.toEqual(`, `.toContain(`, `.toThrow(`,
941
+ `.toMatch(`, `.toBeGreaterThan(`, `.toBeLessThan(`, `.toBeDefined(`,
942
+ `.toBeNull(`, `.toHaveLength(`, `.toHaveProperty(`
943
+
944
+ ### Exclude Justified Mocks
945
+
946
+ Lines containing `// mock-justified:` are excluded from the mock count. This
947
+ allows VSCode API mocks and other unavoidable mocks to be documented and exempt.
948
+
949
+ ### Calculate Ratio
950
+
951
+ ```
952
+ MOCK_RATIO = mock_calls / (mock_calls + real_assertions)
953
+ ```
954
+
955
+ ### Evaluate
956
+
957
+ - If `MOCK_RATIO > 0.30` (30%): contributes to Test Authenticity scoring 0
958
+ - Report per-file ratios for the worst offenders
959
+
960
+ ---
961
+
962
+ ## Step 6: Semantic Slop Detection
963
+
964
+ ### Automated Pattern Detection (Grep-based)
965
+
966
+ Run these checks on new/modified source files (not test files):
967
+
968
+ #### Red Severity (Blocks)
969
+
970
+ ```
971
+ Pattern: expect(true).toBe(true)
972
+ Also: expect(1).toBe(1), expect('a').toBe('a')
973
+ Method: Grep for tautological assertions in test files
974
+ ```
975
+
976
+ ```
977
+ Pattern: test.skip / it.skip / describe.skip / xit / xdescribe
978
+ Method: Grep for skip patterns in feature-related test files
979
+ ```
980
+
981
+ #### Yellow Severity (Must Address)
982
+
983
+ ```
984
+ Pattern: TODO / FIXME / XXX / HACK in source code (not test helpers)
985
+ Method: Grep in new/modified .ts/.js/.py files
986
+ ```
987
+
988
+ ```
989
+ Pattern: Empty catch blocks — catch (e) {} or catch { }
990
+ Method: Grep for catch blocks with empty or whitespace-only bodies
991
+ ```
992
+
993
+ #### Gray Severity (Informational)
994
+
995
+ Gray-level findings are reported by the specialist agents (Standards and Test
996
+ Quality). They include:
997
+
998
+ - Redundant comments restating code (agent: validation-standards)
999
+ - Over-engineered abstractions for one-time use (agent: validation-standards)
1000
+ - Magic numbers without named constants (agent: validation-standards)
1001
+ - Mock-only tests that verify wiring not behavior (agent:
1002
+ validation-test-quality)
1003
+
1004
+ ### Consolidate Slop Findings
1005
+
1006
+ Combine automated Grep results with agent findings:
1007
+
1008
+ ```
1009
+ | # | Pattern | Severity | Source | Description | File | Line |
1010
+ |---|---------|----------|--------|-------------|------|------|
1011
+ | 1 | Placeholder test | Red | Grep | expect(true).toBe(true) | test.ts | 45 |
1012
+ | 2 | Skipped test | Red | Grep | it.skip('should...') | spec.ts | 12 |
1013
+ | 3 | TODO placeholder | Yellow | Grep | // TODO: implement | service.ts | 89 |
1014
+ | 4 | Redundant comment | Yellow | Agent | "// create user" above createUser() | user.ts | 23 |
1015
+ ```
1016
+
1017
+ ---
1018
+
1019
+ ## Step 7: Score the 10-Category Rubric
1020
+
1021
+ Using agent reports, automated checks, and analysis from Steps 3-6, score each
1022
+ category:
1023
+
1024
+ ### Scoring Logic
1025
+
1026
+ **Category 1: Functional Correctness** ({15 or 20 if no UI} pts)
1027
+
1028
+ - Input: validation-correctness agent report + `GATE-2` + automated test results
1029
+ - Score 0 if: `GATE-2` fails, OR any Red finding from correctness agent, OR
1030
+ build/tests fail, OR tests fail to import
1031
+ - Score full if: All acceptance criteria verified with real tests
1032
+
1033
+ **Category 2: Test Authenticity** ({15 or 20 if no UI} pts)
1034
+
1035
+ - Input: validation-test-quality agent report + `GATE-2` + mutation score +
1036
+ mock ratio
1037
+ - Score 0 if: Any placeholder assertion found, OR any test.skip found, OR mock
1038
+ ratio > 30%, OR mutation score < 60% (when Stryker available), OR
1039
+ `GATE-2` fails
1040
+ - Score full if: Zero placeholders, zero skips, mock ratio <= 30%
1041
+
1042
+ **Category 3: UI/E2E Verification** (10 pts, or 0 if redistributed)
1043
+
1044
+ - If `HAS_UI = false`: Record `N/A — HAS_UI=false` plus an explicit not-in-scope
1045
+ reason in the evidence table and apply the existing no-UI redistribution.
1046
+ - If `HAS_UI = true` and `DEPLOY_IN_SCOPE = false`: Check `GATE-3` for local
1047
+ render proof and record `Render proof only — deployment target not in scope`
1048
+ when that proof exists. Score 0 if `GATE-3` fails or no local render proof
1049
+ exists. Do not redistribute Category 3 points.
1050
+ - If `HAS_UI = true` and `DEPLOY_IN_SCOPE = true`: Check `GATE-3` for
1051
+ screenshot, curl/HTTP transcript, deployment log, headless browser
1052
+ assertion, or smoke-check output with proof of rendered/live behavior on the
1053
+ declared route or target. Score 0 if `GATE-3` fails or no real render/deploy
1054
+ proof exists.
1055
+
1056
+ **Category 4: Security Posture** (10 pts)
1057
+
1058
+ - Input: validation-security agent report
1059
+ - Score 0 if: Any Red finding from security agent
1060
+ - Score full if: No Red or Yellow findings
1061
+
1062
+ **Category 5: Integration Reality** (10 pts)
1063
+
1064
+ - Input: validation-integration agent report + `GATE-1`
1065
+ - Score 0 if: `GATE-1` fails, OR any contract violation, OR critical boundary
1066
+ with zero tests
1067
+ - Score full if: All contracts satisfied, integration tests use real deps
1068
+
1069
+ **Category 6: Error Path Coverage** (10 pts)
1070
+
1071
+ - Input: validation-correctness agent (error paths) + validation-standards agent
1072
+ (empty catch blocks)
1073
+ - Score 0 if: Empty catch blocks found, OR public functions lack error path
1074
+ tests
1075
+ - Score full if: Error paths tested, catch blocks handle errors properly
1076
+
1077
+ **Category 7: Architecture Compliance** (10 pts)
1078
+
1079
+ - Input: validation-standards agent report (architecture section)
1080
+ - Score 0 if: File structure deviates from plan.md without justification, OR
1081
+ required diagrams/pictures are stale, unreadable, unrendered without fallback,
1082
+ disconnected from the requirements/code/EAI Platform evidence they explain, OR
1083
+ human-facing artifacts lack a plain-language executive summary
1084
+ - Score full if: All files in expected locations, patterns followed
1085
+
1086
+ **Visual And Document Comprehension Gate** (part of Category 7, no extra points):
1087
+
1088
+ Use this gate whenever the feature has architecture, process, security,
1089
+ workflow, data, UI, or EAI Platform behavior that a human reviewer or future AI
1090
+ loop must understand. This is benchmarked against C4-style abstraction levels,
1091
+ diagram-as-code/source-controlled visuals, 8090-style requirement/blueprint
1092
+ alignment, Marp-style narrative decks, and UI proof practices such as screenshot
1093
+ or visual-test evidence.
1094
+
1095
+ - Executive summaries: every human-facing document starts with three to five
1096
+ plain-language bullets that cover the decision, value, risk, evidence, and next
1097
+ ask. Technical detail comes after the summary.
1098
+ - Purpose clarity: every visual states the question it answers, audience,
1099
+ source inputs, and how to read it in plain language.
1100
+ - Simplicity: each diagram focuses on one decision or flow, keeps primary
1101
+ nodes/steps to about seven or fewer where practical, and splits crowded
1102
+ diagrams instead of making a spaghetti map.
1103
+ - Correct visual type: use context/container C4 views for system boundaries,
1104
+ sequence/state diagrams for flows, ERD for data, value stream for process,
1105
+ heatmaps for capability/risk priority, and screenshot/storyboard evidence for
1106
+ UI behavior.
1107
+ - Renderability: Mermaid/D2/Structurizr-style source must render locally or
1108
+ provide a markdown-table/text fallback; Marp decks must be valid Markdown with
1109
+ slide frontmatter; UI visuals need screenshot, Storybook/component,
1110
+ Playwright, or equivalent render proof.
1111
+ - Traceability: each visual links to the requirement, plan, contract, code/test,
1112
+ EAI service/template asset, or validation evidence it summarizes.
1113
+ - Freshness: validation must check whether visuals changed or were reapproved
1114
+ after spec, plan, code, tenant/auth, or validation changes; stale visuals fail
1115
+ Category 7 even when the code passes.
1116
+ - Public safety: visuals must not expose tenant-private data, secrets, customer
1117
+ identifiers, internal-only architecture names, or screenshots containing
1118
+ private content.
1119
+
1120
+ **Category 8: Performance Baseline** (5 pts)
1121
+
1122
+ - Input: validation-performance agent report
1123
+ - Score 0 if: Sync I/O in async paths, OR complexity > 12, OR unbounded loops
1124
+ - Score full if: No blocking performance findings
1125
+
1126
+ **Category 9: Code Hygiene** (10 pts)
1127
+
1128
+ - Input: validation-standards agent report (hygiene section) + slop detection
1129
+ - Score 0 if: TODO placeholders in production code, OR > 5 redundant comments,
1130
+ OR silent error swallowing found
1131
+ - Score full if: Clean code, no slop findings above Gray
1132
+
1133
+ **Category 10: Specification Traceability** (5 pts)
1134
+
1135
+ - Input: validation-correctness agent (criteria mapping)
1136
+ - Score 0 if: User stories cannot be traced to tests and code
1137
+ - Score full if: Every US has tests, every test maps to implementing code
1138
+
1139
+ **Category 11: Blast Radius Containment** (10 pts) — NEW
1140
+
1141
+ - Input: Phase B blast-radius-report.md (Agents 8-12)
1142
+ - Score 0 if **any** of:
1143
+ - `BLAST_RADIUS_RED > 0` (verdict BREACHED in blast-radius-report.md), OR
1144
+ - Interface Contract Diff found a BREAKING change without CHANGELOG entry, OR
1145
+ - Observability agent found a silent failure in production code, OR
1146
+ - Dependency agent reports a new High or Critical CVE, OR
1147
+ - Rollback agent reports an irreversible migration without justification, OR
1148
+ - Cross-submodule ripple detected that was not planned in plan.md
1149
+ - Score full (10) if: `BLAST_RADIUS_RED == 0` — verdict CONTAINED in
1150
+ blast-radius-report.md. Yellow/Gray findings do not block the category but are
1151
+ forwarded to Phase C for attention.
1152
+
1153
+ ### Calculate Total Score
1154
+
1155
+ ```
1156
+ TOTAL = Cat1 + Cat2 + Cat3 + ... + Cat10 + Cat11
1157
+ ```
1158
+
1159
+ Must equal **110** to PASS (no-UI features: Cat3 redistributes +5 to Cat1 and +5
1160
+ to Cat2; total is still 110).
1161
+
1162
+ ---
1163
+
1164
+ ## Step 7.4: Two-Pass Canvas Refresh (Impact Canvas)
1165
+
1166
+ After the validation council completes, refresh the Impact Canvas with
1167
+ validation findings. This is a SURGICAL update: only the `topThreeRisks` slot of
1168
+ `impact-canvas.md` is replaced; all other canvas content (header, problem
1169
+ statement, personas, AI-leverage pie, outcomes) is preserved byte-for-byte. The
1170
+ frontmatter `pass:` marker is bumped from 1 to 2 so downstream consumers can
1171
+ tell which pass produced the artefact.
1172
+
1173
+ ```
1174
+ Task: subagent_type="visual-canvas-writer", model="haiku"
1175
+ Prompt: "Pass-2 refresh for {FEATURE_DIR}/visuals/impact-canvas.md.
1176
+ Read validation council output from {FEATURE_DIR}/validation.md.
1177
+ Replace ONLY the topThreeRisks section with the council's top three risks.
1178
+ Preserve all other content byte-for-byte.
1179
+
1180
+ Use the runPass2() helper at .specify/scripts/node/lib/visual-pass-pipeline.mjs
1181
+ which implements the surgical replacement (regex-bounded swap of the
1182
+ '## Top Three Risks' section + frontmatter pass: 1 -> 2 bump).
1183
+
1184
+ Return: absolute path of file written and the three risk strings used."
1185
+ ```
1186
+
1187
+ The `runPass2()` function in
1188
+ `.specify/scripts/node/lib/visual-pass-pipeline.mjs` already implements the
1189
+ surgical replacement; the writer agent only needs to provide the three
1190
+ council-validated risk strings. This satisfies FR-016 (two-pass canvas refresh)
1191
+ and the locked decision recorded in `plan.md:912-919`.
1192
+
1193
+ ---
1194
+
1195
+ ## Step 7.5: Refresh Risk Heatmap (Persona Pack — US4)
1196
+
1197
+ After the rubric is scored and validation council findings are available,
1198
+ dispatch `visual-risk-writer` in **pass-2 mode** to refresh the risk heatmap
1199
+ with critical risks identified by the council. This replaces the heuristic
1200
+ top-quadrant entries that pass-1 (run from this same stage before validation)
1201
+ populated from the spec NFR / Out-of-Scope sections.
1202
+
1203
+ ```
1204
+ Task: subagent_type="visual-risk-writer", model="haiku"
1205
+ Prompt: "Pass 2: refresh risk heatmap for feature [FEATURE_NAME].
1206
+
1207
+ Feature directory: {FEATURE_DIR}
1208
+ Spec: {FEATURE_DIR}/spec.md
1209
+ Validation council findings: {FEATURE_DIR}/validation-report.md (in-progress)
1210
+ Existing heatmap (pass-1): {FEATURE_DIR}/visuals/risk-heatmap.md
1211
+ Template: .specify/templates/visuals/risk-heatmap-template.md
1212
+
1213
+ Replace top-quadrant risks with the validation council's critical findings.
1214
+ Preserve pass-1 risks that did not surface in validation.
1215
+ Honour ≥30 ≤200 word plain-language preamble (NFR-010).
1216
+
1217
+ Return: absolute path of file written and risk counts per quadrant."
1218
+ ```
1219
+
1220
+ The validation report (Step 8) MUST link to the refreshed risk heatmap under its
1221
+ `## Risk Posture` section. If the Mermaid renderer fails for a downstream
1222
+ consumer, the `mermaid-tabular-fallback.mjs` helper provides a markdown-table
1223
+ fallback for the `quadrantChart` block.
1224
+
1225
+ ---
1226
+
1227
+ ## Step 8: Generate Validation Report
1228
+
1229
+ Write to `{FEATURE_DIR}/validation-report.md`:
1230
+
1231
+ ```markdown
1232
+ ---
1233
+ feature: [Feature Name]
1234
+ validated: [ISO timestamp]
1235
+ validator: Claude
1236
+ status: [PASS/FAIL]
1237
+ score: [N]
1238
+ score_max: 110
1239
+ iteration: [N]
1240
+ has_ui: [true/false]
1241
+ deploy_in_scope: [true/false]
1242
+ objective_gate_status: [PASS/FAIL]
1243
+ goal_rebaseline_report: goal-rebaseline-report.md
1244
+ loop_audit_report: loop-audit-report.md
1245
+ blast_radius_verdict: [CONTAINED | BREACHED]
1246
+ blast_radius_report: blast-radius-report.md
1247
+ GeneratedAt: [ISO timestamp]
1248
+ SourceCommandId: /6_gofer_validate
1249
+ SourceInputs: [spec.md, plan.md, tasks.md, research.md, automated checks, agent findings]
1250
+ OverwriteNoticeWhenApplicable: [new file or overwrite note]
1251
+ ---
1252
+
1253
+ # Validation Report: [Feature Name]
1254
+
1255
+ ## Objective Outcome Gate
1256
+
1257
+ - Goal ledger: `goal-ledger.json`
1258
+ - Rebaseline report: `goal-rebaseline-report.md`
1259
+ - Loop contract: `loop-contract.json`
1260
+ - Loop ledger: `loop-ledger.jsonl`
1261
+ - Loop audit report: `loop-audit-report.md`
1262
+ - Outcome gate status: [PASS/FAIL]
1263
+ - Recommended reopen stage: [none | 2_specify | 3_plan | 4_tasks | 6_validate]
1264
+ - Summary: [why objectives remain aligned or why the loop must reopen]
1265
+
1266
+ ## Rubric Score
1267
+
1268
+ | # | Category | Points | Score | Status | Evidence |
1269
+ | --- | -------------------------- | ------- | ---------- | --------------- | --------- |
1270
+ | 1 | Functional Correctness | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
1271
+ | 2 | Test Authenticity | [15/20] | [0/15/20] | PASS/FAIL | [summary] |
1272
+ | 3 | UI/E2E Verification | [10/0] | [0/10/N/A] | PASS/FAIL/SKIP | [summary] |
1273
+ | 4 | Security Posture | 10 | [0/10] | PASS/FAIL | [summary] |
1274
+ | 5 | Integration Reality | 10 | [0/10] | PASS/FAIL | [summary] |
1275
+ | 6 | Error Path Coverage | 10 | [0/10] | PASS/FAIL | [summary] |
1276
+ | 7 | Architecture Compliance | 10 | [0/10] | PASS/FAIL | [summary] |
1277
+ | 8 | Performance Baseline | 5 | [0/5] | PASS/FAIL | [summary] |
1278
+ | 9 | Code Hygiene | 10 | [0/10] | PASS/FAIL | [summary] |
1279
+ | 10 | Specification Traceability | 5 | [0/5] | PASS/FAIL | [summary] |
1280
+ | 11 | Blast Radius Containment | 10 | [0/10] | PASS/FAIL | [summary] |
1281
+ | | **TOTAL** | **110** | **[N]** | **[PASS/FAIL]** | |
1282
+
1283
+ ## Automated Check Results
1284
+
1285
+ | Check | Command | Result |
1286
+ | --------- | ------------- | ------------------- |
1287
+ | Build | npm run build | [PASS/FAIL] |
1288
+ | Tests | npm test | [PASS/FAIL] |
1289
+ | Lint | npm run lint | [PASS/FAIL + count] |
1290
+ | TypeCheck | tsc --noEmit | [PASS/FAIL] |
1291
+
1292
+ ## Closed-Loop Traceability
1293
+
1294
+ | Requirement ID | Goal ID | Code Evidence | Test Evidence | Status |
1295
+ | -------------- | ------- | ------------- | ------------- | ------ |
1296
+ | [FR-001] | [G1] | [path] | [path] | [PASS/FAIL] |
1297
+
1298
+ ## Mutation Testing
1299
+
1300
+ - **Stryker available**: [Yes/No]
1301
+ - **Mutation score**: [N]% (target: >= 60%)
1302
+
1303
+ ## Mock Ratio Analysis
1304
+
1305
+ - **Total mock calls**: [N]
1306
+ - **Total real assertions**: [N]
1307
+ - **Mock ratio**: [N]% (target: <= 30%)
1308
+ - **Justified mocks excluded**: [N]
1309
+
1310
+ ### Worst Offenders by File
1311
+
1312
+ | File | Mocks | Assertions | Ratio | Status |
1313
+ | ------ | ----- | ---------- | ----- | ------- |
1314
+ | [file] | [N] | [N] | [N]% | OK/FAIL |
1315
+
1316
+ ## Specialist Agent Findings
1317
+
1318
+ ### Red (Blocking)
1319
+
1320
+ | # | Category | Finding | File | Line |
1321
+ | --- | ---------- | ------------- | ------ | ------ |
1322
+ | [N] | [category] | [description] | [file] | [line] |
1323
+
1324
+ ### Yellow (Must Address)
1325
+
1326
+ | # | Category | Finding | File | Line |
1327
+ | --- | ---------- | ------------- | ------ | ------ |
1328
+ | [N] | [category] | [description] | [file] | [line] |
1329
+
1330
+ ### Gray (Informational)
1331
+
1332
+ | # | Category | Finding | File | Line |
1333
+ | --- | ---------- | ------------- | ------ | ------ |
1334
+ | [N] | [category] | [description] | [file] | [line] |
1335
+
1336
+ ## AI Slop Detection Summary
1337
+
1338
+ | Pattern | Count | Severity |
1339
+ | ---------------------------- | ----- | -------- |
1340
+ | Placeholder assertions | [N] | Red |
1341
+ | Skipped tests | [N] | Red |
1342
+ | TODO/FIXME placeholders | [N] | Yellow |
1343
+ | Empty catch blocks | [N] | Yellow |
1344
+ | Redundant comments | [N] | Yellow |
1345
+ | Over-engineered abstractions | [N] | Gray |
1346
+ | Magic numbers | [N] | Gray |
1347
+
1348
+ ## Blast Radius Summary (Phase B)
1349
+
1350
+ See `{FEATURE_DIR}/blast-radius-report.md` for the full dimension report.
1351
+
1352
+ | Dimension | Agent | Red | Yellow | Gray | Verdict |
1353
+ | ----------------------------------- | ----------------------------- | --- | ------ | ---- | ------------------------ |
1354
+ | Change graph / ripple | codebase-analyzer | [N] | [N] | [N] | [OK/BREACHED] |
1355
+ | Interface contracts | validation-integration | [N] | [N] | [N] | [OK/BREACHED] |
1356
+ | Error logging & observability | validation-standards | [N] | [N] | [N] | [OK/BREACHED] |
1357
+ | Dependency & submodule impact | research-dependency-evaluator | [N] | [N] | [N] | [OK/BREACHED] |
1358
+ | Rollback readiness & release chklst | tasks-rollback-planner | [N] | [N] | [N] | [OK/BREACHED] |
1359
+ | | **TOTAL** | [N] | [N] | [N] | **[CONTAINED/BREACHED]** |
1360
+
1361
+ **Change Surface Summary**
1362
+
1363
+ - Modified files: [N]
1364
+ - Submodules touched: [list]
1365
+ - Public-surface symbols modified: [N]
1366
+ - Breaking API changes: [N]
1367
+ - New dependencies: [N]
1368
+ - New High/Critical CVEs: [N]
1369
+ - Irreversible migrations: [N]
1370
+ - CHANGELOG updated: [Yes/No/N/A]
1371
+
1372
+ **Phase B Gate**: Cat 11 scores 10 only if verdict is **CONTAINED**.
1373
+
1374
+ ## Spec Compliance
1375
+
1376
+ ### [US1 Name]
1377
+
1378
+ - [x/] Acceptance criterion 1
1379
+ - [x/] Acceptance criterion 2
1380
+
1381
+ ### [US2 Name]
1382
+
1383
+ - [x/] Acceptance criterion 1
1384
+
1385
+ ## Recommendations
1386
+
1387
+ ### Before Merge (Must Fix)
1388
+
1389
+ - [Red and Yellow findings requiring action]
1390
+
1391
+ ### Future Improvements (Informational)
1392
+
1393
+ - [Gray findings and suggestions]
1394
+
1395
+ ## Evidence Table
1396
+
1397
+ | Category | Score | Evidence Artifact / Command Output | Absent / Reason for 0 |
1398
+ | --- | --- | --- | --- |
1399
+ | 1 — Functional Correctness | [0/15/20] | [file path, executed `npm test` output with timestamp, or agent citation] | [reason if 0] |
1400
+ | 2 — Test Authenticity | [0/15/20] | [file path, mutation output, or agent citation] | [reason if 0] |
1401
+ | 3 — UI/E2E Verification | [0/10/N/A] | [`N/A — HAS_UI=false`, `Render proof only — deployment target not in scope`, or render/deploy artifact] | [reason if 0 or not in scope] |
1402
+ | 4 — Security Posture | [0/10] | [agent finding citation] | [reason if 0] |
1403
+ | 5 — Integration Reality | [0/10] | [runtime wiring proof, integration-test output, or agent citation] | [reason if 0] |
1404
+ | 6 — Error Path Coverage | [0/10] | [agent finding citation] | [reason if 0] |
1405
+ | 7 — Architecture Compliance | [0/10] | [agent finding citation] | [reason if 0] |
1406
+ | 8 — Performance Baseline | [0/5] | [agent finding citation] | [reason if 0] |
1407
+ | 9 — Code Hygiene | [0/10] | [agent finding citation] | [reason if 0] |
1408
+ | 10 — Specification Traceability | [0/5] | [agent finding citation] | [reason if 0] |
1409
+ | 11 — Blast Radius Containment | [0/10] | [blast-radius-report.md reference] | [reason if 0] |
1410
+ | **Total** | **[N]/110** | | |
1411
+ ```
1412
+
1413
+ This evidence table is required on **EVERY run (PASS and FAIL)**.
1414
+
1415
+ Each `Evidence Artifact / Command Output` cell MUST contain at least one of:
1416
+
1417
+ - A file path visible in the current session
1418
+ - An executed command and its real output (with timestamp)
1419
+ - A sub-agent finding citation (agent name + finding ID)
1420
+
1421
+ An empty evidence cell or a cell containing only inferences/assumptions MUST
1422
+ cause that category to score 0.
1423
+
1424
+ Category 11's evidence cell MUST cite `blast-radius-report.md`.
1425
+
1426
+ When Category 3 is not in scope, the report preamble or row text MUST make the
1427
+ redistribution explicit enough that normalization/effective contribution remains
1428
+ derivable from the persisted report, and `Absent / Reason for 0` must record
1429
+ the matching not-in-scope reason.
1430
+
1431
+ ---
1432
+
1433
+ ## Step 9: Determine Outcome
1434
+
1435
+ ### If TOTAL = 110 and objective_gate_status = PASS: PASS (Phase A + B)
1436
+
1437
+ ```
1438
+ ════════════════════════════════════════════════════════════════
1439
+ RUBRIC PASSED: [Feature Name]
1440
+ ════════════════════════════════════════════════════════════════
1441
+
1442
+ Score: 110/110
1443
+
1444
+ Rubric:
1445
+ ✓ Functional Correctness [15/20]/[15/20]
1446
+ ✓ Test Authenticity [15/20]/[15/20]
1447
+ ✓ UI/E2E Verification [10/10 or N/A]
1448
+ ✓ Security Posture 10/10
1449
+ ✓ Integration Reality 10/10
1450
+ ✓ Error Path Coverage 10/10
1451
+ ✓ Architecture Compliance 10/10
1452
+ ✓ Performance Baseline 5/5
1453
+ ✓ Code Hygiene 10/10
1454
+ ✓ Specification Traceability 5/5
1455
+ ✓ Blast Radius Containment 10/10
1456
+
1457
+ Reports:
1458
+ {FEATURE_DIR}/validation-report.md
1459
+ {FEATURE_DIR}/blast-radius-report.md
1460
+
1461
+ ════════════════════════════════════════════════════════════════
1462
+ ```
1463
+
1464
+ Proceed to **Phase C: Engineering Review Loop** (inline, Step 10a below), then
1465
+ **Step 11: Attribution Logging** and **Step 12: Memory Update Check**.
1466
+
1467
+ **No external auto-chain is needed** — Phase C runs inline in this command.
1468
+ After Phase C completes, the feature pipeline is complete.
1469
+
1470
+ ### If TOTAL < 110 or objective_gate_status = FAIL: FAIL
1471
+
1472
+ Proceed to **Step 10: Brownfield Restart** (Phase C does not run when the rubric
1473
+ fails — fix the rubric first).
1474
+
1475
+ ---
1476
+
1477
+ ## Step 10: Brownfield Restart Loop
1478
+
1479
+ When validation fails (score < score_max), generate a remediation report and signal
1480
+ the orchestrator to restart the pipeline focused on failed areas.
1481
+
1482
+ ### 10.1 Check Iteration Count
1483
+
1484
+ - If `ITERATION >= 3`: Generate **escalation report** instead (see 10.4)
1485
+ - If `ITERATION < 3`: Generate **remediation report** and signal restart
1486
+
1487
+ ### 10.2 Generate Remediation Report
1488
+
1489
+ Write to `{FEATURE_DIR}/remediation-report.md`:
1490
+
1491
+ ```markdown
1492
+ ---
1493
+ feature: [Feature Name]
1494
+ iteration: [N]
1495
+ score: [N]
1496
+ score_max: 110
1497
+ generated: [ISO timestamp]
1498
+ failed_categories: [list]
1499
+ ---
1500
+
1501
+ # Remediation Report: [Feature Name]
1502
+
1503
+ ## Iteration [N] of 3
1504
+
1505
+ **Score**: [N]/110 **Status**: FAIL — Remediation Required
1506
+
1507
+ ## Failed Categories
1508
+
1509
+ ### [Category Name] (0/[points])
1510
+
1511
+ **Evidence**: [Specific findings from agent reports]
1512
+
1513
+ **Required Actions**:
1514
+
1515
+ 1. [Specific action to fix this category]
1516
+ 2. [Another specific action]
1517
+
1518
+ **Files to modify**:
1519
+
1520
+ - `path/to/file.ts:line` — [what to change]
1521
+
1522
+ ### [Next Failed Category]
1523
+
1524
+ ...
1525
+
1526
+ ## Remediation Scope
1527
+
1528
+ The following pipeline stages should re-run focused on these areas:
1529
+
1530
+ - **Research**: [Any new research needed, or "Not needed"]
1531
+ - **Plan**: [Any plan updates, or "Not needed"]
1532
+ - **Implement**: [Specific tasks to re-implement]
1533
+ - **Validate**: Re-run after fixes
1534
+
1535
+ ## Previous Iterations
1536
+
1537
+ | Iteration | Score | Failed Categories | Date |
1538
+ | --------- | ------- | ----------------- | ------ |
1539
+ | 1 | [N]/110 | [list] | [date] |
1540
+ | 2 | [N]/110 | [list] | [date] |
1541
+ ```
1542
+
1543
+ ### 10.3 Signal Orchestrator
1544
+
1545
+ Output the routing instruction:
1546
+
1547
+ ```
1548
+ ════════════════════════════════════════════════════════════════
1549
+ VALIDATION FAILED: [Feature Name]
1550
+ ════════════════════════════════════════════════════════════════
1551
+
1552
+ Score: [N]/110
1553
+ Iteration: [N] of 3
1554
+
1555
+ Failed categories:
1556
+ ✗ [Category] — 0/[points]: [brief reason]
1557
+ ✗ [Category] — 0/[points]: [brief reason]
1558
+
1559
+ Remediation report: {FEATURE_DIR}/remediation-report.md
1560
+
1561
+ REMEDIATION REQUIRED: [feature-name]
1562
+ Failed categories: [list]
1563
+ Iteration: [N] of 3
1564
+ Route: /5_gofer_implement → focused on [failed areas]
1565
+
1566
+ ════════════════════════════════════════════════════════════════
1567
+ ```
1568
+
1569
+ Then proceed to **Step 11: Attribution Logging**.
1570
+
1571
+ ### 10.4 Escalation (Iteration 3 Failure)
1572
+
1573
+ If this is the 3rd iteration and validation still fails, generate
1574
+ `{FEATURE_DIR}/escalation-report.md`:
1575
+
1576
+ ```markdown
1577
+ ---
1578
+ feature: [Feature Name]
1579
+ iteration: 3
1580
+ final_score: [N]/110
1581
+ escalated: [ISO timestamp]
1582
+ ---
1583
+
1584
+ # Escalation Report: [Feature Name]
1585
+
1586
+ ## Human Review Required
1587
+
1588
+ After 3 remediation attempts, the following categories still fail:
1589
+
1590
+ ### [Category] — All 3 attempts failed
1591
+
1592
+ **Iteration history**:
1593
+
1594
+ 1. Score [N] — [what was tried]
1595
+ 2. Score [N] — [what was tried]
1596
+ 3. Score [N] — [what was tried]
1597
+
1598
+ **Root cause assessment**: [Why automated remediation isn't working]
1599
+
1600
+ **Recommended human action**: [What a developer should do]
1601
+
1602
+ ## Full Score History
1603
+
1604
+ | Iteration | Total | Cat1 | Cat2 | Cat3 | Cat4 | Cat5 | Cat6 | Cat7 | Cat8 | Cat9 | Cat10 | Cat11 |
1605
+ | --------- | ----- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ----- | ----- |
1606
+ | 1 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1607
+ | 2 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1608
+ | 3 | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] | [N] |
1609
+ ```
1610
+
1611
+ Output:
1612
+
1613
+ ```
1614
+ ════════════════════════════════════════════════════════════════
1615
+ ESCALATION: [Feature Name]
1616
+ ════════════════════════════════════════════════════════════════
1617
+
1618
+ After 3 remediation attempts, validation still fails.
1619
+ Score: [N]/110
1620
+
1621
+ Escalation report: {FEATURE_DIR}/escalation-report.md
1622
+
1623
+ This feature requires human review before proceeding.
1624
+ The automated pipeline cannot resolve the remaining issues.
1625
+
1626
+ ════════════════════════════════════════════════════════════════
1627
+ ```
1628
+
1629
+ ---
1630
+
1631
+ # Phase C — Engineering Review Loop
1632
+
1633
+ Phase C runs **only when the rubric passes** (110/110). It performs 1-5
1634
+ iterative review→fix→re-review cycles using 3 additional review agents per
1635
+ cycle, catching issues that the rubric-based validation might miss (edge cases,
1636
+ race conditions, API-contract drift against the as-implemented code, spec spirit
1637
+ violations).
1638
+
1639
+ Phase C is the terminal stage of `/6_gofer_validate`. After Phase C completes,
1640
+ the feature pipeline is complete.
1641
+
1642
+ ## Step 10a: Initialize Phase C
1643
+
1644
+ 1. **Guard**: only proceed if rubric `status == PASS` and the objective outcome
1645
+ gate passes (Step 9 TOTAL = 110 and Step 1.5 PASS). If
1646
+ FAIL, skip Phase C entirely — brownfield restart (Step 10) already triggered.
1647
+
1648
+ 2. **Initialize cycle counter**: `CYCLE = 1`
1649
+
1650
+ 3. **Initialize findings history**: Empty array to accumulate across cycles.
1651
+
1652
+ 4. **Seed findings from Phase B Yellow/Gray**: All Yellow findings from the
1653
+ blast-radius report are added to the Phase C finding list for mandatory
1654
+ attention. Gray findings are logged but not auto-fixed.
1655
+
1656
+ ## Step 10b: Spawn 3 Parallel Review Agents (Cycle N of 5)
1657
+
1658
+ Launch all 3 agents **in parallel** using the Task tool. Each agent receives the
1659
+ feature context and returns structured findings.
1660
+
1661
+ ### Agent 13: Engineer Review (Spec↔Plan↔Tasks↔Research Alignment)
1662
+
1663
+ ```
1664
+ Task: subagent_type="engineer-review", model="sonnet"
1665
+ Prompt: "Post-implementation engineering review for feature [FEATURE_NAME].
1666
+
1667
+ Feature directory: {FEATURE_DIR}
1668
+ Spec: {FEATURE_DIR}/spec.md
1669
+ Plan: {FEATURE_DIR}/plan.md
1670
+ Tasks: {FEATURE_DIR}/tasks.md
1671
+ Research: {FEATURE_DIR}/research.md
1672
+
1673
+ This is a POST-IMPLEMENTATION review (code is already written).
1674
+ In addition to your standard spec↔plan↔tasks alignment checks:
1675
+ 1. Verify spec completeness against research.md — are all research findings addressed?
1676
+ 2. Check all acceptance criteria are addressed in the actual code (not just tasks)
1677
+ 3. Verify research.md patterns were followed in implementation
1678
+
1679
+ Return findings in your standard report format (<2000 tokens)."
1680
+ ```
1681
+
1682
+ ### Agent 14: Codebase Analyzer (Code↔Tasks Verification)
1683
+
1684
+ ```
1685
+ Task: subagent_type="codebase-analyzer", model="sonnet"
1686
+ Prompt: "Post-implementation code verification for feature [FEATURE_NAME].
1687
+
1688
+ Feature directory: {FEATURE_DIR}
1689
+ Tasks: {FEATURE_DIR}/tasks.md
1690
+
1691
+ Verify the following:
1692
+ 1. Every task marked [x] in tasks.md has corresponding code changes — check file paths
1693
+ 2. Search for TODO/FIXME/HACK comments in files listed in tasks.md
1694
+ 3. Check for dead code or unused imports in changed files
1695
+ 4. Verify any API contracts/interfaces match their actual implementations
1696
+ 5. Check for inconsistencies between task descriptions and what was implemented
1697
+
1698
+ Return findings with Red/Yellow/Gray severity (<2000 tokens).
1699
+ Red = task marked complete but no code found, or API contract mismatch
1700
+ Yellow = TODO/FIXME comments, unused imports, minor inconsistencies
1701
+ Gray = style suggestions, optional improvements"
1702
+ ```
1703
+
1704
+ ### Agent 15: Correctness Re-verification
1705
+
1706
+ ```
1707
+ Task: subagent_type="validation-correctness", model="sonnet"
1708
+ Prompt: "Post-implementation correctness re-verification for feature [FEATURE_NAME].
1709
+
1710
+ Feature directory: {FEATURE_DIR}
1711
+ Spec: {FEATURE_DIR}/spec.md
1712
+ Plan: {FEATURE_DIR}/plan.md
1713
+
1714
+ This is a focused re-check after validation passed. Look for issues that
1715
+ rubric-based validation might miss:
1716
+ 1. Edge cases from spec that may not have explicit tests
1717
+ 2. Error handling completeness — are all failure modes covered?
1718
+ 3. Race conditions or concurrency issues in async code
1719
+ 4. Input validation at system boundaries
1720
+ 5. Any acceptance criteria that are technically 'covered' by tests but
1721
+ the implementation doesn't fully satisfy the spirit of the requirement
1722
+
1723
+ Return findings with Red/Yellow/Gray severity (<2000 tokens).
1724
+ Red = acceptance criterion not genuinely satisfied, critical error path missing
1725
+ Yellow = edge case not covered, partial error handling
1726
+ Gray = potential improvement, defensive coding suggestion"
1727
+ ```
1728
+
1729
+ **Run all 3 agents in parallel.** Collect all results before proceeding.
1730
+
1731
+ ## Step 10c: Run Build/Test/Lint Verification
1732
+
1733
+ Execute verification commands and capture results:
1734
+
1735
+ ### Build Check
1736
+
1737
+ ```bash
1738
+ cd extension && npm run compile
1739
+ ```
1740
+
1741
+ ### Test Check
1742
+
1743
+ ```bash
1744
+ cd extension && npm test
1745
+ ```
1746
+
1747
+ ### Lint Check
1748
+
1749
+ ```bash
1750
+ cd extension && npm run lint
1751
+ ```
1752
+
1753
+ Record results:
1754
+
1755
+ ```
1756
+ | Check | Command | Result |
1757
+ |--------|----------------------|-------------|
1758
+ | Build | npm run compile | PASS / FAIL |
1759
+ | Tests | npm test | PASS / FAIL |
1760
+ | Lint | npm run lint | PASS / FAIL |
1761
+ ```
1762
+
1763
+ **If any check FAILS**: Record as a Red finding.
1764
+
1765
+ ## Step 10d: Synthesize Findings
1766
+
1767
+ Collect all agent reports and build/test/lint results. Merge with Phase B
1768
+ Yellow/Gray carryovers. Classify each finding:
1769
+
1770
+ - **Red** (blocking): Task marked complete but no code, API contract mismatch,
1771
+ acceptance criterion not genuinely satisfied, build/test/lint failure,
1772
+ critical error path missing
1773
+ - **Yellow** (should fix): TODO/FIXME comments, unused imports, edge cases not
1774
+ covered, partial error handling, minor inconsistencies, Phase B Yellows
1775
+ - **Gray** (informational): Style suggestions, optional improvements, defensive
1776
+ coding suggestions, Phase B Grays
1777
+
1778
+ ### Compile Finding Table
1779
+
1780
+ ```
1781
+ | # | Finding | Severity | Source | File | Line | Status |
1782
+ |---|---------|----------|---------------------------|--------|--------|--------|
1783
+ | 1 | [desc] | Red | engineer-review | [file] | [line] | OPEN |
1784
+ | 2 | [desc] | Yellow | codebase-analyzer | [file] | [line] | OPEN |
1785
+ | 3 | [desc] | Yellow | phase-b:observability | [file] | [line] | OPEN |
1786
+ ```
1787
+
1788
+ ### Decision Logic
1789
+
1790
+ - If **NO Red or Yellow findings** → PASS → proceed to Step 10g (Report)
1791
+ - If **Red or Yellow findings exist** → proceed to Step 10e (Fix)
1792
+
1793
+ ## Step 10e: Fix Findings
1794
+
1795
+ For each Red and Yellow finding from the current cycle:
1796
+
1797
+ 1. **Read the affected file** at the specified line
1798
+ 2. **Apply the fix** directly using Edit tool
1799
+ 3. **Mark the finding as FIXED** in the finding table
1800
+
1801
+ ### Fix Priority
1802
+
1803
+ 1. Red findings first (blocking issues)
1804
+ 2. Yellow findings second (should fix)
1805
+ 3. Gray findings are logged but NOT auto-fixed
1806
+
1807
+ ### After Fixing
1808
+
1809
+ Re-run build/test/lint to verify fixes don't introduce regressions:
1810
+
1811
+ ```bash
1812
+ cd extension && npm run compile && npm test && npm run lint
1813
+ ```
1814
+
1815
+ If the verification fails after fixes, record new failures as Red findings for
1816
+ the next cycle.
1817
+
1818
+ ## Step 10f: Loop or Complete
1819
+
1820
+ ### Increment Cycle
1821
+
1822
+ ```
1823
+ CYCLE = CYCLE + 1
1824
+ ```
1825
+
1826
+ ### Decision
1827
+
1828
+ - If `CYCLE <= 5` AND findings were fixed in the previous cycle → **Go to Step
1829
+ 10b** (re-review with fresh agent runs to verify fixes and catch any new
1830
+ issues)
1831
+ - If `CYCLE > 5` AND Red/Yellow findings still remain → **Generate escalation
1832
+ section** in the report, declare pipeline complete with warnings
1833
+ - If **all findings resolved** (no Red or Yellow) → **Declare pipeline
1834
+ complete** (proceed to Step 10g)
1835
+
1836
+ ## Step 10g: Generate Engineering Review Report
1837
+
1838
+ Write to `{FEATURE_DIR}/engineering-review-report.md`:
1839
+
1840
+ ```markdown
1841
+ ---
1842
+ feature: [Feature Name]
1843
+ reviewed: [ISO timestamp]
1844
+ reviewer: Claude
1845
+ status: [PASS/PASS_WITH_WARNINGS/ESCALATED]
1846
+ cycles: [N]
1847
+ total_findings: [N]
1848
+ resolved_findings: [N]
1849
+ blast_radius_carryovers: [N]
1850
+ ---
1851
+
1852
+ # Engineering Review Report: [Feature Name]
1853
+
1854
+ ## Summary
1855
+
1856
+ - **Status**: [PASS / PASS_WITH_WARNINGS / ESCALATED]
1857
+ - **Review cycles**: [N] of 5 max
1858
+ - **Total findings**: [N] (Red: [N], Yellow: [N], Gray: [N])
1859
+ - **Resolved**: [N] findings fixed across [N] cycles
1860
+ - **Remaining**: [N] findings (if any)
1861
+ - **Phase B carryovers addressed**: [N] of [N]
1862
+
1863
+ ## Cycle History
1864
+
1865
+ ### Cycle 1
1866
+
1867
+ **Agents**: engineer-review, codebase-analyzer, validation-correctness
1868
+ **Build/Test/Lint**: [PASS/FAIL details]
1869
+
1870
+ | # | Finding | Severity | Source | File | Line | Resolution |
1871
+ | --- | ------- | -------- | ------ | ------ | ------ | ------------ |
1872
+ | 1 | [desc] | [sev] | [src] | [file] | [line] | [FIXED/OPEN] |
1873
+
1874
+ ### Cycle 2 (if applicable)
1875
+
1876
+ ...
1877
+
1878
+ ## Remaining Findings (if any)
1879
+
1880
+ | # | Finding | Severity | Source | File | Line | Reason Not Fixed |
1881
+ | --- | ------- | -------- | ------ | ------ | ------ | ---------------- |
1882
+ | 1 | [desc] | [sev] | [src] | [file] | [line] | [why] |
1883
+
1884
+ ## Recommendations
1885
+
1886
+ ### Must Address Before Merge
1887
+
1888
+ - [Any remaining Red/Yellow findings]
1889
+
1890
+ ### Future Improvements
1891
+
1892
+ - [Gray findings and suggestions]
1893
+ ```
1894
+
1895
+ ## Step 10g.5: Final Working Backwards PR/FAQ And CISO Summary
1896
+
1897
+ After the validation report, blast-radius report, loop audit, and engineering
1898
+ review report are written:
1899
+
1900
+ 1. Update `{FEATURE_DIR}/working-backwards-prfaq.md`.
1901
+ - Mark each Press Release claim as validated, changed, or unvalidated based
1902
+ on `validation-report.md`, `blast-radius-report.md`,
1903
+ `goal-rebaseline-report.md`, and `loop-audit-report.md`.
1904
+ - Fill Internal FAQ CISO / Risk with data handled, identity controls,
1905
+ tenant boundaries, secrets handling, residual risks, validation evidence,
1906
+ and launch gates.
1907
+ - Update "What happens if something goes wrong?" with rollback/support
1908
+ evidence from validation and blast-radius analysis.
1909
+ 2. Write `{FEATURE_DIR}/prfaq-history/06-validate.md` as an immutable final
1910
+ validation snapshot.
1911
+ 3. Create or update `{FEATURE_DIR}/ciso-security-summary.md` from
1912
+ `.specify/templates/ciso-security-summary-template.md` using
1913
+ `validation-report.md`, `blast-radius-report.md`, `audit-history.md`,
1914
+ `visuals/risk-heatmap.md`, auth/tenant evidence, secrets/data handling
1915
+ evidence, and loop audit evidence.
1916
+ 4. Refresh `{FEATURE_DIR}/business-owner-summary.md` with final validation
1917
+ status, business value confidence, and any validated/disproven assumptions.
1918
+ 5. Refresh `{FEATURE_DIR}/cto-architecture-summary.md` with validation status,
1919
+ blast-radius verdict, and any architecture/security exceptions.
1920
+ 6. Update `{FEATURE_DIR}/stakeholder-review-index.md` and make the final
1921
+ approve/revise/defer asks explicit:
1922
+ - Business Owner: release value, user/process impact, assumptions.
1923
+ - CTO / Architecture: platform/architecture evidence and exceptions.
1924
+ - CISO / Risk: controls, residual risks, security posture, launch gate.
1925
+ - Delivery: rollout, rollback, support, and evidence completeness.
1926
+
1927
+ If any validation gate failed, write these documents honestly with `FAIL`,
1928
+ `Pending`, or `Blocked` status; do not polish a failed feature as ready.
1929
+
1930
+ ## Step 10h: Output Completion Banner
1931
+
1932
+ ### If PASS (all findings resolved or no findings):
1933
+
1934
+ ```
1935
+ ════════════════════════════════════════════════════════════════
1936
+ ENGINEERING REVIEW PASSED: [Feature Name]
1937
+ ════════════════════════════════════════════════════════════════
1938
+
1939
+ Cycles: [N] of 5 max
1940
+ Findings: [N] found, [N] resolved
1941
+ Report: {FEATURE_DIR}/engineering-review-report.md
1942
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
1943
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
1944
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
1945
+
1946
+ ════════════════════════════════════════════════════════════════
1947
+ FEATURE PIPELINE COMPLETE!
1948
+
1949
+ All Gofer stages finished:
1950
+ 1. /1_gofer_research ✓
1951
+ 2. /2_gofer_specify ✓
1952
+ 3. /3_gofer_plan ✓
1953
+ 4. /4_gofer_tasks ✓
1954
+ 5. /5_gofer_implement ✓
1955
+ 6. /6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ✓)
1956
+
1957
+ The feature is ready for review and merge.
1958
+ Stakeholder PR/FAQ and persona summaries are ready for Business Owner,
1959
+ CTO/Architecture, CISO/Risk, and Delivery review.
1960
+ ════════════════════════════════════════════════════════════════
1961
+ ```
1962
+
1963
+ ### If PASS_WITH_WARNINGS (5 cycles exhausted, only Gray remaining):
1964
+
1965
+ ```
1966
+ ════════════════════════════════════════════════════════════════
1967
+ ENGINEERING REVIEW PASSED (WITH WARNINGS): [Feature Name]
1968
+ ════════════════════════════════════════════════════════════════
1969
+
1970
+ Cycles: 5 of 5 max
1971
+ Findings: [N] found, [N] resolved, [N] Gray remaining
1972
+ Report: {FEATURE_DIR}/engineering-review-report.md
1973
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
1974
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
1975
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
1976
+
1977
+ ⚠ Gray findings remain — see report for details.
1978
+
1979
+ ════════════════════════════════════════════════════════════════
1980
+ FEATURE PIPELINE COMPLETE!
1981
+
1982
+ All Gofer stages finished:
1983
+ 1. /1_gofer_research ✓
1984
+ 2. /2_gofer_specify ✓
1985
+ 3. /3_gofer_plan ✓
1986
+ 4. /4_gofer_tasks ✓
1987
+ 5. /5_gofer_implement ✓
1988
+ 6. /6_gofer_validate ✓ (Phase A ✓, Phase B ✓, Phase C ⚠)
1989
+
1990
+ The feature is ready for review and merge (review Gray findings).
1991
+ ════════════════════════════════════════════════════════════════
1992
+ ```
1993
+
1994
+ ### If ESCALATED (5 cycles exhausted, Red/Yellow remain):
1995
+
1996
+ ```
1997
+ ════════════════════════════════════════════════════════════════
1998
+ ENGINEERING REVIEW ESCALATED: [Feature Name]
1999
+ ════════════════════════════════════════════════════════════════
2000
+
2001
+ Cycles: 5 of 5 max (exhausted)
2002
+ Findings: [N] found, [N] resolved, [N] Red/Yellow remaining
2003
+
2004
+ Remaining issues:
2005
+ ✗ [Finding] — [severity]: [brief reason]
2006
+
2007
+ Report: {FEATURE_DIR}/engineering-review-report.md
2008
+ Working Backwards PR/FAQ: {FEATURE_DIR}/working-backwards-prfaq.md
2009
+ CISO summary: {FEATURE_DIR}/ciso-security-summary.md
2010
+ Stakeholder review index: {FEATURE_DIR}/stakeholder-review-index.md
2011
+
2012
+ This feature requires human review of remaining findings
2013
+ before merging.
2014
+
2015
+ ════════════════════════════════════════════════════════════════
2016
+ ```
2017
+
2018
+ ---
2019
+
2020
+ # End of Phase C
2021
+
2022
+ ---
2023
+
2024
+ ## Step 11: Attribution Logging
2025
+
2026
+ Log every finding to `.specify/logs/validation-findings.jsonl`.
2027
+ For EnterpriseAI runs, also mirror the same finding lifecycle to
2028
+ `{FEATURE_DIR}/audit-history.md` so executive, architecture, CISO, data, CIO,
2029
+ delivery, finance, operations, and risk/compliance stakeholders can see stable
2030
+ finding IDs, recurrence, disposition, owner, expiry, and review cadence.
2031
+
2032
+ ### Finding Format
2033
+
2034
+ For each finding from all agents and automated checks, append a JSON line:
2035
+
2036
+ ```json
2037
+ {
2038
+ "finding_id": "F[NNN]",
2039
+ "timestamp": "[ISO timestamp]",
2040
+ "feature": "[feature-name]",
2041
+ "category": "[rubric_category_snake_case]",
2042
+ "severity": "[red|yellow|gray]",
2043
+ "description": "[finding description]",
2044
+ "file": "[file path]",
2045
+ "line": [line number or null],
2046
+ "agent": "[agent name or 'automated']",
2047
+ "resolution": null,
2048
+ "iteration": [N]
2049
+ }
2050
+ ```
2051
+
2052
+ ### Categories for `category` field
2053
+
2054
+ - `functional_correctness`
2055
+ - `test_authenticity`
2056
+ - `ui_e2e_verification`
2057
+ - `security_posture`
2058
+ - `integration_reality`
2059
+ - `error_path_coverage`
2060
+ - `architecture_compliance`
2061
+ - `performance_baseline`
2062
+ - `code_hygiene`
2063
+ - `specification_traceability`
2064
+ - `blast_radius_containment` — **NEW** (Cat 11, Phase B)
2065
+ - Sub-dimensions for the `dimension` sub-field: `change_graph`,
2066
+ `interface_contract`, `observability`, `dependency_submodule`,
2067
+ `rollback_release`
2068
+ - `engineering_review` — Phase C findings (agent-specific sub-dimensions:
2069
+ `spec_alignment`, `code_verification`, `correctness_reverify`)
2070
+
2071
+ ### EnterpriseAI Persistent Audit Requirements
2072
+
2073
+ `audit-history.md` MUST include:
2074
+
2075
+ | Field | Requirement |
2076
+ | ----- | ----------- |
2077
+ | Finding ID | Stable across validation cycles; never renumber existing findings |
2078
+ | Source | Rubric category, agent, automated check, or stakeholder gate |
2079
+ | Status | Open, fixed, accepted, or escalated |
2080
+ | Recurrence | Count and prior cycle references for repeated findings |
2081
+ | Owner | Named accountable role or team |
2082
+ | Expiry | Required for accepted exceptions |
2083
+ | Evidence | Links to validation report, tests, contract pack, or code references |
2084
+
2085
+ Recurring red findings must escalate to the relevant decision owner and block
2086
+ launch unless explicitly accepted with owner, expiry, and review cadence.
2087
+
2088
+ For application delivery, validation MUST also check
2089
+ `{FEATURE_DIR}/journeys/base-journey.md` against the delivered implementation:
2090
+
2091
+ - The app process has four user-facing steps or fewer, or an approved exception
2092
+ explains why extra steps could not be combined, automated, or handled by
2093
+ generative AI assistance.
2094
+ - Each journey step preserves its business goal, AI assistance mode, data/context
2095
+ used, completion signal, human controls, evidence/confidence display, audit
2096
+ trail, and fallback/escalation path.
2097
+ - `{FEATURE_DIR}/ui-review-log.md` contains at least one pre-presentation
2098
+ self-review entry for each preview round that was shown to the stakeholder,
2099
+ with screenshot, local render proof, Playwright-style evidence, or an
2100
+ explicit reasoned exception.
2101
+ - `{FEATURE_DIR}/ui-approval.md` records the approved preview, approved
2102
+ branding/logo decisions, any approved EAI App Template exceptions, the
2103
+ approver, and approval timestamp.
2104
+ - `{FEATURE_DIR}/service-fit-matrix.md` records each desired platform
2105
+ capability, the evidence source used to evaluate it, and whether it is
2106
+ accessible now, purchasable but unavailable now, or unavailable without new
2107
+ platform work.
2108
+ - The delivered app uses EAI Platform, including the EAI app template, as the
2109
+ primary app substrate and Azure as the preferred cloud/supporting substrate.
2110
+ Any Firebase, Supabase, Vercel primary runtime, AWS, GCP, bespoke backend,
2111
+ unmanaged database, or unrelated SaaS dependency is rejected unless it is
2112
+ recorded as an approved integration/migration/exception with rationale, owner,
2113
+ expiry, and validation evidence.
2114
+ - The approved external/internal/hybrid profile choice, package lane, coupling
2115
+ status, Storybook story IDs, theme override points, public-readiness target,
2116
+ and custom-block exceptions are present in the preview/approval/service-fit
2117
+ artifacts and match the delivered implementation.
2118
+ - Validation confirms that app-delivery runs used EAI App Template blocks by
2119
+ default and that any create-new UI concept was explicitly approved rather
2120
+ than silently introduced.
2121
+ - Validation confirms that block-porting tasks produced the expected package
2122
+ surface and that public or hybrid lanes do not directly depend on source platform
2123
+ internals unless an approved restricted-source exception is recorded.
2124
+ - Chatbot, voice, accessibility, translation, contextual prefill, validation,
2125
+ and step-goal assistance claims are covered by acceptance tests where they are
2126
+ in scope.
2127
+
2128
+ For explicit non-app work, validation MUST treat `ui-preview-brief.md`,
2129
+ `ui-review-log.md`, `ui-approval.md`, and `service-fit-matrix.md` as
2130
+ **not applicable** rather than as missing blocking artifacts.
2131
+
2132
+ ### Log Summary Entry
2133
+
2134
+ After all findings, append a summary entry:
2135
+
2136
+ ```json
2137
+ {
2138
+ "finding_id": "SUMMARY",
2139
+ "timestamp": "[ISO timestamp]",
2140
+ "feature": "[feature-name]",
2141
+ "category": "summary",
2142
+ "severity": "info",
2143
+ "description": "Validation score: [N]/110. Categories failed: [list or 'none']",
2144
+ "file": null,
2145
+ "line": null,
2146
+ "agent": "rubric",
2147
+ "resolution": "[PASS|FAIL|ESCALATED]",
2148
+ "iteration": [N]
2149
+ }
2150
+ ```
2151
+
2152
+ ### Historical Reference
2153
+
2154
+ Before logging, read existing entries in `validation-findings.jsonl` for the
2155
+ same feature. If the same finding (same file, same line, same category) appears
2156
+ in a previous iteration, note it as a **repeat finding** in the description:
2157
+
2158
+ ```
2159
+ "description": "[REPEAT from iteration 1] expect(true).toBe(true) still present"
2160
+ ```
2161
+
2162
+ This enables tracking of findings that persist across remediation attempts.
2163
+
2164
+ ---
2165
+
2166
+ ## Step 12: Memory Update Check
2167
+
2168
+ After validation, assess whether learnings should be persisted.
2169
+
2170
+ ### 12.1 Memory Update Decision Matrix
2171
+
2172
+ | Learning Type | Update Location | When to Update |
2173
+ | ---------------------------- | ---------------------------- | ----------------------------------------- |
2174
+ | **Project-wide patterns** | `CLAUDE.md` | New conventions affecting all future work |
2175
+ | **Architectural decisions** | `.specify/memory/decisions/` | Significant design choices with rationale |
2176
+ | **Feature-specific context** | `{FEATURE_DIR}/research.md` | Discoveries relevant only to this feature |
2177
+ | **Reusable code patterns** | `CLAUDE.md` or constitution | Patterns other features should follow |
2178
+ | **Bug workarounds** | `.specify/memory/decisions/` | Issues that may recur |
2179
+
2180
+ ### 12.2 CLAUDE.md Update Criteria
2181
+
2182
+ **DO update CLAUDE.md when**:
2183
+
2184
+ - Discovered a new coding convention used across the codebase
2185
+ - Identified a critical dependency or integration pattern
2186
+ - Found a gotcha that affects multiple features
2187
+ - Established a new testing or build pattern
2188
+
2189
+ **DO NOT update CLAUDE.md when**:
2190
+
2191
+ - Learning is specific to one feature
2192
+ - Information will become stale quickly
2193
+ - Pattern is already documented elsewhere
2194
+ - Change is experimental/temporary
2195
+
2196
+ ### 12.3 Memory Update Checklist
2197
+
2198
+ Before completing validation, verify:
2199
+
2200
+ - [ ] Any project-wide patterns discovered -> added to CLAUDE.md?
2201
+ - [ ] Any significant decisions made -> recorded in decisions/?
2202
+ - [ ] Any gotchas or workarounds -> documented for future reference?
2203
+ - [ ] Feature-specific learnings -> captured in research.md?
2204
+
2205
+ ---
2206
+
2207
+ ## Observability Logging
2208
+
2209
+ At stage completion, log metrics:
2210
+
2211
+ ```bash
2212
+ .specify/scripts/bash/log-stage.sh 6_validate --complete --tokens [N] --compactions [N]
2213
+ ```
2214
+
2215
+ This also logs quality metrics (rubric scores, finding counts) to:
2216
+ `.specify/logs/quality-metrics.jsonl`
2217
+
2218
+ ---
2219
+
2220
+ ## Key Rules
2221
+
2222
+ ### Phase A (Rubric)
2223
+
2224
+ - **110/110 is the only passing score** — there is no "close enough"
2225
+ - **Agents run in parallel** — spawn all 6 (or 7 with red team) at once, do not
2226
+ serialize
2227
+ - **Red findings block** — any Red finding in any agent zeroes that category
2228
+ - **Mutation testing is optional** — gracefully degrade when Stryker absent
2229
+ - **Mock ratio excludes justified mocks** — mark with `// mock-justified:`
2230
+ comment
2231
+ - **Maximum 3 remediation iterations** — then escalate to human
2232
+
2233
+ ### Phase B (Blast Radius)
2234
+
2235
+ - **5 blast-radius agents run in parallel** — do not serialize across dimensions
2236
+ - **The change manifest is ground truth** — build it once in Step 2.5, pass the
2237
+ same manifest to every Phase B agent
2238
+ - **Breaking change + no CHANGELOG entry = Red** — always. Release-checklist
2239
+ compliance is mandatory for user-visible changes.
2240
+ - **New High/Critical CVE = Red** — block before merge; Moderate is Yellow; Low
2241
+ is Gray
2242
+ - **Cross-submodule ripple requires explicit plan.md approval** — otherwise Red
2243
+ - **Blast-radius verdict CONTAINED gives Cat 11 = 10**; BREACHED gives Cat 11 =
2244
+ 0 — this is the only way Cat 11 scores
2245
+ - **Phase B writes `blast-radius-report.md`** alongside `validation-report.md`
2246
+ - **Phase B Yellows seed Phase C** — Phase C must address them
2247
+
2248
+ ### Phase C (Engineering Review Loop)
2249
+
2250
+ - **3 review agents per cycle** — spawn all in parallel, do not serialize
2251
+ - **5 cycles maximum** — hard cap to prevent infinite loops
2252
+ - **Fix Red before Yellow** — priority ordering matters
2253
+ - **Re-verify after fixes** — always re-run build/test/lint after changes
2254
+ - **Gray findings are logged, not auto-fixed** — they go in the report
2255
+ - **Phase C only runs if the rubric passes** — a failing rubric triggers
2256
+ brownfield restart instead
2257
+ - **This stage is the pipeline terminal** — "PIPELINE COMPLETE" only appears at
2258
+ the end of Phase C
2259
+ - **Engineering review is inline** — there is no separate follow-up stage after
2260
+ validation
2261
+
2262
+ ### Across All Phases
2263
+
2264
+ - **Attribution logging is mandatory** — every finding (A, B, C) gets logged to
2265
+ JSONL with its phase and sub-dimension
2266
+ - **Be specific** — cite file paths and line numbers for all findings
2267
+ - **Score the rubric honestly** — the goal is to catch real problems, not to
2268
+ pass
2269
+ - Log stage completion for observability tracking