gsdd-cli 0.18.4 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +625 -607
- package/agents/DISTILLATION.md +421 -421
- package/agents/README.md +62 -62
- package/agents/approach-explorer.md +361 -361
- package/agents/debugger.md +82 -82
- package/agents/executor.md +394 -394
- package/agents/integration-checker.md +318 -318
- package/agents/mapper.md +103 -103
- package/agents/planner.md +313 -313
- package/agents/researcher.md +84 -84
- package/agents/roadmapper.md +296 -296
- package/agents/synthesizer.md +236 -236
- package/agents/verifier.md +337 -337
- package/bin/adapters/agents.mjs +34 -34
- package/bin/adapters/claude.mjs +191 -191
- package/bin/adapters/codex.mjs +85 -85
- package/bin/adapters/index.mjs +20 -20
- package/bin/adapters/opencode.mjs +278 -278
- package/bin/gsdd.mjs +123 -116
- package/bin/lib/cli-utils.mjs +28 -28
- package/bin/lib/evidence-contract.mjs +112 -112
- package/bin/lib/file-ops.mjs +209 -161
- package/bin/lib/health-truth.mjs +181 -178
- package/bin/lib/health.mjs +265 -235
- package/bin/lib/init-flow.mjs +252 -236
- package/bin/lib/init-prompts.mjs +248 -247
- package/bin/lib/init-runtime.mjs +225 -212
- package/bin/lib/init.mjs +17 -17
- package/bin/lib/lifecycle-preflight.mjs +360 -333
- package/bin/lib/lifecycle-state.mjs +351 -267
- package/bin/lib/manifest.mjs +116 -114
- package/bin/lib/models.mjs +411 -411
- package/bin/lib/phase.mjs +397 -378
- package/bin/lib/plan-constants.mjs +30 -30
- package/bin/lib/provenance.mjs +109 -106
- package/bin/lib/rendering.mjs +178 -130
- package/bin/lib/runtime-freshness.mjs +221 -219
- package/bin/lib/templates.mjs +225 -224
- package/bin/lib/workspace-root.mjs +132 -0
- package/distilled/DESIGN.md +2347 -2327
- package/distilled/EVIDENCE-INDEX.md +397 -394
- package/distilled/README.md +196 -193
- package/distilled/SKILL.md +86 -85
- package/distilled/templates/agents.block.md +21 -21
- package/distilled/templates/agents.md +6 -6
- package/distilled/templates/approach.md +232 -232
- package/distilled/templates/auth-matrix.md +78 -78
- package/distilled/templates/brownfield-change/CHANGE.md +99 -0
- package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
- package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
- package/distilled/templates/codebase/architecture.md +110 -110
- package/distilled/templates/codebase/concerns.md +95 -95
- package/distilled/templates/codebase/conventions.md +193 -193
- package/distilled/templates/codebase/stack.md +96 -96
- package/distilled/templates/delegates/approach-explorer.md +25 -25
- package/distilled/templates/delegates/mapper-arch.md +26 -26
- package/distilled/templates/delegates/mapper-concerns.md +27 -27
- package/distilled/templates/delegates/mapper-quality.md +28 -28
- package/distilled/templates/delegates/mapper-tech.md +25 -25
- package/distilled/templates/delegates/plan-checker.md +68 -68
- package/distilled/templates/delegates/researcher-architecture.md +30 -30
- package/distilled/templates/delegates/researcher-features.md +30 -30
- package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
- package/distilled/templates/delegates/researcher-stack.md +30 -30
- package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
- package/distilled/templates/research/architecture.md +57 -57
- package/distilled/templates/research/features.md +23 -23
- package/distilled/templates/research/pitfalls.md +46 -46
- package/distilled/templates/research/stack.md +45 -45
- package/distilled/templates/research/summary.md +67 -67
- package/distilled/templates/roadmap.md +74 -62
- package/distilled/templates/spec.md +110 -110
- package/distilled/workflows/audit-milestone.md +275 -271
- package/distilled/workflows/complete-milestone.md +336 -332
- package/distilled/workflows/execute.md +454 -449
- package/distilled/workflows/map-codebase.md +253 -253
- package/distilled/workflows/new-milestone.md +242 -238
- package/distilled/workflows/new-project.md +398 -398
- package/distilled/workflows/pause.md +160 -156
- package/distilled/workflows/plan-milestone-gaps.md +183 -183
- package/distilled/workflows/plan.md +451 -447
- package/distilled/workflows/progress.md +227 -223
- package/distilled/workflows/quick.md +351 -347
- package/distilled/workflows/resume.md +220 -212
- package/distilled/workflows/verify-work.md +260 -260
- package/distilled/workflows/verify.md +431 -429
- package/docs/BROWNFIELD-PROOF.md +95 -95
- package/docs/RUNTIME-SUPPORT.md +93 -75
- package/docs/USER-GUIDE.md +440 -399
- package/docs/VERIFICATION-DISCIPLINE.md +59 -59
- package/docs/claude/context-monitor.md +98 -98
- package/docs/proof/consumer-node-cli/README.md +37 -37
- package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
- package/docs/proof/consumer-node-cli/SPEC.md +17 -17
- package/docs/proof/consumer-node-cli/brief.md +9 -9
- package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
- package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
- package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
- package/package.json +62 -61
|
@@ -1,272 +1,276 @@
|
|
|
1
|
-
<role>
|
|
2
|
-
You are the MILESTONE AUDITOR. Your job is to verify that a completed milestone achieved its definition of done by aggregating phase verifications, checking cross-phase integration, and assessing requirements coverage.
|
|
3
|
-
|
|
4
|
-
Core mindset: individual phases can pass while the milestone fails. Integration and requirements coverage are what matter at this level.
|
|
5
|
-
</role>
|
|
6
|
-
|
|
7
|
-
<load_context>
|
|
8
|
-
Before starting, read these files:
|
|
9
|
-
1. `.planning/ROADMAP.md` - milestone phases, definitions of done, requirement assignments
|
|
10
|
-
2. `.planning/SPEC.md` - requirement IDs, descriptions, and checkbox status
|
|
11
|
-
3. All phase VERIFICATION.md files (from `.planning/phases/`)
|
|
12
|
-
4. All phase SUMMARY.md files (from `.planning/phases/`)
|
|
13
|
-
5. `.planning/AUTH_MATRIX.md` (if it exists) — authorization matrix for matrix-driven auth verification
|
|
14
|
-
</load_context>
|
|
15
|
-
|
|
16
|
-
<
|
|
17
|
-
|
|
18
|
-
|
|
1
|
+
<role>
|
|
2
|
+
You are the MILESTONE AUDITOR. Your job is to verify that a completed milestone achieved its definition of done by aggregating phase verifications, checking cross-phase integration, and assessing requirements coverage.
|
|
3
|
+
|
|
4
|
+
Core mindset: individual phases can pass while the milestone fails. Integration and requirements coverage are what matter at this level.
|
|
5
|
+
</role>
|
|
6
|
+
|
|
7
|
+
<load_context>
|
|
8
|
+
Before starting, read these files:
|
|
9
|
+
1. `.planning/ROADMAP.md` - milestone phases, definitions of done, requirement assignments
|
|
10
|
+
2. `.planning/SPEC.md` - requirement IDs, descriptions, and checkbox status
|
|
11
|
+
3. All phase VERIFICATION.md files (from `.planning/phases/`)
|
|
12
|
+
4. All phase SUMMARY.md files (from `.planning/phases/`)
|
|
13
|
+
5. `.planning/AUTH_MATRIX.md` (if it exists) — authorization matrix for matrix-driven auth verification
|
|
14
|
+
</load_context>
|
|
15
|
+
|
|
16
|
+
<repo_root_helper_contract>
|
|
17
|
+
All `node .planning/bin/gsdd.mjs ...` helper commands below assume the current working directory is the repo root. If the runtime launched from a subdirectory, change to the repo root before running them.
|
|
18
|
+
</repo_root_helper_contract>
|
|
19
|
+
|
|
20
|
+
<lifecycle_preflight>
|
|
21
|
+
Before determining milestone scope or spawning the integration checker, run:
|
|
22
|
+
|
|
19
23
|
- `node .planning/bin/gsdd.mjs lifecycle-preflight audit-milestone`
|
|
20
|
-
|
|
21
|
-
If the preflight result is `blocked`, STOP and report the blocker instead of inferring milestone eligibility from workflow-local prose.
|
|
22
|
-
|
|
23
|
-
Treat the preflight as an authorization seam over shared repo truth only:
|
|
24
|
-
- it may authorize or reject milestone audit
|
|
25
|
-
- it does not archive or mutate milestone state
|
|
26
|
-
- the owned write for this workflow remains `.planning/v{version}-MILESTONE-AUDIT.md`
|
|
27
|
-
</lifecycle_preflight>
|
|
28
|
-
|
|
29
|
-
<evidence_contract>
|
|
30
|
-
Use the same fixed closure evidence kinds as verification:
|
|
31
|
-
- `code`
|
|
32
|
-
- `test`
|
|
33
|
-
- `runtime`
|
|
34
|
-
- `delivery`
|
|
35
|
-
- `human`
|
|
36
|
-
|
|
37
|
-
Determine milestone `delivery_posture` before grading requirements or flows:
|
|
38
|
-
- `repo_only` — the milestone claim is still repo-local and does not depend on shipped runtime or release proof
|
|
39
|
-
- `delivery_sensitive` — the milestone claims shipped UX, release/install behavior, published proof, or other externally consumed runtime outcomes
|
|
40
|
-
|
|
41
|
-
Apply the shared `audit-milestone` matrix:
|
|
42
|
-
|
|
43
|
-
| delivery_posture | required evidence | recommended evidence | cannot carry closure alone |
|
|
44
|
-
| -------------------- | -------------------------------- | -------------------- | -------------------------- |
|
|
45
|
-
| `repo_only` | `code`, `test` | `runtime`, `human` | `human`, `delivery` |
|
|
46
|
-
| `delivery_sensitive` | `code`, `test`, `runtime`, `delivery` | `human` | `code`, `human` |
|
|
47
|
-
|
|
48
|
-
Rules:
|
|
49
|
-
- repo-only milestones must not invent `runtime` or `delivery` proof just because the audit template mentions them
|
|
50
|
-
- delivery-sensitive audits must not pass on phase prose, code inspection, or tests alone; required `runtime` and `delivery` evidence must be explicitly present
|
|
51
|
-
- `human` evidence is supportive only at audit level unless the audit is already otherwise satisfied
|
|
52
|
-
- record the selected `delivery_posture`, `required_kinds`, `observed_kinds`, and `missing_kinds` in audit frontmatter so completion inherits the same closure contract
|
|
53
|
-
</evidence_contract>
|
|
54
|
-
|
|
55
|
-
<process>
|
|
56
|
-
|
|
57
|
-
## 1. Determine Milestone Scope
|
|
58
|
-
|
|
59
|
-
Parse `.planning/ROADMAP.md` for:
|
|
60
|
-
- All phases in the current milestone (sorted numerically)
|
|
61
|
-
- Milestone definition of done
|
|
62
|
-
- Phase-to-requirement mappings (the Requirements field in each phase detail)
|
|
63
|
-
|
|
64
|
-
Parse `.planning/SPEC.md` for:
|
|
65
|
-
- All requirement IDs with descriptions
|
|
66
|
-
- Current checkbox status (`[x]` vs `[ ]`)
|
|
67
|
-
|
|
68
|
-
## 2. Read All Phase Verifications
|
|
69
|
-
|
|
70
|
-
For each phase directory in `.planning/phases/`, read the VERIFICATION.md.
|
|
71
|
-
|
|
72
|
-
From each VERIFICATION.md, extract:
|
|
73
|
-
- **Status:** passed | gaps_found | human_needed
|
|
74
|
-
- **Critical gaps:** (if any - these are blockers)
|
|
75
|
-
- **Non-critical gaps:** tech debt, deferred items, warnings
|
|
76
|
-
- **Anti-patterns found:** TODOs, stubs, placeholders
|
|
77
|
-
- **Requirements coverage:** which requirements satisfied/blocked
|
|
78
|
-
|
|
79
|
-
If a phase has no VERIFICATION.md, flag it as an unverified phase - this is a blocker.
|
|
80
|
-
|
|
81
|
-
## 3. Spawn Integration Checker
|
|
82
|
-
|
|
83
|
-
With phase context collected, delegate cross-phase integration checking:
|
|
84
|
-
|
|
85
|
-
<delegate>
|
|
86
|
-
**Identity:** Integration Checker
|
|
87
|
-
**Instruction:** Read `.planning/templates/roles/integration-checker.md`, then check cross-phase integration.
|
|
88
|
-
|
|
89
|
-
**Context to provide:**
|
|
90
|
-
- Phase directories in milestone scope
|
|
91
|
-
- Key exports from each phase (extracted from SUMMARYs)
|
|
92
|
-
- API routes and endpoints created
|
|
93
|
-
- Milestone requirement IDs with descriptions and assigned phases
|
|
94
|
-
- `.planning/AUTH_MATRIX.md` path (if it exists)
|
|
95
|
-
|
|
96
|
-
**Task:** Verify cross-phase wiring, API coverage, auth protection, and E2E user flows. Return structured integration report with wiring summary, API coverage, auth protection, E2E flow status, and Requirements Integration Map.
|
|
97
|
-
|
|
98
|
-
**Return:** Structured integration report (wiring, APIs, auth protection, flows, requirements map).
|
|
99
|
-
</delegate>
|
|
100
|
-
|
|
101
|
-
If the runtime supports spawning a subagent: spawn the integration checker as a separate read-only context for independent verification.
|
|
102
|
-
|
|
103
|
-
If the runtime does not support subagent spawn: run the integration check inline within this workflow. Note `reduced_assurance: true` in the audit report - the integration check ran in the same context as the auditor rather than in fresh independent context.
|
|
104
|
-
|
|
105
|
-
Either way, the integration check happens. The quality level is documented.
|
|
106
|
-
|
|
107
|
-
## 4. Collect Results
|
|
108
|
-
|
|
109
|
-
Combine:
|
|
110
|
-
- Phase-level gaps and tech debt (from step 2)
|
|
111
|
-
- Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
|
|
112
|
-
- Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
|
|
113
|
-
|
|
114
|
-
## 5. 3-Source Cross-Reference
|
|
115
|
-
|
|
116
|
-
Cross-reference three independent sources for each requirement to determine satisfaction status.
|
|
117
|
-
|
|
118
|
-
### 5a. Parse SPEC.md Requirements
|
|
119
|
-
|
|
120
|
-
Extract all requirement IDs from `.planning/SPEC.md`:
|
|
121
|
-
- Requirement ID, description, checkbox status (`[x]` vs `[ ]`)
|
|
122
|
-
|
|
123
|
-
### 5b. Parse ROADMAP.md Phase-to-Requirement Mapping
|
|
124
|
-
|
|
125
|
-
For each phase in `.planning/ROADMAP.md`, extract the Requirements field:
|
|
126
|
-
- Which requirements are assigned to which phase
|
|
127
|
-
|
|
128
|
-
### 5c. Parse Phase VERIFICATION.md Requirements Tables
|
|
129
|
-
|
|
130
|
-
For each phase's VERIFICATION.md, extract the requirements coverage section:
|
|
131
|
-
- Which requirements were verified, with what status and evidence
|
|
132
|
-
|
|
133
|
-
### 5d. Extract SUMMARY.md Frontmatter
|
|
134
|
-
|
|
135
|
-
For each phase's SUMMARY.md, extract `requirements-completed` from frontmatter when present:
|
|
136
|
-
- Which requirements the executor claims were completed
|
|
137
|
-
- Treat this as corroborating evidence, not as a hard prerequisite for a satisfied requirement
|
|
138
|
-
|
|
139
|
-
### 5e. Status Determination Matrix
|
|
140
|
-
|
|
141
|
-
For each requirement, determine status using all available sources:
|
|
142
|
-
|
|
143
|
-
| VERIFICATION Status | SUMMARY Frontmatter | SPEC.md Checkbox | Final Status |
|
|
144
|
-
|---------------------|---------------------|------------------|--------------|
|
|
145
|
-
| passed | listed | `[x]` | **satisfied** |
|
|
146
|
-
| passed | listed | `[ ]` | **satisfied** (update spec) |
|
|
147
|
-
| passed | missing | any | **satisfied** (lower confidence; note missing SUMMARY corroboration) |
|
|
148
|
-
| gaps_found | any | any | **unsatisfied** |
|
|
149
|
-
| missing | listed | any | **partial** (verification gap) |
|
|
150
|
-
| missing | missing | any | **unsatisfied** |
|
|
151
|
-
|
|
152
|
-
### 5f. FAIL Gate and Orphan Detection
|
|
153
|
-
|
|
154
|
-
**FAIL gate:** Any `unsatisfied` requirement forces `gaps_found` status on the milestone audit. No exceptions.
|
|
155
|
-
|
|
156
|
-
**Orphan detection:** Requirements in `.planning/SPEC.md` that are mapped to phases in `.planning/ROADMAP.md` but absent from ALL phase VERIFICATION.md files are orphaned. Orphaned requirements are treated as `unsatisfied` - they were assigned but never verified by any phase.
|
|
157
|
-
|
|
158
|
-
## 6. Write Milestone Audit Report
|
|
159
|
-
|
|
160
|
-
Create `.planning/v{version}-MILESTONE-AUDIT.md` with structured frontmatter:
|
|
161
|
-
|
|
162
|
-
```yaml
|
|
163
|
-
---
|
|
164
|
-
milestone: v{version}
|
|
165
|
-
audited: {ISO-8601 timestamp}
|
|
166
|
-
status: passed | gaps_found | tech_debt
|
|
167
|
-
reduced_assurance: false
|
|
168
|
-
delivery_posture: repo_only | delivery_sensitive
|
|
169
|
-
evidence_contract:
|
|
170
|
-
required_kinds: [code, test]
|
|
171
|
-
observed_kinds: [code, test]
|
|
172
|
-
missing_kinds: []
|
|
173
|
-
scores:
|
|
174
|
-
requirements: N/M
|
|
175
|
-
phases: N/M
|
|
176
|
-
integration: N/M
|
|
177
|
-
auth: N/M
|
|
178
|
-
flows: N/M
|
|
179
|
-
gaps:
|
|
180
|
-
requirements:
|
|
181
|
-
- id: "REQ-ID"
|
|
182
|
-
status: "unsatisfied | partial | orphaned"
|
|
183
|
-
phase: "assigned phase"
|
|
184
|
-
claimed_by_plans: ["plan files that reference this requirement"]
|
|
185
|
-
completed_by_plans: ["plan files whose SUMMARY marks it complete"]
|
|
186
|
-
verification_status: "passed | gaps_found | missing | orphaned"
|
|
187
|
-
evidence: "specific evidence or lack thereof"
|
|
188
|
-
integration: [...]
|
|
189
|
-
auth:
|
|
190
|
-
- surface: "admin metrics page"
|
|
191
|
-
status: "unprotected"
|
|
192
|
-
evidence: "Sensitive data renders without auth or role gate"
|
|
193
|
-
flows: [...]
|
|
194
|
-
tech_debt:
|
|
195
|
-
- phase: 01-auth
|
|
196
|
-
items:
|
|
197
|
-
- "TODO: add rate limiting"
|
|
198
|
-
---
|
|
199
|
-
```
|
|
200
|
-
|
|
201
|
-
Plus full markdown report body with tables for requirements, phases, integration findings, auth findings, and tech debt.
|
|
202
|
-
|
|
203
|
-
**Status values:**
|
|
204
|
-
- `passed` - all requirements met, no critical gaps, integration and auth protection verified
|
|
205
|
-
- `gaps_found` - critical blockers exist (unsatisfied requirements, unprotected sensitive flows, broken flows, or missing verifications)
|
|
206
|
-
- `tech_debt` - no blockers but accumulated deferred items need review
|
|
207
|
-
|
|
208
|
-
Evidence gate:
|
|
209
|
-
- a `passed` audit must have no `missing_kinds` for the selected `delivery_posture`
|
|
210
|
-
- `delivery_sensitive` audits cannot pass without explicit `runtime` and `delivery` evidence
|
|
211
|
-
- `repo_only` audits cannot be downgraded merely because `runtime` or `delivery` evidence was never relevant
|
|
212
|
-
|
|
213
|
-
**MANDATORY: The milestone audit report must exist at `.planning/v{version}-MILESTONE-AUDIT.md` on disk before presenting results. If the file was not written, STOP and report the write failure. Do NOT present audit results from conversation context alone — this is the highest-cost artifact to regenerate. Do NOT downgrade a write failure into "results shown inline anyway."**
|
|
214
|
-
|
|
215
|
-
## 7. Present Results
|
|
216
|
-
|
|
217
|
-
Route by audit status:
|
|
218
|
-
|
|
219
|
-
### If passed:
|
|
220
|
-
- Report: all requirements covered, cross-phase integration verified, auth protection verified, E2E flows complete
|
|
221
|
-
- Next step: complete the milestone (archive and tag)
|
|
222
|
-
|
|
223
|
-
### If gaps_found:
|
|
224
|
-
- Report: list unsatisfied requirements, auth or cross-phase issues, broken flows
|
|
225
|
-
- Next step: plan gap closure phases to complete the milestone
|
|
226
|
-
|
|
227
|
-
### If tech_debt:
|
|
228
|
-
- Report: all requirements met, list accumulated tech debt by phase
|
|
229
|
-
- Next step: either complete the milestone (accept debt) or plan a cleanup phase
|
|
230
|
-
|
|
231
|
-
</process>
|
|
232
|
-
|
|
233
|
-
<success_criteria>
|
|
234
|
-
Audit is complete when all of these are true:
|
|
235
|
-
|
|
236
|
-
- [ ] Milestone scope identified from ROADMAP.md
|
|
237
|
-
- [ ] All phase VERIFICATION.md files read (missing ones flagged as blockers)
|
|
238
|
-
- [ ] SUMMARY.md `requirements-completed` frontmatter extracted when present
|
|
239
|
-
- [ ] SPEC.md requirement checkboxes parsed
|
|
240
|
-
- [ ] ROADMAP.md phase-to-requirement mappings extracted
|
|
241
|
-
- [ ] Integration checker ran (subagent or inline with reduced_assurance noted)
|
|
242
|
-
- [ ] 3-source cross-reference completed (VERIFICATION + SUMMARY + SPEC.md)
|
|
243
|
-
- [ ] Orphaned requirements detected (mapped in ROADMAP but absent from all VERIFICATIONs)
|
|
244
|
-
- [ ] Auth-protection findings aggregated for sensitive milestone surfaces
|
|
245
|
-
- [ ] FAIL gate enforced - any unsatisfied requirement forces gaps_found status
|
|
246
|
-
- [ ] Tech debt and deferred gaps aggregated by phase
|
|
247
|
-
- [ ] MILESTONE-AUDIT.md created with structured requirement gap objects
|
|
248
|
-
- [ ] Results presented with actionable next steps based on status
|
|
249
|
-
</success_criteria>
|
|
250
|
-
|
|
251
|
-
<completion>
|
|
252
|
-
Report the audit result to the user, then present the next step:
|
|
253
|
-
|
|
254
|
-
---
|
|
255
|
-
**Completed:** Milestone audit — created `.planning/v{version}-MILESTONE-AUDIT.md`.
|
|
256
|
-
|
|
257
|
-
If status is `passed`:
|
|
258
|
-
**Next step:** `/gsdd-complete-milestone` — archive the milestone and prepare for the next
|
|
259
|
-
|
|
260
|
-
If status is `gaps_found`:
|
|
261
|
-
**Next step:** `/gsdd-plan-milestone-gaps` — create gap-closure phases for the unsatisfied requirements
|
|
262
|
-
|
|
263
|
-
If status is `tech_debt`:
|
|
264
|
-
**Next step:** Either `/gsdd-complete-milestone` (accept debt) or `/gsdd-plan` (cleanup phase)
|
|
265
|
-
|
|
266
|
-
Also available:
|
|
267
|
-
- `/gsdd-verify` — re-verify a specific phase before re-auditing
|
|
268
|
-
- `/gsdd-progress` — check overall project status
|
|
269
|
-
|
|
270
|
-
Consider clearing context before starting the next workflow for best results.
|
|
271
|
-
---
|
|
272
|
-
</completion>
|
|
24
|
+
|
|
25
|
+
If the preflight result is `blocked`, STOP and report the blocker instead of inferring milestone eligibility from workflow-local prose.
|
|
26
|
+
|
|
27
|
+
Treat the preflight as an authorization seam over shared repo truth only:
|
|
28
|
+
- it may authorize or reject milestone audit
|
|
29
|
+
- it does not archive or mutate milestone state
|
|
30
|
+
- the owned write for this workflow remains `.planning/v{version}-MILESTONE-AUDIT.md`
|
|
31
|
+
</lifecycle_preflight>
|
|
32
|
+
|
|
33
|
+
<evidence_contract>
|
|
34
|
+
Use the same fixed closure evidence kinds as verification:
|
|
35
|
+
- `code`
|
|
36
|
+
- `test`
|
|
37
|
+
- `runtime`
|
|
38
|
+
- `delivery`
|
|
39
|
+
- `human`
|
|
40
|
+
|
|
41
|
+
Determine milestone `delivery_posture` before grading requirements or flows:
|
|
42
|
+
- `repo_only` — the milestone claim is still repo-local and does not depend on shipped runtime or release proof
|
|
43
|
+
- `delivery_sensitive` — the milestone claims shipped UX, release/install behavior, published proof, or other externally consumed runtime outcomes
|
|
44
|
+
|
|
45
|
+
Apply the shared `audit-milestone` matrix:
|
|
46
|
+
|
|
47
|
+
| delivery_posture | required evidence | recommended evidence | cannot carry closure alone |
|
|
48
|
+
| -------------------- | -------------------------------- | -------------------- | -------------------------- |
|
|
49
|
+
| `repo_only` | `code`, `test` | `runtime`, `human` | `human`, `delivery` |
|
|
50
|
+
| `delivery_sensitive` | `code`, `test`, `runtime`, `delivery` | `human` | `code`, `human` |
|
|
51
|
+
|
|
52
|
+
Rules:
|
|
53
|
+
- repo-only milestones must not invent `runtime` or `delivery` proof just because the audit template mentions them
|
|
54
|
+
- delivery-sensitive audits must not pass on phase prose, code inspection, or tests alone; required `runtime` and `delivery` evidence must be explicitly present
|
|
55
|
+
- `human` evidence is supportive only at audit level unless the audit is already otherwise satisfied
|
|
56
|
+
- record the selected `delivery_posture`, `required_kinds`, `observed_kinds`, and `missing_kinds` in audit frontmatter so completion inherits the same closure contract
|
|
57
|
+
</evidence_contract>
|
|
58
|
+
|
|
59
|
+
<process>
|
|
60
|
+
|
|
61
|
+
## 1. Determine Milestone Scope
|
|
62
|
+
|
|
63
|
+
Parse `.planning/ROADMAP.md` for:
|
|
64
|
+
- All phases in the current milestone (sorted numerically)
|
|
65
|
+
- Milestone definition of done
|
|
66
|
+
- Phase-to-requirement mappings (the Requirements field in each phase detail)
|
|
67
|
+
|
|
68
|
+
Parse `.planning/SPEC.md` for:
|
|
69
|
+
- All requirement IDs with descriptions
|
|
70
|
+
- Current checkbox status (`[x]` vs `[ ]`)
|
|
71
|
+
|
|
72
|
+
## 2. Read All Phase Verifications
|
|
73
|
+
|
|
74
|
+
For each phase directory in `.planning/phases/`, read the VERIFICATION.md.
|
|
75
|
+
|
|
76
|
+
From each VERIFICATION.md, extract:
|
|
77
|
+
- **Status:** passed | gaps_found | human_needed
|
|
78
|
+
- **Critical gaps:** (if any - these are blockers)
|
|
79
|
+
- **Non-critical gaps:** tech debt, deferred items, warnings
|
|
80
|
+
- **Anti-patterns found:** TODOs, stubs, placeholders
|
|
81
|
+
- **Requirements coverage:** which requirements satisfied/blocked
|
|
82
|
+
|
|
83
|
+
If a phase has no VERIFICATION.md, flag it as an unverified phase - this is a blocker.
|
|
84
|
+
|
|
85
|
+
## 3. Spawn Integration Checker
|
|
86
|
+
|
|
87
|
+
With phase context collected, delegate cross-phase integration checking:
|
|
88
|
+
|
|
89
|
+
<delegate>
|
|
90
|
+
**Identity:** Integration Checker
|
|
91
|
+
**Instruction:** Read `.planning/templates/roles/integration-checker.md`, then check cross-phase integration.
|
|
92
|
+
|
|
93
|
+
**Context to provide:**
|
|
94
|
+
- Phase directories in milestone scope
|
|
95
|
+
- Key exports from each phase (extracted from SUMMARYs)
|
|
96
|
+
- API routes and endpoints created
|
|
97
|
+
- Milestone requirement IDs with descriptions and assigned phases
|
|
98
|
+
- `.planning/AUTH_MATRIX.md` path (if it exists)
|
|
99
|
+
|
|
100
|
+
**Task:** Verify cross-phase wiring, API coverage, auth protection, and E2E user flows. Return structured integration report with wiring summary, API coverage, auth protection, E2E flow status, and Requirements Integration Map.
|
|
101
|
+
|
|
102
|
+
**Return:** Structured integration report (wiring, APIs, auth protection, flows, requirements map).
|
|
103
|
+
</delegate>
|
|
104
|
+
|
|
105
|
+
If the runtime supports spawning a subagent: spawn the integration checker as a separate read-only context for independent verification.
|
|
106
|
+
|
|
107
|
+
If the runtime does not support subagent spawn: run the integration check inline within this workflow. Note `reduced_assurance: true` in the audit report - the integration check ran in the same context as the auditor rather than in fresh independent context.
|
|
108
|
+
|
|
109
|
+
Either way, the integration check happens. The quality level is documented.
|
|
110
|
+
|
|
111
|
+
## 4. Collect Results
|
|
112
|
+
|
|
113
|
+
Combine:
|
|
114
|
+
- Phase-level gaps and tech debt (from step 2)
|
|
115
|
+
- Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
|
|
116
|
+
- Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
|
|
117
|
+
|
|
118
|
+
## 5. 3-Source Cross-Reference
|
|
119
|
+
|
|
120
|
+
Cross-reference three independent sources for each requirement to determine satisfaction status.
|
|
121
|
+
|
|
122
|
+
### 5a. Parse SPEC.md Requirements
|
|
123
|
+
|
|
124
|
+
Extract all requirement IDs from `.planning/SPEC.md`:
|
|
125
|
+
- Requirement ID, description, checkbox status (`[x]` vs `[ ]`)
|
|
126
|
+
|
|
127
|
+
### 5b. Parse ROADMAP.md Phase-to-Requirement Mapping
|
|
128
|
+
|
|
129
|
+
For each phase in `.planning/ROADMAP.md`, extract the Requirements field:
|
|
130
|
+
- Which requirements are assigned to which phase
|
|
131
|
+
|
|
132
|
+
### 5c. Parse Phase VERIFICATION.md Requirements Tables
|
|
133
|
+
|
|
134
|
+
For each phase's VERIFICATION.md, extract the requirements coverage section:
|
|
135
|
+
- Which requirements were verified, with what status and evidence
|
|
136
|
+
|
|
137
|
+
### 5d. Extract SUMMARY.md Frontmatter
|
|
138
|
+
|
|
139
|
+
For each phase's SUMMARY.md, extract `requirements-completed` from frontmatter when present:
|
|
140
|
+
- Which requirements the executor claims were completed
|
|
141
|
+
- Treat this as corroborating evidence, not as a hard prerequisite for a satisfied requirement
|
|
142
|
+
|
|
143
|
+
### 5e. Status Determination Matrix
|
|
144
|
+
|
|
145
|
+
For each requirement, determine status using all available sources:
|
|
146
|
+
|
|
147
|
+
| VERIFICATION Status | SUMMARY Frontmatter | SPEC.md Checkbox | Final Status |
|
|
148
|
+
|---------------------|---------------------|------------------|--------------|
|
|
149
|
+
| passed | listed | `[x]` | **satisfied** |
|
|
150
|
+
| passed | listed | `[ ]` | **satisfied** (update spec) |
|
|
151
|
+
| passed | missing | any | **satisfied** (lower confidence; note missing SUMMARY corroboration) |
|
|
152
|
+
| gaps_found | any | any | **unsatisfied** |
|
|
153
|
+
| missing | listed | any | **partial** (verification gap) |
|
|
154
|
+
| missing | missing | any | **unsatisfied** |
|
|
155
|
+
|
|
156
|
+
### 5f. FAIL Gate and Orphan Detection
|
|
157
|
+
|
|
158
|
+
**FAIL gate:** Any `unsatisfied` requirement forces `gaps_found` status on the milestone audit. No exceptions.
|
|
159
|
+
|
|
160
|
+
**Orphan detection:** Requirements in `.planning/SPEC.md` that are mapped to phases in `.planning/ROADMAP.md` but absent from ALL phase VERIFICATION.md files are orphaned. Orphaned requirements are treated as `unsatisfied` - they were assigned but never verified by any phase.
|
|
161
|
+
|
|
162
|
+
## 6. Write Milestone Audit Report
|
|
163
|
+
|
|
164
|
+
Create `.planning/v{version}-MILESTONE-AUDIT.md` with structured frontmatter:
|
|
165
|
+
|
|
166
|
+
```yaml
|
|
167
|
+
---
|
|
168
|
+
milestone: v{version}
|
|
169
|
+
audited: {ISO-8601 timestamp}
|
|
170
|
+
status: passed | gaps_found | tech_debt
|
|
171
|
+
reduced_assurance: false
|
|
172
|
+
delivery_posture: repo_only | delivery_sensitive
|
|
173
|
+
evidence_contract:
|
|
174
|
+
required_kinds: [code, test]
|
|
175
|
+
observed_kinds: [code, test]
|
|
176
|
+
missing_kinds: []
|
|
177
|
+
scores:
|
|
178
|
+
requirements: N/M
|
|
179
|
+
phases: N/M
|
|
180
|
+
integration: N/M
|
|
181
|
+
auth: N/M
|
|
182
|
+
flows: N/M
|
|
183
|
+
gaps:
|
|
184
|
+
requirements:
|
|
185
|
+
- id: "REQ-ID"
|
|
186
|
+
status: "unsatisfied | partial | orphaned"
|
|
187
|
+
phase: "assigned phase"
|
|
188
|
+
claimed_by_plans: ["plan files that reference this requirement"]
|
|
189
|
+
completed_by_plans: ["plan files whose SUMMARY marks it complete"]
|
|
190
|
+
verification_status: "passed | gaps_found | missing | orphaned"
|
|
191
|
+
evidence: "specific evidence or lack thereof"
|
|
192
|
+
integration: [...]
|
|
193
|
+
auth:
|
|
194
|
+
- surface: "admin metrics page"
|
|
195
|
+
status: "unprotected"
|
|
196
|
+
evidence: "Sensitive data renders without auth or role gate"
|
|
197
|
+
flows: [...]
|
|
198
|
+
tech_debt:
|
|
199
|
+
- phase: 01-auth
|
|
200
|
+
items:
|
|
201
|
+
- "TODO: add rate limiting"
|
|
202
|
+
---
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
Plus full markdown report body with tables for requirements, phases, integration findings, auth findings, and tech debt.
|
|
206
|
+
|
|
207
|
+
**Status values:**
|
|
208
|
+
- `passed` - all requirements met, no critical gaps, integration and auth protection verified
|
|
209
|
+
- `gaps_found` - critical blockers exist (unsatisfied requirements, unprotected sensitive flows, broken flows, or missing verifications)
|
|
210
|
+
- `tech_debt` - no blockers but accumulated deferred items need review
|
|
211
|
+
|
|
212
|
+
Evidence gate:
|
|
213
|
+
- a `passed` audit must have no `missing_kinds` for the selected `delivery_posture`
|
|
214
|
+
- `delivery_sensitive` audits cannot pass without explicit `runtime` and `delivery` evidence
|
|
215
|
+
- `repo_only` audits cannot be downgraded merely because `runtime` or `delivery` evidence was never relevant
|
|
216
|
+
|
|
217
|
+
**MANDATORY: The milestone audit report must exist at `.planning/v{version}-MILESTONE-AUDIT.md` on disk before presenting results. If the file was not written, STOP and report the write failure. Do NOT present audit results from conversation context alone — this is the highest-cost artifact to regenerate. Do NOT downgrade a write failure into "results shown inline anyway."**
|
|
218
|
+
|
|
219
|
+
## 7. Present Results
|
|
220
|
+
|
|
221
|
+
Route by audit status:
|
|
222
|
+
|
|
223
|
+
### If passed:
|
|
224
|
+
- Report: all requirements covered, cross-phase integration verified, auth protection verified, E2E flows complete
|
|
225
|
+
- Next step: complete the milestone (archive and tag)
|
|
226
|
+
|
|
227
|
+
### If gaps_found:
|
|
228
|
+
- Report: list unsatisfied requirements, auth or cross-phase issues, broken flows
|
|
229
|
+
- Next step: plan gap closure phases to complete the milestone
|
|
230
|
+
|
|
231
|
+
### If tech_debt:
|
|
232
|
+
- Report: all requirements met, list accumulated tech debt by phase
|
|
233
|
+
- Next step: either complete the milestone (accept debt) or plan a cleanup phase
|
|
234
|
+
|
|
235
|
+
</process>
|
|
236
|
+
|
|
237
|
+
<success_criteria>
|
|
238
|
+
Audit is complete when all of these are true:
|
|
239
|
+
|
|
240
|
+
- [ ] Milestone scope identified from ROADMAP.md
|
|
241
|
+
- [ ] All phase VERIFICATION.md files read (missing ones flagged as blockers)
|
|
242
|
+
- [ ] SUMMARY.md `requirements-completed` frontmatter extracted when present
|
|
243
|
+
- [ ] SPEC.md requirement checkboxes parsed
|
|
244
|
+
- [ ] ROADMAP.md phase-to-requirement mappings extracted
|
|
245
|
+
- [ ] Integration checker ran (subagent or inline with reduced_assurance noted)
|
|
246
|
+
- [ ] 3-source cross-reference completed (VERIFICATION + SUMMARY + SPEC.md)
|
|
247
|
+
- [ ] Orphaned requirements detected (mapped in ROADMAP but absent from all VERIFICATIONs)
|
|
248
|
+
- [ ] Auth-protection findings aggregated for sensitive milestone surfaces
|
|
249
|
+
- [ ] FAIL gate enforced - any unsatisfied requirement forces gaps_found status
|
|
250
|
+
- [ ] Tech debt and deferred gaps aggregated by phase
|
|
251
|
+
- [ ] MILESTONE-AUDIT.md created with structured requirement gap objects
|
|
252
|
+
- [ ] Results presented with actionable next steps based on status
|
|
253
|
+
</success_criteria>
|
|
254
|
+
|
|
255
|
+
<completion>
|
|
256
|
+
Report the audit result to the user, then present the next step:
|
|
257
|
+
|
|
258
|
+
---
|
|
259
|
+
**Completed:** Milestone audit — created `.planning/v{version}-MILESTONE-AUDIT.md`.
|
|
260
|
+
|
|
261
|
+
If status is `passed`:
|
|
262
|
+
**Next step:** `/gsdd-complete-milestone` — archive the milestone and prepare for the next
|
|
263
|
+
|
|
264
|
+
If status is `gaps_found`:
|
|
265
|
+
**Next step:** `/gsdd-plan-milestone-gaps` — create gap-closure phases for the unsatisfied requirements
|
|
266
|
+
|
|
267
|
+
If status is `tech_debt`:
|
|
268
|
+
**Next step:** Either `/gsdd-complete-milestone` (accept debt) or `/gsdd-plan` (cleanup phase)
|
|
269
|
+
|
|
270
|
+
Also available:
|
|
271
|
+
- `/gsdd-verify` — re-verify a specific phase before re-auditing
|
|
272
|
+
- `/gsdd-progress` — check overall project status
|
|
273
|
+
|
|
274
|
+
Consider clearing context before starting the next workflow for best results.
|
|
275
|
+
---
|
|
276
|
+
</completion>
|