gsdd-cli 0.18.5 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +609 -608
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +361 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +394 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +313 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +191 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +278 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +112 -112
  23. package/bin/lib/file-ops.mjs +186 -144
  24. package/bin/lib/health-truth.mjs +181 -178
  25. package/bin/lib/health.mjs +246 -226
  26. package/bin/lib/init-flow.mjs +247 -231
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +191 -190
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +347 -325
  31. package/bin/lib/lifecycle-state.mjs +351 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +360 -358
  35. package/bin/lib/plan-constants.mjs +30 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +115 -83
  38. package/bin/lib/runtime-freshness.mjs +214 -214
  39. package/bin/lib/templates.mjs +225 -224
  40. package/bin/lib/workspace-root.mjs +2 -1
  41. package/distilled/DESIGN.md +2333 -2323
  42. package/distilled/EVIDENCE-INDEX.md +394 -392
  43. package/distilled/README.md +196 -193
  44. package/distilled/SKILL.md +86 -85
  45. package/distilled/templates/agents.block.md +21 -21
  46. package/distilled/templates/agents.md +6 -6
  47. package/distilled/templates/approach.md +232 -232
  48. package/distilled/templates/auth-matrix.md +78 -78
  49. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  50. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  51. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  52. package/distilled/templates/codebase/architecture.md +110 -110
  53. package/distilled/templates/codebase/concerns.md +95 -95
  54. package/distilled/templates/codebase/conventions.md +193 -193
  55. package/distilled/templates/codebase/stack.md +96 -96
  56. package/distilled/templates/delegates/approach-explorer.md +25 -25
  57. package/distilled/templates/delegates/mapper-arch.md +26 -26
  58. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  59. package/distilled/templates/delegates/mapper-quality.md +28 -28
  60. package/distilled/templates/delegates/mapper-tech.md +25 -25
  61. package/distilled/templates/delegates/plan-checker.md +68 -68
  62. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  63. package/distilled/templates/delegates/researcher-features.md +30 -30
  64. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  65. package/distilled/templates/delegates/researcher-stack.md +30 -30
  66. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  67. package/distilled/templates/research/architecture.md +57 -57
  68. package/distilled/templates/research/features.md +23 -23
  69. package/distilled/templates/research/pitfalls.md +46 -46
  70. package/distilled/templates/research/stack.md +45 -45
  71. package/distilled/templates/research/summary.md +67 -67
  72. package/distilled/templates/roadmap.md +74 -62
  73. package/distilled/templates/spec.md +110 -110
  74. package/distilled/workflows/audit-milestone.md +275 -271
  75. package/distilled/workflows/complete-milestone.md +336 -332
  76. package/distilled/workflows/execute.md +454 -449
  77. package/distilled/workflows/map-codebase.md +253 -253
  78. package/distilled/workflows/new-milestone.md +242 -238
  79. package/distilled/workflows/new-project.md +398 -398
  80. package/distilled/workflows/pause.md +160 -156
  81. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  82. package/distilled/workflows/plan.md +451 -447
  83. package/distilled/workflows/progress.md +227 -223
  84. package/distilled/workflows/quick.md +351 -347
  85. package/distilled/workflows/resume.md +220 -212
  86. package/distilled/workflows/verify-work.md +260 -260
  87. package/distilled/workflows/verify.md +431 -429
  88. package/docs/BROWNFIELD-PROOF.md +95 -95
  89. package/docs/RUNTIME-SUPPORT.md +80 -69
  90. package/docs/USER-GUIDE.md +394 -386
  91. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  92. package/docs/claude/context-monitor.md +98 -98
  93. package/docs/proof/consumer-node-cli/README.md +37 -37
  94. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  95. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  96. package/docs/proof/consumer-node-cli/brief.md +9 -9
  97. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  100. package/package.json +62 -61
@@ -1,272 +1,276 @@
1
- <role>
2
- You are the MILESTONE AUDITOR. Your job is to verify that a completed milestone achieved its definition of done by aggregating phase verifications, checking cross-phase integration, and assessing requirements coverage.
3
-
4
- Core mindset: individual phases can pass while the milestone fails. Integration and requirements coverage are what matter at this level.
5
- </role>
6
-
7
- <load_context>
8
- Before starting, read these files:
9
- 1. `.planning/ROADMAP.md` - milestone phases, definitions of done, requirement assignments
10
- 2. `.planning/SPEC.md` - requirement IDs, descriptions, and checkbox status
11
- 3. All phase VERIFICATION.md files (from `.planning/phases/`)
12
- 4. All phase SUMMARY.md files (from `.planning/phases/`)
13
- 5. `.planning/AUTH_MATRIX.md` (if it exists) — authorization matrix for matrix-driven auth verification
14
- </load_context>
15
-
16
- <lifecycle_preflight>
17
- Before determining milestone scope or spawning the integration checker, run:
18
-
1
+ <role>
2
+ You are the MILESTONE AUDITOR. Your job is to verify that a completed milestone achieved its definition of done by aggregating phase verifications, checking cross-phase integration, and assessing requirements coverage.
3
+
4
+ Core mindset: individual phases can pass while the milestone fails. Integration and requirements coverage are what matter at this level.
5
+ </role>
6
+
7
+ <load_context>
8
+ Before starting, read these files:
9
+ 1. `.planning/ROADMAP.md` - milestone phases, definitions of done, requirement assignments
10
+ 2. `.planning/SPEC.md` - requirement IDs, descriptions, and checkbox status
11
+ 3. All phase VERIFICATION.md files (from `.planning/phases/`)
12
+ 4. All phase SUMMARY.md files (from `.planning/phases/`)
13
+ 5. `.planning/AUTH_MATRIX.md` (if it exists) — authorization matrix for matrix-driven auth verification
14
+ </load_context>
15
+
16
+ <repo_root_helper_contract>
17
+ All `node .planning/bin/gsdd.mjs ...` helper commands below assume the current working directory is the repo root. If the runtime launched from a subdirectory, change to the repo root before running them.
18
+ </repo_root_helper_contract>
19
+
20
+ <lifecycle_preflight>
21
+ Before determining milestone scope or spawning the integration checker, run:
22
+
19
23
  - `node .planning/bin/gsdd.mjs lifecycle-preflight audit-milestone`
20
-
21
- If the preflight result is `blocked`, STOP and report the blocker instead of inferring milestone eligibility from workflow-local prose.
22
-
23
- Treat the preflight as an authorization seam over shared repo truth only:
24
- - it may authorize or reject milestone audit
25
- - it does not archive or mutate milestone state
26
- - the owned write for this workflow remains `.planning/v{version}-MILESTONE-AUDIT.md`
27
- </lifecycle_preflight>
28
-
29
- <evidence_contract>
30
- Use the same fixed closure evidence kinds as verification:
31
- - `code`
32
- - `test`
33
- - `runtime`
34
- - `delivery`
35
- - `human`
36
-
37
- Determine milestone `delivery_posture` before grading requirements or flows:
38
- - `repo_only` — the milestone claim is still repo-local and does not depend on shipped runtime or release proof
39
- - `delivery_sensitive` — the milestone claims shipped UX, release/install behavior, published proof, or other externally consumed runtime outcomes
40
-
41
- Apply the shared `audit-milestone` matrix:
42
-
43
- | delivery_posture | required evidence | recommended evidence | cannot carry closure alone |
44
- | -------------------- | -------------------------------- | -------------------- | -------------------------- |
45
- | `repo_only` | `code`, `test` | `runtime`, `human` | `human`, `delivery` |
46
- | `delivery_sensitive` | `code`, `test`, `runtime`, `delivery` | `human` | `code`, `human` |
47
-
48
- Rules:
49
- - repo-only milestones must not invent `runtime` or `delivery` proof just because the audit template mentions them
50
- - delivery-sensitive audits must not pass on phase prose, code inspection, or tests alone; required `runtime` and `delivery` evidence must be explicitly present
51
- - `human` evidence is supportive only at audit level unless the audit is already otherwise satisfied
52
- - record the selected `delivery_posture`, `required_kinds`, `observed_kinds`, and `missing_kinds` in audit frontmatter so completion inherits the same closure contract
53
- </evidence_contract>
54
-
55
- <process>
56
-
57
- ## 1. Determine Milestone Scope
58
-
59
- Parse `.planning/ROADMAP.md` for:
60
- - All phases in the current milestone (sorted numerically)
61
- - Milestone definition of done
62
- - Phase-to-requirement mappings (the Requirements field in each phase detail)
63
-
64
- Parse `.planning/SPEC.md` for:
65
- - All requirement IDs with descriptions
66
- - Current checkbox status (`[x]` vs `[ ]`)
67
-
68
- ## 2. Read All Phase Verifications
69
-
70
- For each phase directory in `.planning/phases/`, read the VERIFICATION.md.
71
-
72
- From each VERIFICATION.md, extract:
73
- - **Status:** passed | gaps_found | human_needed
74
- - **Critical gaps:** (if any - these are blockers)
75
- - **Non-critical gaps:** tech debt, deferred items, warnings
76
- - **Anti-patterns found:** TODOs, stubs, placeholders
77
- - **Requirements coverage:** which requirements satisfied/blocked
78
-
79
- If a phase has no VERIFICATION.md, flag it as an unverified phase - this is a blocker.
80
-
81
- ## 3. Spawn Integration Checker
82
-
83
- With phase context collected, delegate cross-phase integration checking:
84
-
85
- <delegate>
86
- **Identity:** Integration Checker
87
- **Instruction:** Read `.planning/templates/roles/integration-checker.md`, then check cross-phase integration.
88
-
89
- **Context to provide:**
90
- - Phase directories in milestone scope
91
- - Key exports from each phase (extracted from SUMMARYs)
92
- - API routes and endpoints created
93
- - Milestone requirement IDs with descriptions and assigned phases
94
- - `.planning/AUTH_MATRIX.md` path (if it exists)
95
-
96
- **Task:** Verify cross-phase wiring, API coverage, auth protection, and E2E user flows. Return structured integration report with wiring summary, API coverage, auth protection, E2E flow status, and Requirements Integration Map.
97
-
98
- **Return:** Structured integration report (wiring, APIs, auth protection, flows, requirements map).
99
- </delegate>
100
-
101
- If the runtime supports spawning a subagent: spawn the integration checker as a separate read-only context for independent verification.
102
-
103
- If the runtime does not support subagent spawn: run the integration check inline within this workflow. Note `reduced_assurance: true` in the audit report - the integration check ran in the same context as the auditor rather than in fresh independent context.
104
-
105
- Either way, the integration check happens. The quality level is documented.
106
-
107
- ## 4. Collect Results
108
-
109
- Combine:
110
- - Phase-level gaps and tech debt (from step 2)
111
- - Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
112
- - Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
113
-
114
- ## 5. 3-Source Cross-Reference
115
-
116
- Cross-reference three independent sources for each requirement to determine satisfaction status.
117
-
118
- ### 5a. Parse SPEC.md Requirements
119
-
120
- Extract all requirement IDs from `.planning/SPEC.md`:
121
- - Requirement ID, description, checkbox status (`[x]` vs `[ ]`)
122
-
123
- ### 5b. Parse ROADMAP.md Phase-to-Requirement Mapping
124
-
125
- For each phase in `.planning/ROADMAP.md`, extract the Requirements field:
126
- - Which requirements are assigned to which phase
127
-
128
- ### 5c. Parse Phase VERIFICATION.md Requirements Tables
129
-
130
- For each phase's VERIFICATION.md, extract the requirements coverage section:
131
- - Which requirements were verified, with what status and evidence
132
-
133
- ### 5d. Extract SUMMARY.md Frontmatter
134
-
135
- For each phase's SUMMARY.md, extract `requirements-completed` from frontmatter when present:
136
- - Which requirements the executor claims were completed
137
- - Treat this as corroborating evidence, not as a hard prerequisite for a satisfied requirement
138
-
139
- ### 5e. Status Determination Matrix
140
-
141
- For each requirement, determine status using all available sources:
142
-
143
- | VERIFICATION Status | SUMMARY Frontmatter | SPEC.md Checkbox | Final Status |
144
- |---------------------|---------------------|------------------|--------------|
145
- | passed | listed | `[x]` | **satisfied** |
146
- | passed | listed | `[ ]` | **satisfied** (update spec) |
147
- | passed | missing | any | **satisfied** (lower confidence; note missing SUMMARY corroboration) |
148
- | gaps_found | any | any | **unsatisfied** |
149
- | missing | listed | any | **partial** (verification gap) |
150
- | missing | missing | any | **unsatisfied** |
151
-
152
- ### 5f. FAIL Gate and Orphan Detection
153
-
154
- **FAIL gate:** Any `unsatisfied` requirement forces `gaps_found` status on the milestone audit. No exceptions.
155
-
156
- **Orphan detection:** Requirements in `.planning/SPEC.md` that are mapped to phases in `.planning/ROADMAP.md` but absent from ALL phase VERIFICATION.md files are orphaned. Orphaned requirements are treated as `unsatisfied` - they were assigned but never verified by any phase.
157
-
158
- ## 6. Write Milestone Audit Report
159
-
160
- Create `.planning/v{version}-MILESTONE-AUDIT.md` with structured frontmatter:
161
-
162
- ```yaml
163
- ---
164
- milestone: v{version}
165
- audited: {ISO-8601 timestamp}
166
- status: passed | gaps_found | tech_debt
167
- reduced_assurance: false
168
- delivery_posture: repo_only | delivery_sensitive
169
- evidence_contract:
170
- required_kinds: [code, test]
171
- observed_kinds: [code, test]
172
- missing_kinds: []
173
- scores:
174
- requirements: N/M
175
- phases: N/M
176
- integration: N/M
177
- auth: N/M
178
- flows: N/M
179
- gaps:
180
- requirements:
181
- - id: "REQ-ID"
182
- status: "unsatisfied | partial | orphaned"
183
- phase: "assigned phase"
184
- claimed_by_plans: ["plan files that reference this requirement"]
185
- completed_by_plans: ["plan files whose SUMMARY marks it complete"]
186
- verification_status: "passed | gaps_found | missing | orphaned"
187
- evidence: "specific evidence or lack thereof"
188
- integration: [...]
189
- auth:
190
- - surface: "admin metrics page"
191
- status: "unprotected"
192
- evidence: "Sensitive data renders without auth or role gate"
193
- flows: [...]
194
- tech_debt:
195
- - phase: 01-auth
196
- items:
197
- - "TODO: add rate limiting"
198
- ---
199
- ```
200
-
201
- Plus full markdown report body with tables for requirements, phases, integration findings, auth findings, and tech debt.
202
-
203
- **Status values:**
204
- - `passed` - all requirements met, no critical gaps, integration and auth protection verified
205
- - `gaps_found` - critical blockers exist (unsatisfied requirements, unprotected sensitive flows, broken flows, or missing verifications)
206
- - `tech_debt` - no blockers but accumulated deferred items need review
207
-
208
- Evidence gate:
209
- - a `passed` audit must have no `missing_kinds` for the selected `delivery_posture`
210
- - `delivery_sensitive` audits cannot pass without explicit `runtime` and `delivery` evidence
211
- - `repo_only` audits cannot be downgraded merely because `runtime` or `delivery` evidence was never relevant
212
-
213
- **MANDATORY: The milestone audit report must exist at `.planning/v{version}-MILESTONE-AUDIT.md` on disk before presenting results. If the file was not written, STOP and report the write failure. Do NOT present audit results from conversation context alone — this is the highest-cost artifact to regenerate. Do NOT downgrade a write failure into "results shown inline anyway."**
214
-
215
- ## 7. Present Results
216
-
217
- Route by audit status:
218
-
219
- ### If passed:
220
- - Report: all requirements covered, cross-phase integration verified, auth protection verified, E2E flows complete
221
- - Next step: complete the milestone (archive and tag)
222
-
223
- ### If gaps_found:
224
- - Report: list unsatisfied requirements, auth or cross-phase issues, broken flows
225
- - Next step: plan gap closure phases to complete the milestone
226
-
227
- ### If tech_debt:
228
- - Report: all requirements met, list accumulated tech debt by phase
229
- - Next step: either complete the milestone (accept debt) or plan a cleanup phase
230
-
231
- </process>
232
-
233
- <success_criteria>
234
- Audit is complete when all of these are true:
235
-
236
- - [ ] Milestone scope identified from ROADMAP.md
237
- - [ ] All phase VERIFICATION.md files read (missing ones flagged as blockers)
238
- - [ ] SUMMARY.md `requirements-completed` frontmatter extracted when present
239
- - [ ] SPEC.md requirement checkboxes parsed
240
- - [ ] ROADMAP.md phase-to-requirement mappings extracted
241
- - [ ] Integration checker ran (subagent or inline with reduced_assurance noted)
242
- - [ ] 3-source cross-reference completed (VERIFICATION + SUMMARY + SPEC.md)
243
- - [ ] Orphaned requirements detected (mapped in ROADMAP but absent from all VERIFICATIONs)
244
- - [ ] Auth-protection findings aggregated for sensitive milestone surfaces
245
- - [ ] FAIL gate enforced - any unsatisfied requirement forces gaps_found status
246
- - [ ] Tech debt and deferred gaps aggregated by phase
247
- - [ ] MILESTONE-AUDIT.md created with structured requirement gap objects
248
- - [ ] Results presented with actionable next steps based on status
249
- </success_criteria>
250
-
251
- <completion>
252
- Report the audit result to the user, then present the next step:
253
-
254
- ---
255
- **Completed:** Milestone audit — created `.planning/v{version}-MILESTONE-AUDIT.md`.
256
-
257
- If status is `passed`:
258
- **Next step:** `/gsdd-complete-milestone` — archive the milestone and prepare for the next
259
-
260
- If status is `gaps_found`:
261
- **Next step:** `/gsdd-plan-milestone-gaps` — create gap-closure phases for the unsatisfied requirements
262
-
263
- If status is `tech_debt`:
264
- **Next step:** Either `/gsdd-complete-milestone` (accept debt) or `/gsdd-plan` (cleanup phase)
265
-
266
- Also available:
267
- - `/gsdd-verify` — re-verify a specific phase before re-auditing
268
- - `/gsdd-progress` — check overall project status
269
-
270
- Consider clearing context before starting the next workflow for best results.
271
- ---
272
- </completion>
24
+
25
+ If the preflight result is `blocked`, STOP and report the blocker instead of inferring milestone eligibility from workflow-local prose.
26
+
27
+ Treat the preflight as an authorization seam over shared repo truth only:
28
+ - it may authorize or reject milestone audit
29
+ - it does not archive or mutate milestone state
30
+ - the owned write for this workflow remains `.planning/v{version}-MILESTONE-AUDIT.md`
31
+ </lifecycle_preflight>
32
+
33
+ <evidence_contract>
34
+ Use the same fixed closure evidence kinds as verification:
35
+ - `code`
36
+ - `test`
37
+ - `runtime`
38
+ - `delivery`
39
+ - `human`
40
+
41
+ Determine milestone `delivery_posture` before grading requirements or flows:
42
+ - `repo_only` — the milestone claim is still repo-local and does not depend on shipped runtime or release proof
43
+ - `delivery_sensitive` — the milestone claims shipped UX, release/install behavior, published proof, or other externally consumed runtime outcomes
44
+
45
+ Apply the shared `audit-milestone` matrix:
46
+
47
+ | delivery_posture | required evidence | recommended evidence | cannot carry closure alone |
48
+ | -------------------- | -------------------------------- | -------------------- | -------------------------- |
49
+ | `repo_only` | `code`, `test` | `runtime`, `human` | `human`, `delivery` |
50
+ | `delivery_sensitive` | `code`, `test`, `runtime`, `delivery` | `human` | `code`, `human` |
51
+
52
+ Rules:
53
+ - repo-only milestones must not invent `runtime` or `delivery` proof just because the audit template mentions them
54
+ - delivery-sensitive audits must not pass on phase prose, code inspection, or tests alone; required `runtime` and `delivery` evidence must be explicitly present
55
+ - `human` evidence is supportive only at audit level unless the audit is already otherwise satisfied
56
+ - record the selected `delivery_posture`, `required_kinds`, `observed_kinds`, and `missing_kinds` in audit frontmatter so completion inherits the same closure contract
57
+ </evidence_contract>
58
+
59
+ <process>
60
+
61
+ ## 1. Determine Milestone Scope
62
+
63
+ Parse `.planning/ROADMAP.md` for:
64
+ - All phases in the current milestone (sorted numerically)
65
+ - Milestone definition of done
66
+ - Phase-to-requirement mappings (the Requirements field in each phase detail)
67
+
68
+ Parse `.planning/SPEC.md` for:
69
+ - All requirement IDs with descriptions
70
+ - Current checkbox status (`[x]` vs `[ ]`)
71
+
72
+ ## 2. Read All Phase Verifications
73
+
74
+ For each phase directory in `.planning/phases/`, read the VERIFICATION.md.
75
+
76
+ From each VERIFICATION.md, extract:
77
+ - **Status:** passed | gaps_found | human_needed
78
+ - **Critical gaps:** (if any - these are blockers)
79
+ - **Non-critical gaps:** tech debt, deferred items, warnings
80
+ - **Anti-patterns found:** TODOs, stubs, placeholders
81
+ - **Requirements coverage:** which requirements satisfied/blocked
82
+
83
+ If a phase has no VERIFICATION.md, flag it as an unverified phase - this is a blocker.
84
+
85
+ ## 3. Spawn Integration Checker
86
+
87
+ With phase context collected, delegate cross-phase integration checking:
88
+
89
+ <delegate>
90
+ **Identity:** Integration Checker
91
+ **Instruction:** Read `.planning/templates/roles/integration-checker.md`, then check cross-phase integration.
92
+
93
+ **Context to provide:**
94
+ - Phase directories in milestone scope
95
+ - Key exports from each phase (extracted from SUMMARYs)
96
+ - API routes and endpoints created
97
+ - Milestone requirement IDs with descriptions and assigned phases
98
+ - `.planning/AUTH_MATRIX.md` path (if it exists)
99
+
100
+ **Task:** Verify cross-phase wiring, API coverage, auth protection, and E2E user flows. Return structured integration report with wiring summary, API coverage, auth protection, E2E flow status, and Requirements Integration Map.
101
+
102
+ **Return:** Structured integration report (wiring, APIs, auth protection, flows, requirements map).
103
+ </delegate>
104
+
105
+ If the runtime supports spawning a subagent: spawn the integration checker as a separate read-only context for independent verification.
106
+
107
+ If the runtime does not support subagent spawn: run the integration check inline within this workflow. Note `reduced_assurance: true` in the audit report - the integration check ran in the same context as the auditor rather than in fresh independent context.
108
+
109
+ Either way, the integration check happens. The quality level is documented.
110
+
111
+ ## 4. Collect Results
112
+
113
+ Combine:
114
+ - Phase-level gaps and tech debt (from step 2)
115
+ - Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
116
+ - Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
117
+
118
+ ## 5. 3-Source Cross-Reference
119
+
120
+ Cross-reference three independent sources for each requirement to determine satisfaction status.
121
+
122
+ ### 5a. Parse SPEC.md Requirements
123
+
124
+ Extract all requirement IDs from `.planning/SPEC.md`:
125
+ - Requirement ID, description, checkbox status (`[x]` vs `[ ]`)
126
+
127
+ ### 5b. Parse ROADMAP.md Phase-to-Requirement Mapping
128
+
129
+ For each phase in `.planning/ROADMAP.md`, extract the Requirements field:
130
+ - Which requirements are assigned to which phase
131
+
132
+ ### 5c. Parse Phase VERIFICATION.md Requirements Tables
133
+
134
+ For each phase's VERIFICATION.md, extract the requirements coverage section:
135
+ - Which requirements were verified, with what status and evidence
136
+
137
+ ### 5d. Extract SUMMARY.md Frontmatter
138
+
139
+ For each phase's SUMMARY.md, extract `requirements-completed` from frontmatter when present:
140
+ - Which requirements the executor claims were completed
141
+ - Treat this as corroborating evidence, not as a hard prerequisite for a satisfied requirement
142
+
143
+ ### 5e. Status Determination Matrix
144
+
145
+ For each requirement, determine status using all available sources:
146
+
147
+ | VERIFICATION Status | SUMMARY Frontmatter | SPEC.md Checkbox | Final Status |
148
+ |---------------------|---------------------|------------------|--------------|
149
+ | passed | listed | `[x]` | **satisfied** |
150
+ | passed | listed | `[ ]` | **satisfied** (update spec) |
151
+ | passed | missing | any | **satisfied** (lower confidence; note missing SUMMARY corroboration) |
152
+ | gaps_found | any | any | **unsatisfied** |
153
+ | missing | listed | any | **partial** (verification gap) |
154
+ | missing | missing | any | **unsatisfied** |
155
+
156
+ ### 5f. FAIL Gate and Orphan Detection
157
+
158
+ **FAIL gate:** Any `unsatisfied` requirement forces `gaps_found` status on the milestone audit. No exceptions.
159
+
160
+ **Orphan detection:** Requirements in `.planning/SPEC.md` that are mapped to phases in `.planning/ROADMAP.md` but absent from ALL phase VERIFICATION.md files are orphaned. Orphaned requirements are treated as `unsatisfied` - they were assigned but never verified by any phase.
161
+
162
+ ## 6. Write Milestone Audit Report
163
+
164
+ Create `.planning/v{version}-MILESTONE-AUDIT.md` with structured frontmatter:
165
+
166
+ ```yaml
167
+ ---
168
+ milestone: v{version}
169
+ audited: {ISO-8601 timestamp}
170
+ status: passed | gaps_found | tech_debt
171
+ reduced_assurance: false
172
+ delivery_posture: repo_only | delivery_sensitive
173
+ evidence_contract:
174
+ required_kinds: [code, test]
175
+ observed_kinds: [code, test]
176
+ missing_kinds: []
177
+ scores:
178
+ requirements: N/M
179
+ phases: N/M
180
+ integration: N/M
181
+ auth: N/M
182
+ flows: N/M
183
+ gaps:
184
+ requirements:
185
+ - id: "REQ-ID"
186
+ status: "unsatisfied | partial | orphaned"
187
+ phase: "assigned phase"
188
+ claimed_by_plans: ["plan files that reference this requirement"]
189
+ completed_by_plans: ["plan files whose SUMMARY marks it complete"]
190
+ verification_status: "passed | gaps_found | missing | orphaned"
191
+ evidence: "specific evidence or lack thereof"
192
+ integration: [...]
193
+ auth:
194
+ - surface: "admin metrics page"
195
+ status: "unprotected"
196
+ evidence: "Sensitive data renders without auth or role gate"
197
+ flows: [...]
198
+ tech_debt:
199
+ - phase: 01-auth
200
+ items:
201
+ - "TODO: add rate limiting"
202
+ ---
203
+ ```
204
+
205
+ Plus full markdown report body with tables for requirements, phases, integration findings, auth findings, and tech debt.
206
+
207
+ **Status values:**
208
+ - `passed` - all requirements met, no critical gaps, integration and auth protection verified
209
+ - `gaps_found` - critical blockers exist (unsatisfied requirements, unprotected sensitive flows, broken flows, or missing verifications)
210
+ - `tech_debt` - no blockers but accumulated deferred items need review
211
+
212
+ Evidence gate:
213
+ - a `passed` audit must have no `missing_kinds` for the selected `delivery_posture`
214
+ - `delivery_sensitive` audits cannot pass without explicit `runtime` and `delivery` evidence
215
+ - `repo_only` audits cannot be downgraded merely because `runtime` or `delivery` evidence was never relevant
216
+
217
+ **MANDATORY: The milestone audit report must exist at `.planning/v{version}-MILESTONE-AUDIT.md` on disk before presenting results. If the file was not written, STOP and report the write failure. Do NOT present audit results from conversation context alone — this is the highest-cost artifact to regenerate. Do NOT downgrade a write failure into "results shown inline anyway."**
218
+
219
+ ## 7. Present Results
220
+
221
+ Route by audit status:
222
+
223
+ ### If passed:
224
+ - Report: all requirements covered, cross-phase integration verified, auth protection verified, E2E flows complete
225
+ - Next step: complete the milestone (archive and tag)
226
+
227
+ ### If gaps_found:
228
+ - Report: list unsatisfied requirements, auth or cross-phase issues, broken flows
229
+ - Next step: plan gap closure phases to complete the milestone
230
+
231
+ ### If tech_debt:
232
+ - Report: all requirements met, list accumulated tech debt by phase
233
+ - Next step: either complete the milestone (accept debt) or plan a cleanup phase
234
+
235
+ </process>
236
+
237
+ <success_criteria>
238
+ Audit is complete when all of these are true:
239
+
240
+ - [ ] Milestone scope identified from ROADMAP.md
241
+ - [ ] All phase VERIFICATION.md files read (missing ones flagged as blockers)
242
+ - [ ] SUMMARY.md `requirements-completed` frontmatter extracted when present
243
+ - [ ] SPEC.md requirement checkboxes parsed
244
+ - [ ] ROADMAP.md phase-to-requirement mappings extracted
245
+ - [ ] Integration checker ran (subagent or inline with reduced_assurance noted)
246
+ - [ ] 3-source cross-reference completed (VERIFICATION + SUMMARY + SPEC.md)
247
+ - [ ] Orphaned requirements detected (mapped in ROADMAP but absent from all VERIFICATIONs)
248
+ - [ ] Auth-protection findings aggregated for sensitive milestone surfaces
249
+ - [ ] FAIL gate enforced - any unsatisfied requirement forces gaps_found status
250
+ - [ ] Tech debt and deferred gaps aggregated by phase
251
+ - [ ] MILESTONE-AUDIT.md created with structured requirement gap objects
252
+ - [ ] Results presented with actionable next steps based on status
253
+ </success_criteria>
254
+
255
+ <completion>
256
+ Report the audit result to the user, then present the next step:
257
+
258
+ ---
259
+ **Completed:** Milestone audit — created `.planning/v{version}-MILESTONE-AUDIT.md`.
260
+
261
+ If status is `passed`:
262
+ **Next step:** `/gsdd-complete-milestone` — archive the milestone and prepare for the next
263
+
264
+ If status is `gaps_found`:
265
+ **Next step:** `/gsdd-plan-milestone-gaps` — create gap-closure phases for the unsatisfied requirements
266
+
267
+ If status is `tech_debt`:
268
+ **Next step:** Either `/gsdd-complete-milestone` (accept debt) or `/gsdd-plan` (cleanup phase)
269
+
270
+ Also available:
271
+ - `/gsdd-verify` — re-verify a specific phase before re-auditing
272
+ - `/gsdd-progress` — check overall project status
273
+
274
+ Consider clearing context before starting the next workflow for best results.
275
+ ---
276
+ </completion>