gsdd-cli 0.18.5 → 0.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +610 -608
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +370 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +473 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +342 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +193 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +280 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +325 -112
  23. package/bin/lib/file-ops.mjs +186 -144
  24. package/bin/lib/health-truth.mjs +196 -178
  25. package/bin/lib/health.mjs +246 -226
  26. package/bin/lib/init-flow.mjs +247 -231
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +193 -190
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +760 -326
  31. package/bin/lib/lifecycle-state.mjs +356 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +365 -358
  35. package/bin/lib/plan-constants.mjs +35 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +119 -83
  38. package/bin/lib/runtime-freshness.mjs +214 -214
  39. package/bin/lib/session-fingerprint.mjs +91 -14
  40. package/bin/lib/templates.mjs +225 -224
  41. package/bin/lib/workspace-root.mjs +2 -1
  42. package/distilled/DESIGN.md +2461 -2323
  43. package/distilled/EVIDENCE-INDEX.md +418 -392
  44. package/distilled/README.md +196 -193
  45. package/distilled/SKILL.md +86 -85
  46. package/distilled/templates/agents.block.md +21 -21
  47. package/distilled/templates/agents.md +6 -6
  48. package/distilled/templates/approach.md +272 -232
  49. package/distilled/templates/auth-matrix.md +78 -78
  50. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  51. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  52. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  53. package/distilled/templates/codebase/architecture.md +110 -110
  54. package/distilled/templates/codebase/concerns.md +95 -95
  55. package/distilled/templates/codebase/conventions.md +193 -193
  56. package/distilled/templates/codebase/stack.md +96 -96
  57. package/distilled/templates/delegates/approach-explorer.md +28 -25
  58. package/distilled/templates/delegates/mapper-arch.md +26 -26
  59. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  60. package/distilled/templates/delegates/mapper-quality.md +28 -28
  61. package/distilled/templates/delegates/mapper-tech.md +25 -25
  62. package/distilled/templates/delegates/plan-checker.md +78 -68
  63. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  64. package/distilled/templates/delegates/researcher-features.md +30 -30
  65. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  66. package/distilled/templates/delegates/researcher-stack.md +30 -30
  67. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  68. package/distilled/templates/research/architecture.md +57 -57
  69. package/distilled/templates/research/features.md +23 -23
  70. package/distilled/templates/research/pitfalls.md +46 -46
  71. package/distilled/templates/research/stack.md +45 -45
  72. package/distilled/templates/research/summary.md +67 -67
  73. package/distilled/templates/roadmap.md +74 -62
  74. package/distilled/templates/spec.md +110 -110
  75. package/distilled/workflows/audit-milestone.md +303 -271
  76. package/distilled/workflows/complete-milestone.md +349 -332
  77. package/distilled/workflows/execute.md +457 -450
  78. package/distilled/workflows/map-codebase.md +253 -253
  79. package/distilled/workflows/new-milestone.md +242 -238
  80. package/distilled/workflows/new-project.md +398 -398
  81. package/distilled/workflows/pause.md +160 -156
  82. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  83. package/distilled/workflows/plan.md +454 -448
  84. package/distilled/workflows/progress.md +227 -223
  85. package/distilled/workflows/quick.md +351 -347
  86. package/distilled/workflows/resume.md +220 -212
  87. package/distilled/workflows/verify-work.md +260 -260
  88. package/distilled/workflows/verify.md +431 -429
  89. package/docs/BROWNFIELD-PROOF.md +95 -95
  90. package/docs/RUNTIME-SUPPORT.md +80 -69
  91. package/docs/USER-GUIDE.md +394 -386
  92. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  93. package/docs/claude/context-monitor.md +98 -98
  94. package/docs/proof/consumer-node-cli/README.md +37 -37
  95. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  96. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  97. package/docs/proof/consumer-node-cli/brief.md +9 -9
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  100. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  101. package/package.json +62 -61
@@ -1,6 +1,6 @@
1
- # AGENTS.md - GSDD Governance
2
-
3
- <!-- BEGIN GSDD -->
4
- {{GSDD_BLOCK}}
5
- <!-- END GSDD -->
6
-
1
+ # AGENTS.md - GSDD Governance
2
+
3
+ <!-- BEGIN GSDD -->
4
+ {{GSDD_BLOCK}}
5
+ <!-- END GSDD -->
6
+
@@ -1,232 +1,272 @@
1
- # Phase Approach Template
2
-
3
- Template for `.planning/phases/XX-name/{phase_num}-APPROACH.md` — captures implementation decisions and validated assumptions for a phase.
4
-
5
- **Purpose:** Document decisions that downstream agents need. Planner uses this to know WHAT choices are locked vs flexible. Plan-checker verifies plans honor these decisions.
6
-
7
- **Key principle:** The top-level structure (`<domain>`, `<decisions>`, `<assumptions>`, `<deferred>`) is fixed. Section names WITHIN `<decisions>` emerge from what was actually discussed for THIS phase — a CLI phase has CLI-relevant sections, a UI phase has UI-relevant sections.
8
-
9
- **Downstream consumers:**
10
- - `planner` — Reads decisions to constrain implementation choices. Locked decisions must be implemented. Agent's Discretion items allow planner flexibility.
11
- - `plan-checker` — Reads decisions to verify plans implement chosen approaches (approach_alignment dimension). Flags plans that contradict explicit user choices.
12
-
13
- ---
14
-
15
- ## File Template
16
-
17
- ```markdown
18
- # Phase [X]: [Name] - Approach
19
-
20
- **Explored:** [date]
21
- **Status:** Ready for planning
22
-
23
- <domain>
24
- ## Phase Boundary
25
-
26
- [Clear statement of what this phase delivers — the scope anchor. This comes from ROADMAP.md and is fixed. Discussion clarifies implementation within this boundary.]
27
-
28
- </domain>
29
-
30
- <decisions>
31
- ## Implementation Decisions
32
-
33
- ### [Gray Area 1 that was discussed]
34
- **Chosen approach:** [name]
35
- **Alternatives considered:** [Option B], [Option C]
36
- **Why this one:** [reasoning from research + user preference]
37
- - [Specific decision from questioning]
38
- - [Another decision if applicable]
39
-
40
- ### [Gray Area 2 that was discussed]
41
- **Chosen approach:** [name]
42
- **Alternatives considered:** [Option B]
43
- **Why this one:** [reasoning]
44
- - [Specific decision]
45
-
46
- ### Agent's Discretion
47
- [Areas where user explicitly said "you decide" — the agent has flexibility here during planning/implementation]
48
-
49
- </decisions>
50
-
51
- <assumptions>
52
- ## Validated Assumptions
53
-
54
- ### Confirmed
55
- - [confident] [assumption confirmed by user]
56
-
57
- ### Accepted (not challenged)
58
- - [assuming] [assumption user didn't challenge — planner should still honor but note it]
59
-
60
- ### Corrected
61
- - [corrected] [original assumption] [user's correction]
62
-
63
- </assumptions>
64
-
65
- <deferred>
66
- ## Deferred Ideas
67
-
68
- [Ideas that came up during discussion but belong in other phases. Captured here so they're not lost, but explicitly out of scope for this phase.]
69
-
70
- [If none: "None — discussion stayed within phase scope"]
71
-
72
- </deferred>
73
-
74
- ---
75
-
76
- *Phase: XX-name*
77
- *Approach explored: [date]*
78
- ```
79
-
80
- ## Good Examples
81
-
82
- **Example 1: Visual feature (Dashboard)**
83
-
84
- ```markdown
85
- # Phase 3: Interactive Dashboard - Approach
86
-
87
- **Explored:** 2026-03-22
88
- **Status:** Ready for planning
89
-
90
- <domain>
91
- ## Phase Boundary
92
-
93
- Build an interactive dashboard with configurable widgets. Users can view metrics and rearrange layout. Widget creation and custom data sources are separate phases.
94
-
95
- </domain>
96
-
97
- <decisions>
98
- ## Implementation Decisions
99
-
100
- ### Chart rendering
101
- **Chosen approach:** Recharts
102
- **Alternatives considered:** D3 + custom components, Chart.js
103
- **Why this one:** React-native, SSR-friendly, good defaults. Matches existing React patterns. D3 would give more control but requires more code for standard charts.
104
- - Bar charts and line charts for metrics — no pie charts in v1
105
- - Charts should be interactive (hover tooltips) but not editable
106
- - Responsive: charts resize with widget container
107
-
108
- ### Widget layout
109
- **Chosen approach:** react-grid-layout
110
- **Alternatives considered:** CSS Grid + custom drag, @dnd-kit grid
111
- **Why this one:** Purpose-built for dashboard grids. Layout serialization to JSON for persistence. Mature production usage.
112
- - Drag-to-reorder enabled
113
- - Resize handles on bottom-right corner
114
- - 12-column grid, responsive breakpoints
115
- - Layout persisted to localStorage (not server)
116
-
117
- ### Agent's Discretion
118
- - Loading skeleton design
119
- - Exact spacing and typography within widgets
120
- - Error state handling for failed data fetches
121
-
122
- </decisions>
123
-
124
- <assumptions>
125
- ## Validated Assumptions
126
-
127
- ### Confirmed
128
- - [confident] Using existing Tailwind patterns from Phase 1-2
129
-
130
- ### Accepted (not challenged)
131
- - [assuming] Dashboard data comes from static JSON for v1 (no real API)
132
-
133
- ### Corrected
134
- - [corrected] Dashboard is read-only → Widgets DO need drag reorder
135
-
136
- </assumptions>
137
-
138
- <deferred>
139
- ## Deferred Ideas
140
-
141
- - Real-time data updates — future phase
142
- - Custom widget creation add to backlog
143
- - Dashboard sharing/export — out of scope for v1
144
-
145
- </deferred>
146
-
147
- ---
148
-
149
- *Phase: 03-dashboard*
150
- *Approach explored: 2026-03-22*
151
- ```
152
-
153
- **Example 2: API feature (Authentication)**
154
-
155
- ```markdown
156
- # Phase 1: Authentication - Approach
157
-
158
- **Explored:** 2026-03-22
159
- **Status:** Ready for planning
160
-
161
- <domain>
162
- ## Phase Boundary
163
-
164
- Users can register and log in with email/password. Session management via JWT. OAuth and MFA are separate phases.
165
-
166
- </domain>
167
-
168
- <decisions>
169
- ## Implementation Decisions
170
-
171
- ### Session handling
172
- **Chosen approach:** HTTP-only cookies with JWT
173
- **Alternatives considered:** localStorage JWT, session-based (server-side)
174
- **Why this one:** HTTP-only cookies prevent XSS token theft. JWT avoids server-side session storage. Standard pattern for Next.js apps.
175
- - Access token: 15-minute expiry
176
- - Refresh token: 7-day expiry, rotation on use
177
- - Logout clears both tokens
178
-
179
- ### Error responses
180
- **Chosen approach:** Structured JSON errors
181
- **Alternatives considered:** Plain text errors, RFC 7807 Problem Details
182
- **Why this one:** Consistent with existing API patterns. RFC 7807 is overkill for this project size.
183
- - Always include: status code, error code, user-facing message
184
- - Never include: stack traces, internal IDs
185
- - Rate limit errors: include retry-after header
186
-
187
- ### Agent's Discretion
188
- - Password hashing library (bcrypt vs argon2)
189
- - Exact JWT payload structure
190
- - Email validation regex vs library
191
-
192
- </decisions>
193
-
194
- <assumptions>
195
- ## Validated Assumptions
196
-
197
- ### Confirmed
198
- - [confident] Email/password only for v1 (no OAuth)
199
-
200
- ### Accepted (not challenged)
201
- - [assuming] No email verification required for v1
202
-
203
- ### Corrected
204
- - [corrected] Single-device sessions Allow multi-device (don't invalidate other sessions on login)
205
-
206
- </assumptions>
207
-
208
- <deferred>
209
- ## Deferred Ideas
210
-
211
- - OAuth providers (Google, GitHub) — Phase 4
212
- - MFA/2FA add to backlog
213
-
214
- </deferred>
215
-
216
- ---
217
-
218
- *Phase: 01-authentication*
219
- *Approach explored: 2026-03-22*
220
- ```
221
-
222
- ## Guidelines
223
-
224
- **This template captures DECISIONS for downstream agents.**
225
-
226
- The output should answer: "What choices are locked for the planner? Where does the planner have discretion?"
227
-
228
- **After creation:**
229
- - File lives in phase directory: `.planning/phases/XX-name/{phase_num}-APPROACH.md`
230
- - Planner reads decisions to constrain implementation tasks
231
- - Plan-checker verifies approach_alignment: plans must implement chosen approaches
232
- - Downstream agents should NOT need to ask the user again about captured decisions
1
+ # Phase Approach Template
2
+
3
+ Template for `.planning/phases/XX-name/{phase_num}-APPROACH.md` — captures implementation decisions and validated assumptions for a phase.
4
+
5
+ **Purpose:** Document decisions that downstream agents need. Planner uses this to know WHAT choices are locked vs flexible. Plan-checker verifies plans honor these decisions.
6
+
7
+ **Key principle:** The top-level structure (`<domain>`, `<decisions>`, `<assumptions>`, `<deferred>`) is fixed. Section names WITHIN `<decisions>` emerge from what was actually discussed for THIS phase — a CLI phase has CLI-relevant sections, a UI phase has UI-relevant sections.
8
+
9
+ **Alignment proof:** When `.planning/config.json` has `workflow.discuss: true`, every APPROACH artifact must include an `## Alignment Proof` section before `<domain>`. It must record the canonical fields `alignment_status`, `alignment_method`, `user_confirmed_at`, `explicit_skip_approved`, `skip_scope`, `skip_rationale`, and `confirmed_decisions`. `Agent's Discretion` and agent-only "No questions needed" are not valid proof.
10
+
11
+ **Downstream consumers:**
12
+ - `planner` — Reads decisions to constrain implementation choices. Locked decisions must be implemented. Agent's Discretion items allow planner flexibility.
13
+ - `plan-checker` — Reads decisions to verify plans implement chosen approaches (approach_alignment dimension). Flags plans that contradict explicit user choices.
14
+
15
+ ---
16
+
17
+ ## File Template
18
+
19
+ ```markdown
20
+ # Phase [X]: [Name] - Approach
21
+
22
+ **Explored:** [date]
23
+ **Status:** Ready for planning
24
+
25
+ ## Alignment Proof
26
+
27
+ - `workflow.discuss`: [true | false]
28
+ - `alignment_status`: [user_confirmed | approved_skip | not_required]
29
+ - `alignment_method`: [conversation source, e.g. runtime command or user message]
30
+ - `user_confirmed_at`: [date or N/A]
31
+ - `explicit_skip_approved`: [true | false]
32
+ - `skip_scope`: [phase-wide / named gray area / N/A]
33
+ - `skip_rationale`: [why the user approved skipping discussion, or N/A]
34
+ - `confirmed_decisions`:
35
+ - [User-confirmed decision, or "N/A - approved skip"]
36
+
37
+ <domain>
38
+ ## Phase Boundary
39
+
40
+ [Clear statement of what this phase delivers — the scope anchor. This comes from ROADMAP.md and is fixed. Discussion clarifies implementation within this boundary.]
41
+
42
+ </domain>
43
+
44
+ <decisions>
45
+ ## Implementation Decisions
46
+
47
+ ### [Gray Area 1 that was discussed]
48
+ **Chosen approach:** [name]
49
+ **Alternatives considered:** [Option B], [Option C]
50
+ **Why this one:** [reasoning from research + user preference]
51
+ - [Specific decision from questioning]
52
+ - [Another decision if applicable]
53
+
54
+ ### [Gray Area 2 that was discussed]
55
+ **Chosen approach:** [name]
56
+ **Alternatives considered:** [Option B]
57
+ **Why this one:** [reasoning]
58
+ - [Specific decision]
59
+
60
+ ### Agent's Discretion
61
+ [Areas where user explicitly said "you decide" — the agent has flexibility here during planning/implementation]
62
+
63
+ </decisions>
64
+
65
+ <assumptions>
66
+ ## Validated Assumptions
67
+
68
+ ### Confirmed
69
+ - [confident] [assumption confirmed by user]
70
+
71
+ ### Accepted (not challenged)
72
+ - [assuming] [assumption user didn't challenge — planner should still honor but note it]
73
+
74
+ ### Corrected
75
+ - [corrected] [original assumption] → [user's correction]
76
+
77
+ </assumptions>
78
+
79
+ <deferred>
80
+ ## Deferred Ideas
81
+
82
+ [Ideas that came up during discussion but belong in other phases. Captured here so they're not lost, but explicitly out of scope for this phase.]
83
+
84
+ [If none: "None — discussion stayed within phase scope"]
85
+
86
+ </deferred>
87
+
88
+ ---
89
+
90
+ *Phase: XX-name*
91
+ *Approach explored: [date]*
92
+ ```
93
+
94
+ ## Good Examples
95
+
96
+ **Example 1: Visual feature (Dashboard)**
97
+
98
+ ```markdown
99
+ # Phase 3: Interactive Dashboard - Approach
100
+
101
+ **Explored:** 2026-03-22
102
+ **Status:** Ready for planning
103
+
104
+ ## Alignment Proof
105
+
106
+ - `workflow.discuss`: true
107
+ - `alignment_status`: user_confirmed
108
+ - `alignment_method`: planning conversation
109
+ - `user_confirmed_at`: 2026-03-22
110
+ - `explicit_skip_approved`: false
111
+ - `skip_scope`: N/A
112
+ - `skip_rationale`: N/A
113
+ - `confirmed_decisions`:
114
+ - Use Recharts for chart rendering
115
+ - Use react-grid-layout for dashboard widgets
116
+
117
+ <domain>
118
+ ## Phase Boundary
119
+
120
+ Build an interactive dashboard with configurable widgets. Users can view metrics and rearrange layout. Widget creation and custom data sources are separate phases.
121
+
122
+ </domain>
123
+
124
+ <decisions>
125
+ ## Implementation Decisions
126
+
127
+ ### Chart rendering
128
+ **Chosen approach:** Recharts
129
+ **Alternatives considered:** D3 + custom components, Chart.js
130
+ **Why this one:** React-native, SSR-friendly, good defaults. Matches existing React patterns. D3 would give more control but requires more code for standard charts.
131
+ - Bar charts and line charts for metrics no pie charts in v1
132
+ - Charts should be interactive (hover tooltips) but not editable
133
+ - Responsive: charts resize with widget container
134
+
135
+ ### Widget layout
136
+ **Chosen approach:** react-grid-layout
137
+ **Alternatives considered:** CSS Grid + custom drag, @dnd-kit grid
138
+ **Why this one:** Purpose-built for dashboard grids. Layout serialization to JSON for persistence. Mature production usage.
139
+ - Drag-to-reorder enabled
140
+ - Resize handles on bottom-right corner
141
+ - 12-column grid, responsive breakpoints
142
+ - Layout persisted to localStorage (not server)
143
+
144
+ ### Agent's Discretion
145
+ - Loading skeleton design
146
+ - Exact spacing and typography within widgets
147
+ - Error state handling for failed data fetches
148
+
149
+ </decisions>
150
+
151
+ <assumptions>
152
+ ## Validated Assumptions
153
+
154
+ ### Confirmed
155
+ - [confident] Using existing Tailwind patterns from Phase 1-2
156
+
157
+ ### Accepted (not challenged)
158
+ - [assuming] Dashboard data comes from static JSON for v1 (no real API)
159
+
160
+ ### Corrected
161
+ - [corrected] Dashboard is read-only → Widgets DO need drag reorder
162
+
163
+ </assumptions>
164
+
165
+ <deferred>
166
+ ## Deferred Ideas
167
+
168
+ - Real-time data updates — future phase
169
+ - Custom widget creation — add to backlog
170
+ - Dashboard sharing/export — out of scope for v1
171
+
172
+ </deferred>
173
+
174
+ ---
175
+
176
+ *Phase: 03-dashboard*
177
+ *Approach explored: 2026-03-22*
178
+ ```
179
+
180
+ **Example 2: API feature (Authentication)**
181
+
182
+ ```markdown
183
+ # Phase 1: Authentication - Approach
184
+
185
+ **Explored:** 2026-03-22
186
+ **Status:** Ready for planning
187
+
188
+ ## Alignment Proof
189
+
190
+ - `workflow.discuss`: true
191
+ - `alignment_status`: user_confirmed
192
+ - `alignment_method`: planning conversation
193
+ - `user_confirmed_at`: 2026-03-22
194
+ - `explicit_skip_approved`: false
195
+ - `skip_scope`: N/A
196
+ - `skip_rationale`: N/A
197
+ - `confirmed_decisions`:
198
+ - Use HTTP-only cookies with JWT
199
+ - Use structured JSON errors
200
+
201
+ <domain>
202
+ ## Phase Boundary
203
+
204
+ Users can register and log in with email/password. Session management via JWT. OAuth and MFA are separate phases.
205
+
206
+ </domain>
207
+
208
+ <decisions>
209
+ ## Implementation Decisions
210
+
211
+ ### Session handling
212
+ **Chosen approach:** HTTP-only cookies with JWT
213
+ **Alternatives considered:** localStorage JWT, session-based (server-side)
214
+ **Why this one:** HTTP-only cookies prevent XSS token theft. JWT avoids server-side session storage. Standard pattern for Next.js apps.
215
+ - Access token: 15-minute expiry
216
+ - Refresh token: 7-day expiry, rotation on use
217
+ - Logout clears both tokens
218
+
219
+ ### Error responses
220
+ **Chosen approach:** Structured JSON errors
221
+ **Alternatives considered:** Plain text errors, RFC 7807 Problem Details
222
+ **Why this one:** Consistent with existing API patterns. RFC 7807 is overkill for this project size.
223
+ - Always include: status code, error code, user-facing message
224
+ - Never include: stack traces, internal IDs
225
+ - Rate limit errors: include retry-after header
226
+
227
+ ### Agent's Discretion
228
+ - Password hashing library (bcrypt vs argon2)
229
+ - Exact JWT payload structure
230
+ - Email validation regex vs library
231
+
232
+ </decisions>
233
+
234
+ <assumptions>
235
+ ## Validated Assumptions
236
+
237
+ ### Confirmed
238
+ - [confident] Email/password only for v1 (no OAuth)
239
+
240
+ ### Accepted (not challenged)
241
+ - [assuming] No email verification required for v1
242
+
243
+ ### Corrected
244
+ - [corrected] Single-device sessions → Allow multi-device (don't invalidate other sessions on login)
245
+
246
+ </assumptions>
247
+
248
+ <deferred>
249
+ ## Deferred Ideas
250
+
251
+ - OAuth providers (Google, GitHub) — Phase 4
252
+ - MFA/2FA — add to backlog
253
+
254
+ </deferred>
255
+
256
+ ---
257
+
258
+ *Phase: 01-authentication*
259
+ *Approach explored: 2026-03-22*
260
+ ```
261
+
262
+ ## Guidelines
263
+
264
+ **This template captures DECISIONS for downstream agents.**
265
+
266
+ The output should answer: "What choices are locked for the planner? Where does the planner have discretion?"
267
+
268
+ **After creation:**
269
+ - File lives in phase directory: `.planning/phases/XX-name/{phase_num}-APPROACH.md`
270
+ - Planner reads decisions to constrain implementation tasks
271
+ - Plan-checker verifies approach_alignment: plans must implement chosen approaches
272
+ - Downstream agents should NOT need to ask the user again about captured decisions