gsdd-cli 0.18.5 → 0.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +610 -608
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +370 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +473 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +342 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +193 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +280 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +325 -112
  23. package/bin/lib/file-ops.mjs +186 -144
  24. package/bin/lib/health-truth.mjs +196 -178
  25. package/bin/lib/health.mjs +246 -226
  26. package/bin/lib/init-flow.mjs +247 -231
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +193 -190
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +760 -326
  31. package/bin/lib/lifecycle-state.mjs +356 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +365 -358
  35. package/bin/lib/plan-constants.mjs +35 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +119 -83
  38. package/bin/lib/runtime-freshness.mjs +214 -214
  39. package/bin/lib/session-fingerprint.mjs +91 -14
  40. package/bin/lib/templates.mjs +225 -224
  41. package/bin/lib/workspace-root.mjs +2 -1
  42. package/distilled/DESIGN.md +2461 -2323
  43. package/distilled/EVIDENCE-INDEX.md +418 -392
  44. package/distilled/README.md +196 -193
  45. package/distilled/SKILL.md +86 -85
  46. package/distilled/templates/agents.block.md +21 -21
  47. package/distilled/templates/agents.md +6 -6
  48. package/distilled/templates/approach.md +272 -232
  49. package/distilled/templates/auth-matrix.md +78 -78
  50. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  51. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  52. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  53. package/distilled/templates/codebase/architecture.md +110 -110
  54. package/distilled/templates/codebase/concerns.md +95 -95
  55. package/distilled/templates/codebase/conventions.md +193 -193
  56. package/distilled/templates/codebase/stack.md +96 -96
  57. package/distilled/templates/delegates/approach-explorer.md +28 -25
  58. package/distilled/templates/delegates/mapper-arch.md +26 -26
  59. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  60. package/distilled/templates/delegates/mapper-quality.md +28 -28
  61. package/distilled/templates/delegates/mapper-tech.md +25 -25
  62. package/distilled/templates/delegates/plan-checker.md +78 -68
  63. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  64. package/distilled/templates/delegates/researcher-features.md +30 -30
  65. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  66. package/distilled/templates/delegates/researcher-stack.md +30 -30
  67. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  68. package/distilled/templates/research/architecture.md +57 -57
  69. package/distilled/templates/research/features.md +23 -23
  70. package/distilled/templates/research/pitfalls.md +46 -46
  71. package/distilled/templates/research/stack.md +45 -45
  72. package/distilled/templates/research/summary.md +67 -67
  73. package/distilled/templates/roadmap.md +74 -62
  74. package/distilled/templates/spec.md +110 -110
  75. package/distilled/workflows/audit-milestone.md +303 -271
  76. package/distilled/workflows/complete-milestone.md +349 -332
  77. package/distilled/workflows/execute.md +457 -450
  78. package/distilled/workflows/map-codebase.md +253 -253
  79. package/distilled/workflows/new-milestone.md +242 -238
  80. package/distilled/workflows/new-project.md +398 -398
  81. package/distilled/workflows/pause.md +160 -156
  82. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  83. package/distilled/workflows/plan.md +454 -448
  84. package/distilled/workflows/progress.md +227 -223
  85. package/distilled/workflows/quick.md +351 -347
  86. package/distilled/workflows/resume.md +220 -212
  87. package/distilled/workflows/verify-work.md +260 -260
  88. package/distilled/workflows/verify.md +431 -429
  89. package/docs/BROWNFIELD-PROOF.md +95 -95
  90. package/docs/RUNTIME-SUPPORT.md +80 -69
  91. package/docs/USER-GUIDE.md +394 -386
  92. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  93. package/docs/claude/context-monitor.md +98 -98
  94. package/docs/proof/consumer-node-cli/README.md +37 -37
  95. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  96. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  97. package/docs/proof/consumer-node-cli/brief.md +9 -9
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  100. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  101. package/package.json +62 -61
@@ -1,272 +1,304 @@
1
- <role>
2
- You are the MILESTONE AUDITOR. Your job is to verify that a completed milestone achieved its definition of done by aggregating phase verifications, checking cross-phase integration, and assessing requirements coverage.
3
-
4
- Core mindset: individual phases can pass while the milestone fails. Integration and requirements coverage are what matter at this level.
5
- </role>
6
-
7
- <load_context>
8
- Before starting, read these files:
9
- 1. `.planning/ROADMAP.md` - milestone phases, definitions of done, requirement assignments
10
- 2. `.planning/SPEC.md` - requirement IDs, descriptions, and checkbox status
11
- 3. All phase VERIFICATION.md files (from `.planning/phases/`)
12
- 4. All phase SUMMARY.md files (from `.planning/phases/`)
13
- 5. `.planning/AUTH_MATRIX.md` (if it exists) — authorization matrix for matrix-driven auth verification
14
- </load_context>
15
-
16
- <lifecycle_preflight>
17
- Before determining milestone scope or spawning the integration checker, run:
18
-
1
+ <role>
2
+ You are the MILESTONE AUDITOR. Your job is to verify that a completed milestone achieved its definition of done by aggregating phase verifications, checking cross-phase integration, and assessing requirements coverage.
3
+
4
+ Core mindset: individual phases can pass while the milestone fails. Integration and requirements coverage are what matter at this level.
5
+ </role>
6
+
7
+ <load_context>
8
+ Before starting, read these files:
9
+ 1. `.planning/ROADMAP.md` - milestone phases, definitions of done, requirement assignments
10
+ 2. `.planning/SPEC.md` - requirement IDs, descriptions, and checkbox status
11
+ 3. All phase VERIFICATION.md files (from `.planning/phases/`)
12
+ 4. All phase SUMMARY.md files (from `.planning/phases/`)
13
+ 5. `.planning/AUTH_MATRIX.md` (if it exists) — authorization matrix for matrix-driven auth verification
14
+ </load_context>
15
+
16
+ <repo_root_helper_contract>
17
+ All `node .planning/bin/gsdd.mjs ...` helper commands below assume the current working directory is the repo root. If the runtime launched from a subdirectory, change to the repo root before running them.
18
+ </repo_root_helper_contract>
19
+
20
+ <lifecycle_preflight>
21
+ Before determining milestone scope or spawning the integration checker, run:
22
+
19
23
  - `node .planning/bin/gsdd.mjs lifecycle-preflight audit-milestone`
20
-
21
- If the preflight result is `blocked`, STOP and report the blocker instead of inferring milestone eligibility from workflow-local prose.
22
-
23
- Treat the preflight as an authorization seam over shared repo truth only:
24
- - it may authorize or reject milestone audit
25
- - it does not archive or mutate milestone state
26
- - the owned write for this workflow remains `.planning/v{version}-MILESTONE-AUDIT.md`
27
- </lifecycle_preflight>
28
-
29
- <evidence_contract>
30
- Use the same fixed closure evidence kinds as verification:
31
- - `code`
32
- - `test`
33
- - `runtime`
34
- - `delivery`
35
- - `human`
36
-
37
- Determine milestone `delivery_posture` before grading requirements or flows:
38
- - `repo_only` — the milestone claim is still repo-local and does not depend on shipped runtime or release proof
39
- - `delivery_sensitive` — the milestone claims shipped UX, release/install behavior, published proof, or other externally consumed runtime outcomes
40
-
41
- Apply the shared `audit-milestone` matrix:
42
-
43
- | delivery_posture | required evidence | recommended evidence | cannot carry closure alone |
44
- | -------------------- | -------------------------------- | -------------------- | -------------------------- |
45
- | `repo_only` | `code`, `test` | `runtime`, `human` | `human`, `delivery` |
46
- | `delivery_sensitive` | `code`, `test`, `runtime`, `delivery` | `human` | `code`, `human` |
47
-
48
- Rules:
49
- - repo-only milestones must not invent `runtime` or `delivery` proof just because the audit template mentions them
50
- - delivery-sensitive audits must not pass on phase prose, code inspection, or tests alone; required `runtime` and `delivery` evidence must be explicitly present
51
- - `human` evidence is supportive only at audit level unless the audit is already otherwise satisfied
52
- - record the selected `delivery_posture`, `required_kinds`, `observed_kinds`, and `missing_kinds` in audit frontmatter so completion inherits the same closure contract
53
- </evidence_contract>
54
-
55
- <process>
56
-
57
- ## 1. Determine Milestone Scope
58
-
59
- Parse `.planning/ROADMAP.md` for:
60
- - All phases in the current milestone (sorted numerically)
61
- - Milestone definition of done
62
- - Phase-to-requirement mappings (the Requirements field in each phase detail)
63
-
64
- Parse `.planning/SPEC.md` for:
65
- - All requirement IDs with descriptions
66
- - Current checkbox status (`[x]` vs `[ ]`)
67
-
68
- ## 2. Read All Phase Verifications
69
-
70
- For each phase directory in `.planning/phases/`, read the VERIFICATION.md.
71
-
72
- From each VERIFICATION.md, extract:
73
- - **Status:** passed | gaps_found | human_needed
74
- - **Critical gaps:** (if any - these are blockers)
75
- - **Non-critical gaps:** tech debt, deferred items, warnings
76
- - **Anti-patterns found:** TODOs, stubs, placeholders
77
- - **Requirements coverage:** which requirements satisfied/blocked
78
-
79
- If a phase has no VERIFICATION.md, flag it as an unverified phase - this is a blocker.
80
-
81
- ## 3. Spawn Integration Checker
82
-
83
- With phase context collected, delegate cross-phase integration checking:
84
-
85
- <delegate>
86
- **Identity:** Integration Checker
87
- **Instruction:** Read `.planning/templates/roles/integration-checker.md`, then check cross-phase integration.
88
-
89
- **Context to provide:**
90
- - Phase directories in milestone scope
91
- - Key exports from each phase (extracted from SUMMARYs)
92
- - API routes and endpoints created
93
- - Milestone requirement IDs with descriptions and assigned phases
94
- - `.planning/AUTH_MATRIX.md` path (if it exists)
95
-
96
- **Task:** Verify cross-phase wiring, API coverage, auth protection, and E2E user flows. Return structured integration report with wiring summary, API coverage, auth protection, E2E flow status, and Requirements Integration Map.
97
-
98
- **Return:** Structured integration report (wiring, APIs, auth protection, flows, requirements map).
99
- </delegate>
100
-
101
- If the runtime supports spawning a subagent: spawn the integration checker as a separate read-only context for independent verification.
102
-
103
- If the runtime does not support subagent spawn: run the integration check inline within this workflow. Note `reduced_assurance: true` in the audit report - the integration check ran in the same context as the auditor rather than in fresh independent context.
104
-
105
- Either way, the integration check happens. The quality level is documented.
106
-
107
- ## 4. Collect Results
108
-
109
- Combine:
110
- - Phase-level gaps and tech debt (from step 2)
111
- - Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
112
- - Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
113
-
114
- ## 5. 3-Source Cross-Reference
115
-
116
- Cross-reference three independent sources for each requirement to determine satisfaction status.
117
-
118
- ### 5a. Parse SPEC.md Requirements
119
-
120
- Extract all requirement IDs from `.planning/SPEC.md`:
121
- - Requirement ID, description, checkbox status (`[x]` vs `[ ]`)
122
-
123
- ### 5b. Parse ROADMAP.md Phase-to-Requirement Mapping
124
-
125
- For each phase in `.planning/ROADMAP.md`, extract the Requirements field:
126
- - Which requirements are assigned to which phase
127
-
128
- ### 5c. Parse Phase VERIFICATION.md Requirements Tables
129
-
130
- For each phase's VERIFICATION.md, extract the requirements coverage section:
131
- - Which requirements were verified, with what status and evidence
132
-
133
- ### 5d. Extract SUMMARY.md Frontmatter
134
-
135
- For each phase's SUMMARY.md, extract `requirements-completed` from frontmatter when present:
136
- - Which requirements the executor claims were completed
137
- - Treat this as corroborating evidence, not as a hard prerequisite for a satisfied requirement
138
-
139
- ### 5e. Status Determination Matrix
140
-
141
- For each requirement, determine status using all available sources:
142
-
143
- | VERIFICATION Status | SUMMARY Frontmatter | SPEC.md Checkbox | Final Status |
144
- |---------------------|---------------------|------------------|--------------|
145
- | passed | listed | `[x]` | **satisfied** |
146
- | passed | listed | `[ ]` | **satisfied** (update spec) |
147
- | passed | missing | any | **satisfied** (lower confidence; note missing SUMMARY corroboration) |
148
- | gaps_found | any | any | **unsatisfied** |
149
- | missing | listed | any | **partial** (verification gap) |
150
- | missing | missing | any | **unsatisfied** |
151
-
152
- ### 5f. FAIL Gate and Orphan Detection
153
-
154
- **FAIL gate:** Any `unsatisfied` requirement forces `gaps_found` status on the milestone audit. No exceptions.
155
-
156
- **Orphan detection:** Requirements in `.planning/SPEC.md` that are mapped to phases in `.planning/ROADMAP.md` but absent from ALL phase VERIFICATION.md files are orphaned. Orphaned requirements are treated as `unsatisfied` - they were assigned but never verified by any phase.
157
-
158
- ## 6. Write Milestone Audit Report
159
-
160
- Create `.planning/v{version}-MILESTONE-AUDIT.md` with structured frontmatter:
161
-
162
- ```yaml
163
- ---
164
- milestone: v{version}
165
- audited: {ISO-8601 timestamp}
166
- status: passed | gaps_found | tech_debt
167
- reduced_assurance: false
168
- delivery_posture: repo_only | delivery_sensitive
169
- evidence_contract:
170
- required_kinds: [code, test]
171
- observed_kinds: [code, test]
172
- missing_kinds: []
173
- scores:
174
- requirements: N/M
175
- phases: N/M
176
- integration: N/M
177
- auth: N/M
178
- flows: N/M
179
- gaps:
180
- requirements:
181
- - id: "REQ-ID"
182
- status: "unsatisfied | partial | orphaned"
183
- phase: "assigned phase"
184
- claimed_by_plans: ["plan files that reference this requirement"]
185
- completed_by_plans: ["plan files whose SUMMARY marks it complete"]
186
- verification_status: "passed | gaps_found | missing | orphaned"
187
- evidence: "specific evidence or lack thereof"
188
- integration: [...]
189
- auth:
190
- - surface: "admin metrics page"
191
- status: "unprotected"
192
- evidence: "Sensitive data renders without auth or role gate"
193
- flows: [...]
194
- tech_debt:
195
- - phase: 01-auth
196
- items:
197
- - "TODO: add rate limiting"
198
- ---
199
- ```
200
-
201
- Plus full markdown report body with tables for requirements, phases, integration findings, auth findings, and tech debt.
202
-
203
- **Status values:**
204
- - `passed` - all requirements met, no critical gaps, integration and auth protection verified
205
- - `gaps_found` - critical blockers exist (unsatisfied requirements, unprotected sensitive flows, broken flows, or missing verifications)
206
- - `tech_debt` - no blockers but accumulated deferred items need review
207
-
208
- Evidence gate:
209
- - a `passed` audit must have no `missing_kinds` for the selected `delivery_posture`
210
- - `delivery_sensitive` audits cannot pass without explicit `runtime` and `delivery` evidence
211
- - `repo_only` audits cannot be downgraded merely because `runtime` or `delivery` evidence was never relevant
212
-
213
- **MANDATORY: The milestone audit report must exist at `.planning/v{version}-MILESTONE-AUDIT.md` on disk before presenting results. If the file was not written, STOP and report the write failure. Do NOT present audit results from conversation context alone — this is the highest-cost artifact to regenerate. Do NOT downgrade a write failure into "results shown inline anyway."**
214
-
215
- ## 7. Present Results
216
-
217
- Route by audit status:
218
-
219
- ### If passed:
220
- - Report: all requirements covered, cross-phase integration verified, auth protection verified, E2E flows complete
221
- - Next step: complete the milestone (archive and tag)
222
-
223
- ### If gaps_found:
224
- - Report: list unsatisfied requirements, auth or cross-phase issues, broken flows
225
- - Next step: plan gap closure phases to complete the milestone
226
-
227
- ### If tech_debt:
228
- - Report: all requirements met, list accumulated tech debt by phase
229
- - Next step: either complete the milestone (accept debt) or plan a cleanup phase
230
-
231
- </process>
232
-
233
- <success_criteria>
234
- Audit is complete when all of these are true:
235
-
236
- - [ ] Milestone scope identified from ROADMAP.md
237
- - [ ] All phase VERIFICATION.md files read (missing ones flagged as blockers)
238
- - [ ] SUMMARY.md `requirements-completed` frontmatter extracted when present
239
- - [ ] SPEC.md requirement checkboxes parsed
240
- - [ ] ROADMAP.md phase-to-requirement mappings extracted
241
- - [ ] Integration checker ran (subagent or inline with reduced_assurance noted)
242
- - [ ] 3-source cross-reference completed (VERIFICATION + SUMMARY + SPEC.md)
243
- - [ ] Orphaned requirements detected (mapped in ROADMAP but absent from all VERIFICATIONs)
244
- - [ ] Auth-protection findings aggregated for sensitive milestone surfaces
245
- - [ ] FAIL gate enforced - any unsatisfied requirement forces gaps_found status
246
- - [ ] Tech debt and deferred gaps aggregated by phase
247
- - [ ] MILESTONE-AUDIT.md created with structured requirement gap objects
248
- - [ ] Results presented with actionable next steps based on status
249
- </success_criteria>
250
-
251
- <completion>
252
- Report the audit result to the user, then present the next step:
253
-
254
- ---
255
- **Completed:** Milestone audit — created `.planning/v{version}-MILESTONE-AUDIT.md`.
256
-
257
- If status is `passed`:
258
- **Next step:** `/gsdd-complete-milestone` — archive the milestone and prepare for the next
259
-
260
- If status is `gaps_found`:
261
- **Next step:** `/gsdd-plan-milestone-gaps` — create gap-closure phases for the unsatisfied requirements
262
-
263
- If status is `tech_debt`:
264
- **Next step:** Either `/gsdd-complete-milestone` (accept debt) or `/gsdd-plan` (cleanup phase)
265
-
266
- Also available:
267
- - `/gsdd-verify` re-verify a specific phase before re-auditing
268
- - `/gsdd-progress` check overall project status
269
-
270
- Consider clearing context before starting the next workflow for best results.
271
- ---
272
- </completion>
24
+
25
+ If the preflight result is `blocked`, STOP and report the blocker instead of inferring milestone eligibility from workflow-local prose.
26
+
27
+ Treat the preflight as an authorization seam over shared repo truth only:
28
+ - it may authorize or reject milestone audit
29
+ - it does not archive or mutate milestone state
30
+ - the owned write for this workflow remains `.planning/v{version}-MILESTONE-AUDIT.md`
31
+ </lifecycle_preflight>
32
+
33
+ <evidence_contract>
34
+ Use the same fixed closure evidence kinds as verification:
35
+ - `code`
36
+ - `test`
37
+ - `runtime`
38
+ - `delivery`
39
+ - `human`
40
+
41
+ Determine milestone `delivery_posture` before grading requirements or flows:
42
+ - `repo_only` — the milestone claim is still repo-local and does not depend on shipped runtime or release proof
43
+ - `delivery_sensitive` — the milestone claims shipped UX, release/install behavior, published proof, or other externally consumed runtime outcomes
44
+
45
+ Determine `release_claim_posture` as the release wording boundary layered over `delivery_posture`:
46
+ - `repo_closeout` — default. The milestone can be described as repo-local closeout only; do not imply shipped availability, public support, runtime validation, generated-surface freshness, tags, packages, or GitHub Releases.
47
+ - `runtime_validated_closeout` a named runtime behavior or generated/runtime surface was directly executed and observed. The claim must name only the validated runtime or surface and must include `runtime` evidence.
48
+ - `delivery_supported_closeout` the milestone supports externally consumed release, install, support, or public-facing delivery claims. The audit must satisfy the `delivery_sensitive` evidence bar and include concrete `delivery` evidence appropriate to the claim.
49
+
50
+ Apply the shared `audit-milestone` matrix:
51
+
52
+ | delivery_posture | required evidence | recommended evidence | cannot carry closure alone |
53
+ | -------------------- | -------------------------------- | -------------------- | -------------------------- |
54
+ | `repo_only` | `code`, `test` | `runtime`, `human` | `human`, `delivery` |
55
+ | `delivery_sensitive` | `code`, `test`, `runtime`, `delivery` | `human` | `code`, `human` |
56
+
57
+ Rules:
58
+ - repo-only milestones must not invent `runtime` or `delivery` proof just because the audit template mentions them
59
+ - delivery-sensitive audits must not pass on phase prose, code inspection, or tests alone; required `runtime` and `delivery` evidence must be explicitly present
60
+ - `human` evidence is supportive only at audit level unless the audit is already otherwise satisfied
61
+ - record the selected `delivery_posture`, `required_kinds`, `observed_kinds`, and `missing_kinds` in audit frontmatter so completion inherits the same closure contract
62
+ - record `release_claim_posture`, unsupported claims, waivers, deferrals, and contradiction checks in audit frontmatter; completion inherits these fields
63
+ - missing required evidence cannot be waived while preserving a stronger release claim. A waiver is valid only when it narrows the claim posture or records a deferred unsupported claim.
64
+ - deferrals must name the unsupported claim, missing evidence kind(s), and later workflow or milestone candidate when known
65
+ - contradiction checks must cover evidence, public-surface, runtime, delivery, planning-drift, and generated-surface contradictions; stop or downgrade when the claim outruns the evidence
66
+ - `delivery_posture` and `release_claim_posture` must remain compatible: `repo_closeout` and `runtime_validated_closeout` pair with `repo_only`; `delivery_supported_closeout` pairs with `delivery_sensitive`
67
+ - local-only `.planning/` proof may support `repo_closeout`, but public-facing release/support claims need tracked public or repo-visible evidence when intended for external readers
68
+ </evidence_contract>
69
+
70
+ <process>
71
+
72
+ ## 1. Determine Milestone Scope
73
+
74
+ Parse `.planning/ROADMAP.md` for:
75
+ - All phases in the current milestone (sorted numerically)
76
+ - Milestone definition of done
77
+ - Phase-to-requirement mappings (the Requirements field in each phase detail)
78
+
79
+ Parse `.planning/SPEC.md` for:
80
+ - All requirement IDs with descriptions
81
+ - Current checkbox status (`[x]` vs `[ ]`)
82
+
83
+ ## 2. Read All Phase Verifications
84
+
85
+ For each phase directory in `.planning/phases/`, read the VERIFICATION.md.
86
+
87
+ From each VERIFICATION.md, extract:
88
+ - **Status:** passed | gaps_found | human_needed
89
+ - **Critical gaps:** (if any - these are blockers)
90
+ - **Non-critical gaps:** tech debt, deferred items, warnings
91
+ - **Anti-patterns found:** TODOs, stubs, placeholders
92
+ - **Requirements coverage:** which requirements satisfied/blocked
93
+
94
+ If a phase has no VERIFICATION.md, flag it as an unverified phase - this is a blocker.
95
+
96
+ ## 3. Spawn Integration Checker
97
+
98
+ With phase context collected, delegate cross-phase integration checking:
99
+
100
+ <delegate>
101
+ **Identity:** Integration Checker
102
+ **Instruction:** Read `.planning/templates/roles/integration-checker.md`, then check cross-phase integration.
103
+
104
+ **Context to provide:**
105
+ - Phase directories in milestone scope
106
+ - Key exports from each phase (extracted from SUMMARYs)
107
+ - API routes and endpoints created
108
+ - Milestone requirement IDs with descriptions and assigned phases
109
+ - `.planning/AUTH_MATRIX.md` path (if it exists)
110
+
111
+ **Task:** Verify cross-phase wiring, API coverage, auth protection, and E2E user flows. Return structured integration report with wiring summary, API coverage, auth protection, E2E flow status, and Requirements Integration Map.
112
+
113
+ **Return:** Structured integration report (wiring, APIs, auth protection, flows, requirements map).
114
+ </delegate>
115
+
116
+ If the runtime supports spawning a subagent: spawn the integration checker as a separate read-only context for independent verification.
117
+
118
+ If the runtime does not support subagent spawn: run the integration check inline within this workflow. Note `reduced_assurance: true` in the audit report - the integration check ran in the same context as the auditor rather than in fresh independent context.
119
+
120
+ Either way, the integration check happens. The quality level is documented.
121
+
122
+ ## 4. Collect Results
123
+
124
+ Combine:
125
+ - Phase-level gaps and tech debt (from step 2)
126
+ - Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
127
+ - Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
128
+ - Release claim posture observations: selected `release_claim_posture`, unsupported claims, waivers, deferrals, and contradiction checks for public, runtime, delivery, planning-drift, and generated-surface claims
129
+
130
+ ## 5. 3-Source Cross-Reference
131
+
132
+ Cross-reference three independent sources for each requirement to determine satisfaction status.
133
+
134
+ ### 5a. Parse SPEC.md Requirements
135
+
136
+ Extract all requirement IDs from `.planning/SPEC.md`:
137
+ - Requirement ID, description, checkbox status (`[x]` vs `[ ]`)
138
+
139
+ ### 5b. Parse ROADMAP.md Phase-to-Requirement Mapping
140
+
141
+ For each phase in `.planning/ROADMAP.md`, extract the Requirements field:
142
+ - Which requirements are assigned to which phase
143
+
144
+ ### 5c. Parse Phase VERIFICATION.md Requirements Tables
145
+
146
+ For each phase's VERIFICATION.md, extract the requirements coverage section:
147
+ - Which requirements were verified, with what status and evidence
148
+
149
+ ### 5d. Extract SUMMARY.md Frontmatter
150
+
151
+ For each phase's SUMMARY.md, extract `requirements-completed` from frontmatter when present:
152
+ - Which requirements the executor claims were completed
153
+ - Treat this as corroborating evidence, not as a hard prerequisite for a satisfied requirement
154
+
155
+ ### 5e. Status Determination Matrix
156
+
157
+ For each requirement, determine status using all available sources:
158
+
159
+ | VERIFICATION Status | SUMMARY Frontmatter | SPEC.md Checkbox | Final Status |
160
+ |---------------------|---------------------|------------------|--------------|
161
+ | passed | listed | `[x]` | **satisfied** |
162
+ | passed | listed | `[ ]` | **satisfied** (update spec) |
163
+ | passed | missing | any | **satisfied** (lower confidence; note missing SUMMARY corroboration) |
164
+ | gaps_found | any | any | **unsatisfied** |
165
+ | missing | listed | any | **partial** (verification gap) |
166
+ | missing | missing | any | **unsatisfied** |
167
+
168
+ ### 5f. FAIL Gate and Orphan Detection
169
+
170
+ **FAIL gate:** Any `unsatisfied` requirement forces `gaps_found` status on the milestone audit. No exceptions.
171
+
172
+ **Orphan detection:** Requirements in `.planning/SPEC.md` that are mapped to phases in `.planning/ROADMAP.md` but absent from ALL phase VERIFICATION.md files are orphaned. Orphaned requirements are treated as `unsatisfied` - they were assigned but never verified by any phase.
173
+
174
+ ## 6. Write Milestone Audit Report
175
+
176
+ Create `.planning/v{version}-MILESTONE-AUDIT.md` with structured frontmatter:
177
+
178
+ ```yaml
179
+ ---
180
+ milestone: v{version}
181
+ audited: {ISO-8601 timestamp}
182
+ status: passed | gaps_found | tech_debt
183
+ reduced_assurance: false
184
+ delivery_posture: repo_only | delivery_sensitive
185
+ release_claim_posture: repo_closeout | runtime_validated_closeout | delivery_supported_closeout
186
+ evidence_contract:
187
+ required_kinds: [code, test]
188
+ observed_kinds: [code, test]
189
+ missing_kinds: []
190
+ release_claim_contract:
191
+ unsupported_claims: []
192
+ waivers: []
193
+ deferrals: []
194
+ contradiction_checks:
195
+ evidence: passed | failed
196
+ public_surface: passed | failed | not_applicable
197
+ runtime: passed | failed | not_applicable
198
+ delivery: passed | failed | not_applicable
199
+ planning_drift: passed | failed
200
+ generated_surface: passed | failed | not_applicable
201
+ scores:
202
+ requirements: N/M
203
+ phases: N/M
204
+ integration: N/M
205
+ auth: N/M
206
+ flows: N/M
207
+ gaps:
208
+ requirements:
209
+ - id: "REQ-ID"
210
+ status: "unsatisfied | partial | orphaned"
211
+ phase: "assigned phase"
212
+ claimed_by_plans: ["plan files that reference this requirement"]
213
+ completed_by_plans: ["plan files whose SUMMARY marks it complete"]
214
+ verification_status: "passed | gaps_found | missing | orphaned"
215
+ evidence: "specific evidence or lack thereof"
216
+ integration: [...]
217
+ auth:
218
+ - surface: "admin metrics page"
219
+ status: "unprotected"
220
+ evidence: "Sensitive data renders without auth or role gate"
221
+ flows: [...]
222
+ tech_debt:
223
+ - phase: 01-auth
224
+ items:
225
+ - "TODO: add rate limiting"
226
+ ---
227
+ ```
228
+
229
+ Plus full markdown report body with tables for requirements, phases, integration findings, auth findings, and tech debt.
230
+
231
+ **Status values:**
232
+ - `passed` - all requirements met, no critical gaps, integration and auth protection verified
233
+ - `gaps_found` - critical blockers exist (unsatisfied requirements, unprotected sensitive flows, broken flows, or missing verifications)
234
+ - `tech_debt` - no blockers but accumulated deferred items need review
235
+
236
+ Evidence gate:
237
+ - a `passed` audit must have no `missing_kinds` for the selected `delivery_posture`
238
+ - `delivery_sensitive` audits cannot pass without explicit `runtime` and `delivery` evidence
239
+ - `repo_only` audits cannot be downgraded merely because `runtime` or `delivery` evidence was never relevant
240
+ - a `passed` audit must have no unsupported stronger release claims unless they are explicitly downgraded or deferred in `release_claim_contract`
241
+ - invalid waivers are blockers: human approval cannot replace missing `code`, `test`, `runtime`, or `delivery` evidence for a stronger claim
242
+ - public/support wording must be scoped to tracked public or repo-visible evidence; local-only `.planning/` artifacts cannot carry public release claims by themselves
243
+ - generated-surface freshness is claim-scoped: W11-style drift blocks only claims that depend on generated runtime/helper freshness, not unrelated repo-only closeout
244
+
245
+ **MANDATORY: The milestone audit report must exist at `.planning/v{version}-MILESTONE-AUDIT.md` on disk before presenting results. If the file was not written, STOP and report the write failure. Do NOT present audit results from conversation context alone — this is the highest-cost artifact to regenerate. Do NOT downgrade a write failure into "results shown inline anyway."**
246
+
247
+ ## 7. Present Results
248
+
249
+ Route by audit status:
250
+
251
+ ### If passed:
252
+ - Report: all requirements covered, cross-phase integration verified, auth protection verified, E2E flows complete
253
+ - Next step: complete the milestone (archive; any tag remains advisory and evidence-scoped)
254
+
255
+ ### If gaps_found:
256
+ - Report: list unsatisfied requirements, auth or cross-phase issues, broken flows
257
+ - Next step: plan gap closure phases to complete the milestone
258
+
259
+ ### If tech_debt:
260
+ - Report: all requirements met, list accumulated tech debt by phase
261
+ - Next step: either complete the milestone (accept debt) or plan a cleanup phase
262
+
263
+ </process>
264
+
265
+ <success_criteria>
266
+ Audit is complete when all of these are true:
267
+
268
+ - [ ] Milestone scope identified from ROADMAP.md
269
+ - [ ] All phase VERIFICATION.md files read (missing ones flagged as blockers)
270
+ - [ ] SUMMARY.md `requirements-completed` frontmatter extracted when present
271
+ - [ ] SPEC.md requirement checkboxes parsed
272
+ - [ ] ROADMAP.md phase-to-requirement mappings extracted
273
+ - [ ] Integration checker ran (subagent or inline with reduced_assurance noted)
274
+ - [ ] 3-source cross-reference completed (VERIFICATION + SUMMARY + SPEC.md)
275
+ - [ ] Orphaned requirements detected (mapped in ROADMAP but absent from all VERIFICATIONs)
276
+ - [ ] Auth-protection findings aggregated for sensitive milestone surfaces
277
+ - [ ] FAIL gate enforced - any unsatisfied requirement forces gaps_found status
278
+ - [ ] Tech debt and deferred gaps aggregated by phase
279
+ - [ ] MILESTONE-AUDIT.md created with structured requirement gap objects
280
+ - [ ] Results presented with actionable next steps based on status
281
+ </success_criteria>
282
+
283
+ <completion>
284
+ Report the audit result to the user, then present the next step:
285
+
286
+ ---
287
+ **Completed:** Milestone audit — created `.planning/v{version}-MILESTONE-AUDIT.md`.
288
+
289
+ If status is `passed`:
290
+ **Next step:** `/gsdd-complete-milestone` — archive the milestone and prepare for the next
291
+
292
+ If status is `gaps_found`:
293
+ **Next step:** `/gsdd-plan-milestone-gaps` — create gap-closure phases for the unsatisfied requirements
294
+
295
+ If status is `tech_debt`:
296
+ **Next step:** Either `/gsdd-complete-milestone` (accept debt) or `/gsdd-plan` (cleanup phase)
297
+
298
+ Also available:
299
+ - `/gsdd-verify` — re-verify a specific phase before re-auditing
300
+ - `/gsdd-progress` — check overall project status
301
+
302
+ Consider clearing context before starting the next workflow for best results.
303
+ ---
304
+ </completion>