gsdd-cli 0.19.3 → 0.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/agents/executor.md +3 -0
- package/agents/planner.md +11 -1
- package/agents/verifier.md +2 -0
- package/bin/gsdd.mjs +4 -5
- package/bin/lib/health.mjs +21 -3
- package/bin/lib/init-runtime.mjs +7 -1
- package/bin/lib/lifecycle-preflight.mjs +5 -0
- package/bin/lib/lifecycle-state.mjs +1 -1
- package/bin/lib/rendering.mjs +8 -1
- package/bin/lib/session-fingerprint.mjs +42 -2
- package/bin/lib/templates.mjs +1 -1
- package/bin/lib/ui-proof.mjs +849 -0
- package/distilled/DESIGN.md +45 -1
- package/distilled/EVIDENCE-INDEX.md +7 -0
- package/distilled/templates/delegates/plan-checker.md +2 -0
- package/distilled/templates/ui-proof.md +174 -0
- package/distilled/workflows/audit-milestone.md +1 -0
- package/distilled/workflows/execute.md +7 -8
- package/distilled/workflows/plan-milestone-gaps.md +21 -0
- package/distilled/workflows/plan.md +9 -8
- package/distilled/workflows/quick.md +6 -0
- package/distilled/workflows/verify.md +6 -4
- package/package.json +1 -1
package/distilled/DESIGN.md
CHANGED
|
@@ -72,6 +72,7 @@
|
|
|
72
72
|
59. [Continuity Authority And Planning-State Drift](#d59---continuity-authority-and-planning-state-drift)
|
|
73
73
|
60. [Release Closeout Contract](#d60---release-closeout-contract)
|
|
74
74
|
61. [Deliberate Subagent Contract](#d61---deliberate-subagent-contract)
|
|
75
|
+
62. [Repo-Native UI Proof Contract](#d62---repo-native-ui-proof-contract)
|
|
75
76
|
|
|
76
77
|
---
|
|
77
78
|
|
|
@@ -956,8 +957,9 @@ Implementation lives under `bin/lib/`:
|
|
|
956
957
|
| E5 | ERROR | `.planning/templates/delegates/` missing or empty |
|
|
957
958
|
| E6 | ERROR | `.planning/templates/research/` missing or empty |
|
|
958
959
|
| E7 | ERROR | `.planning/templates/codebase/` missing or empty |
|
|
959
|
-
| E8 | ERROR | `.planning/templates/` missing critical root files (`spec.md`, `roadmap.md`, `auth-matrix.md`) |
|
|
960
|
+
| E8 | ERROR | `.planning/templates/` missing critical root files (`spec.md`, `roadmap.md`, `auth-matrix.md`, `ui-proof.md`) |
|
|
960
961
|
| E9 | ERROR | `.planning/templates/brownfield-change/` missing or missing critical files (`CHANGE.md`, `HANDOFF.md`, `VERIFICATION.md`) |
|
|
962
|
+
| E10 | ERROR | Known UI proof bundle metadata is unparseable or fails deterministic privacy/claim validation |
|
|
961
963
|
| W1 | WARN | `generation-manifest.json` missing |
|
|
962
964
|
| W2 | WARN | Manifest-tracked installed templates/helpers modified locally (hash mismatch vs manifest) |
|
|
963
965
|
| W3 | WARN | Manifest-tracked installed templates/helpers missing from disk but listed in manifest |
|
|
@@ -2813,6 +2815,48 @@ Posture compatibility is part of that closeout contract: `repo_closeout` and `ru
|
|
|
2813
2815
|
|
|
2814
2816
|
---
|
|
2815
2817
|
|
|
2818
|
+
## D62 - Repo-Native UI Proof Contract
|
|
2819
|
+
|
|
2820
|
+
**Decision (2026-04-28):** UI-sensitive work should carry a compact planned proof-slot contract and, when executed, an observed UI proof bundle that references artifacts by path or link while preserving the existing closure evidence kinds: `code`, `test`, `runtime`, `delivery`, and `human`.
|
|
2821
|
+
|
|
2822
|
+
**Context:**
|
|
2823
|
+
- UI proof targets the recurring failure mode where agents claim a UI works or looks good without rendered proof, matched observations, or explicit human judgment.
|
|
2824
|
+
- The contract defines proof slots, proof bundles, comparison statuses, fail-closed agent guardrails, deterministic metadata validation, privacy metadata, and health visibility without adding a browser-provider framework.
|
|
2825
|
+
- GSD's archived planner, executor, and verifier roles preserve strong lifecycle discipline, but they do not provide this UI-specific planned-vs-observed proof model. GSDD keeps the lifecycle leverage and adds a repo-native UI proof substrate without adding a browser-provider framework.
|
|
2826
|
+
|
|
2827
|
+
**Decision:**
|
|
2828
|
+
- Planning must classify UI-sensitive work and require either `ui_proof_slots` or an explicit `no_ui_proof_rationale`.
|
|
2829
|
+
- Planned slots record claim, route/state, required evidence kinds, minimum observations, environment/viewport, manual-acceptance requirement, claim limit, and requirement IDs.
|
|
2830
|
+
- Observed proof bundles record claim, requirement/slot IDs, route/state, environment, viewport, evidence inputs, commands/manual steps, observations, artifacts, privacy metadata, result, and claim limits.
|
|
2831
|
+
- Verification compares planned slots to observed bundles using `satisfied`, `partial`, `missing`, `waived`, `deferred`, and `not_applicable`; waiver and deferral are not proof.
|
|
2832
|
+
- UI correctness claims fail closed unless rendered proof is matched exactly to claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit, or an explicit waiver/deferment narrows the claim.
|
|
2833
|
+
- Human acceptance may close a narrowed claim and record proof debt, but it must not convert missing or mismatched non-human evidence into `satisfied` proof.
|
|
2834
|
+
- Screenshots, traces, videos, reports, accessibility scans, Gherkin, and visual diffs are artifact types or activities mapped onto the five existing evidence kinds, not new evidence kinds.
|
|
2835
|
+
- Source annotations, AST/cAST findings, semantic search hits, comments, and Semble-like retrieval may discover proof obligations, but they are discovery hints only and do not satisfy proof slots.
|
|
2836
|
+
- Visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication require human evidence or explicit waiver, and human approval does not replace required `code`, `test`, `runtime`, or `delivery` evidence.
|
|
2837
|
+
- Deterministic metadata enforcement keeps the evidence and comparison-status vocabularies unchanged: artifact entries require `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; raw screenshots, traces, videos, DOM snapshots, and reports default to `local_only` plus `safe_to_publish: false`; `bin/lib/ui-proof.mjs` validates required bundle/observation fields, structured command/manual-step entries, fixed evidence kinds, claim/result statuses, comparison statuses, claim limits, privacy metadata, safe artifact references, and public/tracked/delivery proof claims backed by local-only, unsafe, unsanitized, or privacy-contradictory artifacts.
|
|
2838
|
+
- `gsdd health` reports invalid known UI proof bundles as E10 using the same validator, staying read-only and metadata-only.
|
|
2839
|
+
|
|
2840
|
+
**Leverage:**
|
|
2841
|
+
- Lost: UI-sensitive work now carries a small proof-contract burden, and invalid proof metadata can degrade/break health before agents can claim rendered UI outcomes.
|
|
2842
|
+
- Kept: repo-native markdown artifacts, optional project tooling, fixed closure evidence kinds, generated-surface freshness, and the plan/execute/verify separation.
|
|
2843
|
+
- Gained: exact claim-to-proof traceability, strict comparison statuses, privacy and claim-limit metadata, fail-closed overclaim guardrails, deterministic metadata validation, and health-visible protection against unsafe public proof claims.
|
|
2844
|
+
|
|
2845
|
+
**Evidence:**
|
|
2846
|
+
- `distilled/templates/ui-proof.md`
|
|
2847
|
+
- `distilled/workflows/plan.md`, `distilled/workflows/execute.md`, `distilled/workflows/quick.md`, `distilled/workflows/verify.md`
|
|
2848
|
+
- `agents/planner.md`, `agents/executor.md`, `agents/verifier.md`, `distilled/templates/delegates/plan-checker.md`
|
|
2849
|
+
- `bin/lib/templates.mjs`, `bin/lib/ui-proof.mjs`, `bin/lib/health.mjs`, `bin/lib/rendering.mjs`
|
|
2850
|
+
- `tests/phase.test.cjs`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.health.test.cjs`, `tests/gsdd.init.test.cjs`
|
|
2851
|
+
- GSD comparison: the upstream planner, executor, and verifier role patterns preserve lifecycle rigor, but they do not define UI proof slots or planned-vs-observed UI proof bundles.
|
|
2852
|
+
|
|
2853
|
+
**Consequences:**
|
|
2854
|
+
- Future UI-related phases must not add new evidence kinds by treating artifact types as proof categories.
|
|
2855
|
+
- Future dogfood or runtime validation must not upgrade artifact counts or human waivers into proof.
|
|
2856
|
+
- Generated runtime surfaces and local templates must stay freshness-checkable through `gsdd update --templates` and health diagnostics.
|
|
2857
|
+
|
|
2858
|
+
---
|
|
2859
|
+
|
|
2816
2860
|
## Maintenance
|
|
2817
2861
|
|
|
2818
2862
|
This document is updated when:
|
|
@@ -485,6 +485,13 @@
|
|
|
485
485
|
- GSD comparison source: `get-shit-done/workflows/new-project.md`
|
|
486
486
|
- `tests/gsdd.guards.test.cjs`, `tests/gsdd.invariants.test.cjs`
|
|
487
487
|
|
|
488
|
+
## D62 — Repo-Native UI Proof Contract
|
|
489
|
+
- `distilled/templates/ui-proof.md`
|
|
490
|
+
- `distilled/workflows/plan.md`, `distilled/workflows/execute.md`, `distilled/workflows/quick.md`, `distilled/workflows/verify.md`
|
|
491
|
+
- `agents/planner.md`, `agents/executor.md`, `agents/verifier.md`, `distilled/templates/delegates/plan-checker.md`
|
|
492
|
+
- `bin/lib/templates.mjs`, `bin/lib/ui-proof.mjs`, `bin/lib/health.mjs`, `bin/lib/rendering.mjs`
|
|
493
|
+
- `tests/phase.test.cjs`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.health.test.cjs`, `tests/gsdd.init.test.cjs`
|
|
494
|
+
|
|
488
495
|
---
|
|
489
496
|
|
|
490
497
|
## Maintenance
|
|
@@ -34,6 +34,8 @@ Verify these dimensions:
|
|
|
34
34
|
- `anti_regression_capture`: known prior failures, compatibility risks, and behavior that must not regress are represented in tasks or verification.
|
|
35
35
|
- `escalation_integrity`: tasks include checkpoints or escalation when evidence, permissions, user decisions, or risky ambiguity are required.
|
|
36
36
|
- `closure_honesty`: the plan's done criteria and evidence limits support only claims that execution can actually prove.
|
|
37
|
+
- `closure_honesty`: for UI proof, reject agent-only `looks good` closure, artifact-count proof, unsupported evidence kinds, and human acceptance that converts missing/mismatched non-human evidence into `satisfied` proof. Waiver, deferment, proof debt, or narrowed-claim language is acceptable only when the stronger UI claim is not treated as proven.
|
|
38
|
+
- `closure_honesty`: for UI proof privacy, require artifact `visibility`, `retention`, `sensitivity`, and `safe_to_publish`, require `gsdd ui-proof validate` or `gsdd health` when bundle metadata exists, and reject public/tracked/delivery/publication proof claims backed by local-only or `safe_to_publish: false` artifacts.
|
|
37
39
|
- `high_leverage_review`: high-leverage surfaces have a second-pass review or equivalent contradiction/staleness check before completion.
|
|
38
40
|
- `approach_alignment`: when APPROACH.md is provided, verify that plan tasks implement the chosen approaches from the user's decisions. Check:
|
|
39
41
|
- **Alignment proof valid?** When `workflow.discuss` is `true`, APPROACH.md must record `alignment_status: user_confirmed` or `alignment_status: approved_skip`. Missing alignment proof, unknown status, or agent-discretion-only proof -> `blocker` with `fix_hint` telling the planner to revise APPROACH.md through real user alignment or an explicit user-approved skip.
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
# UI Proof Bundle Template
|
|
2
|
+
|
|
3
|
+
Use this template when work affects rendered UI or when a plan defines `ui_proof_slots`. Keep the bundle compact, claim-specific, and attached to the relevant phase, quick task, or brownfield change.
|
|
4
|
+
|
|
5
|
+
UI proof uses the existing closure evidence kinds only: `code`, `test`, `runtime`, `delivery`, and `human`. Screenshots, traces, videos, reports, accessibility scans, Gherkin, visual diffs, and manual notes are artifact types or activities that map onto those evidence kinds. They are not new evidence kinds.
|
|
6
|
+
|
|
7
|
+
## Planned Proof Slots
|
|
8
|
+
|
|
9
|
+
Every UI-sensitive plan needs either at least one slot under `ui_proof_slots` or an explicit `no_ui_proof_rationale` explaining why no rendered UI proof is required.
|
|
10
|
+
|
|
11
|
+
```yaml
|
|
12
|
+
ui_proof_slots:
|
|
13
|
+
- slot_id: ui-01
|
|
14
|
+
requirement_id: REQ-01
|
|
15
|
+
claim: "User can complete the changed flow without a broken rendered UI."
|
|
16
|
+
route_state: "/example route, role, data state, and UI state to inspect"
|
|
17
|
+
required_evidence_kinds: [test, runtime]
|
|
18
|
+
optional_evidence_kinds: [human]
|
|
19
|
+
minimum_observations:
|
|
20
|
+
- "Changed control is visible and usable in the stated state."
|
|
21
|
+
- "Expected interaction completes without console/runtime error."
|
|
22
|
+
environment:
|
|
23
|
+
app_url: "http://localhost:3000"
|
|
24
|
+
data_state: "synthetic or seeded data"
|
|
25
|
+
viewport:
|
|
26
|
+
width: 1280
|
|
27
|
+
height: 720
|
|
28
|
+
notes: "Use project default unless responsive behavior is part of the claim."
|
|
29
|
+
manual_acceptance_required: false
|
|
30
|
+
claim_limit: "Does not prove cross-browser layout, full accessibility conformance, production delivery, or unrelated UI states."
|
|
31
|
+
no_ui_proof_rationale: null
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
Slot rules:
|
|
35
|
+
- Keep each slot tied to one exact UI claim.
|
|
36
|
+
- Use the lightest proof that can catch a botched rendered experience for that claim.
|
|
37
|
+
- Source annotations, AST/cAST findings, semantic search hits, comments, and Semble-like retrieval may help discover proof obligations. They are discovery hints only; they do not satisfy proof slots.
|
|
38
|
+
- Do not add Playwright, Cypress, Storybook, Cucumber, CI, browser MCP, or visual-regression tooling by default.
|
|
39
|
+
- Human approval is required for visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication decisions.
|
|
40
|
+
- Human approval does not replace required non-human evidence when the slot requires `code`, `test`, `runtime`, or `delivery` evidence.
|
|
41
|
+
|
|
42
|
+
## Observed Proof Bundle
|
|
43
|
+
|
|
44
|
+
Create or update this bundle during execution or verification when planned UI proof slots exist. JSON is the canonical machine-readable proof bundle format. Markdown proof files must include fenced JSON for deterministic validation.
|
|
45
|
+
|
|
46
|
+
```json
|
|
47
|
+
{
|
|
48
|
+
"proof_bundle_version": 1,
|
|
49
|
+
"scope": {
|
|
50
|
+
"work_item": "phase-or-quick-or-brownfield-id",
|
|
51
|
+
"requirement_ids": ["REQ-01"],
|
|
52
|
+
"slot_ids": ["ui-01"],
|
|
53
|
+
"claim": "User can complete the changed flow without a broken rendered UI."
|
|
54
|
+
},
|
|
55
|
+
"route_state": {
|
|
56
|
+
"route": "/example",
|
|
57
|
+
"state": "role, data state, feature flag, loading/error/empty state, or component story"
|
|
58
|
+
},
|
|
59
|
+
"environment": {
|
|
60
|
+
"app_url": "http://localhost:3000",
|
|
61
|
+
"browser": "project default or manual browser",
|
|
62
|
+
"browser_version": "record if known",
|
|
63
|
+
"os": "record if relevant",
|
|
64
|
+
"data_state": "synthetic or seeded data"
|
|
65
|
+
},
|
|
66
|
+
"viewport": {
|
|
67
|
+
"width": 1280,
|
|
68
|
+
"height": 720,
|
|
69
|
+
"device_scale_factor": "record if relevant"
|
|
70
|
+
},
|
|
71
|
+
"evidence_inputs": {
|
|
72
|
+
"kinds": ["test", "runtime"],
|
|
73
|
+
"tools_used": ["manual"]
|
|
74
|
+
},
|
|
75
|
+
"commands_or_manual_steps": [
|
|
76
|
+
{
|
|
77
|
+
"command": "npm run test:e2e -- changed-flow.spec.ts",
|
|
78
|
+
"exit_code": 0,
|
|
79
|
+
"result": "passed",
|
|
80
|
+
"attempts": 1
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"manual_step": "Open /example as synthetic user and complete the changed interaction.",
|
|
84
|
+
"result": "passed"
|
|
85
|
+
}
|
|
86
|
+
],
|
|
87
|
+
"observations": [
|
|
88
|
+
{
|
|
89
|
+
"observation": "Changed control is visible and completes the flow.",
|
|
90
|
+
"claim": "User can complete the changed flow without a broken rendered UI.",
|
|
91
|
+
"route_state": {
|
|
92
|
+
"route": "/example",
|
|
93
|
+
"state": "role, data state, feature flag, loading/error/empty state, or component story"
|
|
94
|
+
},
|
|
95
|
+
"evidence_kind": "runtime",
|
|
96
|
+
"artifact_refs": ["test-results/changed-flow-report/index.html"],
|
|
97
|
+
"privacy": {
|
|
98
|
+
"data_classification": "synthetic",
|
|
99
|
+
"raw_artifacts_safe_to_publish": false,
|
|
100
|
+
"retention": "temporary_review"
|
|
101
|
+
},
|
|
102
|
+
"result": "passed",
|
|
103
|
+
"claim_limit": "Does not prove Safari/WebKit behavior."
|
|
104
|
+
}
|
|
105
|
+
],
|
|
106
|
+
"artifacts": [
|
|
107
|
+
{
|
|
108
|
+
"path": "test-results/changed-flow-report/index.html",
|
|
109
|
+
"type": "report",
|
|
110
|
+
"visibility": "local_only",
|
|
111
|
+
"retention": "temporary_review",
|
|
112
|
+
"sensitivity": "possible",
|
|
113
|
+
"safe_to_publish": false,
|
|
114
|
+
"notes": "Local report only; not public proof."
|
|
115
|
+
}
|
|
116
|
+
],
|
|
117
|
+
"privacy": {
|
|
118
|
+
"data_classification": "synthetic",
|
|
119
|
+
"redactions": [],
|
|
120
|
+
"raw_artifacts_safe_to_publish": false,
|
|
121
|
+
"retention": "Keep metadata bundle; keep raw artifacts only while needed for review or failed proof triage."
|
|
122
|
+
},
|
|
123
|
+
"manual_acceptance": {
|
|
124
|
+
"required": false,
|
|
125
|
+
"reviewer": null,
|
|
126
|
+
"result": "not_applicable"
|
|
127
|
+
},
|
|
128
|
+
"result": {
|
|
129
|
+
"claim_status": "passed",
|
|
130
|
+
"comparison_status_by_slot": {
|
|
131
|
+
"ui-01": "satisfied"
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
"claim_limits": [
|
|
135
|
+
"Does not prove Safari/WebKit behavior.",
|
|
136
|
+
"Does not prove full WCAG conformance.",
|
|
137
|
+
"Does not prove deployed production behavior."
|
|
138
|
+
]
|
|
139
|
+
}
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
Bundle rules:
|
|
143
|
+
- Reference raw screenshots, traces, videos, DOM snapshots, reports, accessibility scans, Gherkin, and visual diffs by path or link. Do not store raw binary or sensitive artifacts inline.
|
|
144
|
+
- Each observation must identify the claim, route/state, evidence kind, artifact references behind it, privacy metadata, result, and claim limit it supports.
|
|
145
|
+
- Every observation `artifact_refs` value must match an `artifacts[].path` or `artifacts[].url` value.
|
|
146
|
+
- Artifact count is never proof. Unsupported or weakly linked artifacts are `partial`, `missing`, `waived`, or `deferred`, not `satisfied`.
|
|
147
|
+
- Each artifact must record the locked privacy fields `visibility`, `retention`, `sensitivity`, and `safe_to_publish`.
|
|
148
|
+
- Raw screenshots, traces, videos, DOM snapshots, and reports default to `visibility: local_only` plus `safe_to_publish: false` unless explicitly classified as sanitized and safe to publish.
|
|
149
|
+
- Local-only or `safe_to_publish: false` artifacts can support local review only; they must not back tracked, public, delivery, release, or publication proof claims.
|
|
150
|
+
- Human acceptance may close a narrowed claim only by recording waiver, deferment, or proof debt; it must not upgrade missing or mismatched non-human proof to `satisfied`.
|
|
151
|
+
- Quick-mode UI proof should use deterministic synthetic IDs such as `quick-001` and `quick-001-ui-01` when roadmap requirement IDs do not exist.
|
|
152
|
+
|
|
153
|
+
## Deterministic Validation
|
|
154
|
+
|
|
155
|
+
Use `gsdd ui-proof validate <path>` on JSON proof-bundle metadata or markdown fenced JSON before relying on a bundle for closure; add `--claim <public|publication|tracked|delivery|release>` only when validating that stronger proof use. Use `gsdd ui-proof compare <planned-slots-json> [observed-bundle-json ...]` when verifying planned proof slots against observed bundles through the deterministic product-facing path. Required observed-bundle top-level fields are `proof_bundle_version`, `scope`, `route_state`, `environment`, `viewport`, `evidence_inputs`, `commands_or_manual_steps`, `observations`, `artifacts`, `privacy`, `result`, and `claim_limits`. The validator checks required bundle and observation fields, structured command/manual-step entries, fixed evidence kinds, `result.claim_status`, observation `result`, comparison statuses, non-empty claim limits, locked artifact and observation privacy fields, observation-to-artifact references, workspace-relative/http(s) artifact references, and explicit public/tracked/delivery proof claims that rely on local-only, unsafe, unsanitized, or privacy-contradictory artifacts. `claim_status`, observation `result`, and command/manual-step `result` use `passed`, `failed`, `partial`, `waived`, `deferred`, or `not_applicable`. It is metadata-only and does not inspect raw screenshot, trace, video, DOM, or report contents.
|
|
156
|
+
|
|
157
|
+
## Comparison Statuses
|
|
158
|
+
|
|
159
|
+
Use these statuses when comparing planned slots to observed proof:
|
|
160
|
+
|
|
161
|
+
| Status | Meaning | Claim impact |
|
|
162
|
+
| --- | --- | --- |
|
|
163
|
+
| `satisfied` | Required observations and evidence kinds are present, scoped, and inspectable for the exact claim. | Supports the scoped UI claim. |
|
|
164
|
+
| `partial` | Some proof exists, but observations, artifact references, evidence kinds, privacy metadata, or assurance are weaker than planned. | Record a reduced claim or gap. |
|
|
165
|
+
| `missing` | Required proof is absent. | Blocks the UI claim unless explicitly waived or deferred. |
|
|
166
|
+
| `waived` | A human or approved plan waiver accepts the risk. | Does not prove the UI claim. |
|
|
167
|
+
| `deferred` | Proof moved to later work. | Current work must not claim the UI behavior is proven. |
|
|
168
|
+
| `not_applicable` | Accepted rationale says no UI proof is required. | No UI proof gap for that claim. |
|
|
169
|
+
|
|
170
|
+
Proof debt notes should name the slot, claim, route/state, missing or weak linkage, human acceptance basis, narrowed claim limit, and follow-up trigger.
|
|
171
|
+
|
|
172
|
+
## Claim Boundary
|
|
173
|
+
|
|
174
|
+
A UI proof bundle proves only the scoped claim, route/state, environment, viewport, observations, and evidence kinds it records. It does not imply broad visual quality, cross-browser coverage, full accessibility conformance, production delivery, release readiness, or public proof unless those dimensions are explicitly planned, evidenced, and classified safe to publish.
|
|
@@ -126,6 +126,7 @@ Combine:
|
|
|
126
126
|
- Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
|
|
127
127
|
- Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
|
|
128
128
|
- Release claim posture observations: selected `release_claim_posture`, unsupported claims, waivers, deferrals, and contradiction checks for public, runtime, delivery, planning-drift, and generated-surface claims
|
|
129
|
+
- UI proof debt from phase/quick proof bundles or verification gaps, preserving the rule that waiver/deferment/human acceptance narrows claims rather than satisfying missing proof
|
|
129
130
|
|
|
130
131
|
## 5. 3-Source Cross-Reference
|
|
131
132
|
|
|
@@ -164,6 +164,11 @@ Before reporting a task complete:
|
|
|
164
164
|
- if an API change is involved, hit the endpoint or targeted integration path
|
|
165
165
|
- A task is not complete because code was written. It is complete when the intended verification path actually passes.
|
|
166
166
|
|
|
167
|
+
### UI Proof Execution
|
|
168
|
+
If the plan defines non-empty `ui_proof_slots`, create or update the observed UI proof bundle before claiming completion; required top-level fields are `proof_bundle_version`, `scope`, `route_state`, `environment`, `viewport`, `evidence_inputs`, `commands_or_manual_steps`, `observations`, `artifacts`, `privacy`, `result`, and `claim_limits`.
|
|
169
|
+
Use existing UI tooling when available and cheap; manual/browser proof is acceptable when it records route/state, steps, observations, artifact references, and claim limits. Do not install Playwright, Cypress, Cucumber, Storybook, browser MCP, CI, or visual-regression tooling by default. Screenshots, traces, videos, reports, accessibility scans, Gherkin, visual diffs, and manual notes map onto existing evidence kinds, not new evidence kinds; reference raw artifacts by path/link instead of storing them inline.
|
|
170
|
+
Each artifact entry must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; raw screenshots, traces, videos, DOM snapshots, and reports default to `local_only` and `safe_to_publish: false` unless explicitly sanitized. Use `gsdd ui-proof validate <path>` when bundle metadata exists, adding `--claim <...>` only when relying on the bundle for public, tracked, delivery, release, or publication proof. Visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication decisions require human evidence or explicit waiver; artifact count, source comments, AST/cAST findings, semantic search, and Semble-like retrieval are not proof. If evidence does not match the slot claim, route/state, observation, artifact path/manual step, privacy metadata, result, and claim limit, record proof debt, waiver, deferment, or reduced claim language rather than `satisfied` proof.
|
|
171
|
+
|
|
167
172
|
### Git Guidance
|
|
168
173
|
|
|
169
174
|
```bash
|
|
@@ -440,20 +445,14 @@ Execution is done when all of these are true:
|
|
|
440
445
|
</success_criteria>
|
|
441
446
|
|
|
442
447
|
<completion>
|
|
443
|
-
Report
|
|
444
|
-
|
|
448
|
+
Report what was accomplished, then present the next step:
|
|
445
449
|
---
|
|
446
450
|
**Completed:** Plan execution — created `.planning/phases/{phase_dir}/{plan_id}-SUMMARY.md`.
|
|
447
|
-
|
|
448
451
|
**Next step:** Check `.planning/config.json` → `workflow.verifier`:
|
|
449
452
|
- If `true`: run `/gsdd-verify` — verify that the phase goal was achieved
|
|
450
453
|
- If `false` (or key missing): run `/gsdd-progress` — check status and route to the next phase
|
|
451
454
|
|
|
452
|
-
Also available:
|
|
453
|
-
- `/gsdd-plan` — plan the next wave (if more plans remain in this phase)
|
|
454
|
-
- `/gsdd-quick` — handle a sub-hour task outside the phase cycle
|
|
455
|
-
- `/gsdd-pause` — save context for later if stopping work
|
|
456
|
-
|
|
455
|
+
Also available: `/gsdd-plan` for the next wave, `/gsdd-quick` for sub-hour work, or `/gsdd-pause` to save context.
|
|
457
456
|
Consider clearing context before starting the next workflow for best results.
|
|
458
457
|
---
|
|
459
458
|
</completion>
|
|
@@ -15,6 +15,18 @@ If no audit file exists: stop and direct the user to run `/gsdd-audit-milestone`
|
|
|
15
15
|
If audit status is `passed`: stop and direct the user to run `/gsdd-complete-milestone` instead.
|
|
16
16
|
</prerequisites>
|
|
17
17
|
|
|
18
|
+
<repo_root_helper_contract>
|
|
19
|
+
All `node .planning/bin/gsdd.mjs ...` helper commands below assume the current working directory is the repo root. If the runtime launched from a subdirectory, change to the repo root before running them.
|
|
20
|
+
</repo_root_helper_contract>
|
|
21
|
+
|
|
22
|
+
<lifecycle_preflight>
|
|
23
|
+
Before writing ROADMAP gap-closure phases or phase directories, run:
|
|
24
|
+
|
|
25
|
+
- `node .planning/bin/gsdd.mjs lifecycle-preflight plan-milestone-gaps`
|
|
26
|
+
|
|
27
|
+
If the preflight result is `blocked`, STOP and report the blocker. This workflow intentionally mutates planning truth, so it must not proceed through pre-existing planning-state drift.
|
|
28
|
+
</lifecycle_preflight>
|
|
29
|
+
|
|
18
30
|
<load_context>
|
|
19
31
|
Before starting, read these files:
|
|
20
32
|
|
|
@@ -144,6 +156,14 @@ Create a directory for each gap closure phase:
|
|
|
144
156
|
|
|
145
157
|
No files inside — `/gsdd-plan` populates them.
|
|
146
158
|
|
|
159
|
+
## 8. Rebaseline Planning Fingerprint
|
|
160
|
+
|
|
161
|
+
After confirming the ROADMAP update and phase directories exist, run:
|
|
162
|
+
|
|
163
|
+
- `node .planning/bin/gsdd.mjs session-fingerprint write --allow-changed ROADMAP.md`
|
|
164
|
+
|
|
165
|
+
This records the user-confirmed ROADMAP mutation so the recommended `/gsdd-plan [N]` handoff does not immediately block on expected `planning_state_drift`. The `--allow-changed ROADMAP.md` guard must fail if `SPEC.md` or `config.json` also drifted after preflight; stop and reconcile that unexpected drift instead of rebaselining it. Do not run this if the ROADMAP write failed or the phase directories are missing.
|
|
166
|
+
|
|
147
167
|
</process>
|
|
148
168
|
|
|
149
169
|
<success_criteria>
|
|
@@ -155,6 +175,7 @@ No files inside — `/gsdd-plan` populates them.
|
|
|
155
175
|
- [ ] User confirmed gap closure plan before ROADMAP.md was updated
|
|
156
176
|
- [ ] ROADMAP.md updated with new gap closure phases
|
|
157
177
|
- [ ] Phase directories created
|
|
178
|
+
- [ ] `session-fingerprint write` ran after the reviewed ROADMAP update so `/gsdd-plan [N]` is not stranded by expected planning drift
|
|
158
179
|
</success_criteria>
|
|
159
180
|
|
|
160
181
|
**MANDATORY: `.planning/ROADMAP.md` must be updated on disk before this workflow is complete. If the write fails, STOP and report the failure. Without the updated ROADMAP, the phase cycle cannot begin.**
|
|
@@ -135,6 +135,10 @@ Also verify milestone truth is not self-contradictory across the planning surfac
|
|
|
135
135
|
If any of these are missing or contradictory, STOP. Report the exact missing contract field or contradiction. Do not improvise a stronger phase contract from chat context alone.
|
|
136
136
|
</phase_contract_gate>
|
|
137
137
|
|
|
138
|
+
<ui_proof_planning>
|
|
139
|
+
For UI-sensitive work, include compact `ui_proof_slots` with `slot_id`, optional `requirement_id`, `claim`, `route_state`, fixed evidence kinds (`code`, `test`, `runtime`, `delivery`, `human`), `minimum_observations`, `environment`, `viewport`, `manual_acceptance_required`, and `claim_limit`; otherwise set `no_ui_proof_rationale`.
|
|
140
|
+
Do not create slots for backend-only, CLI-only, docs-only, or refactor-only work unless the plan claims a visible UI outcome. Evidence must later match claim, route/state, observation, artifact path, evidence kind, privacy metadata, result, and claim limit; local-only or unsafe artifacts cannot support public, publication, tracked, delivery, or release proof claims. Human approval does not replace required `code`, `test`, `runtime`, or `delivery` evidence.
|
|
141
|
+
</ui_proof_planning>
|
|
138
142
|
<goal_backward_planning>
|
|
139
143
|
Plan backward from success criteria.
|
|
140
144
|
|
|
@@ -192,6 +196,8 @@ anti_regression_targets:
|
|
|
192
196
|
- Existing session middleware behavior remains unchanged for already-supported routes.
|
|
193
197
|
known_unknowns:
|
|
194
198
|
- Exact copy wording for auth errors may still need product confirmation.
|
|
199
|
+
ui_proof_slots: []
|
|
200
|
+
no_ui_proof_rationale: Not UI-sensitive; scoped work does not claim a visible UI outcome.
|
|
195
201
|
high_leverage_surfaces: []
|
|
196
202
|
second_pass_required: false
|
|
197
203
|
closure_claim_limit: Do not claim phase completion until verification satisfies the evidence contract for the scoped truths.
|
|
@@ -221,6 +227,7 @@ Schema rules:
|
|
|
221
227
|
- `files-modified` should list the files this plan is expected to touch
|
|
222
228
|
- `must_haves` must trace back to roadmap success criteria
|
|
223
229
|
- `non_goals`, `hard_boundaries`, `escalation_triggers`, and `closure_claim_limit` must not be empty
|
|
230
|
+
- include `ui_proof_slots` for UI-sensitive work or `no_ui_proof_rationale` otherwise
|
|
224
231
|
- `leverage.lost`, `leverage.kept`, and `leverage.gained` must all be explicit
|
|
225
232
|
- `second_pass_required: true` if `high_leverage_surfaces` is non-empty
|
|
226
233
|
- `parallelism_budget.max_concurrent_plans` must stay `1` unless the plan proves disjoint write ownership
|
|
@@ -607,7 +614,7 @@ Planning is done when all of these are true:
|
|
|
607
614
|
- [ ] Plan self-check passed
|
|
608
615
|
- [ ] Success criteria from `ROADMAP.md` are represented as must-haves
|
|
609
616
|
- [ ] Goal-backward derivation from criteria to artifacts to key links to tasks is explicit
|
|
610
|
-
- [ ] Every plan has frontmatter with `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `non_goals`, `hard_boundaries`, `escalation_triggers`, `approval_gates`, `anti_regression_targets`, `closure_claim_limit`, `parallelism_budget`, `leverage`, and `must_haves`
|
|
617
|
+
- [ ] Every plan has frontmatter with `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `non_goals`, `hard_boundaries`, `escalation_triggers`, `approval_gates`, `anti_regression_targets`, `ui_proof_slots` or `no_ui_proof_rationale`, `closure_claim_limit`, `parallelism_budget`, `leverage`, and `must_haves`
|
|
611
618
|
- [ ] Every plan frontmatter records `runtime` and `assurance`
|
|
612
619
|
- [ ] Every plan records checker outcome in a structured `<checks>` block
|
|
613
620
|
- [ ] Every task has XML structure with `id`, `type`, `files`, `action`, `verify`, and `done`
|
|
@@ -620,18 +627,12 @@ Planning is done when all of these are true:
|
|
|
620
627
|
|
|
621
628
|
<completion>
|
|
622
629
|
Report to the user what was accomplished, then present the next step:
|
|
623
|
-
|
|
624
630
|
---
|
|
625
631
|
**Completed:** Phase planning — created `.planning/phases/{phase_dir}/{plan_id}-PLAN.md`.
|
|
626
632
|
**Planning stops here:** `gsdd-plan` ends after the plan artifact is written. Do not start implementation in this same run, and do not treat imperative handoff text as execution authorization.
|
|
627
633
|
Installed generated runtime surfaces are trusted through rendering, not reviewer memory: `npx -y gsdd-cli health` compares any local generated skill/adapter surfaces against current render output, and `npx -y gsdd-cli update` regenerates them when they drift. Bare `gsdd health` / `gsdd update` are equivalent only when globally installed.
|
|
628
|
-
|
|
629
634
|
**Next workflow:** `/gsdd-execute` — start execution in a separate run when the user explicitly wants implementation to begin
|
|
630
|
-
|
|
631
|
-
Also available:
|
|
632
|
-
- `/gsdd-plan` — create additional plans for the same phase (if multi-wave)
|
|
633
|
-
- `/gsdd-progress` — check overall project status
|
|
634
|
-
|
|
635
|
+
Also available: `/gsdd-plan` for another wave, or `/gsdd-progress` for overall status.
|
|
635
636
|
Consider clearing context before starting the next workflow for best results.
|
|
636
637
|
---
|
|
637
638
|
</completion>
|
|
@@ -118,6 +118,10 @@ Delegate to the planner role in quick mode.
|
|
|
118
118
|
- No research phase, no ROADMAP requirements
|
|
119
119
|
- Do NOT extract phase requirement IDs — there is no active phase
|
|
120
120
|
- Derive must-haves directly from the task description
|
|
121
|
+
- If the quick task is UI-sensitive, include proportional `ui_proof_slots` with slot_id, claim, route_state, required_evidence_kinds, minimum_observations, environment, viewport, manual_acceptance_required, and claim_limit; otherwise include a short `no_ui_proof_rationale`
|
|
122
|
+
- UI proof slots must be matchable to exact observed evidence later: claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit. Discovery hints from source comments, AST/cAST, semantic search, or Semble-like retrieval do not satisfy proof.
|
|
123
|
+
- Observed artifact metadata must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; raw screenshots, traces, videos, DOM snapshots, and reports are local-only/unsafe by default. Use `gsdd ui-proof validate <path>` or `gsdd health` when a bundle exists; add `--claim <...>` only for public, publication, tracked, delivery, or release proof use.
|
|
124
|
+
- Keep UI proof proportional: do not scaffold Playwright, Cypress, Cucumber, Storybook, CI, browser MCP, or visual-regression tooling by default
|
|
121
125
|
- Ignore <planning_process> Step 1 requirement extraction; use inline goal-backward planning only
|
|
122
126
|
- Target minimal context usage
|
|
123
127
|
|
|
@@ -263,6 +267,8 @@ Delegate to the executor role.
|
|
|
263
267
|
- Skip the <state_updates> section of your role contract entirely
|
|
264
268
|
- Do NOT update ROADMAP.md phase status or SPEC.md current state
|
|
265
269
|
- Create summary at: `.planning/quick/$NEXT_NUM-$SLUG/$NEXT_NUM-SUMMARY.md`
|
|
270
|
+
- If the quick plan defines `ui_proof_slots`, create or update `.planning/quick/$NEXT_NUM-$SLUG/UI-PROOF.md` with fenced JSON containing required top-level fields: `proof_bundle_version`, `scope`, `route_state`, `environment`, `viewport`, `evidence_inputs`, `commands_or_manual_steps`, `observations`, `artifacts`, `privacy`, `result`, and `claim_limits`
|
|
271
|
+
- Human approval for visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, or privacy publication does not replace required `code`, `test`, `runtime`, or `delivery` evidence
|
|
266
272
|
|
|
267
273
|
**Output:** `.planning/quick/$NEXT_NUM-$SLUG/$NEXT_NUM-SUMMARY.md`
|
|
268
274
|
**Return:** Summary file path and completion status.
|
|
@@ -128,6 +128,12 @@ Rules:
|
|
|
128
128
|
Note: this step does NOT replace levels 1–3. An artifact can satisfy the evidence-kind requirement and still fail Level 2 (substantive) or Level 3 (wired). Both checks must run.
|
|
129
129
|
</evidence_contract>
|
|
130
130
|
|
|
131
|
+
<ui_proof_comparison>
|
|
132
|
+
If the plan defines non-empty `ui_proof_slots`, compare planned UI proof against observed bundles before closure. Prefer `gsdd ui-proof compare <planned-slots-json> [observed-bundle-json ...]` when planned slots are available as JSON or fenced JSON; otherwise perform the same field-by-field comparison and record reduced assurance if no deterministic command could run. If the plan records only `no_ui_proof_rationale`, verify the rationale instead of requiring a bundle. Each observed bundle must include top-level `proof_bundle_version`, `scope`, `route_state`, `environment`, `viewport`, `evidence_inputs`, `commands_or_manual_steps`, `observations`, `artifacts`, `privacy`, `result`, and `claim_limits`.
|
|
133
|
+
Classify each slot as exactly one of: `satisfied`, `partial`, `missing`, `waived`, `deferred`, or `not_applicable`. Waiver/deferment narrows the claim; it is not proof. Screenshots, traces, videos, reports, accessibility scans, Gherkin, visual diffs, and manual notes are artifact types or activities mapped onto existing evidence kinds, not new evidence kinds. Artifact count is never proof; each artifact must tie to the slot claim, route/state, observation, artifact path/link, privacy metadata, and claim limit.
|
|
134
|
+
Artifact privacy metadata must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; raw screenshots, traces, videos, DOM snapshots, and reports default to local-only and unsafe unless sanitized. Run `gsdd ui-proof validate <path>` or treat `gsdd health` E10 as blocking; add `--claim <...>` when relying on the bundle for public, tracked, delivery, release, or publication proof. Visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication require human evidence or explicit waiver; human approval does not replace required `code`, `test`, `runtime`, or `delivery` evidence. Source annotations, AST/cAST findings, semantic search, comments, and Semble-like retrieval are discovery hints only.
|
|
135
|
+
</ui_proof_comparison>
|
|
136
|
+
|
|
131
137
|
<verification_levels>
|
|
132
138
|
Check every artifact at three levels. A common failure mode is a file that exists but is still a stub.
|
|
133
139
|
### Level 1: Exists
|
|
@@ -423,13 +429,9 @@ Verification is done when all of these are true:
|
|
|
423
429
|
Report the verification result to the user, then present the next step:
|
|
424
430
|
|
|
425
431
|
---
|
|
426
|
-
|
|
427
432
|
**Completed:** Phase verification — created `.planning/phases/{phase_dir}/{phase_num}-VERIFICATION.md`.
|
|
428
|
-
|
|
429
433
|
If status is `passed`: **Next step:** `/gsdd-progress` — route to the next phase or milestone audit.
|
|
430
434
|
If status is `gaps_found`: **Next step:** `/gsdd-plan` — re-plan to close the identified gaps.
|
|
431
435
|
If status is `human_needed`: **Next step:** `/gsdd-verify-work`, then rerun `/gsdd-verify` with UAT results.
|
|
432
|
-
|
|
433
436
|
Consider clearing context before starting the next workflow for best results.
|
|
434
|
-
|
|
435
437
|
</completion>
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "gsdd-cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.21.0",
|
|
4
4
|
"description": "Workspine — a repo-native delivery spine for long-horizon AI-assisted work, with directly validated support for Claude Code, Codex CLI, and OpenCode, published as gsdd-cli.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|