gsdd-cli 0.2.0 → 0.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -34
- package/agents/DISTILLATION.md +15 -13
- package/agents/planner.md +2 -0
- package/bin/adapters/agents.mjs +1 -0
- package/bin/adapters/claude.mjs +12 -3
- package/bin/adapters/codex.mjs +4 -0
- package/bin/adapters/opencode.mjs +13 -4
- package/bin/gsdd.mjs +64 -39
- package/bin/lib/cli-utils.mjs +1 -1
- package/bin/lib/file-ops.mjs +161 -0
- package/bin/lib/health-truth.mjs +188 -0
- package/bin/lib/health.mjs +65 -12
- package/bin/lib/init-flow.mjs +267 -0
- package/bin/lib/init-prompts.mjs +247 -0
- package/bin/lib/init-runtime.mjs +226 -0
- package/bin/lib/init.mjs +19 -378
- package/bin/lib/models.mjs +19 -4
- package/bin/lib/phase.mjs +100 -14
- package/bin/lib/plan-constants.mjs +30 -0
- package/bin/lib/provenance.mjs +146 -0
- package/bin/lib/templates.mjs +17 -0
- package/distilled/DESIGN.md +625 -41
- package/distilled/EVIDENCE-INDEX.md +297 -0
- package/distilled/README.md +49 -21
- package/distilled/SKILL.md +89 -85
- package/distilled/templates/agents.block.md +13 -82
- package/distilled/templates/agents.md +0 -7
- package/distilled/templates/delegates/plan-checker.md +11 -4
- package/distilled/workflows/audit-milestone.md +7 -5
- package/distilled/workflows/complete-milestone.md +297 -0
- package/distilled/workflows/execute.md +188 -19
- package/distilled/workflows/map-codebase.md +14 -7
- package/distilled/workflows/new-milestone.md +249 -0
- package/distilled/workflows/new-project.md +28 -24
- package/distilled/workflows/pause.md +42 -6
- package/distilled/workflows/plan-milestone-gaps.md +183 -0
- package/distilled/workflows/plan.md +78 -13
- package/distilled/workflows/progress.md +42 -19
- package/distilled/workflows/quick.md +171 -8
- package/distilled/workflows/resume.md +121 -11
- package/distilled/workflows/verify-work.md +260 -0
- package/distilled/workflows/verify.md +124 -33
- package/package.json +9 -7
package/distilled/DESIGN.md
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
> Rationale for every structural choice GSDD makes relative to GSD.
|
|
4
4
|
> Each decision cites GSD source files, GSDD implementation, and external research.
|
|
5
5
|
> Updated as decisions are revised or new ones land.
|
|
6
|
+
>
|
|
7
|
+
> **Evidence index:** `distilled/EVIDENCE-INDEX.md` — one-line-per-source mapping for all decisions.
|
|
8
|
+
> **Open gaps:** `.internal-research/gaps.md` — live blockers, contradictions, and deferred decisions.
|
|
6
9
|
|
|
7
10
|
---
|
|
8
11
|
|
|
@@ -37,6 +40,16 @@
|
|
|
37
40
|
27. [Consumer-Ready Surface Completion](#27-consumer-ready-surface-completion)
|
|
38
41
|
28. [Workflow Completion Routing](#28-workflow-completion-routing)
|
|
39
42
|
29. [Approach Exploration](#29-approach-exploration)
|
|
43
|
+
30. [Hardening Propagation](#30-hardening-propagation)
|
|
44
|
+
31. [Outcome Dimension for Plan-Checker](#31-outcome-dimension-for-plan-checker)
|
|
45
|
+
32. [Quick Workflow Alignment Hardening](#32-quick-workflow-alignment-hardening)
|
|
46
|
+
33. [Quick Approach Clarification](#33-quick-approach-clarification)
|
|
47
|
+
34. [Context Engineering Applied to Quick Workflow](#34-context-engineering-applied-to-quick-workflow)
|
|
48
|
+
35. [Skills-Native Runtimes vs Governance Adapters](#35-skills-native-runtimes-vs-governance-adapters)
|
|
49
|
+
36. [Interactive Init Wizard](#36-interactive-init-wizard)
|
|
50
|
+
37. [Mutability-Driven Workflow Classification](#37-mutability-driven-workflow-classification)
|
|
51
|
+
38. [Retroactive Artifact Enforcement](#38-retroactive-artifact-enforcement)
|
|
52
|
+
39. [Brownfield Entry Wiring](#39-brownfield-entry-wiring)
|
|
40
53
|
|
|
41
54
|
---
|
|
42
55
|
|
|
@@ -60,8 +73,8 @@
|
|
|
60
73
|
|
|
61
74
|
- GSD source: `agents/_archive/gsd-codebase-mapper.md` lines 72-79 (original 7-file model)
|
|
62
75
|
- GSDD implementation: `agents/mapper.md` input/output contracts (4 files only)
|
|
63
|
-
- External: LeanSpec "Context Economy" principle; Aider tree-sitter dynamic repomaps (2026 SOTA)
|
|
64
76
|
- `.planning/SPEC.md` "Lean Context Decision" section
|
|
77
|
+
- External: Liu et al. "Lost in the Middle: How Language Models Use Long Contexts" (NeurIPS 2023) — position in context significantly affects recall; middle content is underweighted, supporting minimal stable file sets; Levy et al. "Same Task, More Tokens: Impact of Input Length on the Reasoning Performance of LLMs" (EMNLP 2024) — longer inputs degrade reasoning performance; Aider tree-sitter dynamic repo maps (aider.chat) — on-demand structural mapping as an alternative to static context files
|
|
65
78
|
|
|
66
79
|
---
|
|
67
80
|
|
|
@@ -151,6 +164,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
151
164
|
- GSD originals preserved in `agents/_archive/` (11 files, git history intact via `git mv`)
|
|
152
165
|
- GSDD canonicals in `agents/` (9 files + README.md)
|
|
153
166
|
- `agents/README.md` lifecycle table maps each canonical role to its GSD sources
|
|
167
|
+
- External: CrewAI role-based team patterns, Microsoft AutoGen hierarchical agents, LangGraph multi-agent subgraphs — all validate role specialization over monolithic agents; specific count of 10 is engineering judgment shaped by GSD source lineage, not an externally prescribed number
|
|
154
168
|
|
|
155
169
|
---
|
|
156
170
|
|
|
@@ -197,6 +211,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
197
211
|
- `bin/gsdd.mjs` lines 84-102 (role copy step with existsSync guard)
|
|
198
212
|
- `tests/gsdd.init.test.cjs` (validates role file existence and delegate-role references)
|
|
199
213
|
- All 10 delegate files (each starts with a role contract reference on line 1)
|
|
214
|
+
- External: Principal-agent theory (Jensen & Meckling, Journal of Financial Economics 1976) — the foundational model of delegation contracts where principals define behavioral constraints and agents execute within them; GoF Strategy Pattern (Gamma et al. "Design Patterns" 1994) — separating algorithm definition (role) from its usage context (delegate); LangGraph multi-agent subgraphs and Microsoft AutoGen hierarchical agent patterns validate role/orchestration separation in production AI systems
|
|
200
215
|
|
|
201
216
|
---
|
|
202
217
|
|
|
@@ -237,6 +252,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
237
252
|
- PR 2 intermediate state (one-hop via SKILL.md cross-reference)
|
|
238
253
|
- PR 4 final state (zero-hop, role contains all rules)
|
|
239
254
|
- `package.json` `files` array includes `agents/` (npm distribution fix)
|
|
255
|
+
- External: OWASP Top 10 for LLM Applications v2.0 (2025) — LLM01 (Prompt Injection) and LLM07 (System Prompt Leakage) directly support embedding security rules at the role contract level; Greshake et al. "Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection" (IEEE S&P 2023) — validates defense-in-depth at the agent-contract layer; Saltzer & Schroeder "The Protection of Information in Computer Systems" (1975) — complete mediation principle: every access must be checked against the access control policy
|
|
240
256
|
|
|
241
257
|
---
|
|
242
258
|
|
|
@@ -260,6 +276,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
260
276
|
- GSDD: `distilled/templates/delegates/researcher-synthesizer.md` (active delegate, references `synthesizer.md`)
|
|
261
277
|
- `agents/synthesizer.md` canonical contract (cross-reference algorithm)
|
|
262
278
|
- Config contract: `.planning/config.json` `researchDepth` field
|
|
279
|
+
- External: LangGraph conditional edges — adaptive agent invocation based on workflow state is a core LangGraph pattern; Asai et al. "Self-RAG: Learning to Retrieve, Generate, and Critique through Self-Reflection" (ICLR 2024) — validates conditional retrieval/synthesis based on whether additional context is needed; Anthropic "Building effective agents" (Dec 2024) — routing workflows match task complexity to agent selection
|
|
263
280
|
|
|
264
281
|
---
|
|
265
282
|
|
|
@@ -271,7 +288,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
271
288
|
|
|
272
289
|
1. **On first brownfield init:** `new-project.md` detects source files, offers codebase mapping. If accepted, invokes `map-codebase` via the portable skill surface (`.agents/skills/gsdd-map-codebase/SKILL.md`).
|
|
273
290
|
|
|
274
|
-
2. **On subsequent runs:** If `.planning/codebase/` already exists, mappers are skipped during init. User runs `/gsdd
|
|
291
|
+
2. **On subsequent runs:** If `.planning/codebase/` already exists, mappers are skipped during init. User runs `/gsdd-map-codebase` directly to trigger the Refresh/Update/Skip flow.
|
|
275
292
|
|
|
276
293
|
**Why standalone:** Codebase maps become stale after major refactors. Users need to refresh maps independently of project initialization. Embedding mapping inside init would force a full re-init to refresh maps.
|
|
277
294
|
|
|
@@ -289,6 +306,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
289
306
|
- GSD source: `get-shit-done/workflows/new-project.md` lines 61-80 (brownfield offer delegates to map-codebase)
|
|
290
307
|
- GSDD: `distilled/workflows/map-codebase.md` (standalone, re-runnable)
|
|
291
308
|
- GSDD: `distilled/workflows/new-project.md` (auto-invoke for brownfield via skill reference)
|
|
309
|
+
- External: Aider (aider.chat) uses dynamic tree-sitter-based repo maps generated on-demand rather than persistent cached indices — validates the freshness-over-cache approach; Cursor uses continuous background indexing (cached approach) showing both on-demand and cached are production-valid; on-demand is one defensible point on the freshness-vs-staleness-cost spectrum
|
|
292
310
|
|
|
293
311
|
---
|
|
294
312
|
|
|
@@ -318,6 +336,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
318
336
|
- GSD source: `get-shit-done/workflows/new-milestone.md` lines 101-173 (milestone-aware researchers), line 269 (phase numbering continuation)
|
|
319
337
|
- GSDD: `distilled/README.md` lifecycle diagram
|
|
320
338
|
- `.planning/SPEC.md` "Long-Term Lifecycle" section
|
|
339
|
+
- External: Hierarchical Task Network (HTN) planning (Erol, Hendler & Nau 1994; Nau et al. JAIR 2003) — foundational AI planning literature establishing milestone→phase→task decomposition as the standard approach for complex goal hierarchies; PMI PMBOK Work Breakdown Structure (WBS) standard — industry-standard phase/task hierarchy for project planning; Khot et al. "Decomposed Prompting: A Modular Approach for Solving Complex Tasks" (ICLR 2023) — task decomposition improves LLM performance on multi-step work by reducing scope per subproblem
|
|
321
340
|
|
|
322
341
|
---
|
|
323
342
|
|
|
@@ -347,6 +366,7 @@ This hardening pass also clarified a reusable architectural rule: strict portabl
|
|
|
347
366
|
- GSD source: `agents/_archive/gsd-executor.md` (mandatory commit in algorithm, TDD flow)
|
|
348
367
|
- GSDD: `agents/executor.md` lines 57-64 (Git Guidance -- repo-native, advisory)
|
|
349
368
|
- PR 5 (merged as PR #7): removed rigid git naming from workflows, adapters, generated governance
|
|
369
|
+
- External: Industry consensus — Aider, GitHub Copilot, Cursor, Codex CLI, and OpenCode all treat git operations as user-controlled or advisory, not as enforced framework requirements; no major AI coding tool mandates a specific commit-per-task or branch-naming convention
|
|
350
370
|
|
|
351
371
|
---
|
|
352
372
|
|
|
@@ -462,6 +482,7 @@ Codex is skills-first because the Codex CLI already supports repository skills d
|
|
|
462
482
|
- D7 (milestone hierarchy): STATE.md replaced by ROADMAP.md inline status
|
|
463
483
|
- D8 (advisory git): repo conventions over framework defaults
|
|
464
484
|
- D10 (context isolation): summaries up, documents to disk
|
|
485
|
+
- External: Crystal Clear (Cockburn 2004) — ceremony scales with team size and criticality; lightweight methods are prescribed for small, co-located, low-criticality work; Kanban class-of-service (Anderson 2010) — routing tasks by size/urgency to appropriate workflow lanes; Anthropic "Building effective agents" (Dec 2024) — match workflow complexity to actual task complexity rather than applying uniform ceremony
|
|
465
486
|
|
|
466
487
|
---
|
|
467
488
|
|
|
@@ -782,13 +803,16 @@ dispatch in a single file.
|
|
|
782
803
|
|
|
783
804
|
Implementation lives under `bin/lib/`:
|
|
784
805
|
- `cli-utils.mjs` owns flag parsing and JSON output helpers
|
|
806
|
+
- `file-ops.mjs` owns workspace-confined deterministic file copy, delete, and regex-sub mechanics
|
|
785
807
|
- `models.mjs` owns config/model schema and `cmdModels`
|
|
786
|
-
- `phase.mjs` owns phase discovery, verify, and
|
|
808
|
+
- `phase.mjs` owns phase discovery, verify, scaffold, and the status-aware ROADMAP phase helper
|
|
787
809
|
- `templates.mjs` owns template/role install and refresh flows
|
|
788
810
|
- `init.mjs` owns `createCmdInit(ctx)`, `createCmdUpdate(ctx)`, help text, and bootstrap/update helper logic
|
|
789
811
|
|
|
790
812
|
**Boundary rules:**
|
|
791
813
|
- keep `bin/gsdd.mjs` as composition root, not a second implementation module
|
|
814
|
+
- route deterministic copy/delete/text-mutation mechanics through CLI helpers instead of leaving manual file edits in workflow prose
|
|
815
|
+
- keep ROADMAP phase checkbox transitions in a status-aware helper; broader roadmap rewrites stay outside this helper boundary
|
|
792
816
|
- keep config-schema ownership in `models.mjs`; do not duplicate or relocate `buildDefaultConfig` into `init.mjs`
|
|
793
817
|
just to satisfy an old task list
|
|
794
818
|
- let `init` use the same template-sync module that `update --templates` uses, instead of maintaining separate
|
|
@@ -804,9 +828,10 @@ Implementation lives under `bin/lib/`:
|
|
|
804
828
|
|
|
805
829
|
**Evidence:**
|
|
806
830
|
- GSD source: `get-shit-done/install.js` (monolithic install/conversion surface)
|
|
807
|
-
- GSDD implementation: `bin/gsdd.mjs`, `bin/lib/init.mjs`, `bin/lib/templates.mjs`, `bin/lib/models.mjs`
|
|
831
|
+
- GSDD implementation: `bin/gsdd.mjs`, `bin/lib/init.mjs`, `bin/lib/templates.mjs`, `bin/lib/models.mjs`, `bin/lib/file-ops.mjs`, `bin/lib/phase.mjs`
|
|
808
832
|
- GSDD tests: `tests/gsdd.init.test.cjs`, `tests/gsdd.models.test.cjs`, `tests/gsdd.manifest.test.cjs`,
|
|
809
|
-
`tests/gsdd.guards.test.cjs`
|
|
833
|
+
`tests/gsdd.guards.test.cjs`, `tests/phase.test.cjs`, `tests/gsdd.invariants.test.cjs`, `tests/gsdd.scenarios.test.cjs`
|
|
834
|
+
- External: Seemann "Dependency Injection in .NET" (Manning 2011) — coined "Composition Root" as the named pattern for the single location where the entire application is assembled; Martin "Clean Architecture" (2017) — the main component as the outermost, dirtiest layer that owns all wiring; standard practice in oclif, Commander.js, yargs, and Cobra CLI frameworks
|
|
810
835
|
|
|
811
836
|
---
|
|
812
837
|
|
|
@@ -893,7 +918,7 @@ Implementation lives under `bin/lib/`:
|
|
|
893
918
|
|
|
894
919
|
**GSD:** `health.md` (157 lines) — calls `gsd-tools.cjs validate health [--repair]`, parses JSON with error codes E001-E005/W001-W007, supports `--repair` flag for createConfig/resetConfig/regenerateState repair actions.
|
|
895
920
|
|
|
896
|
-
**GSDD:** `gsdd health` CLI command (
|
|
921
|
+
**GSDD:** `gsdd health` CLI command (`bin/lib/health.mjs` + `bin/lib/health-truth.mjs`). Factory function `createCmdHealth(ctx)` returning an async command. No `--repair` flag — fixes are documented as actionable instructions, not automated mutations. GSDD already has `gsdd init` and `gsdd update --templates` as the repair paths; a separate repair mode would duplicate those commands.
|
|
897
922
|
|
|
898
923
|
**Check categories:**
|
|
899
924
|
|
|
@@ -904,12 +929,19 @@ Implementation lives under `bin/lib/`:
|
|
|
904
929
|
| E3 | ERROR | `.planning/templates/` missing |
|
|
905
930
|
| E4 | ERROR | `.planning/templates/roles/` missing or empty |
|
|
906
931
|
| E5 | ERROR | `.planning/templates/delegates/` missing or empty |
|
|
932
|
+
| E6 | ERROR | `.planning/templates/research/` missing or empty |
|
|
933
|
+
| E7 | ERROR | `.planning/templates/codebase/` missing or empty |
|
|
934
|
+
| E8 | ERROR | `.planning/templates/` missing critical root files (`spec.md`, `roadmap.md`, `auth-matrix.md`) |
|
|
907
935
|
| W1 | WARN | `generation-manifest.json` missing |
|
|
908
936
|
| W2 | WARN | Template files modified locally (hash mismatch vs manifest) |
|
|
909
937
|
| W3 | WARN | Template/role files missing from disk but listed in manifest |
|
|
910
|
-
| W4 | WARN |
|
|
938
|
+
| W4 | WARN | Active non-archived phases marked in progress/done are missing from `.planning/phases/` |
|
|
911
939
|
| W5 | WARN | Phase artifact set has PLAN but no matching SUMMARY (stale in-progress) |
|
|
912
940
|
| W6 | WARN | No adapter surfaces detected |
|
|
941
|
+
| W7 | WARN | `distilled/DESIGN.md` health check table differs from implemented check IDs |
|
|
942
|
+
| W8 | WARN | `distilled/README.md` workflow inventory differs from `distilled/workflows/` |
|
|
943
|
+
| W9 | WARN | `.internal-research/gaps.md` references missing repo-local paths |
|
|
944
|
+
| W10 | WARN | `.planning/ROADMAP.md` phase status differs from `.planning/SPEC.md` requirement checkboxes |
|
|
913
945
|
| I1 | INFO | Generation manifest `frameworkVersion` differs from current `FRAMEWORK_VERSION` |
|
|
914
946
|
| I2 | INFO | Phase completion count from ROADMAP |
|
|
915
947
|
| I3 | INFO | Which adapters are installed |
|
|
@@ -931,11 +963,15 @@ Implementation lives under `bin/lib/`:
|
|
|
931
963
|
|
|
932
964
|
3. **Pre-init guard.** If `.planning/config.json` doesn't exist, output a one-line message and exit 1. No partial checks — the workspace is simply not initialized.
|
|
933
965
|
|
|
934
|
-
4. **
|
|
966
|
+
4. **Split structural vs truth checks.** `bin/lib/health.mjs` keeps the structural workspace checks. `bin/lib/health-truth.mjs` holds the always-on cross-file truth checks (W7-W10) so the health surface can grow without turning the main command into one monolith.
|
|
967
|
+
|
|
968
|
+
5. **Reuses existing modules.** `readManifest()` and `detectModifications()` from `manifest.mjs` handle W1-W3. `isProjectInitialized()` pattern from `models.mjs` handles the pre-init guard. Truth checks stay read-only and operate on repo-local artifacts only when those framework files exist.
|
|
969
|
+
|
|
970
|
+
6. **Framework-source mode skips installed-project template checks.** Inside the GSDD framework repo itself, `distilled/templates/` is the source of truth and `.planning/templates/` is intentionally absent. `gsdd health` therefore skips the installed-project template/manifest checks (E3-E8, W1-W3) in framework-source mode instead of producing false positives during self-health runs.
|
|
935
971
|
|
|
936
972
|
**What was removed vs GSD:**
|
|
937
973
|
- `--repair` flag and associated repair actions
|
|
938
|
-
- Error codes E001-E005/W001-W007 (replaced with simpler E1-
|
|
974
|
+
- Error codes E001-E005/W001-W007 (replaced with simpler E1-E8/W1-W10/I1-I3)
|
|
939
975
|
- STATE.md checks (GSDD has no STATE.md per D7)
|
|
940
976
|
- PROJECT.md checks (GSDD uses SPEC.md, not checked by health — it's workflow-authored)
|
|
941
977
|
- Phase directory naming format checks (GSDD uses flat numbered files, not NN-name directories)
|
|
@@ -948,7 +984,7 @@ Implementation lives under `bin/lib/`:
|
|
|
948
984
|
- External audit (2026-03-13): recommendation #3 "Add just enough: status/resume/progress/health"
|
|
949
985
|
- External audit (2026-03-17): "You probably do need a minimal health surface, but not GSD's full style"
|
|
950
986
|
- PR #32: pre-init guard bug proved workspace integrity issues are real, not theoretical
|
|
951
|
-
- GSDD implementation: `bin/lib/health.mjs`, `bin/gsdd.mjs`, `tests/gsdd.health.test.cjs`, `tests/gsdd.guards.test.cjs` (G14)
|
|
987
|
+
- GSDD implementation: `bin/lib/health.mjs`, `bin/lib/health-truth.mjs`, `bin/gsdd.mjs`, `tests/gsdd.health.test.cjs`, `tests/gsdd.guards.test.cjs` (G14)
|
|
952
988
|
|
|
953
989
|
---
|
|
954
990
|
|
|
@@ -1115,41 +1151,39 @@ This is acceptable because:
|
|
|
1115
1151
|
|
|
1116
1152
|
## 24. Consumer Governance Completeness
|
|
1117
1153
|
|
|
1118
|
-
**Problem:** Consumer governance surfaces
|
|
1154
|
+
**Problem:** Consumer governance surfaces were oscillating between two failure modes. The earlier block was too thin and hid core lifecycle entry points. The later block over-corrected into a long wall that tried to enumerate every delivered workflow, which made first-run `AGENTS.md` too heavy for a stranger to scan quickly.
|
|
1119
1155
|
|
|
1120
|
-
**GSDD decision:** Consumer
|
|
1156
|
+
**GSDD decision:** Consumer-generated `AGENTS.md` must be complete for the primary lifecycle, not exhaustive for the whole framework. The generated governance surface is a routing map for the core path (`new-project -> plan -> execute -> verify -> progress`) plus the durable location of the portable skills. Secondary workflows remain discoverable through `.agents/skills/gsdd-*/SKILL.md`, but they do not all need to be listed inline in the short generated file.
|
|
1121
1157
|
|
|
1122
1158
|
**What changed:**
|
|
1123
1159
|
|
|
1124
|
-
- `agents.block.md` now
|
|
1125
|
-
-
|
|
1126
|
-
-
|
|
1127
|
-
-
|
|
1160
|
+
- `agents.block.md` now names the five core lifecycle skills explicitly instead of trying to inline all workflow inventory
|
|
1161
|
+
- The lifecycle line still anchors the full flow through `audit-milestone`, but the generated block stays routing-first and compact
|
|
1162
|
+
- The block tells agents where the full portable workflow set lives: `.agents/skills/gsdd-*/SKILL.md`
|
|
1163
|
+
- Guard coverage now enforces the compact contract instead of exhaustive inventory in the generated file
|
|
1128
1164
|
|
|
1129
|
-
**Why this is high-leverage:**
|
|
1165
|
+
**Why this is high-leverage:** Consumer `AGENTS.md` is read at the exact moment a stranger is deciding whether the framework is legible. The file has to preserve load-bearing routing while staying short enough to scan. Exhaustive workflow inventory belongs in the durable skills directory and public docs, not in the first-run governance block.
|
|
1130
1166
|
|
|
1131
1167
|
**Evidence:**
|
|
1132
1168
|
|
|
1133
|
-
-
|
|
1134
|
-
-
|
|
1135
|
-
-
|
|
1136
|
-
-
|
|
1137
|
-
- External audits (2026-03-13, 2026-03-17): both independently flagged documentation accuracy as the top remaining blocker for consumer adoption
|
|
1138
|
-
- GSDD implementation: `distilled/templates/agents.block.md`, `CHANGELOG.md`, `README.md`, `tests/gsdd.guards.test.cjs` (G18)
|
|
1169
|
+
- HumanLayer, "Skill Issue" (2026): AGENTS.md works best as a short routing map, not a full product manual
|
|
1170
|
+
- OpenAI, "Harness Engineering" (2026): the harness should surface the critical path clearly at the moment of action
|
|
1171
|
+
- Phase 17 repo proof: `tests/gsdd.consumer-ceremony.test.cjs` now asserts the generated consumer file stays within 15-25 lines while preserving core routing hints and portable-skill discovery
|
|
1172
|
+
- GSDD implementation: `distilled/templates/agents.block.md`, `distilled/templates/agents.md`, `tests/gsdd.consumer-ceremony.test.cjs`, `tests/gsdd.guards.test.cjs`
|
|
1139
1173
|
|
|
1140
1174
|
---
|
|
1141
1175
|
|
|
1142
1176
|
## 25. Consumer First-Run Experience
|
|
1143
1177
|
|
|
1144
|
-
**Problem:** GSDD's internal architecture
|
|
1178
|
+
**Problem:** GSDD's internal architecture was stronger than its first-run UX. The framework had the right runtime surfaces and workflow depth, but consumer onboarding still felt like an internal tool: too many init questions, too much generated governance text, and not enough immediate clarity about the next step.
|
|
1145
1179
|
|
|
1146
|
-
**Decision:**
|
|
1180
|
+
**Decision:** Keep launch-proof posture in public docs and install/help surfaces, while making the actual first-run experience intentionally lightweight: a guided init wizard with only load-bearing choices, explicit post-init summary output, and a compact generated governance block focused on the core path.
|
|
1147
1181
|
|
|
1148
1182
|
**Key changes:**
|
|
1149
|
-
-
|
|
1150
|
-
-
|
|
1151
|
-
- AGENTS.md governance
|
|
1152
|
-
- Quickstart
|
|
1183
|
+
- Interactive init now asks only five visible questions: runtimes, AGENTS governance, rigor, cost, and whether to track `.planning/` in git
|
|
1184
|
+
- Init prints a short summary showing the selected rigor/cost defaults and the core workflow route
|
|
1185
|
+
- AGENTS.md governance stays focused on invocation guidance, the governance-vs-discovery boundary, and the core lifecycle rather than launch-proof copy or exhaustive inventory
|
|
1186
|
+
- Quickstart and public docs still carry the broader platform and proof story
|
|
1153
1187
|
|
|
1154
1188
|
**Evidence:**
|
|
1155
1189
|
1. **Anthropic harness engineering** (2025-2026): "honest constraints over vague prompting" — harnesses should clearly communicate what they can and cannot enforce
|
|
@@ -1158,7 +1192,7 @@ This is acceptable because:
|
|
|
1158
1192
|
4. **Martin Fowler on context engineering**: Emphasizes that "the right information at the right time" applies to human consumers as much as to AI agents
|
|
1159
1193
|
5. **Both GSDD external audits** (March 13 + 17, 2026): Independently concluded the same gap — "architecture is solid, presentation lags implementation"
|
|
1160
1194
|
|
|
1161
|
-
**GSDD implementation:** `README.md` (quickstart, honest platform tiers), `distilled/templates/agents.block.md` (
|
|
1195
|
+
**GSDD implementation:** `README.md` (quickstart, honest platform tiers), `distilled/templates/agents.block.md` (compact governance plus governance/discovery boundary), `bin/lib/init-flow.mjs` (post-init summary), `bin/lib/init-prompts.mjs` (5-prompt guided flow), `tests/gsdd.consumer-ceremony.test.cjs`, `tests/gsdd.guards.test.cjs`
|
|
1162
1196
|
|
|
1163
1197
|
---
|
|
1164
1198
|
|
|
@@ -1209,7 +1243,7 @@ D12 established the session persistence design. D26 mechanically enforces the ro
|
|
|
1209
1243
|
|
|
1210
1244
|
## 28. Workflow Completion Routing
|
|
1211
1245
|
|
|
1212
|
-
**Problem:** Consumer testing (2026-03-21) revealed that AI agents completing a GSDD workflow go silent — the user must manually figure out which `/gsdd
|
|
1246
|
+
**Problem:** Consumer testing (2026-03-21) revealed that AI agents completing a GSDD workflow go silent — the user must manually figure out which `/gsdd-*` command to run next. The lifecycle contract (`new-project → plan → execute → verify → [next phase]`) was correct in design but invisible in practice at each step boundary. GSD original solved this with explicit "Next Up" sections at the end of every workflow; GSDD lost this pattern during distillation.
|
|
1213
1247
|
|
|
1214
1248
|
**Decision:** Add `<completion>` sections after `<success_criteria>` in all 9 terminal workflows. Add positional discipline gates (STOP instructions at exact deviation points) and mandatory persistence enforcement for critical artifacts.
|
|
1215
1249
|
|
|
@@ -1231,10 +1265,10 @@ Report to the user what was accomplished, then present the next step:
|
|
|
1231
1265
|
---
|
|
1232
1266
|
**Completed:** [what finished]
|
|
1233
1267
|
|
|
1234
|
-
**Next step:** `/gsdd
|
|
1268
|
+
**Next step:** `/gsdd-[command]` — [description]
|
|
1235
1269
|
|
|
1236
1270
|
Also available:
|
|
1237
|
-
- `/gsdd
|
|
1271
|
+
- `/gsdd-[alt]` — [description]
|
|
1238
1272
|
|
|
1239
1273
|
Consider clearing context before starting the next workflow for best results.
|
|
1240
1274
|
---
|
|
@@ -1242,15 +1276,15 @@ Consider clearing context before starting the next workflow for best results.
|
|
|
1242
1276
|
```
|
|
1243
1277
|
|
|
1244
1278
|
**Routing map (acyclic, complete):**
|
|
1245
|
-
- `new-project` → `/gsdd
|
|
1246
|
-
- `plan` → `/gsdd
|
|
1247
|
-
- `execute` → `/gsdd
|
|
1248
|
-
- `verify` → `/gsdd
|
|
1249
|
-
- `audit-milestone` → `/gsdd
|
|
1250
|
-
- `quick` → `/gsdd
|
|
1251
|
-
- `pause` → `/gsdd
|
|
1279
|
+
- `new-project` → `/gsdd-plan`
|
|
1280
|
+
- `plan` → `/gsdd-execute`
|
|
1281
|
+
- `execute` → `/gsdd-verify` (if verifier enabled) or `/gsdd-progress`
|
|
1282
|
+
- `verify` → `/gsdd-progress` (passed), `/gsdd-plan` (gaps), `/gsdd-verify` (human_needed)
|
|
1283
|
+
- `audit-milestone` → `/gsdd-complete-milestone` (passed), `/gsdd-plan` (gaps/debt)
|
|
1284
|
+
- `quick` → `/gsdd-progress`
|
|
1285
|
+
- `pause` → `/gsdd-resume` (next session)
|
|
1252
1286
|
- `resume` → dispatches to selected workflow
|
|
1253
|
-
- `map-codebase` → `/gsdd
|
|
1287
|
+
- `map-codebase` → `/gsdd-new-project`
|
|
1254
1288
|
|
|
1255
1289
|
**GSD comparison:**
|
|
1256
1290
|
|
|
@@ -1348,6 +1382,556 @@ Isolating research in subagents and returning compressed summaries follows the C
|
|
|
1348
1382
|
|
|
1349
1383
|
---
|
|
1350
1384
|
|
|
1385
|
+
## 30. Hardening Propagation
|
|
1386
|
+
|
|
1387
|
+
**Problem:** D28 introduced three hardening patterns (positional STOP gates, mandatory persistence with STOP-on-failure, guard-backed regression prevention) but applied them selectively: STOP gates only in `new-project.md`, persistence gates only in `execute.md` and `verify.md`. Three medium-tier workflows (`quick.md`, `map-codebase.md`, `new-project.md`) and two consistency targets (`audit-milestone.md`, `pause.md`) produce equally critical artifacts but lacked these protections.
|
|
1388
|
+
|
|
1389
|
+
**Decision:** Propagate D28 patterns to all workflows that produce durable artifacts, organized into three tiers. Intentionally exclude read-only workflows (`progress.md`) and workflows with adequate existing coverage (`resume.md`).
|
|
1390
|
+
|
|
1391
|
+
| Tier | ID | Workflow | Hardening | Pattern Source |
|
|
1392
|
+
|------|-----|----------|-----------|----------------|
|
|
1393
|
+
| 1 | H1 | `quick.md` | MANDATORY persistence gates for SUMMARY.md and VERIFICATION.md | `execute.md` SUMMARY gate |
|
|
1394
|
+
| 1 | H2 | `quick.md` | Positional STOP gate between plan and execute | `new-project.md` STOP gates |
|
|
1395
|
+
| 1 | H3 | `map-codebase.md` | Semantic quality check on mapper outputs (L2 substantiveness) | `verify.md` L1/L2/L3 checking |
|
|
1396
|
+
| 1 | H4 | `map-codebase.md` | MANDATORY persistence gate for 4 codebase documents | `execute.md` SUMMARY gate |
|
|
1397
|
+
| 1 | H5 | `new-project.md` | `<persistence>` section for SPEC.md and ROADMAP.md | `verify.md` `<persistence>` |
|
|
1398
|
+
| 1 | H6 | `quick.md` | Reduced-assurance plan self-check with `reduced_assurance` label | `plan.md` self-check fallback |
|
|
1399
|
+
| 2 | H7 | `audit-milestone.md` | MANDATORY persistence gate for MILESTONE-AUDIT.md | `execute.md` SUMMARY gate |
|
|
1400
|
+
| 2 | H8 | `pause.md` | MANDATORY persistence gate for `.continue-here.md` | `execute.md` SUMMARY gate |
|
|
1401
|
+
| 2 | H9 | `new-project.md` | Positional STOP gate between spec approval and roadmap creation | `new-project.md` STOP gates |
|
|
1402
|
+
|
|
1403
|
+
**Intentional non-propagation:**
|
|
1404
|
+
- `progress.md`: read-only by contract — writes zero files, modifies zero state. Nothing to gate.
|
|
1405
|
+
- `resume.md`: state detection already validates artifact existence before routing. No gap.
|
|
1406
|
+
|
|
1407
|
+
**Evidence:**
|
|
1408
|
+
|
|
1409
|
+
1. D28 consumer audit (2026-03-21): persistence failures and routing dead ends at every workflow boundary — patterns proven effective, scope was incomplete
|
|
1410
|
+
2. Huang et al. "Large Language Models Cannot Self-Correct Reasoning Yet" (ICLR 2024): LLMs cannot reliably self-correct without external feedback — validates fresh-context checking and explicit STOP gates over implicit behavioral expectations
|
|
1411
|
+
3. Kamoi et al. "When Can LLMs Actually Correct Their Own Mistakes?" (TACL 2024): self-correction works ONLY with reliable external feedback — validates MANDATORY gates as the external enforcement mechanism
|
|
1412
|
+
4. Anthropic long-context research (2024): instructions at decision points are followed more reliably than instructions at document start — validates positional STOP placement at exact deviation points
|
|
1413
|
+
5. D13 consistency argument: mechanical invariant enforcement prevents regression. The same structural pattern should be enforced everywhere it applies, not selectively.
|
|
1414
|
+
|
|
1415
|
+
**Tradeoff:** 18 new guard assertions (G24) to maintain, but prevents artifact loss across 5 additional workflows. Each persistence gate adds 1-2 lines to its workflow. Positional STOP gates add 1 line each. The cost is minimal relative to the failure modes prevented (lost SPEC.md, lost checkpoint, empty codebase maps poisoning downstream planning).
|
|
1416
|
+
|
|
1417
|
+
**GSDD implementation:** `distilled/workflows/quick.md`, `distilled/workflows/map-codebase.md`, `distilled/workflows/new-project.md`, `distilled/workflows/audit-milestone.md`, `distilled/workflows/pause.md`, `tests/gsdd.guards.test.cjs` (G24)
|
|
1418
|
+
|
|
1419
|
+
---
|
|
1420
|
+
|
|
1421
|
+
## 31. Outcome Dimension for Plan-Checker
|
|
1422
|
+
|
|
1423
|
+
**Problem:** GSDD's plan-checker verifies 7 structural dimensions (requirement coverage, task completeness, dependency correctness, key link completeness, scope sanity, must-have quality, context compliance). All 7 are process supervision — they check whether the plan is well-formed, not whether it achieves the phase goal. A plan can pass all 7 dimensions while producing only scaffolding artifacts that don't deliver the stated outcome.
|
|
1424
|
+
|
|
1425
|
+
**Decision:** Add an 8th dimension `goal_achievement` that performs outcome-level verification:
|
|
1426
|
+
|
|
1427
|
+
- **Goal addressed?** Do the plan's collective task outputs deliver the phase goal? Tasks that only set up infrastructure without delivering the stated user-facing outcome → `blocker`.
|
|
1428
|
+
- **Success criteria reachable?** Are ROADMAP.md success criteria traceable to task verify outputs? Each criterion should map to at least one task → `blocker` if unreachable.
|
|
1429
|
+
- **Outcome observable?** Could a human or automated check confirm the goal was met after execution? Plans producing only internal artifacts with no testable outcome → `warning`.
|
|
1430
|
+
|
|
1431
|
+
This creates a hybrid process+outcome verification architecture: 7 structural dimensions (process) + 1 outcome dimension.
|
|
1432
|
+
|
|
1433
|
+
**Evidence:**
|
|
1434
|
+
|
|
1435
|
+
1. Yu et al. "Outcome-Refining Process Supervision for Code Generation" (ICML 2025): hybrid process+outcome supervision achieves +26.9% correctness over either alone — the strongest evidence for adding outcome-level checks alongside process checks
|
|
1436
|
+
2. Rajan "Multi-Agent Code Verification via Information Theory" (2025): diminishing returns plateau around 4-7 specialized dimensions. 8 dimensions is within the efficient range; each additional dimension beyond 4 adds +11-15pp detection improvement
|
|
1437
|
+
3. Lightman et al. "Let's Verify Step by Step" (ICLR 2024): process supervision (per-step feedback) significantly outperforms outcome-only supervision — validates keeping the existing 7 process dimensions while adding outcome as complement, not replacement
|
|
1438
|
+
|
|
1439
|
+
**Tradeoff:** One additional dimension for the checker to evaluate per plan. Minimal cost: the goal and success criteria are already available as checker inputs (phase goal from ROADMAP.md, success criteria from ROADMAP.md phase section). No new inputs required.
|
|
1440
|
+
|
|
1441
|
+
**GSDD implementation:** `distilled/templates/delegates/plan-checker.md` (`goal_achievement` dimension), `tests/gsdd.guards.test.cjs` (G24 assertions)
|
|
1442
|
+
|
|
1443
|
+
---
|
|
1444
|
+
|
|
1445
|
+
## 32. Quick Workflow Alignment Hardening
|
|
1446
|
+
|
|
1447
|
+
**Problem:** GSDD's quick workflow has exactly one user alignment touchpoint — the task description at Step 1. After "what do you want to do?", the agent has unchecked autonomy over approach selection, scope interpretation, and execution. The full ceremony (`plan.md`) has 3-4 alignment touchpoints (approach exploration, plan review, checker escalation, mandatory verification). This gap is too large: quick mode trades ALL alignment for speed, creating a cliff between "zero agent oversight" and "full multi-round ceremony."
|
|
1448
|
+
|
|
1449
|
+
GSD's approach was a `--full` flag that added plan-checking + verification to quick tasks. But a flag you must remember to use doesn't solve alignment — the default mode still had zero user visibility into the plan before execution.
|
|
1450
|
+
|
|
1451
|
+
**Decision:** Three targeted interventions that close the alignment gap from 1 to 2-3 touchpoints without killing quick mode's speed advantage:
|
|
1452
|
+
|
|
1453
|
+
1. **Plan Preview Gate (mandatory, default-yes):** After the planner returns and the STOP gate verifies the plan exists, present a structured summary (task count, files to touch, 1-sentence approach) and wait for the user. Default-yes: pressing Enter proceeds. Options include edit, abort, and (when scope signal fires) switch to full ceremony. This is the core fix — the user sees agent intent before code changes happen.
|
|
1454
|
+
|
|
1455
|
+
2. **Scope Signal with Escalation (advisory, always-on):** Inline orchestrator evaluation checks the plan against quick-scope boundaries: >8 files modified, architecture keywords in description (`refactor`, `migration`, `security`, `auth`, `API design`, `schema`, `database`), new public APIs. If any signal fires, the advisory appears in the plan preview with a recommendation to use `/gsdd-plan` for approach exploration. Advisory only — the user decides. Keyword heuristics have false positives; blocking would train users to ignore the signal.
|
|
1456
|
+
|
|
1457
|
+
3. **Config-Gated Independent Plan Check (optional):** When `workflow.planCheck: true` in config.json, the existing plan-checker delegate runs against the quick task plan with 5 of 9 dimensions: `requirement_coverage`, `task_completeness`, `dependency_correctness`, `scope_sanity`, `must_have_quality`. Maximum 1 revision cycle (not 3 — diminishing returns for 1-3 task plans). If blockers remain, they surface in the plan preview for user decision. No new delegate or config key — reuses existing infrastructure.
|
|
1458
|
+
|
|
1459
|
+
**GSD comparison:**
|
|
1460
|
+
|
|
1461
|
+
| Aspect | GSD `--full` | GSDD D32 |
|
|
1462
|
+
|--------|-------------|----------|
|
|
1463
|
+
| Plan visibility | None in default, plan-checker in --full | Always-on preview (default-yes) |
|
|
1464
|
+
| Activation | Flag per invocation (easy to forget) | Config-driven (project-wide, consistent) |
|
|
1465
|
+
| Scope awareness | None | Advisory scope signal with escalation |
|
|
1466
|
+
| Checker scope | Full 5-dimension check (--full only) | 5-dimension quick-scoped check (config-gated) |
|
|
1467
|
+
| Revision cycles | Max 2 (--full only) | Max 1 (quick tasks don't warrant extended loops) |
|
|
1468
|
+
| User decision | Force proceed or abort after checker | Preview + scope signal + checker issues → informed decision |
|
|
1469
|
+
|
|
1470
|
+
**Evidence:**
|
|
1471
|
+
|
|
1472
|
+
1. Risk-adaptive autonomy pattern (AWS, Azure, Anthropic 2025-2026): confirmation gates should scale with consequence level — routine auto-proceeds, uncertain pauses, high-impact requires sign-off. The plan preview is the "pause for uncertain" gate.
|
|
1473
|
+
2. Human-on-the-loop > human-in-the-loop (Anthropic agent autonomy research 2026): HOTL gives visibility without requiring active management of each step. Default-yes implements HOTL — the user monitors, intervenes only when needed.
|
|
1474
|
+
3. Osmani / Fowler on spec-driven development (2025): "iterate in small loops, course-correct quickly." The plan preview IS the small-loop checkpoint for quick tasks.
|
|
1475
|
+
4. Madaan et al. "Self-Refine" (NeurIPS 2023): 1 revision cycle captures most improvement; diminishing returns argue against 3 cycles for 1-3 task plans. Validates max-1 checker cycle for quick scope.
|
|
1476
|
+
5. Huang et al. "LLMs Cannot Self-Correct Reasoning Yet" (ICLR 2024): self-check without external feedback is unreliable. The plan preview provides external feedback (user eyes on the plan) even when the independent checker is disabled.
|
|
1477
|
+
6. SkillsBench (Feb 2026): focused skills outperform comprehensive docs. Quick mode should stay focused and escalate to full ceremony when scope exceeds boundaries, not expand to absorb more ceremony.
|
|
1478
|
+
|
|
1479
|
+
**Tradeoff:** ~5 seconds overhead for plan preview (default-yes), ~60-90 seconds if independent checker runs. Sub-hour work stays sub-hour. Adds ~60 lines to quick.md (198→~260). No new files, no new delegates, no new config keys.
|
|
1480
|
+
|
|
1481
|
+
**GSDD implementation:** `distilled/workflows/quick.md` (Steps 3.5-3.7), `distilled/DESIGN.md` (this section), `tests/gsdd.guards.test.cjs` (G24 assertions for plan preview, scope signal, conditional plan-checker)
|
|
1482
|
+
|
|
1483
|
+
---
|
|
1484
|
+
|
|
1485
|
+
## 33. Quick Approach Clarification
|
|
1486
|
+
|
|
1487
|
+
**Problem:** D32 added post-plan alignment to quick tasks (plan preview, scope signal, optional plan check), but all three interventions are **reactive** — the agent selects the approach unilaterally, writes the plan, then shows it to the user. The user can abort or edit the description, but cannot shape the approach before the planner commits. The full ceremony's `<approach_exploration>` (plan.md) solves this at scale with 3-4 grey areas, research subagents, and persisted APPROACH.md — but that's wrong for sub-hour work.
|
|
1488
|
+
|
|
1489
|
+
**Decision:** Add Step 2.5 (Approach Clarification) between Initialize and Plan. Config-gated via the existing `workflow.discuss` toggle — same toggle that gates full ceremony's approach exploration, same intent ("align on approach before planning"), lighter mechanism for quick scope.
|
|
1490
|
+
|
|
1491
|
+
The step has a **dual gate** — even with `workflow.discuss: true`, it evaluates the task description for ambiguity signals before asking anything:
|
|
1492
|
+
|
|
1493
|
+
| Signal | Detection | Example |
|
|
1494
|
+
|--------|-----------|---------|
|
|
1495
|
+
| Multiple valid approaches | Description solvable via distinct patterns | "add caching" (Redis? in-memory? HTTP headers?) |
|
|
1496
|
+
| Destructive operations | Contains: `delete`, `remove`, `migrate`, `rename`, `replace`, `rewrite`, `drop` | "remove the old auth middleware" |
|
|
1497
|
+
| Vague scope | Contains: `improve`, `fix`, `update`, `refactor`, `clean up`, `optimize` without specifying target | "improve error handling" |
|
|
1498
|
+
| Trade-off present | Implies competing goals | "make it faster" (algorithmic? caching? denormalization?) |
|
|
1499
|
+
|
|
1500
|
+
If no signals fire, the step skips silently — no questions asked, even with toggle on. When signals fire, the orchestrator identifies 1-2 grey areas and asks targeted questions in **recommendation-first format**: "I'd approach this with X because Y. Want me to proceed, or do you prefer Z?" Maximum 2 questions — if a task has 3+ grey areas, the scope signal (D32) should already be recommending `/gsdd-plan`.
|
|
1501
|
+
|
|
1502
|
+
Output is inline `$APPROACH_CONTEXT` (e.g., "User confirmed: use in-memory LRU cache, not Redis") passed to the planner as locked constraints. No APPROACH.md file — file artifacts add overhead with no return for sub-hour work.
|
|
1503
|
+
|
|
1504
|
+
**GSD comparison:** GSD has no pre-plan questioning in quick mode. The `--full` flag adds plan-checking and verification but not approach alignment — the agent still decides the approach unilaterally in all modes.
|
|
1505
|
+
|
|
1506
|
+
| Aspect | GSD Quick | GSDD Quick (D32) | GSDD Quick (D32+D33) | GSDD Full Ceremony |
|
|
1507
|
+
|--------|----------|------------------|---------------------|-------------------|
|
|
1508
|
+
| Pre-plan alignment | None | None | 1-2 questions (conditional) | 3-4 grey areas + research subagents |
|
|
1509
|
+
| Post-plan alignment | None (--full adds checker) | Preview + scope signal | Preview + scope signal | Checker blocks (max-3 cycles) |
|
|
1510
|
+
| Approach persistence | None | None | Inline context only | APPROACH.md file |
|
|
1511
|
+
| User alignment rounds | 1 | 2-3 | 2-4 | 3-4 |
|
|
1512
|
+
|
|
1513
|
+
**Evidence:**
|
|
1514
|
+
|
|
1515
|
+
1. Anthropic "Measuring AI agent autonomy in practice" (2025): Claude asks 2x+ more on complex tasks; uncertainty awareness is treated as a safety property. D33's ambiguity detection formalizes what Claude naturally does — ask when uncertain, proceed when confident.
|
|
1516
|
+
2. Knight First Amendment Institute "Levels of Autonomy for AI Agents" (2025): 5-level autonomy spectrum. Quick tasks map to Level 3 ("Consultant"): agent decides, asks when uncertain. D33 implements this — agent leads with recommendation, asks only on ambiguity.
|
|
1517
|
+
3. Anthropic "Framework for safe and trustworthy agents" (2025): recommendation-first framing validated. "I'd do X because Y. Approve?" outperforms open-ended "What should I do?" — preserves agent leadership while giving user override.
|
|
1518
|
+
4. Martin Fowler "Humans and Agents in SE Loops" (2025): HOTL > HITL — agents handle 95% autonomously, pause for 5% edge cases. D33 asks only when ambiguity detected, not on every task.
|
|
1519
|
+
5. Huang et al. "LLMs Cannot Self-Correct Reasoning Yet" (ICLR 2024): LLMs cannot reliably self-correct without external feedback. Pre-plan user input catches approach errors that self-check cannot detect.
|
|
1520
|
+
6. Anthropic trust calibration data (2025): users auto-approve 20% initially → 40% by session 750+. Config-gated design respects this — experienced users who trust the agent disable `workflow.discuss`.
|
|
1521
|
+
|
|
1522
|
+
**Counter-evidence addressed:** Asking too much creates HITL bottleneck (iMerit 2025, McKinsey 2025) → mitigated by dual gate (config + ambiguity detection). Open-ended questions reduce user confidence (Anthropic best practices) → mitigated by recommendation-first format. Routine tasks shouldn't be interrupted (SkillsBench Feb 2026) → mitigated by silent skip when no ambiguity detected.
|
|
1523
|
+
|
|
1524
|
+
**Competitor landscape:** Cursor uses explicit mode selection (Ask vs Agent) without automatic ambiguity detection. GitHub Copilot uses post-hoc PR review only. GSD uses per-invocation `--full` flag. None do automatic ambiguity-sensitive pre-plan questioning.
|
|
1525
|
+
|
|
1526
|
+
**Tradeoff:** ~15-30 seconds overhead when triggered (1-2 questions). Skipped entirely when no ambiguity detected, even with toggle on. Adds ~40 lines to quick.md. No new files, no new delegates, no new config keys — reuses existing `workflow.discuss` toggle.
|
|
1527
|
+
|
|
1528
|
+
**GSDD implementation:** `distilled/workflows/quick.md` (Step 2.5), `distilled/DESIGN.md` (this section), `tests/gsdd.guards.test.cjs` (G24 assertions for approach clarification, ambiguity signals, recommendation-first format)
|
|
1529
|
+
|
|
1530
|
+
---
|
|
1531
|
+
|
|
1532
|
+
## 34. Context Engineering Applied to Quick Workflow
|
|
1533
|
+
|
|
1534
|
+
**GSD:** GSD quick.md has `<purpose>`, `<required_reading>`, `<process>` (XML outer sections) with `**Step N:**` bold markdown inside `<process>`. No `<anti_patterns>` section. No authority language conventions for process gates.
|
|
1535
|
+
|
|
1536
|
+
**GSDD (before D34):** Same XML outer sections with markdown step headers inside `<process>`. All 9 role contracts have `<anti_patterns>` after `<role>` (documented in DISTILLATION.md as mandatory placement), but quick.md — an orchestrator consumed by AI agents — had none. Authority language mixed between `**STOP.**` and `**MANDATORY:**` across 3 file-verification gates.
|
|
1537
|
+
|
|
1538
|
+
**GSDD (D34):** Two targeted changes applying context engineering principles from the prompty/agentskit reference implementation (28 primary sources) and Anthropic prompting guidance:
|
|
1539
|
+
|
|
1540
|
+
**Change 1: `<anti_patterns>` section.** Added 7 anti-patterns after `<role>`, matching the 5-8 item range used by role contracts. Each maps to a real workflow gate (plan preview, file verification, max 2 questions, no APPROACH.md, no ROADMAP/SPEC updates, config.json reads, no scope expansion). This is the single highest-value context engineering improvement — it gives agents explicit "don't do this" guardrails for the workflow's most critical gates.
|
|
1541
|
+
|
|
1542
|
+
**Change 2: Authority language normalization.** `**MANDATORY:**` → `**STOP.**` on 2 of 3 file-verification gates. DISTILLATION.md resolves authority language vocabulary: CRITICAL for initial-read gates, normal imperative language for process gates. STOP is the correct word for "halt and check" gates; MANDATORY is not in the resolved vocabulary.
|
|
1543
|
+
|
|
1544
|
+
**What was investigated but NOT changed:**
|
|
1545
|
+
|
|
1546
|
+
| Finding | Decision | Why |
|
|
1547
|
+
|---------|----------|-----|
|
|
1548
|
+
| Steps use markdown headers, not XML `<step>` tags | Keep markdown headers | All 10 GSDD workflows use the same pattern. prompty's agentskit-architect SKILL.md uses the identical pattern (single `<algorithm>` container with text step labels). Changing quick.md alone creates cross-workflow inconsistency. Candidate for a future cross-workflow PR. |
|
|
1549
|
+
| No `<output_contract>` section | Not needed | `<completion>` section already specifies what the workflow produces — paths, status, next steps |
|
|
1550
|
+
| No `<input_contract>` section | Not needed | `<prerequisites>` section already covers required preconditions |
|
|
1551
|
+
| No progressive disclosure restructuring | Not needed | ~350 lines is within the agentskills.io 500-line recommended limit |
|
|
1552
|
+
| Caching-friendly ordering | Already correct | Static content (role, anti_patterns, prerequisites) at top, variable content (process steps) below |
|
|
1553
|
+
|
|
1554
|
+
**Evidence:**
|
|
1555
|
+
|
|
1556
|
+
| Source | Contribution |
|
|
1557
|
+
|--------|-------------|
|
|
1558
|
+
| Anthropic Claude Prompting Best Practices [S1] | "Claude has been specifically tuned to pay special attention to your structure when using XML tags." Validates XML for section boundaries. Anti-patterns placed early for attention weight. |
|
|
1559
|
+
| DISTILLATION.md (GSDD internal) | "Anti-patterns early — Place 'don't do this' instructions near the top, after role definition." Cross-source validated pattern across all 9 role contracts. Authority language resolution: CRITICAL for initial-read, normal language elsewhere. |
|
|
1560
|
+
| Selective Prompt Anchoring, arxiv 2408.09121 (2024) | Up to 12.9% Pass@1 improvement from strategic attention anchoring. XML tags create hard attention boundaries; markdown headers may be treated as content formatting. |
|
|
1561
|
+
| agentskit-architect SKILL.md (prompty) | Uses single `<algorithm>` container with text step labels inside — same structural pattern as GSDD's `<process>` with markdown headers. Validates the hybrid XML-outer/markdown-inner approach. |
|
|
1562
|
+
| Manus AI Context Engineering [S5] | "Filesystem as extended context" — structural quality of prompt files directly impacts agent behavior. Validates treating workflow files as engineered artifacts, not documentation. |
|
|
1563
|
+
| agentskit-evaluator SKILL.md (prompty) | Authority language audit: "CRITICAL only for gates?" is a scored compliance check. Validates normalizing gate vocabulary. |
|
|
1564
|
+
|
|
1565
|
+
**Scope:** quick.md only. If `<anti_patterns>` proves valuable for orchestrators, extend to plan.md and other workflows in a follow-up PR.
|
|
1566
|
+
|
|
1567
|
+
**GSDD implementation:** `distilled/workflows/quick.md` (`<anti_patterns>` section, STOP normalization), `distilled/DESIGN.md` (this section), `tests/gsdd.guards.test.cjs` (G26 assertions for anti_patterns placement, content, gate language consistency, XML structural sections)
|
|
1568
|
+
|
|
1569
|
+
---
|
|
1570
|
+
|
|
1571
|
+
## 35. Skills-Native Runtimes vs Governance Adapters
|
|
1572
|
+
|
|
1573
|
+
**Problem:** Repo surfaces had started conflating two different questions:
|
|
1574
|
+
1. Does the runtime discover `.agents/skills/` natively?
|
|
1575
|
+
2. What extra generated adapter artifact does `gsdd init --tools <runtime>` add?
|
|
1576
|
+
|
|
1577
|
+
That conflation was survivable while Cursor and Copilot were incorrectly treated as governance-first tools, but it became actively misleading once live testing proved they were skills-native. Gemini then moved into the same bucket via user-performed live validation on 2026-03-25. The old grouped README / AGENTS wording wrongly implied the root `AGENTS.md` block was required for workflow discovery on those runtimes.
|
|
1578
|
+
|
|
1579
|
+
**Decision:** Separate runtime capability from generated adapter artifact kind.
|
|
1580
|
+
|
|
1581
|
+
- Cursor, Copilot, and Gemini are documented as **skills-native runtimes**: they discover `.agents/skills/gsdd-*` and surface the workflows directly as slash commands.
|
|
1582
|
+
- `--tools cursor`, `--tools copilot`, `--tools gemini`, and `--tools agents` still generate the same root `AGENTS.md` bounded block, but that artifact is **governance only**.
|
|
1583
|
+
- The root `AGENTS.md` block remains valuable behavioral discipline, but it must not be described as the workflow-discovery mechanism for a skills-native runtime.
|
|
1584
|
+
- No new runtime-specific adapter files are introduced just to make the docs read cleaner. The generated artifact model stays simple unless a stronger runtime-specific UX is actually needed.
|
|
1585
|
+
|
|
1586
|
+
**Why this fits the architecture:** The adapter code already had the right implementation shape: one shared root-governance generator (`createRootAgentsAdapter`) with different runtime labels. The bug was the capability story wrapped around it. Fixing the narrative without inventing redundant adapter files preserves leverage and keeps the portable `.agents/skills/` surface as the canonical entry layer.
|
|
1587
|
+
|
|
1588
|
+
**Evidence:**
|
|
1589
|
+
|
|
1590
|
+
1. Live consumer testing (2026-03-20) proved Cursor and Copilot auto-discover `.agents/skills/` and expose slash commands without AGENTS.md.
|
|
1591
|
+
2. User-performed live validation (2026-03-25) confirmed the same behavior for Gemini.
|
|
1592
|
+
3. GSDD implementation already always generates `.agents/skills/` and uses the root `AGENTS.md` block as a bounded governance upsert, not as a workflow source.
|
|
1593
|
+
4. This resolution matches the repo rule that skills, adapters, and governance surfaces must not be conflated.
|
|
1594
|
+
|
|
1595
|
+
**GSDD implementation:** `README.md`, `distilled/templates/agents.block.md`, `bin/lib/init.mjs`, `SPEC.md`, `.internal-research/TODO.md`, `.internal-research/gaps.md`, `.internal-research/lessons-learned.md`, `tests/gsdd.guards.test.cjs`
|
|
1596
|
+
|
|
1597
|
+
---
|
|
1598
|
+
|
|
1599
|
+
## 36. Interactive Init Wizard
|
|
1600
|
+
|
|
1601
|
+
**Problem:** `gsdd init` had two mismatched onboarding models at once. The public story was moving toward skills-native runtimes and optional governance, but the actual CLI still made users memorize `--tools ...` values as the primary install experience. The only interactive part was the config questionnaire, which started after filesystem writes and did not help the user decide which runtime surfaces or governance overlays to install.
|
|
1602
|
+
|
|
1603
|
+
**Decision:** Make `gsdd init` a guided install wizard in TTY environments, while preserving `--tools` and `--auto` as the manual/headless contract. The guided path must stay intentionally compact: runtime choice, governance opt-in, and a small set of bundled planning defaults rather than a long per-setting questionnaire.
|
|
1604
|
+
|
|
1605
|
+
- Step 1: choose runtimes/vendors with a simple checkbox-style selector (space toggles, enter confirms).
|
|
1606
|
+
- Step 2: ask separately whether to install repo-wide `AGENTS.md` governance, with explicit explanation of why it helps and why it may feel invasive.
|
|
1607
|
+
- Step 3: collect the planning defaults through two orthogonal bundled choices (`Rigor` and `Cost`) plus the separate `.planning` tracking choice, instead of a long per-setting questionnaire.
|
|
1608
|
+
- Portable `.agents/skills/gsdd-*` skills remain the always-generated baseline.
|
|
1609
|
+
- Legacy values such as `--tools cursor`, `--tools copilot`, and `--tools gemini` remain valid for backward compatibility.
|
|
1610
|
+
|
|
1611
|
+
**Key architectural rule:** runtime selection and adapter generation are separate concerns.
|
|
1612
|
+
|
|
1613
|
+
- In the wizard, choosing Cursor/Copilot/Gemini affects post-init routing and user-facing install intent, but does **not** silently write root `AGENTS.md`.
|
|
1614
|
+
- Root `AGENTS.md` is generated only when the user explicitly opts into governance (wizard) or explicitly requests a governance-writing flag path (`--tools agents`, `--tools all`, or legacy runtime aliases).
|
|
1615
|
+
- This keeps D35's capability split honest instead of re-conflating skills-native runtime choice with governance-file generation.
|
|
1616
|
+
|
|
1617
|
+
**Phase 17 refinement:**
|
|
1618
|
+
|
|
1619
|
+
- The guided config path was reduced from 13 visible prompts to 5.
|
|
1620
|
+
- `Rigor` controls `researchDepth` and workflow strictness (`research`, `discuss`, `planCheck`) while keeping `workflow.verifier` always on.
|
|
1621
|
+
- `Cost` controls `modelProfile` and `parallelization` independently, so combinations such as `thorough + budget` remain reachable.
|
|
1622
|
+
- `gitProtocol` remains in `config.json` with defaults but is intentionally out of the wizard until a dedicated UX pass decides the right shape.
|
|
1623
|
+
|
|
1624
|
+
**Why this fits the codebase:** The adapter registry and `init.mjs` already own the right boundary. The high-leverage change was to add a decision layer in front of writes, not to invent a new adapter model or a new config schema. This keeps the CLI lightweight, preserves backward compatibility, and makes the default install path match the product story.
|
|
1625
|
+
|
|
1626
|
+
**Evidence:**
|
|
1627
|
+
|
|
1628
|
+
1. Existing repo truth: `gsdd init` always generates `.agents/skills/` and already has a central adapter-selection seam in `bin/lib/init.mjs`.
|
|
1629
|
+
2. Local research on the adjacent `prompty` repo: portable skills are the primary install surface, while native command surfaces are optional additions.
|
|
1630
|
+
3. External: npm init (Node.js), Vite `create-vite`, Next.js `create-next-app`, Angular CLI `ng new`, and Astro `create astro` all implement the same pattern — TTY-interactive wizard by default, `--yes`/`--defaults` for headless; this is the de facto standard for modern project scaffolding tools.
|
|
1631
|
+
4. Repo lesson LL-INSTALL-DX-BEFORE-ALIAS-CLEANUP already recorded that install ergonomics should be fixed before alias-policy cleanup.
|
|
1632
|
+
|
|
1633
|
+
**GSD comparison:** GSD's install surface is more operator-heavy and framework-specific. GSDD keeps the deterministic bootstrap principle but shifts the user-facing choice surface into a lightweight guided CLI instead of requiring users to know adapter values in advance.
|
|
1634
|
+
|
|
1635
|
+
**GSDD implementation:** `bin/lib/init.mjs`, `bin/lib/init-flow.mjs`, `bin/lib/init-prompts.mjs`, `bin/lib/models.mjs`, `bin/gsdd.mjs`, `README.md`, `distilled/README.md`, `SPEC.md`, `.internal-research/TODO.md`, `.internal-research/gaps.md`, `.internal-research/lessons-learned.md`, `tests/gsdd.init.test.cjs`, `tests/gsdd.consumer-ceremony.test.cjs`, `tests/gsdd.guards.test.cjs`
|
|
1636
|
+
|
|
1637
|
+
---
|
|
1638
|
+
|
|
1639
|
+
## 37. Mutability-Driven Workflow Classification
|
|
1640
|
+
|
|
1641
|
+
**Problem:** GSDD had started treating several artifact-writing workflows as planning-class surfaces in the workflow registry. That looked semantically neat (`new-project`, `plan`, `verify`, `audit-milestone`, `pause`, `resume` all sound like "thinking" work), but it created a runtime contradiction: the workflow contract required disk persistence while the generated surface could be interpreted as a read-only planning lane.
|
|
1642
|
+
|
|
1643
|
+
**Decision:** Classify workflow surfaces by mutability, not by whether the workflow feels like planning.
|
|
1644
|
+
|
|
1645
|
+
- Any workflow that writes or deletes durable artifacts emits `agent: Code` and `opencodeType: edit`.
|
|
1646
|
+
- Only truly read-only workflows emit `agent: Plan` and `opencodeType: plan`.
|
|
1647
|
+
- `progress` remains the only read-only workflow in the current lifecycle.
|
|
1648
|
+
- The registry now records this explicitly via `mutatesArtifacts` so future changes have an inspectable invariant instead of relying on naming intuition.
|
|
1649
|
+
|
|
1650
|
+
**Why this fits the codebase:** GSDD's real leverage depends on docs-to-disk persistence. `new-project`, `plan`, `verify`, `audit-milestone`, `pause`, and `resume` are orchestration-heavy, but they are still state-changing workflows. Treating them as read-only breaks the artifact chain that downstream workflows consume.
|
|
1651
|
+
|
|
1652
|
+
**Kept / stripped / gained relative to the previous state:**
|
|
1653
|
+
|
|
1654
|
+
- **Kept:** the existing portable workflow content, native plan-checker surfaces, and the distinction between read-only reporting (`progress`) and artifact-producing lifecycle work.
|
|
1655
|
+
- **Stripped:** the informal assumption that "planning-like" workflows should all share the `Plan` lane.
|
|
1656
|
+
- **Gained:** an explicit mutability invariant, generated-surface tests, and safer behavior in runtimes that enforce planning/read-only execution semantics.
|
|
1657
|
+
|
|
1658
|
+
**Evidence:**
|
|
1659
|
+
|
|
1660
|
+
1. `distilled/workflows/verify.md`, `new-project.md`, `audit-milestone.md`, `pause.md`, and `resume.md` all require artifact writes or deletions as part of completion.
|
|
1661
|
+
2. `distilled/workflows/progress.md` is the only workflow that explicitly declares itself read-only.
|
|
1662
|
+
3. Consumer audit evidence already showed verification reports being lost when persistence was skipped; this decision closes the registry seam that could recreate the same class of failure.
|
|
1663
|
+
4. External: Meyer's Command-Query Separation (CQS, "Object-Oriented Software Construction" 1988) — the foundational principle that operations should be classified by whether they modify state, not by what they conceptually represent; Greg Young's CQRS (2010) — CQS applied at the architectural level; Unix rwx permission model and AWS IAM/Kubernetes RBAC all classify operations by mutation semantics rather than by semantic category name
|
|
1664
|
+
|
|
1665
|
+
**GSD comparison:** GSD's leverage also depends on persisted workflow artifacts. GSDD's portable/runtime split adds a new failure mode GSD did not have in the same form: a generated adapter can misclassify a mutating workflow even when the markdown contract is correct. This decision makes the adapter/runtime layer honor the artifact contract instead of undermining it.
|
|
1666
|
+
|
|
1667
|
+
**GSDD implementation:** `bin/gsdd.mjs`, `bin/lib/rendering.mjs`, `tests/gsdd.init.test.cjs`, `tests/gsdd.plan.adapters.test.cjs`, `tests/gsdd.guards.test.cjs`, `SPEC.md`, `.internal-research/TODO.md`, `.internal-research/gaps.md`, `.internal-research/lessons-learned.md`
|
|
1668
|
+
|
|
1669
|
+
---
|
|
1670
|
+
|
|
1671
|
+
## 38. Retroactive Artifact Enforcement
|
|
1672
|
+
|
|
1673
|
+
**Problem:** ROADMAP.md phase `[x]` can be marked complete without the required artifacts (PLAN.md, SUMMARY.md, VERIFICATION.md) existing on disk. No mechanical gate prevents phase advancement without artifacts. This gap (I27) recurred twice in the v1 milestone:
|
|
1674
|
+
|
|
1675
|
+
- Sub-gap (a): early session termination drops final bookkeeping — ROADMAP marked `[x]` with no VERIFICATION.md.
|
|
1676
|
+
- Sub-gap (b): `verify.md` structural omission — even on full lifecycle success, ROADMAP stayed stale because only `execute.md` updated it.
|
|
1677
|
+
|
|
1678
|
+
Sub-gap (b) was closed by D28's `<persistence>` mandate and guarded by G30. Sub-gap (a) requires either a preventive CLI gate or an explicit accept-by-design decision.
|
|
1679
|
+
|
|
1680
|
+
**Decision:** Accept milestone-audit as the retroactive enforcement layer for sub-gap (a). Do not add a preventive CLI gate.
|
|
1681
|
+
|
|
1682
|
+
**Rationale:**
|
|
1683
|
+
|
|
1684
|
+
1. **Artifact mandates already exist.** D28 added `<persistence>` sections with MANDATORY language to `execute.md` and `verify.md`. D30 propagated them to `quick.md`, `map-codebase.md`, `audit-milestone.md`, and `pause.md`. The specification-level enforcement is in place across all artifact-producing workflows.
|
|
1685
|
+
|
|
1686
|
+
2. **Kernel simplicity.** Adding a preventive gate (e.g., `gsdd verify` checking artifact existence before allowing ROADMAP updates) would require every workflow to call a CLI guard before its state update. This creates a new coupling between the CLI layer and the workflow layer — complexity the kernel explicitly avoids. See `.internal-research/strategy.md` section on policy depth vs kernel purity.
|
|
1687
|
+
|
|
1688
|
+
3. **Retroactive audit is sufficient.** The milestone audit (`audit-milestone.md`, `agents/integration-checker.md`) checks artifact completeness across all phases as its first step. Violations surface as structured gaps, not silent passes. The audit cost is bounded and predictable.
|
|
1689
|
+
|
|
1690
|
+
4. **Gap already has guard coverage.** G30 mechanically enforces that `verify.md` closes ROADMAP on passed status. The sub-gap (b) failure mode is now guarded. Sub-gap (a) (session interruption) is a behavioral failure by the agent, not a structural gap in the spec — no guard can prevent a session from crashing mid-workflow.
|
|
1691
|
+
|
|
1692
|
+
5. **GSD comparison.** GSD has no preventive artifact gate either. GSD's enforcement relies on its mandatory commit steps and `gsd-tools.cjs` CLI calls. GSDD's design choice strips mandatory commits (D8) and CLI-gated workflow steps (D9), trading off some enforcement depth for portability. Milestone audit is the equivalent retroactive layer.
|
|
1693
|
+
|
|
1694
|
+
**What this decision closes:** I27 sub-gap (a) is accepted by design. The full I27 gap is now CLOSED: sub-gap (b) by D28/G30, sub-gap (a) by this decision.
|
|
1695
|
+
|
|
1696
|
+
**Evidence:**
|
|
1697
|
+
|
|
1698
|
+
- `.internal-research/gaps.md` I27 entry (two occurrences, root-cause analysis, close conditions)
|
|
1699
|
+
- D28 mandate language in `distilled/workflows/execute.md` and `distilled/workflows/verify.md`
|
|
1700
|
+
- D30 propagation to all artifact-producing workflows
|
|
1701
|
+
- G30 guard in `tests/gsdd.guards.test.cjs` (verify.md ROADMAP closure)
|
|
1702
|
+
- `.internal-research/strategy.md` (kernel simplicity vs policy depth trade-off)
|
|
1703
|
+
- `distilled/workflows/audit-milestone.md` (retroactive artifact completeness check)
|
|
1704
|
+
- External: NIST SP 800-53 Rev. 5 (2020) — distinguishes detective controls (post-event detection) from preventive controls (pre-event blocking) as equally valid risk-management strategies; ISO 27001 risk treatment options — the choice of detective vs preventive control depends on cost/complexity tradeoff, not on which is inherently superior; Reason's Swiss Cheese model (1990) — layered defense-in-depth where retroactive audit layers catch what preventive layers miss; session interruption is a distributed systems failure mode (analogous to the Two Generals problem) that cannot be fully eliminated by local gates
|
|
1705
|
+
|
|
1706
|
+
**GSD comparison:** GSD's `gsd-tools.cjs` CLI enforces workflow progression gates directly. GSDD replaces those with specification-level MANDATORY language (D9). This is a deliberate portability trade-off, not an oversight.
|
|
1707
|
+
|
|
1708
|
+
**GSDD implementation:** `distilled/workflows/execute.md` (SUMMARY.md persistence gate), `distilled/workflows/verify.md` (VERIFICATION.md persistence gate + ROADMAP closure), `distilled/workflows/audit-milestone.md` (retroactive artifact check), `tests/gsdd.guards.test.cjs` (G30), `distilled/EVIDENCE-INDEX.md` (D38 entry)
|
|
1709
|
+
|
|
1710
|
+
---
|
|
1711
|
+
|
|
1712
|
+
## 39. Brownfield Entry Wiring
|
|
1713
|
+
|
|
1714
|
+
**Problem:** The brownfield path was structurally incomplete. `map-codebase` generated useful orientation artifacts, but it routed users only toward full project initialization. `quick` remained blind to those same codebase maps, so brownfield users who wanted disciplined feature work without full roadmap ceremony had no first-class lane.
|
|
1715
|
+
|
|
1716
|
+
**Decision:** Wire the existing brownfield lane instead of adding a new workflow.
|
|
1717
|
+
|
|
1718
|
+
- `map-codebase` completion now offers two explicit next steps: `/gsdd-new-project` for full lifecycle setup and `/gsdd-quick` for brownfield feature work.
|
|
1719
|
+
- `quick` now reads `.planning/codebase/ARCHITECTURE.md` and `.planning/codebase/STACK.md` when they exist and passes a summarized `$CODEBASE_CONTEXT` into the planner delegate.
|
|
1720
|
+
|
|
1721
|
+
**Why this shape:** The missing leverage was routing and context reuse, not another onboarding surface. Reusing the existing codebase map artifacts preserves the current workflow set, keeps quick mode lightweight, and gives brownfield users immediate architecture awareness without forcing full milestone ceremony.
|
|
1722
|
+
|
|
1723
|
+
**Tradeoff:** This gives `quick` orientation, not full brownfield inference. It deliberately avoids turning quick mode into a lite `new-project`; the planner receives only a bounded summary from the codebase maps, not a new research phase.
|
|
1724
|
+
|
|
1725
|
+
**GSD comparison:** GSD's brownfield posture is centered on the full project-initialization flow after mapping. GSDD keeps the full path available, but adds an explicit lighter-weight branch for feature-by-feature brownfield work.
|
|
1726
|
+
|
|
1727
|
+
**GSDD implementation:** `distilled/workflows/quick.md` (Step 2 codebase context, planner context), `distilled/workflows/map-codebase.md` (completion routing), `tests/gsdd.guards.test.cjs`, `tests/gsdd.scenarios.test.cjs`
|
|
1728
|
+
|
|
1729
|
+
**Evidence:**
|
|
1730
|
+
|
|
1731
|
+
- User brownfield audit finding (2026-03-20): mapping was useful, but the lighter-weight feature-work lane was not explicit
|
|
1732
|
+
- D32-D34 quick-workflow hardening: alignment and scope controls already existed, so the remaining gap was routing plus codebase-context reuse
|
|
1733
|
+
- `distilled/workflows/quick.md` (Step 2 codebase-context read, planner delegate context)
|
|
1734
|
+
- `distilled/workflows/map-codebase.md` (completion offers `/gsdd-quick` as the brownfield lane)
|
|
1735
|
+
- `tests/gsdd.guards.test.cjs`, `tests/gsdd.scenarios.test.cjs`
|
|
1736
|
+
|
|
1737
|
+
---
|
|
1738
|
+
|
|
1739
|
+
## D40 - Three-Layer Continuity Boundary
|
|
1740
|
+
|
|
1741
|
+
**Decision (2026-03-30):** GSDD adopts an explicit three-layer continuity boundary so cold-start recovery, resume behavior, and future continuity work do not blur durable truth, live workflow state, and the still-missing compressed judgment layer.
|
|
1742
|
+
|
|
1743
|
+
**Context:**
|
|
1744
|
+
- Gap S6 showed that cold-start continuity was stronger on artifact and state recovery than on decision-quality recovery. The repo could reconstruct what was built, but not always the smallest why/why-not layer needed for equally strong planning after a restart.
|
|
1745
|
+
- Phase 7 requirement JUDGE-01 required the continuity model to be named and adopted explicitly instead of being inferred from scattered docs.
|
|
1746
|
+
- Lesson `LL-ARTIFACT-PERSISTENCE-IS-NOT-ENOUGH` already established the core failure mode: artifacts preserve what was built, but not the minimum judgment layer needed to continue with the same decision posture.
|
|
1747
|
+
|
|
1748
|
+
**Decision text:**
|
|
1749
|
+
- **Durable Truth**: files that survive across milestones and cold starts and define product or framework truth. This layer includes `SPEC.md`, `distilled/DESIGN.md`, `MILESTONES.md`, milestone archives, `config.json`, codebase maps, research artifacts, role contracts, and workflow definitions.
|
|
1750
|
+
- **Live Workflow State**: files that describe current progress, active execution position, or resumable session state. This layer includes `ROADMAP.md`, phase `PLAN`/`APPROACH`/`SUMMARY`/`VERIFICATION` artifacts, `.continue-here.md`, quick task logs, and `generation-manifest.json`.
|
|
1751
|
+
- **Compressed Judgment**: the smallest persistence surface for active constraints, unresolved uncertainty, decision posture, and anti-regression rules. This layer is recognized as necessary but not yet fully designed; its persistence surface is deferred to Phase 8.
|
|
1752
|
+
- Workflow changes must classify artifacts against this boundary. Readers must not infer durable truth from live-state artifacts alone, and writers must not collapse multiple layers into a new catch-all state file.
|
|
1753
|
+
|
|
1754
|
+
**Evidence:**
|
|
1755
|
+
- Phase 7 exploration reviewed all 14 current workflow files and mapped which artifacts they read, write, or treat as primary truth. The review found durable artifacts and live-state artifacts in use, but no explicit three-layer model naming compressed judgment as its own continuity concern.
|
|
1756
|
+
- D12 established the "artifact-derived state, no `STATE.md`" direction, which kept GSDD repo-native and file-backed, but did not define a distinct compressed judgment layer.
|
|
1757
|
+
- D26 hardened routing and session continuity contracts, but likewise operated on artifacts and checkpoints without naming the broader continuity boundary.
|
|
1758
|
+
- The three-layer boundary therefore emerged from Phase 7 as a missing architectural definition rather than a reversal of prior decisions.
|
|
1759
|
+
|
|
1760
|
+
**Consequences:**
|
|
1761
|
+
- Phase 8 must define the compressed-judgment persistence surface and workflow-consumption rules needed to satisfy JUDGE-02 and JUDGE-03.
|
|
1762
|
+
- Future workflow and artifact changes should explicitly classify any touched file as durable truth, live workflow state, or compressed judgment before changing its contract.
|
|
1763
|
+
- `distilled/workflows/resume.md` is the first workflow to adopt this boundary directly by validating live checkpoint state against durable roadmap truth without inventing a new project-scoped state file.
|
|
1764
|
+
|
|
1765
|
+
**GSDD implementation:** `.planning/SPEC.md` (Continuity Layers constraint, Key Decisions row), `distilled/DESIGN.md` (this decision), `distilled/workflows/resume.md` (first workflow adoption)
|
|
1766
|
+
|
|
1767
|
+
---
|
|
1768
|
+
|
|
1769
|
+
## D41 - Compressed Judgment Persistence Surface
|
|
1770
|
+
|
|
1771
|
+
**Decision (2026-03-30):** GSDD persists compressed judgment as a bounded `<judgment>` XML block with four sections in two existing surfaces: the checkpoint for mid-phase cold restarts and the phase SUMMARY for phase-to-phase handoffs.
|
|
1772
|
+
|
|
1773
|
+
**Context:**
|
|
1774
|
+
- Phase 7 defined the three-layer continuity boundary in D40, but explicitly left the compressed judgment persistence surface undefined as a Phase 8 target.
|
|
1775
|
+
- JUDGE-02 requires the judgment layer to use existing primary or checkpoint artifacts rather than inventing a new project-scoped state file.
|
|
1776
|
+
- JUDGE-03 requires planning, execution, verification, and resume to recover judgment at entry without relying on chat memory.
|
|
1777
|
+
- Gap S6 showed that artifact persistence alone preserves what was built, not the smallest why/why-not layer needed to continue with the same decision posture.
|
|
1778
|
+
- Lesson `LL-ARTIFACT-PERSISTENCE-IS-NOT-ENOUGH` established that the continuity problem is not solved by durable artifacts alone.
|
|
1779
|
+
|
|
1780
|
+
**Decision text:**
|
|
1781
|
+
- Persist compressed judgment as a bounded `<judgment>` XML block with four sections: `<active_constraints>`, `<unresolved_uncertainty>`, `<decision_posture>`, and `<anti_regression>`.
|
|
1782
|
+
- Embed the exact same shape in two existing surfaces:
|
|
1783
|
+
- the checkpoint (`.continue-here.md`), written by `pause.md` at session pause and read by `resume.md` for mid-phase cold restarts
|
|
1784
|
+
- the phase `SUMMARY.md`, written by `execute.md` at phase completion and read by `plan.md`, `execute.md`, and `verify.md` for phase-to-phase handoffs
|
|
1785
|
+
- The shape must remain identical in both locations so the judgment layer is consistent across lifecycle entry points.
|
|
1786
|
+
- No new project-scoped state file is introduced.
|
|
1787
|
+
|
|
1788
|
+
**Evidence:**
|
|
1789
|
+
- Phase 8 reviewed the four workflow entry points that need judgment recovery: `plan.md`, `execute.md`, `verify.md`, and `resume.md`.
|
|
1790
|
+
- The review mapped each workflow's current `<load_context>` or artifact read path and confirmed that checkpoint and SUMMARY are already in the natural read/write flow of these workflows.
|
|
1791
|
+
- `SUMMARY.md` already carries "Notes for Next Work", but that section is unstructured prose and is not consumed by any workflow's `<load_context>`.
|
|
1792
|
+
- The checkpoint already stores session-local state and decisions, but it does not capture a cumulative, bounded judgment layer with the four facets needed for continuity.
|
|
1793
|
+
- The dual-surface approach covers both required handoff scenarios without inventing a new persistence path: checkpoint for mid-phase restart, SUMMARY for phase-to-phase continuation.
|
|
1794
|
+
|
|
1795
|
+
**Consequences:**
|
|
1796
|
+
- Future workflow changes must maintain judgment read/write integration at these designated points rather than creating ad hoc persistence surfaces.
|
|
1797
|
+
- The judgment shape is intentionally bounded to four sections and must not expand into an unbounded session log.
|
|
1798
|
+
- Phase 9 remains responsible for runtime metadata and portability concerns (ADAPT-02); judgment portability across runtimes is not broadened here.
|
|
1799
|
+
|
|
1800
|
+
**GSDD implementation:** `.planning/SPEC.md` (Key Decisions row), `distilled/workflows/pause.md` (checkpoint write), `distilled/workflows/execute.md` (SUMMARY write and prior-summary read), `distilled/workflows/plan.md` (prior-summary read), `distilled/workflows/verify.md` (summary judgment verification input), `distilled/workflows/resume.md` (checkpoint read and surfacing)
|
|
1801
|
+
|
|
1802
|
+
---
|
|
1803
|
+
|
|
1804
|
+
## D42 - Session-Boundary Safety
|
|
1805
|
+
|
|
1806
|
+
**Decision (2026-04-04):** `.continue-here.bak` survives `resume.md` dispatch so downstream workflows can read it as a fallback judgment source when no prior SUMMARY.md `<judgment>` section is available. The downstream workflow auto-cleans `.bak` after absorbing the judgment.
|
|
1807
|
+
|
|
1808
|
+
**Context:**
|
|
1809
|
+
- D41 established two judgment persistence surfaces: checkpoint (`.continue-here.md`) and phase SUMMARY.md.
|
|
1810
|
+
- `resume.md` copies `.continue-here.md` to `.continue-here.bak` during `<cleanup_checkpoint>` (crash safety), then previously deleted `.bak` in `<completion>` before dispatching.
|
|
1811
|
+
- When a user clears context between resume and the dispatched workflow, session-specific judgment is permanently lost: `.continue-here.md` already deleted, `.bak` already deleted, and the prior SUMMARY.md only carries the *prior completed phase's* judgment — not the interrupted session's `<active_constraints>`, `<decision_posture>`, or `<anti_regression>` rules.
|
|
1812
|
+
- `pause.md` line 53 already deletes stale `.bak` files from prior crashed resumes — this crash-cleanup path remains unchanged.
|
|
1813
|
+
|
|
1814
|
+
**Decision:**
|
|
1815
|
+
- `resume.md` `<completion>` no longer deletes `.planning/.continue-here.bak`.
|
|
1816
|
+
- `plan.md`, `execute.md`, `verify.md`, and `quick.md` read `.planning/.continue-here.bak` as a fallback judgment source if no prior SUMMARY.md `<judgment>` section is available, then auto-clean it.
|
|
1817
|
+
- `pause.md` `.bak` cleanup (crash-recovery path, line 53) remains unchanged.
|
|
1818
|
+
|
|
1819
|
+
**Transition safety table:**
|
|
1820
|
+
|
|
1821
|
+
| Transition | Judgment source | `.bak` state after | Risk |
|
|
1822
|
+
|---|---|---|---|
|
|
1823
|
+
| pause → resume (same session) | `.continue-here.md` live in context | `.bak` created by `<cleanup_checkpoint>` | None: judgment in context |
|
|
1824
|
+
| resume → workflow (same session, no context clear) | Judgment in context from resume | `.bak` on disk, ignored | None: judgment in context |
|
|
1825
|
+
| resume → [context clear] → workflow | `.bak` fallback read | Deleted by workflow after read (auto-clean) | **Solved by this change** |
|
|
1826
|
+
| resume → [context clear] → workflow (SUMMARY.md judgment exists) | Prior SUMMARY.md `<judgment>` | `.bak` on disk, not read | `.bak` orphaned; cleaned by next `pause.md` run (line 53) |
|
|
1827
|
+
| Crash during resume (before dispatch) | `.continue-here.md` still exists | `.bak` may exist | Next resume reads `.md`; stale `.bak` cleaned by next `pause.md` |
|
|
1828
|
+
|
|
1829
|
+
**Evidence:**
|
|
1830
|
+
- Gap identified by tracing judgment lifecycle through pause → resume → [context clear] → downstream workflow.
|
|
1831
|
+
- `pause.md` line 53 already handles crash-orphaned `.bak` files — no new general cleanup path needed.
|
|
1832
|
+
- The conditional read (only when no SUMMARY.md judgment exists) prevents double-sourcing judgment from both `.bak` and SUMMARY.md.
|
|
1833
|
+
|
|
1834
|
+
**Consequences:**
|
|
1835
|
+
- `.bak` now has a defined lifecycle: created by `resume.md` `<cleanup_checkpoint>`, consumed-and-deleted by the next downstream workflow, or cleaned by the next `pause.md` run.
|
|
1836
|
+
- Future workflows added as resume dispatch targets must include the `.bak` fallback read pattern if they consume judgment.
|
|
1837
|
+
- The judgment shape remains bounded to four sections (D41 constraint). `.bak` is a fallback read path, not a new persistence surface.
|
|
1838
|
+
- `quick.md` reads `.bak` unconditionally (no SUMMARY.md check) because quick tasks have no phase lifecycle and no prior SUMMARY.md to consult. The other three workflows (`plan.md`, `execute.md`, `verify.md`) read `.bak` conditionally — only when no prior SUMMARY.md `<judgment>` section exists.
|
|
1839
|
+
|
|
1840
|
+
**GSDD implementation:** `distilled/workflows/resume.md` (`.bak` deletion removed from `<completion>`), `distilled/workflows/plan.md` (fallback read item 8), `distilled/workflows/execute.md` (fallback read item 7), `distilled/workflows/verify.md` (fallback read item 7), `distilled/workflows/quick.md` (fallback read in Step 2), `distilled/DESIGN.md` (this decision), `tests/gsdd.guards.test.cjs` (negative and positive invariant tests)
|
|
1841
|
+
|
|
1842
|
+
---
|
|
1843
|
+
|
|
1844
|
+
## D43 - Resume Provenance Truth Split
|
|
1845
|
+
|
|
1846
|
+
**Decision (2026-04-13):** `resume.md` must reconcile three truth surfaces explicitly instead of treating a structurally valid checkpoint as sufficient truth on its own.
|
|
1847
|
+
|
|
1848
|
+
**Context:**
|
|
1849
|
+
- The 2026-04-12 failure chain showed that a generic checkpoint can be structurally valid while materially understating the live branch/worktree scope.
|
|
1850
|
+
- The continuity boundary from D40/D41/D42 solved judgment persistence, but it did not yet distinguish checkpoint narrative truth from live git/worktree truth when the checked-out branch is stale, mixed-scope, or otherwise not the intended execution surface.
|
|
1851
|
+
- Phase 19 required resume UX hardening for `LAUNCH-09` and provenance/trust separation for `LAUNCH-10`.
|
|
1852
|
+
|
|
1853
|
+
**Decision:**
|
|
1854
|
+
- `resume.md` must surface and reconcile three truth buckets:
|
|
1855
|
+
- **checkpoint narrative truth**
|
|
1856
|
+
- **planning/artifact truth**
|
|
1857
|
+
- **git/worktree truth**
|
|
1858
|
+
- `pause.md` must build a checkpoint draft from artifact truth first, then ask only bounded correction questions rather than asking the user to reconstruct obvious repo state from scratch.
|
|
1859
|
+
- Material mismatch between checkpoint narrative truth and git/worktree truth must become a first-class warning with explicit acknowledgement before continuing.
|
|
1860
|
+
- Ordinary git risk remains warning-level by default. The stronger acknowledgement gate is reserved for material mismatch, not generic dirtiness.
|
|
1861
|
+
|
|
1862
|
+
**Why this fits the codebase:**
|
|
1863
|
+
- GSDD already treats repo truth as authoritative when docs and repo disagree. This decision extends that hierarchy to session continuity by preventing `.continue-here.md` from silently outranking the live integration surface.
|
|
1864
|
+
- The change keeps the product file-based and workflow-driven. It does not add a new public command or a new project-scoped state file.
|
|
1865
|
+
- The shared helper stays internal because the user-facing behavior belongs in workflows, while the classification logic belongs in reusable library code.
|
|
1866
|
+
|
|
1867
|
+
**Evidence:**
|
|
1868
|
+
- `.internal-research/gaps.md` items `I29` and `I30`
|
|
1869
|
+
- `.internal-research/TODO.md` notes on stale checkpoints, worktree drift, and parallel worktree rules
|
|
1870
|
+
- `.internal-research/consumer-audits/worktree-provenance-and-checkpoint-drift-2026-04-12.md`
|
|
1871
|
+
- `distilled/workflows/pause.md` (draft-first checkpointing, 3-question cap, evidence-only language)
|
|
1872
|
+
- `distilled/workflows/resume.md` (`<provenance_reconciliation>`, explicit mismatch acknowledgement)
|
|
1873
|
+
- `bin/lib/provenance.mjs`
|
|
1874
|
+
- `tests/phase.test.cjs`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.invariants.test.cjs`
|
|
1875
|
+
- External: GitHub Docs on checking branch divergence and working tree state; OpenAI/Anthropic guidance on grounding agent actions in current tool-observed state rather than conversational assumptions
|
|
1876
|
+
|
|
1877
|
+
**Consequences:**
|
|
1878
|
+
- Resume is now conservative by design when a checkpoint narrative is stale relative to the live branch/worktree.
|
|
1879
|
+
- Future workflows that route from checkpoint state must preserve the same truth separation instead of flattening narrative, planning, and git state into one status line.
|
|
1880
|
+
- Phase 22 must replay the 2026-04-12 incident and prove this separation holds end-to-end.
|
|
1881
|
+
|
|
1882
|
+
**GSD comparison:** GSD's flow relies more heavily on the operator and commit discipline to keep resume context aligned with branch truth. GSDD keeps the lighter-weight continuity surface, but compensates by making the truth split explicit inside the resume workflow.
|
|
1883
|
+
|
|
1884
|
+
**GSDD implementation:** `distilled/workflows/pause.md`, `distilled/workflows/resume.md`, `bin/lib/provenance.mjs`, `.planning/SPEC.md`, `.planning/ROADMAP.md`, `.internal-research/TODO.md`, `tests/phase.test.cjs`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.invariants.test.cjs`
|
|
1885
|
+
|
|
1886
|
+
---
|
|
1887
|
+
|
|
1888
|
+
## D44 - Warning-First Transition Safety And Fail-Closed Terminal Writes
|
|
1889
|
+
|
|
1890
|
+
**Decision (2026-04-13):** GSDD uses one warning-first provenance pattern across transition-sensitive workflows, while terminal artifact gates fail closed when the required durable output does not exist on disk.
|
|
1891
|
+
|
|
1892
|
+
**Context:**
|
|
1893
|
+
- Phase 20 needed a single transition-safety posture for `pause`, `resume`, `plan`, `execute`, `new-milestone`, `quick`, and `complete-milestone` instead of each workflow inventing its own git-risk language.
|
|
1894
|
+
- The same failure chain also exposed a different class of problem: terminal workflows could present closure-like outcomes even when the required durable artifact was missing.
|
|
1895
|
+
- D38 previously accepted retroactive artifact enforcement for an older closure gap. The new failure mode is narrower and higher leverage: terminal verification and milestone audit must not present durable completion outcomes without their mandatory artifacts.
|
|
1896
|
+
|
|
1897
|
+
**Decision:**
|
|
1898
|
+
- Transition-sensitive workflows share one warning pattern for:
|
|
1899
|
+
- staged, unstaged, and untracked work
|
|
1900
|
+
- unpushed commits
|
|
1901
|
+
- PR-less integration surfaces
|
|
1902
|
+
- stale/spent branches relative to `main`
|
|
1903
|
+
- mixed-scope working trees
|
|
1904
|
+
- These conditions are warning-first by default. They should inform routing and user acknowledgement, not become blanket hard blockers.
|
|
1905
|
+
- Two terminal write gates fail closed under `LAUNCH-13`:
|
|
1906
|
+
- `verify.md` must not advance ROADMAP closure on a passed result unless the required `SUMMARY.md` still exists on disk
|
|
1907
|
+
- `audit-milestone.md` must not present a durable audit result unless `MILESTONE-AUDIT.md` was written successfully
|
|
1908
|
+
- This slice does not introduce managed worktree orchestration or a new public provenance command.
|
|
1909
|
+
|
|
1910
|
+
**Why this fits the codebase:**
|
|
1911
|
+
- Warning-first delivery preserves GSDD's portable, advisory git stance instead of turning the kernel into an intrusive branch manager.
|
|
1912
|
+
- Fail-closed write gates are justified here because verification and milestone audit are terminal state transitions. If their durable artifact is missing, the claimed state transition is not trustworthy.
|
|
1913
|
+
- Keeping the gate narrow avoids reopening D38 into a broad CLI policy layer.
|
|
1914
|
+
|
|
1915
|
+
**Evidence:**
|
|
1916
|
+
- `.planning/SPEC.md` `LAUNCH-12` and `LAUNCH-13`
|
|
1917
|
+
- `.planning/ROADMAP.md` Phase 20 and Phase 22 scope notes
|
|
1918
|
+
- `distilled/workflows/plan.md`, `execute.md`, `quick.md`, `new-milestone.md`, `complete-milestone.md`
|
|
1919
|
+
- `distilled/workflows/verify.md`, `distilled/workflows/audit-milestone.md`
|
|
1920
|
+
- `bin/lib/provenance.mjs`
|
|
1921
|
+
- `tests/gsdd.guards.test.cjs`, `tests/gsdd.invariants.test.cjs`, `tests/gsdd.scenarios.test.cjs`
|
|
1922
|
+
- External: NIST detective vs preventive control framing; GitHub guidance on protected branches and review signals as advisory integration metadata rather than direct truth
|
|
1923
|
+
|
|
1924
|
+
**Consequences:**
|
|
1925
|
+
- Workflow routing can warn consistently about risky integration surfaces without forcing managed branch behavior before launch.
|
|
1926
|
+
- Terminal audit/verification claims now depend on durable write success, not just conversational success.
|
|
1927
|
+
- Phase 22 proof scope expands to cover both provenance warnings and fail-closed terminal writes.
|
|
1928
|
+
|
|
1929
|
+
**GSD comparison:** GSD relies more on explicit commit and CLI discipline for transition safety. GSDD continues to strip that rigidity from the portable core, but adds explicit warning reuse and narrow fail-closed gates where launch trust depends on artifact presence.
|
|
1930
|
+
|
|
1931
|
+
**GSDD implementation:** `distilled/workflows/plan.md`, `distilled/workflows/execute.md`, `distilled/workflows/quick.md`, `distilled/workflows/new-milestone.md`, `distilled/workflows/complete-milestone.md`, `distilled/workflows/verify.md`, `distilled/workflows/audit-milestone.md`, `bin/lib/provenance.mjs`, `.planning/SPEC.md`, `.planning/ROADMAP.md`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.invariants.test.cjs`, `tests/gsdd.scenarios.test.cjs`
|
|
1932
|
+
|
|
1933
|
+
---
|
|
1934
|
+
|
|
1351
1935
|
## Maintenance
|
|
1352
1936
|
|
|
1353
1937
|
This document is updated when:
|