gsdd-cli 0.28.0 → 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -44,7 +44,7 @@ The executor is plan-scoped:
44
44
 
45
45
  ## Core Algorithm
46
46
 
47
- 1. **Load plan.** Parse frontmatter (`phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `must_haves`), objective, context references, and tasks. Treat any prompt-provided `<files_to_read>` block as task_scoped unless it explicitly labels entries as mandatory_now.
47
+ 1. **Load plan.** Parse frontmatter (`phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`), objective, context references, and tasks. Treat any prompt-provided `<files_to_read>` block as task_scoped unless it explicitly labels entries as mandatory_now.
48
48
  2. **Run lifecycle preflight.** Before mutating lifecycle artifacts, run `node .work/bin/gsdd.mjs lifecycle-preflight execute {phase_num} --expects-mutation phase-status`. If blocked, stop and surface the blocker.
49
49
  3. **For each task:**
50
50
  a. If `type="auto"`: Confirm mandatory_now context is loaded, read the task_scoped files and focused references needed for the current task, execute the task, apply deviation rules as needed, run verification, confirm done criteria, and handle any git actions using repo/user conventions.
@@ -175,7 +175,7 @@ For each task in the plan, follow this loop:
175
175
  ### Frontmatter And Task Semantics
176
176
 
177
177
  The executor consumes the plan schema defined by the planner:
178
- - frontmatter keys: `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `must_haves`
178
+ - frontmatter keys: `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`
179
179
  - task types:
180
180
  - `type="auto"` - proceed without pausing
181
181
  - `type="checkpoint:user"` - stop for a required user decision or human-only step
@@ -210,8 +210,8 @@ Before reporting a task complete:
210
210
  - if an API change is involved, hit the endpoint or targeted integration path
211
211
  - A task is not complete because code was written. It is complete when the intended verification path actually passes.
212
212
 
213
- ### UI Proof Execution
214
- If the plan defines UI proof slots, record observed proof against the exact claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit before claiming task completion.
213
+ ### Browser Proof Execution
214
+ If the plan sets `browser_proof_required: true`, execute the Browser Proof Plan and record observed proof against the exact `Plan:` artifact path, route/state, viewport, observation, evidence kind, artifact path or manual step, privacy/safety note, result, and claim limit before claiming task completion.
215
215
 
216
216
  Use `agent-browser` as the default live UI proof path:
217
217
  - open the planned route/state
@@ -220,9 +220,9 @@ Use `agent-browser` as the default live UI proof path:
220
220
  - capture screenshots for the planned viewport(s)
221
221
  - record relevant console/network observations
222
222
 
223
- If `agent-browser` is unavailable, record the availability constraint and closest project-native interactive browser fallback in the proof bundle instead of silently treating the fallback as the default path. Existing Playwright/package-script browser tests remain canonical repeatable regression evidence when present; use Playwright scripting only for checks `agent-browser` cannot cover cleanly, such as JS-disabled, structured console, or multi-context verification.
223
+ If `agent-browser` is unavailable, record the availability constraint and closest project-native interactive browser fallback instead of silently treating the fallback as the default path. Existing Playwright/package-script browser tests remain canonical repeatable regression evidence when present; use Playwright scripting only for checks `agent-browser` cannot cover cleanly, such as JS-disabled, structured console, or multi-context verification.
224
224
 
225
- Artifact metadata must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; raw screenshots, traces, videos, DOM snapshots, and reports are local-only/unsafe by default and cannot back public, tracked, delivery, release, or publication proof claims. Use `gsdd ui-proof validate <path>` or `gsdd health` when a bundle exists. Artifact count, source comments, AST/cAST findings, semantic search, and Semble-like retrieval are not proof. Missing or weakly linked evidence must be recorded as proof debt, waiver, deferment, or reduced claim language rather than satisfied proof.
225
+ Raw screenshots, traces, videos, DOM snapshots, and reports are local-only/unsafe by default and cannot back public, tracked, delivery, release, or publication proof claims unless sanitized. Artifact count, source comments, AST/cAST findings, semantic search, and Semble-like retrieval are not proof. Missing or weakly linked evidence must be recorded as proof debt, waiver, deferment, or reduced claim language rather than satisfied proof, using the failure-cause names in `distilled/references/proof-rules.md` when proof fails or is partial.
226
226
  </execution_loop>
227
227
 
228
228
  <checkpoint_protocol>
package/agents/planner.md CHANGED
@@ -153,15 +153,13 @@ Any checkpoint must be justified by the task itself, not by planner caution or h
153
153
  Any plan containing `checkpoint:*` must set `autonomous: false`.
154
154
  </task_contract>
155
155
 
156
- <ui_proof_planning>
157
- For UI-sensitive work, plan proof slots that can later be matched exactly to claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit. Use only the stable evidence kinds `code`, `test`, `runtime`, `delivery`, and `human`.
156
+ <browser_proof_planning>
157
+ For UI-sensitive work, set `browser_proof_required: true` and include a `## Browser Proof Plan` that can later be matched exactly to route/state, viewport, observation, evidence kind, artifact path or manual step, privacy/safety note, result, and claim limit. Browser Proof Plan/Observation records use only `runtime` or `test` as their `Evidence kind`; keep the broader `code`, `test`, `runtime`, `delivery`, and `human` vocabulary for the closure evidence contract.
158
158
 
159
- Require observed artifacts to carry `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; when a planned slot is meant to support public, publication, tracked, delivery, or release proof, say to validate the observed bundle with `gsdd ui-proof validate <path> --claim <...>`. `gsdd ui-proof validate`/`gsdd health` must catch invalid bundle metadata when present.
159
+ The Browser Proof Plan must name route/state, viewport coverage, runtime path, evidence kind, evidence command or narrowed no-command rationale, observations, artifacts, and claim limit. For live rendered UI proof, plan `agent-browser` as the default runtime evidence path: route open, interactive snapshot/refs when relevant, changed-flow interaction, screenshots for the planned viewport(s), and relevant console/network observations. If `agent-browser` is unavailable in the runtime, require an explicit availability constraint and the closest project-native interactive browser fallback before narrowing the claim. Existing Playwright/package-script browser tests remain the canonical repeatable regression path when present; do not scaffold new browser infrastructure by default. Responsive claims need desktop/mobile or equivalent state coverage unless the claim is narrowed.
160
160
 
161
- For live rendered UI proof, plan `agent-browser` as the default runtime evidence path: route open, interactive snapshot/refs when relevant, changed-flow interaction, screenshots for the planned viewport(s), and relevant console/network observations. If `agent-browser` is unavailable in the runtime, require an explicit availability constraint and the closest project-native interactive browser fallback before narrowing the claim. Existing Playwright/package-script browser tests remain the canonical repeatable regression path when present; do not scaffold new browser infrastructure by default. The planner chooses viewport coverage, but must explain why the viewport set is sufficient for the claim or narrow the claim limit; responsive claims need desktop/mobile or equivalent state coverage.
162
-
163
- Do not let source annotations, AST/cAST findings, semantic search, comments, or Semble-like retrieval satisfy proof slots; they are discovery hints only. Human acceptance can narrow or waive a claim and record proof debt, but it must not turn missing or mismatched non-human evidence into `satisfied` proof.
164
- </ui_proof_planning>
161
+ Do not let source annotations, AST/cAST findings, semantic search, comments, or Semble-like retrieval satisfy browser proof; they are discovery hints only. Human acceptance can narrow or waive a claim and record proof debt, but it must not turn missing or mismatched non-human evidence into satisfied proof.
162
+ </browser_proof_planning>
165
163
 
166
164
  <dependency_graph_example>
167
165
  Example dependency graph:
@@ -194,8 +192,9 @@ Wave rule:
194
192
  Write one or more `PLAN.md` files to the phase directory.
195
193
 
196
194
  Keep the current GSDD schema exactly:
197
- - frontmatter keys: `phase`, `plan`, `type`, `wave`, `runtime`, `assurance`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `non_goals`, `hard_boundaries`, `escalation_triggers`, `approval_gates`, `anti_regression_targets`, `known_unknowns`, `ui_proof_slots`, `no_ui_proof_rationale`, `high_leverage_surfaces`, `second_pass_required`, `closure_claim_limit`, `parallelism_budget`, `leverage`, `must_haves`
195
+ - frontmatter keys: `phase`, `plan`, `type`, `wave`, `runtime`, `assurance`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `non_goals`, `hard_boundaries`, `escalation_triggers`, `approval_gates`, `anti_regression_targets`, `known_unknowns`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`
198
196
  - typed tasks with `files`, `action`, `verify`, and `done`
197
+ - if `browser_proof_required: true`, the plan body must include `## Browser Proof Plan` with route/state, viewport, runtime path, evidence kind, evidence command or no-command rationale, observations, artifacts, and claim limit
199
198
 
200
199
  Typed frontmatter example:
201
200
 
@@ -225,18 +224,8 @@ anti_regression_targets:
225
224
  - Existing session middleware behavior remains unchanged for already-supported routes.
226
225
  known_unknowns:
227
226
  - Exact copy wording for auth errors may still need product confirmation.
228
- ui_proof_slots: []
229
- no_ui_proof_rationale: Not UI-sensitive; scoped work does not claim a visible UI outcome.
230
- high_leverage_surfaces: []
231
- second_pass_required: false
232
- closure_claim_limit: Do not claim phase completion until verification satisfies the evidence contract for the scoped truths.
233
- parallelism_budget:
234
- max_concurrent_plans: 1
235
- safe_parallelism: []
236
- leverage:
237
- lost: Slightly more planning ceremony for this plan.
238
- kept: Existing auth/session architecture and repo conventions.
239
- gained: Explicit anti-drift boundaries and fail-closed escalation.
227
+ browser_proof_required: false
228
+ browser_proof_rationale: Not UI-sensitive; scoped work does not claim a visible UI outcome.
240
229
  must_haves:
241
230
  truths:
242
231
  - "User can sign in with email and password"
@@ -277,12 +266,7 @@ Before returning, self-check against the checker dimensions:
277
266
  6. must-have quality
278
267
  7. context compliance
279
268
  8. goal achievement
280
- 9. scope boundaries
281
- 10. anti-regression capture
282
- 11. escalation integrity
283
- 12. closure honesty
284
- 13. high-leverage review
285
- 14. approach alignment (when APPROACH.md exists)
269
+ 9. approach alignment (when APPROACH.md exists)
286
270
 
287
271
  Task completeness rules:
288
272
  - every task has files, action, verify, and done
@@ -123,7 +123,7 @@ Do not return a flat symptom list when the same underlying breakage explains mul
123
123
 
124
124
  Visual correctness, live interaction quality, and some external integrations still need explicit human checks.
125
125
 
126
- For UI proof slots, fail closed unless observed proof is matched to the exact claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit. For live UI runtime proof, expect `agent-browser` as the default captured tool unless the observed bundle explains a project-native equivalent or an availability constraint; do not fail solely because another browser tool was used, but downgrade vague proof that lacks exact route/state, viewport coverage or rationale, interactive steps/refs where relevant, screenshot/report artifacts, or relevant console/network observations. Existing Playwright/package-script browser tests count as canonical repeatable regression evidence, not as a replacement for scoped runtime proof when the slot requires `runtime`. Artifact metadata must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; local-only or unsafe artifacts cannot back public, tracked, delivery, release, or publication proof claims, and `gsdd ui-proof validate`/`gsdd health` metadata failures block the stronger proof claim. Screenshots, traces, reports, Gherkin, a11y scans, E2E outputs, manual notes, source annotations, AST/cAST findings, semantic search, comments, and Semble-like retrieval do not satisfy proof by existence alone. Human acceptance records risk, waiver, deferment, proof debt, or a narrowed claim; it does not upgrade missing or mismatched non-human proof to `satisfied`.
126
+ For browser proof, fail closed unless observed proof is matched to the exact route/state, viewport, observation, evidence kind, artifact path or manual step, privacy/safety note, result, and claim limit. For live UI runtime proof, expect `agent-browser` as the default captured tool unless the observation record explains a project-native equivalent or an availability constraint; do not fail solely because another browser tool was used, but downgrade vague proof that lacks exact route/state, viewport coverage or rationale, interactive steps/refs where relevant, screenshot/report artifacts, relevant console/network observations, or a narrowed claim limit. Existing Playwright/package-script browser tests count as canonical repeatable regression evidence, not as a replacement for scoped runtime proof when browser proof requires runtime observation. Local-only or unsafe artifacts cannot back public, tracked, delivery, release, or publication proof claims unless sanitized. Screenshots, traces, reports, Gherkin, a11y scans, E2E outputs, manual notes, source annotations, AST/cAST findings, semantic search, comments, and Semble-like retrieval do not satisfy proof by existence alone. Human acceptance records risk, waiver, deferment, proof debt, or a narrowed claim; it does not upgrade missing or mismatched non-human proof to satisfied proof. Use the failure-cause names in `distilled/references/proof-rules.md` when proof fails or is partial.
127
127
 
128
128
  ## Step 9: Determine overall status
129
129