gsdd-cli 0.28.0 → 0.29.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/agents/executor.md +6 -6
- package/agents/planner.md +10 -26
- package/agents/verifier.md +1 -1
- package/bin/lib/phase.mjs +734 -3
- package/bin/lib/plan-constants.mjs +0 -5
- package/distilled/DESIGN.md +31 -29
- package/distilled/EVIDENCE-INDEX.md +3 -3
- package/distilled/templates/delegates/plan-checker.md +13 -14
- package/distilled/templates/ui-proof.md +81 -181
- package/distilled/workflows/audit-milestone.md +1 -1
- package/distilled/workflows/execute.md +5 -6
- package/distilled/workflows/plan.md +43 -51
- package/distilled/workflows/quick.md +7 -8
- package/distilled/workflows/verify.md +6 -6
- package/docs/USER-GUIDE.md +9 -1
- package/package.json +1 -1
|
@@ -7,11 +7,6 @@ export const PLAN_CHECK_DIMENSIONS = [
|
|
|
7
7
|
'must_have_quality',
|
|
8
8
|
'context_compliance',
|
|
9
9
|
'goal_achievement',
|
|
10
|
-
'scope_boundaries',
|
|
11
|
-
'anti_regression_capture',
|
|
12
|
-
'escalation_integrity',
|
|
13
|
-
'closure_honesty',
|
|
14
|
-
'high_leverage_review',
|
|
15
10
|
'approach_alignment',
|
|
16
11
|
];
|
|
17
12
|
|
package/distilled/DESIGN.md
CHANGED
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
59. [Continuity Authority And Planning-State Drift](#d59---continuity-authority-and-planning-state-drift)
|
|
73
73
|
60. [Release Closeout Contract](#d60---release-closeout-contract)
|
|
74
74
|
61. [Deliberate Subagent Contract](#d61---deliberate-subagent-contract)
|
|
75
|
-
62. [Repo-Native
|
|
75
|
+
62. [Repo-Native Browser Proof Contract](#d62---repo-native-browser-proof-contract)
|
|
76
76
|
63. [Computed-First Control Map](#d63---computed-first-control-map)
|
|
77
77
|
64. [Work-Native Continuity Authority](#d64---work-native-continuity-authority)
|
|
78
78
|
|
|
@@ -961,7 +961,7 @@ Implementation lives under `bin/lib/`:
|
|
|
961
961
|
| E7 | ERROR | `.planning/templates/codebase/` missing or empty |
|
|
962
962
|
| E8 | ERROR | `.planning/templates/` missing critical root files (`spec.md`, `roadmap.md`, `auth-matrix.md`, `ui-proof.md`) |
|
|
963
963
|
| E9 | ERROR | `.planning/templates/brownfield-change/` missing or missing critical files (`CHANGE.md`, `HANDOFF.md`, `VERIFICATION.md`) |
|
|
964
|
-
| E10 |
|
|
964
|
+
| E10 | RETIRED | Retired UI proof bundle metadata validator; current browser proof uses plan declarations and markdown observation records |
|
|
965
965
|
| W1 | WARN | `generation-manifest.json` missing |
|
|
966
966
|
| W2 | WARN | Manifest-tracked installed templates/helpers modified locally (hash mismatch vs manifest) |
|
|
967
967
|
| W3 | WARN | Manifest-tracked installed templates/helpers missing from disk but listed in manifest |
|
|
@@ -2372,9 +2372,13 @@ Sub-gap (b) was closed by D28's `<persistence>` mandate and guarded by G30. Sub-
|
|
|
2372
2372
|
- `escalation_triggers`
|
|
2373
2373
|
- `approval_gates`
|
|
2374
2374
|
- `anti_regression_targets`
|
|
2375
|
-
- `
|
|
2376
|
-
- `
|
|
2377
|
-
- `
|
|
2375
|
+
- `known_unknowns`
|
|
2376
|
+
- `browser_proof_required`
|
|
2377
|
+
- `browser_proof_rationale`
|
|
2378
|
+
- `must_haves`
|
|
2379
|
+
- Keep high-risk review pressure in the plan body through Evidence Contract,
|
|
2380
|
+
Stop-And-Challenge, Approval Gates, and Second-Pass Review sections instead
|
|
2381
|
+
of expanding the frontmatter into a control-plane schema.
|
|
2378
2382
|
- Upgrade planner checking to block missing anti-drift contract fields instead of treating them as optional prose quality.
|
|
2379
2383
|
- Thread the new contract through execution and verification so the fields constrain what execution may do and what closure may claim.
|
|
2380
2384
|
|
|
@@ -2822,49 +2826,47 @@ Posture compatibility is part of that closeout contract: `repo_closeout` and `ru
|
|
|
2822
2826
|
|
|
2823
2827
|
---
|
|
2824
2828
|
|
|
2825
|
-
## D62 - Repo-Native
|
|
2829
|
+
## D62 - Repo-Native Browser Proof Contract
|
|
2826
2830
|
|
|
2827
|
-
**Decision (2026-04-28; revised 2026-05-09):** UI-sensitive work should carry a compact
|
|
2831
|
+
**Decision (2026-04-28; revised 2026-05-09; revised 2026-07-08):** UI-sensitive work should carry a compact browser-proof declaration in plan frontmatter and, when executed, a plain markdown observation record that references artifacts by path or link while preserving the existing closure evidence kinds: `code`, `test`, `runtime`, `delivery`, and `human`. For live rendered UI proof, `agent-browser` is the default runtime evidence path for consumers, while existing Playwright tests remain the canonical repeatable browser-regression path when present. Direct phase verification treats `browser_proof_required` and `browser_proof_rationale` as the declaration authority and fails closed on missing phase prerequisites, invalid browser-proof frontmatter, a missing `## Browser Proof Plan` when proof is required, or a required browser-proof plan that omits route/state, viewport, runtime path, evidence kind, evidence command or no-command rationale, observations, artifacts with privacy/safety posture, and claim limit.
|
|
2828
2832
|
|
|
2829
2833
|
**Context:**
|
|
2830
|
-
-
|
|
2831
|
-
- The contract defines
|
|
2832
|
-
- GSD's archived planner, executor, and verifier roles preserve strong lifecycle discipline, but they do not provide this UI-specific
|
|
2834
|
+
- Browser proof targets the recurring failure mode where agents claim a UI works or looks good without rendered proof, matched observations, or explicit human judgment.
|
|
2835
|
+
- The contract defines plan declarations, Browser Proof Plan sections, observation records, fail-closed agent guardrails, privacy/safety notes, and claim limits without adding a browser-provider framework or a separate JSON validator.
|
|
2836
|
+
- GSD's archived planner, executor, and verifier roles preserve strong lifecycle discipline, but they do not provide this UI-specific browser observation model. GSDD keeps the lifecycle leverage and adds a repo-native browser proof substrate without adding a browser-provider framework.
|
|
2833
2837
|
- OneShot's QC guidance and Vercel's `agent-browser` skill converge on an interactive browser loop for snapshots, ref-based interaction, screenshots, and network/console-adjacent inspection. GSDD adapts that as a default workflow instruction, not as a hard validator dependency.
|
|
2834
2838
|
|
|
2835
2839
|
**Decision:**
|
|
2836
|
-
- Planning must classify UI-sensitive work
|
|
2837
|
-
- Direct phase verification must read
|
|
2838
|
-
- Direct phase verification must fail nonzero with structured blockers when no matching plan or summary exists, or when
|
|
2839
|
-
- When
|
|
2840
|
-
-
|
|
2841
|
-
-
|
|
2842
|
-
-
|
|
2840
|
+
- Planning must classify UI-sensitive work with `browser_proof_required: true|false` and a nonblank `browser_proof_rationale`.
|
|
2841
|
+
- Direct phase verification must read browser-proof declaration authority from plan frontmatter only. Body prose and stale sidecars are not declaration authority.
|
|
2842
|
+
- Direct phase verification must fail nonzero with structured blockers when no matching plan or summary exists, when browser-proof frontmatter is invalid, or when a required Browser Proof Plan is missing or incomplete.
|
|
2843
|
+
- When browser proof is not required and the rationale is explicit, stale browser-proof observations are warning-level cleanup signals, not proof and not blockers. Legacy `ui_proof_slots: []` with a meaningful `no_ui_proof_rationale` is treated as a compatibility warning rather than a blocker; legacy non-empty `ui_proof_slots` still require migration because required rendered proof cannot be inferred losslessly.
|
|
2844
|
+
- Browser Proof Plan sections record route/state, viewport coverage, runtime path, evidence kind, evidence command or narrowed no-command rationale, observations, artifacts, privacy/safety note, and claim limit.
|
|
2845
|
+
- Observation records record the exact plan artifact, actual route/state, viewport, runtime path, evidence kind, command/manual step, rendered observations, artifacts, result, privacy/safety note, stale-after trigger, and claim limit.
|
|
2846
|
+
- Browser Proof Plan sections must be tight enough for the plan checker to reject vague proof: specific route/state, viewport coverage or narrowed claim, runtime path, supported evidence kind, rendered observations, artifacts/privacy notes, evidence command or no-command rationale, and claim limit.
|
|
2843
2847
|
- The planner chooses viewport coverage, but responsive or layout-sensitive claims require desktop/mobile or equivalent state coverage unless the claim is explicitly narrowed.
|
|
2844
2848
|
- Execution defaults to `agent-browser` for live UI runtime proof: open the route/state, capture interactive snapshots/refs where relevant, exercise the changed flow, capture screenshots for planned viewport(s), and record relevant console/network observations.
|
|
2845
2849
|
- Existing Playwright tests or package scripts remain the canonical repeatable browser-regression evidence when present. Playwright scripting is reserved for checks `agent-browser` cannot cover cleanly, such as JS-disabled behavior, structured console listeners, or multi-context testing.
|
|
2846
|
-
-
|
|
2847
|
-
-
|
|
2848
|
-
- Human acceptance may close a narrowed claim and record proof debt, but it must not convert missing or mismatched non-human evidence into `satisfied` proof.
|
|
2850
|
+
- Direct verification fails closed unless each required browser-proof plan has a repo-local, parser-compatible, explicitly passing observation that names the exact plan artifact and carries supported evidence semantics, privacy/safety posture, and bounded claim scope. The workflow verifier still owns substantive judgment about whether the recorded observation actually supports the route/state, viewport, artifact, and claim.
|
|
2851
|
+
- Human acceptance may close a narrowed claim and record proof debt, but it must not convert missing or mismatched non-human evidence into satisfied proof.
|
|
2849
2852
|
- Screenshots, traces, videos, reports, accessibility scans, Gherkin, and visual diffs are artifact types or activities mapped onto the five existing evidence kinds, not new evidence kinds.
|
|
2850
|
-
- Source annotations, AST/cAST findings, semantic search hits, comments, and Semble-like retrieval may discover proof obligations, but they are discovery hints only and do not satisfy proof
|
|
2853
|
+
- Source annotations, AST/cAST findings, semantic search hits, comments, and Semble-like retrieval may discover proof obligations, but they are discovery hints only and do not satisfy browser proof.
|
|
2851
2854
|
- Visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication require human evidence or explicit waiver, and human approval does not replace required `code`, `test`, `runtime`, or `delivery` evidence.
|
|
2852
|
-
-
|
|
2853
|
-
-
|
|
2854
|
-
- Failed UI proof is reported through existing GSDD gap/proof-debt language. Product behavior defects, missing or blocked infrastructure, flaky harnesses, and ambiguous specs explain causes, but they do not add new evidence kinds, result statuses, or comparison statuses.
|
|
2855
|
+
- The current contract is validator-light by design: direct phase verification checks declaration shape, required Browser Proof Plan fields, observation record shape, safe linked-record boundaries, exact plan references, explicit pass/fail posture, supported evidence-kind labels, and bounded claim wording. It does not inspect raw screenshot pixels, report contents, or visual quality; substantive rendered proof remains a workflow/role obligation captured in summaries or observation records.
|
|
2856
|
+
- Failed browser proof is reported through the failure-cause names in `distilled/references/proof-rules.md`: product behavior defects, missing or blocked infrastructure, flaky harnesses, and ambiguous specs explain causes, but they do not add new evidence kinds.
|
|
2855
2857
|
|
|
2856
2858
|
**Leverage:**
|
|
2857
|
-
- Lost: UI-sensitive work
|
|
2858
|
-
- Kept: repo-native markdown artifacts, optional project tooling, fixed closure evidence kinds, generated-surface freshness, the plan/execute/verify separation, and
|
|
2859
|
-
- Gained: exact claim-to-
|
|
2859
|
+
- Lost: UI-sensitive work still carries a small proof-contract burden, and direct verification checks only shape rather than raw screenshot/report contents.
|
|
2860
|
+
- Kept: repo-native markdown artifacts, optional project tooling, fixed closure evidence kinds, generated-surface freshness, the plan/execute/verify separation, and a concrete live browser evidence path.
|
|
2861
|
+
- Gained: a much simpler consumer contract, exact claim-to-observation traceability, privacy/safety notes, claim limits, and fail-closed overclaim guardrails without a non-existent validator command.
|
|
2860
2862
|
|
|
2861
2863
|
**Evidence:**
|
|
2862
2864
|
- `distilled/templates/ui-proof.md`
|
|
2863
2865
|
- `distilled/workflows/plan.md`, `distilled/workflows/execute.md`, `distilled/workflows/quick.md`, `distilled/workflows/verify.md`
|
|
2864
2866
|
- `agents/planner.md`, `agents/executor.md`, `agents/verifier.md`, `distilled/templates/delegates/plan-checker.md`
|
|
2865
|
-
- `bin/lib/templates.mjs`, `bin/lib/
|
|
2867
|
+
- `bin/lib/templates.mjs`, `bin/lib/health.mjs`, `bin/lib/phase.mjs`, `bin/lib/rendering.mjs`
|
|
2866
2868
|
- `tests/phase.test.cjs`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.health.test.cjs`, `tests/gsdd.init.test.cjs`
|
|
2867
|
-
- GSD comparison: the upstream planner, executor, and verifier role patterns preserve lifecycle rigor, but they do not define
|
|
2869
|
+
- GSD comparison: the upstream planner, executor, and verifier role patterns preserve lifecycle rigor, but they do not define browser-proof plan declarations or observation records.
|
|
2868
2870
|
- OneShot QC source: `https://github.com/oneshot-repo/OneShot/tree/main/skills`
|
|
2869
2871
|
- Vercel `agent-browser` docs: `https://github.com/vercel-labs/agent-browser/blob/main/skill-data/core/SKILL.md` and `https://agent-browser.dev/snapshots`
|
|
2870
2872
|
- Playwright docs: `https://playwright.dev/docs/trace-viewer`, `https://playwright.dev/docs/next/screenshots`, and `https://playwright.dev/mcp/tools/tracing`
|
|
@@ -486,11 +486,11 @@
|
|
|
486
486
|
- GSD comparison source: `get-shit-done/workflows/new-project.md`
|
|
487
487
|
- `tests/gsdd.guards.test.cjs`, `tests/gsdd.invariants.test.cjs`
|
|
488
488
|
|
|
489
|
-
## D62 — Repo-Native
|
|
489
|
+
## D62 — Repo-Native Browser Proof Contract
|
|
490
490
|
- `distilled/templates/ui-proof.md`
|
|
491
491
|
- `distilled/workflows/plan.md`, `distilled/workflows/execute.md`, `distilled/workflows/quick.md`, `distilled/workflows/verify.md`
|
|
492
492
|
- `agents/planner.md`, `agents/executor.md`, `agents/verifier.md`, `distilled/templates/delegates/plan-checker.md`
|
|
493
|
-
- `bin/lib/templates.mjs`, `bin/lib/
|
|
493
|
+
- `bin/lib/templates.mjs`, `bin/lib/health.mjs`, `bin/lib/phase.mjs`, `bin/lib/rendering.mjs`
|
|
494
494
|
- `tests/phase.test.cjs`, `tests/gsdd.guards.test.cjs`, `tests/gsdd.health.test.cjs`, `tests/gsdd.init.test.cjs`
|
|
495
495
|
- OneShot QC/browser policy: https://github.com/oneshot-repo/OneShot/tree/main/skills
|
|
496
496
|
- Vercel agent-browser docs: https://github.com/vercel-labs/agent-browser/blob/main/skill-data/core/SKILL.md, https://agent-browser.dev/snapshots
|
|
@@ -503,7 +503,7 @@
|
|
|
503
503
|
- Agent-hostile UI semantics source: https://dev.to/ratikkoka/your-ui-is-invisible-to-ai-agents-heres-how-to-fix-it-1ib3
|
|
504
504
|
- Browser-harness efficiency source: https://dev.to/louaiboumediene/the-ai-harness-why-your-ai-coding-agent-is-only-as-smart-as-the-repo-you-put-it-in-cml
|
|
505
505
|
- Dynamic-UI harness brittleness source: https://tessl.io/blog/webmcp-making-web-apps-faster-and-cheaper-for-ai-agents/
|
|
506
|
-
- Long-term pitfalls carried forward: do not accept screenshot-free "looks good" claims, weak
|
|
506
|
+
- Long-term pitfalls carried forward: do not accept screenshot-free "looks good" claims, weak browser-proof plans, unverified artifact paths, stale interactive refs after page mutation, partial/failed proof without failure classification, raw artifact publication without privacy/safety notes, browser contention in parallel checks, or semantic/selector-poor UI that forces fragile coordinate inspection.
|
|
507
507
|
- Supporting spec/runtime docs: https://openspec.dev/, https://www.lean-spec.dev/docs/guide/first-principles, https://help.openai.com/en/articles/11369540-codex-in-chatgpt, https://docs.claude.com/en/docs/agents-and-tools/agent-skills, https://docs.github.com/en/copilot/concepts/prompting/response-customization
|
|
508
508
|
|
|
509
509
|
## D63 — Computed-First Control Map
|
|
@@ -13,31 +13,30 @@ Read only the explicit inputs provided by the orchestrator:
|
|
|
13
13
|
Do NOT inherit the planner's hidden reasoning. Treat the current plans as untrusted drafts that must prove they will achieve the phase goal before execution.
|
|
14
14
|
|
|
15
15
|
Verify these dimensions:
|
|
16
|
-
- `requirement_coverage`: every phase requirement is covered by at least one concrete task
|
|
16
|
+
- `requirement_coverage`: every phase requirement is covered by at least one concrete task.
|
|
17
17
|
- `task_completeness`: every executable task has files, action, verify, and done fields. Additionally check verify quality:
|
|
18
18
|
- **Runnable?** Does `<verify>` contain at least one command that an executor can run programmatically (e.g., a shell command, test runner invocation, curl request)? If ALL verify items are observational text with no runnable command -> `blocker`.
|
|
19
19
|
- **Fast?** Do verify commands complete quickly? Flag full E2E suites (playwright, cypress, selenium) without a faster smoke test -> `warning`. Flag watch-mode flags (`--watchAll`, `--watch`) -> `blocker`. Flag arbitrary delays > 30s -> `warning`.
|
|
20
20
|
- **Ordered?** If a verify command references a test file, does an earlier task in the plan create that file? If the referenced file has no prior task producing it -> `blocker`.
|
|
21
|
-
-
|
|
22
|
-
- `
|
|
23
|
-
- `
|
|
24
|
-
- `
|
|
21
|
+
- **Browser proof command?** If the plan requires browser proof, the Browser Proof Plan names a runnable evidence command or an explicit narrowed no-command rationale. A rendered-UI claim with neither is a `blocker`.
|
|
22
|
+
- `dependency_correctness`: ordering, dependencies, and plan structure are coherent.
|
|
23
|
+
- `key_link_completeness`: important wiring/integration links are planned, not just isolated artifacts.
|
|
24
|
+
- `scope_sanity`: plans are sized so an executor can complete them without context collapse, and hard boundaries, anti-goals, and explicit out-of-scope items are preserved in task scope.
|
|
25
|
+
- `must_have_quality`: success criteria and must-haves are specific, observable, and reflected in tasks.
|
|
25
26
|
- `context_compliance`: locked decisions are honored and deferred ideas stay out of scope. Additionally check scope consistency:
|
|
26
27
|
- **Must-have coverage?** Every must-have requirement mapped to this phase in SPEC.md must appear in at least one plan task. A must-have that silently disappears from the plan is a `blocker`.
|
|
27
28
|
- **Deferred exclusion?** Items marked "Nice to Have", "Deferred", or "Out of Scope" in SPEC.md must not appear as plan tasks. Present → `blocker`.
|
|
28
29
|
- **Cross-surface consistency?** If SPEC.md marks an item as must-have but APPROACH.md marks it as deferred (or vice versa), surface the contradiction → `blocker`. Include a `fix_hint` asking the planner to resolve the conflict with the user before proceeding.
|
|
30
|
+
- **Anti-regression captured?** Known prior failures, compatibility risks, and behavior that must not regress are represented in tasks or verification.
|
|
31
|
+
- **Escalation preserved?** Tasks include checkpoints or escalation when evidence, permissions, user decisions, or risky ambiguity are required.
|
|
32
|
+
- **Abstraction justified?** Reject a task or refactor whose only rationale is "cleaner code" without reducing risk, removing meaningful duplication, simplifying a consumer path, or matching an existing repo pattern.
|
|
29
33
|
- `goal_achievement`: does the plan, if executed perfectly, actually achieve the stated phase goal? Check:
|
|
30
34
|
- **Goal addressed?** Compare the phase goal statement to the plan's collective task outputs. Would successful completion of all tasks deliver the goal? If the goal says "users can authenticate" but tasks only set up database schema → `blocker`.
|
|
31
35
|
- **Success criteria reachable?** Are the phase success criteria from ROADMAP.md achievable through the planned tasks? Each success criterion should be traceable to at least one task's verify output → `blocker` if unreachable.
|
|
32
36
|
- **Outcome observable?** After execution, could a human or automated check confirm the goal was met? Plans that produce only internal artifacts with no user-visible or testable outcome → `warning`.
|
|
33
|
-
-
|
|
34
|
-
-
|
|
35
|
-
-
|
|
36
|
-
- `closure_honesty`: the plan's done criteria and evidence limits support only claims that execution can actually prove.
|
|
37
|
-
- `closure_honesty`: for UI proof, reject agent-only `looks good` closure, artifact-count proof, unsupported evidence kinds, and human acceptance that converts missing/mismatched non-human evidence into `satisfied` proof. Waiver, deferment, proof debt, or narrowed-claim language is acceptable only when the stronger UI claim is not treated as proven.
|
|
38
|
-
- `closure_honesty`: for UI proof planning, reject weak slots that omit a specific route/state, viewport rationale or narrowed viewport claim limit, minimum observations, expected artifact types, runnable validation, or a way to compare observed proof back to the planned claim. Treat under-specified viewport coverage as a blocker for responsive or layout-sensitive claims. `agent-browser` is the default live runtime evidence path; do not block a slot solely for using another project-native browser path, but require the plan to explain the `agent-browser` availability constraint and fallback choice.
|
|
39
|
-
- `closure_honesty`: for UI proof privacy, require artifact `visibility`, `retention`, `sensitivity`, and `safe_to_publish`, require `gsdd ui-proof validate` or `gsdd health` when bundle metadata exists, and reject public/tracked/delivery/publication proof claims backed by local-only or `safe_to_publish: false` artifacts.
|
|
40
|
-
- `high_leverage_review`: high-leverage surfaces have a second-pass review or equivalent contradiction/staleness check before completion.
|
|
37
|
+
- **Claim honest?** Done criteria and evidence limits support only claims that execution can actually prove. For browser proof, reject agent-only "looks good" closure, artifact-count proof, unsupported evidence kinds, and human acceptance that replaces required code, test, runtime, or delivery evidence.
|
|
38
|
+
- **Browser proof specific?** Required browser proof names exact route/state, viewport coverage or a narrowed viewport claim, runtime path, evidence kind, rendered observations, artifacts/privacy notes, and claim limit. Under-specified viewport coverage is a blocker for responsive or layout-sensitive claims, and fallback browser tooling must state the `agent-browser` availability constraint.
|
|
39
|
+
- **Second pass present?** Shared or high-leverage surfaces have a final contradiction/staleness review before completion.
|
|
41
40
|
- `approach_alignment`: when APPROACH.md is provided, verify that plan tasks implement the chosen approaches from the user's decisions. Check:
|
|
42
41
|
- **Alignment proof valid?** When `workflow.discuss` is `true`, APPROACH.md must record `alignment_status: user_confirmed` or `alignment_status: approved_skip`. Missing alignment proof, unknown status, or agent-discretion-only proof -> `blocker` with `fix_hint` telling the planner to revise APPROACH.md through real user alignment or an explicit user-approved skip.
|
|
43
42
|
- **Canonical proof fields present?** APPROACH.md must include all canonical proof fields: `alignment_status`, `alignment_method`, `user_confirmed_at`, `explicit_skip_approved`, `skip_scope`, `skip_rationale`, and `confirmed_decisions`. Missing fields -> `blocker`.
|
|
@@ -56,7 +55,7 @@ Return JSON only as a single finding summary object with this shape:
|
|
|
56
55
|
"summary": "One sentence overall assessment",
|
|
57
56
|
"issues": [
|
|
58
57
|
{
|
|
59
|
-
"dimension": "requirement_coverage | task_completeness | dependency_correctness | key_link_completeness | scope_sanity | must_have_quality | context_compliance | goal_achievement |
|
|
58
|
+
"dimension": "requirement_coverage | task_completeness | dependency_correctness | key_link_completeness | scope_sanity | must_have_quality | context_compliance | goal_achievement | approach_alignment",
|
|
60
59
|
"severity": "blocker | warning",
|
|
61
60
|
"description": "What is wrong",
|
|
62
61
|
"plan": "01-PLAN",
|
|
@@ -1,200 +1,100 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Browser Proof Observation Template
|
|
2
2
|
|
|
3
|
-
Use this template when work affects rendered UI or when a plan
|
|
3
|
+
Use this template when work affects rendered UI or when a plan sets
|
|
4
|
+
`browser_proof_required: true`. Keep the record compact, claim-specific, and
|
|
5
|
+
attached to the relevant phase, quick task, or brownfield change.
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
Browser proof uses the existing closure evidence kinds only: `code`, `test`,
|
|
8
|
+
`runtime`, `delivery`, and `human`. Screenshots, traces, videos, reports,
|
|
9
|
+
accessibility scans, visual diffs, and manual notes are artifacts or activities
|
|
10
|
+
that map onto those evidence kinds. They are not new evidence kinds.
|
|
6
11
|
|
|
7
|
-
For live rendered UI evidence, default to `agent-browser`: open the route,
|
|
12
|
+
For live rendered UI evidence, default to `agent-browser`: open the route,
|
|
13
|
+
capture interactive refs when interaction is part of the claim, exercise the
|
|
14
|
+
changed flow, capture screenshots for planned viewport(s), and record
|
|
15
|
+
console/network observations when they affect the claim. If the repo already
|
|
16
|
+
has Playwright tests or a package script wrapping them, those remain the
|
|
17
|
+
repeatable regression path; use them as `test` evidence and use browser
|
|
18
|
+
observation for complementary runtime proof.
|
|
8
19
|
|
|
9
|
-
|
|
20
|
+
Do not introduce new Playwright, Cypress, Storybook, CI, browser MCP, or visual
|
|
21
|
+
regression infrastructure just to satisfy this template. Use Playwright
|
|
22
|
+
scripting only for checks `agent-browser` cannot cover cleanly, such as
|
|
23
|
+
JS-disabled behavior, structured console listeners, or multi-context testing.
|
|
10
24
|
|
|
11
|
-
|
|
25
|
+
Tool availability is part of the proof record. In runtimes where
|
|
26
|
+
`agent-browser` is not available, first state that availability constraint, then
|
|
27
|
+
use the closest project-native interactive browser path and narrow the claim to
|
|
28
|
+
what that fallback actually proves.
|
|
12
29
|
|
|
13
|
-
|
|
30
|
+
## Plan Declaration
|
|
14
31
|
|
|
15
|
-
|
|
16
|
-
ui_proof_slots:
|
|
17
|
-
- slot_id: ui-01
|
|
18
|
-
requirement_id: REQ-01
|
|
19
|
-
claim: "User can complete the changed flow without a broken rendered UI."
|
|
20
|
-
route_state: "/example route, role, data state, and UI state to inspect"
|
|
21
|
-
required_evidence_kinds: [test, runtime]
|
|
22
|
-
optional_evidence_kinds: [human]
|
|
23
|
-
minimum_observations:
|
|
24
|
-
- "Changed control is visible and usable in the stated state."
|
|
25
|
-
- "Expected interaction completes without console/runtime error."
|
|
26
|
-
expected_artifact_types: [screenshot, report]
|
|
27
|
-
validation_command: "gsdd ui-proof compare {work_item_dir}/ui-proof-slots.json {work_item_dir}/UI-PROOF.md"
|
|
28
|
-
environment:
|
|
29
|
-
app_url: "http://localhost:3000"
|
|
30
|
-
data_state: "synthetic or seeded data"
|
|
31
|
-
viewport:
|
|
32
|
-
width: 1280
|
|
33
|
-
height: 720
|
|
34
|
-
notes: "State why this viewport is enough for the claim, or add separate slots/observations for mobile, desktop, or responsive states."
|
|
35
|
-
manual_acceptance_required: false
|
|
36
|
-
claim_limit: "Does not prove cross-browser layout, full accessibility conformance, production delivery, or unrelated UI states."
|
|
37
|
-
no_ui_proof_rationale: null
|
|
38
|
-
```
|
|
32
|
+
Every UI-sensitive plan should contain:
|
|
39
33
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
- Specify the route/state, viewport choice, minimum observations, expected artifact types, and runnable validation path tightly enough that a checker can reject vague proof before execution.
|
|
44
|
-
- The planner chooses the viewport set, but the slot must explain the choice. Include desktop and mobile proof when the claim covers responsive layout or when the changed surface is likely to behave differently across those sizes; otherwise narrow the claim limit.
|
|
45
|
-
- Source annotations, AST/cAST findings, semantic search hits, comments, and Semble-like retrieval may help discover proof obligations. They are discovery hints only; they do not satisfy proof slots.
|
|
46
|
-
- Do not add Playwright, Cypress, Storybook, Cucumber, CI, browser MCP, or visual-regression tooling by default.
|
|
47
|
-
- Human approval is required for visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication decisions.
|
|
48
|
-
- Human approval does not replace required non-human evidence when the slot requires `code`, `test`, `runtime`, or `delivery` evidence.
|
|
49
|
-
|
|
50
|
-
## Observed Proof Bundle
|
|
51
|
-
|
|
52
|
-
Create or update this bundle during execution or verification when planned UI proof slots exist. JSON is the canonical machine-readable proof bundle format. Markdown proof files must include fenced JSON for deterministic validation.
|
|
53
|
-
|
|
54
|
-
Replace placeholders such as `{work_item_dir}` with the current phase, quick-task, or brownfield-change directory before running commands or validating the bundle.
|
|
55
|
-
|
|
56
|
-
```json
|
|
57
|
-
{
|
|
58
|
-
"proof_bundle_version": 1,
|
|
59
|
-
"scope": {
|
|
60
|
-
"work_item": "phase-or-quick-or-brownfield-id",
|
|
61
|
-
"requirement_ids": ["REQ-01"],
|
|
62
|
-
"slot_ids": ["ui-01"],
|
|
63
|
-
"claim": "User can complete the changed flow without a broken rendered UI."
|
|
64
|
-
},
|
|
65
|
-
"route_state": {
|
|
66
|
-
"route": "/example",
|
|
67
|
-
"state": "role, data state, feature flag, loading/error/empty state, or component story"
|
|
68
|
-
},
|
|
69
|
-
"environment": {
|
|
70
|
-
"app_url": "http://localhost:3000",
|
|
71
|
-
"browser": "agent-browser default; record fallback when unavailable",
|
|
72
|
-
"browser_version": "record if known",
|
|
73
|
-
"os": "record if relevant",
|
|
74
|
-
"data_state": "synthetic or seeded data"
|
|
75
|
-
},
|
|
76
|
-
"viewport": {
|
|
77
|
-
"width": 1280,
|
|
78
|
-
"height": 720,
|
|
79
|
-
"device_scale_factor": "record if relevant"
|
|
80
|
-
},
|
|
81
|
-
"evidence_inputs": {
|
|
82
|
-
"kinds": ["test", "runtime"],
|
|
83
|
-
"tools_used": ["playwright", "agent-browser"]
|
|
84
|
-
},
|
|
85
|
-
"commands_or_manual_steps": [
|
|
86
|
-
{
|
|
87
|
-
"command": "npm run test:e2e -- changed-flow.spec.ts",
|
|
88
|
-
"exit_code": 0,
|
|
89
|
-
"result": "passed",
|
|
90
|
-
"attempts": 1
|
|
91
|
-
},
|
|
92
|
-
{
|
|
93
|
-
"command": "agent-browser open http://localhost:3000/example && agent-browser snapshot -i && agent-browser screenshot {work_item_dir}/artifacts/example-1280.png --full",
|
|
94
|
-
"result": "passed",
|
|
95
|
-
"attempts": 1
|
|
96
|
-
},
|
|
97
|
-
{
|
|
98
|
-
"manual_step": "Using agent-browser refs, complete the changed interaction as a synthetic user and check for visible breakage or relevant console/network failures.",
|
|
99
|
-
"result": "passed"
|
|
100
|
-
}
|
|
101
|
-
],
|
|
102
|
-
"observations": [
|
|
103
|
-
{
|
|
104
|
-
"observation": "Changed control is visible and completes the flow.",
|
|
105
|
-
"claim": "User can complete the changed flow without a broken rendered UI.",
|
|
106
|
-
"route_state": {
|
|
107
|
-
"route": "/example",
|
|
108
|
-
"state": "role, data state, feature flag, loading/error/empty state, or component story"
|
|
109
|
-
},
|
|
110
|
-
"evidence_kind": "runtime",
|
|
111
|
-
"artifact_refs": ["test-results/changed-flow-report/index.html", "{work_item_dir}/artifacts/example-1280.png"],
|
|
112
|
-
"privacy": {
|
|
113
|
-
"data_classification": "synthetic",
|
|
114
|
-
"raw_artifacts_safe_to_publish": false,
|
|
115
|
-
"retention": "temporary_review"
|
|
116
|
-
},
|
|
117
|
-
"result": "passed",
|
|
118
|
-
"claim_limit": "Does not prove Safari/WebKit behavior."
|
|
119
|
-
}
|
|
120
|
-
],
|
|
121
|
-
"artifacts": [
|
|
122
|
-
{
|
|
123
|
-
"path": "test-results/changed-flow-report/index.html",
|
|
124
|
-
"type": "report",
|
|
125
|
-
"visibility": "local_only",
|
|
126
|
-
"retention": "temporary_review",
|
|
127
|
-
"sensitivity": "possible",
|
|
128
|
-
"safe_to_publish": false,
|
|
129
|
-
"notes": "Local report only; not public proof."
|
|
130
|
-
},
|
|
131
|
-
{
|
|
132
|
-
"path": "{work_item_dir}/artifacts/example-1280.png",
|
|
133
|
-
"type": "screenshot",
|
|
134
|
-
"visibility": "local_only",
|
|
135
|
-
"retention": "temporary_review",
|
|
136
|
-
"sensitivity": "possible",
|
|
137
|
-
"safe_to_publish": false,
|
|
138
|
-
"notes": "Local screenshot only; not public proof unless sanitized and reclassified."
|
|
139
|
-
}
|
|
140
|
-
],
|
|
141
|
-
"privacy": {
|
|
142
|
-
"data_classification": "synthetic",
|
|
143
|
-
"redactions": [],
|
|
144
|
-
"raw_artifacts_safe_to_publish": false,
|
|
145
|
-
"retention": "Keep metadata bundle; keep raw artifacts only while needed for review or failed proof triage."
|
|
146
|
-
},
|
|
147
|
-
"manual_acceptance": {
|
|
148
|
-
"required": false,
|
|
149
|
-
"reviewer": null,
|
|
150
|
-
"result": "not_applicable"
|
|
151
|
-
},
|
|
152
|
-
"result": {
|
|
153
|
-
"claim_status": "passed",
|
|
154
|
-
"comparison_status_by_slot": {
|
|
155
|
-
"ui-01": "satisfied"
|
|
156
|
-
},
|
|
157
|
-
"failure_classification": null
|
|
158
|
-
},
|
|
159
|
-
"claim_limits": [
|
|
160
|
-
"Does not prove Safari/WebKit behavior.",
|
|
161
|
-
"Does not prove full WCAG conformance.",
|
|
162
|
-
"Does not prove deployed production behavior."
|
|
163
|
-
]
|
|
164
|
-
}
|
|
34
|
+
```yaml
|
|
35
|
+
browser_proof_required: true
|
|
36
|
+
browser_proof_rationale: Visible route or interaction changes require rendered browser proof.
|
|
165
37
|
```
|
|
166
38
|
|
|
167
|
-
|
|
168
|
-
- Reference raw screenshots, traces, videos, DOM snapshots, reports, accessibility scans, Gherkin, and visual diffs by path or link. Do not store raw binary or sensitive artifacts inline.
|
|
169
|
-
- Each observation must identify the claim, route/state, evidence kind, artifact references behind it, privacy metadata, result, and claim limit it supports.
|
|
170
|
-
- Every observation `artifact_refs` value must match an `artifacts[].path` or `artifacts[].url` value.
|
|
171
|
-
- Artifact count is never proof. Unsupported or weakly linked artifacts are `partial`, `missing`, `waived`, or `deferred`, not `satisfied`.
|
|
172
|
-
- Each artifact must record the locked privacy fields `visibility`, `retention`, `sensitivity`, and `safe_to_publish`.
|
|
173
|
-
- Raw screenshots, traces, videos, DOM snapshots, and reports default to `visibility: local_only` plus `safe_to_publish: false` unless explicitly classified as sanitized and safe to publish.
|
|
174
|
-
- Local-only or `safe_to_publish: false` artifacts can support local review only; they must not back tracked, public, delivery, release, or publication proof claims.
|
|
175
|
-
- Human acceptance may close a narrowed claim only by recording waiver, deferment, or proof debt; it must not upgrade missing or mismatched non-human proof to `satisfied`.
|
|
176
|
-
- Quick-mode UI proof should use deterministic synthetic IDs such as `quick-001` and `quick-001-ui-01` when roadmap requirement IDs do not exist.
|
|
177
|
-
- Classify failed UI proof using existing GSDD gap/proof-debt language: `product_bug`, `missing_infra`, `flaky_harness`, or `ambiguous_spec`. Do not add new result statuses or evidence kinds for those causes.
|
|
39
|
+
Plans that do not claim rendered UI behavior should contain:
|
|
178
40
|
|
|
179
|
-
|
|
41
|
+
```yaml
|
|
42
|
+
browser_proof_required: false
|
|
43
|
+
browser_proof_rationale: CLI/docs/backend-only work; no visible UI behavior is claimed.
|
|
44
|
+
```
|
|
180
45
|
|
|
181
|
-
|
|
46
|
+
When browser proof is required, the plan body should include:
|
|
47
|
+
|
|
48
|
+
```markdown
|
|
49
|
+
## Browser Proof Plan
|
|
50
|
+
Routes/states: /example route, role, data state, and UI state to inspect
|
|
51
|
+
Viewports: Desktop 1280px and mobile 390px, or a narrowed viewport claim
|
|
52
|
+
Runtime path: agent-browser preferred; explain fallback constraints if unavailable
|
|
53
|
+
Evidence kind: runtime
|
|
54
|
+
No-command rationale: agent-browser/manual refs were required for this local runtime; claim is limited to the observed session.
|
|
55
|
+
Observations: Changed control is visible, interaction completes, no relevant console/network failures
|
|
56
|
+
Artifacts: .work/.../artifacts/example-1280.png (local-only unless sanitized)
|
|
57
|
+
Claim limit: Proves only this changed route/state and viewport set
|
|
58
|
+
```
|
|
182
59
|
|
|
183
|
-
|
|
60
|
+
If no command can reproduce the proof because the runtime path is manual or
|
|
61
|
+
interactive only, replace `Evidence command:` with:
|
|
184
62
|
|
|
185
|
-
|
|
63
|
+
```markdown
|
|
64
|
+
No-command rationale: agent-browser/manual refs were required for this local runtime; claim is limited to the observed session.
|
|
65
|
+
```
|
|
186
66
|
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
67
|
+
## Observation Record
|
|
68
|
+
|
|
69
|
+
Write one record per checked flow:
|
|
70
|
+
|
|
71
|
+
```markdown
|
|
72
|
+
## Browser Proof Observation
|
|
73
|
+
|
|
74
|
+
- Plan: 01-example/01-PLAN.md
|
|
75
|
+
- Flow: /example route, role, data state, and UI state checked
|
|
76
|
+
- Viewports: 1280x720 desktop, 390x844 mobile
|
|
77
|
+
- Runtime path: agent-browser
|
|
78
|
+
- Evidence kind: runtime
|
|
79
|
+
- No-command rationale: agent-browser/manual refs were required for this local runtime; claim is limited to the observed session.
|
|
80
|
+
- Observed: Changed control rendered, interaction completed, no relevant console/network failures
|
|
81
|
+
- Artifacts:
|
|
82
|
+
- .work/.../artifacts/example-1280.png — local-only, not safe to publish
|
|
83
|
+
- .work/.../artifacts/example-390.png — local-only, not safe to publish
|
|
84
|
+
- Privacy/safety: artifacts are local-only and not safe to publish unless sanitized
|
|
85
|
+
- Result: passed
|
|
86
|
+
- Claim limit: Proves only the scoped route/state, data setup, and viewport set.
|
|
87
|
+
- Stale after: route markup, interaction behavior, data fixture, or viewport assumptions change.
|
|
88
|
+
```
|
|
195
89
|
|
|
196
|
-
|
|
90
|
+
For failed or partial proof, use the failure-cause names defined in
|
|
91
|
+
`distilled/references/proof-rules.md` and record the narrowed claim or follow-up
|
|
92
|
+
trigger.
|
|
197
93
|
|
|
198
94
|
## Claim Boundary
|
|
199
95
|
|
|
200
|
-
|
|
96
|
+
Browser proof proves only the scoped route/state, environment, viewport,
|
|
97
|
+
observations, artifacts, and evidence kinds it records. It does not imply broad
|
|
98
|
+
visual quality, cross-browser coverage, full accessibility conformance,
|
|
99
|
+
production delivery, release readiness, or public proof unless those dimensions
|
|
100
|
+
are explicitly planned, evidenced, and safe to publish.
|
|
@@ -126,7 +126,7 @@ Combine:
|
|
|
126
126
|
- Integration checker's report (wiring gaps, auth gaps, broken flows, requirements integration map)
|
|
127
127
|
- Evidence observations by kind (`code`, `test`, `runtime`, `delivery`, `human`) from phase verifications, summaries, integration findings, and delivery metadata
|
|
128
128
|
- Release claim posture observations: selected `release_claim_posture`, unsupported claims, waivers, deferrals, and contradiction checks for public, runtime, delivery, planning-drift, and generated-surface claims
|
|
129
|
-
-
|
|
129
|
+
- Browser-proof debt from phase/quick observation records or verification gaps, preserving the rule that waiver/deferment/human acceptance narrows claims rather than satisfying missing proof
|
|
130
130
|
|
|
131
131
|
## 5. 3-Source Cross-Reference
|
|
132
132
|
|
|
@@ -107,7 +107,7 @@ For each task in the plan, follow this loop:
|
|
|
107
107
|
|
|
108
108
|
### Frontmatter And Task Semantics
|
|
109
109
|
The executor consumes the plan schema defined by `/gsdd-plan`:
|
|
110
|
-
- frontmatter keys: `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `must_haves`, `tdd`
|
|
110
|
+
- frontmatter keys: `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`, `tdd`
|
|
111
111
|
- task types:
|
|
112
112
|
- `type="auto"` - proceed without pausing
|
|
113
113
|
- `type="checkpoint:user"` - stop for a required user decision or human-only step
|
|
@@ -164,11 +164,10 @@ Before reporting a task complete:
|
|
|
164
164
|
- if an API change is involved, hit the endpoint or targeted integration path
|
|
165
165
|
- A task is not complete because code was written. It is complete when the intended verification path actually passes.
|
|
166
166
|
|
|
167
|
-
###
|
|
168
|
-
If the plan
|
|
169
|
-
Use `agent-browser` as the default live
|
|
170
|
-
|
|
171
|
-
Classify failed UI proof using existing gap/proof-debt language: `product_bug`, `missing_infra`, `flaky_harness`, or `ambiguous_spec`. Do not add new evidence kinds or result statuses for those causes.
|
|
167
|
+
### Browser Proof Execution
|
|
168
|
+
If the plan sets `browser_proof_required: true`, execute the `## Browser Proof Plan` before claiming completion. Record the exact `Plan:` artifact path plus route/state, viewport(s), runtime path, evidence kind, evidence command or narrowed no-command rationale, observations, artifact paths, privacy/safety note, result, and claim limit in the summary or a linked observation record.
|
|
169
|
+
Use `agent-browser` as the default live browser proof path. Record the planned route/state open, interactive snapshots/refs when interaction is part of the claim, changed-flow interaction, screenshots for planned viewport(s), and relevant console/network observations. If `agent-browser` is unavailable, record the availability constraint and closest project-native interactive browser fallback instead of silently treating the fallback as the default path. If the repo already has Playwright tests or a package script wrapping them, run the relevant targeted test as canonical repeatable regression evidence; keep browser runtime observation as complementary proof. Use Playwright scripting only for checks `agent-browser` cannot cover cleanly, such as JS-disabled, structured console, or multi-context verification. Do not install Playwright, Cypress, Cucumber, Storybook, browser MCP, CI, or visual-regression tooling by default.
|
|
170
|
+
Screenshots, traces, videos, reports, accessibility scans, Gherkin, visual diffs, and manual notes map onto existing evidence kinds, not new evidence kinds. Raw screenshots, traces, videos, DOM snapshots, and reports default to local-only and unsafe to publish unless explicitly sanitized. Visual taste, accessibility judgment, baseline acceptance, subjective polish/layout quality, and privacy publication decisions require human evidence or explicit waiver; artifact count, source comments, AST/cAST findings, semantic search, and Semble-like retrieval are not proof. If evidence does not match the planned route/state, viewport, observation, artifact path/manual step, privacy note, result, and claim limit, record proof debt, waiver, deferment, or reduced claim language rather than satisfied proof. Use the failure-cause names in `distilled/references/proof-rules.md` when proof fails or is partial.
|
|
172
171
|
|
|
173
172
|
### Git Guidance
|
|
174
173
|
|