haiku-method 3.4.1 → 3.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "haiku-method",
-  "version": "3.4.1",
+  "version": "3.5.0",
   "description": "H·AI·K·U methodology — universal lifecycle orchestration with hat-based workflows, completion criteria, and automatic context preservation.",
   "homepage": "https://haikumethod.ai",
   "repository": {
@@ -49,5 +49,9 @@
   ],
   "publishConfig": {
     "access": "public"
+  },
+  "scripts": {
+    "prepack": "npm run --prefix ../packages/haiku build",
+    "postpack": "git checkout -- ./bin/haiku"
   }
 }

package/schemas/intent.schema.json

@@ -0,0 +1,147 @@
+{
+	"$schema": "http://json-schema.org/draft-07/schema#",
+	"$id": "https://haiku.dev/schemas/intent.schema.json",
+	"title": "H·AI·K·U Intent Frontmatter",
+	"description": "Schema for the YAML frontmatter on .haiku/intents/<slug>/intent.md. Distinguishes user-writable fields (settable via haiku_intent_set) from engine-managed fields (mutated only by the workflow engine).",
+	"type": "object",
+	"additionalProperties": false,
+	"x-writable-by-user": [
+		"title",
+		"mode",
+		"skip_stages",
+		"intent_completion_review"
+	],
+	"x-engine-only": [
+		"studio",
+		"created_at",
+		"started_at",
+		"completed_at",
+		"status",
+		"active_stage",
+		"stages",
+		"composite",
+		"intent_reviewed",
+		"phase",
+		"completion_review_dispatched",
+		"completion_review_skipped",
+		"completion_review_entered_at",
+		"completion_review_dispatched_at",
+		"archived",
+		"archived_at",
+		"follows",
+		"autopilot"
+	],
+	"properties": {
+		"title": {
+			"type": "string",
+			"minLength": 1,
+			"description": "Human-readable intent title"
+		},
+		"studio": {
+			"type": "string",
+			"description": "Studio (lifecycle template) name. Immutable after creation."
+		},
+		"mode": {
+			"type": "string",
+			"enum": ["continuous", "discrete", "autopilot", "discrete-hybrid"],
+			"description": "Execution mode."
+		},
+		"autopilot": {
+			"type": "boolean",
+			"description": "Legacy autopilot flag. Use `mode: autopilot` instead. Engine-managed during migration."
+		},
+		"status": {
+			"type": "string",
+			"enum": ["active", "completed", "archived"],
+			"description": "Lifecycle status. Engine-managed."
+		},
+		"active_stage": {
+			"type": "string",
+			"description": "Currently active stage. Engine-managed (state.json is the source of truth)."
+		},
+		"stages": {
+			"type": "array",
+			"items": { "type": "string" },
+			"description": "Stage list (allow-list for /haiku:quick scope). Set on creation."
+		},
+		"skip_stages": {
+			"type": "array",
+			"items": { "type": "string" },
+			"description": "Stages to skip in this intent."
+		},
+		"intent_reviewed": {
+			"type": "boolean",
+			"description": "Whether the elaborated intent passed initial review. Engine-managed."
+		},
+		"intent_completion_review": {
+			"type": "boolean",
+			"description": "Whether to run studio-level completion review at the end of the final stage. Defaults to true."
+		},
+		"phase": {
+			"type": "string",
+			"enum": ["", "active", "awaiting_completion_review", "intent_completion"],
+			"description": "Intent-level phase. Engine-managed."
+		},
+		"completion_review_dispatched": {
+			"type": "boolean",
+			"description": "Whether studio-level review agents have been dispatched. Engine-managed."
+		},
+		"completion_review_skipped": {
+			"type": "boolean",
+			"description": "True when no studio-level review agents are configured. Engine-managed."
+		},
+		"completion_review_entered_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp the intent entered completion review. Engine-managed."
+		},
+		"completion_review_dispatched_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp review agents were dispatched. Engine-managed."
+		},
+		"started_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp work began. Engine-managed."
+		},
+		"completed_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp the intent sealed. Engine-managed."
+		},
+		"created_at": {
+			"type": "string",
+			"description": "ISO-8601 timestamp the intent was created. Immutable."
+		},
+		"archived": {
+			"type": "boolean",
+			"description": "Whether the intent is archived. Toggle via haiku_intent_archive / haiku_intent_unarchive."
+		},
+		"archived_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp the intent was archived. Engine-managed."
+		},
+		"follows": {
+			"type": "string",
+			"description": "Slug of the parent intent this one follows from. Set on creation."
+		},
+		"composite": {
+			"description": "Composite-intent topology. Either an array of {studio, stages} entries (creation-time spec) or true (already-elaborated marker).",
+			"oneOf": [
+				{ "type": "boolean" },
+				{
+					"type": "array",
+					"items": {
+						"type": "object",
+						"properties": {
+							"studio": { "type": "string" },
+							"stages": {
+								"type": "array",
+								"items": { "type": "string" }
+							}
+						},
+						"required": ["studio"],
+						"additionalProperties": true
+					}
+				}
+			]
+		}
+	}
+}

package/schemas/stage.schema.json

@@ -0,0 +1,95 @@
+{
+	"$schema": "http://json-schema.org/draft-07/schema#",
+	"$id": "https://haiku.dev/schemas/stage.schema.json",
+	"title": "H·AI·K·U Stage State",
+	"description": "Schema for .haiku/intents/<slug>/stages/<stage>/state.json. Every field is engine-managed — there are no user-writable fields. The schema exists so haiku_stage_set can validate engine-internal mutations and reject malformed transitions or unknown fields.",
+	"type": "object",
+	"additionalProperties": true,
+	"x-writable-by-user": [],
+	"x-engine-only": [
+		"stage",
+		"status",
+		"phase",
+		"started_at",
+		"completed_at",
+		"gate_entered_at",
+		"gate_outcome",
+		"visits",
+		"iterations",
+		"elaboration_turns",
+		"decision_log",
+		"pre_review_dispatched",
+		"pre_review_dispatched_at",
+		"pre_review_reviewers_acknowledged",
+		"pre_review_reviewers_acknowledged_at",
+		"upstream_reconciliation_acknowledged",
+		"upstream_reconciliation_acknowledged_at",
+		"upstream_reconciliation_rationale"
+	],
+	"properties": {
+		"stage": {
+			"type": "string",
+			"description": "Stage name (matches the parent directory)."
+		},
+		"status": {
+			"type": "string",
+			"enum": ["pending", "active", "completed", "blocked"],
+			"description": "Stage status."
+		},
+		"phase": {
+			"type": "string",
+			"enum": ["", "elaborate", "execute", "review", "gate"],
+			"description": "Current phase within the stage."
+		},
+		"started_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp the stage entered status=active."
+		},
+		"completed_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp the stage entered status=completed."
+		},
+		"gate_entered_at": {
+			"type": ["string", "null"],
+			"description": "ISO-8601 timestamp the gate phase opened. Null when the stage auto-advanced through gate without entering it."
+		},
+		"gate_outcome": {
+			"type": ["string", "null"],
+			"enum": [null, "advanced", "blocked", "rejected"],
+			"description": "Gate outcome."
+		},
+		"visits": {
+			"type": "integer",
+			"minimum": 0,
+			"description": "Number of times the stage has been entered (initial + revisits)."
+		},
+		"iterations": {
+			"type": "array",
+			"description": "Per-bolt history entries.",
+			"items": {
+				"type": "object",
+				"additionalProperties": true
+			}
+		},
+		"elaboration_turns": {
+			"type": "integer",
+			"minimum": 0,
+			"description": "Conversation turns spent in elaborate phase across all visits."
+		},
+		"decision_log": {
+			"type": "array",
+			"description": "Decisions recorded during elaboration.",
+			"items": {
+				"type": "object",
+				"additionalProperties": true
+			}
+		},
+		"pre_review_dispatched": { "type": "boolean" },
+		"pre_review_dispatched_at": { "type": ["string", "null"] },
+		"pre_review_reviewers_acknowledged": { "type": "boolean" },
+		"pre_review_reviewers_acknowledged_at": { "type": ["string", "null"] },
+		"upstream_reconciliation_acknowledged": { "type": "boolean" },
+		"upstream_reconciliation_acknowledged_at": { "type": ["string", "null"] },
+		"upstream_reconciliation_rationale": { "type": "string" }
+	}
+}

package/skills/autopilot/SKILL.md

@@ -5,13 +5,13 @@ description: Full autonomous workflow — elaborate, plan, build, review, and de
 
 # Autopilot
 
-Run the full H·AI·K·U lifecycle autonomously from description to delivery. Autopilot is an intent-level flag (not a mode) — it tells the workflow engine to promote `ask` review gates to `auto`, so the lifecycle advances without human intervention on stage gates. External gates and the intent-completion review still pause (structural signals the workflow engine can't synthesize).
+Run the full H·AI·K·U lifecycle autonomously from description to delivery. Autopilot is one of the three intent modes (`discrete | continuous | autopilot`). It tells the workflow engine to promote `ask` review gates to `auto`, so the lifecycle advances without human intervention on stage gates. External gates and the intent-completion review still pause (structural signals the workflow engine can't synthesize).
 
 ## Process
 
-1. **If no active intent exists**, create one with `/haiku:start`.
-2. **Enable autopilot** by direct-editing `intent.md` frontmatter to set `autopilot: true`. Leave `mode` as-is (`continuous` / `discrete` / `hybrid`) — autopilot is an independent dimension from mode.
-3. **Optional: skip the final intent review** by setting `skip_intent_completion_review: true` on intent.md frontmatter. Do NOT set this unless the user explicitly wants truly headless completion; the completion review is the bookend that prevents silent intent-completion on stage-gate pass.
+1. **If no active intent exists**, create one with `/haiku:start`, passing `mode: autopilot` to `haiku_intent_create`.
+2. **For an existing intent**, set the mode via `haiku_intent_set { intent: "<slug>", field: "mode", value: "autopilot" }`. The tool validates the mode enum against `INTENT_FRONTMATTER_SCHEMA` and produces a clean git audit entry. Do NOT use `haiku_human_write` for this — that mis-attributes the write as `human-via-mcp` and bypasses schema validation. Do NOT set a separate `autopilot: true` boolean — that is a deprecated pattern.
+3. **Optional: skip the final intent review** by calling `haiku_intent_set { intent: "<slug>", field: "intent_completion_review", value: false }`. Do NOT set this unless the user explicitly wants truly headless completion; the completion review is the bookend that prevents silent intent-completion on stage-gate pass.
 4. **Drive the loop** by calling `haiku_run_next { intent: "<slug>" }`. Repeat on every return. When a subagent returns, re-call `haiku_run_next` to advance.
 
 ## What still pauses autopilot
@@ -20,16 +20,16 @@ Run the full H·AI·K·U lifecycle autonomously from description to delivery. Au
 - **`await` gates.** Waiting for a non-review external event (customer response, pipeline, etc.).
 - **Elicitation-required decisions.** Design-direction picks, visual approvals.
 - **Scope explosions** (see guardrails below).
-- **Intent-completion review** (unless `skip_intent_completion_review: true`).
+- **Intent-completion review** (unless `intent_completion_review: false` is set on the intent).
 
 ## Guardrails
 
 - **Pause on blockers or ambiguity.** If the workflow engine returns an error or a decision that can't be inferred from the intent's goals, stop and surface it to the user. Never guess.
 - **Pause on scope explosion.** If elaborate produces more than 5 units in a single stage, stop and ask the user to confirm scope — that's a signal the task is bigger than it looked and autopilot may not be appropriate.
-- **Pause before PR creation.** Even when `haiku_run_next` reaches `external_review_requested`, surface the PR creation step to the user — don't open PRs autonomously.
+- **Pause before mid-workflow PR creation.** When `haiku_run_next` returns `external_review_requested` mid-lifecycle (e.g. per-unit MRs in discrete mode), surface the PR creation step to the user — don't open PRs autonomously. The final intent-completion delivery PR is the exception: after `intent_complete`, open the delivery PR (`haiku/<slug>/main` → `main`) directly. The intent-completion review gate is the human checkpoint; pausing again is redundant.
 - **Stop on phase-level failures.** `error`, `max_bolts_exceeded`, `unit_scope_violation` not clearable after one retry, or any workflow engine rejection that persists across two calls → stop and report.
 
 ## Combined with other skills
 
-- `/haiku:quick` + autopilot: edit `stages: [<one>]` AND `autopilot: true`. Single-stage, no pauses except external/completion gates.
+- `/haiku:quick` + autopilot: set `stages: [<one>]` AND `mode: autopilot`. Single-stage, no pauses except external/completion gates.
 - `/haiku:revisit` while in autopilot: the revisit action itself pauses autopilot until the user confirms the revisit target.

package/studios/software/stages/security/outputs/security-fix.md

@@ -0,0 +1,39 @@
+---
+name: security-fix
+location: (project source tree)
+scope: repo
+format: code
+required: false
+---
+
+# Security Fix Code
+
+Implementation output for security units that close vulnerability findings. Mirrors the development stage's `code` output template — security-engineer hats may write directly into the project source tree to land controls (input validation, authentication binding, frontmatter parsers, etc.) that defend the attack surface the unit names.
+
+## When to use this template
+
+Security stage units that REMEDIATE a finding produce code, not just an assessment. Without this template, the stage scope only permits intent-relative paths (`stages/security/...`, `knowledge/...`) and security-engineer commits that touch `packages/...` source files would fail scope validation at advance_hat.
+
+Units that ONLY document threats / model risks (threat-modeler hat output, residual-risk register) need ASSESSMENTS (intent-scope) — not this template.
+
+## Content Guide
+
+- **Follow existing project patterns** for file organization, naming conventions, and module boundaries
+- **Include appropriate tests** alongside implementation — unit tests for the new control's behavior, regression tests that fail pre-fix
+- **Commit working increments** with clear messages naming the finding (V-NN) being closed and the control landed
+- **Match the threat-model artifact** — the implementer hat MUST address the threats the threat-modeler enumerated for this unit's surface
+
+## Completion
+
+This output is "complete" when:
+- All quality_gates declared on the unit frontmatter pass
+- The full project test suite passes
+- A behavioural / regression test exists for each finding being closed
+- The matching `ASSESSMENTS.md` entry (intent-scope) records the finding as mitigated and cites the file paths and test names
+
+## Quality Signals
+
+- Tests fail pre-fix and pass post-fix (regression coverage proves the control works)
+- Lint and typecheck pass without suppressions
+- The code follows existing project conventions
+- Commits cite the V-NN finding and the threat the control closes