harnessed 2.0.1 → 3.0.1

package/workflows/verify/design/SKILL.md

@@ -0,0 +1,72 @@
+---
+name: verify-design
+description: |
+  Stage ④.f verify sub-workflow — gstack /design-review 设计系统一致性 + AI 审美问题识别
+  (has_design_changes 触发, 可选 conditional, sister ~/.claude/CLAUDE.md "Verify 阶段 — 可选
+  /design-review" verbatim)。
+  schema_version: harnessed.workflow.v3 with disciplines_applied (6 default) + tools_available
+  (gstack-design-review + ui-ux-pro-max + frontend-design) + 1 phase (gate ref has_design_changes
+  conditional)。Triggered by harnessed CLI `harnessed verify-design --phase <num>` or slash
+  command `/verify-design` after `harnessed setup`.
+trigger_phrases:
+  - "verify design"
+  - "设计审查"
+  - "design review"
+  - "gstack design review"
+  - "跑 verify-design"
+---
+
+# verify-design workflow (v3)
+
+## Overview
+
+1-phase sub-workflow mapping CLAUDE.md "Verify 阶段 — 可选 /design-review" onto harnessed
+runtime (Phase v3.0-3.4 W0.13c — D-04 Stage ④ Verify 7 sub + D-12 gstack 治理关卡 +
+Pattern A sub-workflow ship)。
+
+| phase | id | upstream | model | capability | gate |
+| ----- | -- | -------- | ----- | ---------- | ---- |
+| 1 | `01-design-review` | gstack | sonnet | `{{ capabilities.gstack-design-review.cmd }}` | `judgments.stage-routing.verify-design-changes.fires` |
+
+Per-phase config loads from `workflows/verify/design/workflow.yaml`; engine 4-level gate
+resolver evaluates `phase.has_design_changes == true` via expr-eval — true 则 invoke gstack
+`/design-review` (设计系统一致性 + AI 审美问题识别), false 则 skip。
+
+## Capability refs
+
+Sister `workflows/capabilities.yaml` entries:
+- `gstack-design-review` — Bucket 3 治理关卡 (impl: gstack, cmd: /design-review,
+  fires_when: has_design_changes)
+- `ui-ux-pro-max` — Bucket 2 special-purpose (impl: gstack, 默认主方案 数据驱动)
+- `frontend-design` — Bucket 2 special-purpose (impl: gstack, UI 创意 / 装饰补充)
+
+## Gate ref
+
+Sister `workflows/judgments/stage-routing.yaml`:
+- `verify-design-changes.fires` — `phase.stage == 'verify' and phase.has_design_changes == true`
+
+## Routing rules (sister ~/.claude/rules/web-design.md)
+
+- 默认主方案 → `ui-ux-pro-max` (数据驱动、标准化、可解释)
+- 创意补充 / 不要 AI 味 → `frontend-design`
+- 用户明示「独特 / 不要 AI 感」→ frontend-design 主导, 否则 ui-ux-pro-max 优先
+
+## CLI invocation
+
+```bash
+# Dry-run preview — arbitrate-only, never spawns SDK.
+harnessed verify-design --phase <num> --dry-run --non-interactive
+
+# Apply path — real SDK spawn (gate eval true 时).
+harnessed verify-design --phase <num> --apply
+```
+
+## References
+
+- D-04 Stage ④ Verify 7 sub 分解
+- D-12 gstack 治理关卡可选
+- ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /design-review" verbatim
+- ~/.claude/rules/web-design.md — ui-ux-pro-max 默认 + frontend-design 补充
+- workflows/capabilities.yaml — gstack-design-review / ui-ux-pro-max / frontend-design
+- workflows/judgments/stage-routing.yaml — verify-design-changes trigger
+- workflows/verify-work/workflow.yaml v2 SHIPPED phase 07-design-review-conditional sister verbatim

package/workflows/verify/design/workflow.yaml

@@ -0,0 +1,33 @@
+# workflows/verify/design/workflow.yaml — Phase v3.0-3.4 W0 T3.4.W0.13c
+#
+# Stage ④.f verify sub-workflow — gstack /design-review 设计系统一致性 + AI 审美问题
+# (has_design_changes 触发, 可选 conditional, sister ~/.claude/CLAUDE.md "可选 /design-review" verbatim)。
+#
+# Sister refs:
+#   - ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /design-review" 章节
+#   - ~/.claude/rules/web-design.md — ui-ux-pro-max 默认 + frontend-design 补充
+#   - workflows/judgments/stage-routing.yaml verify-design-changes trigger (has_design_changes)
+#   - workflows/capabilities.yaml — gstack-design-review / ui-ux-pro-max / frontend-design
+#   - workflows/verify-work/workflow.yaml v2 SHIPPED phase 07-design-review-conditional sister pattern
+#   - .planning/phase-v3.0-3.2/RESEARCH-workflows.md § Area 2 verify/design example verbatim
+
+schema_version: harnessed.workflow.v3
+workflow: verify-design
+description: |
+  Stage ④.f gstack /design-review 设计系统一致性 + AI 审美问题识别 (has_design_changes 触发,
+  可选 conditional)。Gate: judgments.stage-routing.verify-design-changes.fires
+  (phase.has_design_changes == true) — UI module fire only; 后端 / docs PR skip。
+  tools_available 含 ui-ux-pro-max (默认主方案) + frontend-design (创意补充) sister
+  ~/.claude/rules/web-design.md routing。
+
+disciplines_applied: [karpathy, output-style, language, operational, priority, protocols]
+tools_available: [gstack-design-review, ui-ux-pro-max, frontend-design]
+
+phases:
+  - id: 01-design-review
+    name: gstack-design-review (设计系统一致性 + AI 审美问题 — has_design_changes 触发)
+    upstream: gstack
+    capability: '{{ capabilities.gstack-design-review.cmd }}'
+    model: sonnet
+    gate: judgments.stage-routing.verify-design-changes.fires
+    max_iterations: 3

package/workflows/verify/multispec/SKILL.md

@@ -0,0 +1,86 @@
+---
+name: verify-multispec
+description: |
+  Stage ④.h verify sub-workflow — 4-specialist Agent Team Pattern C 多维度审查 (关键发布 /
+  大重构 PR 升级, code-review + gstack-review + gstack-cso + gstack-qa 4 teammate 互相
+  SendMessage 质询, NOT fire-and-forget subagent fan-out, sister ~/.claude/rules/agent-teams.md
+  L42-L52 Pattern C verbatim)。Cleanup mandatory: shutdown_request + TeamDelete (防呆清单)。
+  schema_version: harnessed.workflow.v3 with disciplines_applied (6 default) + tools_available
+  (agent-teams 3 + 4 specialist capability) + 2 phase (01-team-create on critical-release
+  invoke / 02-team-cleanup mandatory shutdown)。
+  Triggered by harnessed CLI `harnessed verify-multispec --phase <num>` or slash command
+  `/verify-multispec` after `harnessed setup`.
+trigger_phrases:
+  - "verify multispec"
+  - "4-specialist Agent Team"
+  - "Pattern C 多维度审查"
+  - "critical release review"
+  - "跑 verify-multispec"
+---
+
+# verify-multispec workflow (v3)
+
+## Overview
+
+2-phase sub-workflow mapping CLAUDE.md "Verify 阶段 — 关键发布 / 大重构 PR 升级 Agent Team
+Pattern C" onto harnessed runtime (Phase v3.0-3.4 W0.13e — D-04 Stage ④ Verify 7 sub +
+D-11 Agent Teams + Pattern A sub-workflow ship)。
+
+| phase | id | upstream | model | capability | gate / on |
+| ----- | -- | -------- | ----- | ---------- | --------- |
+| 1 | `01-team-create` | claude-platform | opus | `{{ capabilities.agent-teams-create.cmd }}` | `parallelism: agent-teams-upgrade.fires`; `on: is_major_release OR is_large_refactor → invoke` |
+| 2 | `02-team-cleanup` | claude-platform | haiku | `{{ capabilities.agent-teams-shutdown.cmd }}` | mandatory 防呆清单 |
+
+Per-phase config loads from `workflows/verify/multispec/workflow.yaml`; phase 01 creates 4
+teammate (code-review + gstack-review + gstack-cso + gstack-qa) via TeamCreate, teammates 互相
+SendMessage 质询 findings 是否真问题 (NOT fire-and-forget); phase 02 mandatory shutdown_request
++ TeamDelete (防呆清单 per ~/.claude/rules/agent-teams.md L46-L48)。
+
+## Capability refs
+
+Sister `workflows/capabilities.yaml` entries:
+- `agent-teams-create` — Bucket 5 Agent Teams (impl: claude-platform, cmd: TeamCreate)
+- `agent-teams-send-message` — Bucket 5 Agent Teams (impl: claude-platform, cmd: SendMessage)
+- `agent-teams-shutdown` — Bucket 5 Agent Teams (impl: claude-platform, cmd: TeamDelete)
+- `code-review` — Bucket 1 mattpocock (teammate 1)
+- `gstack-review` — Bucket 3 治理关卡 (teammate 2 Paranoid Staff Engineer)
+- `gstack-cso` — Bucket 3 治理关卡 (teammate 3 安全审查)
+- `gstack-qa` — Bucket 3 治理关卡 (teammate 4 端到端 QA)
+
+## Parallelism + on gate refs
+
+Sister `workflows/judgments/parallelism-gate.yaml`:
+- `agent-teams-upgrade.fires` — 5 OR-chain (teammate_send_message_needed / subagent_context_overflow /
+  shared_task_list / opposing_hypothesis_debate / fullstack_three_way)
+
+Phase-level `on` clause (critical-release 升级触发):
+- `if: phase.is_major_release == true or phase.is_large_refactor == true` → `action: invoke`
+- else → `action: skip`
+
+## Routing rules (sister ~/.claude/rules/agent-teams.md)
+
+- ✅ **触发**: 关键发布 / 大重构 PR (≥3 specialist 需互相质询而非 fire-and-forget)
+- ❌ **跳过**: 常规 PR / 单点任务 (sister verify-code-review fan-out + verify-paranoid 已够用且省 token)
+- **Token 估算 prereq**: `team_cost < 2 × subagent_cost` (engine-level check per agent-teams.md L34)
+- **Cleanup mandatory**: phase 02-team-cleanup `agent-teams-shutdown` 必跑 (防呆清单)
+
+## CLI invocation
+
+```bash
+# Dry-run preview — arbitrate-only, never spawns SDK.
+harnessed verify-multispec --phase <num> --dry-run --non-interactive
+
+# Apply path — real SDK spawn + TeamCreate 4 specialist + 互相 SendMessage 质询 + 末尾 TeamDelete。
+harnessed verify-multispec --phase <num> --apply
+```
+
+## References
+
+- D-04 Stage ④ Verify 7 sub 分解
+- D-11 Agent Teams 4-specialist Pattern C upgrade
+- ~/.claude/CLAUDE.md "Verify 阶段 — 关键发布 / 大重构 PR 升级 Agent Team Pattern C" verbatim
+- ~/.claude/rules/agent-teams.md Pattern C 多维度审查 + 防呆清单 + 完整生命周期
+- workflows/capabilities.yaml — agent-teams-{create,send-message,shutdown} + 4 specialist
+- workflows/judgments/stage-routing.yaml — verify-multispec-critical-release trigger
+- workflows/judgments/parallelism-gate.yaml — agent-teams-upgrade.fires (5 OR-chain)
+- workflows/verify-work/workflow.yaml v2 SHIPPED phase 09-agent-team-multispecialist sister verbatim

package/workflows/verify/multispec/workflow.yaml

@@ -0,0 +1,58 @@
+# workflows/verify/multispec/workflow.yaml — Phase v3.0-3.4 W0 T3.4.W0.13e
+#
+# Stage ④.h verify sub-workflow — 4-specialist Agent Team Pattern C 多维度审查 critical-release upgrade
+# (sister ~/.claude/CLAUDE.md "Verify 阶段 — 4-specialist Agent Team Pattern C" verbatim +
+# ~/.claude/rules/agent-teams.md L42-L52 Pattern C 多维度审查 ≥3 specialist 互相质询 NOT fire-and-forget)。
+#
+# Sister refs:
+#   - ~/.claude/CLAUDE.md "Verify 阶段 — 关键发布 / 大重构 PR 升级 Agent Team Pattern C" verbatim
+#   - ~/.claude/rules/agent-teams.md Pattern C 多维度审查 (≥3 specialist lead 委派 + 互相质询)
+#   - workflows/judgments/stage-routing.yaml verify-multispec-critical-release trigger
+#   - workflows/judgments/parallelism-gate.yaml agent-teams-upgrade.fires (5 OR-chain)
+#   - workflows/capabilities.yaml — agent-teams-create / agent-teams-send-message / agent-teams-shutdown
+#     + code-review / gstack-review / gstack-cso / gstack-qa (4 specialist 互相质询)
+#   - workflows/verify-work/workflow.yaml v2 SHIPPED phase 09-agent-team-multispecialist sister pattern
+#   - .planning/phase-v3.0-3.2/RESEARCH-workflows.md § Area 2 verify/multispec example verbatim
+#
+# Cleanup mandatory per ~/.claude/rules/agent-teams.md 防呆清单 (SendMessage shutdown_request +
+# TeamDelete) — engine-level wiring (phase 02-team-cleanup capability agent-teams-shutdown)。
+# Token estimate prereq per agent-teams.md L34: team_cost < 2 × subagent_cost (engine-level check)。
+
+schema_version: harnessed.workflow.v3
+workflow: verify-multispec
+description: |
+  Stage ④.h 4-specialist Agent Team Pattern C 多维度审查 (关键发布 / 大重构 PR 升级,
+  code-review + gstack-review + gstack-cso + gstack-qa 4 teammate 互相 SendMessage 质询,
+  NOT fire-and-forget subagent fan-out)。Cleanup mandatory: shutdown_request + TeamDelete
+  (sister ~/.claude/rules/agent-teams.md 防呆清单)。
+
+disciplines_applied: [karpathy, output-style, language, operational, priority, protocols]
+tools_available:
+  - agent-teams-create
+  - agent-teams-send-message
+  - agent-teams-shutdown
+  - code-review
+  - gstack-review
+  - gstack-cso
+  - gstack-qa
+
+phases:
+  - id: 01-team-create
+    name: 4-specialist Agent Team create (Pattern C 多维度审查 critical-release upgrade)
+    upstream: claude-platform
+    capability: '{{ capabilities.agent-teams-create.cmd }}'
+    model: opus
+    parallelism: judgments.parallelism-gate.agent-teams-upgrade.fires
+    on:
+      - if: 'phase.is_major_release == true or phase.is_large_refactor == true'
+        action: invoke
+      - if: 'phase.is_major_release == false and phase.is_large_refactor == false'
+        action: skip
+    max_iterations: 1
+
+  - id: 02-team-cleanup
+    name: Agent Team cleanup (shutdown_request + TeamDelete 防呆清单)
+    upstream: claude-platform
+    capability: '{{ capabilities.agent-teams-shutdown.cmd }}'
+    model: haiku
+    max_iterations: 1

package/workflows/verify/paranoid/SKILL.md

@@ -0,0 +1,71 @@
+---
+name: verify-paranoid
+description: |
+  Stage ④.c verify sub-workflow — gstack /review Paranoid Staff Engineer 关键模块 PR 前强制
+  (sister ~/.claude/CLAUDE.md "🔒 关键模块 PR 前强制" verbatim)。Gate:
+  judgments.stage-routing.verify-paranoid-critical.fires (phase.is_critical_module == true) —
+  默认 critical fire only; 非关键模块 skip (sister CLAUDE.md "关键模块" 限定语)。
+  schema_version: harnessed.workflow.v3 with disciplines_applied (6 default) + tools_available
+  (gstack-review) + 1 phase (gate ref is_critical_module conditional)。
+  Triggered by harnessed CLI `harnessed verify-paranoid --phase <num>` or slash command
+  `/verify-paranoid` after `harnessed setup`.
+trigger_phrases:
+  - "verify paranoid"
+  - "paranoid staff engineer review"
+  - "关键模块审查"
+  - "gstack review"
+  - "跑 verify-paranoid"
+---
+
+# verify-paranoid workflow (v3)
+
+## Overview
+
+1-phase sub-workflow mapping CLAUDE.md "gstack 治理关卡 🔒 关键模块 PR 前强制 — `/review`"
+onto harnessed runtime (Phase v3.0-3.4 W0.12 — D-04 Stage ④ Verify 7 sub + D-12 gstack
+治理关卡 + Pattern A sub-workflow ship)。
+
+| phase | id | upstream | model | capability | gate |
+| ----- | -- | -------- | ----- | ---------- | ---- |
+| 1 | `01-review` | gstack | opus | `{{ capabilities.gstack-review.cmd }}` | `judgments.stage-routing.verify-paranoid-critical.fires` |
+
+Per-phase config loads from `workflows/verify/paranoid/workflow.yaml`; engine 4-level gate
+resolver evaluates `phase.is_critical_module == true` via expr-eval — true 则 invoke gstack
+`/review`, false 则 skip (chain_isolation 3 铁律 R20.16 sister verify-work v2 phase 04)。
+
+## Capability refs
+
+Sister `workflows/capabilities.yaml` entries:
+- `gstack-review` — Bucket 3 治理关卡 (impl: gstack, cmd: /review,
+  fires_when: phase.is_critical_module == true)
+
+## Gate ref
+
+Sister `workflows/judgments/stage-routing.yaml`:
+- `verify-paranoid-critical.fires` — `phase.stage == 'verify' and phase.is_critical_module == true`
+  (默认 critical fire only; 普通 PR 应跳过 — gstack-review 是 Paranoid Staff Engineer 重武器)
+
+## Routing rules (sister CLAUDE.md "gstack 治理关卡")
+
+- ✅ **触发**: 关键模块 PR 前 (auth / payment / data migration / core algorithm 等)
+- ❌ **跳过**: 常规 PR / docs / config / 非核心 module
+
+## CLI invocation
+
+```bash
+# Dry-run preview — arbitrate-only, never spawns SDK.
+harnessed verify-paranoid --phase <num> --dry-run --non-interactive
+
+# Apply path — real SDK spawn (gate eval true 时).
+harnessed verify-paranoid --phase <num> --apply
+```
+
+## References
+
+- D-04 Stage ④ Verify 7 sub 分解
+- D-12 gstack 治理关卡强制
+- ~/.claude/CLAUDE.md "gstack 治理关卡 🔒 关键模块 PR 前强制" verbatim
+- workflows/capabilities.yaml — gstack-review
+- workflows/judgments/stage-routing.yaml — verify-paranoid-critical trigger
+- workflows/defaults.yaml — ralph_max_iterations.verify-paranoid.* values (W2.2 backfill)
+- workflows/verify-work/workflow.yaml v2 SHIPPED phase 04-gstack-review-conditional sister verbatim

package/workflows/verify/paranoid/workflow.yaml

@@ -0,0 +1,30 @@
+# workflows/verify/paranoid/workflow.yaml — Phase v3.0-3.4 W0 T3.4.W0.12
+#
+# Stage ④.c verify sub-workflow — gstack /review Paranoid Staff Engineer 关键模块 PR 前强制
+# (sister ~/.claude/CLAUDE.md "🔒 关键模块 PR 前强制" verbatim)。
+#
+# Sister refs:
+#   - ~/.claude/CLAUDE.md "gstack 治理关卡 🔒 关键模块 PR 前强制" verbatim
+#   - workflows/judgments/stage-routing.yaml verify-paranoid-critical trigger (phase.is_critical_module)
+#   - workflows/capabilities.yaml — gstack-review (Bucket 3 治理关卡, impl: gstack, cmd: /review)
+#   - workflows/verify-work/workflow.yaml v2 SHIPPED phase 04-gstack-review-conditional sister pattern
+#   - .planning/phase-v3.0-3.2/RESEARCH-workflows.md § Area 2 verify/paranoid example verbatim
+
+schema_version: harnessed.workflow.v3
+workflow: verify-paranoid
+description: |
+  Stage ④.c gstack /review Paranoid Staff Engineer 关键模块 PR 前强制 (sister CLAUDE.md
+  "🔒 关键模块 PR 前强制")。Gate: stage-routing.verify-paranoid-critical.fires (phase.is_critical_module)
+  — 默认 critical fire only; 非关键模块 skip (sister CLAUDE.md "关键模块" 限定语)。
+
+disciplines_applied: [karpathy, output-style, language, operational, priority, protocols]
+tools_available: [gstack-review]
+
+phases:
+  - id: 01-review
+    name: gstack-review (Paranoid Staff Engineer 视角 — 关键模块 PR 前强制 🔒)
+    upstream: gstack
+    capability: '{{ capabilities.gstack-review.cmd }}'
+    model: opus
+    gate: judgments.stage-routing.verify-paranoid-critical.fires
+    max_iterations: '{{ defaults.ralph_max_iterations.verify-paranoid.01-review }}'

package/workflows/verify/progress/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: verify-progress
+description: |
+  Stage ④.a verify sub-workflow — gsd-verify-work + gsd-progress 必跑串行 (verify-work 起点)
+  + planning-with-files progress.md 持久化 (sister ~/.claude/CLAUDE.md "Verify 阶段" verbatim
+  必跑串行 — gsd-verify-work UAT-driven acceptance + gsd-progress 状态同步 顺序不可调换)。
+  schema_version: harnessed.workflow.v3 with disciplines_applied (6 default) + tools_available
+  (gsd-verify-work + gsd-progress + planning-with-files) + 3 phases (serial 01→02 + persist
+  progress.md sink)。Triggered by harnessed CLI `harnessed verify-progress --phase <num>` or
+  slash command `/verify-progress` after `harnessed setup`.
+trigger_phrases:
+  - "verify progress"
+  - "进度同步"
+  - "gsd verify work"
+  - "ROADMAP 状态同步"
+  - "跑 verify-progress"
+---
+
+# verify-progress workflow (v3)
+
+## Overview
+
+3-phase sub-workflow mapping CLAUDE.md "Verify 阶段 — 必跑串行" 起点 onto harnessed runtime
+(Phase v3.0-3.4 W0.10 — D-04 Stage ④ Verify 7 sub + D-12 gstack 治理关卡 ref + Pattern A
+sub-workflow ship)。
+
+| phase | id | upstream | model | capability / invokes | mode / artifacts |
+| ----- | -- | -------- | ----- | -------------------- | ---------------- |
+| 1 | `01-gsd-verify-work` | gsd | sonnet | `{{ capabilities.gsd-verify-work.cmd }}` | serial — UAT-driven acceptance |
+| 2 | `02-gsd-progress` | gsd | haiku | `{{ capabilities.gsd-progress.cmd }}` | serial — ROADMAP/STATE/REQUIREMENTS 同步 |
+| 3 | `03-progress-update` | planning-with-files | haiku | `{{ capabilities.planning-with-files.cmd }}` + `invokes: /plan` | `artifacts_expected: [progress.md]` |
+
+Per-phase config loads from `workflows/verify/progress/workflow.yaml`; engine spawns each
+phase as a sub-agent via `@anthropic-ai/claude-agent-sdk` 0.3.142+ in serial mode (顺序锁定 —
+gsd-verify-work UAT 必先于 gsd-progress 状态同步)。
+
+## Capability refs
+
+Sister `workflows/capabilities.yaml` entries:
+- `gsd-verify-work` — Bucket 2 special-purpose (impl: gsd, cmd: /gsd-verify-work)
+- `gsd-progress` — Bucket 2 special-purpose (impl: gsd, cmd: /gsd-progress)
+- `planning-with-files` — Bucket 4 核心 capability (impl: claude-code-plugin, cmd: /plan)
+
+## Routing rules (sister CLAUDE.md "Verify 阶段")
+
+总 fire 当 `phase.stage == 'verify'` (sister `workflows/judgments/stage-routing.yaml`
+verify-progress-always trigger)。无 skip 条件 — verify-work 起点必跑。
+
+## CLI invocation
+
+```bash
+# Dry-run preview — arbitrate-only, never spawns SDK.
+harnessed verify-progress --phase <num> --dry-run --non-interactive
+
+# Apply path — real SDK spawn + 3-phase serial chain.
+harnessed verify-progress --phase <num> --apply
+```
+
+## References
+
+- D-04 Stage ④ Verify 7 sub 分解
+- D-12 gstack 治理关卡 ref (verify-paranoid 后续 sub)
+- ~/.claude/CLAUDE.md "Verify 阶段 — gsd-verify-work + gsd-progress 必跑串行" verbatim
+- workflows/capabilities.yaml — gsd-verify-work / gsd-progress / planning-with-files
+- workflows/judgments/stage-routing.yaml — verify-progress-always trigger
+- workflows/defaults.yaml — ralph_max_iterations.verify-progress.* values (W2.2 backfill)
+- workflows/verify-work/workflow.yaml v2 SHIPPED phase 01-02 sister verbatim pattern

package/workflows/verify/progress/workflow.yaml

@@ -0,0 +1,44 @@
+# workflows/verify/progress/workflow.yaml — Phase v3.0-3.4 W0 T3.4.W0.10
+#
+# Stage ④.a verify sub-workflow — gsd-verify-work + gsd-progress 必跑串行 (verify-work 起点)
+# + planning-with-files persist (progress.md sink, sister CLAUDE.md "Verify 阶段" verbatim)。
+#
+# Sister refs:
+#   - ~/.claude/CLAUDE.md "Verify 阶段" 章节 verbatim (gsd-verify-work + gsd-progress 必跑串行)
+#   - workflows/judgments/stage-routing.yaml verify-progress-always trigger (总 fire 当 stage=='verify')
+#   - workflows/capabilities.yaml — gsd-verify-work / gsd-progress / planning-with-files
+#   - workflows/verify-work/workflow.yaml v2 SHIPPED phase 01-02 verbatim pattern
+#   - .planning/phase-v3.0-3.2/RESEARCH-workflows.md § Area 2 verify/progress example verbatim
+
+schema_version: harnessed.workflow.v3
+workflow: verify-progress
+description: |
+  Stage ④.a GSD /gsd-verify-work + /gsd-progress 必跑串行 (verify-work 起点) + planning-with-files
+  progress.md persist。Sister CLAUDE.md "Verify 阶段" 必跑串行 verbatim — gsd-verify-work UAT-driven
+  conversational acceptance + gsd-progress 状态同步 (ROADMAP/STATE/REQUIREMENTS) 顺序不可调换。
+
+disciplines_applied: [karpathy, output-style, language, operational, priority, protocols]
+tools_available: [gsd-verify-work, gsd-progress, planning-with-files]
+
+phases:
+  - id: 01-gsd-verify-work
+    name: gsd-verify-work (UAT-driven conversational verification + acceptance criteria check)
+    upstream: gsd
+    capability: '{{ capabilities.gsd-verify-work.cmd }}'
+    model: sonnet
+    max_iterations: '{{ defaults.ralph_max_iterations.verify-progress.01-gsd-verify-work }}'
+
+  - id: 02-gsd-progress
+    name: gsd-progress (状态同步 — ROADMAP/STATE/REQUIREMENTS 更新)
+    upstream: gsd
+    capability: '{{ capabilities.gsd-progress.cmd }}'
+    model: haiku
+    max_iterations: 2
+
+  - id: 03-progress-update
+    name: planning-with-files progress.md (verify 进度持久化)
+    upstream: planning-with-files
+    capability: '{{ capabilities.planning-with-files.cmd }}'
+    invokes: '/plan'
+    model: haiku
+    artifacts_expected: [progress.md]

package/workflows/verify/qa/SKILL.md

@@ -0,0 +1,73 @@
+---
+name: verify-qa
+description: |
+  Stage ④.d verify sub-workflow — gstack /qa 端到端 QA 验收 (has_ui_changes 触发, 可选 conditional,
+  sister ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /qa" verbatim)。
+  schema_version: harnessed.workflow.v3 with disciplines_applied (6 default) + tools_available
+  (gstack-qa + playwright-cli + playwright-test + webapp-testing) + 1 phase (gate ref
+  has_ui_changes conditional)。
+  Triggered by harnessed CLI `harnessed verify-qa --phase <num>` or slash command
+  `/verify-qa` after `harnessed setup`.
+trigger_phrases:
+  - "verify qa"
+  - "端到端 QA"
+  - "E2E 验收"
+  - "gstack qa"
+  - "跑 verify-qa"
+---
+
+# verify-qa workflow (v3)
+
+## Overview
+
+1-phase sub-workflow mapping CLAUDE.md "Verify 阶段 — 可选 /qa" onto harnessed runtime
+(Phase v3.0-3.4 W0.13a — D-04 Stage ④ Verify 7 sub + D-12 gstack 治理关卡 + Pattern A
+sub-workflow ship)。
+
+| phase | id | upstream | model | capability | gate |
+| ----- | -- | -------- | ----- | ---------- | ---- |
+| 1 | `01-qa` | gstack | sonnet | `{{ capabilities.gstack-qa.cmd }}` | `judgments.stage-routing.verify-qa-ui.fires` |
+
+Per-phase config loads from `workflows/verify/qa/workflow.yaml`; engine 4-level gate resolver
+evaluates `phase.has_ui_changes == true` via expr-eval — true 则 invoke gstack `/qa` (端到端
+QA 验收 + UI dogfood), false 则 skip。
+
+## Capability refs
+
+Sister `workflows/capabilities.yaml` entries:
+- `gstack-qa` — Bucket 3 治理关卡 (impl: gstack, cmd: /qa, fires_when: has_ui_changes)
+- `playwright-cli` — Bucket 2 special-purpose (impl: npm-cli, browser_probe)
+- `playwright-test` — Bucket 2 special-purpose (impl: npm-cli, e2e_test typescript)
+- `webapp-testing` — Bucket 2 special-purpose (impl: gstack, e2e_test python)
+
+## Gate ref
+
+Sister `workflows/judgments/stage-routing.yaml`:
+- `verify-qa-ui.fires` — `phase.stage == 'verify' and phase.has_ui_changes == true`
+
+## Routing rules (sister ~/.claude/rules/web-testing.md)
+
+- 写测试 提交 repo / CI 跑 → `@playwright/test` (默认 frontend/e2e/*.spec.ts)
+- 探查 / 调试 / 一次性确认 → `playwright-cli` (token 最省)
+- setup 需 Python 后端 (Tortoise ORM / pandas) → `webapp-testing` skill
+- 性能 / a11y / 内存诊断 → 不在此 sub-workflow,用 `chrome-devtools-mcp`
+
+## CLI invocation
+
+```bash
+# Dry-run preview — arbitrate-only, never spawns SDK.
+harnessed verify-qa --phase <num> --dry-run --non-interactive
+
+# Apply path — real SDK spawn (gate eval true 时).
+harnessed verify-qa --phase <num> --apply
+```
+
+## References
+
+- D-04 Stage ④ Verify 7 sub 分解
+- D-12 gstack 治理关卡可选
+- ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /qa" verbatim
+- ~/.claude/rules/web-testing.md — 三层职责矩阵 (脑 / 手 / 筋骨)
+- workflows/capabilities.yaml — gstack-qa / playwright-cli / playwright-test / webapp-testing
+- workflows/judgments/stage-routing.yaml — verify-qa-ui trigger
+- workflows/verify-work/workflow.yaml v2 SHIPPED phase 05-qa-conditional sister verbatim

package/workflows/verify/qa/workflow.yaml

@@ -0,0 +1,31 @@
+# workflows/verify/qa/workflow.yaml — Phase v3.0-3.4 W0 T3.4.W0.13a
+#
+# Stage ④.d verify sub-workflow — gstack /qa 端到端 QA 验收 (has_ui_changes 触发, 可选 conditional)
+# (sister ~/.claude/CLAUDE.md "Verify 阶段" "可选 /qa" verbatim)。
+#
+# Sister refs:
+#   - ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /qa" 章节
+#   - workflows/judgments/stage-routing.yaml verify-qa-ui trigger (has_ui_changes)
+#   - workflows/capabilities.yaml — gstack-qa (Bucket 3 治理关卡, impl: gstack, cmd: /qa)
+#   - workflows/verify-work/workflow.yaml v2 SHIPPED phase 05-qa-conditional sister pattern
+#   - .planning/phase-v3.0-3.2/RESEARCH-workflows.md § Area 2 verify/qa example verbatim
+
+schema_version: harnessed.workflow.v3
+workflow: verify-qa
+description: |
+  Stage ④.d gstack /qa 端到端 QA 验收 (has_ui_changes 触发, 可选 conditional)。
+  Gate: judgments.stage-routing.verify-qa-ui.fires (phase.has_ui_changes == true) —
+  frontend / E2E module fire only; 后端 / docs PR skip。tools_available 包含
+  playwright-cli / playwright-test / webapp-testing 配套 E2E test 工具链。
+
+disciplines_applied: [karpathy, output-style, language, operational, priority, protocols]
+tools_available: [gstack-qa, playwright-cli, playwright-test, webapp-testing]
+
+phases:
+  - id: 01-qa
+    name: gstack-qa (端到端 QA 验收 — has_ui_changes 触发)
+    upstream: gstack
+    capability: '{{ capabilities.gstack-qa.cmd }}'
+    model: sonnet
+    gate: judgments.stage-routing.verify-qa-ui.fires
+    max_iterations: 3

package/workflows/verify/security/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: verify-security
+description: |
+  Stage ④.e verify sub-workflow — gstack /cso 安全审查 OWASP/auth/secrets (has_auth_or_secrets
+  触发, 可选 conditional, sister ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /cso" verbatim)。
+  schema_version: harnessed.workflow.v3 with disciplines_applied (6 default) + tools_available
+  (gstack-cso) + 1 phase (gate ref has_auth_or_secrets conditional)。
+  Triggered by harnessed CLI `harnessed verify-security --phase <num>` or slash command
+  `/verify-security` after `harnessed setup`.
+trigger_phrases:
+  - "verify security"
+  - "安全审查"
+  - "OWASP audit"
+  - "gstack cso"
+  - "跑 verify-security"
+---
+
+# verify-security workflow (v3)
+
+## Overview
+
+1-phase sub-workflow mapping CLAUDE.md "Verify 阶段 — 可选 /cso" onto harnessed runtime
+(Phase v3.0-3.4 W0.13b — D-04 Stage ④ Verify 7 sub + D-12 gstack 治理关卡 + Pattern A
+sub-workflow ship)。
+
+| phase | id | upstream | model | capability | gate |
+| ----- | -- | -------- | ----- | ---------- | ---- |
+| 1 | `01-cso` | gstack | opus | `{{ capabilities.gstack-cso.cmd }}` | `judgments.stage-routing.verify-security-secrets.fires` |
+
+Per-phase config loads from `workflows/verify/security/workflow.yaml`; engine 4-level gate
+resolver evaluates `phase.has_auth_or_secrets == true` via expr-eval — true 则 invoke gstack
+`/cso` (OWASP / auth / credentials / secrets 全面审查), false 则 skip。
+
+## Capability refs
+
+Sister `workflows/capabilities.yaml` entries:
+- `gstack-cso` — Bucket 3 治理关卡 (impl: gstack, cmd: /cso,
+  fires_when: phase.stage == 'verify' AND phase.has_auth_or_secrets == true)
+
+## Gate ref
+
+Sister `workflows/judgments/stage-routing.yaml`:
+- `verify-security-secrets.fires` — `phase.stage == 'verify' and phase.has_auth_or_secrets == true`
+
+## Routing rules
+
+- ✅ **触发**: auth flow / session / credentials / API keys / SQL injection 路径 / OWASP top 10 area
+- ❌ **跳过**: docs / 纯 UI styling / 内部 refactor / non-security PR
+
+## CLI invocation
+
+```bash
+# Dry-run preview — arbitrate-only, never spawns SDK.
+harnessed verify-security --phase <num> --dry-run --non-interactive
+
+# Apply path — real SDK spawn (gate eval true 时).
+harnessed verify-security --phase <num> --apply
+```
+
+## References
+
+- D-04 Stage ④ Verify 7 sub 分解
+- D-12 gstack 治理关卡可选
+- ~/.claude/CLAUDE.md "Verify 阶段 — 可选 /cso" verbatim
+- workflows/capabilities.yaml — gstack-cso
+- workflows/judgments/stage-routing.yaml — verify-security-secrets trigger
+- workflows/verify-work/workflow.yaml v2 SHIPPED phase 06-cso-conditional sister verbatim