its-magic 0.1.2-9 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (232) hide show
  1. package/README.md +1602 -755
  2. package/bin/its-magic.js +121 -11
  3. package/bin/postinstall.js +21 -0
  4. package/installer.ps1 +759 -0
  5. package/installer.py +981 -0
  6. package/installer.sh +649 -0
  7. package/package.json +18 -14
  8. package/scripts/check_intake_template_parity.py +284 -0
  9. package/scripts/doc_profile_lib.py +415 -0
  10. package/scripts/guard_installer_publish.py +88 -0
  11. package/scripts/intake_bug_routing_guard.py +67 -0
  12. package/scripts/intake_evidence_lib.py +802 -0
  13. package/scripts/intake_evidence_validate.py +73 -0
  14. package/scripts/materialize_codebase_map.py +184 -0
  15. package/scripts/remote_config_summary.py +243 -0
  16. package/template/.cursor/agents/curator.mdc +35 -0
  17. package/template/.cursor/agents/dev.mdc +29 -0
  18. package/template/.cursor/agents/po.mdc +141 -0
  19. package/template/.cursor/agents/qa.mdc +28 -0
  20. package/template/.cursor/agents/release.mdc +28 -0
  21. package/template/.cursor/agents/security.mdc +98 -0
  22. package/template/.cursor/agents/tech-lead.mdc +57 -0
  23. package/template/.cursor/commands/architecture.md +127 -0
  24. package/template/.cursor/commands/ask.md +55 -0
  25. package/template/.cursor/commands/auto.md +533 -0
  26. package/template/.cursor/commands/discovery.md +47 -0
  27. package/template/.cursor/commands/execute.md +343 -0
  28. package/template/.cursor/commands/intake.md +323 -0
  29. package/template/.cursor/commands/map-codebase.md +46 -0
  30. package/template/.cursor/commands/memory-audit.md +175 -0
  31. package/template/.cursor/commands/milestone-complete.md +51 -0
  32. package/template/.cursor/commands/milestone-start.md +59 -0
  33. package/template/.cursor/commands/pause.md +64 -0
  34. package/{.cursor/commands/gsd-phase-context.md → template/.cursor/commands/phase-context.md} +6 -2
  35. package/template/.cursor/commands/plan-verify.md +34 -0
  36. package/template/.cursor/commands/qa.md +226 -0
  37. package/template/.cursor/commands/quick.md +41 -0
  38. package/template/.cursor/commands/refresh-context.md +82 -0
  39. package/template/.cursor/commands/release.md +505 -0
  40. package/template/.cursor/commands/research.md +49 -0
  41. package/template/.cursor/commands/resume.md +67 -0
  42. package/template/.cursor/commands/security-review.md +81 -0
  43. package/template/.cursor/commands/sprint-plan.md +103 -0
  44. package/template/.cursor/commands/status-reconcile.md +95 -0
  45. package/template/.cursor/commands/verify-work.md +152 -0
  46. package/template/.cursor/dev-environment.json.example +22 -0
  47. package/{.cursor → template/.cursor}/hooks/README.md +3 -2
  48. package/{.cursor/hooks/gsd-hook.py → template/.cursor/hooks/hook.py} +15 -6
  49. package/template/.cursor/hooks.json +26 -0
  50. package/template/.cursor/remote.json +31 -0
  51. package/template/.cursor/rules/caveman.mdc +184 -0
  52. package/template/.cursor/rules/coding-standards.mdc +39 -0
  53. package/template/.cursor/rules/core.mdc +111 -0
  54. package/template/.cursor/rules/handoffs.mdc +27 -0
  55. package/template/.cursor/rules/quality.mdc +49 -0
  56. package/template/.cursor/scratchpad.local.example.md +323 -0
  57. package/template/.cursor/scratchpad.md +324 -0
  58. package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/SKILL.md +2 -2
  59. package/template/.cursorignore +6 -0
  60. package/template/.env.example +28 -0
  61. package/template/.github/workflows/ci.yml +194 -0
  62. package/{.github → template/.github}/workflows/deploy.yml +5 -2
  63. package/template/.its-magic-version +1 -0
  64. package/template/README.md +1602 -0
  65. package/template/decisions/DEC-0001.md +11 -0
  66. package/template/decisions/DEC-0002.md +11 -0
  67. package/template/docs/developer/README.md +44 -0
  68. package/template/docs/engineering/architecture.md +9 -0
  69. package/template/docs/engineering/artifact-ordering-policy.md +48 -0
  70. package/template/docs/engineering/artifact-ownership-policy.md +57 -0
  71. package/template/docs/engineering/auto-orchestration-reference.md +1211 -0
  72. package/{docs → template/docs}/engineering/codebase-map.md +0 -5
  73. package/template/docs/engineering/compatibility-report.md +20 -0
  74. package/template/docs/engineering/compatibility-signals.md +7 -0
  75. package/template/docs/engineering/component-scope-report.md +16 -0
  76. package/template/docs/engineering/component-scope.md +19 -0
  77. package/template/docs/engineering/context/installer-owned-paths.manifest +96 -0
  78. package/template/docs/engineering/context/readme-section-affinity.json +30 -0
  79. package/template/docs/engineering/decisions.md +16 -0
  80. package/template/docs/engineering/legacy-drift-audit.md +21 -0
  81. package/template/docs/engineering/manifests/components/api-gateway.manifest.yaml +12 -0
  82. package/template/docs/engineering/manifests/registry.manifest.yaml +20 -0
  83. package/template/docs/engineering/manifests/repo.manifest.yaml +11 -0
  84. package/template/docs/engineering/phase-context.md +16 -0
  85. package/template/docs/engineering/release-targets.json +123 -0
  86. package/template/docs/engineering/research.md +29 -0
  87. package/template/docs/engineering/runbook.md +2320 -0
  88. package/template/docs/engineering/runtime-connectivity.md +81 -0
  89. package/template/docs/engineering/security-review.md +33 -0
  90. package/template/docs/engineering/spec-pack/README.md +20 -0
  91. package/template/docs/engineering/state-archive/README.md +15 -0
  92. package/template/docs/engineering/state.md +20 -0
  93. package/template/docs/engineering/status-normalization-report.md +19 -0
  94. package/template/docs/engineering/token-cost-parity-manifest.md +16 -0
  95. package/template/docs/engineering/us-0084-remote-e2e.md +44 -0
  96. package/template/docs/product/acceptance.md +1 -0
  97. package/template/docs/product/backlog.md +5 -0
  98. package/template/docs/product/vision.md +11 -0
  99. package/template/docs/user-guides/README.md +40 -0
  100. package/{handoffs → template/handoffs}/dev_to_qa.md +0 -3
  101. package/{handoffs → template/handoffs}/po_to_tl.md +0 -3
  102. package/{handoffs → template/handoffs}/qa_to_dev.md +1 -2
  103. package/template/handoffs/release_notes.md +51 -0
  104. package/template/handoffs/release_queue.md +47 -0
  105. package/template/handoffs/release_to_dev.md +31 -0
  106. package/template/handoffs/releases/Sxxxx-release-notes.md +62 -0
  107. package/template/handoffs/resume_brief.md +14 -0
  108. package/{handoffs → template/handoffs}/tl_to_dev.md +0 -2
  109. package/template/handoffs/token_cost_runs/README.md +26 -0
  110. package/template/its_magic/.its-magic-version +1 -0
  111. package/template/its_magic/README.md +9 -0
  112. package/template/scripts/auto_outer_driver.py +521 -0
  113. package/template/scripts/caveman_compress_input.py +903 -0
  114. package/template/scripts/check_downstream_ci_guard.py +67 -0
  115. package/template/scripts/check_intake_template_parity.py +284 -0
  116. package/template/scripts/check_token_cost_parity.py +69 -0
  117. package/template/scripts/dev_environment_lib.py +463 -0
  118. package/template/scripts/doc_profile_lib.py +415 -0
  119. package/template/scripts/downstream_ci_guard_lib.py +222 -0
  120. package/template/scripts/enforce-triad-hot-surface.py +753 -0
  121. package/template/scripts/guard_installer_publish.py +88 -0
  122. package/template/scripts/intake_bug_resume_brief_refresh.py +303 -0
  123. package/template/scripts/intake_bug_routing_guard.py +67 -0
  124. package/template/scripts/intake_evidence_lib.py +802 -0
  125. package/template/scripts/intake_evidence_validate.py +73 -0
  126. package/template/scripts/materialize_codebase_map.py +184 -0
  127. package/template/scripts/pack_json_validate.py +130 -0
  128. package/template/scripts/project_readme_coverage_lib.py +417 -0
  129. package/template/scripts/readme_feature_coverage_lib.py +608 -0
  130. package/template/scripts/remote_config_summary.py +243 -0
  131. package/template/scripts/sync_push_gates.py +198 -0
  132. package/template/scripts/token_cost_compare.py +40 -0
  133. package/template/scripts/token_cost_lib.py +108 -0
  134. package/template/scripts/uat_probe_lib.py +868 -0
  135. package/template/scripts/validate-and-push.ps1 +280 -0
  136. package/template/scripts/validate-and-push.sh +243 -0
  137. package/template/scripts/validate_doc_profile.py +103 -0
  138. package/template/scripts/validate_project_readme_coverage.py +151 -0
  139. package/template/scripts/validate_readme_feature_coverage.py +140 -0
  140. package/template/sprints/S0001/progress.md +1 -0
  141. package/template/sprints/S0001/qa-findings.md +9 -0
  142. package/template/sprints/S0001/release-findings.md +24 -0
  143. package/template/sprints/S0001/sprint.md +9 -0
  144. package/template/sprints/S0001/summary.md +7 -0
  145. package/template/sprints/S0001/tasks.md +1 -0
  146. package/template/sprints/S0001/uat.json +6 -0
  147. package/template/sprints/S0001/uat.md +5 -0
  148. package/template/sprints/quick/Q0001/summary.md +1 -0
  149. package/{sprints → template/sprints}/quick/Q0001/task.json +0 -1
  150. package/.cursor/agents/curator.mdc +0 -21
  151. package/.cursor/agents/dev.mdc +0 -20
  152. package/.cursor/agents/po.mdc +0 -19
  153. package/.cursor/agents/qa.mdc +0 -19
  154. package/.cursor/agents/release.mdc +0 -19
  155. package/.cursor/agents/tech-lead.mdc +0 -21
  156. package/.cursor/commands/gsd-architecture.md +0 -29
  157. package/.cursor/commands/gsd-auto.md +0 -27
  158. package/.cursor/commands/gsd-discovery.md +0 -27
  159. package/.cursor/commands/gsd-execute.md +0 -32
  160. package/.cursor/commands/gsd-intake.md +0 -28
  161. package/.cursor/commands/gsd-map-codebase.md +0 -25
  162. package/.cursor/commands/gsd-milestone-complete.md +0 -24
  163. package/.cursor/commands/gsd-milestone-start.md +0 -26
  164. package/.cursor/commands/gsd-pause.md +0 -25
  165. package/.cursor/commands/gsd-plan-verify.md +0 -26
  166. package/.cursor/commands/gsd-qa.md +0 -28
  167. package/.cursor/commands/gsd-quick.md +0 -24
  168. package/.cursor/commands/gsd-refresh-context.md +0 -26
  169. package/.cursor/commands/gsd-release.md +0 -29
  170. package/.cursor/commands/gsd-research.md +0 -28
  171. package/.cursor/commands/gsd-resume.md +0 -26
  172. package/.cursor/commands/gsd-sprint-plan.md +0 -30
  173. package/.cursor/commands/gsd-verify-work.md +0 -25
  174. package/.cursor/hooks.json +0 -26
  175. package/.cursor/plans/cursor-gsd-team-kit_8cfee9b8.plan.md +0 -57
  176. package/.cursor/remote.json +0 -18
  177. package/.cursor/rules/gsd-core.mdc +0 -18
  178. package/.cursor/rules/gsd-handoffs.mdc +0 -10
  179. package/.cursor/rules/gsd-quality.mdc +0 -15
  180. package/.cursor/scratchpad.md +0 -34
  181. package/.github/workflows/ci.yml +0 -47
  182. package/decisions/DEC-0001.md +0 -21
  183. package/decisions/DEC-0002.md +0 -21
  184. package/docs/engineering/architecture.md +0 -354
  185. package/docs/engineering/decisions.md +0 -6
  186. package/docs/engineering/research.md +0 -11
  187. package/docs/engineering/runbook.md +0 -32
  188. package/docs/engineering/state.md +0 -33
  189. package/docs/product/acceptance.md +0 -6
  190. package/docs/product/backlog.md +0 -7
  191. package/docs/product/vision.md +0 -46
  192. package/gsd-installer.ps1 +0 -189
  193. package/gsd-installer.py +0 -195
  194. package/gsd-installer.sh +0 -201
  195. package/handoffs/release_notes.md +0 -14
  196. package/handoffs/resume_brief.md +0 -8
  197. package/milestones/M0001/milestone.json +0 -7
  198. package/milestones/M0001/phases.json +0 -9
  199. package/milestones/M0001/progress.md +0 -3
  200. package/milestones/M0001/summary.md +0 -3
  201. package/scripts/generate-release-notes.ps1 +0 -74
  202. package/scripts/generate-release-notes.sh +0 -63
  203. package/scripts/release-all.ps1 +0 -423
  204. package/scripts/release-all.sh +0 -226
  205. package/sprints/S0001/progress.md +0 -4
  206. package/sprints/S0001/qa-findings.md +0 -113
  207. package/sprints/S0001/sprint.md +0 -70
  208. package/sprints/S0001/summary.md +0 -46
  209. package/sprints/S0001/tasks.md +0 -35
  210. package/sprints/S0001/uat.json +0 -8
  211. package/sprints/S0001/uat.md +0 -8
  212. package/sprints/quick/Q0001/summary.md +0 -3
  213. /package/{.cursor/rules/gsd-escalation.mdc → template/.cursor/rules/escalation.mdc} +0 -0
  214. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/acceptance.json +0 -0
  215. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/acceptance.md +0 -0
  216. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/architecture.json +0 -0
  217. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/architecture.md +0 -0
  218. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/decision.json +0 -0
  219. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/decision.md +0 -0
  220. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/handoff.json +0 -0
  221. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/handoff.md +0 -0
  222. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/milestone.json +0 -0
  223. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/phase-context.json +0 -0
  224. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/plan-verify.json +0 -0
  225. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/sprint.json +0 -0
  226. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/sprint.md +0 -0
  227. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/story.json +0 -0
  228. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/story.md +0 -0
  229. /package/{.cursor/skills/gsd-team → template/.cursor/skills/its-magic}/templates/uat.json +0 -0
  230. /package/{docs → template/docs}/engineering/context/phase-template.json +0 -0
  231. /package/{docs → template/docs}/engineering/dependencies.json +0 -0
  232. /package/{sprints → template/sprints}/S0001/plan-verify.json +0 -0
@@ -0,0 +1,81 @@
1
+ ---
2
+ description: "its-magic security-review: optional security and compliance review."
3
+ ---
4
+
5
+ # /security-review
6
+
7
+ ## Subagents
8
+ - security
9
+
10
+ ## Execution model
11
+ - Run `/security-review` in a fresh Security subagent context.
12
+ - This command is guidance-driven review, not a static analysis certification.
13
+ - After writing outputs, stop and continue the next workflow phase in a new
14
+ subagent/chat.
15
+
16
+ ## Inputs
17
+
18
+ - **Narrow-read (US-0053 / US-0096 Tranche A)**: Start at docs/engineering/phase-context.md
19
+ and the story section anchor in vision/architecture/decisions when a heading exists; forbid
20
+ full-file reads when a section heading exists.
21
+ - `SECURITY_REVIEW` and `COMPLIANCE_PROFILES` from `.cursor/scratchpad.md`
22
+ - `docs/engineering/architecture.md`
23
+ - `docs/engineering/decisions.md`
24
+ - `docs/engineering/state.md`
25
+ - Sprint tasks and implementation artifacts in code review mode
26
+ - `handoffs/dev_to_qa.md` in code review mode (when available)
27
+
28
+ ## Outputs (artifacts)
29
+ - `docs/engineering/security-review.md`
30
+ - `decisions/DEC-xxxx.md` (critical findings only)
31
+ - `docs/engineering/state.md`
32
+ - `handoffs/qa_to_dev.md` (when code review finds blocking issues)
33
+
34
+ ## Modes
35
+ - `design`: run after `/architecture`; focuses on architecture and control design.
36
+ - `code`: run after `/execute`; focuses on implementation-level risk patterns.
37
+
38
+ ## Review scopes
39
+ - Design review scope:
40
+ - architecture decisions and trust boundaries
41
+ - data flow/storage and sensitive-data handling
42
+ - authentication/authorization design
43
+ - third-party dependency and integration risk
44
+ - profile-specific requirements when configured
45
+ - Code review scope:
46
+ - secrets/credentials exposure in code or config
47
+ - injection classes (SQL, XSS, command) and unsafe input handling
48
+ - authentication/authorization implementation gaps
49
+ - validation/sanitization/output encoding patterns
50
+ - profile-specific implementation requirements when configured
51
+
52
+ ## Stop conditions
53
+ - `SECURITY_REVIEW=0` in scratchpad (exit immediately; no overhead)
54
+ - Critical unresolved finding that triggers a decision gate
55
+ - Missing mandatory review inputs for selected mode
56
+
57
+ ## Steps
58
+ 1. Read `SECURITY_REVIEW` and `COMPLIANCE_PROFILES` from `.cursor/scratchpad.md`.
59
+ 2. If `SECURITY_REVIEW=0`, exit with: "Security review is disabled."
60
+ 3. Determine review mode:
61
+ - explicit user-provided mode, or
62
+ - infer `design` post-architecture, `code` post-execute.
63
+ 4. Load inputs for the selected mode from artifacts and handoffs.
64
+ 5. Load compliance profile checklists:
65
+ - if `COMPLIANCE_PROFILES` is set, apply selected profiles (for example GDPR),
66
+ - if empty, apply general security best-practice baseline only.
67
+ 6. Evaluate findings against mode-specific criteria, profile guidance, and
68
+ severity taxonomy (`critical`, `high`, `medium`, `low`).
69
+ 7. Write findings to `docs/engineering/security-review.md` with:
70
+ severity, component, description, risk, remediation, and status.
71
+ 8. For each `critical` finding, enforce escalation:
72
+ - Create `decisions/DEC-xxxx.md` documenting vulnerability details, affected
73
+ components, risk assessment, and remediation options.
74
+ - Mark the finding as `blocking` in `docs/engineering/security-review.md`.
75
+ - Trigger a decision gate and pause phase progression until resolved/accepted.
76
+ - Resolve only through one of these documented outcomes:
77
+ 1) fix now,
78
+ 2) accept risk with rationale,
79
+ 3) defer with mitigation plan and owner/timeline.
80
+ 9. Update `docs/engineering/state.md` with review mode, profile set, summary
81
+ counts by severity, and whether a decision gate is active.
@@ -0,0 +1,103 @@
1
+ ---
2
+ description: "its-magic sprint plan: create sprint and atomic tasks."
3
+ ---
4
+
5
+ # /sprint-plan
6
+
7
+ ## Subagents
8
+ - tech-lead
9
+
10
+ ## Execution model
11
+ - Run `/sprint-plan` in a fresh Tech Lead subagent context.
12
+ - After writing outputs, stop and hand off to `/plan-verify` in a new
13
+ subagent/chat.
14
+
15
+ ## Inputs
16
+
17
+ - **Narrow-read (US-0053 / US-0096 Tranche A)**: Start at docs/engineering/phase-context.md
18
+ and the story section anchor in vision/architecture/decisions when a heading exists; forbid
19
+ full-file reads when a section heading exists.
20
+ - Architecture and decisions
21
+ - Current backlog priorities
22
+ - `.cursor/scratchpad.md` — read SPRINT_MAX_TASKS and SPRINT_AUTO_SPLIT
23
+ - Optional explicit argument: `--bulk` (US-0046)
24
+
25
+ ## Optional bulk mode (US-0046 / DEC-0023)
26
+
27
+ `/sprint-plan` supports an explicit bulk planning mode. Default behavior remains
28
+ single-scope unless bulk mode is explicitly requested.
29
+
30
+ Bulk trigger:
31
+ - `--bulk` argument enables deterministic multi-story planning.
32
+
33
+ Bulk policy controls from `.cursor/scratchpad.md`:
34
+ - `SPRINT_BULK_MAX_STORIES`: integer `>=1` (max candidate stories per run)
35
+ - `SPRINT_BULK_MAX_SPRINTS`: integer `>=1` (max generated sprints per run)
36
+ - `SPRINT_BULK_SELECTION`: `priority_then_backlog_order` (default)
37
+
38
+ Bulk behavior when enabled:
39
+ - Select eligible OPEN stories deterministically via `SPRINT_BULK_SELECTION`.
40
+ - Generate one or more sprints until a bound is reached or no eligible stories remain.
41
+ - Preserve sizing controls for each generated sprint (`SPRINT_MAX_TASKS`,
42
+ `SPRINT_AUTO_SPLIT`).
43
+ - Emit deterministic stop reason when bounded:
44
+ - `SPRINT_BULK_MAX_STORIES_REACHED`
45
+ - `SPRINT_BULK_MAX_SPRINTS_REACHED`
46
+ - `SPRINT_BULK_NO_ELIGIBLE_STORIES`
47
+ - `SPRINT_BULK_MISSING_ACCEPTANCE`
48
+
49
+ Default-safe behavior:
50
+ - Without `--bulk`, keep existing non-bulk planning semantics.
51
+
52
+ ## Planning source clarification (US-0045)
53
+
54
+ - Planning source of truth for story status is `docs/product/backlog.md`.
55
+ - For multiple OPEN stories, non-bulk `/sprint-plan` selects one bounded scope
56
+ by current policy and sizing limits (`SPRINT_MAX_TASKS`, `SPRINT_AUTO_SPLIT`).
57
+ - Use `/sprint-plan --bulk` for explicit multi-story planning within bounded
58
+ controls; do not infer additional eligibility from non-canonical status views.
59
+
60
+ ## Outputs (artifacts)
61
+ - `sprints/Sxxxx/sprint.md`
62
+ - `sprints/Sxxxx/tasks.md`
63
+ - `sprints/Sxxxx/progress.md`
64
+ - `handoffs/tl_to_dev.md`
65
+ - `sprints/Sxxxx/plan-verify.json` (after /plan-verify)
66
+
67
+ ## Stop conditions
68
+ - Missing acceptance criteria
69
+ - Decision gate triggered
70
+ - Task count exceeds SPRINT_MAX_TASKS and SPRINT_AUTO_SPLIT=1 — propose splitting before proceeding
71
+ - Bulk limits reached when `--bulk` is enabled (`SPRINT_BULK_MAX_*`)
72
+
73
+ ## Steps
74
+ 1. Evaluate scope:
75
+ - Non-bulk mode: count expected tasks for current planning scope.
76
+ - Bulk mode (`--bulk`): select candidate stories deterministically
77
+ (`SPRINT_BULK_SELECTION`) up to `SPRINT_BULK_MAX_STORIES`.
78
+ Read `SPRINT_MAX_TASKS` from scratchpad (default: 12). If tasks exceed threshold
79
+ and `SPRINT_AUTO_SPLIT=1`, propose deterministic splitting into multiple sprints
80
+ or milestones. If the work is too small for a sprint, suggest `/quick` instead.
81
+ 2. Milestone activation check (DEC-0009): if this sprint belongs to a milestone, check whether this is the first sprint under that milestone. If so, transition the milestone from **created** to **active** state. Before activation, verify that `milestone.json` has real (non-placeholder) values for `name`, `goal`, and `scope`. If any are still draft/empty, populate them before proceeding. Update `phases.json` to reflect actual planned phases.
82
+ 3. For each sprint generated in this run (one in non-bulk mode, one or more in
83
+ bulk mode):
84
+ - Create sprint scope and goals.
85
+ - Break work into atomic tasks.
86
+ - Optional component-scoped planning (US-0035):
87
+ - If `COMPONENT_SCOPE_MODE=0`, add zero required scope metadata.
88
+ - If `COMPONENT_SCOPE_MODE=1`, every task must declare:
89
+ - `target_component_ids`
90
+ - `expected_impacted_interfaces`
91
+ - Update traceability index in `docs/engineering/state.md`: add/update one row
92
+ per story assigned to this sprint using DEC-0010
93
+ (`Story | Sprint | Tasks | Status | Evidence`). Set Status=`PLANNED`, leave
94
+ Evidence empty.
95
+ - Create UAT placeholder files per DEC-0009 lifecycle (placeholder state). For
96
+ `uat.json`: set sprint ID and empty steps array. For `uat.md`: list target
97
+ stories and acceptance criteria (no results yet).
98
+ - Optional user-guide (US-0032): If `USER_GUIDE_MODE=0`, add no required
99
+ user-guide tasks or blocking checks. If `USER_GUIDE_MODE=1`, include tasks
100
+ for creating/updating `docs/user-guides/US-xxxx.md` per in-scope feature story.
101
+ 4. Write TL -> Dev handoff for generated sprint set.
102
+ 5. Run `/plan-verify` to check coverage for generated sprint plan(s).
103
+
@@ -0,0 +1,95 @@
1
+ ---
2
+ description: "its-magic status-reconcile: deterministic status normalization and resume readiness."
3
+ ---
4
+
5
+ # /status-reconcile
6
+
7
+ ## Subagents
8
+ - curator
9
+ - tech-lead
10
+
11
+ ## Execution model
12
+ - Run `/status-reconcile` in a fresh subagent context.
13
+ - This command performs bounded deterministic reconciliation writes.
14
+ - Reconciliation scope is workflow artifacts only (status surfaces + resume metadata).
15
+ - After writing outputs, stop and recommend next phase.
16
+
17
+ ## Inputs
18
+
19
+ - **Narrow-read (US-0053 / US-0096 Tranche A)**: Start at docs/engineering/phase-context.md
20
+ and the story section anchor in vision/architecture/decisions when a heading exists; forbid
21
+ full-file reads when a section heading exists.
22
+ - `docs/product/backlog.md` (canonical status source)
23
+ - `docs/product/acceptance.md` (derived checklist surface)
24
+ - `docs/engineering/state.md` (traceability + checkpoints)
25
+ - `handoffs/resume_brief.md` (continuation intent)
26
+ - `handoffs/release_queue.md` (release evidence context)
27
+ - `handoffs/releases/Sxxxx-release-notes.md` (target evidence when needed)
28
+ - `docs/engineering/status-normalization-report.md` (normalization audit log)
29
+
30
+ ## Outputs (artifacts)
31
+ - `docs/product/backlog.md` (target-scoped AC/status normalization when needed)
32
+ - `docs/product/acceptance.md` (derived checklist reconciliation)
33
+ - `handoffs/resume_brief.md` (next OPEN story + intended phase)
34
+ - `docs/engineering/status-normalization-report.md` (audit rows)
35
+ - `docs/engineering/state.md` (reconciliation checkpoint and evidence refs)
36
+
37
+ ## Stop conditions
38
+ - Canonical conflict requires decision gate
39
+ - Missing critical artifacts
40
+ - Ambiguous next OPEN story / phase resolution
41
+
42
+ ## Canonical precedence (US-0045 / DEC-0025)
43
+ - Story status authority is `docs/product/backlog.md` only (including **`BUG-####`** under **`## Bug issues (canonical)`** per **DEC-0061** / **US-0079**).
44
+ - `docs/product/acceptance.md` and `docs/engineering/state.md` are derived views.
45
+ - Reconciliation must not infer canonical story status from derived artifacts.
46
+ - Bug portfolio drift vs **`## Bug acceptance (canonical)`** is machine-checkable: **`python scripts/bug_issue_validate.py --backlog docs/product/backlog.md --check-acceptance`** (**`BUG_RECONCILE_ACCEPTANCE_*`** codes).
47
+
48
+ ## Deterministic detection matrix
49
+ 1. Backlog story `Status: DONE` with unchecked AC checkboxes.
50
+ 2. Acceptance row state mismatched vs canonical backlog status.
51
+ 3. Resume intent (`next story`, `intended phase`) mismatched vs canonical OPEN backlog.
52
+ 4. Canonical/release evidence contradiction for target story (fail-closed path).
53
+
54
+ ## Reason codes (deterministic)
55
+ - `STATUS_RECONCILE_APPLIED`
56
+ - `STATUS_RECONCILE_NOOP`
57
+ - `STATUS_RECONCILE_MISSING_INPUT`
58
+ - `STATUS_RECONCILE_CANONICAL_CONFLICT`
59
+ - `STATUS_RECONCILE_PHASE_AMBIGUOUS`
60
+ - `STATUS_RECONCILE_EVIDENCE_MISSING`
61
+
62
+ ## Steps
63
+ 1. Read canonical and derived status artifacts.
64
+ 2. Build mismatch set using deterministic detection matrix.
65
+ 3. If no mismatches: write no-op report row + state checkpoint (`STATUS_RECONCILE_NOOP`) and stop.
66
+ 4. For each mismatched story (target-scoped only):
67
+ - If canonical status is `DONE`, normalize backlog AC checkboxes to checked state.
68
+ - Reconcile matching `docs/product/acceptance.md` row to checked state.
69
+ 5. Recompute next OPEN story by backlog priority/order:
70
+ - if exists, update `handoffs/resume_brief.md` to that story and intended phase `discovery`,
71
+ - if none exist, set intended phase `intake`.
72
+ 6. Write normalization evidence row(s) to `docs/engineering/status-normalization-report.md`:
73
+ - story id, prior values, resolved values, reason code, evidence refs, timestamp.
74
+ 7. Append reconciliation checkpoint to `docs/engineering/state.md` with:
75
+ - `phase_id=status-reconcile`
76
+ - `role=curator`
77
+ - `fresh_context_marker`
78
+ - `timestamp`
79
+ - `evidence_ref`
80
+ 8. On conflict paths (canonical/release contradiction, ambiguous phase, missing evidence):
81
+ - fail closed with deterministic reason code,
82
+ - write remediation guidance,
83
+ - avoid partial mutation.
84
+
85
+ ## Deterministic artifact ordering contract (US-0058 / DEC-0040)
86
+
87
+ - Reconciliation writes must follow
88
+ `docs/engineering/artifact-ordering-policy.md`.
89
+ - `docs/product/backlog.md` and `docs/product/acceptance.md` updates are
90
+ target-scoped and preserve sorted-canonical story order.
91
+ - `docs/engineering/state.md` reconciliation checkpoints are append-bottom only.
92
+ - `handoffs/resume_brief.md` updates are prepend-top in current-status section
93
+ without rewriting unrelated blocks.
94
+ - Missing or ambiguous anchors must fail with
95
+ `ARTIFACT_ORDERING_ANCHOR_AMBIGUOUS` and no partial mutation.
@@ -0,0 +1,152 @@
1
+ ---
2
+ description: "its-magic verify work: guided user acceptance testing."
3
+ ---
4
+
5
+ # /verify-work
6
+
7
+ ## Subagents
8
+ - qa
9
+
10
+ ## Execution model
11
+ - Run `/verify-work` in a fresh QA subagent context.
12
+ - After writing outputs, stop and hand off to `/release` (or back to `/execute`
13
+ if failures require fixes) in a new subagent/chat.
14
+
15
+ ## Isolation evidence write requirement (US-0048 / DEC-0029)
16
+
17
+ At the end of `/verify-work`, append an isolation evidence entry to
18
+ `docs/engineering/state.md`:
19
+
20
+ - `phase_id=verify-work`
21
+ - `role=qa`
22
+ - `fresh_context_marker=<new marker for this subagent>`
23
+ - `timestamp=<ISO UTC>`
24
+ - `evidence_ref=<primary output ref>` (recommended: `sprints/Sxxxx/uat.json` and `sprints/Sxxxx/uat.md`)
25
+
26
+ ## Inputs
27
+
28
+ - **Narrow-read (US-0053 / US-0096 Tranche A)**: Start at docs/engineering/phase-context.md
29
+ and the story section anchor in vision/architecture/decisions when a heading exists; forbid
30
+ full-file reads when a section heading exists.
31
+ - `docs/product/acceptance.md`
32
+ - `sprints/S0001/summary.md`
33
+
34
+ ## Outputs (artifacts)
35
+ - `sprints/S0001/uat.json`
36
+ - `sprints/S0001/uat.md`
37
+ - `docs/engineering/state.md`
38
+
39
+ ## Stop conditions
40
+ - Decision gate triggered
41
+
42
+ ## UAT lifecycle rules (DEC-0009)
43
+
44
+ UAT artifacts transition from **placeholder** (created during `/sprint-plan`) to
45
+ **populated** (filled during `/verify-work`) to **verified** (confirmed during
46
+ `/release`). QA owns the placeholder → populated transition.
47
+
48
+ ### Minimum UAT content before sprint completion
49
+ - `uat.json`: `steps` array is non-empty. Each step has a `description` and
50
+ `result` (`pass` or `fail`). `passed` + `failed` = total steps count.
51
+ - `uat.md`: every UAT step is listed with its result. A results summary appears
52
+ at the bottom linking back to story acceptance criteria.
53
+ - A sprint **cannot** be marked complete while UAT artifacts remain in
54
+ placeholder state.
55
+
56
+ ## Isolation compliance gate (US-0048 / DEC-0029)
57
+
58
+ Before handing off to `/release`, verify isolation evidence is present and valid
59
+ in `docs/engineering/state.md` for the target sprint lifecycle (at minimum:
60
+ `execute`, `qa`, and `verify-work`).
61
+
62
+ Fail-closed behavior (no continuation):
63
+
64
+ - Missing evidence: `PHASE_CONTEXT_ISOLATION_MISSING`
65
+ - Invalid schema/fields: `ISOLATION_EVIDENCE_INVALID`
66
+ - Stale evidence (reused marker / pre-resume evidence): `ISOLATION_EVIDENCE_STALE`
67
+ - Orchestrator/phase executed without fresh subagent: `PHASE_CONTEXT_ISOLATION_VIOLATION`
68
+
69
+ Remediation: re-run the missing/invalid phase(s) in fresh subagent contexts and
70
+ write new isolation evidence, then rerun `/verify-work` before proceeding to
71
+ `/release`.
72
+
73
+ ## Strict runtime proof gate (US-0056 / DEC-0038)
74
+
75
+ Before handing off to `/release`, verify strict runtime proof tuples are present
76
+ and valid for the target lifecycle phases (`execute`, `qa`, `verify-work`).
77
+
78
+ Fail-closed behavior (no continuation):
79
+
80
+ - Missing runtime proof tuple: `RUNTIME_PROOF_MISSING`
81
+ - Invalid tuple shape/hash/linkage: `RUNTIME_PROOF_INVALID`
82
+ - Reused `runtime_proof_id`: `RUNTIME_PROOF_REUSED`
83
+ - Expired proof TTL/stale proof: `RUNTIME_PROOF_STALE`
84
+ - Ambiguous proof-to-checkpoint mapping: `RUNTIME_PROOF_AMBIGUOUS_LINK`
85
+
86
+ Remediation: rerun affected phase(s) in fresh subagent contexts and write new
87
+ strict-proof tuples linked to checkpoint evidence.
88
+
89
+ ## Generated-test readiness evidence gate (US-0066 / DEC-0048)
90
+
91
+ Before handing off to `/release`, verify generated-test evidence is present and
92
+ traceable for generated-project scope:
93
+
94
+ - `sprints/Sxxxx/summary.md` must include generated baseline test scope/evidence refs.
95
+ - `sprints/Sxxxx/qa-findings.md` must include generated-test auto-run evidence
96
+ (`command`, `result`, `output ref`, `paths ref`, reason code when failing).
97
+ - If generated-test evidence is missing/ambiguous, fail closed with
98
+ `TEST_SCAFFOLD_GENERATION_FAILED` and require `/execute` or `/qa` rerun with
99
+ deterministic evidence capture.
100
+
101
+ ## Self-verify UAT probes (US-0092 / DEC-0078)
102
+
103
+ When stack profile resolves, derive UAT steps from acceptance and execute probes via
104
+ the shared resolver **`scripts/uat_probe_lib.py`** (active + `template/scripts/` mirror).
105
+ Record evidence in **`sprints/Sxxxx/uat.json`** `probe_results[]` and
106
+ **`sprints/Sxxxx/qa-findings.md`** (path refs for stdout/stderr — no inline secrets).
107
+ **No silent PASS** — unresolvable steps must record fail-closed reason codes:
108
+
109
+ `UAT_PROBE_UNRESOLVED`, `UAT_STACK_PROFILE_UNKNOWN`, `UAT_PROBE_TIMEOUT`,
110
+ `UAT_PROBE_FAILED`, `UAT_PROBE_FORBIDDEN`, `UAT_PROBE_PASS`,
111
+ `UAT_BROWSER_UNAVAILABLE`, `UAT_BROWSER_PROBE_FAILED`, `UAT_BROWSER_PROBE_TIMEOUT`.
112
+
113
+ Probe catalog: **`build`**, **`test`**, **`api_health`**, **`process_health`**,
114
+ **`browser_smoke`**, **`cli_smoke`**, **`manual_operator`**. CLI:
115
+ `python scripts/uat_probe_lib.py --repo . --step "<acceptance step>" --report`.
116
+
117
+ ### Browser UAT self-test (US-0093)
118
+
119
+ When **`UAT_BROWSER_PROBE_MODE=cursor`** (default) and step classifies as **`browser_smoke`**
120
+ (or automatable **`manual_operator`** reclassified per **DEC-0079** §4), execute the **Cursor
121
+ browser MCP** sequence — **lib never calls MCP directly** (**BUG-0006**):
122
+
123
+ 1. **Resolve target URL** — `docs/engineering/runtime-connectivity.md` first `http(s)://`; else
124
+ dev-server port from `package.json` + scratchpad **`DEV_SERVER_PORT`**.
125
+ 2. **`browser_navigate`** — load health/app URL; respect enterprise origin allowlist.
126
+ 3. **Step plan** — map acceptance verbs to **`browser_click`** / **`browser_type`** /
127
+ **`browser_scroll`** when automatable; **never** fill password/credential fields or read **`.env`**.
128
+ 4. **`browser_screenshot`** — write to **`sprints/Sxxxx/evidence/browser/<probe_id>-<seq>.png`**
129
+ (max **5** per probe).
130
+ 5. **Console + network evidence** — counts + summary path refs only (no inline secrets).
131
+ 6. **Verdict** — set **`passed`**, **`reason_code`**, **`browser_evidence_refs`** in
132
+ **`uat.json`** `probe_results[]`; **`passed=true`** in **`cursor`** mode **requires** non-empty
133
+ **`navigation_url`** + at least one screenshot or console/network summary path — else
134
+ **`UAT_BROWSER_PROBE_FAILED`**. Mirror under **`qa-findings.md`** **Runtime browser evidence**.
135
+ 7. **Fallback** — MCP unavailable → record **`UAT_BROWSER_UNAVAILABLE`**, run stdlib fallback when
136
+ **`UAT_BROWSER_FALLBACK_CHAIN=1`**; validate via
137
+ **`python scripts/uat_probe_lib.py --merge-result <fragment.json>`**.
138
+
139
+ **No silent PASS** — stdlib alone does **not** PASS **`browser_smoke`** in **`cursor`** mode
140
+ without agent **`browser_evidence_refs`**. Security: no auto-read **`.env`**, no credential
141
+ auto-fill, no intake evidence mutation — **`UAT_PROBE_FORBIDDEN`** unchanged.
142
+
143
+ ## Steps
144
+ 1. Convert acceptance criteria into testable UAT steps. Derive steps directly from the story's acceptance criteria in `docs/product/acceptance.md`. Each AC should map to at least one UAT step. Run **`scripts/uat_probe_lib.py`** for each step where automation applies; record `probe_results[]` in **`uat.json`**.
145
+ 2. Populate UAT artifacts: write derived steps into `uat.json` (with description and result per step, accurate pass/fail counts) and `uat.md` (step list with results, summary section). Ensure UAT artifacts are in **populated** state per DEC-0009 — not placeholder.
146
+ 3. Record results and failures.
147
+ 4. Update state with pass/fail summary.
148
+ 5. Run the isolation compliance gate (above). If it fails, stop and hand off for remediation.
149
+ 6. Update traceability index in `docs/engineering/state.md`: for each story verified in this sprint, set Status to `PASS` or `FAIL` and fill the Evidence column with artifact references (e.g., `S0001/uat.json`, `S0001/summary.md`). Use the DEC-0010 format.
150
+ 7. Pre-handoff traceability check: confirm no OPEN or DONE story in the current sprint lacks a traceability index entry. If a gap is found, add the missing row before proceeding with the handoff.
151
+ 8. If `AUTO_IMPLEMENTATION_LOOP=1` and UAT fails, write a handoff to dev/QA and
152
+ continue the fix loop within `AUTO_LOOP_MAX_CYCLES`.
@@ -0,0 +1,22 @@
1
+ {
2
+ "schema_version": 1,
3
+ "detected_mode": "docker-host-local",
4
+ "operator_seeded": true,
5
+ "last_updated": "2026-06-14T00:00:00Z",
6
+ "compose_file": "docker-compose.yml",
7
+ "service": "app",
8
+ "target_id": "",
9
+ "connect": {
10
+ "endpoint": "http://localhost:3000",
11
+ "health_path": "/health",
12
+ "hostEnv": "DEV_HOST",
13
+ "portEnv": "DEV_PORT",
14
+ "protocolEnv": "DEV_PROTOCOL"
15
+ },
16
+ "rebuild_recipe": {
17
+ "default_tier": "B",
18
+ "restart_on_source_change": false
19
+ },
20
+ "env_refs": ["DEV_HOST", "DEV_PORT", "DEV_PROTOCOL"],
21
+ "evidence_refs": ["sprints/S0088/summary.md"]
22
+ }
@@ -1,4 +1,4 @@
1
- # GSD hooks
1
+ # its-magic hooks
2
2
 
3
3
  This folder contains a minimal hook dispatcher for Cursor.
4
4
 
@@ -9,5 +9,6 @@ Events handled:
9
9
  - afterFileEdit: tracks code edits vs context refresh
10
10
  - stop: optional reminder to refresh context
11
11
 
12
- Behavior is controlled via `.cursor/scratchpad.md`.
12
+ Behavior is controlled via `.cursor/scratchpad.md` with optional local overrides
13
+ from `.cursor/scratchpad.local.md`.
13
14
 
@@ -6,14 +6,15 @@ from datetime import datetime
6
6
 
7
7
  ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", ".."))
8
8
  SCRATCHPAD = os.path.join(ROOT, ".cursor", "scratchpad.md")
9
- STATE_FILE = os.path.join(ROOT, ".cursor", "hooks", "gsd-hook-state.json")
10
- BENCH_LOG = os.path.join(ROOT, ".cursor", "hooks", "gsd-bench-log.jsonl")
9
+ SCRATCHPAD_LOCAL = os.path.join(ROOT, ".cursor", "scratchpad.local.md")
10
+ STATE_FILE = os.path.join(ROOT, ".cursor", "hooks", "hook-state.json")
11
+ BENCH_LOG = os.path.join(ROOT, ".cursor", "hooks", "bench-log.jsonl")
11
12
 
12
13
 
13
- def read_scratchpad():
14
+ def read_kv_file(path):
14
15
  flags = {}
15
16
  try:
16
- with open(SCRATCHPAD, "r", encoding="utf-8") as f:
17
+ with open(path, "r", encoding="utf-8") as f:
17
18
  for line in f:
18
19
  line = line.strip()
19
20
  if not line or line.startswith("#"):
@@ -26,6 +27,14 @@ def read_scratchpad():
26
27
  return flags
27
28
 
28
29
 
30
+ def read_scratchpad():
31
+ flags = read_kv_file(SCRATCHPAD)
32
+ # Local overrides are optional and intentionally gitignored.
33
+ local = read_kv_file(SCRATCHPAD_LOCAL)
34
+ flags.update(local)
35
+ return flags
36
+
37
+
29
38
  def load_state():
30
39
  try:
31
40
  with open(STATE_FILE, "r", encoding="utf-8") as f:
@@ -47,7 +56,7 @@ def save_state(state):
47
56
 
48
57
 
49
58
  def bench_session(flags):
50
- session = flags.get("GSD_BENCH_SESSION", "").strip()
59
+ session = flags.get("MAGIC_BENCH_SESSION", "").strip()
51
60
  return session if session else None
52
61
 
53
62
 
@@ -179,7 +188,7 @@ def main():
179
188
 
180
189
  if event == "stop":
181
190
  log_bench_event(session, event, payload)
182
- strict = flags.get("GSD_CONTEXT_STRICT", "0") == "1"
191
+ strict = flags.get("MAGIC_CONTEXT_STRICT", "0") == "1"
183
192
  done = flags.get("DONE", "0") == "1"
184
193
  if strict and state.get("code_changed") and not state.get("context_refreshed"):
185
194
  if not done:
@@ -0,0 +1,26 @@
1
+ {
2
+ "version": 1,
3
+ "hooks": {
4
+ "beforeShellExecution": [
5
+ {
6
+ "command": "python .cursor/hooks/hook.py beforeShellExecution"
7
+ }
8
+ ],
9
+ "beforeReadFile": [
10
+ {
11
+ "command": "python .cursor/hooks/hook.py beforeReadFile"
12
+ }
13
+ ],
14
+ "afterFileEdit": [
15
+ {
16
+ "command": "python .cursor/hooks/hook.py afterFileEdit"
17
+ }
18
+ ],
19
+ "stop": [
20
+ {
21
+ "command": "python .cursor/hooks/hook.py stop"
22
+ }
23
+ ]
24
+ }
25
+ }
26
+
@@ -0,0 +1,31 @@
1
+ {
2
+ "version": 1,
3
+ "defaultTarget": "local-docker",
4
+ "targets": [
5
+ {
6
+ "id": "local-docker",
7
+ "type": "docker",
8
+ "enabled": true,
9
+ "host": "127.0.0.1",
10
+ "port": 2375,
11
+ "workspaceRoot": "/workspace",
12
+ "auth": {
13
+ "mode": "env",
14
+ "tokenEnv": "REMOTE_DOCKER_TOKEN"
15
+ }
16
+ },
17
+ {
18
+ "id": "remote-vm-ssh",
19
+ "type": "ssh",
20
+ "enabled": false,
21
+ "host": "vm.example.internal",
22
+ "port": 22,
23
+ "workspaceRoot": "/home/dev/workspace",
24
+ "auth": {
25
+ "mode": "env",
26
+ "usernameEnv": "REMOTE_SSH_USER",
27
+ "privateKeyPathEnv": "REMOTE_SSH_KEY_PATH"
28
+ }
29
+ }
30
+ ]
31
+ }