maestro-flow 0.5.45 → 0.5.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (310) hide show
  1. package/.agents/agents/ralph-executor.md +51 -6
  2. package/.agents/skills/domain-add/SKILL.md +9 -0
  3. package/.agents/skills/learn-decompose/SKILL.md +12 -0
  4. package/.agents/skills/learn-follow/SKILL.md +41 -0
  5. package/.agents/skills/learn-investigate/SKILL.md +14 -0
  6. package/.agents/skills/learn-second-opinion/SKILL.md +14 -0
  7. package/.agents/skills/maestro-amend/SKILL.md +11 -0
  8. package/.agents/skills/maestro-companion/SKILL.md +11 -0
  9. package/.agents/skills/maestro-composer/SKILL.md +11 -0
  10. package/.agents/skills/maestro-guard/SKILL.md +25 -0
  11. package/.agents/skills/maestro-init/SKILL.md +28 -0
  12. package/.agents/skills/maestro-overlay/SKILL.md +11 -0
  13. package/.agents/skills/maestro-player/SKILL.md +11 -0
  14. package/.agents/skills/maestro-quick/SKILL.md +29 -0
  15. package/.agents/skills/maestro-ralph-v2/SKILL.md +124 -61
  16. package/.agents/skills/maestro-swarm-workflow/SKILL.md +25 -0
  17. package/.agents/skills/maestro-tools-execute/SKILL.md +29 -0
  18. package/.agents/skills/maestro-tools-register/SKILL.md +29 -0
  19. package/.agents/skills/maestro-ui-codify/SKILL.md +11 -0
  20. package/.agents/skills/maestro-universal-workflow/SKILL.md +59 -0
  21. package/.agents/skills/maestro-update/SKILL.md +38 -0
  22. package/.agents/skills/manage-codebase-rebuild/SKILL.md +29 -0
  23. package/.agents/skills/manage-drift-realign/SKILL.md +12 -0
  24. package/.agents/skills/manage-harvest/SKILL.md +30 -6
  25. package/.agents/skills/manage-issue/SKILL.md +23 -0
  26. package/.agents/skills/manage-issue-discover/SKILL.md +28 -0
  27. package/.agents/skills/manage-kg-extractors/SKILL.md +27 -1
  28. package/.agents/skills/manage-knowhow/SKILL.md +26 -0
  29. package/.agents/skills/manage-knowhow-capture/SKILL.md +24 -0
  30. package/.agents/skills/manage-knowledge-audit/SKILL.md +13 -0
  31. package/.agents/skills/manage-status/SKILL.md +22 -0
  32. package/.agents/skills/manage-wiki/SKILL.md +28 -0
  33. package/.agents/skills/odyssey-debug/SKILL.md +338 -253
  34. package/.agents/skills/odyssey-improve/SKILL.md +417 -281
  35. package/.agents/skills/odyssey-planex/SKILL.md +536 -420
  36. package/.agents/skills/odyssey-review-test-fix/SKILL.md +386 -251
  37. package/.agents/skills/odyssey-ui/SKILL.md +382 -247
  38. package/.agents/skills/quality-auto-test/SKILL.md +12 -0
  39. package/.agents/skills/quality-debug/SKILL.md +11 -0
  40. package/.agents/skills/quality-refactor/SKILL.md +11 -0
  41. package/.agents/skills/quality-retrospective/SKILL.md +11 -0
  42. package/.agents/skills/quality-review/SKILL.md +11 -0
  43. package/.agents/skills/quality-sync/SKILL.md +10 -0
  44. package/.agents/skills/quality-test/SKILL.md +12 -0
  45. package/.agents/skills/security-audit/SKILL.md +11 -0
  46. package/.agents/skills/spec-add/SKILL.md +27 -0
  47. package/.agents/skills/spec-load/SKILL.md +25 -0
  48. package/.agents/skills/spec-remove/SKILL.md +26 -0
  49. package/.agents/skills/spec-setup/SKILL.md +30 -0
  50. package/.agy/agents/ralph-executor.md +53 -6
  51. package/.agy/skills/domain-add/SKILL.md +9 -0
  52. package/.agy/skills/learn-decompose/SKILL.md +12 -0
  53. package/.agy/skills/learn-follow/SKILL.md +41 -0
  54. package/.agy/skills/learn-investigate/SKILL.md +14 -0
  55. package/.agy/skills/learn-second-opinion/SKILL.md +14 -0
  56. package/.agy/skills/maestro-amend/SKILL.md +11 -0
  57. package/.agy/skills/maestro-companion/SKILL.md +11 -0
  58. package/.agy/skills/maestro-composer/SKILL.md +11 -0
  59. package/.agy/skills/maestro-guard/SKILL.md +25 -0
  60. package/.agy/skills/maestro-init/SKILL.md +28 -0
  61. package/.agy/skills/maestro-overlay/SKILL.md +11 -0
  62. package/.agy/skills/maestro-player/SKILL.md +11 -0
  63. package/.agy/skills/maestro-quick/SKILL.md +29 -0
  64. package/.agy/skills/maestro-ralph-v2/SKILL.md +123 -61
  65. package/.agy/skills/maestro-swarm-workflow/SKILL.md +25 -0
  66. package/.agy/skills/maestro-tools-execute/SKILL.md +29 -0
  67. package/.agy/skills/maestro-tools-register/SKILL.md +29 -0
  68. package/.agy/skills/maestro-ui-codify/SKILL.md +11 -0
  69. package/.agy/skills/maestro-universal-workflow/SKILL.md +59 -0
  70. package/.agy/skills/maestro-update/SKILL.md +38 -0
  71. package/.agy/skills/manage-codebase-rebuild/SKILL.md +29 -0
  72. package/.agy/skills/manage-drift-realign/SKILL.md +12 -0
  73. package/.agy/skills/manage-harvest/SKILL.md +30 -6
  74. package/.agy/skills/manage-issue/SKILL.md +23 -0
  75. package/.agy/skills/manage-issue-discover/SKILL.md +28 -0
  76. package/.agy/skills/manage-kg-extractors/SKILL.md +27 -1
  77. package/.agy/skills/manage-knowhow/SKILL.md +26 -0
  78. package/.agy/skills/manage-knowhow-capture/SKILL.md +24 -0
  79. package/.agy/skills/manage-knowledge-audit/SKILL.md +13 -0
  80. package/.agy/skills/manage-status/SKILL.md +22 -0
  81. package/.agy/skills/manage-wiki/SKILL.md +28 -0
  82. package/.agy/skills/odyssey-debug/SKILL.md +338 -253
  83. package/.agy/skills/odyssey-improve/SKILL.md +417 -281
  84. package/.agy/skills/odyssey-planex/SKILL.md +536 -420
  85. package/.agy/skills/odyssey-review-test-fix/SKILL.md +386 -251
  86. package/.agy/skills/odyssey-ui/SKILL.md +382 -247
  87. package/.agy/skills/quality-auto-test/SKILL.md +12 -0
  88. package/.agy/skills/quality-debug/SKILL.md +11 -0
  89. package/.agy/skills/quality-refactor/SKILL.md +11 -0
  90. package/.agy/skills/quality-retrospective/SKILL.md +11 -0
  91. package/.agy/skills/quality-review/SKILL.md +11 -0
  92. package/.agy/skills/quality-sync/SKILL.md +10 -0
  93. package/.agy/skills/quality-test/SKILL.md +12 -0
  94. package/.agy/skills/security-audit/SKILL.md +11 -0
  95. package/.agy/skills/spec-add/SKILL.md +27 -0
  96. package/.agy/skills/spec-load/SKILL.md +25 -0
  97. package/.agy/skills/spec-remove/SKILL.md +26 -0
  98. package/.agy/skills/spec-setup/SKILL.md +30 -0
  99. package/.claude/agents/ralph-executor.md +51 -6
  100. package/.claude/commands/domain-add.md +9 -0
  101. package/.claude/commands/learn-decompose.md +12 -0
  102. package/.claude/commands/learn-follow.md +41 -0
  103. package/.claude/commands/learn-investigate.md +14 -0
  104. package/.claude/commands/learn-second-opinion.md +14 -0
  105. package/.claude/commands/maestro-amend.md +11 -0
  106. package/.claude/commands/maestro-companion.md +11 -0
  107. package/.claude/commands/maestro-composer.md +11 -0
  108. package/.claude/commands/maestro-guard.md +25 -0
  109. package/.claude/commands/maestro-init.md +28 -0
  110. package/.claude/commands/maestro-overlay.md +11 -0
  111. package/.claude/commands/maestro-player.md +11 -0
  112. package/.claude/commands/maestro-quick.md +29 -0
  113. package/.claude/commands/maestro-ralph-v2.md +124 -61
  114. package/.claude/commands/maestro-swarm-workflow.md +25 -0
  115. package/.claude/commands/maestro-tools-execute.md +29 -0
  116. package/.claude/commands/maestro-tools-register.md +29 -0
  117. package/.claude/commands/maestro-ui-codify.md +11 -0
  118. package/.claude/commands/maestro-universal-workflow.md +59 -0
  119. package/.claude/commands/maestro-update.md +38 -0
  120. package/.claude/commands/manage-codebase-rebuild.md +29 -0
  121. package/.claude/commands/manage-drift-realign.md +12 -0
  122. package/.claude/commands/manage-harvest.md +30 -6
  123. package/.claude/commands/manage-issue-discover.md +28 -0
  124. package/.claude/commands/manage-issue.md +23 -0
  125. package/.claude/commands/manage-kg-extractors.md +27 -1
  126. package/.claude/commands/manage-knowhow-capture.md +24 -0
  127. package/.claude/commands/manage-knowhow.md +26 -0
  128. package/.claude/commands/manage-knowledge-audit.md +13 -0
  129. package/.claude/commands/manage-status.md +22 -0
  130. package/.claude/commands/manage-wiki.md +28 -0
  131. package/.claude/commands/odyssey-debug.md +352 -267
  132. package/.claude/commands/odyssey-improve.md +431 -295
  133. package/.claude/commands/odyssey-planex.md +550 -434
  134. package/.claude/commands/odyssey-review-test-fix.md +400 -265
  135. package/.claude/commands/odyssey-ui.md +396 -261
  136. package/.claude/commands/quality-auto-test.md +12 -0
  137. package/.claude/commands/quality-debug.md +11 -0
  138. package/.claude/commands/quality-refactor.md +11 -0
  139. package/.claude/commands/quality-retrospective.md +11 -0
  140. package/.claude/commands/quality-review.md +11 -0
  141. package/.claude/commands/quality-sync.md +10 -0
  142. package/.claude/commands/quality-test.md +12 -0
  143. package/.claude/commands/security-audit.md +11 -0
  144. package/.claude/commands/spec-add.md +27 -0
  145. package/.claude/commands/spec-load.md +25 -0
  146. package/.claude/commands/spec-remove.md +26 -0
  147. package/.claude/commands/spec-setup.md +30 -0
  148. package/.codex/skills/codify-to-knowhow/SKILL.md +2 -0
  149. package/.codex/skills/domain-add/SKILL.md +26 -0
  150. package/.codex/skills/domain-discover/SKILL.md +46 -0
  151. package/.codex/skills/domain-list/SKILL.md +29 -0
  152. package/.codex/skills/learn-decompose/SKILL.md +2 -0
  153. package/.codex/skills/learn-follow/SKILL.md +34 -0
  154. package/.codex/skills/learn-investigate/SKILL.md +33 -0
  155. package/.codex/skills/learn-retro/SKILL.md +33 -0
  156. package/.codex/skills/learn-second-opinion/SKILL.md +30 -0
  157. package/.codex/skills/maestro-amend/SKILL.md +11 -0
  158. package/.codex/skills/maestro-companion/SKILL.md +11 -0
  159. package/.codex/skills/maestro-composer/SKILL.md +11 -0
  160. package/.codex/skills/maestro-guard/SKILL.md +25 -0
  161. package/.codex/skills/maestro-help/SKILL.md +2 -0
  162. package/.codex/skills/maestro-init/SKILL.md +16 -0
  163. package/.codex/skills/maestro-learn/SKILL.md +2 -0
  164. package/.codex/skills/maestro-overlay/SKILL.md +1 -0
  165. package/.codex/skills/maestro-player/SKILL.md +2 -0
  166. package/.codex/skills/maestro-quick/SKILL.md +17 -0
  167. package/.codex/skills/maestro-tools-execute/SKILL.md +31 -0
  168. package/.codex/skills/maestro-tools-register/SKILL.md +29 -0
  169. package/.codex/skills/maestro-ui-codify/SKILL.md +2 -0
  170. package/.codex/skills/maestro-update/SKILL.md +38 -0
  171. package/.codex/skills/manage-codebase-rebuild/SKILL.md +2 -0
  172. package/.codex/skills/manage-codebase-refresh/SKILL.md +11 -0
  173. package/.codex/skills/manage-drift-realign/SKILL.md +2 -0
  174. package/.codex/skills/manage-harvest/SKILL.md +30 -8
  175. package/.codex/skills/manage-issue/SKILL.md +24 -0
  176. package/.codex/skills/manage-issue-discover/SKILL.md +2 -0
  177. package/.codex/skills/manage-knowhow/SKILL.md +26 -0
  178. package/.codex/skills/manage-knowhow-capture/SKILL.md +23 -0
  179. package/.codex/skills/manage-learn/SKILL.md +2 -0
  180. package/.codex/skills/manage-status/SKILL.md +22 -0
  181. package/.codex/skills/manage-wiki/SKILL.md +28 -0
  182. package/.codex/skills/odyssey-debug/SKILL.md +44 -0
  183. package/.codex/skills/odyssey-improve/SKILL.md +49 -0
  184. package/.codex/skills/odyssey-planex/SKILL.md +44 -0
  185. package/.codex/skills/odyssey-review-test-fix/SKILL.md +48 -0
  186. package/.codex/skills/odyssey-ui/SKILL.md +49 -0
  187. package/.codex/skills/quality-auto-test/SKILL.md +2 -0
  188. package/.codex/skills/quality-debug/SKILL.md +2 -0
  189. package/.codex/skills/quality-refactor/SKILL.md +2 -0
  190. package/.codex/skills/quality-retrospective/SKILL.md +2 -0
  191. package/.codex/skills/quality-review/SKILL.md +2 -0
  192. package/.codex/skills/quality-sync/SKILL.md +24 -0
  193. package/.codex/skills/quality-test/SKILL.md +2 -0
  194. package/.codex/skills/security-audit/SKILL.md +30 -0
  195. package/.codex/skills/spec-add/SKILL.md +28 -0
  196. package/.codex/skills/spec-load/SKILL.md +26 -0
  197. package/.codex/skills/spec-map/SKILL.md +1 -0
  198. package/.codex/skills/spec-remove/SKILL.md +28 -0
  199. package/.codex/skills/spec-setup/SKILL.md +28 -0
  200. package/.codex/skills/wiki-connect/SKILL.md +11 -0
  201. package/.codex/skills/wiki-digest/SKILL.md +11 -0
  202. package/dashboard/dist-server/dashboard/src/server/agents/api-explore-adapter.js +3 -1
  203. package/dashboard/dist-server/dashboard/src/server/agents/api-explore-adapter.js.map +1 -1
  204. package/dashboard/dist-server/dashboard/src/server/wiki/embedding.d.ts +5 -0
  205. package/dashboard/dist-server/dashboard/src/server/wiki/embedding.js +28 -4
  206. package/dashboard/dist-server/dashboard/src/server/wiki/embedding.js.map +1 -1
  207. package/dashboard/dist-server/dashboard/src/server/wiki/wiki-indexer.js +4 -4
  208. package/dashboard/dist-server/dashboard/src/server/wiki/wiki-indexer.js.map +1 -1
  209. package/dashboard/dist-server/src/graph/kg/db/queries.d.ts +10 -0
  210. package/dashboard/dist-server/src/graph/kg/db/queries.js +176 -38
  211. package/dashboard/dist-server/src/graph/kg/db/queries.js.map +1 -1
  212. package/dashboard/dist-server/src/graph/kg/extraction/code/svelte-extractor.js +1 -1
  213. package/dashboard/dist-server/src/graph/kg/extraction/code/svelte-extractor.js.map +1 -1
  214. package/dashboard/dist-server/src/graph/kg/extraction/code/tree-sitter.js +2 -2
  215. package/dashboard/dist-server/src/graph/kg/extraction/code/tree-sitter.js.map +1 -1
  216. package/dashboard/dist-server/src/graph/kg/extraction/code/vue-extractor.js +1 -1
  217. package/dashboard/dist-server/src/graph/kg/extraction/code/vue-extractor.js.map +1 -1
  218. package/dashboard/dist-server/src/graph/kg/extraction/code/wasm-stability.js +1 -1
  219. package/dashboard/dist-server/src/graph/kg/extraction/code/wasm-stability.js.map +1 -1
  220. package/dashboard/dist-server/src/graph/kg/extraction/orchestrator.js +20 -12
  221. package/dashboard/dist-server/src/graph/kg/extraction/orchestrator.js.map +1 -1
  222. package/dashboard/dist-server/src/graph/kg/surface/hook-injector.js +1 -1
  223. package/dashboard/dist-server/src/graph/kg/surface/hook-injector.js.map +1 -1
  224. package/dashboard/dist-server/src/hooks/keyword-spec-injector.js +35 -0
  225. package/dashboard/dist-server/src/hooks/keyword-spec-injector.js.map +1 -1
  226. package/dashboard/dist-server/src/hooks/spec-analytics.d.ts +1 -0
  227. package/dashboard/dist-server/src/hooks/spec-analytics.js.map +1 -1
  228. package/dashboard/dist-server/src/hooks/wiki-search-bridge.d.ts +32 -0
  229. package/dashboard/dist-server/src/hooks/wiki-search-bridge.js +71 -0
  230. package/dashboard/dist-server/src/hooks/wiki-search-bridge.js.map +1 -0
  231. package/dist/src/agents/api-explore/agent-loop.d.ts +15 -2
  232. package/dist/src/agents/api-explore/agent-loop.d.ts.map +1 -1
  233. package/dist/src/agents/api-explore/agent-loop.js +6 -5
  234. package/dist/src/agents/api-explore/agent-loop.js.map +1 -1
  235. package/dist/src/agents/api-explore/config.d.ts +67 -1
  236. package/dist/src/agents/api-explore/config.d.ts.map +1 -1
  237. package/dist/src/agents/api-explore/config.js +50 -15
  238. package/dist/src/agents/api-explore/config.js.map +1 -1
  239. package/dist/src/agents/api-explore/index.js +4 -4
  240. package/dist/src/agents/api-explore/index.js.map +1 -1
  241. package/dist/src/agents/api-explore/llm.d.ts +7 -1
  242. package/dist/src/agents/api-explore/llm.d.ts.map +1 -1
  243. package/dist/src/agents/api-explore/llm.js +26 -12
  244. package/dist/src/agents/api-explore/llm.js.map +1 -1
  245. package/dist/src/agents/api-explore/moa-cache.d.ts +12 -0
  246. package/dist/src/agents/api-explore/moa-cache.d.ts.map +1 -0
  247. package/dist/src/agents/api-explore/moa-cache.js +50 -0
  248. package/dist/src/agents/api-explore/moa-cache.js.map +1 -0
  249. package/dist/src/agents/api-explore/moa-loop.d.ts +49 -0
  250. package/dist/src/agents/api-explore/moa-loop.d.ts.map +1 -0
  251. package/dist/src/agents/api-explore/moa-loop.js +43 -0
  252. package/dist/src/agents/api-explore/moa-loop.js.map +1 -0
  253. package/dist/src/agents/api-explore/moa-pipeline.d.ts +43 -0
  254. package/dist/src/agents/api-explore/moa-pipeline.d.ts.map +1 -0
  255. package/dist/src/agents/api-explore/moa-pipeline.js +276 -0
  256. package/dist/src/agents/api-explore/moa-pipeline.js.map +1 -0
  257. package/dist/src/agents/api-explore/runner.d.ts +3 -0
  258. package/dist/src/agents/api-explore/runner.d.ts.map +1 -1
  259. package/dist/src/agents/api-explore/runner.js +39 -18
  260. package/dist/src/agents/api-explore/runner.js.map +1 -1
  261. package/dist/src/agents/api-explore/session.d.ts +15 -0
  262. package/dist/src/agents/api-explore/session.d.ts.map +1 -1
  263. package/dist/src/agents/api-explore/session.js.map +1 -1
  264. package/dist/src/cli.js +1 -0
  265. package/dist/src/cli.js.map +1 -1
  266. package/dist/src/commands/explore.d.ts.map +1 -1
  267. package/dist/src/commands/explore.js +34 -2
  268. package/dist/src/commands/explore.js.map +1 -1
  269. package/dist/src/commands/install.js +7 -28
  270. package/dist/src/commands/install.js.map +1 -1
  271. package/dist/src/commands/moa.d.ts +3 -0
  272. package/dist/src/commands/moa.d.ts.map +1 -0
  273. package/dist/src/commands/moa.js +217 -0
  274. package/dist/src/commands/moa.js.map +1 -0
  275. package/dist/src/commands/search.d.ts.map +1 -1
  276. package/dist/src/commands/search.js +2 -0
  277. package/dist/src/commands/search.js.map +1 -1
  278. package/dist/src/graph/kg/db/queries.d.ts +10 -0
  279. package/dist/src/graph/kg/db/queries.d.ts.map +1 -1
  280. package/dist/src/graph/kg/db/queries.js +176 -38
  281. package/dist/src/graph/kg/db/queries.js.map +1 -1
  282. package/dist/src/graph/kg/extraction/code/svelte-extractor.js +1 -1
  283. package/dist/src/graph/kg/extraction/code/svelte-extractor.js.map +1 -1
  284. package/dist/src/graph/kg/extraction/code/tree-sitter.js +2 -2
  285. package/dist/src/graph/kg/extraction/code/tree-sitter.js.map +1 -1
  286. package/dist/src/graph/kg/extraction/code/vue-extractor.js +1 -1
  287. package/dist/src/graph/kg/extraction/code/vue-extractor.js.map +1 -1
  288. package/dist/src/graph/kg/extraction/code/wasm-stability.js +1 -1
  289. package/dist/src/graph/kg/extraction/code/wasm-stability.js.map +1 -1
  290. package/dist/src/graph/kg/extraction/orchestrator.d.ts.map +1 -1
  291. package/dist/src/graph/kg/extraction/orchestrator.js +20 -12
  292. package/dist/src/graph/kg/extraction/orchestrator.js.map +1 -1
  293. package/dist/src/graph/kg/surface/hook-injector.js +1 -1
  294. package/dist/src/graph/kg/surface/hook-injector.js.map +1 -1
  295. package/dist/src/hooks/keyword-spec-injector.d.ts.map +1 -1
  296. package/dist/src/hooks/keyword-spec-injector.js +35 -0
  297. package/dist/src/hooks/keyword-spec-injector.js.map +1 -1
  298. package/dist/src/hooks/plugins/explore-plugin.d.ts.map +1 -1
  299. package/dist/src/hooks/plugins/explore-plugin.js +3 -2
  300. package/dist/src/hooks/plugins/explore-plugin.js.map +1 -1
  301. package/dist/src/hooks/spec-analytics.d.ts +1 -0
  302. package/dist/src/hooks/spec-analytics.d.ts.map +1 -1
  303. package/dist/src/hooks/spec-analytics.js.map +1 -1
  304. package/dist/src/hooks/wiki-search-bridge.d.ts +33 -0
  305. package/dist/src/hooks/wiki-search-bridge.d.ts.map +1 -0
  306. package/dist/src/hooks/wiki-search-bridge.js +71 -0
  307. package/dist/src/hooks/wiki-search-bridge.js.map +1 -0
  308. package/dist/src/utils/update-notices.js +12 -0
  309. package/dist/src/utils/update-notices.js.map +1 -1
  310. package/package.json +1 -1
@@ -22,10 +22,32 @@ Reads from:
22
22
  - `.workflow/scratch/*/index.json` — per-phase metadata and progress (resolved via state.json artifact registry)
23
23
  - `.workflow/scratch/*/.task/TASK-*.json` — individual task statuses (resolved via state.json artifact registry)
24
24
  - `.workflow/wiki-index.json` — unified wiki graph index (entry counts, health)
25
+
26
+ **Output boundary**: Read-only command. MUST NOT write any files. All output is displayed to the user via text.
25
27
  </context>
26
28
 
29
+ <invariants>
30
+ 1. **Read-only** — MUST NOT write or modify any files; this is a pure display command
31
+ 2. **Graceful degradation** — missing roadmap.md, plan.json, or task files MUST NOT cause failure; display available data and note missing sections
32
+ 3. **State accuracy** — progress percentages MUST be calculated from actual task statuses, NEVER estimated or inferred
33
+ 4. **Wiki health optional** — wiki health score display MUST degrade gracefully if wiki is unavailable
34
+ 5. **Complete dashboard** — MUST include: milestone progress, phase status, task counts, active work, and next-step suggestions
35
+ </invariants>
36
+
27
37
  <execution>
28
38
 
39
+ ### Phase Gates (MANDATORY, BLOCKING)
40
+
41
+ **GATE 1: Load → Render** (State loading → Dashboard display)
42
+ - REQUIRED: `.workflow/` exists and `state.json` is readable (E001/E002 if not).
43
+ - REQUIRED: Project state loaded with milestone and artifact registry.
44
+ - BLOCKED if state.json missing or corrupt (E002).
45
+
46
+ **GATE 2: Render → Route** (Dashboard → Next-step suggestions)
47
+ - REQUIRED: Dashboard sections rendered with available data.
48
+ - REQUIRED: Next-step suggestion computed from state decision table.
49
+ - BLOCKED: never — graceful degradation for missing sections.
50
+
29
51
  ### Step 1: Validate Project
30
52
 
31
53
  Verify `.workflow/` exists (E001) and `state.json` is present (E002).
@@ -28,10 +28,38 @@ $ARGUMENTS — subcommand and optional flags.
28
28
  - `--type <type>` — Filter: spec, knowhow, note, issue
29
29
  - `--fix` — Auto-fix issues during cleanup
30
30
  - `--json` — JSON output
31
+
32
+ **Output boundary**: File writes MUST target `.workflow/wiki/`, `.workflow/knowhow/`, or `.workflow/issues/issues.jsonl` (when `--create-issues`) only. NEVER modify source code or files outside these paths. `--dry-run` overrides `--fix` — no writes when both are set.
31
33
  </context>
32
34
 
35
+ <invariants>
36
+ 1. **Dry-run precedence** — `--dry-run` MUST override `--fix` when both are passed; preview only, no writes
37
+ 2. **Read-only by default** — without `--fix` or `--create-issues`, all subcommands MUST be read-only
38
+ 3. **Confirmation on fixes** — `--fix` MUST show preview of changes before applying; auto-apply only when explicitly set
39
+ 4. **Graph integrity** — `connect` MUST NOT create circular link chains; validate graph acyclicity for parent-child relationships
40
+ 5. **Threshold enforcement** — `--min-similarity` MUST be respected; NEVER suggest connections below the threshold
41
+ 6. **Subcommand isolation** — each subcommand routes to its own workflow file; NEVER cross-execute subcommand logic
42
+ </invariants>
43
+
33
44
  <execution>
34
45
  Follow '~/.maestro/workflows/wiki-manage.md' completely.
46
+
47
+ ### Phase Gates (MANDATORY, BLOCKING)
48
+
49
+ **GATE 1: Parse → Load** (Subcommand routing → Wiki data loading)
50
+ - REQUIRED: Subcommand parsed and validated (health/search/cleanup/stats).
51
+ - REQUIRED: `.workflow/` initialized (E001 if missing).
52
+ - BLOCKED if E003 (invalid subcommand) or E001.
53
+
54
+ **GATE 2: Load → Execute** (Wiki data → Subcommand execution)
55
+ - REQUIRED: Wiki data loaded via `maestro wiki` CLI.
56
+ - REQUIRED: At least one wiki entry exists (E002 if none).
57
+ - BLOCKED if wiki data loading fails entirely.
58
+
59
+ **GATE 3: Execute → Report** (For cleanup --fix only)
60
+ - REQUIRED: Preview of changes displayed to user.
61
+ - REQUIRED: User confirmation before applying fixes.
62
+ - BLOCKED if user declines fixes.
35
63
  </execution>
36
64
 
37
65
  <error_codes>
@@ -70,6 +70,8 @@ $ARGUMENTS
70
70
  4. Hypotheses ← S_DIAGNOSE | 5. Root Cause ← S_DIAGNOSE | 6. Fix & Confirmation ← S_FIX+S_CONFIRM
71
71
  7. Generalization ← S_GENERALIZE | 8. Discoveries ← S_DISCOVER | 9. Learnings ← S_RECORD
72
72
 
73
+ **Output boundary**: ALL session artifacts MUST target the session directory (`.workflow/scratch/{YYYYMMDD}-debug-odyssey-{slug}/`) or `.workflow/state.json` only. Source code modifications during S_FIX are in-scope but MUST be committed per action. NEVER write session artifacts outside these paths.
74
+
73
75
  **Knowledge Persistence categories (§9):**
74
76
 
75
77
  | Category | Content | Follow-up |
@@ -120,6 +122,48 @@ Base execution_discipline applies. Debug additions:
120
122
  Applies to: **S_ARCHAEOLOGY, S_EXPLORE, S_DIAGNOSE, S_GENERALIZE**. Logic in base.
121
123
  </self_iteration>
122
124
 
125
+ <execution>
126
+ Follow base execution discipline completely. Actions defined in state_machine below.
127
+
128
+ ### Phase Gates (MANDATORY, BLOCKING)
129
+
130
+ **GATE 1: INTAKE → ARCHAEOLOGY**
131
+ - REQUIRED: Issue parsed, SESSION_DIR created, session.json initialized with phase_goals[].
132
+ - BLOCKED if: no issue and no session (E001).
133
+
134
+ **GATE 2: ARCHAEOLOGY → EXPLORE**
135
+ - REQUIRED: Git history analysis completed (timeline + blame agents), evidence phase=archaeology logged.
136
+ - REQUIRED: understanding.md §2 updated.
137
+ - BLOCKED if: both archaeology agents AND delegate failed (partial results via W003 are acceptable).
138
+
139
+ **GATE 3: EXPLORE → DIAGNOSE**
140
+ - REQUIRED: explore.json written (or W006 skip logged), evidence phase=explore logged, G2 marked done.
141
+ - BLOCKED if: exploration started but not completed.
142
+
143
+ **GATE 4: DIAGNOSE → FIX**
144
+ - REQUIRED: Root cause confirmed with evidence refs, session.json.root_cause written, G1 marked done.
145
+ - BLOCKED if: hypotheses failed 3 times without escalation decision.
146
+
147
+ **GATE 5: FIX → CONFIRM**
148
+ - REQUIRED: Fix implemented with evidence phase=fix logged.
149
+ - BLOCKED if: no fix attempted.
150
+
151
+ **GATE 6: CONFIRM → GENERALIZE**
152
+ - REQUIRED: Tests pass, CLI review completed, confirmation overall == confirmed, G3 marked done.
153
+ - BLOCKED if: needs_rework → route back to S_FIX.
154
+
155
+ **GATE 7: GENERALIZE → DISCOVER**
156
+ - REQUIRED: ALL 3 layers (syntax/semantic/structural) attempted with evidence logged.
157
+ - REQUIRED: generalization_stats written with by_layer entries for all 3 layers, G4 marked done.
158
+ - BLOCKED if: any layer not attempted (thoroughness floor violation).
159
+
160
+ **GATE 8: DISCOVER → RECORD**
161
+ - REQUIRED: All hits triaged with per-item classification and reason.
162
+ - REQUIRED: remaining_actionable == 0 OR loops >= max_loops with per-item reasons logged, G5 marked done.
163
+ - BLOCKED if: unclassified hits remain.
164
+
165
+ </execution>
166
+
123
167
  <state_machine>
124
168
 
125
169
  <states>
@@ -45,6 +45,8 @@ $ARGUMENTS
45
45
  **Session**: `.workflow/scratch/{YYYYMMDD}-improve-odyssey-{slug}/`
46
46
  **Output**: `session.json` | `evidence.ndjson` | `understanding.md`
47
47
 
48
+ **Output boundary**: ALL session artifacts MUST target the session directory (`.workflow/scratch/{YYYYMMDD}-improve-odyssey-{slug}/`) or `.workflow/state.json` only. Source code modifications during S_FIX are in-scope but MUST be committed per action. NEVER write session artifacts outside these paths.
49
+
48
50
  **session.json — improve-specific fields:**
49
51
  ```json
50
52
  { "target": "", "dimensions": [], "baseline_metrics": {},
@@ -128,6 +130,53 @@ Base invariants apply. Additional: baseline metrics captured before any fix; eve
128
130
  Applies to: **S_SURVEY, S_AUDIT, S_DIAGNOSE, S_GENERALIZE**. Logic in base.
129
131
  </self_iteration>
130
132
 
133
+ <execution>
134
+ Follow base execution discipline completely. Actions defined in state_machine below.
135
+
136
+ ### Phase Gates (MANDATORY, BLOCKING)
137
+
138
+ **GATE 1: INTAKE → SURVEY**
139
+ - REQUIRED: Target resolved, SESSION_DIR created, session.json initialized with baseline_metrics.
140
+ - REQUIRED: phase_goals[] derived from flags.
141
+ - BLOCKED if: no target specified (E001) or target path not found (E002).
142
+
143
+ **GATE 2: SURVEY → AUDIT**
144
+ - REQUIRED: Current state survey completed — dependency audit, complexity scan.
145
+ - REQUIRED: Evidence phase=survey logged, understanding.md §2 updated, G1 marked done.
146
+ - BLOCKED if: survey incomplete — both scan types must be attempted.
147
+
148
+ **GATE 3: AUDIT → DIAGNOSE**
149
+ - REQUIRED: All dimension agents completed (or --dimensions subset), findings merged with severity classification.
150
+ - REQUIRED: audit_result written to session.json, understanding.md §3 with severity matrix, G2 marked done.
151
+ - BLOCKED if: zero dimensions reviewed (W002 partial is allowed, zero is not).
152
+
153
+ **GATE 4: DIAGNOSE → FIX**
154
+ - REQUIRED: Root causes identified for all critical/high findings with evidence.
155
+ - REQUIRED: diagnoses[] written, understanding.md §4 updated, G3 marked done.
156
+ - BLOCKED if: hypotheses failed 3 times without escalation decision.
157
+
158
+ **GATE 5: FIX → VERIFY**
159
+ - REQUIRED: ALL findings within fix_threshold fixed by severity tier (critical → high → medium → low).
160
+ - REQUIRED: Per-fix evidence phase=fix logged.
161
+ - BLOCKED if: tier incomplete — each tier must be fully addressed before advancing.
162
+
163
+ **GATE 6: VERIFY → GENERALIZE**
164
+ - REQUIRED: Tests pass, metrics re-captured, before/after comparison logged.
165
+ - REQUIRED: confirmation written, understanding.md §5 updated, G4 marked done.
166
+ - BLOCKED if: needs_rework → route back to S_FIX.
167
+
168
+ **GATE 7: GENERALIZE → DISCOVER**
169
+ - REQUIRED: ALL 3 layers (syntax/semantic/structural) attempted with evidence logged.
170
+ - REQUIRED: generalization_stats written with by_layer entries for all 3 layers, G5 marked done.
171
+ - BLOCKED if: any layer not attempted (thoroughness floor violation).
172
+
173
+ **GATE 8: DISCOVER → RECORD**
174
+ - REQUIRED: All hits triaged with per-item classification and reason.
175
+ - REQUIRED: remaining_actionable == 0 OR loops >= max_loops with per-item reasons logged, G6 marked done.
176
+ - BLOCKED if: unclassified hits remain.
177
+
178
+ </execution>
179
+
131
180
  <state_machine>
132
181
 
133
182
  <states>
@@ -51,6 +51,8 @@ $ARGUMENTS
51
51
  **Session**: `.workflow/scratch/{YYYYMMDD}-planex-odyssey-{slug}/`
52
52
  **Output**: `session.json` | `evidence.ndjson` | `understanding.md`
53
53
 
54
+ **Output boundary**: ALL session artifacts MUST target the session directory (`.workflow/scratch/{YYYYMMDD}-planex-odyssey-{slug}/`) or `.workflow/state.json` only. Source code modifications during S_EXECUTE and S_FIX are in-scope but MUST be committed per action. NEVER write session artifacts outside these paths.
55
+
54
56
  **session.json -- planex-specific fields:**
55
57
  ```json
56
58
  { "requirement": "",
@@ -131,6 +133,48 @@ id,title,description,task_type,criterion_refs,deps,wave,status,findings,evidence
131
133
  - Wave 2: Generalization agents (syntax-grep, semantic-scan, structural-match, historical-grep) -- parallel
132
134
  </csv_schema>
133
135
 
136
+ <execution>
137
+ Follow base execution discipline completely. Actions defined in state_machine below.
138
+
139
+ ### Phase Gates (MANDATORY, BLOCKING)
140
+
141
+ **GATE 1: INTAKE → PLAN**
142
+ - REQUIRED: Requirement parsed, >=1 acceptance criterion defined with verify_method assigned.
143
+ - REQUIRED: session.json initialized, understanding.md §1 written, G1 marked done.
144
+ - BLOCKED if: no requirement provided (E001) or zero criteria derived (W001).
145
+
146
+ **GATE 2: PLAN → EXECUTE**
147
+ - REQUIRED: Plan tasks decomposed with criteria_refs mapping each task to acceptance criteria.
148
+ - REQUIRED: session.json.plan populated, understanding.md §2 updated, G2 marked done.
149
+ - BLOCKED if: plan has zero tasks or unmapped criteria.
150
+
151
+ **GATE 3: EXECUTE → VERIFY**
152
+ - REQUIRED: All plan tasks executed (or marked blocked after 3 retries per deviation rule).
153
+ - REQUIRED: execution_config confirmed, per-task evidence logged, understanding.md §3 updated, G3 marked done.
154
+ - BLOCKED if: tasks still pending execution.
155
+
156
+ **GATE 4: VERIFY → FIX / GENERALIZE**
157
+ - REQUIRED: Every acceptance criterion verified by its assigned method (test/grep/cli-review/manual).
158
+ - REQUIRED: Per-criterion evidence logged with pass/fail status and iteration count.
159
+ - BLOCKED if: verification incomplete — all criteria must be checked before routing decision.
160
+
161
+ **GATE 5: FIX → VERIFY**
162
+ - REQUIRED: current_iteration incremented, targeted fixes applied for each failed criterion.
163
+ - REQUIRED: Fix evidence logged, understanding.md §5 updated.
164
+ - BLOCKED if: no fix attempted for failing criteria.
165
+
166
+ **GATE 6: GENERALIZE → DISCOVER**
167
+ - REQUIRED: ALL 3 layers (syntax/semantic/structural) attempted with evidence logged.
168
+ - REQUIRED: generalization_stats written with by_layer entries for all 3 layers, G5 marked done.
169
+ - BLOCKED if: any layer not attempted (thoroughness floor violation).
170
+
171
+ **GATE 7: DISCOVER → RECORD**
172
+ - REQUIRED: All hits triaged with per-item classification and reason.
173
+ - REQUIRED: remaining_actionable == 0 OR loops >= max_loops with per-item reasons logged, G6 marked done.
174
+ - BLOCKED if: unclassified hits remain.
175
+
176
+ </execution>
177
+
134
178
  <state_machine>
135
179
 
136
180
  <states>
@@ -39,6 +39,8 @@ $ARGUMENTS
39
39
  **Session**: `.workflow/scratch/{YYYYMMDD}-review-odyssey-{slug}/`
40
40
  **Output**: `session.json` | `evidence.ndjson` | `explore.json` | `understanding.md` (sections 1-8)
41
41
 
42
+ **Output boundary**: ALL session artifacts MUST target the session directory (`.workflow/scratch/{YYYYMMDD}-review-odyssey-{slug}/`) or `.workflow/state.json` only. Source code modifications during S_FIX are in-scope but MUST be committed per action. NEVER write session artifacts outside these paths.
43
+
42
44
  **session.json — review-specific fields:**
43
45
  ```json
44
46
  { "target": "", "dimensions": [], "review_result": { "remaining_actionable": 0 },
@@ -111,6 +113,52 @@ id,title,description,task_type,dimension,deps,wave,status,findings,evidence,erro
111
113
  | 3 | Generalization (syntax-grep, semantic-scan, structural-match, historical-grep) | 4 agents |
112
114
  </csv_schema>
113
115
 
116
+ <execution>
117
+ Follow base execution discipline completely. Actions defined in state_machine below.
118
+
119
+ ### Phase Gates (MANDATORY, BLOCKING)
120
+
121
+ **GATE 1: INTAKE → ARCHAEOLOGY**
122
+ - REQUIRED: Target resolved to file list, SESSION_DIR created, session.json initialized.
123
+ - REQUIRED: phase_goals[] derived from flags, understanding.md §1 written.
124
+ - BLOCKED if: no target specified (E001) or target path not found (E002).
125
+
126
+ **GATE 2: ARCHAEOLOGY → EXPLORE**
127
+ - REQUIRED: Git history analysis completed (timeline + blame agents), evidence phase=archaeology logged.
128
+ - REQUIRED: understanding.md §2 updated.
129
+ - BLOCKED if: both archaeology agents failed AND delegate failed.
130
+
131
+ **GATE 3: EXPLORE → REVIEW**
132
+ - REQUIRED: explore.json written, evidence phase=explore logged, G2 marked done.
133
+ - BLOCKED if: exploration started but not completed.
134
+
135
+ **GATE 4: REVIEW → FIX**
136
+ - REQUIRED: All dimension agents completed, findings merged with severity classification.
137
+ - REQUIRED: review_result written to session.json, understanding.md §4 with severity matrix, G1 marked done.
138
+ - BLOCKED if: zero dimensions reviewed (W002 partial is allowed, zero is not).
139
+
140
+ **GATE 5: FIX → CONFIRM**
141
+ - REQUIRED: Current severity tier fully addressed — all findings in tier fixed or individually classified.
142
+ - REQUIRED: Per-fix evidence phase=fix logged, auto-commit per tier.
143
+ - BLOCKED if: tier incomplete — no partial tier advancement.
144
+
145
+ **GATE 6: CONFIRM → GENERALIZE**
146
+ - REQUIRED: Tests pass, remaining_actionable == 0, new findings == 0.
147
+ - REQUIRED: confirmation written, understanding.md §5 updated, G3 marked done.
148
+ - BLOCKED if: needs_rework → route back to S_FIX.
149
+
150
+ **GATE 7: GENERALIZE → DISCOVER**
151
+ - REQUIRED: ALL 3 layers (syntax/semantic/structural) attempted with evidence logged.
152
+ - REQUIRED: generalization_stats written with by_layer entries for all 3 layers, G4 marked done.
153
+ - BLOCKED if: any layer not attempted (thoroughness floor violation).
154
+
155
+ **GATE 8: DISCOVER → RECORD**
156
+ - REQUIRED: All hits triaged with per-item classification and reason.
157
+ - REQUIRED: remaining_actionable == 0 OR loops >= max_loops with per-item reasons logged, G5 marked done.
158
+ - BLOCKED if: unclassified hits remain.
159
+
160
+ </execution>
161
+
114
162
  <state_machine>
115
163
 
116
164
  <states>
@@ -40,6 +40,8 @@ $ARGUMENTS
40
40
  **Session**: `.workflow/scratch/{YYYYMMDD}-ui-odyssey-{slug}/`
41
41
  **Output**: `session.json` | `evidence.ndjson` | `understanding.md`
42
42
 
43
+ **Output boundary**: ALL session artifacts MUST target the session directory (`.workflow/scratch/{YYYYMMDD}-ui-odyssey-{slug}/`) or `.workflow/state.json` only. Source code modifications during S_FIX are in-scope but MUST be committed per action. NEVER write session artifacts outside these paths.
44
+
43
45
  **session.json -- ui-specific fields:**
44
46
  ```json
45
47
  { "target": "", "dimensions": [], "audit_result": null, "diverge_result": null,
@@ -117,6 +119,53 @@ id,title,description,task_type,dimension,deps,wave,status,findings,evidence,erro
117
119
  Applies to: **S_SURVEY, S_AUDIT, S_DIVERGE, S_GENERALIZE**. Logic in base.
118
120
  </self_iteration>
119
121
 
122
+ <execution>
123
+ Follow base execution discipline completely. Actions defined in state_machine below.
124
+
125
+ ### Phase Gates (MANDATORY, BLOCKING)
126
+
127
+ **GATE 1: INTAKE → SURVEY**
128
+ - REQUIRED: Target resolved, SESSION_DIR created, session.json initialized.
129
+ - REQUIRED: phase_goals[] derived from flags, understanding.md §1 written.
130
+ - BLOCKED if: no target specified (E001) or target path not found (E002).
131
+
132
+ **GATE 2: SURVEY → AUDIT**
133
+ - REQUIRED: Design system inventory + current state analysis completed.
134
+ - REQUIRED: Evidence phase=survey logged, understanding.md §2 updated, G1 marked done.
135
+ - BLOCKED if: survey incomplete — token scan and styling analysis must both be attempted.
136
+
137
+ **GATE 3: AUDIT → DIVERGE**
138
+ - REQUIRED: All 6 dimension agents completed (or --dimensions subset), findings merged with severity classification.
139
+ - REQUIRED: audit_result written to session.json, understanding.md §3 with severity matrix, G2 marked done.
140
+ - BLOCKED if: zero dimensions reviewed (W002 partial is allowed, zero is not).
141
+
142
+ **GATE 4: DIVERGE → FIX**
143
+ - REQUIRED: Both parallel agents (Polish + Delight) completed, ideas consolidated with audit findings.
144
+ - REQUIRED: diverge_result written, understanding.md §4 updated, G3 marked done.
145
+ - BLOCKED if: divergent exploration not attempted.
146
+
147
+ **GATE 5: FIX → VERIFY**
148
+ - REQUIRED: ALL findings/ideas within fix_threshold fixed by priority tier.
149
+ - REQUIRED: Per-fix evidence phase=fix logged.
150
+ - BLOCKED if: tier incomplete — each tier must be fully addressed before advancing.
151
+
152
+ **GATE 6: VERIFY → GENERALIZE**
153
+ - REQUIRED: Tests pass (lint, unit, visual regression), delegate verification completed.
154
+ - REQUIRED: confirmation written, understanding.md §5 updated, G4 marked done.
155
+ - BLOCKED if: needs_rework → route back to S_FIX.
156
+
157
+ **GATE 7: GENERALIZE → DISCOVER**
158
+ - REQUIRED: ALL 3 layers (syntax/semantic/structural) attempted with evidence logged.
159
+ - REQUIRED: generalization_stats written with by_layer entries for all 3 layers, G5 marked done.
160
+ - BLOCKED if: any layer not attempted (thoroughness floor violation).
161
+
162
+ **GATE 8: DISCOVER → RECORD**
163
+ - REQUIRED: All hits triaged with per-item classification and reason.
164
+ - REQUIRED: remaining_actionable == 0 OR loops >= max_loops with per-item reasons logged, G6 marked done.
165
+ - BLOCKED if: unclassified hits remain.
166
+
167
+ </execution>
168
+
120
169
  <state_machine>
121
170
 
122
171
  <states>
@@ -36,6 +36,8 @@ $ARGUMENTS -- phase number and optional flags.
36
36
 
37
37
  **Session**: `.tests/auto-test/.csv-session/`
38
38
  **Output**: scenarios.csv, results.csv, discoveries.ndjson, report.json, state.json, reflection-log.md
39
+
40
+ **Output boundary**: ALL file writes MUST target `.workflow/scratch/{YYYYMMDD}-auto-test-P{N}-{slug}/` or `.workflow/state.json` only. Source code modifications are limited to test files generated by this command. NEVER modify existing production source code.
39
41
  </context>
40
42
 
41
43
  <csv_schema>
@@ -84,6 +84,8 @@ When `--yes` or `-y`: Auto-confirm hypothesis selection, skip interactive sympto
84
84
 
85
85
  **Output Directory**: `.workflow/.csv-wave/{session-id}/`
86
86
  **Core Output**: `tasks.csv` (master state) + `results.csv` (final) + `discoveries.ndjson` (shared exploration) + `understanding.md` (human-readable report)
87
+
88
+ **Output boundary**: ALL file writes MUST target `DEBUG_DIR` or `.workflow/state.json` only. NEVER modify source code, test files, or other artifacts outside these paths during investigation.
87
89
  </context>
88
90
 
89
91
  <csv_schema>
@@ -32,6 +32,8 @@ $quality-refactor "--dir .workflow/scratch/refactor-auth-2026-03-18" # resume e
32
32
  **Output**: `.workflow/scratch/refactor-{slug}-{date}/` with index.json, plan.json, reflection-log.md, .task/, .summaries/
33
33
 
34
34
  **Session**: `.workflow/.csv-wave/{YYYYMMDD}-refactor-{slug}/`
35
+
36
+ **Output boundary**: Refactoring modifies source files within the declared scope only. Ancillary outputs (reflection-log.md) MUST target `.workflow/scratch/{YYYYMMDD}-refactor-{slug}/`. NEVER modify files outside the confirmed scope without re-confirmation.
35
37
  </context>
36
38
 
37
39
  <csv_schema>
@@ -95,6 +95,8 @@ Each artifact's type determines its outputs at `.workflow/{a.path}/`:
95
95
  - **test** → uat.md, .tests/ (UAT results, gaps, coverage)
96
96
  - Also reads: `.workflow/issues/issues.jsonl`, `.workflow/state.json`
97
97
 
98
+ **Output boundary**: ALL file writes MUST target the phase's retrospective directory (`.workflow/scratch/{YYYYMMDD}-retrospective-P{N}/`), `.workflow/state.json`, `.workflow/issues.jsonl`, or `.workflow/specs/` (append-only). NEVER modify source code, verification.json, review.json, plan.json, or other existing artifacts.
99
+
98
100
  ### Agent Registry
99
101
 
100
102
  | Agent | task_name | fork_turns | Responsibility |
@@ -74,6 +74,8 @@ When `--yes` or `-y`: Auto-confirm dimension selection, skip interactive validat
74
74
 
75
75
  **Output Directory**: `.workflow/.csv-wave/{session-id}/`
76
76
  **Core Output**: `tasks.csv` (master state) + `results.csv` (final) + `discoveries.ndjson` (shared exploration) + `context.md` (human-readable report) + `review.json` (structured review output)
77
+
78
+ **Output boundary**: ALL file writes MUST target `.workflow/.csv-wave/{session-id}/`, `.workflow/state.json`, or `.workflow/issues/issues.jsonl` only. NEVER modify source code or files outside these paths. Review produces reports only — no source modifications.
77
79
  </context>
78
80
 
79
81
  <csv_schema>
@@ -24,10 +24,34 @@ $quality-sync "--since abc123 --dry-run"
24
24
  - `--since <commit|HEAD~N>` -- Diff since specific commit (default: last sync timestamp)
25
25
  - `--dry-run` -- Show what would be updated without writing
26
26
 
27
+ **Output boundary**: ALL file writes MUST target `.workflow/codebase/`, `.workflow/state.json`, or `doc-index.json` only. NEVER modify source code or files outside `.workflow/`. `--dry-run` MUST suppress all writes.
27
28
  </context>
28
29
 
30
+ <invariants>
31
+ 1. **Source code is read-only** — sync reads source files to generate documentation. NEVER modify source code, test files, or any non-documentation files.
32
+ 2. **Dry-run is side-effect-free** — when `--dry-run` is set, NO file writes occur. Report only what would change.
33
+ 3. **Impact trace before refresh** — NEVER regenerate a doc file without first tracing which source changes affect it via doc-index.json. Untargeted full-refresh requires explicit `--full` flag.
34
+ 4. **Idempotent sync** — running sync twice with the same diff MUST produce identical results. State.json timestamp prevents redundant re-runs.
35
+ 5. **Incremental by default** — without `--full`, only changed components are refreshed. NEVER silently expand to a full rebuild.
36
+ </invariants>
37
+
29
38
  <execution>
30
39
 
40
+ ### Phase Gates (MANDATORY, BLOCKING)
41
+
42
+ **GATE 1: Diff → Impact Trace**
43
+ - REQUIRED: Git diff computed (or --full flag set for all files).
44
+ - BLOCKED if no diff and no --full: nothing to sync (W001).
45
+
46
+ **GATE 2: Impact Trace → Refresh**
47
+ - REQUIRED: Affected components traced via doc-index.json.
48
+ - BLOCKED if trace fails: cannot refresh docs without impact mapping.
49
+
50
+ **GATE 3: Refresh → Completion**
51
+ - REQUIRED: `.workflow/codebase/` docs refreshed for affected components.
52
+ - REQUIRED: If `--dry-run` is set, skip state.json write and report what would change. Otherwise, update state.json with sync timestamp.
53
+ - BLOCKED if missing: do not report completion without updated docs.
54
+
31
55
  ### Step 1: Validate
32
56
 
33
57
  Verify `.workflow/` directory exists — if missing, raise E001.
@@ -27,6 +27,8 @@ $ARGUMENTS -- phase number and optional flags.
27
27
  - `{target_dir}/.tests/test-results.json` -- pass/fail results
28
28
  - `{target_dir}/.tests/coverage-report.json` -- requirement coverage
29
29
  - `.tests/.csv-session/diagnosis.csv` + `diagnosis-results.csv`
30
+
31
+ **Output boundary**: ALL file writes MUST target `.workflow/scratch/{YYYYMMDD}-test-P{N}-{slug}/`, `.workflow/state.json`, or `.workflow/issues.jsonl` only. NEVER modify source code or execution artifacts outside these paths.
30
32
  </context>
31
33
 
32
34
  <csv_schema>
@@ -25,10 +25,40 @@ $ARGUMENTS -- Parse tier and scope:
25
25
  | quick | Y | Y | -- | -- | -- | -- |
26
26
  | standard | Y | Y | Y | Y | -- | -- |
27
27
  | deep | Y | Y | Y | Y | Y | Y |
28
+
29
+ **Output boundary**: ALL file writes MUST target `.workflow/scratch/{YYYYMMDD}-security-audit-{tier}-{slug}/` or `.workflow/state.json` only. NEVER modify source code, configuration files, or dependencies. Audit is read-only analysis.
28
30
  </context>
29
31
 
32
+ <invariants>
33
+ 1. **Audit is read-only** — NEVER modify source code, configuration, dependencies, or CI/CD files during audit. Security audit produces reports only.
34
+ 2. **Findings require file:line evidence** — every finding MUST reference a specific file:line location and include the vulnerable code pattern. No vague or category-only findings.
35
+ 3. **Severity NEVER downgraded without justification** — if a finding matches a known OWASP category, its severity follows OWASP guidance. Downgrading requires documented rationale (e.g., compensating control exists).
36
+ 4. **Tier coverage is mandatory** — all scan phases required by the selected tier MUST complete. NEVER skip a tier-required phase silently; failures are logged as W00x warnings.
37
+ 5. **False positive marking requires evidence** — marking a finding as false positive MUST include the compensating control or code path that prevents exploitation. NEVER dismiss findings without counter-evidence.
38
+ 6. **Secrets are never logged** — if secrets are discovered, report their location (file:line) and type but NEVER include the actual secret value in the report output.
39
+ </invariants>
40
+
30
41
  <execution>
31
42
 
43
+ ### Phase Gates (MANDATORY, BLOCKING)
44
+
45
+ **GATE 1: Recon → Scan**
46
+ - REQUIRED: Tech stack detected and entry points identified.
47
+ - REQUIRED: Auth/authz modules listed and data flow mapped.
48
+ - BLOCKED if missing: cannot scan without entry points and data flow baseline.
49
+
50
+ **GATE 2: Scan → Report** (tier-gated)
51
+ - REQUIRED: OWASP Top 10 scan completed (all tiers).
52
+ - REQUIRED: Dependency audit completed (all tiers).
53
+ - REQUIRED: Secrets + CI/CD scan completed (standard/deep only).
54
+ - REQUIRED: STRIDE + git history completed (deep only).
55
+ - BLOCKED if tier-required scans incomplete: finish all tier-applicable phases before reporting.
56
+
57
+ **GATE 3: Report → Completion**
58
+ - REQUIRED: Severity matrix produced with file:line references and remediation.
59
+ - REQUIRED: Artifact registered in state.json.
60
+ - BLOCKED if missing: do not emit completion status without severity matrix.
61
+
32
62
  **Phase 1: Reconnaissance**
33
63
 
34
64
  1. Detect tech stack from package.json / go.mod / requirements.txt / Cargo.toml
@@ -45,10 +45,38 @@ $ARGUMENTS — `<category> <title> <content>` where category selects the target
45
45
  Extended types (`bug`, `pattern`, `decision`, `rule`, `validation`) are stored in the file of their closest core category but retain their specific category in the `<spec-entry>` tag.
46
46
 
47
47
  Category is determined by the first positional argument.
48
+
49
+ **Output boundary**: ALL file writes MUST target `.workflow/specs/` only. NEVER modify source code or files outside this path.
48
50
  </context>
49
51
 
52
+ <invariants>
53
+ 1. **Idempotent append** — duplicate entry ID MUST be rejected (E003-level check on title + category match before write)
54
+ 2. **Category validation** — category MUST be one of: coding, arch, quality, debug, test, review, learning, tools, bug, pattern, decision, rule, validation. Invalid category → E003
55
+ 3. **Confirmation gate** — MUST request_user_input before appending entry; NEVER write without user confirmation in interactive mode
56
+ 4. **Entry format invariance** — all entries MUST use `<spec-entry>` closed-tag format with id, keywords, and category attributes
57
+ 5. **Append-only** — MUST append to target file; NEVER overwrite or truncate existing spec content
58
+ 6. **Output boundary** — ALL file writes MUST target `.workflow/specs/` only. NEVER modify source code or files outside this path
59
+ </invariants>
60
+
50
61
  <execution>
51
62
 
63
+ ### Phase Gates (MANDATORY, BLOCKING)
64
+
65
+ **GATE 1: Parse → Validate**
66
+ - REQUIRED: Category and content both parsed from arguments.
67
+ - REQUIRED: Category is a valid value.
68
+ - BLOCKED if: E001 (missing args), E003 (invalid category).
69
+
70
+ **GATE 2: Validate → Format**
71
+ - REQUIRED: `.workflow/specs/` directory exists.
72
+ - REQUIRED: No duplicate entry with identical title + category already present in target file.
73
+ - BLOCKED if: E002 (specs not initialized).
74
+
75
+ **GATE 3: Format → Write**
76
+ - REQUIRED: `<spec-entry>` block formatted with id, keywords, category attributes.
77
+ - REQUIRED: User confirmation via request_user_input.
78
+ - BLOCKED if: user declines confirmation — abort without writing.
79
+
52
80
  ### Step 1: Parse Input
53
81
 
54
82
  Extract category (first token), title (second token or quoted string), and content (remainder) from arguments.
@@ -36,10 +36,36 @@ $spec-load "--category review"
36
36
  **--category loading**: Loads category's primary doc in full + matching entries from other files.
37
37
 
38
38
  **Keyword filtering**: When `--keyword` is provided, only entries with matching keyword in their `<spec-entry keywords="...">` attribute are returned.
39
+
40
+ **Output boundary**: This command produces NO file writes. All output is conversation-context injection only.
39
41
  </context>
40
42
 
43
+ <invariants>
44
+ 1. **Read-only** — NEVER modify, create, or delete any spec files during load. This command is purely a read operation
45
+ 2. **Output to context only** — loaded specs are injected into the conversation context; NEVER write loaded content to new files or modify existing files
46
+ 3. **Category primary doc** — when --category is specified, the primary category doc MUST be loaded in full before cross-file matching
47
+ 4. **Entry-level filtering** — --keyword filtering operates at `<spec-entry>` level via keywords attribute, NOT at file level; unmatched entries in a matching file are excluded
48
+ 5. **Graceful degradation** — if `.workflow/specs/` is missing but CLI search is available, fallback to CLI; only fail when both paths are exhausted
49
+ 6. **Output boundary** — this command produces NO file writes. All output is conversation-context injection only
50
+ </invariants>
51
+
41
52
  <execution>
42
53
 
54
+ ### Phase Gates (MANDATORY, BLOCKING)
55
+
56
+ **GATE 1: Parse → Discover**
57
+ - REQUIRED: Arguments parsed — at least one of --category or --keyword provided, or empty args triggers full load.
58
+ - BLOCKED if: invalid category value.
59
+
60
+ **GATE 2: Discover → Load**
61
+ - REQUIRED: At least one spec directory exists.
62
+ - BLOCKED if: E001 — `.workflow/specs/` not initialized and no CLI fallback available.
63
+
64
+ **GATE 3: Load → Display**
65
+ - REQUIRED: Spec files read and entries parsed.
66
+ - REQUIRED: Keyword filtering applied if --keyword was provided.
67
+ - BLOCKED if: no readable spec files found.
68
+
43
69
  ### Step 1: Validate Specs Directory
44
70
 
45
71
  Verify `.workflow/specs/` exists (E001).
@@ -53,6 +53,7 @@ $spec-map --continue "20260318-map-auth"
53
53
 
54
54
  **Output**: `.workflow/codebase/` (tech-stack.md, architecture.md, features.md, concerns.md)
55
55
 
56
+ **Output boundary**: ALL file writes MUST target `.workflow/codebase/` (output docs) and `.workflow/.csv-wave/{sessionId}/` (session state). NEVER modify source code or files outside these paths.
56
57
  </context>
57
58
 
58
59
  <csv_schema>
@@ -27,10 +27,38 @@ $ARGUMENTS — entry ID to remove (e.g., `spec-learnings-003`)
27
27
  **Flags:**
28
28
  - `--cascade` — When the target spec has a `ref` attribute linking to a knowhow document, also delete the referenced knowhow file. Without this flag, removal leaves an orphan knowhow file. Cascade checks the entry's `ref` attribute in the `<spec-entry>` tag.
29
29
  - `-y` — Skip confirmation prompt and proceed with removal immediately.
30
+
31
+ **Output boundary**: File modifications MUST target ONLY the spec container file (.workflow/specs/*.md) and optionally the referenced knowhow file (.workflow/knowhow/*) when --cascade is used. NEVER modify source code or files outside these paths.
30
32
  </context>
31
33
 
34
+ <invariants>
35
+ 1. **Confirmation required** — MUST request_user_input before deletion (unless -y flag); NEVER remove entries silently
36
+ 2. **Referential integrity** — before removing, check if other spec entries reference the target entry; warn user if references exist
37
+ 3. **Cascade explicit** — ref-type entries MUST NOT cascade-delete the linked knowhow file unless --cascade is explicitly passed; default leaves orphan knowhow intact
38
+ 4. **Atomic removal** — use `maestro wiki remove-entry` for atomic operation; NEVER manually edit spec files to remove entries
39
+ 5. **Index consistency** — wiki index MUST be auto-updated after removal; stale index entries are a hard failure
40
+ 6. **Output boundary** — file modifications MUST target ONLY the spec container file (.workflow/specs/*.md) and optionally the referenced knowhow file (.workflow/knowhow/*) when --cascade is used. NEVER modify source code or files outside these paths
41
+ </invariants>
42
+
32
43
  <execution>
33
44
 
45
+ ### Phase Gates (MANDATORY, BLOCKING)
46
+
47
+ **GATE 1: Parse → Lookup**
48
+ - REQUIRED: Entry ID parsed from arguments.
49
+ - BLOCKED if: E001 — no entry ID provided.
50
+
51
+ **GATE 2: Lookup → Confirm**
52
+ - REQUIRED: `.workflow/specs/` directory exists.
53
+ - REQUIRED: Entry found in wiki index as a spec sub-node.
54
+ - REQUIRED: Entry content loaded for user preview.
55
+ - BLOCKED if: E002 (specs not initialized), E003 (entry not found), E004 (wrong type).
56
+
57
+ **GATE 3: Confirm → Remove**
58
+ - REQUIRED: User confirmed removal via request_user_input (unless -y flag).
59
+ - REQUIRED: If --cascade and entry has ref attribute, user additionally confirmed knowhow file deletion.
60
+ - BLOCKED if: user declines — abort without modification.
61
+
34
62
  ### Step 1: Parse Input
35
63
 
36
64
  Extract entry ID from arguments.