peaks-cli 1.4.2 → 2.0.0

package/dist/src/services/audit/scanners/skills-tree-scanner.js

@@ -0,0 +1,46 @@
+/**
+ * skills-tree-scanner — walks each `skills/<name>/SKILL.md` and returns
+ * each file's raw lines for the classifier to consume.
+ *
+ * Per `static-scan-must-cover-skills-tree-not-just-src.md`, the red-line
+ * audit MUST cover the skills tree, not just `src/`. This scanner is the
+ * entry point for that coverage.
+ */
+import { existsSync, readdirSync, readFileSync } from 'node:fs';
+import { join, relative } from 'node:path';
+const SKILLS_DIR = 'skills';
+function readSkillFile(projectRoot, skillDir, file) {
+    const fullPath = join(projectRoot, SKILLS_DIR, skillDir, file);
+    if (!existsSync(fullPath))
+        return [];
+    const rel = relative(projectRoot, fullPath).split('\\').join('/');
+    const content = readFileSync(fullPath, 'utf-8');
+    const lines = content.split(/\r?\n/);
+    return lines.map((text, idx) => ({ file: rel, line: idx + 1, text }));
+}
+export function scanSkillsTree(input) {
+    const skillsRoot = join(input.projectRoot, SKILLS_DIR);
+    if (!existsSync(skillsRoot)) {
+        return { lines: [], warnings: [] };
+    }
+    const lines = [];
+    const warnings = [];
+    let entries;
+    try {
+        entries = readdirSync(skillsRoot, { withFileTypes: true });
+    }
+    catch (error) {
+        warnings.push({
+            file: SKILLS_DIR,
+            message: `readdir failed: ${error instanceof Error ? error.message : String(error)}`,
+        });
+        return { lines, warnings };
+    }
+    for (const entry of entries) {
+        if (!entry.isDirectory() || entry.name.startsWith('.'))
+            continue;
+        const skillMd = readSkillFile(input.projectRoot, entry.name, 'SKILL.md');
+        lines.push(...skillMd);
+    }
+    return { lines, warnings };
+}

package/dist/src/services/audit/static-service.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Static audit service — `peaks audit static`.
+ *
+ * Slice #6 L2.3 P2-a: soft-optional ECC AgentShield integration.
+ *
+ * Per spec §5.3, the audit framework integrates with ECC AgentShield
+ * (102 lint rules) on a soft-optional basis. When ECC is installed
+ * AND `agentShieldEnabled: true`, the audit subprocess spawns the
+ * ECC scanner and merges its findings; when either is missing, the
+ * audit completes with peaks-cli-only findings.
+ *
+ * The subprocess is **observability enhancement**, not a structural
+ * gate — every soft-fail path returns a well-formed audit report.
+ */
+import type { EnforcerFinding, RedLineAudit } from './types.js';
+export interface StaticAuditInput {
+    readonly projectRoot: string;
+    /** Override the preference for a single call. Default: read from preferences. */
+    readonly enableAgentShield?: boolean | undefined;
+    /**
+     * Optional subprocess runner injection point. Used by tests
+     * to mock `npx ecc-agentshield`. Production callers should
+     * leave this undefined; the default uses `child_process.spawnSync`.
+     */
+    readonly subprocessRunner?: SubprocessRunner | undefined;
+}
+export interface StaticAuditResult {
+    readonly audit: RedLineAudit;
+    readonly agentShield: AgentShieldState;
+    readonly warnings: readonly string[];
+}
+export interface AgentShieldState {
+    /** Whether the agent-shield subprocess was spawned. */
+    readonly spawned: boolean;
+    /** Whether ECC AgentShield is installed (regardless of whether it was spawned). */
+    readonly installed: boolean;
+    /** Why the subprocess was or was not spawned. */
+    readonly reason: 'enabled-and-installed' | 'disabled-by-preference' | 'flag-disabled' | 'flag-enabled-but-ecc-missing' | 'disabled-and-ecc-missing';
+    /** The merged ECC findings (empty if not spawned). */
+    readonly findings: readonly EnforcerFinding[];
+}
+/**
+ * Subprocess runner interface — the only seam tests need to
+ * mock the `npx ecc-agentshield` subprocess. Production callers
+ * leave `subprocessRunner` undefined; the default delegates to
+ * `child_process.spawnSync` (synchronous, captures stdout).
+ */
+export interface SubprocessRunner {
+    run(command: string, args: readonly string[], timeoutMs: number): SubprocessResult;
+}
+export interface SubprocessResult {
+    readonly status: number | null;
+    readonly stdout: string;
+    readonly stderr: string;
+    readonly error?: Error;
+}
+export declare function runStaticAudit(input: StaticAuditInput): StaticAuditResult;

package/dist/src/services/audit/static-service.js

@@ -0,0 +1,125 @@
+/**
+ * Static audit service — `peaks audit static`.
+ *
+ * Slice #6 L2.3 P2-a: soft-optional ECC AgentShield integration.
+ *
+ * Per spec §5.3, the audit framework integrates with ECC AgentShield
+ * (102 lint rules) on a soft-optional basis. When ECC is installed
+ * AND `agentShieldEnabled: true`, the audit subprocess spawns the
+ * ECC scanner and merges its findings; when either is missing, the
+ * audit completes with peaks-cli-only findings.
+ *
+ * The subprocess is **observability enhancement**, not a structural
+ * gate — every soft-fail path returns a well-formed audit report.
+ */
+import { spawnSync } from 'node:child_process';
+import { runRedLinesAudit } from './red-lines-service.js';
+import { loadPreferences } from '../preferences/preferences-service.js';
+const ECC_DETECT_TIMEOUT_MS = 5000;
+const ECC_SCAN_TIMEOUT_MS = 30000;
+const defaultSubprocessRunner = {
+    run(command, args, timeoutMs) {
+        try {
+            const r = spawnSync(command, args, {
+                timeout: timeoutMs,
+                encoding: 'utf8',
+                stdio: ['ignore', 'pipe', 'pipe'],
+                maxBuffer: 16 * 1024 * 1024,
+            });
+            return {
+                status: r.status,
+                stdout: r.stdout ?? '',
+                stderr: r.stderr ?? '',
+            };
+        }
+        catch (err) {
+            return {
+                status: null,
+                stdout: '',
+                stderr: '',
+                error: err,
+            };
+        }
+    },
+};
+function isEccInstalled(runner) {
+    const result = runner.run('npx', ['ecc-agentshield', '--version'], ECC_DETECT_TIMEOUT_MS);
+    if (result.error)
+        return false;
+    return result.status === 0;
+}
+function runEccScan(projectRoot, runner) {
+    try {
+        // Per spec §7.2 line 828: the canonical ECC subprocess call uses
+        // `--target <path>`, NOT `--project`. The peaks-cli CLI flag
+        // (`peaks audit static --project <path>`) follows peaks-cli
+        // convention; the inner ecc-agentshield call follows the
+        // upstream ECC contract.
+        const result = runner.run('npx', ['ecc-agentshield', 'scan', '--json', '--target', projectRoot], ECC_SCAN_TIMEOUT_MS);
+        if (result.error || result.status !== 0)
+            return [];
+        const stdout = result.stdout;
+        let parsed;
+        try {
+            parsed = JSON.parse(stdout);
+        }
+        catch {
+            return [];
+        }
+        if (!parsed.findings)
+            return [];
+        return parsed.findings.map((f, idx) => ({
+            enforcerId: `ecc-agentshield:${f.ruleId ?? `unknown-${idx}`}`,
+            rule: f.rule ?? 'ECC AgentShield rule',
+            severity: f.severity ?? 'warn',
+            file: f.file ?? '(unknown)',
+            detail: f.detail ?? '',
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+export function runStaticAudit(input) {
+    // Read the project-local preferences; the CLI flag overrides.
+    const prefs = loadPreferences(input.projectRoot);
+    const prefEnabled = prefs.agentShieldEnabled;
+    const flagEnabled = input.enableAgentShield;
+    const runner = input.subprocessRunner ?? defaultSubprocessRunner;
+    // Resolve the effective "should spawn" decision.
+    // flagEnabled (CLI override) > preference > false
+    const shouldSpawn = flagEnabled ?? prefEnabled;
+    // Detect ECC.
+    const installed = isEccInstalled(runner);
+    const warnings = [];
+    let state;
+    if (!shouldSpawn) {
+        // Disabled path — no subprocess, no warnings.
+        const reason = flagEnabled === false
+            ? 'flag-disabled'
+            : 'disabled-by-preference';
+        state = { spawned: false, installed, reason, findings: [] };
+    }
+    else if (!installed) {
+        // Enabled but ECC missing — soft-fail with a warning.
+        warnings.push('agentShieldEnabled is true but `npx ecc-agentshield --version` failed. ' +
+            'Run `npx ecc-agentshield --help` to install. Audit ran with peaks-cli findings only.');
+        state = { spawned: false, installed: false, reason: 'flag-enabled-but-ecc-missing', findings: [] };
+    }
+    else {
+        // Enabled and installed — spawn the subprocess.
+        const findings = runEccScan(input.projectRoot, runner);
+        state = { spawned: true, installed: true, reason: 'enabled-and-installed', findings };
+    }
+    // Always run the peaks-cli lint layer; merge ECC findings.
+    const peaksResult = runRedLinesAudit({ projectRoot: input.projectRoot });
+    const mergedAudit = {
+        ...peaksResult.audit,
+        enforcerFindings: [...peaksResult.audit.enforcerFindings, ...state.findings],
+    };
+    return {
+        audit: mergedAudit,
+        agentShield: state,
+        warnings,
+    };
+}

package/dist/src/services/audit/types.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Red-line audit framework — types.
+ *
+ * Spec: docs/superpowers/specs/2026-06-11-peaks-cli-l1-l2-l3-redesign.md §5
+ * PRD:  .peaks/_runtime/2026-06-11-session-f0312d/prd/requests/001-001-l2-1-redlines-audit.md
+ * OpenSpec: openspec/changes/2026-06-11-l2-1-redlines-audit/
+ *
+ * The audit framework classifies MANDATORY / BLOCKING / MUST NOT / RED LINE
+ * markers across skills/, .claude/rules/, and openspec/changes/. Each
+ * discovered red line is tagged with its backing (cli-backed / partial /
+ * prose-only) so the L2 redesign can track the prose-only ratio over time.
+ */
+export type RedLineMarker = 'MANDATORY' | 'BLOCKING' | 'MUST NOT' | 'RED LINE';
+export type RedLineBacking = 'cli-backed' | 'partial' | 'prose-only';
+export interface RedLineSource {
+    /** Path relative to project root, posix-style (forward slashes). */
+    readonly file: string;
+    readonly line: number;
+    readonly marker: RedLineMarker;
+    /** ±2 lines of surrounding context for human review. */
+    readonly context: string;
+}
+export interface RedLineEntry {
+    /** Stable id, e.g. "rl-solo-code-ban-001". */
+    readonly id: string;
+    /** Human-readable rule name, e.g. "Solo Code-Change Red Line". */
+    readonly rule: string;
+    readonly source: RedLineSource;
+    readonly backing: RedLineBacking;
+    /** Relative path to the enforcement file, or null when prose-only. */
+    readonly enforcerRef: string | null;
+}
+export interface RedLineAudit {
+    readonly totalRedLines: number;
+    readonly cliBacked: number;
+    readonly partial: number;
+    readonly proseOnly: number;
+    readonly audit: readonly RedLineEntry[];
+    /** Findings from running the 7 file-system enforcers during the scan (L2.4 P2-b). */
+    readonly enforcerFindings: readonly EnforcerFinding[];
+}
+/**
+ * Enforcer finding — emitted by an enforcer function that runs as part
+ * of the audit scan. Distinct from `RedLineEntry` (which is catalog-matched
+ * markdown text). L2.4 P2-b ships this dimension: the audit framework
+ * actually invokes the 7 file-system enforcers during a scan, not just
+ * catalogs them.
+ */
+export type EnforcerFindingSeverity = 'pass' | 'warn' | 'fail';
+export interface EnforcerFinding {
+    readonly enforcerId: string;
+    readonly rule: string;
+    readonly severity: EnforcerFindingSeverity;
+    readonly file: string;
+    readonly detail: string;
+}
+/**
+ * A single markdown line discovered by a tree scanner. The classifier turns
+ * these into RedLineEntry by matching against the red-line catalog.
+ */
+export interface MarkdownLine {
+    readonly file: string;
+    readonly line: number;
+    readonly text: string;
+}
+export interface ScanWarning {
+    readonly file: string;
+    readonly message: string;
+}

package/dist/src/services/audit/types.js

@@ -0,0 +1,13 @@
+/**
+ * Red-line audit framework — types.
+ *
+ * Spec: docs/superpowers/specs/2026-06-11-peaks-cli-l1-l2-l3-redesign.md §5
+ * PRD:  .peaks/_runtime/2026-06-11-session-f0312d/prd/requests/001-001-l2-1-redlines-audit.md
+ * OpenSpec: openspec/changes/2026-06-11-l2-1-redlines-audit/
+ *
+ * The audit framework classifies MANDATORY / BLOCKING / MUST NOT / RED LINE
+ * markers across skills/, .claude/rules/, and openspec/changes/. Each
+ * discovered red line is tagged with its backing (cli-backed / partial /
+ * prose-only) so the L2 redesign can track the prose-only ratio over time.
+ */
+export {};

package/dist/src/services/classify/classify-service.d.ts

@@ -0,0 +1,42 @@
+/**
+ * L1a task classification service.
+ *
+ * Spec: docs/superpowers/specs/2026-06-11-peaks-cli-l1-l2-l3-redesign.md §4
+ *
+ * Hybrid mechanism: signal-based heuristic + user override + audit log.
+ *
+ * Signal rules (per the spec, conservative defaults):
+ *   - filesChanged >= feature_threshold_files OR linesChanged >= feature_threshold_lines
+ *     AND touchesDependencies → 'migration'
+ *   - touchesMigrationScripts → 'migration'
+ *   - isPureRefactor AND linesChanged > 50 → 'refactor'
+ *   - filesChanged >= feature_threshold_files OR linesChanged >= feature_threshold_lines
+ *     → 'feature'
+ *   - keywords contains 'fix' / 'bug' / 'broken' → 'bug'
+ *   - filesChanged <= 3 AND linesChanged <= 5 → 'typo'
+ *   - default → 'bug' (mid-low)
+ *
+ * Conservatism:
+ *   - 'strict' promotes the result by one level
+ *   - 'lax' demotes the result by one level
+ *   - 'default' leaves it as-is
+ *
+ * Override (the user can force a level):
+ *   - `peaks classify override --level <level> --reason "<text>"` writes
+ *     to the audit log; cannot be downgraded (per spec: downgrade
+ *     is always refused)
+ */
+import { type ClassifyResult, type ClassifySignals, type TaskLevel } from './classify-types.js';
+import type { ClassifyConservatism } from '../preferences/preferences-types.js';
+export interface ClassifyInput {
+    readonly signals: ClassifySignals;
+    readonly conservatism: ClassifyConservatism;
+    /** When set, force the level (bypasses the heuristic). */
+    readonly override?: {
+        level: TaskLevel;
+        reason: string;
+    };
+    /** Optional clock for testability. */
+    readonly clock?: () => string;
+}
+export declare function classifyTask(input: ClassifyInput, featureThresholdFiles?: number, featureThresholdLines?: number): ClassifyResult;

package/dist/src/services/classify/classify-service.js

@@ -0,0 +1,122 @@
+/**
+ * L1a task classification service.
+ *
+ * Spec: docs/superpowers/specs/2026-06-11-peaks-cli-l1-l2-l3-redesign.md §4
+ *
+ * Hybrid mechanism: signal-based heuristic + user override + audit log.
+ *
+ * Signal rules (per the spec, conservative defaults):
+ *   - filesChanged >= feature_threshold_files OR linesChanged >= feature_threshold_lines
+ *     AND touchesDependencies → 'migration'
+ *   - touchesMigrationScripts → 'migration'
+ *   - isPureRefactor AND linesChanged > 50 → 'refactor'
+ *   - filesChanged >= feature_threshold_files OR linesChanged >= feature_threshold_lines
+ *     → 'feature'
+ *   - keywords contains 'fix' / 'bug' / 'broken' → 'bug'
+ *   - filesChanged <= 3 AND linesChanged <= 5 → 'typo'
+ *   - default → 'bug' (mid-low)
+ *
+ * Conservatism:
+ *   - 'strict' promotes the result by one level
+ *   - 'lax' demotes the result by one level
+ *   - 'default' leaves it as-is
+ *
+ * Override (the user can force a level):
+ *   - `peaks classify override --level <level> --reason "<text>"` writes
+ *     to the audit log; cannot be downgraded (per spec: downgrade
+ *     is always refused)
+ */
+import { TASK_LEVELS, TASK_LEVEL_GATE_SETS, TASK_LEVEL_ORDER, } from './classify-types.js';
+const FEATURE_KEYWORDS = ['fix', 'bug', 'broken', 'crash', 'regression'];
+const MIGRATION_KEYWORDS = ['migrate', 'migration', 'codemod', 'backfill', 'schema', 'bump'];
+const REFACTOR_KEYWORDS = ['refactor', 'rename', 'extract', 'inline', 'cleanup'];
+function detectLevel(signals, featureThresholdFiles, featureThresholdLines) {
+    // 1. Migration takes priority.
+    if (signals.touchesMigrationScripts)
+        return 'migration';
+    const lower = signals.keywords.map((k) => k.toLowerCase());
+    if (signals.touchesDependencies && lower.some((k) => MIGRATION_KEYWORDS.includes(k))) {
+        return 'migration';
+    }
+    if (signals.touchesDependencies)
+        return 'migration';
+    if (signals.touchesDependencies === false && signals.isPureRefactor && signals.linesChanged > 50) {
+        return 'refactor';
+    }
+    if (lower.some((k) => REFACTOR_KEYWORDS.includes(k)) && signals.isPureRefactor) {
+        return 'refactor';
+    }
+    // 2. Feature threshold.
+    if (signals.filesChanged >= featureThresholdFiles || signals.linesChanged >= featureThresholdLines) {
+        return 'feature';
+    }
+    // 3. Bug-fix keywords.
+    if (lower.some((k) => FEATURE_KEYWORDS.includes(k))) {
+        return 'bug';
+    }
+    // 4. Small diff: typo.
+    if (signals.filesChanged <= 3 && signals.linesChanged <= 5) {
+        return 'typo';
+    }
+    // 5. Default: bug (mid-low).
+    return 'bug';
+}
+function applyConservatism(level, conservatism) {
+    if (conservatism === 'default')
+        return level;
+    const order = TASK_LEVEL_ORDER[level];
+    const index = TASK_LEVELS.indexOf(level);
+    if (conservatism === 'strict') {
+        const next = Math.min(index + 1, TASK_LEVELS.length - 1);
+        return TASK_LEVELS[next] ?? level;
+    }
+    // 'lax'
+    const prev = Math.max(index - 1, 0);
+    return TASK_LEVELS[prev] ?? level;
+}
+function buildRationale(signals, level, overrideApplied) {
+    if (overrideApplied)
+        return `level forced via override`;
+    const parts = [];
+    parts.push(`${signals.filesChanged} file(s), ${signals.linesChanged} line(s)`);
+    if (signals.touchesMigrationScripts)
+        parts.push('touches migration scripts');
+    if (signals.touchesDependencies)
+        parts.push('touches dependencies');
+    if (signals.isPureRefactor)
+        parts.push('pure refactor (no behavior change)');
+    if (signals.keywords.length > 0)
+        parts.push(`keywords: ${signals.keywords.join(', ')}`);
+    parts.push(`→ ${level}`);
+    return parts.join('; ');
+}
+export function classifyTask(input, featureThresholdFiles = 10, featureThresholdLines = 100) {
+    const heuristicLevel = detectLevel(input.signals, featureThresholdFiles, featureThresholdLines);
+    let finalLevel;
+    let overrideApplied = false;
+    if (input.override !== undefined) {
+        finalLevel = input.override.level;
+        overrideApplied = true;
+    }
+    else {
+        finalLevel = applyConservatism(heuristicLevel, input.conservatism);
+    }
+    const gateSet = TASK_LEVEL_GATE_SETS[finalLevel];
+    const rationale = buildRationale(input.signals, finalLevel, overrideApplied);
+    const timestamp = (input.clock ?? (() => new Date().toISOString()))();
+    const audit = {
+        timestamp,
+        inputs: input.signals,
+        output: finalLevel,
+        conservatism: input.conservatism,
+        overrideApplied,
+        reason: input.override?.reason ?? rationale,
+    };
+    return {
+        level: finalLevel,
+        signals: input.signals,
+        rationale,
+        gateSet,
+        audit,
+    };
+}

package/dist/src/services/classify/classify-types.d.ts

@@ -0,0 +1,79 @@
+/**
+ * L1a task classification — types and per-level gate sets.
+ *
+ * Spec: docs/superpowers/specs/2026-06-11-peaks-cli-l1-l2-l3-redesign.md §4
+ *
+ * Five task levels: typo / bug / feature / refactor / migration. Each
+ * level has a gate set (the "配套 gate set" — L1b) that the slice
+ * checker runs. Higher levels = more gates = slower but safer.
+ *
+ * The classification is a HYBRID mechanism:
+ *   1. Heuristic signal (file count, line count, keyword presence)
+ *   2. User override (`peaks classify override --level <level> --reason "<>"`)
+ *   3. Audit log of every classification (forensics)
+ *
+ * Conservatism modifier (per .peaks/preferences.json:classifyConservatism):
+ *   - 'default' — use the signal thresholds as-is
+ *   - 'strict'  — always upgrade to next level
+ *   - 'lax'     — always downgrade to previous level
+ */
+export type TaskLevel = 'typo' | 'bug' | 'feature' | 'refactor' | 'migration';
+export declare const TASK_LEVELS: readonly TaskLevel[];
+/** Numeric ordering for "next level" / "previous level" promotion. */
+export declare const TASK_LEVEL_ORDER: Readonly<Record<TaskLevel, number>>;
+export interface ClassifySignals {
+    /** Number of files changed in the diff. */
+    readonly filesChanged: number;
+    /** Number of lines added + removed in the diff. */
+    readonly linesChanged: number;
+    /** Whether the diff includes dependency files (package.json, etc.). */
+    readonly touchesDependencies: boolean;
+    /** Whether the diff includes migration scripts / codemods. */
+    readonly touchesMigrationScripts: boolean;
+    /** Whether the diff is mostly renames / formatting / comment changes. */
+    readonly isPureRefactor: boolean;
+    /** Keywords found in the change description or commit message. */
+    readonly keywords: readonly string[];
+}
+/** The gate set that runs for a given task level (L1b). */
+export interface TaskLevelGateSet {
+    readonly level: TaskLevel;
+    /** Human-readable description. */
+    readonly description: string;
+    /** Which slice-check stages run at this level. */
+    readonly stages: readonly string[];
+    /** Whether PRD is required at this level. */
+    readonly requiresPrd: boolean;
+    /** Whether a tech-doc is required at this level. */
+    readonly requiresTechDoc: boolean;
+    /** Whether a code review is required at this level. */
+    readonly requiresCodeReview: boolean;
+    /** Whether a security review is required at this level. */
+    readonly requiresSecurityReview: boolean;
+    /** Whether a perf baseline is required at this level. */
+    readonly requiresPerfBaseline: boolean;
+    /** Whether the slice must transition through QA handoff. */
+    readonly requiresQaHandoff: boolean;
+    /** Whether the user must explicitly confirm destructive paths. */
+    readonly requiresDestructiveConfirmation: boolean;
+}
+export declare const TASK_LEVEL_GATE_SETS: Readonly<Record<TaskLevel, TaskLevelGateSet>>;
+/** Result of a classification (deterministic given signals + conservatism). */
+export interface ClassifyResult {
+    readonly level: TaskLevel;
+    readonly signals: ClassifySignals;
+    /** Why this level was chosen (1-2 sentence explanation). */
+    readonly rationale: string;
+    /** The gate set that will run for this level. */
+    readonly gateSet: TaskLevelGateSet;
+    /** The audit log entry (every classification is logged). */
+    readonly audit: ClassifyAuditEntry;
+}
+export interface ClassifyAuditEntry {
+    readonly timestamp: string;
+    readonly inputs: ClassifySignals;
+    readonly output: TaskLevel;
+    readonly conservatism: 'default' | 'strict' | 'lax';
+    readonly overrideApplied: boolean;
+    readonly reason: string;
+}

package/dist/src/services/classify/classify-types.js

@@ -0,0 +1,90 @@
+/**
+ * L1a task classification — types and per-level gate sets.
+ *
+ * Spec: docs/superpowers/specs/2026-06-11-peaks-cli-l1-l2-l3-redesign.md §4
+ *
+ * Five task levels: typo / bug / feature / refactor / migration. Each
+ * level has a gate set (the "配套 gate set" — L1b) that the slice
+ * checker runs. Higher levels = more gates = slower but safer.
+ *
+ * The classification is a HYBRID mechanism:
+ *   1. Heuristic signal (file count, line count, keyword presence)
+ *   2. User override (`peaks classify override --level <level> --reason "<>"`)
+ *   3. Audit log of every classification (forensics)
+ *
+ * Conservatism modifier (per .peaks/preferences.json:classifyConservatism):
+ *   - 'default' — use the signal thresholds as-is
+ *   - 'strict'  — always upgrade to next level
+ *   - 'lax'     — always downgrade to previous level
+ */
+export const TASK_LEVELS = ['typo', 'bug', 'feature', 'refactor', 'migration'];
+/** Numeric ordering for "next level" / "previous level" promotion. */
+export const TASK_LEVEL_ORDER = {
+    typo: 0,
+    bug: 1,
+    feature: 2,
+    refactor: 3,
+    migration: 4,
+};
+export const TASK_LEVEL_GATE_SETS = {
+    typo: {
+        level: 'typo',
+        description: 'Single-line fix: typo, comment, formatting. No new logic.',
+        stages: ['typecheck', 'lint'],
+        requiresPrd: false,
+        requiresTechDoc: false,
+        requiresCodeReview: false,
+        requiresSecurityReview: false,
+        requiresPerfBaseline: false,
+        requiresQaHandoff: false,
+        requiresDestructiveConfirmation: false,
+    },
+    bug: {
+        level: 'bug',
+        description: 'Bug fix: existing behavior wrong, patched in 1-3 files.',
+        stages: ['typecheck', 'unit-tests', 'lint'],
+        requiresPrd: false,
+        requiresTechDoc: false,
+        requiresCodeReview: true,
+        requiresSecurityReview: false,
+        requiresPerfBaseline: false,
+        requiresQaHandoff: false,
+        requiresDestructiveConfirmation: false,
+    },
+    feature: {
+        level: 'feature',
+        description: 'New feature: new behavior, new files, new tests.',
+        stages: ['typecheck', 'unit-tests', 'lint', 'review-fanout', 'gate-verify-pipeline'],
+        requiresPrd: true,
+        requiresTechDoc: true,
+        requiresCodeReview: true,
+        requiresSecurityReview: true,
+        requiresPerfBaseline: true,
+        requiresQaHandoff: true,
+        requiresDestructiveConfirmation: true,
+    },
+    refactor: {
+        level: 'refactor',
+        description: 'Refactor: behavior-preserving structural change.',
+        stages: ['typecheck', 'unit-tests', 'lint', 'review-fanout'],
+        requiresPrd: false,
+        requiresTechDoc: true,
+        requiresCodeReview: true,
+        requiresSecurityReview: true,
+        requiresPerfBaseline: false,
+        requiresQaHandoff: true,
+        requiresDestructiveConfirmation: false,
+    },
+    migration: {
+        level: 'migration',
+        description: 'Migration: codemod, schema change, data backfill, dependency upgrade.',
+        stages: ['typecheck', 'unit-tests', 'lint', 'review-fanout', 'gate-verify-pipeline', 'backward-compat'],
+        requiresPrd: true,
+        requiresTechDoc: true,
+        requiresCodeReview: true,
+        requiresSecurityReview: true,
+        requiresPerfBaseline: true,
+        requiresQaHandoff: true,
+        requiresDestructiveConfirmation: true,
+    },
+};