project-tiny-context-harness 0.2.71 → 0.2.73
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -7
- package/assets/README.md +8 -8
- package/assets/README.zh-CN.md +2 -2
- package/assets/skills/normal-long-task/SKILL.md +10 -7
- package/assets/skills/superpowers-long-task/SKILL.md +125 -26
- package/dist/lib/plan-acceptance-evidence.d.ts +1 -0
- package/dist/lib/plan-acceptance-evidence.js +68 -0
- package/dist/lib/plan-acceptance-validator.js +4 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -94,9 +94,9 @@ For ordinary target-mode preparation, a two-document upstream input remains enou
|
|
|
94
94
|
|
|
95
95
|
The ordinary long-task path uses `/normal-long-task`. It is the non-Superpowers acceptance pass: it can generate or reuse the full acceptance checklist and can produce a generic target-mode prompt.
|
|
96
96
|
|
|
97
|
-
The Superpowers long-task path uses `/superpowers-long-task` when three inputs already exist: `Product / Architecture Source`, `Technical Realization Plan` and `Acceptance Checklist`. The product/architecture source preserves original intent and scope; the technical realization plan is the execution blueprint and plan-conformance source; the checklist is the acceptance authority. Two-document compatibility is allowed only when the first document clearly contains both product/architecture source and technical realization plan sections. If only a product/architecture source and checklist exist, the Skill stops for a missing `Technical Realization Plan` instead of generating one. The prompt is Tiny Context's adapter layer, not a Superpowers official schema. It requires `Product Context Delta` and `Technical Context Delta` checks before implementation, a `plan-conformance-matrix.*` process trace for implementation drift and a final AC-by-AC `final-acceptance-verdict.*` before completion.
|
|
98
|
-
|
|
99
|
-
The recommended Superpowers layer is the specific [obra/Superpowers](https://github.com/obra/superpowers) plugin/workflow, not a generic planning substitute. Use `superpowers:writing-plans` when the target-mode prompt or source plan still needs bite-sized implementation tasks, then prefer `superpowers:subagent-driven-development` when subagents are available and `superpowers:executing-plans` otherwise. Behavior changes should use `superpowers:test-driven-development`, and completion claims should use `superpowers:verification-before-completion` against both the plan-conformance matrix and final acceptance verdict, followed by `ty-context validate-plan-acceptance <dir>`.
|
|
97
|
+
The Superpowers long-task path uses `/superpowers-long-task` when three inputs already exist: `Product / Architecture Source`, `Technical Realization Plan` and `Acceptance Checklist`. The product/architecture source preserves original intent and scope; the technical realization plan is the execution blueprint and plan-conformance source; the checklist is the acceptance authority. Two-document compatibility is allowed only when the first document clearly contains both product/architecture source and technical realization plan sections. If only a product/architecture source and checklist exist, the Skill stops for a missing `Technical Realization Plan` instead of generating one. The prompt is Tiny Context's adapter layer, not a Superpowers official schema. It requires `Product Context Delta` and `Technical Context Delta` checks before implementation, a `plan-conformance-matrix.*` process trace for implementation drift and a final AC-by-AC `final-acceptance-verdict.*` before completion. Complete acceptance rows are treated as externally reviewable evidence claims: the checklist supplies the proof chain, fresh evidence must satisfy every required layer, and material drift, missing layers or unapproved sibling substitution prevent `complete`. Goal-mode wording separates `audit_task_complete`, `acceptance_target_status` and `product_goal_complete`: implementation / execution goals complete only at `product_goal_complete=true`; read-only audit goals may end at `audit_task_complete`, but a non-accepted verdict says `Audit workflow completed; acceptance target not complete.` and does not use unqualified `Goal achieved` or `update_goal(status="complete")` as acceptance of the user target.
|
|
98
|
+
|
|
99
|
+
The recommended Superpowers layer is the specific [obra/Superpowers](https://github.com/obra/superpowers) plugin/workflow, not a generic planning substitute. Use `superpowers:writing-plans` when the target-mode prompt or source plan still needs bite-sized implementation tasks, then prefer `superpowers:subagent-driven-development` when subagents are available and `superpowers:executing-plans` otherwise. Behavior changes should use `superpowers:test-driven-development`, and completion claims should use `superpowers:verification-before-completion` against both the plan-conformance matrix and final acceptance verdict, followed by `ty-context validate-plan-acceptance <dir>`. When subagents are available, the target prompt asks for a read-only auditor pass after self-evidence and validator checks; the auditor finds gaps but does not become proof.
|
|
100
100
|
|
|
101
101
|
The reason is drift control. The workflow contract plus Context layer is intentionally a soft constraint. It works well for short tasks, and Context can still capture the expected facts for long tasks, but long execution makes the Context-to-code step drift as the context window grows, work is handed off, subagents split scope or validation loops multiply. A product/architecture source, technical realization plan, acceptance checklist, explicit long-task Skill invocation, target-mode prompt, plan-conformance matrix, final acceptance verdict and optional Superpowers execution layer make implementation conformance and completion evidence recoverable without restoring a phase-gated workflow.
|
|
102
102
|
|
|
@@ -153,7 +153,7 @@ npm ci
|
|
|
153
153
|
npm run smoke:quickstart
|
|
154
154
|
npm run preview:pack
|
|
155
155
|
cd /path/to/your/test-repo
|
|
156
|
-
npm install -D /path/to/project-tiny-context-harness/tmp/ty-context/source-preview/package/project-tiny-context-harness-0.2.
|
|
156
|
+
npm install -D /path/to/project-tiny-context-harness/tmp/ty-context/source-preview/package/project-tiny-context-harness-0.2.73.tgz
|
|
157
157
|
npx --no-install ty-context init --adopt
|
|
158
158
|
make validate-context
|
|
159
159
|
```
|
|
@@ -268,7 +268,7 @@ Use `npx --no-install ty-context ...` only when you explicitly want the already
|
|
|
268
268
|
| Full project context export Skill | `<harnessRoot>/skills/context_full_project_export/SKILL.md` | Handles explicit full-project, project-overall, Source Pack or code-level export requests and uses `export-context --source-pack`, `--code-index`, `--task-context`, `--all`, `--full` or `--code` to create temporary artifacts under `tmp/ty-context/context-exports/**`. |
|
|
269
269
|
| Harness upgrade Skill | `<harnessRoot>/skills/context_harness_upgrade/SKILL.md` | Handles explicit Tiny Context / Project Tiny Context Harness upgrade requests such as “upgrade Tiny Context” and “use the Tiny Context upgrade skill to upgrade this project”; it runs the canonical `upgrade` path, handles only migration-scoped `manual_required` / `blocked` follow-up, then runs diagnostics. |
|
|
270
270
|
| Ordinary long-task Skill | `<harnessRoot>/skills/normal-long-task/SKILL.md` | Invoke as `/normal-long-task` to turn a referenced plan, RFC, implementation proposal or two-document upstream input into a falsifiable acceptance checklist and optional generic paste-ready goal/target-mode prompt under `tmp/ty-context/plan-acceptance/**`; if the plan already contains an explicit concrete checklist, the Skill reuses it verbatim in the separate full-checklist file; compact summaries are only navigation/priority, but the Skill does not execute the plan or prove completion. |
|
|
271
|
-
| Superpowers long-task Skill | `<harnessRoot>/skills/superpowers-long-task/SKILL.md` | Invoke as `/superpowers-long-task` when Product / Architecture Source, Technical Realization Plan and Acceptance Checklist exist and Superpowers execution is needed. It emits a Superpowers-specific prompt with Context Delta checks and the official workflow skill names, requires a plan-conformance matrix
|
|
271
|
+
| Superpowers long-task Skill | `<harnessRoot>/skills/superpowers-long-task/SKILL.md` | Invoke as `/superpowers-long-task` when Product / Architecture Source, Technical Realization Plan and Acceptance Checklist exist and Superpowers execution is needed. It emits a Superpowers-specific prompt with Context Delta checks and the official workflow skill names, requires a plan-conformance matrix, final acceptance verdict and externally reviewable evidence discipline during execution, and stops when required input fields are missing. It is not a Superpowers official schema and does not generate the technical plan, checklist or execute the plan. |
|
|
272
272
|
| Project-local Skills | `<harnessRoot>/skills/<role>/SKILL.md` | Optional local product/design/development Skills created by the project, such as `product_plan`, `uiux_design` or `development_engineer`. They supersede package-managed default Skills when more specific, are not overwritten by `sync`, and should keep front matter trigger keywords aligned with the project `AGENTS.md` role-trigger rule. |
|
|
273
273
|
| Managed file sync | `make ty-context-sync` or `npx --yes --package project-tiny-context-harness@latest ty-context sync` | Refreshes package-managed guidance, default Skills, Makefile include, context templates, tools and workflow YAML. It does not run migrations or perform semantic Context generation; it may block only direct asset-refresh safety issues such as invalid managed blocks or deprecated managed Skill overrides. |
|
|
274
274
|
| Upgrade | `make ty-context-upgrade` or `npx --yes --package project-tiny-context-harness@latest ty-context upgrade` | Use for releases marked `upgrade-required` or `manual-required`. Builds an upgrade plan, stops before writes when `blocked` items exist, otherwise applies `safe_pending` migrations, runs `sync` and `doctor`, and exits non-zero when manual follow-up or diagnostics remain. |
|
|
@@ -284,7 +284,7 @@ Use `npx --no-install ty-context ...` only when you explicitly want the already
|
|
|
284
284
|
| Harness validation | `make validate-harness` | Composite gate for `validate-context` and `validate-code-modularity`. |
|
|
285
285
|
| Context validation | `npx --yes --package project-tiny-context-harness@latest ty-context validate-context`, `make validate-context` | Checks required project recovery fields, Context graph metadata, declared paths/roles and fake test-execution claims. |
|
|
286
286
|
| Plan contract validation | `npx --yes --package project-tiny-context-harness@latest ty-context validate-plan-contract <plan.md\|dir>` | Checks Source-to-Context Coverage and Context-to-Implementation Binding for structural consistency, referenced path existence and weak-proof complete/bound contradictions. |
|
|
287
|
-
| Plan acceptance validation | `npx --yes --package project-tiny-context-harness@latest ty-context validate-plan-acceptance <dir>` | Checks long-task plan-conformance matrix and final verdict JSON for contradictory complete claims, dangling evidence references, weak-proof complete rows, missing plan/AC cross-references and declared surface/architecture binding gaps. |
|
|
287
|
+
| Plan acceptance validation | `npx --yes --package project-tiny-context-harness@latest ty-context validate-plan-acceptance <dir>` | Checks long-task plan-conformance matrix and final verdict JSON for contradictory complete claims, dangling evidence references, weak-proof complete rows, missing proof layers, material/critical drift, unapproved sibling substitution, blocking auditor findings, missing plan/AC cross-references and declared surface/architecture binding gaps. |
|
|
288
288
|
| Diagnostics | `make ty-context-doctor` or `npx --yes --package project-tiny-context-harness@latest ty-context doctor` | Reports Harness root, package version, schema version and required Minimal Context paths. |
|
|
289
289
|
| Package source checks | `ty-context package sync-source`, `ty-context package check-source` | Maintainer-only commands for keeping package canonical assets aligned with the source workspace. |
|
|
290
290
|
|
|
@@ -294,7 +294,7 @@ Technical architecture support is a Minimal Context capability: use restrained `
|
|
|
294
294
|
|
|
295
295
|
For long-running plans, RFCs or implementation proposals, invoke `/normal-long-task` to turn a plan plus relevant Context into a falsifiable acceptance checklist and an optional generic paste-ready goal/target-mode prompt. It also supports a two-document upstream input from Web GPT or another external planner: `Development Plan` for execution direction and `Acceptance and Tests` for target-mode acceptance input. If the plan already contains an explicit concrete acceptance checklist, the Skill copies that checklist verbatim into a separate full-checklist file instead of generating a competing checklist. The two-document packet path is strict mode: when required fields cannot be fully parsed from both documents, the Skill preserves the inputs, reports the missing fields, and stops without generating a checklist or goal/target-mode prompt. It is one pre-execution acceptance pass, not a task planner or workflow engine: it stores temporary inputs under `tmp/ty-context/plan-acceptance/**`, asks for confirmation when durable assumptions are unclear, and leaves execution evidence to the future executor, tests, CI, review or human acceptance. The generated prompt may require a local audit under the same temporary directory so future sessions can recover acceptance progress; that audit is not Context, not a quality proof and not a replacement for the project's Tiny Context workflow contract. When the prompt references a full checklist, that checklist is the acceptance authority; compact prompt text is only navigation, priority and recovery guidance.
|
|
296
296
|
|
|
297
|
-
When the next step explicitly needs Superpowers, invoke `/superpowers-long-task` on the Product / Architecture Source, Technical Realization Plan and Acceptance Checklist. It emits the `Superpowers input packet` and execution binding so the future executor sees which inputs feed Context Delta assessment, `superpowers:writing-plans`, `superpowers:subagent-driven-development`, `superpowers:executing-plans`, TDD, `superpowers:verification-before-completion`, local audit, `plan-conformance-matrix
|
|
297
|
+
When the next step explicitly needs Superpowers, invoke `/superpowers-long-task` on the Product / Architecture Source, Technical Realization Plan and Acceptance Checklist. It emits the `Superpowers input packet` and execution binding so the future executor sees which inputs feed Context Delta assessment, `superpowers:writing-plans`, `superpowers:subagent-driven-development`, `superpowers:executing-plans`, TDD, `superpowers:verification-before-completion`, local audit, `plan-conformance-matrix.*`, `final-acceptance-verdict.*`, proof-chain evidence and optional auditor review. This is Tiny Context's adapter layer, not a Superpowers official schema. It cannot replace `/normal-long-task` for ordinary checklist preparation, and it does not derive a technical plan from a product plan; a two-document packet is accepted only when the first document explicitly contains both product/architecture source and technical realization plan sections. `validate-plan-acceptance` is still a structural validator, not a product-quality proof; a subagent auditor is an extra gap-finding pass on top of executor self-evidence and validator checks, not a replacement for either. The generated prompt also disambiguates `audit_task_complete`, `acceptance_target_status` and `product_goal_complete`; implementation / execution goals finish only at `product_goal_complete=true`, while a read-only audit goal can end at `audit_task_complete` only with a non-accepted verdict reported as `Audit workflow completed; acceptance target not complete.`, not as `Goal achieved`.
|
|
298
298
|
|
|
299
299
|
For Product Surface work, `context_surface_contract` turns broad product/page/UI principles into project-owned surface responsibilities. A Product Surface can be a Web page, mobile screen, desktop window, game UI/HUD/menu, CLI/TUI output, extension UI or embedded/device interface. Cross-surface contracts use the existing `contract` role; area-owned screen facts stay in `area` or `subdomain`; repeatable validation paths use `verification`. The Harness does not add a new surface-specific role or create business surface contracts during `init` or `upgrade`. Product Surface Context authoring is not a default product-quality validator; plan validators only check declared temporary surface bindings for structural consistency. Projects that want mandatory task blocks should add a separate project-local Skill, while `product-surface-contract.md` is only a compact managed template for optional Context authoring.
|
|
300
300
|
|
package/assets/README.md
CHANGED
|
@@ -94,7 +94,7 @@ That smoke packs the local workspace, installs it into a disposable repo, runs `
|
|
|
94
94
|
```sh
|
|
95
95
|
npm run preview:pack
|
|
96
96
|
cd /path/to/your/test-repo
|
|
97
|
-
npm install -D /path/to/project-tiny-context-harness/tmp/ty-context/source-preview/package/project-tiny-context-harness-0.2.
|
|
97
|
+
npm install -D /path/to/project-tiny-context-harness/tmp/ty-context/source-preview/package/project-tiny-context-harness-0.2.73.tgz
|
|
98
98
|
npx --no-install ty-context init --adopt
|
|
99
99
|
make validate-context
|
|
100
100
|
```
|
|
@@ -138,9 +138,9 @@ For ordinary target-mode preparation, a two-document upstream input remains enou
|
|
|
138
138
|
|
|
139
139
|
The ordinary long-task path uses `/normal-long-task`. It is the non-Superpowers acceptance pass: it can generate or reuse the full acceptance checklist and can produce a generic target-mode prompt.
|
|
140
140
|
|
|
141
|
-
The Superpowers long-task path uses `/superpowers-long-task` when three inputs already exist: `Product / Architecture Source`, `Technical Realization Plan` and `Acceptance Checklist`. The product/architecture source preserves original intent and scope; the technical realization plan is the execution blueprint and plan-conformance source; the checklist is the acceptance authority. Two-document compatibility is allowed only when the first document clearly contains both product/architecture source and technical realization plan sections. If only a product/architecture source and checklist exist, the Skill stops for a missing `Technical Realization Plan` instead of generating one. The prompt is Tiny Context's adapter layer, not a Superpowers official schema. It requires `Product Context Delta` and `Technical Context Delta` checks before implementation, a `plan-conformance-matrix.*` process trace for implementation drift and a final AC-by-AC `final-acceptance-verdict.*` before completion.
|
|
142
|
-
|
|
143
|
-
The recommended Superpowers layer is the specific [obra/Superpowers](https://github.com/obra/superpowers) plugin/workflow, not a generic planning substitute. Use `superpowers:writing-plans` when the target-mode prompt or source plan still needs bite-sized implementation tasks, then prefer `superpowers:subagent-driven-development` when subagents are available and `superpowers:executing-plans` otherwise. Behavior changes should use `superpowers:test-driven-development
|
|
141
|
+
The Superpowers long-task path uses `/superpowers-long-task` when three inputs already exist: `Product / Architecture Source`, `Technical Realization Plan` and `Acceptance Checklist`. The product/architecture source preserves original intent and scope; the technical realization plan is the execution blueprint and plan-conformance source; the checklist is the acceptance authority. The Skill does not perform complexity routing: invocation means Superpowers long-task execution was already selected. Two-document compatibility is allowed only when the first document clearly contains both product/architecture source and technical realization plan sections. If only a product/architecture source and checklist exist, the Skill stops with a Missing Fields Report for a missing `Technical Realization Plan` instead of generating one. The prompt is Tiny Context's adapter layer, not a Superpowers official schema. It requires parent-level `Product Context Delta` and `Technical Context Delta` checks before implementation, slice-level new durable fact checks, a `plan-conformance-matrix.*` process trace for implementation drift and a final AC-by-AC `final-acceptance-verdict.*` before completion. Complete acceptance rows are treated as externally reviewable evidence claims: the checklist supplies the proof chain, fresh evidence must satisfy every required layer, and material drift, missing layers or unapproved sibling substitution prevent `complete`. An Evidence Ledger / proof index is optional, but complete rows must trace to fresh evidence directly or through an optional `evidence_id`. Goal-mode wording separates `audit_task_complete`, `acceptance_target_status` and `product_goal_complete`: implementation / execution goals complete only at `product_goal_complete=true`; read-only audit goals may end at `audit_task_complete`, but a non-accepted verdict says `Audit workflow completed; acceptance target not complete.` and does not use unqualified `Goal achieved` or `update_goal(status="complete")` as acceptance of the user target.
|
|
142
|
+
|
|
143
|
+
The recommended Superpowers layer is the specific [obra/Superpowers](https://github.com/obra/superpowers) plugin/workflow, not a generic planning substitute. Use `superpowers:writing-plans` when the target-mode prompt or source plan still needs bite-sized implementation tasks, then prefer `superpowers:subagent-driven-development` when subagents are available and `superpowers:executing-plans` otherwise. Behavior changes should use `superpowers:test-driven-development`. Final gate order is self-evidence, matrix update, verdict update, `ty-context validate-plan-acceptance <dir>`, read-only auditor when available, validator rerun if auditor fixes changed artifacts, then completion only when no blocking conflict remains. `superpowers:verification-before-completion` checks the matrix and verdict before the completion claim. The auditor reconstructs AC proof chains and finds gaps, but does not become proof.
|
|
144
144
|
|
|
145
145
|
The reason is drift control. The workflow contract plus Context layer is intentionally a soft constraint. It works well for short tasks, and Context can still capture the expected facts for long tasks, but long execution makes the Context-to-code step drift as the context window grows, work is handed off, subagents split scope or validation loops multiply. A product/architecture source, technical realization plan, acceptance checklist, explicit long-task Skill invocation, target-mode prompt, plan-conformance matrix, final acceptance verdict and optional Superpowers execution layer make implementation conformance and completion evidence recoverable without restoring a phase-gated workflow.
|
|
146
146
|
|
|
@@ -305,7 +305,7 @@ No. It checks that recovery facts exist and avoids fake test-result claims. Prod
|
|
|
305
305
|
|
|
306
306
|
It should stay smaller than a full process. Ordinary bug fixes and local refactors do not update Context unless they produce durable product, architecture, API, state or validation facts.
|
|
307
307
|
|
|
308
|
-
The default Skills are Minimal Context helpers for explicit product-planning, UI/UX-design, development-engineering, Product Surface Contract, full-project-export, Tiny Context upgrade and explicit long-task requests. Product, screen-flow, surface responsibility and durable engineering conclusions go to `project_context/**`; visual identity and design tokens go to root `DESIGN.md`. Export artifacts are temporary files under `tmp/ty-context/context-exports/**`, not Context. Long-task artifacts are temporary files under `tmp/ty-context/plan-acceptance/**`; they define completion criteria or execution evidence for a referenced plan but do not execute it or become durable Context. The ordinary long-task Skill is invoked as `/normal-long-task`: if the plan already contains an explicit concrete checklist, it reuses that checklist verbatim in the separate full-checklist file. For a two-document upstream input, the external planner should provide a `Development Plan` and an `Acceptance and Tests` packet; `/normal-long-task` preserves both source roles and, only when strict-mode required fields are fully parseable from both documents, turns them into the full checklist plus optional generic target prompt. When a generated prompt references a full checklist, that checklist is the authoritative acceptance standard; the compact prompt summary is only navigation and priority guidance. The Superpowers long-task Skill is invoked as `/superpowers-long-task`: it consumes `Product / Architecture Source`, `Technical Realization Plan` and `Acceptance Checklist`, emits the Superpowers-specific target-mode prompt, requires `Product Context Delta`, `Technical Context Delta`, `plan-conformance-matrix
|
|
308
|
+
The default Skills are Minimal Context helpers for explicit product-planning, UI/UX-design, development-engineering, Product Surface Contract, full-project-export, Tiny Context upgrade and explicit long-task requests. Product, screen-flow, surface responsibility and durable engineering conclusions go to `project_context/**`; visual identity and design tokens go to root `DESIGN.md`. Export artifacts are temporary files under `tmp/ty-context/context-exports/**`, not Context. Long-task artifacts are temporary files under `tmp/ty-context/plan-acceptance/**`; they define completion criteria or execution evidence for a referenced plan but do not execute it or become durable Context. The ordinary long-task Skill is invoked as `/normal-long-task`: if the plan already contains an explicit concrete checklist, it reuses that checklist verbatim in the separate full-checklist file. For a two-document upstream input, the external planner should provide a `Development Plan` and an `Acceptance and Tests` packet; `/normal-long-task` preserves both source roles and, only when strict-mode required fields are fully parseable from both documents, turns them into the full checklist plus optional generic target prompt. When a generated prompt references a full checklist, that checklist is the authoritative acceptance standard; the compact prompt summary is only navigation and priority guidance. The Superpowers long-task Skill is invoked as `/superpowers-long-task`: it consumes `Product / Architecture Source`, `Technical Realization Plan` and `Acceptance Checklist`, emits the Superpowers-specific target-mode prompt, requires `Product Context Delta`, `Technical Context Delta`, `plan-conformance-matrix.*`, `final-acceptance-verdict.*` and externally reviewable proof-chain evidence during future execution, is not a Superpowers official schema, and stops if required fields are missing. The Harness upgrade Skill handles requests such as “upgrade Tiny Context” and “use the Tiny Context upgrade skill to upgrade this project” by following the release update mode, using `upgrade` for migration-bearing releases, and limiting manual cleanup to migration-scoped follow-up.
|
|
309
309
|
|
|
310
310
|
Multilingual trigger phrases are compatibility details. Public README, npm and launch copy stay English-first, and public/package-managed surfaces must remain English-complete; literal non-English examples are documented only where they explain generated Skill matching and must not be the sole activation path.
|
|
311
311
|
|
|
@@ -315,9 +315,9 @@ Technical architecture support is a Minimal Context capability: use restrained `
|
|
|
315
315
|
|
|
316
316
|
For long-running plans, RFCs or implementation proposals, invoke `/normal-long-task` to turn a plan plus relevant Context into a falsifiable acceptance checklist and an optional generic paste-ready goal/target-mode prompt. It also supports a two-document upstream input from Web GPT or another external planner: `Development Plan` for execution direction and `Acceptance and Tests` for target-mode acceptance input. If the plan already contains an explicit concrete acceptance checklist, the Skill copies that checklist verbatim into a separate full-checklist file instead of generating a competing checklist. The two-document packet path is strict mode: when required fields cannot be fully parsed from both documents, the Skill preserves the inputs, reports the missing fields, and stops without generating a checklist or goal/target-mode prompt. This is one pre-execution acceptance pass, not a task planner or workflow engine: it stores temporary inputs under `tmp/ty-context/plan-acceptance/**`, asks for confirmation when durable assumptions are unclear, and leaves execution evidence to the future executor, tests, CI, review or human acceptance. The generated prompt may require a local audit under the same temporary directory so future sessions can recover acceptance progress; that audit is not Context, not a quality proof and not a replacement for the project's Tiny Context workflow contract. The full checklist is the acceptance authority, while any compact prompt summary exists for navigation, priority and recovery after context compaction.
|
|
317
317
|
|
|
318
|
-
When the next step explicitly needs Superpowers, invoke `/superpowers-long-task` on the Product / Architecture Source, Technical Realization Plan and Acceptance Checklist. It emits the `Superpowers input packet` and execution binding so the future executor sees which inputs feed Context Delta assessment, `superpowers:writing-plans`, `superpowers:subagent-driven-development`, `superpowers:executing-plans`, TDD, `superpowers:verification-before-completion`, local audit, `plan-conformance-matrix
|
|
318
|
+
When the next step explicitly needs Superpowers, invoke `/superpowers-long-task` on the Product / Architecture Source, Technical Realization Plan and Acceptance Checklist. It emits the `Superpowers input packet` and execution binding so the future executor sees which inputs feed Context Delta assessment, `superpowers:writing-plans`, `superpowers:subagent-driven-development`, `superpowers:executing-plans`, TDD, `superpowers:verification-before-completion`, local audit, `plan-conformance-matrix.*`, `final-acceptance-verdict.*`, proof-chain evidence and optional auditor review. This is Tiny Context's adapter layer, not a Superpowers official schema. It cannot replace `/normal-long-task` for ordinary checklist preparation, does not route complexity, and does not derive a technical plan from a product plan; a two-document packet is accepted only when the first document explicitly contains both product/architecture source and technical realization plan sections. Product / Architecture Source, Technical Realization Plan and Acceptance Checklist remain the upstream authorities, while audit/matrix/verdict/validator/auditor artifacts cannot rewrite them. The generated prompt also disambiguates `audit_task_complete`, `acceptance_target_status` and `product_goal_complete`; implementation / execution goals finish only at `product_goal_complete=true`, while a read-only audit goal can end at `audit_task_complete` only with a non-accepted verdict reported as `Audit workflow completed; acceptance target not complete.`, not as `Goal achieved`.
|
|
319
319
|
|
|
320
|
-
Important usage note: Minimal Context intentionally keeps Context read order, Context/code priority and drift checks as agent-level soft constraints rather than machine-enforced gates. That tradeoff works well for short tasks, but long tasks with large context windows, multiple handoffs or many verification loops are expected to drift unless product intent, technical implementation target and acceptance target are externalized. Use `/normal-long-task` before long-running execution when ordinary checklist preparation is needed; use `/superpowers-long-task` when the three upstream inputs already exist and Superpowers execution is desired. Treat the plan-conformance matrix as process trace, the final verdict as final AC-by-AC acceptance evidence, and the local audit only as temporary progress/recovery state.
|
|
320
|
+
Important usage note: Minimal Context intentionally keeps Context read order, Context/code priority and drift checks as agent-level soft constraints rather than machine-enforced gates. That tradeoff works well for short tasks, but long tasks with large context windows, multiple handoffs or many verification loops are expected to drift unless product intent, technical implementation target and acceptance target are externalized. Use `/normal-long-task` before long-running execution when ordinary checklist preparation is needed; use `/superpowers-long-task` when the three upstream inputs already exist and Superpowers execution is desired. Treat the plan-conformance matrix as process trace, the final verdict as final AC-by-AC acceptance evidence, and the local audit only as temporary progress/recovery state. `validate-plan-acceptance` is still an artifact-consistency validator, not a product-quality proof; a subagent auditor is an extra gap-finding pass on top of executor self-evidence and validator checks, not a replacement for either.
|
|
321
321
|
|
|
322
322
|
For Product Surface work, `context_surface_contract` turns broad product/page/UI principles into project-owned surface responsibilities. A Product Surface can be a Web page, mobile screen, desktop window, game UI/HUD/menu, CLI/TUI output, extension UI or embedded/device interface. Cross-surface contracts use the existing `contract` role; area-owned screen facts stay in `area` or `subdomain`; repeatable validation paths use `verification`. The Harness does not add a new surface-specific role or create business surface contracts during `init` or `upgrade`. Product Surface Context authoring is not a default product-quality validator; plan validators only check declared temporary surface bindings for structural consistency. Projects that want mandatory task blocks should add a separate project-local Skill, while `product-surface-contract.md` is only a compact managed template for optional Context authoring.
|
|
323
323
|
|
|
@@ -395,7 +395,7 @@ Use `npx --no-install ty-context ...` only when you explicitly want the already
|
|
|
395
395
|
| `npx --yes --package project-tiny-context-harness@latest ty-context check-modularity --touched [--limit 300] [--fail-on-warning]` | Reports selected handwritten source files over the physical line-count limit; `--file <path>` and `--base <ref>` select explicit files or branch changes, and config waivers are reported distinctly. |
|
|
396
396
|
| `npx --yes --package project-tiny-context-harness@latest ty-context validate-context` | Checks minimum project recovery fields, Context graph metadata, declared paths/roles and fake test-execution claims. |
|
|
397
397
|
| `npx --yes --package project-tiny-context-harness@latest ty-context validate-plan-contract <plan.md\|dir>` | Checks Source-to-Context Coverage and Context-to-Implementation Binding for structural consistency, referenced path existence and weak-proof complete/bound contradictions. |
|
|
398
|
-
| `npx --yes --package project-tiny-context-harness@latest ty-context validate-plan-acceptance <dir>` | Checks long-task plan-conformance matrix and final verdict JSON for contradictory complete claims, dangling evidence references, weak-proof complete rows, missing plan/AC cross-references and declared surface/architecture binding gaps. |
|
|
398
|
+
| `npx --yes --package project-tiny-context-harness@latest ty-context validate-plan-acceptance <dir>` | Checks long-task plan-conformance matrix and final verdict JSON for contradictory complete claims, dangling evidence references, weak-proof complete rows, missing proof layers, material/critical drift, unapproved sibling substitution, blocking auditor findings, missing plan/AC cross-references and declared surface/architecture binding gaps. |
|
|
399
399
|
| `make validate-context` | Makefile wrapper for `validate-context`. |
|
|
400
400
|
| `make validate-code-modularity` | Hard gate for touched handwritten source modularity; CI can set `TY_CONTEXT_MODULARITY_BASE=<ref>` to audit PR/base changes. |
|
|
401
401
|
| `make validate-harness` | Composite gate for `validate-context` and `validate-code-modularity`. |
|
package/assets/README.zh-CN.md
CHANGED
|
@@ -54,9 +54,9 @@ Tiny Context 有两个核心层。Minimal Context 是长期事实源层:说明
|
|
|
54
54
|
|
|
55
55
|
对于长程任务,Harness 提供两个显式调用的长程任务 Skill。普通长程任务用 `/normal-long-task`:它把方案和验收输入临时放到 `tmp/ty-context/plan-acceptance/**`,生成或复用完整验收清单,并可输出普通目标模式文本。如果外部规划模型参与,推荐仍然只给两份产物:`《开发方案》` 作为执行方向和 plan traceability source,`《验收清单和测试用例》` 作为 Codex target-mode acceptance input packet。第一份应包含可逐项追踪的 plan item、预期落点 surface、full scope 与 sampled/optional 边界;第二份应包含 AC、required evidence、测试命令、真实产品路径 / core path、证据分层、无效证据、状态机、local audit 和 blocker。Source Pack 只是临时上传材料,不是 durable Context。如果方案里已经有明确、具体的“验收清单”,`/normal-long-task` 会直接复用那份清单并单独写入完整验收清单文件;两份输入包走 strict mode,如果两份内容无法完整解析出 required fields,或第二份缺少 required evidence、verification method、fail condition、状态机、无效证据规则等必要字段,Skill 会停止并列出缺失项,不生成完整验收清单或目标模式文本。
|
|
56
56
|
|
|
57
|
-
Superpowers 长程任务 Skill 用 `/superpowers-long-task`。如果下一步明确要 Superpowers 目标模式文本,推荐在三份输入都存在后调用:`Product / Architecture Source`(产品/架构原始意图源)、`Technical Realization Plan`(具体技术实现方案)和 `Acceptance Checklist
|
|
57
|
+
Superpowers 长程任务 Skill 用 `/superpowers-long-task`。如果下一步明确要 Superpowers 目标模式文本,推荐在三份输入都存在后调用:`Product / Architecture Source`(产品/架构原始意图源)、`Technical Realization Plan`(具体技术实现方案)和 `Acceptance Checklist`(验收清单)。它不做复杂度分流;调用它表示上游已经决定使用 Superpowers 长程执行。它不要求先跑 `/normal-long-task`,但也不会把产品方案现场翻译成技术方案;如果只有产品/架构方案和验收清单,Skill 会用 Missing Fields Report 停止并报告缺少 `Technical Realization Plan`。两份输入兼容只限第一份明确包含产品/架构源和技术实现方案两个章节。它显式输出 `Superpowers 输入包` 和执行绑定,让未来 executor 清楚哪些输入进入 parent-level Product Context Delta / Technical Context Delta、slice-level new durable fact check、`superpowers:writing-plans`、subagent/inline execution、TDD、`superpowers:verification-before-completion`、local audit、`plan-conformance-matrix.*` 和 `final-acceptance-verdict.*`。这个 prompt 是 Tiny Context 的适配层,不是 Superpowers 官方 schema;它不生成技术方案或验收清单、不执行计划、不证明完成,也不会把临时清单、矩阵或 verdict 注册成 `project_context/**`。三输入是上游权威,audit / matrix / verdict / validator / auditor 不能改写它们。完整验收行按外部审计证据处理:proof chain 来自验收清单,fresh evidence 必须满足每个 required layer,存在 material drift、缺 required layer 或未批准 sibling substitution 时不能标 `complete`。Evidence Ledger / proof index 文件可选,但 complete 行必须能直接或通过可选 `evidence_id` 追溯 fresh evidence。Goal mode 表述必须区分 `audit_task_complete`、`acceptance_target_status` 和 `product_goal_complete`:实现/执行目标只在 `product_goal_complete=true` 时完成;只读审计目标可在 `audit_task_complete` 时结束,但 verdict 不是 accepted/complete 时,回复写 `Audit workflow completed; acceptance target not complete.`,不能用未限定的 `Goal achieved` 或 `update_goal(status="complete")` 表示用户验收目标已完成。
|
|
58
58
|
|
|
59
|
-
重要使用提示:Minimal Context 有意把 Context 读取顺序、Context / 代码优先级和漂移检查保持为 agent 级软约束,而不是机器强制 edit-order gate。这个取舍适合短任务,但长任务、大上下文、多次交接或多轮验证时预期会漂移。普通 checklist 准备需要 `/normal-long-task`;已有产品/架构原始意图源、具体技术实现方案和验收清单且需要 Superpowers 时,可直接用 `/superpowers-long-task`。`Product Context Delta` 判断产品逻辑、页面职责、信息架构和验收语义是否需要写入 Context;`Technical Context Delta` 判断 API/schema、模块边界、runtime/state、验证/部署路径和稳定技术取舍是否需要写入 Context。`plan-conformance-matrix.*` 是执行期“对图纸台账”,`final-acceptance-verdict.*` 是最后逐 AC 验收报告,local audit
|
|
59
|
+
重要使用提示:Minimal Context 有意把 Context 读取顺序、Context / 代码优先级和漂移检查保持为 agent 级软约束,而不是机器强制 edit-order gate。这个取舍适合短任务,但长任务、大上下文、多次交接或多轮验证时预期会漂移。普通 checklist 准备需要 `/normal-long-task`;已有产品/架构原始意图源、具体技术实现方案和验收清单且需要 Superpowers 时,可直接用 `/superpowers-long-task`。`Product Context Delta` 判断产品逻辑、页面职责、信息架构和验收语义是否需要写入 Context;`Technical Context Delta` 判断 API/schema、模块边界、runtime/state、验证/部署路径和稳定技术取舍是否需要写入 Context。`plan-conformance-matrix.*` 是执行期“对图纸台账”,`final-acceptance-verdict.*` 是最后逐 AC 验收报告,local audit 只是临时进度/恢复状态,不能裁判完成;审计流程完成也不等于被验收目标完成。使用目标模式执行方案时,目标结束条件对齐 `product_goal_complete=true`,只读审计目标才可把 `audit_task_complete` 当元任务结束。最终顺序是 self-evidence -> matrix -> verdict -> validator -> read-only auditor;若审计后修改 artifact/evidence,需重跑 validator。`validate-plan-contract` 和 `validate-plan-acceptance` 只检查临时 artifact 自洽、引用存在、弱证据 complete 行、缺 required proof layer、material/critical drift、sibling substitution 和已声明的 surface/architecture binding 一致性,不证明产品质量。有 subagent 能力时,Superpowers 目标提示会把 subagent 作为只读 auditor 加在主 agent 自证和 validator 之后;auditor 负责找 gap,不是 proof source。
|
|
60
60
|
|
|
61
61
|
## 当前最佳实践
|
|
62
62
|
|
|
@@ -264,9 +264,11 @@ If only locally unsatisfiable hard blockers remain, pause for the user or extern
|
|
|
264
264
|
|
|
265
265
|
## Autonomous Progress Protocol
|
|
266
266
|
|
|
267
|
-
The generated target-mode prompt must require maximum safe autonomous progress within current platform, repository, tool and user-authorized permission boundaries. Do not ask the user for work the executor can safely discover, run, inspect or verify itself.
|
|
268
|
-
|
|
269
|
-
|
|
267
|
+
The generated target-mode prompt must require maximum safe autonomous progress within current platform, repository, tool and user-authorized permission boundaries. Do not ask the user for work the executor can safely discover, run, inspect or verify itself.
|
|
268
|
+
|
|
269
|
+
Before treating account, credential or app access as blocked, open the relevant app, browser page, CLI tool or system setting and try existing app sessions, browser cookies, CLI auth, OS credential helpers or other user-authorized local state. If the existing session is absent, expired, permission-denied or requires login/MFA/approval, then pause with the minimal user action list; do not ask the user to send passwords, tokens, cookies or full sensitive fields.
|
|
270
|
+
|
|
271
|
+
The generated target-mode prompt must inherit current repository/global `AGENTS.md` or agent-instruction permission policy. Authorized `sudo` / `gsudo` / administrator elevation is not a user blocker; the executor must try it before pausing. Pause only if elevation is unavailable, fails, or requires user/system authorization.
|
|
270
272
|
|
|
271
273
|
Pause only for locally unsatisfiable hard blockers such as missing accounts, credentials, production access, paid services, legal/security approval, user-only browser sessions or sensitive fields the executor cannot access safely.
|
|
272
274
|
|
|
@@ -443,10 +445,11 @@ Hard requirements:
|
|
|
443
445
|
- The prompt must identify the full checklist path immediately after the plan path and say it is the complete acceptance standard. Chinese prompts must include this exact sentence: `该文件是完整验收标准,验收以这个为准。完成前必须逐项检查,不满足则继续实现。` English prompts must say the full checklist is the complete acceptance standard, acceptance is judged against it, and every item must be checked before completion.
|
|
444
446
|
- The prompt must identify a local audit path, normally `tmp/ty-context/plan-acceptance/<plan-slug>-local-audit.md`, and require the future executor to read it before resuming, keep it current during execution, and use it only as target-mode acceptance progress state, not Context or proof.
|
|
445
447
|
- If the prompt uses a compact checklist summary, say the full checklist owns details and acceptance authority; the compact summary owns direction, priority and recovery navigation; overlap with the full checklist is allowed; conflicts are resolved in favor of the full checklist.
|
|
446
|
-
- The prompt must require local audit status to start from `unknown / not_run`; only fresh required evidence can mark an AC complete. If any fresh browser / API / runtime / data / test contradiction appears, downgrade the affected AC and overall status and record invalidating evidence.
|
|
447
|
-
- The prompt must state that UI-facing acceptance requires a real page path and matching user-visible state; component / viewmodel / mock / unit test evidence is auxiliary unless the full checklist explicitly says otherwise.
|
|
448
|
-
- The prompt must require maximum safe autonomous progress within current platform, repository, tool and user-authorized permission boundaries. Do not ask the user for work the executor can safely discover, run, inspect or verify itself. If pausing for a locally unsatisfiable hard blocker, provide the minimum user action list: exact page/system/command/owner, field or value location, redaction guidance, values not to send and what the executor will do next.
|
|
449
|
-
- The prompt must
|
|
448
|
+
- The prompt must require local audit status to start from `unknown / not_run`; only fresh required evidence can mark an AC complete. If any fresh browser / API / runtime / data / test contradiction appears, downgrade the affected AC and overall status and record invalidating evidence.
|
|
449
|
+
- The prompt must state that UI-facing acceptance requires a real page path and matching user-visible state; component / viewmodel / mock / unit test evidence is auxiliary unless the full checklist explicitly says otherwise.
|
|
450
|
+
- The prompt must require maximum safe autonomous progress within current platform, repository, tool and user-authorized permission boundaries. Do not ask the user for work the executor can safely discover, run, inspect or verify itself. If pausing for a locally unsatisfiable hard blocker, provide the minimum user action list: exact page/system/command/owner, field or value location, redaction guidance, values not to send and what the executor will do next.
|
|
451
|
+
- The prompt must say existing local sessions, browser state, CLI auth and OS credential helpers are self-service resources: open the relevant app/page/tool/settings first, use existing local auth if present, and pause only after access is actually absent, expired, permission-denied or requires login/MFA/approval.
|
|
452
|
+
- The prompt must inherit current repository/global `AGENTS.md` or agent-instruction permission policy. Authorized `sudo` / `gsudo` / administrator elevation is not a user blocker; the executor must try it before pausing. Pause only if elevation is unavailable, fails, or requires user/system authorization.
|
|
450
453
|
- The prompt must preserve hard-blocker semantics: if only locally unsatisfiable hard blockers remain, pause for the user or external owner instead of marking the goal complete.
|
|
451
454
|
- The prompt must say that local audit is not Context, not product-quality proof, not a global task manager, and not a replacement for project tests, CI, review, human acceptance, Task Contract or workflow-contract `plan.md`.
|
|
452
455
|
- Do not include explanatory preface inside the prompt.
|
|
@@ -21,6 +21,8 @@ Consumes three existing upstream inputs and emits a paste-ready Superpowers targ
|
|
|
21
21
|
|
|
22
22
|
Use this Skill only after all three inputs already exist or are pasted in full. Two-document compatibility is allowed only when the first document explicitly contains both Product / Architecture Source and Technical Realization Plan sections; otherwise stop for a missing Technical Realization Plan. Do not generate, derive, or infer the Technical Realization Plan. Do not generate, derive, rewrite, strengthen, or repair the full checklist in this Skill. If plan items or ACs are too vague to trace, stop and ask for the missing fields. If only generic conformance or verdict rules are missing, inject this Skill's default rules into the generated prompt.
|
|
23
23
|
|
|
24
|
+
This Skill does not perform task-complexity routing. Direct invocation means the user or upstream process has already selected Superpowers long-task execution. Ordinary checklist preparation, non-Superpowers target prompts or incomplete upstream packets should be handled before this Skill, normally with `/normal-long-task` or a revised upstream packet.
|
|
25
|
+
|
|
24
26
|
## Direct Invocation
|
|
25
27
|
|
|
26
28
|
Use this Skill through explicit invocation:
|
|
@@ -68,6 +70,17 @@ The input must fully expose these fields:
|
|
|
68
70
|
|
|
69
71
|
If any of these are missing required fields, stop. Do not generate the Superpowers target-mode prompt. Report whether each missing field belongs in Product / Architecture Source, Technical Realization Plan, Acceptance Checklist, blocker section or Context reference. If the user supplied only a product/architecture source plus checklist, report missing Technical Realization Plan.
|
|
70
72
|
|
|
73
|
+
When blocked by missing input, return a structured Missing Fields Report with:
|
|
74
|
+
|
|
75
|
+
- `missing_section`.
|
|
76
|
+
- `missing_required_fields`.
|
|
77
|
+
- `why_blocking`.
|
|
78
|
+
- `cannot_infer_policy`.
|
|
79
|
+
- `required_next_input`.
|
|
80
|
+
- `suggested_upstream_action`.
|
|
81
|
+
|
|
82
|
+
The report must state that this Skill cannot infer the execution blueprint from Product / Architecture Source and cannot repair the checklist. It may recommend supplying the missing Technical Realization Plan or using `/normal-long-task` before Superpowers execution when the upstream packet is not ready.
|
|
83
|
+
|
|
71
84
|
## Source Roles
|
|
72
85
|
|
|
73
86
|
- Product / Architecture Source prevents scope shrinkage and drives Product Context Delta / architecture-intent checks; it is not the code construction plan.
|
|
@@ -79,6 +92,14 @@ If any of these are missing required fields, stop. Do not generate the Superpowe
|
|
|
79
92
|
|
|
80
93
|
Do not let a compact target prompt override the product/architecture source, technical realization plan or full checklist. The compact prompt is direction, priority and recovery navigation only. The technical realization plan controls plan conformance; the product/architecture source prevents scope shrinkage; the full checklist controls acceptance.
|
|
81
94
|
|
|
95
|
+
## Authority Model
|
|
96
|
+
|
|
97
|
+
- Product / Architecture Source owns intent, scope, non-goals, product/architecture boundaries and acceptance semantics.
|
|
98
|
+
- Technical Realization Plan owns plan items, execution blueprint, owner/forbidden surfaces, implementation paths and plan-conformance expectations.
|
|
99
|
+
- Acceptance Checklist owns ACs, completion semantics, required proof layers, invalid evidence rules and final acceptance state.
|
|
100
|
+
- local audit, plan-conformance matrix, final acceptance verdict, validator output, optional proof index and auditor report are execution/evidence artifacts. They cannot narrow, rewrite or replace the upstream sources.
|
|
101
|
+
- When sources conflict, stop or report the conflict instead of letting a downstream artifact silently change scope, plan or acceptance.
|
|
102
|
+
|
|
82
103
|
## Context Delta Assessment
|
|
83
104
|
|
|
84
105
|
The prompt must require the future executor to evaluate Context before implementation using:
|
|
@@ -97,6 +118,13 @@ Any required sub-delta makes overall Context Delta required. This is prompt-leve
|
|
|
97
118
|
|
|
98
119
|
When overall `Context Delta: required`, the executor must update the smallest owning `project_context/**` or `DESIGN.md` fact before implementation continues. Use existing roles only: `area`, `subdomain`, `contract`, `foundation`, `verification`, `deployment`, `implementation-index` and `decision-rationale`. Do not write local audit, plan-conformance matrix, final acceptance verdict, temporary plan, sampled evidence, one-off logs, raw outputs, screenshots or PR notes into Context.
|
|
99
120
|
|
|
121
|
+
For Superpowers execution, the generated prompt should use a parent/slice pattern:
|
|
122
|
+
|
|
123
|
+
- Parent Context Delta: evaluate Product Context Delta, Technical Context Delta, overall Context Delta, owning Context files and whether required Context was updated before implementation.
|
|
124
|
+
- Slice Context Delta: each implementation slice inherits the parent decision and only records whether it discovered a new durable fact.
|
|
125
|
+
- If a slice discovers a new durable product or technical fact, it must identify the owning Context and update it before continuing.
|
|
126
|
+
- Slice-level `none` cannot override a parent-level `required` decision.
|
|
127
|
+
|
|
100
128
|
## Plan Conformance Gate
|
|
101
129
|
|
|
102
130
|
The prompt must require the future executor to create or initialize `tmp/ty-context/plan-acceptance/<plan-slug>-plan-conformance-matrix.md` and `.json` before substantial implementation, then update it after each meaningful implementation slice.
|
|
@@ -113,6 +141,8 @@ Each behavior-affecting Technical Realization Plan item must have a trace entry
|
|
|
113
141
|
- scope assessment.
|
|
114
142
|
- status.
|
|
115
143
|
- drift.
|
|
144
|
+
- required proof layers, satisfied proof layers and missing required layers when the plan/checklist requires layered evidence.
|
|
145
|
+
- substitute or sibling evidence use when any similar execution path, negative case, screenshot or artifact could be confused with the required evidence.
|
|
116
146
|
- Context fact refs when Context Delta is required.
|
|
117
147
|
- For Product Surface, IA or architecture-migration items: conformance type, owner surface, required user paths, forbidden primary surfaces, real page evidence, negative surface checks and default visibility requirement.
|
|
118
148
|
|
|
@@ -135,6 +165,7 @@ Hard rules:
|
|
|
135
165
|
- Scope correction requires explicit user approval or a revised product/architecture source, Technical Realization Plan and checklist.
|
|
136
166
|
- Every behavior-affecting plan section must have an implementation trace entry.
|
|
137
167
|
- Product Surface, IA or architecture-migration rows cannot be complete without owner surface, required user paths, real page evidence, negative surface checks for forbidden primary surfaces and Context fact refs when Context Delta is required.
|
|
168
|
+
- A complete row cannot have unresolved `missing_required_layers`, material or critical `drift_severity`, unapproved `sibling_substitution_used`, summary-only evidence or blocking auditor findings.
|
|
138
169
|
- Any `partial`, `sampled_only`, `not_implemented`, unresolved blocker, unapproved scope change or current contradiction prevents overall done.
|
|
139
170
|
|
|
140
171
|
## Acceptance Evidence Gate
|
|
@@ -147,8 +178,13 @@ Each AC verdict entry must include:
|
|
|
147
178
|
- related plan item ids when applicable.
|
|
148
179
|
- status.
|
|
149
180
|
- required evidence.
|
|
181
|
+
- required proof chain when the checklist or plan requires multiple evidence layers.
|
|
150
182
|
- fresh evidence.
|
|
151
183
|
- missing evidence.
|
|
184
|
+
- missing required layers.
|
|
185
|
+
- drift severity.
|
|
186
|
+
- sibling substitution used / approval source.
|
|
187
|
+
- auditor status and findings when an auditor subagent was available.
|
|
152
188
|
- contradictions.
|
|
153
189
|
- decision.
|
|
154
190
|
|
|
@@ -171,6 +207,51 @@ Hard rules:
|
|
|
171
207
|
- Any current contradiction downgrades the affected AC and overall status.
|
|
172
208
|
- Scope narrowing in audit does not modify acceptance unless the user approved a revised source/plan/checklist.
|
|
173
209
|
- `out_of_scope_NA` requires explicit reason and source reference; arbitrary prose cannot waive missing evidence.
|
|
210
|
+
- Complete AC rows cannot have unresolved `missing_required_layers`, material or critical `drift_severity`, unapproved `sibling_substitution_used`, blocking `auditor_status` or only self-certifying evidence such as local audit, matrix/verdict text, subagent summary, final card or validator pass.
|
|
211
|
+
|
|
212
|
+
## External Reviewer Evidence Gate
|
|
213
|
+
|
|
214
|
+
The final verdict is not completion proof unless every complete AC can be independently reviewed from fresh command, API, UI, runtime, artifact, browser or test evidence. Evidence index, matrix rows, local audit, validator pass and summaries can point to evidence, but cannot replace evidence.
|
|
215
|
+
|
|
216
|
+
For every AC whose checklist implies multiple required layers, the final verdict must record `required_proof_chain`, `fresh_evidence`, `missing_required_layers`, `drift_severity`, `sibling_substitution_used`, `auditor_status` and `auditor_findings` when applicable. These are generic evidence protocol fields; concrete business layers must come from the Acceptance Checklist, Product / Architecture Source, Technical Realization Plan or project-local Context/Skills.
|
|
217
|
+
|
|
218
|
+
Evidence Ledger / proof index is optional execution indexing, not a fourth input, not durable Context and not required as a separate file. Complete plan-conformance rows and complete AC verdicts must still be evidence-traceable: cite fresh, reviewable evidence directly in the row or through an optional `evidence_id` that points to command, API, UI, runtime, artifact, browser or test evidence with enough freshness context for a reviewer to reconstruct the proof chain.
|
|
219
|
+
|
|
220
|
+
## Drift-to-Status
|
|
221
|
+
|
|
222
|
+
Any plan item or AC with unresolved missing required layers, material / critical drift or a current API / UI / runtime / data / test contradiction cannot be `complete`. It must be `partial`, `blocked`, `invalidated` or `out_of_scope_NA` with explicit source reference.
|
|
223
|
+
|
|
224
|
+
## No Sibling Substitution
|
|
225
|
+
|
|
226
|
+
The same execution path, negative case, screenshot or artifact class cannot substitute for the required one unless the checklist explicitly allows that substitution or marks the required layer `out_of_scope_NA`. Similar evidence is auxiliary only.
|
|
227
|
+
|
|
228
|
+
## Independent Reviewer Gate
|
|
229
|
+
|
|
230
|
+
When subagents are available, add a read-only auditor after executor self-evidence and `validate-plan-acceptance`. The auditor is a gap detector, not a proof source: it must not edit code, repair artifacts or treat local audit, subagent summary, matrix/verdict text, validator pass or final card as proof. It reconstructs each AC proof chain from source/plan/checklist, checks freshness and raw evidence, rejects sibling substitution and returns `auditor_status` plus findings. Any `partial`, `blocked` or `invalidated` auditor result downgrades the affected AC unless fresh evidence closes the gap.
|
|
231
|
+
|
|
232
|
+
Final gate order is fixed:
|
|
233
|
+
|
|
234
|
+
1. executor self-evidence.
|
|
235
|
+
2. update plan-conformance matrix.
|
|
236
|
+
3. update final-acceptance verdict.
|
|
237
|
+
4. run `ty-context validate-plan-acceptance`.
|
|
238
|
+
5. run read-only auditor gap review when subagents are available.
|
|
239
|
+
6. if auditor findings change matrix, verdict or evidence, fix the gap and rerun `ty-context validate-plan-acceptance`.
|
|
240
|
+
7. make a final completion claim only when self-evidence, validator consistency and auditor review have no blocking conflict.
|
|
241
|
+
|
|
242
|
+
## Goal And Acceptance Wording
|
|
243
|
+
|
|
244
|
+
The Superpowers target prompt must keep three completion concepts separate:
|
|
245
|
+
|
|
246
|
+
- `audit_task_complete`: the read-only audit, final-gate workflow or artifact-production task finished.
|
|
247
|
+
- `acceptance_target_status`: the final verdict outcome for the checked plan or product target.
|
|
248
|
+
- `product_goal_complete`: the checked plan or product target is accepted as complete.
|
|
249
|
+
|
|
250
|
+
`product_goal_complete` may be true only when the final verdict overall status is `accepted` or `complete`, all required ACs are `complete` or explicit sourced `out_of_scope_NA`, `ty-context validate-plan-acceptance` passes, and any auditor has no blocking finding.
|
|
251
|
+
|
|
252
|
+
When the generated prompt is used as an implementation or execution Goal mode objective, the active Codex goal is complete only when `product_goal_complete=true`. A non-accepted `acceptance_target_status` means continue implementation or report blockers / missing evidence; do not close the implementation goal as complete.
|
|
253
|
+
|
|
254
|
+
A read-only audit / reporting Goal mode objective is different: when the explicit goal is only to produce an audit and verdict, `audit_task_complete` may complete that meta-goal even when `product_goal_complete=false`. In that case, if `acceptance_target_status` is `partial`, `blocked`, `invalidated`, `not_run`, `partial_not_accepted_as_complete_platform` or any other non-accepted status, the final response must say `Audit workflow completed; acceptance target not complete.` It should include complete / partial / blocked / not_run / invalidated counts when available. Do not write an unqualified `Goal achieved` and do not describe `update_goal(status="complete")` as user-target or product-goal completion in that case.
|
|
174
255
|
|
|
175
256
|
## Evidence Layer Separation
|
|
176
257
|
|
|
@@ -218,6 +299,8 @@ For UI-facing acceptance, the executor must open the real page path and confirm
|
|
|
218
299
|
|
|
219
300
|
The Superpowers target prompt must require maximum safe autonomous progress within current platform, repository, tool and user-authorized permission boundaries. Do not ask the user for work the executor can safely discover, run, inspect or verify itself.
|
|
220
301
|
|
|
302
|
+
Before treating account, credential or app access as blocked, open the relevant app, browser page, CLI tool or system setting and try existing app sessions, browser cookies, CLI auth, OS credential helpers or other user-authorized local state. If the existing session is absent, expired, permission-denied or requires login/MFA/approval, then pause with the minimal user action list; do not ask the user to send passwords, tokens, cookies or full sensitive fields.
|
|
303
|
+
|
|
221
304
|
The Superpowers target prompt must inherit current repository/global `AGENTS.md` or agent-instruction permission policy. Authorized `sudo` / `gsudo` / administrator elevation is not a user blocker; the executor must try it before pausing. Pause only if elevation is unavailable, fails, or requires user/system authorization.
|
|
222
305
|
|
|
223
306
|
Pause only for locally unsatisfiable hard blockers such as missing accounts, credentials, production access, paid services, legal/security approval, user-only browser sessions or sensitive fields the executor cannot access safely. When pausing, give the minimum user action list: exact page, system, command or owner to open/contact; exact field or value location; how to redact or avoid sending sensitive values; what the executor will do immediately after receiving the input.
|
|
@@ -252,15 +335,24 @@ The Superpowers target prompt must require the future executor to update local a
|
|
|
252
335
|
|
|
253
336
|
The local audit is not Context, not proof, not a global task manager, and not a replacement for project tests, CI, review, human acceptance, Task Contract or workflow-contract `plan.md`. It must not contain `overall_status: done`, `status: done` or `final_gate: passed`; use `candidate_status: claims_done_but_unverified` when needed.
|
|
254
337
|
|
|
338
|
+
The local audit is process recovery only. It must not contain completion judgment such as accepted, complete, done, final passed or product verified except as invalid evidence being rejected.
|
|
339
|
+
|
|
255
340
|
## Prompt Generation Rules
|
|
256
341
|
|
|
257
342
|
- The prompt must visibly output `Superpowers 输入包` for Chinese prompts or `Superpowers input packet` for English prompts.
|
|
258
343
|
- The prompt must visibly output `Superpowers 执行绑定` for Chinese prompts or `Superpowers execution binding` for English prompts.
|
|
259
344
|
- The prompt must identify Product / Architecture Source, Technical Realization Plan, Acceptance Checklist, local audit, plan-conformance matrix and final verdict paths at the top.
|
|
260
345
|
- The prompt must state that the Technical Realization Plan controls plan conformance, the Product / Architecture Source prevents scope shrinkage and the full checklist controls acceptance.
|
|
346
|
+
- The prompt must state the Authority Model and that audit/matrix/verdict/validator/auditor artifacts cannot rewrite source, plan or checklist authority.
|
|
261
347
|
- The prompt must require Product Context Delta and Technical Context Delta evaluation before implementation.
|
|
348
|
+
- The prompt must use parent-level Context Delta plus slice-level new durable fact checks.
|
|
349
|
+
- The prompt must state that Evidence Ledger / proof index is optional, but complete rows and ACs require evidence traceability to fresh evidence directly or through optional `evidence_id`.
|
|
350
|
+
- The prompt must require the fixed final gate order and rerun `validate-plan-acceptance` if auditor-driven fixes change artifacts.
|
|
351
|
+
- The prompt must state the Goal mode completion rule: implementation / execution goals complete only at `product_goal_complete=true`; read-only audit / reporting goals may end at `audit_task_complete` but must still report the acceptance target status.
|
|
352
|
+
- The prompt must require the final response to say `Audit workflow completed; acceptance target not complete.` whenever the verdict is not accepted/complete, and must forbid unqualified `Goal achieved` or treating `update_goal(status="complete")` as product acceptance in that case.
|
|
262
353
|
- The prompt must preserve hard-blocker semantics: if only locally unsatisfiable hard blockers remain, pause for the user or external owner instead of marking complete.
|
|
263
354
|
- The prompt must require maximum safe autonomous progress within current platform, repository, tool and user-authorized permission boundaries and must include the minimum user action list for locally unsatisfiable hard blockers.
|
|
355
|
+
- The prompt must say existing app sessions, browser cookies, CLI auth and OS credential helpers are self-service resources: open the relevant app/page/tool/settings first, use existing local auth if present, and pause only after access is actually absent, expired, permission-denied or requires login/MFA/approval.
|
|
264
356
|
- The prompt must inherit current repository/global `AGENTS.md` or agent-instruction permission policy. Authorized `sudo` / `gsudo` / administrator elevation is not a user blocker; the executor must try it before pausing. Pause only if elevation is unavailable, fails, or requires user/system authorization.
|
|
265
357
|
- The prompt must include the resource lifecycle line: `可多开agent,agent名额不够了就关掉不用的。` or `You may use multiple agents; if agent slots run low, close idle or unnecessary agents.`
|
|
266
358
|
- The prompt must fit 3850 characters including line breaks.
|
|
@@ -283,55 +375,56 @@ Superpowers 输入包:
|
|
|
283
375
|
- Acceptance Checklist:最高验收标准;每个 AC 都要进 final verdict
|
|
284
376
|
- local audit:只记 progress/candidate status/evidence/blocker/invalidating evidence,不能裁判完成
|
|
285
377
|
- Context/tests/core paths:执行前读取,把 plan/AC gap 绑定到测试、API/UI/runtime/browser 证据
|
|
378
|
+
权威:source 管 scope,plan 管施工,checklist 管验收;audit/matrix/verdict/validator/auditor 不能改写它们。Proof index/evidence ledger 文件可选,但 complete 行必须能直接或经 evidence_id 追溯 fresh evidence。
|
|
379
|
+
Goal mode:实现/执行目标只在 product_goal_complete=true 时完成;只读审计目标可在 audit_task_complete 时结束,但若 verdict 非 accepted/complete,必须写“Audit workflow completed; acceptance target not complete.”并列数量;不得写 Goal achieved 或把 update_goal complete 当用户目标完成。
|
|
286
380
|
|
|
287
381
|
执行顺序:
|
|
288
382
|
1. 读三份输入和 Context。先写 Task Contract:Product Context Delta none|required;Technical Context Delta none|required;任一 required -> Context Delta required。这不是 validator gate。
|
|
289
|
-
2. Context Delta required
|
|
383
|
+
2. 用 Parent Context Delta 统一判断;每个 slice 继承它,只记录 new durable fact yes/no。Context Delta required 时先最小更新 owning project_context/** 或 DESIGN.md;不要把 audit/matrix/verdict/日志/截图/sample evidence 写进 Context。
|
|
290
384
|
3. 检查技术实现方案覆盖产品/架构源关键要求;若只有产品方案没有技术实现方案,停止报告 missing Technical Realization Plan,不现场生成。
|
|
291
385
|
4. 初始化 plan-conformance matrix;计划不够 bite-sized 时用 superpowers:writing-plans。
|
|
292
386
|
5. 有 subagent 支持时优先 superpowers:subagent-driven-development,否则 superpowers:executing-plans。
|
|
293
387
|
6. Plan/AC behavior gap -> superpowers:test-driven-development:先写 failing test 并 observe failure,再最小实现。
|
|
294
388
|
7. 每个实现 slice 后更新 matrix 和 audit。
|
|
295
389
|
8. Candidate done 前跑 Plan Conformance Gate:测试通过不等于按图纸完成;sampled path 不等于 full implementation;每个行为 plan item 必须有 code/API/UI/runtime/test/evidence trace。
|
|
296
|
-
9. 再跑 Acceptance Evidence Gate:按验收清单生成 final verdict
|
|
297
|
-
10.
|
|
390
|
+
9. 再跑 Acceptance Evidence Gate:按验收清单生成 final verdict;每 AC 写 required proof chain/fresh evidence/missing layers/drift/substitution。current contradiction 高于历史通过记录。
|
|
391
|
+
10. Final gate 固定为 self-evidence -> matrix -> verdict -> validator -> read-only auditor;auditor summary 不是 proof。若审计后改 artifact/evidence,重跑 validator;完成前用 superpowers:verification-before-completion 检查 matrix/verdict,并运行 ty-context validate-plan-acceptance tmp/ty-context/plan-acceptance/<plan-slug>。
|
|
298
392
|
|
|
299
|
-
|
|
300
|
-
禁止完成于:local audit、subagent summary、final card
|
|
393
|
+
权限/卡点:在当前平台/仓库/工具/用户已授权权限内最大自主推进;先打开相关 app/浏览器页面/CLI/系统设置,复用已有登录态/授权会话/凭据链;已授权 sudo/gsudo/admin elevation 先尝试。只有实际未登录/会话失效/权限不足/需要 MFA 或人工审批、缺账号/真实环境/敏感字段时才暂停,并给最小用户执行清单(页面/系统、字段位置、脱敏/勿发值、拿到后下一步)。
|
|
394
|
+
禁止完成于:local audit、subagent summary、final card、只改代码/计划、只跑部分测试、旧/部分/抽样证据、缺 required layer、material drift、未批准 sibling substitution、runtime 未演练、artifact 未 accepted、API/UI 未 reflected、未批准 scope narrowing、任何 API/UI/data/runtime/test 矛盾。
|
|
301
395
|
```
|
|
302
396
|
|
|
303
397
|
Recommended compact English prompt shape:
|
|
304
398
|
|
|
305
399
|
```text
|
|
306
|
-
Product / Architecture Source: tmp/ty-context/plan-acceptance/<plan-slug>-product-architecture-source.md (
|
|
307
|
-
Technical Realization Plan: tmp/ty-context/plan-acceptance/<plan-slug>-technical-realization-plan.md (blueprint
|
|
308
|
-
Acceptance Checklist: tmp/ty-context/plan-acceptance/<plan-slug>-acceptance-checklist.md (
|
|
309
|
-
Local audit: tmp/ty-context/plan-acceptance/<plan-slug>-local-audit.md (
|
|
310
|
-
Plan matrix: tmp/ty-context/plan-acceptance/<plan-slug>-plan-conformance-matrix.md/json (
|
|
311
|
-
Final verdict: tmp/ty-context/plan-acceptance/<plan-slug>-final-acceptance-verdict.md/json (
|
|
400
|
+
Product / Architecture Source: tmp/ty-context/plan-acceptance/<plan-slug>-product-architecture-source.md (scope)
|
|
401
|
+
Technical Realization Plan: tmp/ty-context/plan-acceptance/<plan-slug>-technical-realization-plan.md (blueprint)
|
|
402
|
+
Acceptance Checklist: tmp/ty-context/plan-acceptance/<plan-slug>-acceptance-checklist.md (authority)
|
|
403
|
+
Local audit: tmp/ty-context/plan-acceptance/<plan-slug>-local-audit.md (log, not proof)
|
|
404
|
+
Plan matrix: tmp/ty-context/plan-acceptance/<plan-slug>-plan-conformance-matrix.md/json (work trace)
|
|
405
|
+
Final verdict: tmp/ty-context/plan-acceptance/<plan-slug>-final-acceptance-verdict.md/json (AC gate)
|
|
312
406
|
You may use multiple agents; if agent slots run low, close idle or unnecessary agents.
|
|
313
407
|
This is not a Superpowers official schema / 不是 Superpowers 官方 schema.
|
|
314
408
|
Superpowers input packet:
|
|
315
|
-
-
|
|
316
|
-
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
- Context/tests/core paths: read before execution; map plan/AC gaps to test/API/UI/runtime/browser evidence.
|
|
409
|
+
- Source guards scope; plan controls matrix; checklist controls verdict; audit records progress only.
|
|
410
|
+
- Read Context/tests/core paths first; map gaps to test/API/UI/runtime/browser evidence.
|
|
411
|
+
Authority: source/plan/checklist own scope/construction/acceptance; audit/matrix/verdict/validator/auditor cannot rewrite them. Proof index optional; complete rows need fresh evidence/evidence_id.
|
|
412
|
+
Goal mode: implementation/execution goal complete only when product_goal_complete=true; read-only audit goal may end at audit_task_complete, but if verdict not accepted say "Audit workflow completed; acceptance target not complete." Include counts; no bare "Goal achieved" or update_goal complete as user target.
|
|
320
413
|
|
|
321
414
|
Execution order:
|
|
322
|
-
1. Read
|
|
323
|
-
2.
|
|
324
|
-
3. Check
|
|
415
|
+
1. Read inputs and Context. Task Contract: Product Context Delta none|required; Technical Context Delta none|required; any required -> Context Delta required. Not a validator gate.
|
|
416
|
+
2. Use Parent Context Delta once; slices inherit it and record new durable fact yes/no. If required, update owning project_context/** or DESIGN.md; never store audit/matrix/verdict/logs/screenshots/sample evidence as Context.
|
|
417
|
+
3. Check Technical Realization Plan covers Product / Architecture Source; if only product plan exists, stop with missing Technical Realization Plan.
|
|
325
418
|
4. Initialize plan-conformance matrix; use superpowers:writing-plans if the plan is not bite-sized.
|
|
326
419
|
5. Prefer superpowers:subagent-driven-development with subagents; otherwise use superpowers:executing-plans.
|
|
327
420
|
6. Plan/AC behavior gap -> superpowers:test-driven-development: write a failing test, observe failure, then implement minimally.
|
|
328
421
|
7. After each slice, update matrix and audit.
|
|
329
|
-
8.
|
|
330
|
-
9.
|
|
331
|
-
10.
|
|
422
|
+
8. Plan Conformance Gate: tests do not prove conformance; sampled path is not full implementation; each behavior item needs code/API/UI/runtime/test/evidence trace.
|
|
423
|
+
9. Acceptance Evidence Gate: checklist controls verdict; each AC records proof chain, fresh evidence, missing layers, drift, substitution. Current contradictions override old passes.
|
|
424
|
+
10. Final gate: self-evidence -> matrix -> verdict -> validator -> read-only auditor. Auditor summary is not proof. Rerun validator after evidence changes; before completion run superpowers:verification-before-completion and ty-context validate-plan-acceptance tmp/ty-context/plan-acceptance/<plan-slug>.
|
|
332
425
|
|
|
333
|
-
Autonomy/blockers:
|
|
334
|
-
Never complete on: local audit,
|
|
426
|
+
Autonomy/blockers: self-serve under current permissions. Open app/browser/CLI/settings and reuse sessions/auth/helpers. Try authorized sudo/gsudo/admin. Pause only after missing login, expired session, denied permission, MFA/approval, unavailable env/account or sensitive field; give page/system, field, redaction/do-not-send values, next step.
|
|
427
|
+
Never complete on: local audit, summary/final card, code/plan-only, partial tests, stale/partial/sampled evidence, missing layer, material drift, unapproved sibling substitution, unexercised runtime, artifact not accepted, API/UI not reflected, missing validator pass, unapproved scope narrowing or API/UI/data/runtime/test contradiction.
|
|
335
428
|
```
|
|
336
429
|
|
|
337
430
|
Before final response, check the prompt length. If it exceeds 3850 characters, tighten wording while preserving paths, input roles, official Superpowers skill names, Product Context Delta, Technical Context Delta, plan-conformance matrix, final verdict, state machine, UI gate, blockers and invalid evidence.
|
|
@@ -347,12 +440,18 @@ When successful, return:
|
|
|
347
440
|
- The plan-conformance matrix path.
|
|
348
441
|
- The final acceptance verdict path.
|
|
349
442
|
- Whether required input was complete.
|
|
443
|
+
- The generated prompt's Goal mode completion rule for implementation / execution goals, and required final status wording for non-accepted read-only audit results: `Audit workflow completed; acceptance target not complete.`
|
|
350
444
|
- The paste-ready Superpowers target-mode prompt in a code block.
|
|
351
445
|
|
|
352
446
|
When blocked, return:
|
|
353
447
|
|
|
354
|
-
- Missing
|
|
355
|
-
-
|
|
448
|
+
- Missing Fields Report.
|
|
449
|
+
- `missing_section`.
|
|
450
|
+
- `missing_required_fields`.
|
|
451
|
+
- `why_blocking`.
|
|
452
|
+
- `cannot_infer_policy`.
|
|
453
|
+
- `required_next_input`.
|
|
454
|
+
- `suggested_upstream_action`.
|
|
356
455
|
- A clear statement that no Superpowers target-mode prompt was generated.
|
|
357
456
|
|
|
358
457
|
Do not claim any plan item or AC has passed unless the user explicitly asked for current completion audit and current evidence was inspected.
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function assertExternalReviewerFields(label: string, row: Record<string, unknown>, evidenceText: string, errors: string[]): void;
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
import { isOutOfScope } from "./plan-acceptance-json.js";
|
|
2
|
+
import { isBlankish, primitiveText, valuesAsArray } from "./plan-validator-common.js";
|
|
3
|
+
const BLOCKING_AUDITOR_STATUSES = new Set(["partial", "blocked", "invalidated"]);
|
|
4
|
+
export function assertExternalReviewerFields(label, row, evidenceText, errors) {
|
|
5
|
+
if (hasUnresolvedMissingRequiredLayers(row)) {
|
|
6
|
+
errors.push(`${label} is complete but missing_required_layers is not empty`);
|
|
7
|
+
}
|
|
8
|
+
const driftSeverity = String(row.drift_severity ?? row.driftSeverity ?? "").trim().toLowerCase();
|
|
9
|
+
if (driftSeverity === "material" || driftSeverity === "critical") {
|
|
10
|
+
errors.push(`${label} is complete but drift_severity is ${driftSeverity}`);
|
|
11
|
+
}
|
|
12
|
+
if (siblingSubstitutionUsed(row) && !hasSiblingSubstitutionApproval(row)) {
|
|
13
|
+
errors.push(`${label} is complete but sibling_substitution_used without approval`);
|
|
14
|
+
}
|
|
15
|
+
const auditorStatus = String(row.auditor_status ?? row.auditorStatus ?? "").trim().toLowerCase();
|
|
16
|
+
if (BLOCKING_AUDITOR_STATUSES.has(auditorStatus)) {
|
|
17
|
+
errors.push(`${label} is complete but auditor_status is ${auditorStatus}`);
|
|
18
|
+
}
|
|
19
|
+
if (hasOnlySelfCertifyingEvidence(evidenceText)) {
|
|
20
|
+
errors.push(`${label} is complete but fresh_evidence contains only summary or self-certifying evidence`);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
function hasUnresolvedMissingRequiredLayers(row) {
|
|
24
|
+
const value = row.missing_required_layers ?? row.missingRequiredLayers ?? row.missing_proof_layers;
|
|
25
|
+
if (isBlankish(value)) {
|
|
26
|
+
return false;
|
|
27
|
+
}
|
|
28
|
+
if (Array.isArray(value)) {
|
|
29
|
+
return value.some((item) => !isBlankish(item) && !isStructuredLayerNa(item));
|
|
30
|
+
}
|
|
31
|
+
return !isStructuredLayerNa(value);
|
|
32
|
+
}
|
|
33
|
+
function isStructuredLayerNa(value) {
|
|
34
|
+
if (!value || typeof value !== "object" || Array.isArray(value)) {
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
const object = value;
|
|
38
|
+
const text = primitiveText(object);
|
|
39
|
+
const hasNaStatus = isOutOfScope(object) || /\bout[_ -]?of[_ -]?scope[_ -]?NA\b/i.test(text);
|
|
40
|
+
const hasSource = !isBlankish(object.scope_source) ||
|
|
41
|
+
!isBlankish(object.approval_source) ||
|
|
42
|
+
!isBlankish(object.source_reference) ||
|
|
43
|
+
!isBlankish(object.sourceReference);
|
|
44
|
+
return hasNaStatus && hasSource;
|
|
45
|
+
}
|
|
46
|
+
function siblingSubstitutionUsed(row) {
|
|
47
|
+
const value = row.sibling_substitution_used ?? row.siblingSubstitutionUsed;
|
|
48
|
+
if (value === true) {
|
|
49
|
+
return true;
|
|
50
|
+
}
|
|
51
|
+
const text = primitiveText(value);
|
|
52
|
+
if (/\b(false|no|none|not used|not_used)\b/i.test(text)) {
|
|
53
|
+
return false;
|
|
54
|
+
}
|
|
55
|
+
return /\b(true|yes|used|present)\b/i.test(text);
|
|
56
|
+
}
|
|
57
|
+
function hasSiblingSubstitutionApproval(row) {
|
|
58
|
+
return (!isBlankish(row.sibling_substitution_approval_source) ||
|
|
59
|
+
!isBlankish(row.substitution_approval_source) ||
|
|
60
|
+
/\b(approved|explicitly allowed|out[_ -]?of[_ -]?scope[_ -]?NA)\b/i.test(primitiveText([row.sibling_substitution_approved, row.substitution_approval])));
|
|
61
|
+
}
|
|
62
|
+
function hasOnlySelfCertifyingEvidence(text) {
|
|
63
|
+
const entries = valuesAsArray(text);
|
|
64
|
+
return entries.length > 0 && entries.every(isSelfCertifyingEvidence);
|
|
65
|
+
}
|
|
66
|
+
function isSelfCertifyingEvidence(text) {
|
|
67
|
+
return /\b(local audit|audit says|plan[- ]conformance(?: matrix)?|matrix row|final[- ]acceptance[- ]verdict|final verdict|verdict row|subagent summary|agent summary|reviewer summary|validator pass|validate-plan-acceptance(?: passed| pass)?|green check|final result card)\b/i.test(text);
|
|
68
|
+
}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { pathExists } from "./fs.js";
|
|
2
|
+
import { assertExternalReviewerFields } from "./plan-acceptance-evidence.js";
|
|
2
3
|
import { AC_STATUSES, MATRIX_STATUSES, NON_COMPLETE_AC, NON_COMPLETE_MATRIX, assertStructuredNa, assertSurfaceConformance, contextDeltaRequired, findJsonFile, findRows, hasExplicitNoTestScope, isOutOfScope, isSurfaceConformanceRow, overallStatus, readJson, statusOf } from "./plan-acceptance-json.js";
|
|
3
4
|
import { assertReferencedPathsExist, hasRealPageEvidence, isBlankish, isUiFacing, primitiveText, repoRelative, resolveInputDir, valuesAsArray, weakProofHit } from "./plan-validator-common.js";
|
|
4
5
|
export async function validatePlanAcceptance(projectRoot, args = []) {
|
|
@@ -32,7 +33,7 @@ export async function validatePlanAcceptance(projectRoot, args = []) {
|
|
|
32
33
|
validateContextFactReferences(matrix, verdict, matrixRows, verdictRows, errors);
|
|
33
34
|
info.push(`checked plan acceptance ${repoRelative(projectRoot, targetDir)} matrix_rows=${matrixRows.length} verdict_rows=${verdictRows.length}`);
|
|
34
35
|
if (errors.length === 0) {
|
|
35
|
-
info.push("Plan acceptance
|
|
36
|
+
info.push("Plan acceptance artifact consistency passed");
|
|
36
37
|
}
|
|
37
38
|
return { info, errors };
|
|
38
39
|
}
|
|
@@ -77,6 +78,7 @@ async function validateMatrixRows(projectRoot, rows, overall, errors) {
|
|
|
77
78
|
if (isBlankish(row.drift)) {
|
|
78
79
|
errors.push(`${label} is complete but drift is empty`);
|
|
79
80
|
}
|
|
81
|
+
assertExternalReviewerFields(label, row, primitiveText([row.runtime_evidence, row.artifact_evidence, row.real_page_evidence, row.fresh_evidence]), errors);
|
|
80
82
|
const weak = weakProofHit(primitiveText(row));
|
|
81
83
|
if (weak) {
|
|
82
84
|
errors.push(`${label} is complete but contains weak-proof language matching /${weak}/`);
|
|
@@ -141,6 +143,7 @@ async function validateVerdictRows(projectRoot, rows, overall, errors) {
|
|
|
141
143
|
}
|
|
142
144
|
if (status === "complete") {
|
|
143
145
|
const text = primitiveText(row);
|
|
146
|
+
assertExternalReviewerFields(label, row, primitiveText(row.fresh_evidence), errors);
|
|
144
147
|
const weak = weakProofHit(text);
|
|
145
148
|
if (weak) {
|
|
146
149
|
errors.push(`${label} is complete but contains weak-proof language matching /${weak}/`);
|