shipwright-cli 2.3.1 → 3.0.0

package/README.md

@@ -12,8 +12,8 @@
 <p align="center">
   <a href="https://github.com/sethdford/shipwright/actions/workflows/test.yml"><img src="https://github.com/sethdford/shipwright/actions/workflows/test.yml/badge.svg" alt="Tests"></a>
   <a href="https://github.com/sethdford/shipwright/actions/workflows/shipwright-pipeline.yml"><img src="https://github.com/sethdford/shipwright/actions/workflows/shipwright-pipeline.yml/badge.svg" alt="Pipeline"></a>
-  <img src="https://img.shields.io/badge/tests-103_suites_passing-4ade80?style=flat-square" alt="103 suites">
-  <img src="https://img.shields.io/badge/version-2.3.1-00d4ff?style=flat-square" alt="v2.3.1">
+  <img src="https://img.shields.io/badge/tests-141_suites_passing-4ade80?style=flat-square" alt="141 suites">
+  <img src="https://img.shields.io/badge/version-3.0.0-00d4ff?style=flat-square" alt="v3.0.0">
   <img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="MIT License">
   <img src="https://img.shields.io/badge/bash-3.2%2B-7c3aed?style=flat-square" alt="Bash 3.2+">
 </p>
@@ -23,7 +23,8 @@
 ## Table of Contents
 
 - [Shipwright Builds Itself](#shipwright-builds-itself)
-- [What's New in v2.3.1](#whats-new-in-v231)
+- [Code Factory Pattern](#code-factory-pattern)
+- [What's New in v3.0.0](#whats-new-in-v300)
 - [How It Works](#how-it-works)
 - [Install](#install)
 - [Quick Start](#quick-start)
@@ -42,22 +43,86 @@
 
 This repo uses Shipwright to process its own issues. Label a GitHub issue with `shipwright` and the autonomous pipeline takes over: semantic triage, plan, design, build, test, review, quality gates, PR. No human in the loop.
 
-**[See it live](https://github.com/sethdford/shipwright/actions/workflows/shipwright-pipeline.yml)** | **[Create an issue](https://github.com/sethdford/shipwright/issues/new?template=shipwright.yml)** and watch it build.
+**[See it live](https://github.com/sethdford/shipwright/actions/workflows/shipwright-pipeline.yml)** | **[Create an issue](https://github.com/sethdford/shipwright/issues/new?template=shipwright-build.yml)** and watch it build.
 
 ---
 
-## What's New in v2.3.1
+## Code Factory Pattern
 
-**Docs & platform polish** — doc-fleet, shared libs, policy schema, release infra:
+Shipwright implements the complete **Code Factory** control-plane pattern — where agents write 100% of the code and the repo enforces deterministic, risk-aware checks before every merge. Every decision is traceable to policy. Every merge is backed by machine-verifiable evidence.
 
-- **Doc-fleet** — Five Cursor agents (doc-architect, claude-md, strategy-curator, pattern-writer, readme-optimizer) keep docs, strategy, and README in sync
-- **Pipeline lib split** — `scripts/lib/pipeline-quality.sh`, `daemon-health.sh`, `policy.sh` for reuse and tests
-- **Policy schema** — `config/policy.json` and `docs/config-policy.md` for hygiene, quality, and platform rules
-- **Release infra** — npm, GitHub Releases (darwin/linux/windows), Homebrew tap; `scripts/build-release.sh` and `.github/workflows/release.yml` ship all platforms
+```
+Agent writes code → Risk policy gate → Tier-appropriate CI → Code review agent
+→ Findings auto-remediated → SHA-validated evidence → Bot threads cleaned → Merge
+→ Incidents feed back into harness coverage
+```
+
+### What makes Shipwright best-in-class
+
+| Code Factory Layer     | Shipwright Implementation                                                                               |
+| ---------------------- | ------------------------------------------------------------------------------------------------------- |
+| **Single contract**    | `config/policy.json` — risk tiers, merge policy, docs drift, evidence specs, harness SLAs in one file   |
+| **Preflight gate**     | `risk-policy-gate.yml` classifies risk from changed files before expensive CI runs                      |
+| **SHA discipline**     | All checks, reviews, and approvals validated against current PR head — stale evidence is never trusted  |
+| **Rerun writer**       | `sw-review-rerun.sh` — SHA-deduped, single canonical writer, no duplicate bot comments                  |
+| **Remediation loop**   | `review-remediation.yml` — agent reads findings, patches code, validates, pushes fix to same branch     |
+| **Bot thread cleanup** | `auto-resolve-threads.yml` — resolves bot-only threads after clean rerun, never touches human threads   |
+| **Evidence framework** | `sw-evidence.sh` — browser, API, database, CLI, webhook, and custom evidence with freshness enforcement |
+| **Harness-gap loop**   | `shipwright incident gap` — every regression creates a test case with SLA tracking                      |
+
+### Beyond the baseline
+
+Shipwright extends the Code Factory pattern with capabilities most implementations don't have:
+
+- **12-stage pipeline** with self-healing builds, adversarial review, and compound quality gates
+- **Predictive risk scoring** using GitHub signals (security alerts, contributor expertise, file churn)
+- **Persistent memory** — failure patterns, fix effectiveness, and prediction accuracy compound over time
+- **Auto-learning** — self-optimize runs automatically after every pipeline completion
+- **Unified model routing** — single source of truth for model selection across all components
+- **Evidence-gated merges** — SHA discipline ensures all evidence validated against current PR head
+- **Semantic quality audits** — Claude-powered audits with grep fallback when Claude unavailable
+- **18 autonomous agents** with specialized roles (PM, reviewer, security auditor, test generator, etc.)
+- **Cross-platform compatibility** — portable date helpers, file_mtime, and compat layer for macOS/Linux
+- **Fleet operations** — the Code Factory pattern applied across every repo in your org
+- **Cost intelligence** — per-pipeline cost tracking, budget enforcement, adaptive model routing
+- **Self-optimization** — DORA metrics analysis auto-tunes daemon config and template weights
+
+```bash
+# Evidence framework — capture and verify all types
+npm run harness:evidence:capture          # All collectors (browser, API, DB, CLI)
+npm run harness:evidence:capture:api      # API endpoints only
+npm run harness:evidence:capture:cli      # CLI commands only
+npm run harness:evidence:capture:database # Database checks only
+npm run harness:evidence:verify           # Verify manifest + freshness
+npm run harness:evidence:pre-pr           # Capture + verify in one step
+
+# Risk and policy
+npm run harness:risk-tier
+
+# Incident-to-harness loop
+shipwright incident gap list
+shipwright incident gap sla
+```
+
+**[Full Code Factory documentation](https://sethdford.github.io/shipwright/guides/code-factory/)**
+
+---
+
+## What's New in v3.0.0
+
+**Code Factory pattern** — deterministic, risk-aware agent delivery with machine-verifiable evidence:
+
+- **Risk policy gate** — PR-level preflight classifies risk tier from changed files; blocks before expensive CI
+- **SHA discipline** — All evidence validated against current PR head SHA; stale evidence never trusted
+- **Evidence framework** — 6 collector types (browser, API, database, CLI, webhook, custom) with freshness enforcement
+- **Review remediation** — Agent reads review findings, patches code, validates, pushes fix commit in-branch
+- **Auto-resolve bot threads** — Bot-only PR threads cleaned up after clean rerun; human threads untouched
+- **Harness-gap loop** — Every incident creates a test case requirement with SLA tracking (P0: 24h, P1: 72h)
+- **Policy contract v2** — Risk tiers, merge policy, docs drift rules, evidence specs, harness SLAs in one file
 
-**v2.1.2**: AGI-level recruit — `recruit match` / `team` / `route`, cross-system integration, 103 test suites in CI
+**v2.3.1**: Autonomous feedback loops, testing foundation, chaos resilience
 
-**v2.1.0**: tmux visual overhaul — role-colored borders, pipeline status widgets, active pane depth
+**v2.3.0**: Fleet Command completeness overhaul + autonomous team oversight
 
 **v2.0.0**: 18 autonomous agents, 100+ CLI commands, intelligence layer, multi-repo fleet, local mode
 
@@ -163,7 +228,7 @@ shipwright fleet start
 shipwright fix "upgrade deps" --repos ~/a,~/b,~/c
 
 # Release automation
-shipwright version bump 2.2.2
+shipwright version bump 2.4.0
 shipwright changelog generate
 ```
 
@@ -217,7 +282,7 @@ Each stage is configurable with quality gates that auto-proceed or pause for app
 
 ### Intelligence Layer
 
-7 modules that make the pipeline smarter over time. All optional, all degrade gracefully.
+7 modules that make the pipeline smarter over time. **Auto mode**: intelligence is enabled when Claude CLI is available; set `intelligence.enabled=false` to disable. All modules degrade gracefully.
 
 | Module                       | What It Does                                                                                                          |
 | ---------------------------- | --------------------------------------------------------------------------------------------------------------------- |
@@ -382,7 +447,7 @@ shipwright fix "feat: add auth" --repos ~/a,~/b,~/c
 shipwright fleet-viz
 
 # Release automation
-shipwright version bump 2.2.2
+shipwright version bump 2.4.0
 shipwright changelog generate
 shipwright deploys list
 
@@ -408,16 +473,18 @@ shipwright templates list
 
 ## Configuration
 
-| File                          | Purpose                                            |
-| ----------------------------- | -------------------------------------------------- |
-| `.claude/daemon-config.json`  | Daemon settings, intelligence flags, patrol config |
-| `.claude/pipeline-state.md`   | Current pipeline state                             |
-| `templates/pipelines/*.json`  | 8 pipeline template definitions                    |
-| `tmux/templates/*.json`       | 24 team composition templates                      |
-| `~/.shipwright/events.jsonl`  | Event log for metrics                              |
-| `~/.shipwright/costs.json`    | Cost tracking data                                 |
-| `~/.shipwright/budget.json`   | Budget limits                                      |
-| `~/.shipwright/github-cache/` | Cached GitHub API responses                        |
+| File                          | Purpose                                                                                     |
+| ----------------------------- | ------------------------------------------------------------------------------------------- |
+| `config/policy.json`          | **Central contract** — risk tiers, merge policy, docs drift, browser evidence, harness SLAs |
+| `config/policy.schema.json`   | JSON Schema validation for the policy contract                                              |
+| `.claude/daemon-config.json`  | Daemon settings, intelligence flags, patrol config                                          |
+| `.claude/pipeline-state.md`   | Current pipeline state                                                                      |
+| `templates/pipelines/*.json`  | 8 pipeline template definitions                                                             |
+| `tmux/templates/*.json`       | 24 team composition templates                                                               |
+| `~/.shipwright/events.jsonl`  | Event log for metrics                                                                       |
+| `~/.shipwright/costs.json`    | Cost tracking data                                                                          |
+| `~/.shipwright/budget.json`   | Budget limits                                                                               |
+| `~/.shipwright/github-cache/` | Cached GitHub API responses                                                                 |
 
 ## Prerequisites
 
@@ -432,7 +499,7 @@ shipwright templates list
 
 ## Architecture
 
-100+ bash scripts (~100K lines), 103 test suites (1000+ tests), plus a TypeScript dashboard server. Bash 3.2 compatible — runs on macOS and Linux out of the box.
+100+ bash scripts (~100K lines), 125 shell test suites + 16 dashboard test files (141 total), plus E2E system test proving full daemon→pipeline→loop→PR flow. Dashboard at 98% coverage. Bash 3.2 compatible — runs on macOS and Linux out of the box.
 
 **Core Layers:**
 
@@ -498,12 +565,12 @@ Tools & UX
 
 ## Contributing
 
-**Let Shipwright build it:** Create an issue using the [Shipwright template](https://github.com/sethdford/shipwright/issues/new?template=shipwright.yml) and label it `shipwright`. The autonomous pipeline will triage, plan, build, test, review, and create a PR.
+**Let Shipwright build it:** Create an issue using the [Shipwright template](https://github.com/sethdford/shipwright/issues/new?template=shipwright-build.yml) and label it `shipwright`. The autonomous pipeline will triage, plan, build, test, review, and create a PR.
 
 **Manual development:** Fork, branch, then:
 
 ```bash
-npm test    # 1000+ tests across 103 suites
+npm test    # 125 shell suites + 16 dashboard test files (141 total), E2E system test
 ```
 
 ## License

package/completions/_shipwright

@@ -1,4 +1,4 @@
-#compdef shipwright sw cct
+#compdef shipwright sw
 # ╔═══════════════════════════════════════════════════════════════════════════╗
 # ║  Shipwright — Zsh tab completions                                       ║
 # ║  Auto-install to ~/.zsh/completions/ during shipwright init             ║

package/completions/shipwright.bash

@@ -10,10 +10,10 @@ _shipwright_completions() {
     prev="${COMP_WORDS[COMP_CWORD-1]}"
 
     # Top-level commands (includes groups and flat commands)
-    local commands="agent quality observe release intel init setup session status ps logs templates doctor cleanup reaper upgrade loop pipeline worktree prep daemon fleet memory cost db fix dashboard jira linear tracker heartbeat checkpoint webhook decompose connect remote launchd intelligence optimize predict adversarial simulate architecture vitals docs tmux github checks deploys pr context help version"
+    local commands="agent quality observe release intel init setup session status ps logs templates doctor cleanup reaper upgrade loop pipeline worktree prep daemon fleet memory cost db fix dashboard jira linear tracker heartbeat checkpoint webhook decompose connect remote launchd intelligence optimize predict adversarial simulation architecture vitals docs tmux github checks deploys pr context help version"
 
     case "$prev" in
-        shipwright|sw|cct)
+        shipwright|sw)
             COMPREPLY=( $(compgen -W "$commands" -- "$cur") )
             return 0
             ;;
@@ -30,7 +30,7 @@ _shipwright_completions() {
             return 0
             ;;
         release)
-            COMPREPLY=( $(compgen -W "release release-manager changelog deploy" -- "$cur") )
+            COMPREPLY=( $(compgen -W "release release-manager changelog deploy build" -- "$cur") )
             return 0
             ;;
         intel)
@@ -121,10 +121,6 @@ _shipwright_completions() {
             COMPREPLY=( $(compgen -W "review merge cleanup feedback" -- "$cur") )
             return 0
             ;;
-        budget)
-            COMPREPLY=( $(compgen -W "set show" -- "$cur") )
-            return 0
-            ;;
     esac
 
     # Flags for subcommands already handled above; fall back to commands
@@ -178,4 +174,3 @@ _shipwright_completions() {
 
 complete -F _shipwright_completions shipwright
 complete -F _shipwright_completions sw
-complete -F _shipwright_completions cct

package/completions/shipwright.fish

@@ -4,7 +4,7 @@
 # Place in ~/.config/fish/completions/
 
 # Disable file completions by default
-for cmd in shipwright sw cct
+for cmd in shipwright sw
     complete -c $cmd -f
 
     # Top-level commands (includes groups and flat commands)

package/config/defaults.json

@@ -0,0 +1,111 @@
+{
+  "$schema": "https://shipwright.dev/schemas/defaults-v1.json",
+  "description": "Default values for all Shipwright tunables. Override via daemon-config.json, config/policy.json, or SHIPWRIGHT_* env vars.",
+  "version": "1",
+  "network": {
+    "connect_timeout": 10,
+    "max_time": 60,
+    "gh_timeout": 30,
+    "retry_count": 3,
+    "retry_delay": 2
+  },
+  "daemon": {
+    "poll_interval": 30,
+    "max_parallel": 4,
+    "watch_label": "shipwright",
+    "issue_limit": 100,
+    "on_success_remove_label": true,
+    "health_check_interval": 60,
+    "stale_job_timeout_hours": 2,
+    "branch_pattern": "shipwright/issue-{issue}",
+    "worktree_dir": ".worktrees"
+  },
+  "pipeline": {
+    "max_iterations": 20,
+    "build_test_retries": 3,
+    "claude_timeout": 1800,
+    "heartbeat_interval": 30,
+    "branch_pattern": "shipwright/issue-{issue}",
+    "stage_order": [
+      "intake",
+      "plan",
+      "design",
+      "build",
+      "test",
+      "review",
+      "compound_quality",
+      "pr",
+      "merge",
+      "deploy",
+      "validate",
+      "monitor"
+    ]
+  },
+  "loop": {
+    "claude_timeout": 1800,
+    "sleep_between_iterations": 2,
+    "max_restarts": 0,
+    "fast_test_interval": 5,
+    "convergence_threshold": 3,
+    "multi_agent_sleep": 5
+  },
+  "dashboard": {
+    "port": 8767,
+    "poll_interval_ms": 2000,
+    "ws_heartbeat_ms": 30000
+  },
+  "webhook": {
+    "port": 8765,
+    "secret_length": 32,
+    "max_payload_bytes": 1048576
+  },
+  "urls": {
+    "linear_api": "https://api.linear.app/graphql",
+    "github_api": "https://api.github.com",
+    "github_device_code": "https://github.com/login/device/code",
+    "github_device_login": "https://github.com/login/device",
+    "otel_endpoint": "http://localhost:4318",
+    "tpm_repo": "https://github.com/tmux-plugins/tpm",
+    "bun_install": "https://bun.sh/install"
+  },
+  "intelligence": {
+    "cache_ttl": 3600,
+    "complexity_bands": { "low": 3, "medium": 6, "high": 10 },
+    "miss_rate_high": 30,
+    "miss_rate_low": 5,
+    "anomaly_threshold": 3.0,
+    "ab_test_ratio": 0.2,
+    "claude_timeout": 60
+  },
+  "quality": {
+    "gate_score_threshold": 70,
+    "secret_threshold": 3,
+    "min_file_count": 10,
+    "score_weight_per_file": 25,
+    "pass_rate_threshold": 5.0
+  },
+  "cleanup": {
+    "artifact_age_days": 7,
+    "heartbeat_stale_seconds": 300,
+    "checkpoint_max_count": 10
+  },
+  "labels": {
+    "watch": "shipwright",
+    "ready_to_build": "ready-to-build",
+    "hotfix": "hotfix",
+    "claimed_prefix": "claimed:",
+    "incident": ["hotfix", "shipwright"],
+    "incident_labels": "hotfix,shipwright",
+    "harness_gap": ["harness-gap", "shipwright"],
+    "harness_gap_labels": "harness-gap,shipwright"
+  },
+  "limits": {
+    "triage_issues": 100,
+    "triage_unlabeled": 50,
+    "strategic_closed": 30,
+    "dora_days": 30,
+    "log_tail_lines": 100,
+    "function_scan_limit": 0,
+    "dependency_scan_limit": 0
+  }
+}

package/config/event-schema.json

@@ -0,0 +1,81 @@
+{
+  "$schema": "https://shipwright.dev/schemas/events-v1.json",
+  "description": "Known Shipwright event types and their expected fields",
+  "version": "1",
+  "event_types": {
+    "pipeline.started": {
+      "required": ["job_id"],
+      "optional": ["issue", "goal", "template"]
+    },
+    "pipeline.completed": {
+      "required": ["job_id"],
+      "optional": ["duration_s", "result"]
+    },
+    "pipeline.failed": {
+      "required": ["job_id"],
+      "optional": ["error", "stage"]
+    },
+    "stage.started": { "required": ["job_id", "stage"], "optional": [] },
+    "stage.completed": {
+      "required": ["job_id", "stage"],
+      "optional": ["duration_s"]
+    },
+    "stage.failed": { "required": ["job_id", "stage"], "optional": ["error"] },
+    "daemon.started": { "required": [], "optional": ["pid", "mode"] },
+    "daemon.stopped": { "required": [], "optional": ["reason"] },
+    "daemon.claimed": { "required": ["issue"], "optional": ["repo", "title"] },
+    "daemon.released": { "required": ["issue"], "optional": ["reason"] },
+    "daemon.spawn": {
+      "required": ["issue"],
+      "optional": ["template", "worktree"]
+    },
+    "daemon.complete": {
+      "required": ["issue"],
+      "optional": ["result", "duration_s"]
+    },
+    "daemon.failure": {
+      "required": ["issue"],
+      "optional": ["error", "retry_count"]
+    },
+    "loop.started": { "required": [], "optional": ["goal", "test_cmd"] },
+    "loop.iteration": {
+      "required": ["iteration"],
+      "optional": ["test_result"]
+    },
+    "loop.completed": { "required": [], "optional": ["iterations", "result"] },
+    "cost.recorded": {
+      "required": ["cost_usd"],
+      "optional": ["model", "tokens_in", "tokens_out", "stage"]
+    },
+    "intelligence.analysis": {
+      "required": ["analysis_type"],
+      "optional": ["result", "cache_hit"]
+    },
+    "memory.captured": {
+      "required": ["memory_type"],
+      "optional": ["pattern", "repo"]
+    },
+    "quality.gate": {
+      "required": ["gate_name", "passed"],
+      "optional": ["score", "details"]
+    },
+    "pr.created": {
+      "required": ["pr_number"],
+      "optional": ["title", "branch"]
+    },
+    "deploy.started": { "required": ["environment"], "optional": ["version"] },
+    "deploy.completed": {
+      "required": ["environment"],
+      "optional": ["version", "duration_s"]
+    },
+    "heartbeat.write": {
+      "required": ["job_id"],
+      "optional": ["stage", "iteration"]
+    },
+    "session.started": {
+      "required": ["session_id"],
+      "optional": ["template", "agents"]
+    },
+    "session.ended": { "required": ["session_id"], "optional": ["duration_s"] }
+  }
+}

package/config/policy.json

@@ -1,7 +1,160 @@
 {
   "$schema": "https://shipwright.dev/schemas/policy-v1.json",
-  "description": "Central policy for Shipwright — timeouts, limits, thresholds. Prefer adaptive/learned overrides when available.",
-  "version": "1",
+  "description": "Central policy for Shipwright — timeouts, limits, thresholds, risk tiers, merge gates. Single source of truth for the Code Factory pattern.",
+  "version": "2",
+  "riskTierRules": {
+    "critical": [
+      "config/policy.json",
+      "config/policy.schema.json",
+      ".github/workflows/**",
+      ".claude/hooks/**",
+      "scripts/lib/policy.sh"
+    ],
+    "high": [
+      "scripts/sw-pipeline.sh",
+      "scripts/sw-daemon.sh",
+      "scripts/sw-pr-lifecycle.sh",
+      "scripts/sw-incident.sh",
+      "scripts/sw-security-audit.sh",
+      "scripts/sw-github-checks.sh",
+      "scripts/sw-github-graphql.sh",
+      "scripts/sw-github-deploy.sh",
+      "scripts/lib/pipeline-stages.sh",
+      "scripts/lib/pipeline-quality.sh",
+      "dashboard/server.ts"
+    ],
+    "medium": [
+      "scripts/sw-*.sh",
+      "scripts/lib/*.sh",
+      "dashboard/**",
+      "templates/pipelines/**"
+    ],
+    "low": ["docs/**", "website/**", "**/*.md", "**"]
+  },
+  "mergePolicy": {
+    "critical": {
+      "requiredChecks": [
+        "risk-policy-gate",
+        "test",
+        "smoke",
+        "platform-health",
+        "shellcheck"
+      ],
+      "requiredReviewers": 1,
+      "requiredEvidence": ["cli", "api"],
+      "requireDocsDriftCheck": true
+    },
+    "high": {
+      "requiredChecks": ["risk-policy-gate", "test", "smoke"],
+      "requiredReviewers": 0,
+      "requiredEvidence": ["cli"],
+      "requireDocsDriftCheck": false
+    },
+    "medium": {
+      "requiredChecks": ["risk-policy-gate", "test"],
+      "requiredReviewers": 0,
+      "requiredEvidence": [],
+      "requireDocsDriftCheck": false
+    },
+    "low": {
+      "requiredChecks": ["risk-policy-gate"],
+      "requiredReviewers": 0,
+      "requiredEvidence": [],
+      "requireDocsDriftCheck": false
+    }
+  },
+  "docsDriftRules": {
+    "trackedPairs": [
+      {
+        "source": "config/policy.json",
+        "docs": ["docs/config-policy.md", "README.md"]
+      },
+      {
+        "source": ".github/workflows/**",
+        "docs": ["docs/config-policy.md"]
+      },
+      {
+        "source": "scripts/sw-pipeline.sh",
+        "docs": ["website/src/content/docs/guides/pipeline.mdx"]
+      }
+    ],
+    "failOnDrift": false,
+    "warnOnDrift": true
+  },
+  "evidence": {
+    "artifactMaxAgeMinutes": 30,
+    "requireFreshArtifacts": true,
+    "collectors": [
+      {
+        "name": "dashboard-loads",
+        "type": "browser",
+        "entrypoint": "/",
+        "baseUrl": "http://localhost:8767",
+        "assertions": ["page-title-visible", "websocket-connected"]
+      },
+      {
+        "name": "pipeline-status",
+        "type": "browser",
+        "entrypoint": "/pipeline",
+        "baseUrl": "http://localhost:8767",
+        "assertions": ["stage-list-rendered", "progress-indicator-visible"]
+      },
+      {
+        "name": "dashboard-api-health",
+        "type": "api",
+        "method": "GET",
+        "url": "http://localhost:8767/api/health",
+        "expectedStatus": 200,
+        "assertions": ["status-ok", "response-has-version"]
+      },
+      {
+        "name": "dashboard-ws-connect",
+        "type": "api",
+        "method": "GET",
+        "url": "http://localhost:8767/api/ws-status",
+        "expectedStatus": 200,
+        "assertions": ["websocket-active"]
+      },
+      {
+        "name": "pipeline-cli-smoke",
+        "type": "cli",
+        "command": "bash scripts/sw-pipeline.sh status",
+        "expectedExitCode": 0,
+        "assertions": ["has-pipeline-state"]
+      },
+      {
+        "name": "policy-validation",
+        "type": "cli",
+        "command": "jq empty config/policy.json",
+        "expectedExitCode": 0,
+        "assertions": ["valid-json"]
+      },
+      {
+        "name": "db-schema-integrity",
+        "type": "database",
+        "command": "bash scripts/sw-db.sh health",
+        "expectedExitCode": 0,
+        "assertions": ["schema-valid", "db-accessible"]
+      }
+    ]
+  },
+  "harnessGapPolicy": {
+    "enabled": true,
+    "p0SlaHours": 24,
+    "p1SlaHours": 72,
+    "p2SlaHours": 168,
+    "autoCreateGapIssue": true,
+    "requireTestCaseBeforeClose": true
+  },
+  "codeReviewAgent": {
+    "provider": "internal",
+    "rerunMarker": "<!-- shipwright-review-rerun -->",
+    "timeoutMinutes": 20,
+    "treatVulnerabilityLanguageAsActionable": true,
+    "treatWeakConfidenceAsActionable": true,
+    "autoResolveBotsOnlyThreads": true,
+    "neverAutoResolveHumanThreads": true
+  },
   "daemon": {
     "poll_interval_seconds": 60,
     "health_heartbeat_timeout": 120,