sinapse-ai 1.21.0 → 1.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/rules/coderabbit-integration.md +6 -0
- package/.claude/rules/documentation-first-reference.md +146 -0
- package/.claude/rules/documentation-first.md +27 -119
- package/.claude/rules/mandatory-delegation-reference.md +93 -0
- package/.claude/rules/mandatory-delegation.md +29 -93
- package/.claude/rules/project-intelligence-reference.md +159 -0
- package/.claude/rules/project-intelligence.md +37 -155
- package/.claude/rules/safe-collaboration-reference.md +163 -0
- package/.claude/rules/safe-collaboration.md +32 -173
- package/.sinapse-ai/core/doctor/checks/index.js +1 -1
- package/.sinapse-ai/core/execution/build-orchestrator.js +4 -3
- package/.sinapse-ai/core/execution/subagent-dispatcher.js +2 -2
- package/.sinapse-ai/core/ideation/ideation-engine.js +2 -1
- package/.sinapse-ai/core/orchestration/cli-commands.js +13 -0
- package/.sinapse-ai/core/orchestration/doc-first-resolver.js +93 -2
- package/.sinapse-ai/core/orchestration/executors/epic-3-executor.js +15 -2
- package/.sinapse-ai/core/orchestration/executors/epic-4-executor.js +3 -1
- package/.sinapse-ai/core/orchestration/index.js +5 -0
- package/.sinapse-ai/core/orchestration/spec-complexity.js +141 -0
- package/.sinapse-ai/core-config.yaml +30 -0
- package/.sinapse-ai/data/entity-registry.yaml +46 -25
- package/.sinapse-ai/development/agents/architect.md +3 -15
- package/.sinapse-ai/development/agents/data-engineer.md +3 -15
- package/.sinapse-ai/development/agents/developer.md +3 -24
- package/.sinapse-ai/development/agents/devops.md +4 -25
- package/.sinapse-ai/development/agents/quality-gate.md +3 -25
- package/.sinapse-ai/development/knowledge-base/token-economy-guide.md +1 -1
- package/.sinapse-ai/development/tasks/resolve-github-issue.md +1 -1
- package/.sinapse-ai/docs/standards/SINAPSE-LIVRO-DE-OURO-V2.1-COMPLETE.md +6 -2
- package/.sinapse-ai/docs/standards/SINAPSE-LIVRO-DE-OURO-V2.2-SUMMARY.md +4 -1
- package/.sinapse-ai/install-manifest.yaml +44 -40
- package/.sinapse-ai/product/templates/story-tmpl.yaml +11 -6
- package/.sinapse-ai/quality/judge-calibration/README.md +75 -0
- package/.sinapse-ai/quality/judge-calibration/calibration-log.md +70 -0
- package/.sinapse-ai/quality/judge-calibration/golden-set.json +105 -0
- package/.sinapse-ai/quality/judge-calibration/scenarios.json +90 -0
- package/CHANGELOG.md +38 -8
- package/README.en.md +1 -1
- package/README.md +6 -6
- package/bin/sinapse-minimal.js +5 -4
- package/docs/community/README-community-snippet-core.md +1 -1
- package/docs/community/README-community-snippet-mcp.md +2 -2
- package/docs/framework/README.md +2 -2
- package/docs/framework/architecture-overview.md +2 -2
- package/docs/framework/core-architecture.md +1 -1
- package/docs/framework/feature-process.md +5 -5
- package/docs/framework/guiding-principles.md +1 -1
- package/docs/framework/roadmap.md +4 -4
- package/docs/framework/source-tree.md +1 -1
- package/docs/framework/versioning-and-releases.md +1 -1
- package/docs/getting-started.md +1 -1
- package/docs/guides/agent-selection-guide.md +1 -1
- package/docs/guides/agents/traces/README.md +1 -1
- package/docs/guides/config-migration-guide.md +1 -1
- package/docs/guides/development-setup.md +1 -1
- package/docs/guides/docker-mcp-setup.md +5 -5
- package/docs/guides/getting-started.md +1 -1
- package/docs/guides/git-workflow-guide.md +3 -3
- package/docs/guides/ide-integration.md +3 -3
- package/docs/guides/ide-sync-guide.md +1 -1
- package/docs/guides/mcp/desktop-commander.md +2 -2
- package/docs/guides/mcp/docker-gateway-tutorial.md +1 -1
- package/docs/guides/mcp-global-setup.md +3 -3
- package/docs/guides/memory-intelligence-system.md +10 -10
- package/docs/guides/meta-agent-commands.md +1 -1
- package/docs/guides/quality-gates.md +1 -1
- package/docs/guides/security-hardening.md +1 -1
- package/docs/guides/service-discovery.md +1 -1
- package/docs/guides/squad-examples/README.md +1 -1
- package/docs/guides/squads-guide.md +1 -1
- package/docs/guides/testing-guide.md +2 -2
- package/docs/guides/user-guide.md +22 -22
- package/docs/guides/workflows/BROWNFIELD-DISCOVERY-WORKFLOW.md +3 -3
- package/docs/guides/workflows/BROWNFIELD-SERVICE-WORKFLOW.md +1 -1
- package/docs/guides/workflows/GREENFIELD-UI-WORKFLOW.md +2 -2
- package/docs/guides/workflows/SPEC-PIPELINE-WORKFLOW.md +3 -3
- package/docs/guides/workflows/STORY-DEVELOPMENT-CYCLE-WORKFLOW.md +3 -3
- package/docs/guides/workflows/pro-developer-workflow.md +2 -2
- package/docs/guides/workflows-guide.md +1 -1
- package/docs/guides/workflows-overview.md +1 -1
- package/docs/installation/npx-install.md +1 -1
- package/docs/installation/uninstallation.md +1 -1
- package/docs/installation/v4-quick-start.md +1 -1
- package/docs/pt/guides/user-guide.md +18 -18
- package/docs/pt/security.md +2 -2
- package/docs/security/overview.md +2 -2
- package/docs/security/security-best-practices.md +1 -1
- package/docs/sinapse-agent-flows/architect-system.md +1 -1
- package/docs/sinapse-agent-flows/data-engineer-system.md +1 -1
- package/docs/sinapse-agent-flows/dev-system.md +1 -1
- package/docs/sinapse-agent-flows/devops-system.md +2 -2
- package/docs/sinapse-agent-flows/qa-system.md +1 -1
- package/docs/sinapse-agent-flows/sm-system.md +2 -2
- package/docs/sinapse-agent-flows/snps-orqx-system.md +4 -4
- package/docs/sinapse-agent-flows/squad-creator-system.md +1 -1
- package/docs/sinapse-workflows/README.md +2 -2
- package/docs/sinapse-workflows/brownfield-discovery-workflow.md +3 -3
- package/docs/sinapse-workflows/brownfield-service-workflow.md +3 -3
- package/docs/sinapse-workflows/greenfield-ui-workflow.md +2 -2
- package/docs/sinapse-workflows/spec-pipeline-workflow.md +3 -3
- package/docs/sinapse-workflows/story-development-cycle-workflow.md +3 -3
- package/docs/troubleshooting.md +1 -1
- package/package.json +5 -1
- package/scripts/calibrate-judge.js +134 -0
- package/scripts/validate-all.js +5 -0
- package/scripts/validate-constitution.js +58 -0
- package/scripts/validate-story-acs.js +174 -0
- package/scripts/validate-tool-descriptions.js +128 -0
- package/scripts/wave-gate.js +1 -1
- package/squads/claude-code-mastery/agents/project-integrator.md +3 -10
- package/squads/claude-code-mastery/knowledge-base/context-window-optimization.md +2 -2
- package/squads/claude-code-mastery/knowledge-base/memory-systems-reference.md +1 -1
- package/squads/squad-copy/knowledge-base/ai-copy-human-loop-canon.md +1 -1
|
@@ -7,9 +7,9 @@
|
|
|
7
7
|
# - SHA256 hashes for change detection
|
|
8
8
|
# - File types for categorization
|
|
9
9
|
#
|
|
10
|
-
version: 1.
|
|
10
|
+
version: 1.22.0
|
|
11
11
|
generator: scripts/generate-install-manifest.js
|
|
12
|
-
file_count:
|
|
12
|
+
file_count: 1155
|
|
13
13
|
files:
|
|
14
14
|
- path: cli/commands/config/index.js
|
|
15
15
|
hash: sha256:bfa83cb1dc111b0b30dd298dc0abc2150b73f939b6cd4458effa8e6d407bc9e2
|
|
@@ -192,9 +192,9 @@ files:
|
|
|
192
192
|
type: cli
|
|
193
193
|
size: 5908
|
|
194
194
|
- path: core-config.yaml
|
|
195
|
-
hash: sha256:
|
|
195
|
+
hash: sha256:cf8a5e6baaff0c26eaeebcdb876f6f329278e81e6b5448499b622c47772c3bf1
|
|
196
196
|
type: config
|
|
197
|
-
size:
|
|
197
|
+
size: 15012
|
|
198
198
|
- path: core/atlas/atlas-data.js
|
|
199
199
|
hash: sha256:ab6ef91bd2de1498dbe3892a80b5f18d67624db1fb2da74b0e53f83de902f383
|
|
200
200
|
type: core
|
|
@@ -392,9 +392,9 @@ files:
|
|
|
392
392
|
type: core
|
|
393
393
|
size: 3671
|
|
394
394
|
- path: core/doctor/checks/index.js
|
|
395
|
-
hash: sha256:
|
|
395
|
+
hash: sha256:1bbf4cff649bbf88729c33df95391d342ebd7c0fa55082f7c2421c460f254659
|
|
396
396
|
type: core
|
|
397
|
-
size:
|
|
397
|
+
size: 1540
|
|
398
398
|
- path: core/doctor/checks/manifest-version-parity.js
|
|
399
399
|
hash: sha256:ffb698eed47364abccf28ce9d3a07529ac00096f6993a4d03359998b364e8329
|
|
400
400
|
type: core
|
|
@@ -496,9 +496,9 @@ files:
|
|
|
496
496
|
type: core
|
|
497
497
|
size: 34474
|
|
498
498
|
- path: core/execution/build-orchestrator.js
|
|
499
|
-
hash: sha256:
|
|
499
|
+
hash: sha256:d115167d203651b7288c1ee2f2a3b2d1bc0b09d624d8e7bd0123c27574890b53
|
|
500
500
|
type: core
|
|
501
|
-
size:
|
|
501
|
+
size: 44135
|
|
502
502
|
- path: core/execution/build-state-manager.js
|
|
503
503
|
hash: sha256:3b2fe56bf0e1a480f663a02afbb83c6d11cf89fb56815381c7ccafab948a63ae
|
|
504
504
|
type: core
|
|
@@ -512,9 +512,9 @@ files:
|
|
|
512
512
|
type: core
|
|
513
513
|
size: 14652
|
|
514
514
|
- path: core/execution/subagent-dispatcher.js
|
|
515
|
-
hash: sha256:
|
|
515
|
+
hash: sha256:d7c440006585bd750d88da6926a766055e4b5bcb01974f30b4fc1fe8812c91a5
|
|
516
516
|
type: core
|
|
517
|
-
size:
|
|
517
|
+
size: 32206
|
|
518
518
|
- path: core/external-executors/delegate-cli.js
|
|
519
519
|
hash: sha256:e56313ca703a4fccf64e0eec958ceb9f84e5d7a3f1c84c22b12375a9b5b58bc1
|
|
520
520
|
type: core
|
|
@@ -776,9 +776,9 @@ files:
|
|
|
776
776
|
type: core
|
|
777
777
|
size: 7763
|
|
778
778
|
- path: core/ideation/ideation-engine.js
|
|
779
|
-
hash: sha256:
|
|
779
|
+
hash: sha256:9fbbd66ea38bc08696e42abca30810ae55e3c80aca703ec2ab0f7657eb3566be
|
|
780
780
|
type: core
|
|
781
|
-
size:
|
|
781
|
+
size: 27657
|
|
782
782
|
- path: core/ids/circuit-breaker.js
|
|
783
783
|
hash: sha256:d9ff8c6e540902457b17aba668ff67c04d40564ed479993ad3c4807fb8c09c3f
|
|
784
784
|
type: core
|
|
@@ -936,9 +936,9 @@ files:
|
|
|
936
936
|
type: core
|
|
937
937
|
size: 10096
|
|
938
938
|
- path: core/orchestration/cli-commands.js
|
|
939
|
-
hash: sha256:
|
|
939
|
+
hash: sha256:55fe402101964487a8ad91c99a3cf1f2af3832a58bda294244cf5abb46fd8654
|
|
940
940
|
type: core
|
|
941
|
-
size:
|
|
941
|
+
size: 24239
|
|
942
942
|
- path: core/orchestration/condition-evaluator.js
|
|
943
943
|
hash: sha256:c90c2b1506d72ce8c468b8b2b90cf4116fd1fc441eb591e8ce09dbcb75e28c00
|
|
944
944
|
type: core
|
|
@@ -956,9 +956,9 @@ files:
|
|
|
956
956
|
type: core
|
|
957
957
|
size: 10880
|
|
958
958
|
- path: core/orchestration/doc-first-resolver.js
|
|
959
|
-
hash: sha256:
|
|
959
|
+
hash: sha256:70ed2b0522825e74cdd229ee2e5c9a3908a026f229a7803edfee9aa7c8a69ec5
|
|
960
960
|
type: core
|
|
961
|
-
size:
|
|
961
|
+
size: 19360
|
|
962
962
|
- path: core/orchestration/epic-context-accumulator.js
|
|
963
963
|
hash: sha256:9f38c7e3b4de7fbcfeae5fe1dc88aa3f0ae38667f1dc1da025519d40b3b9daa9
|
|
964
964
|
type: core
|
|
@@ -972,13 +972,13 @@ files:
|
|
|
972
972
|
type: core
|
|
973
973
|
size: 11379
|
|
974
974
|
- path: core/orchestration/executors/epic-3-executor.js
|
|
975
|
-
hash: sha256:
|
|
975
|
+
hash: sha256:adbf4790f4381727be0a5e6842d05471f92bbf6475495a1241f8799a95559add
|
|
976
976
|
type: core
|
|
977
|
-
size:
|
|
977
|
+
size: 10209
|
|
978
978
|
- path: core/orchestration/executors/epic-4-executor.js
|
|
979
|
-
hash: sha256:
|
|
979
|
+
hash: sha256:9cf89dad552b9ea369fd9274fe1d14d3860f5150154c73d30a7883c18ce89931
|
|
980
980
|
type: core
|
|
981
|
-
size:
|
|
981
|
+
size: 11868
|
|
982
982
|
- path: core/orchestration/executors/epic-5-executor.js
|
|
983
983
|
hash: sha256:865224cd6cb1f80c1228e149349aea5c335440201c9047f849d2ec85b73d3f03
|
|
984
984
|
type: core
|
|
@@ -1008,9 +1008,9 @@ files:
|
|
|
1008
1008
|
type: core
|
|
1009
1009
|
size: 44211
|
|
1010
1010
|
- path: core/orchestration/index.js
|
|
1011
|
-
hash: sha256:
|
|
1011
|
+
hash: sha256:8e147f32b272bb7e1f1431773a788152b76277e6c51f3954e78a02a15fcf9978
|
|
1012
1012
|
type: core
|
|
1013
|
-
size:
|
|
1013
|
+
size: 9601
|
|
1014
1014
|
- path: core/orchestration/lock-manager.js
|
|
1015
1015
|
hash: sha256:b269b3c17d575f2dbca8e749585ad9133ab60dbfd7d74a85e6a776d2bb1909b4
|
|
1016
1016
|
type: core
|
|
@@ -1043,6 +1043,10 @@ files:
|
|
|
1043
1043
|
hash: sha256:321eee21d44c8c2548a4a989b4fd9bd13782dc95f917098d67c514e0886000f5
|
|
1044
1044
|
type: core
|
|
1045
1045
|
size: 10564
|
|
1046
|
+
- path: core/orchestration/spec-complexity.js
|
|
1047
|
+
hash: sha256:98263efa7189b42e8747929886eddb84b047083369d5636a401141de5b13385a
|
|
1048
|
+
type: core
|
|
1049
|
+
size: 4631
|
|
1046
1050
|
- path: core/orchestration/subagent-prompt-builder.js
|
|
1047
1051
|
hash: sha256:1b566f9cdd35df9ab33e13f36adb4e356c538665421637b2f4e57fc32bb67483
|
|
1048
1052
|
type: core
|
|
@@ -1364,9 +1368,9 @@ files:
|
|
|
1364
1368
|
type: data
|
|
1365
1369
|
size: 9671
|
|
1366
1370
|
- path: data/entity-registry.yaml
|
|
1367
|
-
hash: sha256:
|
|
1371
|
+
hash: sha256:4da795f0c48efdb220f5fba360a0ee5537a6664b612db4692db94319c1f5c402
|
|
1368
1372
|
type: data
|
|
1369
|
-
size:
|
|
1373
|
+
size: 558557
|
|
1370
1374
|
- path: data/learned-patterns.yaml
|
|
1371
1375
|
hash: sha256:1a4cd045c087b9dfd7046ff1464a9d2edb85fba77cf0b6fba14f4bb9004c741e
|
|
1372
1376
|
type: data
|
|
@@ -1472,21 +1476,21 @@ files:
|
|
|
1472
1476
|
type: agent
|
|
1473
1477
|
size: 14918
|
|
1474
1478
|
- path: development/agents/architect.md
|
|
1475
|
-
hash: sha256:
|
|
1479
|
+
hash: sha256:eb26e12277ff48e41af5147a72bed8ddf96139546b07a9c75b29970edb7a912b
|
|
1476
1480
|
type: agent
|
|
1477
|
-
size:
|
|
1481
|
+
size: 23345
|
|
1478
1482
|
- path: development/agents/data-engineer.md
|
|
1479
|
-
hash: sha256:
|
|
1483
|
+
hash: sha256:de529096dfe0e8b1cb05f664e0caa9e58b7a941bb497580cd8a4bb51d0756867
|
|
1480
1484
|
type: agent
|
|
1481
|
-
size:
|
|
1485
|
+
size: 22822
|
|
1482
1486
|
- path: development/agents/developer.md
|
|
1483
|
-
hash: sha256:
|
|
1487
|
+
hash: sha256:5de86f5515bf49214328bd32983bba73e7789c0864e66b18af51d2534213a199
|
|
1484
1488
|
type: agent
|
|
1485
|
-
size:
|
|
1489
|
+
size: 27322
|
|
1486
1490
|
- path: development/agents/devops.md
|
|
1487
|
-
hash: sha256:
|
|
1491
|
+
hash: sha256:e3a95759b775fdf27934fe5b2a6448b7eb1c98904c2a974c3db20dd7859e8e02
|
|
1488
1492
|
type: agent
|
|
1489
|
-
size:
|
|
1493
|
+
size: 25968
|
|
1490
1494
|
- path: development/agents/product-lead.md
|
|
1491
1495
|
hash: sha256:a0d13d7e04c602000eae91dff54bf4030f11e29b4182e04c763c381086b9e7b7
|
|
1492
1496
|
type: agent
|
|
@@ -1496,9 +1500,9 @@ files:
|
|
|
1496
1500
|
type: agent
|
|
1497
1501
|
size: 16959
|
|
1498
1502
|
- path: development/agents/quality-gate.md
|
|
1499
|
-
hash: sha256:
|
|
1503
|
+
hash: sha256:0d1dadd456826d1604d9009d12549bd0bb0b9e289775c791ad5d3094c5a8a388
|
|
1500
1504
|
type: agent
|
|
1501
|
-
size:
|
|
1505
|
+
size: 21342
|
|
1502
1506
|
- path: development/agents/snps-orqx.md
|
|
1503
1507
|
hash: sha256:8e4145cdf25f57d366e0f6b3563e907c7a3ba8b2d6d3af0a6e573927f4a0321c
|
|
1504
1508
|
type: agent
|
|
@@ -1596,9 +1600,9 @@ files:
|
|
|
1596
1600
|
type: development
|
|
1597
1601
|
size: 10414
|
|
1598
1602
|
- path: development/knowledge-base/token-economy-guide.md
|
|
1599
|
-
hash: sha256:
|
|
1603
|
+
hash: sha256:bb10715f48778453f5f44bb99244cc4c000de06117ef4e123fe5795a2d30887f
|
|
1600
1604
|
type: development
|
|
1601
|
-
size:
|
|
1605
|
+
size: 6004
|
|
1602
1606
|
- path: development/README.md
|
|
1603
1607
|
hash: sha256:cb3aa87366eba1adebeb1f033c62e3cfc2a65430dc456914808b2c108884ebf2
|
|
1604
1608
|
type: development
|
|
@@ -2496,9 +2500,9 @@ files:
|
|
|
2496
2500
|
type: task
|
|
2497
2501
|
size: 8687
|
|
2498
2502
|
- path: development/tasks/resolve-github-issue.md
|
|
2499
|
-
hash: sha256:
|
|
2503
|
+
hash: sha256:288ab27dfcc8337e4502bfc4e713b03f39635bc3bdd25a78ff1c3953ac02e0a1
|
|
2500
2504
|
type: task
|
|
2501
|
-
size:
|
|
2505
|
+
size: 18277
|
|
2502
2506
|
- path: development/tasks/review-contributor-pr.md
|
|
2503
2507
|
hash: sha256:e5a4aabbb2d35bdbc8fd8c624df1c38bff3106eadb6d1b961143d27c8b139b57
|
|
2504
2508
|
type: task
|
|
@@ -4240,9 +4244,9 @@ files:
|
|
|
4240
4244
|
type: template
|
|
4241
4245
|
size: 10990
|
|
4242
4246
|
- path: product/templates/story-tmpl.yaml
|
|
4243
|
-
hash: sha256:
|
|
4247
|
+
hash: sha256:3dbcd522e69b86715f32eaf0cd13ce3a2631b5d2fc4f068c33df9593b6dbbfc2
|
|
4244
4248
|
type: template
|
|
4245
|
-
size:
|
|
4249
|
+
size: 17050
|
|
4246
4250
|
- path: product/templates/story.hbs
|
|
4247
4251
|
hash: sha256:126c55c30e2e49816acc7c1712e71e7c26874b010edfe34e8d7890bac67095b2
|
|
4248
4252
|
type: template
|
|
@@ -97,7 +97,12 @@ sections:
|
|
|
97
97
|
- id: acceptance-criteria
|
|
98
98
|
title: Acceptance Criteria
|
|
99
99
|
type: numbered-list
|
|
100
|
-
instruction:
|
|
100
|
+
instruction: >-
|
|
101
|
+
Write each acceptance criterion in executable Given/When/Then form, tracing
|
|
102
|
+
to the epic's numbered ACs. Example: "AC1: Given <context/state>, When
|
|
103
|
+
<action>, Then <observable outcome>." GWT is the preferred format
|
|
104
|
+
(story-lifecycle.md) — `npm run validate:story-acs` flags non-GWT ACs as
|
|
105
|
+
advisory. Free-form ACs remain valid but should be the exception.
|
|
101
106
|
elicit: true
|
|
102
107
|
owner: scrum-master
|
|
103
108
|
editors: [scrum-master]
|
|
@@ -307,11 +312,11 @@ sections:
|
|
|
307
312
|
- If there were important notes from previous story that are relevant to this one, include them here
|
|
308
313
|
- Put enough information in this section so that the dev agent should NEVER need to read the architecture documents, these notes along with the tasks and subtasks must give the Dev Agent the complete context it needs to comprehend with the least amount of overhead the information to complete the story, meeting all AC and completing all tasks+subtasks
|
|
309
314
|
|
|
310
|
-
**
|
|
315
|
+
**Frontier-Model Optimization — Upfront Spec Block (REQUIRED):**
|
|
311
316
|
The Dev Notes MUST begin with an "Upfront Spec" structured block (see `upfront-spec` sub-section).
|
|
312
317
|
This consolidates intent + constraints + AC summary + key file locations at the top of Dev Notes,
|
|
313
318
|
so the developer agent loads the full problem specification in one read instead of discovering
|
|
314
|
-
it mid-implementation. Adaptive thinking in Opus
|
|
319
|
+
it mid-implementation. Adaptive thinking in frontier models (Opus/Fable family) benefits strongly from upfront specification.
|
|
315
320
|
elicit: true
|
|
316
321
|
owner: scrum-master
|
|
317
322
|
editors: [scrum-master]
|
|
@@ -322,7 +327,7 @@ sections:
|
|
|
322
327
|
**REQUIRED — appears at the TOP of Dev Notes.**
|
|
323
328
|
|
|
324
329
|
Consolidate the full problem specification in a single structured block, so the developer
|
|
325
|
-
agent has everything needed before making the first tool call. This is
|
|
330
|
+
agent has everything needed before making the first tool call. This is a frontier-model best
|
|
326
331
|
practice: upfront specification reduces mid-task re-planning and improves adaptive thinking
|
|
327
332
|
quality.
|
|
328
333
|
|
|
@@ -348,11 +353,11 @@ sections:
|
|
|
348
353
|
- id: prompt-hints
|
|
349
354
|
title: Prompt Hints by Story Type
|
|
350
355
|
instruction: |
|
|
351
|
-
**
|
|
356
|
+
**Adaptive Thinking Hints (STRUCTURED FIELDS — survive YAML parse).**
|
|
352
357
|
|
|
353
358
|
Emit the appropriate hint based on story type classification. These are NOT comments —
|
|
354
359
|
they are structured fields consumed by the developer agent at story load time to calibrate
|
|
355
|
-
thinking depth for
|
|
360
|
+
thinking depth for the frontier model's adaptive reasoning.
|
|
356
361
|
|
|
357
362
|
Story type classification:
|
|
358
363
|
- `critical` → migration, security, architecture, data integrity, irreversible operations
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
# LLM-Judge Calibration
|
|
2
|
+
|
|
3
|
+
> Story `mesa2-llm-judge-calibration` · AF-20260704 Mesa #2.
|
|
4
|
+
> Addresses the finding "the LLM judge decides Done without calibration" — the literal
|
|
5
|
+
> gap (no golden set, no documented process) is now closed; the semantic layer (v2) has a
|
|
6
|
+
> baseline + procedure but no recorded agreement number yet (it has not been run).
|
|
7
|
+
|
|
8
|
+
## What the judge is
|
|
9
|
+
|
|
10
|
+
The agent that decides whether a story is **Done** is `@quality-gate`, invoked by
|
|
11
|
+
`Epic6Executor` (`.sinapse-ai/core/orchestration/executors/epic-6-executor.js`). It emits
|
|
12
|
+
free-form review prose ending in a line `VERDICT: APPROVED | NEEDS_REVISION | BLOCKED`.
|
|
13
|
+
`_parseVerdict(output)` turns that prose into the binary verdict — and `APPROVED` is what
|
|
14
|
+
marks the work Done. So there are **two layers** to a correct verdict:
|
|
15
|
+
|
|
16
|
+
1. **Semantic judgment (the LLM):** did the agent reach the *right* verdict for the change?
|
|
17
|
+
2. **Verdict extraction (deterministic code):** did `_parseVerdict` correctly read the verdict
|
|
18
|
+
the agent expressed? This is the seam where "LLM prose" becomes "system decides Done."
|
|
19
|
+
|
|
20
|
+
## The golden set
|
|
21
|
+
|
|
22
|
+
`golden-set.json` is the **human baseline**: realistic review outputs, each labeled with the
|
|
23
|
+
verdict a human considers correct, with a rationale. It is balanced across all three verdicts and
|
|
24
|
+
includes the tricky edges (no explicit `VERDICT:` line, spaced/hyphenated tokens, conflicting
|
|
25
|
+
signals where an explicit verdict must win, empty output that must never read as approval, and the
|
|
26
|
+
"a blocker dominates" precedence).
|
|
27
|
+
|
|
28
|
+
A golden label is **law**. If a case is ambiguous, fix the label — do not loosen the gate.
|
|
29
|
+
|
|
30
|
+
## v1 — deterministic calibration (automated, CI-gated)
|
|
31
|
+
|
|
32
|
+
`npm run calibrate:judge` runs the **real** `_parseVerdict` (imported via
|
|
33
|
+
`Epic6Executor.prototype`, never re-implemented) over every golden output and requires **100%**
|
|
34
|
+
agreement with the human labels. It reports an expected→predicted confusion map. Because
|
|
35
|
+
`_parseVerdict` is deterministic, any disagreement means one of two things — the parser regressed,
|
|
36
|
+
or a label is wrong — and both demand action. This is also enforced in CI by
|
|
37
|
+
`tests/scripts/calibrate-judge.test.js`.
|
|
38
|
+
|
|
39
|
+
What this layer guarantees is the **safe direction** of the extraction seam: for the recognized
|
|
40
|
+
verdict vocabulary it reads the expressed verdict faithfully, and outside it, it **never fabricates
|
|
41
|
+
approval and never silently flips an explicit verdict** — out-of-vocabulary or prose-only approvals
|
|
42
|
+
fall to the safe non-approving default by design.
|
|
43
|
+
|
|
44
|
+
## v2 — semantic calibration (live, periodic, NOT in CI)
|
|
45
|
+
|
|
46
|
+
Calibrating the LLM's *judgment* requires running the real `@quality-gate` agent, which is
|
|
47
|
+
non-deterministic and costly (and spawns a nested `claude` process that is unreliable on some
|
|
48
|
+
platforms — see the executor's Windows note). It is therefore a **documented periodic procedure**,
|
|
49
|
+
not a CI gate:
|
|
50
|
+
|
|
51
|
+
1. Take the `scenario` behind each golden case (the code change + test state that would produce
|
|
52
|
+
such a review) from `scenarios.json`, feed it to the real `@quality-gate` judge.
|
|
53
|
+
2. Compare the agent's emitted verdict (extracted with the production `_parseVerdict`) to the
|
|
54
|
+
golden `expected`.
|
|
55
|
+
3. Track agreement over time. Target: **≥ 90%** agreement on the golden scenarios; below that, the
|
|
56
|
+
judge prompt/rubric needs work.
|
|
57
|
+
|
|
58
|
+
### Latest measurement
|
|
59
|
+
|
|
60
|
+
**First recorded run — 2026-07-06: 40/42 = 95.2% agreement** (13/14 scenarios majority-correct;
|
|
61
|
+
**perfect 15/15 on all CRITICAL/blocking cases**). Above the 90% target; the single divergence is a
|
|
62
|
+
known-ambiguous MEDIUM-vs-HIGH severity boundary, not a systematic gap. Full breakdown, confusion
|
|
63
|
+
matrix, and divergence analysis in [`calibration-log.md`](./calibration-log.md).
|
|
64
|
+
|
|
65
|
+
> **Honesty note.** v1 does not auto-calibrate the LLM's judgment — it locks the deterministic seam
|
|
66
|
+
> and provides the human baseline + procedure for the semantic layer. Do not claim the LLM judge is
|
|
67
|
+
> "calibrated" from a green CI alone. The v2 number above is a point-in-time live measurement, not a
|
|
68
|
+
> CI-enforced guarantee; re-run periodically (labels are law — a systematic miss becomes rubric work,
|
|
69
|
+
> never a label edit).
|
|
70
|
+
|
|
71
|
+
## Feedback loop
|
|
72
|
+
|
|
73
|
+
When the judge decides Done **wrongly** in production (approves broken work, or blocks good work),
|
|
74
|
+
capture that review output as a **new golden case** with the correct human label. The golden set
|
|
75
|
+
grows from real misses, so the calibration tracks reality instead of a frozen synthetic snapshot.
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# LLM-Judge Calibration Log
|
|
2
|
+
|
|
3
|
+
Versioned record of semantic (v2) calibration runs. Each entry measures the real LLM judge's
|
|
4
|
+
agreement with the human-labeled scenarios in `scenarios.json`, using the production
|
|
5
|
+
`_parseVerdict` for extraction. Labels are law; a systematic miss becomes rubric analysis here,
|
|
6
|
+
never a label edit to inflate agreement.
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## Run 2026-07-06 — first recorded measurement
|
|
11
|
+
|
|
12
|
+
| Field | Value |
|
|
13
|
+
|-------|-------|
|
|
14
|
+
| Date | 2026-07-06 |
|
|
15
|
+
| Judge model | frontier tier (Opus-class), via the QA executor prompt contract + quality-gate severity rubric |
|
|
16
|
+
| Scenarios | 14 (human-labeled: 4 approved, 5 blocked, 5 needs_revision) |
|
|
17
|
+
| Judgments | 42 (3 blind independent judgments per scenario) |
|
|
18
|
+
| Extraction | production `Epic6Executor.prototype._parseVerdict` (no re-implementation) |
|
|
19
|
+
| **Agreement** | **40/42 = 95.2%** |
|
|
20
|
+
| Scenarios majority-correct | 13/14 |
|
|
21
|
+
| Target (README v2) | ≥ 90% — **met** |
|
|
22
|
+
|
|
23
|
+
### Confusion matrix (expected → predicted)
|
|
24
|
+
|
|
25
|
+
| Expected \ Predicted | approved | needs_revision | blocked |
|
|
26
|
+
|---|---|---|---|
|
|
27
|
+
| **approved** (12) | 12 | 0 | 0 |
|
|
28
|
+
| **needs_revision** (13) | 2 | 13 | 0 |
|
|
29
|
+
| **blocked** (15) | 0 | 0 | 15 |
|
|
30
|
+
|
|
31
|
+
Read: every `blocked` scenario (all 15 judgments across 5 critical scenarios — SQL injection,
|
|
32
|
+
hardcoded secret, RLS dropped, auth bypass, destructive migration) was caught with **zero misses**.
|
|
33
|
+
Every clear `approved` and `needs_revision` scenario was unanimous. The only divergence is a single
|
|
34
|
+
borderline scenario, below.
|
|
35
|
+
|
|
36
|
+
### Divergences (2 of 42)
|
|
37
|
+
|
|
38
|
+
**`stale-todo-and-debug-logs`** — human label `needs_revision`, judge said `approved` on 2 of 3
|
|
39
|
+
independent judgments (the 3rd agreed: `needs_revision`).
|
|
40
|
+
|
|
41
|
+
- Scenario: implementation meets all ACs and 34 tests pass, but the diff leaves 6
|
|
42
|
+
`console.log('DEBUG cart=', cart)` in the payment path and 2 unresolved `TODO: 3DS fallback` on
|
|
43
|
+
code that throws a generic error.
|
|
44
|
+
- Judge reasoning (approvers): treated both as **MEDIUM technical debt** — "remove the debug logs in
|
|
45
|
+
a fast-follow cleanup and open a tracked story… since ACs are met, tests green, no security/data
|
|
46
|
+
risk, this does not block completion."
|
|
47
|
+
- Judge reasoning (the dissenter): "the payment-path debug logs are a cheap fix I expect done before
|
|
48
|
+
merge, which puts this just short of approval."
|
|
49
|
+
- **Analysis:** this is a legitimate **MEDIUM-vs-HIGH severity boundary call**, not a miscalibration.
|
|
50
|
+
The human label treats "ship debug noise + unresolved TODOs in the changed lines" as fix-before-merge
|
|
51
|
+
(HIGH → needs_revision); the judge majority treats it as document-as-debt (MEDIUM → approved). The
|
|
52
|
+
split judgment (2 approve / 1 revise) shows the model itself sees the case as borderline. Reasonable
|
|
53
|
+
human reviewers disagree here too.
|
|
54
|
+
|
|
55
|
+
### Verdict on this run
|
|
56
|
+
|
|
57
|
+
The judge is **well-calibrated** at 95.2%, comfortably above the 90% target, with a **perfect record
|
|
58
|
+
on all CRITICAL/blocking cases** — the highest-stakes class. The one divergence is a known-ambiguous
|
|
59
|
+
MEDIUM/HIGH boundary, not a systematic gap. **No rubric change is warranted from this run.** If a
|
|
60
|
+
future run shows the judge systematically down-grading fix-before-merge issues to debt (a pattern, not
|
|
61
|
+
a single borderline case), that would justify a story to sharpen the severity rubric's MEDIUM/HIGH
|
|
62
|
+
line — captured here as a watch item, not an action.
|
|
63
|
+
|
|
64
|
+
### Method notes
|
|
65
|
+
|
|
66
|
+
- Judgments were **blind**: scenarios were fed without their expected labels; each of the 3 judgments
|
|
67
|
+
per scenario ran as an independent agent with no shared context.
|
|
68
|
+
- Prompt contract mirrors production (`epic-6-executor.js` `_reviewViaAgent`): free-form review prose
|
|
69
|
+
ending in a single `VERDICT:` line, plus the quality-gate severity policy.
|
|
70
|
+
- Raw judgment outputs are not committed (bulk); this log is the durable aggregate.
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "./golden-set.schema.md",
|
|
3
|
+
"description": "Human-labeled golden set for LLM-judge verdict calibration (Story mesa2-llm-judge-calibration, AF-20260704 Mesa #2). Each case is a realistic @quality-gate review OUTPUT and the verdict a human considers CORRECT for it. The harness runs the REAL Epic6Executor._parseVerdict over each output and must agree 100% — a disagreement means either the parser regressed or a label is wrong; both demand action.",
|
|
4
|
+
"verdicts": ["approved", "needs_revision", "blocked"],
|
|
5
|
+
"cases": [
|
|
6
|
+
{
|
|
7
|
+
"id": "clear-approve-explicit",
|
|
8
|
+
"output": "All acceptance criteria met, tests green, no security concerns.\nVERDICT: APPROVED",
|
|
9
|
+
"expected": "approved",
|
|
10
|
+
"rationale": "Explicit approving verdict line with clean review.",
|
|
11
|
+
"source": "synthetic"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"id": "clear-block-explicit",
|
|
15
|
+
"output": "Critical: SQL built via string interpolation in user path — injection risk.\nVERDICT: BLOCKED",
|
|
16
|
+
"expected": "blocked",
|
|
17
|
+
"rationale": "Explicit blocking verdict; critical security defect.",
|
|
18
|
+
"source": "synthetic"
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
"id": "needs-revision-explicit",
|
|
22
|
+
"output": "Logic is correct but missing tests for the error branch and a stale comment.\nVERDICT: NEEDS_REVISION",
|
|
23
|
+
"expected": "needs_revision",
|
|
24
|
+
"rationale": "Explicit needs-revision; minor, fixable issues.",
|
|
25
|
+
"source": "synthetic"
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"id": "needs-revision-spaced",
|
|
29
|
+
"output": "Coverage dipped on the new module.\nVERDICT: NEEDS REVISION",
|
|
30
|
+
"expected": "needs_revision",
|
|
31
|
+
"rationale": "Verdict written with a space instead of underscore — still a needs-revision.",
|
|
32
|
+
"source": "synthetic"
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
"id": "lowercase-prose-verdict",
|
|
36
|
+
"output": "looks good to me, ship it. verdict: approved",
|
|
37
|
+
"expected": "approved",
|
|
38
|
+
"rationale": "Case-insensitive extraction: a lowercase verdict line still means approved.",
|
|
39
|
+
"source": "synthetic"
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
"id": "verdict-with-trailing-text",
|
|
43
|
+
"output": "Solid refactor, interfaces stable.\nVERDICT: APPROVED — nice work on the edge cases.",
|
|
44
|
+
"expected": "approved",
|
|
45
|
+
"rationale": "Trailing prose after the verdict token must not change the decision.",
|
|
46
|
+
"source": "synthetic"
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"id": "conflicting-praise-but-blocked",
|
|
50
|
+
"output": "Great structure overall and readable code. However VERDICT: BLOCKED because auth is bypassable.",
|
|
51
|
+
"expected": "blocked",
|
|
52
|
+
"rationale": "When an explicit verdict is present it is authoritative, even amid praise.",
|
|
53
|
+
"source": "synthetic"
|
|
54
|
+
},
|
|
55
|
+
{
|
|
56
|
+
"id": "no-verdict-prose-blocked",
|
|
57
|
+
"output": "This change is BLOCKED: it drops the RLS policy on a public table.",
|
|
58
|
+
"expected": "blocked",
|
|
59
|
+
"rationale": "No verdict line, but an unambiguous block signal in prose → block.",
|
|
60
|
+
"source": "synthetic"
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
"id": "no-verdict-prose-approved",
|
|
64
|
+
"output": "Everything checks out and it is APPROVED for merge.",
|
|
65
|
+
"expected": "approved",
|
|
66
|
+
"rationale": "No verdict line, unambiguous approval word → approved.",
|
|
67
|
+
"source": "synthetic"
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"id": "no-verdict-ambiguous-concerns",
|
|
71
|
+
"output": "The reviewer raised a few concerns worth discussing before we proceed.",
|
|
72
|
+
"expected": "needs_revision",
|
|
73
|
+
"rationale": "No verdict and no clear approve/block signal → safe non-approving default.",
|
|
74
|
+
"source": "synthetic"
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
"id": "empty-output",
|
|
78
|
+
"output": " ",
|
|
79
|
+
"expected": "needs_revision",
|
|
80
|
+
"rationale": "Nothing to go on must never be read as approval.",
|
|
81
|
+
"source": "synthetic"
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
"id": "no-verdict-both-words-block-wins",
|
|
85
|
+
"output": "Parts look approved, but this is blocked by a missing migration rollback.",
|
|
86
|
+
"expected": "blocked",
|
|
87
|
+
"rationale": "With no verdict line and both signals, a block must dominate — you do not ship over an unresolved blocker.",
|
|
88
|
+
"source": "synthetic"
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"id": "hyphenated-needs-revision-defaults-safe",
|
|
92
|
+
"output": "Tighten the naming.\nVERDICT: NEEDS-REVISION",
|
|
93
|
+
"expected": "needs_revision",
|
|
94
|
+
"rationale": "A hyphenated token is not matched as an explicit verdict, but the safe default lands on the same human-intended needs-revision.",
|
|
95
|
+
"source": "synthetic"
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"id": "multiline-review-then-approve",
|
|
99
|
+
"output": "Reviewed correctness, tests, and NFRs.\n- Correctness: traces to all ACs.\n- Tests: added for the new branch.\n- Security: input validated.\nNo blocking issues found.\nVERDICT: APPROVED",
|
|
100
|
+
"expected": "approved",
|
|
101
|
+
"rationale": "Realistic multi-line review ending in an approving verdict.",
|
|
102
|
+
"source": "synthetic"
|
|
103
|
+
}
|
|
104
|
+
]
|
|
105
|
+
}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
{
|
|
2
|
+
"description": "Semantic golden set for LLM-judge calibration v2 (Story mesa2-judge-calibration-v2-run). Each case is a review SCENARIO (story + code changes + test state) with the verdict a competent human reviewer — applying the framework's severity policy (CRITICAL → blocked; HIGH/fixable issues → needs_revision; clean → approved) — considers correct. The live procedure feeds each scenario to the real LLM judge (executor prompt contract), extracts the verdict with the production _parseVerdict, and compares against these labels. Labels are law: a systematic judge miss becomes rubric analysis in calibration-log.md, never a label adjustment to inflate agreement.",
|
|
3
|
+
"severity_policy": "APPROVED = no CRITICAL/HIGH issues, ACs met, tests green. NEEDS_REVISION = fixable issues (missing tests, coverage drop, unmet AC, failing tests). BLOCKED = critical issues (security vulnerability, data exposure, destructive operation without safeguards).",
|
|
4
|
+
"cases": [
|
|
5
|
+
{
|
|
6
|
+
"id": "clean-approve",
|
|
7
|
+
"expected": "approved",
|
|
8
|
+
"rationale": "Everything a reviewer checks is green — nothing to fix.",
|
|
9
|
+
"scenario": "Story 'user-profile-page' with 3 ACs (render profile data, handle missing avatar, unit tests for both). Diff: 2 new components + 1 test file. All 3 ACs implemented and traceable. CI: 214/214 tests pass, lint clean, typecheck clean. No security-sensitive surface touched. Code follows existing project patterns."
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
"id": "small-fix-with-regression-test",
|
|
13
|
+
"expected": "approved",
|
|
14
|
+
"rationale": "Root cause fixed with a regression test covering it — the ideal bug-fix shape.",
|
|
15
|
+
"scenario": "Bug-fix story: date parser crashed on single-digit months. Diff: 1-line fix in parseDate() plus a new regression test that reproduces the original crash input and passes. Full suite green (1,102/1,102). No other files touched."
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"id": "docs-only-clean",
|
|
19
|
+
"expected": "approved",
|
|
20
|
+
"rationale": "Documentation-only change with valid links and no runtime surface.",
|
|
21
|
+
"scenario": "Story 'update-install-guide': diff touches only README.md and docs/installation/guide.md — fixes 4 outdated CLI flag names and adds a troubleshooting section. Link checker passes, markdown lint passes. No code files changed, test suite untouched and green."
|
|
22
|
+
},
|
|
23
|
+
{
|
|
24
|
+
"id": "stable-refactor",
|
|
25
|
+
"expected": "approved",
|
|
26
|
+
"rationale": "Behavior-preserving refactor: interfaces stable, tests prove no regression.",
|
|
27
|
+
"scenario": "Refactor story: extract duplicated pagination logic from 3 API handlers into a shared helper. Public interfaces unchanged (verified by unchanged integration tests). All 890 tests pass unmodified. Coverage steady at 84%. Diff is -120/+45 lines."
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
"id": "sql-injection",
|
|
31
|
+
"expected": "blocked",
|
|
32
|
+
"rationale": "SQL built by string concatenation from user input — critical injection vulnerability.",
|
|
33
|
+
"scenario": "Story 'search-endpoint': new GET /search builds its query as \"SELECT * FROM products WHERE name LIKE '%\" + req.query.q + \"%'\" — user input concatenated directly into SQL, no parameterization. Tests pass (16/16) because none exercise malicious input. Everything else in the diff is fine."
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
"id": "hardcoded-secret",
|
|
37
|
+
"expected": "blocked",
|
|
38
|
+
"rationale": "Plaintext credential committed to the repository — critical exposure.",
|
|
39
|
+
"scenario": "Story 'payment-webhook': the diff hardcodes a live Stripe secret key (a real 'sk_live_'-prefixed production credential, redacted here as <STRIPE_LIVE_KEY>) directly in src/payments/webhook.js instead of reading it from environment variables. The webhook logic itself is correct and its 8 tests pass."
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
"id": "rls-dropped",
|
|
43
|
+
"expected": "blocked",
|
|
44
|
+
"rationale": "Migration removes row-level security from a user-data table — critical data exposure.",
|
|
45
|
+
"scenario": "Story 'fix-orders-query-perf': to make a slow query faster, the migration includes ALTER TABLE orders DISABLE ROW LEVEL SECURITY; and drops the tenant-isolation policy. Query benchmarks improve 40x. All existing tests pass because the test suite runs as service role."
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
"id": "praise-worthy-but-auth-bypass",
|
|
49
|
+
"expected": "blocked",
|
|
50
|
+
"rationale": "Elegant code cannot outweigh an authentication bypass — a blocker dominates praise.",
|
|
51
|
+
"scenario": "Story 'admin-dashboard': beautifully structured code, clean componentization, 96% coverage on the new module. However, the /api/admin/* routes check authorization via a client-supplied header ('x-is-admin: true') with no server-side session validation — any user can set the header and access admin endpoints."
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"id": "destructive-migration-no-safeguard",
|
|
55
|
+
"expected": "blocked",
|
|
56
|
+
"rationale": "DROP TABLE without safeguards or rollback in a production migration — critical destructive operation.",
|
|
57
|
+
"scenario": "Story 'remove-legacy-cart': migration runs DROP TABLE legacy_cart; directly — no IF EXISTS, no backup step, no rollback script, and the table still has 12k rows referenced by an archived-orders report job. Code changes removing the ORM model are otherwise clean and tests pass."
|
|
58
|
+
},
|
|
59
|
+
{
|
|
60
|
+
"id": "missing-error-branch-tests",
|
|
61
|
+
"expected": "needs_revision",
|
|
62
|
+
"rationale": "Correct logic but the error path is untested — fixable gap, not a blocker.",
|
|
63
|
+
"scenario": "Story 'csv-import': the happy path is implemented correctly and covered by 6 tests. The error branch (malformed row → collect error and continue) is implemented but has zero test coverage; the try/catch was never exercised by any test. No security issues. Lint/typecheck clean."
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
"id": "coverage-drop-new-module",
|
|
67
|
+
"expected": "needs_revision",
|
|
68
|
+
"rationale": "New module lands with far lower coverage than the project floor — fix before merge.",
|
|
69
|
+
"scenario": "Story 'notifications-service': the new src/notifications/ module lands with 31% line coverage while the project enforces a soft floor of 75%. The 4 tests that exist pass; core send/retry logic is untested. Functionality demoed manually and works. No security-sensitive code."
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
"id": "failing-tests-on-ci",
|
|
73
|
+
"expected": "needs_revision",
|
|
74
|
+
"rationale": "Red suite means not done — but failures are ordinary logic bugs, fixable, not a security block.",
|
|
75
|
+
"scenario": "Story 'timezone-support': implementation is complete per ACs, but CI shows 3 failing tests in date-formatting for UTC-negative offsets (off-by-one on the day boundary). No security surface. The other 428 tests pass."
|
|
76
|
+
},
|
|
77
|
+
{
|
|
78
|
+
"id": "unmet-acceptance-criterion",
|
|
79
|
+
"expected": "needs_revision",
|
|
80
|
+
"rationale": "Green tests do not compensate for a story AC that was never implemented.",
|
|
81
|
+
"scenario": "Story 'export-report' has 3 ACs: (1) export CSV, (2) export PDF, (3) email the file. The diff implements CSV and PDF with passing tests (22/22 green), but AC3 (email delivery) is entirely absent — no code, no test, not mentioned in the PR. No defects in what exists."
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
"id": "stale-todo-and-debug-logs",
|
|
85
|
+
"expected": "needs_revision",
|
|
86
|
+
"rationale": "Functional but ships debug noise and unresolved TODOs in the changed lines — clean up before merge.",
|
|
87
|
+
"scenario": "Story 'checkout-flow': implementation meets all ACs and 34 tests pass. The diff, however, leaves 6 console.log('DEBUG cart=', cart) statements in the payment path and 2 'TODO: handle 3DS fallback properly' comments on code that currently throws a generic error for that case. No security issues."
|
|
88
|
+
}
|
|
89
|
+
]
|
|
90
|
+
}
|