takt 0.50.0 → 0.51.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (476) hide show
  1. package/README.md +29 -0
  2. package/builtins/en/facets/instructions/findings-manager.md +1 -1
  3. package/builtins/en/facets/instructions/fix.md +9 -3
  4. package/builtins/en/facets/instructions/loop-monitor-reviewers-fix.md +6 -0
  5. package/builtins/en/facets/knowledge/architecture.md +11 -0
  6. package/builtins/en/facets/knowledge/backend.md +74 -0
  7. package/builtins/en/facets/knowledge/cqrs-es.md +49 -0
  8. package/builtins/en/facets/knowledge/frontend.md +5 -1
  9. package/builtins/en/facets/knowledge/security.md +3 -0
  10. package/builtins/en/facets/personas/coder.md +3 -3
  11. package/builtins/en/facets/policies/ai-antipattern.md +1 -0
  12. package/builtins/en/facets/policies/coding.md +31 -4
  13. package/builtins/en/facets/policies/review.md +2 -1
  14. package/builtins/en/facets/policies/testing.md +3 -0
  15. package/builtins/en/workflows/backend-cqrs-for-local-llm.yaml +1 -1
  16. package/builtins/en/workflows/backend-for-local-llm.yaml +1 -1
  17. package/builtins/en/workflows/draft.yaml +0 -1
  18. package/builtins/en/workflows/dual-for-local-llm.yaml +1 -1
  19. package/builtins/en/workflows/dual.yaml +0 -1
  20. package/builtins/en/workflows/frontend-for-local-llm.yaml +1 -1
  21. package/builtins/en/workflows/takt-default-for-local-llm.yaml +1 -1
  22. package/builtins/en/workflows/takt-default-refresh-all.yaml +0 -1
  23. package/builtins/en/workflows/takt-default-refresh-fast.yaml +0 -1
  24. package/builtins/ja/facets/instructions/findings-manager.md +1 -1
  25. package/builtins/ja/facets/instructions/fix.md +9 -3
  26. package/builtins/ja/facets/instructions/loop-monitor-reviewers-fix.md +7 -0
  27. package/builtins/ja/facets/knowledge/architecture.md +11 -0
  28. package/builtins/ja/facets/knowledge/backend.md +74 -0
  29. package/builtins/ja/facets/knowledge/cqrs-es.md +49 -0
  30. package/builtins/ja/facets/knowledge/frontend.md +5 -1
  31. package/builtins/ja/facets/knowledge/security.md +3 -0
  32. package/builtins/ja/facets/personas/coder.md +3 -3
  33. package/builtins/ja/facets/policies/ai-antipattern.md +1 -0
  34. package/builtins/ja/facets/policies/coding.md +31 -4
  35. package/builtins/ja/facets/policies/review.md +2 -1
  36. package/builtins/ja/facets/policies/testing.md +3 -0
  37. package/builtins/ja/workflows/backend-cqrs-for-local-llm.yaml +1 -1
  38. package/builtins/ja/workflows/backend-for-local-llm.yaml +1 -1
  39. package/builtins/ja/workflows/draft.yaml +0 -1
  40. package/builtins/ja/workflows/dual-for-local-llm.yaml +1 -1
  41. package/builtins/ja/workflows/dual.yaml +0 -1
  42. package/builtins/ja/workflows/frontend-for-local-llm.yaml +1 -1
  43. package/builtins/ja/workflows/takt-default-for-local-llm.yaml +1 -1
  44. package/builtins/ja/workflows/takt-default-refresh-all.yaml +0 -1
  45. package/builtins/ja/workflows/takt-default-refresh-fast.yaml +0 -1
  46. package/builtins/skill/references/yaml-schema.md +21 -1
  47. package/builtins/skill-codex/references/yaml-schema.md +21 -1
  48. package/dist/agents/agent-usecases.d.ts +1 -0
  49. package/dist/agents/agent-usecases.d.ts.map +1 -1
  50. package/dist/agents/agent-usecases.js +1 -0
  51. package/dist/agents/agent-usecases.js.map +1 -1
  52. package/dist/agents/auto-routing-usecase.d.ts +23 -0
  53. package/dist/agents/auto-routing-usecase.d.ts.map +1 -0
  54. package/dist/agents/auto-routing-usecase.js +216 -0
  55. package/dist/agents/auto-routing-usecase.js.map +1 -0
  56. package/dist/agents/runner.d.ts.map +1 -1
  57. package/dist/agents/runner.js +2 -3
  58. package/dist/agents/runner.js.map +1 -1
  59. package/dist/agents/structured-caller/shared.js +1 -1
  60. package/dist/agents/structured-caller/shared.js.map +1 -1
  61. package/dist/app/cli/commands.js +28 -1
  62. package/dist/app/cli/commands.js.map +1 -1
  63. package/dist/app/cli/helpers.d.ts.map +1 -1
  64. package/dist/app/cli/helpers.js +13 -1
  65. package/dist/app/cli/helpers.js.map +1 -1
  66. package/dist/app/cli/program.d.ts.map +1 -1
  67. package/dist/app/cli/program.js +4 -2
  68. package/dist/app/cli/program.js.map +1 -1
  69. package/dist/app/cli/routing.d.ts.map +1 -1
  70. package/dist/app/cli/routing.js +56 -47
  71. package/dist/app/cli/routing.js.map +1 -1
  72. package/dist/core/logging/providerEvent.d.ts +3 -2
  73. package/dist/core/logging/providerEvent.d.ts.map +1 -1
  74. package/dist/core/logging/providerEvent.js.map +1 -1
  75. package/dist/core/logging/providerEventLogger.d.ts +2 -1
  76. package/dist/core/logging/providerEventLogger.d.ts.map +1 -1
  77. package/dist/core/logging/providerEventLogger.js.map +1 -1
  78. package/dist/core/logging/usageEventLogger.d.ts +2 -1
  79. package/dist/core/logging/usageEventLogger.d.ts.map +1 -1
  80. package/dist/core/logging/usageEventLogger.js +3 -0
  81. package/dist/core/logging/usageEventLogger.js.map +1 -1
  82. package/dist/core/models/config-schemas.d.ts +301 -97
  83. package/dist/core/models/config-schemas.d.ts.map +1 -1
  84. package/dist/core/models/config-schemas.js +8 -5
  85. package/dist/core/models/config-schemas.js.map +1 -1
  86. package/dist/core/models/config-types.d.ts +34 -2
  87. package/dist/core/models/config-types.d.ts.map +1 -1
  88. package/dist/core/models/finding-schemas.d.ts +38 -14
  89. package/dist/core/models/finding-schemas.d.ts.map +1 -1
  90. package/dist/core/models/finding-schemas.js +3 -0
  91. package/dist/core/models/finding-schemas.js.map +1 -1
  92. package/dist/core/models/finding-types.d.ts +4 -0
  93. package/dist/core/models/finding-types.d.ts.map +1 -1
  94. package/dist/core/models/finding-types.js.map +1 -1
  95. package/dist/core/models/index.d.ts +2 -1
  96. package/dist/core/models/index.d.ts.map +1 -1
  97. package/dist/core/models/index.js +1 -0
  98. package/dist/core/models/index.js.map +1 -1
  99. package/dist/core/models/part.d.ts +1 -0
  100. package/dist/core/models/part.d.ts.map +1 -1
  101. package/dist/core/models/schema-base.d.ts +189 -36
  102. package/dist/core/models/schema-base.d.ts.map +1 -1
  103. package/dist/core/models/schema-base.js +68 -0
  104. package/dist/core/models/schema-base.js.map +1 -1
  105. package/dist/core/models/types.d.ts +3 -2
  106. package/dist/core/models/types.d.ts.map +1 -1
  107. package/dist/core/models/types.js +1 -1
  108. package/dist/core/models/types.js.map +1 -1
  109. package/dist/core/models/workflow-provider-options.d.ts +1 -1
  110. package/dist/core/models/workflow-provider-options.d.ts.map +1 -1
  111. package/dist/core/models/workflow-schemas.d.ts +1137 -265
  112. package/dist/core/models/workflow-schemas.d.ts.map +1 -1
  113. package/dist/core/models/workflow-schemas.js +123 -59
  114. package/dist/core/models/workflow-schemas.js.map +1 -1
  115. package/dist/core/models/workflow-session-constraints.d.ts +3 -0
  116. package/dist/core/models/workflow-session-constraints.d.ts.map +1 -0
  117. package/dist/core/models/workflow-session-constraints.js +3 -0
  118. package/dist/core/models/workflow-session-constraints.js.map +1 -0
  119. package/dist/core/models/workflow-types.d.ts +38 -6
  120. package/dist/core/models/workflow-types.d.ts.map +1 -1
  121. package/dist/core/models/workflow-types.js +1 -0
  122. package/dist/core/models/workflow-types.js.map +1 -1
  123. package/dist/core/workflow/auto-routing/resolver.d.ts +43 -0
  124. package/dist/core/workflow/auto-routing/resolver.d.ts.map +1 -0
  125. package/dist/core/workflow/auto-routing/resolver.js +218 -0
  126. package/dist/core/workflow/auto-routing/resolver.js.map +1 -0
  127. package/dist/core/workflow/auto-routing/workflow-auto-provider.d.ts +16 -0
  128. package/dist/core/workflow/auto-routing/workflow-auto-provider.d.ts.map +1 -0
  129. package/dist/core/workflow/auto-routing/workflow-auto-provider.js +64 -0
  130. package/dist/core/workflow/auto-routing/workflow-auto-provider.js.map +1 -0
  131. package/dist/core/workflow/engine/LoopMonitorJudgeRunner.d.ts +1 -1
  132. package/dist/core/workflow/engine/LoopMonitorJudgeRunner.d.ts.map +1 -1
  133. package/dist/core/workflow/engine/LoopMonitorJudgeRunner.js +15 -1
  134. package/dist/core/workflow/engine/LoopMonitorJudgeRunner.js.map +1 -1
  135. package/dist/core/workflow/engine/OptionsBuilder.d.ts +1 -0
  136. package/dist/core/workflow/engine/OptionsBuilder.d.ts.map +1 -1
  137. package/dist/core/workflow/engine/OptionsBuilder.js +52 -8
  138. package/dist/core/workflow/engine/OptionsBuilder.js.map +1 -1
  139. package/dist/core/workflow/engine/ParallelRunner.d.ts +10 -1
  140. package/dist/core/workflow/engine/ParallelRunner.d.ts.map +1 -1
  141. package/dist/core/workflow/engine/ParallelRunner.js +231 -16
  142. package/dist/core/workflow/engine/ParallelRunner.js.map +1 -1
  143. package/dist/core/workflow/engine/StepExecutor.d.ts.map +1 -1
  144. package/dist/core/workflow/engine/StepExecutor.js +3 -1
  145. package/dist/core/workflow/engine/StepExecutor.js.map +1 -1
  146. package/dist/core/workflow/engine/TeamLeaderRunner.d.ts +10 -2
  147. package/dist/core/workflow/engine/TeamLeaderRunner.d.ts.map +1 -1
  148. package/dist/core/workflow/engine/TeamLeaderRunner.js +108 -9
  149. package/dist/core/workflow/engine/TeamLeaderRunner.js.map +1 -1
  150. package/dist/core/workflow/engine/WorkflowCallExecutor.d.ts +11 -1
  151. package/dist/core/workflow/engine/WorkflowCallExecutor.d.ts.map +1 -1
  152. package/dist/core/workflow/engine/WorkflowCallExecutor.js +43 -7
  153. package/dist/core/workflow/engine/WorkflowCallExecutor.js.map +1 -1
  154. package/dist/core/workflow/engine/WorkflowCallRunner.d.ts +9 -0
  155. package/dist/core/workflow/engine/WorkflowCallRunner.d.ts.map +1 -1
  156. package/dist/core/workflow/engine/WorkflowCallRunner.js +65 -14
  157. package/dist/core/workflow/engine/WorkflowCallRunner.js.map +1 -1
  158. package/dist/core/workflow/engine/WorkflowEngine.d.ts.map +1 -1
  159. package/dist/core/workflow/engine/WorkflowEngine.js +19 -6
  160. package/dist/core/workflow/engine/WorkflowEngine.js.map +1 -1
  161. package/dist/core/workflow/engine/WorkflowEngineSetup.d.ts.map +1 -1
  162. package/dist/core/workflow/engine/WorkflowEngineSetup.js +26 -19
  163. package/dist/core/workflow/engine/WorkflowEngineSetup.js.map +1 -1
  164. package/dist/core/workflow/engine/WorkflowEngineStepCoordinator.d.ts +2 -2
  165. package/dist/core/workflow/engine/WorkflowEngineStepCoordinator.d.ts.map +1 -1
  166. package/dist/core/workflow/engine/WorkflowEngineStepCoordinator.js +2 -2
  167. package/dist/core/workflow/engine/WorkflowEngineStepCoordinator.js.map +1 -1
  168. package/dist/core/workflow/engine/WorkflowRunLoop.d.ts +1 -1
  169. package/dist/core/workflow/engine/WorkflowRunLoop.d.ts.map +1 -1
  170. package/dist/core/workflow/engine/WorkflowRunLoop.js +51 -7
  171. package/dist/core/workflow/engine/WorkflowRunLoop.js.map +1 -1
  172. package/dist/core/workflow/engine/WorkflowValidator.d.ts.map +1 -1
  173. package/dist/core/workflow/engine/WorkflowValidator.js +70 -1
  174. package/dist/core/workflow/engine/WorkflowValidator.js.map +1 -1
  175. package/dist/core/workflow/engine/session-compaction.d.ts +10 -0
  176. package/dist/core/workflow/engine/session-compaction.d.ts.map +1 -0
  177. package/dist/core/workflow/engine/session-compaction.js +42 -0
  178. package/dist/core/workflow/engine/session-compaction.js.map +1 -0
  179. package/dist/core/workflow/findings/manager-output-validation.d.ts +12 -0
  180. package/dist/core/workflow/findings/manager-output-validation.d.ts.map +1 -1
  181. package/dist/core/workflow/findings/manager-output-validation.js +13 -0
  182. package/dist/core/workflow/findings/manager-output-validation.js.map +1 -1
  183. package/dist/core/workflow/findings/manager-runner.d.ts +4 -3
  184. package/dist/core/workflow/findings/manager-runner.d.ts.map +1 -1
  185. package/dist/core/workflow/findings/manager-runner.js +142 -61
  186. package/dist/core/workflow/findings/manager-runner.js.map +1 -1
  187. package/dist/core/workflow/findings/manager-step.d.ts +8 -0
  188. package/dist/core/workflow/findings/manager-step.d.ts.map +1 -0
  189. package/dist/core/workflow/findings/manager-step.js +27 -0
  190. package/dist/core/workflow/findings/manager-step.js.map +1 -0
  191. package/dist/core/workflow/findings/mechanical-classification.d.ts +24 -0
  192. package/dist/core/workflow/findings/mechanical-classification.d.ts.map +1 -0
  193. package/dist/core/workflow/findings/mechanical-classification.js +115 -0
  194. package/dist/core/workflow/findings/mechanical-classification.js.map +1 -0
  195. package/dist/core/workflow/instruction/InstructionBuilder.d.ts.map +1 -1
  196. package/dist/core/workflow/instruction/InstructionBuilder.js +7 -31
  197. package/dist/core/workflow/instruction/InstructionBuilder.js.map +1 -1
  198. package/dist/core/workflow/instruction/ReportInstructionBuilder.d.ts.map +1 -1
  199. package/dist/core/workflow/instruction/ReportInstructionBuilder.js +9 -11
  200. package/dist/core/workflow/instruction/ReportInstructionBuilder.js.map +1 -1
  201. package/dist/core/workflow/instruction/finding-contract-instruction.d.ts +36 -0
  202. package/dist/core/workflow/instruction/finding-contract-instruction.d.ts.map +1 -0
  203. package/dist/core/workflow/instruction/finding-contract-instruction.js +39 -0
  204. package/dist/core/workflow/instruction/finding-contract-instruction.js.map +1 -0
  205. package/dist/core/workflow/instruction/instruction-context.d.ts +12 -0
  206. package/dist/core/workflow/instruction/instruction-context.d.ts.map +1 -1
  207. package/dist/core/workflow/instruction/instruction-context.js +14 -18
  208. package/dist/core/workflow/instruction/instruction-context.js.map +1 -1
  209. package/dist/core/workflow/permission-profile-resolution.d.ts +6 -0
  210. package/dist/core/workflow/permission-profile-resolution.d.ts.map +1 -1
  211. package/dist/core/workflow/permission-profile-resolution.js +11 -0
  212. package/dist/core/workflow/permission-profile-resolution.js.map +1 -1
  213. package/dist/core/workflow/provider-options-trace.d.ts +1 -1
  214. package/dist/core/workflow/provider-options-trace.d.ts.map +1 -1
  215. package/dist/core/workflow/provider-resolution.d.ts +14 -11
  216. package/dist/core/workflow/provider-resolution.d.ts.map +1 -1
  217. package/dist/core/workflow/provider-resolution.js +38 -26
  218. package/dist/core/workflow/provider-resolution.js.map +1 -1
  219. package/dist/core/workflow/types.d.ts +19 -6
  220. package/dist/core/workflow/types.d.ts.map +1 -1
  221. package/dist/features/analytics/events.d.ts +28 -2
  222. package/dist/features/analytics/events.d.ts.map +1 -1
  223. package/dist/features/analytics/events.js +1 -1
  224. package/dist/features/analytics/index.d.ts +2 -2
  225. package/dist/features/analytics/index.d.ts.map +1 -1
  226. package/dist/features/analytics/index.js.map +1 -1
  227. package/dist/features/analytics/writer.d.ts +8 -14
  228. package/dist/features/analytics/writer.d.ts.map +1 -1
  229. package/dist/features/analytics/writer.js +27 -17
  230. package/dist/features/analytics/writer.js.map +1 -1
  231. package/dist/features/exec/assistantSession.d.ts +2 -0
  232. package/dist/features/exec/assistantSession.d.ts.map +1 -1
  233. package/dist/features/exec/assistantSession.js.map +1 -1
  234. package/dist/features/exec/command.d.ts.map +1 -1
  235. package/dist/features/exec/command.js +98 -54
  236. package/dist/features/exec/command.js.map +1 -1
  237. package/dist/features/exec/commandAvailability.js +1 -1
  238. package/dist/features/exec/commandAvailability.js.map +1 -1
  239. package/dist/features/exec/configOps.d.ts.map +1 -1
  240. package/dist/features/exec/configOps.js +2 -1
  241. package/dist/features/exec/configOps.js.map +1 -1
  242. package/dist/features/exec/runtimeConfig.d.ts.map +1 -1
  243. package/dist/features/exec/runtimeConfig.js +4 -2
  244. package/dist/features/exec/runtimeConfig.js.map +1 -1
  245. package/dist/features/exec/workflowRunner.d.ts +2 -1
  246. package/dist/features/exec/workflowRunner.d.ts.map +1 -1
  247. package/dist/features/exec/workflowRunner.js +2 -1
  248. package/dist/features/exec/workflowRunner.js.map +1 -1
  249. package/dist/features/interactive/aiCaller.d.ts +2 -2
  250. package/dist/features/interactive/aiCaller.d.ts.map +1 -1
  251. package/dist/features/interactive/aiCaller.js +7 -1
  252. package/dist/features/interactive/aiCaller.js.map +1 -1
  253. package/dist/features/interactive/assistantConfig.d.ts.map +1 -1
  254. package/dist/features/interactive/assistantConfig.js +3 -2
  255. package/dist/features/interactive/assistantConfig.js.map +1 -1
  256. package/dist/features/interactive/conversationLoop.d.ts.map +1 -1
  257. package/dist/features/interactive/conversationLoop.js +164 -141
  258. package/dist/features/interactive/conversationLoop.js.map +1 -1
  259. package/dist/features/interactive/imageAttachments.d.ts +12 -8
  260. package/dist/features/interactive/imageAttachments.d.ts.map +1 -1
  261. package/dist/features/interactive/imageAttachments.js +67 -14
  262. package/dist/features/interactive/imageAttachments.js.map +1 -1
  263. package/dist/features/interactive/instructModeTypes.d.ts +2 -2
  264. package/dist/features/interactive/instructModeTypes.d.ts.map +1 -1
  265. package/dist/features/interactive/interactive-summary.d.ts.map +1 -1
  266. package/dist/features/interactive/interactive-summary.js +8 -0
  267. package/dist/features/interactive/interactive-summary.js.map +1 -1
  268. package/dist/features/interactive/interactive.d.ts +4 -2
  269. package/dist/features/interactive/interactive.d.ts.map +1 -1
  270. package/dist/features/interactive/interactive.js.map +1 -1
  271. package/dist/features/interactive/passthroughMode.d.ts.map +1 -1
  272. package/dist/features/interactive/passthroughMode.js +22 -16
  273. package/dist/features/interactive/passthroughMode.js.map +1 -1
  274. package/dist/features/interactive/promptSections.js +2 -2
  275. package/dist/features/interactive/promptSections.js.map +1 -1
  276. package/dist/features/interactive/quietMode.d.ts.map +1 -1
  277. package/dist/features/interactive/quietMode.js +55 -40
  278. package/dist/features/interactive/quietMode.js.map +1 -1
  279. package/dist/features/interactive/retryMode.d.ts.map +1 -1
  280. package/dist/features/interactive/retryMode.js +5 -4
  281. package/dist/features/interactive/retryMode.js.map +1 -1
  282. package/dist/features/mcp/schemas.js +2 -2
  283. package/dist/features/mcp/schemas.js.map +1 -1
  284. package/dist/features/pipeline/steps.d.ts +1 -1
  285. package/dist/features/pipeline/steps.d.ts.map +1 -1
  286. package/dist/features/pipeline/steps.js +6 -2
  287. package/dist/features/pipeline/steps.js.map +1 -1
  288. package/dist/features/prompt/preview.d.ts.map +1 -1
  289. package/dist/features/prompt/preview.js +37 -1
  290. package/dist/features/prompt/preview.js.map +1 -1
  291. package/dist/features/tasks/attachments.d.ts +2 -5
  292. package/dist/features/tasks/attachments.d.ts.map +1 -1
  293. package/dist/features/tasks/attachments.js +3 -7
  294. package/dist/features/tasks/attachments.js.map +1 -1
  295. package/dist/features/tasks/execute/analyticsEmitter.d.ts +7 -2
  296. package/dist/features/tasks/execute/analyticsEmitter.d.ts.map +1 -1
  297. package/dist/features/tasks/execute/analyticsEmitter.js +76 -2
  298. package/dist/features/tasks/execute/analyticsEmitter.js.map +1 -1
  299. package/dist/features/tasks/execute/resolveTask.d.ts.map +1 -1
  300. package/dist/features/tasks/execute/resolveTask.js +1 -1
  301. package/dist/features/tasks/execute/resolveTask.js.map +1 -1
  302. package/dist/features/tasks/execute/runAllTasks.d.ts.map +1 -1
  303. package/dist/features/tasks/execute/runAllTasks.js +3 -0
  304. package/dist/features/tasks/execute/runAllTasks.js.map +1 -1
  305. package/dist/features/tasks/execute/taskWorkflowExecution.d.ts.map +1 -1
  306. package/dist/features/tasks/execute/taskWorkflowExecution.js +4 -2
  307. package/dist/features/tasks/execute/taskWorkflowExecution.js.map +1 -1
  308. package/dist/features/tasks/execute/types.d.ts +15 -6
  309. package/dist/features/tasks/execute/types.d.ts.map +1 -1
  310. package/dist/features/tasks/execute/workflowExecution.js +8 -2
  311. package/dist/features/tasks/execute/workflowExecution.js.map +1 -1
  312. package/dist/features/tasks/execute/workflowExecutionBootstrap.d.ts +1 -0
  313. package/dist/features/tasks/execute/workflowExecutionBootstrap.d.ts.map +1 -1
  314. package/dist/features/tasks/execute/workflowExecutionBootstrap.js +33 -6
  315. package/dist/features/tasks/execute/workflowExecutionBootstrap.js.map +1 -1
  316. package/dist/features/tasks/execute/workflowExecutionContext.d.ts.map +1 -1
  317. package/dist/features/tasks/execute/workflowExecutionContext.js +1 -1
  318. package/dist/features/tasks/execute/workflowExecutionContext.js.map +1 -1
  319. package/dist/features/tasks/execute/workflowExecutionEvents.d.ts.map +1 -1
  320. package/dist/features/tasks/execute/workflowExecutionEvents.js +5 -2
  321. package/dist/features/tasks/execute/workflowExecutionEvents.js.map +1 -1
  322. package/dist/features/tasks/list/instructMode.d.ts.map +1 -1
  323. package/dist/features/tasks/list/instructMode.js +5 -4
  324. package/dist/features/tasks/list/instructMode.js.map +1 -1
  325. package/dist/features/tasks/list/taskInstructionActions.d.ts.map +1 -1
  326. package/dist/features/tasks/list/taskInstructionActions.js +32 -24
  327. package/dist/features/tasks/list/taskInstructionActions.js.map +1 -1
  328. package/dist/features/tasks/list/taskRetryActions.d.ts.map +1 -1
  329. package/dist/features/tasks/list/taskRetryActions.js +33 -26
  330. package/dist/features/tasks/list/taskRetryActions.js.map +1 -1
  331. package/dist/features/tasks/resume/directInstructMode.d.ts.map +1 -1
  332. package/dist/features/tasks/resume/directInstructMode.js +11 -2
  333. package/dist/features/tasks/resume/directInstructMode.js.map +1 -1
  334. package/dist/features/tasks/resume/index.d.ts.map +1 -1
  335. package/dist/features/tasks/resume/index.js +73 -24
  336. package/dist/features/tasks/resume/index.js.map +1 -1
  337. package/dist/features/tasks/{list/retryTaskSpecAttachments.d.ts → retryTaskSpecAttachments.d.ts} +3 -1
  338. package/dist/features/tasks/retryTaskSpecAttachments.d.ts.map +1 -0
  339. package/dist/features/tasks/{list/retryTaskSpecAttachments.js → retryTaskSpecAttachments.js} +4 -3
  340. package/dist/features/tasks/retryTaskSpecAttachments.js.map +1 -0
  341. package/dist/features/tasks/watch/index.d.ts.map +1 -1
  342. package/dist/features/tasks/watch/index.js +1 -0
  343. package/dist/features/tasks/watch/index.js.map +1 -1
  344. package/dist/features/workflowAuthoring/doctor.d.ts.map +1 -1
  345. package/dist/features/workflowAuthoring/doctor.js +56 -1
  346. package/dist/features/workflowAuthoring/doctor.js.map +1 -1
  347. package/dist/infra/claude/image-input.d.ts.map +1 -1
  348. package/dist/infra/claude/image-input.js +3 -2
  349. package/dist/infra/claude/image-input.js.map +1 -1
  350. package/dist/infra/codex/client.d.ts.map +1 -1
  351. package/dist/infra/codex/client.js +24 -10
  352. package/dist/infra/codex/client.js.map +1 -1
  353. package/dist/infra/config/configNormalizers.d.ts +24 -2
  354. package/dist/infra/config/configNormalizers.d.ts.map +1 -1
  355. package/dist/infra/config/configNormalizers.js +73 -0
  356. package/dist/infra/config/configNormalizers.js.map +1 -1
  357. package/dist/infra/config/env/global-current-env-specs.d.ts.map +1 -1
  358. package/dist/infra/config/env/global-current-env-specs.js +2 -0
  359. package/dist/infra/config/env/global-current-env-specs.js.map +1 -1
  360. package/dist/infra/config/env/project-current-env-specs.d.ts.map +1 -1
  361. package/dist/infra/config/env/project-current-env-specs.js +2 -0
  362. package/dist/infra/config/env/project-current-env-specs.js.map +1 -1
  363. package/dist/infra/config/global/globalConfig.d.ts +1 -1
  364. package/dist/infra/config/global/globalConfig.d.ts.map +1 -1
  365. package/dist/infra/config/global/globalConfig.js +1 -1
  366. package/dist/infra/config/global/globalConfig.js.map +1 -1
  367. package/dist/infra/config/global/globalConfigAccessors.d.ts +6 -0
  368. package/dist/infra/config/global/globalConfigAccessors.d.ts.map +1 -1
  369. package/dist/infra/config/global/globalConfigAccessors.js +80 -1
  370. package/dist/infra/config/global/globalConfigAccessors.js.map +1 -1
  371. package/dist/infra/config/global/globalConfigCore.d.ts.map +1 -1
  372. package/dist/infra/config/global/globalConfigCore.js +3 -1
  373. package/dist/infra/config/global/globalConfigCore.js.map +1 -1
  374. package/dist/infra/config/global/globalConfigSerializer.d.ts.map +1 -1
  375. package/dist/infra/config/global/globalConfigSerializer.js +9 -1
  376. package/dist/infra/config/global/globalConfigSerializer.js.map +1 -1
  377. package/dist/infra/config/global/index.d.ts +1 -1
  378. package/dist/infra/config/global/index.d.ts.map +1 -1
  379. package/dist/infra/config/global/index.js +1 -1
  380. package/dist/infra/config/global/index.js.map +1 -1
  381. package/dist/infra/config/loaders/workflowCallContractValidator.d.ts.map +1 -1
  382. package/dist/infra/config/loaders/workflowCallContractValidator.js +11 -4
  383. package/dist/infra/config/loaders/workflowCallContractValidator.js.map +1 -1
  384. package/dist/infra/config/loaders/workflowCallResolver.d.ts +2 -2
  385. package/dist/infra/config/loaders/workflowCallResolver.d.ts.map +1 -1
  386. package/dist/infra/config/loaders/workflowCallResolver.js +3 -10
  387. package/dist/infra/config/loaders/workflowCallResolver.js.map +1 -1
  388. package/dist/infra/config/loaders/workflowLoopMonitorNormalizer.d.ts.map +1 -1
  389. package/dist/infra/config/loaders/workflowLoopMonitorNormalizer.js +3 -0
  390. package/dist/infra/config/loaders/workflowLoopMonitorNormalizer.js.map +1 -1
  391. package/dist/infra/config/loaders/workflowParser.d.ts.map +1 -1
  392. package/dist/infra/config/loaders/workflowParser.js +11 -6
  393. package/dist/infra/config/loaders/workflowParser.js.map +1 -1
  394. package/dist/infra/config/loaders/workflowPreview.d.ts +3 -0
  395. package/dist/infra/config/loaders/workflowPreview.d.ts.map +1 -1
  396. package/dist/infra/config/loaders/workflowPreview.js +43 -5
  397. package/dist/infra/config/loaders/workflowPreview.js.map +1 -1
  398. package/dist/infra/config/loaders/workflowStepNormalizer.d.ts.map +1 -1
  399. package/dist/infra/config/loaders/workflowStepNormalizer.js +26 -12
  400. package/dist/infra/config/loaders/workflowStepNormalizer.js.map +1 -1
  401. package/dist/infra/config/project/projectConfig.d.ts.map +1 -1
  402. package/dist/infra/config/project/projectConfig.js +19 -3
  403. package/dist/infra/config/project/projectConfig.js.map +1 -1
  404. package/dist/infra/config/resolveConfigValue.d.ts.map +1 -1
  405. package/dist/infra/config/resolveConfigValue.js +1 -0
  406. package/dist/infra/config/resolveConfigValue.js.map +1 -1
  407. package/dist/infra/config/traced/tracedConfigSchema.d.ts.map +1 -1
  408. package/dist/infra/config/traced/tracedConfigSchema.js +6 -0
  409. package/dist/infra/config/traced/tracedConfigSchema.js.map +1 -1
  410. package/dist/infra/opencode/client.d.ts +3 -1
  411. package/dist/infra/opencode/client.d.ts.map +1 -1
  412. package/dist/infra/opencode/client.js +175 -7
  413. package/dist/infra/opencode/client.js.map +1 -1
  414. package/dist/infra/opencode/index.d.ts +2 -2
  415. package/dist/infra/opencode/index.d.ts.map +1 -1
  416. package/dist/infra/opencode/index.js +1 -1
  417. package/dist/infra/opencode/index.js.map +1 -1
  418. package/dist/infra/opencode/types.d.ts +8 -0
  419. package/dist/infra/opencode/types.d.ts.map +1 -1
  420. package/dist/infra/opencode/unavailable-tool-loop.d.ts +12 -0
  421. package/dist/infra/opencode/unavailable-tool-loop.d.ts.map +1 -1
  422. package/dist/infra/opencode/unavailable-tool-loop.js +28 -0
  423. package/dist/infra/opencode/unavailable-tool-loop.js.map +1 -1
  424. package/dist/infra/providers/copilot.d.ts.map +1 -1
  425. package/dist/infra/providers/copilot.js +3 -0
  426. package/dist/infra/providers/copilot.js.map +1 -1
  427. package/dist/infra/providers/cursor.d.ts.map +1 -1
  428. package/dist/infra/providers/cursor.js +3 -0
  429. package/dist/infra/providers/cursor.js.map +1 -1
  430. package/dist/infra/providers/imageAttachmentPrompt.d.ts +0 -1
  431. package/dist/infra/providers/imageAttachmentPrompt.d.ts.map +1 -1
  432. package/dist/infra/providers/imageAttachmentPrompt.js +19 -2
  433. package/dist/infra/providers/imageAttachmentPrompt.js.map +1 -1
  434. package/dist/infra/providers/imageAttachments.d.ts +3 -0
  435. package/dist/infra/providers/imageAttachments.d.ts.map +1 -0
  436. package/dist/infra/providers/imageAttachments.js +47 -0
  437. package/dist/infra/providers/imageAttachments.js.map +1 -0
  438. package/dist/infra/providers/index.d.ts +1 -1
  439. package/dist/infra/providers/index.d.ts.map +1 -1
  440. package/dist/infra/providers/index.js.map +1 -1
  441. package/dist/infra/providers/mock.d.ts.map +1 -1
  442. package/dist/infra/providers/mock.js +5 -0
  443. package/dist/infra/providers/mock.js.map +1 -1
  444. package/dist/infra/providers/opencode.d.ts +2 -1
  445. package/dist/infra/providers/opencode.d.ts.map +1 -1
  446. package/dist/infra/providers/opencode.js +29 -5
  447. package/dist/infra/providers/opencode.js.map +1 -1
  448. package/dist/infra/providers/types.d.ts +8 -0
  449. package/dist/infra/providers/types.d.ts.map +1 -1
  450. package/dist/shared/prompts/en/exec_assistant_instruct.md +2 -0
  451. package/dist/shared/prompts/en/finding_manager_instruction.md +1 -1
  452. package/dist/shared/prompts/en/parts/finding_contract_instruction.md +25 -0
  453. package/dist/shared/prompts/en/parts/git_rules.md +5 -0
  454. package/dist/shared/prompts/{ja → en/parts}/structured_json_schema_instruction.md +2 -0
  455. package/dist/shared/prompts/{ja → en/parts}/structured_json_step_instruction.md +2 -0
  456. package/dist/shared/prompts/ja/exec_assistant_instruct.md +2 -0
  457. package/dist/shared/prompts/ja/finding_manager_instruction.md +1 -1
  458. package/dist/shared/prompts/ja/parts/finding_contract_instruction.md +25 -0
  459. package/dist/shared/prompts/ja/parts/git_rules.md +5 -0
  460. package/dist/shared/prompts/{en → ja/parts}/structured_json_schema_instruction.md +4 -2
  461. package/dist/shared/prompts/{en → ja/parts}/structured_json_step_instruction.md +4 -2
  462. package/dist/shared/types/image-attachments.d.ts +10 -0
  463. package/dist/shared/types/image-attachments.d.ts.map +1 -0
  464. package/dist/shared/types/image-attachments.js +2 -0
  465. package/dist/shared/types/image-attachments.js.map +1 -0
  466. package/dist/shared/utils/imageAttachmentReferences.d.ts +7 -0
  467. package/dist/shared/utils/imageAttachmentReferences.d.ts.map +1 -0
  468. package/dist/shared/utils/imageAttachmentReferences.js +64 -0
  469. package/dist/shared/utils/imageAttachmentReferences.js.map +1 -0
  470. package/package.json +4 -4
  471. package/dist/features/tasks/list/retryTaskSpecAttachments.d.ts.map +0 -1
  472. package/dist/features/tasks/list/retryTaskSpecAttachments.js.map +0 -1
  473. /package/dist/shared/prompts/en/{source_context_section_guidance.md → parts/source_context_section_guidance.md} +0 -0
  474. /package/dist/shared/prompts/en/{source_context_system_guard.md → parts/source_context_system_guard.md} +0 -0
  475. /package/dist/shared/prompts/ja/{source_context_section_guidance.md → parts/source_context_section_guidance.md} +0 -0
  476. /package/dist/shared/prompts/ja/{source_context_system_guard.md → parts/source_context_system_guard.md} +0 -0
package/README.md CHANGED
@@ -257,6 +257,8 @@ Exec presets resolve in this order: project `.takt/exec/presets/` → global `$T
257
257
 
258
258
  When `/go` runs, TAKT generates `.takt/exec/workflow.yaml` and executes it through the normal workflow engine. Inline text after `/go` is treated as an additional note. `/go` without prior conversation or inline task text does not generate the workflow. Use `/cancel` to exit without running.
259
259
 
260
+ Exec input supports image attachments while editing the current line. Use `/paste-image` or `Ctrl+V` to attach a clipboard image on macOS, or paste an OSC 1337 inline image from a compatible terminal. TAKT inserts a `[Image #N]` placeholder. Reference that placeholder in an Assistant message or `/go` note to send the image with that Assistant request; placeholders that were not attached in the session are treated as normal text. When `/go` runs, referenced stored images are copied into the generated task spec and listed in its attachment section. Supported image types are PNG, JPEG, GIF, and WebP. Inline and clipboard images are limited to 10 MiB. TAKT rejects unsupported image data, mismatched inline-image filename types, oversized images, and stored attachments whose temp path is missing, a symlink, or not a regular file. Providers without native image input receive the attachment as a local path reference in the prompt.
261
+
260
262
  Normal agent steps, parallel sub-steps, and loop detection judges may set `session_key` to share or isolate persona sessions. System steps, workflow_call steps, and parallel parent steps cannot set `session_key`. TAKT builds the runtime key as `session_key` plus the resolved provider, so values must be non-empty strings that do not collide with other generated session routes.
261
263
 
262
264
  ## Configuration
@@ -269,6 +271,33 @@ model: sonnet # passed directly to provider
269
271
  language: en # en or ja
270
272
  ```
271
273
 
274
+ To let TAKT choose provider/model per step, set `provider: auto` and define `auto_routing` candidates:
275
+
276
+ ```yaml
277
+ provider: auto
278
+ auto_routing:
279
+ strategy: balanced # cost, balanced, or performance
280
+ router:
281
+ provider: claude-sdk
282
+ model: claude-haiku-4-5-20251001
283
+ candidates:
284
+ - name: coding
285
+ description: Implementation, tests, debugging, and refactoring
286
+ provider: codex
287
+ model: gpt-5
288
+ cost_tier: medium
289
+ - name: lightweight
290
+ description: Formatting and small mechanical edits
291
+ provider: claude-sdk
292
+ model: claude-haiku-4-5-20251001
293
+ cost_tier: low
294
+ rules:
295
+ tags:
296
+ implementation: coding
297
+ ```
298
+
299
+ Auto-routing decisions are written locally to `.takt/events/` as NDJSON. TAKT does not upload routing decisions. Local recording is enabled by default, can be configured with `telemetry.routing_decisions`, and can be inspected or changed with `takt telemetry status|enable|disable`.
300
+
272
301
  Or use API keys directly (no CLI installation required for Claude, Codex, OpenCode):
273
302
 
274
303
  ```bash
@@ -14,4 +14,4 @@ Compare reviewer raw findings with the previous ledger and return the reconcilia
14
14
 
15
15
  ## Dispute adjudication (dispute/waiver)
16
16
 
17
- Adjudicate findings the coder claims are valid but unfixable. Approve only when the prior step response contains an explicit claim with the finding ID, a reason, and file:line evidence, the evidence is plausible against the ledger, and the severity is not critical. Record approvals in waivedFindings with the reason and evidence. If the claim is unconvincing, keep the finding open and record it in disputeNotes. When in doubt, keep it open. Never invent waivers for findings without a claim.
17
+ Adjudicate findings the coder claims are stale (already addressed, or citing structures that no longer exist in the current code) or valid but unfixable. Approve only when the prior step response contains an explicit claim with the finding ID, a reason, and file:line evidence, the evidence is plausible against the ledger, and the severity is not critical. For staleness claims, verify the file:line evidence against the current code. Record approvals in waivedFindings with the reason and evidence. If the claim is unconvincing, keep the finding open and record it in disputeNotes. When in doubt, keep it open. Never invent waivers for findings without a claim.
@@ -4,6 +4,10 @@ When no ledger is available, use reports in the Report Directory and fix the iss
4
4
  **Fix principles:**
5
5
  - When a finding includes a "suggested fix", follow it rather than inventing your own workaround
6
6
  - Fix the target code directly. Do not deflect findings by adding tests or documentation instead
7
+ - When a ledger is available: dispute a finding only when it contradicts the current code, or is structurally unresolvable within this step's responsibility. Do not pretend to fix it; state a formal dispute under `## Disputed Findings` with concrete counter-evidence and file:line references (follow the format in the Finding Contract instructions). A dispute is pending adjudication — it does not mean resolved or waived
8
+ - Do not cite transient tool failures, task difficulty, or uncertainty as grounds for a dispute
9
+ - Only cite a "deliberate trade-off" when you have evidence of an existing spec or a user decision
10
+ - When no ledger is available, the dispute mechanism does not exist, so do not use it. For findings you cannot fix, do not claim you fixed them; note them as blockers in the work results
7
11
 
8
12
  **Report reference policy:**
9
13
  - When a parseable Finding Contract ledger summary / `findings-ledger.json` is available, use the consolidated ledger as the single authoritative source for deciding what to fix.
@@ -14,14 +18,16 @@ When no ledger is available, use reports in the Report Directory and fix the iss
14
18
  - Past iteration reports are saved as `{filename}.{timestamp}` in the same directory (e.g., `architect-review.md.20260304T123456Z`). For each report, run Glob with a `{report-name}.*` pattern, read up to 2 files in descending timestamp order, and understand persists / reopened trends before starting fixes.
15
19
 
16
20
  **Completion criteria (all must be satisfied):**
17
- - All open findings in this iteration (`new` / `persists` / `reopened`) have been fixed
18
- - Potential occurrences of the same `family_tag` have been fixed simultaneously (no partial fixes that cause recurrence)
19
- - At least one regression test per `family_tag` has been added (mandatory for config-contract and boundary-check findings)
21
+ - When a ledger is available: every open finding in this iteration (`new` / `persists` / `reopened`) has been either fixed or disputed under `## Disputed Findings` with evidence. These are the only two valid outcomes; leave no finding in neither state
22
+ - When no ledger is available: every finding you could fix has been fixed, and findings you could not fix are noted as blockers in the work results rather than claimed as fixed
23
+ - For findings you fixed, potential occurrences of the same `family_tag` have been fixed simultaneously (no partial fixes that cause recurrence)
24
+ - For findings you fixed where the code defect can be verified by an automated test at the appropriate layer, at least one regression test per `family_tag` has been added (mandatory for config-contract and boundary-check findings). When a meaningful automated test cannot be created, state the reason and the verification steps taken (commands run and results) in the work results. Do not satisfy this criterion with a meta-test such as asserting a file exists. Do not write tests for findings you disputed
20
25
  - Findings with the same `family_tag` from multiple reviewers have been merged and addressed as one fix
21
26
 
22
27
  **Important**: After fixing, run the build (type check) and tests.
23
28
 
24
29
  **Required output (include headings)**
30
+ If you disputed any findings, include `## Disputed Findings` (follow the format in the Finding Contract instructions).
25
31
  ## Work results
26
32
  - {Summary of actions taken}
27
33
  ## Changes made
@@ -12,4 +12,10 @@ whether this loop is healthy (converging) or unproductive (diverging or oscillat
12
12
  - When the ledger exists but is incomplete, follow the ledger for mapped findings and treat unmapped raw findings as potential new entries awaiting findings-manager reconciliation.
13
13
  - When the ledger is absent, unreadable, or unparseable, use the latest review reports in the Report Directory as primary evidence.
14
14
  - Are fixes actually being applied to the code?
15
+ - If fixes have landed but the same findings keep coming back (the findings
16
+ no longer match the current code), the deadlock is in the findings, not
17
+ the code. A dispute route remains (dispute → manager adjudication →
18
+ waive), so judge this as breakable by replanning and route back to plan.
15
19
  - Is the number of new / reopened findings decreasing overall?
20
+
21
+ Choose ABORT only when neither fixing, replanning, nor disputing can break the deadlock.
@@ -106,6 +106,17 @@ Prohibited patterns:
106
106
  - Error handling centralized (no try-catch scattered everywhere)
107
107
  - Business logic not leaking into Controller/View
108
108
 
109
+ **Exception Translation at Protocol Boundaries:**
110
+
111
+ Adapters such as HTTP, CLI, GraphQL, and message consumers are boundaries that translate internal exceptions into external protocol representations. Scattering the same try-catch / response translation across endpoints or handlers easily makes status codes, error shapes, logs, and authorization failures inconsistent. Centralize exception translation in a dedicated layer at the adapter boundary, and keep only truly cross-cutting translations in a global handler.
112
+
113
+ | Criteria | Judgment |
114
+ |----------|----------|
115
+ | Each endpoint / handler implements the same translation from the same exception to the same protocol representation | REJECT |
116
+ | Translation to protocol representation lives in the application or domain layer | REJECT |
117
+ | API-specific exception translation is placed in a global handler shared by all APIs | REJECT |
118
+ | Translation to external representation is centralized in an exception translation layer at the adapter boundary | OK |
119
+
109
120
  ## Resolve at the Boundary
110
121
 
111
122
  Values such as config, options, providers, permissions, and paths should be resolved at the boundary before entering the core flow. Main processing should assume values are already resolved and should not keep asking config sources.
@@ -62,6 +62,7 @@ data class Order(
62
62
  | Controller directly referencing Repository | REJECT. Must go through UseCase layer |
63
63
  | Outward dependencies from domain layer (DB, HTTP, etc.) | REJECT |
64
64
  | Direct dependencies between adapters (inbound → outbound) | REJECT |
65
+ | Types or identifiers in the application/domain layer carry protocol-specific meaning such as HTTP request/response, endpoint, or status code | REJECT. Translate them into use-case concepts at the boundary. A domain term that happens to contain words such as Request is not itself a violation |
65
66
 
66
67
  ## API Layer Design (Controller)
67
68
 
@@ -208,6 +209,37 @@ fun confirm(confirmedBy: String): OrderConfirmedEvent {
208
209
  | Structural validation (@NotBlank, etc.) in domain | REJECT. Belongs in API layer |
209
210
  | UseCase-level validation inside Aggregate | REJECT. Read Model queries belong in UseCase layer |
210
211
 
212
+ ### Entry Validation Ownership
213
+
214
+ Give each entry constraint a single owner and a single enforcement mechanism. Validations with different purposes per layer are not duplication, but do not re-implement the same boundary and the same condition in multiple mechanisms. Where declarative validation is active, invalid input is rejected before the handler; the downstream check remains reachable for valid input but redundantly re-evaluates the same condition and cannot define the violation response. Whether declarative validation is actually active depends on the framework configuration — verify it, then make a single mechanism the effective owner.
215
+
216
+ ```kotlin
217
+ // NG - same constraint twice; declarative validation owns the violation response
218
+ @GetMapping("/orders/{id}")
219
+ fun get(@PathVariable @Size(max = MAX_ID) id: String): OrderResponse {
220
+ requireIdWithinLimit(id) // runs only for valid input and cannot define the violation response
221
+ return orderReadService.get(id).toResponse()
222
+ }
223
+
224
+ // OK - unify on the declaration and delete the procedural check
225
+ @GetMapping("/orders/{id}")
226
+ fun get(@PathVariable @Size(max = MAX_ID) id: String): OrderResponse =
227
+ orderReadService.get(id).toResponse()
228
+ ```
229
+
230
+ In the Spring example, constraints on scalar arguments such as `@PathVariable` or `@RequestParam` work only when method validation is active. Older setups commonly require class-level `@Validated`; Spring 6.1+ can use built-in method validation depending on configuration.
231
+
232
+ On a validation violation, the response may fall through to the framework's default translation outside your own exception hierarchy (some setups translate to 400, others leave it untranslated as 500). Judge not by whether a default translation is used, but by whether the status and response shape match the explicit API contract. The exception type thrown on violation depends on configuration and version, so do not guess; pin the actual exception and response with an integration test. Follow "Exception Translation Scope" for where the translation belongs.
233
+
234
+ | Criteria | Judgment |
235
+ |----------|----------|
236
+ | Same entry and same condition implemented in multiple validation mechanisms | REJECT. Make a single mechanism the effective owner and delete the unreachable side |
237
+ | Status and response shape on a validation violation do not match the explicit API contract (including implicit reliance on the default translation with no contract defined) | REJECT. Make the contract explicit and wire the translation |
238
+ | No test pinning the status and response shape on validation violation | REJECT. Verify the actual exception type with an integration test |
239
+ | Validation policy is inconsistent across entrypoints sharing the same trust boundary and input contract | REJECT. State the reason for the difference or unify the policy |
240
+ | External error contract depends on messages from the runtime's default locale | REJECT. Use stable error codes or explicit messages as the contract |
241
+ | Constraint values (max length, etc.) share a single constant across validation and API spec | OK |
242
+
211
243
  ### Read and Write Entrypoints
212
244
 
213
245
  Separate read and write entrypoints. Read-side query boundaries have no side effects; writes are handled by commands or UseCases.
@@ -259,6 +291,7 @@ class OrderExceptionHandler {
259
291
  | Throwing generic Exception or RuntimeException | REJECT. Use specific exception types |
260
292
  | Empty try-catch blocks | REJECT |
261
293
  | Controller swallowing exceptions and returning 200 | REJECT |
294
+ | Expressing an actually reachable call pattern (e.g., a caller with a different role) as a 500 | REJECT. Make it an explicit 4xx; guarantee "unreachable" assumptions with authorization |
262
295
 
263
296
  ### Exception Translation Scope
264
297
 
@@ -270,6 +303,7 @@ Translate exceptions into HTTP status codes at an exception translation layer on
270
303
  | API-specific exception mapping is added to a global handler | Scope is too broad. Keep it inside the target API boundary |
271
304
  | Authentication failures, input validation, and common error shapes shared by all APIs | OK. Handle at a global boundary |
272
305
  | HTTP representation mapping lives in the application or domain layer | REJECT. Keep it at the HTTP adapter boundary |
306
+ | Multiple translation layers handle the same exception type without a contract for scope and precedence | REJECT. Consolidate under a single owner or make the non-overlapping applicability explicit |
273
307
 
274
308
  ## Domain Model Design
275
309
 
@@ -384,6 +418,18 @@ data class OrderEntity(
384
418
  | Business logic in Entity | REJECT. Entity is data structure only |
385
419
  | Repository implementation in domain layer | REJECT. Belongs in adapter/outbound |
386
420
 
421
+ ### Persistence Boundary for Structured Attributes
422
+
423
+ For structured attributes in relational or read-model persistence, choose the storage format based on update granularity, integrity, size, and schema evolution — not just current query requirements. Do not implicitly use a domain type's generic serialized form as the persistence contract; use a persistence-specific representation or an explicit mapping. Event-store type identifiers and payloads may use an explicit, versioned serialization contract; govern their evolution with the CQRS-ES compatibility and upcaster rules.
424
+
425
+ | Criteria | Judgment |
426
+ |----------|----------|
427
+ | Bounded structure read and written as a whole, with no need for search, joins, referential integrity, or partial updates | Consider a structured column (JSON, etc.) |
428
+ | Referential integrity, an independent lifecycle, or joins with other tables matter | Normalize into its own table |
429
+ | The DB's structured-column features (jsonb, etc.) can guarantee the needed search, indexing, and partial updates, and integrity requirements are met | A structured column is also a valid choice |
430
+ | Domain type is converted directly by a generic serializer, implicitly using its field names as the DB schema | REJECT. Insert a persistence-specific representation or an explicit mapping |
431
+ | Field changes to stored structures have no chosen path among compatible reads, migration, or rebuild, and no test pinning it | REJECT. Choose one path and pin it with a test |
432
+
387
433
  ## Authentication & Authorization Placement
388
434
 
389
435
  Authentication and authorization are cross-cutting concerns handled at the appropriate layer.
@@ -414,6 +460,34 @@ fun execute(input: DeleteInput, currentUserId: String) {
414
460
  | Authorization logic in UseCase or domain layer | REJECT. Belongs in Controller layer |
415
461
  | Data access control in Controller | REJECT. Belongs in UseCase layer |
416
462
  | Authentication processing inside Controller | REJECT. Belongs in Filter/Interceptor |
463
+ | Application-layer service reads the security context directly (e.g., resolving the current user) | REJECT. Resolve at the boundary and pass as an argument |
464
+ | The same authorization check is duplicated in the Controller and a lower layer | REJECT. Consolidate the responsibility in one place |
465
+
466
+ ## Distinguishing the Caller from the Domain Actor
467
+
468
+ Treat the API caller (authenticated principal) and the business actor recorded on the data (person in charge, author, confirmer) as separate concepts. They diverge on ingestion, delegated operations, and administrative paths.
469
+
470
+ | Criteria | Judgment |
471
+ |----------|----------|
472
+ | Unconditionally recording the caller as the business actor | Warning. Verify it does not break on ingestion, delegated, or administrative paths |
473
+ | Reusing the creation-time caller, via state, as the actor of later operations | REJECT. Pass the performer as an argument per operation |
474
+ | Requiring an actor field before the business actor is actually determined | Warning. Check whether it can be recorded at the operation that determines it (approval, confirmation, etc.) |
475
+ | Resolving denormalized display names (etc.) at the boundary of the operation that establishes the fact | OK |
476
+ | Placing resolution logic that assumes the caller is a member of the resource on a path also used by non-members | REJECT |
477
+
478
+ The author of a memo is "whoever performed that operation"; the confirmer is "whoever performed the confirmation". Obtain the actor from each operation's performer. Facts determined later, such as the person in charge, are recorded at the operation/event that determines them — do not force a value at creation time.
479
+
480
+ ```kotlin
481
+ // NG - Store the creation-time caller in state and reuse it as the actor of later operations
482
+ fun addMemo(text: String): MemoAddedEvent {
483
+ return MemoAddedEvent(id, text, authorId = this.registeredBy) // registrant != memo author
484
+ }
485
+
486
+ // OK - Receive the performer per operation
487
+ fun addMemo(text: String, authorId: String): MemoAddedEvent {
488
+ return MemoAddedEvent(id, text, authorId = authorId)
489
+ }
490
+ ```
417
491
 
418
492
  ## Test Strategy
419
493
 
@@ -52,6 +52,7 @@ The Command Model (Aggregate) role is to "receive commands, make decisions, and
52
52
  | Holding fields not used for decisions | REJECT |
53
53
  | Branching state transitions with origin metadata such as `source` / `input` / `origin` / `channel` / `type` | REJECT by default |
54
54
  | Rejecting, only for a specific input source, a state allowed by the existing Aggregate's normal lifecycle | REJECT |
55
+ | Keeping the creation-time caller in Aggregate state and reusing it as the actor of later events | REJECT. Pass the performer with each command |
55
56
 
56
57
  Being used in an `if` / `require` branch is not enough to justify keeping a field in Aggregate state. First verify that the branch or validation is an essential invariant of the whole Aggregate.
57
58
 
@@ -266,6 +267,40 @@ OrderPlaced, PaymentReceived, ItemShipped
266
267
  OrderUpdated, OrderDeleted
267
268
  ```
268
269
 
270
+ ### Fact Events vs Request Events
271
+
272
+ Events express facts that occurred, and their names come from business meaning. A `...Requested` suffix or the current number of consumers does not by itself distinguish a fact event from a command in disguise. Accepting or starting a request can be a business fact; a message whose only meaning is instructing a known destination to execute work is a command.
273
+
274
+ | Decision axis | Fact event | Consider a command |
275
+ |---------------|------------|--------------------|
276
+ | Business meaning | An occurrence such as acceptance, start, or rejection that matters to audit or replay | Its only purpose is to make a specific process run |
277
+ | Emitter lifecycle | Used by later decisions such as waiting, duplicate rejection, or timeout | The emitter tracks neither state nor outcome |
278
+ | Outcome | Continues to another uncertain fact such as completion or failure | Can run immediately within the same boundary and return its result there |
279
+ | Consumers | Consumers may change without changing event meaning | Destination and operation are the message's meaning |
280
+
281
+ Split events by independent business facts, not by technical consumers. Do not emit duplicate state and trigger events for the same occurrence; EventHandlers and projections subscribe to the fact owned by the emitting Aggregate. Multiple events are appropriate only when independently named, audited, and replayed facts occur together. Do not pack another Aggregate's internal state or initialization details into the event; resolve stable IDs or references at the boundary.
282
+
283
+ ```kotlin
284
+ // NG - One business fact duplicated as separate state and technical trigger events
285
+ fun addItem(itemId: String, productId: String, quantity: Int): List<OrderEvent> = listOf(
286
+ OrderItemLinkedEvent(orderId, itemId), // for state
287
+ OrderItemCreationRequestedEvent(orderId, itemId, productId, quantity), // for triggering (a command in effect)
288
+ )
289
+
290
+ // OK - A single event carrying the content that is factual for the emitting Aggregate
291
+ fun addItem(itemId: String, productId: String, quantity: Int): OrderItemAddedEvent =
292
+ OrderItemAddedEvent(orderId, itemId, productId, quantity)
293
+ ```
294
+
295
+ | Criteria | Judgment |
296
+ |----------|----------|
297
+ | Classifying a message as an event or command from its suffix or current consumer count alone | REJECT. Judge business meaning and lifecycle |
298
+ | Splitting the same business fact into a state event (Linked, etc.) and a trigger event (Requested, etc.) | REJECT. Merge them into the fact owned by the emitting Aggregate |
299
+ | An asynchronous request to an external service or another context where acceptance or waiting is a business fact and completion/failure is tracked | OK. It can be expressed as the fact that the request was accepted |
300
+ | Adding a dedicated request event for processing that an existing fact event (confirmed, approved, etc.) can drive | REJECT. Have an EventHandler, and a domain policy when needed, subscribe to the existing fact |
301
+ | Recording an occurrence that only changes another Aggregate's state as an event in one's own stream | REJECT. Facts belong to the stream of the Aggregate where they happened |
302
+ | Routing an operation unrelated to an Aggregate's own state or lifecycle through it and relaying it to the target Aggregate | REJECT. Send the command to the target Aggregate and perform membership or existence checks at the boundary that owns the invariant |
303
+
269
304
  ### Event Type Hierarchy with sealed interface
270
305
 
271
306
  Aggregate events should use a sealed interface type hierarchy. The Aggregate root ID should be required as a common field, enabling exhaustive `when` checks.
@@ -370,6 +405,20 @@ CQRS+ES migration must distinguish DB schema migration, data migration, event up
370
405
  | Handler changes multiple Aggregates | REJECT |
371
406
  | Command has no validation | REJECT |
372
407
  | Handler executes queries to make decisions | Needs review |
408
+ | The return contract does not match the number of events an operation can produce | Needs review. Choose a single, optional, collection, or result type from domain cardinality and language/framework conventions |
409
+
410
+ ### Contract Lifetimes of Commands and Events
411
+
412
+ Events are long-lived contracts persisted as history, so stored type identifiers and payloads must remain replayable. Whether the type identifier is a fully qualified class name or a logical name, and whether changes use an upcaster, alias, or migration, depends on the event store and serialization strategy.
413
+
414
+ Commands are usually short-lived messages created and handled at the application boundary, but some architectures persist them for scheduling, outbox delivery, retries, dead-letter handling, or audit. Decide placement and compatibility from responsibility and the actual storage contract, not from an assumption that every command is transient. Domain models should not depend on transport- or framework-specific command types; translate them into domain arguments and value objects at the application or adapter boundary.
415
+
416
+ | Criteria | Judgment |
417
+ |----------|----------|
418
+ | A domain model directly receives a transport- or framework-specific command type | REJECT. Translate it into domain input at the application or adapter boundary |
419
+ | An application message unused by domain classes sits in the domain package | Move it to the application boundary |
420
+ | A command package is moved or renamed without checking for persisted references | REJECT. Check scheduling, outbox, retry, dead-letter, and audit storage contracts |
421
+ | A stored event type identifier or payload changes without a conversion path | REJECT. Provide compatibility for the identifier and serialization strategy in use. Direct change is allowed only when no persisted events exist yet; release status is not the criterion |
373
422
 
374
423
  Good command handler:
375
424
  ```
@@ -90,6 +90,8 @@ Accessible names, roles, and states are UI contracts consumed by assistive techn
90
90
  | A new interactive element has no accessible name | REJECT |
91
91
  | Checked, expanded, disabled, or similar state is not exposed to assistive technologies | Warning |
92
92
  | An existing accessible name is changed without being required by the task | REJECT |
93
+ | A dynamic accessible name is assembled by concatenating fragments without checking the final sentence for meaning and naturalness | REJECT |
94
+ | Distinct elements in the same interaction context cannot be identified by name or programmatic context (row/group association, etc.) | REJECT. Including the target name in the accessible name is a strong way to identify it |
93
95
  | Existing accessible names are preserved while missing role/state is added | OK |
94
96
  | The reason and impact scope for changing an existing contract are explicit | OK |
95
97
 
@@ -139,6 +141,7 @@ State should hold canonical values such as user input, server data, and temporar
139
141
  | Multiple state fields have invariants that require constant synchronization | REJECT |
140
142
  | Display labels, counts, totals, all-selected flags, sorted results, or grouped results are kept as canonical state | REJECT |
141
143
  | API sending, persistence, or diffing depends on derived state instead of canonical state | REJECT |
144
+ | A display-position sequence number after filtering, paging, or grouping is treated as the ordering of the source data | REJECT. Define which collection's order the label represents and derive it from that collection |
142
145
  | Only canonical state is stored, and display, aggregation, and decisions are derived via selectors, render logic, or useMemo | OK |
143
146
  | Derived values required by external contracts are generated from canonical state at send or persistence boundaries | OK |
144
147
 
@@ -255,6 +258,7 @@ Fetch data from screen-specific API endpoints. Do not assemble screens by repurp
255
258
  | Reusing list API response for detail screen | REJECT |
256
259
  | Display unit and API fetch unit mismatch | REJECT |
257
260
  | Fetching all records just for a decision (should use aggregation API) | REJECT |
261
+ | A concept the UI needs is missing from the response, and a semantically different body/description field is implicitly repurposed as a heading | REJECT. Define the summary/fallback as an explicit display contract, or add a dedicated field |
258
262
  | Each screen has dedicated fetch endpoints returning only needed data | OK |
259
263
 
260
264
  ```tsx
@@ -284,7 +288,7 @@ Communication is scoped to the active tab/screen. Do not prefetch for other tabs
284
288
 
285
289
  ## Shared Components and Abstraction
286
290
 
287
- Common UI patterns should be shared components. Copy-paste of inline styles is prohibited.
291
+ Common UI patterns should be shared components. Copy-paste of inline styles is prohibited. UI that represents the same role or semantic state (placeholder, disabled, unconfirmed, etc.) must align copy, styling, and screen-reader output within the same shared component or an explicit design contract; presentation may vary with display context (hierarchy, density, theme), but the meaning and interaction contract must hold.
288
292
 
289
293
  ```tsx
290
294
  // ❌ WRONG - Copy-pasted inline styles
@@ -232,6 +232,7 @@ Prevent data access across tenant boundaries. Authorization (who can operate) an
232
232
  | Write operations use client-provided tenant ID | REJECT |
233
233
  | Endpoint using tenant resolver has no authorization control | REJECT |
234
234
  | Some paths in role-based branching don't account for tenant resolution | REJECT |
235
+ | Authentication mechanism coverage does not extend to the endpoint's expected caller (role, token type) | REJECT |
235
236
 
236
237
  ### Read-Write Consistency
237
238
 
@@ -277,6 +278,8 @@ fun getSettings(): SettingsResponse {
277
278
 
278
279
  For endpoints with role-based branching, verify that tenant resolution succeeds on all paths.
279
280
 
281
+ Watch for the reverse pattern as well. When adding an endpoint dedicated to a specific role, extend the coverage of the mechanism that authenticates that role (filters, etc.) and add role-required authorization in the same change. Outside the authentication mechanism's coverage the expected caller is never authenticated in the first place, and without authorization, unexpected roles get through.
282
+
280
283
  ## OWASP Top 10 Checklist
281
284
 
282
285
  | Category | Check Items |
@@ -22,11 +22,11 @@ You are the implementer. Focus on implementation, not design decisions.
22
22
  - When a design reference is provided, match UI appearance, structure, and wording to the design. Do not add, omit, or change anything on your own judgment
23
23
  - Work only within the specified project directory (reading external files for reference is allowed)
24
24
 
25
- **Feedback from review is absolute. Your understanding is wrong.**
25
+ **Do not dismiss review feedback from memory or guesswork.**
26
26
  - If reviewer says "not fixed", first open the file and verify the facts
27
27
  - Drop the assumption "I should have fixed it"
28
- - Fix all flagged issues with Edit tool
29
- - Don't argue; just comply
28
+ - Fix every finding that is valid and resolvable with the operations allowed in this step, using the Edit tool
29
+ - Do not mechanically repeat a failed fix without re-verifying the current code
30
30
 
31
31
  **Be aware of AI's bad habits:**
32
32
  - Hiding uncertainty with fallbacks → Prohibited
@@ -232,6 +232,7 @@ AI often changes existing contracts under the banner of "improvement", "standard
232
232
  | New contract required by new functionality | OK |
233
233
  | Missing information is added while preserving the existing contract | OK |
234
234
  | Reason, impact scope, and migration path for the contract change are explicit | OK |
235
+ | Fixing display, accessibility, or test contract breakage newly caused by the requested change | OK. This is change-induced reconciliation, not scope creep |
235
236
 
236
237
  Verification approach:
237
238
  1. Inspect changed strings, attributes, event names, return values, error messages, and log formats in the diff
@@ -303,6 +303,17 @@ interface Channel {
303
303
  }
304
304
  ```
305
305
 
306
+ ### Explicit Dependencies
307
+
308
+ Pass dependencies in a form whose role and type are visible. Do not reject function-typed parameters categorically; judge whether they hide a stable business role or external dependency behind an anonymous callback.
309
+
310
+ | Pattern | Verdict |
311
+ |---------|---------|
312
+ | A business rule or external lookup relayed through multiple layers as an anonymous callback | REJECT. Give the role a name and promote it to a port, validator, service, or equivalent boundary |
313
+ | A function type defined as a named business role or port | OK. Its meaning and substitution boundary are visible |
314
+ | A function passed for local enrichment or conversion at a layer boundary | OK. The responsibility stays within the boundary and is not relayed onward |
315
+ | A block that scopes a lock, transaction, or resource | OK. It is a control structure, not dependency smuggling |
316
+
306
317
  ### Leaky Abstraction
307
318
 
308
319
  If a specific implementation appears in a generic layer, the abstraction is leaking. The generic layer should only know interfaces; branching should be absorbed by implementations.
@@ -329,6 +340,8 @@ A name expresses the code's actual role and effect, not its implementation mecha
329
340
  | Side effects or call frequency are unreadable | Cannot tell from the name whether it initializes, retrieves, or updates | REJECT |
330
341
  | Cannot distinguish it from nearby APIs | Same name as the wrapped or delegated API, hiding which layer owns the responsibility | REJECT |
331
342
  | Named after role/effect | The provided value, state change, or responsibility is clear from the name | OK |
343
+ | Path/origin suffix with no distinct counterpart path in existence | FromRequest / ViaApi on the only existing path | REJECT. Drop the suffix; when the counterpart path disappears, the name follows |
344
+ | Naming convention differs for only some of a set of same-kind operations | createXxxFromRequest / updateXxxFromRequest / deleteXxx | REJECT. Make them consistent |
332
345
 
333
346
  ```typescript
334
347
  // REJECT - Name reads as if it causes a side effect every time, but it is a memoized accessor
@@ -362,6 +375,7 @@ Criteria:
362
375
  - Has its own state → Separate
363
376
  - UI/logic exceeding 50 lines → Separate
364
377
  - Has multiple responsibilities → Separate
378
+ - Has an independent reason to change, responsibility, or reuse boundary → Separate. Whether small supporting types may share a file depends on language conventions and file cohesion
365
379
 
366
380
  ### Reachability When Adding Features
367
381
 
@@ -459,8 +473,7 @@ async function createUser(data) {
459
473
  }
460
474
 
461
475
  // ✅ Centralized handling at the upper layer
462
- // Catch collectively at the Controller/Handler layer
463
- // Or handle via @ControllerAdvice / ErrorBoundary
476
+ // Handle collectively at the boundary exception translation layer
464
477
  async function createUser(data) {
465
478
  return await userService.create(data) // Let exceptions propagate up
466
479
  }
@@ -471,8 +484,20 @@ async function createUser(data) {
471
484
  | Layer | Responsibility |
472
485
  |-------|---------------|
473
486
  | Domain/Service layer | Throw exceptions on business rule violations |
474
- | Controller/Handler layer | Catch exceptions and convert to responses |
475
- | Global handler | Handle common exceptions (NotFound, auth errors, etc.) |
487
+ | Application layer | Do not swallow exceptions; only handle explicit compensation or retry |
488
+ | Adapter boundary | Translate exceptions to protocol-specific responses or presentation |
489
+ | Global handler | Handle only cross-cutting exceptions such as authentication, validation, and common error shapes |
490
+
491
+ ### HTTP Exception Translation
492
+
493
+ HTTP adapters / controllers / handlers must not translate exceptions into HTTP representation endpoint by endpoint. Translate exceptions into HTTP status codes, response bodies, and headers at an exception translation layer on the HTTP adapter boundary.
494
+
495
+ | Criteria | Judgment |
496
+ |----------|----------|
497
+ | Each endpoint maps exceptions to HTTP representation through the same try-catch or wrapper | REJECT. Move it to an exception translation layer at the HTTP adapter boundary |
498
+ | API-specific exception mapping is added to a global handler shared by all APIs | REJECT. Keep it inside the target API boundary |
499
+ | Only truly cross-cutting mappings such as authentication, validation, and common error shapes are handled by a global handler | OK |
500
+ | HTTP representation mapping lives in the application or domain layer | REJECT. Keep it at the HTTP adapter boundary |
476
501
 
477
502
  ## Conversion Placement
478
503
 
@@ -539,6 +564,8 @@ AI tends to define the same logic under multiple function names.
539
564
  |---------|---------|---------|
540
565
  | Same implementation with different names | `copyFacets()` and `placeFacetFiles()` doing the same thing | REJECT |
541
566
  | Same parameter signature and body | Two functions taking the same params and doing the same work | REJECT |
567
+ | Public method only forwards to a private method with the identical signature and has no distinct public contract, registration, decorator, authorization, instrumentation, or side effect | Internal alias delegates 1:1 to the implementation | REJECT. Promote the delegate and merge |
568
+ | A 1:1 delegating public method is a stable API or an entry point for framework registration, decorators, authorization, or instrumentation | Public boundary delegates implementation while preserving an external contract | OK. Keep the boundary and make its role explicit |
542
569
 
543
570
  ```typescript
544
571
  // REJECT - Same implementation exists under different names
@@ -122,6 +122,7 @@ If tool output is unreadable, re-read using a reliable method before making any
122
122
  | Output contains garbled text or encoding anomalies | Recognize the corruption, then re-read using an alternative method (open the file directly, specify line numbers for the target section) before judging |
123
123
  | Search command did not find the target code | Read the specific lines of the file directly to confirm absence before raising an issue. Search failure does not equal code absence |
124
124
  | Re-raising a prior finding without re-checking actual code | Must read current code before marking as persists. Do not re-raise from memory of the prior review |
125
+ | A verification task did not actually run the target work due to caching, skipping, or missing configuration | Do not count it as passing evidence. Record what was actually executed separately from what remains unverified |
125
126
 
126
127
  ## Writing Specific Feedback
127
128
 
@@ -282,7 +283,7 @@ The review target is the entire cumulative diff from the task's starting point (
282
283
 
283
284
  - In the fix ↔ review loop, recompute the diff from the base every time and evaluate the whole. Do not move the baseline to the latest fix
284
285
  - The base is the merge-base with the integration branch, or the starting point recorded in `plan` / `order`. Do not treat only the "changes" section of `Previous Response` as the diff
285
- - Unrequested changes introduced in earlier iterations (unrelated comment deletions, renames, reformatting, contract changes, weakened tests) remain in the cumulative diff even when they no longer appear in the latest fix report. Reconcile against them every time
286
+ - Unrequested changes introduced in earlier iterations (unrelated comment deletions, renames, reformatting, contract changes, weakened tests, environment-dependent tool-generated diffs — version stamps, re-serialization, order-only rewrites) remain in the cumulative diff even when they no longer appear in the latest fix report. Reconcile against them every time and confirm their causal link to the request
286
287
  - Track finding states (new / persists / resolved) on a fixed baseline. Do not narrow the diff scope and conclude "it is no longer in the diff"
287
288
 
288
289
  ### Referring to Primary Sources
@@ -91,6 +91,8 @@ test('should return NotFound error when user does not exist', async () => {
91
91
  | Reproducibility | Same result every time | Depends on time or randomness |
92
92
  | Clarity | Failure cause is obvious | Failure cause is unclear |
93
93
  | Focus | One test, one concept | Multiple concerns mixed |
94
+ | UI element identification | Identify targets by user-observable contracts such as role plus exact accessible name | Broad partial matches, first match, or display position used to identify the target |
95
+ | Collision cases | Verify targets remain distinguishable even with valid data sharing the same display string | Deliberately making all fixture display values unique, hiding the possibility of collisions |
94
96
 
95
97
  ## Testing Side Effects and State Transitions
96
98
 
@@ -233,6 +235,7 @@ Verify data flow coupling that unit tests alone cannot cover.
233
235
  | Data flow crossing 3+ modules | Integration test required |
234
236
  | New status/state merging into an existing workflow | Integration test for the full transition flow required |
235
237
  | New option propagating through a call chain to the endpoint | End-to-end chain coupling test required |
238
+ | Handler, middleware, or translator selection and precedence is decided by runtime configuration | Integration test with production-like configuration required. A limited (slice) configuration only proves the behavior of what it includes |
236
239
  | All module-level unit tests pass | Unit tests alone are sufficient (when none of the above apply) |
237
240
 
238
241
  ## Unit Test Criteria
@@ -145,7 +145,7 @@ steps:
145
145
  - condition: Implementation is complete
146
146
  next: reviewers
147
147
  - condition: Cannot proceed with implementation (environment issue or missing information)
148
- next: ABORT
148
+ next: plan
149
149
 
150
150
  - name: reviewers
151
151
  tags:
@@ -142,7 +142,7 @@ steps:
142
142
  - condition: Implementation is complete
143
143
  next: reviewers
144
144
  - condition: Cannot proceed with implementation (environment issue or missing information)
145
- next: ABORT
145
+ next: plan
146
146
 
147
147
  - name: reviewers
148
148
  tags:
@@ -49,7 +49,6 @@ steps:
49
49
  policy:
50
50
  - coding
51
51
  - testing
52
- session: refresh
53
52
  knowledge:
54
53
  $param: impl_knowledge
55
54
  provider_options:
@@ -148,7 +148,7 @@ steps:
148
148
  - condition: Implementation is complete
149
149
  next: reviewers
150
150
  - condition: Cannot proceed with implementation (environment issue or missing information)
151
- next: ABORT
151
+ next: plan
152
152
 
153
153
  - name: reviewers
154
154
  tags:
@@ -124,7 +124,6 @@ steps:
124
124
  - testing
125
125
  - design-fidelity
126
126
  - screen-api
127
- session: refresh
128
127
  knowledge:
129
128
  - frontend
130
129
  - react
@@ -145,7 +145,7 @@ steps:
145
145
  - condition: Implementation is complete
146
146
  next: reviewers
147
147
  - condition: Cannot proceed with implementation (environment issue or missing information)
148
- next: ABORT
148
+ next: plan
149
149
 
150
150
  - name: reviewers
151
151
  tags:
@@ -141,7 +141,7 @@ steps:
141
141
  - condition: Implementation is complete
142
142
  next: reviewers
143
143
  - condition: Cannot proceed with implementation (environment issue or missing information)
144
- next: ABORT
144
+ next: plan
145
145
 
146
146
  - name: reviewers
147
147
  tags:
@@ -118,7 +118,6 @@ steps:
118
118
  policy:
119
119
  - coding
120
120
  - testing
121
- session: refresh
122
121
  knowledge:
123
122
  - takt
124
123
  - architecture
@@ -117,7 +117,6 @@ steps:
117
117
  policy:
118
118
  - coding
119
119
  - testing
120
- session: refresh
121
120
  knowledge:
122
121
  - takt
123
122
  - architecture
@@ -14,4 +14,4 @@
14
14
 
15
15
  ## 異議の裁定(dispute/waiver)
16
16
 
17
- coder が「正当だが修正不能」と申告した指摘を裁定してください。承認の条件は、直前ステップ応答に finding ID・理由・file:line 証跡を伴う明示的な申告があり、証跡が台帳と照らして妥当で、severity が critical でないことのすべてです。承認は waivedFindings に理由と証跡付きで記録してください。説得力がなければ open のまま disputeNotes に記録してください。迷ったら open を維持してください。申告のない finding への waive の発明は禁止です。
17
+ coder が「現状コードと乖離している(修正済み・実在しない構造への指摘)」または「正当だが修正不能」と申告した指摘を裁定してください。乖離の申告は、証跡の file:line を現状コードと照らして確認してください。承認の条件は、直前ステップ応答に finding ID・理由・file:line 証跡を伴う明示的な申告があり、証跡が台帳と照らして妥当で、severity が critical でないことのすべてです。承認は waivedFindings に理由と証跡付きで記録してください。説得力がなければ open のまま disputeNotes に記録してください。迷ったら open を維持してください。申告のない finding への waive の発明は禁止です。