vibe-coding-master 0.2.6 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +164 -9
  2. package/dist/backend/api/claude-hook-routes.js +7 -1
  3. package/dist/backend/api/gateway-routes.js +17 -0
  4. package/dist/backend/api/round-routes.js +1 -1
  5. package/dist/backend/gateway/channels/weixin-ilink-channel.js +304 -0
  6. package/dist/backend/gateway/gateway-audit-log.js +39 -0
  7. package/dist/backend/gateway/gateway-command-parser.js +77 -0
  8. package/dist/backend/gateway/gateway-service.js +848 -0
  9. package/dist/backend/gateway/gateway-settings-service.js +214 -0
  10. package/dist/backend/server.js +42 -2
  11. package/dist/backend/services/claude-hook-service.js +46 -7
  12. package/dist/backend/services/harness-service.js +37 -32
  13. package/dist/backend/services/job-guard-service.js +126 -0
  14. package/dist/backend/services/round-service.js +110 -64
  15. package/dist/backend/services/session-service.js +10 -4
  16. package/dist/backend/services/task-service.js +32 -3
  17. package/dist/backend/services/translation-service.js +15 -0
  18. package/dist/backend/templates/harness/architect-agent.js +19 -8
  19. package/dist/backend/templates/harness/claude-root.js +7 -11
  20. package/dist/backend/templates/harness/coder-agent.js +45 -17
  21. package/dist/backend/templates/harness/gitignore.js +3 -2
  22. package/dist/backend/templates/harness/project-manager-agent.js +16 -11
  23. package/dist/backend/templates/harness/reviewer-agent.js +25 -28
  24. package/dist/backend/templates/harness/vcm-final-acceptance-skill.js +42 -31
  25. package/dist/backend/templates/harness/vcm-long-running-validation-skill.js +37 -18
  26. package/dist/shared/types/gateway.js +1 -0
  27. package/dist-frontend/assets/{index-CPXFnxAY.css → index-7lq6YPCq.css} +1 -1
  28. package/dist-frontend/assets/index-DHuS-DYr.js +92 -0
  29. package/dist-frontend/index.html +2 -2
  30. package/docs/full-harness-baseline.md +7 -5
  31. package/docs/gateway-design.md +200 -27
  32. package/docs/product-design.md +35 -14
  33. package/docs/v0.2-implementation-plan.md +22 -7
  34. package/docs/vcm-cc-best-practices.md +11 -4
  35. package/package.json +2 -1
  36. package/scripts/harness-tools/run-long-check +401 -0
  37. package/scripts/harness-tools/vcm-bash-guard +107 -0
  38. package/scripts/harness-tools/watch-job +204 -0
  39. package/scripts/install-vcm-harness.mjs +93 -387
  40. package/scripts/uninstall-vcm-harness.mjs +18 -1
  41. package/scripts/verify-package.mjs +3 -0
  42. package/dist/backend/templates/harness/known-issues-doc.js +0 -22
  43. package/dist-frontend/assets/index-D0_02lmQ.js +0 -90
@@ -3,16 +3,16 @@ export function renderRootClaudeHarnessRules() {
3
3
 
4
4
  - Use the durable project docs below as role-relevant project truth.
5
5
  - Read module-local \`CLAUDE.md\` before editing a subdirectory if one exists.
6
+ - Use \`vcm-route-message\` whenever a VCM role hands off work, asks another role a question, reports a result, reports a blocker, or raises a finding. Follow its write-then-stop rule.
6
7
  - Use \`vcm-long-running-validation\` for long-running validation. Follow the background job limits below.
7
8
 
8
9
  ## VCM Background Jobs
9
10
 
10
- - Do not start background jobs.
11
- - The only allowed background job is \`.ai/tools/run-long-check\` when used through the \`vcm-long-running-validation\` skill.
12
- - \`vcm-long-running-validation\` has a hard maximum timeout of 60 minutes.
13
- - Do not run or suggest operations expected to exceed 60 minutes without user approval.
14
- - Design every single validation/build operation to complete within 60 minutes; split anything larger before running it.
15
- - Do not end the current turn only to wait for a long-running shell callback.
11
+ - Never run the Bash tool with \`run_in_background: true\`. Never detach a process with \`nohup\`, \`setsid\`, \`disown\`, or a trailing \`&\`. VCM denies these calls.
12
+ - The only sanctioned long-running mechanism is the \`vcm-long-running-validation\` skill: \`.ai/tools/run-long-check\` plus \`.ai/tools/watch-job\`.
13
+ - The moment a command might run longer than 2 minutes, switch to that skill instead of running the command directly.
14
+ - While a job is running, stay in the current turn and keep calling \`.ai/tools/watch-job\` until it reports a terminal result; VCM blocks turn-end while a job is running, and a job without a live watcher is killed automatically.
15
+ - Hard ceiling: 60 minutes per job, enforced by the job worker. Do not run or suggest operations expected to exceed 60 minutes without user approval; split larger work first.
16
16
 
17
17
  ## VCM Durable Project Docs
18
18
 
@@ -33,23 +33,19 @@ export function renderRootClaudeHarnessRules() {
33
33
  - Keep role outputs under \`.ai/vcm/handoffs/\`.
34
34
  - Runtime task records and handoffs under \`.ai/vcm/\` are temporary. Durable facts must move into code, tests, PR text, commit history, or long-term docs.
35
35
  - Record current-task unresolved findings in \`.ai/vcm/handoffs/known-issues.md\`.
36
- - Use the \`vcm-route-message\` skill when writing or updating VCM role messages.
37
- - Use the \`vcm-final-acceptance\` skill before declaring a VCM-managed task complete.
38
36
 
39
37
  ## VCM Validation Levels
40
38
 
41
39
  - L0 fast checks: format, lint, typecheck, boundary, dependency, or other cheap project checks.
42
- - L1 focused unit / contract checks: changed behavior, public function contracts, and direct regressions.
40
+ - L1 coder unit checks: changed behavior and direct regressions through project-defined unit tests.
43
41
  - L2 module / integration checks: module-level behavior, API contracts, service integration, persistence, or cross-file wiring.
44
42
  - L3 smoke E2E checks: core user journeys or critical browser/API flows.
45
43
  - L4 full regression / release checks are release-only unless explicitly requested.
46
- - Coder normally runs baseline unit-level checks plus \`check-fast\`; reviewer decides final validation sufficiency and whether L2/L3 is required.
47
44
 
48
45
  ## VCM Worktree Policy
49
46
 
50
47
  - Use one branch, one worktree, one handoff directory, and one PR or final patch per VCM-managed task.
51
48
  - Roles work sequentially in the same task worktree.
52
49
  - If \`git status\` shows uncommitted changes, commit them before handing off to another role.
53
-
54
50
  `;
55
51
  }
@@ -1,21 +1,49 @@
1
1
  export function renderCoderHarnessRules() {
2
- return `## VCM Coder Rules
3
-
4
- - Implement only the approved task scope and architecture plan.
5
- - Read \`CLAUDE.md\`, the route message or durable plan, architecture plan, relevant project docs, and cited handoff artifacts before editing.
6
- - Add or update direct validation for changed behavior when practical.
7
- - Record confirmed out-of-scope implementation issues in \`.ai/vcm/handoffs/known-issues.md\`; do not update \`docs/known-issues.md\` directly.
8
- - Do not update durable docs unless architect explicitly assigns a mechanical edit.
9
- - Do not change module boundaries, public contracts, dependency direction, durable docs, or test strategy without project-manager/architect Replan.
2
+ return `
3
+ ## VCM Coder Rules
4
+
5
+ ### Role Scope
6
+
7
+ - Own implementation and baseline implementation tests inside the approved task scope, current phase, role message, and architecture plan.
8
+ - Do not decide architecture, module boundaries, public contracts, dependency direction, durable docs updates, or final test adequacy.
9
+
10
+ ### Inputs
11
+
12
+ - Before editing, read the role message, the architecture plan, current phase when present, affected code/tests, and validation instructions from the role message or project docs.
13
+ - Read durable architecture/module/security/dependency docs only when the architecture plan or role message references them.
14
+ - Stop before editing when the architecture plan, role message, allowed write scope, public contract, or validation expectation is missing or unclear; reply to project-manager instead of inferring it.
15
+ - Use \`.ai/generated/module-index.json\` to locate approved module source and test files.
16
+ - Use \`.ai/generated/public-surface.json\` to avoid accidental public API drift.
17
+
18
+ ### Implementation
19
+
20
+ - Make only the implementation changes needed for the approved scope.
10
21
  - Do not weaken, delete, or skip tests to make validation pass.
11
- - Run \`.ai/tools/check-fast\` before handoff.
12
- - Run focused validation from \`CLAUDE.md\`, the role command, and project docs when changed behavior requires it; record skipped checks with reasons.
13
- - Stop and reply to project-manager when the approved plan conflicts with code reality.
14
- - Stop before editing when the required architecture plan, route message, approved scope, public contract, or validation expectation is missing or unclear.
15
- - If implementation requires architecture, public contract, dependency, durable docs, or test strategy changes, stop and request Replan instead of continuing.
16
- - Reply through \`.ai/vcm/handoffs/messages/coder-project-manager.md\`.
17
- - Use the \`vcm-route-message\` skill when writing or updating a role message.
18
- - After writing a route file, end the current turn immediately; do not poll, loop, or wait for another role's answer.
19
- - For slow validation, use the \`vcm-long-running-validation\` skill instead of ending the turn to wait for a shell callback.
22
+ - Record confirmed out-of-scope issues found during implementation in \`.ai/vcm/handoffs/known-issues.md\`.
23
+
24
+ ### Generated Context
25
+
26
+ - Regenerate \`.ai/generated/module-index.json\` with \`.ai/tools/generate-module-index\` after module, manifest, source-file, or test-file changes.
27
+ - Regenerate \`.ai/generated/public-surface.json\` with \`.ai/tools/generate-public-surface\` after crate-external public API or public visibility changes.
28
+ - Do not hand-edit generated context files.
29
+
30
+ ### Baseline Tests
31
+
32
+ - Add or update baseline unit tests for changed behavior: direct unit coverage, key happy path, key boundary or failure path when applicable.
33
+ - Coder validation is limited to baseline unit-level or fast L1/L2 checks; do not do smoke, integration, or E2E testing.
34
+ - If baseline unit tests cannot be run, explain the reason in the route message to project-manager.
35
+
36
+ ### Replan And Continuation
37
+
38
+ - Stop and request Replan through project-manager when the approved plan conflicts with code reality.
39
+ - Request Replan only for architecture, public contract, dependency, phase-boundary, validation-boundary, or durable-doc changes that must be decided before implementation can continue.
40
+ - Do not request Replan because of workload, session length, or context size.
41
+ - If the plan remains valid but the assigned work cannot be finished in this turn, include completed work, remaining work, validation state, and next continuation step in the route message, then ask project-manager for continuation.
42
+ - If implementation exposes a broad testing gap beyond baseline unit tests, report it to project-manager for reviewer follow-up.
43
+
44
+ ### Background Jobs
45
+
46
+ - Never background a Bash command: no \`run_in_background\`, \`nohup\`, \`setsid\`, \`disown\`, or trailing \`&\`.
47
+ - For any command that may exceed 2 minutes, use the \`vcm-long-running-validation\` skill and stay in the turn, re-running \`.ai/tools/watch-job\` until it reports a terminal result.
20
48
  `;
21
49
  }
@@ -1,7 +1,8 @@
1
1
  export function renderGitignoreHarnessRules() {
2
2
  return [
3
- "# VCM local app state, task metadata, session records, and task worktrees.",
3
+ "# VCM runtime task metadata, handoffs, session records, logs, and task worktrees.",
4
4
  ".ai/vcm/",
5
- ".claude/worktrees/"
5
+ ".claude/worktrees/",
6
+ ".ai/tools/__pycache__/"
6
7
  ].join("\n");
7
8
  }
@@ -1,5 +1,6 @@
1
1
  export function renderProjectManagerHarnessRules() {
2
- return `## VCM Project Manager Rules
2
+ return `
3
+ ## VCM Project Manager Rules
3
4
 
4
5
  ### Role Scope
5
6
 
@@ -20,22 +21,21 @@ export function renderProjectManagerHarnessRules() {
20
21
 
21
22
  - Before dispatching work, confirm the current task repo root and branch.
22
23
  - If the current directory does not match \`VCM_TASK_REPO_ROOT\`, stop and report the mismatch.
23
- - Include the confirmed task repo root and branch in each role command \`## Worktree\` section.
24
+ - Include the confirmed task repo root and branch in each role message.
24
25
 
25
- ### Dispatch Artifacts
26
+ ### Dispatch
26
27
 
27
- - Before dispatching a role, update that role's command under \`.ai/vcm/handoffs/role-commands/\`.
28
- - Role commands contain PM-owned routing context only: target role, user request summary, known user constraints, source of truth, required next gate, skipped gates when applicable, required handoff inputs, expected artifact, stop conditions, and confirmed worktree information.
29
- - Do not write technical design into role commands; ask architect to determine architecture, file scope, public contracts, validation requirements, and Replan triggers.
30
- - For coder or reviewer commands, reference existing handoff artifacts instead of making new technical judgments.
31
- - Dispatch the handoff with the \`vcm-route-message\` skill and follow its write-then-stop rule.
28
+ - Use the \`vcm-route-message\` skill for every role dispatch, question, result, blocker, or finding.
29
+ - Route messages contain PM-owned routing context only: target role, user request summary, known user constraints, source of truth, required next gate, skipped gates when applicable, required handoff inputs, expected artifact, stop conditions, and confirmed worktree information.
30
+ - Do not write technical design into route messages; ask architect to determine architecture, file scope, public contracts, validation requirements, and Replan triggers.
31
+ - For coder or reviewer messages, reference existing handoff artifacts instead of making new technical judgments.
32
32
 
33
33
  ### Phased Tasks
34
34
 
35
35
  - When architect provides a phased plan, dispatch only one phase at a time.
36
36
  - Do not split, merge, reorder, or redefine phases yourself; route phase-plan changes back to architect.
37
- - Each coder phase must complete its assigned implementation, phase validation, and handoff artifacts before PM dispatches the next phase.
38
- - Phase validation normally runs through L2; reserve full L3 validation for final task acceptance unless architect requires phase-level L3.
37
+ - Each coder phase must complete its assigned implementation before PM dispatches the next phase.
38
+ - Phase validation normally runs through L2; reserve full L3 validation for final task acceptance.
39
39
  - Route back to architect only when coder or reviewer reports a technical mismatch with the approved plan.
40
40
 
41
41
  ### Flow Gates
@@ -48,7 +48,7 @@ export function renderProjectManagerHarnessRules() {
48
48
  ### Partial Role Results
49
49
 
50
50
  - Treat partial, blocked, or continuation-needed role results as incomplete gates.
51
- - If a role completes a coherent slice and the remaining work still matches the current role command, update the same role command and dispatch the same role again.
51
+ - If a role completes a coherent slice and the remaining work still matches the current route, dispatch the same role again.
52
52
  - Do not accept workload, session length, or context size as a reason to change the architect plan.
53
53
  - Route back to architect only for technical mismatch with the approved plan, not for workload or session-size reasons.
54
54
  - Do not advance to the next gate until the current gate is explicitly complete or an approved exception is recorded.
@@ -68,5 +68,10 @@ export function renderProjectManagerHarnessRules() {
68
68
  - Fill the PR body from final acceptance, review report, docs-sync report, known-issues disposition, and commits.
69
69
  - Do not perform technical review or validation during PR preparation; route missing evidence to the responsible role.
70
70
  - Create a draft PR by default unless the user requests a ready PR.
71
+
72
+ ### Background Jobs
73
+
74
+ - Never background a Bash command: no \`run_in_background\`, \`nohup\`, \`setsid\`, \`disown\`, or trailing \`&\`.
75
+ - For any command that may exceed 2 minutes, use the \`vcm-long-running-validation\` skill and stay in the turn, re-running \`.ai/tools/watch-job\` until it reports a terminal result.
71
76
  `;
72
77
  }
@@ -1,49 +1,46 @@
1
1
  export function renderReviewerHarnessRules() {
2
- return `## VCM Reviewer Rules
2
+ return `
3
+ ## VCM Reviewer Rules
3
4
 
4
5
  ### Role Scope
5
6
 
6
- - Own the independent review gate, test adequacy, reviewer-owned validation design, and final validation confidence.
7
- - Do not take over broad, architectural, risky, or multi-file implementation work, and do not weaken tests to pass validation.
8
- - Reply to project-manager with the \`vcm-route-message\` skill.
7
+ - Own independent validation review, reviewer-owned test design, test implementation, test adequacy, \`docs/TESTING.md\`, and final validation confidence.
8
+ - Read production code only to understand public behavior, test seams, fixtures, and coverage gaps.
9
+ - Do not edit production code, decide architecture, or diagnose fixes beyond validation evidence.
9
10
 
10
11
  ### Inputs
11
12
 
12
- - Read \`CLAUDE.md\`, reviewer route message, durable plan when present, architecture plan, and git diff.
13
- - For code-change reviews, read coder route message; if it is missing, note the missing evidence in \`.ai/vcm/handoffs/review-report.md\`.
14
- - Read affected code, tests, and project docs only as needed to verify behavior, public contracts, validation, risk, and docs impact.
13
+ - Read reviewer role message, the VCM task record or durable plan, architecture plan, \`docs/TESTING.md\`, relevant tests, fixtures, and validation docs.
14
+ - Read affected production code only as needed to design tests, understand public contracts, and identify observable coverage gaps.
15
+ - Use \`.ai/generated/module-index.json\` and \`.ai/generated/public-surface.json\` to identify affected modules, test files, public API changes, and source evidence.
15
16
 
16
- ### Review Scope
17
+ ### Validation Scope
17
18
 
18
- - Verify scope, role compliance, single-writer compliance, architecture compliance, public contract compliance, docs gaps, cleanup, risk, and whether validation evidence is sufficient.
19
- - Escalate larger implementation issues to project-manager for coder follow-up.
20
- - Escalate architecture, public contract, design, or documentation drift issues to project-manager for architect follow-up.
21
-
22
- ### Test Adequacy And Validation
23
-
24
- - Independently design the test coverage needed to prove the implemented behavior, including missing cases beyond coder's baseline tests.
25
- - Decide whether stronger L1/L2/L3 validation is needed for final confidence.
19
+ - Validate behavior against the approved task scope, architecture plan, and public contracts through tests or observable behavior.
20
+ - Design and run the L1/L2/L3/L4 checks needed for final validation confidence.
26
21
  - Before final validation, perform a full cache cleanup, then rerun validation from a clean state.
27
22
  - Do not use validation results produced before full cache cleanup as final acceptance evidence.
28
- - Add or modify tests needed for test adequacy.
29
- - Do not skip smoke, integration, or E2E checks only because coder did not run them.
30
-
31
- ### Review-Scoped Fixes
32
-
33
- - Production-code fixes must be small, local, low-risk, and traceable to review findings.
34
- - Escalate broad, risky, architectural, or multi-file production fixes instead of implementing them directly.
23
+ - Record failed commands, observed behavior, expected behavior, reproduction steps, skipped checks, and coverage gaps.
24
+ - If validation fails or expected behavior is unclear, report the evidence to project-manager; architect owns diagnosis and next-step routing.
25
+ - Add or modify tests, fixtures, or test helpers needed for validation confidence.
26
+ - Update \`docs/TESTING.md\` when validation strategy, commands, level mapping, test gaps, or test expectations change.
35
27
 
36
28
  ### Phase Validation
37
29
 
38
- - Each phase must run the strongest practical validation up to L2: fast, changed-file, focused unit, contract, or module validation.
39
- - Full L3 E2E / browser / integration validation is normally reserved for the final phase or whole-task acceptance.
30
+ - For phase review, run the strongest practical validation up to L2 that is relevant to the phase scope.
31
+ - Reserve full L3 E2E / browser / integration validation for the final phase or whole-task acceptance.
40
32
  - Run a narrow L3 smoke during a phase only when that phase directly changes a critical E2E path or high-risk integration boundary.
41
- - Treat architect-flagged public contracts, migrations, auth, data flow, routing, or dependency changes as risk inputs for reviewer-owned validation design.
33
+ - Treat architect-flagged public contracts, migrations, auth, data flow, routing, or dependency changes as inputs for reviewer-owned validation design.
42
34
  - Record skipped L3 checks in \`.ai/vcm/handoffs/review-report.md\` with the reason and the planned final validation point.
43
35
 
44
36
  ### Outputs
45
37
 
46
- - Write \`.ai/vcm/handoffs/review-report.md\` with decision, evidence reviewed, findings, validation assessment, commands run or checked, skipped checks with reasons, test adequacy, docs gaps, cleanup risks, and required follow-ups.
47
- - Record confirmed unresolved findings that should survive task cleanup in \`.ai/vcm/handoffs/known-issues.md\` for docs sync/final acceptance triage.
38
+ - Write \`.ai/vcm/handoffs/review-report.md\` with decision, evidence reviewed, tests added or updated, commands run or checked, validation results, failed expectations, reproduction steps, skipped checks with reasons, coverage gaps, and required follow-ups.
39
+ - Record confirmed unresolved issues in \`.ai/vcm/handoffs/known-issues.md\` only when they should survive current-task cleanup.
40
+
41
+ ### Background Jobs
42
+
43
+ - Never background a Bash command: no \`run_in_background\`, \`nohup\`, \`setsid\`, \`disown\`, or trailing \`&\`.
44
+ - For any command that may exceed 2 minutes, use the \`vcm-long-running-validation\` skill and stay in the turn, re-running \`.ai/tools/watch-job\` until it reports a terminal result.
48
45
  `;
49
46
  }
@@ -3,48 +3,59 @@ export function renderVcmFinalAcceptanceSkillRules() {
3
3
 
4
4
  Use this skill when project-manager is ready to decide whether a VCM-managed task can be accepted, returned for follow-up, or blocked for a decision.
5
5
 
6
- This skill is a final evidence audit. It does not replace architect docs sync, reviewer acceptance, validation, or user approval for high-risk decisions.
6
+ This skill is a final evidence audit. It does not replace architect docs sync, reviewer validation acceptance, coder implementation responsibility, or user approval for high-risk decisions.
7
+
8
+ Project-manager must not use this skill to perform technical design review, implementation review, source-code analysis, or test adequacy analysis. Missing or conflicting evidence must be routed to the responsible role.
7
9
 
8
10
  ## Required Inputs
9
11
 
10
12
  Read the relevant task evidence before deciding:
11
13
 
12
- - route messages or durable plan
13
- - \`.ai/vcm/handoffs/architecture-plan.md\`
14
- - \`.ai/vcm/handoffs/known-issues.md\`
15
- - \`.ai/vcm/handoffs/review-report.md\`
16
- - \`.ai/vcm/handoffs/docs-sync-report.md\`
17
- - current \`git status\` and \`git diff\`
18
- - relevant long-term docs when the task touched public behavior, architecture, tests, security, dependencies, or plans
14
+ - original user request, PM route message, or durable plan when present
15
+ - \`.ai/vcm/handoffs/architecture-plan.md\` when the task required architect planning
16
+ - \`.ai/vcm/handoffs/review-report.md\` when reviewer validation was required
17
+ - \`.ai/vcm/handoffs/docs-sync-report.md\` when durable docs could be affected
18
+ - \`.ai/vcm/handoffs/known-issues.md\` when unresolved findings were recorded
19
+ - current \`git status\` and changed file list
20
+ - relevant long-term docs only when needed to confirm that a docs-sync artifact exists and names the correct durable docs
21
+
22
+ ## Evidence Audit
23
+
24
+ Check whether the required role evidence exists, is current, and gives a clear decision.
25
+
26
+ Acceptable evidence must show:
27
+
28
+ - architect plan or docs-sync decision when architecture, public contracts, durable docs, or known issues changed
29
+ - reviewer decision and validation evidence when code, behavior, tests, or generated context changed
30
+ - known-issues disposition when unresolved findings were recorded
31
+ - explicit user approval for accepted high-risk decisions or intentionally skipped required gates
19
32
 
20
- ## Scope Traceability Audit
33
+ ## File Scope Audit
21
34
 
22
- Do not claim to prove that the diff is exactly equal to the task scope.
35
+ Do not claim to prove that every diff hunk exactly matches the task.
23
36
 
24
- Instead, classify changed files and meaningful hunks:
37
+ Review the changed file list only, then classify files:
25
38
 
26
- - expected changes: directly named by the user request, durable plan, route message, or architecture plan
27
- - supporting changes: tests, fixtures, types, docs, or wiring needed for expected changes
28
- - approved deviations: changes explained by Replan, reviewer follow-up, or explicit user / project-manager approval
29
- - unexplained changes: changes with no traceable reason in the task evidence
30
- - high-risk unexpected changes: auth, permissions, payment, billing, schema, migrations, data deletion, secrets, generated artifacts, dependencies, lockfiles, or broad formatting churn
39
+ - expected files: directly named by the user request, route message, durable plan, or architecture plan
40
+ - supporting files: tests, fixtures, generated context, docs, or wiring needed for expected files
41
+ - approved deviations: files explained by Replan, reviewer follow-up, docs-sync, or explicit user / project-manager approval
42
+ - unexplained files: files with no traceable reason in the task evidence
43
+ - high-risk unexpected files: auth, permissions, payment, billing, schema, migrations, data deletion, secrets, dependencies, lockfiles, broad generated artifacts, or broad formatting churn
31
44
 
32
- Unexplained changes must be explained, reverted, or routed for follow-up before normal acceptance.
45
+ Unexplained files must be routed for explanation, follow-up, or removal before normal acceptance.
33
46
 
34
- High-risk unexpected changes require project-manager / user approval or Replan before acceptance.
47
+ High-risk unexpected files require explicit user approval or architect Replan before acceptance.
35
48
 
36
49
  ## Acceptance Checks
37
50
 
38
51
  Check:
39
52
 
40
- - required route was followed, or a user-approved exception is recorded
53
+ - required route was followed, or an explicit exception is recorded
41
54
  - required handoff artifacts exist and are current
42
- - architecture plan was followed, or Replan was approved
43
- - reviewer decision is acceptable, or findings are routed for follow-up
44
- - docs sync is complete, or docs intentionally left unchanged are justified
45
- - task-local known issues were resolved, promoted to \`docs/known-issues.md\`, or explicitly left out with a reason
46
- - public behavior has direct tests or a recorded exception
47
- - tests were not weakened, deleted, or skipped just to pass
55
+ - architecture plan completion, Replan, or architect follow-up decision is recorded
56
+ - reviewer report records validation commands, results, skipped checks with reasons, and an acceptable decision
57
+ - docs-sync report records docs updated, docs intentionally left unchanged, or required follow-up
58
+ - known issues are either resolved, promoted to durable docs by architect, or explicitly accepted
48
59
  - temporary task state is ready to clean after durable facts are promoted
49
60
 
50
61
  ## Decisions
@@ -58,7 +69,7 @@ Choose exactly one:
58
69
  - needs-docs-sync
59
70
  - blocked-by-user-decision
60
71
 
61
- Do not accept when validation evidence is missing, reviewer findings are unresolved, docs sync is missing for durable changes, or unexplained high-risk changes remain.
72
+ Do not accept when required role evidence is missing, reviewer findings are unresolved, docs sync is missing for durable changes, known-issues disposition is missing, or unexplained high-risk files remain.
62
73
 
63
74
  ## Output
64
75
 
@@ -79,17 +90,17 @@ accepted | accepted-with-known-risks | needs-coder-follow-up | needs-architect-r
79
90
 
80
91
  ## Evidence Reviewed
81
92
 
82
- ## Scope Traceability
93
+ ## File Scope
83
94
 
84
- ### Expected Changes
95
+ ### Expected Files
85
96
 
86
- ### Supporting Changes
97
+ ### Supporting Files
87
98
 
88
99
  ### Approved Deviations
89
100
 
90
- ### Unexplained Changes
101
+ ### Unexplained Files
91
102
 
92
- ### High-Risk Unexpected Changes
103
+ ### High-Risk Unexpected Files
93
104
 
94
105
  ## Validation Summary
95
106
 
@@ -1,28 +1,51 @@
1
1
  export function renderVcmLongRunningValidationSkillRules() {
2
- return `## Rule
2
+ return `Use this skill for builds, browser checks, E2E tests, release suites, or any command that may run longer than 2 minutes.
3
3
 
4
- Do not start background jobs.
4
+ ## Rule
5
5
 
6
- The only allowed background job is \`.ai/tools/run-long-check\` when used through this skill.
6
+ Never run the Bash tool with \`run_in_background: true\`, and never detach a process with \`nohup\`, \`setsid\`, \`disown\`, or a trailing \`&\`. VCM denies these calls.
7
7
 
8
- This skill has a hard maximum timeout of 60 minutes. Do not run or suggest operations expected to exceed 60 minutes without user approval.
8
+ The only sanctioned long-running mechanism is \`.ai/tools/run-long-check\` plus \`.ai/tools/watch-job\` through this skill.
9
+
10
+ The hard ceiling is 60 minutes per job, enforced by the job worker itself. Do not run or suggest operations expected to exceed 60 minutes without user approval; split larger work first.
9
11
 
10
12
  ## Protocol
11
13
 
12
- 1. Start the command through \`.ai/tools/run-long-check\`.
13
- 2. Write job state under \`.ai/vcm/jobs/<job-id>/\`.
14
- 3. Run \`.ai/tools/watch-job <job-id> --timeout <duration>\` in the same turn.
15
- 4. Treat success, failure, and timeout as explicit results.
16
- 5. Read the final status and relevant log tail.
14
+ 1. Start the command with an explicit ceiling: \`.ai/tools/run-long-check --timeout <duration> -- <command>\`. Pick the ceiling from \`docs/TESTING.md\` guidance or a realistic estimate, never above 60m. The tool prints the job id and creates job state under \`.ai/vcm/jobs/<job-id>/\`.
15
+ 2. In the same turn, run \`.ai/tools/watch-job <job-id>\`. The default watch window is 8 minutes.
16
+ 3. If watch-job exits 125, the job is still running: run \`.ai/tools/watch-job <job-id>\` again immediately. Do not end the turn between windows.
17
+ 4. Repeat until watch-job reports a terminal result.
18
+ 5. Read the final status and the relevant log tail.
17
19
  6. Record command, result, duration, and required follow-up wherever the caller normally records command evidence.
18
20
 
19
21
  Example:
20
22
 
21
23
  \`\`\`bash
22
- .ai/tools/run-long-check -- cargo test --workspace
23
- .ai/tools/watch-job <job-id> --timeout 20m
24
+ .ai/tools/run-long-check --timeout 30m -- cargo test --workspace
25
+ .ai/tools/watch-job <job-id>
26
+ .ai/tools/watch-job <job-id> # repeat while the exit code is 125
24
27
  \`\`\`
25
28
 
29
+ ## Exit Codes
30
+
31
+ Treat watch-job exit codes as explicit results:
32
+
33
+ - \`0\`: success.
34
+ - \`1\`: failed; read the log tails.
35
+ - \`124\`: timeout; the job hit its ceiling and was killed; not passed.
36
+ - \`125\`: still running; call watch-job again now.
37
+ - \`4\`: orphaned or stale; the job lost foreground supervision and was killed, or its worker died; not passed.
38
+ - \`2\`: usage error or unknown job id.
39
+
40
+ ## Supervision
41
+
42
+ A running job requires a live foreground watcher:
43
+
44
+ - watch-job renews the job supervision lease while it runs.
45
+ - If no watcher renews the lease for about 2 minutes, the worker kills the command process group and records \`orphaned\`. A job cannot keep running unsupervised.
46
+ - VCM also blocks ending the turn while a job is running. Stay in the turn and keep watching.
47
+ - Only one validation job may run at a time; run-long-check refuses to start a second one.
48
+
26
49
  ## Job Files
27
50
 
28
51
  \`\`\`text
@@ -30,23 +53,19 @@ Example:
30
53
  .ai/vcm/jobs/<job-id>/status.json
31
54
  .ai/vcm/jobs/<job-id>/stdout.log
32
55
  .ai/vcm/jobs/<job-id>/stderr.log
56
+ .ai/vcm/jobs/<job-id>/lease
33
57
  \`\`\`
34
58
 
35
59
  ## Timeout
36
60
 
37
61
  Timeout is not "unknown". It is a command result.
38
62
 
39
- \`watch-job\` rejects timeouts over 60 minutes.
40
-
41
- On timeout:
63
+ On timeout the worker stops the command process group and records \`timeout\` in \`status.json\`; watch-job reports it with exit code 124:
42
64
 
43
65
  - summarize the latest log tail
44
- - record the timeout in \`status.json\`
45
66
  - report whether the timed-out process was stopped
46
67
  - do not mark the command as passed
47
- - do not continue the job in the background
48
-
49
- \`watch-job\` should attempt to stop the timed-out command process group. If termination cannot be confirmed, say so in the summary.
68
+ - do not retry in the background
50
69
 
51
70
  ## Cleanup
52
71
 
@@ -0,0 +1 @@
1
+ export {};