Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions agents/executor.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ The executor is plan-scoped:

## Core Algorithm

1. **Load plan.** Parse frontmatter (`phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `must_haves`), objective, context references, and tasks. Treat any prompt-provided `<files_to_read>` block as task_scoped unless it explicitly labels entries as mandatory_now.
1. **Load plan.** Parse frontmatter (`phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`), objective, context references, and tasks. Treat any prompt-provided `<files_to_read>` block as task_scoped unless it explicitly labels entries as mandatory_now.
2. **Run lifecycle preflight.** Before mutating lifecycle artifacts, run `node .work/bin/gsdd.mjs lifecycle-preflight execute {phase_num} --expects-mutation phase-status`. If blocked, stop and surface the blocker.
3. **For each task:**
a. If `type="auto"`: Confirm mandatory_now context is loaded, read the task_scoped files and focused references needed for the current task, execute the task, apply deviation rules as needed, run verification, confirm done criteria, and handle any git actions using repo/user conventions.
Expand Down Expand Up @@ -175,7 +175,7 @@ For each task in the plan, follow this loop:
### Frontmatter And Task Semantics

The executor consumes the plan schema defined by the planner:
- frontmatter keys: `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `must_haves`
- frontmatter keys: `phase`, `plan`, `type`, `wave`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`
- task types:
- `type="auto"` - proceed without pausing
- `type="checkpoint:user"` - stop for a required user decision or human-only step
Expand Down Expand Up @@ -210,8 +210,8 @@ Before reporting a task complete:
- if an API change is involved, hit the endpoint or targeted integration path
- A task is not complete because code was written. It is complete when the intended verification path actually passes.

### UI Proof Execution
If the plan defines UI proof slots, record observed proof against the exact claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit before claiming task completion.
### Browser Proof Execution
If the plan sets `browser_proof_required: true`, execute the Browser Proof Plan and record observed proof against the exact `Plan:` artifact path, route/state, viewport, observation, evidence kind, artifact path or manual step, privacy/safety note, result, and claim limit before claiming task completion.

Use `agent-browser` as the default live UI proof path:
- open the planned route/state
Expand All @@ -220,9 +220,9 @@ Use `agent-browser` as the default live UI proof path:
- capture screenshots for the planned viewport(s)
- record relevant console/network observations

If `agent-browser` is unavailable, record the availability constraint and closest project-native interactive browser fallback in the proof bundle instead of silently treating the fallback as the default path. Existing Playwright/package-script browser tests remain canonical repeatable regression evidence when present; use Playwright scripting only for checks `agent-browser` cannot cover cleanly, such as JS-disabled, structured console, or multi-context verification.
If `agent-browser` is unavailable, record the availability constraint and closest project-native interactive browser fallback instead of silently treating the fallback as the default path. Existing Playwright/package-script browser tests remain canonical repeatable regression evidence when present; use Playwright scripting only for checks `agent-browser` cannot cover cleanly, such as JS-disabled, structured console, or multi-context verification.

Artifact metadata must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; raw screenshots, traces, videos, DOM snapshots, and reports are local-only/unsafe by default and cannot back public, tracked, delivery, release, or publication proof claims. Use `gsdd ui-proof validate <path>` or `gsdd health` when a bundle exists. Artifact count, source comments, AST/cAST findings, semantic search, and Semble-like retrieval are not proof. Missing or weakly linked evidence must be recorded as proof debt, waiver, deferment, or reduced claim language rather than satisfied proof.
Raw screenshots, traces, videos, DOM snapshots, and reports are local-only/unsafe by default and cannot back public, tracked, delivery, release, or publication proof claims unless sanitized. Artifact count, source comments, AST/cAST findings, semantic search, and Semble-like retrieval are not proof. Missing or weakly linked evidence must be recorded as proof debt, waiver, deferment, or reduced claim language rather than satisfied proof, using the failure-cause names in `distilled/references/proof-rules.md` when proof fails or is partial.
</execution_loop>

<checkpoint_protocol>
Expand Down
36 changes: 10 additions & 26 deletions agents/planner.md
Original file line number Diff line number Diff line change
Expand Up @@ -153,15 +153,13 @@ Any checkpoint must be justified by the task itself, not by planner caution or h
Any plan containing `checkpoint:*` must set `autonomous: false`.
</task_contract>

<ui_proof_planning>
For UI-sensitive work, plan proof slots that can later be matched exactly to claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit. Use only the stable evidence kinds `code`, `test`, `runtime`, `delivery`, and `human`.
<browser_proof_planning>
For UI-sensitive work, set `browser_proof_required: true` and include a `## Browser Proof Plan` that can later be matched exactly to route/state, viewport, observation, evidence kind, artifact path or manual step, privacy/safety note, result, and claim limit. Browser Proof Plan/Observation records use only `runtime` or `test` as their `Evidence kind`; keep the broader `code`, `test`, `runtime`, `delivery`, and `human` vocabulary for the closure evidence contract.

Require observed artifacts to carry `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; when a planned slot is meant to support public, publication, tracked, delivery, or release proof, say to validate the observed bundle with `gsdd ui-proof validate <path> --claim <...>`. `gsdd ui-proof validate`/`gsdd health` must catch invalid bundle metadata when present.
The Browser Proof Plan must name route/state, viewport coverage, runtime path, evidence kind, evidence command or narrowed no-command rationale, observations, artifacts, and claim limit. For live rendered UI proof, plan `agent-browser` as the default runtime evidence path: route open, interactive snapshot/refs when relevant, changed-flow interaction, screenshots for the planned viewport(s), and relevant console/network observations. If `agent-browser` is unavailable in the runtime, require an explicit availability constraint and the closest project-native interactive browser fallback before narrowing the claim. Existing Playwright/package-script browser tests remain the canonical repeatable regression path when present; do not scaffold new browser infrastructure by default. Responsive claims need desktop/mobile or equivalent state coverage unless the claim is narrowed.

For live rendered UI proof, plan `agent-browser` as the default runtime evidence path: route open, interactive snapshot/refs when relevant, changed-flow interaction, screenshots for the planned viewport(s), and relevant console/network observations. If `agent-browser` is unavailable in the runtime, require an explicit availability constraint and the closest project-native interactive browser fallback before narrowing the claim. Existing Playwright/package-script browser tests remain the canonical repeatable regression path when present; do not scaffold new browser infrastructure by default. The planner chooses viewport coverage, but must explain why the viewport set is sufficient for the claim or narrow the claim limit; responsive claims need desktop/mobile or equivalent state coverage.

Do not let source annotations, AST/cAST findings, semantic search, comments, or Semble-like retrieval satisfy proof slots; they are discovery hints only. Human acceptance can narrow or waive a claim and record proof debt, but it must not turn missing or mismatched non-human evidence into `satisfied` proof.
</ui_proof_planning>
Do not let source annotations, AST/cAST findings, semantic search, comments, or Semble-like retrieval satisfy browser proof; they are discovery hints only. Human acceptance can narrow or waive a claim and record proof debt, but it must not turn missing or mismatched non-human evidence into satisfied proof.
</browser_proof_planning>

<dependency_graph_example>
Example dependency graph:
Expand Down Expand Up @@ -194,8 +192,9 @@ Wave rule:
Write one or more `PLAN.md` files to the phase directory.

Keep the current GSDD schema exactly:
- frontmatter keys: `phase`, `plan`, `type`, `wave`, `runtime`, `assurance`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `non_goals`, `hard_boundaries`, `escalation_triggers`, `approval_gates`, `anti_regression_targets`, `known_unknowns`, `ui_proof_slots`, `no_ui_proof_rationale`, `high_leverage_surfaces`, `second_pass_required`, `closure_claim_limit`, `parallelism_budget`, `leverage`, `must_haves`
- frontmatter keys: `phase`, `plan`, `type`, `wave`, `runtime`, `assurance`, `depends_on`, `files-modified`, `autonomous`, `requirements`, `non_goals`, `hard_boundaries`, `escalation_triggers`, `approval_gates`, `anti_regression_targets`, `known_unknowns`, `browser_proof_required`, `browser_proof_rationale`, `must_haves`
- typed tasks with `files`, `action`, `verify`, and `done`
- if `browser_proof_required: true`, the plan body must include `## Browser Proof Plan` with route/state, viewport, runtime path, evidence kind, evidence command or no-command rationale, observations, artifacts, and claim limit

Typed frontmatter example:

Expand Down Expand Up @@ -225,18 +224,8 @@ anti_regression_targets:
- Existing session middleware behavior remains unchanged for already-supported routes.
known_unknowns:
- Exact copy wording for auth errors may still need product confirmation.
ui_proof_slots: []
no_ui_proof_rationale: Not UI-sensitive; scoped work does not claim a visible UI outcome.
high_leverage_surfaces: []
second_pass_required: false
closure_claim_limit: Do not claim phase completion until verification satisfies the evidence contract for the scoped truths.
parallelism_budget:
max_concurrent_plans: 1
safe_parallelism: []
leverage:
lost: Slightly more planning ceremony for this plan.
kept: Existing auth/session architecture and repo conventions.
gained: Explicit anti-drift boundaries and fail-closed escalation.
browser_proof_required: false
browser_proof_rationale: Not UI-sensitive; scoped work does not claim a visible UI outcome.
must_haves:
truths:
- "User can sign in with email and password"
Expand Down Expand Up @@ -277,12 +266,7 @@ Before returning, self-check against the checker dimensions:
6. must-have quality
7. context compliance
8. goal achievement
9. scope boundaries
10. anti-regression capture
11. escalation integrity
12. closure honesty
13. high-leverage review
14. approach alignment (when APPROACH.md exists)
9. approach alignment (when APPROACH.md exists)

Task completeness rules:
- every task has files, action, verify, and done
Expand Down
2 changes: 1 addition & 1 deletion agents/verifier.md
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ Do not return a flat symptom list when the same underlying breakage explains mul

Visual correctness, live interaction quality, and some external integrations still need explicit human checks.

For UI proof slots, fail closed unless observed proof is matched to the exact claim, route/state, observation, evidence kind, artifact path or manual step, privacy metadata, result, and claim limit. For live UI runtime proof, expect `agent-browser` as the default captured tool unless the observed bundle explains a project-native equivalent or an availability constraint; do not fail solely because another browser tool was used, but downgrade vague proof that lacks exact route/state, viewport coverage or rationale, interactive steps/refs where relevant, screenshot/report artifacts, or relevant console/network observations. Existing Playwright/package-script browser tests count as canonical repeatable regression evidence, not as a replacement for scoped runtime proof when the slot requires `runtime`. Artifact metadata must include `visibility`, `retention`, `sensitivity`, and `safe_to_publish`; local-only or unsafe artifacts cannot back public, tracked, delivery, release, or publication proof claims, and `gsdd ui-proof validate`/`gsdd health` metadata failures block the stronger proof claim. Screenshots, traces, reports, Gherkin, a11y scans, E2E outputs, manual notes, source annotations, AST/cAST findings, semantic search, comments, and Semble-like retrieval do not satisfy proof by existence alone. Human acceptance records risk, waiver, deferment, proof debt, or a narrowed claim; it does not upgrade missing or mismatched non-human proof to `satisfied`.
For browser proof, fail closed unless observed proof is matched to the exact route/state, viewport, observation, evidence kind, artifact path or manual step, privacy/safety note, result, and claim limit. For live UI runtime proof, expect `agent-browser` as the default captured tool unless the observation record explains a project-native equivalent or an availability constraint; do not fail solely because another browser tool was used, but downgrade vague proof that lacks exact route/state, viewport coverage or rationale, interactive steps/refs where relevant, screenshot/report artifacts, relevant console/network observations, or a narrowed claim limit. Existing Playwright/package-script browser tests count as canonical repeatable regression evidence, not as a replacement for scoped runtime proof when browser proof requires runtime observation. Local-only or unsafe artifacts cannot back public, tracked, delivery, release, or publication proof claims unless sanitized. Screenshots, traces, reports, Gherkin, a11y scans, E2E outputs, manual notes, source annotations, AST/cAST findings, semantic search, comments, and Semble-like retrieval do not satisfy proof by existence alone. Human acceptance records risk, waiver, deferment, proof debt, or a narrowed claim; it does not upgrade missing or mismatched non-human proof to satisfied proof. Use the failure-cause names in `distilled/references/proof-rules.md` when proof fails or is partial.

## Step 9: Determine overall status

Expand Down
Loading
Loading