docs(phase3-step8): TDD implementation plan — Plan + Permission Contract#16
Merged
Conversation
Implementation plan for Phase 3 Step 8 (Plan + Permission Contract). Generated via superpowers:writing-plans skill. 19 tasks decomposing Step 8 into bite-sized TDD steps: 1. Audit event constants (6 events + PHASE3_STEP8_EVENTS frozenset) 2. Plan/Checkpoint/PermissionManifest dataclasses 3. Plan-hash for Step 9 tamper detection (Q13) 4. Atomic R/W for plan/state/manifest/grants (tmp+rename pattern) 5. Skill-registry validation 6. Qwen-3.6 plan drafter (local-only per Q1) 7. Vague-description clarifying loop via codec_ask_user.ask (Q3) 8. Global allowlist tier (Q4) 9. State machine (status transitions) 10. create_agent orchestrator + audit emits 11. approve/reject/revise functions 12. PWA endpoints — CRUD + global grants 13. PWA approve/reject integration tests 14. PWA global grants endpoints test 15. Auto-approve via global allowlist (the integration moment) 16. Pre-approval re-validation against registry 17. End-to-end integration test 18. AGENTS.md documentation update 19. Final verification + push + open PR Estimated outputs: - 1 new module (codec_agent_plan.py, ~500 LOC) - 1 new router (routes/agents.py, ~200 LOC, 9 endpoints) - 25 new passing tests (tests/test_agent_plan.py, ~700 LOC) - 6 new audit event constants in codec_audit.py - 1 codec_dashboard.py mount edit - AGENTS.md §X.X sub-section + §6 table extension + §10 don't-touch Each task is fully self-contained with exact file paths, exact code, exact pytest commands with expected outputs. No placeholders, no "similar to Task N" shortcuts, no missing test bodies. Reference: docs/PHASE3-BLUEPRINT.md (approved by user 2026-05-03). After Step 8 lands and signs off, Steps 9 + 10 plans will follow the same writing-plans cadence.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TDD implementation plan for Phase 3 Step 8 — Plan + Permission Contract. Generated via the
superpowers:writing-plansskill from the approved blueprint (docs/PHASE3-BLUEPRINT.md§2). 19 tasks, 89 atomic TDD steps, 2364 lines.This PR is the PLAN, not the implementation. Once approved, execution happens in a follow-up PR (
feat/phase3-step8-implementation).What Step 8 builds
Drop-a-project planning: user describes a project → Qwen-3.6 drafts structured plan with permission manifest → user approves in PWA → grants persisted with plan_hash for Step 9 tamper detection. No execution yet — Step 9 picks that up.
Plan structure
create_agentorchestratorroutes/agents.py)AGENTS.mddocumentation updateEstimated implementation outputs
codec_agent_plan.py(~500 LOC)routes/agents.py(~200 LOC, 9 endpoints)tests/test_agent_plan.py, ~700 LOC)codec_audit.pycodec_dashboard.pyAGENTS.md§X.X sub-section + §6 table + §10 don't-touch listQuality discipline (from writing-plans skill)
Test plan
superpowers:subagent-driven-developmentorsuperpowers:executing-plansSequencing
This PR (Step 8 plan) → user merges → execution PR ships → Step 8 sign-off → Step 9 plan → Step 9 execution → Step 9 sign-off → Step 10 plan → Step 10 execution → Phase 3 closeout.
Mirrors the Phase 1+2 cadence.
🤖 Generated with Claude Code