Skip to content

feat(agileteam): 2026-07-08 retro amendments C3/C4/C5 + local test ports#95

Merged
DYAI2025 merged 3 commits into
mainfrom
agileteam-improved
Jul 8, 2026
Merged

feat(agileteam): 2026-07-08 retro amendments C3/C4/C5 + local test ports#95
DYAI2025 merged 3 commits into
mainfrom
agileteam-improved

Conversation

@DYAI2025

@DYAI2025 DYAI2025 commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Retro-approved amendments from a real /agileteam production run (FuFirE WS-A resume cycle), user-confirmed at the /reflect learning-loop gate, ported from the local v0.18 deployment onto current main (v0.22.2).

C3 — Ledger-mandatory delivery gates

merge, deploy, production-verification are recorded run-ledger gates; resume cross-checks the traceability matrix's wired-in-prod? column against git/remote ground truth before trusting it. Measured failure: a PR was merged+deployed with no ledger event → resume mis-classified the live feature as undeployed.

C4 — Scope guard vs. tool droppings

plumbline-scope-check exempts paths that are BOTH gitignored AND untracked (session-tooling artifacts like .claude-flow/ daemon state) with a visible NOTE; --strict-gitignored restores old behavior; tracked files never exempted; fail-closed on git errors. Verified 3-way against a live repo.

C5 — Mid-flight scope additions to running agents

Queued messages to in-flight agents are silently lost if the agent finishes first (measured). Rule: wait for the result, re-dispatch with an idempotency guard, inspect the tree for partial work on mid-task agent death.

Ported TDD-RED specs (PLB-HARDEN-001 — deliberately NOT registered in run_all.sh)

Two locally-authored test scripts existed only in the v0.18 deployment and are ported as-is:

  • test_reality_wired_in_prod.sh (Test A): reality-check must fail-closed on a done/deploy claim while wired_in_prod=noRED by design until enforcement exists (plumbline_reality.py REQUIRED_FIELDS lacks wired_in_prod).
  • test_pretool_wait_state_hook.sh (Test B): WAIT/STOP must deterministically lock state-changing + meta toolcalls — RED by design until pretool-wait-state.sh exists and is registered.

Both runs confirmed RED on this branch (FAIL lines print, scripts exit 0 as documenting runs). They are the executable spec of the next hardening increment, not disabled checks of built features — surfaced here per the no-laundering rule instead of being silently parked.

.gitignore

Per-user runtime artifacts (.plumbline/ update snapshots, .claude/homunculus/, .devin/).

Test plan

config/claude/tests/run_all.shALL CHECKS PASSED (clean PATH; note: the trailofbits modern-python python3 shim breaks suite-internal python3 calls — unrelated pre-existing environment issue).

🤖 Generated with Claude Code

…rts (user-approved via /reflect gate)

Ported from the local v0.18 deployment onto v0.22.2:

- C3: merge/deploy/production-verification are ledger-mandatory gates;
  resume cross-checks wired-in-prod? against git/remote ground truth
  (measured failure: FuFirE PR #142 merged+deployed with no ledger
  event; resume mis-classified the base feature as undeployed)
- C4: plumbline-scope-check exempts gitignored+untracked tool droppings
  (visibly logged; --strict-gitignored opt-out; tracked files never
  exempted; fail-closed on git errors) — verified 3-way against a real
  repo (exempt+NOTE / real violation still blocks / strict re-blocks)
- C5: mid-flight scope additions to running agents — wait for result,
  re-dispatch with idempotency guard; inspect tree on mid-task death
- port two locally-authored test scripts (pretool wait-state hook,
  reality wired-in-prod) that existed only in the v0.18 deployment
- .gitignore: exclude per-user runtime artifacts (.plumbline/ update
  snapshots, .claude/homunculus/, .devin/)

Full suite: ALL CHECKS PASSED (run_all.sh, clean PATH).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@sourcery-ai

sourcery-ai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Implements agileteam retro amendments C3–C5 by tightening ledger semantics and agent orchestration docs, updating the plumbline scope guard to exempt gitignored+untracked tooling artifacts with an optional strict mode, and adding two RED hardening tests plus ignore rules for local runtime artifacts.

Flow diagram for updated plumbline scope validation (gitignored+untracked exemption)

flowchart LR
    A[main] --> B[validate_scope]

    B --> C[_load_patterns]
    B --> D[_load_changed_files]
    C --> E[filter by allowed patterns]
    D --> E

    E --> F{out empty?}
    F -->|yes| G[EXIT_PASS]
    F -->|no and strict_gitignored| H[print scope error]
    F -->|no and not strict_gitignored| I[_gitignored_untracked]

    I --> J{git ok?}
    J -->|no| H
    J -->|yes| K[print NOTE for exempted paths]
    K --> L[remove exempted paths from out]

    L --> M{out empty now?}
    M -->|yes| G
    M -->|no| H
Loading

File-Level Changes

Change Details Files
Adjust plumbline scope validation to optionally exempt gitignored+untracked tooling artifacts while exposing a strict mode flag.
  • Introduce a helper to compute the subset of candidate paths that are both untracked and gitignored using git ls-files and git check-ignore, failing closed on git errors or missing git.
  • Extend validate_scope to accept a strict_gitignored boolean, filter out gitignored+untracked paths when not strict, and print a NOTE listing any exemptions.
  • Add a --strict-gitignored CLI flag, wire it into validate_scope, and update main() to pass the argument through.
config/claude/lib/plumbline_scope.py
Document C3 and C5 agileteam retro rules and summarize all amendments in the v3 spec.
  • Clarify that merge, deploy, and production-verification are mandatory ledger gates and must be reconciled against git/remote ground truth on resume, including guidance on handling stale ledgers.
  • Describe the mid-flight scope-addition failure mode for agents and prescribe the re-dispatch-with-idempotency-guard pattern plus tree inspection on mid-task failures.
  • Add an "Amendments 2026-07-08" section summarizing C3–C5 and pointing to the operative agileteam command text.
config/claude/commands/agileteam.md
docs/agileteam-spec-v3.md
Add RED hardening tests for the wait-state pretool hook and wired-in-prod reality enforcement, ported from local deployment.
  • Introduce test_pretool_wait_state_hook.sh to specify the intended semantics and wiring of a pretool wait-state lock hook via a series of RED expectations around deny/allow behavior and install-time registration.
  • Introduce test_reality_wired_in_prod.sh to expose the current gap where wired_in_prod is not enforced by plumbline-reality-check and define the desired STOP-WIRED-PROD behavior behind a future --require-wired flag.
config/claude/tests/test_pretool_wait_state_hook.sh
config/claude/tests/test_reality_wired_in_prod.sh
Ignore per-user runtime artifacts generated by local tooling in version control.
  • Update .gitignore to exclude per-user runtime and tooling directories such as plumbline update snapshots and homunculus/Devin state directories to keep them out of scope checks and diffs.
.gitignore

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • _gitignored_untracked() intentionally fail-closes by returning an empty set on any git/OSError, but this makes it hard to distinguish misconfiguration from legitimate scope violations; consider emitting a brief stderr NOTE when git commands fail so callers can diagnose why tool artifacts are no longer being exempted.
  • validate_scope() now takes a strict_gitignored flag; if this is invoked from any other scripts or tooling beyond main(), double-check those call sites or consider keeping a backward-compatible wrapper to avoid subtle breakage of existing pipelines.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- _gitignored_untracked() intentionally fail-closes by returning an empty set on any git/OSError, but this makes it hard to distinguish misconfiguration from legitimate scope violations; consider emitting a brief stderr NOTE when git commands fail so callers can diagnose why tool artifacts are no longer being exempted.
- validate_scope() now takes a strict_gitignored flag; if this is invoked from any other scripts or tooling beyond main(), double-check those call sites or consider keeping a backward-compatible wrapper to avoid subtle breakage of existing pipelines.

## Individual Comments

### Comment 1
<location path="config/claude/commands/agileteam.md" line_range="342-344" />
<code_context>
+  `gh pr list --state merged`) and whether a newer deployment exists. A
+  `wired-in-prod? = no` row with the code already merged+deployed is a STALE ledger,
+  not a RED product state — reconcile the matrix first, then resume. (Measured failure
+  2026-07-08: PR merged+deployed with no ledger event; resume mis-classified the base
+  feature as undeployed.)
 - If the goal above is **empty or a placeholder**, do NOT start. Ask the user for
   (a) the feature/goal and (b) the target project directory, then stop.
</code_context>
<issue_to_address>
**nitpick (typo):** Consider changing "mis-classified" to the standard single-word spelling "misclassified".

Using the single-word form is the standard spelling here and will improve consistency without altering the meaning.

```suggestion
  not a RED product state — reconcile the matrix first, then resume. (Measured failure
  2026-07-08: PR merged+deployed with no ledger event; resume misclassified the base
  feature as undeployed.)
```
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread config/claude/commands/agileteam.md

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 73079d15e3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

if tracked.returncode != 0:
return set()
tracked_set = {line.strip() for line in tracked.stdout.splitlines() if line.strip()}
candidates = [p for p in paths if p.rstrip("/") not in tracked_set]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Do not exempt tracked files staged for removal

When a tracked file that matches .gitignore is staged for deletion or git rm --cached, git ls-files' default cached view no longer returns it (git ls-files -h lists --cached as the default and separate --with-tree/--deleted modes), so this filter treats the path as an untracked candidate. git check-ignore can then mark it ignored, causing an out-of-scope deletion of a previously tracked file to pass the scope gate even though the new contract says tracked files are never exempted; this is reachable because plumbline-enforce.sh includes git diff --name-only --cached in the changed-file list.

Useful? React with 👍 / 👎.

# name is a placeholder for the fix; the load-bearing assertions are the
# STOP-WIRED-PROD behaviour and naming the culprit REQ, not the exact CLI).
set +e
out2="$("$REALITY" --repo "$repo" --feature "$FEAT" --min-evidence integration --require-wired 2>&1)"; rc2=$?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Assert wired-in-prod failures exit non-zero

This captures rc2 but never checks it, so a future --require-wired implementation that prints STOP-WIRED-PROD and REQ-X1 while exiting 0 would satisfy both A2 assertions even though the contract here is explicitly fail-closed. Add a non-zero exit assertion for rc2 so the test proves the gate blocks instead of merely warning.

Useful? React with 👍 / 👎.


# B4 (RED): lock SET + meta Task -> STOP-META-WORK
repo="$(mk_repo locked)"
assert_contains "B4 RED: meta toolcall under wait-lock carries STOP-META-WORK" "$(hook_out "$repo" "$TASK_CALL")" "STOP-META-WORK"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Assert meta Task calls are denied

B4 only checks that the hook output contains STOP-META-WORK; it does not assert the Task toolcall was actually denied. A hook that logs that stop code but returns allow/0 would pass this meta-work case while still permitting the wait-lock bypass the test is meant to prevent, so this should also run is_deny on TASK_CALL under the lock.

Useful? React with 👍 / 👎.

DYAI2025 and others added 2 commits July 8, 2026 04:08
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
…indings in ported TDD specs

merge-when-true gate findings on PR #95, closed instead of waived:

- C4 behavior had only manual verification — now 7 suite assertions in
  test_runtime_integrity_layer.sh against a real dynamic git fixture:
  exempt+visible-NOTE, non-ignored file still blocks, violation names the
  real file, tracked-but-ignore-matching never exempted, --strict-gitignored
  re-blocks
- shellcheck: SC2317/SC2329 directives on indirectly-invoked helpers
  (is_deny/hook_out, called via assert's eval), drop genuinely-unused
  out1/rc2 captures in test_reality_wired_in_prod.sh

Full suite local (with shellcheck installed): ALL CHECKS PASSED.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@DYAI2025 DYAI2025 merged commit 267ddd4 into main Jul 8, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants