fix(skill): deft-setup -- pwd path anchor + post-interview confirmation gate (#272, #269)

[MScottAdams]

Summary

Two deft-setup fixes addressing silent failure modes during project bootstrap.

Task A: Anchor path resolution to pwd at skill entry (#272, t1.16.1)

When deft is cloned into a project subdirectory, deft-setup reads ./PROJECT.md relative to the framework clone instead of the user's pwd, silently concluding bootstrap is complete.

Fix: Added ! Path Resolution Anchor rule to Phase 2 explicitly stating all paths must resolve relative to pwd at skill entry -- never relative to the skill file, AGENTS.md, or any framework directory.

Task B: Post-interview confirmation gate + Warp auto-approve warning (#269, t1.17.1, absorbs #271)

Warp auto-approve silently self-answers the deft-setup interview, producing garbage USER.md/PROJECT.md with no error.

Fix:

• Added Post-Interview Confirmation Gate: after completing interview questions, display a summary of all captured values and require explicit yes/no confirmation before writing any files
• Added auto-fill filler detection warning for values that look auto-generated
• Added Warp Auto-Approve Warning documenting Always ask (AI -> Profile Settings) as the recommended configuration

Checklist

• SPECIFICATION.md has task coverage (t1.16.1, t1.17.1)
• CHANGELOG.md entries under [Unreleased]
• task check passes (all 1004 tests pass; WinError 448 teardown failure is pre-existing fix(test): WinError 448 -- pytest-current symlink cleanup fails on Windows 11 24H2+ #281)
• /deft:change N/A (2 files changed, framework-internal skill fix)
• Feature branch (not direct to master)

Closes #272, closes #269, absorbs #271

[greptile-apps]

Greptile Summary

This PR adds two targeted fixes to skills/deft-setup/SKILL.md: a ! Path Resolution Anchor rule in Phases 2 and 3 that forces all path resolution to the user's pwd at skill entry (closing #272), and a Post-Interview Confirmation Gate that requires explicit yes/confirmed/approve confirmation before writing any artifacts, plus a Warp Auto-Approve Warning (closing #269). CHANGELOG and SPECIFICATION are updated consistently, and the previous review concern about yolo/auto-pilot conflict is resolved via a ?-priority carve-out on line 531.

Confidence Score: 5/5

Safe to merge — both fixes are additive instruction rules with no breaking changes; all findings are P2 style suggestions.

No P0 or P1 issues found. The path anchor and confirmation gate are correctly scoped (Phase 2 and Phase 3 for paths; all phases for the gate). The prior yolo/auto-pilot concern from the previous review has been addressed with an explicit carve-out. Remaining comments are minor: an acceptance-list gap (y not accepted) and a semantic tension between the ⊗ MUST NOT and the ? MAY carve-out, both P2.

No files require special attention.

Important Files Changed

Filename	Overview
skills/deft-setup/SKILL.md	Path anchor rules added to Phase 2 and Phase 3; Warp Warning and Confirmation Gate sections added at end of file; yolo carve-out resolves prior review concern; anti-pattern list updated consistently.
SPECIFICATION.md	t1.16.1 and t1.17.1 tasks added as [completed] with accurate AC bullets; test-coverage-deferred notes are consistent with the PR's stated constraint.
CHANGELOG.md	Two new [Unreleased] entries (Added and Fixed) accurately describe the changes; counts and issue references match the implementation.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[deft-setup invoked] --> B[Record pwd at skill entry]
    B --> C{USER.md exists at platform path?}
    C -- No --> D[Phase 1 Interview]
    C -- Yes --> E[Check deft_version Freshness]
    E --> F[Phase 2: Resolve paths relative to pwd]
    D --> G[Post-Interview Gate: Display summary]
    F --> H{PROJECT.md exists at pwd/PROJECT.md?}
    H -- No --> I[Phase 2 Interview]
    H -- Yes --> J[Skip Phase 2]
    I --> G
    J --> K[Phase 3: Resolve paths relative to pwd]
    G --> L{Strategy = yolo?}
    L -- Yes --> M[Johnbot self-confirms and proceeds]
    L -- No --> N{User replies yes/confirmed/approve?}
    N -- Vague --> O[Reject + re-display]
    O --> N
    N -- Yes --> P[Write artifacts]
    M --> P
    N -- No --> Q[Ask which values to correct]
    Q --> G
    P --> K
    K --> R[Phase 3 Interview]
    R --> G2[Post-Interview Gate Phase 3]
    G2 --> S[Write SPECIFICATION.md]

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: skills/deft-setup/SKILL.md
Line: 524

Comment:
**Acceptance list excludes common single-character affirmatives**

The gate accepts `yes`, `confirmed`, and `approve` but not `y`, `ok`, or `sure`. A user who naturally types `y` to a yes/no prompt will have their response rejected and re-prompted — which can feel broken in a conversational flow. If the intent is to mirror `/deft:change` exactly, that's fine, but it's worth documenting that single-character shorthands are intentionally excluded so future editors don't silently add them. Consider adding a note or extending the list:

```suggestion
3. ! Accept only explicit affirmative responses (`yes`, `y`, `confirmed`, `approve`) -- reject vague responses (`proceed`, `do it`, `go ahead`) the same way `/deft:change` does
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: skills/deft-setup/SKILL.md
Line: 528-531

Comment:
**`⊗` rule and `?` yolo carve-out have a semantic tension**

Line 528 states `⊗ Write ... without first ... receiving explicit user confirmation` (a MUST NOT). The carve-out on line 531 permits Johnbot to self-confirm "on the user's behalf" — which is agent-generated confirmation, not user confirmation. Under a strict RFC2119 reading a `?` (MAY) cannot override a `⊗` (MUST NOT), so an agent following the legend literally could refuse the carve-out and still comply with the file.

Consider rewriting line 528 to carve out the yolo case inline:

```suggestion
⊗ Write USER.md, PROJECT.md, SPECIFICATION.md, or any other deft-setup artifact without first displaying captured values and receiving explicit user confirmation (or Johnbot self-confirmation in yolo mode per the carve-out below).
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (3): Last reviewed commit: "fix: address Greptile re-review findings..." | Re-trigger Greptile}