You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Top risks: intent-attribution ExecutionPolicy not enforced by Go orchestrator (only in prompt); 7 outcome evaluators are not-started and fall back to permissive evalGenericSticky; replace_label type is absent from the outcome-evaluation spec despite being shipped; OTel spec section 17 has no test IDs.
Priority Work Queue
P0: Missing ExecutionPolicy orchestrator enforcement; dispatch_workflow/update_project/update_release/link_sub_issue evaluators emit accepted on existence alone.
P1: OTel Level 3 features unvalidated; replace-label has no compliance fixtures; mergePolicy() has no precedence unit tests.
/spdd-analysisintent-attribution: Audit Authorizer.AuthorizeTool in pkg/ against spec ExecutionPolicy.AllowedTools/DeniedTools -- document which fields are wired vs unused (specs/intent-attribution-agent-governance.md)
/spdd-generateintent-attribution: Add 3 unit tests for PolicyCompiler.Compile() covering organization > repository > intent precedence in pkg/ -- done when a lower-precedence rule cannot weaken a higher-precedence constraint
/spdd-generatesafe-output-outcome-evaluation: Implement dedicated Go evaluators for dispatch_workflow and update_discussion in pkg/cli/outcome_eval.go -- done when neither type falls back to evalGenericSticky
/spdd-generatereplace-label: Create two YAML compliance fixtures for RL-001 (glob semantics) and RL-003 (blocklist ordering) in specs/replace-label-compliance/ -- done when fixture files exist and reference the RL codes
/spdd-syncotel-observability: Add at least 5 T-OT-NNN test ID stubs in section 17 of specs/otel-observability-spec.md covering Level 1: compiler config, endpoint normalization, OTLP export, trace context, local mirrors
/spdd-reasons-canvasintent-attribution: Add RFC 2119 Norms section to specs/intent-attribution-agent-governance.md covering attribution-resolution order, ambiguous-root handling, and fail-closed behavior
/spdd-syncsafe-output-outcome-evaluation: Add replace_label row to both the Default Acceptance Map and Implementation Status tables in specs/safe-output-outcome-evaluation.md -- done when Go/JS areas are listed
/spdd-analysismcp-access-control-compliance: Identify 3-5 missing fixture scenarios for sections 5-10 of the upstream spec and add stubs to specs/github-mcp-access-control-compliance/
/spdd-reasons-canvasotel-observability: Audit span lifecycle in sections 9-10 of specs/otel-observability-spec.md -- verify each span type has start/end condition, parent constraint, and required attributes
/spdd-generateintent-attribution: Document .github/intent-policy.json schema in specs/intent-attribution-agent-governance.md covering version, labels dimensions, scoring strategy, and attribution fields
Summary
SPDD batch 5/27 (index 20-24): MCP Access Control Compliance Fixtures, Intent Attribution & Agent Governance (v2.0.0, Partially Implemented), OTel Observability (v0.4.0, Working Draft), replace-label (v1.0.0, Candidate Recommendation), Safe Output Outcome Evaluation (v1.0.0, Working Draft).
Top risks: intent-attribution
ExecutionPolicynot enforced by Go orchestrator (only in prompt); 7 outcome evaluators arenot-startedand fall back to permissiveevalGenericSticky;replace_labeltype is absent from the outcome-evaluation spec despite being shipped; OTel spec section 17 has no test IDs.Priority Work Queue
P0: Missing
ExecutionPolicyorchestrator enforcement;dispatch_workflow/update_project/update_release/link_sub_issueevaluators emitacceptedon existence alone.P1: OTel Level 3 features unvalidated; replace-label has no compliance fixtures;
mergePolicy()has no precedence unit tests.P2: MCP fixture coverage gaps (sections 5-10); OTel section 17 lacks test IDs; intent-attribution missing RFC 2119 Norms section.
SPDD Checklist
/spdd-analysisintent-attribution: AuditAuthorizer.AuthorizeToolinpkg/against specExecutionPolicy.AllowedTools/DeniedTools-- document which fields are wired vs unused (specs/intent-attribution-agent-governance.md)/spdd-generateintent-attribution: Add 3 unit tests forPolicyCompiler.Compile()coveringorganization > repository > intentprecedence inpkg/-- done when a lower-precedence rule cannot weaken a higher-precedence constraint/spdd-generatesafe-output-outcome-evaluation: Implement dedicated Go evaluators fordispatch_workflowandupdate_discussioninpkg/cli/outcome_eval.go-- done when neither type falls back toevalGenericSticky/spdd-generatereplace-label: Create two YAML compliance fixtures for RL-001 (glob semantics) and RL-003 (blocklist ordering) inspecs/replace-label-compliance/-- done when fixture files exist and reference the RL codes/spdd-syncotel-observability: Add at least 5T-OT-NNNtest ID stubs in section 17 ofspecs/otel-observability-spec.mdcovering Level 1: compiler config, endpoint normalization, OTLP export, trace context, local mirrors/spdd-reasons-canvasintent-attribution: Add RFC 2119 Norms section tospecs/intent-attribution-agent-governance.mdcovering attribution-resolution order, ambiguous-root handling, and fail-closed behavior/spdd-syncsafe-output-outcome-evaluation: Addreplace_labelrow to both the Default Acceptance Map and Implementation Status tables inspecs/safe-output-outcome-evaluation.md-- done when Go/JS areas are listed/spdd-analysismcp-access-control-compliance: Identify 3-5 missing fixture scenarios for sections 5-10 of the upstream spec and add stubs tospecs/github-mcp-access-control-compliance//spdd-reasons-canvasotel-observability: Audit span lifecycle in sections 9-10 ofspecs/otel-observability-spec.md-- verify each span type has start/end condition, parent constraint, and required attributes/spdd-generateintent-attribution: Document.github/intent-policy.jsonschema inspecs/intent-attribution-agent-governance.mdcovering version, labels dimensions, scoring strategy, and attribution fieldsPer-Spec Findings
MCP Access Control Compliance Fixtures
Intent Attribution & Agent Governance (v2.0.0)
suggestedattribution promotion path is undefined.pendingattributions.multi_label_logic: maxwith labels at both issue and PR level is ambiguous.fail closedprinciple lacks test assertions.OTel Observability (v0.4.0)
replace-label (v1.0.0)
Safe Output Outcome Evaluation (v1.0.0)
not-started;evalGenericStickyis too permissive for outcome quality metrics.replace_labelcompletely absent from acceptance map and implementation table.update_discussion) says same asupdate_issuebut mechanism differs (GraphQL vs REST).Sync Follow-ups
replace_labelevaluator: updatepkg/cli/outcome_eval.goandactions/setup/js/evaluate_outcomes.cjs.specs/replace-label-spec.md.docs/src/content/docs/reference/.Context
specs/github-mcp-access-control-compliance/README.md,specs/intent-attribution-agent-governance.md,specs/otel-observability-spec.md,specs/replace-label-spec.md,specs/safe-output-outcome-evaluation.mdReferences: