SPDD: close safeguards/consistency gaps across 5 specs and add targeted compliance vectors

[Copilot]

This PR addresses the daily SPDD findings across Effective Tokens, Forecast, Frontmatter Hash, Fuzzy Schedule, and MCP Scripts specifications. It closes missing safeguards/threat-model coverage, normalizes key norms (retry/error/lower-bound semantics), and adds missing compliance vectors/tests referenced by the specs.

• Effective Tokens spec: deep-graph ordering + partial observability

  • Added explicit implementation ordering constraints for multi-invocation aggregation in deep graphs.
  • Added concrete partial-observability examples (including deterministic subtotal sequencing).
  • Added new compliance requirement T-ET-032 and aligned checklist/counts.
  • Added test coverage for T-ET-032 in pkg/cli/effective_tokens_compliance_test.go.

• Forecast spec: safeguards format + discovery race handling + lower-bound disclosure

  • Added remote discovery race-condition requirement (R-DISC-014) and mitigation guidance.
  • Extended episode-analysis JSON schema with episode_count_is_lower_bound (normative disclosure).
  • Reframed output-ordering norms so R-OUT-010 is explicit lower-bound disclosure and shifted ordering requirements to R-OUT-011..013.
  • Reworked appendices to include:
    • Appendix E: workflow discovery race conditions
    • Appendix F: safeguards (threat model, mitigations, residual risk)

• Frontmatter Hash spec: sync note authority + diamond-import tie-breaking + new vector

  • Updated sync notes to explicitly mark the 2026-05-08 text-based resolution as authoritative, with 2026-05-12 as verification.
  • Added deterministic BFS diamond-import tie-breaking requirement to the sync checklist.
  • Added FH-TV-004 (agent import / diamond path scenario) and expected hash.
  • Added matching test vector in pkg/parser/frontmatter_hash_cross_language_test.go.

• Fuzzy Schedule spec: retry/backoff norms + DST behavior + minor-version hash stability

  • Added DST-transition behavior guidance for abbreviation-based schedules.
  • Added R-HASH-001 requiring hash-derived scatter stability across minor version upgrades.
  • Added Section 9.6 with bounded retry/backoff norms for collision/contention paths.

• MCP Scripts spec: safeguards completion + JS global side-effect constraints + dependency failure semantics

  • Clarified dependency failure behavior: fail-fast for deterministic failures; bounded retry only for transient failures.
  • Added explicit side-effect constraint for JS globals (no workflow-control mutators like core.setFailed() from tool code).
  • Added safeguards appendix with threat model/mitigations/residual risk.
  • Added compliance ID T-MCP-050 (Go sandbox network isolation) and checklist entry.
  • Added corresponding targeted test in pkg/workflow/mcp_scripts_firewall_test.go.

Example of newly normalized JSON disclosure in Forecast episode analysis:

"episode_analysis": {
  "sampled_episodes": 40,
  "episode_count_is_lower_bound": true,
  "runs_per_episode": 1.05,
  "avg_effective_tokens_per_episode": 13100,
  "observed_episodes_per_period": 36.7
}

[Copilot]

Pull request overview

This PR closes daily SPDD findings across five specifications (Effective Tokens, Forecast, Frontmatter Hash, Fuzzy Schedule, MCP Scripts) by adding missing safeguards/threat-model sections, normalizing retry/error/lower-bound semantics, and adding three targeted compliance tests (T-ET-032, FH-TV-004, T-MCP-050).

Changes:

• Spec edits add new normative requirements (R-DISC-014, R-OUT-010 lower-bound disclosure, R-HASH-001, R-ERR-050..052) and safeguards/threat-model appendices for Forecast and MCP Scripts.
• Adds compliance test IDs T-ET-032 (deep-graph post-order), FH-TV-004 (diamond-import hash vector), and T-MCP-050 (Go sandbox network isolation), plus checklist/count updates.
• Renumbers Forecast R-OUT-010..012 → R-OUT-011..013 and reuses R-OUT-010 for a different (lower-bound disclosure) requirement.

Show a summary per file

File	Description
docs/src/content/docs/reference/effective-tokens-specification.md	Adds deep-graph ordering constraints, partial-observability example (A.5), and T-ET-032 compliance entry.
docs/src/content/docs/reference/forecast-specification.md	Adds R-DISC-014 race-condition norm, lower-bound JSON field, renumbers R-OUT-*, and adds Appendix E/F (race conditions, safeguards).
docs/src/content/docs/reference/frontmatter-hash-specification.md	Marks 2026-05-08 text-based resolution as authoritative, adds BFS diamond-import tie-breaking note, adds FH-TV-004 vector.
docs/src/content/docs/reference/fuzzy-schedule-specification.md	Adds DST behavior guidance, R-HASH-001 hash stability across minor versions, and §9.6 bounded retry/backoff norms.
docs/src/content/docs/reference/mcp-scripts-specification.md	Clarifies dependency failure semantics, adds JS global side-effect constraints, adds Appendix D safeguards and T-MCP-050.
pkg/cli/effective_tokens_compliance_test.go	Adds T-ET-032 test (currently exercises a test-local walker, not production aggregation code).
pkg/parser/frontmatter_hash_cross_language_test.go	Adds FH-TV-004 test with hardcoded expected hash for the agent-import diamond scenario.
pkg/workflow/mcp_scripts_firewall_test.go	Adds T-MCP-050 test asserting no wildcard/0.0.0.0/0 in computed allowed-domain string.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 8/8 changed files
• Comments generated: 3

[pelikhan]

@copilot review all comments and reviews

[Copilot]

@copilot review all comments and reviews

Done. I reviewed the feedback and pushed follow-up fixes:

• 9019554: updated T-ET-032 to exercise production ET aggregation code, restored Forecast requirement ID compatibility (R-OUT-010..012 unchanged), and made episode_count_is_lower_bound migration-safe (SHOULD) with changelog clarification.
• 28e64f1: added clarification in T-ET-032 about why multipliers are fixed at 1.0 for deterministic-order isolation.

Targeted validation run: go test -run TestETCompliance_T_ET_032_DeepGraphPostOrderAggregation ./pkg/cli/ passed.