Skip to content

v2.1.18 — Sprint Trust UX Fix (Issues #100/#101/#102)

Choose a tag to compare

View all tags
@popup-kay popup-kay released this 21 May 06:39
· 41 commits to main since this release
v2.1.18
e726f15
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

bkit v2.1.18 — Sprint Trust UX Fix

The first release dedicated entirely to issue triage from the bkit community. v2.1.18 permanently closes the L1 sprint lockout incident class discovered and reported by @pruge on his dandi-village-ledger s1-foundation sprint. Three GitHub issues (#100/#101/#102) — all filed within the same minute — were treated as a single 3-layer drift root cluster and fixed in one integrated sprint.

Released: 2026-05-21
Predecessor: v2.1.17 GA (5-axis matrix 5/5 close)
Merge commit: e726f15 (PR #106)
Reporter: @pruge — thank you for the precise repro and root-cause analysis 🙏

TL;DR

  • 🔧 3 issues closed#100, #101, #102 (all P0/P1 sprint-blocking bugs)
  • 🚀 New command/sprint trust <id> --to <Level> mutates an existing sprint's trust level in place, no more /sprint init destruction
  • 🧠 sprint-orchestrator actually works nowTask tool added to allowlist; sub-agent dispatch live for the first time (ENH-292 activation milestone)
  • 🤝 --trust alias honored — CLI behavior finally matches skills/sprint/SKILL.md §10.2
  • 40 tests passing (17 contract + 15 unit + 8 e2e) — 2.86× over the 14 TC target
  • 🔄 100% backward compatible — no sprint state schema change; existing --trustLevel users unaffected

🌟 Highlights — What Changed for You

F1 · sprint-* agents now declare tools: (Closes #100)

Four sprint agents — sprint-orchestrator, sprint-master-planner, sprint-qa-flow, sprint-report-writer — now have an explicit tools: frontmatter that includes the Task tool where required. Before v2.1.18, the orchestrator could not actually dispatch the measurement agents it was specced to route through (measure-router.js:233-253 returned no_agent_runner). With v2.1.18, sub-agent dispatch is live for the first time.

Differentiation milestone: ENH-292 Sequential Dispatch promoted from "declared" to "live".

F2 · New /sprint trust command (Closes #101)

# Mutate an existing sprint's trust level without losing state
/sprint trust s1-foundation --to L3 --reason "P0 32/32 ready"

Before v2.1.18, a sprint initialized with --trust L1 was permanently locked in preview mode. The only escape was /sprint init — which destroyed phaseHistory, qualityGates, and featureMap accumulated over hours or days of work.

v2.1.18 adds:

  • New CLI action /sprint trust <id> --to <L0|L1|L2|L3|L4> [--reason "<text>"] [--force]
  • New audit ACTION_TYPE sprint_trust_changed (ACTION_TYPES 29 → 30)
  • Downgrade guardrail: dropping ≥2 levels (e.g. L4 → L1) requires trustScore ≥ 80 (from .bkit/state/trust-profile.json) or explicit --force
  • Idempotent path: from === to emits an audit entry with noop: true so monitoring never sees a blind spot
  • Actor auto-detection: explicit --actor > CLAUDE_AGENT_ID env (→ 'agent') > default 'user'
  • Defense Layer 6 natural integration: --force sets blastRadius: 'high' for the audit alarm pipeline (live evidence: .bkit/audit/2026-05-21.jsonl)

Documentation: skills/sprint/SKILL.md §10.1.3 (new section with comparison table and audit JSON example).

F3 · --trust CLI alias now honored (Closes #102)

# Both forms now produce identical behavior (v2.1.18)
/sprint measure s1-foundation --gate M1 --trust L3
/sprint measure s1-foundation --gate M1 --trustLevel L3

scripts/sprint-handler.js:942 and :974 previously bypassed normalizeTrustLevel and read args.trustLevel directly, so --trust L3 was silently ignored at the measure and phase paths. Both call sites now go through normalizeTrustLevel(args), restoring the declared precedence chain trustLevel > trust > trustLevelAtStart. Docs=Code drift resolved.

F4 · sprint-master-planner orchestrator expansion (★ user-requested)

sprint-master-planner now declares pm-lead, cto-lead, qa-lead in its Task allowlist — in addition to the existing specialist agents. Future sprints can natively orchestrate all three teams in parallel rather than relying on main-session manual dispatch.

👀 User Experience Impact

Scenario Before v2.1.18 After v2.1.18
L1 sprint lockout Sprint stuck in do phase forever; only escape is /sprint init (destroys all phase history) /sprint trust <id> --to L3 mutates trust in place; phase history, quality gates, and feature map preserved
Sprint orchestration sprint-orchestrator could not dispatch measurement agents; main session had to act as pass-through Orchestrator fulfills its specced routing responsibility; no main-session workaround required
CLI trust override --trust L3 silently ignored at measure/phase; only --trustLevel L3 worked Both --trust and --trustLevel honored per SKILL.md §10.2 precedence
Audit trail Trust mutations invisible to /sprint status and downstream consumers Every trust change persisted as sprint_trust_changed in .bkit/audit/<date>.jsonl with downgrade guardrail and --force alarm
Reporter scenario @pruge s1-foundation sprint with --trust L1 — 32/32 P0 implementation done, but /sprint measure always preview, phase advance always gate_fail 8-step E2E test reproduces the original scenario 1:1 and runs green; sprint recoverable without reset

🧪 Tests (40 TC live PASS)

Layer File TC Purpose
Contract test/contract/sprint-agents-tools.test.js 17 F1 — 4 sprint-* agents' tools: field invariant
Unit test/unit/sprint-trust-normalization.test.js 7 (A-G) F3 — normalizeTrustLevel precedence chain
Unit test/unit/sprint-handler-trust-action.test.js 8 F2 — handleTrust (mutation, guardrail, audit, actor)
E2E test/e2e/sprint-l1-lockout-recovery.test.js 8 Reporter scenario 1:1 reproduction (init L1 → trust L1→L3 → measure record → audit verify → restart persistence)
Total 40 TC 2.86× over the 14 TC target

🧩 Methodology — First PM + CTO + QA Team Integration Sprint

v2.1.18 is the first bkit release driven end-to-end by all three Agent Teams in parallel:

  • PM Team (pm-lead orchestrating 4 PM agents) — produced a 570-line PRD with Beachhead 19/20 (Geoffrey Moore framework), JTBD 6-Part, 5 User Stories, 6 Test Scenarios, and a Pre-mortem Top 3
  • CTO Team (cto-lead) — architectural review APPROVE with CONCERNS; 3 BLOCKERs (controlScore → trustScore correction, ACTION_TYPES count 27 → 29, NDJSON injection assessment) + 3 MEDIUMs all addressed via redline
  • QA Team (qa-lead) — L1-L5 integrated verification report + reporter-scenario evidence (574 lines, QA_PASS)

Self-referential meta-risk: the sprint that fixes sprint-orchestrator itself cannot use sprint container automation. We notelined the chicken-and-egg pattern in Plan §6.1: sprint init for state tracking only, phase advance + measurement via the PDCA cycle. After F1 lands, future sprints regain full orchestration.

🔐 Differentiation 6/6 Status

  • ENH-289 Defense Layer 6strengthened (sprint_trust_changed joined the L6 audit pipeline, live evidence)
  • ENH-292 Sequential Dispatchactivation milestone (declared → live in this release)
  • ENH-286 Memory Enforcer / ENH-300 Effort-aware Defense / ENH-303 PostToolUse continueOnBlock / ENH-310 Heredoc Detector — unaffected, no regression

🆙 Upgrade Guide

From v2.1.17

# 1. Pull the latest plugin (in your bkit-claude-code clone)
cd ~/your/bkit-claude-code
git fetch --tags
git checkout v2.1.18

# 2. Restart Claude Code (or reload the plugin) to pick up the new agents

# 3. Verify version
cat bkit.config.json | grep version
# → "version": "2.1.18"

If you have a sprint stuck in L1 lockout

# Old workaround (v2.1.16/v2.1.17): re-init (destroys state)
# ❌ /sprint init my-sprint --name "..." --trust L2  # phaseHistory lost

# New v2.1.18 path: mutate in place
/sprint trust my-sprint --to L3 --reason "ready to record measurements"
/sprint measure my-sprint --gate M1   # now records (mode: "record"), no longer preview
/sprint phase my-sprint --to iterate  # gate transitions succeed

Breaking changes

None. v2.1.18 is 100% backward compatible:

  • Existing --trustLevel L<N> users: precedence chain preserved (F3 Case G test)
  • Sprint state schema: unchanged
  • ADR 0003: 14/14 PASS — 16-cycle consistency milestone

🗂️ Carryovers — deferred to v2.1.19+

Not release blockers, captured in the sprint report (docs/04-report/features/v2118-sprint-trust-ux-fix.report.md):

  • CO-1 — baseline v2.1.18 capture script
  • CO-2 — qa-aggregate script
  • CO-3 — sprint-orchestrator auto phase-advance live test
  • CO-4 — sub-agent-dispatcher state transition test
  • CO-5 — L0 Manual mode escalate-path E2E
  • CO-6 — sprint-report-writer agent timeout fallback

Follow-up issues from the same reporter (#103, #104, #105 — failure-reporter resolution markers, sprint init context auto-import, generate-report quality-gates section) are acknowledged and slated for v2.1.19+ planning.

🙏 Credits

Massive thanks to @pruge (james kim) for the high-signal bug reports. The reproductions in #100/#101/#102 were so precise we could turn them directly into an E2E test (test/e2e/sprint-l1-lockout-recovery.test.js) before writing a single line of fix code. That's the kind of issue every maintainer dreams of.

If you hit similar sprint-related friction, please open an issue — the v2.1.18 turnaround (issue filed → fix released in 24h) is the standard we want to keep.

Full changelog: v2.1.17...v2.1.18 · PR: #106 · CHANGELOG.md v2.1.18 section

Contributors

pruge
Assets 2
Loading