Skip to content

Factory completeness: completion gate, docs subsystem, planner factory stories, frontend design skill, security hardening#89

Merged
tzone85 merged 2 commits into
mainfrom
feat/port-docs-gate-frontend
Jul 2, 2026
Merged

Factory completeness: completion gate, docs subsystem, planner factory stories, frontend design skill, security hardening#89
tzone85 merged 2 commits into
mainfrom
feat/port-docs-gate-frontend

Conversation

@tzone85

@tzone85 tzone85 commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

Ports the remaining factory-completeness feature set, adapted offline-first:

  1. Requirement-completion verification gateREQ_COMPLETED is only emitted after the composed mainline verifies green (deps install, build, tests, hallucination + conflict-marker scans). A red mainline gets up to qa.completion_fix_cycles (default 2) auto-fix agent cycles; still red → new REQ_BLOCKED event (requirement status blocked) with gaps written to .nxd-fix-gaps.md. A nil LLM client degrades to a hard gate — completing on a red build is impossible regardless of wiring. The local checkout is pulled to the composed mainline before verification so the gate checks the true merged tree.
  2. Docs subsystem — after all stories merge: README generate/update, docs/architecture.svg + docs/sequence.svg as real validated SVG (Mermaid rejected, retry-with-feedback up to 3 attempts), training guide + ADRs backstopped only when the scribe agent didn't supply them, and a deterministic docs/README.md index. Best-effort — never blocks completion.
  3. Planner factory stories (default ON, both configurable) — an integration story that wires every component into the real entry point, bridges interface mismatches with adapters, and adds a boot-the-app smoke test (closing the compose gap where unit tests pass against mocks but the whole never runs); and a scribe story owning README + docs/, greenfield-aware via nxd:scribe markers. Ephemeral estimates skip both.
  4. Frontend design skill — UI-facing stories (owned-file extensions + word-boundary keyword detection) get a distinctive-design brief injected: token-first two-pass planning, one signature element, named banned AI-default looks, WCAG accessibility floor, copy-as-design-material. Threaded through the CLI-runtime, native-runtime, and retry prompt paths with a dangling-wire guard test. The planner requires the first UI story to establish a design-token foundation.
  5. Security hardeningRunScanners gains the failed-scanner classification (a tool that ran but errored is reported as coverage LOST, never counted as a clean run) + Report.Failed; KnownScanners/InstallHint registry exports; fake-scanner-harness tests drive RunScanners end-to-end (internal/security to 98.3% coverage); gate LLM paths tested via ReplayClient. All GitHub Actions across the three workflows pinned to full commit SHAs. Stray sibling-project references scrubbed from source comments.

Test plan

  • go build ./... + go vet ./... clean; binary at ~/.local/bin/nxd
  • go test ./... -count=1 — all packages pass
  • golangci-lint run — 0 issues
  • nxd.config.example.yaml regenerated (new qa + planning fields)
  • CLAUDE.md Current State section + event-type docs updated

Thando added 2 commits July 2, 2026 13:20
…n-intent planning + a distinctive-design brief

UI-facing stories are detected (owned-file extensions + whole-word UI
vocabulary) and their agents receive agent.FrontendDesignBrief: token-first
two-pass planning with a self-critique step, one signature element, named
banned defaults (Inter/Roboto, purple-gradient-on-white, cream #F4F1EA +
serif + terracotta, acid-green-on-black, the template feature-card page,
scattered animation), a WCAG accessibility floor (responsive to 360px,
visible keyboard focus, prefers-reduced-motion, 44px targets, designed
empty/loading/error states), and copy-as-design-material rules.

- detectFrontend (engine/detect.go): extensions are the strongest signal;
  keyword regex uses word boundaries so pagination/performance/review never
  false-positive; 'html' and 'responsive' deliberately excluded (server-side
  HTML emails and 'responsive API gateway' are backend work). 24 table cases.
- IsFrontend threads through BOTH dispatch paths (CLI runtime + native) and
  the retry TemplateContext; TestExecutor_WiresFrontendDetection guards the
  wires.
- Planner decomposition prompt now requires the first UI story to establish
  a design-token foundation consumed by later UI stories, with the
  accessibility floor in UI acceptance criteria
  (TestPlanner_PromptIncludesFactoryStandards pins security + design blocks).
- Brief size budget pinned at ≤6 KB (rides on every UI dispatch).
…, planner factory stories, frontend skill, security deltas

Five features, offline-first, with tests:

1. Requirement-completion verification gate (engine/completion_gate.go +
   verification_loop.go + monitor_pull.go): REQ_COMPLETED only after the
   composed mainline verifies green (deps, build, tests, hallucination +
   conflict-marker scan). Red mainline → bounded auto-fix cycles
   (qa.completion_fix_cycles, default 2) → REQ_BLOCKED (new event, projects
   status 'blocked') with gaps in .nxd-fix-gaps.md. Nil client ⇒ hard gate:
   silently completing on a red build is impossible regardless of wiring.
   The local checkout is pulled to the composed mainline before verification.

2. Docs subsystem (doc_generator.go + svg_docs.go + factory_docs.go +
   factory_docs_adr.go): README generate/update + real-SVG architecture and
   sequence diagrams (validated, Mermaid rejected, retry-with-feedback),
   training guide + ADRs backstopped only when the agent didn't supply them,
   deterministic docs/README.md index. Best-effort, never blocks completion.

3. Planner factory stories (default ON): integration story (wire everything
   into the real entry point + boot-the-app smoke test — closes the compose
   gap) and scribe story (README + training + SVGs + ADRs + docs index,
   greenfield-aware via nxd:scribe markers). Ephemeral estimates skip both;
   count-asserting tests set the flags false.

4. Frontend design skill (agent/frontend.go + engine/detect.go): UI stories
   detected via owned-file extensions + word-boundary keyword regex get the
   distinctive-design brief (token-first planning, signature element, banned
   AI-default looks, WCAG floor); threaded through CLI-runtime, native-runtime
   and retry prompt paths; planner requires a design-token foundation story.

5. Security deltas: RunScanners gains the failed-scanner classification (a
   tool that errored is coverage LOST, never a clean run) + Report.Failed;
   KnownScanners/InstallHint registry exports; fake-scanner harness tests
   drive RunScanners end-to-end (internal/security to 98.3% coverage); gate
   LLM paths tested via ReplayClient. All GitHub Actions pinned to commit
   SHAs (supply-chain, public repo). Also scrubbed stray sibling-project
   references from source comments.
@tzone85 tzone85 force-pushed the feat/port-docs-gate-frontend branch from a1bb690 to 0dfec53 Compare July 2, 2026 11:22
@tzone85 tzone85 merged commit 8b35d59 into main Jul 2, 2026
@tzone85 tzone85 deleted the feat/port-docs-gate-frontend branch July 2, 2026 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant