Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions .github/workflows/secrets.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,13 @@ jobs:
fetch-depth: 0

- name: Scan for secrets
uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7
env:
GITHUB_TOKEN: ${{ github.token }}
GITLEAKS_ENABLE_COMMENTS: false
run: |
docker run --rm \
-v "${{ github.workspace }}:/src" \
-w /src \
zricethezav/gitleaks:latest detect \
--source=/src \
--exit-code=1 \
--redact \
--report-format=sarif \
--report-path=/src/gitleaks.sarif
29 changes: 29 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,12 @@ cstack run "Plan a compliance-safe billing migration" --dry-run

# Generate a discovery run
cstack discover "Map the current CLI surface and artifact model"
cstack discover --issue 123 "Map the current CLI surface and artifact model"

# Generate a spec run
cstack spec "Design a run artifact model for cstack"
cstack spec --from-run <discover-run-id>
cstack spec --from-run <discover-run-id> --issue 123

# Launch a build run directly or from a saved planning run
cstack build "Implement the queued billing retry cleanup"
Expand Down Expand Up @@ -558,6 +560,8 @@ Current artifact set:
- `artifacts-index.json` or equivalent artifact inventory derived by the inspector
- `artifacts/spec.md` for `spec`
- `artifacts/findings.md` for `discover`
- `artifacts/issue-lineage.json` for issue-linked `discover` and `spec` runs
- `artifacts/issue-draft.md` for issue-linked `spec` runs
- `artifacts/build-transcript.log` for best-effort interactive build capture
- `artifacts/change-summary.md` for `build`
- `artifacts/verification.json` for `build`
Expand Down Expand Up @@ -587,6 +591,13 @@ Discover-team notes:
- `external-researcher` is only activated when the prompt implies external or unstable facts and web research is allowed
- `risk-researcher` is only activated when the prompt implies a concrete risk domain
- the research lead synthesizes the final discover output; delegated tracks remain advisory until accepted
- `discover --issue <n>` records planning issue linkage in `run.json` and `artifacts/issue-lineage.json` so later `spec` and `inspect` steps can reuse it

Spec planning-linkage notes:

- `spec --issue <n>` writes `artifacts/issue-draft.md` and `artifacts/issue-lineage.json`
- `spec --from-run <discover-run-id>` now inherits the planning issue automatically when the linked discover run already recorded one
- `cstack inspect <run-id>` supports `show issue` for issue-linked discover and spec runs

Build notes:

Expand Down Expand Up @@ -726,3 +737,21 @@ Implemented:
- wrapper-native session continuation and rerun wrappers
- dirty-worktree consent for mutation workflows
- build, typecheck, and test pipeline

## Forward-Looking Design Notes

These documents are planning artifacts only. They are not part of the active shipped contract until implementation lands and `docs/specs/cstack-spec-v0.1.md` is updated:

- `docs/specs/cstack-end-to-end-workstreams-spec.md`
- `docs/specs/cstack-github-planning-lineage-slice.md`
- `docs/specs/cstack-deliver-validation-intelligence-slice.md`
- `docs/specs/cstack-post-ship-feedback-slice.md`
- `docs/specs/cstack-initiative-graph-slice.md`
- `docs/specs/cstack-delivery-checklist-deployment-evidence-slice.md`
- `docs/specs/cstack-capability-pack-governance-slice.md`
- `docs/research/cstack-end-to-end-product-delivery-issue-draft.md`
- `docs/research/cstack-workstream-kickoff-tracker.md`
- `docs/research/cstack-workstream-execution-tracker.md`
- `docs/research/cstack-end-to-end-workstream-tracker.md`
- `docs/research/cstack-workstream-kickoff-tracker.md`
- `docs/research/cstack-workstream-execution-tracker.md`
65 changes: 65 additions & 0 deletions docs/reports/github-issue-progress-2026-03-28.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# GitHub Issue Progress Reconciliation (2026-03-28)

## Executed status

- Command surface: `npm run typecheck` and `npm test` (all suites passing).
- Current branch has implemented and wired all six end-to-end workstreams from issue #32 into the local-first artifact/inspection surfaces.

## Issue-by-issue status

### #32 — umbrella: end-to-end product delivery workstreams

All child workstreams are now implemented and independently test-validated:

- #33 GitHub planning lineage
- #34 Validation intelligence
- #35 Post-ship feedback
- #36 Initiative graph/control plane
- #37 Delivery checklist and deployment evidence
- #38 Capability-pack governance

### #33 — GitHub planning lineage

Implemented in code:
- plan-issue linkage in run metadata for discover/spec/build/review/ship/deliver
- `cstack spec --issue <n>`
- `artifacts/issue-draft.md` and `artifacts/issue-lineage.json`
- issue-aware inspect and downstream lineage rendering

### #34 — Validation intelligence

Implemented in code:
- explicit validation workflow artifacts in `deliver` (`validation-plan`, pyramid, coverage, repo profile)
- build versus validation failure distinction
- local + artifact-preserved validation evidence for inspect

### #35 — Post-ship feedback

Implemented in code:
- `artifacts/post-ship-summary.md`
- `artifacts/post-ship-evidence.json`
- `artifacts/follow-up-draft.md`
- `artifacts/follow-up-lineage.json`
- post-ship inspect output

### #36 — Initiative graph and run control plane

Implemented in code:
- optional initiative fields in run metadata
- `artifacts/initiative-graph.json`
- initiative-aware `runs` and inspect grouping

### #37 — Delivery checklist and deployment evidence

Implemented in code:
- readiness-policy and deployment-evidence artifacts in ship/deliver
- explicit blocker taxonomy for readiness outcomes
- inspect visibility for readiness dimensions

### #38 — Capability-pack governance

Implemented in code:
- workflow capability allowlists in config
- run-level requested/available/used capability artifacts
- inspect visibility for capability downgrades and policy posture

160 changes: 160 additions & 0 deletions docs/research/cstack-end-to-end-product-delivery-issue-draft.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
# Spec: End-to-End Product Delivery Workstreams Beyond `gstack`

Builds on [#1](https://github.com/ganesh47/cstack/issues/1)
Related baseline: [#2](https://github.com/ganesh47/cstack/issues/2), [#3](https://github.com/ganesh47/cstack/issues/3), [#4](https://github.com/ganesh47/cstack/issues/4)
Informed by `docs/research/gstack-codex-interaction-model.md`
Extends the forward-looking workstream decomposition in `docs/specs/cstack-end-to-end-workstreams-spec.md`

## Summary

`cstack` already ships a local-first Codex workflow wrapper with durable artifacts, lineage, bounded delegation, GitHub-aware delivery, and artifact-grounded inspection.

The next product question is not whether to copy `gstack`.

The next question is which workflow and control-plane capabilities from adjacent systems should extend `cstack` toward a more seamless end-to-end product delivery loop without breaking its local-first Codex-wrapper identity.

The intended boundary for this issue is:

1. intent
2. planning
3. implementation
4. validation
5. review
6. ship
7. post-ship feedback

This issue does not include GTM execution, broad product operations, or always-on remote agent orchestration.

## Why Now

The shipped workflow surface is strong at engineering-complete delivery:

- `discover`, `spec`, `build`, `review`, `ship`, `deliver`
- intent routing and stage lineage
- isolated execution for mutation workflows
- GitHub-aware readiness and mutation policy
- artifact-grounded inspection

What remains weaker is the control plane around that workflow:

- planning lineage across issues, runs, PRs, and releases
- validation intelligence as a first-class delivery surface
- bounded post-ship follow-up capture
- initiative-level grouping across many runs
- explicit capability policy for external research and attached tools

## Current `cstack` Baseline

Shipped baseline remains the active contract in `docs/specs/cstack-spec-v0.1.md`.

Important current capabilities:

- workflow-first operator model over Codex CLI
- durable local artifacts under `.cstack/runs/<run-id>/`
- bounded discover-team research and specialist review
- review and ship as first-class workflows
- deliver as umbrella workflow over build, validation, review, and ship
- GitHub-aware engineering delivery with PR, issue, checks, Actions, release, and mutation evidence

This issue should treat [#2](https://github.com/ganesh47/cstack/issues/2), [#3](https://github.com/ganesh47/cstack/issues/3), and [#4](https://github.com/ganesh47/cstack/issues/4) as shipped baseline rather than reopened scope.

## External Comparables

The comparison set should stay mixed and decision-oriented rather than turning into a generic competitor list.

For each comparable, capture:

- official URL
- execution posture: local-first, hybrid, or cloud-first
- what is genuinely comparable to `cstack`
- what is not comparable
- the transferable idea
- whether `cstack` should adopt, adapt, or reject it

Recommended comparison groups:

### Local-first workflow and coding tools

- `gstack`
- `aider`
- `Goose`
- `Claude Code` workflow patterns

### GitHub-centric delivery agents

- `GitHub Copilot coding agent`
- `Sweep`, only if the primary source clearly supports issue-to-PR workflow comparison

### Broader autonomous engineering systems

- `OpenHands`
- one additional tool only if the primary source clearly supports planning, execution, review, or artifact lineage comparison

## Transferable Patterns And Rejections

The synthesis should answer:

- which issue-to-PR or issue-to-run patterns transfer cleanly
- which artifact and inspection patterns transfer cleanly
- which validation and delivery-control patterns transfer cleanly
- which ideas should be rejected because they depend on cloud-first execution, hidden orchestration, or vague autonomous-company positioning

Default rejection set:

- permanent roleplay agent cast
- hidden orchestration that cannot be reconstructed from artifacts
- broad cloud control planes as the default product posture
- GTM or customer-ops execution inside the `cstack` workflow contract

## Proposed Workstreams

This issue should decompose the next expansion into six independently shippable workstreams:

1. GitHub planning lineage
`docs/specs/cstack-github-planning-lineage-slice.md`

2. Validation intelligence
`docs/specs/cstack-deliver-validation-intelligence-slice.md`

3. Post-ship feedback
`docs/specs/cstack-post-ship-feedback-slice.md`

4. Initiative graph and run control plane
`docs/specs/cstack-initiative-graph-slice.md`

5. Delivery checklist and deployment evidence
`docs/specs/cstack-delivery-checklist-deployment-evidence-slice.md`

6. Capability-pack governance
`docs/specs/cstack-capability-pack-governance-slice.md`

## Acceptance Criteria

This issue is complete when:

- the comparison catalog covers at least five real comparables grounded in primary sources
- each comparable clearly distinguishes transferable versus non-transferable patterns
- every proposed `cstack` expansion maps to a real current gap
- each workstream has its own artifact boundary, inspector impact, acceptance criteria, and release boundary
- the issue clearly separates shipped baseline from forward-looking scope
- follow-on implementation issues can be opened from the workstream slices without redefining the whole strategy

## Non-Goals

This issue should not:

- rewrite the active shipped spec as if these slices already exist
- reopen shipped closure work from [#2](https://github.com/ganesh47/cstack/issues/2), [#3](https://github.com/ganesh47/cstack/issues/3), or [#4](https://github.com/ganesh47/cstack/issues/4)
- collapse all six workstreams into one synchronized release
- redefine `cstack` as a generic autonomous platform

## Follow-On Issues

Each workstream should eventually become its own follow-on implementation issue or slice:

- issue-linked run metadata and issue synthesis
- deliver validation expansion
- post-ship feedback artifacts and follow-up generation
- initiative graph and grouped ledger views
- readiness policy and deployment evidence references
- capability-pack policy and capability visibility
93 changes: 93 additions & 0 deletions docs/research/cstack-end-to-end-workstream-tracker.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# End-to-End Workstream Execution Tracker

This document tracks the autonomous execution threads opened from the end-to-end product delivery expansion spec.

Historical note:

- This tracker is operational planning only.
- It does not change the active shipped contract in `docs/specs/cstack-spec-v0.1.md`.

## Umbrella

- umbrella issue: [#32](https://github.com/ganesh47/cstack/issues/32) `Spec: end-to-end product delivery workstreams beyond gstack`
- umbrella spec: `docs/specs/cstack-end-to-end-workstreams-spec.md`
- umbrella issue draft: `docs/research/cstack-end-to-end-product-delivery-issue-draft.md`

## Workstream Threads

### Workstream 1: GitHub planning lineage

- issue: [#33](https://github.com/ganesh47/cstack/issues/33)
- spec: `docs/specs/cstack-github-planning-lineage-slice.md`
- status: implemented and verified
- issue updates posted (comments on #33 and #32)
- first implementation target:
- add planning issue linkage to `spec`
- write `artifacts/issue-draft.md`
- write `artifacts/issue-lineage.json`
- expose issue-aware inspector output

### Workstream 2: Validation intelligence

- issue: [#34](https://github.com/ganesh47/cstack/issues/34)
- spec: `docs/specs/cstack-deliver-validation-intelligence-slice.md`
- status: implemented and verified
- issue updates posted (comments on #34 and #32)
- first implementation target:
- tighten repo profiling and validation artifact contracts
- improve inspector support for validation evidence

### Workstream 3: Post-ship feedback

- issue: [#35](https://github.com/ganesh47/cstack/issues/35)
- spec: `docs/specs/cstack-post-ship-feedback-slice.md`
- status: implemented and verified
- issue updates posted (comments on #35 and #32)
- first implementation target:
- add bounded post-ship artifact family and follow-up draft support

### Workstream 4: Initiative graph and run control plane

- issue: [#36](https://github.com/ganesh47/cstack/issues/36)
- spec: `docs/specs/cstack-initiative-graph-slice.md`
- status: implemented and verified
- issue updates posted (comments on #36 and #32)
- first implementation target:
- add initiative identifiers and grouped lineage artifacts

### Workstream 5: Delivery checklist and deployment evidence

- issue: [#37](https://github.com/ganesh47/cstack/issues/37)
- spec: `docs/specs/cstack-delivery-checklist-deployment-evidence-slice.md`
- status: implemented and verified
- issue updates posted (comments on #37 and #32)
- first implementation target:
- add readiness-policy artifacts and deployment evidence references

### Workstream 6: Capability-pack governance

- issue: [#38](https://github.com/ganesh47/cstack/issues/38)
- spec: `docs/specs/cstack-capability-pack-governance-slice.md`
- status: implemented and verified
- issue updates posted (comments on #38 and #32)
- first implementation target:
- add requested, allowed, available, and used capability recording

## Shared Operating Rules

- each workstream must ship behind its own artifact boundary
- each workstream must define inspector impact explicitly
- each workstream must keep local artifacts as the durable source of truth
- requested behavior and observed behavior must remain separate
- no workstream should assume another workstream is already complete

## Release Sequence

Recommended release order:

1. GitHub planning lineage
2. Validation intelligence
3. Post-ship feedback
4. Initiative graph and run control plane
5. Delivery checklist and deployment evidence
6. Capability-pack governance
Loading
Loading