---ci---
phase: 6
milestone: v0.10
status: execute
decisions:
- id: D-001
decision: Rename MilestoneType schema-breaking to major for clarity
rationale: Major better describes the semver impact (major version bump) and aligns with standard semver terminology
confidence: 0.95
alternatives: [schema-breaking, breaking, major-change]
- id: D-002
decision: Add autopilot rules, PR+QA gates, and merge validation to ship workflow
rationale: Release flow was documented but not enforced in the workflow. Zero-HITL rules, branch hierarchy validation, and coreci packaging steps ensure consistent releases
confidence: 0.90
alternatives: [keep-as-documentation-only, add-to-AGENTS.md-only]
---/ci---
---ci---
phase: 5
milestone: v0.10
status: execute
decisions:
- id: MULTI-03
decision: Parallel project execution via OrchestratorAgent.runForAllProjects
rationale: Sequential by default, parallel when parallelization.enabled with max_concurrent_projects limit
confidence: 0.85
alternatives: [single-project-only, manual-iteration]
- id: MULTI-05
decision: ideate --project all iterates all active_projects with deduplication
rationale: Each project gets its own IdeationEngine; ideas deduplicated by project:title key
confidence: 0.90
alternatives: [single-project-only, merge-all-ideas]
- id: MULTI-07
decision: project field in ---ci--- commit blocks and CommitScope for multi-project tracking
rationale: CIAgentMetadata.project and CommitScope.project fields propagated through all commit builders
confidence: 0.92
alternatives: [separate-repos-only, branch-prefix-only]
requirements:
covered: [MULTI-03, MULTI-05, MULTI-07]
partial: []
---/ci---
- Add max_concurrent_projects to ParallelizationConfig (default: 3)
- Add AgentContext.project_slug optional field for multi-project pipeline tracking
- Implement OrchestratorAgent.runForProject() for single-project execution
- Implement OrchestratorAgent.runForAllProjects() for multi-project iteration
- Sequential execution by default
- Parallel when parallelization.enabled with limitConcurrency batching
- Add --project flag to createRunCommand for targeted project execution
- --project all triggers multi-project pipeline
- --project slug1,slug2 for comma-separated projects
- Enhance createIdeateCommand --project all support
- Iterates all active projects from config
- Deduplicates findings by project:title key
- Per-project idea acceptance via separate IdeationEngine instances
- Markdown table output for multi-project results
- Propagate project slug through orchestrator pipeline commits
- Specify stage: project field in CIAgentMetadata init commit
- Ideate stage: project field in task commit via buildTaskCommit
- Orchestrator sets ciFiles with project slug for per-project .ciagent dirs
- 19 new tests covering MULTI-03, MULTI-05, MULTI-07 functionality
- All 561 tests pass, typecheck clean
- Add ideation-agent to STAGE_AGENT_MAP for ideate stage
- Implement ideate case in executeStage() with mechanical ideation,
config-aware category filtering, idea deduplication, auto-accept,
and ---ci--- commit with decision block
- Add test verifying ideate position between research and plan in
STAGE_ORDER
- 542 tests passing
---ci---
phase: 1
milestone: v0.10
status: execute
decisions:
- id: D-083
decision: Interactive one-at-a-time validation with accept/skip/modify
rationale: Gives user full control over ideation results
confidence: 0.87
- id: D-085
decision: Ask-after-validation kickoff of run workflow
rationale: Balances automation with user control
confidence: 0.85
- id: D-091
decision: Full multi-project support with active_projects array + parallel execution
rationale: User wants complete multi-project capability
confidence: 0.85
requirements:
covered:
- IDEATE-12
- IDEATE-13
- IDEATE-14
- MULTI-02
- MULTI-06
---/ci---
- IDEATE-12: Interactive accept/skip/modify validation with readline
- IDEATE-13: acceptIdea/acceptIdeas methods update REQUIREMENTS.md and ROADMAP.md
- IDEATE-14: Ask-after-validation kickoff prompt for
- MULTI-02: --project flag accepts comma-separated or 'all' in pre-action hook
- MULTI-06: ciagent status shows active_projects and ideation config
- projects list shows all active projects with multi-marker
- projects set updates both active_project and active_projects
---ci---
project: ci
phase: 3
milestone: v0.8
status: complete
decisions:
- id: D-029
decision: Full STRIDE 7-category coverage with CWE mapping
rationale: Industry standard threat classification with actionable CWE remediation
confidence: 0.88
- id: D-030
decision: Reduce exec/eval false positives via string interpolation detection
rationale: execSync("ls") is safe; execSync(`rm ${x}`) is not
confidence: 0.85
requirements:
covered: [SEC-01, SEC-02, SEC-03, SEC-04, SEC-05, SEC-06]
---/ci---
SEC-01: Fixed STRIDE category misassignments. Hardcoded password is
information_disclosure (CWE-259), not spoofing. exec with interpolation
is elevation_of_privilege (CWE-78), not tampering. All 17 patterns
correctly categorized.
SEC-02: Added missing STRIDE categories: repudiation (empty catch blocks,
CWE-778) and spoofing (jwt.decode without verify, CWE-287). Also added
denial_of_service (JSON body parser without size limit, CWE-400) and
prototype pollution (CWE-1321), weak crypto (CWE-328), unsafe
deserialization (CWE-502), path traversal (CWE-22).
SEC-03: Reduced false positives: exec/eval patterns now require string
interpolation (template literal or dynamic concat), not all exec/calls.
SEC-04: Every SECURITY_PATTERNS entry has a cwe field with valid CWE ID.
SEC-05: Confidence-based auto-disposition: each pattern has a confidence
score. High confidence findings are flagged, medium require verification,
low are suppressed. Threshold configurable via constructor.
SEC-06: Security passed=false when any high-severity finding exists
(already enforced by hasHighFail check, now more explicit).
---ci---
project: ci
phase: 2
milestone: v0.8
status: complete
decisions:
- id: D-027
decision: L2 behavioral verification runs npm test via jest --json
rationale: Static-only checks gave false confidence; real test execution shows actual status
confidence: 0.92
- id: D-028
decision: Add must-have stub test generation to behavioral verification
rationale: Plans specify must_haves; auto-generating stubs ensures test coverage
confidence: 0.85
requirements:
covered: [BEH-01, BEH-02, BEH-03, BEH-04, BEH-05]
---/ci---
BEH-05: Behavioral verification passed=false when any check has status=fail
(added checkTestExecution that returns fail on test failures).
BEH-01: checkTestFramework now actually runs tests via jest --json
--outputFile and parses the JSON results, reporting pass/fail counts.
BEH-02: checkTestFiles now reports per-suite pass/fail from jest output,
not just file existence.
BEH-03: New checkTestExecution() runs npm test, parses Jest JSON output,
collects coverage metrics from coverage-summary.json, and returns
fail/pass based on test execution results.
BEH-04: New generateMustHaveStubTests() method produces .test.ts
skeletons from must-have descriptions.
---ci---
project: ci
phase: 1
milestone: v0.8
status: in_progress
decisions:
- id: D-024
decision: Audit trail reads from git log instead of .ciagent/audit/*.json
rationale: Git-native context means audit data should come from commit history, not files
confidence: 0.88
- id: D-025
decision: Replace audit_file with commit_hash in Escalation type
rationale: Escalations are committed to git; reference by hash instead of deprecated file path
confidence: 0.90
requirements:
covered: [FIX-04, FIX-05]
---/ci---
FIX-04: audit.ts logDecision/logEscalation now emit deprecation warnings
and are no-ops (decisions/escalations live in ---ci--- blocks). readAudit()
and getAuditSummary() parse git log for ---ci--- blocks instead of reading
.ciagent/audit/*.json files. ArtifactManager no longer creates audit dir.
FIX-05: Escalation type replaces audit_file: string with commit_hash: string.
All consumers updated (escalation.ts, ollama-base.ts, opencode.ts).
Audit tests rewritten for git-native approach.
---ci---
project: ci
phase: 1
milestone: v0.8
status: in_progress
decisions:
- id: D-022
decision: Validate BackendResult at boundary with Zod schema
rationale: External backend output is untrusted; runtime validation prevents corrupt commit streams
confidence: 0.92
- id: D-023
decision: opencode parseResult returns success:false on malformed JSON
rationale: Silent success:true on parse failure masks backend errors; fail loudly instead
confidence: 0.95
requirements:
covered: [FIX-02, FIX-03]
---/ci---
FIX-02: Add Zod BackendResultSchema and validateBackendResult() in
backends/types.ts. backendResultToAgentResult() in base.ts now validates
before passing through. Invalid results produce success:false with error
detail. Path traversal protection: artifact paths with '..' or leading '/'
are rejected.
FIX-03: opencode.ts parseResult() no longer defaults to success:true when
JSON parsing fails entirely. Both the inner parse error and the no-JSON
match case now return emptyBackendResult() with descriptive error messages.
---ci---
project: ci
phase: 1
milestone: v0.8
status: in_progress
decisions:
- id: D-021
decision: 6-phase wave-ordered vertical slices for v0.8
rationale: Each phase independently demoable; critical fixes first
confidence: 0.90
requirements:
covered: [FIX-01, FIX-06]
---/ci---
FIX-01: Replace 5 hardcoded phase=1 literals in orchestrator.ts mechanical
execution path with this.pipelineState!.current_phase. The orchestrator
correctly tracks current_phase but commits always embedded literal 1.
FIX-06: Replace getDecisions() redundant double-fetch with single
getRecentCommits(50) call, delegating to existing getDecisionsFromCommits().
Old code called getRecentCommits(50) once per grep match entry (O(N*M)
when it should be O(1)).
---ci---
phase: 2
milestone: v0.6
status: execute
decisions:
- id: D-001
decision: Pass GitAgentContext to agents instead of bare AgentContext
rationale: Agents need git-native context (gitContext, gitBranch, ciFiles, milestone) to operate autonomously
confidence: 0.95
- id: D-002
decision: Implement multi-phase iteration with totalPhases derived from ROADMAP.md
rationale: Milestones can span multiple phases; orchestrator must advance through all of them
confidence: 0.90
- id: D-003
decision: Add executeStageWithRecovery with retry + plan revision + escalation
rationale: Robust error recovery requires multiple fallback levels before giving up
confidence: 0.85
- id: D-004
decision: Add timer-to-escalation mapping in EscalationProtocol for proper cleanup
rationale: resolveEscalation must clearTimeout for the corresponding timer to prevent resource leaks
confidence: 0.90
- id: D-005
decision: Add dispose() to EscalationProtocol called in orchestrator finally block
rationale: Ensures all timers are cleaned up on orchestrator exit regardless of outcome
confidence: 0.95
- id: D-006
decision: Add mechanical TEST stage fallback running npm test via execSync
rationale: When no backend is available, tests can still be run mechanically
confidence: 0.85
---/ci---
Command markdown files now use __OPENCODE_DIR__ placeholder instead of
hardcoded user path. Both postinstall.js and install.sh perform template
replacement when copying files to ~/.config/opencode/, making CI portable
across any user/machine/container.
Add IntelligenceBackend abstraction with two categories:
- LLMBackend (OllamaLocal, OllamaCloud): CI runs tool loop, provides tools, constructs prompts
- AgentBackend (Opencode): agent runs own tool loop, CI serializes request
Refactor all 18 agents from hardcoded stubs to persona loaders that delegate
to the active backend or fail honestly when no backend is available.
Refactor OrchestratorAgent.executeStage() from monolithic switch to agent
delegation via STAGE_AGENT_MAP for intelligent stages (research, plan, execute,
verify), with mechanical stages (specify, clarify, complete) staying inline.
Wire CLI commands with --backend flag and auto-detection (opencode →
ollama-local → ollama-cloud). Harden rollback/ship with real git operations.
No command returns fake success.
---ci---
phase: 2
milestone: v0.2
status: execute
decisions:
- id: D-016
decision: Every ship creates a release — phases get patch, milestones get minor/major
rationale: Releases are not optional. Every phase must be tagged and released. Milestone completion also gets a release. Major for schema changes, Minor for milestones, Patch for phases.
confidence: 0.99
alternatives: [optional releases, phase-only releases]
---/ci---
- ship.md: rewritten with mandatory release flow and versioning table (Major/Minor/Patch)
- run.md: COMPLETE stage now includes tag + release as mandatory steps
- branch-strategy.md: added Versioning and Releases section with merge→tag→release examples
Implements the full PRD for CI - a fully autonomous AI-driven software
engineering harness derived from Learnship's architecture.
Core components:
- CI Orchestrator agent with autonomous pipeline (SPECIFY → CLARIFY →
RESEARCH → PLAN → EXECUTE → VERIFY → COMPLETE)
- Decision Engine with confidence thresholds (high/medium/low)
- Clarify Phase with question budget and default acceptance
- Escalation Protocol with timeout auto-proceed
- Audit Trail system (.ci/audit/) for post-hoc review
- Error Recovery with retry, plan revision, and rollback
18 agents (all Learnship agents + Orchestrator):
- Autonomous behavioral modifications per PRD §7.1
- Agent registry with factory pattern
11 CLI commands:
- ci init, ci run, ci quick, ci debug, ci verify
- ci review, ci status, ci audit, ci clarify
- ci rollback, ci ship
4-layer verification system:
- Structural, Behavioral, Security, Code Quality
3 autonomy levels: full, supervised, guided
Compatible with Learnship artifact schemas (.planning/)
grimacing
Jon Chery