340 lines
10 KiB
YAML
340 lines
10 KiB
YAML
# Blocking Conditions Configuration
|
|
# Defines what MUST be true for each phase transition
|
|
# Used by phase_gate.py for strict enforcement
|
|
|
|
version: "1.0"
|
|
|
|
# Phase execution order (cannot skip)
|
|
phase_order:
|
|
- INITIALIZING
|
|
- DESIGNING
|
|
- AWAITING_DESIGN_APPROVAL
|
|
- IMPLEMENTING
|
|
- REVIEWING
|
|
- SECURITY_REVIEW
|
|
- AWAITING_IMPL_APPROVAL
|
|
- COMPLETING
|
|
- COMPLETED
|
|
|
|
# Phases that trigger fix loops on failure
|
|
fix_loop_phases:
|
|
- REVIEWING
|
|
- SECURITY_REVIEW
|
|
|
|
# Detailed phase requirements
|
|
phases:
|
|
INITIALIZING:
|
|
description: "Workflow initialization"
|
|
entry_requirements: []
|
|
checkpoints:
|
|
manifest_exists:
|
|
description: "project_manifest.json must exist"
|
|
validator: file_exists
|
|
args:
|
|
path: project_manifest.json
|
|
on_fail: "Run /guardrail:init or /guardrail:analyze first"
|
|
|
|
version_created:
|
|
description: "Workflow version directory created"
|
|
validator: directory_exists
|
|
args:
|
|
path: ".workflow/versions/{version}"
|
|
on_fail: "Version creation failed"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
|
|
DESIGNING:
|
|
description: "Architecture and task design"
|
|
entry_requirements:
|
|
- phase_completed: INITIALIZING
|
|
checkpoints:
|
|
design_document_created:
|
|
description: "Design document exists"
|
|
validator: file_exists
|
|
args:
|
|
path: ".workflow/versions/{version}/design/design_document.yml"
|
|
on_fail: "Architect agent must create design document"
|
|
|
|
design_validated:
|
|
description: "Design passes validation"
|
|
validator: script_passes
|
|
args:
|
|
script: "python3 skills/guardrail-orchestrator/scripts/validate_design.py .workflow/versions/{version}/design/design_document.yml --output-dir .workflow/versions/{version}"
|
|
on_fail: "Design validation failed - review errors"
|
|
|
|
tasks_generated:
|
|
description: "Task files generated from design"
|
|
validator: min_file_count
|
|
args:
|
|
pattern: ".workflow/versions/{version}/tasks/*.yml"
|
|
minimum: 1
|
|
on_fail: "No task files generated - validate_design.py must run"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
- min_task_count: 1
|
|
|
|
AWAITING_DESIGN_APPROVAL:
|
|
description: "Gate 1 - Design approval required"
|
|
entry_requirements:
|
|
- phase_completed: DESIGNING
|
|
checkpoints:
|
|
design_approved:
|
|
description: "Design approval granted"
|
|
validator: approval_status
|
|
args:
|
|
gate: design
|
|
required_status: approved
|
|
on_fail: "Design approval required - run /workflow:approve or wait for auto-approval"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
|
|
auto_mode_behavior:
|
|
auto_approve: true
|
|
still_validates: false
|
|
|
|
IMPLEMENTING:
|
|
description: "Code implementation by layers"
|
|
entry_requirements:
|
|
- phase_completed: AWAITING_DESIGN_APPROVAL
|
|
- approval_granted: design
|
|
checkpoints:
|
|
all_layers_complete:
|
|
description: "All dependency layers implemented"
|
|
validator: all_layers_implemented
|
|
args: {}
|
|
on_fail: "Not all layers complete - check dependency_graph.yml"
|
|
|
|
build_passes:
|
|
description: "npm run build succeeds"
|
|
validator: script_passes
|
|
args:
|
|
script: "npm run build"
|
|
timeout: 300
|
|
on_fail: "Build failed - fix compilation errors"
|
|
|
|
type_check_passes:
|
|
description: "npx tsc --noEmit succeeds"
|
|
validator: script_passes
|
|
args:
|
|
script: "npx tsc --noEmit"
|
|
timeout: 300
|
|
on_fail: "Type check failed - fix TypeScript errors"
|
|
|
|
lint_passes:
|
|
description: "npm run lint succeeds"
|
|
validator: script_passes
|
|
args:
|
|
script: "npm run lint"
|
|
timeout: 300
|
|
on_fail: "Lint failed - fix lint errors"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
- build_exit_code: 0
|
|
- type_check_exit_code: 0
|
|
- lint_exit_code: 0
|
|
|
|
REVIEWING:
|
|
description: "Code review and verification"
|
|
entry_requirements:
|
|
- phase_completed: IMPLEMENTING
|
|
- build_passes: true
|
|
- type_check_passes: true
|
|
- lint_passes: true
|
|
checkpoints:
|
|
review_script_run:
|
|
description: "Review verification script executed"
|
|
validator: script_passes
|
|
args:
|
|
script: "python3 skills/guardrail-orchestrator/scripts/verify_implementation.py --version {version}"
|
|
on_fail: "Review script failed to run"
|
|
|
|
all_files_verified:
|
|
description: "All task files have implementations"
|
|
validator: all_task_files_exist
|
|
args: {}
|
|
on_fail: "Some implementation files are missing"
|
|
|
|
code_review_passed:
|
|
description: "Code review agent found no CRITICAL issues"
|
|
validator: code_review_result
|
|
args:
|
|
report_path: ".workflow/versions/{version}/review/code_review_report.yml"
|
|
block_on_critical: true
|
|
block_on_warnings: false
|
|
on_fail: "Code review found CRITICAL issues that must be fixed"
|
|
|
|
review_passed:
|
|
description: "Review found no blocking issues (umbrella checkpoint)"
|
|
validator: review_result
|
|
args:
|
|
allow_warnings: true
|
|
block_on_errors: true
|
|
on_fail: "Review found issues that must be fixed"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
|
|
fix_loop:
|
|
enabled: true
|
|
return_to: IMPLEMENTING
|
|
trigger_on:
|
|
- checkpoint_failed: review_passed
|
|
- checkpoint_failed: all_files_verified
|
|
- checkpoint_failed: code_review_passed
|
|
max_iterations: 5
|
|
on_max_iterations: "Too many fix iterations - manual intervention required"
|
|
|
|
auto_mode_behavior:
|
|
auto_approve: false # Must pass review
|
|
still_validates: true
|
|
fix_loop_enabled: true
|
|
|
|
SECURITY_REVIEW:
|
|
description: "Security scanning and API validation"
|
|
entry_requirements:
|
|
- phase_completed: REVIEWING
|
|
- checkpoint_passed: review_passed
|
|
checkpoints:
|
|
security_scan_run:
|
|
description: "Security scanner executed"
|
|
validator: script_passes
|
|
args:
|
|
script: "python3 skills/guardrail-orchestrator/scripts/security_scan.py --project-dir . --severity HIGH"
|
|
on_fail: "Security scan failed to run"
|
|
|
|
api_contract_validated:
|
|
description: "API contracts match frontend calls"
|
|
validator: script_passes
|
|
args:
|
|
script: "python3 skills/guardrail-orchestrator/scripts/validate_api_contract.py --project-dir ."
|
|
on_fail: "API contract validation failed"
|
|
|
|
security_passed:
|
|
description: "No CRITICAL security issues"
|
|
validator: security_result
|
|
args:
|
|
block_on_critical: true
|
|
block_on_high: false # Warning only
|
|
allow_medium: true
|
|
allow_low: true
|
|
on_fail: "CRITICAL security issues found - must fix before proceeding"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
- no_critical_security_issues: true
|
|
|
|
fix_loop:
|
|
enabled: true
|
|
return_to: IMPLEMENTING
|
|
trigger_on:
|
|
- checkpoint_failed: security_passed
|
|
- security_critical_found: true
|
|
max_iterations: 5
|
|
on_max_iterations: "Security issues persist - manual security review required"
|
|
|
|
auto_mode_behavior:
|
|
auto_approve: false # Must pass security
|
|
still_validates: true
|
|
fix_loop_enabled: true
|
|
|
|
AWAITING_IMPL_APPROVAL:
|
|
description: "Gate 2 - Implementation approval required"
|
|
entry_requirements:
|
|
- phase_completed: SECURITY_REVIEW
|
|
- checkpoint_passed: security_passed
|
|
checkpoints:
|
|
implementation_approved:
|
|
description: "Implementation approval granted"
|
|
validator: approval_status
|
|
args:
|
|
gate: implementation
|
|
required_status: approved
|
|
on_fail: "Implementation approval required"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
|
|
auto_mode_behavior:
|
|
auto_approve: true # Auto if review + security passed
|
|
still_validates: false
|
|
|
|
COMPLETING:
|
|
description: "Finalization and cleanup"
|
|
entry_requirements:
|
|
- phase_completed: AWAITING_IMPL_APPROVAL
|
|
- approval_granted: implementation
|
|
checkpoints:
|
|
tasks_marked_complete:
|
|
description: "All tasks marked as completed"
|
|
validator: all_tasks_status
|
|
args:
|
|
required_status: completed
|
|
on_fail: "Not all tasks marked complete"
|
|
|
|
version_finalized:
|
|
description: "Version marked as complete"
|
|
validator: script_passes
|
|
args:
|
|
script: "python3 skills/guardrail-orchestrator/scripts/version_manager.py complete"
|
|
on_fail: "Version finalization failed"
|
|
|
|
exit_requirements:
|
|
- all_checkpoints_passed
|
|
|
|
COMPLETED:
|
|
description: "Workflow finished"
|
|
entry_requirements:
|
|
- phase_completed: COMPLETING
|
|
checkpoints: {}
|
|
exit_requirements: []
|
|
|
|
# Global rules
|
|
global_rules:
|
|
# Cannot skip phases
|
|
strict_phase_order: true
|
|
|
|
# Must complete previous phase before entering next
|
|
require_phase_completion: true
|
|
|
|
# Fix loops are mandatory for REVIEWING and SECURITY_REVIEW
|
|
mandatory_fix_loops:
|
|
- REVIEWING
|
|
- SECURITY_REVIEW
|
|
|
|
# Maximum fix loop iterations before requiring manual intervention
|
|
max_fix_iterations: 5
|
|
|
|
# Build must pass before REVIEWING
|
|
build_required_before_review: true
|
|
|
|
# Security must pass before AWAITING_IMPL_APPROVAL
|
|
security_required_before_approval: true
|
|
|
|
# Scripts referenced by validators
|
|
scripts:
|
|
validate_design:
|
|
path: "skills/guardrail-orchestrator/scripts/validate_design.py"
|
|
required_exit_code: 0
|
|
|
|
verify_implementation:
|
|
path: "skills/guardrail-orchestrator/scripts/verify_implementation.py"
|
|
required_exit_code: 0
|
|
|
|
security_scan:
|
|
path: "skills/guardrail-orchestrator/scripts/security_scan.py"
|
|
critical_exit_code: 2
|
|
high_exit_code: 1
|
|
pass_exit_code: 0
|
|
|
|
validate_api_contract:
|
|
path: "skills/guardrail-orchestrator/scripts/validate_api_contract.py"
|
|
required_exit_code: 0
|
|
|
|
version_manager:
|
|
path: "skills/guardrail-orchestrator/scripts/version_manager.py"
|
|
required_exit_code: 0
|