UNPKG

@blundergoat/goat-flow

Version:

AI coding agent harness and local dashboard for Claude Code, OpenAI Codex, Google Antigravity, and GitHub Copilot - setup audits, guardrails, structured skills, deny hooks, and persistent learning loops.

github.com/blundergoat/goat-flow

blundergoat/goat-flow

136 lines (89 loc) 8.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# Step 06 - Final Verification The setup gate is: `goat-flow audit . --agent {agent}` passes and `goat-flow audit . --agent {agent} --harness` passes. The remaining checks below are agent-driven verification steps that improve quality but are not enforced by the auditor. ## Audit (required gate) Run both required audit commands and fix all failures until they pass: ```bash goat-flow audit . --agent {agent} goat-flow audit . --agent {agent} --harness ``` The `--agent` flag scopes the audit to one agent's surfaces: it checks that agent's instruction file, skills directory, hooks, and settings. It does NOT check other agents' files. For multi-agent projects, run the audit once per agent. The audit validates structural requirements: required files/dirs exist, config parses, skills installed with version tags, hooks present, deny patterns registered. It does NOT validate content quality (evidence citations, instruction-file specificity, duplicate surfaces). The checks below cover those content concerns. `goat-flow quality` is optional - it generates an agent-driven review prompt but is not required for setup completion. `goat-flow audit --harness` adds structural installation checks for 5 concerns (context, constraints, verification, recovery, feedback loop) and is part of setup completion. Harness results contribute to the overall audit status - a harness failure is an audit failure. Recovery is milestone/session-log based; missing task content in a fresh install is normal, while stale recovery paths or missing required files should be fixed. ## Manual verification (recommended, not gated by audit) **If a check cannot be fixed** (binary not installed locally, CI tool unavailable, platform constraint), document it as a known exception in the setup session log: > `Known exception: check [ID] - [reason it can't be fixed]. Follow-up: [action to resolve later, or "accepted as permanent exception"].` Do NOT silently skip unfixable checks. The exception must be visible in the session log so the next agent knows why the audit isn't passing. - Run `goat-flow stats --check`; if it reports `index-stale`, run `goat-flow index`, then re-run `goat-flow stats --check`. Re-run `goat-flow index` after adding, editing, renaming, or resolving entries; `goat-flow stats --check` fails while the index is stale. See `docs/cli.md` for the lifecycle reference. ## Stale-reference reconciliation Before declaring setup complete, verify the generated surfaces do not reference dead files or old step names. Check these surfaces: - The instruction file - All installed skill files - All installed skill `references/*.md` files - Agent settings / hook config files - `.goat-flow/skill-docs/README.md` - `.goat-flow/skill-docs/skill-preamble.md` - `.goat-flow/skill-docs/playbooks/README.md` - `.goat-flow/skill-docs/playbooks/browser-use.md` - `.goat-flow/config.yaml` For each backtick-wrapped path or hook path: - Verify the file or directory exists on disk - If a file was renamed during setup, grep the old name across the repo and update every remaining reference - For registered hook scripts, verify the file exists and has execute permissions - Verify the instruction file version header matches the goat-flow release version - Verify `.goat-flow/config.yaml` version matches the goat-flow release version - Verify every installed goat skill reference Markdown file is listed in `workflow/manifest.json` `skills.references`; remove stale files left by reference merges or renames - For auto-seeded footgun entries, spot-check that each cited semantic anchor actually resolves to the described trap. If the anchor doesn't match (wrong function, outdated string), fix the reference ## Evidence verification After generating footguns and the instruction file, re-verify the evidence: 1. **Semantic-anchor citations:** For every semantic anchor in generated footguns and in the instruction file's BAD/GOOD examples, grep for the cited anchor. If it doesn't resolve to the described content, fix the citation. This catches auto-seeding errors where git history evidence doesn't match current code. 2. **Router table paths:** For every path in the instruction file's Router Table, verify it exists on disk. Remove entries that point to nonexistent files or directories. 3. **Harness-only instruction requirements:** Verify the instruction file includes path-agnostic workspace boundary guidance and the canonical `.goat-flow/skill-docs/` (meta) and `.goat-flow/skill-docs/playbooks/` (tools) READ rules / Router Table rows from Step 02. Verify `docs/coding-standards/git-commit.md` exists with project-specific commit guidance and that the instruction file references it under `## Commit Messages`. A file with the `goat-flow: generated stub - insufficient git history` header is acceptable for the audit gate but must be listed in the gap report as a human-edit follow-up. ## Duplicate surface check Fail if BOTH of these exist with independent content for the same artifact type: - `docs/footguns.md` AND `.goat-flow/learning-loop/footguns/` (with real entries, not a bridge) - `docs/lessons.md` AND `.goat-flow/learning-loop/lessons/` (with real entries) - `docs/architecture.md` AND `.goat-flow/architecture.md` (both with real content) - `docs/decisions/` AND `.goat-flow/learning-loop/decisions/` (both with real ADRs) If duplicates exist, migrate the better content to the canonical `.goat-flow/` path and remove or bridge the other. The router table must NOT point to BOTH old and new surfaces for the same artifact type. ## Path integrity check **CRITICAL:** Installed skill files must NEVER contain `workflow/` paths - those are framework-local and don't exist in target projects. Only `.goat-flow/` paths are valid. Verify: no `workflow/` path references in any installed skill file. Every `.goat-flow/` path in installed skills must resolve on disk. ## File manifest List every setup-owned file as one of: - `created` - `updated` - `skipped` - `failed` Compare that manifest against `workflow/manifest.json`: - Every `required_file` must exist - Every `required_dir` must exist - Any missing required surface must be fixed or called out explicitly before stopping ## Essential Commands smoke test Read the instruction file's Essential Commands section and verify the commands are real: - For binaries, run `command -v <binary>` - For shell scripts, run `bash -n <script>` - For repo commands, verify the referenced binary or script path exists before listing it as a working command Report any command you could not verify. ## Gap report Before finalising, add a gap report to the setup session log: - **Areas not assessed:** [list any parts of the codebase that setup didn't read or analyse] - **Known gaps:** [list detected gaps that setup couldn't fix, e.g., "Python source files found but no Python tests exist"] - **Things skipped:** [list anything setup chose not to do, with reason] - **Harness-specific checks:** [confirm workspace boundary guidance, skill-docs snippets, and commit guidance were checked; list any exception, including generated insufficient-history commit-guidance stubs] For each detected language with source files but no test files, note it in the gap report. This is a setup gap, NOT a footgun - do not create a footgun entry for missing tests. The gap report goes in the session log only. ## Shared setup session log Use one shared local continuity file: `.goat-flow/logs/sessions/YYYY-MM-DD-setup.md` - Earlier step markers stay in this file - Finalise it here with the audit result, any fixes made, the file manifest summary, the gap report, and remaining follow-ups - If any note deserves to survive beyond this checkout, promote it into lessons / footguns / decisions rather than treating the session log as durable project memory - Record time and tokens using this format: - `**Time:** [elapsed] | **Tokens:** [count or unavailable]` --- **Verification gate:** - [ ] `goat-flow audit . --agent {agent}` passes - [ ] `goat-flow audit . --agent {agent} --harness` passes - [ ] All required files and directories in `workflow/manifest.json` exist - [ ] Workspace boundary guidance, skill-docs snippets, and commit guidance are present where required - [ ] Stale-reference checks and Essential Commands smoke tests are complete - [ ] Shared setup session log finalised with time/tokens