diff --git a/.agent-loop/LOOP_STATE.md b/.agent-loop/LOOP_STATE.md index 12d1a6a..9681ba0 100644 --- a/.agent-loop/LOOP_STATE.md +++ b/.agent-loop/LOOP_STATE.md @@ -2,14 +2,14 @@ ## Current State -- Active initiative: none -- Active chunk: none -- Branch: `main` -- Status: `WS-ENG-001-01` merged through PR #23 on 2026-06-20; memory updated; no active chunk -- Merge commit: `b9fe19b96109e9786e1d6d89488abfbe68a05d4a` -- Reviewed code SHA: `b22b940ee50956c9c7bfd0e681ffac727b6ff82c` -- Current gate: stopped after merge memory update -- Next chunk: inactive +- Active initiative: `WS-POL-001` - Submission Artifact Policy Foundation +- Active planning chunk: `WS-POL-001-01` - Submission Artifact Policy Foundation +- Branch: `codex/submission-artifact-policy-loop-plan` +- Status: intent, discovery, plan, chunk map, and first chunk contract drafted; implementation has not started +- Merge commit: none for this initiative +- Reviewed code SHA: pending +- Current gate: awaiting human review of plan and first chunk contract; backend implementation is not approved +- Next chunk: inactive until `WS-POL-001-01` is approved and completed ## Operating Rule @@ -19,14 +19,15 @@ Workstream engineering chunks move through: Intent -> Discovery -> Plan -> Chunk Map -> Chunk Contract -> Implementation -> Evidence -> Internal Review -> PR -> Human Checkpoint -> Memory Update -> Stop ``` -The current chunk is process infrastructure only. It does not change Workstream -product behavior, database schema, API behavior, or frontend behavior. +The current initiative is Workstream product planning for submission intake +policy. The current branch changes loop planning artifacts only; it does not +change Workstream product behavior, database schema, API behavior, or frontend +behavior. ## Last Review State -- Internal reviewer tracks complete. -- Valid findings addressed. -- Open sub-agent sessions: none. -- Internal review evidence: `.agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-01-internal-review-evidence.md` -- External review response: `.agent-loop/initiatives/WS-ENG-001-codex-zero-trust-loop-bootstrap/reviews/WS-ENG-001-01-external-review-response.md` +- Last completed initiative: `WS-ENG-001` Codex zero-trust engineering loop bootstrap. - PR #23 merged into `main` on 2026-06-20. +- PR #24 updated post-merge loop memory on `main`. +- PR #25 added Terminal Benchmark example material under `examples/`. +- Current planning branch has no internal review evidence yet. diff --git a/.agent-loop/WORK_QUEUE.md b/.agent-loop/WORK_QUEUE.md index c47234f..dd12cb2 100644 --- a/.agent-loop/WORK_QUEUE.md +++ b/.agent-loop/WORK_QUEUE.md @@ -1,22 +1,23 @@ # Work Queue -## Active +## Active Planning | Chunk | Title | Risk | Status | |---|---|---:|---| -| None | No active chunk | - | Inactive | +| `WS-POL-001-01` | Submission Artifact Policy Foundation | L1 | Draft contract; awaiting human approval before implementation | ## Completed | Chunk | Title | Risk | Status | |---|---|---:|---| | `WS-ENG-001-01` | Codex-native zero-trust loop bootstrap | L1 | Merged through PR #23 on 2026-06-20 | +| `EXAMPLE-TERMINAL-BENCHMARK` | Terminal Benchmark example drill | L3 | Merged through PR #25 on 2026-06-21 | ## Proposed Next -No next chunk is active. After this bootstrap has landed, the next Workstream product -chunk must be planned through the loop and approved by the user before code -starts. +`WS-POL-001-01` is the proposed next Workstream product implementation chunk. +Only planning is active. Backend implementation must not start until the user +approves the chunk contract. ## Blocked diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md new file mode 100644 index 0000000..606d6d0 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md @@ -0,0 +1,280 @@ +# Chunk Map: WS-POL-001 - Submission Artifact Policy Foundation + +## Rules + +- One chunk fits in one reviewable PR. +- No chunk mixes policy modeling, pre-submit runtime rewiring, and post-submit + checker splitting unless explicitly approved. +- Every implementation chunk must use Postgres-backed tests. +- Worker-facing outcomes remain simple; internal route names stay internal. +- Project owners provide setup material in plain language; Workstream derives + machine-readable submission artifact policy and actors with the `admin` or + `project_manager` role approve it. + +## Chunks + +### WS-POL-001-01: Submission Artifact Policy Foundation + +Goal: + +Add first-class `SubmissionArtifactPolicy` backend records and schemas, define +Workstream default submission artifact rules in code, and validate that project +policy cannot weaken defaults. + +Risk: + +L1 + +Depends on: + +Approved intent, discovery, plan, and this chunk contract. + +Allowed files: + +```text +backend/alembic/versions/** +backend/app/modules/projects/** +backend/tests/test_projects.py +docs/spec_chunk_3_project_guide_foundation.md +docs/template_submission_artifact_policy.md +.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/** +``` + +Not allowed: + +```text +backend/app/modules/tasks/** +backend/app/modules/checkers/** +backend/app/modules/submissions/** +.github/workflows/** +frontend or demos +payment/reputation/blockchain code +``` + +Acceptance criteria: + +- Dedicated submission artifact policy model/table exists. +- Project policy is scoped to project id + guide version. +- Project policy records are Workstream-derived and approved by `admin` or + `project_manager`, not direct project owner-authored schema. +- Workstream default policy is represented in code. +- Effective policy merge rejects attempts to weaken defaults. +- Guide activation requires valid submission artifact policy. +- Existing `evidence_policy` transitional behavior is not silently broken. + +Required reviewers: + +senior engineering, QA/test, security/auth, product/ops, architecture, docs, +reuse/dedup, test delta. + +Human review focus: + +Policy ownership, project-owner intake checklist, policy field names, default +rule set, migration strategy, and whether `evidence_policy` remains a temporary +compatibility alias. + +### WS-POL-001-02: Generated PreSubmitCheckerPolicy + +Goal: + +Generate pre-submit checker policy from effective submission artifact policy and +expose it only as server-owned policy context. + +Risk: + +L1 + +Depends on: + +`WS-POL-001-01` + +Allowed files: + +```text +backend/app/modules/projects/** +backend/app/modules/checkers/** +backend/tests/test_projects.py +backend/tests/test_checkers.py +docs/spec_chunk_8_submission_artifact_policy_checkers.md +``` + +Not allowed: + +```text +submission creation runtime rewiring +post-submit lifecycle changes +payment/reputation/blockchain code +``` + +Acceptance criteria: + +- Pre-submit checker policy is generated, not client-supplied. +- Generated policy contains Workstream defaults plus project additions. +- Generated policy names match registered pre-submit checker behavior. +- Workers cannot provide checker names, severities, versions, or outcomes. + +Required reviewers: + +senior engineering, QA/test, security/auth, product/ops, architecture, docs, +reuse/dedup, test delta. + +Human review focus: + +Generated policy persistence/derivation choice and exact naming. + +### WS-POL-001-03: Submission Creation Uses Effective Policy + +Goal: + +Move submission creation pre-submit gate from transitional task fields to the +effective submission artifact policy and generated pre-submit checker policy. + +Risk: + +L1 + +Depends on: + +`WS-POL-001-02` + +Allowed files: + +```text +backend/app/modules/tasks/** +backend/app/modules/checkers/** +backend/tests/test_submissions.py +backend/tests/test_checkers.py +backend/scripts/week2_api_e2e.py +docs/spec_chunk_5_submission_packet_foundation.md +``` + +Not allowed: + +```text +human review implementation +payment/reputation/blockchain code +frontend +``` + +Acceptance criteria: + +- Blocking pre-submit failure creates no submission row, submission version, + submitted transition, or durable checker run. +- Blocking pre-submit failure returns `pre_submission_checker_failed` with + structured pass/fail/warning details, not review decision values. +- Passing pre-submit creates a submission stamped with locked policy context. + +Required reviewers: + +senior engineering, QA/test, security/auth, product/ops, architecture, docs, +reuse/dedup, test delta. + +Human review focus: + +No-row/no-version/no-transition guarantee and `pre_submission_checker_failed` +feedback shape. + +### WS-POL-001-04: PostSubmitCheckerPolicy Split + +Goal: + +Separate post-submit checker policy naming/provenance from generated pre-submit +policy and transitional `locked_checker_policy_version`. + +Risk: + +L1 + +Depends on: + +`WS-POL-001-03` + +Allowed files: + +```text +backend/alembic/versions/** +backend/app/modules/projects/** +backend/app/modules/tasks/** +backend/app/modules/checkers/** +backend/tests/** +docs/spec_chunk_8_submission_artifact_policy_checkers.md +docs/spec_chunk_9_pre_review_gate.md +``` + +Not allowed: + +```text +human review decisions +payment/reputation/blockchain code +frontend +``` + +Acceptance criteria: + +- Pre-submit policy provenance and post-submit policy provenance are distinct. +- Durable checker runs use locked post-submit checker policy. +- Pre-submit feedback does not create durable checker records. +- API responses do not expose internal-only routes to workers. + +Required reviewers: + +senior engineering, QA/test, security/auth, product/ops, architecture, docs, +reuse/dedup, test delta. + +Human review focus: + +Field naming and migration safety. + +### WS-POL-001-05: Revision Resubmission And Real API Drill + +Goal: + +Prove a worker can receive `needs_revision`, run pre-submit feedback again, and +submit a new version using the same policy-driven path. + +Risk: + +L1 + +Depends on: + +`WS-POL-001-04` + +Allowed files: + +```text +backend/app/modules/tasks/** +backend/app/modules/checkers/** +backend/tests/** +backend/scripts/week2_api_e2e.py +examples/terminal_benchmark/** +docs/spec_chunk_9_pre_review_gate.md +``` + +Not allowed: + +```text +human review decision implementation +payment/reputation/blockchain code +frontend +``` + +Acceptance criteria: + +- Worker pre-submit feedback is allowed for `in_progress` and `needs_revision` + where the worker owns the task. +- Replacement submission creates a new version. +- Older submission versions remain immutable. +- Internal checker-caused `needs_revision` remains distinguishable from future + human-review-caused `needs_revision`. +- Real API drill covers clean pass, blocking pre-submit, post-submit + `needs_revision`, and fixed resubmission. + +Required reviewers: + +senior engineering, QA/test, security/auth, product/ops, architecture, docs, +reuse/dedup, test delta. + +Human review focus: + +Fair worker experience during revision and audit clarity. diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DECISIONS.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DECISIONS.md new file mode 100644 index 0000000..325f7c9 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DECISIONS.md @@ -0,0 +1,31 @@ +# Decisions: WS-POL-001 - Submission Artifact Policy Foundation + +## Accepted + +- `ProjectGuide` remains human-facing instruction. +- `SubmissionArtifactPolicy` is the machine-readable intake contract. +- Project owners provide project setup material in plain language; + they do not author `SubmissionArtifactPolicy` directly. +- Workstream derives `ProjectSubmissionArtifactPolicy` from project material, + with internal agent assistance allowed, then requires approval by `admin` or + `project_manager` before guide activation. +- Workstream default submission artifact rules are non-bypassable. +- `EffectiveSubmissionArtifactPolicy` is default plus project policy. +- `PreSubmitCheckerPolicy` is generated from effective policy. +- Pre-submit checks block before submission creation. +- Blocking pre-submit feedback is `pre_submission_checker_failed` with + structured pass/fail/warning details; it is not `accept`, `needs_revision`, + or `reject`. +- Post-submit/internal checks remain separate from pre-submit checks. +- Worker-facing task outcomes remain simple; internal routes stay internal. +- Stored review decision values remain exactly `accept`, `needs_revision`, and + `reject`. Display wording must not create new persisted tokens. + +## Pending Human Decisions + +- Exact default Workstream submission artifact policy fields. +- Exact v0.1 project-owner intake checklist for deriving project policy. +- Whether generated pre-submit policy is persisted or derived on demand. +- Exact names for locked submission artifact policy version/hash fields. +- Compatibility plan for `ProjectGuide.evidence_policy`. +- Compatibility plan for task `required_files` and `required_evidence`. diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DISCOVERY.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DISCOVERY.md new file mode 100644 index 0000000..0eeca3c --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/DISCOVERY.md @@ -0,0 +1,99 @@ +# Discovery: WS-POL-001 - Submission Artifact Policy Foundation + +Discovery is read-only. No product implementation has started for this +initiative. + +## Current Behavior + +The architecture docs already lock the target model: + +```text +SubmissionArtifactPolicy +-> EffectiveSubmissionArtifactPolicy +-> generated PreSubmitCheckerPolicy +-> pre-submit checks before submission creation +-> post-submit/internal checks after submission lock +``` + +The backend is still transitional: + +- `ProjectGuide.evidence_policy` represents submission artifact requirements. +- `WorkstreamTask.required_files` and `required_evidence` drive checker behavior. +- `Submission.locked_checker_policy_version` is used broadly for post-submit + checker context. +- Pre-submit feedback uses `task.required_files` and `task.required_evidence`. +- Post-submit durable checks use registered checker names and locked checker + policy. + +The product ownership boundary is also not explicit enough yet. Project owners +should provide guide material, task examples, rubrics, payment inputs, and +plain-language artifact expectations. Workstream should derive the +machine-readable project submission artifact policy from that material, then +require approval by `admin` or `project_manager` before guide activation. + +## Relevant Files/Modules + +| Path | Purpose | Notes | +|---|---|---| +| `docs/decision_0011_submission_artifact_policy_drives_pre_submit.md` | Accepted ADR for this initiative | Source of truth for policy-driven intake. | +| `docs/spec_chunk_5_submission_packet_foundation.md` | Submission packet target contract | Already says current code is transitional. | +| `docs/spec_chunk_8_submission_artifact_policy_checkers.md` | Pre-submit versus durable checker boundary | Names default pre-submit checks and routing. | +| `docs/spec_chunk_9_pre_review_gate.md` | Post-submit gate | Keeps internal checker routing separate from human review. | +| `backend/app/modules/projects/models.py` | Project guide and policies | `ProjectGuide.evidence_policy` is transitional. | +| `backend/app/modules/projects/schemas.py` | Project guide API schemas | Exposes `evidence_policy` today. | +| `backend/app/modules/projects/service.py` | Guide activation and policy validation | Activation currently checks `evidence_policy` and checker policy. | +| `backend/app/modules/tasks/models.py` | Task/submission models | Task stores required files/evidence; submission stores broad checker policy version. | +| `backend/app/modules/tasks/service.py` | Task lifecycle and locked context | Stamps locked guide/policy context onto tasks/submissions. | +| `backend/app/modules/checkers/runner.py` | Checker implementations | Pre-submit and durable checks share helper logic today. | +| `backend/app/modules/checkers/service.py` | Pre-submit and durable checker orchestration | Needs to consume generated pre-submit policy later. | + +## Current Tests + +| Test path | What it covers | Gaps | +|---|---|---| +| `backend/tests/test_projects.py` | Project guide activation and policy context | Does not test dedicated `SubmissionArtifactPolicy`. | +| `backend/tests/test_tasks.py` | Task lifecycle and assignment | Task required files/evidence remain transitional. | +| `backend/tests/test_submissions.py` | Submission packet creation/versioning | Does not yet prove effective policy provenance. | +| `backend/tests/test_checkers.py` | Pre-submit feedback, durable runs, routing | Uses task fields rather than generated pre-submit policy. | +| `backend/scripts/week2_api_e2e.py` | Real API checker/pre-review flow | Needs a future variant using dedicated policy records. | + +## Dependencies/Integrations + +- FastAPI async endpoints. +- SQLAlchemy 2.x async ORM. +- Alembic migrations. +- Pydantic schemas. +- Postgres as record database. +- Existing Flow token verification boundary. +- Existing checker runner registry. + +## Risks Discovered + +| Risk | Why it matters | Suggested handling | +|---|---|---| +| Policy/source drift | Guide prose, task fields, and checker policy can disagree. | Introduce policy objects first, then migrate runtime reads in later chunks. | +| Project owner-authored schema burden | Asking project owners to write Workstream policy schema creates setup errors and unfair worker failures. | Workstream derives policy from project material and requires approval by `admin` or `project_manager`. | +| Weakening defaults | Project policy could accidentally remove Workstream safety rules. | Implement non-bypassable default merge validation. | +| Big-bang rewrite | Changing project, task, submission, and checker runtime together is risky. | Split into reviewable chunks. | +| Version/hash ambiguity | Pre-submit policy is generated, so versioning needs careful naming. | Human review field names before migration. | +| Worker-facing confusion | Internal routes can leak if naming is sloppy. | Keep worker-facing state `needs_revision`; keep internal route fields internal. | + +## Unknowns/Questions For Human + +| Question | Why it matters | Needed before chunk? | +|---|---|---| +| Exact default artifact rules | Defines non-bypassable Workstream intake behavior. | Yes, before implementation chunk 1 completes. | +| Exact project-owner intake checklist | Defines what a company must provide so Workstream can derive policy. | Yes, before implementation chunk 1 completes. | +| Whether `evidence_policy` stays as backward-compatible alias | Affects API compatibility and migration scope. | Yes, before migration chunk. | +| Exact policy version/hash field names | Prevents future schema drift. | Yes, before schema migration. | +| Whether generated `PreSubmitCheckerPolicy` is persisted or derived on read | Affects data model and audit proof. | Yes, before chunk 2. | + +## Existing Conventions To Preserve + +- Async-first FastAPI and SQLAlchemy. +- Router, service, repository, schema separation. +- No Workstream-owned login/session/auth. +- Postgres-backed integration tests for lifecycle behavior. +- Review decision stored values only `accept`, `needs_revision`, `reject`. +- Internal checker routes are not review decisions. +- CodeRabbit and CI supplement, but do not replace, internal reviewer tracks. diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/INTENT.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/INTENT.md new file mode 100644 index 0000000..20163d9 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/INTENT.md @@ -0,0 +1,121 @@ +# INTENT: WS-POL-001 - Submission Artifact Policy Foundation + +## Problem Being Solved + +Workstream currently understands the product direction for submission intake, but +the backend still carries transitional fields such as `evidence_policy`, +`required_files`, `required_evidence`, and broad checker-policy version locking. + +That is not strong enough for the system we are building. A project guide is +human-facing instruction. It can explain expectations, examples, rubric, and +quality bar, but it must not be the only source of truth for what a worker is +allowed to submit. + +Submission intake needs a deterministic machine contract. + +## Human-Level Goal + +Make submission intake policy-driven: + +```text +ProjectGuide = human-facing instructions +SubmissionArtifactPolicy = machine-readable intake contract + +Project owner material +-> Workstream-derived ProjectSubmissionArtifactPolicy +-> approval by admin or project_manager + +WorkstreamDefaultSubmissionArtifactPolicy ++ ProjectSubmissionArtifactPolicy += EffectiveSubmissionArtifactPolicy + +EffectiveSubmissionArtifactPolicy +-> generated PreSubmitCheckerPolicy +``` + +Project owners provide project material: guide text or documentation links, +task inputs, expected outputs, examples, acceptance criteria, rejection +criteria, review rubric, skill expectations, base payout or payment policy +inputs, confidentiality constraints, and plain-language artifact expectations. +They do not author Workstream's machine-readable submission policy schema +directly. + +Workstream derives the project submission artifact policy from that material, +using internal agent assistance where useful. A Workstream actor with the +`admin` or `project_manager` role reviews and approves the derived policy +before guide activation. Workers submit draft +packet fields. Workstream decides required artifacts, evidence, hashes, storage +reference rules, forbidden artifacts, and blocking pre-submit feedback from the +effective policy. + +## Why Now + +Week 1 and Week 2 established the core backend loop: + +- project and guide foundation +- task queue and assignment +- submission packet foundation +- checker contracts and runner registry +- pre-review gate +- checker trial and real API drills + +The next correctness gap is policy ownership. If we keep relying on task fields +and guide prose, different projects will drift and the pre-submit/post-submit +boundary will become confusing. + +## Success State + +After this initiative: + +- `SubmissionArtifactPolicy` is a first-class backend object. +- `SubmissionArtifactPolicy` is Workstream-derived from project material and + approved by `admin` or `project_manager`, not authored directly by the + project owner. +- Workstream default submission artifact rules are defined in code. +- Project submission artifact policy cannot weaken Workstream defaults. +- Effective submission artifact policy is computed deterministically. +- Generated pre-submit checker policy is derived from effective policy. +- Submission creation uses the generated pre-submit policy before a submission + row is created. +- Post-submit/internal checker policy remains separate. +- Revision resubmission can run pre-submit feedback again without creating + confusing internal worker states. + +## Non-Goals + +- No human review decision implementation. +- No payment, contribution, reputation, blockchain, x402, ERC-8004, or ERC-8183 + work. +- No frontend implementation. +- No object-storage implementation beyond preserving the storage abstraction + boundary. +- No durable external checker worker infrastructure. +- No direct use of Terminal Benchmark example code in product runtime. + +## Business/Product/Engineering Context + +Workstream must be fair to workers and reliable for project managers. If a +submission requirement matters, it belongs in the approved guide and policy +context, not in Slack messages, hidden docs, or agent memory. + +The worker should get deterministic pre-submit feedback before a submission is +created. Internal checker routing can be richer, but worker-facing outcomes stay +simple. Stored review decision values remain exactly `accept`, +`needs_revision`, and `reject`; display labels may render those as accepted, +needs revision, and rejected where appropriate. + +Pre-submit feedback is not review. A blocking pre-submit result is presented as +`pre_submission_checker_failed` with structured pass/fail/warning details. It +does not create a submission and must not use review decision values. + +## Human Judgment Required + +- Approve the chunk sequence before implementation. +- Approve the exact Workstream default submission artifact rules. +- Approve the required project-owner intake material for v0.1 project setup. +- Approve naming for new persisted fields and policy version/hash fields. +- Approve any migration strategy that changes existing transitional fields. + +## Initial Risk Class + +L1 - policy engine, task lifecycle, audit, and submission data boundaries. diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/PLAN.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/PLAN.md new file mode 100644 index 0000000..f658f8f --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/PLAN.md @@ -0,0 +1,133 @@ +# Plan: WS-POL-001 - Submission Artifact Policy Foundation + +## Proposed Approach + +Implement policy-driven submission intake in narrow slices. + +First, add the policy foundation without changing the full submission runtime. +Then derive generated pre-submit policy. Then move submission creation to the +effective policy. Then split post-submit checker policy naming and provenance. +Finally, verify revision resubmission and real API flows. + +## Design Chosen + +The product model is: + +```text +ProjectGuide + human-facing instructions + +ProjectSubmissionArtifactPolicy + Workstream-derived, admin-or-project-manager-approved machine-readable intake rules + +WorkstreamDefaultSubmissionArtifactPolicy + platform-owned, non-bypassable safety rules + +EffectiveSubmissionArtifactPolicy + deterministic merge of default + project policy + +PreSubmitCheckerPolicy + generated checker rules for draft packet intake + +PostSubmitCheckerPolicy + durable checker rules for locked submission review readiness +``` + +Project owners provide human-facing setup material. Workstream derives the +machine-readable project submission artifact policy from that material, then a +Workstream actor with the `admin` or `project_manager` role approves it. +Pre-submit checks run before submission +creation and do not create durable checker records. Post-submit/internal checks +run after submission lock and do create durable checker records. + +If no approved project submission artifact policy exists for the active guide, +guide activation fails and tasks using that guide cannot enter the ready worker +pipeline. The system must surface setup failure internally as task/project setup +incomplete rather than letting workers discover missing intake rules at submit +time. + +## Alternatives Considered + +### Keep using guide prose and task fields + +Rejected because it leaves too much room for project drift and unfair worker +feedback. + +### Use project guide `evidence_policy` as the long-term object + +Rejected because the name is too narrow. The policy governs artifacts, hashes, +storage references, packaging, forbidden files, and attestation, not only +evidence. + +### Let project admins write checker names manually for pre-submit + +Rejected because pre-submit should be generated from the effective submission +artifact policy. Workers and project admins should not choose blocking checker +internals directly for intake. + +### Make project owners author `SubmissionArtifactPolicy` directly + +Rejected because project owners should provide domain material, not internal +Workstream schema. Workstream owns derivation of the machine-readable contract, +and actors with the `admin` or `project_manager` role approve it before the +project can accept ready tasks. + +### Combine pre-submit and post-submit checker policy + +Rejected because pre-submit answers whether a packet can be submitted at all, +while post-submit answers whether a locked submission can move to human review. + +## Boundaries Preserved + +- Auth/session: still only verifies external Flow authentication tokens. +- Permission/policy: actors with the `admin` or `project_manager` role approve + project policy setup; workers do not provide policy versions or checker names. +- Project-owner boundary: project owners provide guide material, + examples, rubrics, payment inputs, and artifact expectations in plain + language; Workstream turns that material into approved policy. +- Payment/execution: no payment or contribution records in this initiative. +- Persistence/data: schema changes land through Alembic and async SQLAlchemy. +- Presentation/API: backend-first; no frontend implementation. +- CI/deployment: no workflow weakening. + +## Rollout/Migration Strategy + +1. Add dedicated policy model/API while keeping transitional fields readable. +2. Add the Workstream-owned derivation/approval boundary for project policy. +3. Compute effective policy in service code and validate defaults cannot weaken. +4. Generate pre-submit checker policy from effective policy. +5. Migrate submission creation to effective policy. +6. Split post-submit checker policy naming/provenance. +7. Retire or alias transitional `evidence_policy`, `required_files`, and + `required_evidence` usage after tests prove the new path. + +## Verification Strategy + +- Unit-level policy merge tests for default + project policy. +- Postgres-backed API tests for project policy creation and guide activation. +- Tests proving a guide cannot activate without an approved project submission + artifact policy. +- Submission API tests proving blocking pre-submit failure creates no submission + row, version, task transition, durable checker run, or submission-created audit. +- Real API drill proving clean pass and `needs_revision` resubmission. +- Stale wording and Markdown link scans. + +## Review Strategy + +Required reviewers: + +- senior engineering: data model, lifecycle, service boundaries +- QA/test: Postgres-backed proof and regression coverage +- security/auth: storage refs, hash rules, unsafe path/URL rejection +- product/ops: worker/project-manager semantics and fairness +- architecture: policy/source-of-truth boundaries +- docs: naming and guide/policy wording +- reuse/dedup: avoid duplicate checker/policy logic +- test delta: ensure tests cover new behavior + +CI integrity is required only for chunks that touch workflows or test tooling. + +## Sequencing + +Start with policy foundation. Do not start submission runtime rewiring until the +policy object, defaults, and merge rules are accepted. diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/RISKS.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/RISKS.md new file mode 100644 index 0000000..4525eed --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/RISKS.md @@ -0,0 +1,11 @@ +# Risks: WS-POL-001 - Submission Artifact Policy Foundation + +| Risk | Impact | Mitigation | +|---|---|---| +| Big-bang lifecycle rewrite | High | Split policy, generation, submission runtime, post-submit split, and revision proof into separate chunks. | +| Default policy can be weakened | High | Validate effective policy rejects any project policy that removes or downgrades defaults. | +| Project owner schema burden | High | Project owners provide plain-language material; Workstream derives policy and actors with the `admin` or `project_manager` role approve it. | +| Naming drift | High | Human review field names before migrations. | +| Worker-facing internal route leakage | Medium | Keep `task_setup_blocked` and `checker_retry` internal; expose `needs_revision` only when worker action is needed. | +| Backward compatibility drift | Medium | Keep transitional fields explicit until replacement is proven. | +| Insufficient real API proof | High | Require Postgres-backed API tests and real API drill before closing the initiative. | diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md new file mode 100644 index 0000000..c1ee0e6 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/STATUS.md @@ -0,0 +1,34 @@ +# Status: WS-POL-001 - Submission Artifact Policy Foundation + +## Current Status + +Planning + +## Active Chunk + +`WS-POL-001-01` is drafted for human review. Implementation has not started. + +## Chunk Status + +| Chunk | Status | Branch | PR | Notes | +|---|---|---|---:|---| +| `WS-POL-001-01` | Draft contract | `codex/submission-artifact-policy-loop-plan` | - | Awaiting human approval before implementation. | +| `WS-POL-001-02` | Planned | - | - | Starts after policy foundation lands. | +| `WS-POL-001-03` | Planned | - | - | Moves submission creation to effective policy. | +| `WS-POL-001-04` | Planned | - | - | Splits post-submit checker policy provenance. | +| `WS-POL-001-05` | Planned | - | - | Proves revision resubmission and real API drill. | + +## Blockers + +| Blocker | Owner | Next action | +|---|---|---| +| Human approval of chunk sequence and first contract | User | Review this planning branch. | +| Exact default submission artifact policy fields | User + Codex | Confirm before implementation completes. | + +## Follow-Ups + +| Item | Source | Priority | +|---|---|---| +| Migrate `evidence_policy` wording to `SubmissionArtifactPolicy` | Discovery | High | +| Split pre-submit and post-submit policy provenance fields | Discovery | High | +| Add revision resubmission pre-submit proof | Discovery | High | diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-01-submission-artifact-policy-foundation.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-01-submission-artifact-policy-foundation.md new file mode 100644 index 0000000..dd5e637 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/chunks/WS-POL-001-01-submission-artifact-policy-foundation.md @@ -0,0 +1,152 @@ +# Chunk Contract: WS-POL-001-01 - Submission Artifact Policy Foundation + +## Parent Initiative + +WS-POL-001 - Submission Artifact Policy Foundation + +## Goal + +Add first-class backend support for `SubmissionArtifactPolicy` without rewiring +submission creation or durable checker execution yet. + +## Why This Chunk Exists + +The code still uses transitional `evidence_policy`, `required_files`, and +`required_evidence` fields. Before pre-submit checks can be generated from an +effective policy, Workstream needs a real policy object and non-bypassable +default policy validation. + +Project owners must not be asked to author the Workstream policy schema +directly. They provide project setup material in plain language; Workstream +derives project submission artifact policy from that material, and a project +actor with the `admin` or `project_manager` role approves it before guide +activation. + +## Approved Plan Reference + +- INTENT: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/INTENT.md` +- PLAN: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/PLAN.md` +- CHUNK_MAP: `.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/CHUNK_MAP.md` + +## Risk Class + +L1 + +## SLA + +P1 + +## Allowed Files + +```text +backend/alembic/versions/** +backend/app/modules/projects/** +backend/tests/test_projects.py +docs/spec_chunk_3_project_guide_foundation.md +docs/template_submission_artifact_policy.md +.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/** +``` + +## Not Allowed + +```text +backend/app/modules/tasks/** +backend/app/modules/checkers/** +backend/app/modules/submissions/** +.github/workflows/** +demos/** +examples/** +frontend/** +payment/reputation/blockchain code +object-storage implementation +human review implementation +``` + +## Implementation Boundaries + +- Routers only translate HTTP requests/responses and map domain errors. +- Services own policy merge rules, Workstream default validation, guide + activation checks, Workstream-owned policy derivation boundaries, and + permission-aware orchestration. +- Repositories only persist and query policy records. +- Schemas only define API input/output contracts and validation shape. + +## Acceptance Criteria + +- [ ] Dedicated `SubmissionArtifactPolicy` model/table exists. +- [ ] Policy rows are scoped by `project_id` and `guide_version`. +- [ ] Policy rows have a composite foreign key to `project_guides(project_id, version)`. +- [ ] Pydantic input/output schemas exist for project submission artifact policy. +- [ ] Project service can create/update the policy with a draft guide. +- [ ] Project policy records include approval provenance showing the approved + machine policy was reviewed by `admin` or `project_manager`. +- [ ] Approval provenance includes derivation source, source material refs, + approval status, approver role, approver actor, approval timestamp, and + approved policy version or hash. +- [ ] Guide activation fails when no approved project submission artifact policy + exists for the guide version. +- [ ] Guide activation requires valid submission artifact policy. +- [ ] Workstream default submission artifact policy is represented in code. +- [ ] Workstream default policy requires `sha256:<64 lowercase hex>` artifact hashes where production hashes are required. +- [ ] Workstream default policy rejects raw signed URLs, query strings, local filesystem paths, credential-bearing references, and token-bearing storage references before persistence. +- [ ] Workstream default policy blocks default-forbidden secret/token artifacts even when a project policy lists them as required. +- [ ] Effective policy merge rejects project policy that weakens defaults. +- [ ] Existing `evidence_policy` transitional behavior is not silently broken. +- [ ] Postgres-backed tests cover create/update/activation/default-weakening cases. + +## Verification Commands + +```bash +cd backend && .venv/bin/python -m ruff check app tests +cd backend && WORKSTREAM_TEST_DATABASE_URL=postgresql+asyncpg://workstream:workstream@localhost:5433/workstream_test .venv/bin/python -m pytest tests/test_projects.py +python3 scripts/check_markdown_links.py +python3 scripts/check_stale_workstream_wording.py +python3 scripts/check_internal_review_evidence.py +python3 scripts/workstream_agent_gate.py --base origin/main --head HEAD --format json +git diff --check +``` + +## Required Reviewers + +Every listed reviewer must end with one exact result value: + +- `PASS` +- `PASS AFTER FIXES` +- `PASS WITH LOW RISKS` +- `N/A - with approved reason` + +Baseline: + +- [ ] senior engineering +- [ ] QA/test +- [ ] security/auth +- [ ] product/ops + +Conditional: + +- [ ] architecture +- [ ] docs +- [ ] reuse/dedup +- [ ] test delta +- [ ] CI integrity: `N/A - with approved reason` unless workflows or test tooling change + +## Human Review Focus + +- Are the policy field names precise enough? +- Is the project-owner intake checklist precise enough for Workstream to derive + policy without making project owners author internal schema? +- Are Workstream default rules complete enough for v0.1? +- Should `evidence_policy` remain a compatibility alias during migration? +- Should generated pre-submit policy be persisted in chunk 2 or derived on read? + +## Stop Conditions + +Stop and escalate if: + +- implementation needs to touch task/submission/checker runtime in this chunk +- policy version/hash naming is unclear +- default artifact rules need product decision +- migration requires destructive data changes +- CI/test weakening is required to pass +- same blocker remains after 2 repair attempts +- secrets or production data are needed diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-external-review-response.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-external-review-response.md new file mode 100644 index 0000000..f664a66 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-external-review-response.md @@ -0,0 +1,64 @@ +# External Review Response: WS-POL-001-01 + +## PR + +https://github.com/Flow-Research/workstream/pull/26 + +## Chunk + +`WS-POL-001-01` + +## Source + +CodeRabbit and GitHub checks. + +## Summary + +External review feedback was handled separately from internal sub-agent evidence. +CodeRabbit reported one readability nitpick in the chunk map. The finding was +valid, in scope, and fixed without changing the product contract. + +## External Findings + +| Source | Finding | Severity | Status | Response | +|---|---|---:|---:|---| +| CodeRabbit | `WS-POL-001-03` acceptance criteria repeated "Blocking pre-submit failure creates no..." across consecutive lines. | Low | Fixed | Consolidated the four no-side-effect guarantees into one sentence while preserving every distinct requirement. | +| GitHub checks | Agent Gates, Backend, Week 1 API Demo UI, and CodeRabbit status must pass. | High | Passed | All GitHub checks passed after the final push. | +| CodeRabbit manual trigger | Manual `@coderabbitai review` was requested after the rate-limit window. | Informational | Complete | CodeRabbit replied "Review finished" and noted incremental review does not re-review already reviewed commits unless automatic reviews are paused. No new actionable findings were posted. | +| Human review | Project owners should not author `SubmissionArtifactPolicy`; Workstream should derive it from project material and require `admin` or `project_manager` approval. | High | Fixed | Updated planning artifacts, ADRs, glossary, architecture docs, specs, templates, operating manual, current data flow, and first user flows. | +| Human review | Pre-submit failures should not use review decisions and should show pass/fail details like the Snorkel-style static checker experience. | High | Fixed | Standardized `pre_submission_checker_failed` with structured pass/fail/warning details and explicit exclusion of `accept`, `needs_revision`, and `reject`. | + +## Fix Plan + +- Keep the external CodeRabbit response in this `*-external-review-response.md` + artifact. +- Keep internal sub-agent review evidence in + `WS-POL-001-01-internal-review-evidence.md`. +- Apply only the wording consolidation requested by CodeRabbit. +- Re-run affected internal reviewer tracks before pushing. + +## Out-of-Scope Items To Defer + +None. + +## Evidence After Fixes + +```bash +gh pr view 26 --json number,title,state,isDraft,url,reviewDecision,reviews,comments,statusCheckRollup +python3 scripts/check_internal_review_evidence.py +python3 scripts/check_loop_memory_state.py +python3 scripts/workstream_agent_gate.py --base origin/main --head HEAD --format json +python3 scripts/check_markdown_links.py +python3 scripts/check_stale_workstream_wording.py +git diff --check +``` + +Final GitHub state after push: + +```text +agent-gates: pass +backend test: pass +week1 demo UI: pass +CodeRabbit status: pass +CodeRabbit manual trigger: review finished, no new actionable findings posted +``` diff --git a/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-internal-review-evidence.md b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-internal-review-evidence.md new file mode 100644 index 0000000..0063cb9 --- /dev/null +++ b/.agent-loop/initiatives/WS-POL-001-submission-artifact-policy-foundation/reviews/WS-POL-001-01-internal-review-evidence.md @@ -0,0 +1,70 @@ +# Internal Review Evidence: WS-POL-001-01 + +## Chunk + +WS-POL-001-01 + +open sub-agent sessions: none + +valid findings addressed: yes + +## Reviewed Revision + +Reviewed code SHA: 0b94c7df1fb1fa2a9df926ddfd5cb81404bb448c + +Reviewed at: 2026-06-22T19:16:02Z + +Reviewer run IDs: 019eee8c-5c09-7603-bae4-2b2bc60f8dd3, 019eee8e-55e6-75b0-92dd-f5c44f80ad7b, 019eee91-1ff6-7552-8ce4-06a48f0ffac9, 019eee94-c99d-72a3-80f5-9b90ddd9c9d3, 019eee9a-b0eb-7020-880f-be0bfa1968f6, 019eeeca-bc88-7ce0-baec-6be4a8ca1f47, 019eeecb-f151-7433-a472-f3bcdaafda8f, 019eef36-6dc2-7e81-9663-8d3a6aec2278, 019eef37-a7cb-7302-84ac-06531bf8b0fb, 019eef3a-3b6c-7a92-a094-15a2f24615ff, 019eef3c-bfbb-7ed1-acb2-112c6d34b455, 019eeff9-e4de-7ae0-a264-3a1d75fda44e, 019eeffe-4448-7242-9196-da135f61e2f0, 019ef004-ef16-7d21-9910-6c397b8c4b6a, 019ef009-355b-7ae0-9236-e5136266fb8b, 019ef00d-8adf-7c63-8023-0187df5f6283, 019ef018-de9a-71d2-beac-bd74a96496df, 019ef046-eff0-79f1-8243-8e52c40805e3, 019ef04b-722f-7e23-90e3-e6dfd66c77c9, 019ef04f-9b1e-7ad2-bbd4-fc86ded065b4, 019ef098-9469-70f0-8396-2177ffadfeee, 019ef0b5-36e5-7d91-aca5-bc8505eb9f00 + +After reviewed SHA `0b94c7df1fb1fa2a9df926ddfd5cb81404bb448c`, only review evidence artifacts changed. + +## Reviewer Results + +| Reviewer | Result | Blocking findings | Notes | +|---|---:|---|---| +| senior engineering | PASS WITH LOW RISKS | None remaining | Planning artifacts are coherent, narrow, and do not start backend implementation. Active planning wording was clarified. | +| qa/test | PASS AFTER FIXES | None remaining | Unsafe unqualified pytest command was removed; remaining verification command uses `WORKSTREAM_TEST_DATABASE_URL` with `workstream_test`. | +| security/auth | PASS WITH LOW RISKS | None remaining | Flow auth boundary, storage-reference safety, non-bypassable defaults, and no blockchain/payment expansion are preserved. Default hash/storage/secret rules were added to the chunk contract. | +| product/ops | PASS WITH LOW RISKS | None remaining | Plan matches intent: ProjectGuide is human-facing, SubmissionArtifactPolicy is machine-readable, defaults are non-bypassable, and worker-facing outcomes stay simple. Stored token wording was clarified. | +| architecture | PASS WITH LOW RISKS | None remaining | Chunk sequencing preserves policy foundation, generated pre-submit policy, submission creation rewiring, and post-submit provenance split. Router/service/repository/schema boundaries were added to the contract. | +| docs | PASS WITH LOW RISKS | None remaining | Markdown links, stale wording, and naming passed after normalizing `PreSubmitCheckerPolicy` as the canonical name. | +| senior engineering | PASS | None | Re-reviewed CodeRabbit wording consolidation; meaning was not weakened. | +| qa/test | PASS | None | Re-reviewed consolidated criteria; no-row, no-version, no-transition, and no-durable-checker-run remain testable. | +| product/ops | PASS | None | Re-reviewed consolidated criteria; worker-facing semantics remain simple and precise. | +| docs | PASS WITH LOW RISKS | None | Re-reviewed consolidated criteria; no adjacent docs required. | +| senior engineering | PASS WITH LOW RISKS | None | Re-reviewed project-owner material, Workstream-derived policy, admin/project_manager approval, activation guard, and pre-submit failure boundary. Low risk captured around keeping chunk 1 scoped to policy provenance/approval, not full derivation workflow. | +| product/ops | PASS WITH LOW RISKS | None | Re-reviewed setup ownership, worker/reviewer boundary, and payment/reputation non-expansion. | +| architecture | PASS WITH LOW RISKS | None | Re-reviewed source-of-truth and chunk-scope boundaries; no blocking boundary violations. | +| qa/test | PASS WITH LOW RISKS | None | Re-reviewed approval provenance, activation guard, and `pre_submission_checker_failed` testability. `approved_by_role` was added to architecture data model after QA noted drift risk. | +| security/auth | PASS WITH LOW RISKS | None | Re-reviewed approval provenance, non-bypassable defaults, role approval boundary, and project-owner material as untrusted input. | +| docs | PASS | None | Re-reviewed canonical docs after stale ownership and pre-submit wording fixes. | + +## Valid Findings Addressed + +- QA/test found an unsafe plain `pytest tests/test_projects.py` command that could target the non-test local database. The contract now uses only `WORKSTREAM_TEST_DATABASE_URL=.../workstream_test`. +- Security/auth requested explicit default policy acceptance criteria for hash rules, storage reference rejection, and default-forbidden secret/token artifacts. Those criteria were added. +- Senior engineering found `WORK_QUEUE.md` could confuse active planning with approved implementation. Loop wording now says active planning and explicitly blocks backend implementation until user approval. +- Product/ops found display wording could drift from stored review decision values. Intent and decisions now state stored values remain exactly `accept`, `needs_revision`, and `reject`. +- Architecture requested explicit responsibility boundaries. The chunk contract now states routers translate HTTP, services own policy/default validation, repositories persist/query, and schemas define IO contracts. +- Docs found `GeneratedPreSubmitCheckerPolicy` could look like a canonical token. The plan now uses canonical `PreSubmitCheckerPolicy` and describes it as generated. +- CodeRabbit found repetitive wording in `WS-POL-001-03` acceptance criteria. The repeated lines were consolidated without changing the no-row, no-version, no-transition, and no-durable-checker-run requirements. +- Human review clarified that project owners should not author `SubmissionArtifactPolicy` directly. Docs now state project owners provide plain-language setup material, Workstream derives `ProjectSubmissionArtifactPolicy`, and `admin` or `project_manager` approves it before guide activation. +- QA requested schema-level testability for approval provenance. The chunk contract and architecture data model now name derivation source, source material refs, approval status, approver role, approver actor, approval timestamp, and approved policy version/hash. +- Docs found canonical/spec drift around pre-submit failures. ADRs, glossary, architecture docs, specs, templates, operating manual, and flow docs now use `pre_submission_checker_failed` with structured pass/fail/warning details and explicitly exclude review decision values. + +## Commands Run + +```bash +python3 scripts/check_loop_memory_state.py +python3 scripts/check_markdown_links.py +python3 scripts/check_stale_workstream_wording.py +python3 scripts/workstream_agent_gate.py --base origin/main --head HEAD --format json +git diff --check +gh pr view 26 --json number,title,state,isDraft,url,reviewDecision,reviews,comments,statusCheckRollup +``` + +## Remaining Risks + +- `WS-POL-001-01` is not approved for backend implementation yet. +- Exact Workstream default submission artifact policy fields remain a human decision before implementation can close. +- Generated `PreSubmitCheckerPolicy` persistence versus derived-on-read remains a human decision for chunk 2. diff --git a/docs/architecture_checker_framework.md b/docs/architecture_checker_framework.md index 49d62bd..6eb4b8c 100644 --- a/docs/architecture_checker_framework.md +++ b/docs/architecture_checker_framework.md @@ -170,7 +170,10 @@ ProjectGuide -> Submission row only when blocking checks pass ``` -`ProjectGuide` is human-facing. `SubmissionArtifactPolicy` is machine-readable and approved by a project admin. Workstream combines that policy with the non-bypassable Workstream default submission artifact policy. +`ProjectGuide` is human-facing. `SubmissionArtifactPolicy` is machine-readable, +derived by Workstream from project owner material, and approved by a Workstream +actor with the `admin` or `project_manager` role. Workstream combines that +policy with the non-bypassable Workstream default submission artifact policy. Workstream default submission artifact rules require: @@ -185,7 +188,12 @@ Workstream default submission artifact rules require: Project policy adds required artifacts, evidence requirements, stricter forbidden artifacts, stricter packaging rules, and project-specific attestation requirements. -The generated `PreSubmitCheckerPolicy` runs before Workstream creates a submission. Blocking failures prevent submission creation and return worker-safe fixes. Pre-submit results do not create durable `CheckerRun` records and do not move a task to `review_pending`. +The generated `PreSubmitCheckerPolicy` runs before Workstream creates a +submission. Blocking failures prevent submission creation and return +`pre_submission_checker_failed` with structured pass/fail/warning details. +Pre-submit results do not create durable `CheckerRun` records, do not move a +task to `review_pending`, and do not return review decision values: `accept`, +`needs_revision`, or `reject`. Pre-submit checks are authoritative for intake. Post-submit checker runs are authoritative for review readiness. diff --git a/docs/architecture_data_model.md b/docs/architecture_data_model.md index 02f7ac6..9bfcf67 100644 --- a/docs/architecture_data_model.md +++ b/docs/architecture_data_model.md @@ -153,6 +153,10 @@ The guide is versioned and human-facing. It contains project instructions, quali Runtime enforcement uses machine-readable policies attached to the guide version. Workstream does not parse guide prose at submission time to decide which artifact checks to run. +Project owners provide setup material in plain language. Workstream derives +machine-readable project policy from that material, then a Workstream actor with +the `admin` or `project_manager` role approves it before the guide can activate. + Every task records the guide version active at creation or screening time before the task enters `READY`. Later source adapters must also lock the guide version during normalization before workers see the task. When a task is claimed or moved to `IN_PROGRESS`, its locked guide and policy context does not change silently. A newer upstream guide version can only affect unclaimed work or a controlled revision path when policy allows it and the audit log records the reason. @@ -181,7 +185,13 @@ Fields: - `required_attestation_terms` - `packaging_rules` - `created_by` +- `derivation_source` +- `source_material_refs` +- `approval_status` +- `approved_policy_hash` +- `approved_by_role` - `approved_by` +- `approved_at` - `created_at` Example: @@ -204,13 +214,20 @@ Example: "artifact_hash_algorithm": "sha256", "allowed_storage_schemes": ["local", "s3", "r2"], "forbidden_artifacts": ["secrets/**", ".env"], + "derivation_source": "workstream_agent", + "source_material_refs": ["project-guide:v1"], + "approval_status": "approved", + "approved_by": "flow-project-manager", + "approved_at": "2026-06-22T12:00:00Z", "packaging_rules": { "archive_required": true } } ``` -Project admins approve this policy. Workers do not supply it. +Workstream derives this policy from project owner material. A Workstream actor +with the `admin` or `project_manager` role approves it. Workers do not supply +it. Project policy can add stricter requirements, but it cannot weaken Workstream's default submission artifact policy. @@ -266,7 +283,11 @@ The generated checker order is deterministic: 8. worker attestation validation 9. low-quality artifact warnings -Blocking pre-submit failures prevent submission creation. A failed blocking pre-submit check creates no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event. +Blocking pre-submit failures prevent submission creation. A failed blocking +pre-submit check returns `pre_submission_checker_failed` with structured +pass/fail/warning details, creates no submission row, no submission version, no +task transition to `submitted`, and no submission-created audit event. It does +not return review decision values. ## PostSubmitCheckerPolicy diff --git a/docs/architecture_lockdown.md b/docs/architecture_lockdown.md index 18d9622..c1402ba 100644 --- a/docs/architecture_lockdown.md +++ b/docs/architecture_lockdown.md @@ -77,9 +77,16 @@ Every active guide version must also have approved machine-readable policies: The guide may summarize or link to those policies, but the policies are the enforcement source. +Project owners provide setup material in plain language. Workstream derives +`ProjectSubmissionArtifactPolicy` from that material, and a Workstream actor +with the `admin` or `project_manager` role approves it before guide activation. + `SubmissionArtifactPolicy` defines what a worker must submit. Workstream combines it with the non-bypassable Workstream default submission artifact policy to create the effective submission artifact policy. Workstream generates `PreSubmitCheckerPolicy` from that effective policy. -Blocking pre-submit failures prevent submission creation. They return worker-safe fixes and create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event. +Blocking pre-submit failures prevent submission creation. They return +`pre_submission_checker_failed` with structured pass/fail/warning details and +create no submission row, no submission version, no task transition to +`submitted`, and no submission-created audit event. Tasks lock to the active guide version at creation or screening time before entering `READY`. Material guide changes require a new guide version. @@ -150,6 +157,7 @@ Use these names consistently: - `EffectiveSubmissionArtifactPolicy` - `PreSubmitCheckerPolicy` - `PostSubmitCheckerPolicy` +- `pre_submission_checker_failed` - `Project activation gate` - `Task screening gate` - `Submission quality gate` diff --git a/docs/current_system_data_flow.html b/docs/current_system_data_flow.html index 8ef365f..c1bd13c 100644 --- a/docs/current_system_data_flow.html +++ b/docs/current_system_data_flow.html @@ -470,8 +470,8 @@

Flow token enters API

2 -

Project guide is drafted

-

The project manager creates the human-facing project guide, submission artifact policy, and all policy context needed before tasks can run.

+

Project guide and policy are prepared

+

The project owner provides guide material and artifact expectations. Workstream derives the submission artifact policy, then an admin or project_manager approves it before tasks can run.

Project ProjectGuide v1 @@ -482,7 +482,7 @@

Project guide is drafted

3

Guide activation locks contract

-

Activation validates submission artifact policy, generated pre-submit policy, registered post-submit checker names, review decisions, revision states, and payment policy.

+

Activation validates approved submission artifact policy, generated pre-submit policy, registered post-submit checker names, review decisions, revision states, and payment policy.

status=active one active guide @@ -514,7 +514,7 @@

Worker claims and starts

6

Pre-submit intake checks run

-

Workstream runs generated pre-submit checks from the effective submission artifact policy before creating a submission row.

+

Workstream runs generated pre-submit checks from the effective submission artifact policy before creating a submission row. Blocking failures return pre_submission_checker_failed with pass/fail/warning details.

no submission yet no checker run yet diff --git a/docs/decision_0003_project_guides_are_first_class.md b/docs/decision_0003_project_guides_are_first_class.md index 9e82413..655b4af 100644 --- a/docs/decision_0003_project_guides_are_first_class.md +++ b/docs/decision_0003_project_guides_are_first_class.md @@ -40,7 +40,7 @@ Project guide activation requires the guide plus its required policy context bef - revision policy - payment policy -The project-admin-approved submission artifact policy defines what workers must submit. Workstream combines it with non-bypassable Workstream default artifact rules to create the effective submission artifact policy. Workstream then generates the pre-submit checker policy from that effective policy. +The Workstream-derived submission artifact policy defines what workers must submit. Project owners provide plain-language setup material; a Workstream actor with the `admin` or `project_manager` role approves the machine policy. Workstream combines that policy with non-bypassable Workstream default artifact rules to create the effective submission artifact policy. Workstream then generates the pre-submit checker policy from that effective policy. Blocking pre-submit failures prevent submission creation. They do not create durable post-submit checker runs and they do not create human review decisions. diff --git a/docs/decision_0011_submission_artifact_policy_drives_pre_submit.md b/docs/decision_0011_submission_artifact_policy_drives_pre_submit.md index a514ac6..41fe7b9 100644 --- a/docs/decision_0011_submission_artifact_policy_drives_pre_submit.md +++ b/docs/decision_0011_submission_artifact_policy_drives_pre_submit.md @@ -16,7 +16,18 @@ Workstream also needs platform-owned default submission safety rules that no pro Every active project guide version must have an approved `SubmissionArtifactPolicy`. -`SubmissionArtifactPolicy` is the project-admin-approved machine-readable contract for worker submissions. It defines: +Project owners provide project setup material in plain language: project purpose, +guide material, task examples, expected outputs, acceptance criteria, rejection +criteria, review rubric, required skills, confidentiality constraints, base +payout or payment policy inputs, and artifact expectations. They do not author +Workstream's machine-readable policy schema directly. + +Workstream derives `ProjectSubmissionArtifactPolicy` from that material, using +internal agent assistance where useful. A Workstream actor with the `admin` or +`project_manager` role must review and approve the derived policy before guide +activation. + +`SubmissionArtifactPolicy` is the Workstream-derived, admin-or-project-manager-approved machine-readable contract for worker submissions. It defines: - required artifacts - required evidence references @@ -31,6 +42,11 @@ Workstream owns a default submission artifact policy. Every project inherits it. Project policy can add stricter requirements, but it cannot remove, weaken, downgrade, or bypass Workstream defaults. +Approval provenance is part of the policy contract. A policy record must make +approval testable with source/provenance state such as derivation source, +approval status, approver actor, approval timestamp, and approved policy +version/hash. + The runtime contract is: ```text @@ -49,7 +65,9 @@ Blocking pre-submit failures prevent submission creation. When blocking pre-subm - no submission version is assigned - no task transition to `submitted` occurs - no submission-created audit event is written -- the response returns worker-safe checker feedback +- the response returns `pre_submission_checker_failed` +- the response includes structured pass/fail/warning details +- the response does not use review decision values: `accept`, `needs_revision`, or `reject` Pre-submit checks are authoritative for submission intake. They are not authoritative proof for human review readiness. Review readiness still requires post-submit internal checker runs against a locked submission. diff --git a/docs/glossary.md b/docs/glossary.md index 1d999de..ebbe297 100644 --- a/docs/glossary.md +++ b/docs/glossary.md @@ -8,6 +8,10 @@ Flow's task evaluation and contribution infrastructure: the system for project g A configured work program with its own human-facing guide, submission artifact policy, checker policies, review policy, revision policy, payment policy, and queue. +## Project Owner + +The external or internal organization that provides project setup material in plain language: project purpose, guide material, examples, expected outputs, acceptance criteria, rejection criteria, review rubric, required skills, confidentiality constraints, base payout or payment policy inputs, and artifact expectations. The project owner does not author Workstream's machine-readable policy schema directly. + ## Source Where a task came from. In v0.1, sources are manual creation, controlled markdown import, or controlled CSV import. @@ -22,7 +26,7 @@ The human-facing operating guide for a project. It contains the project instruct ## Submission Artifact Policy -The project-admin-approved machine-readable contract for what a worker must submit. It defines required artifacts, evidence requirements, artifact hash requirements, allowed storage reference forms, forbidden artifacts, attestation requirements, and project-specific packaging rules. It can add or tighten requirements, but it cannot weaken Workstream's default submission artifact rules. +The Workstream-derived, admin-or-project-manager-approved machine-readable contract for what a worker must submit. It is derived from project owner material, reviewed by a Workstream actor with the `admin` or `project_manager` role, and attached to a project guide version. It defines required artifacts, evidence requirements, artifact hash requirements, allowed storage reference forms, forbidden artifacts, attestation requirements, and project-specific packaging rules. It can add or tighten requirements, but it cannot weaken Workstream's default submission artifact rules. ## Effective Submission Artifact Policy @@ -30,7 +34,11 @@ The deterministic merge of Workstream's default submission artifact policy and t ## Pre-Submit Checker Policy -The server-generated checker matrix produced from the effective submission artifact policy. It runs before Workstream creates a submission row or submission version. Blocking failures return worker-safe fixes and prevent submission creation. +The server-generated checker matrix produced from the effective submission artifact policy. It runs before Workstream creates a submission row or submission version. Blocking failures return `pre_submission_checker_failed` with structured pass/fail/warning details, prevent submission creation, and do not return review decision values: `accept`, `needs_revision`, or `reject`. + +## pre_submission_checker_failed + +The worker-facing pre-submit failure code returned before a submission exists. It includes structured pass/fail/warning details and is not a review decision. It must not be stored as `accept`, `needs_revision`, or `reject`. ## Task diff --git a/docs/operations_project_operating_manual.md b/docs/operations_project_operating_manual.md index 765b070..a016604 100644 --- a/docs/operations_project_operating_manual.md +++ b/docs/operations_project_operating_manual.md @@ -29,7 +29,8 @@ Before releasing tasks: - currency configured - allowed task types listed - required task fields listed -- submission artifact policy approved +- project owner setup material captured +- submission artifact policy derived by Workstream and approved by `admin` or `project_manager` - generated pre-submit checker policy created from the effective submission artifact policy - post-submit checker policy attached - review policy attached @@ -42,7 +43,7 @@ Before releasing tasks: ### Project Activation Gate -A project cannot become active unless guide, submission artifact policy, generated pre-submit checker policy, post-submit checker policy, review policy, revision policy, and payment policy are present. +A project cannot become active unless guide, approved submission artifact policy, generated pre-submit checker policy, post-submit checker policy, review policy, revision policy, and payment policy are present. ### Task Screening Gate @@ -97,7 +98,7 @@ Before accepting a submission packet: - revision replay exists when task was previously `NEEDS_REVISION` - effective submission artifact policy is loaded - generated pre-submit checker policy runs -- blocking pre-submit failures return worker-safe fixes +- blocking pre-submit failures return `pre_submission_checker_failed` with structured pass/fail/warning details - no submission row is created until blocking pre-submit checks pass ## Reviewer Simulation Gate diff --git a/docs/operations_workspace_packet_convention.md b/docs/operations_workspace_packet_convention.md index 2d4d0e3..aeb4403 100644 --- a/docs/operations_workspace_packet_convention.md +++ b/docs/operations_workspace_packet_convention.md @@ -8,7 +8,8 @@ Workstream does not need to own the execution workspace, but it must define what ## Project-Level Convention -Every project defines an approved `SubmissionArtifactPolicy`: +Every project has an approved `SubmissionArtifactPolicy` derived by Workstream +from project owner material: ```text required_artifacts @@ -64,7 +65,7 @@ A packet is not ready unless: Some projects need final work in a paste-ready form. Others need a zip, artifact bundle, markdown packet, or review file. -The project guide explains the canonical form to humans. The approved `SubmissionArtifactPolicy` enforces the artifact, evidence, hash, and packaging rules. +The project guide explains the canonical form to humans. The approved `SubmissionArtifactPolicy` enforces the artifact, evidence, hash, and packaging rules. Project owners do not author this machine policy schema directly. ## Why This Matters diff --git a/docs/product_first_user_flows.md b/docs/product_first_user_flows.md index d787057..1ddc3a7 100644 --- a/docs/product_first_user_flows.md +++ b/docs/product_first_user_flows.md @@ -5,19 +5,21 @@ The first user flows prove that Workstream can run real work from intake to acce ## Flow 1: Admin Creates A Project 1. Admin creates project. -2. Admin adds guide. -3. Admin sets base amount. -4. Admin approves submission artifact policy. -5. Workstream generates pre-submit checker policy. -6. Admin enables post-submit checker policy. -7. Admin enables review policy. -8. Admin enables revision policy. -9. Admin enables payment policy. -10. Project becomes active. +2. Project owner provides guide material, examples, expected outputs, review rubric, artifact expectations, and payment policy inputs. +3. Admin or project_manager adds the guide. +4. Workstream derives project submission artifact policy from the project owner material. +5. Admin or project_manager reviews and approves the submission artifact policy. +6. Workstream generates pre-submit checker policy. +7. Admin or project_manager enables post-submit checker policy. +8. Admin or project_manager enables review policy. +9. Admin or project_manager enables revision policy. +10. Admin or project_manager enables payment policy. +11. Project becomes active. Acceptance: - Project cannot become active without guide, base amount, submission artifact policy, generated pre-submit checker policy, post-submit checker policy, review policy, revision policy, and payment policy. +- Submission artifact policy is Workstream-derived and approved by `admin` or `project_manager`; project owners do not author the machine policy schema directly. - Submission artifact, checker, review, revision, and payment policies are visible on the project page. ## Flow 2: Operator Creates A Task @@ -42,13 +44,14 @@ Acceptance: 3. Worker attaches evidence. 4. Worker writes submission notes. 5. Workstream runs pre-submit checks generated from the effective submission artifact policy. -6. Blocking pre-submit failures return worker-safe fixes and create no submission. +6. Blocking pre-submit failures return `pre_submission_checker_failed` with structured pass/fail/warning details and create no submission. 7. When blocking pre-submit checks pass, Worker submits packet. 8. Task enters `SUBMITTED`. Acceptance: - Submission cannot be created when blocking pre-submit checks fail. +- Blocking pre-submit failures are not review decisions and never return `accept`, `needs_revision`, or `reject`. - Submission cannot be created without required artifacts, evidence references, hashes, and worker attestation defined by the effective submission artifact policy. - Submission packet is immutable after checks start. diff --git a/docs/spec_chunk_5_submission_packet_foundation.md b/docs/spec_chunk_5_submission_packet_foundation.md index 3817be1..ac71a88 100644 --- a/docs/spec_chunk_5_submission_packet_foundation.md +++ b/docs/spec_chunk_5_submission_packet_foundation.md @@ -163,7 +163,7 @@ Chunk 5 writes task audit events with submission identifiers in `event_payload`. - worker-provided guide or policy version fields are rejected by the API schema - worker-provided submission version fields are rejected by the API schema - worker-provided checker names, checker outcomes, evidence ids, and checker run ids are rejected by the API schema -- blocking pre-submit failures return structured worker-safe feedback and create no submission row, no submission version, no task transition to `SUBMITTED`, and no submission-created audit event +- blocking pre-submit failures return `pre_submission_checker_failed` with structured pass/fail/warning details and create no submission row, no submission version, no task transition to `SUBMITTED`, and no submission-created audit event - Workstream stamps locked guide and policy versions from task context - task moves to `SUBMITTED` - submitted packet can be locked before checker execution diff --git a/docs/spec_chunk_6_checker_contract_records.md b/docs/spec_chunk_6_checker_contract_records.md index 3829fc6..0341d1e 100644 --- a/docs/spec_chunk_6_checker_contract_records.md +++ b/docs/spec_chunk_6_checker_contract_records.md @@ -211,9 +211,16 @@ Response fields: Pre-submit feedback binds to `task_id`, the task's locked guide version, the approved submission artifact policy context, draft packet fields, package hash, and artifact manifest shape. It does not require a locked `submission_id` or locked submission version because those do not exist before submission creation. -Blocking pre-submit failures prevent submission creation. They create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event. - -Pre-submit results are not authoritative for `REVIEW_PENDING` and cannot create `NEEDS_REVISION`. Only post-submit runs against locked submissions can produce routing recommendations for `REVIEW_PENDING` or user-facing `needs_revision`. +Blocking pre-submit failures prevent submission creation. They return +`pre_submission_checker_failed` with structured pass/fail/warning details, +create no submission row, no submission version, no task transition to +`submitted`, and no submission-created audit event. + +Pre-submit results are not authoritative for `REVIEW_PENDING`, cannot create +`NEEDS_REVISION`, and do not return review decision values: `accept`, +`needs_revision`, or `reject`. Only post-submit runs against locked submissions +can produce routing recommendations for `REVIEW_PENDING` or user-facing +`needs_revision`. ## User-Facing Revision Rule diff --git a/docs/spec_chunk_7_checker_runner_registry.md b/docs/spec_chunk_7_checker_runner_registry.md index fba6a6e..c9acca6 100644 --- a/docs/spec_chunk_7_checker_runner_registry.md +++ b/docs/spec_chunk_7_checker_runner_registry.md @@ -138,7 +138,11 @@ For worker-fixable blocking structural failures after submission lock, the run r Chunk 7 records the recommendation only. Chunk 9 applies the lifecycle transition. -Blocking pre-submit failures occur before durable checker runs exist. They prevent submission creation and return worker-safe fixes instead of recording `needs_revision`. +Blocking pre-submit failures occur before durable checker runs exist. They +prevent submission creation and return `pre_submission_checker_failed` with +structured pass/fail/warning details instead of recording `needs_revision`. +They do not return review decision values: `accept`, `needs_revision`, or +`reject`. ## Artifact Manifest Hash @@ -174,7 +178,7 @@ Worker responses must not expose: - checker ORM models are registered in Alembic metadata - partial unique index allows one current run per submission - pre-submit check returns feedback without durable checker rows -- blocking pre-submit failures create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event +- blocking pre-submit failures return `pre_submission_checker_failed`, include structured pass/fail/warning details, create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event - durable checker run works through real authenticated API calls - `check_submission_packet` runs against real submission data - duplicate artifact manifests persist worker-visible checker failures diff --git a/docs/spec_chunk_8_submission_artifact_policy_checkers.md b/docs/spec_chunk_8_submission_artifact_policy_checkers.md index a6d10a4..ae41e00 100644 --- a/docs/spec_chunk_8_submission_artifact_policy_checkers.md +++ b/docs/spec_chunk_8_submission_artifact_policy_checkers.md @@ -211,7 +211,11 @@ WorkstreamDefaultSubmissionArtifactPolicy Workstream defaults are non-bypassable. Project policy can add required artifacts, evidence requirements, stricter forbidden patterns, and packaging rules, but it cannot remove hash requirements, allow unsafe storage references, require forbidden files, or downgrade blocking defaults. -Blocking pre-submit failures prevent submission creation. They create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event. +Blocking pre-submit failures prevent submission creation. They return +`pre_submission_checker_failed` with structured pass/fail/warning details, +create no submission row, no submission version, no task transition to +`submitted`, and no submission-created audit event. They do not return review +decision values: `accept`, `needs_revision`, or `reject`. Durable post-submit checker runs run the canonical default submission-quality checks plus locked checker-policy names: @@ -297,7 +301,7 @@ Safe evidence references mean opaque Workstream evidence ids, sanitized labels, - canonical Chunk 8 checker names are registered - stale Chunk 7 temporary checker names are removed from public docs/templates/tests - pre-submit feedback is generated from the effective submission artifact policy and runs without durable checker records -- blocking pre-submit failures create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event +- blocking pre-submit failures return `pre_submission_checker_failed`, include structured pass/fail/warning details, create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event - Workstream default submission artifact rules cannot be weakened by project policy - durable checker runs persist Chunk 8 checker results - missing required evidence blocks review routing diff --git a/docs/spec_week2_checker_framework.md b/docs/spec_week2_checker_framework.md index 12dc602..9147fc3 100644 --- a/docs/spec_week2_checker_framework.md +++ b/docs/spec_week2_checker_framework.md @@ -71,9 +71,14 @@ Pre-submit static checks run before Workstream creates a submission. They are ge - storage reference safety - task assignment and state compatibility -Blocking pre-submit failures prevent submission creation. They create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event. - -Pre-submit failures do not create review decisions and do not create durable post-submit checker runs. +Blocking pre-submit failures prevent submission creation. They return +`pre_submission_checker_failed` with structured pass/fail/warning details, +create no submission row, no submission version, no task transition to +`submitted`, and no submission-created audit event. + +Pre-submit failures do not create review decisions, do not return `accept`, +`needs_revision`, or `reject`, and do not create durable post-submit checker +runs. Post-submit internal checks run after a submission is created and locked. These checks are the source of truth for review gating. They run from Workstream-owned services, use locked task guide and policy context, and persist durable checker runs/results. diff --git a/docs/template_checker_policy.md b/docs/template_checker_policy.md index 5ac107a..aa3f14e 100644 --- a/docs/template_checker_policy.md +++ b/docs/template_checker_policy.md @@ -55,7 +55,10 @@ EffectiveSubmissionArtifactPolicy = + ProjectSubmissionArtifactPolicy ``` -Blocking pre-submit failures prevent submission creation and do not create durable `CheckerRun` records. +Blocking pre-submit failures prevent submission creation, return +`pre_submission_checker_failed` with structured pass/fail/warning details, do +not create durable `CheckerRun` records, and do not return review decision +values: `accept`, `needs_revision`, or `reject`. ## Checker Registry Fields diff --git a/docs/template_project_guide.md b/docs/template_project_guide.md index 54410b7..59f5dae 100644 --- a/docs/template_project_guide.md +++ b/docs/template_project_guide.md @@ -116,6 +116,11 @@ Every active guide version must have: Artifact requirements shown to workers are derived from the approved `SubmissionArtifactPolicy`. The guide may summarize those requirements, but the policy is the enforcement source. +Project owners provide this guide material and artifact expectations in +plain language. Workstream derives `ProjectSubmissionArtifactPolicy` from that +material, and a Workstream actor with the `admin` or `project_manager` role +approves it before guide activation. + ## Known Checker Blind Spots - ``: diff --git a/docs/template_submission_artifact_policy.md b/docs/template_submission_artifact_policy.md index 0c3c880..7b54442 100644 --- a/docs/template_submission_artifact_policy.md +++ b/docs/template_submission_artifact_policy.md @@ -12,6 +12,38 @@ `v1` +## Source Material + +Project owners provide setup material in plain language. Workstream derives this +policy from that material; project owners do not author the machine-readable +schema directly. + +Required project-owner intake material: + +- project purpose: +- guide material or documentation references: +- task inputs: +- expected outputs: +- examples of good submissions: +- examples of bad submissions: +- acceptance criteria: +- rejection criteria: +- review rubric: +- required skills: +- confidentiality constraints: +- base payout or payment policy inputs: +- artifact expectations: + +## Approval Provenance + +- derivation source: `manual | workstream_agent | import_adapter` +- source material refs: +- approval status: `draft | approved | superseded` +- approved policy hash: +- approved by role: `admin | project_manager` +- approved by actor: +- approved at: + ## Workstream Default Rules Every project inherits Workstream default submission artifact rules. Project policy can add stricter requirements, but it cannot remove, weaken, downgrade, or bypass these defaults. @@ -97,6 +129,10 @@ WorkstreamDefaultSubmissionArtifactPolicy Generated pre-submit checks run before submission creation. Blocking failures create no submission row, no submission version, no task transition to `submitted`, and no submission-created audit event. +Blocking failures return `pre_submission_checker_failed` with structured +pass/fail/warning details. They do not return review decision values: +`accept`, `needs_revision`, or `reject`. + Expected generated checks: - packet shape @@ -112,6 +148,7 @@ Expected generated checks: ## Approval - created by: -- approved by: +- approved by role: `admin | project_manager` +- approved by actor: - effective at: - change summary: diff --git a/docs/template_submission_packet.md b/docs/template_submission_packet.md index ce07fcb..b8a86d4 100644 --- a/docs/template_submission_packet.md +++ b/docs/template_submission_packet.md @@ -28,7 +28,11 @@ List files, links, packages, or deliverables. Workstream derives the locked project guide version, submission artifact policy version, generated pre-submit checker policy hash, post-submit checker policy version, review policy version, revision policy version, and payment policy version from the task and server-side project policy records. The worker does not provide those versions in the submission packet. -Workstream runs generated pre-submit checks before creating the submission. Blocking failures return worker-safe fixes and create no submission row, no submission version, and no submission-created audit event. +Workstream runs generated pre-submit checks before creating the submission. +Blocking failures return `pre_submission_checker_failed` with structured +pass/fail/warning details, create no submission row, no submission version, and +no submission-created audit event, and do not return review decision values: +`accept`, `needs_revision`, or `reject`. ## Artifact Hash Manifest