Skip to content

[spdd] Daily spec work plan - 2026-07-03 #43243

Description

@github-actions

Summary

Batch 4 of 26 (rotation index 4). Five Draft specs reviewed: model-alias-specification.md, repository-package-manifest-specification.md, safe-outputs-specification.md, github-mcp-access-control-specification.md, and guard-policies-specification.md. All have gaps in Safeguards, Sync Notes, or Norms; one is still proposal-grade and needs structural promotion.


Priority Work Queue

P0

  • guard-policies-specification.md is a proposal doc; promote to formal spec (Conformance + Safeguards sections) before implementation can be verified.
  • repository-package-manifest-specification.md has no Safeguards/Norms; atomic-write and rollback safety are unspecified.

P1

  • safe-outputs-specification.md §11: Cache-memory branch reconciliation algorithm is undefined (cross-integrity read behaviour).
  • model-alias-specification.md §13: Max alias recursion depth is unstated; overflow error code missing.
  • github-mcp-access-control-specification.md §11: Compliance test fixtures referenced but not created.

P2

  • Norms language in model-alias-specification.md §15 needs RFC 2119 keywords.
  • guard-policies-specification.md: Deprecation policy for legacy repos field is informal.

SPDD Checklist

  • [/spdd-generate] scratchpad/guard-policies-specification.md — Add ## Conformance, ## Entities, and ## Safeguards sections (≥3 MUST each) to match W3C-style structure. Done when document mirrors github-mcp-access-control-specification.md format.
  • [/spdd-generate] docs/src/content/docs/specs/repository-package-manifest-specification.md — Add ## 10. Safeguards covering atomic-write guarantee, rollback on failure, and filesystem permission errors. Done when §5.1 and §5.3 each cross-reference Safeguards.
  • [/spdd-generate] docs/src/content/docs/specs/repository-package-manifest-specification.md — Add ## 11. Norms with ≥4 SHOULD/MUST-NOT rules for naming, description length, and orphan-file warnings. Done when all informal SHOULD warn prose in §7 maps to a normative rule.
  • [/spdd-analysis] docs/src/content/docs/specs/safe-outputs-specification.md §11 — Define a normative decision table for cross-integrity cache reads (approved run reading unapproved branch). Done when §11 contains a MUST-level algorithm.
  • [/spdd-reasons-canvas] docs/src/content/docs/specs/model-alias-specification.md §13 — Add a MUST requirement naming the max recursion depth integer and the error code on overflow. Done when §13 contains a concrete limit and a test case ID.
  • [/spdd-generate] scratchpad/github-mcp-access-control-specification.md §11 — Create ≥5 compliance fixture stubs in specs/ covering exact-match allow, wildcard deny, role-deny, private-repo block, integrity-level block. Done when §11 links to those files.
  • [/spdd-sync] scratchpad/guard-policies-specification.md — Add ## Sync Notes citing pkg/workflow/mcp_github_config.go, pkg/workflow/safeoutputs_guard_policy_test.go, and deprecated repos migration path. Done when ≥2 Go paths are referenced.
  • [/spdd-reasons-canvas] docs/src/content/docs/specs/repository-package-manifest-specification.md §4.8 — Add MUST NOT path-traversal rule for files entries. Done when §4.8 explicitly prohibits ../ patterns.
  • [/spdd-sync] docs/src/content/docs/specs/model-alias-specification.md §14 — Expand Sync Notes stubs with ≥2 Go source file paths for alias resolution and parameter parsing.

Per-Spec Findings

model-alias-specification.md (v1.2.0)
  • R: ABNF grammar solid; missing max recursion depth + overflow error code.
  • A: Multi-layer merge clear; glob ranking tie-break undefined.
  • N/S (Safeguards): §15 Norms only 2 lines; §13 loop detection lacks depth integer.
repository-package-manifest-specification.md (v0.2.0)
  • R: R-PKG-U001..U004 and R-PKG-R001..R004 strong; missing path-traversal guard on files.
  • S/N (Structure/Norms): No Safeguards section; atomic-write and rollback requirements are prose only.
safe-outputs-specification.md (v1.24.0)
  • E: IntegrityBranch introduced but branch-selection algorithm not normative.
  • S (Safeguards): §11 Cache Memory Integrity lacks a cross-integrity-read decision table.
github-mcp-access-control-specification.md (v1.1.0)
  • N/S: No dedicated Safeguards section; blocked-users precedence over trusted-users not normative.
  • O: No error-response schema for denied tool calls; §11 compliance fixtures absent.
guard-policies-specification.md (v0.1.0)
  • S (Structure): Proposal format; missing Conformance, Compliance Testing, Safeguards.
  • N: repos deprecation informal; security implications of allowed-repos: all unaddressed.

Sync Follow-ups

  • After promoting guard-policies-specification.md: update pkg/workflow/tools_types.go doc-comments to reference spec version.
  • After adding Safeguards to manifest spec: verify pkg/workflow/compiler_orchestrator_workflow.go honours atomic-write MUST.
  • After specifying §11 cache reconciliation: open follow-up task for safeoutputs processor unit tests.
  • After adding §11 compliance fixtures for MCP access control: wire them into specs/ compliance test discovery.

Context

  • Files reviewed: model-alias-specification.md, repository-package-manifest-specification.md, safe-outputs-specification.md, github-mcp-access-control-specification.md, guard-policies-specification.md
  • Rotation: index 4 of 26 (next run starts at file 21)
  • Run: §28672246360

Generated by 📋 Daily SPDD Spec Planner · 67.5 AIC · ⌖ 7 AIC · ⊞ 4.9K ·

  • expires on Jul 6, 2026, 8:29 AM UTC-08:00

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions