Danijel Martinek
756e36c720
The previous layout placed epic folders directly under docs/work/
alongside prds/ and _system/. Tightening: epics now live in their
own docs/work/epics/ subfolder, peer to prds/ and _system/. Same
shape as the existing prds/ bucket.
Final docs/work/ layout:
README.md
prds/<slug>.prd.md
_system/_state.json
epics/<slug>/_epic.md + <story-folder>/_story.md
Renames (git mv preserves history):
- docs/work/binder-wrap-helper/
-> docs/work/epics/binder-wrap-helper/
- docs/work/library-evaluation-policy/
-> docs/work/epics/library-evaluation-policy/
- docs/work/ci-security-and-supply-chain/
-> docs/work/epics/ci-security-and-supply-chain/
Tooling updates:
- state-builder.mjs walks workRoot/epics/ directly; SKIP_FOLDERS
obsoleted (no more sibling folders to filter out).
- dispatch.mjs's findNextTask, tickStoryBulletInEpic, and
flipEpicDoneIfAllStoriesDone all join with "epics" segment.
- prd-ship.mjs's deriveShippingCommits walks workRoot/epics/ and
git-logs docs/work/epics/<epic>/.
- decomposer.prompt.md emits epics under docs/work/epics/<epic-id>/.
- handoff + grill-with-docs glossary references updated.
- Glossary entry for Epic updated.
Reserved future shape: when a task-tracker integration (ClickUp,
Linear) ships, the epics/ subfolder hosts <task-id>-<slug>/
folders. Today it just hosts bare slugs.
1.8 KiB
1.8 KiB
id, prd, title, type, status, features, created, updated
| id | prd | title | type | status | features | created | updated | |||
|---|---|---|---|---|---|---|---|---|---|---|
| library-evaluation-policy | docs/work/prds/library-evaluation-policy.prd.md | Library evaluation policy — skill, traces, enforcement stack | epic | done |
|
2026-05-14T00:00:00Z | 2026-05-14T19:21:52.308Z |
Goal
Implement a four-layer enforcement stack — Claude hook, skill, pre-commit hook, sandcastle reviewer prompt — that makes every new runtime dependency in a feature- or core-tier package produce a permanent library trace at docs/library-decisions/<YYYY-MM-DD>-<package-name>.md. Rejection traces are first-class records. Codifies ADR-022.
Why
The repo's narrow third-party surface is uncodified. New dependencies enter via pnpm add with no checkpoint. Three signals exposed the gap: a near-miss adding a build-time-only library, post-hoc ADR records (002/014/017), and a silent EU-data-residency risk from US-only SaaS defaults. The enforcement stack mirrors the 5-gate conformance pattern — same vocabulary, same agent feedback loop.
Stories
- 01 — Trace schema module + docs/library-decisions/ foundation
- 02 — Pre-commit check script
- 03 — Claude PreToolUse / PostToolUse hooks
- 04 — evaluate-library skill
- 05 — Human guide: docs/guides/adding-a-library.md
- 06 — Sandcastle reviewer prompt update
- 07 — Generator pre-shipped traces for optional cores
- 08 — Backfill traces for existing runtime deps
- 09 — CLAUDE.md Key Conventions bullet