Danijel Martinek
c17d3f147d
Decomposer produced 9 stories under docs/work/2026-05-14-ci- security-and-supply-chain/, ordered to land the schema foundation first and the cross-referencing content (reviewer prompt, guide) last: 01 - trace schema extensions (socketRisk + lastRevalidated) 02 - Socket integration (skill + CI) 03 - Renovate adoption 04 - major-bump re-evaluation flow 05 - trace revalidation workflow 06 - CodeQL + audit signatures 07 - gitleaks pre-commit 08 - reviewer prompt update 09 - CI security guide + docs Also fixes a one-char status typo in the PRD frontmatter (\`appoved\` -> \`approved\`) that landed with the decompose run. Anchored by ADR-023 + the approved PRD at docs/work/prds/2026-05-14-ci-security-and-supply-chain.prd.md. Sequencing: depends on stories 01/02/04/06 of the in-flight library-evaluation epic landing first.
docs/work — the local task system
Filesystem-backed Epic/Story/Task hierarchy used by AI agents and humans alike.
See docs/architecture/agent-first-workflow-and-conformance.md for the full
design. Until the work-system-v1 epic ships orchestration tooling, this
folder is human-driven — agents read the files for context, humans flip
checkboxes.
Layout
prds/<date>-<slug>.prd.md— source PRDs<epic-slug>/_epic.md— one folder per epic<epic-slug>/<story-slug>/_story.md— one folder per story<epic-slug>/<story-slug>/<task-slug>.task.md— one file per task_templates/— copy-paste templates (added in work-system-v1)_state.json— derived index (added in work-system-v1)
PRD lifecycle
PRD status frontmatter field: draft → in-review → approved → shipped.
- draft → in-review — author flips when ready for review (manual)
- in-review → approved — human reviewer flips on acceptance (manual)
- approved → shipped — auto-flipped by
pnpm work prd-ship <prd-id>when the seed epic finishes. The state-builder surfaces this signal under_state.json→needs_prd_ship[]so the orchestrator (or a reviewer running the sandcastle workflow) can act on it.
The decomposer refuses to run on draft PRDs. Once approved, the seed epic is generated; once the epic completes, the PRD is automatically flipped to shipped along with its commit list.