You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Require review-scope accounting before broad audit completion
Broad review and review-and-fix sessions need a runtime-owned scope ledger so a single closed finding cannot silently stand in for a full declared audit. This change adds structured scope declarations, worker/final-review ledgers, completion and recovery gates, OpenCode/prompt contract exposure, and regression coverage while preserving narrow implementation-mode one-file completions.
Constraint: Add audit-scope completion accounting without requiring edits to every declared target file
Constraint: Keep final-review reviewedSurfaces artifact-derived rather than turning it into whole-audit scope
Constraint: Keep zod aligned with @opencode-ai/plugin; no dependency-version changes
Rejected: Treat broad review completion as mutation-count coverage | legitimate audits may fix one file while accounting for reviewed, deferred, out-of-scope, or blocked targets
Rejected: Infer audit breadth from natural-language goals at completion time | structured reviewScope/fileTargets give the runtime an auditable source of truth
Rejected: Let failed historical attempts satisfy final finding-closed scope entries | rejected attempts can contain unsupported closure refs and must not become completion evidence
Confidence: high
Scope-risk: moderate
Directive: For review and review_and_fix plans, declare scope explicitly and close it with reviewScopeLedger; use deferred, out_of_scope, or blocked for honest residual-risk accounting rather than narrowing silently
Tested: bun run check; prior fresh bun run lint, bun run typecheck, and bun test passed with 543 pass, 0 fail, 1 snapshot
Not-tested: Live GitHub-hosted CI/release workflow for tag v2.0.11 before push
Copy file name to clipboardExpand all lines: CHANGELOG.md
+23Lines changed: 23 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,29 @@
2
2
3
3
## [Unreleased]
4
4
5
+
## [2.0.11] - 2026-05-06
6
+
7
+
Require review-scope accounting before broad audit completion
8
+
9
+
Flow 2.0.11 hardens broad review and review-and-fix workflows with a runtime-owned review scope ledger. Review-shaped plans must now declare an effective scope through `reviewScope` or `fileTargets`, and final completion cannot reduce a full audit request to one closed finding unless every declared target is accounted as reviewed with no findings, finding closed, deferred, out of scope, or blocked with evidence and residual risk.
10
+
11
+
The release keeps artifact-derived final-review coverage separate from audit-scope closure. `reviewScopeLedger` is carried through worker results, execution history, and final reviewer approvals, while implementation-mode one-file workflows remain valid without the new ledger. Historical completed feature closures can satisfy final review-and-fix scope where appropriate, but failed historical attempts cannot be cited as completion evidence.
12
+
13
+
The OpenCode adapter, descriptors, prompt contracts, recovery guidance, generated completion-gate projections, architecture notes, and prompt snapshots now surface the new scope-accounting contract. Regression coverage models broad one-file fixes, multi-feature historical closures, failed-attempt evidence rejection, plan scope requirements, effective scope-id collisions, and the preserved implementation-mode path.
14
+
15
+
Constraint: Add audit-scope completion accounting without requiring edits to every declared target file
16
+
Constraint: Keep final-review `reviewedSurfaces` artifact-derived; do not overload it into a whole-audit ledger
17
+
Constraint: Keep `zod` aligned with `@opencode-ai/plugin`; no dependency-version changes in this patch
18
+
Rejected: Treat broad review completion as mutation-count coverage | legitimate audits may fix one file while still reviewing or deferring the rest of the declared scope
19
+
Rejected: Infer audit breadth from natural-language goals at completion time | structured `reviewScope` / `fileTargets` gives the runtime an auditable source of truth
20
+
Rejected: Let failed historical attempts satisfy final reviewer `finding_closed` scope entries | rejected attempts can contain unsupported closure refs and must not become completion evidence
21
+
Confidence: high
22
+
Scope-risk: moderate
23
+
Reversibility: clean
24
+
Directive: For `review` and `review_and_fix` plans, declare scope explicitly and close it with `reviewScopeLedger`; use `deferred`, `out_of_scope`, or `blocked` for honest residual-risk accounting rather than narrowing silently
25
+
Tested: `bun run lint`; `bun run typecheck`; `bun test` (543 pass, 0 fail, 1 snapshot, 17064 expect calls); Oracle review follow-ups fixed and revalidated with targeted completion, final-review, prompt, plan, schema, protocol, recovery, and snapshot suites
26
+
Not-tested: Live GitHub-hosted CI/release workflow runs for tag `v2.0.11` before push
Require review-scope accounting before broad audit completion
4
+
5
+
Flow 2.0.11 hardens broad review and review-and-fix workflows with a runtime-owned review scope ledger. Review-shaped plans must now declare an effective scope through `reviewScope` or `fileTargets`, and final completion cannot reduce a full audit request to one closed finding unless every declared target is accounted as reviewed with no findings, finding closed, deferred, out of scope, or blocked with evidence and residual risk.
6
+
7
+
The release keeps artifact-derived final-review coverage separate from audit-scope closure. `reviewScopeLedger` is carried through worker results, execution history, and final reviewer approvals, while implementation-mode one-file workflows remain valid without the new ledger. Historical completed feature closures can satisfy final review-and-fix scope where appropriate, but failed historical attempts cannot be cited as completion evidence.
8
+
9
+
The OpenCode adapter, descriptors, prompt contracts, recovery guidance, generated completion-gate projections, architecture notes, and prompt snapshots now surface the new scope-accounting contract. Regression coverage models broad one-file fixes, multi-feature historical closures, failed-attempt evidence rejection, plan scope requirements, effective scope-id collisions, and the preserved implementation-mode path.
10
+
11
+
Constraint: Add audit-scope completion accounting without requiring edits to every declared target file
12
+
Constraint: Keep final-review `reviewedSurfaces` artifact-derived; do not overload it into a whole-audit ledger
13
+
Constraint: Keep `zod` aligned with `@opencode-ai/plugin`; no dependency-version changes in this patch
14
+
Rejected: Treat broad review completion as mutation-count coverage | legitimate audits may fix one file while still reviewing or deferring the rest of the declared scope
15
+
Rejected: Infer audit breadth from natural-language goals at completion time | structured `reviewScope` / `fileTargets` gives the runtime an auditable source of truth
16
+
Rejected: Let failed historical attempts satisfy final reviewer `finding_closed` scope entries | rejected attempts can contain unsupported closure refs and must not become completion evidence
17
+
Confidence: high
18
+
Scope-risk: moderate
19
+
Reversibility: clean
20
+
Directive: For `review` and `review_and_fix` plans, declare scope explicitly and close it with `reviewScopeLedger`; use `deferred`, `out_of_scope`, or `blocked` for honest residual-risk accounting rather than narrowing silently
21
+
Tested: `bun run lint`; `bun run typecheck`; `bun test` (543 pass, 0 fail, 1 snapshot, 17064 expect calls); Oracle review follow-ups fixed and revalidated with targeted completion, final-review, prompt, plan, schema, protocol, recovery, and snapshot suites
22
+
Not-tested: Live GitHub-hosted CI/release workflow runs for tag `v2.0.11` before push
- Returns the canonical runtime response describing the active feature or why nothing is runnable.`,
44
44
flow_run_complete_feature: `## Use when
45
45
- Use only after the required validation for the current path is complete: targeted validation plus feature review for normal features, or broad validation plus the final review required by deliveryPolicy.finalReviewPolicy (detailed cross-feature by default) for the completion path.
46
+
- For review/review_and_fix completion paths, include reviewScopeLedger accounting for every declared review scope target/domain.
46
47
- Provide the full worker result fields directly as this tool's arguments.
0 commit comments