Hare/yoi
1
1
Fork 0
Code Actions Packages Releases Activity

prompt: confine orchestrator integration to orchestration branch

Browse Source
This commit is contained in:
Keisuke Hirata 2026-06-12 20:49:51 +09:00
parent 0bcf90680c
commit 47c82103cd
No known key found for this signature in database
7 changed files with 102 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
.yoi/workflow/multi-agent-workflow.md
View File

@ -17,7 +17,7 @@ worktree の機械的作成手順は `$user/worktree-workflow`、ユーザー依
- 実装差分を ticket ごとの child worktree に隔離する。
- coder Pod に narrow write scope を渡して実装させる。
- reviewer Pod を coder の子ではなく **同じ orchestrator 配下の sibling** として立て、外部レビューを行わせる。
- orchestrator は coder / reviewer のやり取り、修正 loop、validation、merge-ready dossier 作成に責任を持つ。
- orchestrator は coder / reviewer のやり取り、修正 loop、orchestration branch への integration、validation、Ticket 記録、child worktree cleanup に責任を持つ。
- 最上位 orchestrator は、コードを直接理解し切ることではなく、委譲した intent / 要件 / invariant に沿って下位 orchestrator が完了まで運んだかを acceptance する。
## Pod coordination model
@ -29,14 +29,14 @@ worktree の機械的作成手順は `$user/worktree-workflow`、ユーザー依
- 人間との会話相手
- intent / 要件 / invariant / escalation 条件を定義
- 複数の作業群を並列管理
- final merge / ticket close / main workspace validation を行う
- root/original workspace での read/write/validation/cleanup/git 操作を行う
- 原則として line-by-line code review を主業務にしない
下位 orchestrator Podarea / concrete-ticket-set coordinator
- 連続した複数 concrete Ticket または大きめの concrete Ticket を完了状態まで運ぶ
- worktree / branch / coder / reviewer / validation / 修正 loop を管理する
- coder と reviewer を sibling として扱う
- 親には merge-ready dossier と残論点だけを返す
- orchestration branch 上の integration 結果と残論点だけを返す
coder Pod
- 指定 worktree / branch に実装する
@ -64,7 +64,6 @@ reviewer Pod
- Ticket lifecycle を使う場合、対象はすでに `inprogress` であるか、worktree 作成・Pod spawn・coder routing の前に Orchestrator が個別に `queued -> inprogress` acceptance を記録できる `queued` Ticket に限る。unqueued Ticket は capacity 埋めの対象にしない。
- ticket の背景・意図・制約・受け入れ条件から、実装調査と局所 tactic 選択を coder に委ねても product / API / UX / authority / design-boundary decision を silently 固定しないと判断できる。
- worktree 作成と git 書き込み操作について、人間の許可がある。
- merge target workspace の unrelated dirty changes を把握している。
- 下位 orchestrator に渡す binding decisions / invariants、implementation latitude、escalation conditions を短く書ける。
- 設計境界・仕様・authority boundary に不確定要素があり、bounded project-context checks 後も concrete missing decision / information が残る場合、planning/requirements sync 互換入口 `ticket-preflight-workflow` の結果が ticket thread に記録されている。
@ -117,9 +116,9 @@ reviewer には coder の実装方針ではなく、この intent packet と dif
2. worktree 作成
- 対象 Ticket が `queued` なら、この step の前に typed Ticket backend/tool path で `queued -> inprogress` を記録する。これより前に branch 作成、worktree 作成、Pod spawn、実装調査依頼などの implementation side effect を行わない。
- Orchestrator が dedicated orchestration worktree で動く場合でも、implementation worktree は Orchestrator cwd ではなく recorded original workspace root の `.worktree` 配下に作る
- merge-completion は recorded merge target workspace で行い、Orchestrator cwd を merge target とみなさない。
- `$user/worktree-workflow` に従い `<original-workspace-root>/.worktree/<task-name>` を作る。
- Orchestrator が dedicated orchestration worktree で動く場合、作業対象は Orchestrator workspace/orchestration branch と child implementation worktree に限定する。root/original workspace は read/write/validation/cleanup/git 操作の対象ではない
- implementation worktree は記録済み implementation worktree root の `.worktree` 配下に置く。root/original workspace は配置基準としてだけ扱い、作業対象にしない。
- implementation branch は Orchestrator workspace の current HEAD/orchestration branch HEAD から作り、reviewer approve 後は orchestration branch へ自動 integration する。
- `.yoi` 自体は除外しない。tracked project records は child worktree に存在してよく、`.yoi/memory` と local/runtime/log/lock/secret-like paths だけを sparse checkout で除外する。
3. coder Pod spawn
@ -132,7 +131,7 @@ reviewer には coder の実装方針ではなく、この intent packet と dif
- SpawnPod の `cwd` は child worktree に設定すること(`cwd` は process/tool default cwd であり、scope/authority ではない)
- Orchestrator workspace / recorded Ticket backend の `TODO.md` / Ticket records / `docs/report/` / `.yoi` は編集しないこと
- child worktree 内の tracked `.yoi` project records は実装対象に必要な branch-local artifacts/dossiers として編集してよいが、`.yoi/memory` や local/runtime/secret-like files は作らないこと
- active orchestration progress と最終 review/approval/close は Orchestrator workspace または recorded Ticket backend の責任として残すこと
- active orchestration progress、review、integration、Ticket lifecycle update は Orchestrator workspace または recorded Ticket backend の責任として残すこと
- 遵守すべき binding decisions / invariants と escalation conditions
- 実行すべき build / test / format
- 完了報告項目
@ -159,18 +158,18 @@ reviewer には coder の実装方針ではなく、この intent packet と dif
- 修正後は focused validation を実行し、必要なら reviewer に再確認させる。
- reviewer の blocker が未解決のまま親に提出しない。
7. merge-ready dossier 作成
7. orchestration branch integration
- 親がコードを直接理解しなくても判断できるよう、変更の概念的説明と evidence をまとめる。
8. merge / lifecycle
- 最上位 orchestrator または人間の許可を持つ orchestrator が recorded merge target workspace へ merge する。
- Ticket を完了処理して commit する。TODO cleanup が対象 Ticket の明示要件なら recorded merge target workspace で行う
- recorded merge target workspace で必要な test / `cargo check --workspace` / `cargo fmt --check` を再実行する
8. integration / lifecycle
- reviewer approve と blocker 解消を確認し、implementation branch を Orchestrator workspace の orchestration branch へ integration する。
- Orchestrator workspace で必要な validation を実行し、Ticket thread に integration と validation の結果を記録する
- Ticket を完了処理して commit する。TODO cleanup が対象 Ticket の明示要件なら child implementation worktree/branch に限定して行う。root/original workspace は触らない
## coder Pod の責務
- child worktree 内でのみ実装する。
- main workspace の管理ファイルを書かない。
- root/original workspace の管理ファイルを読まない・書かない。
- child worktree 内の tracked `.yoi` project records は ticket 要件に必要な branch-local artifact/dossier として扱ってよい。
- `.yoi/memory`、local/runtime state、logs、locks、secret-like files を child worktree に作らない。
- intent / requirements / acceptance criteria / binding decisions / invariants / implementation latitude / escalation conditions を読んでから実装する。
@ -218,14 +217,14 @@ coder Pod には child worktree 内での commit を許可してよい。
### Approve
reviewer が approve し blocker が残っていない場合、明示的な standing policy として merge / validate / close / cleanup まで進める。migration boundary、runtime refresh boundary、未解決の human gate が明示されている時だけ、merge-ready dossier で止める
reviewer が approve し blocker が残っていない場合、Orchestrator workspace の orchestration branch への integration、validation、Ticket 記録、child worktree cleanup まで自動的に進める。root/original workspace への read/write/validation/cleanup/git 操作は行わない
1. coder Pod / reviewer Pod を停止し、scope を回収する。
2. orchestrator が merge-ready dossier を確認する。
2. orchestrator が Ticket、child worktree/branch、commits、reviewer verdict、validation evidence を確認する。
3. 最上位 orchestrator が必要最小限の spot check を行う。
4. recorded merge target workspace で `git merge --no-ff <branch>` する。
5. Ticket を完了処理して commit する。TODO cleanup が対象 Ticket の明示要件なら同じ merge target workspace で行う。
6. recorded merge target workspace で検証コマンドを再実行する
4. Orchestrator workspace の orchestration branch で implementation branch を merge または project-agreed method で integration する。
5. Ticket を完了処理して commit する。TODO cleanup が対象 Ticket の明示要件なら child implementation worktree/branch に限定して行う。
6. Orchestrator workspace/orchestration branch で検証コマンドを再実行する。root/original workspace では実行しない
7. 変更内容・commit・検証結果・残 dirty changes を報告する。
### Request changes
@ -255,7 +254,7 @@ reviewer が approve し blocker が残っていない場合、明示的な stan
- parallel に走らせた Pod の完了通知は取りこぼしうるため、`ReadPodOutput` と worktree 状態で確認する。
- この節は自動 scheduler、background runner、resource graph solver、automatic queue drain loop を導入しない。parallel start は明示的な routing/acceptance の結果であり、unqueued Ticket を開始する根拠ではない。
## merge-ready dossier の標準形
## orchestration integration dossier の標準形
```text
Status:

50
.yoi/workflow/worktree-workflow.md
View File

@ -1,34 +1,34 @@
---
description: yoi プロジェクトで child git worktree を作成・管理するための機械的手順。coder Pod に作らせず、orchestrator Pod が original workspace root に対して実行する。
description: yoi プロジェクトで child git worktree を作成・管理するための機械的手順。coder Pod に作らせず、orchestrator Pod が Orchestrator workspace/orchestration branch から実行する。
model_invokation: true
user_invocable: true
requires: []
---
# Worktree Workflow
yoi プロジェクトで実装差分を main workspace から分離するため、`<original-workspace-root>/.worktree/<task-name>` に child git worktree を作る。これは **worktree の扱い方だけ** を定める Workflow であり、ticket 選定、coder / reviewer sibling の起動、外部レビュー、merge の運用は `$user/multi-agent-workflow` 側で扱う。
yoi プロジェクトで実装差分を root/original workspace から分離するため、記録済み implementation worktree root の `.worktree/<task-name>` に child git worktree を作る。これは **worktree の扱い方だけ** を定める Workflow であり、ticket 選定、coder / reviewer sibling の起動、外部レビュー、orchestration branch への integration は `/multi-agent-workflow` 側で扱う。
yoi では Pod の write scope が排他的に委譲されるため、child Pod の write scope は child worktree に限定する。child worktree は Yoi project records marker として tracked `.yoi` records を含んでよいが、generated/personal memory root `.yoi/memory`、local override、runtime state、logs、locks、secret-like files は出さない。Orchestrator workspace or recorded Ticket backend remains the authority for active orchestration progress and final review/approval/close.
yoi では Pod の write scope が排他的に委譲されるため、child Pod の write scope は child worktree に限定する。child worktree は Yoi project records marker として tracked `.yoi` records を含んでよいが、generated/personal memory root `.yoi/memory`、local override、runtime state、logs、locks、secret-like files は出さない。Orchestrator workspace or recorded Ticket backend remains the place for active orchestration progress, review evidence, integration records, and Ticket lifecycle updates.
## 適用範囲
この Workflow は親 Pod / 下位 orchestrator が original workspace root に対して実行する。Orchestrator が専用 worktree で動く場合でも、implementation worktree は Orchestrator cwd ではなく original workspace root 側で作成する。
この Workflow は親 Pod / 下位 orchestrator が Orchestrator workspace/orchestration branch から実行する。root/original workspace は read/write/validation/cleanup/git 操作の対象にしない。implementation worktree は記録済み implementation worktree root 配下に作る。
- coder Pod にこの Workflow を渡して worktree を作らせない。
- coder Pod は、orchestrator が作成済みの child worktree を受け取り、その中で実装・build・test・報告を行う。
- reviewer Pod は、coder Pod の子ではなく orchestrator 配下の sibling として、原則 read-only で main workspace と child worktree を読む。
- ticket 作成、active orchestration progress、最終 review/approval/close は Orchestrator workspace または記録済み Ticket backend 側で扱う。
- reviewer Pod は、coder Pod の子ではなく orchestrator 配下の sibling として、原則 read-only で child worktree と Orchestrator workspace の Ticket/context を読む。
- ticket 作成、active orchestration progress、review evidence、integration、Ticket lifecycle update は Orchestrator workspace または記録済み Ticket backend 側で扱う。
- branch-local artifacts / dossiers / docs/report / tracked `.yoi` project records は、実装対象に必要なら child worktree 内で扱ってよい。
## 原則
- 1 ticket / 1 実装 task につき 1 worktree を作る。
- 複数 ticket を下位 orchestrator に任せる場合も、実装差分は ticket / bounded task ごとに worktree を分ける。
- worktree path は `<original-workspace-root>/.worktree/<task-name>`。
- worktree path は `<implementation-worktree-root>/.worktree/<task-name>`。
- branch 名は原則 `<task-name>` と同じ kebab-case。
- child worktree には `.yoi` project records を出してよい。
- child worktree では `.yoi/memory`、local/runtime/log/lock/secret-like paths を sparse checkout で除外する。
- active orchestration progress と最終 review/approval/close は Orchestrator workspace または記録済み Ticket backend 側で扱う。branch-local artifacts/dossiers は child worktree 内に置いてよい。
- active orchestration progress、review evidence、integration、Ticket lifecycle update は Orchestrator workspace または記録済み Ticket backend 側で扱う。branch-local artifacts/dossiers は child worktree 内に置いてよい。
- push はしない。
## 事前確認
@ -38,7 +38,7 @@ yoi では Pod の write scope が排他的に委譲されるため、child Pod
1. 対象 ticket / task が決まっているか。
2. `<task-name>` が branch / path 名に使える kebab-case か。
3. `git worktree add` を実行してよい許可があるか。
4. main workspace に混ぜてはいけない未保存差分がないか。
4. root/original workspace で実行しようとしていないか。
5. 同名 branch / worktree が既に存在しないか。
6. coder / reviewer を sibling として扱う orchestrator が誰か明確か。
@ -46,13 +46,13 @@ yoi では Pod の write scope が排他的に委譲されるため、child Pod
## 作成手順
original workspace root で実行する。Orchestrator が別 worktree で動く場合は `git -C <original-workspace-root> ...` を使う
Orchestrator workspace で実行する。root/original workspace では実行しない
```bash
git -C <original-workspace-root> worktree add .worktree/<task-name> -b <task-name>
git -C <orchestrator-workspace-root> worktree add <implementation-worktree-root>/.worktree/<task-name> -b <task-name> HEAD
git -C <original-workspace-root>/.worktree/<task-name> sparse-checkout init --no-cone
git -C <original-workspace-root>/.worktree/<task-name> sparse-checkout set --no-cone \
git -C <implementation-worktree-root>/.worktree/<task-name> sparse-checkout init --no-cone
git -C <implementation-worktree-root>/.worktree/<task-name> sparse-checkout set --no-cone \
'/*' \
'!/.yoi/memory/' \
'!/.yoi/memory/**' \
@ -95,11 +95,11 @@ git -C <original-workspace-root>/.worktree/<task-name> sparse-checkout set --no-
確認する。
```bash
git -C <original-workspace-root>/.worktree/<task-name> status --short --branch
test ! -e <original-workspace-root>/.worktree/<task-name>/.yoi/memory
if test -d <original-workspace-root>/.worktree/<task-name>/.yoi; then
test ! -e <original-workspace-root>/.worktree/<task-name>/.yoi/override.local.toml
test -z "$(find <original-workspace-root>/.worktree/<task-name>/.yoi \
git -C <implementation-worktree-root>/.worktree/<task-name> status --short --branch
test ! -e <implementation-worktree-root>/.worktree/<task-name>/.yoi/memory
if test -d <implementation-worktree-root>/.worktree/<task-name>/.yoi; then
test ! -e <implementation-worktree-root>/.worktree/<task-name>/.yoi/override.local.toml
test -z "$(find <implementation-worktree-root>/.worktree/<task-name>/.yoi \
\( -path '*/_logs' -o -path '*/logs' -o -path '*/locks' \
-o -path '*/local' -o -path '*/runtime' -o -path '*/pods' \
-o -path '*/sessions' -o -path '*/sockets' -o -path '*/tmp' \
@ -121,15 +121,15 @@ Pod を使う場合、coder Pod の SpawnPod `cwd` は child worktree に設定
coder Pod 推奨 scope:
```text
read: <repo>
write: <repo>/.worktree/<task-name>
read: <implementation-worktree-root>/.worktree/<task-name>
write: <implementation-worktree-root>/.worktree/<task-name>
```
reviewer Pod 推奨 scope:
```text
read: <repo>
read: <repo>/.worktree/<task-name> # main workspace の read に含まれるなら別指定不要
read: <implementation-worktree-root>/.worktree/<task-name>
read: <orchestrator-workspace-root> # Ticket/intent/review context が必要な範囲に限定する
```
reviewer は原則 write scope を持たない。review artifact を書かせる必要がある場合だけ、ticket artifacts など限定 directory を write scope として渡す。
@ -140,15 +140,15 @@ reviewer は原則 write scope を持たない。review artifact を書かせる
- `.yoi/memory` を作らない / コピーしない / 復元しない。
- local overrides、runtime sockets/state、Pod session mirrors、cache/tmp、logs、locks、secret-like files を作らない / コピーしない / commit しない。
- main workspace の `TODO.md` / `tickets/` / `docs/report/` / `.yoi` を編集しない。
- active orchestration progress と最終 review/approval/close を child worktree 内だけで完結させない。
- root/original workspace の `TODO.md` / `tickets/` / `docs/report/` / `.yoi`読まない・編集しない。
- active orchestration progress、review evidence、integration、Ticket lifecycle update を child worktree 内だけで完結させない。
- 実装対象に必要な tracked `.yoi` project records、branch-local artifacts / dossiers / docs/report は child worktree 内で扱ってよい。
- merge / push / branch deletion / worktree remove をしない。
- scope / permission / history persistence / prompt context 加工原則に関わる設計変更を無断で行わない。
## 完了時の扱い
worktree 作成 Workflow としては、完了時に merge しない。merge、ticket 完了、worktree cleanup は記録済み merge target workspace に対して行う。merge-completion は `/multi-agent-workflow` または明示された上位 Orchestrator の権限で扱う
worktree 作成 Workflow としては、完了時に integration しない。orchestration branch への integration、Ticket 完了、child worktree cleanup は `/multi-agent-workflow` 側で Orchestrator workspace に対して行う。root/original workspace は対象にしない
coder Pod へ渡す完了報告項目の標準形:

98
crates/client/src/ticket_role.rs
View File

@ -673,7 +673,6 @@ fn build_launch_prompt(
fn append_workspace_routing_context(out: &mut String, context: &TicketRoleLaunchContext) {
let original_workspace_root = context.original_workspace_root();
let target_workspace_root = context.target_workspace_root();
let implementation_worktree_root = context.implementation_worktree_root();
let should_emit = context.original_workspace_root.is_some()
|| context.target_workspace_root.is_some()
@ -701,14 +700,15 @@ fn append_workspace_routing_context(out: &mut String, context: &TicketRoleLaunch
"implementation_worktree_root",
&implementation_worktree_root.display().to_string(),
);
push_bounded_bullet(
out,
"merge_target_workspace_root",
&target_workspace_root.display().to_string(),
);
out.push_str(
"- Treat `role_workspace_root` as the launched role runtime workspace/Ticket backend root. Create implementation worktrees under `implementation_worktree_root`, not relative to the role cwd, and run merge-completion against `merge_target_workspace_root`. `implementation_worktree_root` is placement authority only; implementation branches are based on the Orchestrator workspace current HEAD / orchestration branch HEAD, not the merge-target workspace or `develop` HEAD.\n",
);
if context.role == TicketRole::Orchestrator {
out.push_str(
"- Treat `role_workspace_root` / `role_cwd` as the Orchestrator workspace on the orchestration branch. Use `implementation_worktree_root` only as the placement root for child implementation worktrees; do not operate on `original_workspace_root` itself. Root/original workspace reads, writes, validation, cleanup, and git operations are prohibited. Create implementation branches from the Orchestrator workspace current HEAD / orchestration branch HEAD and integrate reviewed work back into that orchestration branch automatically.\n",
);
} else {
out.push_str(
"- Treat `role_workspace_root` as the launched role runtime workspace/Ticket backend root. Create implementation worktrees under `implementation_worktree_root`, not relative to the role cwd, and run role work against the recorded workspace routing context.\n",
);
}
}
fn append_role_execution_guidance(
@ -1274,11 +1274,11 @@ workflow = "ticket-review-workflow"
assert!(orchestrator_text.contains("branch-local reviewer verdicts"));
assert!(orchestrator_text.contains("binding decisions/invariants"));
assert!(orchestrator_text.contains("not unrecorded preferred tactics"));
assert!(orchestrator_text.contains("merge-ready dossier"));
assert!(orchestrator_text.contains("integration outcome"));
assert!(orchestrator_text.contains(
"Stop at a merge-ready dossier only when merge-completion authority is absent"
"integrate the implementation branch into the orchestration branch automatically"
));
assert!(orchestrator_text.contains("continue through merge, validation, Ticket close"));
assert!(orchestrator_text.contains("Root/original workspace reads, writes, validation, cleanup, and git operations are prohibited"));
let mut coder = TicketRoleLaunchContext::new(temp.path(), TicketRole::Coder);
coder.ticket = Some(TicketRef::id("20260605-190330-ticket-role-pod-launcher"));
@ -1314,18 +1314,20 @@ workflow = "ticket-review-workflow"
assert!(reviewer_text.contains("read-only by default"));
assert!(reviewer_text.contains("recorded intent, binding decisions/invariants"));
assert!(reviewer_text.contains("not unrecorded preferred tactics"));
assert!(reviewer_text.contains("branch-local reviewer verdict"));
assert!(reviewer_text.contains("Do not record final main-branch Ticket approval"));
assert!(reviewer_text.contains("Orchestrator-side integration"));
assert!(
reviewer_text
.contains("Do not merge, close, push, operate on the root/original workspace")
);
}
#[test]
fn orchestrator_prompt_covers_merge_completion_authority_and_dossier_boundaries() {
fn orchestrator_prompt_covers_orchestration_branch_integration_boundary() {
let temp = TempDir::new().unwrap();
write_builtin_role_config(temp.path(), &[TicketRole::Orchestrator]);
let mut orchestrator = TicketRoleLaunchContext::new(temp.path(), TicketRole::Orchestrator);
orchestrator.ticket = Some(TicketRef::id("orchestrator-merge-completion"));
orchestrator.intent_packet =
Some("Complete an already-reviewed merge-ready Ticket.".into());
orchestrator.ticket = Some(TicketRef::id("orchestrator-integration"));
orchestrator.intent_packet = Some("Complete an already-reviewed Ticket.".into());
orchestrator.validation = vec!["cargo test -p client ticket_role --lib".into()];
orchestrator = orchestrator
.with_original_workspace_root(temp.path().join("original"))
@ -1349,56 +1351,24 @@ workflow = "ticket-review-workflow"
assert!(text.contains("Workspace routing context:"));
assert!(text.contains("role_workspace_root"));
assert!(text.contains("implementation_worktree_root"));
assert!(text.contains("merge_target_workspace_root"));
assert!(text.contains("not relative to the role cwd"));
assert!(text.contains("`implementation_worktree_root` is placement authority only"));
assert!(text.contains("implementation branches are based on the Orchestrator workspace current HEAD / orchestration branch HEAD"));
assert!(text.contains("not the merge-target workspace or `develop` HEAD"));
assert!(text.contains("Orchestrator merge-completion guidance"));
assert!(text.contains("`inprogress` Ticket with a merge-ready dossier"));
assert!(text.contains("Conservative or missing authorization mode stops at the dossier"));
assert!(text.contains("explicit user/standing policy may authorize continuing"));
assert!(text.contains("dossier branch/worktree/commits match the branch to merge"));
assert!(text.contains("independent reviewer approval exists in the dossier"));
assert!(text.contains("explicit human override decision is recorded"));
assert!(text.contains("the merge target workspace is safe"));
assert!(text.contains("unrelated dirty changes are understood"));
assert!(text.contains("dogfooding/workspace policy grants merge authority"));
assert!(text.contains("branch-local reviewer verdicts are dossier evidence"));
assert!(text.contains("final main-branch Ticket approval or close happens only during authorized merge-completion"));
assert!(text.contains("stop/reclaim coder and reviewer Pods"));
assert!(text.contains("git merge --no-ff <branch>"));
assert!(text.contains("run post-merge validation appropriate to the change"));
assert!(text.contains("Orchestrator workspace on the orchestration branch"));
assert!(text.contains("Root/original workspace reads, writes, validation, cleanup, and git operations are prohibited"));
assert!(text.contains("Create implementation branches from the Orchestrator workspace current HEAD / orchestration branch HEAD"));
assert!(
text.contains("record review, merge, and validation outcomes in the Ticket thread")
text.contains(
"integrate reviewed work back into that orchestration branch automatically"
)
);
assert!(text.contains("Orchestrator implementation integration guidance"));
assert!(
text.contains("Integrate only within the Orchestrator workspace/orchestration branch")
);
assert!(text.contains("root/original workspace is not an integration target"));
assert!(text.contains("merge or otherwise integrate that implementation branch into the orchestration branch automatically"));
assert!(text.contains(
"transition `inprogress -> done` or close according to typed Ticket workflow rules"
"Run post-integration validation from the Orchestrator workspace/orchestration branch"
));
assert!(text.contains(
"remove the merged child worktree and delete the merged branch unless explicitly kept"
));
assert!(text.contains("Required dossier fields before merge"));
assert!(text.contains("Ticket id"));
assert!(text.contains("branch/worktree"));
assert!(text.contains("commits"));
assert!(text.contains("intent/invariant check"));
assert!(text.contains("implementation summary"));
assert!(text.contains("coder/reviewer Pods"));
assert!(text.contains("blockers fixed or rejected findings with reasons"));
assert!(text.contains("validation performed"));
assert!(text.contains("residual risks"));
assert!(text.contains("dirty state"));
assert!(text.contains("parent/human decision needs if any"));
assert!(text.contains("Post-merge validation baseline"));
assert!(text.contains("focused tests from the Ticket/dossier"));
assert!(text.contains("cargo fmt --check"));
assert!(text.contains("git diff --check"));
assert!(text.contains("target/debug/yoi ticket doctor"));
assert!(text.contains("where applicable"));
assert!(text.contains("cargo check --workspace --all-targets"));
assert!(text.contains("nix build .#yoi"));
assert!(text.contains("when risk, API surface, packaging, runtime resources, prompts, or touched files warrant it"));
assert!(text.contains("Cleanup is limited to the child implementation worktree/branch"));
}
#[test]

12
crates/tui/src/multi_pod.rs
View File

@ -2517,7 +2517,7 @@ fn orchestrator_queue_notification_message(
) -> String {
let title = ticket.title.replace(['\r', '\n'], " ");
format!(
"Workspace panel Queue for Ticket `{}`, title `{}`: human authorized Orchestrator routing; this is not an unattended scheduler. Read the Ticket and inspect current workspace state. If unblocked, record routing and transition state queued -> inprogress before any worktree/SpawnPod implementation side effects. After inprogress acceptance, use worktree-workflow for `.worktree/<task-name>` creation with tracked `.yoi` project records visible and `.yoi/memory` plus local/runtime/log/lock/secret-like `.yoi` paths excluded, then use multi-agent-workflow to run sibling coder/reviewer Pods (coder narrow child-worktree write scope, reviewer read-only by default) and stop at a merge-ready dossier without merge/close/final approval. If blocked, record a concise reason and leave the Ticket queued or return it to planning with the missing-information reason.",
"Workspace panel Queue for Ticket `{}`, title `{}`: human authorized Orchestrator routing; this is not an unattended scheduler. Read the Ticket and inspect current Orchestrator workspace state. If unblocked, record routing and transition state queued -> inprogress before any worktree/SpawnPod implementation side effects. After inprogress acceptance, use worktree-workflow for `.worktree/<task-name>` creation with tracked `.yoi` project records visible and `.yoi/memory` plus local/runtime/log/lock/secret-like `.yoi` paths excluded, then use multi-agent-workflow to run sibling coder/reviewer Pods (coder narrow child-worktree write scope, reviewer read-only by default). After reviewer approval and blocker resolution, integrate the implementation branch into the orchestration branch automatically, validate in the Orchestrator worktree, record the outcome, and clean up only child implementation worktrees/branches. Do not read, write, validate, merge, clean up, or run git operations in the root/original workspace. If blocked, record a concise reason and leave the Ticket queued or return it to planning with the missing-information reason.",
ticket.id,
title.trim()
)
@ -3926,7 +3926,7 @@ mod tests {
assert!(message.contains("human authorized Orchestrator routing"));
assert!(message.contains("not an unattended scheduler"));
assert!(message.contains("Read the Ticket"));
assert!(message.contains("inspect current workspace state"));
assert!(message.contains("inspect current Orchestrator workspace state"));
assert!(message.contains("transition state queued -> inprogress"));
assert!(message.contains("before any worktree/SpawnPod implementation side effects"));
assert!(message.contains("After inprogress acceptance"));
@ -3940,8 +3940,12 @@ mod tests {
assert!(message.contains("sibling coder/reviewer Pods"));
assert!(message.contains("coder narrow child-worktree write scope"));
assert!(message.contains("reviewer read-only by default"));
assert!(message.contains("merge-ready dossier"));
assert!(message.contains("without merge/close/final approval"));
assert!(message.contains(
"integrate the implementation branch into the orchestration branch automatically"
));
assert!(message.contains("validate in the Orchestrator worktree"));
assert!(message.contains("clean up only child implementation worktrees/branches"));
assert!(message.contains("Do not read, write, validate, merge, clean up, or run git operations in the root/original workspace"));
assert!(message.contains("If blocked, record a concise reason"));
assert!(message.contains("leave the Ticket queued or return it to planning"));
assert!(!message.contains("Do not start implementation directly"));

17
resources/prompts/ticket_role/orchestrator_merge_completion.md
View File

@ -1,10 +1,7 @@
Orchestrator merge-completion guidance:
- Enter merge-completion only for an `inprogress` Ticket with a merge-ready dossier. Conservative or missing authorization mode stops at the dossier; explicit user/standing policy may authorize continuing without an extra approval stop.
- Required dossier fields before merge: Ticket id; branch/worktree; commits; intent/invariant check; implementation summary; coder/reviewer Pods; blockers fixed or rejected findings with reasons; validation performed; residual risks; dirty state; parent/human decision needs if any.
- Before merging, verify the dossier branch/worktree/commits match the branch to merge, independent reviewer approval exists in the dossier or an explicit human override decision is recorded, the merge target workspace is safe, and unrelated dirty changes are understood.
- If the Orchestrator is running from a dedicated orchestration worktree, do not infer the merge target from process cwd. Use the recorded `merge_target_workspace_root` / original workspace root, and ensure cleanup removes only the child implementation worktree/branch intended by the dossier.
- The implementation branch should have been created from the Orchestrator workspace current HEAD / orchestration branch HEAD, then merged back into the orchestration branch before the orchestration branch is merged or fast-forwarded into the recorded merge-target workspace/branch. Do not base implementation branches directly on a stale merge-target workspace or `develop` HEAD.
- Merge only when dogfooding/workspace policy grants merge authority. If authority is unavailable, record/return the dossier and stop without merge, close, final main Ticket approval, or cleanup.
- Preserve the boundary: branch-local reviewer verdicts are dossier evidence; final main-branch Ticket approval or close happens only during authorized merge-completion after merge and validation evidence.
- Authorized sequence: stop/reclaim coder and reviewer Pods where appropriate; merge with `git merge --no-ff <branch>` or the project-agreed method from the target workspace; run post-merge validation appropriate to the change; record review, merge, and validation outcomes in the Ticket thread during merge-completion; transition `inprogress -> done` or close according to typed Ticket workflow rules; then remove the merged child worktree and delete the merged branch unless explicitly kept.
- Post-merge validation baseline: run focused tests from the Ticket/dossier, `cargo fmt --check`, `git diff --check`, and `target/debug/yoi ticket doctor` where applicable; add broader validation such as `cargo check --workspace --all-targets`, `nix build .#yoi`, or equivalent when risk, API surface, packaging, runtime resources, prompts, or touched files warrant it.
Orchestrator implementation integration guidance:
- Integrate only within the Orchestrator workspace/orchestration branch. The root/original workspace is not an integration target and must not be read, written, validated, cleaned, or touched with git.
- Treat the child implementation branch as work targeting the orchestration branch. After coder completion, reviewer approval, and blocker resolution, merge or otherwise integrate that implementation branch into the orchestration branch automatically.
- Before integration, verify the dossier identities: Ticket id/title/state, child worktree path, child branch name, commits/diff, reviewer verdict, validation evidence, and any unresolved blockers.
- Run post-integration validation from the Orchestrator workspace/orchestration branch. Do not run validation from the root/original workspace and do not rely on root workspace state for the decision.
- Record the integration result, validation evidence, and any remaining risks in the Ticket thread visible in the Orchestrator worktree. If the Ticket requirements are satisfied, advance the Ticket lifecycle in that worktree.
- Cleanup is limited to the child implementation worktree/branch and related child Pods. Do not remove, reset, merge, fast-forward, close, or otherwise mutate the root/original workspace.

16
resources/prompts/ticket_role/orchestrator_worktree_routing.md
View File

@ -1,11 +1,11 @@
Orchestrator worktree + agent routing guidance:
- Treat `ticket-orchestrator-routing` as the routing gate. Read the Ticket and workspace state first; `ready -> queued` authorizes routing, not implementation side effects.
- Keep the launched Orchestrator runtime workspace/Ticket backend root distinct from the original/merge-target workspace root. If the launch context includes `original_workspace_root` or `implementation_worktree_root`, create implementation worktrees under that original root (for example `<original_workspace_root>/.worktree/<task-name>`), not under the Orchestrator's current working directory. Treat that root as placement authority only: the implementation branch base is the Orchestrator workspace current HEAD / orchestration branch HEAD, not the merge-target workspace or `develop` HEAD.
- Treat `ticket-orchestrator-routing` as the routing gate. Read the Ticket and Orchestrator workspace state first; `ready -> queued` authorizes routing, not implementation side effects.
- Work only in the Orchestrator workspace/orchestration branch and child implementation worktrees. Do not operate on the original/root workspace: no reads for decision evidence, no writes, no validation, no Ticket edits, no cleanup, and no git operations there.
- If the launch context includes `original_workspace_root` or `implementation_worktree_root`, use those paths only to choose child implementation worktree placement under `.worktree`. The root workspace itself is not a work target.
- Create implementation branches from the Orchestrator workspace current HEAD / orchestration branch HEAD, not from root/develop. After reviewer approval and blocker resolution, integrate the implementation branch into the orchestration branch automatically; do not wait for root-side promotion.
- Create worktrees or spawn coder/reviewer Pods only after `state = inprogress` is already recorded and accepted. If the Ticket is still queued and unblocked, record `queued -> inprogress` before any worktree/SpawnPod side effect.
- Use `worktree-workflow` for the mechanical worktree plan: create the child implementation worktree under the recorded original workspace root, keep tracked `.yoi` project records visible in the child worktree, exclude `.yoi/memory` plus local/runtime/log/lock/secret-like `.yoi` paths, and keep active orchestration progress plus final review/approval/close in the Orchestrator workspace unless explicitly designed otherwise.
- Use `worktree-workflow` for the mechanical worktree plan: create the child implementation worktree under the recorded implementation worktree root, keep tracked `.yoi` project records visible in the child worktree, and exclude `.yoi/memory` plus local/runtime/log/lock/secret-like `.yoi` paths.
- Use `multi-agent-workflow` for the sibling loop: coder and reviewer are siblings under this Orchestrator; coder gets narrow write scope to the child worktree; reviewer is read-only by default.
- Give the coder an intent packet that distinguishes binding decisions/invariants, implementation latitude, escalation conditions, child worktree/branch, validation commands, and report expectations; set SpawnPod `cwd` to the child worktree while delegating explicit scope separately, prohibit editing the Orchestrator/main `.yoi`/Ticket/workflow/docs records unless explicitly delegated, and prohibit creating generated memory/local/runtime/secret-like files in the child worktree.
- Give the reviewer the recorded Ticket intent, binding decisions/invariants, implementation latitude, acceptance criteria, explicit escalation conditions, diff/commits, validation evidence, and blocker/non-blocker criteria; reviewer judgment is against recorded requirements and decisions, not unrecorded preferred tactics. Keep branch-local reviewer verdicts in the review report or merge-ready dossier rather than recording them as final main-branch Ticket approval.
- Ticket thread progress may record worktree plan, coder delegated/completed/blocked, reviewer delegated, blocker/fix-loop summaries, and merge-ready dossier pointer.
- Stop at a merge-ready dossier only when merge-completion authority is absent or the launch explicitly requires a human stop. If reviewer approval exists, there are no blockers, the target workspace is safe, and standing/user policy authorizes merge-completion, continue through merge, validation, Ticket close, and worktree/branch cleanup rather than stopping at the dossier.
- Merge/cleanup must operate on the recorded merge target workspace/branch, not accidentally on the Orchestrator worktree if those roots differ.
- Give the coder an intent packet that distinguishes binding decisions/invariants, implementation latitude, escalation conditions, child worktree/branch, validation commands, and report expectations; set SpawnPod `cwd` to the child worktree while delegating explicit scope separately, prohibit editing root workspace records, and prohibit creating generated memory/local/runtime/secret-like files in the child worktree.
- Give the reviewer the recorded Ticket intent, binding decisions/invariants, implementation latitude, acceptance criteria, explicit escalation conditions, diff/commits, validation evidence, and blocker/non-blocker criteria; reviewer judgment is against recorded requirements and decisions, not unrecorded preferred tactics. Keep branch-local reviewer verdicts in the review report or orchestration dossier.
- Ticket thread progress may record worktree plan, coder delegated/completed/blocked, reviewer delegated, blocker/fix-loop summaries, integration outcome, validation evidence, and cleanup outcome in the Orchestrator workspace.

2
resources/prompts/ticket_role/reviewer_worktree_routing.md
View File

@ -1,4 +1,4 @@
Reviewer worktree routing guidance:
- Review as a sibling of the coder under Orchestrator, read-only by default. Read the Ticket/intent packet, branch diff or commits, and validation evidence before judging. Judge implementation against recorded intent, binding decisions/invariants, implementation latitude, acceptance criteria, and explicit escalation conditions, not unrecorded preferred tactics.
- Classify findings as blockers, non-blocking follow-ups, or parent-decision items against the recorded intent, binding decisions/invariants, implementation latitude, acceptance criteria, and explicit escalation conditions; include concrete file/line evidence where useful.
- Keep the branch-local reviewer verdict in the review report for the Orchestrator merge-ready dossier. Do not record final main-branch Ticket approval, merge, close, push, or instruct the coder directly.
- Keep the branch-local reviewer verdict in the review report for Orchestrator-side integration. Do not merge, close, push, operate on the root/original workspace, or instruct the coder directly.