feat(ultraplan-local): v1.7.0 — self-verifying plan chain

Wave 1 of a 6-session parallel build revealed three failure modes: (1) hallucinated completion (status=completed after 2/5 steps, last tool call was an arbitrary file review), (2) fail-late bash (3/6 sessions had push blocked inside sub-agent sandbox after all work was done), (3) no objective verification (plans were prose). v1.7 closes all three by making the plan an executable contract. Per-step YAML manifest (expected_paths, commit_message_pattern, bash_syntax_check, forbidden_paths, must_contain) is the objective completion predicate. Plan-critic dimension 10 (Manifest quality) is a hard gate. Session decomposer propagates manifests verbatim and emits an obligatory Step 0 pre-flight (git push --dry-run, exit 77 sentinel) in every session spec. ultraexecute-local gets Phase 7.5 (independent manifest audit from git log + filesystem, ignoring agent bookkeeping) and Phase 7.6 (bounded recovery dispatch, recovery_depth ≤ 2). Hard Rule 17 forbids marking a step passed without manifest verification. Hard Rule 18 forbids ending on an arbitrary tool call before reporting. Division of labor is made explicit: - /ultraresearch-local gathers context (no build decisions) - /ultraplan-local produces an executable contract (manifests, plan-critic gate) - /ultraexecute-local executes disciplined (does NOT compensate for weak plans — escalates) Code complete. Docs partial (Arbeidsdeling table + manifest section added to plugin + marketplace READMEs). Verification tests (10-sequence) pending — see REMEMBER.md. Backward compat: v1.6 plans without plan_version marker get legacy mode with synthesized manifests and legacy_plan: true in progress file. Plan-critic emits advisory, not block. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-12 07:38:16 +02:00 · 2026-04-12 07:38:16 +02:00 · d1befac35a
commit d1befac35a
parent 72f2e8f6c9
11 changed files with 651 additions and 27 deletions
--- a/plugins/ultraplan-local/templates/plan-template.md
+++ b/plugins/ultraplan-local/templates/plan-template.md
@ -2,7 +2,7 @@

 > **Plan quality: {grade}** ({score}/100) — {APPROVE | APPROVE_WITH_NOTES | REVISE | REPLAN}
 >
-> Generated by ultraplan-local v{version} on {YYYY-MM-DD}
+> Generated by ultraplan-local v{version} on {YYYY-MM-DD} — `plan_version: 1.7`

 ## Context

@ -56,6 +56,17 @@ when the project has tests.
 - **Verify:** `{exact command}` → expected: `{output}`
 - **On failure:** {revert | retry | skip | escalate} — {specific instructions}
 - **Checkpoint:** `git commit -m "{conventional commit message}"`
+- **Manifest:**
+  ```yaml
+  manifest:
+    expected_paths:
+      - path/to/file.ts
+    min_file_count: 1
+    commit_message_pattern: "^feat\\(scope\\):"
+    bash_syntax_check: []
+    forbidden_paths: []
+    must_contain: []
+  ```

 ### Step 2: {description}

@ -69,10 +80,43 @@ when the project has tests.
 - **Verify:** `{exact command}` → expected: `{output}`
 - **On failure:** {revert | retry | skip | escalate} — {specific instructions}
 - **Checkpoint:** `git commit -m "{conventional commit message}"`
+- **Manifest:**
+  ```yaml
+  manifest:
+    expected_paths:
+      - path/to/file.ts
+    min_file_count: 1
+    commit_message_pattern: "^feat\\(scope\\):"
+    bash_syntax_check: []
+    forbidden_paths: []
+    must_contain:
+      - path: path/to/file.ts
+        pattern: "expected content marker"
+  ```

 *For projects without tests: omit "Test first" and keep "Verify" with a
 concrete command (e.g., run the app, check output, curl an endpoint).*

+### Manifest — objective completion predicate
+
+Every step MUST have a Manifest block. This is the machine-checkable contract
+that ultraexecute-local verifies after the Verify command passes. A step is
+not considered complete until its manifest verifies — regardless of Verify
+command exit code.
+
+- **expected_paths** — files that must exist after this step. Existing files
+  must be present in repo; new files must be marked `(new file)` in prose.
+- **min_file_count** — minimum number of expected_paths that must exist.
+  Typically equal to `len(expected_paths)`.
+- **commit_message_pattern** — regex that MUST match the HEAD commit message
+  after Checkpoint runs. Use escaped regex syntax (e.g., `\\(scope\\)`).
+- **bash_syntax_check** — list of `.sh` files that must pass `bash -n`.
+  Auto-include any `.sh` in expected_paths.
+- **forbidden_paths** — files this step must NOT modify (defense-in-depth
+  beyond Scope Fence).
+- **must_contain** — optional grep assertions: `path` + `pattern` pairs that
+  must match in created/modified files.
+
 ### Failure recovery rules

 - **On failure: revert** — undo this step's changes (`git checkout -- {files}`), do NOT proceed
@ -121,7 +165,10 @@ before execution.*

 ## Verification

-End-to-end checks that prove the plan was implemented correctly.
+*Per-step manifest verification runs automatically during execution (every
+step's Manifest block is objectively checked by ultraexecute-local before the
+step is marked passed). This section is for end-to-end integration checks
+that cross step boundaries — complete workflows, system-level behavior.*

 - [ ] `{exact command}` → expected: `{exact output or behavior}`
 - [ ] `{exact command}` → expected: `{exact output or behavior}`
@ -179,7 +226,8 @@ later waves depend on earlier waves completing first.*
 | Coverage completeness | 0.20 | {0–100} | {spec → steps, no gaps} |
 | Specification quality | 0.15 | {0–100} | {no placeholders, clear criteria} |
 | Risk & pre-mortem | 0.15 | {0–100} | {failure modes addressed} |
-| Headless readiness | 0.15 | {0–100} | {On failure + Checkpoint per step} |
+| Headless readiness | 0.10 | {0–100} | {On failure + Checkpoint per step} |
+| Manifest quality | 0.05 | {0–100} | {all steps have valid, checkable manifests} |
 | **Weighted total** | **1.00** | **{score}** | **Grade: {A/B/C/D}** |

 **Adversarial review:**