skills
/
deerflow2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
deerflow2/.planning/phases/01-conflict-inventory-and-d.../01-PLAN.md

161 lines
8.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
phase: 01-conflict-inventory-and-decision-matrix
plan: 01
type: execute
wave: 1
depends_on: []
files_modified:
- .planning/phases/01-conflict-inventory-and-decision-matrix/01-PLAN.md
- .planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.csv
- .planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.md
- .planning/phases/01-conflict-inventory-and-decision-matrix/titan-decision-matrix.md
- .planning/phases/01-conflict-inventory-and-decision-matrix/audit-evidence.md
autonomous: true
requirements:
- MERGE-01
- MERGE-03
must_haves:
truths:
- "团队可以看到 merge 覆写热点的文件级证据、风险分级与来源提交。"
- "团队可以看到 Titan 重叠代码路径及每个热点的 keep/replace/hybrid 决策。"
- "后续阶段可以直接使用本阶段产物作为“旧视觉+新逻辑”执行输入。"
artifacts:
- path: ".planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.csv"
provides: "可审计冲突清单(文件、提交、风险、类别)"
- path: ".planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.md"
provides: "冲突清单说明与分级口径"
- path: ".planning/phases/01-conflict-inventory-and-decision-matrix/titan-decision-matrix.md"
provides: "Titan overlap 决策矩阵keep/replace/hybrid"
- path: ".planning/phases/01-conflict-inventory-and-decision-matrix/audit-evidence.md"
provides: "命令级证据链(可复现)"
key_links:
- from: "git merge/author 历史"
to: "conflict-inventory.csv"
via: "冲突提交 + Titan 触达聚合"
pattern: "git show -m + git log --author='[Tt]itan'"
- from: "conflict-inventory.csv"
to: "titan-decision-matrix.md"
via: "按风险与重叠分层决策"
pattern: "P0/P1 + keep/replace/hybrid"
---
<objective>
构建可审计的冲突盘点与 Titan 重叠决策基线,形成后续“旧视觉+新逻辑”执行阶段的唯一输入源。
Purpose: 在不做大规模功能实现的前提下,先把 merge 覆写风险与 Titan overlap 决策透明化、证据化。
Output: `conflict-inventory.csv`、`conflict-inventory.md`、`titan-decision-matrix.md`、`audit-evidence.md`。
</objective>
<context>
@.planning/PROJECT.md
@.planning/REQUIREMENTS.md
@.planning/ROADMAP.md
@.planning/phases/01-conflict-inventory-and-decision-matrix/01-RESEARCH.md
@.planning/codebase/ARCHITECTURE.md
@.planning/codebase/STRUCTURE.md
@.planning/codebase/CONCERNS.md
</context>
<tasks>
<task type="auto" tdd="true">
<name>Wave 1 - Task 1: 生成可复现证据链与原始热点集合</name>
<files>
.planning/phases/01-conflict-inventory-and-decision-matrix/audit-evidence.md
</files>
<behavior>
- Test 1: 必须列出用于提取 merge 覆写热点的命令与提交列表(含冲突语义 merge 提交)。
- Test 2: 必须列出用于提取 Titan overlap 的命令与结果摘要(作者轨 + 语义轨)。
- Test 3: 任一命令复跑后可得到同类型输出结构(允许计数随仓库演进变化)。
</behavior>
<action>
基于 01-RESEARCH 既有方法固定并执行审计命令链merge 提交采集、`git show -m` 文件提取、Titan 作者触达与“移植 Titan main”语义提交提取将命令、时间、分支、输出摘要写入 `audit-evidence.md`,确保可复现与可审查。仅做证据整理,不修改业务代码。
</action>
<verify>
<automated>test -s .planning/phases/01-conflict-inventory-and-decision-matrix/audit-evidence.md &amp;&amp; rg -n "git show -m|git log --all --author='\\[Tt\\]itan'|7342cc08|merge" .planning/phases/01-conflict-inventory-and-decision-matrix/audit-evidence.md</automated>
</verify>
<done>
`audit-evidence.md` 包含完整命令链、执行上下文、结果摘要,并可支持他人复跑验证。
</done>
</task>
<task type="auto" tdd="true">
<name>Wave 2 - Task 2: 产出可审计冲突清单MERGE-01</name>
<files>
.planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.csv
.planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.md
</files>
<behavior>
- Test 1: CSV 至少包含字段 `file_path, merge_hotspot_count, titan_touch_count, change_class, behavior_critical, risk_level, evidence_refs`
- Test 2: 每条记录必须有 evidence_refs 指向具体提交或命令结果。
- Test 3: Markdown 文档明确风险分级规则P0/P1/P2与 change_classvisual-only/logic-only/mixed
</behavior>
<action>
依据 Wave 1 证据,形成文件级冲突清单:汇总 merge 热点频次、Titan 触达频次、行为关键度,按研究中的三轴口径完成风险分级与类别标注;输出机器可消费 CSV + 人类可审阅说明文档,满足 MERGE-01 的“文件级证据 + 风险分类”要求。
</action>
<verify>
<automated>test -s .planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.csv &amp;&amp; test -s .planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.md &amp;&amp; head -n 1 .planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.csv | rg "file_path,merge_hotspot_count,titan_touch_count,change_class,behavior_critical,risk_level,evidence_refs" &amp;&amp; rg -n "P0|P1|P2|visual-only|logic-only|mixed" .planning/phases/01-conflict-inventory-and-decision-matrix/conflict-inventory.md</automated>
</verify>
<done>
冲突清单可直接回答“哪些文件被 merge 覆写风险影响、风险多高、证据来自哪里”。
</done>
</task>
<task type="auto" tdd="true">
<name>Wave 3 - Task 3: 产出 Titan 重叠决策矩阵并绑定后续输入MERGE-03</name>
<files>
.planning/phases/01-conflict-inventory-and-decision-matrix/titan-decision-matrix.md
</files>
<behavior>
- Test 1: 每个 Titan overlap 热点都有 `decision`keep/replace/hybrid`rationale`
- Test 2: 每条决策都包含“旧视觉+新逻辑”落地指引L0/L1/L2 边界)。
- Test 3: 每条决策都包含后续阶段入口(建议归属 Phase 2 或 Phase 3
</behavior>
<action>
基于冲突清单筛选 Titan overlap 文件,形成决策矩阵:逐项定义 keep/replace/hybrid、给出可审计依据与冲突化解理由并明确后续执行归属逻辑归 Phase 2、视觉归 Phase 3。确保输出是后续“旧视觉+新逻辑”实施的直接输入,不在本阶段实现功能改动。
</action>
<verify>
<automated>test -s .planning/phases/01-conflict-inventory-and-decision-matrix/titan-decision-matrix.md &amp;&amp; rg -n "keep|replace|hybrid|L0|L1|L2|Phase 2|Phase 3|rationale" .planning/phases/01-conflict-inventory-and-decision-matrix/titan-decision-matrix.md</automated>
</verify>
<done>
决策矩阵可直接回答“Titan overlap 该保留什么、替换什么、为什么,以及后续在哪个阶段执行”。
</done>
</task>
</tasks>
<threat_model>
## Trust Boundaries
| Boundary | Description |
|----------|-------------|
| `git history -> planning artifacts` | 来自历史提交的证据在写入计划产物前需要防止误读与遗漏 |
| `planning artifacts -> next-phase execution` | 错误决策会传递到后续实现阶段并造成行为回归 |
## STRIDE Threat Register
| Threat ID | Category | Component | Disposition | Mitigation Plan |
|-----------|----------|-----------|-------------|-----------------|
| T-01-01 | T (Tampering) | `conflict-inventory.csv` | mitigate | 所有记录必须带 `evidence_refs`,且在 `audit-evidence.md` 可追溯到具体命令/提交 |
| T-01-02 | R (Repudiation) | `titan-decision-matrix.md` | mitigate | 每条 keep/replace/hybrid 必须包含 `rationale` 与来源证据,避免无法追责 |
| T-01-03 | I (Information Disclosure) | `audit-evidence.md` | accept | 仅记录仓库公开代码提交信息,不写入密钥/凭据;若发现敏感值立即脱敏 |
| T-01-04 | D (Denial of Service) | 验证命令链 | accept | 验证命令限定在本地文本扫描与 git 查询,不引入重型构建任务 |
</threat_model>
<verification>
1. 执行 Wave 1-3 各任务的 `<automated>` 命令,全部返回 0。
2. 抽查 `conflict-inventory.csv` 中 P0 文件,能在 `audit-evidence.md` 找到对应证据。
3. 抽查 `titan-decision-matrix.md` 至少 3 条记录,确认均有 `decision + rationale + Phase 2/3 输入`
</verification>
<success_criteria>
- 满足 MERGE-01存在文件级冲突清单且每条有证据引用与风险分级。
- 满足 MERGE-03存在 Titan overlap 决策矩阵,且每条有 keep/replace/hybrid 明确结论。
- 产物可作为后续“旧视觉+新逻辑”执行输入:每个热点有 L0/L1/L2 边界与阶段归属。
- Phase 01 不引入业务功能实现,仅交付可审计规划资产。
</success_criteria>
<output>
After completion, create `.planning/phases/01-conflict-inventory-and-decision-matrix/01-SUMMARY.md`
</output>
Reference in New Issue View Git Blame Copy Permalink