profit/local-review-harness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
local-review-harness/docs/SCRUM_TEST_TEMPLATE.md
Claude (review-harness setup) f3ee4722a8 Phase A + B (MVP) — local review harness 
Implements the MVP cutline from the planning artifact:
- Phase A: skeleton + CLI dispatch + provider interface + stub model doctor
- Phase B: scanner + git probe + 12 static analyzers + reporters + pipeline
- Phase B fixtures: clean-repo, insecure-repo, degraded-repo

12 static analyzers per PROMPT.md "Suggested Static Checks For MVP":
hardcoded_paths, shell_execution, raw_sql_interpolation, broad_cors,
secret_patterns, large_files, todo_comments, missing_tests,
env_file_committed, unsafe_file_io, exposed_mutation_endpoint,
hardcoded_local_ip.

Acceptance gates passing:
- B1 (intake produces accurate counts) ✓
- B2 (insecure fixture fires ≥8 distinct check_ids — actually 11/12) ✓
- B3 (clean fixture produces 0 confirmed findings — no false positives) ✓
- B4 (scrum mode produces all 6 required markdown + JSON reports) ✓
- B5 (receipts.json marks degraded phases honestly) ✓
- F  (self-review on this repo runs without crashing) ✓ — exit 66 (degraded
  because Phase C LLM review is hardcoded skipped)

Phases C (LLM review), D (validation cross-check), E (memory + diff +
rules subcommands) deferred per the cutline. The MVP delivers the
evidence-first path; LLM is purely additive.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 00:56:02 -05:00

1.1 KiB
Executable File
Raw Permalink Blame History

Scrum Test Template

Verdict

State whether the repository is:

  • production-ready
  • prototype-ready
  • demo-only
  • blocked

Do not soften the verdict.

Evidence

List commands run, files inspected, and outputs generated.

Confirmed Risks

Each confirmed risk must include:

  • file path
  • evidence
  • severity
  • impact
  • suggested fix

Suspected Risks

Each suspected risk must explain what evidence is missing.

Blocked Checks

List checks that could not run.

For each blocked check, include:

  • reason
  • dependency
  • next command
  • risk of not running it

Sprint Backlog

Use this format:

Sprint 0: Reproducibility Gate
Sprint 1: Trust Boundary Gate
Sprint 2: Memory Correctness Gate
Sprint 3: Agent Loop Reality Gate
Sprint 4: Deployment Gate

Acceptance Gates

Each gate must be testable.

Bad:

Improve security.

Good:

SQL interpolation scanner detects unsafe SELECT/INSERT/UPDATE/DELETE string assembly and emits confirmed findings with file evidence.

Next Commands

List only commands that can actually be run.