S260224-01: concept governance + YAML unification run/ship closure by spilist · Pull Request #26 · corca-ai/claude-plugins

spilist · 2026-02-24T01:46:55Z

Closes #25

목적

CWF concept governance + YAML 계약 통일 작업을 ship 가능한 상태로 마감하고, cwf:run의 ship 단계에서 non-base branch일 때 issue/PR 생성 근거가 아티팩트 게이트로 검증되도록 보강합니다.

주요 결정사항

Decision	Rationale	Alternatives
Exclusion sunset 정책을 `release-based`로 고정	exclusion 만료 시점을 릴리스 운영 단위로 관리하기 쉬움	date-based
Concept checker aggregate 형식을 `jsonl`로 표준화	게이트/로그 파이프라인에서 기계 파싱 일관성 확보	YAML
legacy JSON contracts 즉시 제거	이번 마이그레이션은 back-compat 비요구, YAML 단일 경로 유지	1-release 유예
non-base ship에 issue/pr URL 검증 추가	상태 요약만으로 종료되는 누락 재발 방지	status-only gate

검증 방법

bash plugins/cwf/scripts/check-concepts.sh --strict
bash plugins/cwf/scripts/check-portability-contract.sh --contract auto --context manual
bash plugins/cwf/scripts/check-change-impact.sh --working
bash plugins/cwf/scripts/check-claim-test-mapping.sh
bash plugins/cwf/scripts/check-run-gate-artifacts.sh --session-dir .cwf/projects/260224-01-concept-governance-yaml-unification --stage ship --strict --record-lessons
bash scripts/premerge-cwf-gate.sh --mode premerge --plugin cwf
bash .claude/skills/plugin-deploy/scripts/check-consistency.sh cwf

인간 판단 필요 사항

run-start branch 정책(메인에서 시작 시 feature branch 생성)이 현재 운영 의도와 정확히 일치하는지 최종 확인.
non-base ship에서 issue/pr URL 요구를 hard-fail로 둔 강도가 적절한지 확인.

머지 후 영향

시스템 동작 변경

concept governance registry가 release-based exclusion + jsonl aggregate 정책을 강제합니다.
legacy JSON contract 파일(plugins/cwf/contracts/*.json)이 제거되고 YAML-only 경로가 남습니다.
ship stage 게이트가 non-base branch에서 issue_ref/pr_ref URL 존재를 검증합니다.

향후 작업 영향

concept/hook/skill 변경 시 exclusion 메타데이터 누락이 즉시 탐지됩니다.
run/ship 누락 이슈를 게이트 차원에서 조기에 차단할 수 있습니다.

회고 결과 요약

deterministic gate 기반으로 concept governance + YAML migration을 안정적으로 마감했습니다.
review-code session_log_* 누락을 보정해 재검증 통과했습니다.
의미 단위 커밋 원칙을 실제 실행 및 거버넌스 문서에 반영했습니다.

영속화 및 후속 제안

Owner: plugin, Apply Layer: upstream, Target: plugins/cwf/concepts/registry.yaml exclusion policy evolution (release-based 유지/확장).
Owner: plugin, Apply Layer: upstream, Target: plugins/cwf/scripts/check-run-gate-artifacts.sh ship URL 정책 회귀 테스트 추가.

상세 아티팩트 (diff stat, lessons, CDM)

Diff Stat

 .claude-plugin/marketplace.json                    |   2 +-
 .cwf/codebase-contract.yaml                        | 157 +++++
 .cwf/cwf-state.yaml                                |  35 +-
 .../session-state.yaml                             |  28 +-
 .../clarify-result.md                              |  44 ++
 .../gather.md                                      |  90 +++
 .../initial-plan.md                                | 199 ++++++
 .../lessons.md                                     |  40 ++
 .../plan.md                                        | 200 ++++++
 .../refactor-summary.md                            |  24 +
 .../retro.md                                       |  15 +
 .../review-architecture-code.md                    |  11 +
 .../review-architecture-plan.md                    |  11 +
 .../review-correctness-code.md                     |  11 +
 .../review-correctness-plan.md                     |  12 +
 .../review-expert-alpha-code.md                    |  12 +
 .../review-expert-alpha-plan.md                    |  12 +
 .../review-expert-beta-code.md                     |  12 +
 .../review-expert-beta-plan.md                     |  12 +
 .../review-security-code.md                        |  10 +
 .../review-security-plan.md                        |  11 +
 .../review-synthesis-code.md                       |  38 ++
 .../review-synthesis-plan.md                       |  33 +
 .../review-ux-dx-code.md                           |  10 +
 .../review-ux-dx-plan.md                           |  11 +
 .../run-ambiguity-decisions.md                     |   8 +
 .../run-stage-provenance.md                        |  12 +
 .../session-logs/260224-0912-f50765a9.codex.md     |   1 +
 .../ship.md                                        |  14 +
 .cwf/sessions/.sync-state/f50765a9.json            |  15 +
 .cwf/sessions/260224-0912-f50765a9.codex.md        | 238 +++++++
 .cwf/setup-contract.yaml                           |  96 +++
 AGENTS.md                                          |   2 +
 README.ko.md                                       |   2 +-
 docs/plugin-dev-cheatsheet.md                      |   2 +-
 plugins/cwf/.claude-plugin/plugin.json             |   2 +-
 plugins/cwf/concepts/README.md                     |  30 +
 plugins/cwf/concepts/agent-orchestration.md        |  27 +
 .../concepts/checkers/check-agent-orchestration.sh |  15 +
 plugins/cwf/concepts/checkers/check-contract.sh    |  15 +
 .../cwf/concepts/checkers/check-decision-point.sh  |  15 +
 plugins/cwf/concepts/checkers/check-expert.sh      |  15 +
 plugins/cwf/concepts/checkers/check-handoff.sh     |  15 +
 plugins/cwf/concepts/checkers/check-provenance.sh  |  15 +
 .../concepts/checkers/check-tier-classification.sh |  15 +
 plugins/cwf/concepts/checkers/lib.sh               |  69 ++
 plugins/cwf/concepts/contract.md                   |  26 +
 plugins/cwf/concepts/decision-point.md             |  26 +
 plugins/cwf/concepts/expert.md                     |  26 +
 plugins/cwf/concepts/handoff.md                    |  26 +
 plugins/cwf/concepts/provenance.md                 |  26 +
 plugins/cwf/concepts/registry.yaml                 |  89 +++
 plugins/cwf/concepts/tier-classification.md        |  26 +
 plugins/cwf/contracts/authoring-contract.json      |  73 ---
 plugins/cwf/contracts/authoring-contract.yaml      |  72 +++
 plugins/cwf/contracts/change-impact.json           |  81 ---
 plugins/cwf/contracts/change-impact.yaml           |  54 ++
 plugins/cwf/contracts/claims.json                  | 149 -----
 plugins/cwf/contracts/claims.yaml                  |  82 +++
 plugins/cwf/contracts/portable-contract.json       |  19 -
 plugins/cwf/contracts/portable-contract.yaml       |  14 +
 plugins/cwf/references/contract-governance.md      |  42 ++
 plugins/cwf/scripts/check-change-impact.sh         |  33 +-
 plugins/cwf/scripts/check-claim-test-mapping.sh    |  45 +-
 plugins/cwf/scripts/check-concepts.sh              | 692 +++++++++++++++++++++
 plugins/cwf/scripts/check-portability-contract.sh  |  33 +-
 plugins/cwf/scripts/check-run-gate-artifacts.sh    |  42 ++
 plugins/cwf/skills/refactor/SKILL.md               |   2 +-
 .../refactor/references/codebase-contract.md       |   4 +-
 .../scripts/bootstrap-codebase-contract.sh         | 343 +++++-----
 .../scripts/check-codebase-contract-runtime.sh     | 138 +++-
 .../skills/refactor/scripts/codebase-quick-scan.py |  66 +-
 .../skills/refactor/scripts/codebase-quick-scan.sh |   4 +-
 .../refactor/scripts/select-codebase-experts.sh    |  62 +-
 plugins/cwf/skills/run/SKILL.md                    |  36 +-
 .../cwf/skills/run/references/stage-operations.md  |  16 +-
 .../cwf/skills/setup/references/setup-contract.md  |   6 +-
 plugins/cwf/skills/ship/SKILL.md                   |   3 +
 78 files changed, 3403 insertions(+), 616 deletions(-)

Lessons Learned

run 시작 전 setup readiness 선검증이 중단 리스크를 줄임.
이전 초안(initial-plan.md)과 실행계약(plan.md) 분리가 추적성에 유리.
구조 마이그레이션은 evidence-first로 hotspot을 먼저 분해해야 안정적.

CDM (Critical Decision Moments)

No CDM recorded yet.

Review Checklist

Code changes match PR description
No unintended file changes
Tests pass (if applicable)
Retro persistence proposals are tracked as follow-up actions/issues
Scripts are executable and pass shellcheck
SKILL.md under 500 lines
Version bumped appropriately
Markdown lint passes

Created with /ship pr

Summary by CodeRabbit

릴리스 노트

New Features
- 개념 기반 거버넌스(결정지점, 전문가, 인수 등) 및 결정론적 개념 게이트 도입
- YAML 기반 계약·레지스트리로 계약 표현과 검사 경로 통일
- 세션/런 추적과 단계별 실행·보고 문서화, 도구 기반 검증 파이프라인 추가
- 플러그인 버전 1.0.0 출시
Bug Fixes & Improvements
- JSON → YAML 통합으로 설정 일관성 강화
- 자동 검사·체커 강화 및 non-base 브랜치 시 릴리스 요구사항(이슈/PR URL) 검증 추가

coderabbitai · 2026-02-24T01:47:15Z

Warning

Rate limit exceeded

@spilist has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 6 minutes and 40 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between e7f7fd1 and dca9348.

📒 Files selected for processing (1)

scripts/tests/retro-coverage-contract-fixtures.sh

Walkthrough

개념 거버넌스 도입과 계약 파일을 JSON에서 YAML로 전환하고, 개념 레지스트리·검증 스크립트·세션/설정 계약을 추가하며 run/ship 브랜치 정책과 관련 검증 흐름을 강화합니다.

Changes

Cohort / File(s)	Summary
Version Bumps `\.claude-plugin/marketplace.json`, `plugins/cwf/.claude-plugin/plugin.json`	플러그인 버전 메타데이터 0.8.12 → 1.0.0 으로 상향.
Codebase Contracts & Setup `.cwf/codebase-contract.yaml`, `.cwf/setup-contract.yaml`, `.cwf/codebase-contract.yaml`	새 코드베이스 계약 YAML 도입 및 설정 계약 추가(툴 요구사항, 훅 설정 등).
CWF State & Sessions `.cwf/cwf-state.yaml`, `.cwf/projects/.../session-state.yaml`, `.cwf/sessions/`, `.cwf/sessions/.sync-state/.json`	세션 항목/라이브 상태 업데이트, 세션 트랜스크립트 및 동기화 메타데이터 추가.
Project Run Artifacts `.cwf/projects/260224-01-concept-governance-yaml-unification/*`	gather/clarify/plan/review/retro/ship 등 프로젝트 실행 아티팩트(문서, 로그, 결정 기록) 추가.
Concept Governance: docs & registry `plugins/cwf/concepts/registry.yaml`, `plugins/cwf/concepts/README.md`, `plugins/cwf/concepts/*.md`	개념 레지스트리 파일과 개념 정의 문서(expert, contract, decision-point, 등) 추가.
Concept Checkers: lib & scripts `plugins/cwf/concepts/checkers/lib.sh`, `plugins/cwf/concepts/checkers/check-*.sh`	공유 검증 라이브러리와 개별 개념 검사 스크립트(표준화된 검증 흐름) 추가.
Contract YAMLs (new) `plugins/cwf/contracts/*.yaml` (`authoring-contract.yaml`, `portable-contract.yaml`, `claims.yaml`, `change-impact.yaml`)	기존 JSON 계약을 대응하는 YAML 형식으로 새로 추가(체크 정의 포함).
Removed JSON contracts `plugins/cwf/contracts/*.json` (`authoring-contract.json`, `change-impact.json`, `claims.json`, `portable-contract.json`)	동일 목적의 JSON 파일 삭제(형식 전환).
Scripts: YAML support & behavior changes `plugins/cwf/scripts/check-*.sh`, `plugins/cwf/scripts/check-concepts.sh`	계약 파일을 YAML로 처리하도록 스크립트 변경/추가(임시 JSON 변환, yq 요구, 정리 트랩 등) 및 신규 개념 검증 스크립트 도입(복합 검사·집계).
Refactor skill: contract migration `plugins/cwf/skills/refactor/...`	refactor 스킬 관련 스크립트·도구에서 계약 기본 경로 및 로딩을 YAML 우선으로 변경하고 YAML/JSON 파싱 지원 추가.
Run/Ship skill policy `plugins/cwf/skills/run/SKILL.md`, `plugins/cwf/skills/run/references/stage-operations.md`, `plugins/cwf/skills/ship/SKILL.md`, `plugins/cwf/scripts/check-run-gate-artifacts.sh`	run 시작 브랜치 정책(기본에서 시작 시 feature 브랜치 생성)과 ship 단계의 non-base 브랜치 처리(issue/pr 요구) 규칙 및 ship stage 검증(issue_ref/pr_ref) 추가.
Docs & Cheatsheets `docs/plugin-dev-cheatsheet.md`, `plugins/cwf/references/contract-governance.md`, `AGENTS.md`, `README.ko.md`	계약 경로/형식 변경 반영 및 계약 거버넌스 문서 추가/업데이트.

Sequence Diagram(s)

sequenceDiagram
  participant Operator as Operator
  participant CheckScript as check-concepts.sh
  participant Registry as registry.yaml
  participant Checker as concept checker scripts
  participant Files as docs/files (concept docs, targets)

  Operator->>CheckScript: run check-concepts.sh [--summary|--strict]
  CheckScript->>Registry: load registry.yaml
  alt registry invalid
    CheckScript->>Operator: exit 2 (config error)
  else registry valid
    CheckScript->>Files: validate target_docs exist
    CheckScript->>Checker: for each concept → execute checker script
    Checker-->>CheckScript: exit code (0/10/1+), output
    CheckScript->>Operator: aggregate PASS/WARN/FAIL per concept
    CheckScript->>Operator: final exit (0 success / 1 fail / 2 usage)
  end

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

Feat/plugin structure #4 — 동일한 .claude-plugin/marketplace.json 항목(매니페스트/버전) 관련 변경으로 직접적인 연관성 있음.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 5.13% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 변경 사항의 핵심을 명확히 전달합니다. S260224-01 세션에서 concept governance 및 YAML 통합을 완료하고 ship 단계를 마감했다는 의도가 명확합니다.
Linked Issues check	✅ Passed	PR이 `#25` 이슈의 모든 주요 목표를 충족합니다. run-start 브랜치 정책 문서화, non-base branch ship 단계에서 issue→PR 생성 강제, concept governance 및 YAML 마이그레이션 완료 등이 구현되었습니다.
Out of Scope Changes check	✅ Passed	모든 변경 사항이 concept governance 및 YAML 통합 마이그레이션, run/ship 계약 강화와 직접 관련이 있습니다. 범위 외 변경은 발견되지 않습니다.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch feat/260224-concept-governance-plan

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 15

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/cwf/skills/refactor/scripts/select-codebase-experts.sh (1)

124-131: ⚠️ Potential issue | 🟡 Minor

스캔 JSON 파싱 실패 시 경고 없이 묵살됩니다

load_json_document는 파일이 존재하더라도 JSON이 올바르지 않으면 None을 반환하고, main()의 or {}가 이를 빈 딕셔너리로 조용히 대체합니다. 사용자는 스캔 데이터가 누락된 상태로 expert 선택 결과를 받게 되며, warnings 목록에도 아무 흔적이 남지 않습니다.

load_contract_document가 경고 문자열을 반환하는 방식과 동일하게, 파싱 실패 시 경고를 전파하도록 수정하는 것을 권장합니다.

♻️ 수정 제안

-def load_json_document(path):
-    if not os.path.isfile(path):
-        return None
-    try:
-        with open(path, encoding="utf-8") as f:
-            return json.load(f)
-    except Exception:
-        return None
+def load_json_document(path):
+    """Returns (data_or_None, warning_str)."""
+    if not os.path.isfile(path):
+        return None, "scan file missing"
+    try:
+        with open(path, encoding="utf-8") as f:
+            return json.load(f), ""
+    except Exception as exc:
+        return None, f"unable to parse scan JSON: {exc}"

-    scan = load_json_document(scan_path) or {}
+    scan_data, scan_warning = load_json_document(scan_path)
+    scan = scan_data or {}
     loaded, contract_warning = load_contract_document(contract_path)
     warnings = []
+    if scan_warning:
+        warnings.append(scan_warning)
     if contract_warning:
         warnings.append(contract_warning)

Also applies to: 254-258

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/skills/refactor/scripts/select-codebase-experts.sh` around lines
124 - 131, load_json_document currently swallows JSON parse errors and returns
None, which main() then silently replaces with {}; update load_json_document to
propagate a warning string (like load_contract_document does) when json.load
fails instead of returning None, e.g., return a descriptive warning message or
tuple that main() can detect; adjust main() to append that warning to the
warnings list (rather than relying on or {}) and handle the returned warning
consistently; apply the same change to the duplicate implementation around the
other occurrence (lines ~254-258) so both JSON-loading functions propagate parse
warnings.

🧹 Nitpick comments (9)

plugins/cwf/scripts/check-portability-contract.sh (1)
129-131: 2>/dev/null로 인해 yq 변환 실패 시 진단 정보가 소실됨

yq 오류 출력이 억제되어 YAML 파싱에 실패해도 실제 원인(예: 잘못된 YAML 구문, 예상치 못한 yq 버전 동작)을 알 수 없고 제네릭 메시지만 남습니다. 디버깅 편의를 위해 stderr를 변수에 캡처하거나 메시지에 포함시키는 방식을 권장합니다.
♻️ 제안된 개선
-if ! yq -o=json '.' "$CONTRACT_PATH" >"$CONTRACT_JSON_TMP" 2>/dev/null; then
-  fail "invalid contract format: expected YAML/JSON object"
-fi
+yq_err=$(yq -o=json '.' "$CONTRACT_PATH" >"$CONTRACT_JSON_TMP" 2>&1) || \
+  fail "invalid contract format: expected YAML/JSON object (yq: $yq_err)"
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-portability-contract.sh` around lines 129 - 131,
The yq call currently redirects stderr to /dev/null which hides parsing errors;
modify the check around the yq invocation (the command using CONTRACT_PATH and
outputting to CONTRACT_JSON_TMP) to capture yq's stderr into a variable (or to a
temporary file) and include that stderr content in the fail call (the fail
function invocation) when the command fails so diagnostics (YAML syntax errors
or yq runtime messages) are preserved for debugging.
plugins/cwf/concepts/provenance.md (1)
19-21: 형제 파일 링크에 불필요한 ../concepts/ 경로 순환이 있음

plugins/cwf/concepts/provenance.md 기준으로 ../concepts/contract.md는 한 단계 올라갔다 같은 디렉터리(plugins/cwf/concepts/)로 돌아오는 우회 경로입니다. 동일한 디렉터리 내 형제 파일이므로 직접 상대 경로만 사용하는 것이 더 명확합니다.
♻️ 제안된 수정
-[contract](../concepts/contract.md)
-[handoff](../concepts/handoff.md)
-[tier-classification](../concepts/tier-classification.md)
+[contract](contract.md)
+[handoff](handoff.md)
+[tier-classification](tier-classification.md)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/concepts/provenance.md` around lines 19 - 21,
plugins/cwf/concepts/provenance.md에 있는 목록 항목들이 같은 디렉터리의 형제 파일임에도 불필요하게
"../concepts/"로 상위로 올라갔다가 다시 돌아오는 우회 경로를 사용하고 있으므로, 각 항목의 링크에서 "../concepts/"
접두사를 제거하고 단순히 "contract.md", "handoff.md", "tier-classification.md"로 변경하여 명확한 상대
경로를 사용하도록 수정하세요.
plugins/cwf/concepts/expert.md (1)
19-21: Related Concepts 링크 경로 단순화 권장

expert.md는 이미 plugins/cwf/concepts/ 디렉토리에 위치하므로, ../concepts/ 경유는 같은 디렉토리를 불필요하게 우회하는 자기 순환 경로입니다. 링크는 기능적으로 올바르지만 가독성을 위해 단순화를 권장합니다.
♻️ 링크 경로 단순화 제안
-[contract](../concepts/contract.md)
-[decision-point](../concepts/decision-point.md)
-[agent-orchestration](../concepts/agent-orchestration.md)
+[contract](contract.md)
+[decision-point](decision-point.md)
+[agent-orchestration](agent-orchestration.md)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/concepts/expert.md` around lines 19 - 21, The links in expert.md
use redundant ../concepts/ paths; update the three link targets (contract,
decision-point, agent-orchestration) to reference the files directly within the
same directory (replace ../concepts/contract.md, ../concepts/decision-point.md,
../concepts/agent-orchestration.md with contract.md, decision-point.md,
agent-orchestration.md) so the Markdown links are simplified and no longer
self-referential.
plugins/cwf/references/contract-governance.md (1)
38-40: 제외(Exclusion) 만료 정책이 미정 상태입니다.

Line 40에서 제외 항목이 "임시적"임을 명시하고 있으나, 만료 기준(릴리스 기반 vs. 날짜 기반)이 정의되지 않았습니다. PR 목표에서도 이를 후속 작업으로 남겨 두었으나, 정책 없이 제외 항목이 누적될 경우 레지스트리 일관성이 저하될 수 있습니다.
💡 릴리스 기반 만료 정책 예시
-Exclusions are temporary and should include rationale in review discussion.
+Exclusions are temporary. Each exclusion must declare a sunset condition (preferred: target release tag) and include rationale in review discussion.
+Exclusions without a sunset condition should be resolved before the next major release.
릴리스 기반 만료 정책을 레지스트리 스키마(registry.yaml)에 sunset 필드로 반영하는 구체적인 제안이 필요하면 알려주세요.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/references/contract-governance.md` around lines 38 - 40, 문서의
"Exclusions" 항목이 임시적이라고만 되어 있어 만료 기준(릴리스 기반 vs 날짜 기반)이 정의되지 않아 누적 위험이 있으니, 우선
정책을 명확히 정하고 문서와 레지스트리 스키마에 반영하세요: 1) 결정: 릴리스 기반(예: N 릴리스 후 자동 만료) 또는 날짜
기반(YYYY-MM-DD) 중 하나를 선택하고 명세화합니다; 2) 스키마 변경: registry.yaml에 신규 필드 'sunset'을 추가해
만료 기준(릴리스 태그 또는 만료일)을 명시하도록 하고 그 의미를 README/contract-governance.md의 "Exclusions"
문단에 기술하세요; 3) 검증/자동화: 레지스트리 로더나 CI 검증(예: registry validation job)에 'sunset' 필드
존재와 만료 여부를 검사해 만료 누락을 방지하도록 구현하세요.
plugins/cwf/skills/refactor/scripts/codebase-quick-scan.py (1)
116-156: load_contract_document 함수의 JSON→YAML 폴백 로직이 잘 구성되었습니다.

JSON 우선 파싱 → YAML 폴백 → 타입 검증 순서가 명확하고, None 반환 시 빈 dict 변환 처리도 올바릅니다.

한 가지 사소한 점: Line 140의 if parse_errors else "json parser unavailable" 분기에서 else 부분은 도달 불가능합니다. Line 139에 도달하려면 JSON 파싱이 실패해야 하므로 parse_errors에는 항상 항목이 존재합니다.
♻️ 도달 불가능한 else 분기 제거 제안
     if yaml is None:
-        detail = parse_errors[0] if parse_errors else "json parser unavailable"
+        detail = parse_errors[0]
         return None, f"unable to parse contract YAML without PyYAML; fallback defaults used ({detail})"
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/skills/refactor/scripts/codebase-quick-scan.py` around lines 116
- 156, In load_contract_document, the yaml-unavailable branch currently checks
"parse_errors[0] if parse_errors else 'json parser unavailable'", but
parse_errors will always contain the JSON error when that branch is reached;
remove the unreachable else and directly use parse_errors[0] (or otherwise
assert/assume parse_errors is non-empty) so the returned message uses the actual
JSON parse error without the dead "json parser unavailable" alternative.
plugins/cwf/scripts/check-change-impact.sh (1)
135-136: yq 변환 실패 시 stderr 억제(2>/dev/null)가 디버깅을 어렵게 할 수 있습니다.

check-claim-test-mapping.sh(Line 78)과 이 스크립트(Line 135) 모두에서 yq 오류 출력을 억제합니다. 변환 실패 시 "invalid contract format" 메시지만 표시되어 근본 원인 파악이 어려울 수 있습니다. stderr를 캡처하여 fail 메시지에 포함하면 디버깅이 용이해집니다.
♻️ yq 오류 메시지 캡처 제안
-if ! yq -o=json '.' "$CONTRACT_PATH" >"$CONTRACT_JSON_TMP" 2>/dev/null; then
-  fail "invalid contract format: expected YAML/JSON object"
+yq_err=""
+if ! yq_err=$(yq -o=json '.' "$CONTRACT_PATH" >"$CONTRACT_JSON_TMP" 2>&1); then
+  fail "invalid contract format: expected YAML/JSON object ($yq_err)"
 fi
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-change-impact.sh` around lines 135 - 136, The yq
command currently suppresses stderr (yq -o=json '.' "$CONTRACT_PATH"
>"$CONTRACT_JSON_TMP" 2>/dev/null) which hides the underlying parse error;
change the invocation so you capture yq's stderr (e.g., into a variable or temp
file) and pass that content to the fail function; update the code paths that use
CONTRACT_PATH and CONTRACT_JSON_TMP and the call site of fail to include the
captured yq error message (and fall back to the current "invalid contract
format" text if empty) so failures show the original yq error for debugging.
plugins/cwf/scripts/check-concepts.sh (2)
386-398: 훅 키 형식(event@@matcher@@command)이 복잡하며 레지스트리와의 매칭이 취약할 수 있습니다.

hook_bindings의 키가 jq로 생성한 event@@matcher@@command 복합 키와 정확히 일치해야 합니다. 이 형식은 registry.yaml에서 수동으로 작성해야 하므로, 공백이나 구분자 불일치 시 바인딩 검증이 실패할 수 있습니다.

복합 키 형식을 스크립트 상단이나 레지스트리에 명시적으로 문서화하는 것을 권장합니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-concepts.sh` around lines 386 - 398, The composite
hook key format built into ACTIVE_HOOK_KEYS via the jq pipeline (see
ACTIVE_HOOK_KEYS, HOOKS_PATH and the jq expression producing
"event@@matcher@@command") is brittle; normalize and document it: define a
single constant separator (e.g. HOOK_KEY_SEP="@@") at the top of the script,
trim whitespace from event/matcher/command before joining, and update the jq
generation and any consumers (hook_bindings lookup) to use that constant
separator so registry.yaml must match the documented format; also add a short
comment near the top documenting the exact required composite key format so
maintainers know to use the same separator and whitespace rules.
144-243: 수동 YAML 파싱은 제어된 registry.yaml 형식에서만 안전합니다.

parse_registry()는 정확히 2/4칸 들여쓰기, 단순 key: value 구조, 소문자+하이픈 컨셉 ID만 지원합니다. 이는 yq 의존성을 피하는 합리적인 trade-off이지만, 레지스트리 형식이 변경되면(예: 멀티라인 값, 중첩 구조, 앵커/별칭) 조용히 파싱을 건너뛸 수 있습니다.

레지스트리 형식 제약 사항을 registry.yaml 또는 이 스크립트 상단에 문서화하면 향후 혼란을 방지할 수 있습니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-concepts.sh` around lines 144 - 243,
parse_registry() currently implements fragile manual YAML parsing (expects exact
2/4-space indents, simple key: value lines, lowercase-hyphen ids) and can
silently skip unsupported constructs; update the repo by (1) adding a clear
top-of-file comment in plugins/cwf/scripts/check-concepts.sh and/or a header in
registry.yaml that lists the exact supported subset (allowed indent levels, no
multiline values, no anchors/aliases, allowed character sets for concept IDs),
and (2) modify parse_registry() to detect unsupported patterns (e.g. multiline
values, unexpected indentation, presence of YAML anchors/& or aliases/*, or
lines not matching the explicit regexes) and fail loudly with a descriptive
message including $REGISTRY_PATH and the offending line or range so maintainers
know to fix the registry or use yq; reference function parse_registry,
associative arrays
CONCEPT_IDS/CONCEPT_DOC/CONCEPT_CHECKER/CONCEPT_TARGET_DOCS/CONCEPT_REQUIRED_LINKS,
and variable REGISTRY_PATH when adding the validation and error reporting.
plugins/cwf/scripts/check-claim-test-mapping.sh (1)
25-42: fail(), require_cmd(), cleanup() 함수가 여러 스크립트에서 중복됩니다.

check-portability-contract.sh, check-change-impact.sh, check-hook-sync.sh, check-portability-fixtures.sh 등에서 동일한 헬퍼 함수(fail, require_cmd, cleanup)가 반복적으로 정의되어 있습니다. 공통 라이브러리(예: lib.sh)로 추출하면 유지보수 부담을 줄일 수 있습니다.

check-concepts.sh에서 이미 plugins/cwf/concepts/checkers/lib.sh를 활용하는 패턴이 존재하므로, 스크립트 공통 유틸리티도 유사하게 통합하는 것을 고려해 보세요.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-claim-test-mapping.sh` around lines 25 - 42,
Extract the duplicated helper functions fail, warn, require_cmd, and cleanup
into a shared shell library (e.g., lib.sh) and then update each script that
currently defines them (examples: check-portability-contract,
check-change-impact, check-hook-sync, check-portability-fixtures, etc.) to
source that library instead of redefining the functions; ensure the shared lib
exports the same function names and behavior (including cleanup's
CONTRACT_JSON_TMP check and require_cmd's exit-on-missing behavior) and remove
the duplicate definitions from each script so they simply source the common lib
at the top.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.cwf/cwf-state.yaml:
- Around line 571-572: The committed .cwf/cwf-state.yaml contains a
machine-specific absolute path in the worktree_root field; update the code that
persists CWF state so it never writes developer absolute paths: when saving
state (the routine that writes worktree_root/worktree_branch/phase), convert
worktree_root to a relative path or an empty string for phase == "done", or
clear worktree_root at session end; ensure the writer uses a relative resolution
(or omits worktree_root) before committing and add a safe-guard to cwf:run
persistence to prevent storing user-specific absolute paths.

In @.cwf/projects/260221-01-retro-cwf-081-plus-postmortem/session-state.yaml:
- Around line 20-21: The session-state.yaml contains a hardcoded local absolute
path in the worktree_root key which leaks a username and breaks portability;
update the worktree_root value in session-state.yaml (key: worktree_root) to an
empty string "" or a repository-relative value "." and ensure any code that
reads worktree_root (CWF tooling that references worktree_root) falls back to
computing the actual worktree at runtime (e.g., resolve to process/OS cwd or
repo root) when the value is empty or "." so no developer-specific absolute
paths are committed.

In
@.cwf/projects/260224-01-concept-governance-yaml-unification/review-correctness-plan.md:
- Around line 3-11: 결정되지 않은 exclusion sunset policy로 인해 "Conditional Pass" 조건이
미충족 상태이니, 먼저 배포 전 exclusion sunset policy 방식을 release-based 또는 date-based 중 하나로
확정하고 그 결정을 plugins/cwf/concepts/registry.yaml의 skill_exclusions 및
hook_exclusions 필드에 반영하거나 check-concepts.sh 등의 검사 스크립트에 명시적 규칙으로 인코딩하세요; 구체적으로
retro.md의 Follow-ups(“Decide exclusion sunset policy before ship.”)에 따라 정책 선택(예:
release tag 기준 만료 또는 특정 만료일)과 만료 계산 로직(기간 계산, 예외 처리, 기본값)을 정의한 뒤 registry.yaml에
해당 정책 메타데이터/타임스탬프 또는 check-concepts.sh의 검사 조건(검증 실패 시 에러/경고 출력)을 추가하여 자동 검증이 되도록
구현합니다.

In
@.cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-code.md:
- Around line 19-27: 문서의 상태 값이 실제 세션 로그와 일치하지 않습니다: 업데이트할 키는
session_log_present, session_log_lines(및 필요한 경우
session_log_turns/session_log_last_turn)입니다; session_log_present를 true로 바꾸고 실제
로그 파일(260224-0912-f50765a9.codex.md)의 라인 수로 session_log_lines 값을 갱신하며
session_log_turns와 session_log_last_turn도 실제 값으로 맞춰 session_log_cross_check 경고가
해소되도록 수정하세요.

In
@.cwf/projects/260224-01-concept-governance-yaml-unification/run-stage-provenance.md:
- Around line 4-12: The provenance rows list has chronological inconsistencies:
the "impl" row shows a start time earlier than "gather" and the "plan" row
starts before "clarify"; update the entries so recorded timestamps match actual
execution order or reorder the table rows to reflect real run sequence. Locate
the rows identified by the step names ("gather", "clarify", "plan", "impl") and
either adjust their start/end timestamps to the true times or move the rows so
the table is in ascending timestamp order, ensuring the provenance reflects the
actual execution chronology for audit/gating purposes.

In
@.cwf/projects/260224-01-concept-governance-yaml-unification/session-logs/260224-0912-f50765a9.codex.md:
- Line 1: Line 1 contains a local absolute path exposing a username
("/home/hwidong/..."); replace that absolute path with a relative path or an
anonymized placeholder to remove PII (for example use
"./.cwf/sessions/260224-0912-f50765a9.codex.md" or "/home/<REDACTED_USER>/..."
or simply "sessions/260224-0912-f50765a9.codex.md"), update any references in
the same file that rely on the original path, and ensure the commit contains no
other local absolute paths or usernames.

In @.cwf/sessions/.sync-state/f50765a9.json:
- Around line 1-14: This session state file contains absolute paths and
usernames in keys like "jsonl_path" and "out_file" which leak local user info;
either remove/replace those fields with relative or anonymized values and
regenerate the file, or ensure this file pattern
(.cwf/sessions/.sync-state/*.json) is added to .gitignore so it is not
committed; update any code that writes these files (the session emitter logic
that sets "jsonl_path"/"out_file"/"last_mtime") to write sanitized/relative
paths or to skip writing sensitive local paths when running in repo mode.

In `@plugins/cwf/concepts/checkers/lib.sh`:
- Around line 1-10: The top-level set -euo pipefail in lib.sh is applied to any
script that sources this library and can break callers (especially when combined
with return 10); change the file so the strict shell options are only enabled
when the file is executed, not when sourced: wrap the set -euo pipefail line in
a guard such as if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then set -euo pipefail;
fi (leave any return 10 usage in callers intact) or alternatively remove the
global set and document that callers must enable strict mode
themselves—reference the set -euo pipefail declaration in lib.sh and the return
10 behavior to locate the relevant code to change.
- Around line 62-65: The function concept_check in lib.sh currently returns 10
for non-blocking warnings but individual checker scripts (e.g.,
check-contract.sh, check-expert.sh, check-handoff.sh) run under set -euo
pipefail so a non-zero return aborts the entire script; fix each checker by
wrapping the call to concept_check so the caller captures the exit code
(concept_check ... || rc=$?) and then normalizes warning code 10 to success (if
[[ ${rc:-0} == 10 ]]; then exit 0), or alternatively update the comment in
lib.sh to explicitly require callers to run concept_check under a set +e / set
-e wrapper; reference concept_check and the return 10 behavior when making the
change.

In `@plugins/cwf/concepts/registry.yaml`:
- Around line 4-38: The required_links entries (the required_links keys for
expert, contract, decision-point, tier-classification, agent-orchestration,
handoff, provenance in plugins/cwf/concepts/registry.yaml) are currently
unquoted strings that look like flow-sequence syntax and break YAML parsing; fix
each by turning the entire RHS value into a quoted scalar (e.g., wrap the
existing [name](../concepts/name.md) text in single or double quotes) so
required_links remains a single string per concept and the file parses
correctly.

In `@plugins/cwf/contracts/authoring-contract.json`:
- Line 10: authoring-contract.json is a deprecated, never-loaded artifact;
remove the file (or replace its contents with a clear deprecation header) so it
doesn't confuse maintainers, and ensure no references remain to it in scripts or
docs: verify check-portability-contract.sh, check-claim-test-mapping.sh,
change-impact.yaml and any README/manifest refer only to authoring-contract.yaml
(the active ${profile}-contract.yaml pattern) and update those references if
found.

In `@plugins/cwf/scripts/check-concepts.sh`:
- Around line 108-115: The strip_quotes function currently only removes
surrounding double quotes; update it to also handle surrounding single quotes by
detecting if the trimmed value begins and ends with either " or ' and then
stripping the first and last character accordingly (preserve empty-string
behavior and other whitespace already handled by trim). Modify the condition in
strip_quotes (and the subsequent substring removal logic) so it checks for both
quote types (e.g., test first and last character for "'" or '"') and removes
those outer quotes rather than only double quotes, keeping the rest of the
function (trim call and printf) intact.

In `@plugins/cwf/skills/run/references/stage-operations.md`:
- Around line 97-107: The script references $resolved_base_branch but never
documents or sets it; update the file to either compute or validate that
variable before use (e.g., derive from cwf-state.yaml, a pipeline init step, or
resolve via git commands) and add a clear inline comment describing its source,
or add a fallback resolution/guard that sets $resolved_base_branch when absent;
reference the variable name $resolved_base_branch and the conditional that calls
Skill(skill="cwf:ship", ...) so reviewers/agents can find where to add the
documentation or the default-resolution logic.
- Around line 100-103: The Skill invocation using Skill(skill="cwf:ship",
args="") does not implement the policy-required status report for a resolved
base branch; update that call to use Skill(skill="cwf:ship", args="status") so
the ship skill performs the actual status reporting (open issues, PRs, checks)
and requests user decision rather than only printing available commands.

In `@plugins/cwf/skills/run/SKILL.md`:
- Around line 85-98: The current resolved_base_branch logic stops with
WAIT_INPUT if origin/HEAD and local main/master are missing; modify the fallback
to first check remote branches refs/remotes/origin/main and
refs/remotes/origin/master (using git show-ref --verify --quiet) and set
resolved_base_branch to "main" or "master" when found, before falling back to
checking local refs (refs/heads/main, refs/heads/master); keep the existing
WAIT_INPUT exit only if neither remote nor local branches are found, and update
the conditional flow around the resolved_base_branch variable and the git
show-ref checks accordingly.

---

Outside diff comments:
In `@plugins/cwf/skills/refactor/scripts/select-codebase-experts.sh`:
- Around line 124-131: load_json_document currently swallows JSON parse errors
and returns None, which main() then silently replaces with {}; update
load_json_document to propagate a warning string (like load_contract_document
does) when json.load fails instead of returning None, e.g., return a descriptive
warning message or tuple that main() can detect; adjust main() to append that
warning to the warnings list (rather than relying on or {}) and handle the
returned warning consistently; apply the same change to the duplicate
implementation around the other occurrence (lines ~254-258) so both JSON-loading
functions propagate parse warnings.

---

Nitpick comments:
In `@plugins/cwf/concepts/expert.md`:
- Around line 19-21: The links in expert.md use redundant ../concepts/ paths;
update the three link targets (contract, decision-point, agent-orchestration) to
reference the files directly within the same directory (replace
../concepts/contract.md, ../concepts/decision-point.md,
../concepts/agent-orchestration.md with contract.md, decision-point.md,
agent-orchestration.md) so the Markdown links are simplified and no longer
self-referential.

In `@plugins/cwf/concepts/provenance.md`:
- Around line 19-21: plugins/cwf/concepts/provenance.md에 있는 목록 항목들이 같은 디렉터리의 형제
파일임에도 불필요하게 "../concepts/"로 상위로 올라갔다가 다시 돌아오는 우회 경로를 사용하고 있으므로, 각 항목의 링크에서
"../concepts/" 접두사를 제거하고 단순히 "contract.md", "handoff.md",
"tier-classification.md"로 변경하여 명확한 상대 경로를 사용하도록 수정하세요.

In `@plugins/cwf/references/contract-governance.md`:
- Around line 38-40: 문서의 "Exclusions" 항목이 임시적이라고만 되어 있어 만료 기준(릴리스 기반 vs 날짜 기반)이
정의되지 않아 누적 위험이 있으니, 우선 정책을 명확히 정하고 문서와 레지스트리 스키마에 반영하세요: 1) 결정: 릴리스 기반(예: N 릴리스
후 자동 만료) 또는 날짜 기반(YYYY-MM-DD) 중 하나를 선택하고 명세화합니다; 2) 스키마 변경: registry.yaml에 신규 필드
'sunset'을 추가해 만료 기준(릴리스 태그 또는 만료일)을 명시하도록 하고 그 의미를
README/contract-governance.md의 "Exclusions" 문단에 기술하세요; 3) 검증/자동화: 레지스트리 로더나 CI
검증(예: registry validation job)에 'sunset' 필드 존재와 만료 여부를 검사해 만료 누락을 방지하도록 구현하세요.

In `@plugins/cwf/scripts/check-change-impact.sh`:
- Around line 135-136: The yq command currently suppresses stderr (yq -o=json
'.' "$CONTRACT_PATH" >"$CONTRACT_JSON_TMP" 2>/dev/null) which hides the
underlying parse error; change the invocation so you capture yq's stderr (e.g.,
into a variable or temp file) and pass that content to the fail function; update
the code paths that use CONTRACT_PATH and CONTRACT_JSON_TMP and the call site of
fail to include the captured yq error message (and fall back to the current
"invalid contract format" text if empty) so failures show the original yq error
for debugging.

In `@plugins/cwf/scripts/check-claim-test-mapping.sh`:
- Around line 25-42: Extract the duplicated helper functions fail, warn,
require_cmd, and cleanup into a shared shell library (e.g., lib.sh) and then
update each script that currently defines them (examples:
check-portability-contract, check-change-impact, check-hook-sync,
check-portability-fixtures, etc.) to source that library instead of redefining
the functions; ensure the shared lib exports the same function names and
behavior (including cleanup's CONTRACT_JSON_TMP check and require_cmd's
exit-on-missing behavior) and remove the duplicate definitions from each script
so they simply source the common lib at the top.

In `@plugins/cwf/scripts/check-concepts.sh`:
- Around line 386-398: The composite hook key format built into ACTIVE_HOOK_KEYS
via the jq pipeline (see ACTIVE_HOOK_KEYS, HOOKS_PATH and the jq expression
producing "event@@matcher@@command") is brittle; normalize and document it:
define a single constant separator (e.g. HOOK_KEY_SEP="@@") at the top of the
script, trim whitespace from event/matcher/command before joining, and update
the jq generation and any consumers (hook_bindings lookup) to use that constant
separator so registry.yaml must match the documented format; also add a short
comment near the top documenting the exact required composite key format so
maintainers know to use the same separator and whitespace rules.
- Around line 144-243: parse_registry() currently implements fragile manual YAML
parsing (expects exact 2/4-space indents, simple key: value lines,
lowercase-hyphen ids) and can silently skip unsupported constructs; update the
repo by (1) adding a clear top-of-file comment in
plugins/cwf/scripts/check-concepts.sh and/or a header in registry.yaml that
lists the exact supported subset (allowed indent levels, no multiline values, no
anchors/aliases, allowed character sets for concept IDs), and (2) modify
parse_registry() to detect unsupported patterns (e.g. multiline values,
unexpected indentation, presence of YAML anchors/& or aliases/*, or lines not
matching the explicit regexes) and fail loudly with a descriptive message
including $REGISTRY_PATH and the offending line or range so maintainers know to
fix the registry or use yq; reference function parse_registry, associative
arrays
CONCEPT_IDS/CONCEPT_DOC/CONCEPT_CHECKER/CONCEPT_TARGET_DOCS/CONCEPT_REQUIRED_LINKS,
and variable REGISTRY_PATH when adding the validation and error reporting.

In `@plugins/cwf/scripts/check-portability-contract.sh`:
- Around line 129-131: The yq call currently redirects stderr to /dev/null which
hides parsing errors; modify the check around the yq invocation (the command
using CONTRACT_PATH and outputting to CONTRACT_JSON_TMP) to capture yq's stderr
into a variable (or to a temporary file) and include that stderr content in the
fail call (the fail function invocation) when the command fails so diagnostics
(YAML syntax errors or yq runtime messages) are preserved for debugging.

In `@plugins/cwf/skills/refactor/scripts/codebase-quick-scan.py`:
- Around line 116-156: In load_contract_document, the yaml-unavailable branch
currently checks "parse_errors[0] if parse_errors else 'json parser
unavailable'", but parse_errors will always contain the JSON error when that
branch is reached; remove the unreachable else and directly use parse_errors[0]
(or otherwise assert/assume parse_errors is non-empty) so the returned message
uses the actual JSON parse error without the dead "json parser unavailable"
alternative.

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f2d5344 and 17b9c5c.

📒 Files selected for processing (75)

.claude-plugin/marketplace.json
.cwf/codebase-contract.yaml
.cwf/cwf-state.yaml
.cwf/projects/260221-01-retro-cwf-081-plus-postmortem/session-state.yaml
.cwf/projects/260224-01-concept-governance-yaml-unification/clarify-result.md
.cwf/projects/260224-01-concept-governance-yaml-unification/gather.md
.cwf/projects/260224-01-concept-governance-yaml-unification/initial-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/lessons.md
.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/refactor-summary.md
.cwf/projects/260224-01-concept-governance-yaml-unification/retro.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-architecture-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-architecture-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-correctness-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-correctness-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-alpha-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-alpha-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-beta-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-beta-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-security-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-security-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-ux-dx-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-ux-dx-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/run-ambiguity-decisions.md
.cwf/projects/260224-01-concept-governance-yaml-unification/run-stage-provenance.md
.cwf/projects/260224-01-concept-governance-yaml-unification/session-logs/260224-0912-f50765a9.codex.md
.cwf/projects/260224-01-concept-governance-yaml-unification/ship.md
.cwf/sessions/.sync-state/f50765a9.json
.cwf/sessions/260224-0912-f50765a9.codex.md
.cwf/setup-contract.yaml
AGENTS.md
README.ko.md
docs/plugin-dev-cheatsheet.md
plugins/cwf/.claude-plugin/plugin.json
plugins/cwf/concepts/README.md
plugins/cwf/concepts/agent-orchestration.md
plugins/cwf/concepts/checkers/check-agent-orchestration.sh
plugins/cwf/concepts/checkers/check-contract.sh
plugins/cwf/concepts/checkers/check-decision-point.sh
plugins/cwf/concepts/checkers/check-expert.sh
plugins/cwf/concepts/checkers/check-handoff.sh
plugins/cwf/concepts/checkers/check-provenance.sh
plugins/cwf/concepts/checkers/check-tier-classification.sh
plugins/cwf/concepts/checkers/lib.sh
plugins/cwf/concepts/contract.md
plugins/cwf/concepts/decision-point.md
plugins/cwf/concepts/expert.md
plugins/cwf/concepts/handoff.md
plugins/cwf/concepts/provenance.md
plugins/cwf/concepts/registry.yaml
plugins/cwf/concepts/tier-classification.md
plugins/cwf/contracts/authoring-contract.json
plugins/cwf/contracts/authoring-contract.yaml
plugins/cwf/contracts/change-impact.json
plugins/cwf/contracts/change-impact.yaml
plugins/cwf/contracts/claims.json
plugins/cwf/contracts/claims.yaml
plugins/cwf/contracts/portable-contract.yaml
plugins/cwf/references/contract-governance.md
plugins/cwf/scripts/check-change-impact.sh
plugins/cwf/scripts/check-claim-test-mapping.sh
plugins/cwf/scripts/check-concepts.sh
plugins/cwf/scripts/check-portability-contract.sh
plugins/cwf/skills/refactor/SKILL.md
plugins/cwf/skills/refactor/references/codebase-contract.md
plugins/cwf/skills/refactor/scripts/bootstrap-codebase-contract.sh
plugins/cwf/skills/refactor/scripts/check-codebase-contract-runtime.sh
plugins/cwf/skills/refactor/scripts/codebase-quick-scan.py
plugins/cwf/skills/refactor/scripts/codebase-quick-scan.sh
plugins/cwf/skills/refactor/scripts/select-codebase-experts.sh
plugins/cwf/skills/run/SKILL.md
plugins/cwf/skills/run/references/stage-operations.md
plugins/cwf/skills/setup/references/setup-contract.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.md

📄 CodeRabbit inference engine (CLAUDE.md)

In markdown documentation (SKILL.md, references, READMEs), always include a language specifier on code fences (e.g., bash, text, ```yaml). Never use bare code fences. Follow rules in .markdownlint.json

Files:

plugins/cwf/concepts/provenance.md
plugins/cwf/concepts/agent-orchestration.md
plugins/cwf/concepts/contract.md
plugins/cwf/concepts/tier-classification.md
plugins/cwf/concepts/README.md
README.ko.md
plugins/cwf/concepts/handoff.md
plugins/cwf/concepts/expert.md
plugins/cwf/references/contract-governance.md
plugins/cwf/skills/setup/references/setup-contract.md
plugins/cwf/skills/refactor/SKILL.md
AGENTS.md
docs/plugin-dev-cheatsheet.md
plugins/cwf/skills/run/SKILL.md
plugins/cwf/skills/run/references/stage-operations.md
plugins/cwf/skills/refactor/references/codebase-contract.md
plugins/cwf/concepts/decision-point.md

🧠 Learnings (4)

📚 Learning: 2026-02-08T04:27:16.448Z

Learnt from: CR
Repo: corca-ai/claude-plugins PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-08T04:27:16.448Z
Learning: After large multi-file changes, consider running parallel sub-agent reviews before committing, with each agent given a different review perspective plus session lessons/retro context

Applied to files:

.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-beta-plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/retro.md
.cwf/sessions/260224-0912-f50765a9.codex.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-beta-code.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-alpha-plan.md

📚 Learning: 2026-02-08T04:27:16.448Z

Learnt from: CR
Repo: corca-ai/claude-plugins PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-08T04:27:16.448Z
Learning: After implementing a plan: mark plan.md as done, update lessons.md with learnings, run /retro, use /plugin-deploy for plugin changes, then commit and run bash scripts/update-all.sh

Applied to files:

.cwf/sessions/260224-0912-f50765a9.codex.md
.cwf/projects/260224-01-concept-governance-yaml-unification/review-ux-dx-plan.md
.cwf/cwf-state.yaml

📚 Learning: 2026-02-08T04:27:16.448Z

Learnt from: CR
Repo: corca-ai/claude-plugins PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-08T04:27:16.448Z
Learning: When creating new tools, evaluate: marketplace plugin (plugins/, general-purpose) vs local skill (.claude/skills/, repo-specific). Prefer local skill unless the tool has cross-project utility

Applied to files:

plugins/cwf/concepts/registry.yaml

📚 Learning: 2026-02-08T04:27:16.448Z

Learnt from: CR
Repo: corca-ai/claude-plugins PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-08T04:27:16.448Z
Learning: For plugin changes, use /plugin-deploy skill to automate version checks, marketplace sync, README updates, and local testing

Applied to files:

plugins/cwf/skills/refactor/SKILL.md
plugins/cwf/skills/run/SKILL.md
plugins/cwf/skills/run/references/stage-operations.md

🧬 Code graph analysis (9)

plugins/cwf/concepts/checkers/check-handoff.sh (1)

plugins/cwf/concepts/checkers/lib.sh (1)

concept_check (11-69)

plugins/cwf/concepts/checkers/check-contract.sh (1)

plugins/cwf/concepts/checkers/lib.sh (1)

concept_check (11-69)

plugins/cwf/scripts/check-portability-contract.sh (4)

plugins/cwf/scripts/check-change-impact.sh (3)

require_cmd (33-35)

fail (28-31)

cleanup (37-41)

plugins/cwf/scripts/check-claim-test-mapping.sh (3)

require_cmd (34-36)

fail (25-28)

cleanup (38-42)

plugins/cwf/scripts/check-portability-fixtures.sh (3)

require_cmd (17-19)

fail (12-15)

cleanup (29-31)

plugins/cwf/scripts/check-hook-sync.sh (1)

fail (20-23)

plugins/cwf/concepts/checkers/check-expert.sh (1)

plugins/cwf/concepts/checkers/lib.sh (1)

concept_check (11-69)

plugins/cwf/concepts/checkers/check-provenance.sh (1)

plugins/cwf/concepts/checkers/lib.sh (1)

concept_check (11-69)

plugins/cwf/concepts/checkers/check-tier-classification.sh (1)

plugins/cwf/concepts/checkers/lib.sh (1)

concept_check (11-69)

plugins/cwf/concepts/checkers/check-agent-orchestration.sh (1)

plugins/cwf/concepts/checkers/lib.sh (1)

concept_check (11-69)

plugins/cwf/scripts/check-change-impact.sh (4)

plugins/cwf/scripts/check-portability-contract.sh (3)

require_cmd (38-40)

cleanup (42-46)

fail (29-32)

plugins/cwf/scripts/check-claim-test-mapping.sh (3)

require_cmd (34-36)

cleanup (38-42)

fail (25-28)

plugins/cwf/scripts/check-portability-fixtures.sh (3)

require_cmd (17-19)

cleanup (29-31)

fail (12-15)

plugins/cwf/scripts/check-hook-sync.sh (1)

fail (20-23)

plugins/cwf/scripts/check-claim-test-mapping.sh (4)

plugins/cwf/scripts/check-portability-contract.sh (3)

require_cmd (38-40)

cleanup (42-46)

fail (29-32)

plugins/cwf/scripts/check-change-impact.sh (3)

require_cmd (33-35)

cleanup (37-41)

fail (28-31)

plugins/cwf/scripts/check-portability-fixtures.sh (3)

require_cmd (17-19)

cleanup (29-31)

fail (12-15)

plugins/cwf/scripts/check-hook-sync.sh (1)

fail (20-23)

🪛 Ruff (0.15.2)

plugins/cwf/skills/refactor/scripts/codebase-quick-scan.py

[warning] 14-14: Do not catch blind exception: Exception

(BLE001)

[warning] 123-123: Do not catch blind exception: Exception

(BLE001)

[warning] 130-130: Do not catch blind exception: Exception

(BLE001)

[warning] 145-145: Do not catch blind exception: Exception

(BLE001)

🪛 YAMLlint (1.38.0)

plugins/cwf/concepts/registry.yaml

[error] 8-8: syntax error: expected , but found ''

(syntax)

🔇 Additional comments (64)

docs/plugin-dev-cheatsheet.md (1)

261-261: 변경 내용 적절합니다.

YAML 전환에 맞춰 계약 파일 경로가 명확히 업데이트되어 있어 문서 일관성이 좋아졌습니다.

plugins/cwf/skills/refactor/scripts/codebase-quick-scan.sh (2)

28-28: 도움말 기본 경로 갱신 확인 완료.
YAML 기본 경로로의 문구 갱신이 변경 의도와 일치합니다.

103-103: 기본 계약 경로 YAML 전환 적절합니다.
기본 파일명이 YAML로 통일되어 이후 계약 로딩 흐름과 정합성이 좋아집니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-alpha-plan.md (1)

1-12: 문서 구성과 메시지가 명확합니다.

계획 문서로서 필요한 섹션과 결론이 일관되게 정리되어 있습니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-alpha-code.md (1)

1-12: 코드 리뷰 아티팩트로서 충분히 명료합니다.

핵심 인사이트와 결론이 간결하게 정리되어 있습니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-beta-code.md (1)

1-12: 베타 코드 리뷰 문서가 목적에 맞게 정리되어 있습니다.

커밋 분할과 검증 중심 메시지가 명확합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-expert-beta-plan.md (1)

1-12: 플랜 문서 내용이 명확하고 일관됩니다.

단계적 검증과 작은 경계 원칙이 잘 드러납니다.

plugins/cwf/skills/refactor/SKILL.md (1)

177-177: 변경 내용 확인 완료 (YAML 기본 경로 명시).
문서 업데이트로만 보이며 일관성 있습니다.

plugins/cwf/.claude-plugin/plugin.json (1)

4-4: 버전 업데이트 확인 완료.
메타데이터 변경만으로 보이며 문제 없습니다.

plugins/cwf/skills/refactor/references/codebase-contract.md (1)

15-15: YAML 전환 문서화 변경 확인 완료.
용어 및 기본 경로가 일관되게 정리되었습니다.

Also applies to: 54-54

.cwf/projects/260224-01-concept-governance-yaml-unification/review-security-code.md (1)

1-10: 보안 리뷰 산출물 추가 확인 완료.
형식과 내용 모두 일관적입니다.

.claude-plugin/marketplace.json (1)

15-15: 버전 업데이트 확인 완료.
마켓플레이스 메타데이터 변경만으로 보입니다.

plugins/cwf/skills/setup/references/setup-contract.md (1)

60-61: YAML 참조 전환 문서화 확인 완료.
설명과 링크가 일관됩니다.

Also applies to: 74-74

.cwf/projects/260224-01-concept-governance-yaml-unification/review-correctness-code.md (1)

1-11: 정확성 리뷰 산출물 추가 확인 완료.
형식과 내용이 명확합니다.

AGENTS.md (1)

65-67: 문서 맵 항목 추가가 명확합니다.
새 레퍼런스 항목이 문서 맵에 일관되게 반영되어 탐색성이 좋아졌습니다.

plugins/cwf/concepts/decision-point.md (1)

1-26: 구조와 범위 정의가 깔끔합니다.
섹션 구성(Definition/Ownership/Rules/Related/Examples)이 명확해 개념 거버넌스에 잘 맞습니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/refactor-summary.md (1)

3-23: 리팩터 범위/검증 요약이 명료합니다.
스코프와 검증 결과가 간결하게 정리되어 추적성이 좋습니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/lessons.md (1)

1-40: 레슨과 게이트 위반 로그가 잘 정리되었습니다.
운영 가이드로 바로 활용 가능한 수준의 요약입니다.

.cwf/setup-contract.yaml (1)

1-96: 설정 계약 구조가 명확합니다.
도구별 근거/설치 힌트/증거가 포함되어 운영 추적성에 도움이 됩니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/clarify-result.md (1)

1-44: 요구사항 정리가 실행 기준으로 충분히 구체적입니다.
스코프/제약/성공 기준과 의사결정 표가 명확합니다.

README.ko.md (1)

173-173: LGTM — codebase-contract.yaml로의 파일명 업데이트가 올바르게 반영됨

PR 전반의 JSON→YAML 마이그레이션과 일치합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-security-plan.md (1)

1-11: LGTM — 세션 아티팩트로서 내용이 적절하게 기록됨

.cwf/projects/260224-01-concept-governance-yaml-unification/run-ambiguity-decisions.md (1)

1-8: LGTM — CWF 세션 아티팩트 형식에 부합함

.cwf/projects/260224-01-concept-governance-yaml-unification/review-ux-dx-code.md (1)

1-10: LGTM — 세션 아티팩트로서 내용이 적절하게 기록됨

.cwf/projects/260224-01-concept-governance-yaml-unification/review-architecture-code.md (1)

1-11: LGTM

프로세스 아티팩트로서 내용이 PR 변경사항과 일치하며 구조도 올바릅니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-architecture-plan.md (1)

1-11: LGTM

아키텍처 방향성(concepts → bindings → deterministic gate → YAML contracts → expert split)에 대한 Pass 판정이 PR의 설계 의도와 일치합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/retro.md (1)

14-14: ship 전 완료 조건 충족 여부 확인 필요

"Decide exclusion sunset policy before ship"이 Follow-up으로 열려 있습니다. review-correctness-plan.md의 Conditional Pass 조건과 동일한 항목으로, 이 PR이 main에 머지되기 전에 이 정책이 결정되어 있어야 합니다.

plugins/cwf/contracts/portable-contract.yaml (1)

1-14: LGTM

YAML 구조가 올바르고, portable 계약의 두 게이트(setup_contract_runtime, portability_fixtures)가 authoring-contract.json의 대응 항목과 일관성을 유지합니다. baseline/authoring 레이어 분리도 명확합니다.

plugins/cwf/concepts/checkers/check-decision-point.sh (1)

8-15: 문서 경로가 CWD 기준 상대 경로로 처리됨 - 리포지토리 루트에서만 실행 가능

Line 11의 "plugins/cwf/concepts/decision-point.md"는 리포지토리 루트에서만 올바르게 작동합니다. lib.sh의 concept_check 함수는 경로를 수정하거나 재해석하지 않으며, 전달받은 경로를 현재 작업 디렉토리(CWD) 기준으로 그대로 검사합니다([[ ! -f "$doc_path" ]]). 따라서 plugins/cwf/concepts/checkers/ 디렉토리에서 스크립트를 실행하면 파일 검사가 실패합니다.

모든 형제 체커(check-contract.sh, check-expert.sh 등)도 동일한 패턴을 사용하고 있으므로, 이 설계는 CI/빌드 파이프라인에서 항상 리포지토리 루트에서 실행한다는 암묵적 가정에 기반합니다. 개발자가 개별 검증 스크립트를 로컬에서 직접 실행하려면 이 제약을 인식해야 합니다.

plugins/cwf/concepts/checkers/check-tier-classification.sh (1)

1-15: 표준 concept_check 패턴을 잘 따릅니다.
strict 모드 설정과 공통 lib 호출, 필수 헤더 지정이 목적에 맞게 구성되어 있습니다.

plugins/cwf/concepts/tier-classification.md (1)

1-26: 체커 요구 섹션 구성이 충족되어 있습니다.
Definition/Ownership/Operational/Related/Examples 모두 포함되어 구조가 일관됩니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-ux-dx-plan.md (1)

1-11: 간결하고 목적에 맞는 계획 문서입니다.
판정/노트 구성도 명확합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-plan.md (1)

1-33: 리뷰 합성 문서의 구조와 정보가 명확합니다.
검증 기준과 우려/제안이 분리되어 있어 추적성이 좋습니다.

plugins/cwf/concepts/handoff.md (1)

1-26: 필수 섹션 구성이 잘 갖춰졌습니다.
개념 정의와 운영 규칙이 분명합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/ship.md (1)

1-12: ship 단계 상태 요약이 명확합니다.
다음 단계 안내까지 포함되어 흐름이 깔끔합니다.

plugins/cwf/contracts/claims.json (1)

90-129: YAML 계약 파일로의 참조 전환이 일관됩니다.
마이그레이션 방향과 잘 맞습니다.

plugins/cwf/concepts/checkers/check-provenance.sh (1)

1-15: 공통 체커 호출 패턴에 맞게 잘 구성되었습니다.
필수 헤더 지정도 문서와 일치합니다.

plugins/cwf/skills/refactor/scripts/bootstrap-codebase-contract.sh (2)

10-33: 기본 계약 경로 변경 반영 OK
기본 경로와 사용법 문구가 codebase-contract.yaml로 일관되게 정리되어 있습니다.

Also applies to: 315-316

117-275: YAML 계약 템플릿 출력 구성 OK
YAML 구조와 정책 항목 구성이 명확하고 일관됩니다.

plugins/cwf/concepts/checkers/check-handoff.sh (1)

1-15: 컨셉 체크 스크립트 패턴 일관성 OK
공유 lib 사용과 concept_check 인자 구성이 기존 패턴과 일치합니다.

plugins/cwf/concepts/checkers/check-expert.sh (1)

1-15: 컨셉 체크 스크립트 패턴 일관성 OK
공유 lib 사용과 concept_check 인자 구성이 기존 패턴과 일치합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/gather.md (1)

1-90: 문서 구조와 요약 정합성 OK
현 상태/갭/결정 후보가 명확히 정리되어 있어 추적에 유리합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/initial-plan.md (1)

1-199: 계획서의 범위/리스크/성공기준 정리 OK
목표 아키텍처와 단계별 실행 계획이 명확하게 구조화되어 있습니다.

plugins/cwf/concepts/README.md (1)

1-29: 개념 거버넌스 안내 문서 구성 OK
레지스트리/체커/문서 구조와 실행 엔트리포인트가 명확합니다.

plugins/cwf/concepts/checkers/check-agent-orchestration.sh (1)

1-15: LGTM!

check-contract.sh와 동일한 구조를 따르며, 타이틀(# Agent Orchestration)과 필수 섹션 헤더 모두 agent-orchestration.md와 일치합니다.

plugins/cwf/contracts/claims.yaml (1)

1-82: LGTM!

클레임 구조(id, audience, assertion, source_refs, tests)가 전체적으로 일관되며, path와 command의 분리 및 --suite/--contract 플래그 변형 테스트 모두 의도에 맞게 작성되었습니다.

plugins/cwf/concepts/contract.md (1)

1-26: LGTM!

check-contract.sh가 요구하는 모든 필수 섹션(## Definition, ## Ownership Boundaries, ## Operational Rules, ## Related Concepts)과 권장 섹션(## Examples)이 모두 포함되어 있으며, 관련 개념 링크 경로도 유효합니다.

plugins/cwf/concepts/agent-orchestration.md (1)

1-27: LGTM!

모든 필수 및 권장 섹션이 포함되어 있으며, check-agent-orchestration.sh 체커의 유효성 검사를 통과합니다.

plugins/cwf/contracts/change-impact.yaml (1)

1-54: LGTM!

6개 규칙 모두 일관된 스키마(when_changed → require_any/all_changed → message)를 따르며, sot_or_policy_doc_change_requires_claim_sync 규칙에서 change-impact.yaml 자체를 require_any_changed에 포함시킨 것도 의도된 설계(동기화 증거로 이 파일 자체 갱신 허용)로 적절합니다.

plugins/cwf/concepts/checkers/check-contract.sh (1)

11-11: CWD 기준 상대 경로 사용은 안전함 — check-concepts.sh가 이미 레포 루트로 변경

lib.sh의 경로 확인이 CWD 기준이므로 "plugins/cwf/concepts/contract.md"의 해석은 호출 시점의 CWD에 의존합니다. 그러나 check-concepts.sh 56-57줄에서 cd "$REPO_ROOT"를 통해 스크립트 실행 전 레포 루트로 명시적으로 변경하므로, 모든 체커는 레포 루트에서 실행됩니다. 따라서 상대 경로 처리는 올바르고 안전합니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md (2)

1-200: 계획 문서 구조와 내용이 잘 정리되어 있습니다.

마이그레이션 단계, 검증 계획, 의사결정 로그가 명확하게 문서화되어 있어 향후 유지보수에 도움이 됩니다.

167-167: Decision #5 (exclusion sunset policy)가 여전히 open 상태입니다.

PR 목표에서도 follow-up으로 언급되어 있으나, ship stage 전에 결정해야 한다고 Line 198의 deferred action에 명시되어 있습니다. 이 PR이 ship closure를 목표로 하고 있으므로, 이 결정이 의도적으로 다음 iteration으로 연기된 것인지 확인이 필요합니다.

plugins/cwf/contracts/change-impact.json (1)

48-49: YAML 참조 경로 업데이트가 일관성 있게 적용되었습니다.

모든 계약 참조가 .json에서 .yaml로 일관되게 변경되었습니다. plan.md의 Decommission 목록(Line 101)에 이 파일(change-impact.json) 자체도 포함되어 있으므로, 향후 JSON 제거 시 이 파일도 함께 처리되어야 합니다.

Also applies to: 57-58, 62-62, 76-76

plugins/cwf/scripts/check-claim-test-mapping.sh (1)

75-80: YAML→JSON 임시 변환 패턴이 적절하게 구현되었습니다.

mktemp → trap cleanup EXIT → yq -o=json 변환 순서가 올바르며, 기존 jq 기반 검증 로직을 재사용할 수 있게 합니다. check-portability-contract.sh 및 check-change-impact.sh와 동일한 패턴입니다.

plugins/cwf/skills/refactor/scripts/codebase-quick-scan.py (2)

12-15: 선택적 의존성 임포트 가드가 적절합니다.

Ruff BLE001 경고(except Exception)가 발생하지만, 런타임에서 PyYAML이 없을 수 있는 환경을 고려한 선택적 임포트이므로 현재 패턴이 적합합니다.

163-168: 계약 로딩 통합이 깔끔하게 적용되었습니다.

기존의 인라인 파일 확인 + JSON 로딩 로직이 load_contract_document 함수 호출로 대체되어 가독성과 유지보수성이 향상되었습니다.

plugins/cwf/skills/refactor/scripts/check-codebase-contract-runtime.sh (2)

47-139: 내장 Python 검증이 포괄적이고 스키마 커버리지가 충분합니다.

JSON→YAML 폴백 파싱과 상세한 필드별 타입 검증이 잘 구현되었습니다. deep_review, reporting 등 모든 주요 섹션을 검증합니다.

141-158: Git 저장소 초기화 없음은 의도된 설계입니다.

codebase-quick-scan.sh는 git 저장소가 아닌 디렉토리에서도 동작하도록 명시적으로 설계되었습니다. 라인 115-119에서 git 명령어를 조건부로 실행하고 (>/dev/null 2>&1로 에러를 억제), 실패하면 라인 121-123에서 find 명령어로 자동 폴백됩니다. Python 스크립트는 받은 source_mode 값에 따라 (라인 177) 두 경우를 모두 올바르게 처리합니다. 테스트에서 scan_repo를 git이 아닌 일반 디렉토리로 전달하는 것은 예상된 사용법이며, 안전합니다.

Likely an incorrect or invalid review comment.

.cwf/codebase-contract.yaml (1)

1-157: YAML 기반 코드베이스 계약 설정이 잘 구성되었습니다.

스코프, 체크 임계값, 셸 엄격 모드 예외 처리, deep review 전문가 구성 등이 체계적으로 정의되어 있으며, codebase-quick-scan.py의 기본값 및 check-codebase-contract-runtime.sh의 검증 스키마와 일치합니다.

plugins/cwf/scripts/check-concepts.sh (1)

482-500: 메인 실행 흐름과 종료 로직이 올바르게 구현되었습니다.

개념 정의 검증 → 스킬 커버리지 → 훅 커버리지 → 체커 실행 순서가 적절하며, --strict 모드에서 경고를 실패로 처리하는 로직도 정확합니다.

plugins/cwf/scripts/check-change-impact.sh (1)

9-11: YAML→JSON 임시 변환 패턴이 다른 스크립트와 일관되게 적용되었습니다.

check-claim-test-mapping.sh 및 check-portability-contract.sh와 동일한 패턴(mktemp → trap cleanup EXIT → yq -o=json)이 적용되어 있으며, 기존 jq 검증 로직이 그대로 유지됩니다.

Also applies to: 37-41, 119-119, 132-137

plugins/cwf/contracts/authoring-contract.yaml (1)

1-72: LGTM — 구조 및 맥락 배분이 일관됩니다.

훅 컨텍스트 포함 여부의 기준(저비용·시간민감 체크 vs. 의미적·무거운 체크)이 명확하게 구분되어 있습니다.

.cwf/sessions/260224-0912-f50765a9.codex.md (1)

1-238: LGTM — CWF 세션 추적 아티팩트로 정상입니다.

.cwf/cwf-state.yaml (1)

513-518: 신규 세션 항목 LGTM

S260224-01 항목이 올바르게 추가되었습니다. branch: "main"은 PR 목표에서 설명된 기반 브랜치 시작 정책과 일치합니다.

coderabbitai · 2026-02-24T01:56:42Z

+  worktree_root: "/home/hwidong/codes/claude-plugins"
+  worktree_branch: "feat/260224-concept-governance-plan"


⚠️ Potential issue | 🟡 Minor

머신별 절대 경로가 저장소에 커밋됩니다

worktree_root: "/home/hwidong/codes/claude-plugins" 은 특정 개발자 환경의 절대 경로입니다. phase: "done" 상태이므로 다음 세션의 cwf:run 실행 시 덮어쓰이겠지만, 현재 커밋에는 개발 환경 정보가 노출되어 있습니다.

CWF 도구가 세션 종료 후 이 필드를 자동으로 비우거나 상대 경로로 기록하는 정책을 추가하는 것을 권장합니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.cwf/cwf-state.yaml around lines 571 - 572, The committed .cwf/cwf-state.yaml contains a machine-specific absolute path in the worktree_root field; update the code that persists CWF state so it never writes developer absolute paths: when saving state (the routine that writes worktree_root/worktree_branch/phase), convert worktree_root to a relative path or an empty string for phase == "done", or clear worktree_root at session end; ensure the writer uses a relative resolution (or omits worktree_root) before committing and add a safe-guard to cwf:run persistence to prevent storing user-specific absolute paths.

coderabbitai · 2026-02-24T01:56:42Z

+  worktree_root: "/home/hwidong/codes/claude-plugins"
+  worktree_branch: "feat/260224-concept-governance-plan"


⚠️ Potential issue | 🟡 Minor

개발자 로컬 절대 경로 및 사용자명이 레포에 커밋됩니다.

worktree_root에 /home/hwidong/codes/claude-plugins가 하드코딩되어 있습니다. 이는 두 가지 문제를 야기합니다:

개인정보(PII) 노출: 개발자 사용자명 hwidong이 Git 히스토리에 영구적으로 기록됩니다.

이식성 손상: 다른 기여자 환경에서 CWF 툴링이 이 경로를 읽어 사용하는 경우 실패합니다.

향후 세션 상태 파일에서는 worktree_root를 빈 문자열("")이나 레포 루트 기준 상대 경로(.)로 초기화하고, 툴이 런타임에 실제 경로를 결정하도록 하는 방안을 고려하세요.

🔧 제안 수정

- worktree_root: "/home/hwidong/codes/claude-plugins" - worktree_branch: "feat/260224-concept-governance-plan" + worktree_root: "" + worktree_branch: ""

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

worktree_root: "/home/hwidong/codes/claude-plugins"

worktree_branch: "feat/260224-concept-governance-plan"

worktree_root: ""

worktree_branch: ""

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.cwf/projects/260221-01-retro-cwf-081-plus-postmortem/session-state.yaml around lines 20 - 21, The session-state.yaml contains a hardcoded local absolute path in the worktree_root key which leaks a username and breaks portability; update the worktree_root value in session-state.yaml (key: worktree_root) to an empty string "" or a repository-relative value "." and ensure any code that reads worktree_root (CWF tooling that references worktree_root) falls back to computing the actual worktree at runtime (e.g., resolve to process/OS cwd or repo root) when the value is empty or "." so no developer-specific absolute paths are committed.

coderabbitai · 2026-02-24T01:56:42Z

+### Confidence Note
+- Validation set executed: concept gate (strict), portability contract gate, change-impact (working), claim mapping, codebase-contract runtime, schema checks.
+- All passed.
+- session_log_present: false
+- session_log_lines: 0
+- session_log_turns: 0
+- session_log_last_turn: none
+- session_log_cross_check: WARN
+


⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # 세션 로그 디렉토리 및 파일 확인 echo "=== Checking session-logs directory ===" ls -la .cwf/projects/260224-01-concept-governance-yaml-unification/session-logs 2>/dev/null || echo "Directory not found" echo -e "\n=== Checking for session log files ===" find .cwf/projects/260224-01-concept-governance-yaml-unification -name "*session*" -o -name "*log*" 2>/dev/null | head -20 echo -e "\n=== Checking review-synthesis-code.md content ===" cat -n .cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-code.md 2>/dev/null | head -40

Repository: corca-ai/claude-plugins

Length of output: 2200

세션 로그 존재 상태 불일치 수정 필요

세션 로그 디렉토리에 실제 세션 로그 파일(260224-0912-f50765a9.codex.md)이 존재하는데, 문서화된 값이 불일치합니다. session_log_present: false를 실제 상태에 맞춰 true로 갱신하고, session_log_lines 값도 실제 세션 로그 라인 수에 맞게 업데이트해 주세요. 현재 session_log_cross_check: WARN 상태는 이 불일치를 올바르게 감지하고 있습니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-code.md around lines 19 - 27, 문서의 상태 값이 실제 세션 로그와 일치하지 않습니다: 업데이트할 키는 session_log_present, session_log_lines(및 필요한 경우 session_log_turns/session_log_last_turn)입니다; session_log_present를 true로 바꾸고 실제 로그 파일(260224-0912-f50765a9.codex.md)의 라인 수로 session_log_lines 값을 갱신하며 session_log_turns와 session_log_last_turn도 실제 값으로 맞춰 session_log_cross_check 경고가 해소되도록 수정하세요.

coderabbitai · 2026-02-24T01:56:42Z

+| gather | cwf:gather | --local concept-governance-yaml-unification | 2026-02-24T00:19:08Z | 2026-02-24T00:21:08Z | 120 | .cwf/projects/260224-01-concept-governance-yaml-unification/gather.md | Proceed (user directive) |
+| clarify | cwf:clarify | --light | 2026-02-24T00:21:17Z | 2026-02-24T00:22:17Z | 60 | .cwf/projects/260224-01-concept-governance-yaml-unification/clarify-result.md | Proceed (user directive) |
+| plan | cwf:plan | from clarify baseline | 2026-02-24T00:21:12Z | 2026-02-24T00:23:12Z | 120 | .cwf/projects/260224-01-concept-governance-yaml-unification/plan.md,.cwf/projects/260224-01-concept-governance-yaml-unification/lessons.md | Proceed (user directive) |
+| review-plan | cwf:review | --mode plan | 2026-02-24T00:22:43Z | 2026-02-24T00:23:43Z | 60 | .cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-plan.md | Conditional Pass |
+| impl | cwf:impl | --skip-clarify | 2026-02-24T00:10:26Z | 2026-02-24T00:35:26Z | 1500 | commits:d3643fe,b1e8a08,8f0f334,edd7504 | completed |
+| review-code | cwf:review | --mode code | 2026-02-24T00:30:56Z | 2026-02-24T00:36:56Z | 360 | .cwf/projects/260224-01-concept-governance-yaml-unification/review-synthesis-code.md | Pass |
+| refactor | cwf:refactor | default | 2026-02-24T00:35:20Z | 2026-02-24T00:37:20Z | 120 | .cwf/projects/260224-01-concept-governance-yaml-unification/refactor-summary.md | completed |
+| retro | cwf:retro | --from-run | 2026-02-24T00:36:38Z | 2026-02-24T00:37:38Z | 60 | .cwf/projects/260224-01-concept-governance-yaml-unification/retro.md | completed |
+| ship | cwf:ship | default | 2026-02-24T00:37:36Z | 2026-02-24T00:38:36Z | 60 | .cwf/projects/260224-01-concept-governance-yaml-unification/ship.md | completed |


⚠️ Potential issue | 🟡 Minor

단계 시간 순서가 불일치합니다.
impl 시작 시간이 gather보다 빠르고, plan 시작이 clarify 시작보다 이른 것으로 기록되어 있어 실행 순서와 맞지 않습니다. 프로비넌스는 감사/게이트 근거이므로 실제 실행 순서에 맞게 타임스탬프를 수정하거나 행 순서를 재정렬해 주세요.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In @.cwf/projects/260224-01-concept-governance-yaml-unification/run-stage-provenance.md around lines 4 - 12, The provenance rows list has chronological inconsistencies: the "impl" row shows a start time earlier than "gather" and the "plan" row starts before "clarify"; update the entries so recorded timestamps match actual execution order or reorder the table rows to reflect real run sequence. Locate the rows identified by the step names ("gather", "clarify", "plan", "impl") and either adjust their start/end timestamps to the true times or move the rows so the table is in ascending timestamp order, ensuring the provenance reflects the actual execution chronology for audit/gating purposes.

coderabbitai · 2026-02-24T01:56:42Z

+strip_quotes() {
+  local value
+  value="$(trim "$1")"
+  if [[ "$value" == \"*\" && "$value" == *\" ]]; then
+    value="${value:1:${#value}-2}"
+  fi
+  printf '%s' "$value"
+}


⚠️ Potential issue | 🟡 Minor

strip_quotes에서 불완전한 따옴표 처리 가능성이 있습니다.

Line 111의 조건 [[ "$value" == \"*\" && "$value" == *\" ]]는 시작과 끝이 모두 "인 경우만 처리합니다. 작은따옴표('...')로 감싸진 YAML 값은 따옴표가 제거되지 않습니다. registry.yaml에서 작은따옴표를 사용할 경우 바인딩 키 매칭이 실패할 수 있습니다.

🔧 작은따옴표 처리 추가 제안

strip_quotes() { local value value="$(trim "$1")" if [[ "$value" == \"*\" && "$value" == *\" ]]; then value="${value:1:${`#value`}-2}" + elif [[ "$value" == \'*\' && "$value" == *\' ]]; then + value="${value:1:${`#value`}-2}" fi printf '%s' "$value" }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@plugins/cwf/scripts/check-concepts.sh` around lines 108 - 115, The strip_quotes function currently only removes surrounding double quotes; update it to also handle surrounding single quotes by detecting if the trimmed value begins and ends with either " or ' and then stripping the first and last character accordingly (preserve empty-string behavior and other whitespace already handled by trim). Modify the condition in strip_quotes (and the subsequent substring removal logic) so it checks for both quote types (e.g., test first and last character for "'" or '"') and removes those outer quotes rather than only double quotes, keeping the rest of the function (trim call and printf) intact.

coderabbitai · 2026-02-24T01:56:42Z

+if [[ "{stage}" == "ship" ]]; then
+  current_branch=$(git branch --show-current)
+  if [[ "$current_branch" != "$resolved_base_branch" ]]; then
+    Skill(skill="cwf:ship", args="issue")
+    Skill(skill="cwf:ship", args="pr")
+  else
+    Skill(skill="cwf:ship", args="")
+  fi
+else
+  Skill(skill="{skill-name}", args="{args if any}")
+fi


⚠️ Potential issue | 🟡 Minor

$resolved_base_branch 변수 출처가 문서화되지 않음

$resolved_base_branch가 이 코드 블록 내에서 참조되지만, 이 파일 어디에도 해당 변수가 어디서 설정되는지 정의되어 있지 않습니다. 파이프라인 초기화 단계에서 설정되는 값이라면, 출처(예: cwf-state.yaml 조회, git remote 해석 로직 등)를 주석이나 본문에 명시해야 합니다. 그렇지 않으면 이 문서를 따르는 에이전트가 변수를 정의하지 않은 채 실행할 위험이 있습니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@plugins/cwf/skills/run/references/stage-operations.md` around lines 97 - 107, The script references $resolved_base_branch but never documents or sets it; update the file to either compute or validate that variable before use (e.g., derive from cwf-state.yaml, a pipeline init step, or resolve via git commands) and add a clear inline comment describing its source, or add a fallback resolution/guard that sets $resolved_base_branch when absent; reference the variable name $resolved_base_branch and the conditional that calls Skill(skill="cwf:ship", ...) so reviewers/agents can find where to add the documentation or the default-resolution logic.

coderabbitai · 2026-02-24T01:56:42Z

+    Skill(skill="cwf:ship", args="issue")
+    Skill(skill="cwf:ship", args="pr")
+  else
+    Skill(skill="cwf:ship", args="")


⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -name "stage-operations.md" -type f

Repository: corca-ai/claude-plugins

Length of output: 122

🏁 Script executed:

cat -n plugins/cwf/skills/run/references/stage-operations.md | sed -n '95,120p'

Repository: corca-ai/claude-plugins

Length of output: 1285

🏁 Script executed:

find . -path "*cwf*" -name "SKILL.md" | grep -E "ship|SKILL"

Repository: corca-ai/claude-plugins

Length of output: 538

🏁 Script executed:

cat -n ./plugins/cwf/skills/ship/SKILL.md | head -200

Repository: corca-ai/claude-plugins

Length of output: 10347

🏁 Script executed:

cat -n ./plugins/cwf/skills/ship/SKILL.md | sed -n '12,21p'

Repository: corca-ai/claude-plugins

Length of output: 533

args="" 호출이 정책과 일치하지 않음

Lines 113–115의 정책은 resolved base 브랜치인 경우 "상태를 보고하며 사용자 결정을 요청"해야 한다고 규정합니다. 그러나 ship/SKILL.md 20줄에 따르면, 빈 args는 사용 가능한 명령어 목록만 출력하고 종료합니다. 실제 상태 보고(open issues, PRs, checks)는 이루어지지 않습니다. 정책 의도를 구현하려면 args="status"로 변경해야 합니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@plugins/cwf/skills/run/references/stage-operations.md` around lines 100 - 103, The Skill invocation using Skill(skill="cwf:ship", args="") does not implement the policy-required status report for a resolved base branch; update that call to use Skill(skill="cwf:ship", args="status") so the ship skill performs the actual status reporting (open issues, PRs, checks) and requests user decision rather than only printing available commands.

coderabbitai · 2026-02-24T01:56:42Z

+1. Resolve base branch (for branch/ship policy):
+
+   ```bash
+   resolved_base_branch="$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's|refs/remotes/origin/||')"
+   if [[ -z "$resolved_base_branch" ]]; then
+     if git show-ref --verify --quiet refs/heads/main; then
+       resolved_base_branch="main"
+     elif git show-ref --verify --quiet refs/heads/master; then
+       resolved_base_branch="master"
+     else
+       echo "WAIT_INPUT: base branch could not be resolved (tried origin/HEAD, main, master)."
+       exit 1
+     fi
+   fi


⚠️ Potential issue | 🟡 Minor

origin/HEAD 미설정 시 원격 main/master도 확인하세요.
현재 로직은 origin/HEAD가 없고 로컬 main/master도 없으면 바로 WAIT_INPUT로 중단됩니다. 원격 브랜치가 존재하는 경우를 고려해 refs/remotes/origin/main|master를 먼저 확인하는 fallback을 추가하는 게 안전합니다.

🔧 제안 수정안

resolved_base_branch="$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's|refs/remotes/origin/||')" if [[ -z "$resolved_base_branch" ]]; then - if git show-ref --verify --quiet refs/heads/main; then + if git show-ref --verify --quiet refs/remotes/origin/main; then + resolved_base_branch="main" + elif git show-ref --verify --quiet refs/remotes/origin/master; then + resolved_base_branch="master" + elif git show-ref --verify --quiet refs/heads/main; then resolved_base_branch="main" elif git show-ref --verify --quiet refs/heads/master; then resolved_base_branch="master" else echo "WAIT_INPUT: base branch could not be resolved (tried origin/HEAD, main, master)." exit 1 fi fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@plugins/cwf/skills/run/SKILL.md` around lines 85 - 98, The current resolved_base_branch logic stops with WAIT_INPUT if origin/HEAD and local main/master are missing; modify the fallback to first check remote branches refs/remotes/origin/main and refs/remotes/origin/master (using git show-ref --verify --quiet) and set resolved_base_branch to "main" or "master" when found, before falling back to checking local refs (refs/heads/main, refs/heads/master); keep the existing WAIT_INPUT exit only if neither remote nor local branches are found, and update the conditional flow around the resolved_base_branch variable and the git show-ref checks accordingly.

…egate

…cisions

coderabbitai

♻️ Duplicate comments (2)

plugins/cwf/scripts/check-concepts.sh (1)

130-137: strip_quotes에서 작은따옴표(') 처리가 누락되어 있습니다.

현재 큰따옴표(")만 제거하며, registry.yaml의 required_links 수정 시 작은따옴표를 사용하면 바인딩 키 매칭이 실패할 수 있습니다.

♻️ 수정 제안

 strip_quotes() {
   local value
   value="$(trim "$1")"
   if [[ "$value" == \"*\" && "$value" == *\" ]]; then
     value="${value:1:${`#value`}-2}"
+  elif [[ "$value" == \'*\' && "$value" == *\' ]]; then
+    value="${value:1:${`#value`}-2}"
   fi
   printf '%s' "$value"
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-concepts.sh` around lines 130 - 137, The
strip_quotes function currently only strips surrounding double quotes; update it
so strip_quotes also removes surrounding single quotes by detecting if the
trimmed value starts and ends with matching single quotes (') as well as double
quotes (") and then removing the first and last character accordingly; adjust
the condition in strip_quotes to check for both quote types and apply the same
substring logic so registry.yaml required_links using single quotes will match
correctly.

plugins/cwf/concepts/registry.yaml (1)

12-42: ⚠️ Potential issue | 🔴 Critical

required_links 값이 YAML 구문 오류를 유발합니다 — 모든 항목에 따옴표 필요

Lines 12, 17, 22, 27, 32, 37, 42의 required_links 값이 [로 시작하여 YAML 파서가 이를 플로우 시퀀스로 해석합니다. 이로 인해 파일 전체가 파싱 실패하며, 개념 거버넌스 게이트가 작동하지 않습니다.

check-concepts.sh는 자체 라인 파서(parse_registry)를 사용하여 이 파일을 읽기 때문에 실제 런타임에서는 동작할 수 있지만, 표준 YAML 도구(yq, yamllint, IDE 등)에서는 즉시 오류가 발생합니다. YAML 파일로서의 무결성을 보장하려면 모든 required_links 값을 따옴표로 감싸야 합니다.

🐛 수정 제안

   expert:
     doc: plugins/cwf/concepts/expert.md
     checker: plugins/cwf/concepts/checkers/check-expert.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [expert](../concepts/expert.md)
+    required_links: "[expert](../concepts/expert.md)"
   contract:
     doc: plugins/cwf/concepts/contract.md
     checker: plugins/cwf/concepts/checkers/check-contract.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [contract](../concepts/contract.md)
+    required_links: "[contract](../concepts/contract.md)"
   decision-point:
     doc: plugins/cwf/concepts/decision-point.md
     checker: plugins/cwf/concepts/checkers/check-decision-point.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [decision-point](../concepts/decision-point.md)
+    required_links: "[decision-point](../concepts/decision-point.md)"
   tier-classification:
     doc: plugins/cwf/concepts/tier-classification.md
     checker: plugins/cwf/concepts/checkers/check-tier-classification.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [tier-classification](../concepts/tier-classification.md)
+    required_links: "[tier-classification](../concepts/tier-classification.md)"
   agent-orchestration:
     doc: plugins/cwf/concepts/agent-orchestration.md
     checker: plugins/cwf/concepts/checkers/check-agent-orchestration.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [agent-orchestration](../concepts/agent-orchestration.md)
+    required_links: "[agent-orchestration](../concepts/agent-orchestration.md)"
   handoff:
     doc: plugins/cwf/concepts/handoff.md
     checker: plugins/cwf/concepts/checkers/check-handoff.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [handoff](../concepts/handoff.md)
+    required_links: "[handoff](../concepts/handoff.md)"
   provenance:
     doc: plugins/cwf/concepts/provenance.md
     checker: plugins/cwf/concepts/checkers/check-provenance.sh
     target_docs: plugins/cwf/concepts/README.md,plugins/cwf/references/contract-governance.md
-    required_links: [provenance](../concepts/provenance.md)
+    required_links: "[provenance](../concepts/provenance.md)"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/concepts/registry.yaml` around lines 12 - 42, The YAML registry
entries for the concept keys use unquoted bracketed lists for required_links
which causes YAML parsing errors; update each required_links value (for keys
expert, contract, decision-point, tier-classification, agent-orchestration,
handoff, provenance) to be a quoted string (e.g.,
"[expert](../concepts/expert.md)" -> "\"[expert](../concepts/expert.md)\"") so
standard YAML parsers accept the file; keep the existing
parse_registry/check-concepts.sh logic intact but ensure the registry.yaml
required_links values are wrapped in quotes.

🧹 Nitpick comments (5)

.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md (2)
110-116: Step 1 구현 목록에 Decision 6의 JSONL 집계 출력 표준이 누락됨

Decision 6(line 168)에서 체커 집계 출력 포맷을 JSONL로 확정했으나, check-concepts.sh 구현 체크리스트에 해당 요구사항이 명시되어 있지 않습니다. 단계별 구현만 참조하는 담당자가 다른 포맷을 선택할 위험이 있습니다.
♻️ 개선 제안
 - Implement `check-concepts.sh`:
   - target discovery for skills/hooks
   - binding validation (bound or excluded)
   - concept link/reference checks
-  - checker execution and aggregate verdict
+  - checker execution and aggregate verdict (emit JSONL per line; see Decision 6)
 - Add deterministic exit codes and concise summary output.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md around
lines 110 - 116, 체커 집계 출력 포맷이 JSONL으로 고정된 Decision 6(라인 168)을 반영하도록 check-list를
업데이트하세요: check-concepts.sh 구현 항목에 "체커 집계 출력은 JSONL 라인 단위(JSONL)로 생성"이라는 항목을
추가하고, 출력 필드 스키마(예: checker_id, verdict, details, timestamp)와 각 라인이 독립적인 JSON
객체여야 함을 명시하여 다른 포맷 선택을 방지하십시오; 관련 참조는 check-concepts.sh와 Decision 6으로 표기하세요.
30-32: 머신 전용 센티넬 토큰이 사람이 읽는 문서에 노출됨

PERSISTENCE_GATE=SKIP_NO_GAP은 에이전트 내부 제어용 토큰으로 보이나, 사람이 읽는 산문 섹션에 그대로 노출되어 가독성을 해칩니다. 기계 판독 전용 메타데이터 블록(예: YAML front-matter 또는 HTML 주석)으로 분리하거나, 불필요하다면 제거를 고려하세요.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md around
lines 30 - 32, The token PERSISTENCE_GATE=SKIP_NO_GAP is a machine-only control
value and should not appear inline in the human prose under the "## Evidence Gap
List" heading; move this metadata into a machine-only block (e.g., YAML
front-matter at the top of the document or an HTML/Markdown comment) or remove
it if unnecessary, ensuring you reference and preserve the exact symbol
PERSISTENCE_GATE=SKIP_NO_GAP when relocating so agents can still consume it.
plugins/cwf/scripts/check-concepts.sh (3)
139-154: raw_parts 변수가 local로 선언되지 않았습니다.

split_csv 함수 내 Line 149의 raw_parts 배열이 local로 선언되지 않아 호출자의 스코프에 누수됩니다. 현재는 기능상 문제가 없지만, 향후 함수 재사용 시 예기치 않은 변수 충돌을 방지하기 위해 local로 선언하는 것이 좋습니다.
♻️ 수정 제안
 split_csv() {
   local csv="$1"
   local -n out_ref="$2"
   local part=""
+  local -a raw_parts=()
   out_ref=()
 
   if [[ -z "$(trim "$csv")" ]]; then
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-concepts.sh` around lines 139 - 154, The split_csv
function leaks the raw_parts array into the caller scope because raw_parts is
not declared local; update split_csv to declare the array as local (e.g., add
"local -a raw_parts" or "local raw_parts" before using it) so raw_parts is
scoped to split_csv and cannot collide with callers; refer to the split_csv
function and the raw_parts variable when making this change.
417-430: doc_path 변수가 Line 377의 개념 doc 경로와 Line 417의 target doc 루프 변수로 이중 사용됩니다.

기능상 문제는 없지만(개념 doc_path는 Line 395 이후 사용되지 않음), 내부 루프 변수를 target_doc_path 등으로 이름을 변경하면 가독성이 향상됩니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-concepts.sh` around lines 417 - 430, The inner loop
reuses the variable name doc_path (which is also used earlier for the concept
doc), reducing readability; rename the loop variable to target_doc_path (or
similar) in the for loop over target_docs and update all uses inside that loop
(the file existence check, grep invocation, and the report_pass/report_fail
messages) so they reference target_doc_path instead of doc_path; leave other
symbols unchanged (target_docs, required_links, report_fail, report_pass) to
avoid side effects.
178-335: 커스텀 YAML 라인 파서가 registry.yaml의 정확한 들여쓰기 구조에 강하게 결합되어 있습니다.

이 파서는 2-스페이스/4-스페이스 들여쓰기를 하드코딩(^[[:space:]]{2}, ^[[:space:]]{4})하여 매칭합니다. registry.yaml에 중첩 레벨이 추가되거나 들여쓰기가 달라지면 조용히 파싱 실패합니다.

현재 registry.yaml의 required_links 값이 유효하지 않은 YAML이므로 표준 파서(yq) 사용이 불가능한 상황은 이해합니다. 그러나 registry.yaml의 따옴표 문제가 수정되면, yq나 python -c 'import yaml; ...' 등 표준 파서로 전환하여 유지보수성을 높이는 것을 권장합니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/cwf/scripts/check-concepts.sh` around lines 178 - 335, The parser in
parse_registry is brittle because it hardcodes 2- and 4-space indentation via
regexes like ^[[:space:]]{2} and ^[[:space:]]{4}; replace this with an
indentation-insensitive approach: either (preferred) switch to a real YAML
parser (e.g., call yq or python -c 'import yaml; ...' to safely load
"$REGISTRY_PATH" and populate maps like CONCEPT_IDS, CONCEPT_DOC,
CONCEPT_CHECKER, SKILL_BINDINGS, HOOK_BINDINGS, SKILL_EXCLUDED, HOOK_EXCLUDED,
SKILL_EXCLUSION_* and HOOK_EXCLUSION_* from the parsed structure, or (if
immediate YAML validity prevents that) change the regexes in parse_registry to
detect leading whitespace dynamically (capture ^([[:space:]]*) and compute
depth) instead of fixed {2}/{4} so nested levels are matched reliably for
current parsing logic; update code paths that set/regard current_concept,
current_skill_exclusion, and current_hook_exclusion accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@plugins/cwf/concepts/registry.yaml`:
- Around line 12-42: The YAML registry entries for the concept keys use unquoted
bracketed lists for required_links which causes YAML parsing errors; update each
required_links value (for keys expert, contract, decision-point,
tier-classification, agent-orchestration, handoff, provenance) to be a quoted
string (e.g., "[expert](../concepts/expert.md)" ->
"\"[expert](../concepts/expert.md)\"") so standard YAML parsers accept the file;
keep the existing parse_registry/check-concepts.sh logic intact but ensure the
registry.yaml required_links values are wrapped in quotes.

In `@plugins/cwf/scripts/check-concepts.sh`:
- Around line 130-137: The strip_quotes function currently only strips
surrounding double quotes; update it so strip_quotes also removes surrounding
single quotes by detecting if the trimmed value starts and ends with matching
single quotes (') as well as double quotes (") and then removing the first and
last character accordingly; adjust the condition in strip_quotes to check for
both quote types and apply the same substring logic so registry.yaml
required_links using single quotes will match correctly.

---

Nitpick comments:
In @.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md:
- Around line 110-116: 체커 집계 출력 포맷이 JSONL으로 고정된 Decision 6(라인 168)을 반영하도록
check-list를 업데이트하세요: check-concepts.sh 구현 항목에 "체커 집계 출력은 JSONL 라인 단위(JSONL)로
생성"이라는 항목을 추가하고, 출력 필드 스키마(예: checker_id, verdict, details, timestamp)와 각 라인이
독립적인 JSON 객체여야 함을 명시하여 다른 포맷 선택을 방지하십시오; 관련 참조는 check-concepts.sh와 Decision 6으로
표기하세요.
- Around line 30-32: The token PERSISTENCE_GATE=SKIP_NO_GAP is a machine-only
control value and should not appear inline in the human prose under the "##
Evidence Gap List" heading; move this metadata into a machine-only block (e.g.,
YAML front-matter at the top of the document or an HTML/Markdown comment) or
remove it if unnecessary, ensuring you reference and preserve the exact symbol
PERSISTENCE_GATE=SKIP_NO_GAP when relocating so agents can still consume it.

In `@plugins/cwf/scripts/check-concepts.sh`:
- Around line 139-154: The split_csv function leaks the raw_parts array into the
caller scope because raw_parts is not declared local; update split_csv to
declare the array as local (e.g., add "local -a raw_parts" or "local raw_parts"
before using it) so raw_parts is scoped to split_csv and cannot collide with
callers; refer to the split_csv function and the raw_parts variable when making
this change.
- Around line 417-430: The inner loop reuses the variable name doc_path (which
is also used earlier for the concept doc), reducing readability; rename the loop
variable to target_doc_path (or similar) in the for loop over target_docs and
update all uses inside that loop (the file existence check, grep invocation, and
the report_pass/report_fail messages) so they reference target_doc_path instead
of doc_path; leave other symbols unchanged (target_docs, required_links,
report_fail, report_pass) to avoid side effects.
- Around line 178-335: The parser in parse_registry is brittle because it
hardcodes 2- and 4-space indentation via regexes like ^[[:space:]]{2} and
^[[:space:]]{4}; replace this with an indentation-insensitive approach: either
(preferred) switch to a real YAML parser (e.g., call yq or python -c 'import
yaml; ...' to safely load "$REGISTRY_PATH" and populate maps like CONCEPT_IDS,
CONCEPT_DOC, CONCEPT_CHECKER, SKILL_BINDINGS, HOOK_BINDINGS, SKILL_EXCLUDED,
HOOK_EXCLUDED, SKILL_EXCLUSION_* and HOOK_EXCLUSION_* from the parsed structure,
or (if immediate YAML validity prevents that) change the regexes in
parse_registry to detect leading whitespace dynamically (capture ^([[:space:]]*)
and compute depth) instead of fixed {2}/{4} so nested levels are matched
reliably for current parsing logic; update code paths that set/regard
current_concept, current_skill_exclusion, and current_hook_exclusion
accordingly.

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 17b9c5c and e7f7fd1.

📒 Files selected for processing (13)

.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md
.cwf/projects/260224-01-concept-governance-yaml-unification/retro.md
.cwf/projects/260224-01-concept-governance-yaml-unification/ship.md
plugins/cwf/concepts/README.md
plugins/cwf/concepts/registry.yaml
plugins/cwf/contracts/authoring-contract.json
plugins/cwf/contracts/change-impact.json
plugins/cwf/contracts/claims.json
plugins/cwf/contracts/portable-contract.json
plugins/cwf/references/contract-governance.md
plugins/cwf/scripts/check-concepts.sh
plugins/cwf/scripts/check-run-gate-artifacts.sh
plugins/cwf/skills/ship/SKILL.md

💤 Files with no reviewable changes (4)

plugins/cwf/contracts/claims.json
plugins/cwf/contracts/authoring-contract.json
plugins/cwf/contracts/change-impact.json
plugins/cwf/contracts/portable-contract.json

✅ Files skipped from review due to trivial changes (2)

plugins/cwf/concepts/README.md
plugins/cwf/references/contract-governance.md

🚧 Files skipped from review as they are similar to previous changes (1)

.cwf/projects/260224-01-concept-governance-yaml-unification/ship.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.md

📄 CodeRabbit inference engine (CLAUDE.md)

In markdown documentation (SKILL.md, references, READMEs), always include a language specifier on code fences (e.g., bash, text, ```yaml). Never use bare code fences. Follow rules in .markdownlint.json

Files:

plugins/cwf/skills/ship/SKILL.md

🧠 Learnings (2)

📚 Learning: 2026-02-08T04:27:16.448Z

Learnt from: CR
Repo: corca-ai/claude-plugins PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-08T04:27:16.448Z
Learning: After large multi-file changes, consider running parallel sub-agent reviews before committing, with each agent given a different review perspective plus session lessons/retro context

Applied to files:

.cwf/projects/260224-01-concept-governance-yaml-unification/retro.md

📚 Learning: 2026-02-08T04:27:16.448Z

Learnt from: CR
Repo: corca-ai/claude-plugins PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-08T04:27:16.448Z
Learning: When creating new tools, evaluate: marketplace plugin (plugins/, general-purpose) vs local skill (.claude/skills/, repo-specific). Prefer local skill unless the tool has cross-project utility

Applied to files:

plugins/cwf/concepts/registry.yaml

🧬 Code graph analysis (1)

plugins/cwf/scripts/check-run-gate-artifacts.sh (1)

plugins/cwf/scripts/check-run-gate-artifacts-lib.sh (3)

append_fail (23-27)

append_pass (35-39)

append_warn (29-33)

🪛 YAMLlint (1.38.0)

plugins/cwf/concepts/registry.yaml

[error] 12-12: syntax error: expected , but found ''

(syntax)

🔇 Additional comments (9)

.cwf/projects/260224-01-concept-governance-yaml-unification/retro.md (1)

1-15: 문서 내용이 명확하고 일관됩니다.

레트로 섹션 구성과 항목들이 PR 목적과 잘 맞아 떨어집니다.

.cwf/projects/260224-01-concept-governance-yaml-unification/plan.md (1)

96-101: setup-contract.json 파일은 코드베이스에 존재하지 않으므로 이 우려사항은 해결됨

.cwf/setup-contract.yaml는 존재하지만, 대응하는 .cwf/setup-contract.json은 코드베이스에 없습니다. 따라서 커미션 해제 목록에 추가할 파일이 없으며, 현재 decommission 섹션(lines 96-101)은 정확합니다.

Likely an incorrect or invalid review comment.

plugins/cwf/skills/ship/SKILL.md (1)

59-64: LGTM — issue_ref/pr_ref 필드 추가와 비-베이스 브랜치 정책 문서화가 적절합니다.

check-run-gate-artifacts.sh에서 추가된 URL 검증 로직과 일관성 있게, ship 스테이지 ## Ambiguity Resolution 블록에 issue_ref/pr_ref 필드가 추가되고, Line 64에서 비-베이스 브랜치에서의 강제 요건이 명확히 기술되어 있습니다.

plugins/cwf/scripts/check-run-gate-artifacts.sh (2)

277-278: issue_ref/pr_ref 파싱 및 패턴 검증이 일관성 있게 추가되었습니다.

required_patterns에 ^issue_ref: 와 ^pr_ref: 가 포함되어 필드 존재 여부를 확인하고, Lines 346-347에서 sed로 값을 추출하는 방식이 기존 mode, blocking_open_count 파싱 패턴과 동일합니다.

Also applies to: 346-347

365-397: 비-베이스 브랜치 ship URL 검증 로직이 잘 구성되어 있습니다.

detached HEAD 상태(CI 환경 등)에서 git branch --show-current가 빈 문자열을 반환할 경우, Line 375의 조건에서 경고(warn)만 출력하고 검증을 건너뛰는 흐름은 적절합니다.

origin/HEAD ref가 설정되지 않은 경우 main/master 폴백이 작동하므로, 대부분의 일반적인 환경에서 잘 동작합니다. bare clone처럼 origin/HEAD와 main/master 둘 다 없는 극한 시나리오에서 resolved_base_branch가 빈 채로 남고 검증이 건너뛰어지는 현재 동작은 안전하고 적절한 기본값입니다.

plugins/cwf/concepts/registry.yaml (2)

44-57: skill_bindings 섹션이 적절히 구성되어 있습니다.

모든 키가 따옴표로 감싸져 있고, 값은 쉼표로 구분된 개념 이름입니다. check-concepts.sh의 validate_binding_concepts에서 각 개념이 CONCEPT_IDS에 존재하는지 검증하므로 오타가 있어도 게이트에서 잡힙니다.

66-82: hook_bindings 키와 hooks.json 커맨드 필드는 일관성 있게 동기화되어 있습니다.

검증 결과, hooks.json의 command 필드와 registry.yaml의 hook_bindings 키 모두 ${CLAUDE_PLUGIN_ROOT}를 리터럴로 포함하고 있으며, check-concepts.sh의 jq 기반 문자열 비교가 정상 작동합니다. 16개의 모든 hook 항목이 정확히 일치하며 "stale binding" 경고가 발생할 여지가 없습니다.

Likely an incorrect or invalid review comment.

plugins/cwf/scripts/check-concepts.sh (2)

617-662: 개념 체커 실행 로직이 잘 구조화되어 있습니다.

set +e/set -e로 체커 종료 코드를 안전하게 캡처하고, 종료 코드 규약(0=pass, 10=warn, 기타=fail)이 명확합니다.

664-692: 메인 실행 흐름과 종료 코드 로직이 명확합니다.

검증 순서(거버넌스 정책 → 개념 정의 → 스킬/훅 커버리지 → 체커 실행)가 논리적이고, JSONL/텍스트 출력 분기와 --strict 모드의 경고 처리가 일관성 있게 구현되었습니다.

spilist added 11 commits February 24, 2026 09:06

Add next-session plan for concept governance and YAML contract migration

f5c0bab

Update migration plan to target 1.0.0 and require README finalization

93e4c2d

feat(cwf): add concept governance registry and gate

d3643fe

feat(cwf): migrate core gate contracts to yaml defaults

b1e8a08

feat(refactor): switch codebase contract workflow to yaml

8f0f334

chore(cwf): enforce yaml-only contract path and commit-boundary policy

edd7504

chore(release): bump cwf version to 1.0.0

c4f0847

docs(cwf-run): record run artifacts for concept-governance migration

961f076

chore(logs): add run session log artifacts

27eb3ce

docs(index): add new cwf reference files to agents map

69a8ca6

docs(run): require branch creation and non-base issue/pr ship

17b9c5c

coderabbitai Bot reviewed Feb 24, 2026

View reviewed changes

spilist added 3 commits February 24, 2026 11:03

feat(concepts): enforce release-based exclusion policy and jsonl aggr…

3a96c8e

…egate

feat(run-gate): require issue/pr refs for non-base ship and record de…

e7f7fd1

…cisions

fix(ci): relax retro coverage fixture for shallow single-commit fallback

dca9348

spilist merged commit 981a751 into main Feb 24, 2026
2 checks passed

spilist deleted the feat/260224-concept-governance-plan branch February 24, 2026 02:09

coderabbitai Bot reviewed Feb 24, 2026

View reviewed changes

		worktree_root: "/home/hwidong/codes/claude-plugins"
		worktree_branch: "feat/260224-concept-governance-plan"

Conversation

spilist commented Feb 24, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

목적

주요 결정사항

검증 방법

인간 판단 필요 사항

머지 후 영향

시스템 동작 변경

향후 작업 영향

회고 결과 요약

영속화 및 후속 제안

Diff Stat

Lessons Learned

CDM (Critical Decision Moments)

Review Checklist

Summary by CodeRabbit

릴리스 노트

Uh oh!

coderabbitai Bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Rate limit exceeded

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Possibly related PRs

❌ Failed checks (1 warning)

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

spilist commented Feb 24, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Feb 24, 2026 •

edited

Loading