Summary
Daily SPDD spec review 2026-06-14 — rotation index 10–14 of 25:
docs/src/content/docs/specs/repository-package-manifest-specification.md (v0.2.0)docs/src/content/docs/specs/safe-outputs-specification.md (v1.23.0)scratchpad/github-mcp-access-control-specification.md (v1.1.0)scratchpad/guard-policies-specification.md (Design Proposal — unversioned)scratchpad/safe-outputs-specification.md (DEPRECATED v1.1.0)
Key issues: stale deprecation-notice version link, missing lockdown+guard-policy cross-field validation, two open sync tasks in safe-outputs spec, §12 Sync Notes incomplete in manifest spec, and guard-policies-specification.md needs SPDD formalization.
Priority Work Queue
P0 — Fix deprecation notice in scratchpad/safe-outputs-specification.md (links to v1.21.0; canonical is v1.23.0). Add lockdown: true + guard-policy coexistence warning to pkg/workflow/tools_validation.go (decision resolved in guard-policies-spec Q#3, not yet implemented).
P1 — Close 2 open sync tasks in safe-outputs-specification.md (§7 handler function cross-refs, §8.3 MCE1–MCE5 mapping). Extend repository-package-manifest-specification.md §12 Sync Notes to cover §5.2/§5.3/§10. Add norms table to scratchpad/github-mcp-access-control-specification.md.
P2 — Assign R-PKG identifiers to — rows in manifest spec §11. Formalize guard-policies-specification.md (add version/abstract/RFC 2119). Evaluate promotion of access-control spec from scratchpad. Archive check for deprecated scratchpad safe-outputs spec.
SPDD Checklist
Per-Spec Findings
📦 repository-package-manifest-specification.md (v0.2.0)
REASONS gaps: Approach (§12 incomplete — §5.2/5.3/10 unmapped) ⚠️; Norms (~12 requirements lack R-PKG IDs) ⚠️. All other dimensions strong.
Top task: Extend §12 Sync Notes (§5.2 update, §5.3 remove, §10 safeguards) and assign R-PKG IDs to — norms rows.
Sync checks: Verify pkg/cli/add_command.go for R-PKG-U001–U004, R-PKG-R001–R004, and R-PKG-003 rollback in add_package_manifest.go.
🔒 safe-outputs-specification.md (v1.23.0)
REASONS gaps: Approach (2 declared-open sync tasks) ⚠️; Norms (no tabular norms table; SP1–SP7 un-tabulated) ⚠️. All other dimensions strong.
Top tasks: (1) Add §7 handler function cross-refs. (2) Add §8.3 MCE1–MCE5 implementation mapping.
Sync checks: Run make test-safe-outputs; audit §11.3 cache key format in compiled YAML.
🔑 scratchpad/github-mcp-access-control-specification.md (v1.1.0)
REASONS gaps: Approach (still in scratchpad) ⚠️; Norms (no norms table) ❌.
Top tasks: (1) Add norms table. (2) Add lockdown:true + guard-policy cross-field warning. (3) Promotion decision.
Sync checks: go test ./pkg/workflow/ -run TestValidateGitHub — verify T-GH-47–060 pass.
📋 scratchpad/guard-policies-specification.md (Design Proposal)
REASONS gaps: Requirements (no RFC 2119) ❌; Structure (no SPDD structure) ❌; Norms ❌. Testing inconsistency: "Complete" vs "Write Tests".
Top tasks: Formalize into SPDD spec; reconcile testing status; confirm dry-run deferral (Q4) is tracked.
🗂️ scratchpad/safe-outputs-specification.md (DEPRECATED v1.1.0)
Issues: Deprecation notice cites v1.21.0; canonical is v1.23.0. §6.4 update-discussion not confirmed migrated.
Top task: Fix version in notice; verify §6.4 migration.
Sync Follow-ups
| Spec |
Implementation Target |
Check |
| manifest §5.2/§5.3 |
pkg/cli/add_command.go |
R-PKG-U001–U004, R-PKG-R001–R004 |
| manifest §10 safeguards |
pkg/cli/add_package_manifest.go |
R-PKG-001–007, rollback |
| safe-outputs §7 handlers |
actions/setup/js/safe_outputs_handlers.cjs |
Function-name cross-refs |
| safe-outputs §8.3 MCE1–5 |
actions/setup/js/safe_outputs_mcp_server.cjs |
Constraint enforcement |
| safe-outputs §11 |
make test-safe-outputs |
Cache memory integrity |
| access-control T-GH-47–060 |
go test ./pkg/workflow/ -run TestValidateGitHub |
New integrity test groups |
| guard-policies tests |
go test ./pkg/workflow/ -run TestGuardPolicy |
Test-state reconciliation |
Context
Rotation: index 10–14 of 25 (next run starts at index 15: specs/aw-harness.md)
Run: §27504800878
References: §27504800878
Generated by 📋 Daily SPDD Spec Planner · 346.2 AIC · ⌖ 13.7 AIC · ⊞ 16.2K · ◷
Summary
Daily SPDD spec review 2026-06-14 — rotation index 10–14 of 25:
docs/src/content/docs/specs/repository-package-manifest-specification.md(v0.2.0)docs/src/content/docs/specs/safe-outputs-specification.md(v1.23.0)scratchpad/github-mcp-access-control-specification.md(v1.1.0)scratchpad/guard-policies-specification.md(Design Proposal — unversioned)scratchpad/safe-outputs-specification.md(DEPRECATED v1.1.0)Key issues: stale deprecation-notice version link, missing
lockdown+guard-policy cross-field validation, two open sync tasks in safe-outputs spec, §12 Sync Notes incomplete in manifest spec, andguard-policies-specification.mdneeds SPDD formalization.Priority Work Queue
P0 — Fix deprecation notice in
scratchpad/safe-outputs-specification.md(links to v1.21.0; canonical is v1.23.0). Addlockdown: true+ guard-policy coexistence warning topkg/workflow/tools_validation.go(decision resolved in guard-policies-spec Q#3, not yet implemented).P1 — Close 2 open sync tasks in
safe-outputs-specification.md(§7 handler function cross-refs, §8.3 MCE1–MCE5 mapping). Extendrepository-package-manifest-specification.md§12 Sync Notes to cover §5.2/§5.3/§10. Add norms table toscratchpad/github-mcp-access-control-specification.md.P2 — Assign R-PKG identifiers to
—rows in manifest spec §11. Formalizeguard-policies-specification.md(add version/abstract/RFC 2119). Evaluate promotion of access-control spec from scratchpad. Archive check for deprecated scratchpad safe-outputs spec.SPDD Checklist
scratchpad/safe-outputs-specification.md: update deprecation notice fromv1.21.0→v1.23.0. Done when both occurrences reference the current canonical version.pkg/workflow/tools_validation.go(validateGitHubGuardPolicy): emit a compiler warning whenlockdown: trueis combined withallowed-repos/min-integrity. Done when a test case for the combination produces a warning.docs/src/content/docs/specs/safe-outputs-specification.md§Sync Notes: add function-name cross-refs for all ≥15 §7 handler types toactions/setup/js/safe_outputs_handlers.cjs. Done when every §7 type cites its implementing function.actions/setup/js/safe_outputs_mcp_server.cjs. Done when the row is present in the table.docs/src/content/docs/specs/repository-package-manifest-specification.md§12: add rows for §5.2 (update), §5.3 (remove), §10 (R-PKG-001–007) withpkg/cli/implementation files. Done when all three new rows are present and last-verified date is updated.scratchpad/github-mcp-access-control-specification.md: add a §Norms reference table listing all MUST/SHALL requirements from §§4–9 with assigned identifiers. Done when no MUST statement is untracked.docs/src/content/docs/specs/repository-package-manifest-specification.md§11: assign R-PKG identifiers to all—rows in §11.1, §11.2, §11.4, §11.5. Done when no—ID entries remain.scratchpad/guard-policies-specification.md: add frontmatter, version, Abstract, Conformance (RFC 2119), and Norms sections. Done when all 7 REASONS Canvas dimensions are represented.scratchpad/guard-policies-specification.md: rungo test ./pkg/workflow/ -run TestGuardPolicyand reconcile "Tests: Complete" vs. "Next Steps: Write Tests" inconsistency. Done when status accurately reflects test coverage.scratchpad/safe-outputs-specification.md: verify §6.4update-discussionoperation has been migrated tosafe-outputs-specification.md§7; note intentionally if absent.scratchpad/github-mcp-access-control-specification.md: record a promote/defer/archive decision with rationale for moving todocs/src/content/docs/specs/.Per-Spec Findings
📦 repository-package-manifest-specification.md (v0.2.0)
REASONS gaps: Approach (§12 incomplete — §5.2/5.3/10 unmapped)⚠️ ; Norms (~12 requirements lack R-PKG IDs) ⚠️ . All other dimensions strong.
Top task: Extend §12 Sync Notes (§5.2 update, §5.3 remove, §10 safeguards) and assign R-PKG IDs to
—norms rows.Sync checks: Verify
pkg/cli/add_command.gofor R-PKG-U001–U004, R-PKG-R001–R004, and R-PKG-003 rollback inadd_package_manifest.go.🔒 safe-outputs-specification.md (v1.23.0)
REASONS gaps: Approach (2 declared-open sync tasks)⚠️ ; Norms (no tabular norms table; SP1–SP7 un-tabulated) ⚠️ . All other dimensions strong.
Top tasks: (1) Add §7 handler function cross-refs. (2) Add §8.3 MCE1–MCE5 implementation mapping.
Sync checks: Run
make test-safe-outputs; audit §11.3 cache key format in compiled YAML.🔑 scratchpad/github-mcp-access-control-specification.md (v1.1.0)
REASONS gaps: Approach (still in scratchpad)⚠️ ; Norms (no norms table) ❌.
Top tasks: (1) Add norms table. (2) Add
lockdown:true+ guard-policy cross-field warning. (3) Promotion decision.Sync checks:
go test ./pkg/workflow/ -run TestValidateGitHub— verify T-GH-47–060 pass.📋 scratchpad/guard-policies-specification.md (Design Proposal)
REASONS gaps: Requirements (no RFC 2119) ❌; Structure (no SPDD structure) ❌; Norms ❌. Testing inconsistency: "Complete" vs "Write Tests".
Top tasks: Formalize into SPDD spec; reconcile testing status; confirm dry-run deferral (Q4) is tracked.
🗂️ scratchpad/safe-outputs-specification.md (DEPRECATED v1.1.0)
Issues: Deprecation notice cites v1.21.0; canonical is v1.23.0. §6.4
update-discussionnot confirmed migrated.Top task: Fix version in notice; verify §6.4 migration.
Sync Follow-ups
pkg/cli/add_command.gopkg/cli/add_package_manifest.goactions/setup/js/safe_outputs_handlers.cjsactions/setup/js/safe_outputs_mcp_server.cjsmake test-safe-outputsgo test ./pkg/workflow/ -run TestValidateGitHubgo test ./pkg/workflow/ -run TestGuardPolicyContext
Rotation: index 10–14 of 25 (next run starts at index 15:
specs/aw-harness.md)Run: §27504800878
References: §27504800878