You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .codex/skills/ship/SKILL.md
+21-8Lines changed: 21 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,10 +30,12 @@ For browser-observable changes, read and use the available Chrome-control skill.
30
30
1. Open a fresh local tab and exercise the golden path.
31
31
2. Derive 2–4 edge cases from the diff: boundaries, new conditionals, state transitions, and the exact bug reproduction. Avoid generic cases unrelated to the change.
32
32
3. Check browser console and network failures when exposed.
33
-
4. Record reviewer-facing steps while testing: URL/view, user action, and observable result. Use these unchanged as unchecked PR manual-test steps.
33
+
4. Record completed validation evidence: URL/view, user action, observable result, and console or network status when relevant. Evidence is a record of work already performed, not a checklist for the user.
34
34
35
35
For changes not observable in the browser, run and record an equivalent CLI or API scenario. Never silently skip this validation record. Re-run the affected scenario after a user-visible fix.
36
36
37
+
Do not ask the user to repeat validation per PR. The owner's normal daily use of staging is a separate confidence loop, not a merge gate or an itemized acceptance pass.
38
+
37
39
## 3. Review correctness
38
40
39
41
Review the full branch diff, not only unstaged files. Look for state/race/cleanup errors, boundaries, keyboard/pointer/scroll/focus regressions, accessibility, security/privacy/auth/data-loss risks, and missing regression coverage.
@@ -58,7 +60,18 @@ Use `codex-simplify-code` on the diff from the base branch. Reduce duplication,
58
60
- Revalidate user-visible behavior after behavior-adjacent cleanup.
59
61
- Capture what changed, or that no simplification opportunity existed, and justify any retained or new `useEffect`, `useRef`, or `useState` for the PR.
60
62
61
-
## 6. Final local gate
63
+
## 6. Independent review and final local gate
64
+
65
+
Run a fresh, read-only reviewer agent against the final branch diff after simplification. Spawn it without inherited conversation context (`fork_turns: "none"`) and provide a self-contained task with the worktree path, base ref, task intent, and repository instructions. This review is internal to `ship`: the user should not need another command, approval, or review step.
66
+
67
+
Give the reviewer the task intent, applicable `AGENTS.md`, and the complete base-to-head diff without the implementation agent's conclusions. Direct it to:
68
+
69
+
1. Start from changed lines and form concrete risk questions.
70
+
2. Narrow with `rg` or file discovery before reading the smallest relevant caller, contract, and test ranges.
71
+
3. Report only confirmed, actionable defects with severity, path/line, impact, and supporting evidence; omit style preferences and speculative findings.
72
+
4. Cover correctness, regression coverage, performance, accessibility, security/privacy/data loss, simplicity, and maintainability as applicable.
73
+
74
+
Fix confirmed findings, revalidate them, and commit the review fixes separately with a conventional message before running a fresh confirmation review. Repeat only when a confirmed finding changed the diff. Stop if a fresh reviewer is unavailable, a finding is uncertain, or confidence remains incomplete; do not substitute self-review or hand validation back to the user.
62
75
63
76
Run checks chosen from the actual diff and repository guidance. At minimum run focused regression tests, affected type checking, and lint; run broader package tests for shared contracts. Use `bun run verify` only after inspecting its selected checks. Confirm the diff and worktree are clean except for intentional, committed work; distinguish new failures from existing warnings.
64
77
@@ -73,14 +86,14 @@ Use these sections in order:
73
86
74
87
## Simplicity
75
88
76
-
## Manual Testing Steps
77
-
-[ ] Reviewer-visible golden-path and diff-derived edge-case steps
89
+
## Automated validation
90
+
91
+
## Independent review
78
92
79
93
## Test plan
80
-
-[x] Commands actually run
81
94
```
82
95
83
-
Write manual steps in user-observable language—never function, variable, or file names. Close the originating issue only when unambiguous.
96
+
Under automated validation, record the completed browser, CLI, or API scenarios and their observed results. Under independent review, record the final reviewer result and any confirmed findings fixed. Under test plan, list commands actually run. Do not include manual-testing sections, unchecked boxes, or tasks for the user. Close the originating issue only when unambiguous.
Merge only when required checks and reviews are satisfied, the PR targets the expected base, and local validation supports confidence. Compass normally squash-merges; use the repository’s observed strategy and delete the remote branch only when normal. Never merge on a guess.
106
+
Merge only when required checks and the independent review gate are satisfied, the PR targets the expected base, and local validation supports confidence. Compass normally squash-merges; use the repository’s observed strategy and delete the remote branch only when normal. Never merge on a guess.
94
107
95
108
## 10. Monitor main release
96
109
@@ -100,4 +113,4 @@ Treat tag, publication, deployment, migration, or health-check failures as incid
100
113
101
114
## Report
102
115
103
-
Lead with the shipped result. Include the PR and merge result, implementation and simplification commits, local/manual validation, PR CI, post-merge release/deployment result and tag, plus pre-existing warnings or follow-up risks. Emit git directives only for actions that actually succeeded.
116
+
Lead with the shipped result. Include the PR and merge result, implementation and simplification commits, automated/browser validation, independent review, PR CI, post-merge release/deployment result and tag, plus pre-existing warnings or follow-up risks. Emit git directives only for actions that actually succeeded.
Copy file name to clipboardExpand all lines: docs/development/testing-playbook.md
+15-17Lines changed: 15 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -328,7 +328,7 @@ conformance:
328
328
| React Testing Library | Roles, accessible names, state, focus, and keyboard behavior | Focused web tests and `bun run test:web`|
329
329
| Playwright with axe | Automatically detectable issues in realistic rendered states |`bun run test:a11y`, `bun run verify web`, and E2E CI |
330
330
| Targeted browser assertions | Regressions generic rules cannot reliably model, such as transient contrast or focus behavior | The relevant E2E regression test |
331
-
|Manual review | Keyboard usability, zoom/reflow, screen-reader experience, and other judgment-based WCAG criteria |Major UI changes and periodic audits |
331
+
|Daily staging use and periodic audits | Broad usability regressions and judgment-based WCAG criteria |Once-daily normal use and separately scoped audits, never per-PR checklists|
332
332
333
333
#### How Axe Coverage Works
334
334
@@ -393,7 +393,8 @@ at the call site. Unexplained `incomplete` results seen in this suite today
393
393
are `color-contrast` (axe cannot compute a background across an
394
394
absolutely-positioned overlap or a CSS gradient, and cannot reliably sample
395
395
single-character date-cell text) - these are exactly the states the
396
-
datepicker's targeted contrast test and manual review already cover.
396
+
datepicker's targeted contrast test covers or periodic accessibility audits
397
+
must inspect.
397
398
398
399
#### Representative Checkpoints
399
400
@@ -443,22 +444,18 @@ Test meaningful outcomes such as focus movement, updated `aria-expanded` or
443
444
A successful `getByRole` query is useful pressure toward semantic markup, but
444
445
it is not an accessibility audit by itself.
445
446
446
-
#### Manual Review
447
+
#### Daily Staging Confidence
447
448
448
-
For a major UI change, verify the affected flow with:
449
+
Once per day, use the accumulated staging build as a normal Compass user. This
450
+
is an unstructured product-confidence pass, not a PR checklist: do not replay
451
+
individual changes or map observations back to every merged PR. File any
452
+
regression observed during normal use as a bug.
449
453
450
-
- keyboard-only navigation, including visible focus and a logical focus order
451
-
- browser zoom and reflow at 200% and 400%
452
-
- VoiceOver on macOS for names, roles, state changes, and announcements
453
-
- reduced-motion and forced-colors/high-contrast settings when relevant
454
-
- a free browser audit such as Accessibility Insights for Web
455
-
456
-
Record the states reviewed in the PR - `.github/PULL_REQUEST_TEMPLATE.md` has a
457
-
short accessibility checklist for exactly the judgment calls automation can't
458
-
make (keyboard reach, dynamic content exercised, zoom/reflow, screen-reader
459
-
names, reduced-motion/forced-colors). Automated checks passing means no tested
460
-
automated violation was found; it does not mean the page conforms to every WCAG
461
-
success criterion.
454
+
Per-PR confidence comes from automated tests, agent-driven browser validation,
455
+
and the independent diff-first review. If those gates cannot establish
456
+
correctness, `ship` pauses instead of delegating manual verification to the
457
+
owner. Separately scoped accessibility audits can still examine judgment-based
458
+
WCAG criteria without becoming a release requirement for each PR.
462
459
463
460
#### Workflow For UI Changes
464
461
@@ -469,7 +466,8 @@ success criterion.
469
466
4. Add a targeted browser regression only for behavior the general scan does
470
467
not protect.
471
468
5. Run `bun run test:web`, `bun run lint`, and `bun run verify web`.
472
-
6. For major UI changes, complete and document the relevant manual checks.
469
+
6. Record completed agent-driven browser validation in the PR. Do not add
470
+
manual tasks; pause `ship` if the behavior cannot be confirmed.
473
471
474
472
Browser-based accessibility checks are appropriate for CI and pre-push
475
473
verification. Keep commit hooks limited to fast static checks so normal commits
0 commit comments