You: "I need to screen 500 abstracts for an HTA on diabetes treatments."

AI: "To help structure this workflow, I need to clarify several aspects:
1. What are the specific inclusion criteria (population, intervention, outcomes)?
2. What exclusion criteria should be applied?
3. Are there validated screening tools or checklists to follow?
4. What level of agreement is required between reviewers?
5. How should conflicts be resolved?
6. What format should the screening results take?"

You: [Provide answers]

AI: "Based on your requirements, I propose a 4-step workflow:
Step 1: Automated initial screening using PICO criteria
Step 2: Detailed abstract assessment against full inclusion/exclusion checklist
Step 3: Conflict resolution for borderline cases
Step 4: Generate screening report with PRISMA flow diagram

Does this sequence address your needs, or should we adjust the approach?"

I want to automate [process description]. Analyze the typical workflow
for this process and propose a structured sequence of steps from initial
input to final output. For each step, identify whether it requires human
oversight or can be fully automated.

Training Module Workflow
Phases: 1) Planning (define objectives, research, create outline),
2) Implementation (generate content including presentations, code, handbooks),
3) Verification (review for quality, accuracy, completeness),
4) Delivery (transform to final formats HTML, PDF).
Handoffs: Planning to Implementation via approved outline,
Implementation to Verification via draft materials,
Verification to Delivery via verified content.
Human Checkpoints: approve objectives and scope, approve outline structure,
final quality review.

Analyze these code examples [attach files] and generate a comprehensive
coding standard document covering: naming conventions, structure patterns,
error handling, documentation requirements, and quality expectations.

Code Example Standards
Style: Real implementations, no mocks or placeholders; executable code
that demonstrates actual functionality; clear variable names that explain purpose.
Structure: Imports at top, grouped logically; main logic in functions,
not global scope; one primary concept per example.
Error Handling: All examples must handle expected errors; use try-except
for external operations (file I/O, API calls); provide clear error messages.
Documentation: Docstrings for complex functions; inline comments explain why,
not what; examples include expected output.

For the workflow step '[step name]', generate a detailed step definition.
Input artifacts: [list]. Expected output: [description]. Standards to
follow: [references]. Include: specific actions to take, what to produce,
and measurable success criteria.

Step Definition: Develop Content
Inputs:
- outline.md (approved section structure)
- code-standards.md (coding conventions)
- examples/ (reference implementations)
Process:
1) Read outline section by section
2) For each section, generate explanatory text following writing-style.md
3) Create code examples demonstrating key concepts
4) Validate examples execute without errors
5) Add inline comments explaining non-obvious logic
Outputs:
- section-N-name.ipynb per section (Jupyter notebook with narrative and code)
Success Criteria:
- All sections from outline are present
- Code examples execute without errors
- No TODO or placeholder text
- Follows writing-style.md guidelines
- All functions have type hints

Analyze this codebase structure [provide tree]. For the "Develop Content"
step, identify: 1) files to read for context, 2) output locations,
3) external capabilities needed.

Develop Content Step - Artifact Access:
Read:
- outline.md
- standards/writing-style.md
- standards/code-standards.md
- examples/*.py
Write:
- sections/*.ipynb

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@anthropic/mcp-filesystem", "./standards", "./examples"]
    },
    "code-executor": {
      "command": "python",
      "args": ["-m", "mcp_code_executor", "--timeout", "30"]
    }
  }
}

Services Configuration:
- Code validation: `pytest sections/ --tb=short`
- Linting: `ruff check sections/ --output-format=json`
- WebSearch: MCP server "brave-search" for API documentation lookup

Develop Content Step - Services:
Code Execution:
  tool: mcp/code-executor
  purpose: validate all examples run without errors
  timeout: 30s
Web Search:
  tool: mcp/brave-search
  purpose: fetch latest API documentation
  query_template: "{library} {version} documentation {topic}"
Format Validation:
  tool: cli/nbformat
  command: python -m nbformat.validator sections/*.ipynb

Create an automated verification procedure for this step definition [attach].
Generate:
1) checklist of all acceptance criteria,
2) automated tests where possible (scripts, linters, validators),
3) manual review procedures for subjective criteria,
4) failure handling (what specific fixes to request).

Automated Checks:
- Run all code examples with pytest
- Lint for style compliance
Structure Validation:
- Check all required concepts are covered
Manual Review Checklist:
- Examples demonstrate real functionality
- Complexity appropriate for audience
Acceptance Criteria:
- All code executes without errors
- Linter passes with zero warnings
- All concepts from requirements demonstrated
- No placeholder code
Actions on Failure:
- Execution errors: provide message and traceback, request fix
- Linter failures: provide specific violations, request compliance
- Missing concepts: list missing items, request addition

Analyze these verification reports [attach]. Identify patterns in failures.
For each pattern, propose:
1) update to standards to prevent recurrence,
2) refinement to step definitions for clarity,
3) additional acceptance criteria to catch earlier.

Pattern Identified: External operations lacking error handling
- 15 of 20 verification runs flagged missing try-except blocks
- Pattern: file I/O, API calls without error handling
Refinement Actions:
- Standard spec: explicitly require try-except for external operations
- Step definition: add "identify external operations and add error handling"
- Acceptance criteria: include "all external operations have try-except"
Result: Future generation references updated standard, follows refined process,
meets enhanced criteria—preventing pattern from recurring.

research-workflow/
├── state.json              # Current step, completed tasks
├── standards/
│   ├── screening.md        # Inclusion/exclusion criteria
│   └── extraction.md       # Data extraction templates
├── prompts/
│   ├── screen-abstract.md  # Prompt template for screening
│   └── extract-data.md     # Prompt template for extraction
├── artifacts/
│   ├── abstracts/          # Input abstracts to screen
│   └── results/            # Screening decisions
└── workflow.md             # Step sequence and verification

services:
  jira:
    type: rest-api
    base_url: https://company.atlassian.net/rest/api/3
    auth: api_token
    capabilities:
      - read_issue
      - update_status
      - add_comment
      - get_attachments

  figma:
    type: mcp-server
    command: npx @anthropic/mcp-figma
    capabilities:
      - read_designs
      - export_assets
      - get_design_tokens

  gitlab:
    type: rest-api
    base_url: https://gitlab.company.com/api/v4
    auth: personal_token
    capabilities:
      - create_branch
      - commit_files
      - create_merge_request
      - merge
      - get_pipeline_status

  code_executor:
    type: cli
    commands:
      - pytest
      - ruff
      - mypy
    timeout: 300s

step: extract_and_clarify_requirements
inputs:
  - jira_ticket_id: "PROJ-123"
  - standards/requirements-clarity.md
  - standards/dor-checklist.md
process:
  1. Fetch ticket from Jira API (title, description, acceptance criteria, attachments)
  2. Extract linked Figma designs if present
  3. Parse acceptance criteria into testable statements
  4. Apply ambiguity detection rules from requirements-clarity.md
  5. Generate clarifying questions for each ambiguity
  6. Document assumptions that need validation
outputs:
  - requirements.md: "Structured requirements with clarifications needed"
  - clarifying-questions.md: "Questions for product owner"
human_checkpoint: false (unless critical ambiguities block progress)

# Requirements Clarity Standard

## Completeness Criteria
- User goal clearly stated (who does what to achieve which outcome)
- All acceptance criteria are independently testable
- Edge cases explicitly identified (empty states, errors, limits)
- Error scenarios documented with expected behavior
- Dependencies on other systems/features listed
- UI/UX requirements linked to Figma frames

## Ambiguity Detection Rules
Flag as ambiguous:
- Pronouns without clear antecedents ("it should update", "they can access")
- Vague quantities ("some users", "many items", "quickly", "efficiently")
- Undefined terms not in project glossary
- Missing error handling ("user enters data" - what if invalid?)
- Implicit assumptions ("logged-in user" - what auth level?)
- Relative references ("similar to feature X" - which aspects?)

## Resolution Process
- Mark each ambiguity with [NEEDS_CLARIFICATION: specific question]
- Propose default assumption with [ASSUMED: assumption, pending confirmation]
- Link to related requirements that may conflict

acceptance_criteria:
  - All Jira fields extracted (title, description, AC, attachments, links)
  - No ambiguous terms remain unaddressed (flagged or resolved)
  - Each acceptance criterion is independently testable
  - All external dependencies explicitly listed
  - requirements.md follows template structure
  - Figma links resolved to specific frame references

Read Jira ticket {ticket_id} using the Jira API.

Extract:
- Title and description
- All acceptance criteria (numbered list)
- Linked Figma designs (resolve to frame URLs)
- Attachments and their purposes
- Related tickets and dependencies

Apply the Requirements Clarity Standard to identify:
1. Ambiguous terms or phrases (list each with line reference)
2. Missing acceptance criteria (what's implied but not stated)
3. Untestable requirements (subjective or unmeasurable)
4. Undefined edge cases (empty states, limits, errors)
5. Implicit assumptions needing confirmation

For each issue found, generate a specific clarifying question.

Output requirements.md with:
- Structured requirements following template
- [NEEDS_CLARIFICATION] markers for unresolved items
- [ASSUMED] markers for proposed defaults
- Traceability to original Jira fields

step: verify_definition_of_ready
inputs:
  - requirements.md
  - standards/dor-checklist.md
  - clarifying-questions.md (if exists)
process:
  1. Load DoR checklist criteria
  2. Evaluate requirements.md against each criterion
  3. Mark criteria as PASS/FAIL/PARTIAL with evidence
  4. Calculate overall DoR score (percentage passed)
  5. Generate DoR report with gaps and recommendations
  6. Present to human for approval or rejection
outputs:
  - dor-report.md: "DoR evaluation with pass/fail per criterion"
  - story-ready.md: "Approved story ready for development" (if passed)
human_checkpoint: true
  approval_required: "Product Owner or Tech Lead"
  action_on_reject: "Return to Step 1 with specific gaps to address"

# Definition of Ready Checklist

## Required (all must pass)
- [ ] User story follows format: "As a [role], I want [goal], so that [benefit]"
- [ ] Acceptance criteria are specific, measurable, testable
- [ ] No open questions or unresolved ambiguities
- [ ] Technical approach agreed (or explicitly marked as spike)
- [ ] Dependencies identified and available
- [ ] Estimate provided (or explicitly marked for refinement)

## Conditional (pass if applicable)
- [ ] UI mockups linked and approved (if user-facing)
- [ ] API contract defined (if integration involved)
- [ ] Data migration plan documented (if schema changes)
- [ ] Security review completed (if auth/data changes)
- [ ] Performance requirements specified (if SLA-critical)

## Scoring
- PASS: All Required items checked, all applicable Conditional items checked
- PARTIAL: All Required items checked, some Conditional items pending
- FAIL: Any Required item unchecked

acceptance_criteria:
  - All Required DoR items evaluated with evidence
  - Overall DoR score calculated correctly
  - FAIL items have specific remediation steps
  - Human approver recorded with timestamp
  - story-ready.md only created on PASS status
  - Rejection loops back to Step 1 with gap analysis

Evaluate requirements.md against the Definition of Ready Checklist.

For each checklist item:
1. Determine if it applies to this story (Required always applies)
2. Find evidence in requirements.md that satisfies the criterion
3. Mark as PASS (with evidence quote), FAIL (with gap description), or N/A

Calculate DoR score:
- Required items: count passed / total required
- Conditional items: count passed / count applicable
- Overall: both must be 100% for PASS status

Generate dor-report.md with:
- Summary: PASS/PARTIAL/FAIL with scores
- Per-item evaluation with evidence or gap
- For FAIL items: specific questions or actions to resolve
- Recommendation: approve for development or return for clarification

Present to {approver_role} for decision.
If rejected, document rejection reason and required changes.

step: write_user_story_format
inputs:
  - story-ready.md (approved from Step 2)
  - standards/story-format.md
  - templates/user-story-template.md
process:
  1. Extract core user goal and benefit from requirements
  2. Structure as user story format (As a... I want... So that...)
  3. Convert acceptance criteria to Given/When/Then format
  4. Add technical notes section for implementation guidance
  5. Include test scenario outlines
  6. Link to original Jira ticket for traceability
outputs:
  - story.md: "Complete user story in standard format"
human_checkpoint: false

# User Story Format Standard

## Story Structure
```
# [PROJ-123] Story Title

## User Story
As a [specific role with context],
I want [concrete action/capability],
So that [measurable business benefit].

## Acceptance Criteria
### AC1: [Criterion Name]
- Given [precondition/context]
- When [action/trigger]
- Then [expected outcome]
- And [additional outcomes if any]

### AC2: [Criterion Name]
...

## Technical Notes
- Implementation approach: [brief description]
- Components affected: [list]
- API changes: [if any]
- Database changes: [if any]

## Test Scenarios
1. Happy path: [description]
2. Edge case - [name]: [description]
3. Error case - [name]: [description]

## References
- Jira: [link]
- Figma: [link]
- Related stories: [links]
```

## Quality Rules
- Role must be specific (not "user" but "authenticated customer")
- Action must be concrete and verifiable
- Benefit must be measurable or observable
- Each AC must be independently testable
- Technical notes inform but don't constrain implementation

acceptance_criteria:
  - Story follows "As a... I want... So that..." format
  - Role is specific and contextual (not generic "user")
  - All acceptance criteria in Given/When/Then format
  - Each AC maps to at least one test scenario
  - Technical notes present but don't over-specify
  - All references linked and accessible
  - No ambiguous terms (validated against clarity standard)

Transform story-ready.md into a complete user story following story-format.md.

1. Identify the primary user role - be specific:
   - Not "user" but "registered customer" or "admin with billing access"
   - Include relevant context (permissions, state, journey stage)

2. Extract the core action:
   - What specific capability does the user need?
   - Make it concrete and verifiable

3. Articulate the benefit:
   - Why does this matter to the user/business?
   - Make it measurable where possible

4. Convert each acceptance criterion to Given/When/Then:
   - Given: establish the precondition clearly
   - When: single action that triggers the behavior
   - Then: observable, testable outcome

5. Add technical notes:
   - Summarize implementation approach from requirements
   - List affected components
   - Note API/DB changes if any

6. Generate test scenarios:
   - One happy path scenario
   - Edge cases from requirements
   - Error scenarios (invalid input, failures)

Output story.md following the template exactly.

step: create_design_implementation_plan
inputs:
  - story.md
  - figma-designs/ (via Figma service)
  - existing codebase structure (via file system)
  - standards/architecture-guidelines.md
  - standards/coding-standards.md
process:
  1. Analyze story requirements and acceptance criteria
  2. Fetch and analyze Figma designs for UI requirements
  3. Explore existing codebase for patterns and conventions
  4. Identify components to create or modify
  5. Design API contracts if needed
  6. Plan database schema changes if needed
  7. Outline implementation sequence
  8. Identify risks and mitigation strategies
  9. Present proposal for human approval
outputs:
  - design-proposal.md: "Technical design with implementation plan"
human_checkpoint: true
  approval_required: "Tech Lead or Senior Developer"
  action_on_reject: "Revise proposal based on feedback"

# Architecture Guidelines

## Design Principles
- Single Responsibility: each module/class has one reason to change
- Dependency Inversion: depend on abstractions, not concretions
- Interface Segregation: small, focused interfaces
- Open/Closed: open for extension, closed for modification

## Component Structure
```
src/
├── api/           # API endpoints (thin controllers)
├── services/      # Business logic (domain services)
├── repositories/  # Data access (database operations)
├── models/        # Domain models and DTOs
├── utils/         # Shared utilities
└── config/        # Configuration management
```

## API Design
- RESTful conventions (resources, HTTP verbs, status codes)
- Consistent error response format: {error: {code, message, details}}
- Pagination for list endpoints: {data: [], pagination: {page, limit, total}}
- Versioning in URL path: /api/v1/resource

## Database Changes
- All changes via migrations (no manual DDL)
- Backward compatible changes preferred
- Breaking changes require migration plan

## Error Handling
- Exceptions for exceptional cases only
- Return Result types for expected failures
- Log errors with correlation IDs
- User-facing messages separate from technical details

acceptance_criteria:
  - All acceptance criteria from story.md addressed in design
  - Components identified with clear responsibilities
  - API contracts defined (if applicable) with request/response schemas
  - Database changes documented with migration approach
  - Implementation sequence logical (dependencies respected)
  - Risks identified with mitigation strategies
  - Follows architecture-guidelines.md patterns
  - Human approver recorded with timestamp
  - Revision history tracked if rejected and revised

Create a technical design and implementation plan for story.md.

1. Analyze requirements:
   - List each acceptance criterion
   - Identify technical implications of each

2. Examine Figma designs (if UI involved):
   - Extract component structure from frames
   - Note design tokens (colors, spacing, typography)
   - Identify interactive states and transitions

3. Explore existing codebase:
   - Find similar features for patterns to follow
   - Identify shared components to reuse
   - Note coding conventions in use

4. Design the solution:
   - List components to create (with responsibility)
   - List components to modify (with changes)
   - Define API contracts (endpoints, request/response)
   - Document database changes (schema, migrations)

5. Plan implementation sequence:
   - Order tasks by dependencies
   - Identify what can be parallelized
   - Estimate complexity (S/M/L) per task

6. Assess risks:
   - Technical risks (performance, compatibility)
   - Dependencies on other teams/systems
   - Mitigation strategies for each

Output design-proposal.md with all sections.
Present to {approver_role} for review.

step: write_initial_tests
inputs:
  - story.md (acceptance criteria)
  - design-proposal.md (component structure)
  - standards/testing-standards.md
  - existing tests/ directory for patterns
process:
  1. Map each acceptance criterion to test cases
  2. Write test file structure following conventions
  3. Implement test cases (initially failing)
  4. Add edge case tests from story scenarios
  5. Add error case tests
  6. Verify tests are syntactically correct (can be collected)
  7. Document test coverage mapping
outputs:
  - tests/*.py: "Test files for the feature"
  - test-coverage-map.md: "AC to test mapping"
human_checkpoint: false

# Testing Standards

## Test Structure
```python
# tests/test_{feature_name}.py

import pytest
from src.services import FeatureService
from tests.fixtures import create_test_user, create_test_data

class TestFeatureName:
    """Tests for [Feature Name] - PROJ-123"""

    # Happy path tests
    def test_should_[expected_behavior]_when_[condition](self):
        # Arrange
        ...
        # Act
        ...
        # Assert
        ...

    # Edge case tests
    def test_should_handle_empty_input(self):
        ...

    # Error case tests
    def test_should_raise_validation_error_when_invalid_input(self):
        ...
```

## Naming Conventions
- Test files: test_{feature_name}.py
- Test classes: Test{FeatureName}
- Test methods: test_should_{behavior}_when_{condition}

## Coverage Requirements
- Each acceptance criterion has at least one test
- Happy path: minimum one test per AC
- Edge cases: empty, null, boundary values
- Error cases: invalid input, unauthorized, not found

## Test Independence
- Each test must be independent (no shared state)
- Use fixtures for setup, not class-level state
- Clean up any created resources

## Assertions
- One logical assertion per test (multiple asserts OK if single concept)
- Use descriptive assertion messages
- Prefer specific assertions (assert_equal) over generic (assert)

acceptance_criteria:
  - Every acceptance criterion has at least one test
  - Test file structure follows testing-standards.md
  - Test naming follows convention: test_should_{behavior}_when_{condition}
  - Tests can be collected by pytest (no syntax errors)
  - Edge cases from story scenarios covered
  - Error cases covered (invalid input, auth failures)
  - test-coverage-map.md shows AC to test traceability
  - Tests initially fail (TDD red phase)

Write initial tests for story.md following testing-standards.md (TDD approach).

1. Read story.md acceptance criteria and test scenarios
2. Read design-proposal.md for component structure and interfaces
3. Examine existing tests/ for patterns and fixtures

For each acceptance criterion:
- Create test method with descriptive name
- Implement Arrange/Act/Assert structure
- Use existing fixtures or define new ones needed
- Add assertion with clear failure message

Add edge case tests:
- Empty/null inputs
- Boundary values
- Missing optional fields

Add error case tests:
- Invalid input types
- Unauthorized access attempts
- Resource not found scenarios

Output:
- tests/test_{feature_name}.py with all test cases
- tests/conftest.py additions if new fixtures needed
- test-coverage-map.md showing:
  | AC ID | AC Description | Test Method | Test Type |
  |-------|----------------|-------------|-----------|

Verify tests can be collected: pytest --collect-only tests/test_{feature_name}.py

step: write_implementation
inputs:
  - design-proposal.md
  - tests/*.py (from Step 5)
  - standards/coding-standards.md
  - existing src/ for patterns
process:
  1. Read design proposal for component structure
  2. Read tests to understand expected behavior
  3. Implement each component following standards
  4. Run tests after each component (TDD green phase)
  5. Run linter and fix violations
  6. Run type checker and add missing hints
  7. Refactor if needed (TDD refactor phase)
outputs:
  - src/*.py: "Implementation files"
services_used:
  - code_executor: pytest, ruff, mypy
human_checkpoint: false

# Coding Standards

## Python Style
- Follow PEP 8 with max line length 100
- Use type hints for all function signatures
- Use docstrings for public functions (Google style)
- Imports: stdlib, third-party, local (blank line between groups)

## Naming Conventions
- Classes: PascalCase
- Functions/methods: snake_case
- Constants: UPPER_SNAKE_CASE
- Private: prefix with underscore

## Function Design
- Maximum 20 lines per function (excluding docstring)
- Maximum 4 parameters (use dataclass for more)
- Single return type (use Union sparingly)
- No side effects in functions named get_*, is_*, has_*

## Error Handling
- Use custom exceptions inheriting from base AppError
- Never catch bare Exception
- Always include context in error messages
- Log errors with structured data (not string interpolation)

## Code Organization
```python
# Standard structure for a service module
from typing import Optional
from dataclasses import dataclass

from external_lib import something

from src.models import DomainModel
from src.repositories import Repository
from src.exceptions import DomainError


@dataclass
class ServiceInput:
    """Input DTO for the service."""
    field: str


class FeatureService:
    """Service handling [feature] business logic."""

    def __init__(self, repository: Repository) -> None:
        self._repository = repository

    def execute(self, input_data: ServiceInput) -> DomainModel:
        """Execute the feature logic."""
        ...
```

## Security
- No hardcoded secrets (use environment variables)
- Validate all external input
- Use parameterized queries (no string concatenation for SQL)
- Sanitize output to prevent XSS

acceptance_criteria:
  - All tests pass (pytest exit code 0)
  - No linter warnings (ruff check passes)
  - Type hints on all public functions (mypy passes)
  - No hardcoded credentials or secrets
  - Code coverage >= 80% for new code
  - Follows coding-standards.md patterns
  - Functions under 20 lines (excluding docstrings)
  - No TODO comments in committed code

Implement the feature to pass all tests, following coding-standards.md.

1. Read design-proposal.md for:
   - Component structure and responsibilities
   - API contracts and interfaces
   - Database schema if applicable

2. Read tests/*.py to understand:
   - Expected function signatures
   - Input/output expectations
   - Error conditions to handle

3. Examine existing src/ for:
   - Patterns to follow
   - Base classes to extend
   - Utilities to reuse

4. Implement each component:
   - Start with models/DTOs
   - Then repositories/data access
   - Then services/business logic
   - Finally API endpoints/controllers

5. After each file, run:
   - pytest tests/test_{feature}.py (must pass)
   - ruff check src/{file}.py (must pass)
   - mypy src/{file}.py (must pass)

6. Fix any failures before proceeding to next file

Output src/*.py files with implementation.
Report final test results and coverage.

step: write_additional_tests
inputs:
  - src/*.py (implementation from Step 6)
  - tests/*.py (initial tests)
  - standards/testing-standards.md
  - coverage report from Step 6
process:
  1. Analyze coverage report for gaps
  2. Identify untested code paths
  3. Add integration tests if multiple components
  4. Add performance tests if SLA requirements
  5. Add security tests if auth/data involved
  6. Verify all tests pass
outputs:
  - tests/*.py: "Updated with additional tests"
  - coverage-report.md: "Final coverage analysis"
services_used:
  - code_executor: pytest --cov
human_checkpoint: false

# Additional Testing Standards

## Integration Tests
- Test component interactions (service -> repository -> DB)
- Use test database or in-memory alternatives
- Test API endpoints end-to-end
- Verify error propagation across layers

## Performance Tests (if SLA specified)
- Benchmark critical paths
- Test with realistic data volumes
- Document baseline metrics
- Flag regressions > 10%

## Security Tests (if auth/data involved)
- Test authentication required endpoints without auth
- Test authorization (user A can't access user B's data)
- Test input validation (SQL injection, XSS attempts)
- Test rate limiting if applicable

## Coverage Analysis
- Line coverage >= 80%
- Branch coverage >= 70%
- Focus on business logic, not boilerplate
- Document intentionally uncovered code

## Test Organization
```
tests/
├── unit/           # Isolated unit tests
├── integration/    # Component integration tests
├── e2e/            # End-to-end API tests
└── fixtures/       # Shared test data and utilities
```

acceptance_criteria:
  - Line coverage >= 80% for feature code
  - Branch coverage >= 70%
  - Integration tests cover component interactions
  - Security tests present if auth/data involved
  - All tests pass (no flaky tests)
  - No untested error paths in business logic
  - Coverage gaps documented with justification

Analyze test coverage and add additional tests to meet standards.

1. Run coverage analysis:
   pytest --cov=src --cov-report=term-missing tests/

2. Identify gaps:
   - Uncovered lines in business logic
   - Untested branches (if/else paths)
   - Error handlers without tests

3. Add integration tests:
   - Service + Repository interactions
   - API endpoint -> Service -> Repository flow
   - Error propagation across layers

4. Add security tests (if applicable):
   - Unauthenticated access attempts
   - Cross-user data access attempts
   - Malformed input handling

5. Verify all tests pass and coverage meets threshold

Output:
- Updated tests/*.py
- coverage-report.md with:
  - Overall coverage: X%
  - Coverage by file
  - Intentionally uncovered code (with justification)

step: code_review
inputs:
  - src/*.py (implementation)
  - tests/*.py (all tests)
  - design-proposal.md
  - story.md
  - standards/review-checklist.md
process:
  1. Create merge request in GitLab
  2. Run automated checks (CI pipeline)
  3. Apply review checklist to all changes
  4. Generate review report with findings
  5. Present to human reviewer
  6. Collect feedback and approval/rejection
outputs:
  - merge-request-url: "Link to MR in GitLab"
  - review-report.md: "Automated review findings"
  - review-feedback.md: "Human reviewer comments" (after review)
services_used:
  - gitlab: create_merge_request, get_pipeline_status
human_checkpoint: true
  approval_required: "Peer developer + Tech Lead"
  action_on_reject: "Proceed to Step 9 with feedback"

# Code Review Checklist

## Correctness
- [ ] Implementation matches acceptance criteria
- [ ] Edge cases handled correctly
- [ ] Error handling appropriate and consistent
- [ ] No logical errors or off-by-one bugs

## Code Quality
- [ ] Follows coding standards
- [ ] No code duplication (DRY)
- [ ] Functions have single responsibility
- [ ] Naming is clear and consistent
- [ ] No dead code or commented-out code

## Testing
- [ ] All acceptance criteria have tests
- [ ] Edge cases tested
- [ ] Error cases tested
- [ ] Tests are readable and maintainable
- [ ] No flaky tests

## Security
- [ ] Input validation present
- [ ] No hardcoded secrets
- [ ] SQL injection prevented (parameterized queries)
- [ ] XSS prevented (output encoding)
- [ ] Authorization checked where needed

## Performance
- [ ] No N+1 queries
- [ ] Appropriate indexing considered
- [ ] No blocking operations in async code
- [ ] Resource cleanup (connections, files)

## Documentation
- [ ] Public APIs have docstrings
- [ ] Complex logic has comments explaining why
- [ ] README updated if needed
- [ ] API docs updated if endpoints changed

## Review Feedback Format
```
## [MUST FIX] Critical Issues
- File:line - Issue description
  Suggestion: How to fix

## [SHOULD FIX] Improvements
- File:line - Issue description
  Suggestion: How to improve

## [CONSIDER] Optional Suggestions
- File:line - Suggestion description

## [PRAISE] Good Practices
- File:line - What was done well
```

acceptance_criteria:
  - Merge request created with proper description
  - CI pipeline passes (tests, linting, type checking)
  - Review checklist applied to all changed files
  - All MUST FIX items documented with file:line references
  - Human reviewer assigned and notified
  - Review decision recorded (approve/request changes)
  - Feedback documented in review-feedback.md

Prepare code for review and generate review report.

1. Create merge request in GitLab:
   - Title: [PROJ-123] {story title}
   - Description: Summary of changes, link to story.md
   - Target branch: main
   - Assign reviewers: {reviewer_list}

2. Wait for CI pipeline:
   - Tests must pass
   - Linting must pass
   - Type checking must pass

3. Apply review checklist to all changed files:
   - For each checklist item, verify compliance
   - Document any violations with file:line reference

4. Generate review-report.md:
   - CI pipeline status
   - Checklist results
   - Categorized findings (MUST FIX, SHOULD FIX, CONSIDER)
   - Self-review notes (areas of uncertainty)

5. Present to human reviewer(s)

Output:
- merge-request-url
- review-report.md

Wait for human feedback before proceeding.

step: correct_after_review
inputs:
  - review-feedback.md (from Step 8)
  - src/*.py
  - tests/*.py
  - standards/coding-standards.md
process:
  1. Parse review feedback into actionable items
  2. Address each MUST FIX item
  3. Address SHOULD FIX items
  4. Consider optional suggestions
  5. Add new tests if gaps identified
  6. Run full test suite
  7. Update merge request with changes
  8. Request re-review if significant changes
outputs:
  - src/*.py: "Updated implementation"
  - tests/*.py: "Updated tests"
  - correction-log.md: "Log of changes made per feedback item"
services_used:
  - code_executor: pytest, ruff, mypy
  - gitlab: commit_files, add_comment
human_checkpoint: false (returns to Step 8 for re-review if needed)

# Review Correction Standards

## Priority Order
1. MUST FIX - Critical issues blocking merge
2. SHOULD FIX - Important improvements
3. CONSIDER - Optional enhancements (discuss before implementing)

## Correction Log Format
```markdown
# Correction Log - PROJ-123

## MUST FIX Items
### MF-1: [Issue description]
- Location: file.py:line
- Reviewer: @name
- Resolution: [Description of fix]
- Commit: [hash]

## SHOULD FIX Items
...

## CONSIDER Items
- [Item]: [Accepted/Deferred with reason]
```

## Commit Message Format
```
fix(PROJ-123): Address review feedback

- [MF-1] Fix [issue description]
- [SF-1] Improve [description]

Reviewers: @name1, @name2
```

## Re-review Triggers
Request re-review if:
- Significant logic changes
- New files added
- API contract changed
- Security-related changes

acceptance_criteria:
  - All MUST FIX items addressed
  - All SHOULD FIX items addressed or justified if deferred
  - CONSIDER items documented with decision
  - All tests pass after corrections
  - Linting and type checking pass
  - correction-log.md documents each change
  - Merge request updated with new commits
  - Re-review requested if significant changes made

Address review feedback from review-feedback.md.

1. Parse feedback into categories:
   - MUST FIX items (required for merge)
   - SHOULD FIX items (strongly recommended)
   - CONSIDER items (optional)

2. For each MUST FIX item:
   - Read the file:line reference
   - Understand the issue
   - Implement the fix
   - Add test if coverage gap identified
   - Log in correction-log.md

3. For each SHOULD FIX item:
   - Implement improvement
   - Log in correction-log.md

4. For each CONSIDER item:
   - Evaluate effort vs benefit
   - Implement or document deferral reason
   - Log decision in correction-log.md

5. Run verification:
   - pytest (all tests pass)
   - ruff check (no violations)
   - mypy (no type errors)

6. Update merge request:
   - Commit changes with descriptive message
   - Reply to review comments with resolutions
   - Request re-review if significant changes

Output:
- Updated src/*.py and tests/*.py
- correction-log.md
- Commit pushed to merge request branch

step: merge_to_repository
inputs:
  - merge-request-url
  - correction-log.md (if corrections made)
  - all approvals from Step 8
process:
  1. Verify all review approvals obtained
  2. Verify CI pipeline passes on final commit
  3. Check for merge conflicts with target branch
  4. Resolve conflicts if any (re-run tests after)
  5. Perform final human verification
  6. Execute merge
  7. Verify deployment (if auto-deploy enabled)
  8. Update Jira ticket status
outputs:
  - merge-commit: "SHA of merge commit"
  - jira-status: "Updated to Done/Deployed"
services_used:
  - gitlab: merge, get_pipeline_status
  - jira: update_status
human_checkpoint: true
  approval_required: "Tech Lead (final merge approval)"
  action_on_reject: "Return to appropriate step based on rejection reason"

# Merge Process Standards

## Pre-merge Checklist
- [ ] All required approvals obtained
- [ ] CI pipeline passes (latest commit)
- [ ] No merge conflicts
- [ ] Branch is up-to-date with target
- [ ] All discussions resolved

## Merge Strategy
- Use "Squash and merge" for feature branches
- Commit message format:
  ```
  feat(PROJ-123): [Story title]

  [Brief description of changes]

  Reviewed-by: @reviewer1, @reviewer2
  ```

## Post-merge Actions
- Delete source branch
- Update Jira ticket:
  - Status: Done (or Deployed if auto-deploy)
  - Add merge commit link
  - Log time spent (if tracked)
- Notify stakeholders if significant feature

## Rollback Plan
- Document rollback command:
  git revert {merge_commit_sha}
- Identify data migration rollback if applicable

acceptance_criteria:
  - All required approvals present (minimum 2 reviewers)
  - CI pipeline passes on final commit
  - No unresolved merge conflicts
  - Merge commit follows message format
  - Source branch deleted after merge
  - Jira ticket updated to Done
  - Deployment verified (if auto-deploy)
  - Rollback plan documented

Execute final merge of approved code.

1. Verify prerequisites:
   - Check all required approvals present
   - Verify CI pipeline status (must be green)
   - Check for merge conflicts

2. If conflicts exist:
   - Rebase branch on target
   - Resolve conflicts
   - Run full test suite
   - Push and wait for CI
   - Request re-approval if significant changes

3. Present to {approver_role} for final merge approval

4. On approval, execute merge:
   - Use squash merge strategy
   - Format commit message per standard
   - Delete source branch

5. Post-merge actions:
   - Update Jira ticket status to Done
   - Add merge commit link to ticket
   - Verify deployment if auto-deploy enabled

Output:
- merge-commit SHA
- Jira ticket URL (updated)
- Deployment status (if applicable)

workflow_history:
  state_files:
    - workflow-runs/*.state.json      # Step completion, timing, outcomes
    - verification-reports/*.md        # Pass/fail details per acceptance criterion
    - correction-logs/*.md             # Review feedback and resolutions

  interaction_logs:
    - review-feedback/*.md             # Human reviewer comments by category
    - clarification-requests/*.md      # Questions raised during execution
    - rejection-reasons/*.md           # Why human checkpoints rejected outputs

  metrics:
    - cycle-times.csv                  # Duration per step across runs
    - rework-rates.csv                 # How often steps repeat
    - defect-escapes.csv               # Issues found post-merge

In this session we had two issues:
1. The generated tests missed authentication edge cases
2. The code review flagged hardcoded configuration values

Analyze what caused these problems and propose specific changes to our
workflow files (standards, step definitions, acceptance criteria) that
would prevent similar issues in future runs.

Analyze the workflow execution history for the past 4 weeks.

Read:
- All workflow state files in workflow-runs/
- All verification reports in verification-reports/
- All correction logs in correction-logs/
- All review feedback in review-feedback/

Identify patterns:
1. Recurring verification failures (same acceptance criteria failing > 30% of runs)
2. Frequent review feedback themes (similar comments across multiple MRs)
3. Steps with high rework rates (repeated more than once in > 25% of runs)
4. Bottlenecks (steps consistently taking 2x+ expected duration)
5. Defect escapes (issues found post-merge traceable to specific steps)

For each pattern found, propose:
- Root cause analysis (which standard, step definition, or criterion is insufficient)
- Specific update to workflow specification (exact text to add/modify)
- Expected impact (how this prevents recurrence)
- Verification method (how to confirm the fix works)

Output: refinement-proposal.md with prioritized recommendations

analysis_period: "2025-01-15 to 2025-02-12"
workflow_runs_analyzed: 12
patterns_identified: 3

pattern_1:
  type: recurring_verification_failure
  description: "Insufficient error handling tests"
  frequency: 8/12 runs (67%)
  affected_step: "Step 5: Write Initial Tests"
  evidence:
    - "verification-reports/run-007.md: 'Missing tests for InvalidInputError'"
    - "verification-reports/run-009.md: 'No timeout scenario coverage'"
    - "correction-logs/run-011.md: 'Added 4 error tests after review'"

  root_cause:
    - "testing-standards.md mentions error cases but doesn't mandate coverage"
    - "Step 5 process doesn't include error scenario identification"
    - "No automated check for error path coverage exists"

  proposed_updates:
    standards/testing-standards.md:
      action: append
      content: |
        ## Error Handling Test Requirements
        - Every public function must have tests for:
          - Invalid input types (TypeError expected)
          - Boundary values (min-1, max+1)
          - Expected domain exceptions
        - Integration tests must cover:
          - Network failures (mock timeout)
          - Database errors (mock connection failure)
          - Authentication errors (invalid/expired token)        

    steps/step-5-definition.yaml:
      action: modify_process
      add_after_step_3: |
        4. For each public function, identify error scenarios:
           - What exceptions can it raise?
           - What invalid inputs are possible?
           - What external failures can occur?
        5. Write explicit test for each error scenario        

    acceptance-criteria/step-5.yaml:
      action: append
      content: |
        - Every public function has at least one error case test
        - Error handling coverage >= 80%
        - All custom exceptions have dedicated tests        

    verification/automated-checks.yaml:
      action: add_check
      content: |
        error_coverage_check:
          command: pytest --cov --cov-fail-under=80
          failure_action: block_progression        

  expected_impact: "Reduce error handling review comments from 67% to <15%"
  verification_method: "Track review feedback category 'error_handling' over next 6 runs"

pattern_2:
  type: bottleneck
  description: "Design approval delays"
  frequency: 5/12 runs (42%) exceeded 2x expected duration
  affected_step: "Step 4: Create Design Plan"
  # ... additional analysis and proposals

refinement_review:
  reviewer: "Tech Lead"
  proposal: "refinement-proposal.md"

  decisions:
    pattern_1_error_handling:
      status: approved
      modifications:
        - "Reduce coverage threshold from 80% to 70% for initial rollout"
        - "Add grace period: warn-only for first 2 sprints"

    pattern_2_design_delays:
      status: approved_with_changes
      modifications:
        - "Split into async review option for small changes"

    pattern_3_documentation_gaps:
      status: deferred
      reason: "Lower priority, revisit next quarter"

Apply the approved refinements from refinement-review.yaml.

For each approved pattern:
1. Read the current specification file
2. Apply the proposed update (with any reviewer modifications)
3. Update the specification version and changelog
4. Validate the updated specification is syntactically correct

Output: Summary of files modified with diff highlights

refinement_tracking:
  pattern_1_error_handling:
    baseline: "67% of runs had error handling review comments"
    target: "<15% of runs"

    measurements:
      sprint_1: "42% (5/12 runs) - improvement but above target"
      sprint_2: "17% (2/12 runs) - approaching target"
      sprint_3: "8% (1/12 runs) - target achieved"

    status: "effective - no further action needed"