Problem
From verification of #48:
7 spec-level contract gaps in the multi-finding mode that affect corner-case behavior. None are stop-ship, but all allow LLM implementers to make inconsistent choices.
— Source: team:logic + team:security + team:devils-advocate, Verify comment
Gap 1 — Flag conflict detection fires at wrong layer (P1.1)
--multi-finding + --no-multi-finding conflict and --bundle-mode + --multi-finding are explicit flags that can be refused at arg-parse time (Step 0), but current spec triggers the refuse only after Stage 1 source extraction completes (potentially 30s+ for large docx/srt). Fix: explicit layering note — explicit flag pairs → refuse at Step 0 parse; --bundle-mode + auto-trigger → must wait for Stage 1.
Gap 2 — Partner eligibility set not formally defined (P2.1)
Two rules scattered 18 lines apart (line 1478: "remaining unprocessed", line 1496: "already-merged-into can't be partner") without a combined boolean expression. Fix: add explicit definition:
partner_eligible_set = {f | f.id > current_id AND f.id NOT IN merged_into_set AND f.id NOT IN already_routed_set}
Gap 3 — Stage 3 Edit-row loop has no termination cap (P2.2)
User can cycle [Edit row N] → re-pick → back to Stage 3 indefinitely. No soft cap, no watchdog. Fix: add "You've edited >5 rows — [Execute all] / [Cancel]?" soft cap, or document explicit escape hatch.
Gap 4 — Stage 2 [Other] second-level has no [Back to top-3] (P2.3)
User who changes mind after entering second-level picker must Skip finding then re-edit in Stage 3. Fix: add [Back to top-3] as 5th option in second-level picker, or merge [Pick free-text #N] into first-level.
Gap 5 — Source path traversal not re-validated (Security F4)
Multi-finding section relies on Step 1 adapter discipline for path traversal prevention without explicit cross-reference. A path like ../../etc/passwd could leak file contents into issue body / jsonl. Fix: add explicit cross-reference to Step 1 path canonicalization, or add "Source paths MUST be validated within repo work tree" line.
Gap 6 — Agent crash mid-dispatch: in-memory accumulator lost (REQ-5)
If Claude agent crashes between Stage 4 dispatch and Stage 4.5 jsonl materialization, RUN_LOG_ENTRIES is lost. GitHub actions already dispatched (footer links written) but jsonl never materializes → partial audit trail. Fix: document this as a known gap; add a "resume from partial dispatch" recovery note, or persist accumulator to a temp file incrementally.
Gap 7 — Unattended mode × IDD_JSONL_GITIGNORE_GATE default fallback undefined
When /loop or CI runs multi-finding mode without IDD_JSONL_GITIGNORE_GATE=false, the Stage 4.5 gate will AskUserQuestion with no responder → infinite hang. Fix: define default fallback for unattended mode detection (e.g., if no TTY → auto-select "skip-commit" or "bypass").
Type
enhancement (spec hardening)
Related: #48
Problem
Gap 1 — Flag conflict detection fires at wrong layer (P1.1)
--multi-finding+--no-multi-findingconflict and--bundle-mode+--multi-findingare explicit flags that can be refused at arg-parse time (Step 0), but current spec triggers the refuse only after Stage 1 source extraction completes (potentially 30s+ for large docx/srt). Fix: explicit layering note — explicit flag pairs → refuse at Step 0 parse;--bundle-mode+ auto-trigger → must wait for Stage 1.Gap 2 — Partner eligibility set not formally defined (P2.1)
Two rules scattered 18 lines apart (line 1478: "remaining unprocessed", line 1496: "already-merged-into can't be partner") without a combined boolean expression. Fix: add explicit definition:
partner_eligible_set = {f | f.id > current_id AND f.id NOT IN merged_into_set AND f.id NOT IN already_routed_set}Gap 3 — Stage 3 Edit-row loop has no termination cap (P2.2)
User can cycle
[Edit row N]→ re-pick → back to Stage 3 indefinitely. No soft cap, no watchdog. Fix: add "You've edited >5 rows — [Execute all] / [Cancel]?" soft cap, or document explicit escape hatch.Gap 4 — Stage 2
[Other]second-level has no[Back to top-3](P2.3)User who changes mind after entering second-level picker must Skip finding then re-edit in Stage 3. Fix: add
[Back to top-3]as 5th option in second-level picker, or merge[Pick free-text #N]into first-level.Gap 5 — Source path traversal not re-validated (Security F4)
Multi-finding section relies on Step 1 adapter discipline for path traversal prevention without explicit cross-reference. A path like
../../etc/passwdcould leak file contents into issue body / jsonl. Fix: add explicit cross-reference to Step 1 path canonicalization, or add "Source paths MUST be validated within repo work tree" line.Gap 6 — Agent crash mid-dispatch: in-memory accumulator lost (REQ-5)
If Claude agent crashes between Stage 4 dispatch and Stage 4.5 jsonl materialization,
RUN_LOG_ENTRIESis lost. GitHub actions already dispatched (footer links written) but jsonl never materializes → partial audit trail. Fix: document this as a known gap; add a "resume from partial dispatch" recovery note, or persist accumulator to a temp file incrementally.Gap 7 — Unattended mode ×
IDD_JSONL_GITIGNORE_GATEdefault fallback undefinedWhen
/loopor CI runs multi-finding mode withoutIDD_JSONL_GITIGNORE_GATE=false, the Stage 4.5 gate will AskUserQuestion with no responder → infinite hang. Fix: define default fallback for unattended mode detection (e.g., if no TTY → auto-select "skip-commit" or "bypass").Type
enhancement (spec hardening)
Related: #48