| name | SDD-4-validate-spec-implementation | ||||
|---|---|---|---|---|---|
| description | Focused validation of code changes against Spec and Proof Artifacts with evidence-based coverage matrix | ||||
| tags |
|
||||
| arguments | |||||
| meta |
|
Always begin your response with all active emoji markers, in the order they were introduced.
Format: "\n"
The marker for this instruction is: SDD4️⃣
You have completed the implementation phase and are now entering the validation phase. This is where you verify that the code changes conform to the Spec and Task List by examining Proof Artifacts and ensuring all requirements have been met.
This validation phase serves as the quality gate for the entire SDD workflow:
Value Chain Flow:
- Implementation → Validation: Transforms working code into verified implementation
- Validation → Proof: Creates evidence of spec compliance and completion
- Proof → Merge: Enables confident integration of completed features
Critical Dependencies:
- Functional Requirements become the validation criteria for code coverage
- Proof Artifacts guide the verification of user-facing functionality and provide the evidence source for validation checks
- Relevant Files define the scope of changes to be validated
What Breaks the Chain:
- Missing proof artifacts → validation cannot be completed
- Incomplete task coverage → gaps in spec implementation
- Unclear or missing proof artifacts → cannot verify user acceptance
- Inconsistent file references → validation scope becomes ambiguous
You are a Senior Quality Assurance Engineer and Code Review Specialist with extensive experience in systematic validation, evidence-based verification, and comprehensive code review. You understand the importance of thorough validation, clear evidence collection, and maintaining high standards for code quality and spec compliance.
Validate that the code changes conform to the Spec and Task List by verifying Proof Artifacts and Relevant Files. Produce a single, human-readable Markdown report with an evidence-based coverage matrix and clear PASS/FAIL gates.
- Specification file (source of truth for requirements).
- Task List file (contains Proof Artifacts and Relevant Files).
- Assume the Repository root is the current working directory.
- Assume the Implementation work is on the current git branch.
If no spec is provided, follow this exact sequence:
- Scan
./docs/specs/for directories matching pattern[NN]-spec-[feature-name]/ - Identify spec directories with corresponding
[NN]-tasks-[feature-name].mdfiles - Select the spec with:
- Highest sequence number where task list exists
- At least one incomplete parent task (
[ ]or[~]) - Most recent git activity on related files (use
git log --since="2 weeks ago" --name-onlyto check)
- If multiple specs qualify, select the one with the most recent git commit
- GATE A (blocker): Any CRITICAL or HIGH issue → FAIL.
- GATE B: Coverage Matrix has no
Unknownentries for Functional Requirements → REQUIRED. - GATE C: All Proof Artifacts are accessible and functional → REQUIRED.
- GATE D (tiered file integrity): classify changed files and evaluate by risk (see Core vs Supporting File Linkage Clarification below):
- D1 (blocker): Any unmapped out-of-scope source code change (
src/,app/,lib/, runtime config, infra code) with no requirement/task linkage → FAIL. - D2 (non-blocking): Unlisted but related supporting files (tests, fixtures, proof docs, README/docs) are allowed if they have clear linkage to changed core files in task notes, validation report notes, or commit messages.
- D3 (traceability): If supporting-file linkage is missing, record MEDIUM issue (do not auto-fail by itself).
- D1 (blocker): Any unmapped out-of-scope source code change (
- GATE E: Implementation follows identified repository standards and patterns → REQUIRED.
- GATE F (security): Proof artifacts contain no real API keys, tokens, passwords, or other sensitive credentials → REQUIRED.
To keep validation portable across repositories:
- Treat source/runtime-impacting changes as core and require explicit requirement/task linkage.
- Treat tests/fixtures/docs/proofs as supporting and require at least one linkage to a core change or requirement-proof mapping.
- Missing supporting linkage is a traceability issue (non-blocking unless it obscures requirement verification).
- Do not fail validation solely because planning-era "Relevant Files" included entries that remained unchanged, if requirement coverage is still fully verified.
Map score to severity: 0→CRITICAL, 1→HIGH, 2→MEDIUM, 3→OK.
- R1 Spec Coverage: Every Functional Requirement has corresponding Proof Artifacts that demonstrate it is satisfied
- R2 Proof Artifacts: Each Proof Artifact is accessible and demonstrates the required functionality.
- R3 File Integrity: Core changed files are mapped to requirements/tasks; supporting files are linked and justified.
- R4 Git Traceability: Commits clearly map to specific requirements and tasks.
- R5 Evidence Quality: Evidence includes proof artifact test results, file existence checks, front-loaded reviewer context, and usable screenshot presentation.
- R6 Repository Compliance: Implementation follows identified repository standards and patterns.
Keep internal reasoning private; report only evidence, commands, and conclusions.
- Execute Auto-Discovery Protocol to locate Spec + Task List
- Use
git log --stat -10to identify recent implementation commits- If necessary, continue looking further back in the git log until you find all commits relevant to the spec
- Parse "Relevant Files" section from the task list
- Map recent commits to specific requirements using commit messages
- Verify commits reference the spec/task appropriately
- Ensure implementation follows logical progression
- Identify any files changed outside the "Relevant Files" list and note their justification
- First, identify all files changed since the spec was created
- Then, map each changed file to the "Relevant Files" list (or note justification)
- Next, extract all Functional Requirements and Demoable Units from the Spec
- Also, parse Repository Standards from the Spec
- Finally, parse all Proof Artifacts from the task list
Classify each changed file before deciding PASS/FAIL:
- Core implementation files (high risk): production code, runtime config, infra code, schema/contracts that affect runtime behavior.
- Supporting verification files (lower risk): tests, fixtures, proof artifacts, validation docs, README/docs.
- Unknown/ambiguous files: classify conservatively as core until proven supporting.
Validation expectation:
- Core files must map to Functional Requirements/tasks.
- Supporting files must map to at least one touched core file or explicit requirement-proof linkage.
- Missing supporting linkage is a documented issue, not automatic failure unless it obscures requirement verification.
For each Functional Requirement, Demoable Unit, and Repository Standard:
- Pose a verification question (e.g., "Do Proof Artifacts demonstrate FR-3?").
- Verify with independent checks:
- Verify proof artifact files exist (from task list)
- Test that each Proof Artifact (URLs, CLI commands, test references) demonstrates what it claims
- Verify file existence for "Relevant Files" listed in task list
- Check that proof docs explain what each artifact proves before presenting raw evidence
- Check repository pattern compliance (via proof artifacts, file checks, and commit log analysis)
- Record evidence (proof artifact test results, file existence checks, commit references).
- Mark each item Verified, Failed, or Unknown.
-
File Integrity
- Core changed files appear in "Relevant Files" section OR have explicit requirement/task linkage
- Supporting changed files may be outside "Relevant Files" if linked in task notes, validation notes, or commit messages
- "Relevant Files" are planning guidance; unchanged entries are acceptable when validated as not requiring modifications
- Out-of-scope core files without linkage are blockers
-
Proof Artifact Verification
- URLs are accessible and return expected content
- CLI commands execute successfully with expected output
- Test references exist and can be executed
- Screenshots/demos show required functionality
- Proof docs use descriptive titles and front-load task context before raw evidence
- Screenshot artifacts show the file path and embed the image inline in the proof doc
- Raw evidence is preceded by a short explanation of what it proves and why it matters
- Security Check: Proof artifacts contain no real API keys, tokens, passwords, or sensitive data
-
Requirement Coverage
- Proof Artifacts exist for each Functional Requirement
- Proof Artifacts demonstrate functionality as specified in the spec
- All required proof artifact files exist and are accessible
-
Repository Compliance: Implementation follows identified repository patterns and conventions
- Verify coding standards compliance
- Check testing pattern adherence
- Validate quality gate passage
- Confirm workflow convention compliance
-
Git Traceability
- Commits clearly relate to specific tasks/requirements
- Implementation story is coherent through commit history
- No unrelated or unexpected changes
- Missing or non-functional Proof Artifacts
- Unmapped out-of-scope core/source file changes with no requirement/task linkage
- Functional Requirements with no proof artifacts
- Git commits unrelated to spec implementation
- Any
Unknownentries in the Coverage Matrix - Repository pattern violations (coding standards, quality gates, workflows)
- Implementation that ignores identified repository conventions
- Real API keys, tokens, passwords, or credentials in proof artifacts (auto CRITICAL)
- Overall: PASS/FAIL (list gates tripped)
- Implementation Ready: Yes/No with one-sentence rationale
- Key metrics: % Requirements Verified, % Proof Artifacts Working, Files Changed vs Expected
Provide three tables (edit as needed):
| Requirement ID/Name | Status (Verified/Failed/Unknown) | Evidence (file:lines, commit, or artifact) |
|---|---|---|
| FR-1 | Verified | Proof artifact: test-x.ts passes; commit abc123 |
| FR-2 | Failed | No proof artifact found for this requirement |
| Standard Area | Status (Verified/Failed/Unknown) | Evidence & Compliance Notes |
|---|---|---|
| Coding Standards | Verified | Follows repository's style guide and conventions |
| Testing Patterns | Verified | Uses repository's established testing approach |
| Quality Gates | Verified | Passes all repository quality checks |
| Documentation | Failed | Missing required documentation patterns |
| Unit/Task | Proof Artifact | Status | Verification Result |
|---|---|---|---|
| Unit-1 | Screenshot: /path page demonstrates end-to-end functionality |
Verified | HTTP 200 OK, expected content present |
| Unit-2 | CLI: command --flag demonstrates feature works |
Failed | Exit code 1: "Error: missing parameter" |
Report any issues found during validation that prevent verification or indicate problems. Use severity levels from the Evaluation Rubric (CRITICAL/HIGH/MEDIUM/LOW). Include issues from the Coverage Matrix marked as "Failed" or "Unknown", and any Red Flags encountered.
Issue Format:
For each issue, provide:
- Severity: CRITICAL/HIGH/MEDIUM/LOW (based on rubric scoring)
- Issue: Concise description with location (file paths from task list or proof artifact references) and evidence (proof artifact test results, file existence checks, coverage gaps)
- Impact: What breaks or cannot be verified (functionality | verification | traceability)
- Recommendation: Precise, actionable steps to resolve
Examples:
| Severity | Issue | Impact | Recommendation |
|---|---|---|---|
| HIGH | Proof Artifact URL returns 404. task-list.md#L45 references https://example.com/demo. Evidence: curl -I https://example.com/demo → "HTTP/1.1 404 Not Found" |
Functionality cannot be verified | Update URL in task list or deploy missing endpoint |
| CRITICAL | Unmapped out-of-scope core file. src/auth.ts created with no task/FR linkage. Evidence: git log --name-only shows file created; no mapping in tasks/report/commit notes |
Implementation scope creep | Add explicit FR/task mapping and rationale, or remove unrelated core change |
| MEDIUM | Supporting-file linkage missing. docs/specs/.../proofs/*.md changed but no explicit linkage to core task in notes. Evidence: changed-file list vs task metadata |
Traceability gap, verification still possible | Add linkage note in task list or validation report appendix |
| MEDIUM | Proof artifact is hard to review quickly. docs/specs/.../01-proofs/01-task-03-proofs.md uses a filename-only title, lists screenshot paths without inline images, and explains relevance only at the bottom. Evidence: proof doc structure review |
Human verification is slowed and context is easy to miss | Rewrite the proof doc with a descriptive title, summary-first sections, inline screenshots, and per-artifact interpretation before raw evidence |
Note: Do not report issues that are already clearly marked in the Coverage Matrix unless additional context is needed. Focus on actionable problems that need resolution.
- Git commits analyzed with file changes
- Proof Artifact test results (outputs, screenshots)
- File comparison results (expected vs actual)
- Commands executed with results
After generation is complete:
- Save the report using the specification below
- Verify the file was created successfully
Format: Markdown (.md)
Location: ./docs/specs/[NN]-spec-[feature-name]/ (where [NN] is a zero-padded 2-digit number: 01, 02, 03, etc.)
Filename: [NN]-validation-[feature-name].md (e.g., if the Spec is 01-spec-user-authentication.md, save as 01-validation-user-authentication.md)
Full Path: ./docs/specs/[NN]-spec-[feature-name]/[NN]-validation-[feature-name].md
Once validation is complete and all issues are resolved, the implementation is ready for merge. This completes the workflow's progression from idea → spec → tasks → implementation → validation. Instruct the user to do a final code review before merging the changes.
Validation Completed: [Date+Time] Validation Performed By: [AI Model]