Skip to content

[Queued] Resolve carried-forward milestones M027, M028, M029, M031, M032 #91

@keithah

Description

@keithah

Roadmap source: kodiai-roadmap.md

This umbrella issue intentionally folds the previously queued milestones into one backlog item instead of creating five separate GitHub issues.

Covered milestones

M029 — Wiki Generation Quality & Issue Cleanup (already queued)

  • Phase: Phase 1 — Stop the Bleeding

Context already lives at .gsd/milestones/M029/M029-CONTEXT.md. This roadmap does not redefine the scope; it confirms M029 is the first milestone to execute.

Acceptance criteria snapshot

  • buildVoicePreservingPrompt() in src/knowledge/wiki-voice-analyzer.ts bans meta-commentary ("I'll analyze...", "Let me first...", "Looking at...") with explicit negative exemplars.
  • Post-generation content filter rejects any candidate whose top-level prose matches agent-reasoning heuristics; rejections are logged and never published.
  • xbmc/wiki issue Phase 14: write-intent gating (deny-by-default) #5 junk comments are deleted by scripts/cleanup-wiki-issue.ts with dry-run support.
  • Full re-run of scripts/generate-wiki-updates.ts followed by scripts/publish-wiki-updates.ts produces zero reasoning-prose outputs against a fixture corpus and against live xbmc evidence.
  • verify:m029 (umbrella) and any remaining slice verifiers pass; forbidden-evidence defense rejects any reappearance of banned phrases.

Open follow-up

Promote from queued to active in QUEUE.md when execution begins (see M054/S01).

M028 — Wiki Modification-Only Publishing (already queued)

  • Phase: Phase 1 — Stop the Bleeding

Context at .gsd/milestones/M028/M028-CONTEXT.md.

Acceptance criteria snapshot

  • src/knowledge/wiki-update-types.ts replaces suggestion+rationale shape with a modification-only artifact: { kind: "replace-section" | "insert-section" | "full-page"; pagePath; before?; after; citations[]; }.
  • src/knowledge/wiki-publisher.ts emits the new shape; WHY: / rationale framing is removed from every publish path.
  • Existing published wiki comments are retrofitted or annotated by a one-shot scripts/retrofit-wiki-comments.ts, with fixture coverage.
  • Hybrid section/full-page publishing is chosen by a stable heuristic (section diff size + citation density) with tests.
  • verify:m028 umbrella script passes; slice verifiers preserve the modification-only contract as forbidden-evidence checks (any WHY: token in a publish payload is a hard fail).

M027 — Embedding Integrity & Timeout Hardening (already queued)

  • Phase: Phase 1 — Stop the Bleeding

Context at .gsd/milestones/M027/M027-CONTEXT.md. All four slices already have verify:m027:s01..s04 wired; this milestone is unusual in that its verify scaffolding exists but the code work has not shipped.

Acceptance criteria snapshot

  • Audit surfaces stale/missing embeddings across learning_memories, review_comments, wiki_pages, code_snippets, issues, issue_comments corpora, emitting row-level evidence.
  • Online repair/backfill scripts (including scripts/embedding-comparison.ts and scripts/embedding-audit.ts) complete within their declared timeouts; root cause for current timeouts documented in a new .gsd/DECISIONS.md entry.
  • Query-time retrieval confirmed to actually consult embeddings (not fall back silently) via a proof-surface log tag.
  • verify:m027:s01..s04 all pass on a live dry-run against xbmc/xbmc.

M031 — Security Hardening (already queued)

  • Phase: Phase 4 — Security Hardening

Context at .gsd/milestones/M031/M031-CONTEXT.md. Summary per QUEUE.md: "Defense-in-depth against credential exfiltration: agent env allowlist, git remote token sanitization, outgoing secret scan on all publish paths, prompt-level refusal instructions, CLAUDE.md security policy in workspace."

Roadmap-level delta

  • Outgoing secret scan applies to every publish path, including src/jobs/gist-publisher.ts (tested in M057/S03), Slack relay (M052 surface), wiki publisher (M028 output), and mention publish-resolution.
  • verify:m031 script (already exists in package.json) must pass. Today it is wired but M031 has not been executed; promote to active.
  • D-M053-01 (no new Function() in src/) is reconfirmed here as an enforced invariant.

M032 — Agent Process Isolation (already queued)

  • Phase: Phase 4 — Security Hardening

Context at .gsd/milestones/M032/M032-CONTEXT.md.

Roadmap-level delta:

  • verify:m032 (already registered) passes.
  • The /proc//environ attack path called out in the context doc is explicitly covered by a proof-surface check (script inspects the live ACA job's env; orchestrator env is not reachable).

Phase 5 — Long-Tail Cleanup

Theme: Lower-priority housekeeping that makes the next year of work easier but doesn't block anything shipping.

Sequencing rationale: Run last; tolerate partial completion. If time is short, M060 can be skipped entirely and re-planned when specific knowledge-subsystem regressions surface.

Milestone Title Slices
M059 Script Registry & Orphan Audit S01, S02
M060 Knowledge Subsystem Test Backfill S01, S02

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions