diff --git a/.agents/skills/unidesk-cicd/references/branch-follower.md b/.agents/skills/unidesk-cicd/references/branch-follower.md index eae50e53..b650e9df 100644 --- a/.agents/skills/unidesk-cicd/references/branch-follower.md +++ b/.agents/skills/unidesk-cicd/references/branch-follower.md @@ -37,7 +37,7 @@ When a branch-follower issue remains ambiguous after a debug step or drill-down, For HWLAB native `control-plane-refresh`, the bounded evidence chain must preserve both the rendered Pipeline summary and the applied cluster object summary for the same source commit: rendered Pipeline name, bounded `runtime-ready` task/when summary, source commit/stage ref, applied Pipeline name, resourceVersion, and a short annotation/label subset proving which object was patched. If the Job TTL has already removed the original Job, status/events/logs must show `-` or a bounded missing reason from stored state instead of inferring the missing edge. -CI/CD validation must be decomposable into ordered single-step gates before a full rollout observation is accepted: first validate the reuse plan, then CI parallelism/TaskRun plan, then CD rollout plan, then post-deploy monitoring/health evidence. "Single-step" means an independently triggerable and independently executable target-side CLI/debug-step/drill-down entry, not a passive observation extracted from one end-to-end follower run. Each gate must be runnable against a selected follower/source snapshot, must emit bounded evidence, and must be retryable/fixable without creating a new source PR or replaying the full follower loop. For HWLAB Pipeline render changes, `gate --gate control-plane-refresh --source-commit --confirm` is the independently triggerable native refresh gate. Do not use issue comments, repeated PR merges, or end-to-end follower loops as substitutes for a missing single-step validator; add the missing bounded CLI step first. +CI/CD validation must be decomposable into ordered single-step gates before a full rollout observation is accepted: first validate the reuse plan, then CI parallelism/TaskRun plan, then CD rollout plan, then post-deploy monitoring/health evidence. "Single-step" means an independently triggerable and independently executable target-side CLI/debug-step/drill-down entry, not a passive observation extracted from one end-to-end follower run. Each gate must be runnable against a selected follower/source snapshot, must emit bounded evidence, and must be retryable/fixable without creating a new source PR or replaying the full follower loop. The owner should not stop at explaining historical timing/status after a gate is clear enough to exercise; within the assigned boundary, it should autonomously trigger the relevant target-side single-step gate, inspect the short native result, tune the smallest failing edge, and rerun that same gate until it passes or a real permission/external/architecture blocker is proven. For HWLAB Pipeline render changes, `gate --gate control-plane-refresh --source-commit --confirm` is the independently triggerable native refresh gate. Do not use issue comments, repeated PR merges, or end-to-end follower loops as substitutes for a missing single-step validator; add the missing bounded CLI step first. PRs that change branch-follower convergence, reuse, Tekton/Argo closeout, runtime readiness or gate visibility must be submitted only after the author has run the affected independently triggerable single-step gates on the target NODE/k8s and captured bounded pass evidence. If a required gate cannot be triggered independently or does not pass, do not open the PR as a validation vehicle; leave a short issue comment with the missing gate, target object names and next minimal fix scope, then fix the gate first. diff --git a/.agents/skills/unidesk-subagent/SKILL.md b/.agents/skills/unidesk-subagent/SKILL.md index 48487530..599b8a2b 100644 --- a/.agents/skills/unidesk-subagent/SKILL.md +++ b/.agents/skills/unidesk-subagent/SKILL.md @@ -18,7 +18,7 @@ description: UniDesk 主代理调度子代理的必读技能。用户提到子 - 每个子代理 prompt 必须写清 repo、目标分支、独立 worktree、issue/PR、禁止触碰范围、验收命令、证据字段和是否允许部署;不要让多个子代理共享同一可写 worktree。 - 用户指定模型(例如 `gpt-5.5`)时,主代理调度子代理必须在任务描述或调度参数中显式遵守。 - 用户要求或授权“按任务难度分配模型”时,主代理必须按复杂度选择模型与 reasoning effort,并在 prompt 中写明选择理由;默认继承主模型,只有任务难度、风险或延迟收益明确时才显式覆盖。 -- 执行型子代理必须能在自己负责的边界内完成“单步验证 -> 定位 -> 最小修复 -> 复测 -> PR/issue 证据”的闭环;这里的“单步验证”必须是可独立触发、独立执行、独立复测的入口,不是在端到端大循环中被动观察某个阶段。除非遇到架构边界、权限缺失或需要主代理合并/取舍,不要把每个单步验证都退回主代理通过 issue 大回环推进。 +- 执行型子代理必须能在自己负责的边界内完成“单步验证 -> 定位 -> 最小修复 -> 复测 -> PR/issue 证据”的闭环;这里的“单步验证”必须是可独立触发、独立执行、独立复测的入口,不是在端到端大循环中被动观察某个阶段。子代理不应停留在解释历史数据或等待主代理逐步批准;在授权边界内应自主真实触发目标侧独立单步 gate 做小闭环调优,测不通就继续细分/修复/复测,直到该单步通过或遇到明确越界阻塞。除非遇到架构边界、权限缺失或需要主代理合并/取舍,不要把每个单步验证都退回主代理通过 issue 大回环推进。 - 需要提交 PR 的子代理必须在 PR 前自行用相关独立单步跑通目标运行面验证并保存 bounded 证据;测不通就继续定位和修改,直到该单步在目标侧通过。只有权限、外部依赖、架构取舍或明确越界时才写 issue 阻塞/缺口,不得先提交 PR 让主代理或自动 follower 替自己联调。 - 主代理 review 子代理 PR 时直接信任子代理对运行结果、target-side gate 和 evidence 的描述;主代理只审核 diff、架构边界、受控入口、YAML-first、职责拆分和是否违反长期规则。除非描述自相矛盾、缺失关键字段或涉及安全/生产高风险,不要重复拉运行面证据或替子代理重跑 gate。 - 子代理完成后必须留下可审查工件:PR、issue comment、commit、验证输出摘要、部署/observer/trace 证据或阻塞说明;主代理不能只凭口头结论合并。