Why
Primary tester reports showed that shipped AI slash prompts can drift from the live SpecFact CLI command surface. Because these prompts are bundle payloads, stale command paths or options can ship to users even when code, docs, and signatures pass.
What Changes
- Add a prompt command validation gate for bundle-owned prompt resources under
packages/*/resources/prompts.
- Validate prompt command examples and option references against the mounted Typer/Click command tree discovered from the current repo.
- Update shipped prompt guidance so prompts treat their text as operating guidance and verify CLI reality at execution time instead of acting as the source of truth.
- Wire the validator into Hatch, local pre-commit checks, Markdown-triggered CI, and OpenSpec config guidance.
- Keep
.github/prompts out of scope; OpenSpec helper prompts remain a separate governance surface.
Capabilities
New capability:
prompt-command-validation
Modified capabilities:
bundle-packaged-resourcesresource-aware-integrity
Parent Tracking
Validation Evidence
openspec validate prompt-command-contract-validation --stricthatch run validate-prompt-commandshatch run test: 663 passed, 2 warningshatch run smart-test: 663 passed, 2 warningshatch run contract-test: 663 passed, 2 warnings- SpecFact code review changed-scope gate: zero findings
Notes
Local module signing used checksum-only manifests because no private signing key is configured in the local environment. The normal CI/signing workflow should produce real signatures where required.
Why
Primary tester reports showed that shipped AI slash prompts can drift from the live SpecFact CLI command surface. Because these prompts are bundle payloads, stale command paths or options can ship to users even when code, docs, and signatures pass.
What Changes
packages/*/resources/prompts..github/promptsout of scope; OpenSpec helper prompts remain a separate governance surface.Capabilities
New capability:
prompt-command-validationModified capabilities:
bundle-packaged-resourcesresource-aware-integrityParent Tracking
prompt-command-contract-validationValidation Evidence
openspec validate prompt-command-contract-validation --stricthatch run validate-prompt-commandshatch run test: 663 passed, 2 warningshatch run smart-test: 663 passed, 2 warningshatch run contract-test: 663 passed, 2 warningsNotes
Local module signing used checksum-only manifests because no private signing key is configured in the local environment. The normal CI/signing workflow should produce real signatures where required.