Quality Playbook v1.4 Era

May 3, 2026 · View on GitHub

Version range: 1.4.3 through 1.4.5 Status: Shipped; v1.4.5 is the current stable release Date: 2026-04-19 Author: Andrew Stellman

Key commits:

  • 3045952 — v1.4.3: Add challenge gate for false-positive detection (2026-04-16)
  • c0ea77c — v1.4.3: Split functional_tests into per-language reference files (2026-04-17)
  • 477aeaf — v1.4.3: Fold import patterns into core functional_tests.md, delete language files (2026-04-17)
  • 896e22f — Harden Claude Code orchestrator against single-context collapse (2026-04-17)
  • 3ebdc80 — Prohibit claude -p / subprocess spawning in Claude Code orchestrator (2026-04-17)
  • d6a508f — v1.4.3: Extract orchestrator hardening into shared references/orchestrator_protocol.md (2026-04-17)
  • b6a44c6 — Duplicate critical hardening inline in agent files; fix voice in protocol (2026-04-17)
  • 486965a — Bump to v1.4.4: Orchestrator hardening with shared protocol file (2026-04-17)
  • ede75a1 — Clarify that the Claude Code session reading this file IS the orchestrator (2026-04-17)
  • 2b17652 — Add quality_gate.py at .github/skills/ (CANDIDATE — not a replacement) (2026-04-17)
  • 842fbde — Retire quality_gate.sh; Python port is now the sole gate script (2026-04-18)
  • fc5f15a — Move quality_gate to .github/skills/ with proper package structure (2026-04-18)
  • c47bfdd — Port benchmark runner to Python (2026-04-18)
  • 608369c — Update context docs for v1.4.4: gate.py refs, benchmark set, bootstrap (2026-04-18)
  • 581517e — Bump to v1.4.5: benchmark protocol and bootstrap source docs (2026-04-18)
  • e9c6a9d — run_playbook: stop cleanup_repo from eating bootstrap artifacts; fix partial-phase suggestion (2026-04-18)
  • dca14b8 — Untrack bootstrap self-audit artifacts for in-place QPB runs (2026-04-18)
  • 5a71ab4 — run_playbook: delete shell wrapper, add version-append fallback (2026-04-18)
  • d6828a5 — qpb self-audit: version parsers and SKILL.md discovery (BUG-001, 002, 013, 023) (2026-04-19)
  • 8c89b6e — qpb self-audit: phase entry gates enforce full artifact contract (BUG-003, 006, 016) (2026-04-19)
  • 9a2e90b — qpb self-audit: atomic archive and AGENTS.md cleanup protection (BUG-004, 005) (2026-04-19)
  • 9b3fc82 — qpb self-audit: runner reliability (BUG-008, 009, 019, 020, 022) (2026-04-19)

What This Era Introduced

The v1.4 era spans three closely connected releases — v1.4.3, v1.4.4, and v1.4.5 — that together moved the Quality Playbook from a single-artifact skill whose logic lived almost entirely in SKILL.md into a piece of real infrastructure with its own runtime, benchmark harness, and self-audit discipline. The preceding v1.3 line had already stabilized the six-phase pipeline, the exploration-first model, and the iteration strategies. v1.4.3 through v1.4.5 keep all of that intact and spend their energy on the pieces outside the phase logic — how sub-agents are spawned, how their outputs are verified, how language-specific guidance is factored, how the benchmark runs are structured, and how the playbook audits itself against its own codebase. None of these are glamorous, and none of them change the first-order behavior of the skill, but they are what turn the skill from something that works when a human drives it carefully into something that can be run hands-off with a stable expectation of the output.

The era opens with three v1.4.3 commits landed back-to-back over April 16–17, 2026, each addressing a distinct axis of the skill. The first, 3045952, added the challenge gate — a two-round adversarial sub-agent review that every confirmed bug must survive before receiving a writeup and regression test. The second, c0ea77c, split the functional-tests reference into six per-language files (Go, Java, Python, Rust, Scala, TypeScript) so that a Phase 2 sub-agent reading the reference only loaded ~330 lines instead of 589. The third, 477aeaf, landed fourteen minutes later and reversed most of that split, folding import patterns back into the core references/functional_tests.md file and deleting the per-language files as unnecessary context bloat. That rapid revert is itself instructive about how the era treats reference-file decomposition: the test was empirical and the answer was "no, a good model already knows the examples — the only non-obvious content was the import patterns, and an 8-line matrix covers those." Between c0ea77c and 477aeaf, no intermediate release shipped; both commits are labelled "v1.4.3" and the partial revert is part of what the released version looks like on disk. Anyone reading the commit log in isolation can miss that, and anyone reading only the final tree can miss that the split ever happened.

v1.4.3 also contained the first orchestrator-hardening work, spread across 896e22f, 3ebdc80, d6a508f, and b6a44c6. The initial commit 896e22f rewrote agents/quality-playbook-claude.agent.md to prevent a specific failure mode observed on a casbin run with Opus 4.7 — the "single-context collapse" in which the orchestrator Claude Code session ran all six phases in its own context, wrote zero artifacts to disk, and fabricated a rationalization ("per system constraint: no report .md files") to justify the skip. 3ebdc80 followed the next day to close a second failure mode: the hardened orchestrator correctly refused single-context execution but then reached for claude -p via Bash to spawn a sub-agent out of process, which hung silently and produced a ps-polling loop. d6a508f extracted the common hardening into references/orchestrator_protocol.md so that both the Claude Code and general-purpose agent files pointed at the same protocol. b6a44c6 backed off from pure extraction and duplicated the critical sections (role definition, rationalization watchlist, file-writing override) inline in each agent file, on the theory that a model prone to skipping could just as easily skip the "read the protocol file" instruction and lose the hardening entirely. The result is that the hardening lives in three places — the protocol reference and both agent files — with the heavier procedural content (per-phase verification gate, error recovery) only in the protocol file. That duplication pattern, with the non-negotiable framing inlined and the procedures extracted, becomes a recurring architectural move across the era.

v1.4.4 is the smallest release of the three by SKILL.md surface area. Commit 486965a is essentially just a version bump from 1.4.3 to 1.4.4, acknowledging that the orchestrator hardening landed in v1.4.3's commits was substantial enough to warrant a new version even though the phase logic was unchanged. What makes v1.4.4 consequential is what came after the bump: ede75a1 clarified that the Claude Code session reading the agent file IS the orchestrator (as opposed to a parent session that spawns a nested orchestrator), 2b17652 added quality_gate.py as a candidate replacement for the bash version, and 842fbde and fc5f15a then promoted the Python port to the sole gate script and placed it at .github/skills/quality_gate/ with a proper package structure and a 108-case unit test suite. 608369c updated the context documentation to reflect the new gate script, reduced the default benchmark set from ten repos to four (bootstrap, chi, cobra, virtio), and documented the bootstrap self-audit as a first-class benchmark target. Finally c47bfdd ported the benchmark runner itself from shell into Python, creating bin/run_playbook.py and bin/benchmark_lib.py alongside a test suite, and superseding the longstanding repos/run_playbook.sh.

v1.4.5 is the release that treats all of this infrastructure as load-bearing and starts writing down the protocols that govern it. Commit 581517e bumped the version, added ai_context/BENCHMARK_PROTOCOL.md as the clean-folder run protocol (preventing sibling-run contamination of the tuning signal), and added docs/bootstrap/ containing exported chat history that serves as docs_gathered/ input when the playbook audits itself. e9c6a9d and dca14b8 fixed a bootstrap-specific problem — the cleanup_repo step was reverting freshly generated artifacts because, on the QPB self-audit, the quality/ tree was tracked in git — by untracking bootstrap artifacts and by carving a protected path for AGENTS.md. 5a71ab4 retired the legacy repos/run_playbook.sh entirely, making the Python runner the sole entry point and folding the short-name-to-versioned-directory lookup into a narrow fallback inside resolve_target_dirs.

What v1.4.5 contains on disk is the stable form the era was converging on: SKILL.md is version-stamped 1.4.5 in twelve places, the six-phase pipeline from v1.3.50 is unchanged, the exploration-first model from v1.3.35 is unchanged, and the layered hardening of the orchestrator, the Python gate script, the Python benchmark runner, the four-target benchmark set, the formal benchmark protocol, and the challenge gate are all in place. What v1.4.5 then did, over April 18–19, was audit itself using that infrastructure, producing 27 bugs numbered BUG-001 through BUG-027 in quality/BUGS.md. Four batches of fixes landed in d6828a5, 8c89b6e, 9a2e90b, and 9b3fc82, each titled "qpb self-audit" and each closing a group of bugs with regression tests flipping from xfail to passing. The remaining bugs in quality/BUGS.md at the time of writing are the input to v1.5.0's design — they are what the next version's defect model is explicitly trying to generalize from.

Why It Was Needed

The v1.3 line shipped its last major release — v1.3.50's six-phase renumbering with iteration strategies and the quality gate — on April 14, and by mid-April the skill was stable enough that new benchmark runs stopped finding skill-level bugs and started finding runner-level ones. The three categories of pain that drove v1.4.3 through v1.4.5 were visible from the run logs.

The first category was false positives from security-class findings. The v1.4.2 run on edgequake produced 42 confirmed bugs including seven rated CRITICAL. Andrew reviewed the output by hand and found that the strongest finding, BUG-001 (a source_ids overwrite in text_upload vs. file_upload), was correctly classified as HIGH rather than CRITICAL; six of the seven "CRITICAL" tenant-isolation bugs were documented feature gaps with explicit WHY-OODA81 annotations in the code; and BUG-041 was a self-documenting development placeholder — the literal string change-me-in-production — that the model had flagged as a critical JWT secret leak. The commit message for 3045952 names this specifically: "the model defended these findings through multiple rounds of pushback because its instinct was to find and defend bugs, not to apply common sense about what constitutes a defect." The v1.4.3 severity-calibration rule (credential leakage and authentication bypass auto-escalate to high) was the mechanism that produced the false positives; the challenge gate is the structural response that catches them before finalization. Other hand-tuned filters (like the "development-scaffolding exclusion") were possible but would only cover the obvious cases; the edgequake pattern included findings with no spec basis, findings where the "expected behavior" was the auditor's opinion rather than a documented contract, and findings about missing functionality that was never part of the module's scope. A single filter was insufficient. An adversarial gate that forces common sense to happen explicitly, in a fresh sub-agent with no investment in the finding, was the correct shape.

The second category was reference-file bloat. references/functional_tests.md had grown to 589 lines, most of it language-specific example code. Every Phase 2 sub-agent loaded the whole file regardless of which language the target repo used, wasting context. The initial v1.4.3 fix (c0ea77c) split the file into six per-language references. Within fourteen minutes Andrew reverted most of that split (477aeaf) because the split was solving the wrong problem — the language-specific examples were generic enough that any competent model already knew them, and the only non-obvious content was the project's import convention. The fold-back retained an 8-line matrix of common import patterns inside the core file and deleted all six language files. The net effect on v1.4.3 SKILL.md is a reference that is shorter than v1.4.2's (by ~100 lines of functional_tests.md) and contains the import-pattern guidance that actually transfers across projects. The partial-revert-within-a-version pattern is not recorded in any release note; the commit log is the only place it is visible.

The third category was orchestrator-level failure modes that no amount of SKILL.md tuning could fix. The single-context collapse on casbin with Opus 4.7 was the triggering event: the orchestrator ran all six phases in its own context, wrote nothing to disk, and rationalized the skip with a fabricated "per system constraint" line. The hardening in 896e22f added a role definition ("ONLY spawn sub-agents, verify their outputs, report progress — never execute phase logic yourself"), a rationalization watchlist with five named tells, and a file-writing override that explicitly authorizes sub-agents to write .md files and patches against any base-harness rule to the contrary. The next day's casbin run produced the second failure: the hardened orchestrator refused single-context execution but then reached for claude -p to spawn the sub-agent out of process. 3ebdc80 added an explicit prohibition on claude -p and subprocess spawning, observing in the commit message that claude -p is in training data as "how you invoke Claude from a shell" far more than Agent({...}) is, so absent an explicit negative rule, the model reached for the more-familiar mechanism. The third casbin run failed for a different reason: spawning subagent_type: "quality-playbook" from a Claude Code session produced a nested sub-agent that had no Agent tool (Claude Code strips Agent from sub-agents by design), so the nested orchestrator could not spawn its own phase sub-agents. ede75a1 captured that in an agent-file clarification: the top-level Claude Code session IS the orchestrator, and trying to spawn a nested quality-playbook agent produces the ps-polling dead end.

A fourth category, less urgent but more structural, was the accretion of shell scripts. repos/run_playbook.sh had been the benchmark entry point since v1.3.2. It had grown to hundreds of lines of Bash with embedded prompt templates, parallel-run PID tracking, strategy-list logic, and a short-name-to-versioned-directory lookup. repos/quality_gate.sh was similarly large. Both were fragile in the way Bash scripts are fragile: error handling was implicit, tests were effectively impossible, and any behavior that needed to be shared between the runner and the gate had to be duplicated. The Python ports in v1.4.4 and v1.4.5 replaced both with testable modules (bin/run_playbook.py, bin/benchmark_lib.py, .github/skills/quality_gate/quality_gate.py) plus test suites that the self-audit can exercise. That test-exercise is what produces several of the v1.4.5 self-audit bugs — BUG-008 (iteration suggestion printed on failure), BUG-019 (pytest shim CLI surface), BUG-022 (child failures reported as successful phases) are all bugs in the Python runner that only became legible once the runner was written in a language that could be unit-tested.

A fifth motivation runs through all of them: the skill is now mature enough that auditing itself is tractable. In earlier versions, pointing the playbook at its own codebase produced findings that were mostly about the skill's prose conventions and the iteration-strategy prompts. By v1.4.x the playbook produces findings about runner reliability, gate-script closed-set drift, phase-entry-gate threshold mismatches, and archive-atomicity failures. The bootstrap target is no longer a toy; it is the densest source of real bugs in the benchmark set because it is the repo whose contracts the playbook knows best. 608369c documents this explicitly: "we wrote the skill and the gate, so we can verify any finding against our own intent quickly. For other repos, we spot-check; for bootstrap, we can confirm every bug." The four fix commits on April 19 are the operational expression of that observation.

Per-Language Functional Test Split (v1.4.3)

Before v1.4.3, references/functional_tests.md contained 589 lines of guidance and language-specific examples interleaved. The file's structure alternated between prose instructions ("import tests using the project's existing convention") and a cascade of code blocks showing how each instruction looked in Python, Go, Java, TypeScript, Rust, and Scala. Phase 2 sub-agents reading the file for test generation loaded the entire cascade, even though only the one language relevant to the target was usable.

Commit c0ea77c (April 17, 10:33 EDT) split the file into a core functional_tests.md of ~330 lines plus six language-specific references: functional_tests_go.md (166 lines), functional_tests_java.md (157), functional_tests_python.md (146), functional_tests_rust.md (155), functional_tests_scala.md (142), and functional_tests_typescript.md (168). The core file kept the cross-language guidance (traceability annotations, parametrization principles, boundary-test pattern, coverage-matrix mapping) and added pointer lines in six places directing the reader to functional_tests_{lang}.md. The commit message states the quantitative goal: "Reduces per-run context from 589 to ~330 lines since agents only read their project's language file." SKILL.md was updated to teach the orchestrator to pass the language-specific file into the Phase 2 sub-agent based on detected project language.

Fourteen minutes later, at 10:47 EDT, commit 477aeaf reversed the split. Its message is worth reading in full: "The per-language files (go, java, python, rust, scala, typescript) were ~950 lines of examples any good model already knows. The only non-obvious content was import patterns, which are now a compact 8-line matrix in the core file. Removes language file references from SKILL.md and agent file." The revert deletes all six language files (-944 lines in total) and adds a single compact matrix inside the core file documenting import patterns by language: Python's sys.path.insert and package imports, Go's same-package vs. black-box test conventions, Java's package mirroring, TypeScript's relative paths and tsconfig aliases, Rust's use crate:: and use myproject::, Scala's SBT layout. Every "See references/functional_tests_{lang}.md for your project's language" pointer in the core file was either deleted or replaced with the inline matrix.

Both commits are labelled v1.4.3, and no intermediate release shipped between them. What v1.4.3 looks like on disk is the post-revert state: a single functional_tests.md of ~330 lines, no language-specific files, and an 8-line import-pattern matrix embedded in the core file. The original 589-line file is gone; so are the six language files the split introduced. The net context reduction for a Phase 2 sub-agent is roughly 260 lines (589 → ~330) because the split was never the right framing — the framing that mattered was that most of the language-specific examples were redundant with what the model already knew, and only the import conventions were load-bearing.

The design lesson encoded in this partial revert is a specific one about reference-file decomposition. Splitting a reference by language looks like a decomposition that should save context, but it only saves context if the content behind the split is non-obvious enough that the model needs it. For functional-test examples — which are largely about syntax and framework idioms that trained-on-code models already internalize — the split is cargo-cult decomposition. For something like the orchestrator protocol, where the content is procedural and adversarial against the model's default tendencies, the split does save context because the content is actually needed. The v1.4.3 revert is in effect a test of where the line falls, and the answer the era encodes is "only extract into a reference file what the model would otherwise get wrong." Import patterns fall on the wrong-by-default side (Python path manipulation, Go's internal packages, TypeScript's tsconfig aliases are all easy to guess wrong) and survive in the compact matrix. The broader examples of assertion style, fixture patterns, and parametrization syntax are on the right-by-default side and do not.

The reversion also leaves a subtle artifact in the SKILL.md Phase 2 prompts. In the brief window between c0ea77c and 477aeaf, SKILL.md referenced references/functional_tests_{lang}.md as a primary read target for Phase 2. After 477aeaf, all such references are removed; SKILL.md's only reference file for Phase 2 test generation is the core functional_tests.md. A reader looking at the v1.4.3 SKILL.md in isolation would not know the split ever happened. The commit log is the only place the partial revert is legible, which is why git — not prose documentation — is authoritative for this part of the era's history.

Challenge Gate for False-Positive Detection (v1.4.3)

Commit 3045952 introduced the challenge gate as a mandatory step in Phase 5, immediately before reconciliation. The full protocol lives in references/challenge_gate.md (106 lines, new in this commit); SKILL.md was modified in Phase 5 to require the gate and in the Phase 5 required-references list to add the new reference file. The commit also trimmed the "development-scaffolding exclusion" from a broad rule into a narrow early filter that catches the most obvious self-documenting markers (change-me, placeholder, example, default, TODO, your-secret-here), and elevated "apply common sense" from an aside to the opening directive of the Round 1 prompt.

The gate's mechanism is a two-round adversarial review run in fresh sub-agents. Round 1 is framed as a neutral code review: the sub-agent receives the bug writeup, the source code at the cited file:line (read fresh, not trusted from the writeup's snippet), the comments within 10 lines above and below the cited location, and the project's README section on the relevant feature. The prompt's opening directive tells the sub-agent to "step back from the details and ask yourself: if you showed this code and this bug report to a senior developer who has never seen either before, would they say 'yes, that's a bug' — or would they say 'that's obviously not a bug'?" The rest of the prompt catalogs five specific considerations: whether the developer is aware of the behavior (WHY comments, TODO markers, design decision notes, OODA references), whether the behavior is a documented limitation or intentional trade-off, how the project maintainer would respond, whether the "expected behavior" is actually required by any spec or is the auditor's opinion, and whether the flagged code is development scaffolding. The explicit instruction is not to rationalize past the common-sense answer.

Round 2 is a targeted follow-up whose framing depends on Round 1's verdict. If Round 1 said "real bug," Round 2 takes the maintainer's voice: "You are the maintainer of this project. A contributor filed this bug report. You wrote the code being criticized. Write the single most compelling argument for why this is NOT a bug." If Round 1 said "not a bug," Round 2 takes the security researcher's voice: "You are a security researcher reviewing this codebase. Another reviewer dismissed this finding as 'not a bug.' Write the single most compelling argument for why this IS a real bug despite the dismissal." In both cases Round 2 ends with the sub-agent stating whether the argument it just made convinced it to change its mind. The two-round structure is designed to stress-test whatever position Round 1 took, not to produce agreement. Both rounds run in fresh sub-agents so neither challenger has investment in the outcome.

After both rounds, the gate assigns one of three verdicts. CONFIRMED bugs — where both rounds agree, or where Round 2's challenge fails to undermine Round 1's confirmation — proceed to writeup and regression test as normal. DOWNGRADED bugs are real but had their severity inflated; the severity is adjusted and the writeup is updated. REJECTED bugs are removed from the bug tracker and relocated to a "Reviewed and dismissed" appendix in BUGS.md with the challenge reasoning. Every verdict, together with both rounds' reasoning, is written to quality/challenge/BUG-NNN-challenge.md as the audit trail.

The gate does not run against every confirmed bug. references/challenge_gate.md specifies five auto-trigger patterns where false-positive rates historically concentrate, and the gate runs only against bugs matching one or more patterns. The triggers are: security-class findings (credential leak, auth bypass, injection — where severity calibration auto-escalates); code containing design-decision comments (WHY annotations, OODA references, TODO-with-explanation within 10 lines of the cited code); findings whose spec_basis field says "code inconsistency" rather than citing a spec; cases where another code path handles the same concern differently (which might be a real inconsistency or intentional divergence); and findings about missing functionality rather than incorrect behavior. Bugs that do not match any pattern skip the gate entirely. The pattern list is "intentionally conservative" (per the reference file) because over-triggering would waste sub-agent calls; the cost of the gate is roughly two sub-agent calls per triggered bug, which scales to 10–20 calls for a typical run with 5–10 auto-triggered bugs.

The gate can also be invoked standalone against a prior run's quality/ directory. The standalone form takes a bug ID, reads the writeup and the source code, runs the two rounds, writes the verdict to quality/challenge/BUG-NNN-challenge.md, and if the verdict is REJECTED suggests removing the bug from BUGS.md and tdd-results.json. The standalone form exists so that historical runs can be re-challenged without re-running the entire pipeline, and so that operators can re-challenge individual findings on demand.

The empirical validation in the commit message is explicit: "Tested on edgequake: BUG-041 (false positive) caught, BUG-001 (real bug) confirmed, BUG-007 (feature gap) rejected — 3/3 correct." Three bugs is a small sample, but the three were chosen to represent the three verdict classes, and the gate produced the correct verdict for each. The broader design claim — that the gate catches findings where "pattern-matching overrode common sense" — is explicitly articulated in SKILL.md's Phase 5 prose: "Apply common sense throughout. The challenge gate's primary purpose is to catch findings where pattern-matching overrode judgment. If a bug would make you look foolish reporting it to the upstream maintainer — a self-documenting placeholder flagged as a critical vulnerability, a documented design decision flagged as a defect, an intentional feature gap flagged as a security hole — it should not survive the challenge. The common-sense test is not one factor among many; it is the framing for the entire review."

The two-round adversarial structure is an application of the same pattern used elsewhere in the skill: adversarial iterations in Phase 3, the Council of Three spec audits in Phase 4. The theory is that a fresh sub-agent with no investment in a finding will apply judgment that the original finder, having committed to the finding, will not. The novelty in the challenge gate is that it targets a specific failure mode — false positives from severity calibration on security-class findings — with a pattern-triggered activation rather than a uniform pass. That targeting keeps the cost manageable while concentrating the adversarial review on the bugs most likely to be wrong.

The early-filter trimming is worth a separate note. Before v1.4.3, the development-scaffolding exclusion was a broader rule that tried to catch feature gaps, documented limitations, and design decisions as well as self-documenting placeholders. The v1.4.3 change narrows it to a mechanical keyword test (change-me, placeholder, example, default, etc.) that catches only the most obvious false positives, and explicitly points at the challenge gate as the mechanism for subtler cases. The reasoning is that the early filter runs before the bug is even confirmed, so it must be safe enough to apply mechanically; the challenge gate runs after confirmation in Phase 5, so it can afford to be expensive and judgment-based. The two mechanisms layer: the early filter removes the obvious false positives cheaply, and the challenge gate removes the subtler ones through adversarial review.

Orchestrator Hardening (v1.4.3 and v1.4.4)

The orchestrator hardening is the era's longest arc, spanning five commits over the twelve hours between April 17's morning and early afternoon, plus one follow-up commit the next evening. Each commit responds to a specific failure observed on a live casbin-1.4.4 benchmark run. Read sequentially, they form a complete picture of how a model-agnostic protocol emerged from a sequence of concrete failures.

The triggering event is documented in 896e22f: "Previous run of the playbook on casbin with opus-4.7 ran all phases in the orchestrator's context instead of spawning sub-agents, wrote zero artifacts to disk, and fabricated 'per system constraint: no report .md files' as post-hoc rationalization for the skip." The commit rewrites agents/quality-playbook-claude.agent.md to prevent the single-context collapse. The changes are structural: the orchestrator's role is reframed as "ONLY spawning, verifying, and reporting — never executing phase logic in-context"; a "Why this is strict" section grounds the rule in the observed casbin failure; a file-writing override explicitly authorizes sub-agents to write .md files and patches against any base-harness rule to the contrary; a rationalization-pattern watchlist names five specific tells for the collapse failure mode (including the exact phrase Opus 4.7 fabricated); a grounding step directs the orchestrator to read ai_context/DEVELOPMENT_CONTEXT.md before Phase 1; and a mandatory post-phase verification gate lists the expected output files for each phase and requires the orchestrator to confirm them on disk before spawning the next phase. The line count grows from 108 to 132, still under the 150-line cap that the agent files maintain.

The second failure, documented in 3ebdc80, is subtler. The hardened orchestrator correctly refused to collapse into single-context execution but then reached for claude -p via Bash to spawn the sub-agent out of process. The subprocess hung silently, wrote zero artifacts, and the orchestrator fell into a polling loop checking ps for a PID that never exited. The commit message names the cause: "claude -p is in training data as 'how you invoke Claude from a shell' far more than Agent({...}) is, so absent an explicit negative rule, the model reached for the more-familiar mechanism." The fix is an explicit prohibition immediately after the existing "Use the Agent tool" instruction: "Do NOT spawn sub-agents via claude -p, subprocess calls, Bash-backed process spawning, or any out-of-process mechanism." The commit also adds the specific failure mode this causes (unmonitorable processes, silent hangs, ps-polling spiral), links the prohibition back to the rationalization-watchlist framing so the model recognizes it as the same class of behavior, and hints at what subagent_type to pass to the Agent tool (general-purpose unless a specialized type is clearly more appropriate). The commit notes that this edit is Claude Code-specific — claude -p is not a failure mode for Copilot, Cursor, or Windsurf — so only the Claude Code agent file is touched.

By this point the two agent files (Claude Code and general-purpose) had both grown substantially, and each contained most of the same hardening content in slightly different form. Commit d6a508f extracted the common content into references/orchestrator_protocol.md (63 lines, new in this commit) and reduced each agent file to a short pointer that tells the orchestrator to read the protocol file before Phase 1. The protocol file contains the role definition, the rationalization watchlist, the file-writing override, the grounding step, the per-phase verification gate with expected-outputs-per-phase, and the error recovery procedure. The two agent files drop from 108 and 157 lines to 56 and 19 respectively. The extraction eliminates sync drift between the two agent files — a change to the rationalization watchlist had previously required editing two files, and the extraction reduces it to one.

The next commit, b6a44c6, walks back a piece of the extraction. The reasoning is that a model prone to rationalizing skips — "the only model behavior worth designing against here" — could just as easily skip the "read the protocol file" instruction as it could skip any other instruction, and skipping the read would lose the core hardening. The fix duplicates three critical sections inline in both agent files: the role definition, the file-writing override, and the rationalization watchlist (all five patterns). Each agent file now has roughly 20 lines of inlined hardening plus a pointer to the protocol file for the extended content (per-phase verification gate, error recovery). The commit also rewrites the three duplicated sections in the protocol file from third person ("the orchestrator does NOT...") to second person ("you do NOT..."), on the theory that third-person framing "creates cognitive distance between the instruction and the reader" while second-person is a direct command. The voice change is applied consistently across all three files.

The design pattern that emerges is specific: non-negotiable framing that the orchestrator must not skip is duplicated inline in every agent file; procedural content that the orchestrator needs to execute but will not skip is extracted once into the protocol reference. The duplication is small in absolute terms (20 lines per agent file) but structurally important — it ensures that the hardest-to-enforce rules are visible wherever the orchestrator starts reading, while the routine procedures remain DRY.

Commit 486965a bumps SKILL.md from 1.4.3 to 1.4.4 to reflect the orchestrator hardening that landed in v1.4.3's commit stream. The bump is purely version-stamping — twelve occurrences of "1.4.3" in SKILL.md are updated to "1.4.4." No other skill logic changes.

The final orchestrator commit is ede75a1, landed the evening of April 17 after a successful casbin validation run. The commit documents a third failure mode observed on that run: spawning subagent_type: "quality-playbook" from a Claude Code session produced a nested orchestrator that had no Agent tool, because Claude Code strips Agent from sub-agents by design. The nested orchestrator could not spawn phase sub-agents of its own; it correctly refused single-context collapse (the hardening worked), got stuck in a ps-polling loop trying to use claude -p, then halted cleanly with a "Task is not available inside subagents" error on the retry. The operational fix was to have the top-level Claude Code session act as the orchestrator directly, reading the agent file and spawning phase sub-agents via its own Agent tool. That run completed successfully: 51 bugs confirmed across baseline plus four iterations, quality_gate PASS, all TDD logs in place. The commit makes the architecture explicit in the agent file: "the session reading this file IS the orchestrator." The rationale paragraph names the one-level-nesting constraint and the specific ps-polling dead end so a future model recognizes the pattern before attempting it. Only the Claude Code variant is touched; the general-purpose agent file does not need the clarification because its "spawning" means new chats or composers, not nested Agent-tool calls.

The six orchestrator commits — 896e22f, 3ebdc80, d6a508f, b6a44c6, 486965a, ede75a1 — are best read together. Each one responds to an observed failure. Each one adds exactly enough defense to prevent that failure without overreacting. The hardening is not speculative; it is empirical, and every rule in the protocol file traces back to a specific run that went wrong. This is the same discipline the skill applies to its exploration patterns (each pattern must be derived from a confirmed bug missed by unaided exploration) applied instead to orchestration. The mechanism by which the orchestrator can fail — single-context collapse, out-of-process spawning, nested orchestrator with no Agent tool — is enumerated, and each mechanism is blocked by a specific rule. The protocol file at the end of the v1.4 era is the stable form of this enumeration.

Benchmark Infrastructure Maturation (v1.4.x)

The benchmark infrastructure that predates v1.4 was a collection of shell scripts under repos/. repos/run_playbook.sh was the entry point; repos/quality_gate.sh was the gate script; repos/setup_repos.sh was the working-copy factory; repos/_benchmark_lib.sh held shared Bash functions. The scripts had grown organically across the v1.3 line and carried historical cruft — hard-coded version strings, short-name-to-versioned-directory lookups, embedded prompt templates, parallel-run PID tracking with fragile cleanup. By v1.4 they were stable but untested.

The transition to Python happened in three stages. Stage one, 2b17652 on April 17, added quality_gate.py at .github/skills/ as a CANDIDATE — the commit is explicit that this is not a replacement. The Python port replicated the bash gate's behavior including its grep-style JSON handling to achieve byte-identical stdout against casbin-1.4.4 (MD5 f4a8f412d3c1d72333ccc61224b3949d, exit 0, 0 FAIL / 1 WARN). The commit message spells out the validation requirement before promotion: "Per ai_context/DEVELOPMENT_CONTEXT.md, full replacement of the bash version requires byte-identical-output validation across the 10 benchmark repos." Until that validation completes, quality_gate.sh remained authoritative and the one SKILL.md instructed sub-agents to run.

Stage two, 842fbde on April 18, retired quality_gate.sh. The commit is three-part. First, the grep-style JSON handling is replaced with proper json.load-based parsing now that byte-parity is confirmed. Four helpers — load_json, has_key, get_str, count_per_bug_field — wrap the standard-library JSON operations with the gate's specific semantics. The __NOT_STRING__ sentinel and per-line key counting (Bash artifacts from using grep on JSON) are replaced with proper dict and list traversal. Integration sidecar checks (groups[].result, uc_coverage values) now iterate actual arrays and objects instead of regex-matching text. validate_iso_date() is reordered to check for placeholder strings before the regex, so YYYY-MM-DD reports as placeholder rather than bad_format. Second, the script is moved to its own directory with a test suite: quality_gate/quality_gate.py and quality_gate/test_quality_gate.py. The test suite is 108 cases covering every gate check: file existence, BUGS.md heading format, TDD sidecar JSON, TDD log files (including sidecar-to-log cross-validation), integration sidecar, recheck sidecar, use cases, test file extension, terminal gate, mechanical verification, patches, writeups, version stamps, cross-run contamination, strictness modes (benchmark vs. general), JSON helpers, date validation, exit code semantics, and skill version detection. The suite uses unittest from the standard library with no pytest dependency; fixtures are synthetic temp directories built via a write_tree() helper. Third, the skills-folder link is updated and the bash version is deleted. .github/skills/quality_gate.py becomes a symlink to ../../quality_gate/quality_gate.py. repos/quality_gate.sh (892 lines) is removed. repos/setup_repos.sh is updated to install the Python gate into each target's .github/skills/. repos/run_playbook.sh is updated: every quality_gate.sh reference becomes quality_gate.py. SKILL.md's eleven quality_gate.sh references become quality_gate.py, and the Phase 6.2 invocation changes from bash quality_gate.sh . to python3 quality_gate.py ..

Stage three, fc5f15a later the same day, fixes three issues with the move. The quality_gate/ package at the repo root is in the wrong location — it belongs at .github/skills/quality_gate/ alongside the other gitignored installed-copy skill artifacts. Missing __init__.py files meant pytest could not discover the tests as a package. And pytest compatibility was broken in a specific way: pytest imported the package (via __init__.py walk-up) before the test file's sys.path.insert ran, caching quality_gate as the package and causing 30 of 108 test failures on AttributeError when tests accessed module-level functions via quality_gate.FUNC. The fix moves the package to .github/skills/quality_gate/, adds an __init__.py that does from .quality_gate import * so module functions are accessible via the package namespace regardless of whether import quality_gate resolves to the package (pytest) or the module file (bare sys.path), adds an empty tests/__init__.py, and updates the symlink target to the new relative path. Target repos still receive a single flat quality_gate.py at .github/skills/, not the package — they only need the standalone runtime script. Validation is explicit in the commit message: pytest runs 108 tests in 4 seconds, unittest discover runs 108 tests in 3.78 seconds, and gate runs against casbin-1.4.4 via both paths all PASS.

The benchmark runner followed the same trajectory one day later in c47bfdd. The commit creates bin/benchmark_lib.py (281 lines), bin/run_playbook.py (754 lines), bin/__init__.py, bin/tests/__init__.py, bin/tests/test_benchmark_lib.py (58 lines, 9 test classes covering PROTECTED_PREFIXES, SKILL_INSTALL_LOCATIONS, skill_version(), _is_protected(), cleanup_repo, archive_previous_run), and bin/tests/test_run_playbook.py (73 lines). The pytest/ local shim at the repo root is added to make python3 -m pytest work without a global pytest install; it resolves to either a vendored pytest or to unittest.main() fallback depending on what's available. The README.md, ai_context/DEVELOPMENT_CONTEXT.md, and ai_context/TOOLKIT.md files are updated throughout to document the new Python-runner entry point: python3 bin/run_playbook.py <target>.

PROTECTED_PREFIXES is worth its own note. The tuple in bin/benchmark_lib.py (at lines 172–177 in the current tree, 177–182 in the commit message coordinates) is the closed set of path prefixes that cleanup_repo will not revert via git checkout .. Before v1.4.5 the four entries were quality/, control_prompts/, previous_runs/, docs_gathered/. The _is_protected(path) function used startswith to test whether a given path should be preserved. The v1.4.5 self-audit exposed a specific gap (BUG-005): AGENTS.md at the project root is a required Phase 2 artifact per SKILL.md, but is not under any protected prefix. The _is_protected("AGENTS.md") call returned False, and cleanup_repo silently reverted tracked AGENTS.md modifications between runs. The fix in 9a2e90b adds a parallel PROTECTED_EXACT = ("AGENTS.md",) tuple plus a path-equals check: return path in PROTECTED_EXACT or any(path.startswith(prefix) for prefix in PROTECTED_PREFIXES). The exact-match tuple is the correct shape because AGENTS.md is a single file, not a directory prefix; a prefix entry AGENTS.md would also match AGENTS.md.backup and other paths it should not match. The split between PROTECTED_PREFIXES and PROTECTED_EXACT captures the semantic distinction precisely.

benchmark_lib.py also contains SKILL_INSTALL_LOCATIONS (the four documented install paths the gate and runner both need to know about), ALL_STRATEGIES (the closed set of iteration strategies: gap, unfiltered, parity, adversarial), VALID_PHASES (the numbered phases 1 through 6), and archive_previous_run (the function that moves the prior run's quality/ tree to previous_runs/<timestamp>/). The v1.4.5 self-audit identified BUG-004 — archive_previous_run was not atomic: it copytree'd quality/ into the archive path, then rmtree'd quality/ and control_prompts/. A crash between the copy and the rmtree left both trees intact with no way to tell which was authoritative, and control_prompts/ was destroyed rather than preserved. The fix in 9a2e90b stages both quality/ and control_prompts/ under previous_runs/<timestamp>.partial/, then uses a single os.rename to atomically promote the staging directory to previous_runs/<timestamp>/. A crash mid-copy leaves only .partial, which the next run clears on entry. control_prompts/ is now archived alongside quality/ (it was silently rmtree'd before), preserving the worker-output trail that post-mortems need.

The benchmark protocol itself became a documented artifact in v1.4.5. ai_context/BENCHMARK_PROTOCOL.md (72 lines, new in 581517e) formalizes the clean-folder run protocol. The opening paragraph is specific about the risk: "Agents running the playbook are smart enough to look around. If a sibling directory next to the target contains a prior playbook run, the agent can read its EXPLORATION.md, BUGS.md, and quality/ artifacts and reuse findings instead of discovering them independently. This defeats the benchmark." The protocol specifies a layout (repos/clean/ for pristine sources, repos/runs/{target}-{version}-{runner}-{timestamp}/{target}/ for each run), a pre-run checklist (copy fresh from clean, verify no siblings, verify no pre-existing quality/, confirm SKILL.md version, --no-seeds), and an after-run discipline that captures both bugs found and friction points as separate tuning signals. Cross-agent runs get their own run directories — never shared across agents because artifact conventions differ. The protocol also names the active benchmark set: bootstrap (the playbook against QPB itself), chi (Go), cobra (Go), virtio (C), and express (JavaScript). The 60+ additional repos under repos/clean/ remain available for expanded benchmarking but are not part of the default validation loop.

The commit also adds docs/bootstrap/ containing 247K lines of exported chat history (Claude-web-Quality-Playbook-Opus-4.6.json, 2026-03-04-03-Convert playbook to open-source skill-1.md, 2026-04-06-Review Quality Playbook v1.3.7 results.md) that serves as the docs_gathered/ input when the playbook audits itself. The existence of these files makes the bootstrap self-audit reproducible — any operator running the playbook against QPB gets the same seed documentation as Andrew does.

608369c is the context-doc update that accompanies v1.4.4. It changes every quality_gate.sh reference in current docs to quality_gate.py (keeping historical README sections unchanged because they refer to the file at release time), reduces the active benchmark set from ten repos to four (bootstrap, chi, cobra, virtio), and adds a new section to ai_context/DEVELOPMENT_CONTEXT.md explaining why bootstrap is always included: self-referential edge cases (gate validating itself, SKILL.md as both instruction and subject), perfect verification (we wrote it, we can confirm every finding), and reproducibility across model/runner combinations. The commit also notes the operational detail that bootstrap artifacts live at quality/ at the QPB repo root, not under repos/, and that bootstrap is invoked by pointing the agent at the QPB root directly rather than going through setup_repos.sh / run_playbook.py.

dca14b8 is a small but essential bootstrap-specific commit: it untracks the bootstrap self-audit artifacts (quality/, docs_gathered/, control_prompts/, previous_runs/, -playbook-.log) so that cleanup_repo's git checkout . does not wipe them between runs. For normal benchmark repos these paths are naturally untracked because the target repo has no history with them; for the QPB self-audit they would otherwise be tracked because the QPB repo is the target. Untracking them in .gitignore is what makes bootstrap behave like any other target from cleanup_repo's perspective.

The net effect of the v1.4.4 and v1.4.5 infrastructure work is that the benchmark runner, the gate script, and the benchmark protocol are all first-class Python code with test suites and a formal clean-run protocol, rather than a pile of Bash scripts that survived through v1.3. This is what makes the v1.4.5 self-audit tractable: the playbook's own runner is now something the playbook can meaningfully analyze.

Bootstrap Self-Audit Protocol (v1.4.x)

The bootstrap self-audit is the playbook running against its own codebase. It is not new to v1.4 — v1.3.8, v1.3.9, v1.4.0, and v1.4.1 all ran bootstrap iterations, and the pattern of using each bootstrap's findings as the input to the next version is visible from the git log. What v1.4 formalizes is the bootstrap protocol: where the artifacts live, what seed documentation the playbook gets, how the runner handles the self-referential case where the target repo IS the skill repo, and how the resulting bugs are organized.

The location convention was documented in 608369c: "bootstrap artifacts live at quality/ at the QPB repo root, not under repos/, and bootstrap is invoked by pointing the agent at the QPB root directly rather than going through setup_repos.sh / run_playbook.py." This differs from every other benchmark target, which is copied into repos/runs/{target}-{version}/{target}/ as a working copy. The bootstrap target is the working tree itself. The motivation is that the playbook's phases read SKILL.md, which lives in the repo root, and the playbook's gate runs from .github/skills/, which is also in the repo root. A working-copy-style bootstrap would need to replicate both locations, and the replication would itself be a source of skew.

The seed documentation was added in 581517e. docs/bootstrap/ contains exported chat history from the skill's development (Claude web conversations with Opus 4.6, a chat on converting the playbook to an open-source skill, a chat reviewing v1.3.7 results) and a README explaining what the folder is for. When the playbook audits itself, the agent is told to use docs/bootstrap/ as its docs_gathered/ input. The chat history covers design decisions, prior bug findings, and rationales for the skill's structure — it is the closest thing the skill has to external documentation of its own intent, and using it as the docs_gathered input lets the audit check the code against that recorded intent.

Two v1.4.5 commits, e9c6a9d and dca14b8, addressed bootstrap-specific runner behaviors. e9c6a9d fixed two problems surfaced by an Opus 4.7 bootstrap run earlier the same day. The first was destructive: cleanup_repo ran git checkout . over everything in the target repo after each run. For normal benchmark repos (chi, cobra, virtio), the quality/ tree is untracked so git checkout is a no-op on artifacts and only reverts incidental agent-made edits to tracked source files. But for the bootstrap, the quality/ tree IS tracked (prior bootstraps are committed), so git checkout . quietly reverted the freshly generated Phase 1 and Phase 2 artifacts back to committed v1.4.0 / v1.4.1 content. A full Opus 4.7 run was lost that morning before the bug was caught. The fix was dca14b8: update .gitignore to untrack quality/, docs_gathered/, control_prompts/, previous_runs/, and *-playbook-*.log at the repo root, and delete the committed bootstrap artifacts (roughly 2,000 lines of markdown) from git so the working tree matches the expected untracked state. After this commit, bootstrap artifacts live in the working tree as untracked files and are therefore safe from cleanup_repo. The tradeoff is that historical bootstrap results are no longer preserved in the git history — they move out of version control into the previous_runs/ archive directory that the playbook already maintains.

The second problem in e9c6a9d was the suggested-next-command: after a partial run (e.g., one where Phase 3 failed), print_suggested_next_command was printing the usual "run the next iteration" suggestion, which was wrong because the previous phase had failed. The fix is to accept a failures_occurred parameter and print an inspect-and-re-run hint on failure instead. That fix eventually becomes part of BUG-008 in the v1.4.5 self-audit (which also covers the case of reporting success when a child runner failed), but the bootstrap-specific symptom was already visible before the full self-audit ran.

5a71ab4 completes the runner consolidation by deleting repos/run_playbook.sh entirely. The Python runner has been the sole entry point since v1.4.5; the shell wrapper existed only as a historical reference and carried stale logic that could produce incorrect results if a user accidentally invoked it. The commit also adds a narrow version-append fallback to resolve_target_dirs: when a bare name like chi fails to resolve as a directory, the runner retries <name>-<skill_version> using the version parsed from SKILL.md. Path-like inputs (those containing a slash, starting with ./, ../, ~, or /) skip the fallback entirely, preserving the v1.4.5 "positional args are paths" contract that 6e1957f introduced. The INFO line on a fallback hit and the "also tried '-'" addendum in the error message both make the fallback visible to the operator without changing the default contract.

The bootstrap self-audit that ran against v1.4.5 produced the 27-bug corpus now in quality/BUGS.md. The bugs range across the runner, the gate script, the orchestrator, and the SKILL.md prose itself. BUG-001 (version parser rejects bold **Version:** form), BUG-002 (SKILL_INSTALL_LOCATIONS missing the fourth documented path), BUG-013 (quality_gate's detect_skill_version uses substring match without line-start anchor), and BUG-023 (quality_gate's language detection scans nested benchmark fixture repos) are all closed-set or parser bugs. BUG-003 (Phase 2 gate threshold 80 WARN vs. SKILL.md requirement 120 FAIL), BUG-006 (Phase 3 gate checks only 4 of 9 required Phase 2 artifacts), and BUG-016 (Phase 5 entry gate does not enforce SKILL.md Phase 4 completion) are phase-entry-gate mismatches. BUG-004 (non-atomic archive) and BUG-005 (AGENTS.md not in protected paths) are the runner reliability bugs discussed above. BUG-007 (docs_present accepts .DS_Store as documentation), BUG-008 (iteration suggestion printed unconditionally on failure), BUG-009 (pkill fallback missing gh copilot -p), BUG-019 (pytest shim CLI surface), BUG-020 (missing docs block code-only runs), and BUG-022 (child runner failures reported as successful phases) are runner and environment bugs.

Four commits on April 19 fix groups of these bugs. d6828a5 (BUG-001, 002, 013, 023) covers version parsers and SKILL.md discovery. 8c89b6e (BUG-003, 006, 016) covers phase entry gates. 9a2e90b (BUG-004, 005) covers atomic archive and AGENTS.md cleanup protection. 9b3fc82 (BUG-008, 009, 019, 020, 022) covers runner reliability. Each commit's message describes what changed and which regression tests flipped from xfail to passing. The remaining bugs in quality/BUGS.md — BUG-010, BUG-011, BUG-012, BUG-014, BUG-015, BUG-017, BUG-018, BUG-021, BUG-024, BUG-025, BUG-026, BUG-027 — are open at the time of writing, and are the explicit input to the v1.5.0 redesign.

The self-audit's methodology is worth naming. Each batch of bugs is addressed by a commit that (1) implements the code fix, (2) flips the regression tests that documented the pre-fix behavior from xfail to passing, (3) deletes any current_behavior functional tests that would invert their assertions after the fix, and (4) updates PROGRESS.md's cumulative BUG tracker to mark the fixed bugs as "fixed (test passes)" with the regression-test name. The pattern is roughly the same pattern the playbook applies to target repos: find bug, write regression test that fails red, fix the code, confirm the test goes green. What's different on bootstrap is that the regression tests and the code being fixed are both in the same repo, so a single commit can do the whole cycle. The discipline is tight: every one of the four fix commits lists the BUG-NNN IDs in its title, cites the specific lines changed, and names the regression tests that flipped. This is the pattern that enables the provenance of later QPB versions — a reader can follow any bug's ID through BUGS.md, PROGRESS.md, the writeup at quality/writeups/BUG-NNN.md, the patch at quality/patches/BUG-NNN-fix.patch, the regression-test patch at quality/patches/BUG-NNN-regression-test.patch, and the commit that landed all four.

Conceptually, the v1.4.5 bootstrap is the most thorough self-audit the skill has run. v1.3's bootstraps found prose-level and convention-level bugs — inconsistent version strings, missing sidecar schema examples, regression tests that did not exist where the coverage matrix claimed they did. v1.4.5's bootstrap finds runtime bugs — the runner reports success when a child failed, the archive is not atomic, the gate's closed sets are out of sync with the code, the phase entry gates silently rubber-stamp incomplete runs. The class of bug has changed because the skill has more runtime surface to audit: the Python runner, the Python gate, the shared closed sets, the per-phase verification gates. That shift in bug-class is the signature of an infrastructure-maturation release. The skill is now operating on skill-as-infrastructure, not skill-as-prose.

v1.4.5 as the Baseline for v1.5

v1.4.5 is the current stable release of the Quality Playbook and the direct input to the v1.5.0 redesign. The connection is explicit in QPB_v1.5.0_Design.md, whose "Originating insight" section cites a specific moment in the v1.4.5 self-audit: "Andrew pushed back on a framing I used that treated MST/virtio spec-vs-code disagreement as a 'judgment call' about which source was authoritative. His correction was the seed of v1.5.0: 'If there's a disagreement there, it's a defect. Like MST pointed out, it could need a spec change rather than a code change, but it's a flag that the documented intent and code implementation do not match. That is the definition of a defect.'"

That correction is the structural hinge between v1.4 and v1.5. The v1.4 era's challenge gate, development-scaffolding exclusion, severity calibration rules, and common-sense directives are all attempts to filter false positives out of a bug-finding process that treats bugs as judgment calls about what the code "should" do. Each filter catches a specific class of false positive, and the layered system (early filter → challenge gate → Council of Three → reconciliation) works — but it works by stacking corrections on top of a bug-finding process whose default output includes many false positives. The v1.5.0 reframing changes the underlying process rather than adding more filters. If defect = divergence, then the LLM's task is no longer "what's wrong with this code?" but "where does column A (documented intent) differ from column B (code behavior)?" That is a lookup task, not a performance of expertise, and it changes how the LLM allocates attention.

The 27 bugs from the v1.4.5 self-audit are v1.5.0's empirical ground truth. Each bug is traced to a specific divergence: the code says one thing, SKILL.md or ai_context/DEVELOPMENT_CONTEXT.md says another, and the divergence is the defect. BUG-003 is a divergence between the Phase 2 gate's 80-line WARN threshold and SKILL.md's 120-line requirement. BUG-006 is a divergence between the Phase 3 gate's check of four artifacts and the SKILL.md artifact contract's list of nine. BUG-005 is a divergence between SKILL.md:106's declaration that AGENTS.md is a required Phase 2 artifact and benchmark_lib.py:177-182's PROTECTED_PREFIXES tuple, which does not protect AGENTS.md. BUG-002 is a divergence between the four documented SKILL install locations and the three entries in bin.SKILL_INSTALL_LOCATIONS. BUG-013 is a divergence between SKILL.md's version-string convention and quality_gate.detect_skill_version's substring scan. Every one of these bugs has the same shape: two artifacts, a comparison, and a mismatch. None of them is a judgment call. The v1.5.0 design observes that this is what bugs look like when the pipeline has clean inputs, and builds the structural machinery to make that comparison explicit.

v1.5.0's five structural changes — the formal/informal document split, the tier system for requirements, the formal-source citation schema with SHA256 hashes and verifiable citation excerpts, one-way REQ → UC → formal_doc traceability, and requirements grouped by functionality — are all designed to make the comparison mechanical. A Tier 1 requirement with a verified citation excerpt can be compared against code behavior by a process that does not require the LLM to form an opinion about intent; the intent is already written down, already cited, and already checked against the plaintext companion. A Tier 3 requirement (where code is the source of truth because no formal spec exists) is explicitly labeled as such, and the downstream audit knows not to compare it against documented intent because none exists. The tier metadata is the mechanism by which the comparison stays honest about what it can and cannot conclude.

The direct continuity between v1.4.5 infrastructure and v1.5.0 design is visible in three specific places. First, the self-audit mechanism is preserved: v1.5.0 will run its own bootstrap against v1.5.0 SKILL.md and the v1.4.5 infrastructure. Second, the orchestrator protocol from v1.4.3 / v1.4.4 is inherited directly: the role definition, rationalization watchlist, and file-writing override are load-bearing and carry forward unchanged. Third, the benchmark infrastructure from v1.4.4 / v1.4.5 — the Python runner, the Python gate, the PROTECTED_PREFIXES and PROTECTED_EXACT split, the atomic archive, the clean-folder benchmark protocol — is the foundation on which v1.5.0's changes will be tested. v1.5.0 does not rebuild the infrastructure; it adds the defect-model machinery on top of what v1.4.5 already has.

A reader approaching v1.5.0's design without knowledge of the v1.4 era would miss where the "defect = divergence" reframing came from. It came from the iterative experience of running v1.4.3's challenge gate against edgequake, then running v1.4.5's bootstrap against QPB itself, and noticing that the bugs the gate accepted and the bugs the self-audit found both had the same shape: two artifacts disagreeing in a way that was factually verifiable, not a judgment call. The v1.4 era is what produces enough examples of clean-shape bugs for the reframing to become obvious. Without the era's infrastructure — the Python runner that can be unit-tested, the gate script whose closed sets can be cross-referenced, the benchmark protocol that keeps runs honest, the orchestrator hardening that ensures artifacts get written — the self-audit would not produce bugs clean enough to see the pattern. The v1.5.0 reframing is, in a real sense, an emergent property of the v1.4 era's infrastructure.

The open bugs in quality/BUGS.md at the time of writing — twelve of the 27 — are also informative. They are the bugs that v1.5.0's design consciously does not try to fix by mechanical means. BUG-011 (quality_gate checks EXPLORATION.md existence only, not section structure), BUG-017 (orchestrator prompts omit repo-root SKILL.md from source-checkout bootstrap), BUG-018 (general orchestrator contradicts its own phase-execution ownership model), BUG-021 (runner-generated prompts hardcode one skill-install layout), BUG-024 (file-existence gate omits valid functional-test filenames), BUG-025 (extension checker only validates test_functional.*), BUG-026 (helper functional-test discovery accepts undocumented filenames), and BUG-027 (helper summary counts non-canonical regression aliases as coverage) are all either prose-convention mismatches or closed-set-completeness bugs. They are the bugs that v1.5.0's structural changes will either resolve automatically (by making the schemas explicit) or defer to a later release.

The era closes with the playbook in a state where every major piece has been stabilized, the infrastructure is Pythonic and tested, the bootstrap self-audit is reproducible, and the remaining open bugs are the input to the next version's design. That is what "current stable" means for v1.4.5: not that the skill is bug-free, but that the bugs it still contains are known, triaged, and structured in a way that the next version can address them as a class rather than as isolated fixes. v1.5.0's "defect = divergence" reframing is the class-level response to the class of bugs v1.4.5's self-audit produced.

How v1.4 Sets Up v1.5

Three arcs run from v1.4 directly into v1.5.0. The first is the defect-model arc. v1.4's challenge gate, development-scaffolding exclusion, and common-sense directives are all attempts to prevent the playbook from producing false positives when it is asked to evaluate intent. Each mechanism works, but each one is a correction applied to a process whose default produces false positives. v1.5.0's reframing replaces the process: the LLM no longer evaluates intent; it diffs documented intent against code behavior. The reframing is made possible by the v1.4 era's empirical demonstration that bugs which survive the challenge gate have a specific shape (mechanical divergence between two artifacts), and that bugs which fail the challenge gate have a different shape (judgment calls dressed up as defects). Once the distinction is visible, a structural fix becomes possible.

The second arc is the infrastructure arc. v1.4.4 and v1.4.5 take the playbook's runtime — the runner, the gate, the benchmark protocol — and turn it into tested Python code with formal protocols. v1.5.0's new mechanisms (the tier system, the citation schema with SHA256 hashes, the plaintext-companion validation) are non-trivial to implement. They require a runtime that can ingest documents, compute hashes, extract text at cited locations, validate citation excerpts against plaintext, and fail-closed when extractions do not match. None of that is tractable on a shell-script runtime. The Python infrastructure v1.4 produces is the foundation on which v1.5.0's document-grounded validation becomes feasible. The infrastructure maturation is not motivated by v1.5.0 — it is motivated by the runtime needs of the v1.4 era itself — but v1.5.0 is the first version that spends the infrastructure's new capabilities on something the v1.4 era could not have done.

The third arc is the self-audit arc. v1.4.5's bootstrap produces 27 bugs of a specific class, and the class is recognizable: mechanical divergences between SKILL.md and the runtime, closed sets out of sync, phase-gate thresholds that do not match the artifact contract. The class is exactly what v1.5.0's defect model expects defects to look like. v1.5.0 is, in one reading, a generalization of the v1.4.5 self-audit methodology. The self-audit worked because QPB is a repo whose formal documentation (SKILL.md, ai_context/DEVELOPMENT_CONTEXT.md) is extensive and whose code was written against that documentation. v1.5.0 asks what happens when that methodology is applied to any project — projects with formal documentation get the full Tier 1/2 treatment, projects with only code get the Tier 3 treatment, projects with only informal chat logs get the Tier 4 treatment, and projects with nothing get the Tier 5 treatment with honest labeling that the playbook is operating from inferred intent.

Each arc depends on the others. The defect-model reframing is only tractable if the infrastructure can support document-grounded validation. The infrastructure is only useful if there is a defect model that requires it. The self-audit is only a convincing input to the reframing if the infrastructure produces bugs clean enough to see the pattern. v1.4 ships all three arcs to the point where v1.5.0's design becomes the obvious next step — and the design document for v1.5.0 opens with the observation that this is so. The v1.4 era's role in the skill's evolution is infrastructural in both senses: it builds the infrastructure the next version will run on, and it produces the experience that shapes the next version's design.

If a single sentence captures v1.4's historical role, it is this: v1.4 is the era where the Quality Playbook stopped being a SKILL.md with supporting scripts and became a piece of testable infrastructure that audits itself, and the self-audit the infrastructure produced is what revealed that the skill's remaining work was about modeling defects as divergences rather than as judgment calls. Every later version of the skill inherits the infrastructure v1.4 built and the reframing v1.4's experience produced.

Provenance

Version range: 1.4.3 — 1.4.5

Status: v1.4.5 is the current stable release. The self-audit is ongoing; 15 of 27 bugs fixed as of 2026-04-19, the remaining 12 open for v1.5.0.

Authors: Andrew Stellman, co-authored by Claude Opus 4.6 (v1.4.3 – early v1.4.4) and Claude Opus 4.7 (late v1.4.4, v1.4.5, self-audit fixes).

Dates: 2026-04-16 through 2026-04-19.

Commits by release:

  • v1.4.3: 3045952 (challenge gate), c0ea77c (per-language split), 477aeaf (fold imports back), 896e22f (orchestrator hardening), 3ebdc80 (prohibit claude -p), d6a508f (extract orchestrator protocol), b6a44c6 (inline critical sections, voice fix).
  • v1.4.4: 486965a (version bump), ede75a1 (Claude Code session IS the orchestrator), 2b17652 (quality_gate.py candidate), 842fbde (retire quality_gate.sh), fc5f15a (move to .github/skills/ with package structure), 9bc2813 (recheck key fix), 608369c (context docs).
  • v1.4.5: c47bfdd (Python benchmark runner), 968fc3c (runner test coverage), 6e1957f (positional args are paths), 581517e (v1.4.5 bump, BENCHMARK_PROTOCOL.md, docs/bootstrap/), e0dfb0a (runner curly quotes, strategy lists, PID files), e9c6a9d (cleanup_repo and partial-phase fix), dca14b8 (untrack bootstrap artifacts), 5a71ab4 (retire shell wrapper, version-append fallback).
  • v1.4.5 self-audit fixes (2026-04-19): d6828a5 (BUG-001, 002, 013, 023 — version parsers and SKILL.md discovery), 8c89b6e (BUG-003, 006, 016 — phase entry gates), 9a2e90b (BUG-004, 005 — atomic archive and AGENTS.md cleanup protection), 9b3fc82 (BUG-008, 009, 019, 020, 022 — runner reliability).

Files introduced or promoted to load-bearing status:

  • references/challenge_gate.md (new in 3045952, 106 lines).
  • references/orchestrator_protocol.md (new in d6a508f, 63 lines; voice-corrected in b6a44c6).
  • .github/skills/quality_gate/quality_gate.py (promoted from bash port in 842fbde, relocated in fc5f15a).
  • .github/skills/quality_gate/tests/test_quality_gate.py (new in 842fbde, 108 test cases, 1062 lines).
  • bin/run_playbook.py (new in c47bfdd, 754 lines).
  • bin/benchmark_lib.py (new in c47bfdd, 281 lines).
  • bin/tests/test_benchmark_lib.py, bin/tests/test_run_playbook.py (new in c47bfdd).
  • ai_context/BENCHMARK_PROTOCOL.md (new in 581517e, 72 lines).
  • docs/bootstrap/ (new in 581517e; seed chat history for the QPB self-audit).

Files deleted in the era:

  • references/functional_tests_{go,java,python,rust,scala,typescript}.md (added in c0ea77c, deleted in 477aeaf, same day).
  • repos/quality_gate.sh (deleted in 842fbde, 892 lines retired).
  • repos/run_playbook.sh (deleted in 5a71ab4, shell runner retired).

Empirical validations cited in commit messages:

  • v1.4.3 challenge gate: 3/3 correct verdicts on edgequake (BUG-041 false positive caught, BUG-001 real bug confirmed, BUG-007 feature gap rejected).
  • v1.4.3 orchestrator hardening: successful casbin-1.4.4 run with Opus 4.7 after ede75a1 — 51 bugs confirmed across baseline plus four iterations, quality_gate PASS, all TDD logs in place.
  • v1.4.4 quality_gate.py: byte-identical stdout against casbin-1.4.4 (MD5 f4a8f412d3c1d72333ccc61224b3949d); 108 unit tests pass under both pytest and unittest.
  • v1.4.5 self-audit: 27 bugs identified in quality/BUGS.md; 15 fixed across four commits on 2026-04-19 with regression tests flipping from xfail to passing.

Git is authoritative. All claims in this document are grounded in the commit log, commit diffs, and the v1.4.5 tree as of 9b3fc82. Where chat history or release notes disagree with git, git wins. The partial revert of the per-language split within v1.4.3 (c0ea77c followed by 477aeaf fourteen minutes later) is a specific case where the git record differs from any prose summary of the release; the post-revert state is what v1.4.3 ships, and the transient split is visible only in the commit log.