docs: reject Epic 17, add lightweight incident format to DEVLOG

clark-mackey · clark-mackey · commit 1549a6e6fa4a · 2026-02-06T13:56:52.000-05:00
Epic 17 REJECTED as scope creep (210-line template, SEV-1-5, verification
framework for solo project). Replaced by lightweight incident entry format
in DEVLOG template with 🚨 INCIDENT prefix, 6-item rubric, structured
root-cause/prevention/detection fields (~80-120 tokens vs 210-line template).

PRD: v0.9 - Epic 17 rejected, added to Rejected Ideas section.
DEVLOG template: incident format, rubric, naming convention, AI guidance.
AI rules: incident format + token estimate added to augment + claude-code.

Files: project/specs/prd.md, product/templates/DEVLOG_template.md,
product/ai-rules/augment/log-file-maintenance.md,
product/ai-rules/claude-code/log-file-maintenance.md, logs/CHANGELOG.md
diff --git a/logs/CHANGELOG.md b/logs/CHANGELOG.md
@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Project navigation guide for autonomous agents - Created `project/README.md` explaining directory structure, source of truth hierarchy, and what files to reference. Files: `project/README.md`. Commit: `9ebb777`
 
 - PRD v0.8 alignment pass: Updated Goals (session continuity, self-regulating budgets, minimal dependencies), Background (trimmed), Current State (Feb 2026, resolved issues removed), Technical Assumptions (fixed zero-deps, Augment-only language, manual-only testing), Next Steps (priority order). Files: `project/specs/prd.md`. Commit: `3801f2a`
+- PRD v0.9: Epic 17 REJECTED (scope creep). Lightweight incident format added to DEVLOG template with `🚨 INCIDENT` prefix, 6-item rubric, structured root-cause/prevention fields. Incident format added to both AI rule files. Files: `project/specs/prd.md`, `product/templates/DEVLOG_template.md`, `product/ai-rules/augment/log-file-maintenance.md`, `product/ai-rules/claude-code/log-file-maintenance.md`. Commit: `f6ab74a`
 - Epic spec status updates: EPIC-12 → In Progress (Partial), EPIC-13 → In Progress (Partial), EPIC-15 → DEFERRED. DEFINITION-OF-DONE.md fixed broken ROADMAP link, noted Epic 15 deferral. Files: `project/specs/EPIC-12-security-secrets-detection.md`, `project/specs/EPIC-13-validation-reliability.md`, `project/specs/EPIC-15-governance-review.md`, `project/specs/DEFINITION-OF-DONE.md`. Commit: `e719d03`
 
 ### Changed
diff --git a/product/ai-rules/augment/log-file-maintenance.md b/product/ai-rules/augment/log-file-maintenance.md
@@ -116,6 +116,7 @@ This rule is ALWAYS active. Violations require immediate self-correction.
 - 1 paragraph (~320 chars) ≈ 80 tokens
 - 1 CHANGELOG entry ≈ 60-80 tokens
 - 1 DEVLOG compact entry ≈ 50-80 tokens
+- 1 DEVLOG incident entry ≈ 80-120 tokens
 - 1 DEVLOG standard entry ≈ 150-250 tokens
 
 **Budgets:**
@@ -129,7 +130,7 @@ This rule is ALWAYS active. Violations require immediate self-correction.
 
 ## ✏️ ENTRY VERBOSITY
 
-**Two DEVLOG entry formats:**
+**Three DEVLOG entry formats:**
 
 **Compact format** (default for routine work, ~50-80 tokens):
 ```
@@ -138,7 +139,18 @@ Why/what in 1-2 sentences. Context or rationale.
 Files: `file1.py`, `file2.py`
 ```
 
-**Standard format** (for major decisions, incidents, milestones, ~150-250 tokens):
+**Incident format** (for failures worth learning from, ~80-120 tokens):
+```
+### YYYY-MM-DD: 🚨 INCIDENT - What failed
+**Root Cause:** Why it happened (1-2 sentences)
+**Prevention:** How to stop it recurring (1-2 actions)
+**Detection:** How to catch it earlier next time (1 action)
+Files: `file1.py`, `file2.py` → CHANGELOG: `v1.2.1`
+```
+
+**Incident rubric — always qualifies:** security exposure, data loss/corruption, repeated failure (3+), silent failure, rule violation with impact, regression.
+
+**Standard format** (for major decisions, milestones, ~150-250 tokens):
 ```
 ### YYYY-MM-DD: Title
 **The Situation:** ...
@@ -147,7 +159,7 @@ Files: `file1.py`, `file2.py`
 **Files Changed:** ...
 ```
 
-**Decision guide:** If it needs an ADR → use standard. Otherwise → compact.
+**Decision guide:** Security/data/regression → incident. Needs an ADR → standard. Everything else → compact.
 
 ---
 
diff --git a/product/ai-rules/claude-code/log-file-maintenance.md b/product/ai-rules/claude-code/log-file-maintenance.md
@@ -116,6 +116,7 @@ This rule is ALWAYS active. Violations require immediate self-correction.
 - 1 paragraph (~320 chars) ≈ 80 tokens
 - 1 CHANGELOG entry ≈ 60-80 tokens
 - 1 DEVLOG compact entry ≈ 50-80 tokens
+- 1 DEVLOG incident entry ≈ 80-120 tokens
 - 1 DEVLOG standard entry ≈ 150-250 tokens
 
 **Budgets:**
@@ -129,7 +130,7 @@ This rule is ALWAYS active. Violations require immediate self-correction.
 
 ## ✏️ ENTRY VERBOSITY
 
-**Two DEVLOG entry formats:**
+**Three DEVLOG entry formats:**
 
 **Compact format** (default for routine work, ~50-80 tokens):
 ```
@@ -138,7 +139,18 @@ Why/what in 1-2 sentences. Context or rationale.
 Files: `file1.py`, `file2.py`
 ```
 
-**Standard format** (for major decisions, incidents, milestones, ~150-250 tokens):
+**Incident format** (for failures worth learning from, ~80-120 tokens):
+```
+### YYYY-MM-DD: 🚨 INCIDENT - What failed
+**Root Cause:** Why it happened (1-2 sentences)
+**Prevention:** How to stop it recurring (1-2 actions)
+**Detection:** How to catch it earlier next time (1 action)
+Files: `file1.py`, `file2.py` → CHANGELOG: `v1.2.1`
+```
+
+**Incident rubric — always qualifies:** security exposure, data loss/corruption, repeated failure (3+), silent failure, rule violation with impact, regression.
+
+**Standard format** (for major decisions, milestones, ~150-250 tokens):
 ```
 ### YYYY-MM-DD: Title
 **The Situation:** ...
@@ -147,7 +159,7 @@ Files: `file1.py`, `file2.py`
 **Files Changed:** ...
 ```
 
-**Decision guide:** If it needs an ADR → use standard. Otherwise → compact.
+**Decision guide:** Security/data/regression → incident. Needs an ADR → standard. Everything else → compact.
 
 ---
 
diff --git a/product/templates/DEVLOG_template.md b/product/templates/DEVLOG_template.md
@@ -115,7 +115,7 @@ Why/what in 1-2 sentences. Context or rationale.
 Files: `file1.py`, `file2.py`
 ```
 
-**Standard format** (for major decisions, incidents, milestones, ~150-250 tokens):
+**Standard format** (for major decisions, milestones, ~150-250 tokens):
 
 ```markdown
 ### YYYY-MM-DD: Title - The Core Theme
@@ -129,7 +129,28 @@ Files: `file1.py`, `file2.py`
 **Files Changed:** `file1.py`, `file2.py`
 ```
 
-**Decision guide:** If it needs an ADR → use standard. Otherwise → compact.
+**Incident format** (for failures worth learning from, ~80-120 tokens):
+
+```markdown
+### YYYY-MM-DD: 🚨 INCIDENT - Short description of what failed
+
+**Root Cause:** Why it happened (1-2 sentences)
+**Prevention:** How to stop it recurring (1-2 actions)
+**Detection:** How to catch it earlier next time (1 action)
+Files: `file1.py`, `file2.py` → CHANGELOG: `v1.2.1`
+```
+
+**Incident rubric — always qualifies:**
+1. **Security exposure** — secrets, credentials, or PII leaked or nearly leaked
+2. **Data loss or corruption** — user data, log history, or config destroyed
+3. **Repeated failure** — same error occurs 3+ times across sessions
+4. **Silent failure** — something broke but no error was raised or detected
+5. **Rule violation with impact** — AI skipped a required step and it caused downstream problems
+6. **Regression** — a previously working feature broke due to a change
+
+> **For AI Agents:** Use the `🚨 INCIDENT` prefix so incidents are findable by text search. Not every bug is an incident — only failures where root-cause analysis prevents recurrence. When in doubt, use compact format with a note instead.
+
+**Decision guide:** Security/data/regression → incident. Needs an ADR → standard. Everything else → compact.
 
 ### Best Practices for AI Efficiency
 
diff --git a/project/specs/prd.md b/project/specs/prd.md
@@ -52,6 +52,7 @@ AI coding assistants struggle when project context grows large — traditional d
 | 2026-02-01 | 0.6     | Added Epics 12/13/17/19 to Epic List. Deferred Epic 15, rejected Epic 18. Aligned all epics with mission.   | Augment Agent  |
 | 2026-02-06 | 0.7     | Epic 10 revised: dedicated subagents → agent-agnostic multi-agent support. SESSION END guard for agent teams. | Augment Agent  |
 | 2026-02-06 | 0.8     | PRD alignment pass: updated Goals, Background, Current State (Feb 2026), Technical Assumptions, Next Steps. Fixed stale claims and Augment-only language. | Augment Agent  |
+| 2026-02-06 | 0.9     | Epic 17 REJECTED (scope creep). Incident reporting replaced by lightweight DEVLOG incident format with rubric and `🚨 INCIDENT` prefix. | Augment Agent  |
 
 ---
 
@@ -156,9 +157,9 @@ No runtime services. The core system is markdown files and AI rules. Optional Py
 **Goal:** Verify AI agents maintain logs correctly with automated validation and self-assessment.
 **Status:** Planned. Spec: `project/specs/EPIC-13-validation-reliability.md`
 
-### Epic 17: Incident Reports & Learning 📋 P1
-**Goal:** Teach AI agents to create structured incident reports when failures occur - documenting what went wrong and how to prevent recurrence.
-**Status:** Planned. Template WIP in `project/templates/`. Spec: `project/specs/EPIC-17-incident-reports-learning.md`
+### ~~Epic 17: Incident Reports & Learning~~ ❌ REJECTED → DEVLOG Enhancement
+**Goal:** ~~Standalone incident report document type with 210-line template, severity levels, verification framework.~~
+**Status:** REJECTED - Scope creep (enterprise incident management for solo project). Replaced by lightweight incident entry format in DEVLOG template. See DEVLOG template → "Incident format". Spec: `project/specs/EPIC-17-incident-reports-learning.md`
 
 ### ~~Epic 15: Governance & Review~~ ⏸️ DEFERRED
 **Goal:** ~~Human review workflows for AI-generated documentation.~~
@@ -1501,6 +1502,23 @@ The following epics were rejected after code-police review identified 60% missio
 
 **What Would Be Lost:** Automatic CHANGELOG entries, CI token budget checks. Alternative: AI writes rich content directly (current approach works), validation scripts already provide budget checks.
 
+### ~~Epic 17: Incident Reports & Learning~~ ❌ REJECTED → DEVLOG Enhancement
+
+**Why Rejected:** Standalone incident report document type (210-line template, SEV-1 through SEV-5, verification framework, metrics dashboards) is enterprise scope creep for a solo project. Information duplicates what DEVLOG and CHANGELOG already capture. Adds a 6th document type that breaks schema consistency (no frontmatter linking, no AI guidance, no archive strategy, Related Documents at bottom not top).
+
+**Original Goal:** Structured incident reporting system with template, how-to guide, AI auto-detection, verification framework, and metrics tracking.
+
+**Mission Alignment Score:** 4/10 - The *concept* of learning from failures helps AI agents, but the *implementation* wastes tokens (210-line template vs 20-line DEVLOG format) and fragments knowledge across a new document type.
+
+**Code-Police Findings:**
+- DEVLOG "Fixed" entries + CHANGELOG "Fixed" entries already capture incident information
+- 8-section template creates navigation overhead that hurts AI token efficiency
+- Severity levels (SEV-1 to SEV-5) add enterprise complexity with no AI benefit
+- Success metrics ("5+ incidents/month") force artificial incident creation
+- Schema breaks all established patterns (no frontmatter linking, no AI guidance, no archive)
+
+**What Was Kept:** Lightweight incident entry format added to DEVLOG template with `🚨 INCIDENT` prefix for easy filtering, structured root-cause/prevention fields, and a short rubric of qualifying events. Same learning value, 90% fewer tokens.
+
 ---
 
 ## Future Considerations (v2.0+)
