feat(traceability): add GitHub Issue intake workflow to spec protocol

[rjmurillo-bot]

Pull Request

Summary

Document the workflow for translating GitHub Issues into the REQ, DESIGN, TASK spec layer. Add source field for bidirectional linking between issues and specs.

Specification References

Type	Reference	Description
Issue	Fixes #720	feat(traceability): GitHub Issues to Spec workflow integration

Spec Requirement Guidelines

PR Type	Spec Required?	Guidance
Documentation (docs:)	Not required	N/A

Changes

• Add "GitHub Issue Intake" section to traceability-protocol.md with 4-step workflow (triage, translate, link-back, decompose)
• Add bidirectional linking table (Issue to Spec via comment, Spec to Issue via source field)
• Add skip criteria for when spec generation is unnecessary
• Add migration guidance (forward-only, no retroactive generation)
• Add source field (GH-<number> pattern) to spec-schemas.md common fields and requirement schema
• Update "Feature Development Flow" to start from GitHub Issue triage
• Bump traceability-protocol.md version from 1.0.0 to 1.1.0

Type of Change

• Documentation update

Testing

• No testing required (documentation only)
• markdownlint passes on changed files
• 150 traceability/spec tests pass (0 regressions)

Agent Review

Security Review

• No security-critical changes in this PR

Other Agent Reviews

• Self-review completed

Checklist

• Code follows project style guidelines
• Self-review completed
• Documentation updated (if applicable)
• No new warnings introduced

Related Issues

Fixes #720

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[github-actions]

PR Validation Report

Tip

✅ Status: PASS

Description Validation

Check	Status
Description matches diff	PASS

QA Validation

Check	Status
Code changes detected	False
QA report exists	N/A

---

_{Powered by PR Validation workflow}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ddf053 and 4bc644c.

⛔ Files ignored due to path filters (1)

• .agents/sessions/2026-02-25-session-1.json is excluded by !.agents/sessions/**

📒 Files selected for processing (2)

• .agents/governance/traceability-protocol.md
• .agents/memory/episodes/episode-2026-02-25-session-1.json

🚧 Files skipped from review as they are similar to previous changes (1)

• .agents/memory/episodes/episode-2026-02-25-session-1.json

---

📝 Walkthrough

Walkthrough

Adds optional source field to governance spec schemas and Requirement front matter; updates traceability protocol to v1.1.0 with GitHub Issue → Spec intake, bidirectional linking, spec modification flow, and diagrams; and adds a memory episode JSON record.

Changes

Cohort / File(s)	Summary
Governance Schema ​.agents/governance/spec-schemas.md	Added optional source (string) to common fields and Requirement front matter; updated examples and traceability/cross-reference text to reference source (e.g., GH-720).
Traceability Protocol ​.agents/governance/traceability-protocol.md	Bumped version 1.0.0 → 1.1.0; added GitHub Issue intake, bidirectional linking rules (Issue↔Spec via source), criteria for skipping spec generation, feature development and spec modification flows, pre-commit/critic/retrospective validations, and updated mermaid diagrams.
Memory Episode ​.agents/memory/episodes/episode-2026-02-25-session-1.json	New episode JSON with outcome partial, empty decisions/events/lessons, and metrics initialized (zero duration, zero tool calls/errors/recoveries, commits: 2, files_changed: 0).

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Reporter as Reporter
participant GitHub as GitHub Issue
participant Triage as Triage
participant SpecGen as Spec Generator
participant Repo as Spec Repo
participant CI as Pre-commit / Validator

Reporter->>GitHub: create issue
GitHub->>Triage: notify / triage
Triage->>SpecGen: request spec (REQ-NNN) with `source: GH-<issue>`
SpecGen->>Repo: create REQ-NNN (front matter includes `source`)
Repo->>GitHub: post comment linking spec (bidirectional link)
Repo->>CI: run pre-commit / validation
CI-->>Repo: validation result
Triage->>SpecGen: create DESIGN-NNN / TASK-NNN linked to REQ-NNN
SpecGen->>Repo: update specs (link back to original issue)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• rjmurillo-bot
• rjmurillo

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows conventional commit format with type 'feat', scope 'traceability', and clear description of the change.
Description check	✅ Passed	Description clearly documents the workflow for GitHub Issue intake and the new source field, directly related to the changeset.
Linked Issues check	✅ Passed	All PR objectives match requirements from #720: Issue Intake Protocol documented, bidirectional linking added via source field, migration plan provided, workflow documented in traceability-protocol.md.
Out of Scope Changes check	✅ Passed	All changes are directly in scope: spec-schemas.md updated with source field, traceability-protocol.md updated with intake workflow and version bump, and memory episode file added for tracking.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/720-autonomous

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.agents/governance/traceability-protocol.md (1)

41-46: Convert text diagram to Mermaid.

The text-based diagram should use Mermaid syntax instead of ASCII art. As per coding guidelines, governance documents should use Mermaid for diagrams.

📊 Proposed Mermaid diagram

-```text
-GitHub Issue --> REQ-NNN --> DESIGN-NNN --> TASK-NNN
-    |               |
-    |               +-- source: GH-<issue>
-    +-- Spec link added as issue comment
-```
+```mermaid
+flowchart LR
+    GH[GitHub Issue] -->|translate| REQ[REQ-NNN]
+    REQ -->|decompose| DESIGN[DESIGN-NNN]
+    DESIGN -->|decompose| TASK[TASK-NNN]
+    REQ -.->|source: GH-number| GH
+    GH -.->|comment: REQ-NNN| REQ
+```

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/governance/traceability-protocol.md around lines 41 - 46, Replace
the ASCII/text diagram with a Mermaid flowchart in traceability-protocol.md:
convert the nodes and arrows into Mermaid syntax using a flowchart LR block and
use labeled nodes like GH (GitHub Issue), REQ (REQ-NNN), DESIGN (DESIGN-NNN),
TASK (TASK-NNN); express the main forward links (GH --> REQ --> DESIGN --> TASK)
and the backward/source relationships as dashed arrows (e.g., REQ -.-> GH and GH
-.-> REQ) and include the labels (translate, decompose, source: GH-number,
comment: REQ-NNN) to match the proposed diagram.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.agents/governance/traceability-protocol.md:
- Around line 41-46: Replace the ASCII/text diagram with a Mermaid flowchart in
traceability-protocol.md: convert the nodes and arrows into Mermaid syntax using
a flowchart LR block and use labeled nodes like GH (GitHub Issue), REQ
(REQ-NNN), DESIGN (DESIGN-NNN), TASK (TASK-NNN); express the main forward links
(GH --> REQ --> DESIGN --> TASK) and the backward/source relationships as dashed
arrows (e.g., REQ -.-> GH and GH -.-> REQ) and include the labels (translate,
decompose, source: GH-number, comment: REQ-NNN) to match the proposed diagram.

[github-actions]

AI Quality Gate Review

Tip

✅ Final Verdict: PASS

Walkthrough

This PR was reviewed by six AI agents in parallel, analyzing different aspects of the changes:

• Security Agent: Scans for vulnerabilities, secrets exposure, and security anti-patterns
• QA Agent: Evaluates test coverage, error handling, and code quality
• Analyst Agent: Assesses code quality, impact analysis, and maintainability
• Architect Agent: Reviews design patterns, system boundaries, and architectural concerns
• DevOps Agent: Evaluates CI/CD, build pipelines, and infrastructure changes
• Roadmap Agent: Assesses strategic alignment, feature scope, and user value

Review Summary

Agent	Verdict	Category	Status
Security	PASS	N/A	✅
QA	PASS	N/A	✅
Analyst	PASS	N/A	✅
Architect	PASS	N/A	✅
DevOps	PASS	N/A	✅
Roadmap	PASS	N/A	✅

💡 Quick Access: Click on individual agent jobs (e.g., "🔒 security Review", "🧪 qa Review") in the workflow run to see detailed findings and step summaries.

Security Review Details

Security Review: PR #1209

PR Type Detection

File	Category	Security Scrutiny
.agents/governance/spec-schemas.md	DOCS	None required
.agents/governance/traceability-protocol.md	DOCS	None required
.agents/memory/episodes/episode-2026-02-25-session-1.json	CONFIG	Schema only
.agents/sessions/2026-02-25-session-1.json	CONFIG	Schema only

Classification: Documentation and session artifact changes only.

Findings

Severity	Category	Finding	Location	CWE
-	-	No security issues identified	-	-

Analysis

1. Secret Detection: No credentials, API keys, or tokens in changed files. The GH-720 pattern is a reference format, not a secret.

2. Injection Surface: Documentation files describe workflow processes. No executable code paths introduced.

3. Session Artifacts: JSON files contain session metadata (timestamps, branch names, commit SHAs). No sensitive data exposed.

4. Schema Changes: Added source field with pattern GH-\d+ for issue linking. This is a string field with defined validation pattern. No injection risk.

Recommendations

None. Documentation-only PR with no security implications.

Verdict

VERDICT: PASS
MESSAGE: Documentation-only PR. Changed files are governance docs and session artifacts with no executable code, credentials, or sensitive data exposure.

QA Review Details

Based on my review of the PR:

---

QA Review Verdict

VERDICT: PASS
MESSAGE: Documentation-only PR with valid markdown syntax and no broken links.

PR TYPE: DOCS
FILES:
- DOCS: .agents/governance/spec-schemas.md, .agents/governance/traceability-protocol.md
- CONFIG: .agents/sessions/2026-02-25-session-1.json, .agents/memory/episodes/episode-2026-02-25-session-1.json

EVIDENCE:
- Tests found: N/A - DOCS only
- Test execution: PASS (4483 passed, 3 skipped) - confirms no regressions
- Edge cases: N/A
- Error handling: N/A
- Blocking issues: 0

PR Type Classification

Category	Files
DOCS	spec-schemas.md, traceability-protocol.md
CONFIG	Session log JSON files (agent artifacts)

Analysis

Documentation Changes Verified:

• source field added to common fields table with correct pattern GH-<number>
• GitHub Issue Intake workflow section added with clear 4-step process
• Bidirectional linking mechanism documented
• Skip criteria defined for when spec generation is unnecessary
• Version bumped from 1.0.0 to 1.1.0
• Feature Development Flow updated to start from GitHub Issue triage
• Mermaid diagram updated to match text workflow

Quality Checks:

• No broken internal links (references to spec-schemas.md exist)
• Markdown syntax valid (pre-commit hook passed per PR description)
• Version increment follows semver (1.0.0 → 1.1.0 for additive feature)
• Tables properly formatted
• Code blocks use correct fence syntax

Test Results:

• 4483 pytest tests passed with 0 failures
• 150 traceability/spec tests passed per PR description
• No regressions introduced

Regression Risk Assessment

• Risk Level: Low
• Affected Components: None (documentation only)
• Breaking Changes: None
• Required Testing: Markdownlint validation (completed)

Analyst Review Details

Analysis: PR #1209 - GitHub Issue Intake Workflow

Code Quality Score

Criterion	Score (1-5)	Notes
Readability	5	Clear workflow steps, well-structured tables, consistent formatting
Maintainability	5	Isolated changes, no coupling to implementation code
Consistency	5	Follows existing spec-schemas.md patterns, uses established field formats
Simplicity	5	Minimal additions: one new field, one new section, version bump

Overall: 5/5

Impact Assessment

• Scope: Isolated (documentation only, 2 governance files)
• Risk Level: Low
• Affected Components:
  • traceability-protocol.md (new intake section, updated workflow diagram)
  • spec-schemas.md (new source field in common fields and REQ schema)

Findings

Priority	Category	Finding	Location
Low	Documentation	Version bump from 1.0.0 to 1.1.0 correctly signals backward-compatible addition	traceability-protocol.md:5
Low	Consistency	source field pattern GH-\d+ aligns with EPIC-\d{3} pattern style	spec-schemas.md:114
Low	Design	Bidirectional linking table provides clear mechanism for Issue-to-Spec tracing	traceability-protocol.md:56-61
Low	Session	Session log and episode files are standard protocol artifacts	.agents/sessions/, .agents/memory/episodes/

Recommendations

1. No changes required. Documentation is complete and self-consistent.
2. The source field is optional and additive, preserving backward compatibility.
3. Skip criteria (lines 66-75) prevent over-engineering for trivial changes.
4. Migration guidance (lines 77-81) is forward-only, avoiding retroactive work.

Verdict

VERDICT: PASS
MESSAGE: Clean documentation update. Adds bidirectional GitHub Issue to Spec traceability with clear workflow, skip criteria, and migration guidance. No architectural violations, no breaking changes.

Architect Review Details

Design Quality Assessment

Aspect	Rating (1-5)	Notes
Pattern Adherence	5	Follows established spec schema patterns; extends existing fields consistently
Boundary Respect	5	Changes contained to governance layer; no cross-boundary violations
Coupling	5	Loose coupling via source field pattern; no new dependencies
Cohesion	5	Single responsibility: GitHub Issue intake workflow in one section
Extensibility	5	GH-<number> pattern extensible to other intake sources

Overall Design Score: 5/5

Architectural Concerns

Severity	Concern	Location	Recommendation
None	-	-	-

Breaking Change Assessment

• Breaking Changes: No
• Impact Scope: None
• Migration Required: No
• Migration Path: N/A (forward-only migration documented in PR)

Technical Debt Analysis

• Debt Added: Low
• Debt Reduced: Low
• Net Impact: Neutral

The source field addition is additive and optional. No validation scripts require updates. The workflow documentation clarifies an existing gap without adding complexity.

ADR Assessment

• ADR Required: No
• Decisions Identified: None architectural. This documents a process workflow, not a technology or pattern choice.
• Existing ADR: None related
• Recommendation: N/A

The changes define operational workflow (how issues become specs) rather than architectural decisions (technology choices, patterns, trade-offs). No ADR needed.

Recommendations

1. None. Documentation is well-structured with clear skip criteria and migration guidance.

Verdict

VERDICT: PASS
MESSAGE: Documentation-only change. Extends spec schema with optional source field. Workflow is process documentation, not architectural decision. No breaking changes.

DevOps Review Details

DevOps Review: PR #1209

PR Scope Detection

Category	Files Changed	Review Scope
DOCS	.agents/governance/spec-schemas.md, .agents/governance/traceability-protocol.md	None required
CONFIG	.agents/sessions/*.json, .agents/memory/episodes/*.json	Schema validation only

This PR contains documentation and session log files only. No workflows, actions, scripts, or build configuration changes.

Pipeline Impact Assessment

Area	Impact	Notes
Build	None	No build files modified
Test	None	No test configuration changes
Deploy	None	No deployment files modified
Cost	None	No CI/CD changes

CI/CD Quality Checks

Check	Status	Location
Workflow files modified	N/A	No workflow changes
Actions pinned	N/A	No action changes
Secrets handling	N/A	No secrets involved
Shell scripts	N/A	No scripts modified

Findings

Severity	Category	Finding	Location	Fix
—	—	No DevOps concerns	—	—

Template Assessment

• PR Template: Adequate (all sections completed)
• Issue Templates: N/A (not modified)

Automation Opportunities

Opportunity	Type	Benefit	Effort
spec-generator automation	Workflow	Medium	Medium

The documented workflow references a spec-generator agent. A future PR could add a GitHub Actions workflow to automate spec generation from labeled issues.

Recommendations

1. No action required for this PR. Documentation changes do not affect CI/CD.

VERDICT: PASS
MESSAGE: Documentation-only PR with no CI/CD impact. Session JSON files follow expected schema structure.

Roadmap Review Details

I have enough context to complete the strategic alignment review.

---

Strategic Alignment Assessment

Criterion	Rating	Notes
Aligns with project goals	High	Supports Master Product Objective of coordinated AI workflows with minimal friction
Priority appropriate	Medium	Addresses traceability (infrastructure), not a current roadmap epic
User value clear	Medium	Benefits maintainers/contributors, not end users directly
Investment justified	High	Documentation-only change with zero implementation cost

Feature Completeness

• Scope Assessment: Right-sized
• Ship Ready: Yes
• MVP Complete: Yes
• Enhancement Opportunities: Future automation (spec-generator agent implementation, GitHub Actions for auto-linking)

Impact Analysis

Dimension	Assessment	Notes
User Value	Medium	Maintainers get clearer workflow; end users see no direct impact
Business Impact	Medium	Reduces specification chaos, improves audit trail
Technical Leverage	High	Establishes foundation for automated issue-to-spec tooling
Competitive Position	Neutral	Internal process improvement

Concerns

Priority	Concern	Recommendation
Low	No spec-generator agent exists yet	Document as future implementation in roadmap backlog
Low	Migration guidance says "forward-only" but no timeline	Acceptable for documentation-first approach

Recommendations

1. This change establishes process documentation that enables future automation. Ship now, implement tooling later.
2. Consider adding a backlog item for "spec-generator agent" to operationalize this workflow.
3. The source: GH-<number> field is a clean bidirectional linking pattern that integrates well with existing traceability infrastructure.

Verdict

VERDICT: PASS
MESSAGE: Documentation-only change that establishes clear GitHub Issue intake workflow. Aligns with traceability infrastructure goals. Zero implementation cost, high future leverage.

---

Run Details

Property	Value
Run ID	22421483355
Triggered by	pull_request on 1209/merge
Commit	7d169a6fd799b6b42b2772d423512b14a66a0d6c

_{Powered by AI Quality Gate workflow}

[github-actions]

Session Protocol Compliance Report

Tip

✅ Overall Verdict: PASS

All session protocol requirements satisfied.

What is Session Protocol?

Session logs document agent work sessions and must comply with RFC 2119 requirements:

• MUST: Required for compliance (blocking failures)
• SHOULD: Recommended practices (warnings)
• MAY: Optional enhancements

See .agents/SESSION-PROTOCOL.md for full specification.

Compliance Summary

Session File	Verdict	MUST Failures
sessions-2026-02-25-session-1.md	✅ COMPLIANT	0

Detailed Validation Results

Click each session to see the complete validation report with specific requirement failures.

📄 sessions-2026-02-25-session-1

=== Session Validation ===
File: /home/runner/work/ai-agents/ai-agents/.agents/sessions/2026-02-25-session-1.json

[PASS] Session log is valid

---

✨ Zero-Token Validation

This validation uses deterministic script analysis instead of AI:

• ✅ Zero tokens consumed (previously 300K-900K per debug cycle)
• ✅ Instant feedback - see exact failures in this summary
• ✅ No artifact downloads needed to diagnose issues
• ✅ 10x-100x faster debugging

Powered by validate_session_json.py

📊 Run Details

Property	Value
Run ID	22421483353
Files Checked	1
Validation Method	Deterministic script analysis

_{Powered by Session Protocol Validator workflow}