fix: Add granular sub-steps and verification gates to Steps 16-18 (#2231)

* fix: Add granular sub-steps and verification gates to Steps 16-18

Implements solution for issue #2224 (completion bias after PR creation).

Combines Option 2 (granular agent invocation todos) and Option 3
(explicit verification gates) to prevent agents from rushing through
review steps after PR creation.

Changes:
- Step 16: Split into 5 sub-steps (16a-16e) with verification gate
  - 16a: Step 13 compliance verification
  - 16b: Invoke reviewer agent
  - 16c: Invoke security agent
  - 16d: Invoke philosophy-guardian agent
  - 16e: Address blocking issues

- Step 17: Split into 4 sub-steps (17a-17d) with verification gate
  - 17a: Review all feedback
  - 17b: Address feedback with builder agent
  - 17c: Push and respond
  - 17d: Verify and re-review if needed

- Step 18: Split into 3 sub-steps (18a-18c) with verification gate
  - 18a: Invoke reviewer agent for philosophy check
  - 18b: Invoke patterns agent
  - 18c: Zero-BS verification

Each step now requires explicit evidence of completion before the
verification gate allows proceeding to the next step.

Fixes #2224

* fix: Align sub-step numbering between markdown and YAML

Address reviewer feedback:
- Add Step 16a (Step 13 compliance verification) to YAML
- Add Step 16e (address blocking issues) to YAML
- Rename verification gates to explicit sub-step labels (16f, 17e, 18d)
- Add missing context variables (pr_security_review, pr_philosophy_review, blocking_issues_addressed)
- Update Step 0 to reflect correct sub-step counts

Both .md and .yaml now have consistent sub-step structure:
- Step 16: 16a-16f (6 sub-steps)
- Step 17: 17a-17e (5 sub-steps)
- Step 18: 18a-18d (4 sub-steps)

---------

Co-authored-by: Ubuntu <azureuser@amplihack-dev.ftnmxvem3frujn3lepas045p5c.xx.internal.cloudapp.net>

Author: rysweet

.claude/workflow/DEFAULT_WORKFLOW.md

@@ -572,20 +572,58 @@ python .claude/scenarios/az-devops-tools/create_pr.py \
 - Quality gates exist for a reason - bypassing them introduces risk
 - Pattern of skipping reviews leads to technical debt accumulation
 
-**Review checklist:**
+**Step 16a: Step 13 Compliance Verification**
+
+- [ ] Check PR description has "Step 13: Local Testing Results" section with actual test execution evidence
+- [ ] If missing: BLOCK review, comment on PR, request test results (no approval path - just do the testing)
+
+**Step 16b: Invoke reviewer agent**
 
-- [ ] **⚠️ Step 13 Compliance Verification (MANDATORY)** - Verify PR description contains test results
-  - [ ] Check PR description has "Step 13: Local Testing Results" section with actual test execution evidence
-  - [ ] If missing: BLOCK review, comment on PR, request test results (no approval path - just do the testing)
 - [ ] **Always use** reviewer agent for comprehensive code review
   - **Alternative**: Use `/socratic-review` for dialogue-based review when learning is as important as fixing (mentoring, design documentation, complex code explanation)
-- [ ] **Use** security agent for security review
 - [ ] Check code quality and standards
-- [ ] Verify philosophy compliance
 - [ ] Ensure adequate test coverage
 - [ ] Identify potential improvements
-- [ ] Ensure there are no TODOs, stubs, or swallowed exceptions, no unimplemented functions - follow the zero-BS principle.
-- [ ] Post the review as a comment on the PR:
+- [ ] Ensure there are no TODOs, stubs, or swallowed exceptions, no unimplemented functions - follow the zero-BS principle
+- [ ] **POST structured review findings to the PR** → Evidence: review comment link
+
+**Step 16c: Invoke security agent**
+
+- [ ] **Use** security agent for security review
+- [ ] Verify no security vulnerabilities introduced
+- [ ] Check authentication/authorization if applicable
+- [ ] Verify sensitive data handling
+- [ ] **POST security review to the PR** → Evidence: security comment link
+
+**Step 16d: Invoke philosophy-guardian agent**
+
+- [ ] **Use** philosophy-guardian agent to verify philosophy compliance
+- [ ] Verify ruthless simplicity achieved
+- [ ] Confirm bricks & studs pattern followed
+- [ ] Ensure zero-BS implementation
+- [ ] **POST philosophy check to the PR** → Evidence: philosophy comment link
+
+**Step 16e: Address blocking issues**
+
+- [ ] Review all findings from 16b, 16c, 16d
+- [ ] Address any blocking issues found before proceeding
+- [ ] If issues found, fix and re-run applicable reviews
+
+**Step 16f: Verification Gate**
+
+**🚨 VERIFICATION GATE - Before marking Step 16 complete, verify:**
+
+- [ ] Did I invoke the **reviewer** agent (not just code-review)?
+- [ ] Did I invoke the **security** agent?
+- [ ] Did I invoke the **philosophy-guardian** agent?
+- [ ] Are all three reviews **posted to the PR** as comments?
+- [ ] All blocking issues have been addressed?
+
+**Cannot proceed to Step 17 without completing this gate.**
+
+---
+
+\*\*Post reviews as comments on the PR:
 
 **For GitHub**:
 
@@ -611,13 +649,46 @@ az repos pr create-thread \
 - Indicates disrespect for reviewer's time and expertise
 - May block PR merge indefinitely
 
-**Feedback implementation checklist:**
+**Step 17a: Review all feedback**
+
+- [ ] Gather all feedback comments from Step 16 reviews (reviewer, security, philosophy-guardian)
+- [ ] Think very carefully about each comment
+- [ ] Categorize: blocking issues vs. suggestions vs. questions
+
+**Step 17b: Address feedback with builder agent**
 
-- [ ] Review all feedback comments, think very carefully about each one and decide how to address it (or if you should disagree, explain why in a comment)
 - [ ] **Always use** builder agent to implement changes
-- [ ] **Use** relevant specialized agents for specific feedback
-- [ ] Address each review comment
+- [ ] **Use** relevant specialized agents for specific feedback types
+- [ ] Address each review comment substantively
+- [ ] For disagreements, explain reasoning in a PR comment
+
+**Step 17c: Push and respond**
+
 - [ ] Push updates to PR
+- [ ] Respond to each review comment with what was done
+- [ ] Post replies as comments on the PR
+
+**Step 17d: Verify and re-review if needed**
+
+- [ ] Ensure all tests still pass
+- [ ] Ensure PR is still mergeable
+- [ ] Request re-review if significant changes were made
+
+**Step 17e: Verification Gate**
+
+**🚨 VERIFICATION GATE - Before marking Step 17 complete, verify:**
+
+- [ ] Did I address EVERY feedback comment (not just some)?
+- [ ] Did I respond to each comment on the PR explaining what was done?
+- [ ] Did I use the builder agent for implementation changes?
+- [ ] Are all tests still passing?
+
+**Cannot proceed to Step 18 without completing this gate.**
+
+---
+
+**Feedback implementation checklist:**
+
 - [ ] Respond to review comments by posting replies as comments on the PR:
 
 **For GitHub**:
@@ -640,14 +711,46 @@ az repos pr create-thread \
 
 ### Step 18: Philosophy Compliance Check
 
+**Step 18a: Invoke reviewer agent for philosophy check**
+
 - [ ] **Always use** reviewer agent for final philosophy check
+- [ ] Verify implementation aligns with project philosophy
+- [ ] Check for over-engineering or unnecessary complexity
+- [ ] **Document findings** → Evidence: philosophy review notes
+
+**Step 18b: Invoke patterns agent**
+
 - [ ] **Use** patterns agent to verify pattern compliance
+- [ ] Design patterns used correctly
+- [ ] Architectural patterns followed
+- [ ] Code organization patterns maintained
+- [ ] **Document findings** → Evidence: patterns review notes
+
+**Step 18c: Zero-BS verification**
+
 - [ ] Verify ruthless simplicity achieved
 - [ ] Confirm bricks & studs pattern followed
-- [ ] Ensure zero-BS implementation (no stubs, faked apis, swallowed exceptions, etc)
+- [ ] Ensure zero-BS implementation:
+  - No stubs
+  - No faked APIs or data
+  - No swallowed exceptions
+  - No TODO comments
+  - No unimplemented functions
 - [ ] Verify all tests passing
 - [ ] Check documentation completeness and accuracy
 
+**Step 18d: Verification Gate**
+
+**🚨 VERIFICATION GATE - Before marking Step 18 complete, verify:**
+
+- [ ] Did I invoke the **reviewer** agent for philosophy check?
+- [ ] Did I invoke the **patterns** agent?
+- [ ] Did I complete the zero-BS verification checklist?
+- [ ] Are all findings documented?
+- [ ] Any issues found have been addressed?
+
+**Cannot proceed to Step 19 without completing this gate.**
+
 ### Step 19: Outside-In Testing in Real Environment
 
 **🚨 VERIFICATION GATE - CANNOT PROCEED WITHOUT:**