approved-plan-continuity-hard-gate/README.md

# Approved Plan Continuity Hard Gate

## 中文說明

這個 repo 是從較大的 OpenClaw workspace 中抽出的焦點工作流成果，主題是：

- **approved plan continuity hard-gate**
- **dispatch receipt binding**
- **anti-blackhole / completion-delivery watchdog groundwork**

目標是避免這種情況再次發生：

- 任務已完成
- 下一步其實已經明確
- 但沒有真的 dispatch 下一個 task
- 最後流程卻還是收尾，造成 **auto-next break / continuity failure**

## 目前已完成

目前這個 repo 已經包含並驗證以下能力：

1. **continuity evaluator**
   - task 完成、next action 已知、但沒有 next dispatch receipt，且 closure 狀態又不是 `waiting_user` / `blocked` / `pending_verification` 時，會判定 `continuity_failure`。

2. **dispatch receipt binding groundwork**
   - 已有 continuity receipt storage 定義
   - 已有最小 dispatch receipt writer
   - 已有 continuity gate / dispatch binding 對應測試

3. **`derivedAction` 與 `nextDerivedAction` 一致納入 continuity 判定**
   - 不再只有 `nextDerivedAction` 才受 gate 約束。

4. **`dry_run_dispatch` 不得冒充真 receipt**
   - planner 的 dry-run 結果不再被 handler fallback 當成真實 dispatch receipt。

5. **fake receipt authority 已補強**
   - continuity gate 不再接受任意 non-null `dispatchReceipt`
   - 現在至少要求最小 receipt 欄位：
     - `planId`
     - `currentTask`
     - `nextDerivedAction`
     - `dispatchedAt`

6. **hook integration 已接入**
   - continuity gate 已接進 `hooks/force-recall/handler.ts`
   - 目前會透過 `[APPROVED_PLAN_CONTINUITY_GATE]` block 注入現行 flow

## 目前限制

這條線雖然已經接入現行 flow，但目前仍偏向 **prompt-level hard-gate integration**，而不是 engine-level abort。也就是說：

- 已經不是只有規則文件
- 已經不是只有獨立腳本測試
- 但也還不是最底層 runtime/core 的絕對阻斷器

## 下一步建議

下一階段最合理的方向有兩條：

1. **把 continuity hard-gate 再往更硬的 runtime enforcement 推進**
2. **回頭補完 anti-blackhole / completion-delivery watchdog recovery 閉環**

---

## English Description

This repository is a focused export from a larger OpenClaw workspace. It captures a workflow hardening workstream around:

- **approved plan continuity hard-gate**
- **dispatch receipt binding**
- **anti-blackhole / completion-delivery watchdog groundwork**

The goal is to prevent this failure mode:

- a task is completed,
- the next step is already known,
- but the next task is never actually dispatched,
- and the flow still closes out as if continuity were preserved.

## Current State

The repo now includes and validates the following capabilities:

1. **Continuity evaluator**
   - When a task is complete, the next action is known, and there is no next dispatch receipt, and the closure state is not `waiting_user`, `blocked`, or `pending_verification`, the flow is classified as `continuity_failure`.

2. **Dispatch receipt binding groundwork**
   - continuity receipt storage shape
   - minimal dispatch receipt writer
   - continuity gate / dispatch binding tests

3. **`derivedAction` is treated as a real next-action source**
   - The gate no longer depends only on `nextDerivedAction`.

4. **`dry_run_dispatch` is no longer accepted as a real receipt**
   - Planner dry-run output is no longer promoted into a real dispatch receipt by handler fallback logic.

5. **Fake receipt authority has been tightened**
   - The continuity gate no longer accepts any arbitrary non-null `dispatchReceipt`
   - It now requires at least these minimum fields:
     - `planId`
     - `currentTask`
     - `nextDerivedAction`
     - `dispatchedAt`

6. **Hook integration is now present**
   - The continuity gate is integrated into `hooks/force-recall/handler.ts`
   - It currently enters the live flow through the `[APPROVED_PLAN_CONTINUITY_GATE]` injected block

## Current Limitation

This workstream is now beyond pure documentation and beyond isolated script-level testing, but it still behaves more like a **prompt-level hard-gate integration** than a true engine-level abort mechanism.

## Suggested Next Steps

Two reasonable follow-up directions remain:

1. **push continuity hard-gate further toward stronger runtime enforcement**
2. **return to anti-blackhole / completion-delivery watchdog recovery closure**