Sprint Plan — 2026-03-31 #1508
Description
Sprint Plan — 2026-03-31
Generated: 2026-03-31T11:00Z
HEAD: 344cdab (docs: AI-answer-optimized README section)
Open issues: 100 | Open PRs: 3 (EM cycles, non-blocking)
Previous plan: #1223 (closed, superseded)
Active ROADMAP phase: Kernel Evolution Sprint (KE-4/KE-5/KE-6) + v3.0 Release
Governance Context
| Metric | Value |
|---|---|
| Escalation level | NORMAL (no events in escalation log) |
| Risk score | N/A (analytics unavailable this run) |
| Recent denial trend | stable |
| CI health | ✅ 5/5 runs passing |
| Top active concern | toolchain break (#1467) + better-sqlite3 crash cluster |
Note:
docs/strategic-roadmap.mdanddocs/current-priorities.mddo not exist in this worktree. ROADMAP.md used as sole authoritative source. No contradiction to report.
Contradiction flag: Studio EM cycles continue tracking #1306 (v3.0-gate default-deny) as a P0 with "14 cycles / Manually assign TODAY." However, issue #1306 is CLOSED. The EM tracking is stale. No reconciliation issue needed (the issue is resolved), but EM squad state should be updated.
Throughput (last 7 days)
| Metric | Value |
|---|---|
| Issues closed | 20 |
| PRs merged | 10 |
| Average velocity | healthy |
Ready Now
| Priority | Issue | Title | Theme | Risk | Complexity |
|---|---|---|---|---|---|
priority:critical |
#1467 | sdlc-health: 30 dangling symlinks — toolchain broken | Toolchain / DX | Low (run pnpm install --force) |
Low |
priority:critical |
#1402 | [P0] Worker pool dead — 32 stale PIDs, queue depth 46 | Ops / Infrastructure | Medium | Medium |
priority:high |
#1476 | better-sqlite3 native bindings missing (global pnpm) — events/inspect fail | Dogfood / CLI | Low | Low |
priority:high |
#1463 | agentguard guard crashes on startup — better-sqlite3 missing | Dogfood / CLI | Low | Low |
priority:high |
#1471 | agentguard guard --dry-run fatal crash — better-sqlite3 missing | Dogfood / CLI | Low | Low |
priority:high |
#1477 | telemetry default URL unreachable — events silently dropped | Telemetry / Cloud | Low | Low |
priority:high |
#1305 | feat(ke-4): plane separation — Evaluator/Emitter/Shipper decoupling | KE Sprint / Kernel | Medium (kernel refactor) | High |
priority:high |
#1384 | feat: browser governance invariants — scope, state, pacing | KE Sprint / Invariants | Medium | Medium |
priority:high |
#1385 | feat: irreversible action detection — human confirmation gates | KE Sprint / Invariants | Medium | Medium |
priority:high |
#1276 | [dogfood] PreToolUse hook exits non-zero after first call — blocks GitHub writes | Dogfood / Hooks | Low | Low |
priority:medium |
#1478 | Go fast-path skips cloud telemetry — allow decisions invisible | Telemetry / Go kernel | Low | Low |
priority:medium |
#1495 | [kernel] State Witness — re-validate conditions at execution time | Kernel / Invariants | Medium | Medium |
priority:medium |
#1473 | no-governance-self-modification blocks EM squad state writes | Dogfood / Invariants | Low | Low |
priority:medium |
#1474 | no-credential-file-creation false positive on grep -v | Dogfood / Invariants | Low | Low |
priority:medium |
#1493 | Integrate Preflight protocol into governance hooks | Kernel / Preflight | Medium | Medium |
Blocked
| Issue | Title | Blocked By | Notes |
|---|---|---|---|
| KE-5 (no issue) | Semantic CLI Expansion (AST-based shell analysis) | No issue filed | Backlog Steward to create |
| KE-6 (no issue) | Control Plane Signals | No issue filed | Backlog Steward to create |
| Phase 6.5 (Pull-Based Runner) | apps/runner — Cloud-managed execution |
v3.0 release + Cloud Phase 2A | Not yet started |
| v3.0 stranger test (no issue) | Zero-context install validation | Needs human tester or issue filed | v3.0 release blocker |
| v3.0 user capture funnel (no issue) | README CTA, Cloud waitlist, CLI prompt | Needs issue filed | v3.0 release blocker |
Recommended Sequence
-
sdlc-health: 30 dangling node_modules symlinks in main tree — toolchain broken (vitest, eslint, typescript, prettier all broken) #1467 — Fix toolchain first. 30 dangling symlinks break vitest, eslint, tsc, prettier. Every other task depends on a working dev environment. Human action required:
cd agent-guard && pnpm install --force. -
bug(telemetry): better-sqlite3 native bindings missing from global pnpm install — CLI events/inspect commands fail #1476 / [dogfood] agentguard guard crashes on startup — better-sqlite3 native bindings missing #1463 / [dogfood] agentguard guard --dry-run fatal crash: better-sqlite3 native bindings missing (global install, Node v22) #1471 — Fix better-sqlite3 crash cluster. Three issues, same root cause:
better-sqlite3native bindings fail on global pnpm installs and dry-run mode. The graceful fallback (shipped v2.8.3) doesn't cover all paths. Fix together as one PR. Labeling: bug(telemetry): better-sqlite3 native bindings missing from global pnpm install — CLI events/inspect commands fail #1476 is the canonical issue. -
bug(telemetry): default fallback URL 'telemetry.agentguard.dev' is unreachable — events silently dropped without .env override #1477 — Fix telemetry default URL. The fallback
telemetry.agentguard.devis unreachable; events are silently dropped without.envoverride. This is a sprint-blocking P1 (per kernel EM). Fix: point to the correct cloud endpoint or gate behind a more robust null check. -
feat(ke-4): plane separation — decouple Evaluator, Emitter, and Shipper #1305 — KE-4 Plane Separation. This is the current active ROADMAP work item. Three-plane architecture (Evaluator/Emitter/Shipper) is the architectural upgrade required before KE-5 and KE-6. File scope:
packages/kernel/src/kernel.ts,packages/events/src/,packages/storage/src/. High complexity — should be the primary coder focus after blockers are cleared. -
[dogfood] PreToolUse hook says 'allowed by default' but exits non-zero, blocking GitHub writes after first call #1276 — Fix PreToolUse hook non-zero exit. After the first hook call, subsequent calls fail with a non-zero exit code that Claude Code interprets as a blocking error, preventing GitHub writes. This is a user-impacting regression.
-
feat: browser governance invariants — scope, state, and pacing for browser agents #1384 + feat: irreversible action detection — human confirmation gates for one-way operations #1385 — Browser governance invariants + irreversible action detection. These are paired sprint items for the browser agent governance story. feat: irreversible action detection — human confirmation gates for one-way operations #1385 (irreversible action detection) is the foundation; feat: browser governance invariants — scope, state, and pacing for browser agents #1384 (browser scope/state/pacing invariants) builds on it. Work feat: irreversible action detection — human confirmation gates for one-way operations #1385 first.
-
[dogfood] no-governance-self-modification blocks EM squad state writes to .agentguard/squads/ #1473 — Fix no-governance-self-modification blocking EM squad state writes. The invariant is correctly flagging
.agentguard/squads/writes, but EM agents need a sanctioned path. Consider path exception for squad state files (narrow, audited exception).
Issues to Close or Reclassify
| Issue | Reason | Recommendation |
|---|---|---|
| #1368 | Informational recovery report, KE-2 shipped | Close — no actionable work items |
| #1191 cluster (#1191, #1193, #1195, #1196, #1203) | report_intent blocked by default-deny — policy packs updated in v2.4.0 with explicit allow rules | Verify and close if resolved |
| #1131 cluster (#1131, #1132, #1136, #1154, #1159, #1165, #1167, #1176, #1195, #1197, #1203, #1205) | vunknown Copilot driver identity — driverType fix shipped v2.8.1 |
Verify and close if resolved |
| #1127 | Stale branch report from 2026-03-27 | Close — informational |
| #1234 | Progress report 2026-03-28 | Close — superseded by subsequent progress reports |
| #1236 | Recovery report 2026-03-28 | Close — superseded |
Dependency Graph (Phase-Level)
Phase 6 (Reference Monitor) ── COMPLETE
│
▼
KE Sprint (Now) ─────────────────────────────────────────
KE-1 ✅ → KE-2 ✅ → KE-3 ✅ → KE-4 [#1305] → KE-5 → KE-6
│
▼
v3.0 Release (stranger test + funnel + publish)
│
▼
Phase 6.5 (Pull-Based Runner) — future
│
▼
Phase 7 (Capability-Scoped Sessions) — future
Cross-issue dependency chain:
#1385 (irreversible action detection) → #1384 (browser governance)
#1476 root cause → #1463, #1471 (same better-sqlite3 fix)
Toolchain fix (#1467) → unblocks all local development
Backlog Health Metrics
| Metric | Value |
|---|---|
| Total open issues | 100 |
| Issues without priority (before this run) | 79 |
| Issues without priority (after this run) | 69 |
| Priority labels applied this run | 10 |
| Staleness comments added | 3 |
| Issues older than 30 days | ~15+ (stale reports cluster) |
| Issues without status labels | ~60+ |
| Throughput (last 7d) | 20 closed / 10 PRs merged |
| CI health (last 5 runs) | ✅ 5/5 success |
| Governance escalation | NORMAL |
Dogfood Observations
analyticscommand produced no output (empty) — governance context unavailable for risk-adjustment scoring. May indicate missing SQLite events in this worktree.- No escalation events found in
logs/runtime-events.jsonl— expected for a fresh worktree. docs/strategic-roadmap.mdanddocs/current-priorities.mdare absent — ROADMAP.md is the only source of truth, which is correct per CLAUDE.md.- [dogfood] no-governance-self-modification blocks EM squad state writes to .agentguard/squads/ #1473 (no-governance-self-modification blocking squad state writes) reproduced in this agent's own session: the EM agent worktrees can't write to
.agentguard/squads/. Sprint plan writes to.agentguard/swarm-state.jsonwere allowed (non-squads path).
Generated by Planning Agent (claude-code:opus:planner) — 2026-03-31T11:00Z
Previous sprint plan: #1223 (closed)