Skip to content

fix: prompt hardening and state-management policy alignment#18

Merged
Wreos merged 1 commit intomainfrom
codex/prompt-hardening-no-audit
Feb 21, 2026
Merged

fix: prompt hardening and state-management policy alignment#18
Wreos merged 1 commit intomainfrom
codex/prompt-hardening-no-audit

Conversation

@Wreos
Copy link
Owner

@Wreos Wreos commented Feb 21, 2026

Summary

  • remove previously published audit artifacts:
    • docs/quality-iterations-2026-02-21.md
    • scripts/quality_audit_commands.sh
    • docs/command-output-contract.md
  • add prompt hardening docs:
    • docs/prompt-execution-guardrails.md
    • docs/validation-matrix.md
  • update all canonical commands with shared preconditions/guardrails + validation reference
  • strengthen fail-fast behavior in implement-figma-screen, review-flutter-code, and security-review
  • align state-management policy to project conventions (remove prohibition)
    • update active rule rules/flutter-official-ai-rules.mdc
    • update sync script scripts/sync_official_flutter_ai_rules.sh so policy is preserved after sync
  • bump manifest versions to 1.10.2

Why

This addresses prompt instability causes: conflicting state-management guidance, missing fail-fast prerequisites, fuzzy validation requirements, and weak scope limits.

@Wreos Wreos merged commit 56a0272 into main Feb 21, 2026
3 checks passed
@Wreos Wreos deleted the codex/prompt-hardening-no-audit branch February 21, 2026 21:24
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3aa661f6db

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

' "${out_dir}/flutter-ai-rules-${profile}.mdc" > "${active_rule}"

# Align active profile with plugin policy: pick state management by project context.
perl -0pi -e 's/\* \*\*State Management:\*\*\n \* \*\*Pattern:\*\* Separate UI state \(ephemeral\) from App state\.\n \* \*\*Native First:\*\* Use `ValueNotifier`, `ChangeNotifier`\.\n \* \*\*Prohibited:\*\* NO Riverpod, Bloc, GetX unless explicitly requested\.\n \* \*\*DI:\*\* Manual constructor injection or `provider` package if requested\./* **State Management:**\n * **Pattern:** Separate UI state (ephemeral) from App state.\n * **Project First:** Follow the existing project architecture and state-management choice.\n * **Selection:** Use Riverpod\/Bloc\/Cubit\/GetX\/ValueNotifier based on project conventions, complexity, and team standards.\n * **DI:** Keep dependencies explicit via constructor injection or project-standard DI./s' "${active_rule}"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Apply state-management override for all sync profiles

The new post-sync perl rewrite only matches the old 4k block, so scripts/sync_official_flutter_ai_rules.sh silently skips the override for other supported profiles; with the current checked-in 1k profile (rules/official/flutter-ai-rules-1k.mdc:18), that means the active rule can still end up with NO Riverpod/GetX, reintroducing the policy conflict this commit was meant to remove. Because 1k/10k are explicitly accepted inputs, this is a real runtime path rather than an edge case.

Useful? React with 👍 / 👎.

@@ -0,0 +1,58 @@
# Validation Matrix

Deterministic validation baseline per command.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Define validation baselines for all referenced commands

This new matrix is presented as the deterministic validation source “per command”, and multiple updated commands now require it, but there are no entries for write-widget-test, write-bloc-test, write-e2e-test, setup-mobile-github-pipeline, or sync-official-flutter-ai-rules; those command paths therefore cannot follow the stated guardrail consistently and will produce non-deterministic validation behavior.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants