Applicability-aware Definition of Done checklist. Core checks apply to every task; overlay checks activate only when the applicability manifest says the surface exists. Binary verification — pass or fail. Triggers at Phase 4 completion and Phase 5 entry.
Every task carries a DoD core baseline. Overlay checks are selected from the applicability manifest and only evaluated when the task actually touches that surface. A task is not complete until every active check is verified. Each check is binary (pass/fail) with a specified verification method and a tag:
automatable: must be verified by tool outputjudgement: may call an LLM or human reviewerapplicability_manifest marks the relevant surface as active.not_applicableThis table is the authoritative mapping of change_surface flags and task class to DoD overlay check IDs. It is consumed by the deterministic dod_overlays evaluator. Any change here must be mirrored in tests/backtest/evaluators/dod_overlays.sh.
| Overlay | Check IDs | Trigger Expression |
|---|---|---|
| Security | 5, 6, 7, 8, 9 | new_attack_surface OR auth_change OR external_integration |
| Observability | 10, 11, 12, 13, 14 | runtime_path_change OR user_facing_operation |
| Integration | 18, 19, 20 | service_boundary_change OR external_integration OR api_change OR data_format_change |
| Content | 21, 22 | task_classification == "docs" or human-facing output is in scope |
Overlay checks that are not activated by this table must be reported as not_applicable with a concrete reason in the manifest's section_policy.
Acceptance criteria may arrive as strings or structured Given/When/Then objects.
Extraction rules:
.then field as the criterion text and preserve any id and measurable_post_condition in the verification record.id or measurable_post_condition.| # | Check | Tag | Scope | Verification | Blocks On |
|---|---|---|---|---|---|
| 1 | All linters pass | automatable | core | Automated: LDD gate | Any violation |
| 2 | All tests pass | automatable | core | Automated: TDD suite | Any failure |
| 3 | Code complexity within budget | automatable | core | Automated: CC < 15, SLOC < 50/fn | Exceeding ceiling |
| 4 | No code slop or stub patterns | automatable | core | Automated: anti-slop scanner | TODO, FIXME, PLACEHOLDER, todo!(), unimplemented!(), panic!(\"not implemented\"), NotImplementedError, pass, empty placeholder bodies, commented-out code, fake/mock placeholder logic in shipped code |
| # | Check | Tag | Scope | Verification | Blocks On |
|---|---|---|---|---|---|
| 15 | Reuse analysis confirmed | automatable | core | Automated: reuse-analysis output | Reimplementation detected |
| 16 | Existing conventions followed | judgement | core | Council review | Convention violation |
| 17 | Antipattern checklist cleared | automatable | core | Automated: anti-slop plus antipattern scanner outputs | Known antipattern used |
| # | Check | Tag | Scope | Verification | Blocks On |
|---|---|---|---|---|---|
| 5 | STRIDE threat model complete | judgement | overlay | Council: Security Auditor | Missing categories |
| 6 | STRIDE mitigations implemented | judgement | overlay | Council review with cited implementation evidence | Unimplemented mitigations |
| 7 | OWASP Top 10 scan clean | automatable | overlay | Automated: SAST scan | High/Critical findings |
| 8 | No hardcoded secrets | automatable | overlay | Automated: pattern scan | Any match |
| 9 | Input validation at trust boundaries | judgement | overlay | Council review | Missing validation |
| # | Check | Tag | Scope | Verification | Blocks On |
|---|---|---|---|---|---|
| 10 | Error logging at failure points | automatable | overlay | Automated: AST scan | Missing error logs |
| 11 | Audit logging for state changes | automatable | overlay | Automated: AST scan | Missing audit logs |
| 12 | Operational logging for health | automatable | overlay | Automated: AST scan | Missing general logs |
| 13 | Log format matches convention | automatable | overlay | Automated: format check | Format mismatch |
| 14 | Correlation IDs propagate | automatable | overlay | Automated: pattern check | Missing correlation |
| # | Check | Tag | Scope | Verification | Blocks On |
|---|---|---|---|---|---|
| 18 | Integration wiring complete | automatable | overlay | Automated: registration check | Missing wiring, dead routes, unwired providers, unused flags/config, placeholder entry points |
| 19 | Scalability concerns documented | judgement | overlay | Council review | Undocumented |
| 20 | Degradation strategy defined | judgement | overlay | Council review | Missing strategy |
| # | Check | Tag | Scope | Verification | Blocks On |
|---|---|---|---|---|---|
| 21 | Stop-slop gate passed | judgement | overlay | Slop judge plus scoring output | Score < 35/50 |
| 22 | Voice/brand compliance | judgement | overlay | Voice / brand review | Voice mismatch |
SWElfare: Core baseline always applies. Security, observability, integration, and content overlays activate only when the applicability manifest says the surface exists.
Ratatosk: Core baseline applies to every task. Security overlay → trade execution STRIDE. Observability overlay → trade/risk logging. Integration overlay → exchange API wiring. Content overlay → briefing slop gate.
Magnus: Core baseline applies to every task. Security overlay → brand STRIDE. Observability overlay → content performance logging. Integration overlay → platform integration. Content overlay → always active for user-facing copy.
{
"task_id": "TASK-001",
"task_classification": "build_validation",
"applicability_manifest": {
"security_overlay": { "status": "not_applicable", "reason": "No new attack surface or trust boundary changes." },
"observability_overlay": { "status": "not_applicable", "reason": "No new runtime path or user-facing operation." },
"integration_overlay": { "status": "active", "reason": "Build wiring changed and must be verified." },
"content_overlay": { "status": "not_applicable", "reason": "No human-facing output changed." }
},
"active_checks": ["1", "2", "3", "4", "15", "16", "17", "18"],
"dod_checks": {
"ldd_pass": { "status": true, "evidence": "ruff: 0 violations, mypy: 0 errors" },
"tdd_pass": { "status": true, "evidence": "42 passed, 0 failed", "coverage": 87 },
"complexity_ok": { "status": true, "evidence": "max CC: 8, max SLOC: 35" },
"no_code_slop": { "status": true, "evidence": "0 violations: no TODO/FIXME/PLACEHOLDER, no stub bodies, no NotImplementedError, no commented-out code" },
"stride_complete": { "status": true, "threats": 6, "mitigations": 4 },
"stride_implemented": { "status": true, "evidence": "4/4 mitigations present" },
"owasp_clean": { "status": true, "findings": 0 },
"no_secrets": { "status": true, "evidence": "0 matches" },
"input_validation": { "status": true, "evidence": "council approved" },
"error_logging": { "status": true, "error_points": 3 },
"audit_logging": { "status": true, "audit_points": 2 },
"general_logging": { "status": true, "general_points": 5 },
"log_format": { "status": true, "evidence": "structured JSON" },
"correlation_ids": { "status": true, "evidence": "propagated" },
"reuse_confirmed": { "status": true, "reimplementations": 0 },
"conventions_followed": { "status": true, "evidence": "council approved" },
"antipatterns_cleared": { "status": true, "violations": 0 },
"wiring_complete": { "status": true, "upstream": 2, "downstream": 1 },
"scalability_documented": { "status": true },
"degradation_defined": { "status": true },
"slop_gate": { "status": true, "score": 42 },
"voice_compliance": { "status": true }
},
"all_passed": true,
"timestamp": "2026-04-05T12:00:00Z"
}
id or measurable_post_condition fail DoD verification.