[
  {
    "name": "streaming_text",
    "category": "baseline",
    "description": "Simple streamed answer with no tool use."
  },
  {
    "name": "read_file_roundtrip",
    "category": "tool-roundtrip",
    "description": "Native tool call reads a file, then the model summarizes the result."
  },
  {
    "name": "multi_tool_turn_roundtrip",
    "category": "tool-roundtrip",
    "description": "A single assistant turn executes multiple tools before finalizing."
  },
  {
    "name": "turn_summary_smoke_for_multi_tool_turn",
    "category": "summary",
    "description": "Completed multi-tool turns populate TurnSummary with assistant messages, tool results, and trace data."
  },
  {
    "name": "write_file_allowed",
    "category": "confirmation",
    "description": "A destructive write goes through the confirmation path and succeeds."
  },
  {
    "name": "write_file_denied",
    "category": "confirmation",
    "description": "A destructive write is declined and does not touch the filesystem."
  },
  {
    "name": "bash_stdout_roundtrip",
    "category": "shell",
    "description": "Bash returns stdout cleanly through the runtime."
  },
  {
    "name": "bash_confirmation_prompt_approved",
    "category": "shell",
    "description": "A destructive bash command is approved through the callback path."
  },
  {
    "name": "bash_confirmation_prompt_denied",
    "category": "shell",
    "description": "A destructive bash command is denied through the callback path."
  },
  {
    "name": "read_only_mode_denies_write",
    "category": "permissions",
    "description": "Read-only mode blocks write tool calls before execution."
  },
  {
    "name": "read_only_mode_denies_mutating_bash",
    "category": "permissions",
    "description": "Read-only mode blocks mutating shell commands while keeping the runtime alive."
  },
  {
    "name": "read_only_mode_allows_safe_bash",
    "category": "permissions",
    "description": "Read-only mode still allows safe read-only shell commands."
  },
  {
    "name": "workspace_write_denies_write_outside_root",
    "category": "permissions",
    "description": "Workspace-write mode rejects writes that escape the configured workspace root."
  },
  {
    "name": "danger_full_access_allows_dangerous_bash",
    "category": "permissions",
    "description": "Danger-full-access mode permits dangerous shell operations when approved."
  },
  {
    "name": "prompt_mode_prompts_destructive_write",
    "category": "permissions",
    "description": "Prompt mode routes destructive writes through the policy approval path before execution."
  },
  {
    "name": "allow_mode_skips_prompt_for_destructive_write",
    "category": "permissions",
    "description": "Allow mode executes destructive writes without a second legacy confirmation prompt."
  },
  {
    "name": "deny_rule_blocks_allowed_mode",
    "category": "permissions",
    "description": "A deny rule still blocks tool execution even when the active permission mode would otherwise allow it."
  },
  {
    "name": "ask_rule_prompts_even_when_mode_would_allow",
    "category": "permissions",
    "description": "An ask rule forces interactive approval even when the active permission mode would otherwise allow the tool."
  },
  {
    "name": "raw_json_tool_call_fallback",
    "category": "fallback",
    "description": "Raw JSON tool syntax is recovered when native tool calls are absent."
  },
  {
    "name": "raw_json_todowrite_tool_call_fallback",
    "category": "fallback",
    "description": "Raw JSON fallback can recover TodoWrite calls with nested todo items."
  },
  {
    "name": "raw_json_patch_tool_call_fallback",
    "category": "fallback",
    "description": "Raw JSON fallback can recover patch calls with nested structured hunks."
  },
  {
    "name": "raw_json_ask_user_question_tool_call_fallback",
    "category": "fallback",
    "description": "Raw JSON fallback can recover AskUserQuestion calls with structured option objects."
  },
  {
    "name": "raw_bracket_ask_user_question_tool_call_fallback",
    "category": "fallback",
    "description": "Bracket-format fallback canonicalizes mixed-case workflow tool names against the registry."
  },
  {
    "name": "native_and_raw_tool_paths_share_executor_trace",
    "category": "executor",
    "description": "Native and extracted tool calls emit the same executor trace events, annotated by source."
  },
  {
    "name": "backend_capability_probe_refreshes_native_tool_mode",
    "category": "capabilities",
    "description": "Turn startup can refine backend capabilities before the first request and enable native tool use."
  },
  {
    "name": "run_streaming_delegates_to_primary_runtime",
    "category": "runtime",
    "description": "The streaming helper delegates into the main runtime path instead of maintaining a second loop."
  },
  {
    "name": "definition_of_done_verify_phase",
    "category": "definition-of-done",
    "description": "Mutating tasks enter a verify phase before completion and return evidence-backed responses."
  },
  {
    "name": "verify_failure_routes_to_fix_loop",
    "category": "definition-of-done",
    "description": "Verification failures route back into execution with a structured fix loop."
  },
  {
    "name": "verify_retry_budget_exhaustion",
    "category": "definition-of-done",
    "description": "Verification escalates to the user once the fix-loop retry budget is exhausted."
  },
  {
    "name": "ambiguous_prompt_routes_to_clarify",
    "category": "workflow",
    "description": "Ambiguous prompts enter clarify mode, ask one structured question, persist a single-question brief artifact, and hand off to execute."
  },
  {
    "name": "complex_prompt_routes_to_plan",
    "category": "workflow",
    "description": "Complex prompts enter plan mode, persist single-pass implementation and verification artifacts, and use planned verification commands without legacy decomposition."
  },
  {
    "name": "verify_failure_fix_loop_does_not_reroute_workflow",
    "category": "workflow",
    "description": "A verify-fix retry returns to execute mode without re-triggering clarify or plan."
  },
  {
    "name": "conversational_task_skips_verify_phase",
    "category": "definition-of-done",
    "description": "Conversational tasks skip the verify phase entirely and avoid DoD overhead."
  },
  {
    "name": "explore_mode_skips_dod_and_router",
    "category": "explore",
    "description": "Explore mode answers lookup questions without entering workflow routing or creating DoD artifacts."
  },
  {
    "name": "explore_mode_denies_write",
    "category": "explore",
    "description": "Explore mode stays read-only even when the broader session would otherwise allow workspace writes."
  },
  {
    "name": "explore_mode_ignores_global_allow_policy",
    "category": "explore",
    "description": "Explore mode ignores global allow rules so the read-only lane cannot be elevated into write access."
  },
  {
    "name": "non_mutating_completion_no_longer_forces_continuation",
    "category": "behavior",
    "description": "Non-mutating tasks now return the model response directly instead of injecting a continuation prompt."
  },
  {
    "name": "tool_result_contract_regression",
    "category": "known-failure",
    "description": "Duplicate-suppression and pre-validation branches should not build invalid Message objects."
  }
]