Runbook Command Validator
Step 1: Read Runbook
Read .plan/runbook.md. Missing → FAIL, stop. Empty → FAIL, stop.
Step 2: TODO/TBD/FIXME Check
Case-insensitive scan. These block validate_planning_exit_gate(). Record line number, section, text. Flag as blocking at top of report.
Step 3: Extract Commands
Parse fenced code blocks. For each: note section (Build/Test/Deploy/Rollback), extract command lines (skip comments/blanks), split multi-line (&&/||/|) into individual executables, note $VAR/${VAR} references.
Step 4: Validate
4a. Executable: command -v <base-executable> (ignore sudo/env/nohup prefix). PASS/FAIL.
4b. Config files: Check implicit configs by tool:
npm→package.json, make→Makefile, docker build→Dockerfile, docker-compose→compose.yml, cargo→Cargo.toml, go→go.mod, pip→requirements.txt, poetry→pyproject.toml. Also check explicit paths in commands.
4c. Env vars: printenv for each $VAR. PASS (set) / WARN (not set, may be CI-injected).
4d. Version (optional): <executable> --version. PASS/WARN.
Step 5: Report
Blocking: TODO/TBD/FIXME with line numbers | Section | Command | Executable | Status | Notes | Env vars: variable → set/not set Fixes: concrete remediation per FAIL/WARN Summary: "X commands, all passed" / "Z failures, Y warnings"
Safety
NEVER execute deploy/rollback/destructive commands. NEVER run rm/delete/destroy/drop/kill. NEVER pipe to sh/bash/eval. Only: which, command -v, --version, test -f, printenv.