appydave-tools 0.76.0 → 0.76.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39c3338d4f56e9b453669e54150db39c4449b667fa347a2634b2741fbd272235
-  data.tar.gz: 5949d3218ac0ca10376e9307ee981fd88a9505d876ba88178a7a6647447b8077
+  metadata.gz: 9e0809dc40e0f4940381134c70a57833d755df47f01f8e327a04b278e4d87c5a
+  data.tar.gz: a1aa1d00b87481b371edda22ed5f7f0fa63a895358002cbc330b4d4e8cbf1ae8
 SHA512:
-  metadata.gz: 9b52b37eb3e5ebda0eb8508f054b53cf607b208e2ba2c227418381bc77940720741c7feea5e9edc47ca8942da0c5bb4e20d79034d8b3e345ad10f0823bedd76a
-  data.tar.gz: 6aed7f6c4d2d16b7706d6449ba3759e5b24cc08d3ac602c979485babc72625d632588ebf070211e9b68a11d5af5a75151d4b6a92729c50a8335a59a1040d919d
+  metadata.gz: 8ef02094f475fc3df1b6b346158dce9596cbc4898c4a5da60e573ae48ddb8ff10663d2b19be0da582adea9b47597a14926e7e55358d33e742762d8cf7b53bf6f
+  data.tar.gz: 1c96b7e36178f5f0ec3426934a88686fb23e19d890858c1825264bb3a33e67d6054ed520cd4157ff60906f468a91cd25d2c319696b6a1ae936baaca8a013f627

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+## [0.76.1](https://github.com/appydave/appydave-tools/compare/v0.76.0...v0.76.1) (2026-03-19)
+
+
+### Bug Fixes
+
+* align SyncFromSsd#determine_range with ManifestGenerator format; add specs ([3f8cb37](https://github.com/appydave/appydave-tools/commit/3f8cb37a78bd3d9720eace21cf1abbbca285cd66))
+* remove unconditional ssl_verify_peer: false from S3 clients; keep env override ([f49efb1](https://github.com/appydave/appydave-tools/commit/f49efb1c4a97ba904f3f3fc7d4292139a5e6c3fd))
+
+# [0.76.0](https://github.com/appydave/appydave-tools/compare/v0.75.0...v0.76.0) (2026-03-19)
+
+
+### Bug Fixes
+
+* fix pre-existing rubocop offenses in bin/dam and split jump test helpers to avoid OneClassPerFile ([491b980](https://github.com/appydave/appydave-tools/commit/491b980c335b7e3d205a5368cd0a7b96e5b5a82f))
+* remove debug puts and fix unguarded FileUtils.cd in FileCollector; close BUG-1 ([13d5f87](https://github.com/appydave/appydave-tools/commit/13d5f8793d5185cb9795cab86a5270726763c30e))
+
+
+### Features
+
+* add AI-friendly help system to GPT Context ([c0b8843](https://github.com/appydave/appydave-tools/commit/c0b884323654a248d660ea137712e7c0e5fc172c))
+
 # [0.75.0](https://github.com/appydave/appydave-tools/compare/v0.74.1...v0.75.0) (2026-02-08)
 
 

data/bin/gpt_context.rb

@@ -112,7 +112,7 @@ OptionParser.new do |opts|
   end
 end.parse!
 
-if options.include_patterns.empty? && options.exclude_patterns.empty? && options.format.nil?
+if options.include_patterns.empty? && options.exclude_patterns.empty?
   script_name = File.basename($PROGRAM_NAME, File.extname($PROGRAM_NAME))
 
   puts 'No options provided to GPT Context. Please specify patterns to include or exclude.'

data/docs/planning/BACKLOG.md

@@ -1,25 +1,29 @@
 # Project Backlog — AppyDave Tools
 
-**Last updated**: 2026-03-19 (updated after three-lens audit)
-**Total**: 20 | Pending: 14 | Done: 6 | Deferred: 0 | Rejected: 0
+**Last updated**: 2026-03-19 (bugfix-and-security assessment + 4 new items from quality audit)
+**Total**: 27 | Pending: 17 | Done: 10 | Deferred: 0 | Rejected: 0
 
 ---
 
 ## Pending
 
 ### High Priority
+- [ ] B024 — Tests: add configure_ssl_options unit tests to s3_operations_spec + share_operations_spec (protects B017 security fix) | Priority: high
 - [ ] B015 — BUG-2: FileCollector uses FileUtils.cd without ensure (process dir not restored on exception) | Priority: high
-- [ ] B016 — BUG-3: ManifestGenerator + SyncFromSsd produce incompatible SSD range strings (data integrity) | Priority: high
-- [ ] B002 — FR-2: GPT Context AI-friendly help system | Priority: high
 - [x] B006 — BUG-1: Jump CLI get/remove key lookup | Completed: verified fixed 2026-03-19, regression spec added
-- [ ] B017 — Security: ssl_verify_peer disabled unconditionally in S3Operations + ShareOperations | Priority: high
 
 ### Medium Priority
+- [ ] B022 — Tests: expand cli_spec.rb with functional tests (-i, -e, -f, -o flags, exit codes) | Priority: medium
+- [ ] B026 — Tests: add determine_range edge cases (b00, b9, a40) to sync_from_ssd_spec + manifest_generator_spec | Priority: medium
+- [ ] B027 — Tests: strengthen gpt_context no-args spec to verify file collection actually stops | Priority: medium
+- [ ] B023 — Tests: add file_collector_spec coverage for JSON format, aider format, error paths | Priority: medium
 - [ ] B018 — Tests: add specs for Jump Commands::Remove, Commands::Add, Commands::Update | Priority: medium
 - [ ] B019 — Fix: remove debug puts @working_directory from gpt_context/file_collector.rb | Priority: medium
 - [ ] B001 — FR-1: GPT Context token counting | Priority: medium
 - [ ] B012 — Arch: add integration tests for brand resolution end-to-end | Priority: medium
 
+- [ ] B025 — Fix: stale comment in sync_from_ssd.rb line 173 (says 60-69, should say b50-b99) | Priority: low
+
 ### Low Priority
 - [ ] B007 — Performance: parallel git/S3 status checks for dam list | Priority: low
 - [ ] B008 — Performance: cache git/S3 status with 5-min TTL | Priority: low
@@ -37,6 +41,10 @@
 - [x] B005 — NFR-2: Jump Claude Code Skill | Completed: 2025-12-14
 - [x] B013 — Arch: Extract GitHelper module (90 lines duplication) | Completed: dam-enhancement-sprint (Jan 2025)
 - [x] B014 — Arch: Create BrandResolver to centralize brand transformation | Completed: dam-enhancement-sprint (Jan 2025)
+- [x] B002 — FR-2: GPT Context AI-friendly help system | Completed: fr2-gpt-context-help (2026-03-19)
+- [x] B016 — BUG-3: ManifestGenerator + SyncFromSsd incompatible SSD range strings | Completed: bugfix-and-security (2026-03-19)
+- [x] B017 — Security: ssl_verify_peer disabled unconditionally in S3Operations + ShareOperations + S3Scanner | Completed: bugfix-and-security (2026-03-19)
+- [x] B021 — Fix: gpt_context no-args guard had dead format.nil? condition | Completed: bugfix-and-security (2026-03-19)
 
 ---
 

data/docs/planning/bugfix-and-security/AGENTS.md

@@ -0,0 +1,329 @@
+# AGENTS.md — bugfix-and-security
+
+> Inherited from docs/planning/AGENTS.md + fr2-gpt-context-help campaign learnings.
+> Self-contained — you receive only this file + your work unit prompt.
+> Last updated: 2026-03-19
+
+---
+
+## Project Overview
+
+**What:** Ruby gem providing CLI productivity tools for AppyDave's YouTube content creation workflow.
+**Stack:** Ruby 3.4.2, Bundler 2.6.2, RSpec, RuboCop, semantic-release CI/CD.
+**This campaign:** 3 independent bug fixes — security (B017), data integrity (B016), dead code (B021).
+**Commits:** Always use `kfeat`/`kfix` — never `git commit`.
+
+---
+
+## Build & Run Commands
+
+```bash
+eval "$(rbenv init -)"
+
+# Run all tests
+RUBYOPT="-W0" bundle exec rspec
+
+# Run specific spec files
+bundle exec rspec spec/appydave/tools/dam/s3_operations_spec.rb
+bundle exec rspec spec/appydave/tools/dam/sync_from_ssd_spec.rb
+bundle exec rspec spec/appydave/tools/dam/manifest_generator_spec.rb
+bundle exec rspec spec/appydave/tools/gpt_context/cli_spec.rb
+
+# Lint
+bundle exec rubocop --format clang
+
+# Commit (never use git commit directly)
+kfix "description of what you fixed"
+```
+
+**Baseline (2026-03-19):** 754 examples, 0 failures, 84.92% line coverage
+
+---
+
+## Directory Structure
+
+```
+lib/appydave/tools/dam/
+  s3_operations.rb          B017 — configure_ssl_options method (~line 102)
+  share_operations.rb       B017 — configure_ssl_options method (~line 89)
+  s3_scanner.rb             B017 — inline ssl_verify_peer in Aws::S3::Client.new (~line 111)
+  sync_from_ssd.rb          B016 — determine_range method (~line 185)
+  manifest_generator.rb     B016 — determine_range method (~line 332) — canonical format
+spec/appydave/tools/dam/
+  s3_operations_spec.rb     Existing spec — do not break
+  share_operations_spec.rb  Existing spec — do not break
+  sync_from_ssd_spec.rb     B016 — update determine_range examples (~line 277)
+  manifest_generator_spec.rb B016 — add determine_range examples (currently none)
+bin/gpt_context.rb          B021 — guard at line 115
+spec/appydave/tools/gpt_context/
+  cli_spec.rb               B021 — add/update no-args spec
+```
+
+---
+
+## Work Unit Details
+
+### fix-b017-ssl
+
+**Problem:** `ssl_verify_peer: false` is set unconditionally in 3 files, disabling MITM protection on all S3 operations including AWS credential transmission. The comment "safe for AWS S3" is incorrect — HTTPS encryption alone does not protect against a MITM attack without peer verification.
+
+**Files to change:**
+
+**1. `lib/appydave/tools/dam/s3_operations.rb` (~line 102):**
+```ruby
+# BEFORE:
+def configure_ssl_options
+  if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
+    puts '⚠️  WARNING: SSL verification is disabled (development mode)'
+    return { ssl_verify_peer: false }
+  end
+
+  # Disable SSL peer verification to work around OpenSSL 3.4.x CRL checking issues
+  # This is safe for AWS S3 connections as we're still using HTTPS (encrypted connection)
+  {
+    ssl_verify_peer: false
+  }
+end
+
+# AFTER:
+def configure_ssl_options
+  return { ssl_verify_peer: false } if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
+
+  {}
+end
+```
+
+**2. `lib/appydave/tools/dam/share_operations.rb` (~line 89):**
+Same pattern as s3_operations.rb — same fix.
+
+**3. `lib/appydave/tools/dam/s3_scanner.rb` (~line 111):**
+```ruby
+# BEFORE (inline in Aws::S3::Client.new):
+Aws::S3::Client.new(
+  credentials: credentials,
+  region: brand_info.aws.region,
+  http_wire_trace: false,
+  ssl_verify_peer: false
+)
+
+# AFTER:
+Aws::S3::Client.new(
+  credentials: credentials,
+  region: brand_info.aws.region,
+  http_wire_trace: false
+)
+```
+
+**Commit:** `kfix "remove unconditional ssl_verify_peer: false from S3 clients; keep env override"`
+
+**Note on WARNING puts:** The original had `puts '⚠️  WARNING...'` in the env-guard branch. You may keep or remove it — if you keep it, ensure rubocop doesn't flag it (it shouldn't). If RuboCop complains about the `puts`, use `warn` instead.
+
+---
+
+### fix-b016-range
+
+**Problem:** Two methods both named `determine_range` produce incompatible folder path strings:
+- `ManifestGenerator#determine_range('b65')` → `"b50-b99"` (letter + 50-number range)
+- `SyncFromSsd#determine_range('b65')` → `"60-69"` (no letter, 10-number range)
+
+Both are used to construct `archived/[range]/[project_id]` paths. A project archived via SyncFromSsd lands in `archived/60-69/b65-project/`. ManifestGenerator then looks for it at `archived/b50-b99/b65-project/` — misses it (though glob fallback saves it in practice).
+
+**ManifestGenerator format is canonical** — it handles any letter prefix (a*, b*, c*, ...) and uses 50-number ranges which are less granular and more stable.
+
+**Fix: Update `SyncFromSsd#determine_range` to match ManifestGenerator's algorithm:**
+
+```ruby
+# lib/appydave/tools/dam/sync_from_ssd.rb
+
+# BEFORE (~line 185):
+def determine_range(project_id)
+  # FliVideo pattern: b40, b41, ... b99
+  if project_id =~ /^b(\d+)/
+    tens = (Regexp.last_match(1).to_i / 10) * 10
+    "#{tens}-#{tens + 9}"
+  else
+    '000-099'
+  end
+end
+
+# AFTER (match ManifestGenerator exactly):
+def determine_range(project_id)
+  if project_id =~ /^([a-z])(\d+)/
+    letter = Regexp.last_match(1)
+    number = Regexp.last_match(2).to_i
+    range_start = (number / 50) * 50
+    range_end = range_start + 49
+    format("#{letter}%02d-#{letter}%02d", range_start, range_end)
+  else
+    '000-099'
+  end
+end
+```
+
+**Update `spec/appydave/tools/dam/sync_from_ssd_spec.rb` — the existing determine_range examples (~line 277) must be updated to the new format:**
+
+```ruby
+describe '#determine_range' do
+  it 'determines range for FliVideo pattern b40' do
+    range = sync_from_ssd.send(:determine_range, 'b40-test-project')
+    expect(range).to eq('b00-b49')
+  end
+
+  it 'determines range for FliVideo pattern b65' do
+    range = sync_from_ssd.send(:determine_range, 'b65-guy-monroe')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'determines range for FliVideo pattern b99' do
+    range = sync_from_ssd.send(:determine_range, 'b99-final-project')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'returns default range for non-FliVideo pattern' do
+    range = sync_from_ssd.send(:determine_range, 'boy-baker')
+    expect(range).to eq('000-099')
+  end
+end
+```
+
+**Add to `spec/appydave/tools/dam/manifest_generator_spec.rb` — currently zero specs for determine_range:**
+
+Look at the existing manifest_generator_spec.rb for the describe block structure and shared context, then add:
+```ruby
+describe '#determine_range' do
+  it 'determines range for b40' do
+    range = manifest_generator.send(:determine_range, 'b40-test-project')
+    expect(range).to eq('b00-b49')
+  end
+
+  it 'determines range for b65' do
+    range = manifest_generator.send(:determine_range, 'b65-guy-monroe')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'determines range for b99' do
+    range = manifest_generator.send(:determine_range, 'b99-final-project')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'returns default range for non-FliVideo pattern' do
+    range = manifest_generator.send(:determine_range, 'boy-baker')
+    expect(range).to eq('000-099')
+  end
+end
+```
+
+Read `manifest_generator_spec.rb` first to understand how the `manifest_generator` subject is set up before adding these examples.
+
+**Commit:** `kfix "align SyncFromSsd#determine_range with ManifestGenerator format; add specs"`
+
+---
+
+### fix-b021-guard
+
+**Problem:** `bin/gpt_context.rb` line 115:
+```ruby
+if options.include_patterns.empty? && options.exclude_patterns.empty? && options.format.nil?
+```
+`options.format` defaults to `'content'` in the Options class — it is never nil. The third AND condition is always false, making the whole guard dead when only format is set. In practice the guard fires on empty include+exclude (which is the normal "no args" path), but the dead condition is confusing and could mask future bugs.
+
+**Fix:** Remove `&& options.format.nil?` from line 115:
+```ruby
+# BEFORE:
+if options.include_patterns.empty? && options.exclude_patterns.empty? && options.format.nil?
+
+# AFTER:
+if options.include_patterns.empty? && options.exclude_patterns.empty?
+```
+
+**Add/update spec in `spec/appydave/tools/gpt_context/cli_spec.rb`:**
+
+Add a context for no-args behavior:
+```ruby
+describe 'no arguments' do
+  it 'exits with an error message when no patterns provided' do
+    output = `ruby #{script} 2>&1`
+    expect(output).to include('No options provided')
+    expect($?.exitstatus).to_not eq(0)
+  end
+end
+```
+
+Note: The script currently calls `exit` (no code) on this path — check the actual exit status. If it exits 0, adjust the expectation or leave exit code assertion out and just check the message.
+
+**Commit:** `kfix "remove dead format.nil? guard in gpt_context no-args check"`
+
+---
+
+## Success Criteria
+
+Every work unit must satisfy ALL before marking `[x]`:
+
+- [ ] `RUBYOPT="-W0" bundle exec rspec` — 754+ examples, 0 failures
+- [ ] `bundle exec rubocop --format clang` — 0 offenses
+- [ ] Line coverage stays ≥ 84.92%
+- [ ] All new `.rb` file additions start with `# frozen_string_literal: true`
+- [ ] Commit uses `kfix` (not `git commit`)
+
+---
+
+## Anti-Patterns to Avoid
+
+- ❌ Do NOT remove the `ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION']` dev escape hatch — only remove the unconditional fallback below it
+- ❌ Do NOT mock S3 clients when testing ssl options — check what the existing specs do and follow the pattern
+- ❌ Do NOT change ManifestGenerator#determine_range — it is the canonical implementation, SyncFromSsd is the one to fix
+- ❌ Do NOT use `puts` in lib/ code without checking if it violates rubocop (use `warn` for warnings)
+- ❌ Do NOT inline brand transformations — always use BrandResolver
+- ❌ Do NOT use `require 'spec_helper'` in new spec files — auto-required via .rspec
+
+---
+
+## Mock Patterns
+
+### S3 Tests — Check Existing Specs First
+
+Before writing any new S3-related test, read the existing spec file for the class you're touching. The existing patterns use WebMock or stub the S3 client at a higher level. Do NOT add new S3 network stubs — just verify the existing test suite still passes after your change.
+
+### DAM Filesystem Tests — Shared Context
+
+```ruby
+include_context 'with vat filesystem and brands', brands: %w[appydave]
+```
+
+---
+
+## Quality Gates
+
+- **Tests:** 754+ examples, 0 failures
+- **Lint:** 0 rubocop offenses
+- **Coverage:** ≥ 84.92%
+- **Commit:** `kfix` only
+
+---
+
+## Learnings (inherited)
+
+### From Three-Lens Audit (2026-03-19)
+- `format.nil?` in gpt_context is always false — do not re-introduce
+- `ssl_verify_peer: false` is not safe for AWS — HTTPS alone doesn't prevent MITM without peer verification
+- ManifestGenerator `determine_range` is the canonical format; SyncFromSsd must match it
+
+### From bugfix-and-security (2026-03-19)
+- **`options.format` defaults to `'tree,content'`** in GptContext::Options — not `'content'`. It is never nil. Do not use `options.format.nil?` as a guard.
+- **Use `$CHILD_STATUS` not `$?` in specs** — RuboCop flags `$?` as a special global variable. Use `$CHILD_STATUS` (from the English module, auto-available in RSpec) for exit status assertions.
+- **`exit` with no code exits 0** — Ruby's bare `exit` call produces exit status 0. Write specs accordingly.
+
+### From fr2-gpt-context-help (2026-03-19)
+- `opts.on_tail` vs `opts.on` matters for option ordering in OptionParser
+- Subprocess specs (`ruby #{script} --flag`) are correct for CLI integration tests
+- Pre-conditions from prior commits — always verify live before planning
+
+### From DAM Enhancement Sprint (Jan 2025)
+- BrandResolver is the critical path — all dam commands flow through it
+- `Regexp.last_match` is reset by `.sub()` calls — capture groups BEFORE any string transformation
+- `Config.configure` is memoized — do not add new calls
+- Table format() pattern: always use same format string for headers and data rows
+
+### From Jump Location Tool (Dec 2025)
+- Dependency injection for path validators required for CI compatibility
+- Jump Commands layer has zero dedicated specs (B018 — scheduled separately)

data/docs/planning/bugfix-and-security/IMPLEMENTATION_PLAN.md

@@ -0,0 +1,26 @@
+# IMPLEMENTATION_PLAN.md — bugfix-and-security
+
+**Goal**: Fix 3 blockers: ssl_verify_peer security hole (B017), range string mismatch (B016), dead format guard (B021)
+**Started**: 2026-03-19
+**Target**: All 3 fixes committed; tests pass; rubocop clean; no regressions
+
+## Summary
+- Total: 3 | Complete: 3 | In Progress: 0 | Pending: 0 | Failed: 0
+
+## Pending
+
+## In Progress
+
+## Complete
+- [x] fix-b017-ssl — ssl_verify_peer: false removed from s3_operations.rb, share_operations.rb, s3_scanner.rb. s3_operations_spec stub updated. 755 examples, 0 failures. v0.76.0 published.
+- [x] fix-b021-guard — Removed dead format.nil? condition (format defaults to 'tree,content', never nil). Added no-args spec asserting exit 0 + error message. Used $CHILD_STATUS not $? (rubocop). 755 examples, 0 failures.
+- [x] fix-b016-range — SyncFromSsd#determine_range aligned to ManifestGenerator format (any letter, 50-number ranges). Updated 4 unit specs + 4 integration path assertions in sync_from_ssd_spec. Added 4 new specs to manifest_generator_spec. 759 examples, 0 failures. v0.76.1 published.
+
+## Failed / Needs Retry
+
+## Notes & Decisions
+- All 3 fixes are independent — run as parallel agents in one wave
+- B017: s3_scanner.rb has ssl_verify_peer inline with NO env guard — remove entirely. s3_operations.rb and share_operations.rb have env guard + unconditional fallback — keep env guard, remove unconditional fallback. Return {} (empty hash) instead.
+- B016: ManifestGenerator format is canonical (letter+50-range, e.g. b50-b99). SyncFromSsd format is wrong (10-range, no letter, e.g. 60-69). Fix SyncFromSsd to match. ManifestGenerator#determine_range has zero specs — add them.
+- B021: options.format defaults to 'content' in Options class — format.nil? is always false. Remove the third AND condition. Update cli_spec or add spec to verify no-args exits with message.
+- Discovered: s3_scanner.rb also affected by B017 (not in original brief)

data/docs/planning/bugfix-and-security/assessment.md

@@ -0,0 +1,94 @@
+# Assessment: bugfix-and-security
+
+**Campaign**: bugfix-and-security
+**Date**: 2026-03-19 → 2026-03-19
+**Results**: 3 complete, 0 failed
+**Version shipped**: v0.76.1
+**Quality audit**: code-quality-audit + test-quality-audit run post-campaign
+
+---
+
+## Results Summary
+
+| Work Unit | Status | Notes |
+|-----------|--------|-------|
+| fix-b017-ssl | ✅ Complete | ssl_verify_peer: false removed from s3_operations.rb, share_operations.rb, s3_scanner.rb. ENV escape hatch preserved. s3_operations_spec stub updated. |
+| fix-b016-range | ✅ Complete | SyncFromSsd#determine_range now matches ManifestGenerator (letter prefix, 50-number ranges). 4 unit specs + 4 integration path assertions updated. 4 new specs added to manifest_generator_spec. |
+| fix-b021-guard | ✅ Complete | Dead `&& options.format.nil?` condition removed. format defaults to 'tree,content', never nil. No-args spec added. Used $CHILD_STATUS not $? (rubocop requirement). |
+
+**Test baseline:** 754 → 759 examples (+5). Coverage: 84.92% → 85.0%.
+
+---
+
+## What Worked Well
+
+- **Parallel wave was clean.** 3 independent fixes in 3 different files — no conflicts, all completed without intervention.
+- **B016 agent caught integration test debt.** sync_from_ssd_spec had 4 integration path assertions using the old `60-69` format. Agent found and fixed all of them without being told. A lesser agent would have only updated the unit tests and left the integration tests broken.
+- **B021 agent discovered accurate default.** `options.format` defaults to `'tree,content'` (not `'content'` as AGENTS.md said). Corrected understanding.
+- **$CHILD_STATUS vs $?.** Rubocop flags `$?` — must use `$CHILD_STATUS`. Captured in AGENTS.md learnings during campaign.
+- **s3_scanner.rb surprise.** Brief only mentioned 2 files for B017, but grep found a third (s3_scanner.rb with inline ssl_verify_peer, no env guard). Agent fixed it correctly.
+
+---
+
+## What Didn't Work
+
+**Critical: B017 SSL fix has no regression test (Grade C+ from test audit).**
+The most important security fix in the campaign — removing unconditional `ssl_verify_peer: false` — is unprotected. `configure_ssl_options` is not tested in isolation. If someone accidentally adds `ssl_verify_peer: false` unconditionally back, all tests would still pass. This is the #1 priority for the next campaign.
+
+**B016 determine_range has edge case gaps.**
+Tests cover b40, b65, b99, boy-baker. Missing: b00 (boundary), b9 (single digit), a40 (non-b letter prefix). The regex `/^([a-z])(\d+)/` handles all of these correctly, but if the regex ever changes, these gaps won't catch it.
+
+**cli_spec no-args test is shallow (Grade D+).**
+Verifies the message is printed and exit is 0. Does not verify that file collection actually stops — if the guard is removed and replaced with something that prints the message but continues, the spec would still pass.
+
+**Stale comment in sync_from_ssd.rb.**
+Line 173 still says `b65 → 60-69 range` (old format). Code is correct; comment is wrong. 1-line fix.
+
+---
+
+## Key Learnings — Application
+
+- **`options.format` defaults to `'tree,content'`** — not `'content'`. Any guard checking `format.nil?` is dead. Updated AGENTS.md.
+- **`$CHILD_STATUS` not `$?`** — Rubocop Special/GlobalVars cop flags `$?`. Use `$CHILD_STATUS` (English module, auto-available in RSpec). Updated AGENTS.md.
+- **`exit` with no code exits 0** in Ruby — specs asserting exit status for "no-args" path should expect 0.
+- **Grep the full codebase before writing the brief** — B017 brief named 2 files; actual codebase had 3. Always grep for the pattern before writing work unit scope.
+- **Integration path assertions in specs** — when changing a path-construction algorithm, search specs for the old path strings, not just the method name. Agent found 4 integration assertions that grep on method name alone would miss.
+
+---
+
+## Key Learnings — Ralph Loop
+
+- **Parallel waves are fast when fixes are independent.** All 3 agents ran simultaneously, completed in one wave, zero coordination needed. Right call.
+- **Quality audit surfaced a critical gap the code audit didn't.** Code looks correct (A grade). But test audit showed the SSL fix has no regression protection — an entirely separate risk dimension.
+- **Brief scope can undercount files.** Next time, grep before writing the brief, not just inspect known files.
+
+---
+
+## New Backlog Items from Quality Audit
+
+- **B024** — Tests: add `configure_ssl_options` unit tests to s3_operations_spec and share_operations_spec — verify empty hash on default path, ssl_verify_peer: false on ENV override path | Priority: **high** (protects B017 fix)
+- **B025** — Fix: stale comment in sync_from_ssd.rb line 173 (says 60-69, should say b50-b99) | Priority: **low**
+- **B026** — Tests: add determine_range edge cases (b00, b9, a40) to sync_from_ssd_spec and manifest_generator_spec | Priority: **medium**
+- **B027** — Tests: strengthen gpt_context no-args spec to verify file collection actually stops (not just message printed) | Priority: **medium**
+
+---
+
+## Suggestions for Next Campaign
+
+**Recommended next campaign: `test-coverage-gaps`**
+
+Priority order:
+1. **B024** — configure_ssl_options unit tests (high — protects the security fix)
+2. **B022** — expand cli_spec with functional tests (-i, -e, -f, -o flags, exit codes)
+3. **B026** — determine_range edge cases
+4. **B027** — gpt_context no-args guard behavioral test
+5. **B018** — Jump Commands layer specs (Remove/Add/Update)
+6. **B025** — stale comment fix (bundle with B026, same file)
+7. **B023** — file_collector_spec: JSON, aider, error paths
+
+These are all test-only changes (except B025 which is a 1-line comment fix) — agents can run in parallel safely.
+
+**AGENTS.md updates for next campaign:**
+- Add: "configure_ssl_options test pattern: use ClimateControl gem or stub ENV to test conditional SSL logic"
+- Add: "determine_range edge cases: b00, single-digit b9, non-b letter a40 — always test boundaries"
+- Add: "gpt_context no-args test: verify file collection does NOT proceed, not just message output"

data/docs/planning/fr2-gpt-context-help/IMPLEMENTATION_PLAN.md

@@ -5,14 +5,14 @@
 **Target**: `--help` shows structured sections; `--version` works; specs pass; rubocop clean
 
 ## Summary
-- Total: 1 | Complete: 0 | In Progress: 0 | Pending: 1 | Failed: 0
+- Total: 1 | Complete: 1 | In Progress: 0 | Pending: 0 | Failed: 0
 
 ## Pending
 
 ## In Progress
-- [~] fr2-gpt-context-help — Implement AI-friendly help system in bin/gpt_context.rb per docs/specs/fr-002-gpt-context-help-system.md
 
 ## Complete
+- [x] fr2-gpt-context-help — Implement AI-friendly help system in bin/gpt_context.rb. 754 examples, 0 failures. v0.76.0 published. Also fixed pre-existing rubocop offenses in bin/dam and split jump_test_helpers (JumpTestLocations → own file).
 
 ## Failed / Needs Retry
 

data/docs/planning/fr2-gpt-context-help/assessment.md

@@ -0,0 +1,70 @@
+# Assessment: fr2-gpt-context-help
+
+**Campaign**: fr2-gpt-context-help
+**Date**: 2026-03-19 → 2026-03-19
+**Results**: 1 complete, 0 failed
+**Version shipped**: v0.76.0
+**Quality audit**: code-quality-audit + test-quality-audit run post-campaign
+
+---
+
+## Results Summary
+
+| Work Unit | Status | Notes |
+|-----------|--------|-------|
+| B002 — FR-2 GPT Context help system | ✅ Complete | 754 examples, 0 failures. Also fixed pre-existing rubocop offenses in bin/dam and split JumpTestLocations into own file. |
+
+---
+
+## What Worked Well
+
+- **Single-file scope held.** `bin/gpt_context.rb` only — no lib/ changes. Agent stayed in bounds.
+- **Side-fixes landed cleanly.** Rubocop offenses in bin/dam (select/reject → partition) and JumpTestLocations split were caught and fixed without scope creep.
+- **Test count and coverage improved.** 748 → 754 examples, 84.88% → 84.92% coverage.
+- **Spec approach was correct.** subprocess integration testing (running the actual script) is the right pattern for CLI help/version tests.
+- **Pre-conditions were pre-cleared.** B015 and B019 fixed in prior commit 13d5f87 meant agent could focus on FR-2 immediately.
+
+---
+
+## What Didn't Work
+
+- **cli_spec.rb is too thin (Grade: C from test audit).** 4 tests only verify help text strings are present. No functional tests: `-i`, `-e`, `-f`, `-o` flags completely untested at CLI level. Creates false sense of security.
+- **format.nil? guard is dead code.** `bin/gpt_context.rb` line 115 checks `options.format.nil?` as part of its "no options provided" guard. But `format` defaults to `'content'` in the Options class — it is never nil. The third AND condition is always false, meaning the guard can only trigger if both include_patterns AND exclude_patterns are empty AND format has somehow been set to nil (impossible via normal usage).
+- **file_collector_spec missing formats.** JSON and aider format output paths in FileCollector have zero specs. Error cases also unprotected.
+
+---
+
+## Key Learnings — Application
+
+- **OptionParser `opts.on_tail` vs `opts.on` matters for ordering.** `--version` must be `opts.on` (not `on_tail`) to appear before `--help` in output. Anti-pattern documented in AGENTS.md.
+- **format.nil? is a dead guard.** When Options class sets a default for `format`, the nil check in bin/gpt_context.rb line 115 is always false. Any "no args provided" guard must check `include_patterns.empty?` and `exclude_patterns.empty?` only.
+- **Subprocess specs work but need functional assertions.** Using `\`ruby #{script} --flag\`` is correct for CLI integration testing, but tests must verify actual output content and exit codes — not just documentation strings.
+
+---
+
+## Key Learnings — Ralph Loop
+
+- **One work unit campaigns are fast.** 1 agent, 1 wave, done. No coordination overhead.
+- **Pre-conditions from prior commits reduce campaign scope.** B015/B019 were in next-round-brief as work units but had already been fixed. Always verify pre-conditions live before writing the plan.
+- **Quality audit caught 3 new backlog items.** B021 (format.nil? dead guard), B022 (cli_spec functional tests), B023 (file_collector JSON/aider/error specs). These were invisible without the audit.
+
+---
+
+## Suggestions for Next Campaign
+
+**Recommended next campaign: `bugfix-and-security` — B016, B017, B021**
+
+Priority order:
+1. **B017** — ssl_verify_peer: false (security BLOCKER — remove before adding any S3 features)
+2. **B016** — ManifestGenerator vs SyncFromSsd range string mismatch (data integrity BLOCKER)
+3. **B021** — fix format.nil? dead guard in gpt_context (5-minute fix, prevents silent failure)
+
+Then schedule soon after:
+- **B022** — expand cli_spec.rb with functional tests (-i, -e, -f, -o, exit codes)
+- **B023** — file_collector_spec: add JSON, aider, error path coverage
+- **B018** — Jump Commands layer specs (Remove/Add/Update)
+
+**AGENTS.md updates needed for next campaign:**
+- Add: "format.nil? in gpt_context is always false — do not use as a no-args guard"
+- Add: "S3Operations ssl_verify_peer must be removed — see B017"
+- Add: "ManifestGenerator and SyncFromSsd produce incompatible range strings — see B016 before touching SSD archive paths"

data/docs/planning/next-round-brief.md

@@ -1,55 +1,42 @@
 # Next Round Brief
 
 **Created:** 2026-03-19
-**Updated:** 2026-03-19 (after three-lens audit)
+**Updated:** 2026-03-19 (after bugfix-and-security assessment)
 
 ---
 
-## Recommended Next Campaign: gpt_context Fixes + FR-2 + Jump Verification
+## Recommended Next Campaign: test-coverage-gaps
 
 ### Goal
 
-Fix the two small blockers in `gpt_context/file_collector.rb` (B015, B019), then implement FR-2 (GPT Context AI help system). In parallel, verify whether BUG-1 (Jump get/remove) is still live before planning a Jump campaign.
+Protect the B017 SSL security fix with a regression test, expand functional test coverage across gpt_context CLI and DAM range logic, and add the missing Jump Commands layer specs.
 
 ### Background
 
-**Three-lens audit findings changed the priority order:**
+Quality audit after bugfix-and-security found:
 
-1. FR-2 has two small pre-conditions in `file_collector.rb` that must be fixed first:
-   - `puts @working_directory` at line 15 (B019 — 1 line delete)
-   - `FileUtils.cd` without `ensure` (B015 — wrap in block form)
-   Both are ~5 minutes of work. Do them as the first commit of the FR-2 campaign.
+1. **B024** — `configure_ssl_options` has zero unit tests. The B017 SSL fix (removing unconditional `ssl_verify_peer: false`) has no regression protection. If reverted, all tests still pass. Must fix.
+2. **B022** — `cli_spec.rb` only tests `--help`, `--version`, no-args. No functional tests for `-i`, `-e`, `-f`, `-o`. Core behaviour untested at CLI level.
+3. **B026** — `determine_range` tests narrow (b40, b65, b99 only). Missing: b00, b9, a40. Both sync_from_ssd_spec and manifest_generator_spec need these.
+4. **B027** — gpt_context no-args spec only checks output string. Does not verify file collection stops.
+5. **B018** — Jump Commands (Remove/Add/Update) — zero dedicated specs.
+6. **B025** — Stale comment sync_from_ssd.rb line 173 (says 60-69, should say b50-b99).
 
-2. BUG-1 (Jump get/remove) is mislabeled in the original backlog. Static analysis shows `Jump::Config#find` and `Commands::Remove` have correct dual-key guards. The bug may already be fixed or may be environmental. **Verify live before planning any Jump campaign.**
+### Suggested Work Units (parallel — all test-only except B025)
 
-3. New high-priority bugs found by the audit (B016, B017) should be assessed for inclusion in the next campaign or scheduled shortly after.
+1. **fix-b024-ssl-tests** — Add `configure_ssl_options` unit tests to s3_operations_spec and share_operations_spec. Verify empty hash on default path; `{ssl_verify_peer: false}` when ENV override set. Stub ENV directly (`allow(ENV).to receive(:[]).with('AWS_SDK_RUBY_SKIP_SSL_VERIFICATION').and_return('true')`).
+2. **fix-b022-cli-tests** — Add functional subprocess tests to cli_spec.rb for -i, -e, -f, -o flags. Write to Tempfile, verify content. Use `Dir.mktmpdir` and clean up after.
+3. **fix-b026-b025-range-tests** — Add edge cases (b00, b9, a40) to sync_from_ssd_spec and manifest_generator_spec. Fix stale comment sync_from_ssd.rb line 173 while in the file.
+4. **fix-b027-noargs-test** — Strengthen no-args spec: `expect(Appydave::Tools::GptContext::FileCollector).not_to receive(:new)` when no patterns given.
+5. **fix-b018-jump-specs** — Add spec files for Jump Commands::Remove, Commands::Add, Commands::Update. Read existing Jump CLI spec first for setup pattern. Use JumpTestLocations + `with jump filesystem` context.
 
-### Suggested Work Units (FR-2 Campaign)
-
-1. **Fix B019** — Delete `puts @working_directory` from `file_collector.rb:15` (1-line fix)
-2. **Fix B015** — Wrap `FileUtils.cd` in block form in `file_collector.rb` (3-line fix)
-3. **Implement FR-2** — Read `docs/specs/fr-002-gpt-context-help-system.md`. Option A from the spec (enhanced OptionParser with banner, separators, `--version`) is the correct approach. No changes to lib/ needed — this is a `bin/gpt_context.rb` enhancement.
-4. **Verify BUG-1** — Run `bin/jump.rb get <key>` live. If broken: find actual failure site. If fixed: write regression spec for `Jump::Config#find` round-trip and close.
-
-### Pre-Campaign Blockers: None
-
-Neither fix requires architectural changes. FR-2 is contained to `bin/gpt_context.rb`. The Jump verification is read-only unless the bug is confirmed.
-
-### What Agents Need to Know
-
-- Read `docs/planning/AGENTS.md` — test/lint patterns, commit format, quality gates
-- FR-2 spec: `docs/specs/fr-002-gpt-context-help-system.md`
-- gpt_context source: `lib/appydave/tools/gpt_context/` + `bin/gpt_context.rb`
-- Jump source: `lib/appydave/tools/jump/` (Config, Search, Commands/*)
-- Jump tests: `spec/appydave/tools/jump/` + `spec/support/jump_test_helpers.rb`
-- BUG-1 call chain: `CLI#run_get` → `Search#get` → `Config#find` → `locations.find { |loc| loc.key == key }`
-
-### Also Schedule Soon (from audit)
+### Mode Recommendation
 
-- B016 — ManifestGenerator vs SyncFromSsd range string mismatch (data integrity — schedule next)
-- B017 — ssl_verify_peer: false in S3Operations (security — schedule next)
-- B018 — Jump Commands layer specs (no specs for Remove/Add/Update)
+**Extend** — same stack, same patterns, test-only work. Inherit AGENTS.md.
 
-### Mode Recommendation
+### Pre-Campaign Notes
 
-**Extend** — stack, patterns, and quality gates are known from prior campaigns. Use Extend, not Plan.
+- Check if `climate_control` gem is in Gemfile before using ClimateControl — use direct ENV stubbing if not available
+- For B022 functional tests: subprocess writes to file, assert content includes `# file:` headers
+- For B027: stub at the class level, not instance — `expect(described_class).not_to receive(:new)`
+- For B018: read `spec/appydave/tools/jump/` existing specs before writing new command specs

data/docs/planning/test-coverage-gaps/AGENTS.md

@@ -0,0 +1,317 @@
+# AGENTS.md — test-coverage-gaps
+
+> Inherited from bugfix-and-security AGENTS.md. Self-contained.
+> Last updated: 2026-03-19
+
+---
+
+## Project Overview
+
+**What:** Ruby gem providing CLI productivity tools for AppyDave's YouTube content creation workflow.
+**Stack:** Ruby 3.4.2, Bundler 2.6.2, RSpec, RuboCop, semantic-release CI/CD.
+**This campaign:** Test-only gap closure. No lib/ production code changes except 1-line comment fix (B025).
+**Commits:** Always use `kfix` — never `git commit`.
+
+---
+
+## Build & Run Commands
+
+```bash
+eval "$(rbenv init -)"
+
+RUBYOPT="-W0" bundle exec rspec                                         # All tests
+bundle exec rspec spec/appydave/tools/dam/s3_operations_spec.rb
+bundle exec rspec spec/appydave/tools/dam/share_operations_spec.rb
+bundle exec rspec spec/appydave/tools/dam/sync_from_ssd_spec.rb
+bundle exec rspec spec/appydave/tools/dam/manifest_generator_spec.rb
+bundle exec rspec spec/appydave/tools/gpt_context/cli_spec.rb
+bundle exec rspec spec/appydave/tools/jump/                             # All jump specs
+bundle exec rubocop --format clang
+```
+
+**Baseline:** 759 examples, 0 failures, 85.0% line coverage
+
+---
+
+## Directory Structure
+
+```
+lib/appydave/tools/dam/
+  s3_operations.rb          configure_ssl_options method (~line 102) — READ ONLY
+  share_operations.rb       configure_ssl_options method (~line 89) — READ ONLY
+  sync_from_ssd.rb          determine_range (~line 185); stale comment line 173 — FIX COMMENT
+  manifest_generator.rb     determine_range (~line 332) — READ ONLY
+  jump/
+    commands/
+      remove.rb             READ ONLY — write spec for this
+      add.rb                READ ONLY — write spec for this (may be called create.rb or set.rb)
+      update.rb             READ ONLY — write spec for this
+spec/appydave/tools/dam/
+  s3_operations_spec.rb     ADD configure_ssl_options tests
+  share_operations_spec.rb  ADD configure_ssl_options tests
+  sync_from_ssd_spec.rb     ADD determine_range edge cases
+  manifest_generator_spec.rb ADD determine_range edge cases
+spec/appydave/tools/gpt_context/
+  cli_spec.rb               ADD functional tests (-i, -e, -f, -o)
+spec/appydave/tools/jump/
+  commands/
+    remove_spec.rb          CREATE THIS
+    add_spec.rb             CREATE THIS (check actual filename first)
+    update_spec.rb          CREATE THIS (check actual filename first)
+spec/support/
+  jump_test_helpers.rb      Reference for shared context
+  jump_test_locations.rb    Reference for test fixture data
+```
+
+---
+
+## Work Unit Details
+
+### fix-b024-ssl-tests
+
+**Goal:** Protect the B017 security fix. `configure_ssl_options` must have unit tests verifying:
+1. Default path returns `{}` (no ssl_verify_peer key at all)
+2. ENV override path returns `{ ssl_verify_peer: false }`
+
+**Check Gemfile first** — if `climate_control` is present, use it. Otherwise, stub ENV directly:
+
+```ruby
+# Direct ENV stub (works without climate_control)
+describe '#configure_ssl_options' do
+  subject(:ssl_options) { s3_ops.send(:configure_ssl_options) }
+
+  context 'when AWS_SDK_RUBY_SKIP_SSL_VERIFICATION is not set' do
+    before { allow(ENV).to receive(:[]).and_call_original }
+    before { allow(ENV).to receive(:[]).with('AWS_SDK_RUBY_SKIP_SSL_VERIFICATION').and_return(nil) }
+
+    it 'returns empty hash (SSL verification enabled by default)' do
+      expect(ssl_options).to eq({})
+    end
+
+    it 'does not include ssl_verify_peer key' do
+      expect(ssl_options).not_to have_key(:ssl_verify_peer)
+    end
+  end
+
+  context 'when AWS_SDK_RUBY_SKIP_SSL_VERIFICATION is "true"' do
+    before { allow(ENV).to receive(:[]).and_call_original }
+    before { allow(ENV).to receive(:[]).with('AWS_SDK_RUBY_SKIP_SSL_VERIFICATION').and_return('true') }
+
+    it 'returns ssl_verify_peer: false' do
+      expect(ssl_options).to eq({ ssl_verify_peer: false })
+    end
+  end
+end
+```
+
+Read the existing spec to find how `s3_ops` subject is set up. Add these examples within the existing describe block structure. Same pattern for `share_operations_spec.rb`.
+
+**Commit:** `kfix "add configure_ssl_options unit tests to protect B017 security fix"`
+
+---
+
+### fix-b022-cli-tests
+
+**Goal:** Functional subprocess tests for gpt_context CLI. Test that the actual flags work end-to-end.
+
+**Pattern — write to Tempfile, verify content:**
+
+```ruby
+describe '-i include pattern' do
+  it 'collects files matching the include pattern' do
+    Dir.mktmpdir do |tmpdir|
+      # Create a test file
+      File.write(File.join(tmpdir, 'test.rb'), '# test content')
+      outfile = File.join(tmpdir, 'output.txt')
+
+      `ruby #{script} -i '*.rb' -b #{tmpdir} -o #{outfile} 2>&1`
+
+      expect(File.read(outfile)).to include('# file: test.rb')
+    end
+  end
+end
+
+describe '-e exclude pattern' do
+  it 'excludes files matching the exclude pattern' do
+    Dir.mktmpdir do |tmpdir|
+      File.write(File.join(tmpdir, 'keep.rb'), '# keep')
+      File.write(File.join(tmpdir, 'exclude.rb'), '# exclude')
+      outfile = File.join(tmpdir, 'output.txt')
+
+      `ruby #{script} -i '*.rb' -e 'exclude.rb' -b #{tmpdir} -o #{outfile} 2>&1`
+
+      content = File.read(outfile)
+      expect(content).to include('# file: keep.rb')
+      expect(content).not_to include('# file: exclude.rb')
+    end
+  end
+end
+
+describe '-f format' do
+  it 'outputs tree format when -f tree specified' do
+    Dir.mktmpdir do |tmpdir|
+      File.write(File.join(tmpdir, 'test.rb'), '# test')
+      outfile = File.join(tmpdir, 'output.txt')
+
+      `ruby #{script} -i '*.rb' -f tree -b #{tmpdir} -o #{outfile} 2>&1`
+
+      expect(File.read(outfile)).to include('test.rb')
+    end
+  end
+end
+```
+
+Note: `-b` sets the base directory, `-o` writes to file. Read the existing cli_spec.rb first for the `script` let binding.
+
+**Commit:** `kfix "add functional CLI tests for -i -e -f -o flags to cli_spec"`
+
+---
+
+### fix-b026-b025-range-tests
+
+**Goal:** Add edge case tests for `determine_range` + fix 1-line stale comment.
+
+**In `sync_from_ssd_spec.rb`** — add to the existing `describe '#determine_range'` block:
+```ruby
+it 'determines range for boundary b00' do
+  range = sync_from_ssd.send(:determine_range, 'b00-first-project')
+  expect(range).to eq('b00-b49')
+end
+
+it 'determines range for single-digit b9' do
+  range = sync_from_ssd.send(:determine_range, 'b9-project')
+  expect(range).to eq('b00-b49')
+end
+
+it 'determines range for non-b letter prefix a40' do
+  range = sync_from_ssd.send(:determine_range, 'a40-test-project')
+  expect(range).to eq('a00-a49')
+end
+```
+
+**In `manifest_generator_spec.rb`** — add same 3 examples to the `describe '#determine_range'` block.
+
+**In `sync_from_ssd.rb` line 173** — update comment:
+```ruby
+# Determine local destination path (archived structure)
+# Extract range from project ID (e.g., b65 → b50-b99 range)
+```
+(Was: `b65 → 60-69 range`)
+
+**Commit:** `kfix "add determine_range edge cases and fix stale comment"`
+
+---
+
+### fix-b027-noargs-test
+
+**Goal:** Strengthen the no-args gpt_context spec to verify file collection stops — not just message output.
+
+The subprocess approach can't easily stub FileCollector. Use a stronger output assertion instead:
+
+```ruby
+describe 'no arguments' do
+  it 'prints an error message when no patterns provided' do
+    output = `ruby #{script} 2>&1`
+    expect(output).to include('No options provided')
+    expect($CHILD_STATUS.exitstatus).to eq(0)
+  end
+
+  it 'does not produce file content output when no patterns provided' do
+    output = `ruby #{script} 2>&1`
+    expect(output).not_to include('# file:')
+    expect(output).not_to include('clipboard')
+  end
+end
+```
+
+The second test verifies file collection output markers are absent — catches regressions where the guard is removed but the script continues to run.
+
+Read existing cli_spec.rb first — update the existing no-args describe block rather than adding a duplicate.
+
+**Commit:** `kfix "strengthen gpt_context no-args spec to verify collection does not proceed"`
+
+---
+
+### fix-b018-jump-specs
+
+**Goal:** Add dedicated unit specs for Jump Commands::Remove, Commands::Add (or Create), Commands::Update.
+
+**Step 1:** Read the source files first:
+```
+lib/appydave/tools/jump/commands/
+```
+List what files exist — the command names may differ from Remove/Add/Update.
+
+**Step 2:** Read an existing jump spec (e.g., `spec/appydave/tools/jump/`) for setup patterns.
+
+**Step 3:** For each command, create a spec file covering:
+- Happy path: command executes with valid key
+- `--force` guard: command without --force prompts/refuses where applicable
+- Not-found path: key does not exist — shows suggestion or error
+- Error codes / output messages
+
+**Pattern (based on jump_test_helpers.rb):**
+```ruby
+# frozen_string_literal: true
+
+RSpec.describe Appydave::Tools::Jump::Commands::Remove do
+  include_context 'with jump filesystem'
+
+  describe '#run' do
+    context 'when location exists' do
+      before { setup_jump_config([JumpTestLocations.ad_tools]) }
+
+      it 'removes the location with --force' do
+        # ...
+      end
+
+      it 'refuses to remove without --force' do
+        # ...
+      end
+    end
+
+    context 'when location does not exist' do
+      it 'shows not-found error' do
+        # ...
+      end
+    end
+  end
+end
+```
+
+**Commit:** `kfix "add dedicated specs for Jump Commands Remove Add Update"`
+
+---
+
+## Success Criteria
+
+- [ ] `RUBYOPT="-W0" bundle exec rspec` — 759+ examples, 0 failures
+- [ ] `bundle exec rubocop --format clang` — 0 offenses
+- [ ] Line coverage stays ≥ 85.0%
+- [ ] `configure_ssl_options` default path verified to NOT include ssl_verify_peer
+- [ ] All new spec files start with `# frozen_string_literal: true`
+- [ ] No `require 'spec_helper'` in new spec files (auto-required)
+
+---
+
+## Anti-Patterns to Avoid
+
+- ❌ Do NOT use `$?` in specs — use `$CHILD_STATUS` (rubocop)
+- ❌ Do NOT use `options.format.nil?` — format defaults to 'tree,content', never nil
+- ❌ Do NOT mock internal DAM classes — use shared filesystem context
+- ❌ Do NOT require spec_helper explicitly
+- ❌ Do NOT modify production lib/ code (except 1-line comment fix in sync_from_ssd.rb)
+- ❌ Do NOT use `puts` in lib/ — use `warn` for warnings
+
+---
+
+## Learnings (inherited)
+
+- **`$CHILD_STATUS` not `$?`** — rubocop Special/GlobalVars cop
+- **`exit` with no code exits 0** — specs asserting no-args exit should expect 0
+- **`options.format` defaults to `'tree,content'`** — never nil
+- **Grep full codebase before writing scope** — actual files may differ from brief
+- **Integration path assertions** — when changing path algorithms, search specs for old path strings
+- **BrandResolver is critical path** — all dam commands flow through it
+- **`Regexp.last_match` reset by `.sub()`** — capture groups before string transformation
+- **Dependency injection for path validators** — required for CI compatibility in Jump tests

data/docs/planning/test-coverage-gaps/IMPLEMENTATION_PLAN.md

@@ -0,0 +1,29 @@
+# IMPLEMENTATION_PLAN.md — test-coverage-gaps
+
+**Goal**: Close critical test gaps: protect B017 SSL fix, expand gpt_context CLI coverage, range edge cases, Jump Commands specs
+**Started**: 2026-03-19
+**Target**: All gaps addressed; 759+ examples passing; rubocop clean; no regressions
+
+## Summary
+- Total: 5 | Complete: 0 | In Progress: 5 | Pending: 0 | Failed: 0
+
+## Pending
+
+## In Progress
+- [~] fix-b024-ssl-tests — Add configure_ssl_options unit tests to s3_operations_spec + share_operations_spec
+- [~] fix-b022-cli-tests — Add functional subprocess tests to gpt_context cli_spec.rb (-i, -e, -f, -o)
+- [~] fix-b018-jump-specs — Add specs for Jump Commands::Remove, Add, Update
+
+## Complete
+- [x] fix-b027-noargs-test — Added second no-args example: verifies output does NOT include '# file:' or 'clipboard'. 766 examples, 0 failures. Note: B024 agent had RSpec/ScatteredSetup rubocop issue (multiple before hooks) — fixed in subsequent commit.
+- [x] fix-b026-b025-range-tests — Edge cases (b00, b9, a40) added to sync_from_ssd_spec + manifest_generator_spec. Stale comment fixed in sync_from_ssd.rb:173. ⚠️ CI ISSUE: cli_spec.rb:39 failing — 'not_to include clipboard' assertion is fragile (no-args output may mention clipboard on some platforms). B022 agent touching cli_spec.rb may resolve this.
+
+## Failed / Needs Retry
+
+## Notes & Decisions
+- All 5 work units are independent — parallel wave
+- Test-only campaign except B025 (1-line comment fix in sync_from_ssd.rb)
+- ENV stubbing: use allow(ENV).to receive(:[]) — check Gemfile for climate_control first
+- B022 functional tests: write to Tempfile, verify # file: headers in output
+- B027: stub GptContext::FileCollector at class level before subprocess call won't work — use integration assertion instead (verify output does NOT contain file collection output)
+- B018: read existing jump CLI spec before writing command-layer specs

data/lib/appydave/tools/dam/s3_operations.rb

@@ -100,17 +100,9 @@ module Appydave
         end
 
         def configure_ssl_options
-          # Check for explicit SSL verification bypass (for development/testing)
-          if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
-            puts '⚠️  WARNING: SSL verification is disabled (development mode)'
-            return { ssl_verify_peer: false }
-          end
+          return { ssl_verify_peer: false } if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
 
-          # Disable SSL peer verification to work around OpenSSL 3.4.x CRL checking issues
-          # This is safe for AWS S3 connections as we're still using HTTPS (encrypted connection)
-          {
-            ssl_verify_peer: false
-          }
+          {}
         end
 
         public

data/lib/appydave/tools/dam/s3_scanner.rb

@@ -111,8 +111,7 @@ module Appydave
           Aws::S3::Client.new(
             credentials: credentials,
             region: brand_info.aws.region,
-            http_wire_trace: false,
-            ssl_verify_peer: false
+            http_wire_trace: false
           )
         end
 

data/lib/appydave/tools/dam/share_operations.rb

@@ -87,17 +87,9 @@ module Appydave
         end
 
         def configure_ssl_options
-          # Check for explicit SSL verification bypass (for development/testing)
-          if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
-            puts '⚠️  WARNING: SSL verification is disabled (development mode)'
-            return { ssl_verify_peer: false }
-          end
+          return { ssl_verify_peer: false } if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
 
-          # Disable SSL peer verification to work around OpenSSL 3.4.x CRL checking issues
-          # This is safe for AWS S3 connections as we're still using HTTPS (encrypted connection)
-          {
-            ssl_verify_peer: false
-          }
+          {}
         end
 
         public

data/lib/appydave/tools/dam/sync_from_ssd.rb

@@ -170,7 +170,7 @@ module Appydave
           return { skipped: 1, files: 0, bytes: 0, reason: 'Flat folder exists (stale manifest?)' } if Dir.exist?(flat_path)
 
           # Determine local destination path (archived structure)
-          # Extract range from project ID (e.g., b65 → 60-69 range)
+          # Extract range from project ID (e.g., b65 → b50-b99 range)
           range = determine_range(project_id)
           local_dir = File.join(brand_path, 'archived', range, project_id)
 
@@ -181,14 +181,17 @@ module Appydave
           sync_light_files(ssd_path, local_dir, dry_run: dry_run)
         end
 
-        # Determine range folder for project (e.g., b65 → 60-69)
+        # Determine range folder for project (e.g., b65 → b50-b99)
         def determine_range(project_id)
-          # FliVideo pattern: b40, b41, ... b99
-          if project_id =~ /^b(\d+)/
-            tens = (Regexp.last_match(1).to_i / 10) * 10
-            "#{tens}-#{tens + 9}"
+          # FliVideo/Modern pattern: b40, a82, etc.
+          if project_id =~ /^([a-z])(\d+)/
+            letter = Regexp.last_match(1)
+            number = Regexp.last_match(2).to_i
+            range_start = (number / 50) * 50
+            range_end = range_start + 49
+            format("#{letter}%02d-#{letter}%02d", range_start, range_end)
           else
-            # Legacy pattern or unknown: use first 3 chars
+            # Legacy pattern or unknown
             '000-099'
           end
         end

data/lib/appydave/tools/version.rb

@@ -2,6 +2,6 @@
 
 module Appydave
   module Tools
-    VERSION = '0.76.0'
+    VERSION = '0.76.2'
   end
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "appydave-tools",
-  "version": "0.76.0",
+  "version": "0.76.2",
   "description": "AppyDave YouTube Automation Tools",
   "scripts": {
     "release": "semantic-release"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: appydave-tools
 version: !ruby/object:Gem::Version
-  version: 0.76.0
+  version: 0.76.2
 platform: ruby
 authors:
 - David Cruwys
@@ -297,9 +297,15 @@ files:
 - docs/guides/tools/youtube-manager.md
 - docs/planning/AGENTS.md
 - docs/planning/BACKLOG.md
+- docs/planning/bugfix-and-security/AGENTS.md
+- docs/planning/bugfix-and-security/IMPLEMENTATION_PLAN.md
+- docs/planning/bugfix-and-security/assessment.md
 - docs/planning/fr2-gpt-context-help/AGENTS.md
 - docs/planning/fr2-gpt-context-help/IMPLEMENTATION_PLAN.md
+- docs/planning/fr2-gpt-context-help/assessment.md
 - docs/planning/next-round-brief.md
+- docs/planning/test-coverage-gaps/AGENTS.md
+- docs/planning/test-coverage-gaps/IMPLEMENTATION_PLAN.md
 - docs/specs/fr-002-gpt-context-help-system.md
 - docs/specs/fr-003-jump-location-tool.md
 - docs/specs/zsh-history-tool.md