appydave-tools 0.76.0 → 0.76.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39c3338d4f56e9b453669e54150db39c4449b667fa347a2634b2741fbd272235
-  data.tar.gz: 5949d3218ac0ca10376e9307ee981fd88a9505d876ba88178a7a6647447b8077
+  metadata.gz: 2700178e0f8e7fa1ddbd046cb78af4a0a340f2e8770637a2f3b30229e9f76179
+  data.tar.gz: c5c3f8094e988cc77849f27d1126c3839825d231c06b8bb63d3410cfdfe72179
 SHA512:
-  metadata.gz: 9b52b37eb3e5ebda0eb8508f054b53cf607b208e2ba2c227418381bc77940720741c7feea5e9edc47ca8942da0c5bb4e20d79034d8b3e345ad10f0823bedd76a
-  data.tar.gz: 6aed7f6c4d2d16b7706d6449ba3759e5b24cc08d3ac602c979485babc72625d632588ebf070211e9b68a11d5af5a75151d4b6a92729c50a8335a59a1040d919d
+  metadata.gz: e11cda4ffd9a0a555c15ae613e94b31aa7f508ba473ccc89d31a48d399f9b603204faa4018bea222f9640205b5d73a557b992acf3be94c926bdbeea494baedb5
+  data.tar.gz: 4af0c479f1aeb82cc32dd06d8d954910fff6e9a4a2f785d2969a284fc9a55874a56ed71e1600be9c26b5ad3792a67be98105a9003b82c8d835eb0bd8a7d323cf

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+# [0.76.0](https://github.com/appydave/appydave-tools/compare/v0.75.0...v0.76.0) (2026-03-19)
+
+
+### Bug Fixes
+
+* fix pre-existing rubocop offenses in bin/dam and split jump test helpers to avoid OneClassPerFile ([491b980](https://github.com/appydave/appydave-tools/commit/491b980c335b7e3d205a5368cd0a7b96e5b5a82f))
+* remove debug puts and fix unguarded FileUtils.cd in FileCollector; close BUG-1 ([13d5f87](https://github.com/appydave/appydave-tools/commit/13d5f8793d5185cb9795cab86a5270726763c30e))
+
+
+### Features
+
+* add AI-friendly help system to GPT Context ([c0b8843](https://github.com/appydave/appydave-tools/commit/c0b884323654a248d660ea137712e7c0e5fc172c))
+
 # [0.75.0](https://github.com/appydave/appydave-tools/compare/v0.74.1...v0.75.0) (2026-02-08)
 
 

data/bin/gpt_context.rb

@@ -112,7 +112,7 @@ OptionParser.new do |opts|
   end
 end.parse!
 
-if options.include_patterns.empty? && options.exclude_patterns.empty? && options.format.nil?
+if options.include_patterns.empty? && options.exclude_patterns.empty?
   script_name = File.basename($PROGRAM_NAME, File.extname($PROGRAM_NAME))
 
   puts 'No options provided to GPT Context. Please specify patterns to include or exclude.'

data/docs/planning/BACKLOG.md

@@ -1,7 +1,7 @@
 # Project Backlog — AppyDave Tools
 
-**Last updated**: 2026-03-19 (updated after three-lens audit)
-**Total**: 20 | Pending: 14 | Done: 6 | Deferred: 0 | Rejected: 0
+**Last updated**: 2026-03-19 (fr2-gpt-context-help assessment + 3 new items from quality audit)
+**Total**: 23 | Pending: 16 | Done: 7 | Deferred: 0 | Rejected: 0
 
 ---
 
@@ -10,11 +10,13 @@
 ### High Priority
 - [ ] B015 — BUG-2: FileCollector uses FileUtils.cd without ensure (process dir not restored on exception) | Priority: high
 - [ ] B016 — BUG-3: ManifestGenerator + SyncFromSsd produce incompatible SSD range strings (data integrity) | Priority: high
-- [ ] B002 — FR-2: GPT Context AI-friendly help system | Priority: high
 - [x] B006 — BUG-1: Jump CLI get/remove key lookup | Completed: verified fixed 2026-03-19, regression spec added
 - [ ] B017 — Security: ssl_verify_peer disabled unconditionally in S3Operations + ShareOperations | Priority: high
 
 ### Medium Priority
+- [ ] B021 — Fix: gpt_context no-args guard checks format.nil? which is always false (dead condition) | Priority: medium
+- [ ] B022 — Tests: expand cli_spec.rb with functional tests (-i, -e, -f, -o flags, exit codes) | Priority: medium
+- [ ] B023 — Tests: add file_collector_spec coverage for JSON format, aider format, error paths | Priority: medium
 - [ ] B018 — Tests: add specs for Jump Commands::Remove, Commands::Add, Commands::Update | Priority: medium
 - [ ] B019 — Fix: remove debug puts @working_directory from gpt_context/file_collector.rb | Priority: medium
 - [ ] B001 — FR-1: GPT Context token counting | Priority: medium
@@ -37,6 +39,7 @@
 - [x] B005 — NFR-2: Jump Claude Code Skill | Completed: 2025-12-14
 - [x] B013 — Arch: Extract GitHelper module (90 lines duplication) | Completed: dam-enhancement-sprint (Jan 2025)
 - [x] B014 — Arch: Create BrandResolver to centralize brand transformation | Completed: dam-enhancement-sprint (Jan 2025)
+- [x] B002 — FR-2: GPT Context AI-friendly help system | Completed: fr2-gpt-context-help (2026-03-19)
 
 ---
 

data/docs/planning/bugfix-and-security/AGENTS.md

@@ -0,0 +1,324 @@
+# AGENTS.md — bugfix-and-security
+
+> Inherited from docs/planning/AGENTS.md + fr2-gpt-context-help campaign learnings.
+> Self-contained — you receive only this file + your work unit prompt.
+> Last updated: 2026-03-19
+
+---
+
+## Project Overview
+
+**What:** Ruby gem providing CLI productivity tools for AppyDave's YouTube content creation workflow.
+**Stack:** Ruby 3.4.2, Bundler 2.6.2, RSpec, RuboCop, semantic-release CI/CD.
+**This campaign:** 3 independent bug fixes — security (B017), data integrity (B016), dead code (B021).
+**Commits:** Always use `kfeat`/`kfix` — never `git commit`.
+
+---
+
+## Build & Run Commands
+
+```bash
+eval "$(rbenv init -)"
+
+# Run all tests
+RUBYOPT="-W0" bundle exec rspec
+
+# Run specific spec files
+bundle exec rspec spec/appydave/tools/dam/s3_operations_spec.rb
+bundle exec rspec spec/appydave/tools/dam/sync_from_ssd_spec.rb
+bundle exec rspec spec/appydave/tools/dam/manifest_generator_spec.rb
+bundle exec rspec spec/appydave/tools/gpt_context/cli_spec.rb
+
+# Lint
+bundle exec rubocop --format clang
+
+# Commit (never use git commit directly)
+kfix "description of what you fixed"
+```
+
+**Baseline (2026-03-19):** 754 examples, 0 failures, 84.92% line coverage
+
+---
+
+## Directory Structure
+
+```
+lib/appydave/tools/dam/
+  s3_operations.rb          B017 — configure_ssl_options method (~line 102)
+  share_operations.rb       B017 — configure_ssl_options method (~line 89)
+  s3_scanner.rb             B017 — inline ssl_verify_peer in Aws::S3::Client.new (~line 111)
+  sync_from_ssd.rb          B016 — determine_range method (~line 185)
+  manifest_generator.rb     B016 — determine_range method (~line 332) — canonical format
+spec/appydave/tools/dam/
+  s3_operations_spec.rb     Existing spec — do not break
+  share_operations_spec.rb  Existing spec — do not break
+  sync_from_ssd_spec.rb     B016 — update determine_range examples (~line 277)
+  manifest_generator_spec.rb B016 — add determine_range examples (currently none)
+bin/gpt_context.rb          B021 — guard at line 115
+spec/appydave/tools/gpt_context/
+  cli_spec.rb               B021 — add/update no-args spec
+```
+
+---
+
+## Work Unit Details
+
+### fix-b017-ssl
+
+**Problem:** `ssl_verify_peer: false` is set unconditionally in 3 files, disabling MITM protection on all S3 operations including AWS credential transmission. The comment "safe for AWS S3" is incorrect — HTTPS encryption alone does not protect against a MITM attack without peer verification.
+
+**Files to change:**
+
+**1. `lib/appydave/tools/dam/s3_operations.rb` (~line 102):**
+```ruby
+# BEFORE:
+def configure_ssl_options
+  if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
+    puts '⚠️  WARNING: SSL verification is disabled (development mode)'
+    return { ssl_verify_peer: false }
+  end
+
+  # Disable SSL peer verification to work around OpenSSL 3.4.x CRL checking issues
+  # This is safe for AWS S3 connections as we're still using HTTPS (encrypted connection)
+  {
+    ssl_verify_peer: false
+  }
+end
+
+# AFTER:
+def configure_ssl_options
+  return { ssl_verify_peer: false } if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
+
+  {}
+end
+```
+
+**2. `lib/appydave/tools/dam/share_operations.rb` (~line 89):**
+Same pattern as s3_operations.rb — same fix.
+
+**3. `lib/appydave/tools/dam/s3_scanner.rb` (~line 111):**
+```ruby
+# BEFORE (inline in Aws::S3::Client.new):
+Aws::S3::Client.new(
+  credentials: credentials,
+  region: brand_info.aws.region,
+  http_wire_trace: false,
+  ssl_verify_peer: false
+)
+
+# AFTER:
+Aws::S3::Client.new(
+  credentials: credentials,
+  region: brand_info.aws.region,
+  http_wire_trace: false
+)
+```
+
+**Commit:** `kfix "remove unconditional ssl_verify_peer: false from S3 clients; keep env override"`
+
+**Note on WARNING puts:** The original had `puts '⚠️  WARNING...'` in the env-guard branch. You may keep or remove it — if you keep it, ensure rubocop doesn't flag it (it shouldn't). If RuboCop complains about the `puts`, use `warn` instead.
+
+---
+
+### fix-b016-range
+
+**Problem:** Two methods both named `determine_range` produce incompatible folder path strings:
+- `ManifestGenerator#determine_range('b65')` → `"b50-b99"` (letter + 50-number range)
+- `SyncFromSsd#determine_range('b65')` → `"60-69"` (no letter, 10-number range)
+
+Both are used to construct `archived/[range]/[project_id]` paths. A project archived via SyncFromSsd lands in `archived/60-69/b65-project/`. ManifestGenerator then looks for it at `archived/b50-b99/b65-project/` — misses it (though glob fallback saves it in practice).
+
+**ManifestGenerator format is canonical** — it handles any letter prefix (a*, b*, c*, ...) and uses 50-number ranges which are less granular and more stable.
+
+**Fix: Update `SyncFromSsd#determine_range` to match ManifestGenerator's algorithm:**
+
+```ruby
+# lib/appydave/tools/dam/sync_from_ssd.rb
+
+# BEFORE (~line 185):
+def determine_range(project_id)
+  # FliVideo pattern: b40, b41, ... b99
+  if project_id =~ /^b(\d+)/
+    tens = (Regexp.last_match(1).to_i / 10) * 10
+    "#{tens}-#{tens + 9}"
+  else
+    '000-099'
+  end
+end
+
+# AFTER (match ManifestGenerator exactly):
+def determine_range(project_id)
+  if project_id =~ /^([a-z])(\d+)/
+    letter = Regexp.last_match(1)
+    number = Regexp.last_match(2).to_i
+    range_start = (number / 50) * 50
+    range_end = range_start + 49
+    format("#{letter}%02d-#{letter}%02d", range_start, range_end)
+  else
+    '000-099'
+  end
+end
+```
+
+**Update `spec/appydave/tools/dam/sync_from_ssd_spec.rb` — the existing determine_range examples (~line 277) must be updated to the new format:**
+
+```ruby
+describe '#determine_range' do
+  it 'determines range for FliVideo pattern b40' do
+    range = sync_from_ssd.send(:determine_range, 'b40-test-project')
+    expect(range).to eq('b00-b49')
+  end
+
+  it 'determines range for FliVideo pattern b65' do
+    range = sync_from_ssd.send(:determine_range, 'b65-guy-monroe')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'determines range for FliVideo pattern b99' do
+    range = sync_from_ssd.send(:determine_range, 'b99-final-project')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'returns default range for non-FliVideo pattern' do
+    range = sync_from_ssd.send(:determine_range, 'boy-baker')
+    expect(range).to eq('000-099')
+  end
+end
+```
+
+**Add to `spec/appydave/tools/dam/manifest_generator_spec.rb` — currently zero specs for determine_range:**
+
+Look at the existing manifest_generator_spec.rb for the describe block structure and shared context, then add:
+```ruby
+describe '#determine_range' do
+  it 'determines range for b40' do
+    range = manifest_generator.send(:determine_range, 'b40-test-project')
+    expect(range).to eq('b00-b49')
+  end
+
+  it 'determines range for b65' do
+    range = manifest_generator.send(:determine_range, 'b65-guy-monroe')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'determines range for b99' do
+    range = manifest_generator.send(:determine_range, 'b99-final-project')
+    expect(range).to eq('b50-b99')
+  end
+
+  it 'returns default range for non-FliVideo pattern' do
+    range = manifest_generator.send(:determine_range, 'boy-baker')
+    expect(range).to eq('000-099')
+  end
+end
+```
+
+Read `manifest_generator_spec.rb` first to understand how the `manifest_generator` subject is set up before adding these examples.
+
+**Commit:** `kfix "align SyncFromSsd#determine_range with ManifestGenerator format; add specs"`
+
+---
+
+### fix-b021-guard
+
+**Problem:** `bin/gpt_context.rb` line 115:
+```ruby
+if options.include_patterns.empty? && options.exclude_patterns.empty? && options.format.nil?
+```
+`options.format` defaults to `'content'` in the Options class — it is never nil. The third AND condition is always false, making the whole guard dead when only format is set. In practice the guard fires on empty include+exclude (which is the normal "no args" path), but the dead condition is confusing and could mask future bugs.
+
+**Fix:** Remove `&& options.format.nil?` from line 115:
+```ruby
+# BEFORE:
+if options.include_patterns.empty? && options.exclude_patterns.empty? && options.format.nil?
+
+# AFTER:
+if options.include_patterns.empty? && options.exclude_patterns.empty?
+```
+
+**Add/update spec in `spec/appydave/tools/gpt_context/cli_spec.rb`:**
+
+Add a context for no-args behavior:
+```ruby
+describe 'no arguments' do
+  it 'exits with an error message when no patterns provided' do
+    output = `ruby #{script} 2>&1`
+    expect(output).to include('No options provided')
+    expect($?.exitstatus).to_not eq(0)
+  end
+end
+```
+
+Note: The script currently calls `exit` (no code) on this path — check the actual exit status. If it exits 0, adjust the expectation or leave exit code assertion out and just check the message.
+
+**Commit:** `kfix "remove dead format.nil? guard in gpt_context no-args check"`
+
+---
+
+## Success Criteria
+
+Every work unit must satisfy ALL before marking `[x]`:
+
+- [ ] `RUBYOPT="-W0" bundle exec rspec` — 754+ examples, 0 failures
+- [ ] `bundle exec rubocop --format clang` — 0 offenses
+- [ ] Line coverage stays ≥ 84.92%
+- [ ] All new `.rb` file additions start with `# frozen_string_literal: true`
+- [ ] Commit uses `kfix` (not `git commit`)
+
+---
+
+## Anti-Patterns to Avoid
+
+- ❌ Do NOT remove the `ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION']` dev escape hatch — only remove the unconditional fallback below it
+- ❌ Do NOT mock S3 clients when testing ssl options — check what the existing specs do and follow the pattern
+- ❌ Do NOT change ManifestGenerator#determine_range — it is the canonical implementation, SyncFromSsd is the one to fix
+- ❌ Do NOT use `puts` in lib/ code without checking if it violates rubocop (use `warn` for warnings)
+- ❌ Do NOT inline brand transformations — always use BrandResolver
+- ❌ Do NOT use `require 'spec_helper'` in new spec files — auto-required via .rspec
+
+---
+
+## Mock Patterns
+
+### S3 Tests — Check Existing Specs First
+
+Before writing any new S3-related test, read the existing spec file for the class you're touching. The existing patterns use WebMock or stub the S3 client at a higher level. Do NOT add new S3 network stubs — just verify the existing test suite still passes after your change.
+
+### DAM Filesystem Tests — Shared Context
+
+```ruby
+include_context 'with vat filesystem and brands', brands: %w[appydave]
+```
+
+---
+
+## Quality Gates
+
+- **Tests:** 754+ examples, 0 failures
+- **Lint:** 0 rubocop offenses
+- **Coverage:** ≥ 84.92%
+- **Commit:** `kfix` only
+
+---
+
+## Learnings (inherited)
+
+### From Three-Lens Audit (2026-03-19)
+- `format.nil?` in gpt_context is always false — do not re-introduce
+- `ssl_verify_peer: false` is not safe for AWS — HTTPS alone doesn't prevent MITM without peer verification
+- ManifestGenerator `determine_range` is the canonical format; SyncFromSsd must match it
+
+### From fr2-gpt-context-help (2026-03-19)
+- `opts.on_tail` vs `opts.on` matters for option ordering in OptionParser
+- Subprocess specs (`ruby #{script} --flag`) are correct for CLI integration tests
+- Pre-conditions from prior commits — always verify live before planning
+
+### From DAM Enhancement Sprint (Jan 2025)
+- BrandResolver is the critical path — all dam commands flow through it
+- `Regexp.last_match` is reset by `.sub()` calls — capture groups BEFORE any string transformation
+- `Config.configure` is memoized — do not add new calls
+- Table format() pattern: always use same format string for headers and data rows
+
+### From Jump Location Tool (Dec 2025)
+- Dependency injection for path validators required for CI compatibility
+- Jump Commands layer has zero dedicated specs (B018 — scheduled separately)

data/docs/planning/bugfix-and-security/IMPLEMENTATION_PLAN.md

@@ -0,0 +1,26 @@
+# IMPLEMENTATION_PLAN.md — bugfix-and-security
+
+**Goal**: Fix 3 blockers: ssl_verify_peer security hole (B017), range string mismatch (B016), dead format guard (B021)
+**Started**: 2026-03-19
+**Target**: All 3 fixes committed; tests pass; rubocop clean; no regressions
+
+## Summary
+- Total: 3 | Complete: 0 | In Progress: 3 | Pending: 0 | Failed: 0
+
+## Pending
+
+## In Progress
+- [~] fix-b017-ssl — Remove unconditional ssl_verify_peer: false from s3_operations.rb, share_operations.rb, s3_scanner.rb
+- [~] fix-b016-range — Align SyncFromSsd#determine_range to ManifestGenerator format; update sync_from_ssd_spec.rb; add manifest_generator_spec.rb coverage
+- [~] fix-b021-guard — Remove options.format.nil? from gpt_context.rb:115 guard; add/update spec for no-args behaviour
+
+## Complete
+
+## Failed / Needs Retry
+
+## Notes & Decisions
+- All 3 fixes are independent — run as parallel agents in one wave
+- B017: s3_scanner.rb has ssl_verify_peer inline with NO env guard — remove entirely. s3_operations.rb and share_operations.rb have env guard + unconditional fallback — keep env guard, remove unconditional fallback. Return {} (empty hash) instead.
+- B016: ManifestGenerator format is canonical (letter+50-range, e.g. b50-b99). SyncFromSsd format is wrong (10-range, no letter, e.g. 60-69). Fix SyncFromSsd to match. ManifestGenerator#determine_range has zero specs — add them.
+- B021: options.format defaults to 'content' in Options class — format.nil? is always false. Remove the third AND condition. Update cli_spec or add spec to verify no-args exits with message.
+- Discovered: s3_scanner.rb also affected by B017 (not in original brief)

data/docs/planning/fr2-gpt-context-help/IMPLEMENTATION_PLAN.md

@@ -5,14 +5,14 @@
 **Target**: `--help` shows structured sections; `--version` works; specs pass; rubocop clean
 
 ## Summary
-- Total: 1 | Complete: 0 | In Progress: 0 | Pending: 1 | Failed: 0
+- Total: 1 | Complete: 1 | In Progress: 0 | Pending: 0 | Failed: 0
 
 ## Pending
 
 ## In Progress
-- [~] fr2-gpt-context-help — Implement AI-friendly help system in bin/gpt_context.rb per docs/specs/fr-002-gpt-context-help-system.md
 
 ## Complete
+- [x] fr2-gpt-context-help — Implement AI-friendly help system in bin/gpt_context.rb. 754 examples, 0 failures. v0.76.0 published. Also fixed pre-existing rubocop offenses in bin/dam and split jump_test_helpers (JumpTestLocations → own file).
 
 ## Failed / Needs Retry
 

data/docs/planning/fr2-gpt-context-help/assessment.md

@@ -0,0 +1,70 @@
+# Assessment: fr2-gpt-context-help
+
+**Campaign**: fr2-gpt-context-help
+**Date**: 2026-03-19 → 2026-03-19
+**Results**: 1 complete, 0 failed
+**Version shipped**: v0.76.0
+**Quality audit**: code-quality-audit + test-quality-audit run post-campaign
+
+---
+
+## Results Summary
+
+| Work Unit | Status | Notes |
+|-----------|--------|-------|
+| B002 — FR-2 GPT Context help system | ✅ Complete | 754 examples, 0 failures. Also fixed pre-existing rubocop offenses in bin/dam and split JumpTestLocations into own file. |
+
+---
+
+## What Worked Well
+
+- **Single-file scope held.** `bin/gpt_context.rb` only — no lib/ changes. Agent stayed in bounds.
+- **Side-fixes landed cleanly.** Rubocop offenses in bin/dam (select/reject → partition) and JumpTestLocations split were caught and fixed without scope creep.
+- **Test count and coverage improved.** 748 → 754 examples, 84.88% → 84.92% coverage.
+- **Spec approach was correct.** subprocess integration testing (running the actual script) is the right pattern for CLI help/version tests.
+- **Pre-conditions were pre-cleared.** B015 and B019 fixed in prior commit 13d5f87 meant agent could focus on FR-2 immediately.
+
+---
+
+## What Didn't Work
+
+- **cli_spec.rb is too thin (Grade: C from test audit).** 4 tests only verify help text strings are present. No functional tests: `-i`, `-e`, `-f`, `-o` flags completely untested at CLI level. Creates false sense of security.
+- **format.nil? guard is dead code.** `bin/gpt_context.rb` line 115 checks `options.format.nil?` as part of its "no options provided" guard. But `format` defaults to `'content'` in the Options class — it is never nil. The third AND condition is always false, meaning the guard can only trigger if both include_patterns AND exclude_patterns are empty AND format has somehow been set to nil (impossible via normal usage).
+- **file_collector_spec missing formats.** JSON and aider format output paths in FileCollector have zero specs. Error cases also unprotected.
+
+---
+
+## Key Learnings — Application
+
+- **OptionParser `opts.on_tail` vs `opts.on` matters for ordering.** `--version` must be `opts.on` (not `on_tail`) to appear before `--help` in output. Anti-pattern documented in AGENTS.md.
+- **format.nil? is a dead guard.** When Options class sets a default for `format`, the nil check in bin/gpt_context.rb line 115 is always false. Any "no args provided" guard must check `include_patterns.empty?` and `exclude_patterns.empty?` only.
+- **Subprocess specs work but need functional assertions.** Using `\`ruby #{script} --flag\`` is correct for CLI integration testing, but tests must verify actual output content and exit codes — not just documentation strings.
+
+---
+
+## Key Learnings — Ralph Loop
+
+- **One work unit campaigns are fast.** 1 agent, 1 wave, done. No coordination overhead.
+- **Pre-conditions from prior commits reduce campaign scope.** B015/B019 were in next-round-brief as work units but had already been fixed. Always verify pre-conditions live before writing the plan.
+- **Quality audit caught 3 new backlog items.** B021 (format.nil? dead guard), B022 (cli_spec functional tests), B023 (file_collector JSON/aider/error specs). These were invisible without the audit.
+
+---
+
+## Suggestions for Next Campaign
+
+**Recommended next campaign: `bugfix-and-security` — B016, B017, B021**
+
+Priority order:
+1. **B017** — ssl_verify_peer: false (security BLOCKER — remove before adding any S3 features)
+2. **B016** — ManifestGenerator vs SyncFromSsd range string mismatch (data integrity BLOCKER)
+3. **B021** — fix format.nil? dead guard in gpt_context (5-minute fix, prevents silent failure)
+
+Then schedule soon after:
+- **B022** — expand cli_spec.rb with functional tests (-i, -e, -f, -o, exit codes)
+- **B023** — file_collector_spec: add JSON, aider, error path coverage
+- **B018** — Jump Commands layer specs (Remove/Add/Update)
+
+**AGENTS.md updates needed for next campaign:**
+- Add: "format.nil? in gpt_context is always false — do not use as a no-args guard"
+- Add: "S3Operations ssl_verify_peer must be removed — see B017"
+- Add: "ManifestGenerator and SyncFromSsd produce incompatible range strings — see B016 before touching SSD archive paths"

data/docs/planning/next-round-brief.md

@@ -1,55 +1,39 @@
 # Next Round Brief
 
 **Created:** 2026-03-19
-**Updated:** 2026-03-19 (after three-lens audit)
+**Updated:** 2026-03-19 (after fr2-gpt-context-help assessment)
 
 ---
 
-## Recommended Next Campaign: gpt_context Fixes + FR-2 + Jump Verification
+## Recommended Next Campaign: bugfix-and-security
 
 ### Goal
 
-Fix the two small blockers in `gpt_context/file_collector.rb` (B015, B019), then implement FR-2 (GPT Context AI help system). In parallel, verify whether BUG-1 (Jump get/remove) is still live before planning a Jump campaign.
+Fix two BLOCKER-level bugs (B016, B017) and one dead-code guard (B021) before building any new S3 or archive features.
 
 ### Background
 
-**Three-lens audit findings changed the priority order:**
+Quality audit after fr2-gpt-context-help surfaced these as blockers:
 
-1. FR-2 has two small pre-conditions in `file_collector.rb` that must be fixed first:
-   - `puts @working_directory` at line 15 (B019 — 1 line delete)
-   - `FileUtils.cd` without `ensure` (B015 — wrap in block form)
-   Both are ~5 minutes of work. Do them as the first commit of the FR-2 campaign.
+1. **B017** — `ssl_verify_peer: false` hardcoded unconditionally in `S3Operations` and `ShareOperations`. Removes MITM protection on all S3 operations including credential transmission. Must fix before any S3 feature work.
+2. **B016** — `ManifestGenerator.determine_range` returns `"b50-b99"` format; `SyncFromSsd.determine_range` returns `"60-69"` format. Incompatible SSD path construction means projects can be silently missed during archive/restore. Must fix before any archive feature work.
+3. **B021** — `bin/gpt_context.rb` line 115 guard checks `options.format.nil?` as third AND condition. `format` defaults to `'content'` in Options — never nil. Dead condition; guard can only fire on include/exclude emptiness. 5-minute fix.
 
-2. BUG-1 (Jump get/remove) is mislabeled in the original backlog. Static analysis shows `Jump::Config#find` and `Commands::Remove` have correct dual-key guards. The bug may already be fixed or may be environmental. **Verify live before planning any Jump campaign.**
+### Suggested Work Units
 
-3. New high-priority bugs found by the audit (B016, B017) should be assessed for inclusion in the next campaign or scheduled shortly after.
+1. **Fix B017** — Remove `ssl_verify_peer: false` from `S3Operations` and `ShareOperations`. No env flag needed — AWS SDK handles SSL correctly by default.
+2. **Fix B016** — Align range string format between `ManifestGenerator` and `SyncFromSsd`. Read actual SSD folder structure on disk first to determine which format matches reality; update the other to match.
+3. **Fix B021** — Remove `&& options.format.nil?` from guard at `bin/gpt_context.rb:115`. Update or add spec to verify no-args behavior.
 
-### Suggested Work Units (FR-2 Campaign)
+### Optional (bundle if small)
 
-1. **Fix B019** — Delete `puts @working_directory` from `file_collector.rb:15` (1-line fix)
-2. **Fix B015** — Wrap `FileUtils.cd` in block form in `file_collector.rb` (3-line fix)
-3. **Implement FR-2** — Read `docs/specs/fr-002-gpt-context-help-system.md`. Option A from the spec (enhanced OptionParser with banner, separators, `--version`) is the correct approach. No changes to lib/ needed — this is a `bin/gpt_context.rb` enhancement.
-4. **Verify BUG-1** — Run `bin/jump.rb get <key>` live. If broken: find actual failure site. If fixed: write regression spec for `Jump::Config#find` round-trip and close.
+- **B018** — Jump Commands layer specs (Remove/Add/Update) — no code changes, just test coverage
+- **B022** — Expand cli_spec.rb with functional tests for -i, -e, -f, -o flags
 
-### Pre-Campaign Blockers: None
-
-Neither fix requires architectural changes. FR-2 is contained to `bin/gpt_context.rb`. The Jump verification is read-only unless the bug is confirmed.
-
-### What Agents Need to Know
-
-- Read `docs/planning/AGENTS.md` — test/lint patterns, commit format, quality gates
-- FR-2 spec: `docs/specs/fr-002-gpt-context-help-system.md`
-- gpt_context source: `lib/appydave/tools/gpt_context/` + `bin/gpt_context.rb`
-- Jump source: `lib/appydave/tools/jump/` (Config, Search, Commands/*)
-- Jump tests: `spec/appydave/tools/jump/` + `spec/support/jump_test_helpers.rb`
-- BUG-1 call chain: `CLI#run_get` → `Search#get` → `Config#find` → `locations.find { |loc| loc.key == key }`
-
-### Also Schedule Soon (from audit)
+### Mode Recommendation
 
-- B016 — ManifestGenerator vs SyncFromSsd range string mismatch (data integrity — schedule next)
-- B017 — ssl_verify_peer: false in S3Operations (security — schedule next)
-- B018 — Jump Commands layer specs (no specs for Remove/Add/Update)
+**Extend** — stack, patterns, and quality gates known. Inherit AGENTS.md.
 
-### Mode Recommendation
+### Pre-Campaign Blockers: None
 
-**Extend** — stack, patterns, and quality gates are known from prior campaigns. Use Extend, not Plan.
+All three fixes are standalone. B016 requires reading SSD disk structure before writing code (per AGENTS.md: read actual files before designing data shapes).

data/lib/appydave/tools/dam/s3_operations.rb

@@ -100,17 +100,9 @@ module Appydave
         end
 
         def configure_ssl_options
-          # Check for explicit SSL verification bypass (for development/testing)
-          if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
-            puts '⚠️  WARNING: SSL verification is disabled (development mode)'
-            return { ssl_verify_peer: false }
-          end
+          return { ssl_verify_peer: false } if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
 
-          # Disable SSL peer verification to work around OpenSSL 3.4.x CRL checking issues
-          # This is safe for AWS S3 connections as we're still using HTTPS (encrypted connection)
-          {
-            ssl_verify_peer: false
-          }
+          {}
         end
 
         public

data/lib/appydave/tools/dam/s3_scanner.rb

@@ -111,8 +111,7 @@ module Appydave
           Aws::S3::Client.new(
             credentials: credentials,
             region: brand_info.aws.region,
-            http_wire_trace: false,
-            ssl_verify_peer: false
+            http_wire_trace: false
           )
         end
 

data/lib/appydave/tools/dam/share_operations.rb

@@ -87,17 +87,9 @@ module Appydave
         end
 
         def configure_ssl_options
-          # Check for explicit SSL verification bypass (for development/testing)
-          if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
-            puts '⚠️  WARNING: SSL verification is disabled (development mode)'
-            return { ssl_verify_peer: false }
-          end
+          return { ssl_verify_peer: false } if ENV['AWS_SDK_RUBY_SKIP_SSL_VERIFICATION'] == 'true'
 
-          # Disable SSL peer verification to work around OpenSSL 3.4.x CRL checking issues
-          # This is safe for AWS S3 connections as we're still using HTTPS (encrypted connection)
-          {
-            ssl_verify_peer: false
-          }
+          {}
         end
 
         public

data/lib/appydave/tools/dam/sync_from_ssd.rb

@@ -181,14 +181,17 @@ module Appydave
           sync_light_files(ssd_path, local_dir, dry_run: dry_run)
         end
 
-        # Determine range folder for project (e.g., b65 → 60-69)
+        # Determine range folder for project (e.g., b65 → b50-b99)
         def determine_range(project_id)
-          # FliVideo pattern: b40, b41, ... b99
-          if project_id =~ /^b(\d+)/
-            tens = (Regexp.last_match(1).to_i / 10) * 10
-            "#{tens}-#{tens + 9}"
+          # FliVideo/Modern pattern: b40, a82, etc.
+          if project_id =~ /^([a-z])(\d+)/
+            letter = Regexp.last_match(1)
+            number = Regexp.last_match(2).to_i
+            range_start = (number / 50) * 50
+            range_end = range_start + 49
+            format("#{letter}%02d-#{letter}%02d", range_start, range_end)
           else
-            # Legacy pattern or unknown: use first 3 chars
+            # Legacy pattern or unknown
             '000-099'
           end
         end

data/lib/appydave/tools/version.rb

@@ -2,6 +2,6 @@
 
 module Appydave
   module Tools
-    VERSION = '0.76.0'
+    VERSION = '0.76.1'
   end
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "appydave-tools",
-  "version": "0.76.0",
+  "version": "0.76.1",
   "description": "AppyDave YouTube Automation Tools",
   "scripts": {
     "release": "semantic-release"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: appydave-tools
 version: !ruby/object:Gem::Version
-  version: 0.76.0
+  version: 0.76.1
 platform: ruby
 authors:
 - David Cruwys
@@ -297,8 +297,11 @@ files:
 - docs/guides/tools/youtube-manager.md
 - docs/planning/AGENTS.md
 - docs/planning/BACKLOG.md
+- docs/planning/bugfix-and-security/AGENTS.md
+- docs/planning/bugfix-and-security/IMPLEMENTATION_PLAN.md
 - docs/planning/fr2-gpt-context-help/AGENTS.md
 - docs/planning/fr2-gpt-context-help/IMPLEMENTATION_PLAN.md
+- docs/planning/fr2-gpt-context-help/assessment.md
 - docs/planning/next-round-brief.md
 - docs/specs/fr-002-gpt-context-help-system.md
 - docs/specs/fr-003-jump-location-tool.md