appydave-tools 0.76.1 → 0.76.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2700178e0f8e7fa1ddbd046cb78af4a0a340f2e8770637a2f3b30229e9f76179
-  data.tar.gz: c5c3f8094e988cc77849f27d1126c3839825d231c06b8bb63d3410cfdfe72179
+  metadata.gz: 9e0809dc40e0f4940381134c70a57833d755df47f01f8e327a04b278e4d87c5a
+  data.tar.gz: a1aa1d00b87481b371edda22ed5f7f0fa63a895358002cbc330b4d4e8cbf1ae8
 SHA512:
-  metadata.gz: e11cda4ffd9a0a555c15ae613e94b31aa7f508ba473ccc89d31a48d399f9b603204faa4018bea222f9640205b5d73a557b992acf3be94c926bdbeea494baedb5
-  data.tar.gz: 4af0c479f1aeb82cc32dd06d8d954910fff6e9a4a2f785d2969a284fc9a55874a56ed71e1600be9c26b5ad3792a67be98105a9003b82c8d835eb0bd8a7d323cf
+  metadata.gz: 8ef02094f475fc3df1b6b346158dce9596cbc4898c4a5da60e573ae48ddb8ff10663d2b19be0da582adea9b47597a14926e7e55358d33e742762d8cf7b53bf6f
+  data.tar.gz: 1c96b7e36178f5f0ec3426934a88686fb23e19d890858c1825264bb3a33e67d6054ed520cd4157ff60906f468a91cd25d2c319696b6a1ae936baaca8a013f627

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## [0.76.1](https://github.com/appydave/appydave-tools/compare/v0.76.0...v0.76.1) (2026-03-19)
+
+
+### Bug Fixes
+
+* align SyncFromSsd#determine_range with ManifestGenerator format; add specs ([3f8cb37](https://github.com/appydave/appydave-tools/commit/3f8cb37a78bd3d9720eace21cf1abbbca285cd66))
+* remove unconditional ssl_verify_peer: false from S3 clients; keep env override ([f49efb1](https://github.com/appydave/appydave-tools/commit/f49efb1c4a97ba904f3f3fc7d4292139a5e6c3fd))
+
 # [0.76.0](https://github.com/appydave/appydave-tools/compare/v0.75.0...v0.76.0) (2026-03-19)
 
 

data/docs/planning/BACKLOG.md

@@ -1,27 +1,29 @@
 # Project Backlog — AppyDave Tools
 
-**Last updated**: 2026-03-19 (fr2-gpt-context-help assessment + 3 new items from quality audit)
-**Total**: 23 | Pending: 16 | Done: 7 | Deferred: 0 | Rejected: 0
+**Last updated**: 2026-03-19 (bugfix-and-security assessment + 4 new items from quality audit)
+**Total**: 27 | Pending: 17 | Done: 10 | Deferred: 0 | Rejected: 0
 
 ---
 
 ## Pending
 
 ### High Priority
+- [ ] B024 — Tests: add configure_ssl_options unit tests to s3_operations_spec + share_operations_spec (protects B017 security fix) | Priority: high
 - [ ] B015 — BUG-2: FileCollector uses FileUtils.cd without ensure (process dir not restored on exception) | Priority: high
-- [ ] B016 — BUG-3: ManifestGenerator + SyncFromSsd produce incompatible SSD range strings (data integrity) | Priority: high
 - [x] B006 — BUG-1: Jump CLI get/remove key lookup | Completed: verified fixed 2026-03-19, regression spec added
-- [ ] B017 — Security: ssl_verify_peer disabled unconditionally in S3Operations + ShareOperations | Priority: high
 
 ### Medium Priority
-- [ ] B021 — Fix: gpt_context no-args guard checks format.nil? which is always false (dead condition) | Priority: medium
 - [ ] B022 — Tests: expand cli_spec.rb with functional tests (-i, -e, -f, -o flags, exit codes) | Priority: medium
+- [ ] B026 — Tests: add determine_range edge cases (b00, b9, a40) to sync_from_ssd_spec + manifest_generator_spec | Priority: medium
+- [ ] B027 — Tests: strengthen gpt_context no-args spec to verify file collection actually stops | Priority: medium
 - [ ] B023 — Tests: add file_collector_spec coverage for JSON format, aider format, error paths | Priority: medium
 - [ ] B018 — Tests: add specs for Jump Commands::Remove, Commands::Add, Commands::Update | Priority: medium
 - [ ] B019 — Fix: remove debug puts @working_directory from gpt_context/file_collector.rb | Priority: medium
 - [ ] B001 — FR-1: GPT Context token counting | Priority: medium
 - [ ] B012 — Arch: add integration tests for brand resolution end-to-end | Priority: medium
 
+- [ ] B025 — Fix: stale comment in sync_from_ssd.rb line 173 (says 60-69, should say b50-b99) | Priority: low
+
 ### Low Priority
 - [ ] B007 — Performance: parallel git/S3 status checks for dam list | Priority: low
 - [ ] B008 — Performance: cache git/S3 status with 5-min TTL | Priority: low
@@ -40,6 +42,9 @@
 - [x] B013 — Arch: Extract GitHelper module (90 lines duplication) | Completed: dam-enhancement-sprint (Jan 2025)
 - [x] B014 — Arch: Create BrandResolver to centralize brand transformation | Completed: dam-enhancement-sprint (Jan 2025)
 - [x] B002 — FR-2: GPT Context AI-friendly help system | Completed: fr2-gpt-context-help (2026-03-19)
+- [x] B016 — BUG-3: ManifestGenerator + SyncFromSsd incompatible SSD range strings | Completed: bugfix-and-security (2026-03-19)
+- [x] B017 — Security: ssl_verify_peer disabled unconditionally in S3Operations + ShareOperations + S3Scanner | Completed: bugfix-and-security (2026-03-19)
+- [x] B021 — Fix: gpt_context no-args guard had dead format.nil? condition | Completed: bugfix-and-security (2026-03-19)
 
 ---
 

data/docs/planning/bugfix-and-security/AGENTS.md

@@ -308,6 +308,11 @@ include_context 'with vat filesystem and brands', brands: %w[appydave]
 - `ssl_verify_peer: false` is not safe for AWS — HTTPS alone doesn't prevent MITM without peer verification
 - ManifestGenerator `determine_range` is the canonical format; SyncFromSsd must match it
 
+### From bugfix-and-security (2026-03-19)
+- **`options.format` defaults to `'tree,content'`** in GptContext::Options — not `'content'`. It is never nil. Do not use `options.format.nil?` as a guard.
+- **Use `$CHILD_STATUS` not `$?` in specs** — RuboCop flags `$?` as a special global variable. Use `$CHILD_STATUS` (from the English module, auto-available in RSpec) for exit status assertions.
+- **`exit` with no code exits 0** — Ruby's bare `exit` call produces exit status 0. Write specs accordingly.
+
 ### From fr2-gpt-context-help (2026-03-19)
 - `opts.on_tail` vs `opts.on` matters for option ordering in OptionParser
 - Subprocess specs (`ruby #{script} --flag`) are correct for CLI integration tests

data/docs/planning/bugfix-and-security/IMPLEMENTATION_PLAN.md

@@ -5,16 +5,16 @@
 **Target**: All 3 fixes committed; tests pass; rubocop clean; no regressions
 
 ## Summary
-- Total: 3 | Complete: 0 | In Progress: 3 | Pending: 0 | Failed: 0
+- Total: 3 | Complete: 3 | In Progress: 0 | Pending: 0 | Failed: 0
 
 ## Pending
 
 ## In Progress
-- [~] fix-b017-ssl — Remove unconditional ssl_verify_peer: false from s3_operations.rb, share_operations.rb, s3_scanner.rb
-- [~] fix-b016-range — Align SyncFromSsd#determine_range to ManifestGenerator format; update sync_from_ssd_spec.rb; add manifest_generator_spec.rb coverage
-- [~] fix-b021-guard — Remove options.format.nil? from gpt_context.rb:115 guard; add/update spec for no-args behaviour
 
 ## Complete
+- [x] fix-b017-ssl — ssl_verify_peer: false removed from s3_operations.rb, share_operations.rb, s3_scanner.rb. s3_operations_spec stub updated. 755 examples, 0 failures. v0.76.0 published.
+- [x] fix-b021-guard — Removed dead format.nil? condition (format defaults to 'tree,content', never nil). Added no-args spec asserting exit 0 + error message. Used $CHILD_STATUS not $? (rubocop). 755 examples, 0 failures.
+- [x] fix-b016-range — SyncFromSsd#determine_range aligned to ManifestGenerator format (any letter, 50-number ranges). Updated 4 unit specs + 4 integration path assertions in sync_from_ssd_spec. Added 4 new specs to manifest_generator_spec. 759 examples, 0 failures. v0.76.1 published.
 
 ## Failed / Needs Retry
 

data/docs/planning/bugfix-and-security/assessment.md

@@ -0,0 +1,94 @@
+# Assessment: bugfix-and-security
+
+**Campaign**: bugfix-and-security
+**Date**: 2026-03-19 → 2026-03-19
+**Results**: 3 complete, 0 failed
+**Version shipped**: v0.76.1
+**Quality audit**: code-quality-audit + test-quality-audit run post-campaign
+
+---
+
+## Results Summary
+
+| Work Unit | Status | Notes |
+|-----------|--------|-------|
+| fix-b017-ssl | ✅ Complete | ssl_verify_peer: false removed from s3_operations.rb, share_operations.rb, s3_scanner.rb. ENV escape hatch preserved. s3_operations_spec stub updated. |
+| fix-b016-range | ✅ Complete | SyncFromSsd#determine_range now matches ManifestGenerator (letter prefix, 50-number ranges). 4 unit specs + 4 integration path assertions updated. 4 new specs added to manifest_generator_spec. |
+| fix-b021-guard | ✅ Complete | Dead `&& options.format.nil?` condition removed. format defaults to 'tree,content', never nil. No-args spec added. Used $CHILD_STATUS not $? (rubocop requirement). |
+
+**Test baseline:** 754 → 759 examples (+5). Coverage: 84.92% → 85.0%.
+
+---
+
+## What Worked Well
+
+- **Parallel wave was clean.** 3 independent fixes in 3 different files — no conflicts, all completed without intervention.
+- **B016 agent caught integration test debt.** sync_from_ssd_spec had 4 integration path assertions using the old `60-69` format. Agent found and fixed all of them without being told. A lesser agent would have only updated the unit tests and left the integration tests broken.
+- **B021 agent discovered accurate default.** `options.format` defaults to `'tree,content'` (not `'content'` as AGENTS.md said). Corrected understanding.
+- **$CHILD_STATUS vs $?.** Rubocop flags `$?` — must use `$CHILD_STATUS`. Captured in AGENTS.md learnings during campaign.
+- **s3_scanner.rb surprise.** Brief only mentioned 2 files for B017, but grep found a third (s3_scanner.rb with inline ssl_verify_peer, no env guard). Agent fixed it correctly.
+
+---
+
+## What Didn't Work
+
+**Critical: B017 SSL fix has no regression test (Grade C+ from test audit).**
+The most important security fix in the campaign — removing unconditional `ssl_verify_peer: false` — is unprotected. `configure_ssl_options` is not tested in isolation. If someone accidentally adds `ssl_verify_peer: false` unconditionally back, all tests would still pass. This is the #1 priority for the next campaign.
+
+**B016 determine_range has edge case gaps.**
+Tests cover b40, b65, b99, boy-baker. Missing: b00 (boundary), b9 (single digit), a40 (non-b letter prefix). The regex `/^([a-z])(\d+)/` handles all of these correctly, but if the regex ever changes, these gaps won't catch it.
+
+**cli_spec no-args test is shallow (Grade D+).**
+Verifies the message is printed and exit is 0. Does not verify that file collection actually stops — if the guard is removed and replaced with something that prints the message but continues, the spec would still pass.
+
+**Stale comment in sync_from_ssd.rb.**
+Line 173 still says `b65 → 60-69 range` (old format). Code is correct; comment is wrong. 1-line fix.
+
+---
+
+## Key Learnings — Application
+
+- **`options.format` defaults to `'tree,content'`** — not `'content'`. Any guard checking `format.nil?` is dead. Updated AGENTS.md.
+- **`$CHILD_STATUS` not `$?`** — Rubocop Special/GlobalVars cop flags `$?`. Use `$CHILD_STATUS` (English module, auto-available in RSpec). Updated AGENTS.md.
+- **`exit` with no code exits 0** in Ruby — specs asserting exit status for "no-args" path should expect 0.
+- **Grep the full codebase before writing the brief** — B017 brief named 2 files; actual codebase had 3. Always grep for the pattern before writing work unit scope.
+- **Integration path assertions in specs** — when changing a path-construction algorithm, search specs for the old path strings, not just the method name. Agent found 4 integration assertions that grep on method name alone would miss.
+
+---
+
+## Key Learnings — Ralph Loop
+
+- **Parallel waves are fast when fixes are independent.** All 3 agents ran simultaneously, completed in one wave, zero coordination needed. Right call.
+- **Quality audit surfaced a critical gap the code audit didn't.** Code looks correct (A grade). But test audit showed the SSL fix has no regression protection — an entirely separate risk dimension.
+- **Brief scope can undercount files.** Next time, grep before writing the brief, not just inspect known files.
+
+---
+
+## New Backlog Items from Quality Audit
+
+- **B024** — Tests: add `configure_ssl_options` unit tests to s3_operations_spec and share_operations_spec — verify empty hash on default path, ssl_verify_peer: false on ENV override path | Priority: **high** (protects B017 fix)
+- **B025** — Fix: stale comment in sync_from_ssd.rb line 173 (says 60-69, should say b50-b99) | Priority: **low**
+- **B026** — Tests: add determine_range edge cases (b00, b9, a40) to sync_from_ssd_spec and manifest_generator_spec | Priority: **medium**
+- **B027** — Tests: strengthen gpt_context no-args spec to verify file collection actually stops (not just message printed) | Priority: **medium**
+
+---
+
+## Suggestions for Next Campaign
+
+**Recommended next campaign: `test-coverage-gaps`**
+
+Priority order:
+1. **B024** — configure_ssl_options unit tests (high — protects the security fix)
+2. **B022** — expand cli_spec with functional tests (-i, -e, -f, -o flags, exit codes)
+3. **B026** — determine_range edge cases
+4. **B027** — gpt_context no-args guard behavioral test
+5. **B018** — Jump Commands layer specs (Remove/Add/Update)
+6. **B025** — stale comment fix (bundle with B026, same file)
+7. **B023** — file_collector_spec: JSON, aider, error paths
+
+These are all test-only changes (except B025 which is a 1-line comment fix) — agents can run in parallel safely.
+
+**AGENTS.md updates for next campaign:**
+- Add: "configure_ssl_options test pattern: use ClimateControl gem or stub ENV to test conditional SSL logic"
+- Add: "determine_range edge cases: b00, single-digit b9, non-b letter a40 — always test boundaries"
+- Add: "gpt_context no-args test: verify file collection does NOT proceed, not just message output"

data/docs/planning/next-round-brief.md

@@ -1,39 +1,42 @@
 # Next Round Brief
 
 **Created:** 2026-03-19
-**Updated:** 2026-03-19 (after fr2-gpt-context-help assessment)
+**Updated:** 2026-03-19 (after bugfix-and-security assessment)
 
 ---
 
-## Recommended Next Campaign: bugfix-and-security
+## Recommended Next Campaign: test-coverage-gaps
 
 ### Goal
 
-Fix two BLOCKER-level bugs (B016, B017) and one dead-code guard (B021) before building any new S3 or archive features.
+Protect the B017 SSL security fix with a regression test, expand functional test coverage across gpt_context CLI and DAM range logic, and add the missing Jump Commands layer specs.
 
 ### Background
 
-Quality audit after fr2-gpt-context-help surfaced these as blockers:
+Quality audit after bugfix-and-security found:
 
-1. **B017** — `ssl_verify_peer: false` hardcoded unconditionally in `S3Operations` and `ShareOperations`. Removes MITM protection on all S3 operations including credential transmission. Must fix before any S3 feature work.
-2. **B016** — `ManifestGenerator.determine_range` returns `"b50-b99"` format; `SyncFromSsd.determine_range` returns `"60-69"` format. Incompatible SSD path construction means projects can be silently missed during archive/restore. Must fix before any archive feature work.
-3. **B021** — `bin/gpt_context.rb` line 115 guard checks `options.format.nil?` as third AND condition. `format` defaults to `'content'` in Options — never nil. Dead condition; guard can only fire on include/exclude emptiness. 5-minute fix.
+1. **B024** — `configure_ssl_options` has zero unit tests. The B017 SSL fix (removing unconditional `ssl_verify_peer: false`) has no regression protection. If reverted, all tests still pass. Must fix.
+2. **B022** — `cli_spec.rb` only tests `--help`, `--version`, no-args. No functional tests for `-i`, `-e`, `-f`, `-o`. Core behaviour untested at CLI level.
+3. **B026** — `determine_range` tests narrow (b40, b65, b99 only). Missing: b00, b9, a40. Both sync_from_ssd_spec and manifest_generator_spec need these.
+4. **B027** — gpt_context no-args spec only checks output string. Does not verify file collection stops.
+5. **B018** — Jump Commands (Remove/Add/Update) — zero dedicated specs.
+6. **B025** — Stale comment sync_from_ssd.rb line 173 (says 60-69, should say b50-b99).
 
-### Suggested Work Units
+### Suggested Work Units (parallel — all test-only except B025)
 
-1. **Fix B017** — Remove `ssl_verify_peer: false` from `S3Operations` and `ShareOperations`. No env flag needed — AWS SDK handles SSL correctly by default.
-2. **Fix B016** — Align range string format between `ManifestGenerator` and `SyncFromSsd`. Read actual SSD folder structure on disk first to determine which format matches reality; update the other to match.
-3. **Fix B021** — Remove `&& options.format.nil?` from guard at `bin/gpt_context.rb:115`. Update or add spec to verify no-args behavior.
-
-### Optional (bundle if small)
-
-- **B018** — Jump Commands layer specs (Remove/Add/Update) — no code changes, just test coverage
-- **B022** — Expand cli_spec.rb with functional tests for -i, -e, -f, -o flags
+1. **fix-b024-ssl-tests** — Add `configure_ssl_options` unit tests to s3_operations_spec and share_operations_spec. Verify empty hash on default path; `{ssl_verify_peer: false}` when ENV override set. Stub ENV directly (`allow(ENV).to receive(:[]).with('AWS_SDK_RUBY_SKIP_SSL_VERIFICATION').and_return('true')`).
+2. **fix-b022-cli-tests** — Add functional subprocess tests to cli_spec.rb for -i, -e, -f, -o flags. Write to Tempfile, verify content. Use `Dir.mktmpdir` and clean up after.
+3. **fix-b026-b025-range-tests** — Add edge cases (b00, b9, a40) to sync_from_ssd_spec and manifest_generator_spec. Fix stale comment sync_from_ssd.rb line 173 while in the file.
+4. **fix-b027-noargs-test** — Strengthen no-args spec: `expect(Appydave::Tools::GptContext::FileCollector).not_to receive(:new)` when no patterns given.
+5. **fix-b018-jump-specs** — Add spec files for Jump Commands::Remove, Commands::Add, Commands::Update. Read existing Jump CLI spec first for setup pattern. Use JumpTestLocations + `with jump filesystem` context.
 
 ### Mode Recommendation
 
-**Extend** — stack, patterns, and quality gates known. Inherit AGENTS.md.
+**Extend** — same stack, same patterns, test-only work. Inherit AGENTS.md.
 
-### Pre-Campaign Blockers: None
+### Pre-Campaign Notes
 
-All three fixes are standalone. B016 requires reading SSD disk structure before writing code (per AGENTS.md: read actual files before designing data shapes).
+- Check if `climate_control` gem is in Gemfile before using ClimateControl — use direct ENV stubbing if not available
+- For B022 functional tests: subprocess writes to file, assert content includes `# file:` headers
+- For B027: stub at the class level, not instance — `expect(described_class).not_to receive(:new)`
+- For B018: read `spec/appydave/tools/jump/` existing specs before writing new command specs

data/docs/planning/test-coverage-gaps/AGENTS.md

@@ -0,0 +1,317 @@
+# AGENTS.md — test-coverage-gaps
+
+> Inherited from bugfix-and-security AGENTS.md. Self-contained.
+> Last updated: 2026-03-19
+
+---
+
+## Project Overview
+
+**What:** Ruby gem providing CLI productivity tools for AppyDave's YouTube content creation workflow.
+**Stack:** Ruby 3.4.2, Bundler 2.6.2, RSpec, RuboCop, semantic-release CI/CD.
+**This campaign:** Test-only gap closure. No lib/ production code changes except 1-line comment fix (B025).
+**Commits:** Always use `kfix` — never `git commit`.
+
+---
+
+## Build & Run Commands
+
+```bash
+eval "$(rbenv init -)"
+
+RUBYOPT="-W0" bundle exec rspec                                         # All tests
+bundle exec rspec spec/appydave/tools/dam/s3_operations_spec.rb
+bundle exec rspec spec/appydave/tools/dam/share_operations_spec.rb
+bundle exec rspec spec/appydave/tools/dam/sync_from_ssd_spec.rb
+bundle exec rspec spec/appydave/tools/dam/manifest_generator_spec.rb
+bundle exec rspec spec/appydave/tools/gpt_context/cli_spec.rb
+bundle exec rspec spec/appydave/tools/jump/                             # All jump specs
+bundle exec rubocop --format clang
+```
+
+**Baseline:** 759 examples, 0 failures, 85.0% line coverage
+
+---
+
+## Directory Structure
+
+```
+lib/appydave/tools/dam/
+  s3_operations.rb          configure_ssl_options method (~line 102) — READ ONLY
+  share_operations.rb       configure_ssl_options method (~line 89) — READ ONLY
+  sync_from_ssd.rb          determine_range (~line 185); stale comment line 173 — FIX COMMENT
+  manifest_generator.rb     determine_range (~line 332) — READ ONLY
+  jump/
+    commands/
+      remove.rb             READ ONLY — write spec for this
+      add.rb                READ ONLY — write spec for this (may be called create.rb or set.rb)
+      update.rb             READ ONLY — write spec for this
+spec/appydave/tools/dam/
+  s3_operations_spec.rb     ADD configure_ssl_options tests
+  share_operations_spec.rb  ADD configure_ssl_options tests
+  sync_from_ssd_spec.rb     ADD determine_range edge cases
+  manifest_generator_spec.rb ADD determine_range edge cases
+spec/appydave/tools/gpt_context/
+  cli_spec.rb               ADD functional tests (-i, -e, -f, -o)
+spec/appydave/tools/jump/
+  commands/
+    remove_spec.rb          CREATE THIS
+    add_spec.rb             CREATE THIS (check actual filename first)
+    update_spec.rb          CREATE THIS (check actual filename first)
+spec/support/
+  jump_test_helpers.rb      Reference for shared context
+  jump_test_locations.rb    Reference for test fixture data
+```
+
+---
+
+## Work Unit Details
+
+### fix-b024-ssl-tests
+
+**Goal:** Protect the B017 security fix. `configure_ssl_options` must have unit tests verifying:
+1. Default path returns `{}` (no ssl_verify_peer key at all)
+2. ENV override path returns `{ ssl_verify_peer: false }`
+
+**Check Gemfile first** — if `climate_control` is present, use it. Otherwise, stub ENV directly:
+
+```ruby
+# Direct ENV stub (works without climate_control)
+describe '#configure_ssl_options' do
+  subject(:ssl_options) { s3_ops.send(:configure_ssl_options) }
+
+  context 'when AWS_SDK_RUBY_SKIP_SSL_VERIFICATION is not set' do
+    before { allow(ENV).to receive(:[]).and_call_original }
+    before { allow(ENV).to receive(:[]).with('AWS_SDK_RUBY_SKIP_SSL_VERIFICATION').and_return(nil) }
+
+    it 'returns empty hash (SSL verification enabled by default)' do
+      expect(ssl_options).to eq({})
+    end
+
+    it 'does not include ssl_verify_peer key' do
+      expect(ssl_options).not_to have_key(:ssl_verify_peer)
+    end
+  end
+
+  context 'when AWS_SDK_RUBY_SKIP_SSL_VERIFICATION is "true"' do
+    before { allow(ENV).to receive(:[]).and_call_original }
+    before { allow(ENV).to receive(:[]).with('AWS_SDK_RUBY_SKIP_SSL_VERIFICATION').and_return('true') }
+
+    it 'returns ssl_verify_peer: false' do
+      expect(ssl_options).to eq({ ssl_verify_peer: false })
+    end
+  end
+end
+```
+
+Read the existing spec to find how `s3_ops` subject is set up. Add these examples within the existing describe block structure. Same pattern for `share_operations_spec.rb`.
+
+**Commit:** `kfix "add configure_ssl_options unit tests to protect B017 security fix"`
+
+---
+
+### fix-b022-cli-tests
+
+**Goal:** Functional subprocess tests for gpt_context CLI. Test that the actual flags work end-to-end.
+
+**Pattern — write to Tempfile, verify content:**
+
+```ruby
+describe '-i include pattern' do
+  it 'collects files matching the include pattern' do
+    Dir.mktmpdir do |tmpdir|
+      # Create a test file
+      File.write(File.join(tmpdir, 'test.rb'), '# test content')
+      outfile = File.join(tmpdir, 'output.txt')
+
+      `ruby #{script} -i '*.rb' -b #{tmpdir} -o #{outfile} 2>&1`
+
+      expect(File.read(outfile)).to include('# file: test.rb')
+    end
+  end
+end
+
+describe '-e exclude pattern' do
+  it 'excludes files matching the exclude pattern' do
+    Dir.mktmpdir do |tmpdir|
+      File.write(File.join(tmpdir, 'keep.rb'), '# keep')
+      File.write(File.join(tmpdir, 'exclude.rb'), '# exclude')
+      outfile = File.join(tmpdir, 'output.txt')
+
+      `ruby #{script} -i '*.rb' -e 'exclude.rb' -b #{tmpdir} -o #{outfile} 2>&1`
+
+      content = File.read(outfile)
+      expect(content).to include('# file: keep.rb')
+      expect(content).not_to include('# file: exclude.rb')
+    end
+  end
+end
+
+describe '-f format' do
+  it 'outputs tree format when -f tree specified' do
+    Dir.mktmpdir do |tmpdir|
+      File.write(File.join(tmpdir, 'test.rb'), '# test')
+      outfile = File.join(tmpdir, 'output.txt')
+
+      `ruby #{script} -i '*.rb' -f tree -b #{tmpdir} -o #{outfile} 2>&1`
+
+      expect(File.read(outfile)).to include('test.rb')
+    end
+  end
+end
+```
+
+Note: `-b` sets the base directory, `-o` writes to file. Read the existing cli_spec.rb first for the `script` let binding.
+
+**Commit:** `kfix "add functional CLI tests for -i -e -f -o flags to cli_spec"`
+
+---
+
+### fix-b026-b025-range-tests
+
+**Goal:** Add edge case tests for `determine_range` + fix 1-line stale comment.
+
+**In `sync_from_ssd_spec.rb`** — add to the existing `describe '#determine_range'` block:
+```ruby
+it 'determines range for boundary b00' do
+  range = sync_from_ssd.send(:determine_range, 'b00-first-project')
+  expect(range).to eq('b00-b49')
+end
+
+it 'determines range for single-digit b9' do
+  range = sync_from_ssd.send(:determine_range, 'b9-project')
+  expect(range).to eq('b00-b49')
+end
+
+it 'determines range for non-b letter prefix a40' do
+  range = sync_from_ssd.send(:determine_range, 'a40-test-project')
+  expect(range).to eq('a00-a49')
+end
+```
+
+**In `manifest_generator_spec.rb`** — add same 3 examples to the `describe '#determine_range'` block.
+
+**In `sync_from_ssd.rb` line 173** — update comment:
+```ruby
+# Determine local destination path (archived structure)
+# Extract range from project ID (e.g., b65 → b50-b99 range)
+```
+(Was: `b65 → 60-69 range`)
+
+**Commit:** `kfix "add determine_range edge cases and fix stale comment"`
+
+---
+
+### fix-b027-noargs-test
+
+**Goal:** Strengthen the no-args gpt_context spec to verify file collection stops — not just message output.
+
+The subprocess approach can't easily stub FileCollector. Use a stronger output assertion instead:
+
+```ruby
+describe 'no arguments' do
+  it 'prints an error message when no patterns provided' do
+    output = `ruby #{script} 2>&1`
+    expect(output).to include('No options provided')
+    expect($CHILD_STATUS.exitstatus).to eq(0)
+  end
+
+  it 'does not produce file content output when no patterns provided' do
+    output = `ruby #{script} 2>&1`
+    expect(output).not_to include('# file:')
+    expect(output).not_to include('clipboard')
+  end
+end
+```
+
+The second test verifies file collection output markers are absent — catches regressions where the guard is removed but the script continues to run.
+
+Read existing cli_spec.rb first — update the existing no-args describe block rather than adding a duplicate.
+
+**Commit:** `kfix "strengthen gpt_context no-args spec to verify collection does not proceed"`
+
+---
+
+### fix-b018-jump-specs
+
+**Goal:** Add dedicated unit specs for Jump Commands::Remove, Commands::Add (or Create), Commands::Update.
+
+**Step 1:** Read the source files first:
+```
+lib/appydave/tools/jump/commands/
+```
+List what files exist — the command names may differ from Remove/Add/Update.
+
+**Step 2:** Read an existing jump spec (e.g., `spec/appydave/tools/jump/`) for setup patterns.
+
+**Step 3:** For each command, create a spec file covering:
+- Happy path: command executes with valid key
+- `--force` guard: command without --force prompts/refuses where applicable
+- Not-found path: key does not exist — shows suggestion or error
+- Error codes / output messages
+
+**Pattern (based on jump_test_helpers.rb):**
+```ruby
+# frozen_string_literal: true
+
+RSpec.describe Appydave::Tools::Jump::Commands::Remove do
+  include_context 'with jump filesystem'
+
+  describe '#run' do
+    context 'when location exists' do
+      before { setup_jump_config([JumpTestLocations.ad_tools]) }
+
+      it 'removes the location with --force' do
+        # ...
+      end
+
+      it 'refuses to remove without --force' do
+        # ...
+      end
+    end
+
+    context 'when location does not exist' do
+      it 'shows not-found error' do
+        # ...
+      end
+    end
+  end
+end
+```
+
+**Commit:** `kfix "add dedicated specs for Jump Commands Remove Add Update"`
+
+---
+
+## Success Criteria
+
+- [ ] `RUBYOPT="-W0" bundle exec rspec` — 759+ examples, 0 failures
+- [ ] `bundle exec rubocop --format clang` — 0 offenses
+- [ ] Line coverage stays ≥ 85.0%
+- [ ] `configure_ssl_options` default path verified to NOT include ssl_verify_peer
+- [ ] All new spec files start with `# frozen_string_literal: true`
+- [ ] No `require 'spec_helper'` in new spec files (auto-required)
+
+---
+
+## Anti-Patterns to Avoid
+
+- ❌ Do NOT use `$?` in specs — use `$CHILD_STATUS` (rubocop)
+- ❌ Do NOT use `options.format.nil?` — format defaults to 'tree,content', never nil
+- ❌ Do NOT mock internal DAM classes — use shared filesystem context
+- ❌ Do NOT require spec_helper explicitly
+- ❌ Do NOT modify production lib/ code (except 1-line comment fix in sync_from_ssd.rb)
+- ❌ Do NOT use `puts` in lib/ — use `warn` for warnings
+
+---
+
+## Learnings (inherited)
+
+- **`$CHILD_STATUS` not `$?`** — rubocop Special/GlobalVars cop
+- **`exit` with no code exits 0** — specs asserting no-args exit should expect 0
+- **`options.format` defaults to `'tree,content'`** — never nil
+- **Grep full codebase before writing scope** — actual files may differ from brief
+- **Integration path assertions** — when changing path algorithms, search specs for old path strings
+- **BrandResolver is critical path** — all dam commands flow through it
+- **`Regexp.last_match` reset by `.sub()`** — capture groups before string transformation
+- **Dependency injection for path validators** — required for CI compatibility in Jump tests

data/docs/planning/test-coverage-gaps/IMPLEMENTATION_PLAN.md

@@ -0,0 +1,29 @@
+# IMPLEMENTATION_PLAN.md — test-coverage-gaps
+
+**Goal**: Close critical test gaps: protect B017 SSL fix, expand gpt_context CLI coverage, range edge cases, Jump Commands specs
+**Started**: 2026-03-19
+**Target**: All gaps addressed; 759+ examples passing; rubocop clean; no regressions
+
+## Summary
+- Total: 5 | Complete: 0 | In Progress: 5 | Pending: 0 | Failed: 0
+
+## Pending
+
+## In Progress
+- [~] fix-b024-ssl-tests — Add configure_ssl_options unit tests to s3_operations_spec + share_operations_spec
+- [~] fix-b022-cli-tests — Add functional subprocess tests to gpt_context cli_spec.rb (-i, -e, -f, -o)
+- [~] fix-b018-jump-specs — Add specs for Jump Commands::Remove, Add, Update
+
+## Complete
+- [x] fix-b027-noargs-test — Added second no-args example: verifies output does NOT include '# file:' or 'clipboard'. 766 examples, 0 failures. Note: B024 agent had RSpec/ScatteredSetup rubocop issue (multiple before hooks) — fixed in subsequent commit.
+- [x] fix-b026-b025-range-tests — Edge cases (b00, b9, a40) added to sync_from_ssd_spec + manifest_generator_spec. Stale comment fixed in sync_from_ssd.rb:173. ⚠️ CI ISSUE: cli_spec.rb:39 failing — 'not_to include clipboard' assertion is fragile (no-args output may mention clipboard on some platforms). B022 agent touching cli_spec.rb may resolve this.
+
+## Failed / Needs Retry
+
+## Notes & Decisions
+- All 5 work units are independent — parallel wave
+- Test-only campaign except B025 (1-line comment fix in sync_from_ssd.rb)
+- ENV stubbing: use allow(ENV).to receive(:[]) — check Gemfile for climate_control first
+- B022 functional tests: write to Tempfile, verify # file: headers in output
+- B027: stub GptContext::FileCollector at class level before subprocess call won't work — use integration assertion instead (verify output does NOT contain file collection output)
+- B018: read existing jump CLI spec before writing command-layer specs

data/lib/appydave/tools/dam/sync_from_ssd.rb

@@ -170,7 +170,7 @@ module Appydave
           return { skipped: 1, files: 0, bytes: 0, reason: 'Flat folder exists (stale manifest?)' } if Dir.exist?(flat_path)
 
           # Determine local destination path (archived structure)
-          # Extract range from project ID (e.g., b65 → 60-69 range)
+          # Extract range from project ID (e.g., b65 → b50-b99 range)
           range = determine_range(project_id)
           local_dir = File.join(brand_path, 'archived', range, project_id)
 

data/lib/appydave/tools/version.rb

@@ -2,6 +2,6 @@
 
 module Appydave
   module Tools
-    VERSION = '0.76.1'
+    VERSION = '0.76.2'
   end
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "appydave-tools",
-  "version": "0.76.1",
+  "version": "0.76.2",
   "description": "AppyDave YouTube Automation Tools",
   "scripts": {
     "release": "semantic-release"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: appydave-tools
 version: !ruby/object:Gem::Version
-  version: 0.76.1
+  version: 0.76.2
 platform: ruby
 authors:
 - David Cruwys
@@ -299,10 +299,13 @@ files:
 - docs/planning/BACKLOG.md
 - docs/planning/bugfix-and-security/AGENTS.md
 - docs/planning/bugfix-and-security/IMPLEMENTATION_PLAN.md
+- docs/planning/bugfix-and-security/assessment.md
 - docs/planning/fr2-gpt-context-help/AGENTS.md
 - docs/planning/fr2-gpt-context-help/IMPLEMENTATION_PLAN.md
 - docs/planning/fr2-gpt-context-help/assessment.md
 - docs/planning/next-round-brief.md
+- docs/planning/test-coverage-gaps/AGENTS.md
+- docs/planning/test-coverage-gaps/IMPLEMENTATION_PLAN.md
 - docs/specs/fr-002-gpt-context-help-system.md
 - docs/specs/fr-003-jump-location-tool.md
 - docs/specs/zsh-history-tool.md