@boyingliu01/xp-gate 0.12.0 → 0.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/bin/xp-gate.js CHANGED
@@ -135,6 +135,14 @@ const COMMANDS = {
135
135
  handleSprintStatus(subargs).then(code => process.exit(code));
136
136
  },
137
137
  usage: 'xp-gate sprint-status [--json] [--watch] [--dir <path>]'
138
+ },
139
+ 'next-sprint': {
140
+ description: 'Analyze remaining open issues and plan next iteration',
141
+ run: subargs => {
142
+ const { handleNextSprint } = require('../lib/next-sprint.js');
143
+ handleNextSprint(subargs).then(code => process.exit(code));
144
+ },
145
+ usage: 'xp-gate next-sprint [--json] [--plan] [--dir <path>]'
138
146
  }
139
147
  };
140
148
 
package/gate-3.sh ADDED
@@ -0,0 +1,68 @@
1
+ # ============================================================================
2
+ # GATE 3: Cyclomatic Complexity Check
3
+ # Uses lizard - checks cyclomatic complexity of changed source files
4
+ # ============================================================================
5
+
6
+ 2>&1 echo ""
7
+ 2>&1 echo "→ Gate 3: Cyclomatic complexity..."
8
+ GATE_3_START=$(gate_start_ms)
9
+
10
+ if [ "$PROJECT_LANG" = "documentation-only" ]; then
11
+ echo "⏭️ SKIPPED - Complexity (documentation project)."
12
+ GATE_3_STATUS="SKIP"
13
+
14
+ elif [ "$PROJECT_LANG" = "powershell" ]; then
15
+ echo "ℹ️ No PowerShell Clean Code / SOLID tool available"
16
+ echo "⏭️ SKIPPED - Complexity (no PowerShell tool)"
17
+ GATE_3_STATUS="SKIP"
18
+
19
+ else
20
+ CCN_THRESHOLD=5
21
+
22
+ # Check lizard availability
23
+ LIZARD_CMD=""
24
+ if command -v lizard > /dev/null 2>&1; then
25
+ LIZARD_CMD=lizard
26
+ elif [ -f ~/.local/bin/lizard ]; then
27
+ LIZARD_CMD=~/.local/bin/lizard
28
+ fi
29
+
30
+ if [ -n "$LIZARD_CMD" ]; then
31
+ LIZARD_PATH=$(eval echo "$LIZARD_CMD")
32
+
33
+ # Get changed source files for complexity check
34
+ CC_FILES=$(echo "$CHANGED_FILES" | grep -E '\.(ts|tsx|js|jsx|py|go|java|swift|cpp|c|hpp|h|m|mm|kt)$' || true)
35
+
36
+ if [ -n "$CC_FILES" ]; then
37
+ echo "Checking complexity for source files..."
38
+
39
+ # Run lizard with CCN threshold
40
+ CC_OUTPUT=$($LIZARD_PATH -C $CCN_THRESHOLD $CC_FILES 2>&1 || true)
41
+
42
+ # Parse warning count from the summary table: "Warning cnt 8"
43
+ # Use anchored grep to avoid matching lizard table headers (e.g. "Rt" column)
44
+ CC_WARNINGS=$(echo "$CC_OUTPUT" | grep "^Warning cnt" | awk '{print $NF}' | tr -d '[:space:]' | sed 's/[^0-9]//g' || true)
45
+ CC_WARNINGS=${CC_WARNINGS:-0}
46
+
47
+ if [ "$CC_WARNINGS" -gt 0 ]; then
48
+ echo "$CC_OUTPUT"
49
+ echo ""
50
+ echo "❌ BLOCKED - $CC_WARNINGS functions with CCN > $CCN_THRESHOLD found."
51
+ echo "Refactor high-complexity functions to keep below $CCN_THRESHOLD complexity."
52
+ exit 1
53
+ else
54
+ echo "✅ PASSED - All functions within complexity threshold ($CCN_THRESHOLD)."
55
+ GATE_3_STATUS="PASS"
56
+ fi
57
+ else
58
+ echo "⏭️ SKIPPED - Complexity (no source files to check)."
59
+ GATE_3_STATUS="SKIP"
60
+ fi
61
+ else
62
+ echo "⚠️ WARN - lizard not installed, complexity check not performed"
63
+ echo " Install with: pip install --user lizard"
64
+ echo " Gate 3: Complexity check (WARN, tool not available)"
65
+ GATE_3_STATUS="WARN"
66
+ fi
67
+ fi
68
+ record_gate_audit "gate-3" "complexity" "$GATE_3_STATUS" "${CC_WARNINGS:-0}" "$GATE_3_START"
package/gate-4.sh ADDED
@@ -0,0 +1,80 @@
1
+ # ============================================================================
2
+ # GATE 4: Principles Checker (Clean Code + SOLID)
3
+ # Reuses existing principles checker logic
4
+ # ============================================================================
5
+
6
+ 2>&1 echo ""
7
+ 2>&1 echo "→ Gate 4: Principles checker (Clean Code + SOLID)..."
8
+ GATE_4_START=$(gate_start_ms)
9
+
10
+ GATE_4_STATUS=""
11
+
12
+ if [ "$PROJECT_LANG" = "documentation-only" ]; then
13
+ echo "⏭️ SKIPPED - Principles check (documentation project)."
14
+ GATE_4_STATUS="SKIP"
15
+
16
+ else
17
+ # Get source files to check against principles
18
+ PRINCIPLES_FILES=$(echo "$CHANGED_FILES" | grep -E '\.(ts|tsx|js|jsx|py|go|java|kt|dart|swift|cpp|c|hpp|h|m|mm)$' || true)
19
+
20
+ if [ -n "$PRINCIPLES_FILES" ]; then
21
+ # Check for principles checker in installed modules first, then project src/
22
+ PRINCIPLES_DIR=""
23
+ if [ -d ".xp-gate/modules/principles" ]; then
24
+ PRINCIPLES_DIR=".xp-gate/modules/principles"
25
+ elif [ -f "src/principles/index.ts" ]; then
26
+ PRINCIPLES_DIR="src/principles"
27
+ elif [ -d "$HOME/.config/xp-gate/modules/principles" ]; then
28
+ PRINCIPLES_DIR="$HOME/.config/xp-gate/modules/principles"
29
+ fi
30
+
31
+ if [ -n "$PRINCIPLES_DIR" ]; then
32
+ echo "Checking Clean Code + SOLID principles..."
33
+
34
+ if command -v npx > /dev/null 2>&1; then
35
+ # Run principles checker and store results
36
+ if npx tsx $PRINCIPLES_DIR/index.ts --files $PRINCIPLES_FILES --format json > /tmp/principles-output.json 2>/dev/null; then
37
+ # Check severity levels
38
+ ERROR_COUNT=$(grep -c '"severity":"error"' /tmp/principles-output.json 2>/dev/null || true)
39
+ ERROR_COUNT=${ERROR_COUNT:-0}
40
+ WARNING_COUNT=$(grep -c '"severity":"warning"' /tmp/principles-output.json 2>/dev/null || true)
41
+ WARNING_COUNT=${WARNING_COUNT:-0}
42
+
43
+ if [ "$ERROR_COUNT" -gt 0 ]; then
44
+ echo ""
45
+ echo "❌ BLOCKED - $ERROR_COUNT principle ERROR(S) found"
46
+ echo "Critical violations must be fixed before commit:"
47
+ echo " - error-handling violations"
48
+ echo " - SOLID principle violations"
49
+ echo " - architectural violations"
50
+ npx tsx $PRINCIPLES_DIR/index.ts --files $PRINCIPLES_FILES --format console
51
+ GATE_4_STATUS="FAIL"
52
+ exit 1
53
+ fi
54
+
55
+ echo "✅ PASSED - Principles checker (no errors found)."
56
+ GATE_4_STATUS="PASS"
57
+ if [ "$WARNING_COUNT" -gt 0 ]; then
58
+ echo "ℹ️ $WARNING_COUNT warnings found (will be handled by Boy Scout Rule)."
59
+ fi
60
+ else
61
+ echo "⚠️ Warning: Principles checker execution failed"
62
+ echo "⏭️ SKIPPED - Principles check (execution issue)"
63
+ GATE_4_STATUS="SKIP"
64
+ fi
65
+ else
66
+ echo "ℹ️ npx not available - skipping principles check"
67
+ echo "⏭️ SKIPPED - Principles check (no Node.js/npx)"
68
+ GATE_4_STATUS="SKIP"
69
+ fi
70
+ else
71
+ echo "ℹ️ Principles checker not found in project - skipping"
72
+ echo "⏭️ SKIPPED - Principles check (checker not in project)"
73
+ GATE_4_STATUS="SKIP"
74
+ fi
75
+ else
76
+ echo "⏭️ SKIPPED - Principles check (no matching source files changed)"
77
+ GATE_4_STATUS="SKIP"
78
+ fi
79
+ fi
80
+ record_gate_audit "gate-4" "principles" "$GATE_4_STATUS" "${WARNING_COUNT:-0}" "$GATE_4_START"
package/gate-7.sh ADDED
@@ -0,0 +1,45 @@
1
+ # ============================================================================
2
+ # GATE 7: IaC Security Scanning (Terraform, Kubernetes, Docker)
3
+ # Detects security issues in Infrastructure as Code files
4
+ # Tools: checkov (recommended), hadolint, kube-score, tflint
5
+ # ============================================================================
6
+
7
+ 2>&1 echo ""
8
+ 2>&1 echo "→ Gate 7: IaC Security Scanning (Terraform, Kubernetes, Docker)..."
9
+ GATE_7_START=$(gate_start_ms)
10
+
11
+ # Check if any IaC files are changed
12
+ IAC_FILES=$(git diff --cached --name-only --diff-filter=ACM 2>/dev/null | grep -E "\.(tf|yaml|yml)$|Dockerfile" || true)
13
+ if [ -z "$IAC_FILES" ]; then
14
+ echo "✅ PASSED - No IaC files detected in changes."
15
+ GATE_7_STATUS="PASS"
16
+ else
17
+ # Run IaC adapter
18
+ if [ -f "githooks/adapters/iac.sh" ]; then
19
+ # shellcheck source=githooks/adapters/iac.sh
20
+ source "githooks/adapters/iac.sh"
21
+
22
+ # Run static analysis for IaC files
23
+ IAC_OUTPUT=$(run_static_analysis "$IAC_FILES" 2>&1)
24
+ IAC_EXIT=$?
25
+
26
+ echo "$IAC_OUTPUT"
27
+
28
+ if [ $IAC_EXIT -eq 0 ]; then
29
+ echo "✅ PASSED - IaC security scan."
30
+ GATE_7_STATUS="PASS"
31
+ else
32
+ echo ""
33
+ echo "❌ BLOCKED - IaC security issues detected"
34
+ echo "Fix the security issues above before committing."
35
+ echo "Tip: Install checkov for comprehensive IaC scanning: pip install checkov"
36
+ GATE_7_STATUS="FAIL"
37
+ exit 1
38
+ fi
39
+ else
40
+ echo "ℹ️ SKIP - IaC adapter not found"
41
+ echo "⏭️ SKIPPED - IaC security (no IaC adapter found)"
42
+ GATE_7_STATUS="SKIP"
43
+ fi
44
+ fi
45
+ record_gate_audit "gate-7" "iac-security" "$GATE_7_STATUS" "0" "$GATE_7_START"
package/gate-8.sh ADDED
@@ -0,0 +1,56 @@
1
+ # ============================================================================
2
+ # GATE 8: Secret Scanning (gitleaks)
3
+ # Detects secrets (API keys, passwords, tokens) in staged files
4
+ # Tool: gitleaks -- https://github.com/gitleaks/gitleaks
5
+ # ============================================================================
6
+
7
+ 2>&1 echo ""
8
+ 2>&1 echo "→ Gate 8: Secret scanning (gitleaks)..."
9
+ GATE_8_START=$(gate_start_ms)
10
+
11
+ # Gitleaks availability check
12
+ GITLEAKS_CMD=""
13
+ if command -v gitleaks >/dev/null 2>&1; then
14
+ GITLEAKS_CMD="gitleaks"
15
+ elif [ -f "$HOME/.local/bin/gitleaks" ]; then
16
+ GIBLEAKS_CMD="$HOME/.local/bin/gitleaks"
17
+ fi
18
+
19
+ if [ -n "$GITLEAKS_CMD" ]; then
20
+ GITLEAKS_CONFIG=""
21
+ if [ -f ".gitleaks.toml" ]; then
22
+ GITLEAKS_CONFIG="--config=.gitleaks.toml"
23
+ fi
24
+
25
+ # Run gitleaks on staged changes only (pre-commit mode for speed)
26
+ GITLEAKS_OUTPUT=$($GITLEAKS_CMD git --pre-commit --redact --no-banner $GITLEAKS_CONFIG --report-format=json --report-path=/tmp/gitleaks-report.json 2>&1)
27
+ GITLEAKS_EXIT=$?
28
+
29
+ if [ "$GITLEAKS_EXIT" -eq 0 ]; then
30
+ echo " ✅ PASSED - No secrets detected."
31
+ GATE_8_STATUS="PASS"
32
+ elif [ "$GITLEAKS_EXIT" -eq 1 ]; then
33
+ # Secrets found — output details
34
+ echo "$GITLEAKS_OUTPUT"
35
+ echo ""
36
+ echo "❌ BLOCKED - Secrets detected in staged files."
37
+ echo ""
38
+ echo "Remediation options:"
39
+ echo " 1. Remove the secret and use environment variables instead"
40
+ echo " 2. Add a false positive to .gitleaks.toml allowlist"
41
+ echo " 3. Use git secret or vault for sensitive data"
42
+ echo ""
43
+ echo "See: https://github.com/gitleaks/gitleaks"
44
+ exit 1
45
+ else
46
+ echo " ⚠️ gitleaks exited with code $GITLEAKS_EXIT - skipping gate"
47
+ echo " ✅ Secret Scanning (SKIP, gitleaks error)"
48
+ GATE_8_STATUS="SKIP"
49
+ fi
50
+ else
51
+ echo " ℹ️ gitleaks not installed — secret scanning unavailable"
52
+ echo " Install: brew install gitleaks (macOS) | winget install gitleaks (Windows) | scripts/install-gitleaks.sh (Linux)"
53
+ echo " ⏭️ SKIPPED - Secret scanning (gitleaks not installed)"
54
+ GATE_8_STATUS="SKIP"
55
+ fi
56
+ record_gate_audit "gate-8" "secret-scanning" "$GATE_8_STATUS" "0" "$GATE_8_START"
package/gate-9.sh ADDED
@@ -0,0 +1,130 @@
1
+ # ============================================================================
2
+ # GATE 9: Semgrep SAST Security Scan
3
+ # Detects security vulnerabilities (SQL injection, XSS, etc.) in staged files
4
+ # Tool: semgrep -- https://semgrep.dev
5
+ # ============================================================================
6
+
7
+ 2>&1 echo ""
8
+ 2>&1 echo "→ Gate 9: Semgrep SAST Security Scan..."
9
+ GATE_9_START=$(gate_start_ms)
10
+
11
+ GATE_9_STATUS=""
12
+
13
+ # Semgrep availability check
14
+ SEMGREP_CMD=""
15
+ if command -v semgrep >/dev/null 2>&1; then
16
+ SEMGREP_CMD="semgrep"
17
+ elif [ -f "$HOME/.local/bin/semgrep" ]; then
18
+ SEMGREP_CMD="$HOME/.local/bin/semgrep"
19
+ fi
20
+
21
+ if [ -z "$SEMGREP_CMD" ]; then
22
+ echo " ⚠️ WARN - semgrep not installed — SAST scanning unavailable"
23
+ echo " Install: brew install semgrep (macOS) | pip install semgrep (Linux) | pip install semgrep (Windows)"
24
+ echo " Pre-cache rules: semgrep --config=p/security-audit"
25
+ echo " Gate 9: SAST Security (WARN, semgrep not installed)"
26
+ GATE_9_STATUS="WARN"
27
+ else
28
+ # Get staged files filtered to Semgrep-supported languages
29
+ SEMGREP_FILES=$(git diff --cached --name-only --diff-filter=ACM 2>/dev/null | grep -E '\.(ts|tsx|js|jsx|py|go|java|c|cpp|cs|rb|php|scala|swift)$' || true)
30
+
31
+ if [ -z "$SEMGREP_FILES" ]; then
32
+ echo " ⏭️ SKIPPED - SAST (no supported language files changed)"
33
+ GATE_9_STATUS="SKIP"
34
+ else
35
+ # Run semgrep with JSON output
36
+ # --config=p/security-audit: explicit security ruleset
37
+ # --json: machine-readable output
38
+ # --disable-version-check: skip network call
39
+ SEMGREP_OUTPUT=$($SEMGREP_CMD scan --config=p/security-audit --json --disable-version-check $SEMGREP_FILES 2>&1)
40
+ SEMGREP_EXIT=$?
41
+
42
+ if [ "$SEMGREP_EXIT" -eq 0 ]; then
43
+ echo " ✅ PASSED - No security vulnerabilities found."
44
+ GATE_9_STATUS="PASS"
45
+ elif [ "$SEMGREP_EXIT" -eq 1 ]; then
46
+ # Findings detected - parse JSON to categorize
47
+ CRITICAL_HIGH=$(echo "$SEMGREP_OUTPUT" | python3 -c "
48
+ import sys, json
49
+ try:
50
+ data = json.load(sys.stdin)
51
+ results = data.get('results', [])
52
+ count = 0
53
+ for r in results:
54
+ extra = r.get('extra', {})
55
+ severity = extra.get('severity', '').upper()
56
+ if severity in ('CRITICAL', 'HIGH'):
57
+ count += 1
58
+ print(count)
59
+ except:
60
+ print('0')
61
+ " 2>/dev/null || echo "0")
62
+
63
+ MEDIUM_LOW=$(echo "$SEMGREP_OUTPUT" | python3 -c "
64
+ import sys, json
65
+ try:
66
+ data = json.load(sys.stdin)
67
+ results = data.get('results', [])
68
+ count = 0
69
+ for r in results:
70
+ extra = r.get('extra', {})
71
+ severity = extra.get('severity', '').upper()
72
+ if severity in ('MEDIUM', 'LOW'):
73
+ count += 1
74
+ print(count)
75
+ except:
76
+ print('0')
77
+ " 2>/dev/null || echo "0")
78
+
79
+ # Extract top finding details
80
+ FINDING_DETAILS=$(echo "$SEMGREP_OUTPUT" | python3 -c "
81
+ import sys, json
82
+ try:
83
+ data = json.load(sys.stdin)
84
+ results = data.get('results', [])
85
+ for r in results[:5]: # Show top 5
86
+ extra = r.get('extra', {})
87
+ severity = extra.get('severity', 'UNKNOWN').upper()
88
+ rule_id = r.get('check_id', 'unknown')
89
+ path = r.get('path', 'unknown')
90
+ start_line = r.get('start', {}).get('line', '?')
91
+ message = extra.get('message', '')[:80]
92
+ print(f' [{severity}] {rule_id}')
93
+ print(f' {path}:{start_line} → {message}')
94
+ print()
95
+ except:
96
+ print(' (Failed to parse semgrep output)')
97
+ " 2>/dev/null || echo " (Failed to parse semgrep output)")
98
+
99
+ if [ "$CRITICAL_HIGH" -gt 0 ]; then
100
+ echo ""
101
+ echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
102
+ echo " GATE 9: Semgrep Security Gate"
103
+ echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
104
+ echo " CRITICAL/HIGH: ${CRITICAL_HIGH} ❌ BLOCKED"
105
+ echo " MEDIUM/LOW: ${MEDIUM_LOW} ⚠️ warning"
106
+ echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
107
+ echo " ❌ BLOCKED — Critical/High vulnerability found"
108
+ echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
109
+ echo "$FINDING_DETAILS"
110
+ echo " Run 'semgrep scan --config=p/security-audit' to review all findings."
111
+ GATE_9_STATUS="FAIL"
112
+ exit 1
113
+ else
114
+ echo ""
115
+ echo " ✅ PASSED - No critical/high vulnerabilities"
116
+ if [ "$MEDIUM_LOW" -gt 0 ]; then
117
+ echo " ⚠️ ${MEDIUM_LOW} medium/low findings (warnings only)"
118
+ echo "$FINDING_DETAILS"
119
+ fi
120
+ GATE_9_STATUS="PASS"
121
+ fi
122
+ else
123
+ # semgrep runtime error (timeout, config error, etc.)
124
+ echo " ⚠️ semgrep exited with code ${SEMGREP_EXIT} — skipping gate"
125
+ echo " ⏭️ SKIPPED - SAST (semgrep runtime error)"
126
+ GATE_9_STATUS="SKIP"
127
+ fi
128
+ fi
129
+ fi
130
+ record_gate_audit "gate-9" "sast-security" "$GATE_9_STATUS" "0" "$GATE_9_START"
@@ -108,6 +108,10 @@ describe('doctor', () => {
108
108
  path.join(dir, 'adapters', 'python.sh'),
109
109
  '#!/usr/bin/env bash\necho "py adapter"\n'
110
110
  );
111
+ const gateScripts = ['gate-3.sh', 'gate-4.sh', 'gate-7.sh', 'gate-8.sh', 'gate-9.sh'];
112
+ for (const script of gateScripts) {
113
+ fs.writeFileSync(path.join(dir, 'adapters', script), `#!/bin/bash\n# ${script}\n`);
114
+ }
111
115
  }
112
116
 
113
117
  function tuiJsonPath() {
@@ -139,7 +143,14 @@ describe('doctor', () => {
139
143
  createXpGatePreCommit(globalHooksDir());
140
144
  createXpGatePrePush(globalHooksDir());
141
145
  createXpGateAdapterCommon(globalAdaptersDir());
142
- createXpGateAdapterScripts(globalAdaptersDir());
146
+ // For global mode, create adapters directly in globalAdaptersDir (not in a subdirectory)
147
+ fs.mkdirSync(globalAdaptersDir(), { recursive: true });
148
+ fs.writeFileSync(path.join(globalAdaptersDir(), 'typescript.sh'), '#!/usr/bin/env bash\necho "ts adapter"\n');
149
+ fs.writeFileSync(path.join(globalAdaptersDir(), 'python.sh'), '#!/usr/bin/env bash\necho "py adapter"\n');
150
+ const gateScripts = ['gate-3.sh', 'gate-4.sh', 'gate-7.sh', 'gate-8.sh', 'gate-9.sh'];
151
+ for (const script of gateScripts) {
152
+ fs.writeFileSync(path.join(globalAdaptersDir(), script), `#!/bin/bash\n# ${script}\n`);
153
+ }
143
154
  createXpGatePreCommit(projectHooksDir());
144
155
  createXpGatePrePush(projectHooksDir());
145
156
  createXpGateAdapterCommon(projectGithooksDir());
@@ -805,4 +816,92 @@ describe('doctor', () => {
805
816
  // Should still have exactly one entry
806
817
  expect(tui.plugin.filter(p => p === '@boyingliu01/opencode-plugin/tui').length).toBe(1);
807
818
  });
819
+
820
+ // === Issue #263 follow-up: Gate script detection ===
821
+
822
+ function createGateScripts(dir) {
823
+ fs.mkdirSync(dir, { recursive: true });
824
+ const gateScripts = ['gate-3.sh', 'gate-4.sh', 'gate-7.sh', 'gate-8.sh', 'gate-9.sh'];
825
+ for (const script of gateScripts) {
826
+ fs.writeFileSync(path.join(dir, script), `#!/bin/bash\n# ${script}\n`);
827
+ }
828
+ }
829
+
830
+ it('gate scripts: PASS when all expected gate scripts exist', async () => {
831
+ setupLocalInstall();
832
+ ensureTuiRegistered();
833
+ seedVersionCache();
834
+ createGateScripts(projectAdaptersDir());
835
+ mockExecSuccess();
836
+ const { doctor } = require('../doctor');
837
+
838
+ const result = await doctor([]);
839
+
840
+ expect(result).toBe(0);
841
+ expect(logSpy).toHaveBeenCalledWith(
842
+ expect.stringContaining('Gate scripts')
843
+ );
844
+ expect(logSpy).toHaveBeenCalledWith(
845
+ expect.stringContaining('5 gate script(s)')
846
+ );
847
+ });
848
+
849
+ it('gate scripts: FAIL when gate scripts are missing', async () => {
850
+ setupLocalInstall();
851
+ seedVersionCache();
852
+ // Clear adapters dir and create with only language adapters, no gate scripts
853
+ fs.rmSync(projectAdaptersDir(), { recursive: true, force: true });
854
+ fs.mkdirSync(projectAdaptersDir(), { recursive: true });
855
+ fs.writeFileSync(path.join(projectAdaptersDir(), 'typescript.sh'), '#!/bin/bash\n');
856
+ mockExecSuccess();
857
+ const { doctor } = require('../doctor');
858
+
859
+ const result = await doctor([]);
860
+
861
+ expect(result).toBe(1);
862
+ expect(logSpy).toHaveBeenCalledWith(
863
+ expect.stringContaining('Gate scripts')
864
+ );
865
+ expect(logSpy).toHaveBeenCalledWith(
866
+ expect.stringContaining('Missing')
867
+ );
868
+ });
869
+
870
+ it('--fix: restores missing gate scripts', async () => {
871
+ setupLocalInstall();
872
+ seedVersionCache();
873
+ // Clear adapters dir and create with only language adapters, no gate scripts
874
+ fs.rmSync(projectAdaptersDir(), { recursive: true, force: true });
875
+ fs.mkdirSync(projectAdaptersDir(), { recursive: true });
876
+ fs.writeFileSync(path.join(projectAdaptersDir(), 'typescript.sh'), '#!/bin/bash\n');
877
+ mockExecSuccess();
878
+ const { doctor } = require('../doctor');
879
+
880
+ const result = await doctor(['--fix']);
881
+
882
+ expect(result).toBe(0);
883
+ expect(fs.existsSync(path.join(projectAdaptersDir(), 'gate-3.sh'))).toBe(true);
884
+ expect(fs.existsSync(path.join(projectAdaptersDir(), 'gate-4.sh'))).toBe(true);
885
+ expect(fs.existsSync(path.join(projectAdaptersDir(), 'gate-7.sh'))).toBe(true);
886
+ expect(fs.existsSync(path.join(projectAdaptersDir(), 'gate-8.sh'))).toBe(true);
887
+ expect(fs.existsSync(path.join(projectAdaptersDir(), 'gate-9.sh'))).toBe(true);
888
+ expect(logSpy).toHaveBeenCalledWith(
889
+ expect.stringContaining('Restored')
890
+ );
891
+ });
892
+
893
+ it('--fix: idempotent for gate scripts — does not overwrite existing', async () => {
894
+ setupLocalInstall();
895
+ seedVersionCache();
896
+ createGateScripts(projectAdaptersDir());
897
+ const originalContent = fs.readFileSync(path.join(projectAdaptersDir(), 'gate-3.sh'), 'utf8');
898
+ mockExecSuccess();
899
+ const { doctor } = require('../doctor');
900
+
901
+ const result = await doctor(['--fix']);
902
+
903
+ expect(result).toBe(0);
904
+ const currentContent = fs.readFileSync(path.join(projectAdaptersDir(), 'gate-3.sh'), 'utf8');
905
+ expect(currentContent).toBe(originalContent);
906
+ });
808
907
  });
@@ -0,0 +1,231 @@
1
+ const fs = require('fs');
2
+ const path = require('path');
3
+ const os = require('os');
4
+
5
+ describe('next-sprint', () => {
6
+ let tmpDir;
7
+ let consoleSpy;
8
+ let processExitSpy;
9
+
10
+ beforeEach(() => {
11
+ tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'next-sprint-test-'));
12
+ consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
13
+ vi.spyOn(console, 'error').mockImplementation(() => {});
14
+ processExitSpy = vi.spyOn(process, 'exit').mockImplementation(() => {});
15
+ // Clear require cache to ensure fresh module for each test
16
+ delete require.cache[require.resolve('../next-sprint')];
17
+ });
18
+
19
+ afterEach(() => {
20
+ fs.rmSync(tmpDir, { recursive: true, force: true });
21
+ vi.restoreAllMocks();
22
+ });
23
+
24
+ function createState(overrides = {}) {
25
+ const stateDir = path.join(tmpDir, '.sprint-state');
26
+ fs.mkdirSync(stateDir, { recursive: true });
27
+ const state = {
28
+ id: 'sprint-2026-06-30-01',
29
+ task_description: 'Test Sprint',
30
+ phase: 4,
31
+ status: 'completed',
32
+ started_at: new Date().toISOString(),
33
+ phase_history: [
34
+ {
35
+ phase: 2,
36
+ phase_name: 'BUILD',
37
+ status: 'completed',
38
+ reqs: {
39
+ 'REQ-001': { name: 'Implement login', status: 'completed' },
40
+ 'REQ-002': { name: 'Implement logout', status: 'completed' },
41
+ },
42
+ },
43
+ ],
44
+ ...overrides,
45
+ };
46
+ fs.writeFileSync(path.join(stateDir, 'sprint-state.json'), JSON.stringify(state));
47
+ return state;
48
+ }
49
+
50
+ function mockGhCli(issues) {
51
+ const { execSync } = require('child_process');
52
+ vi.spyOn(require('child_process'), 'execSync').mockImplementation((cmd) => {
53
+ if (cmd.includes('gh issue list')) {
54
+ return JSON.stringify(issues);
55
+ }
56
+ return '';
57
+ });
58
+ }
59
+
60
+ describe('readSprintState', () => {
61
+ it('returns null when no sprint state exists', () => {
62
+ const { readSprintState } = require('../next-sprint');
63
+ const result = readSprintState(tmpDir);
64
+ expect(result).toBeNull();
65
+ });
66
+
67
+ it('returns parsed state when sprint state exists', () => {
68
+ const state = createState();
69
+ const { readSprintState } = require('../next-sprint');
70
+ const result = readSprintState(tmpDir);
71
+ expect(result).toBeDefined();
72
+ expect(result.id).toBe('sprint-2026-06-30-01');
73
+ });
74
+ });
75
+
76
+ describe('getCurrentSprintReqs', () => {
77
+ it('extracts requirements from sprint state', () => {
78
+ createState();
79
+ const { readSprintState, getCurrentSprintReqs } = require('../next-sprint');
80
+ const state = readSprintState(tmpDir);
81
+ const reqs = getCurrentSprintReqs(state);
82
+ expect(reqs).toHaveLength(2);
83
+ expect(reqs[0].name).toBe('Implement login');
84
+ expect(reqs[1].name).toBe('Implement logout');
85
+ });
86
+
87
+ it('returns empty array when no phase history', () => {
88
+ const { getCurrentSprintReqs } = require('../next-sprint');
89
+ const reqs = getCurrentSprintReqs({ phase_history: [] });
90
+ expect(reqs).toEqual([]);
91
+ });
92
+ });
93
+
94
+ describe('filterRemainingIssues', () => {
95
+ it('filters out issues already in sprint', () => {
96
+ const issues = [
97
+ { number: 1, title: 'Implement login', labels: [], createdAt: '2026-06-30T00:00:00Z' },
98
+ { number: 2, title: 'Implement logout', labels: [], createdAt: '2026-06-30T00:00:00Z' },
99
+ { number: 3, title: 'Implement signup', labels: [], createdAt: '2026-06-30T00:00:00Z' },
100
+ ];
101
+ const sprintReqs = [{ name: 'Implement login' }, { name: 'Implement logout' }];
102
+ const { filterRemainingIssues } = require('../next-sprint');
103
+ const result = filterRemainingIssues(issues, sprintReqs);
104
+ expect(result).toHaveLength(1);
105
+ expect(result[0].number).toBe(3);
106
+ });
107
+
108
+ it('returns all issues when no sprint reqs', () => {
109
+ const issues = [
110
+ { number: 1, title: 'Implement login', labels: [], createdAt: '2026-06-30T00:00:00Z' },
111
+ { number: 2, title: 'Implement logout', labels: [], createdAt: '2026-06-30T00:00:00Z' },
112
+ ];
113
+ const { filterRemainingIssues } = require('../next-sprint');
114
+ const result = filterRemainingIssues(issues, []);
115
+ expect(result).toHaveLength(2);
116
+ });
117
+ });
118
+
119
+ describe('formatIssuesTable', () => {
120
+ it('formats issues as table', () => {
121
+ const issues = [
122
+ { number: 1, title: 'Implement login', labels: [{ name: 'feature' }], createdAt: '2026-06-30T00:00:00Z' },
123
+ { number: 2, title: 'Implement logout', labels: [{ name: 'bug' }], createdAt: '2026-06-30T00:00:00Z' },
124
+ ];
125
+ const { formatIssuesTable } = require('../next-sprint');
126
+ const result = formatIssuesTable(issues);
127
+ expect(result).toContain('Remaining Open Issues');
128
+ expect(result).toContain('Implement login');
129
+ expect(result).toContain('feature');
130
+ });
131
+
132
+ it('handles empty issues', () => {
133
+ const { formatIssuesTable } = require('../next-sprint');
134
+ const result = formatIssuesTable([]);
135
+ expect(result).toBe('No remaining issues found.');
136
+ });
137
+ });
138
+
139
+ describe('generateSprintPlan', () => {
140
+ it('generates sprint plan for remaining issues', () => {
141
+ const issues = [
142
+ { number: 1, title: 'Implement login', labels: [], createdAt: '2026-06-30T00:00:00Z' },
143
+ { number: 2, title: 'Implement logout', labels: [], createdAt: '2026-06-30T00:00:00Z' },
144
+ ];
145
+ const { generateSprintPlan } = require('../next-sprint');
146
+ const result = generateSprintPlan(issues);
147
+ expect(result).toContain('Suggested Next Sprint Plan');
148
+ expect(result).toContain('#1');
149
+ expect(result).toContain('sprint-flow');
150
+ });
151
+
152
+ it('returns null when no issues', () => {
153
+ const { generateSprintPlan } = require('../next-sprint');
154
+ const result = generateSprintPlan([]);
155
+ expect(result).toBeNull();
156
+ });
157
+ });
158
+
159
+ describe('handleNextSprint', () => {
160
+ it('outputs remaining issues in table format', async () => {
161
+ createState();
162
+ const { execSync } = require('child_process');
163
+ vi.spyOn(require('child_process'), 'execSync').mockImplementation((cmd) => {
164
+ if (cmd.includes('gh issue list')) {
165
+ return JSON.stringify([
166
+ { number: 1, title: 'Implement login', labels: [{ name: 'feature' }], createdAt: '2026-06-30T00:00:00Z' },
167
+ { number: 2, title: 'Implement logout', labels: [{ name: 'bug' }], createdAt: '2026-06-30T00:00:00Z' },
168
+ { number: 3, title: 'Implement signup', labels: [{ name: 'enhancement' }], createdAt: '2026-06-30T00:00:00Z' },
169
+ ]);
170
+ }
171
+ return '';
172
+ });
173
+ delete require.cache[require.resolve('../next-sprint')];
174
+ const { handleNextSprint } = require('../next-sprint');
175
+ const result = await handleNextSprint(['--dir', tmpDir]);
176
+ expect(result).toBe(0);
177
+ expect(consoleSpy).toHaveBeenCalled();
178
+ const output = consoleSpy.mock.calls.map(c => c[0]).join('\n');
179
+ expect(output).toContain('Remaining Open Issues');
180
+ expect(output).toContain('Implement signup');
181
+ });
182
+
183
+ it('outputs JSON when --json flag', async () => {
184
+ createState();
185
+ vi.spyOn(require('child_process'), 'execSync').mockImplementation((cmd) => {
186
+ if (cmd.includes('gh issue list')) {
187
+ return JSON.stringify([
188
+ { number: 1, title: 'Implement login', labels: [], createdAt: '2026-06-30T00:00:00Z' },
189
+ ]);
190
+ }
191
+ return '';
192
+ });
193
+ delete require.cache[require.resolve('../next-sprint')];
194
+ const { handleNextSprint } = require('../next-sprint');
195
+ const result = await handleNextSprint(['--json', '--dir', tmpDir]);
196
+ expect(result).toBe(0);
197
+ const output = consoleSpy.mock.calls.map(c => c[0]).join('\n');
198
+ const parsed = JSON.parse(output);
199
+ expect(parsed).toHaveProperty('current_sprint');
200
+ expect(parsed).toHaveProperty('remaining_issues');
201
+ });
202
+
203
+ it('outputs plan when --plan flag', async () => {
204
+ createState();
205
+ vi.spyOn(require('child_process'), 'execSync').mockImplementation((cmd) => {
206
+ if (cmd.includes('gh issue list')) {
207
+ return JSON.stringify([
208
+ { number: 5, title: 'Implement password reset', labels: [], createdAt: '2026-06-30T00:00:00Z' },
209
+ ]);
210
+ }
211
+ return '';
212
+ });
213
+ delete require.cache[require.resolve('../next-sprint')];
214
+ const { handleNextSprint } = require('../next-sprint');
215
+ const result = await handleNextSprint(['--plan', '--dir', tmpDir]);
216
+ expect(result).toBe(0);
217
+ const output = consoleSpy.mock.calls.map(c => c[0]).join('\n');
218
+ expect(output).toContain('Suggested Next Sprint Plan');
219
+ });
220
+
221
+ it('returns 1 when gh CLI not available', async () => {
222
+ vi.spyOn(require('child_process'), 'execSync').mockImplementation(() => {
223
+ throw new Error('gh: command not found');
224
+ });
225
+ delete require.cache[require.resolve('../next-sprint')];
226
+ const { handleNextSprint } = require('../next-sprint');
227
+ const result = await handleNextSprint(['--dir', tmpDir]);
228
+ expect(result).toBe(1);
229
+ });
230
+ });
231
+ });
package/lib/doctor.js CHANGED
@@ -176,7 +176,20 @@ function checkSingleHook(hooksDir, name, signature, label, checks) {
176
176
  return 0;
177
177
  }
178
178
 
179
+ /**
180
+ * Expected gate scripts that should be present in the adapters directory.
181
+ * gate-5.sh and gate-6.sh are inline in pre-commit, so they are NOT expected here.
182
+ */
183
+ const EXPECTED_GATE_SCRIPTS = [
184
+ 'gate-3.sh',
185
+ 'gate-4.sh',
186
+ 'gate-7.sh',
187
+ 'gate-8.sh',
188
+ 'gate-9.sh',
189
+ ];
190
+
179
191
  function checkAdapters(checks, mode, gitDir) {
192
+ let issues = 0;
180
193
  const adaptersDir = mode === 'local'
181
194
  ? path.join(path.dirname(gitDir || ''), 'githooks', 'adapters')
182
195
  : GLOBAL_ADAPTERS_DIR;
@@ -190,8 +203,22 @@ function checkAdapters(checks, mode, gitDir) {
190
203
  checks.push({ name: 'Adapters directory', status: 'FAIL', detail: 'Empty directory' });
191
204
  return 1;
192
205
  }
193
- checks.push({ name: 'Adapters directory', status: 'PASS', detail: `${adapterFiles.length} adapter(s)` });
194
- return 0;
206
+ checks.push({ name: 'Adapters directory', status: 'PASS', detail: `${adapterFiles.length} file(s)` });
207
+
208
+ // Check for missing gate scripts (Issue #263 follow-up)
209
+ const missingGates = EXPECTED_GATE_SCRIPTS.filter(g => !adapterFiles.includes(g));
210
+ if (missingGates.length > 0) {
211
+ checks.push({
212
+ name: 'Gate scripts',
213
+ status: 'FAIL',
214
+ detail: `Missing: ${missingGates.join(', ')} — run 'xp-gate doctor --fix' to restore`
215
+ });
216
+ issues++;
217
+ } else {
218
+ checks.push({ name: 'Gate scripts', status: 'PASS', detail: `${EXPECTED_GATE_SCRIPTS.length} gate script(s)` });
219
+ }
220
+
221
+ return issues;
195
222
  }
196
223
 
197
224
  /**
@@ -429,6 +456,37 @@ function fixMissingAdapters(mode, srcDir, adaptersDir) {
429
456
  return false;
430
457
  }
431
458
 
459
+ /**
460
+ * Restore missing gate scripts from package root to adapters directory.
461
+ * Gate scripts (gate-3.sh through gate-9.sh) are stored in the package root,
462
+ * not in the adapters subdirectory.
463
+ */
464
+ function fixMissingGateScripts(srcDir, adaptersDir) {
465
+ if (!adaptersDir || !fs.existsSync(adaptersDir)) return false;
466
+
467
+ const existingFiles = fs.readdirSync(adaptersDir);
468
+ const missingGates = EXPECTED_GATE_SCRIPTS.filter(g => !existingFiles.includes(g));
469
+
470
+ if (missingGates.length === 0) return false;
471
+
472
+ let restored = 0;
473
+ for (const gateScript of missingGates) {
474
+ const srcFile = path.join(srcDir, gateScript);
475
+ const destFile = path.join(adaptersDir, gateScript);
476
+ if (fs.existsSync(srcFile)) {
477
+ fs.copyFileSync(srcFile, destFile);
478
+ fs.chmodSync(destFile, 0o755);
479
+ restored++;
480
+ }
481
+ }
482
+
483
+ if (restored > 0) {
484
+ console.log(` ✓ Restored ${restored} gate script(s)`);
485
+ return true;
486
+ }
487
+ return false;
488
+ }
489
+
432
490
  function fixConfigMismatches(config) {
433
491
  let fixed = false;
434
492
  fixed = fixVersionMismatch(config, getPackageVersion()) || fixed;
@@ -481,6 +539,7 @@ function fixIssues(checks, config) {
481
539
  fixed = fixHooksByMode(config, srcDir) || fixed;
482
540
  fixed = fixGlobalHooksPath(config) || fixed;
483
541
  fixed = fixMissingAdapters(config.mode, srcDir, getAdaptersDirByMode(config)) || fixed;
542
+ fixed = fixMissingGateScripts(srcDir, getAdaptersDirByMode(config)) || fixed;
484
543
  fixed = fixTuiRegistration() || fixed;
485
544
  fixed = printCliToolGuidance() || fixed;
486
545
 
package/lib/init.js CHANGED
@@ -35,6 +35,13 @@ function copyAdapters(srcDir, destDir) {
35
35
  }
36
36
  });
37
37
  }
38
+ // Copy gate scripts (gate-3.sh through gate-9.sh) from package root to destDir.
39
+ // These are sourced by pre-commit via GATE_DIR which resolves to the adapter dir.
40
+ fs.readdirSync(srcDir).forEach(f => {
41
+ if (f.startsWith('gate-') && f.endsWith('.sh')) {
42
+ fs.copyFileSync(path.join(srcDir, f), path.join(destDir, f));
43
+ }
44
+ });
38
45
  }
39
46
 
40
47
  function copyRecursive(src, dest) {
@@ -0,0 +1,129 @@
1
+ const childProcess = require('child_process');
2
+ const fs = require('fs');
3
+ const path = require('path');
4
+
5
+ function readSprintState(dir) {
6
+ try {
7
+ const stateFile = path.join(dir, '.sprint-state', 'sprint-state.json');
8
+ if (!fs.existsSync(stateFile)) return null;
9
+ return JSON.parse(fs.readFileSync(stateFile, 'utf8'));
10
+ } catch {
11
+ return null;
12
+ }
13
+ }
14
+
15
+ function getCurrentSprintReqs(state) {
16
+ if (!state?.phase_history) return [];
17
+ const reqs = [];
18
+ for (const phase of state.phase_history) {
19
+ if (phase.reqs) {
20
+ for (const [id, req] of Object.entries(phase.reqs)) {
21
+ reqs.push({ id, name: req.name, status: req.status });
22
+ }
23
+ }
24
+ }
25
+ return reqs;
26
+ }
27
+
28
+ function fetchOpenIssues(repoRoot) {
29
+ try {
30
+ const result = childProcess.execSync('gh issue list --state open --json number,title,labels,createdAt', {
31
+ cwd: repoRoot,
32
+ encoding: 'utf8',
33
+ timeout: 30000,
34
+ });
35
+ return JSON.parse(result);
36
+ } catch (err) {
37
+ if (err.message.includes('gh: command not found')) {
38
+ console.error('Error: gh CLI not found. Install it from https://cli.github.com/');
39
+ return null;
40
+ }
41
+ if (err.message.includes('not logged in')) {
42
+ console.error('Error: Not logged in to GitHub. Run "gh auth login" first.');
43
+ return null;
44
+ }
45
+ console.error('Error fetching issues:', err.message);
46
+ return null;
47
+ }
48
+ }
49
+
50
+ function filterRemainingIssues(issues, sprintReqs) {
51
+ const sprintTitles = new Set(sprintReqs.map(r => r.name?.toLowerCase()));
52
+ return issues.filter(issue => {
53
+ const titleLower = issue.title.toLowerCase();
54
+ return !sprintTitles.has(titleLower);
55
+ });
56
+ }
57
+
58
+ function formatIssuesTable(issues) {
59
+ if (issues.length === 0) return 'No remaining issues found.';
60
+ const lines = ['Remaining Open Issues:', ''];
61
+ lines.push('┌──────┬────────────────────────────────────────────┬─────────────────────┬───────────┐');
62
+ lines.push('│ # │ Title │ Labels │ Created │');
63
+ lines.push('├──────┼────────────────────────────────────────────┼─────────────────────┼───────────┤');
64
+ for (const issue of issues) {
65
+ const num = String(issue.number).padEnd(4);
66
+ const title = issue.title.slice(0, 40).padEnd(40);
67
+ const labels = (issue.labels || []).map(l => l.name).join(', ').slice(0, 19).padEnd(19);
68
+ const created = issue.createdAt ? issue.createdAt.slice(0, 10) : 'N/A';
69
+ lines.push(`│ ${num} │ ${title} │ ${labels} │ ${created} │`);
70
+ }
71
+ lines.push('└──────┴────────────────────────────────────────────┴─────────────────────┴───────────┘');
72
+ lines.push(`Total: ${issues.length} remaining issues`);
73
+ return lines.join('\n');
74
+ }
75
+
76
+ function generateSprintPlan(issues) {
77
+ if (issues.length === 0) return null;
78
+ const lines = ['Suggested Next Sprint Plan:', ''];
79
+ const prioritized = issues.slice(0, 5);
80
+ for (let i = 0; i < prioritized.length; i++) {
81
+ const issue = prioritized[i];
82
+ lines.push(`${i + 1}. #${issue.number} - ${issue.title}`);
83
+ }
84
+ if (issues.length > 5) {
85
+ lines.push(`... and ${issues.length - 5} more issues`);
86
+ }
87
+ lines.push('');
88
+ lines.push('To start a sprint, run:');
89
+ lines.push(` /sprint-flow "Implement #${prioritized[0].number}: ${prioritized[0].title}"`);
90
+ return lines.join('\n');
91
+ }
92
+
93
+ async function handleNextSprint(args = []) {
94
+ const jsonFlag = args.includes('--json');
95
+ const planFlag = args.includes('--plan');
96
+ const dirIdx = args.indexOf('--dir');
97
+ let repoRoot = process.cwd();
98
+ if (dirIdx >= 0 && dirIdx + 1 < args.length) {
99
+ repoRoot = path.resolve(args[dirIdx + 1]);
100
+ }
101
+ const state = readSprintState(repoRoot);
102
+ const sprintReqs = state ? getCurrentSprintReqs(state) : [];
103
+ const issues = fetchOpenIssues(repoRoot);
104
+ if (issues === null) return 1;
105
+ const remaining = filterRemainingIssues(issues, sprintReqs);
106
+ if (jsonFlag) {
107
+ console.log(JSON.stringify({ current_sprint: state?.id || null, sprint_reqs: sprintReqs, remaining_issues: remaining }, null, 2));
108
+ return 0;
109
+ }
110
+ console.log(formatIssuesTable(remaining));
111
+ if (planFlag) {
112
+ const plan = generateSprintPlan(remaining);
113
+ if (plan) {
114
+ console.log('');
115
+ console.log(plan);
116
+ }
117
+ }
118
+ return 0;
119
+ }
120
+
121
+ module.exports = {
122
+ handleNextSprint,
123
+ fetchOpenIssues,
124
+ filterRemainingIssues,
125
+ formatIssuesTable,
126
+ generateSprintPlan,
127
+ readSprintState,
128
+ getCurrentSprintReqs,
129
+ };
@@ -1,9 +1,9 @@
1
1
  # SRC/MOCK-POLICY KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Mock layering policy enforcement — Gate M3 of pre-push hook. Ensures integration tests use real implementations for internal dependencies, mock external dependencies, and annotate pending mocks with removal plans. Combines project scope scanning, mock decision engine, and per-file validation into a single pipeline.
@@ -1,9 +1,9 @@
1
1
  # SRC/MUTATION KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **Gate M** (incremental mutation testing) + **Gate M2** helpers (test-layer detection used by `src/mock-policy/`). Pre-push quality gate. TypeScript-only; uses Stryker.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boyingliu01/xp-gate",
3
- "version": "0.12.0",
3
+ "version": "0.12.2",
4
4
  "description": "AI-driven development workflow: 6 quality gates + Delphi review + Sprint Flow",
5
5
  "bin": {
6
6
  "xp-gate": "./bin/xp-gate.js"
@@ -16,7 +16,12 @@
16
16
  "principles/",
17
17
  "mutation/",
18
18
  "mock-policy/",
19
- "build-integrity/"
19
+ "build-integrity/",
20
+ "gate-3.sh",
21
+ "gate-4.sh",
22
+ "gate-7.sh",
23
+ "gate-8.sh",
24
+ "gate-9.sh"
20
25
  ],
21
26
  "exports": {
22
27
  "./tui": "./plugins/opencode/tui-plugin.ts"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "xp-gate",
3
- "version": "0.12.0",
3
+ "version": "0.12.2",
4
4
  "displayName": "XP-Gate",
5
5
  "description": "Extreme Programming quality gates + AI workflow skills for Claude Code. Includes 10 quality gates (Gate 0-9), Sprint Flow (11 phases), and Delphi multi-expert review (>=90% consensus).",
6
6
  "author": {
@@ -1,9 +1,9 @@
1
1
  # SKILLS/DELPHI-REVIEW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Delphi Consensus Review — multi-round anonymous expert review (≥90% threshold, 3 experts from ≥2 providers, domestic models only). Supports design + code-walkthrough modes.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **11-phase** development pipeline: ISOLATE → AUTO-ESTIMATE → THINK → PLAN → BUILD → REVIEW → SHIP → LAND → USER ACCEPTANCE → FEEDBACK → CLEANUP. Phase 2 default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE in Phase 1: design must pass Delphi review (≥90% consensus) before any coding.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boyingliu01/opencode-plugin",
3
- "version": "0.12.0",
3
+ "version": "0.12.2",
4
4
  "type": "module",
5
5
  "main": "index.ts",
6
6
  "description": "XP-Gate quality gates + AI workflow skills + Sprint Flow TUI sidebar for OpenCode",
@@ -1,9 +1,9 @@
1
1
  # SKILLS/DELPHI-REVIEW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Delphi Consensus Review — multi-round anonymous expert review (≥90% threshold, 3 experts from ≥2 providers, domestic models only). Supports design + code-walkthrough modes.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **11-phase** development pipeline: ISOLATE → AUTO-ESTIMATE → THINK → PLAN → BUILD → REVIEW → SHIP → LAND → USER ACCEPTANCE → FEEDBACK → CLEANUP. Phase 2 default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE in Phase 1: design must pass Delphi review (≥90% consensus) before any coding.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "xp-gate",
3
- "version": "0.12.0",
3
+ "version": "0.12.2",
4
4
  "displayName": "XP-Gate",
5
5
  "description": "Extreme Programming quality gates + AI workflow skills for Qoder. Includes 10 quality gates (Gate 0-9), Sprint Flow (11 phases), and Delphi multi-expert review (>=90% consensus).",
6
6
  "author": {
@@ -1,9 +1,9 @@
1
1
  # SKILLS/DELPHI-REVIEW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Delphi Consensus Review — multi-round anonymous expert review (≥90% threshold, 3 experts from ≥2 providers, domestic models only). Supports design + code-walkthrough modes.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **11-phase** development pipeline: ISOLATE → AUTO-ESTIMATE → THINK → PLAN → BUILD → REVIEW → USER ACCEPTANCE → FEEDBACK → SHIP → LAND → CLEANUP. Phase 2 default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE in Phase 1: design must pass Delphi review (≥90% consensus) before any coding.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.
@@ -1,9 +1,9 @@
1
1
  # PRINCIPLES CHECKER MODULE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Clean Code & SOLID principles checker — **Gate 4** of pre-commit. 14 rules × 9 language adapters, SARIF 2.1.0 output. Houses the **Boy Scout Rule** enforcement engine (Gate 6) and warning-baseline storage.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/DELPHI-REVIEW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Delphi Consensus Review — multi-round anonymous expert review (≥90% threshold, 3 experts from ≥2 providers, domestic models only). Supports design + code-walkthrough modes.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/SPRINT-FLOW KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  **11-phase** development pipeline: ISOLATE → AUTO-ESTIMATE → THINK → PLAN → BUILD → REVIEW → SHIP → LAND → USER ACCEPTANCE → FEEDBACK → CLEANUP. Phase 2 default build mode is **ralph-loop** (REQ-level iteration, 40-67% token savings vs parallel). HARD-GATE in Phase 1: design must pass Delphi review (≥90% consensus) before any coding.
@@ -1,9 +1,9 @@
1
1
  # SKILLS/TEST-SPECIFICATION-ALIGNMENT KNOWLEDGE BASE
2
2
 
3
3
  **Generated:** 2026-07-01
4
- **Commit:** bd129b3
4
+ **Commit:** 58ec6df
5
5
  **Branch:** main
6
- **Version:** 0.12.0.0
6
+ **Version:** 0.12.2.0
7
7
 
8
8
  ## OVERVIEW
9
9
  Test-Specification Alignment Engine — two-stage validation ensuring tests accurately reflect requirements and design specs.