@kiwidata/grimoire 0.1.3 → 0.1.5

package/skills/references/visual-fidelity.md

@@ -0,0 +1,206 @@
+# Visual Fidelity Reference
+
+Shared visual-fidelity check engine used by `grimoire-review` (design-phase HTML previews), `grimoire-pr-review` (PR diff), and `grimoire-precommit-review` (staged diff).
+
+The calling skill is responsible for:
+- Resolving the **scope** (HTML preview files in `.grimoire/changes/<id>/designs/` vs changed CSS/markup in a diff)
+- Invoking this engine at the appropriate workflow step (§5.5 in all three review skills)
+- Folding the engine's report under the "Visual Fidelity" section of the final review report
+
+This reference defines: when to run, scope per phase, the token-compliance lint algorithm, axe-core invocation, report format, gating rules, and edge-case handling.
+
+---
+
+## 1. When to Run
+
+Engage the visual-fidelity engine when **either** is true:
+
+- `.grimoire/brand/tokens.json` exists (brand tokens are defined; drift is checkable)
+- The change has design artifacts: any file under `.grimoire/changes/<id>/designs/` (HTML preview, ASCII variants, problem.md, etc.)
+
+If neither holds, skip silently — no report section, no noise. This is not an error state; it is a project that has not opted into brand tokens or generated designs.
+
+---
+
+## 2. Scope per Phase
+
+The scope changes by which skill invokes the engine.
+
+### Design phase (`grimoire-review`)
+
+- **Target**: HTML preview files in `.grimoire/changes/<id>/designs/preview.html` (and any `variant-{n}.html`)
+- **Rationale**: No code exists yet — the design is the artifact under review. Token compliance and a11y are evaluated against the rendered HTML preview.
+- **Skip when**: No `designs/*.html` files exist (e.g., ASCII-only or Figma-only variants — token compliance still runs against the variants markdown if hex values appear; a11y is N/A).
+
+### Code phase (`grimoire-precommit-review`, `grimoire-pr-review`)
+
+- **Target**: Staged diff (precommit) or PR diff (pr-review) — specifically the hunks touching CSS files, SCSS, CSS-in-JS strings, inline `style=` attributes, and HTML/JSX with `class` or `style` content.
+- **Rationale**: Brand drift is a code-time concern once implementation begins. Catch it before merge, not at design re-review.
+- **Skip when**: Diff touches no styling surface (e.g., pure backend / config / docs change).
+
+---
+
+## 3. Token-Compliance Lint Algorithm
+
+The algorithm is the same as `grimoire-design --lint`. The reference here is the canonical source — the design skill's lint mode and all three review skills run identical logic.
+
+### 3.1 Load tokens
+
+1. Read `.grimoire/brand/tokens.json`.
+2. Parse as DTCG (see `./brand-tokens-format.md`).
+3. Build a lookup index: `{ "#0066ff" → "color.primary", "Inter, sans-serif" → "font.family.base", "8px" → "spacing.base", ... }`. Normalize hex to lowercase, six-digit form; normalize px-as-integer where possible.
+4. On parse failure or any token missing `$value`: emit the malformed-token report (§6 Gating) and exit the engine. Do not proceed to scan.
+
+### 3.2 Scan target files
+
+For each file in scope (per §2):
+
+- **Hex colors**: regex `#([0-9a-fA-F]{3}|[0-9a-fA-F]{6})\b` — capture every match with file path + line number.
+- **px values**: regex `\b\d+(\.\d+)?px\b` — capture font-size, spacing, border, etc.
+- **font-family strings**: parse CSS `font-family:` declarations and JSX `fontFamily:` props; capture the quoted family list.
+
+### 3.3 Edge-case suppression (false-positive prevention)
+
+Skip the following matches — they are token-referencing CSS, not drift:
+
+- Inside `var(--...)` — e.g., `color: var(--color-primary)` does not contain a literal hex.
+- Inside an SCSS variable declaration that itself is the token source — e.g., `$color-primary: #0066ff;` in a generated tokens file. Detect: file path matches `**/tokens.{scss,css}` or `**/_tokens.scss`, or the file is the generated output of Style Dictionary.
+- Inside a comment (`//`, `/* */`, `<!-- -->`) — the lint targets active rules, not annotations.
+- Inside a string in a non-style context — e.g., a JS string literal `"see #0066ff for an example"` in a Markdown blockquote within JSX. Heuristic: skip matches whose surrounding context is not a CSS rule, inline `style=`, or known styling prop name (`color`, `background`, `borderColor`, `fill`, `stroke`, `fontFamily`, `fontSize`).
+- Already-token CSS custom properties: `--color-primary: #0066ff;` in a stylesheet that defines the tokens is the source of truth, not drift. Same file-path heuristic as the SCSS variable case.
+
+When in doubt, prefer false-negative over false-positive. A noisy lint gets disabled; a quiet one stays on.
+
+### 3.4 Suggestion synthesis
+
+For each surviving hardcoded value, find the nearest token in the index:
+
+- **Exact match**: `#0066ff` matches `color.primary` exactly → suggest `var(--color-primary)`.
+- **Near match** (color): compute ΔE76 (Euclidean distance in Lab space) or a cheap Euclidean in sRGB; if any token is within 5% → suggest with a "near match" note ("`#0066fe` ~ `var(--color-primary)` (#0066ff)").
+- **Px values**: nearest spacing or font-size token; suggest with the token name.
+- **font-family**: substring match against any font-family token's value.
+- **No match**: emit the finding but suggest "add a new token in `tokens.json` or pick the closest existing token manually" — do not invent a token name.
+
+### 3.5 Output format per finding
+
+```
+- **[suggestion]** `<file>:<line>` hardcoded `<value>` — replace with `var(--<token-path>)` (<note if near match or no match>)
+```
+
+Severity is **suggestion** by default. Promote to **blocker** only when the project's `tokens.json` is referenced by an active ADR as the canonical source (briefing axis — brand-system enforcement) AND the value appears in a primary surface (not a one-off test fixture or sandbox).
+
+### 3.6 Clean state
+
+If zero drift findings: emit `No brand drift detected across N files scanned.` Do not emit an empty section header — keep the report clean.
+
+---
+
+## 4. axe-core Invocation
+
+axe-core runs accessibility checks against rendered HTML. It is **opt-in** — never auto-installed by this engine.
+
+### 4.1 Availability check
+
+Before invoking, check (in order):
+
+1. `npx --no-install axe-core --version` exits 0 → axe-core resolvable in the local `node_modules` or up the tree.
+2. `axe-core` listed in `package.json` `devDependencies` or `dependencies`.
+3. `@axe-core/cli` listed in `package.json`.
+
+If none: emit a single line under the Visual Fidelity section and skip the a11y portion entirely:
+
+```
+axe-core not installed — install `@axe-core/cli` for accessibility checks.
+```
+
+Do NOT run `npm install`, do NOT prompt the user to install, do NOT fall back to a hosted service. The engine respects the user's tooling choices.
+
+### 4.2 Invocation
+
+When axe-core is available and the scope includes HTML files:
+
+- Design phase: `npx axe <designs/preview.html>` (and per-variant if multiple)
+- Code phase: skip axe-core unless the diff modified a rendered preview file the project already maintains. Do not spin up a headless browser to render JSX from a diff — that is out of scope for the cheap tier.
+
+### 4.3 Output format per finding
+
+Map axe-core's JSON output to the same finding shape:
+
+```
+- **[<severity>]** [axe-<rule-id>] <file> — <description>. Impact: <minor|moderate|serious|critical>.
+```
+
+axe-core severity maps directly: `minor`/`moderate` → suggestion; `serious`/`critical` → suggestion by default, blocker if `project.compliance` lists WCAG / ADA / EAA / Section 508 (regulator anchor — same rule as `./adversarial-personas.md` §Severity Calibration).
+
+### 4.4 Clean state
+
+If axe-core ran and found nothing: `axe-core: no violations.`
+
+---
+
+## 5. Report-Section Format
+
+The engine returns a single Markdown block the calling skill folds into the report under `## Visual Fidelity`:
+
+```markdown
+## Visual Fidelity
+
+### Token Compliance
+- **[suggestion]** `src/components/Header.tsx:42` hardcoded `#0066ff` — replace with `var(--color-primary)`.
+- **[suggestion]** `src/components/Header.tsx:58` hardcoded `16px` — replace with `var(--spacing-base-2x)`.
+(or: "No brand drift detected across 12 files scanned.")
+
+### Accessibility (axe-core)
+- **[suggestion]** [axe-color-contrast] `designs/preview.html` — Element has insufficient color contrast of 3.8 (foreground color: #888888, background color: #ffffff). Impact: serious.
+(or: "axe-core: no violations.")
+(or: "axe-core not installed — install `@axe-core/cli` for accessibility checks.")
+```
+
+Omit subsections that have nothing to report (no findings + skip-state). If the entire section has nothing to report (clean tokens + axe-core unavailable + nothing in scope), omit the `## Visual Fidelity` header from the report entirely.
+
+---
+
+## 6. Gating Rules
+
+### 6.1 Absent tokens.json
+
+If `.grimoire/brand/tokens.json` does not exist AND the change has design artifacts:
+
+- Token-compliance section: skip silently. Do not emit "no tokens — skipped" noise.
+- Accessibility section: still runs (axe-core works without tokens).
+- This is the standard greenfield-design state.
+
+If `.grimoire/brand/tokens.json` does not exist AND there are no design artifacts: the engine should not have been invoked at all (per §1). The calling skill is responsible for the gate; the engine assumes the gate already passed.
+
+### 6.2 Malformed tokens.json
+
+If `tokens.json` exists but fails to parse, or any token is missing `$value`:
+
+```markdown
+## Visual Fidelity
+
+tokens.json malformed at `.grimoire/brand/tokens.json` — <parse error description>. Fix or remove to enable visual-fidelity checks.
+```
+
+Exit the engine for the code-phase invocations (this is a misconfiguration the user must fix; downstream lint cannot proceed). For the design-phase invocation, continue with the accessibility section only — a malformed tokens file should not block reviewing a freshly generated design.
+
+This mirrors `grimoire-design --lint` malformed-token behavior (one-line error + parse description, suggest fix). Single source of truth — same behavior in all four invocation sites (design --lint, review §5.5, precommit-review §5.5, pr-review §5.5).
+
+### 6.3 Empty tokens.json
+
+A valid-JSON but token-less file (`{}`) is treated as "no tokens defined" — token-compliance section emits `No brand tokens defined in tokens.json — token compliance skipped.` and proceeds to accessibility.
+
+### 6.4 Surface gating
+
+This engine does NOT consult `project.surface`. Surface gating belongs to the adversarial personas (`./adversarial-personas.md` activation matrix). Visual fidelity runs whenever the §1 conditions hold — a TUI project that has somehow generated an HTML preview will still get linted. The user can skip via the standard "skip visual-fidelity" conversational override.
+
+---
+
+## 7. Edge Cases
+
+- **Multiple preview files**: lint each independently; merge findings into one section, group by file in the report.
+- **Tokens defined but no styling files in scope**: emit `No styling files in scope for token compliance.` Do not pretend to have scanned.
+- **Generated stylesheet committed in the diff** (e.g., a Tailwind-built CSS file): include in scan only when the file is hand-authored. Auto-detect generated files via standard banner comments (`/* Generated by Tailwind */`, `/* Generated by Style Dictionary */`) and skip; note skipped count in the report.
+- **Color in image asset (SVG)**: out of scope for the cheap tier — do not parse SVGs for fill/stroke hex values. The premium tier (future) may add this; v1 documents the gap and moves on.
+- **CSS custom property defined in a non-tokens file**: e.g., `--local-padding: 4px` in a component-local stylesheet. Lint the value (`4px` here) against tokens; suggest replacing the local declaration with a token reference if a match exists.
+- **Theme variants (light/dark)**: if `tokens.json` defines mode variants per DTCG, the lookup index includes both; a hardcoded value matching either mode is accepted.

package/templates/accepted-risks.yml

@@ -0,0 +1,47 @@
+# Grimoire Risk-Accepted Vulnerabilities
+# Vulnerabilities triaged as `affected` but consciously accepted — because no fix
+# exists yet, the residual risk is low, or the fix isn't worth it right now.
+#
+# Written by: grimoire-vuln-remediate (from a grimoire-vuln-triage `accept` verdict)
+# Read by:    grimoire-vuln-triage — an UNEXPIRED entry auto-suppresses that CVE as
+#             known-accepted so it doesn't re-flood the queue. An EXPIRED entry is
+#             re-surfaced for re-triage.
+#
+# Each entry requires: a CVE, the component, the VEX justification, a reason, an
+# owner, an accepted date, and an expiry (when to re-evaluate).
+#
+# An accepted risk is NOT closed — it is scheduled for review. Don't accept the same
+# CVE twice; update the existing entry.
+#
+# Created by: grimoire init
+# Last updated: YYYY-MM-DD
+
+accepted: []
+
+# --- Examples ---
+#
+# No upstream fix available — low residual risk, reachable but damped:
+#
+#   - cve: CVE-2026-44405
+#     component: paramiko
+#     component_type: library
+#     vex_justification: inline_mitigations_already_exist
+#     reason: "SHA-1 accepted in rsakey; outbound SFTP only, to tenant-configured
+#              trusted hosts. No upstream fix. EPSS ~0, not in KEV. Blast radius:
+#              low (integration, not the public API)."
+#     owner: fred
+#     accepted: 2026-06-04
+#     expires: 2026-09-04
+#
+# Base-image OS package with no patched version yet (not removable — transitive):
+#
+#   - cve: CVE-2026-40356
+#     component: krb5 (libgssapi-krb5-2, libk5crypto3, libkrb5-3, libkrb5support0)
+#     component_type: os-package
+#     vex_justification: vulnerable_code_not_in_execute_path
+#     reason: "Kerberos DoS. No gssapi/kerberos usage in app; pulled transitively
+#              via libpq5 (Postgres). Not removable without breaking libpq.
+#              status=affected, no FixedVersion. Re-check on base-image bump."
+#     owner: fred
+#     accepted: 2026-06-04
+#     expires: 2026-09-04

package/templates/brand-tokens-example.json

@@ -0,0 +1,13 @@
+{
+  "color": {
+    "primary": { "$value": "#0066ff", "$type": "color" }
+  },
+  "font": {
+    "family": {
+      "base": { "$value": "Inter, sans-serif", "$type": "fontFamily" }
+    }
+  },
+  "spacing": {
+    "base": { "$value": "8px", "$type": "dimension" }
+  }
+}

package/templates/brand-voice-example.md

@@ -0,0 +1,22 @@
+# Brand Voice & Tone
+
+One-line summary of your brand voice (e.g., "Confident, direct, and human — never corporate.").
+
+## Do
+
+- Speak plainly. Short sentences. Active voice.
+- Lead with the user's goal, not the product's feature.
+- Use specific numbers and concrete examples over vague claims.
+
+## Don't
+
+- Don't hedge ("might", "perhaps", "we think") when stating capability.
+- Don't use jargon or acronyms without a one-line gloss on first use.
+- Don't write like a press release — no "world-class", "best-in-class", "synergies".
+
+## Examples
+
+| Context | Do | Don't |
+| --- | --- | --- |
+| Empty state | "No invoices yet. Create one to get started." | "Your invoice journey awaits!" |
+| Error | "Couldn't reach the server. Retry in 30 seconds." | "Oops! Something went wrong." |

package/templates/constraints.md

@@ -0,0 +1,25 @@
+# Constraints
+
+> Invariants that must always hold. These are **not** behaviors (no external actor,
+> not observable in a scenario) — they are guarantees. Anything that failed the
+> feature-file admission test in `grimoire-draft` because it is a security control,
+> NFR, performance budget, observability guarantee, or compliance rule lives here,
+> **not** in a `.feature`.
+>
+> Each constraint is verified by a `unit-invariant` test (created at plan/apply),
+> never by a Gherkin scenario. Keep this register narrow: assert, justify, point to
+> the proof. Don't let it grow into an issue tracker — open work belongs in your
+> tracker, not here.
+
+| Constraint (assertion) | Rationale | How verified | Links |
+|------------------------|-----------|--------------|-------|
+| _e.g._ Log output never contains PII or secrets | Confidential data must not leak to logs/stdout | `tests/test_log_scrubbing.py::test_pii_redacted` | [ADR-0008](.grimoire/decisions/0008-...) |
+| _e.g._ Every request is isolated to its tenant | Multi-tenant data separation | `tests/test_tenant_isolation.py` | — |
+
+<!--
+Add one row per constraint. Guidance:
+- Assertion: a flat "X always holds" statement. No Given/When/Then.
+- Rationale: why it matters, in one line.
+- How verified: the exact test id that proves it. If none yet, write "TODO: unit-invariant test" — the plan stage will create it.
+- Links: the MADR that decided it (don't restate the decision here — DRY).
+-->

package/templates/design-tool-setup-stub.md

@@ -0,0 +1,59 @@
+# Design Tool MCP Setup ({{tool}})
+
+`{{tool}}` does not currently have a first-class MCP server in the grimoire registry.
+Use this checklist to wire one up manually so AI agents can read your designs.
+
+## 1. Install an MCP server for your tool
+
+Search for an MCP server compatible with `{{tool}}` (e.g., `mcp-{{tool}}` on
+npm, GitHub, or the MCP server registry at https://github.com/modelcontextprotocol).
+
+If none exists, fall back to the HTML/ASCII path: `grimoire-design` will render
+previews from a textual description and lint them against `.grimoire/brand/tokens.json`.
+
+## 2. Set environment variables
+
+Most design-tool MCPs require an API token. Export it in your shell, never in
+`.grimoire/config.yaml`:
+
+```bash
+export {{tool}}_ACCESS_TOKEN=...
+```
+
+## 3. Register the server in your agent config
+
+For Claude Code, add to `.mcp.json` at the repo root:
+
+```json
+{
+  "mcpServers": {
+    "{{tool}}": {
+      "command": "npx",
+      "args": ["-y", "<mcp-package-name>"]
+    }
+  }
+}
+```
+
+For other agents, see their MCP documentation.
+
+## 4. Restart your agent and verify
+
+Restart the agent. In `grimoire-design`, run a small request like "fetch the
+homepage frame" to confirm the MCP responds.
+
+## 5. Update `.grimoire/config.yaml`
+
+Once the MCP is working, add it under `project.design_tool.mcp`:
+
+```yaml
+project:
+  design_tool:
+    name: {{tool}}
+    mcp:
+      name: {{tool}}-mcp
+      command: npx
+      args: ["-y", "<mcp-package-name>"]
+```
+
+Re-run `grimoire init` is not necessary — just save the file.

package/dist/commands/archive.d.ts

@@ -1,3 +0,0 @@
-import { Command } from "commander";
-export declare const archiveCommand: Command;
-//# sourceMappingURL=archive.d.ts.map

package/dist/commands/archive.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"archive.d.ts","sourceRoot":"","sources":["../../src/commands/archive.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIpC,eAAO,MAAM,cAAc,SAgBvB,CAAC"}

package/dist/commands/archive.js

@@ -1,22 +0,0 @@
-import { Command } from "commander";
-import { archiveChange, ArchiveError } from "../core/archive.js";
-import chalk from "chalk";
-export const archiveCommand = new Command("archive")
-    .description("Archive a completed change")
-    .argument("<change-id>", "Change to archive")
-    .option("-y, --yes", "Skip confirmation prompt")
-    .action(async (changeId, options) => {
-    try {
-        await archiveChange(changeId, {
-            yes: options.yes ?? false,
-        });
-    }
-    catch (err) {
-        if (err instanceof ArchiveError) {
-            console.error(chalk.red(err.message));
-            process.exit(1);
-        }
-        throw err;
-    }
-});
-//# sourceMappingURL=archive.js.map

package/dist/commands/archive.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"archive.js","sourceRoot":"","sources":["../../src/commands/archive.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC;KACjD,WAAW,CAAC,4BAA4B,CAAC;KACzC,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;KAC5C,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;KAC/C,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAO,EAAE,EAAE;IAC1C,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,QAAQ,EAAE;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,KAAK;SAC1B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,YAAY,EAAE,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/commands/log.d.ts

@@ -1,3 +0,0 @@
-import { Command } from "commander";
-export declare const logCommand: Command;
-//# sourceMappingURL=log.d.ts.map

package/dist/commands/log.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../../src/commands/log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,eAAO,MAAM,UAAU,SAWnB,CAAC"}

package/dist/commands/log.js

@@ -1,15 +0,0 @@
-import { Command } from "commander";
-import { generateLog } from "../core/log.js";
-export const logCommand = new Command("log")
-    .description("Generate change log from archived grimoire changes")
-    .option("--from <ref>", "Start date or git tag (inclusive)")
-    .option("--to <ref>", "End date or git tag (inclusive)")
-    .option("--json", "Output as JSON")
-    .action(async (options) => {
-    await generateLog({
-        from: options.from,
-        to: options.to,
-        json: options.json ?? false,
-    });
-});
-//# sourceMappingURL=log.js.map

package/dist/commands/log.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"log.js","sourceRoot":"","sources":["../../src/commands/log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC;KACzC,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,cAAc,EAAE,mCAAmC,CAAC;KAC3D,MAAM,CAAC,YAAY,EAAE,iCAAiC,CAAC;KACvD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,WAAW,CAAC;QAChB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,KAAK;KAC5B,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/commands/map.d.ts

@@ -1,3 +0,0 @@
-import { Command } from "commander";
-export declare const mapCommand: Command;
-//# sourceMappingURL=map.d.ts.map

package/dist/commands/map.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"map.d.ts","sourceRoot":"","sources":["../../src/commands/map.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,eAAO,MAAM,UAAU,SAanB,CAAC"}

package/dist/commands/map.js

@@ -1,17 +0,0 @@
-import { Command } from "commander";
-import { generateMap } from "../core/map.js";
-export const mapCommand = new Command("map")
-    .description("Scan codebase structure and detect undocumented areas")
-    .option("--json", "Output as JSON")
-    .option("--refresh", "Compare against existing docs and show gaps")
-    .option("--duplicates", "Run jscpd to detect code duplication")
-    .option("--depth <n>", "Max directory depth to scan", "4")
-    .action(async (options) => {
-    await generateMap({
-        json: options.json ?? false,
-        refresh: options.refresh ?? false,
-        duplicates: options.duplicates ?? false,
-        maxDepth: parseInt(options.depth, 10),
-    });
-});
-//# sourceMappingURL=map.js.map

package/dist/commands/map.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"map.js","sourceRoot":"","sources":["../../src/commands/map.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC;KACzC,WAAW,CAAC,uDAAuD,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,WAAW,EAAE,6CAA6C,CAAC;KAClE,MAAM,CAAC,cAAc,EAAE,sCAAsC,CAAC;KAC9D,MAAM,CAAC,aAAa,EAAE,6BAA6B,EAAE,GAAG,CAAC;KACzD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,WAAW,CAAC;QAChB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,KAAK;QAC3B,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK;QACjC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,KAAK;QACvC,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;KACtC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/core/archive.d.ts

@@ -1,9 +0,0 @@
-interface ArchiveOptions {
-    yes: boolean;
-}
-export declare class ArchiveError extends Error {
-    constructor(message: string);
-}
-export declare function archiveChange(changeId: string, options: ArchiveOptions): Promise<void>;
-export {};
-//# sourceMappingURL=archive.d.ts.map

package/dist/core/archive.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"archive.d.ts","sourceRoot":"","sources":["../../src/core/archive.ts"],"names":[],"mappings":"AAKA,UAAU,cAAc;IACtB,GAAG,EAAE,OAAO,CAAC;CACd;AAED,qBAAa,YAAa,SAAQ,KAAK;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,IAAI,CAAC,CAgHf"}

package/dist/core/archive.js

@@ -1,92 +0,0 @@
-import { readFile, mkdir, cp, rm } from "node:fs/promises";
-import { join } from "node:path";
-import chalk from "chalk";
-import { findProjectRoot, resolveChangePath } from "../utils/paths.js";
-export class ArchiveError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "ArchiveError";
-    }
-}
-export async function archiveChange(changeId, options) {
-    const root = await findProjectRoot();
-    const changePath = resolveChangePath(root, changeId);
-    // Check change exists
-    try {
-        await readFile(join(changePath, "manifest.md"), "utf-8");
-    }
-    catch {
-        throw new ArchiveError(`Change "${changeId}" not found or missing manifest.`);
-    }
-    // Check tasks are complete
-    try {
-        const tasksContent = await readFile(join(changePath, "tasks.md"), "utf-8");
-        const pending = tasksContent.match(/^- \[ \] .+$/gm) || [];
-        if (pending.length > 0) {
-            console.log(chalk.yellow(`Warning: ${pending.length} task(s) still pending.`));
-            if (!options.yes) {
-                throw new ArchiveError("Use --yes to archive anyway, or complete tasks first.");
-            }
-        }
-    }
-    catch (err) {
-        if (err instanceof ArchiveError)
-            throw err;
-        // No tasks file — that's ok for archiving
-    }
-    // Confirmation
-    if (!options.yes) {
-        const readline = await import("node:readline/promises");
-        const rl = readline.createInterface({
-            input: process.stdin,
-            output: process.stdout,
-        });
-        const answer = await rl.question(`Archive change "${changeId}"? (y/N) `);
-        rl.close();
-        if (answer.toLowerCase() !== "y") {
-            console.log("Cancelled.");
-            return;
-        }
-    }
-    // Copy proposed features to baseline
-    const proposedFeatures = join(changePath, "features");
-    try {
-        await cp(proposedFeatures, join(root, "features"), {
-            recursive: true,
-            force: true,
-        });
-        console.log(`  ${chalk.green("synced")} features to baseline`);
-    }
-    catch {
-        // No proposed features
-    }
-    // Copy proposed decisions to baseline
-    const proposedDecisions = join(changePath, "decisions");
-    try {
-        // TODO: handle sequential numbering for new decisions
-        await cp(proposedDecisions, join(root, ".grimoire", "decisions"), {
-            recursive: true,
-            force: true,
-        });
-        console.log(`  ${chalk.green("synced")} decisions to baseline`);
-    }
-    catch {
-        // No proposed decisions
-    }
-    // Move manifest to archive
-    const date = new Date().toISOString().split("T")[0];
-    const archiveDir = join(root, ".grimoire", "archive", `${date}-${changeId}`);
-    await mkdir(archiveDir, { recursive: true });
-    await cp(join(changePath, "manifest.md"), join(archiveDir, "manifest.md"));
-    // Copy tasks.md to archive if it exists
-    try {
-        await cp(join(changePath, "tasks.md"), join(archiveDir, "tasks.md"));
-    }
-    catch {
-        // no tasks
-    }
-    // Remove change directory
-    await rm(changePath, { recursive: true });
-    console.log(`\n${chalk.green("Archived")} ${changeId} → .grimoire/archive/${date}-${changeId}/`);
-}
-//# sourceMappingURL=archive.js.map

package/dist/core/archive.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"archive.js","sourceRoot":"","sources":["../../src/core/archive.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAMvE,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,OAAuB;IAEvB,MAAM,IAAI,GAAG,MAAM,eAAe,EAAE,CAAC;IACrC,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAErD,sBAAsB;IACtB,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,YAAY,CACpB,WAAW,QAAQ,kCAAkC,CACtD,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CACjC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,EAC5B,OAAO,CACR,CAAC;QACF,MAAM,OAAO,GACX,YAAY,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,MAAM,CACV,YAAY,OAAO,CAAC,MAAM,yBAAyB,CACpD,CACF,CAAC;YACF,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACjB,MAAM,IAAI,YAAY,CACpB,uDAAuD,CACxD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,YAAY;YAAE,MAAM,GAAG,CAAC;QAC3C,0CAA0C;IAC5C,CAAC;IAED,eAAe;IACf,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QACxD,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAC9B,mBAAmB,QAAQ,WAAW,CACvC,CAAC;QACF,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACtD,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,gBAAgB,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE;YACjD,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CACT,KAAK,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,uBAAuB,CAClD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,uBAAuB;IACzB,CAAC;IAED,sCAAsC;IACtC,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC;QACH,sDAAsD;QACtD,MAAM,EAAE,CAAC,iBAAiB,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,EAAE;YAChE,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CACT,KAAK,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,wBAAwB,CACnD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IAED,2BAA2B;IAC3B,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CACrB,IAAI,EACJ,WAAW,EACX,SAAS,EACT,GAAG,IAAI,IAAI,QAAQ,EAAE,CACtB,CAAC;IACF,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7C,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC;IAE3E,wCAAwC;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,CACN,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,EAC5B,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAC7B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,WAAW;IACb,CAAC;IAED,0BAA0B;IAC1B,MAAM,EAAE,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,OAAO,CAAC,GAAG,CACT,KAAK,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,QAAQ,wBAAwB,IAAI,IAAI,QAAQ,GAAG,CACpF,CAAC;AACJ,CAAC"}

package/dist/core/log.d.ts

@@ -1,8 +0,0 @@
-interface LogOptions {
-    from?: string;
-    to?: string;
-    json: boolean;
-}
-export declare function generateLog(options: LogOptions): Promise<void>;
-export {};
-//# sourceMappingURL=log.d.ts.map

package/dist/core/log.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../../src/core/log.ts"],"names":[],"mappings":"AAMA,UAAU,UAAU;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,OAAO,CAAC;CACf;AAYD,wBAAsB,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2EpE"}