@nerviq/cli 1.23.0 → 1.24.0

package/README.md

@@ -223,8 +223,8 @@ All successful operational responses are wrapped in a JSON envelope:
 {
   "data": {},
   "meta": {
-    "version": "1.23.0",
-    "timestamp": "2026-04-15T02:00:00.000Z"
+    "version": "1.24.0",
+    "timestamp": "2026-04-15T06:00:00.000Z"
   }
 }
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nerviq/cli",
-  "version": "1.23.0",
+  "version": "1.24.0",
   "description": "The intelligent nervous system for AI coding agents — 2,441 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
   "main": "src/index.js",
   "bin": {

package/src/techniques/automation.js

@@ -8,6 +8,27 @@ const {
   readProjectFiles,
 } = require('./shared');
 
+// PP-06 recalibration helpers: opt-in signals. Repos with no infra/hooks
+// signal at all get N/A instead of a hard fail on opt-in advisories.
+function _repoHasInfraSignal(ctx) {
+  return ctx.files.some(f => /^Dockerfile/i.test(f))
+    || ctx.files.some(f => /^docker-compose\.(yml|yaml)$/i.test(f))
+    || ctx.files.some(f => /\.tf$/.test(f))
+    || ctx.files.includes('main.tf')
+    || ctx.hasDir('k8s')
+    || ctx.hasDir('kubernetes')
+    || ctx.hasDir('infra')
+    || ctx.hasDir('terraform')
+    || ctx.hasDir('deploy');
+}
+
+function _repoHasHooksBlock(ctx) {
+  const shared = ctx.jsonFile('.claude/settings.json') || {};
+  const local = ctx.jsonFile('.claude/settings.local.json') || {};
+  return !!((shared.hooks && Object.keys(shared.hooks).length > 0)
+    || (local.hooks && Object.keys(local.hooks).length > 0));
+}
+
 module.exports = {
   hooks: {
       id: 19,
@@ -91,7 +112,11 @@ module.exports = {
   dockerfile: {
       id: 399,
       name: 'Has Dockerfile',
-      check: (ctx) => ctx.files.some(f => /^Dockerfile/i.test(f)),
+      check: (ctx) => {
+        if (ctx.files.some(f => /^Dockerfile/i.test(f))) return true;
+        // PP-06 recalibration: N/A on repos with no infra signal at all.
+        return _repoHasInfraSignal(ctx) ? false : null;
+      },
       impact: 'medium',
       rating: 3,
       category: 'devops',
@@ -102,7 +127,11 @@ module.exports = {
   dockerCompose: {
       id: 39901,
       name: 'Has docker-compose.yml',
-      check: (ctx) => ctx.files.some(f => /^docker-compose\.(yml|yaml)$/i.test(f)),
+      check: (ctx) => {
+        if (ctx.files.some(f => /^docker-compose\.(yml|yaml)$/i.test(f))) return true;
+        // PP-06 recalibration: N/A on repos with no infra signal at all.
+        return _repoHasInfraSignal(ctx) ? false : null;
+      },
       impact: 'medium',
       rating: 3,
       category: 'devops',
@@ -126,7 +155,11 @@ module.exports = {
   terraformFiles: {
       id: 397,
       name: 'Infrastructure as Code (Terraform)',
-      check: (ctx) => ctx.files.some(f => /\.tf$/.test(f)) || ctx.files.includes('main.tf'),
+      check: (ctx) => {
+        if (ctx.files.some(f => /\.tf$/.test(f)) || ctx.files.includes('main.tf')) return true;
+        // PP-06 recalibration: N/A on repos with no infra signal at all.
+        return _repoHasInfraSignal(ctx) ? false : null;
+      },
       impact: 'medium',
       rating: 3,
       category: 'devops',
@@ -290,7 +323,9 @@ module.exports = {
       check: (ctx) => {
         const shared = ctx.jsonFile('.claude/settings.json') || {};
         const local = ctx.jsonFile('.claude/settings.local.json') || {};
-        return !!(shared.hooks?.Notification || local.hooks?.Notification);
+        if (shared.hooks?.Notification || local.hooks?.Notification) return true;
+        // PP-06 recalibration: N/A unless settings define a hooks block at all.
+        return _repoHasHooksBlock(ctx) ? false : null;
       },
       impact: 'low',
       rating: 2,
@@ -305,7 +340,9 @@ module.exports = {
       check: (ctx) => {
         const shared = ctx.jsonFile('.claude/settings.json') || {};
         const local = ctx.jsonFile('.claude/settings.local.json') || {};
-        return !!(shared.hooks?.SubagentStop || local.hooks?.SubagentStop);
+        if (shared.hooks?.SubagentStop || local.hooks?.SubagentStop) return true;
+        // PP-06 recalibration: N/A unless settings define a hooks block at all.
+        return _repoHasHooksBlock(ctx) ? false : null;
       },
       impact: 'low',
       rating: 2,

package/src/techniques/instructions.js

@@ -50,8 +50,17 @@ module.exports = {
       name: 'CLAUDE.md uses @path imports for modularity',
       check: (ctx) => {
         const md = ctx.claudeMdContent() || '';
-        // Current syntax is @path/to/file (no "import" keyword)
-        return /@\S+\.(md|txt|json|yml|yaml|toml)/i.test(md) || /@\w+\//.test(md);
+        // Positive-signal check (PP-06 recalibration): N/A when no CLAUDE.md
+        // surface exists, so we don't fail every repo that happens to have a
+        // short CLAUDE.md. Only fire as an advisory on long CLAUDE.md files
+        // where modular @-imports would genuinely help.
+        if (!md) return null;
+        const hasImport = /@\S+\.(md|txt|json|yml|yaml|toml)/i.test(md) || /@\w+\//.test(md);
+        if (hasImport) return true;
+        // Only advise splitting when the CLAUDE.md is long enough to warrant it.
+        const lineCount = md.split('\n').length;
+        if (lineCount < 80) return null;
+        return false;
       },
       impact: 'medium',
       rating: 4,
@@ -140,8 +149,17 @@ module.exports = {
       id: 2002,
       name: 'CLAUDE.local.md for personal overrides',
       check: (ctx) => {
-        // CLAUDE.local.md is for personal, non-committed overrides
-        return ctx.files.includes('CLAUDE.local.md') || ctx.files.includes('.claude/CLAUDE.local.md');
+        // CLAUDE.local.md is for personal, non-committed overrides.
+        const hasLocal = ctx.files.includes('CLAUDE.local.md') || ctx.files.includes('.claude/CLAUDE.local.md');
+        if (hasLocal) return true;
+        // PP-06 recalibration: N/A when the repo has no personal-overrides
+        // convention at all. Only advise creating CLAUDE.local.md when the
+        // repo explicitly opts in to that convention (references it in
+        // .gitignore or in CLAUDE.md).
+        const gitignore = ctx.fileContent('.gitignore') || '';
+        const md = ctx.claudeMdContent() || '';
+        const mentioned = /CLAUDE\.local\.md/i.test(gitignore) || /CLAUDE\.local\.md/i.test(md);
+        return mentioned ? false : null;
       },
       impact: 'low',
       rating: 2,
@@ -155,7 +173,12 @@ module.exports = {
       name: 'Auto-memory or memory management mentioned',
       check: (ctx) => {
         const md = ctx.claudeMdContent() || '';
-        return /auto.?memory|memory.*manage|remember|persistent.*context/i.test(md);
+        if (/auto.?memory|memory.*manage|remember|persistent.*context/i.test(md)) return true;
+        // PP-06 recalibration: N/A on repos that don't use Claude Code memory
+        // at all. Only fire the advisory when the repo opts in (mentions memory
+        // or has a memory directory under .claude/).
+        const opts_in = /\bmemory\b/i.test(md) || ctx.hasDir('.claude/memory');
+        return opts_in ? false : null;
       },
       impact: 'low', rating: 3, category: 'memory',
       fix: 'Claude Code supports auto-memory for cross-session learning. Mention your memory strategy if relevant.',

package/src/techniques/tools.js

@@ -6,6 +6,20 @@
 const {
 } = require('./shared');
 
+// PP-06 recalibration: opt-in signal for MCP. A repo "opts in" to MCP checks if
+// it has any MCP file (even empty/partial) or mentions MCP in its Claude
+// instructions. Repos with no MCP signal at all get N/A on MCP advisories
+// instead of a hard fail.
+function _repoOptsInToMcp(ctx) {
+  if (ctx.files.includes('.mcp.json')) return true;
+  const shared = ctx.jsonFile('.claude/settings.json') || {};
+  const local = ctx.jsonFile('.claude/settings.local.json') || {};
+  if (shared.mcpServers || local.mcpServers) return true;
+  const md = ctx.claudeMdContent() || '';
+  if (/\bMCP\b|mcpServers|model[\s-]?context[\s-]?protocol/i.test(md)) return true;
+  return false;
+}
+
 module.exports = {
   mcpServers: {
       id: 18,
@@ -16,7 +30,9 @@ module.exports = {
         if (mcpJson && mcpJson.mcpServers && Object.keys(mcpJson.mcpServers).length > 0) return true;
         // Fallback: check settings for legacy format
         const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
-        return !!(settings && settings.mcpServers && Object.keys(settings.mcpServers).length > 0);
+        if (settings && settings.mcpServers && Object.keys(settings.mcpServers).length > 0) return true;
+        // PP-06 recalibration: N/A on repos that don't reference MCP at all.
+        return _repoOptsInToMcp(ctx) ? false : null;
       },
       impact: 'medium',
       rating: 3,
@@ -34,7 +50,9 @@ module.exports = {
         if (mcpJson && mcpJson.mcpServers) count += Object.keys(mcpJson.mcpServers).length;
         const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
         if (settings && settings.mcpServers) count += Object.keys(settings.mcpServers).length;
-        return count >= 2;
+        if (count >= 2) return true;
+        // PP-06 recalibration: N/A on repos that don't reference MCP at all.
+        return _repoOptsInToMcp(ctx) ? false : null;
       },
       impact: 'medium',
       rating: 4,
@@ -51,7 +69,10 @@ module.exports = {
         const local = ctx.jsonFile('.claude/settings.local.json') || {};
         const mcp = ctx.jsonFile('.mcp.json') || {};
         const all = { ...(shared.mcpServers || {}), ...(local.mcpServers || {}), ...(mcp.mcpServers || {}) };
-        if (Object.keys(all).length === 0) return false;
+        if (Object.keys(all).length === 0) {
+          // PP-06 recalibration: N/A on repos that don't reference MCP at all.
+          return _repoOptsInToMcp(ctx) ? false : null;
+        }
         return Object.keys(all).some(k => /context7/i.test(k));
       },
       impact: 'medium',