@ngocsangairvds/vsaf 3.0.3 → 3.0.4

package/README.md

@@ -64,12 +64,12 @@ first 30 days.
 ```
 .
 ├── .claude/
-│   ├── settings.json       # Security hooks: block secrets, protect config files
+│   ├── settings.json       # Local AI settings (optional hook policy)
 │   └── skills/              # Coding standards for Go, Rust, Python
 ├── docs/
 │   ├── architecture/        # Architecture documents (from BMAD Architect)
 │   └── onboarding/          # Developer onboarding (see table above)
-├── githooks/                # Git hooks (pre-push runs verify + security scan)
+├── githooks/                # Optional local hooks (disabled by default)
 ├── graphify-out/            # Graphify output (gitignored, regenerated by `vsaf index`)
 ├── openspec/                # OpenSpec workspace (proposals, specs, designs, tasks)
 ├── scripts/
@@ -111,7 +111,7 @@ for a full command-by-command example.
 | **BMAD Method** | AI agents for planning: Analyst, PM, Architect, Product Owner | Free |
 | **OpenSpec** | Spec-driven development: proposals, specs, designs, task lists, verification | Free |
 | **Superpowers** | Methodology engine: brainstorm, plan, TDD execution, code review | Free |
-| **Security guardrails** | Security scanner + git hooks (block secrets) + coding standards | Free |
+| **Security guardrails** | Optional hooks/policies + coding standards (team-defined security scanning) | Free |
 | **GitNexus** | Code knowledge graph via MCP — impact analysis, dependency queries | Free |
 | **Graphify** | Multimodal knowledge graph — visual dependency maps, path tracing | Free |
 | **claude-mem** | Auto-pilot memory — captures sessions, re-injects context next time | Free |
@@ -121,4 +121,4 @@ for a full command-by-command example.
 
 **Core principles:** Spec before code. Context is king. Git is source of truth.
 3-layer review before every PR. Re-index after every merge. Mine decisions
-weekly.
+weekly. Hooks are optional in the current simplified setup.

package/bin/vsaf.js

@@ -12,7 +12,7 @@ USAGE
   vsaf project    Scaffold project files only (assumes global done)
   vsaf status     Show installation status
   vsaf index      Re-index codebase (GitNexus + Graphify)
-  vsaf verify     Check implementation against OpenSpec specs
+  vsaf verify     Check implementation against OpenSpec specs (manual pre-push gate)
   vsaf review     Run 3-layer review flow
   vsaf archive    Archive specs and re-index
   vsaf mine       Mine conversations into MemPalace
@@ -23,7 +23,7 @@ GLOBAL  (once per machine → ~/.claude/)
   Binaries: gitnexus, openspec, graphify, mempalace, bun, claude-mem
 
 PER PROJECT  (per repo, run inside the repo root)
-  .claude/settings.json   Hooks: secret detection, protected files
+  .claude/settings.json   Local AI settings (optional hook policy)
   .claude/skills + .codex/skills  BMAD skills synced for local clients
   _bmad + _bmad-output    BMAD workspace + generated artifacts folders
   CLAUDE.md               10-step workflow rules
@@ -36,6 +36,13 @@ EXAMPLES
 `;
 
 async function main() {
+  const runAndExit = (result, label) => {
+    if (result === false) {
+      console.error(`\n${label} failed.`);
+      process.exit(1);
+    }
+  };
+
   switch (cmd) {
     case 'init': {
       const { installGlobal } = require('../src/global');
@@ -61,32 +68,32 @@ async function main() {
     }
     case 'index': {
       const { runIndex } = require('../src/workflow');
-      runIndex();
+      runAndExit(runIndex(), 'Index');
       break;
     }
     case 'verify': {
       const { runVerify } = require('../src/workflow');
-      runVerify();
+      runAndExit(runVerify(), 'Verify');
       break;
     }
     case 'review': {
       const { runReview } = require('../src/workflow');
-      runReview();
+      runAndExit(runReview(), 'Review');
       break;
     }
     case 'archive': {
       const { runArchive } = require('../src/workflow');
-      runArchive();
+      runAndExit(runArchive(), 'Archive');
       break;
     }
     case 'mine': {
       const { runMine } = require('../src/workflow');
-      runMine();
+      runAndExit(runMine(), 'Mine');
       break;
     }
     case 'clean': {
       const { runClean } = require('../src/workflow');
-      runClean();
+      runAndExit(runClean(), 'Clean');
       break;
     }
     default:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ngocsangairvds/vsaf",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "description": "VSAF — Agentic AI SDLC Framework. Spec-driven development, 3-layer review, 7 integrated tools.",
   "keywords": ["claude", "claude-code", "ai", "sdlc", "framework", "bmad", "openspec"],
   "bin": {

package/src/project.js

@@ -20,7 +20,6 @@ async function installProject() {
   initOpenSpec();
   initGitNexus();
   initMemPalace();
-  configureGitHooks();
 
   console.log('\n\x1b[32m\x1b[1m✓ Project ready.\x1b[0m');
   console.log('\n  Next steps:');
@@ -164,12 +163,5 @@ function initMemPalace() {
   exec(`mempalace init --yes "${CWD}"`, { cwd: CWD }) ? ok('MemPalace initialised') : warn('mempalace init failed — run manually');
 }
 
-function configureGitHooks() {
-  step('Git hooks');
-  if (!fs.existsSync(path.join(CWD, '.git'))) { warn('Not a git repo — skipping'); return; }
-  fs.mkdirSync(path.join(CWD, 'githooks'), { recursive: true });
-  exec('git config core.hooksPath githooks/', { cwd: CWD });
-  ok('Git hooks path → githooks/');
-}
 
 module.exports = { installProject };

package/src/status.js

@@ -17,7 +17,7 @@ async function showStatus() {
 
   // ── Project ────────────────────────────────────────────────────────────────
   console.log('\n\x1b[1mProject  (current repo)\x1b[0m');
-  checkPath('.claude/settings.json', 'Project settings');
+  checkPath('.claude/settings.json', 'Project settings (optional hooks)');
   checkPath('CLAUDE.md',             'Workflow rules');
   checkPath('_bmad',                 'BMAD workspace');
   checkPath('_bmad-output',          'BMAD output folder');
@@ -26,7 +26,6 @@ async function showStatus() {
   checkPath('.gitnexus',             'GitNexus index');
   checkPath('openspec',              'OpenSpec');
   checkPath('mempalace.yaml',        'MemPalace');
-  checkPath('githooks',              'Git hooks');
   console.log('');
 }
 

package/src/workflow.js

@@ -7,76 +7,95 @@ function runIndex() {
 
   if (!hasCommand('gitnexus')) {
     warn('gitnexus not found — run: vsaf global');
-    return;
+    return false;
   }
 
   info('Running gitnexus analyze...');
-  exec('gitnexus analyze') ? ok('GitNexus index updated') : warn('gitnexus analyze failed — run manually');
+  const gitnexusOk = exec('gitnexus analyze');
+  gitnexusOk ? ok('GitNexus index updated') : warn('gitnexus analyze failed — run manually');
 
   if (!hasCommand('graphify')) {
     warn('graphify not found — skipping graphify update');
-    return;
+    return false;
   }
 
   info('Running graphify update...');
-  exec('graphify . --update') ? ok('Graphify updated') : warn('graphify update failed — run manually');
+  const graphifyOk = exec('graphify update .');
+  graphifyOk ? ok('Graphify updated') : warn('graphify update failed — run manually');
+
+  return gitnexusOk && graphifyOk;
 }
 
 function runVerify() {
   step('Verify');
   if (!hasCommand('openspec')) {
     warn('openspec not found — run: vsaf global');
-    return;
+    return false;
   }
 
   info('Running openspec validate --all...');
-  exec('openspec validate --all') ? ok('OpenSpec verification passed') : warn('OpenSpec verification failed');
+  const okVerify = exec('openspec validate --all');
+  okVerify ? ok('OpenSpec verification passed') : warn('OpenSpec verification failed');
+  return okVerify;
 }
 
 function runReview() {
   step('Review (3-layer)');
   info('Layer 1: Methodology review — run in Claude Code: /superpowers:code-review');
   info('Layer 2: Spec compliance');
-  runVerify();
+  const verifyOk = runVerify();
   info('Layer 3: Knowledge graph sync');
-  runIndex();
-  ok('Review flow completed');
+  const indexOk = runIndex();
+
+  if (verifyOk && indexOk) {
+    ok('Review flow completed');
+    return true;
+  }
+
+  warn('Review flow completed with failures. Fix warnings and re-run.');
+  return false;
 }
 
 function runArchive() {
   step('Archive');
   if (!hasCommand('openspec')) {
     warn('openspec not found — run: vsaf global');
-    return;
+    return false;
   }
 
   info('Running openspec archive...');
-  exec('openspec archive') ? ok('OpenSpec archived') : warn('openspec archive failed — run manually');
-  runIndex();
+  const archiveOk = exec('openspec archive');
+  archiveOk ? ok('OpenSpec archived') : warn('openspec archive failed — run manually');
+  const indexOk = runIndex();
+  return archiveOk && indexOk;
 }
 
 function runMine() {
   step('Mine');
   if (!hasCommand('mempalace')) {
     warn('mempalace not found — run: vsaf global');
-    return;
+    return false;
   }
 
   info('Running mempalace mine ~/chats/ --mode convos --extract general...');
-  exec('mempalace mine ~/chats/ --mode convos --extract general')
+  const mineOk = exec('mempalace mine ~/chats/ --mode convos --extract general');
+  mineOk
     ? ok('MemPalace mine completed')
     : warn('mempalace mine failed — run manually');
+  return mineOk;
 }
 
 function runClean() {
   step('Clean');
   if (!hasCommand('gitnexus')) {
     warn('gitnexus not found — run: vsaf global');
-    return;
+    return false;
   }
 
   info('Running gitnexus clean...');
-  exec('gitnexus clean') ? ok('GitNexus index cleaned') : warn('gitnexus clean failed — run manually');
+  const cleanOk = exec('gitnexus clean');
+  cleanOk ? ok('GitNexus index cleaned') : warn('gitnexus clean failed — run manually');
+  return cleanOk;
 }
 
 module.exports = { runIndex, runVerify, runReview, runArchive, runMine, runClean };