@ngocsangairvds/vsaf 3.0.5 → 3.0.6

package/.claude/skills/gitnexus/gitnexus-cli/SKILL.md

@@ -22,7 +22,7 @@ Run from the project root. This parses all source files, builds the knowledge gr
 | `--force`      | Force full re-index even if up to date                           |
 | `--embeddings` | Enable embedding generation for semantic search (off by default) |
 
-**When to run:** First time in a project, after major code changes, or when `gitnexus://repo/{name}/context` reports the index is stale. In Claude Code, a PostToolUse hook runs `analyze` automatically after `git commit` and `git merge`, preserving embeddings if previously generated.
+**When to run:** First time in a project, after major code changes, or when `gitnexus://repo/{name}/context` reports the index is stale. Re-run `npx gitnexus analyze` manually after commits/merges when needed.
 
 ### status — Check index freshness
 

package/README.md

@@ -67,7 +67,7 @@ first 30 days.
 ```
 .
 ├── .claude/
-│   ├── settings.json       # Local AI settings (hook policy)
+│   ├── settings.json       # Local AI settings
 │   └── skills/             # VSAF + BMAD + GitNexus skills
 ├── _bmad/                  # BMAD agent workspace
 ├── _bmad-output/           # BMAD generated artifacts (PRDs, arch docs)
@@ -91,13 +91,14 @@ Run `npx @ngocsangairvds/vsaf@latest --help` for the full list. Highlights:
 | `vsaf index` | Re-index codebase (GitNexus) — run after every merge |
 | `vsaf review` | 2-layer review coordinator |
 | `vsaf status` | Show status of all installed tools |
-| `vsaf mine` | Extract decisions from conversations into MemPalace |
+| `vsaf mine` | Extract decisions into MemPalace (weekly + after major decisions) |
 
 ## Workflow
 
 Every feature follows an **8-step cycle**: scope → plan → impact analysis →
 brainstorm → TDD execute → 2-layer review → push.
-Bug fixes ("Quick Flow") skip planning steps and go straight to brainstorm.
+Bug fixes ("Quick Flow") skip BMAD planning docs, but still require
+`gitnexus_impact` before editing symbols and `gitnexus_detect_changes` before commit.
 
 See [1-setup-guide.md § Your First Project](docs/onboarding/1-setup-guide.md#5-your-first-project--a-walkthrough)
 for a walkthrough, or [2-workflow-guide.md § JWT Demo](docs/onboarding/2-workflow-guide.md#4-full-sdlc-demo)
@@ -116,5 +117,6 @@ for a full command-by-command example.
 ---
 
 **Core principles:** Plan before code. Impact analysis before touching any symbol.
-2-layer review before every PR. Re-index after every merge. Mine decisions
-weekly. MemPalace = decisions. Not CLAUDE.md.
+Run `gitnexus_detect_changes` before commit. 2-layer review before every PR.
+Re-index after every merge. Mine decisions weekly and after major decisions.
+MemPalace = decisions. Not CLAUDE.md.

package/assets/templates/.claude/settings.json

@@ -1,37 +1,4 @@
 {
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Edit|Write|Create|MultiEdit",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "FILE=\"$TOOL_INPUT_FILE\"; if [ -n \"$FILE\" ]; then if echo \"$FILE\" | grep -qE '\\.env$|\\.env\\.|\\.pem$|\\.key$|id_rsa|id_ed25519|\\.claude/settings\\.json'; then echo 'BLOCK: Protected file. Manual edit required for secrets/config files.'; exit 2; fi; fi"
-          }
-        ]
-      },
-      {
-        "matcher": "Edit|Write|Create|Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "INPUT=\"$TOOL_INPUT\"; if [ -n \"$INPUT\" ]; then if echo \"$INPUT\" | grep -qE 'AKIA[0-9A-Z]{16}|ASIA[0-9A-Z]{16}|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{48}|xox[bpoas]-[a-zA-Z0-9-]+|eyJ[a-zA-Z0-9_-]*\\.[a-zA-Z0-9_-]*\\.[a-zA-Z0-9_-]*'; then echo 'BLOCK: Hardcoded secret/token detected. Use environment variables.'; exit 2; fi; fi"
-          }
-        ]
-      }
-    ],
-    "Stop": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "ISSUES=\"\"; SECRETS=$(git diff --cached --diff-filter=ACM --name-only 2>/dev/null | xargs grep -lE \"AKIA[0-9A-Z]{16}|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{48}|xox[bpoas]-|BEGIN.*PRIVATE\" 2>/dev/null) || true; [ -n \"$SECRETS\" ] && ISSUES=\"${ISSUES}WARNING: Possible secrets staged: ${SECRETS} \"; LOGS=$(git diff --cached --name-only 2>/dev/null | xargs grep -lE \"console[.]log|debugger\" 2>/dev/null) || true; [ -n \"$LOGS\" ] && ISSUES=\"${ISSUES}WARNING: Debug artifacts in staged files: ${LOGS} \"; [ -n \"$ISSUES\" ] && echo \"$ISSUES\""
-          }
-        ]
-      }
-    ]
-  },
   "permissions": {
     "allow": [
       "Read",

package/assets/templates/CLAUDE.md

@@ -186,4 +186,3 @@ PR description must include: impact summary (from GitNexus), test results.
 ## Security
 
 - Never hardcode credentials. Use environment variables.
-- Review `.claude/settings.json` hook rules if a block triggers unexpectedly.

package/bin/vsaf.js

@@ -21,7 +21,7 @@ GLOBAL  (once per machine → ~/.claude/)
   Binaries: gitnexus, mempalace
 
 PER PROJECT  (per repo, run inside the repo root)
-  .claude/settings.json   Local AI settings (hook policy)
+  .claude/settings.json   Local AI settings
   .claude/skills + .codex/skills  BMAD skills synced for local clients
   _bmad + _bmad-output    BMAD workspace + generated artifacts folders
   CLAUDE.md               8-step workflow rules

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ngocsangairvds/vsaf",
-  "version": "3.0.5",
+  "version": "3.0.6",
   "description": "VSAF — Agentic AI SDLC Framework. 4 integrated tools: BMAD, GitNexus, Superpowers, MemPalace. 2-layer review.",
   "keywords": ["claude", "claude-code", "ai", "sdlc", "framework", "bmad", "gitnexus", "mempalace"],
   "bin": {

package/src/status.js

@@ -14,7 +14,7 @@ async function showStatus() {
 
   // ── Project ────────────────────────────────────────────────────────────────
   console.log('\n\x1b[1mProject  (current repo)\x1b[0m');
-  checkPath('.claude/settings.json', 'Project settings (hooks)');
+  checkPath('.claude/settings.json', 'Project settings');
   checkPath('CLAUDE.md',             'Workflow rules');
   checkPath('_bmad',                 'BMAD workspace');
   checkPath('_bmad-output',          'BMAD output folder');

package/assets/templates/scripts/session-end-check.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-# Session-end verification hook for Claude Code.
-# Checks staged files for secrets and debug artifacts.
-set -euo pipefail
-
-cd "${PROJECT_DIR:-.}" 2>/dev/null || exit 0
-
-ISSUES=""
-
-# Check for hardcoded secrets in staged files
-SECRETS=$(git diff --cached --diff-filter=ACM --name-only 2>/dev/null \
-  | xargs grep -lE 'AKIA[0-9A-Z]{16}|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{48}|xox[bpoas]-|BEGIN.*PRIVATE' 2>/dev/null) || true
-
-if [ -n "$SECRETS" ]; then
-  ISSUES="${ISSUES}WARNING: Possible secrets staged: ${SECRETS} "
-fi
-
-# Check for debug artifacts in staged files
-LOGS=$(git diff --cached --name-only 2>/dev/null \
-  | xargs grep -lE 'console[.]log|debugger' 2>/dev/null) || true
-
-if [ -n "$LOGS" ]; then
-  ISSUES="${ISSUES}WARNING: Debug artifacts in staged files: ${LOGS} "
-fi
-
-if [ -n "$ISSUES" ]; then
-  echo "$ISSUES"
-fi