@paths.design/caws-cli 10.0.1 → 10.2.0

package/dist/session/session-manager.js

@@ -12,6 +12,7 @@ const path = require('path');
 const crypto = require('crypto');
 
 const { mergeFilesTouched } = require('../utils/working-state');
+const { appendEventSync } = require('../utils/event-log');
 
 const SESSIONS_DIR = '.caws/sessions';
 const REGISTRY_FILE = '.caws/sessions.json';
@@ -297,6 +298,22 @@ function startSession(options = {}) {
   };
   saveRegistry(root, registry);
 
+  // EVLOG-001: emit session_started event via the sync append path.
+  // spec_id is optional for this event type; we include it only when
+  // the session is bound to a spec.
+  const sessionStartedEvent = {
+    actor: 'session',
+    event: 'session_started',
+    data: {
+      session_id: sessionId,
+      role,
+      branch: capsule.base_state.branch,
+      head_rev: capsule.base_state.head_rev,
+    },
+  };
+  if (specId) sessionStartedEvent.spec_id = specId;
+  appendEventSync(sessionStartedEvent, { projectRoot: root, session_id: sessionId });
+
   return capsule;
 }
 
@@ -447,6 +464,23 @@ function endSession(data = {}) {
   registry.sessions[sessionId].ended_at = capsule.ended_at;
   saveRegistry(root, registry);
 
+  // EVLOG-001: emit session_ended event with final files_touched list.
+  // The renderer uses this to merge file touches into the spec view.
+  const sessionEndedEvent = {
+    actor: 'session',
+    event: 'session_ended',
+    data: {
+      session_id: sessionId,
+      files_touched: capsule.work_summary.paths_touched || [],
+      outcome: capsule.known_issues.some((i) => i.type === 'error') ? 'error' : 'success',
+    },
+  };
+  if (capsule.spec_id) {
+    sessionEndedEvent.spec_id = capsule.spec_id;
+    sessionEndedEvent.data.spec_id = capsule.spec_id;
+  }
+  appendEventSync(sessionEndedEvent, { projectRoot: root, session_id: sessionId });
+
   return capsule;
 }
 

package/dist/templates/.caws/schemas/policy.schema.json

@@ -1,50 +1,117 @@
 {
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "title": "CAWS Policy",
+  "$schema": "http://json-schema.org/draft-07/schema#",
   "type": "object",
-  "required": ["version", "risk_tiers"],
+  "required": [
+    "version",
+    "risk_tiers",
+    "edit_rules"
+  ],
   "properties": {
-    "version": { "type": "integer", "const": 1 },
+    "version": {
+      "type": "integer",
+      "enum": [
+        1
+      ],
+      "description": "Policy schema version"
+    },
     "risk_tiers": {
       "type": "object",
-      "properties": {
-        "1": { "$ref": "#/$defs/tier" },
-        "2": { "$ref": "#/$defs/tier" },
-        "3": { "$ref": "#/$defs/tier" }
+      "patternProperties": {
+        "^[1-3]$": {
+          "type": "object",
+          "required": [
+            "max_files",
+            "max_loc"
+          ],
+          "properties": {
+            "max_files": {
+              "type": "integer",
+              "minimum": 1,
+              "description": "Maximum files allowed for this risk tier"
+            },
+            "max_loc": {
+              "type": "integer",
+              "minimum": 1,
+              "description": "Maximum lines of code allowed for this risk tier"
+            },
+            "description": {
+              "type": "string",
+              "description": "Human-readable description of the tier"
+            }
+          },
+          "additionalProperties": false
+        }
       },
-      "required": ["1", "2", "3"]
+      "additionalProperties": false,
+      "description": "Risk tier definitions with budget limits"
     },
     "edit_rules": {
       "type": "object",
+      "required": [
+        "policy_and_code_same_pr",
+        "min_approvers_for_budget_raise"
+      ],
       "properties": {
-        "policy_and_code_same_pr": { "type": "boolean" },
-        "min_approvers_for_budget_raise": { "type": "integer", "minimum": 1 },
-        "require_signed_commits": { "type": "boolean" }
-      }
+        "policy_and_code_same_pr": {
+          "type": "boolean",
+          "description": "Whether policy and code changes can be in the same PR"
+        },
+        "min_approvers_for_budget_raise": {
+          "type": "integer",
+          "minimum": 1,
+          "description": "Minimum approvers required for budget increases"
+        },
+        "require_signed_commits": {
+          "type": "boolean",
+          "description": "Whether signed commits are required for policy changes"
+        }
+      },
+      "additionalProperties": false,
+      "description": "Rules governing policy file edits"
     },
     "gates": {
       "type": "object",
-      "additionalProperties": {
-        "type": "object",
-        "properties": {
-          "enabled": { "type": "boolean" },
-          "description": { "type": "string" },
-          "mode": { "type": "string", "enum": ["block", "warn", "skip"] },
-          "thresholds": { "type": "object" }
-        },
-        "required": ["enabled"]
-      }
+      "patternProperties": {
+        "^.*$": {
+          "type": "object",
+          "required": [
+            "enabled"
+          ],
+          "properties": {
+            "enabled": {
+              "type": "boolean",
+              "description": "Whether this gate is active"
+            },
+            "mode": {
+              "type": "string",
+              "enum": [
+                "warn",
+                "block",
+                "skip"
+              ],
+              "description": "How the gate reports failures: warn, block, or skip entirely"
+            },
+            "description": {
+              "type": "string",
+              "description": "Human-readable description of the gate"
+            },
+            "thresholds": {
+              "type": "object",
+              "description": "Gate-specific thresholds (e.g. warning/critical limits)"
+            }
+          },
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false,
+      "description": "Quality gate configurations"
+    },
+    "non_governed_zones": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Glob patterns (picomatch, dot:true) for paths declared outside CAWS scope enforcement. Any file matching a pattern is exempt from scope-boundary checks — neither spec.scope.in nor spec.scope.out are consulted. Intended for research, playground, or experimental subtrees where governance is explicitly off by design. Example: [\"research/**\", \"playground/**\"]. (CAWSFIX-26 / D9)"
     }
   },
-  "$defs": {
-    "tier": {
-      "type": "object",
-      "required": ["max_files", "max_loc"],
-      "properties": {
-        "max_files": { "type": "integer", "minimum": 1 },
-        "max_loc": { "type": "integer", "minimum": 1 },
-        "description": { "type": "string" }
-      }
-    }
-  }
+  "additionalProperties": false,
+  "title": "CAWS Policy"
 }

package/dist/templates/.caws/schemas/scope.schema.json

@@ -1,14 +1,14 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "title": "CAWS Lite Scope Configuration",
-  "description": "Scope configuration for CAWS lite mode — guardrails without YAML specs",
+  "description": "Scope configuration for CAWS lite mode — guardrails without YAML specs. This schema governs the standalone .caws/scope.json file ONLY; inline scope: blocks inside working-spec.yaml or feature specs are governed by the working-spec schema's scope sub-schema and do NOT invoke this schema. See CAWSFIX-11.",
   "type": "object",
-  "required": ["version", "allowedDirectories"],
+  "required": ["allowedDirectories"],
   "properties": {
     "version": {
       "type": "integer",
       "const": 1,
-      "description": "Schema version"
+      "description": "Schema version. Optional for back-compat with scope.json files that predate versioning; the runtime (src/config/lite-scope.js) defaults to 1 when missing. If present, must be exactly 1. CAWSFIX-11 lifted `version` from the required list because no code path enforces a version mismatch — only the schema did, producing spurious warnings for pre-versioning scope.json files."
     },
     "allowedDirectories": {
       "type": "array",

package/dist/templates/.caws/schemas/waivers.schema.json

@@ -1,36 +1,106 @@
 {
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$schema": "http://json-schema.org/draft-07/schema#",
   "title": "CAWS Waiver",
   "description": "Individual waiver file created by caws waivers create",
   "type": "object",
-  "required": ["id", "title", "reason", "gates", "created_at", "expires_at", "approved_by", "status"],
+  "required": ["id", "applies_to", "gates", "delta", "reason_code", "expires_at", "risk_owner", "approvers", "status"],
   "properties": {
-    "id": { "type": "string", "pattern": "^WV-\\d{4}$" },
-    "title": { "type": "string", "minLength": 1 },
-    "reason": { "type": "string", "minLength": 10 },
-    "description": { "type": "string" },
+    "id": {
+      "type": "string",
+      "pattern": "^WV-\\d{4}$",
+      "description": "Waiver ID in format WV-XXXX"
+    },
+    "applies_to": {
+      "type": "string",
+      "description": "Spec ID or PR number this waiver applies to"
+    },
     "gates": {
       "type": "array",
-      "items": { "type": "string" },
+      "items": {
+        "type": "string",
+        "enum": ["budget_limit", "spec_completeness", "contract_compliance", "coverage_threshold", "mutation_threshold", "security_scan", "accessibility_check", "performance_budget", "scope_boundary"]
+      },
+      "minItems": 1,
+      "description": "Quality gates to waive"
+    },
+    "delta": {
+      "type": "object",
+      "description": "Additive budget deltas (only positive values allowed)",
+      "properties": {
+        "max_files": {
+          "type": "integer",
+          "minimum": 0,
+          "description": "Additional files allowed"
+        },
+        "max_loc": {
+          "type": "integer",
+          "minimum": 0,
+          "description": "Additional lines of code allowed"
+        }
+      },
+      "additionalProperties": false
+    },
+    "reason_code": {
+      "type": "string",
+      "enum": ["emergency_hotfix", "legacy_integration", "experimental_feature", "third_party_constraint", "performance_critical", "security_patch", "infrastructure_limitation", "architectural_refactor", "other"],
+      "description": "Controlled vocabulary for waiver reasons"
+    },
+    "description": {
+      "type": "string",
+      "minLength": 50,
+      "maxLength": 1000,
+      "description": "Detailed explanation of why waiver is needed"
+    },
+    "mitigation": {
+      "type": "string",
+      "minLength": 50,
+      "description": "Plan to address the underlying issue"
+    },
+    "expires_at": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO 8601 datetime when waiver expires"
+    },
+    "risk_owner": {
+      "type": "string",
+      "description": "Person/entity responsible for managing this risk"
+    },
+    "approvers": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["handle"],
+        "properties": {
+          "handle": {
+            "type": "string",
+            "description": "GitHub handle or email of approver"
+          },
+          "approved_at": {
+            "type": "string",
+            "format": "date-time",
+            "description": "When this approval was given"
+          }
+        },
+        "additionalProperties": false
+      },
       "minItems": 1,
-      "description": "Gate names this waiver applies to"
+      "description": "List of people who approved this waiver"
     },
-    "created_at": { "type": "string" },
-    "expires_at": { "type": "string" },
-    "approved_by": { "type": "string" },
-    "impact_level": { "type": "string" },
-    "mitigation_plan": { "type": "string" },
     "status": {
       "type": "string",
-      "enum": ["active", "expired", "revoked"],
-      "default": "active"
+      "enum": ["proposed", "active", "expired", "revoked"],
+      "description": "Current status of the waiver"
     },
-    "created_by_session": { "type": ["string", "null"] },
-    "compensating_control": { "type": "string" },
-    "ticket_url": { "type": "string", "format": "uri" },
-    "revoked_at": { "type": "string" },
-    "revoked_by": { "type": "string" },
-    "revocation_reason": { "type": "string" }
+    "metadata": {
+      "type": "object",
+      "properties": {
+        "related_pr": { "type": "string" },
+        "related_issue": { "type": "string" },
+        "environment": { "type": "string", "enum": ["development", "staging", "production"] },
+        "urgency": { "type": "string", "enum": ["low", "normal", "high", "critical"] }
+      },
+      "additionalProperties": false
+    }
   },
   "additionalProperties": false
 }