@paths.design/caws-cli 3.1.0 → 3.2.0

package/templates/.vscode/settings.json

@@ -0,0 +1,93 @@
+{
+  // CAWS VS Code Extension Settings
+  "caws.cli.path": "caws",
+  "caws.autoValidate": true,
+  "caws.showQualityStatus": true,
+  "caws.experimentalMode": false,
+
+  // General IDE settings that work well with CAWS
+  "editor.formatOnSave": true,
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit",
+    "source.organizeImports": "explicit"
+  },
+
+  // File associations for CAWS files
+  "files.associations": {
+    ".caws/working-spec.yaml": "yaml",
+    ".caws/waivers/*.yaml": "yaml",
+    "apps/tools/caws/*.js": "javascript"
+  },
+
+  // Exclude CAWS-generated files from search and navigation
+  "files.exclude": {
+    ".caws/cache/": true,
+    ".caws/waivers/review-*.md": true
+  },
+
+  // Search excludes for CAWS artifacts
+  "search.exclude": {
+    ".caws/cache/**": true,
+    "packages/*/dist/**": true,
+    "packages/*/node_modules/**": true
+  },
+
+  // CAWS-aware task definitions
+  "tasks": {
+    "version": "2.0.0",
+    "tasks": [
+      {
+        "label": "CAWS: Validate",
+        "type": "shell",
+        "command": "caws",
+        "args": ["validate"],
+        "group": {
+          "kind": "build",
+          "isDefault": true
+        },
+        "presentation": {
+          "echo": true,
+          "reveal": "always",
+          "focus": false,
+          "panel": "shared"
+        },
+        "problemMatcher": []
+      },
+      {
+        "label": "CAWS: Evaluate Quality",
+        "type": "shell",
+        "command": "caws",
+        "args": ["agent", "evaluate", ".caws/working-spec.yaml"],
+        "group": "test",
+        "presentation": {
+          "echo": true,
+          "reveal": "always",
+          "focus": false,
+          "panel": "shared"
+        }
+      },
+      {
+        "label": "CAWS: Create Waiver",
+        "type": "shell",
+        "command": "caws",
+        "args": ["waivers", "create"],
+        "group": "build"
+      }
+    ]
+  },
+
+  // Recommended extensions for CAWS development
+  "recommendations": [
+    "ms-vscode.vscode-json",
+    "redhat.vscode-yaml",
+    "ms-vscode.vscode-typescript-next",
+    "esbenp.prettier-vscode",
+    "dbaeumer.vscode-eslint"
+  ],
+
+  // Workspace-specific settings
+  "yaml.schemas": {
+    "./.caws/schema/working-spec.schema.json": ".caws/working-spec.yaml",
+    "./.caws/schema/waiver.schema.json": ".caws/waivers/*.yaml"
+  }
+}

package/templates/.windsurf/workflows/caws-guided-development.md

@@ -0,0 +1,92 @@
+# /caws-guided-development
+
+## CAWS-Guided Feature Development Workflow
+
+**Purpose**: Guide agents through feature development with CAWS quality assurance
+
+**Tags**: development, quality, caws, feature
+
+---
+
+### 1. Initialize CAWS Working Spec
+```
+# Create comprehensive working specification
+caws init feature-name --interactive
+
+# Define acceptance criteria, scope, and risk assessment
+# Working spec: .caws/working-spec.yaml
+```
+
+### 2. Plan Implementation Strategy
+```
+# Get CAWS guidance for implementation approach
+caws agent iterate --current-state "Planning phase complete, need implementation strategy"
+
+# CAWS will suggest:
+# - Implementation steps
+# - Quality gates to consider
+# - Risk mitigation strategies
+# - Testing approach
+```
+
+### 3. Implement Core Functionality
+```
+# Start coding with CAWS quality monitoring
+# Real-time feedback via CAWS tools
+
+# Regular quality checks
+caws agent evaluate --quiet
+```
+
+### 4. Quality Assurance Integration
+```
+# Run comprehensive quality gates
+caws validate
+
+# Address any failing gates
+# Create waivers if justified
+caws waivers create --reason emergency_hotfix --gates coverage_threshold
+```
+
+### 5. Testing & Validation
+```
+# Unit tests
+npm run test:unit
+
+# Integration tests
+npm run test:integration
+
+# Contract tests
+npm run test:contract
+```
+
+### 6. Final Quality Review
+```
+# Complete CAWS evaluation
+caws agent evaluate
+
+# Generate provenance report
+caws provenance generate
+
+# Ready for integration
+```
+
+---
+
+**Quality Gates**:
+- ✅ Working spec validation
+- ✅ Code quality standards
+- ✅ Test coverage requirements
+- ✅ Security scanning
+- ✅ Performance budgets
+
+**Success Criteria**:
+- All CAWS quality gates pass
+- Acceptance criteria met
+- No critical security issues
+- Performance requirements satisfied
+
+**Call Other Workflows**:
+- `/caws-testing-workflow` - Comprehensive testing
+- `/caws-security-review` - Security validation
+- `/caws-deployment-checklist` - Deployment preparation

package/templates/apps/tools/caws/README.md

@@ -427,7 +427,7 @@ jobs:
 
 ## 📚 Documentation
 
-- [Quick Start Guide](../../docs/QUICK_START_HOOKS.md)
+- [Hooks & Agent Workflows Guide](../../docs/guides/hooks-and-agent-workflows.md)
 - [Hook Strategy](../../docs/HOOK_STRATEGY.md)
 - [Developer Guide](../../docs/caws-developer-guide.md)
 - [API Documentation](../../docs/api/)

package/templates/apps/tools/caws/schemas/working-spec.schema.json

@@ -6,6 +6,9 @@
     "id",
     "title",
     "risk_tier",
+    "mode",
+    "blast_radius",
+    "operational_rollback_slo",
     "scope",
     "invariants",
     "acceptance",
@@ -13,9 +16,24 @@
     "contracts"
   ],
   "properties": {
-    "id": { "type": "string", "pattern": "^[A-Z]+-\\d+$" },
-    "title": { "type": "string", "minLength": 8 },
-    "risk_tier": { "type": "integer", "enum": [1, 2, 3] },
+    "id": { "type": "string", "pattern": "^(PROJ|FEAT|FIX|ARCH)-\\d{4}$" },
+    "title": { "type": "string", "minLength": 10, "maxLength": 200 },
+    "risk_tier": { "type": ["integer", "string"], "enum": [1, 2, 3, "1", "2", "3"] },
+    "mode": { "type": "string", "enum": ["feature", "refactor", "fix", "doc", "chore"] },
+    "waiver_ids": {
+      "type": "array",
+      "items": { "type": "string", "pattern": "^WV-\\d{4}$" },
+      "description": "IDs of active waivers applying to this spec"
+    },
+    "blast_radius": {
+      "type": "object",
+      "required": ["modules"],
+      "properties": {
+        "modules": { "type": "array", "items": { "type": "string" } },
+        "data_migration": { "type": "boolean" }
+      }
+    },
+    "operational_rollback_slo": { "type": "string" },
     "scope": {
       "type": "object",
       "required": ["in", "out"],

package/templates/codemod/test.js

@@ -1 +1,93 @@
-console.log('mock codemod');
+#!/usr/bin/env node
+
+/**
+ * Template Codemod for CAWS Framework
+ * Automated code transformations for refactoring
+ * @author CAWS Framework
+ */
+
+const tsMorph = require('ts-morph');
+
+function applyCodemod(dryRun = true) {
+  console.log('🔧 Applying codemod transformations...');
+
+  const project = new tsMorph.Project();
+
+  // Load all TypeScript source files
+  const sourceFiles = project.addSourceFilesAtPaths('src/**/*.ts');
+
+  if (sourceFiles.length === 0) {
+    console.log('⚠️  No TypeScript source files found in src/ directory');
+    return { filesProcessed: 0, changesApplied: 0 };
+  }
+
+  console.log(`📁 Processing ${sourceFiles.length} source files`);
+  let totalChanges = 0;
+
+  for (const sourceFile of sourceFiles) {
+    const filePath = sourceFile.getFilePath();
+    console.log(`Processing: ${filePath}`);
+
+    let fileChanges = 0;
+
+    // Example transformations - customize these for your specific needs:
+
+    // 1. Add JSDoc to exported functions without documentation
+    const exportedFunctions = sourceFile
+      .getFunctions()
+      .filter((func) => func.isExported && !func.getJsDocs().length);
+
+    for (const func of exportedFunctions) {
+      func.addJsDoc({
+        description: `Handles ${func.getName()} operations`,
+        tags: [
+          { tagName: 'param', text: 'options - Configuration options' },
+          { tagName: 'returns', text: 'Result of the operation' },
+        ],
+      });
+      fileChanges++;
+    }
+
+    // 2. Add type annotations to untyped parameters (example)
+    // const untypedParams = sourceFile.getDescendantsOfKind(tsMorph.SyntaxKind.Parameter)
+    //   .filter(param => !param.getTypeNode());
+    // Add your transformation logic here...
+
+    if (fileChanges > 0) {
+      console.log(`  ✅ Applied ${fileChanges} transformations`);
+      totalChanges += fileChanges;
+    }
+  }
+
+  console.log(`📊 Codemod complete: ${totalChanges} total transformations`);
+
+  if (!dryRun) {
+    console.log('💾 Saving changes...');
+    project.saveSync();
+    console.log('✅ All changes saved successfully');
+  } else {
+    console.log('🔍 Dry run - no files were modified');
+  }
+
+  return {
+    filesProcessed: sourceFiles.length,
+    changesApplied: totalChanges,
+  };
+}
+
+// CLI interface
+if (require.main === module) {
+  const args = process.argv.slice(2);
+  const dryRun = !args.includes('--apply');
+
+  try {
+    const result = applyCodemod(dryRun);
+    console.log('✅ Codemod execution completed');
+    process.exit(0);
+  } catch (error) {
+    console.error('❌ Codemod execution failed:', error.message);
+    process.exit(1);
+  }
+}
+
+module.exports = { applyCodemod };

package/templates/apps/tools/caws/prompt-lint.js.backup

@@ -1,274 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * @fileoverview CAWS Prompt Linter
- * Validates prompts for secrets and ensures tool allowlist compliance
- * @author @darianrosebrook
- */
-
-const fs = require("fs");
-
-/**
- * Common secret patterns to detect
- */
-const SECRET_PATTERNS = [
-  // API Keys
-  /api[_-]?key[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-  /x-api-key\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-  /authorization\s*[=:]\s*['"]?(Bearer\s+)?([a-zA-Z0-9_-]{20,})['"]?/gi,
-
-  // Tokens
-  /token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-  /access[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-  /refresh[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-  /auth[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-
-  // Passwords
-  /password\s*[=:]\s*['"]?([a-zA-Z0-9_-]{8,})['"]?/gi,
-  /passwd\s*[=:]\s*['"]?([a-zA-Z0-9_-]{8,})['"]?/gi,
-  /pwd\s*[=:]\s*['"]?([a-zA-Z0-9_-]{8,})['"]?/gi,
-
-  // Secrets
-  /secret\s*[=:]\s*['"]?([a-zA-Z0-9_-]{16,})['"]?/gi,
-  /private[_-]?key\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
-
-  // Environment variables that might contain secrets
-  /process\.env\.[A-Z_]+_KEY/gi,
-  /process\.env\.[A-Z_]+_TOKEN/gi,
-  /process\.env\.[A-Z_]+_SECRET/gi,
-  /process\.env\.[A-Z_]+_PASSWORD/gi,
-
-  // URLs with potential secrets
-  /https?:\/\/[^/]*@[^/]+/gi,
-
-  // Base64 encoded strings that might be secrets
-  /[A-Za-z0-9+/=]{40,}/g,
-
-  // AWS keys
-  /AKIA[A-Z0-9]{16}/gi,
-
-  // GitHub tokens
-  /ghp_[A-Za-z0-9]{36}/gi,
-  /github_pat_[A-Za-z0-9]{22}/gi,
-
-  // Slack tokens
-  /xoxb-[0-9]+-[0-9]+-[0-9]+-[a-zA-Z0-9]+/gi,
-
-  // Database connection strings
-  /mongodb(\+srv)?:\/\/[^:]+:[^@]+@[^/]+/gi,
-  /postgres:\/\/[^:]+:[^@]+@[^/]+/gi,
-  /mysql:\/\/[^:]+:[^@]+@[^/]+/gi,
-];
-
-/**
- * Scan file for potential secrets
- * @param {string} filePath - Path to file to scan
- * @returns {Array} Array of potential secret matches
- */
-function scanForSecrets(filePath) {
-  try {
-    const content = fs.readFileSync(filePath, "utf8");
-    const matches = [];
-
-    for (const pattern of SECRET_PATTERNS) {
-      const patternMatches = [...content.matchAll(pattern)];
-      for (const match of patternMatches) {
-        matches.push({
-          file: filePath,
-          line: content.substring(0, match.index).split("\n").length,
-          pattern: pattern.toString(),
-          match: match[0],
-          severity: "high",
-        });
-      }
-    }
-
-    return matches;
-  } catch (error) {
-    console.error(`❌ Error scanning ${filePath}:`, error.message);
-    return [];
-  }
-}
-
-/**
- * Validate tools against allowlist
- * @param {Array} tools - Tools used in prompts
- * @param {Array} allowlist - Allowed tools
- * @returns {Array} Array of violations
- */
-function validateToolAllowlist(tools, allowlist) {
-  const violations = [];
-
-  for (const tool of tools) {
-    if (!allowlist.includes(tool)) {
-      violations.push({
-        tool,
-        severity: "high",
-        message: `Tool "${tool}" not in allowlist`,
-      });
-    }
-  }
-
-  return violations;
-}
-
-/**
- * Extract tools from prompt content
- * @param {string} content - Prompt content
- * @returns {Array} Array of tools mentioned
- */
-function extractTools(content) {
-  const tools = [];
-
-  // Common tool patterns
-  const toolPatterns = [
-    /using\s+(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)/gi,
-    /(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)\s+command/gi,
-    /execute\s+(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)/gi,
-    /run\s+(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)/gi,
-  ];
-
-  for (const pattern of toolPatterns) {
-    const matches = [...content.matchAll(pattern)];
-    for (const match of matches) {
-      const tool = match[1] || match[0];
-      if (!tools.includes(tool)) {
-        tools.push(tool);
-      }
-    }
-  }
-
-  return tools;
-}
-
-/**
- * Lint prompts for security and compliance
- * @param {Array} promptFiles - Array of prompt file paths
- * @param {Array} allowlist - Allowed tools
- * @returns {Object} Lint results
- */
-function lintPrompts(promptFiles, allowlist) {
-  const results = {
-    secrets: [],
-    violations: [],
-    cleanFiles: 0,
-    totalFiles: promptFiles.length,
-  };
-
-  for (const file of promptFiles) {
-    if (!fs.existsSync(file)) {
-      console.warn(`⚠️  Prompt file not found: ${file}`);
-      continue;
-    }
-
-    // Scan for secrets
-    const secretMatches = scanForSecrets(file);
-    results.secrets.push(...secretMatches);
-
-    // Extract and validate tools
-    const content = fs.readFileSync(file, "utf8");
-    const tools = extractTools(content);
-    const toolViolations = validateToolAllowlist(tools, allowlist);
-    results.violations.push(...toolViolations.map((v) => ({ ...v, file })));
-
-    // Check if file is clean
-    if (secretMatches.length === 0 && toolViolations.length === 0) {
-      results.cleanFiles++;
-    }
-  }
-
-  return results;
-}
-
-/**
- * Load tool allowlist from file
- * @param {string} allowlistPath - Path to allowlist file
- * @returns {Array} Array of allowed tools
- */
-function loadAllowlist(allowlistPath) {
-  try {
-    if (!fs.existsSync(allowlistPath)) {
-      console.warn(`⚠️  Allowlist file not found: ${allowlistPath}`);
-      return [];
-    }
-
-    const content = fs.readFileSync(allowlistPath, "utf8");
-    return JSON.parse(content);
-  } catch (error) {
-    console.error(`❌ Error loading allowlist:`, error.message);
-    return [];
-  }
-}
-
-// CLI interface
-if (require.main === module) {
-  const promptFiles = process.argv.slice(2);
-  const allowlistArg = process.argv
-    .find((arg) => arg.startsWith("--allowlist="))
-    ?.split("=")[1];
-  const allowlistPath = allowlistArg || ".agent/tools-allow.json";
-
-  if (promptFiles.length === 0) {
-    console.log("CAWS Prompt Linter");
-    console.log(
-      "Usage: node prompt-lint.js <prompt-file1> [prompt-file2] ... [options]"
-    );
-    console.log("Options:");
-    console.log(
-      "  --allowlist=<path>  Path to tools allowlist file (default: .agent/tools-allow.json)"
-    );
-    process.exit(1);
-  }
-
-  // Load allowlist
-  const allowlist = loadAllowlist(allowlistPath);
-
-  console.log("🔍 Linting prompts for security and compliance...");
-  console.log(`📁 Allowlist loaded: ${allowlist.length} tools`);
-  console.log(`📄 Scanning ${promptFiles.length} files...`);
-
-  // Lint prompts
-  const results = lintPrompts(promptFiles, allowlist);
-
-  // Report results
-  if (results.secrets.length > 0) {
-    console.log("\n🚨 POTENTIAL SECRETS DETECTED:");
-    results.secrets.forEach((secret, index) => {
-      console.log(
-        `  ${index + 1}. ${secret.file}:${
-          secret.line
-        } - ${secret.match.substring(0, 50)}...`
-      );
-    });
-  }
-
-  if (results.violations.length > 0) {
-    console.log("\n⚠️  TOOL VIOLATIONS:");
-    results.violations.forEach((violation, index) => {
-      console.log(`  ${index + 1}. ${violation.file} - ${violation.message}`);
-    });
-  }
-
-  console.log("\n📊 SUMMARY:");
-  console.log(`   - Files scanned: ${results.totalFiles}`);
-  console.log(`   - Clean files: ${results.cleanFiles}`);
-  console.log(`   - Secrets found: ${results.secrets.length}`);
-  console.log(`   - Violations: ${results.violations.length}`);
-
-  // Exit with error if issues found
-  if (results.secrets.length > 0 || results.violations.length > 0) {
-    console.log("\n❌ Linting failed - security issues detected");
-    process.exit(1);
-  }
-
-  console.log("✅ All prompts passed security checks");
-  process.exit(0);
-}
-
-module.exports = {
-  scanForSecrets,
-  validateToolAllowlist,
-  extractTools,
-  lintPrompts,
-  loadAllowlist,
-};

package/templates/apps/tools/caws/provenance.js.backup

@@ -1,73 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * @fileoverview CAWS Provenance Tracker - Real Implementation
- * @author @darianrosebrook
- */
-
-const fs = require('fs');
-const path = require('path');
-const crypto = require('crypto');
-const { execSync } = require('child_process');
-
-/**
- * Generate comprehensive provenance data for CAWS operations
- * @param {Object} options - Configuration options
- * @returns {Object} Complete provenance record
- */
-function generateProvenance(options = {}) {
-  const projectRoot = options.projectRoot || process.cwd();
-
-  return {
-    // Agent and model information
-    agent: options.agent || 'caws-cli',
-    model: options.model || 'cli-interactive',
-    model_hash: options.modelHash || generateModelHash(),
-
-    // Tool and security information
-    tool_allowlist: options.toolAllowlist || generateToolAllowlist(projectRoot),
-    prompts: options.prompts || [],
-
-    // Git and version control information
-    commit: getCurrentCommit(projectRoot),
-    branch: getCurrentBranch(projectRoot),
-    repository: getRepositoryInfo(projectRoot),
-
-    // File and artifact information
-    artifacts: generateArtifactList(projectRoot),
-    dependencies: generateDependencyInfo(projectRoot),
-
-    // Execution results and metadata
-    results: options.results || {},
-    approvals: options.approvals || [],
-    execution_context: generateExecutionContext(),
-
-    // Security and integrity
-    integrity: generateIntegrityInfo(),
-
-    // Timestamps and versioning
-    timestamp: new Date().toISOString(),
-    version: require(path.join(projectRoot, 'package.json')).version || '1.0.0',
-    provenance_hash: generateProvenanceHash(),
-
-    // Build and deployment information
-    build_info: generateBuildInfo(projectRoot),
-
-    // Change tracking
-    change_summary: generateChangeSummary(projectRoot),
-  };
-}
-
-// Mock provenance saving
-function saveProvenance(provenance, filepath) {
-  const dir = path.dirname(filepath);
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true });
-  }
-  fs.writeFileSync(filepath, JSON.stringify(provenance, null, 2));
-}
-
-module.exports = {
-  generateProvenance,
-  saveProvenance,
-};