@paths.design/caws-cli 9.3.2 → 10.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@paths.design/caws-cli",
-  "version": "9.3.2",
+  "version": "10.1.0",
   "description": "CAWS CLI - Coding Agent Workflow System command-line tools for spec management, quality gates, and AI-assisted development",
   "main": "dist/index.js",
   "bin": {
@@ -17,7 +17,7 @@
     "dev": "mkdir -p dist && cp -r src/* dist/ && node dist/index.js",
     "typecheck": "tsc --emitDeclarationOnly --outDir dist",
     "start": "node dist/index.js",
-    "test": "npm run build && jest && npm run test:cleanup",
+    "test": "node scripts/run-tests.js",
     "test:unit": "npm run build && jest --testPathIgnorePatterns='perf-budgets|integration|e2e|mutation|axe|contract' && npm run test:cleanup",
     "test:contract": "npm run build && jest --testPathPatterns=contract && npm run test:cleanup",
     "test:integration": "npm run build && jest --testPathPatterns=integration && npm run test:cleanup",
@@ -32,9 +32,9 @@
     "lint:staged": "npx eslint src/**/*.js tests/**/*.js",
     "format": "prettier --write src/**/*.js tests/**/*.js",
     "validate": "echo 'CLI package validation not required'",
-    "caws:validate": "node ../../.caws/validate.js ../../.caws/working-spec.yaml",
+    "caws:validate": "node dist/index.js validate",
     "clean": "rm -rf dist test-caws-project .agent && npm run test:cleanup",
-    "prepare": "husky"
+    "prepare": "husky >/dev/null 2>&1 || true"
   },
   "keywords": [
     "caws",
@@ -59,7 +59,11 @@
     "chalk": "4.1.2",
     "commander": "^11.0.0",
     "fs-extra": "^11.0.0",
-    "inquirer": "8.2.7"
+    "inquirer": "8.2.7",
+    "ajv": "8.17.1",
+    "js-yaml": "4.1.0",
+    "micromatch": "4.0.8",
+    "minimatch": "^10.0.1"
   },
   "devDependencies": {
     "@eslint/js": "^9.0.0",
@@ -71,14 +75,11 @@
     "@types/inquirer": "^8.2.6",
     "@types/js-yaml": "^4.0.0",
     "@types/node": "^20.0.0",
-    "ajv": "8.17.1",
     "esbuild": "0.25.10",
     "eslint": "^9.0.0",
     "husky": "9.1.7",
     "jest": "30.1.3",
-    "js-yaml": "4.1.0",
     "lint-staged": "15.5.2",
-    "micromatch": "4.0.8",
     "prettier": "^3.0.0",
     "semantic-release": "25.0.0-beta.6",
     "typescript": "^5.0.0"

package/templates/.caws/schemas/policy.schema.json

@@ -0,0 +1,112 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "required": [
+    "version",
+    "risk_tiers",
+    "edit_rules"
+  ],
+  "properties": {
+    "version": {
+      "type": "integer",
+      "enum": [
+        1
+      ],
+      "description": "Policy schema version"
+    },
+    "risk_tiers": {
+      "type": "object",
+      "patternProperties": {
+        "^[1-3]$": {
+          "type": "object",
+          "required": [
+            "max_files",
+            "max_loc"
+          ],
+          "properties": {
+            "max_files": {
+              "type": "integer",
+              "minimum": 1,
+              "description": "Maximum files allowed for this risk tier"
+            },
+            "max_loc": {
+              "type": "integer",
+              "minimum": 1,
+              "description": "Maximum lines of code allowed for this risk tier"
+            },
+            "description": {
+              "type": "string",
+              "description": "Human-readable description of the tier"
+            }
+          },
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false,
+      "description": "Risk tier definitions with budget limits"
+    },
+    "edit_rules": {
+      "type": "object",
+      "required": [
+        "policy_and_code_same_pr",
+        "min_approvers_for_budget_raise"
+      ],
+      "properties": {
+        "policy_and_code_same_pr": {
+          "type": "boolean",
+          "description": "Whether policy and code changes can be in the same PR"
+        },
+        "min_approvers_for_budget_raise": {
+          "type": "integer",
+          "minimum": 1,
+          "description": "Minimum approvers required for budget increases"
+        },
+        "require_signed_commits": {
+          "type": "boolean",
+          "description": "Whether signed commits are required for policy changes"
+        }
+      },
+      "additionalProperties": false,
+      "description": "Rules governing policy file edits"
+    },
+    "gates": {
+      "type": "object",
+      "patternProperties": {
+        "^.*$": {
+          "type": "object",
+          "required": [
+            "enabled"
+          ],
+          "properties": {
+            "enabled": {
+              "type": "boolean",
+              "description": "Whether this gate is active"
+            },
+            "mode": {
+              "type": "string",
+              "enum": [
+                "warn",
+                "block",
+                "skip"
+              ],
+              "description": "How the gate reports failures: warn, block, or skip entirely"
+            },
+            "description": {
+              "type": "string",
+              "description": "Human-readable description of the gate"
+            },
+            "thresholds": {
+              "type": "object",
+              "description": "Gate-specific thresholds (e.g. warning/critical limits)"
+            }
+          },
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false,
+      "description": "Quality gate configurations"
+    }
+  },
+  "additionalProperties": false,
+  "title": "CAWS Policy"
+}

package/templates/.caws/schemas/scope.schema.json

@@ -1,14 +1,14 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "title": "CAWS Lite Scope Configuration",
-  "description": "Scope configuration for CAWS lite mode — guardrails without YAML specs",
+  "description": "Scope configuration for CAWS lite mode — guardrails without YAML specs. This schema governs the standalone .caws/scope.json file ONLY; inline scope: blocks inside working-spec.yaml or feature specs are governed by the working-spec schema's scope sub-schema and do NOT invoke this schema. See CAWSFIX-11.",
   "type": "object",
-  "required": ["version", "allowedDirectories"],
+  "required": ["allowedDirectories"],
   "properties": {
     "version": {
       "type": "integer",
       "const": 1,
-      "description": "Schema version"
+      "description": "Schema version. Optional for back-compat with scope.json files that predate versioning; the runtime (src/config/lite-scope.js) defaults to 1 when missing. If present, must be exactly 1. CAWSFIX-11 lifted `version` from the required list because no code path enforces a version mismatch — only the schema did, producing spurious warnings for pre-versioning scope.json files."
     },
     "allowedDirectories": {
       "type": "array",

package/templates/.caws/schemas/waivers.schema.json

@@ -1,29 +1,105 @@
 {
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "title": "CAWS Waivers Configuration",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "CAWS Waiver",
+  "description": "Individual waiver file created by caws waivers create",
   "type": "object",
-  "patternProperties": {
-    ".*": {
+  "required": ["id", "applies_to", "gates", "delta", "reason_code", "expires_at", "risk_owner", "approvers", "status"],
+  "properties": {
+    "id": {
+      "type": "string",
+      "pattern": "^WV-\\d{4}$",
+      "description": "Waiver ID in format WV-XXXX"
+    },
+    "applies_to": {
+      "type": "string",
+      "description": "Spec ID or PR number this waiver applies to"
+    },
+    "gates": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": ["budget_limit", "spec_completeness", "contract_compliance", "coverage_threshold", "mutation_threshold", "security_scan", "accessibility_check", "performance_budget", "scope_boundary"]
+      },
+      "minItems": 1,
+      "description": "Quality gates to waive"
+    },
+    "delta": {
       "type": "object",
-      "required": ["gate", "reason", "owner", "expiry"],
+      "description": "Additive budget deltas (only positive values allowed)",
       "properties": {
-        "gate": {
-          "type": "string",
-          "enum": ["coverage", "mutation", "contracts", "a11y", "perf", "security"]
+        "max_files": {
+          "type": "integer",
+          "minimum": 0,
+          "description": "Additional files allowed"
         },
-        "reason": { "type": "string", "minLength": 10 },
-        "owner": { "type": "string" },
-        "expiry": { "type": "string", "format": "date-time" },
-        "compensating_control": { "type": "string" },
-        "ticket_url": { "type": "string", "format": "uri" },
-        "approved_by": { "type": "string" },
-        "created_at": { "type": "string", "format": "date-time" },
-        "status": {
-          "type": "string",
-          "enum": ["active", "expired", "revoked"],
-          "default": "active"
+        "max_loc": {
+          "type": "integer",
+          "minimum": 0,
+          "description": "Additional lines of code allowed"
         }
-      }
+      },
+      "additionalProperties": false
+    },
+    "reason_code": {
+      "type": "string",
+      "enum": ["emergency_hotfix", "legacy_integration", "experimental_feature", "third_party_constraint", "performance_critical", "security_patch", "infrastructure_limitation", "architectural_refactor", "other"],
+      "description": "Controlled vocabulary for waiver reasons"
+    },
+    "description": {
+      "type": "string",
+      "minLength": 50,
+      "maxLength": 1000,
+      "description": "Detailed explanation of why waiver is needed"
+    },
+    "mitigation": {
+      "type": "string",
+      "minLength": 50,
+      "description": "Plan to address the underlying issue"
+    },
+    "expires_at": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO 8601 datetime when waiver expires"
+    },
+    "risk_owner": {
+      "type": "string",
+      "description": "Person/entity responsible for managing this risk"
+    },
+    "approvers": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["handle"],
+        "properties": {
+          "handle": {
+            "type": "string",
+            "description": "GitHub handle or email of approver"
+          },
+          "approved_at": {
+            "type": "string",
+            "format": "date-time",
+            "description": "When this approval was given"
+          }
+        },
+        "additionalProperties": false
+      },
+      "minItems": 1,
+      "description": "List of people who approved this waiver"
+    },
+    "status": {
+      "type": "string",
+      "enum": ["proposed", "active", "expired", "revoked"],
+      "description": "Current status of the waiver"
+    },
+    "metadata": {
+      "type": "object",
+      "properties": {
+        "related_pr": { "type": "string" },
+        "related_issue": { "type": "string" },
+        "environment": { "type": "string", "enum": ["development", "staging", "production"] },
+        "urgency": { "type": "string", "enum": ["low", "normal", "high", "critical"] }
+      },
+      "additionalProperties": false
     }
   },
   "additionalProperties": false